diff --git a/.agents/plugins/marketplace.json b/.agents/plugins/marketplace.json deleted file mode 100644 index c0599d5..0000000 --- a/.agents/plugins/marketplace.json +++ /dev/null @@ -1,20 +0,0 @@ -{ - "name": "caplets", - "interface": { - "displayName": "Caplets" - }, - "plugins": [ - { - "name": "caplets", - "source": { - "source": "local", - "path": "./plugins/caplets" - }, - "policy": { - "installation": "AVAILABLE", - "authentication": "ON_INSTALL" - }, - "category": "Developer Tools" - } - ] -} diff --git a/.caplets/.gitignore b/.caplets/.gitignore new file mode 100644 index 0000000..d6b7ef3 --- /dev/null +++ b/.caplets/.gitignore @@ -0,0 +1,2 @@ +* +!.gitignore diff --git a/.changeset/remote-attach-agent-integrations.md b/.changeset/remote-attach-agent-integrations.md new file mode 100644 index 0000000..65b5674 --- /dev/null +++ b/.changeset/remote-attach-agent-integrations.md @@ -0,0 +1,8 @@ +--- +"@caplets/core": minor +"caplets": minor +"@caplets/opencode": minor +"@caplets/pi": minor +--- + +Make `caplets attach` the remote-backed MCP server command, add Cloud-aware `CAPLETS_MODE` resolution, keep OpenCode and Pi on the shared resolver, and remove Codex/Claude plugin artifacts in favor of manual MCP configuration. diff --git a/.claude-plugin/marketplace.json b/.claude-plugin/marketplace.json deleted file mode 100644 index b90d2ff..0000000 --- a/.claude-plugin/marketplace.json +++ /dev/null @@ -1,21 +0,0 @@ -{ - "name": "caplets", - "owner": { - "name": "Spirit-Led Software LLC", - "url": "https://github.com/spiritledsoftware" - }, - "plugins": [ - { - "name": "caplets", - "source": "./plugins/caplets", - "description": "Expose configured Caplets as progressive-disclosure tools in Claude Code.", - "category": "Developer Tools", - "author": { - "name": "Spirit-Led Software LLC", - "url": "https://github.com/spiritledsoftware", - "email": "ianpascoe@spiritledsoftware.com" - }, - "homepage": "https://github.com/spiritledsoftware/caplets" - } - ] -} diff --git a/.env.example b/.env.example deleted file mode 100644 index 0246cf9..0000000 --- a/.env.example +++ /dev/null @@ -1,6 +0,0 @@ -ALCHEMY_PASSWORD= -ALCHEMY_STATE_TOKEN= - -CLOUDFLARE_API_TOKEN= -CLOUDFLARE_ACCOUNT_ID= -CLOUDFLARE_EMAIL= diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 0561586..9d82c4d 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -44,6 +44,9 @@ jobs: run: pnpm install --frozen-lockfile - name: Run quality gates + run: pnpm verify + + - name: Deploy landing page run: pnpm run alchemy:deploy env: ALCHEMY_STAGE: prod diff --git a/.github/workflows/pr-preview-deploy.yml b/.github/workflows/pr-preview-deploy.yml index d8729ea..dc833ce 100644 --- a/.github/workflows/pr-preview-deploy.yml +++ b/.github/workflows/pr-preview-deploy.yml @@ -48,6 +48,10 @@ jobs: - name: Install dependencies run: pnpm install --frozen-lockfile + - name: Run quality gates + if: ${{ github.event.action != 'closed' }} + run: pnpm verify + - name: Deploy preview if: ${{ github.event.action != 'closed' }} run: pnpm run alchemy:deploy diff --git a/.gitignore b/.gitignore index 7c7430c..d7aba94 100644 --- a/.gitignore +++ b/.gitignore @@ -7,6 +7,7 @@ benchmark-results/ # Turbo .turbo/ +.astro/ # Pi .pi-lens/ diff --git a/.impeccable/critique/2026-05-31T12-08-49Z__apps-cloud-ui-src-routes-workspace-tsx.md b/.impeccable/critique/2026-05-31T12-08-49Z__apps-cloud-ui-src-routes-workspace-tsx.md new file mode 100644 index 0000000..ede93b7 --- /dev/null +++ b/.impeccable/critique/2026-05-31T12-08-49Z__apps-cloud-ui-src-routes-workspace-tsx.md @@ -0,0 +1,108 @@ +--- +target: cloud ui +total_score: 22 +p0_count: 1 +p1_count: 2 +timestamp: 2026-05-31T12-08-49Z +slug: apps-cloud-ui-src-routes-workspace-tsx +--- + +# Caplets Cloud UI Critique + +## Design Health Score + +| # | Heuristic | Score | Key Issue | +| --------- | ------------------------------- | --------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| 1 | Visibility of System Status | 2 | The live app shows an error state, but successful workspace health is split across status, presence, receipts, and audit without a clear current state summary. | +| 2 | Match System / Real World | 3 | The product language is credible for MCP and Caplets users, but terms such as local presence, sandbox leases, and implicit apply arrive before enough operational framing. | +| 3 | User Control and Freedom | 2 | Primary actions are mostly disabled or copy-only, and there is no visible way to retry, reconnect, authorize, revoke, or inspect details from the error/current states. | +| 4 | Consistency and Standards | 3 | Components are visually consistent and restrained, though every panel uses the same eyebrow/title/card rhythm. | +| 5 | Error Prevention | 2 | The UI explains OAuth-only and local presence concepts, but does not prevent dead-end states such as disabled Add connector and Run caplets doctor buttons. | +| 6 | Recognition Rather Than Recall | 2 | Users must infer how Endpoint, Connectors, Runtime, Presence, Receipts, and Audit relate to the setup path. | +| 7 | Flexibility and Efficiency | 2 | The dashboard lacks compact drill-downs, filters, copyable commands beyond the endpoint, or direct remediation actions for power users. | +| 8 | Aesthetic and Minimalist Design | 3 | The palette and density fit Caplets, but the grid background and repeated panel pattern flatten the page into a static spec sheet. | +| 9 | Error Recovery | 1 | The live error exposes a browser implementation message and gives no retry, fallback, or useful next step. | +| 10 | Help and Documentation | 2 | Copy is precise, but contextual help is too sparse for high-risk setup concepts like project-bound execution and apply receipts. | +| **Total** | | **22/40** | **Needs focused product polish** | + +## Anti-Patterns Verdict + +**LLM assessment**: This does not look like generic AI SaaS. It avoids hero metrics, gradient text, glass, huge rounded cards, and neon developer theater. The slop risk is subtler: repeated panel headers, disabled buttons, and a dashboard made from similarly weighted boxes make the workspace feel mocked rather than operated. + +**Deterministic scan**: CLI detector over `apps/cloud-ui/src` returned `[]`. Browser overlay on the live error state reported one `hero-eyebrow-chip` finding for `Workspace unavailable` above `Could not load workspace`. That is a fair warning because the error card inherits the same label treatment used elsewhere, making failure feel like another marketing/info panel instead of a recovery state. + +**Visual overlays**: Injection succeeded in the browser session after the live app loaded, and the console reported the eyebrow-chip issue on the error page. The overlay could only evaluate the error state because the app failed before the workspace UI rendered. + +## Overall Impression + +The intended direction is right: quiet, technical, dense, and specific to Caplets Cloud. The problem is that the running UI currently fails before users can reach it, and the designed workspace state does not yet behave like a control plane. It communicates the product thesis, but it does not yet help a developer complete setup, diagnose availability, or recover from failure. + +## What's Working + +- The visual register is aligned with Caplets: warm light surfaces, restrained ember, compact type, thin borders, and no theatrical dark-mode or generic SaaS polish. +- The copy has real product proof: `3 visible Caplets`, `106 hidden downstream tools`, OAuth-only hosted MCP, local presence, and sync/apply receipts are concrete. +- The information model includes the right control-plane objects: endpoint, connector catalog, tool surface report, runtime status, local presence, receipts, and audit trail. + +## Priority Issues + +### [P0] Live workspace route fails before showing the dashboard + +**Why it matters**: A user sees `Failed to execute fetch on Window: Illegal invocation` instead of the workspace. That destroys trust and prevents evaluation of every other design decision. + +**Fix**: Bind or wrap the default fetch implementation in `CloudApiClient` instead of storing the unbound browser `fetch`, then render a product-safe error only for real API failures. Add retry and a fallback diagnostic line that says which workspace/API URL failed. + +**Suggested command**: `$impeccable harden cloud ui` + +### [P1] Error recovery is raw, non-actionable, and visually under-prioritized + +**Why it matters**: Cloud setup failures are expected: auth, workspace creation, API reachability, local presence, connector auth. The current error state exposes implementation text and gives no path forward. + +**Fix**: Replace raw exception copy with a recovery panel: failed target, retry button, sign in/authorize action when relevant, workspace slug, API base URL, and a compact details disclosure for developer diagnostics. + +**Suggested command**: `$impeccable harden cloud ui` + +### [P1] The successful workspace state reads like a static product proof, not an operational workflow + +**Why it matters**: The page proves the thesis but does not guide the user through the next action. Disabled Add connector and Run caplets doctor controls signal unfinished product rather than unavailable state. + +**Fix**: Promote a setup/status rail above the panels: Connect MCP client, Add or authorize connector, Start local presence, Verify tool surface. Disabled actions need reasons and adjacent enabled alternatives, such as copy CLI command or open OAuth flow. + +**Suggested command**: `$impeccable onboard cloud ui` + +### [P2] Panel hierarchy is too even + +**Why it matters**: Endpoint, connectors, surface report, runtime, presence, receipts, and audit all compete at similar weight. Users cannot quickly tell what needs attention now. + +**Fix**: Make the endpoint/current health area the primary operational header, use a compact two-column health summary, and demote receipts/audit into tabs or collapsible inspection sections. Keep connectors as the main editable surface. + +**Suggested command**: `$impeccable layout cloud ui` + +### [P2] State cues rely too much on color and terse labels + +**Why it matters**: `Ready`, `Needs OAuth`, `Local required`, `presence required`, and colored dots are meaningful only after the user already understands the system. + +**Fix**: Pair every status with an icon/shape and a one-line action or reason. Example: `Needs OAuth: authorize Sourcegraph to expose this Caplet`. Use warning styling for actual action-required states, not just a yellow dot. + +**Suggested command**: `$impeccable clarify cloud ui` + +## Persona Red Flags + +**Morgan, agent power user**: They want to connect the endpoint and verify what agents will see. They can copy the endpoint, but cannot inspect the exact capability cards, simulate a client session, filter hidden tools, or see why a project-bound Caplet is unavailable. + +**Riley, first-time cloud user**: They land on an implementation error in the live app. Even in the intended state, `local presence`, `project-bound remote execution`, and `implicit apply pending` appear without enough action framing. The next step is unclear. + +**Sam, security-conscious team lead**: OAuth-only is visible, and audit exists, but there is no obvious token/session revocation, connector credential boundary, local presence revocation, or policy blocker detail. Trust signals are present but not inspectable enough. + +## Minor Observations + +- The global grid background is tasteful but constant. On long product surfaces it adds visual texture without improving scanability. +- The disabled buttons need `aria-describedby` reasons or inline explanatory text. +- The sidebar nav has no active section state, so it works as a table of contents rather than workspace navigation. +- The audit table is readable, but on mobile it becomes horizontal scroll. A stacked event list would be more usable below 640px. +- `Tool Surface Report` has one duplicated concept: `106 hidden downstream tools` appears in both `dt` and `dd`. + +## Questions to Consider + +- What is the one setup state Caplets Cloud should make impossible to miss? +- Should the first screen optimize for connecting an MCP client, authorizing connectors, or proving tool-surface reduction? +- Which trust details need to be inspectable before a developer lets project-bound execution touch a local repo? diff --git a/.impeccable/critique/2026-05-31T12-57-16Z__apps-cloud-ui-src-routes-workspace-tsx.md b/.impeccable/critique/2026-05-31T12-57-16Z__apps-cloud-ui-src-routes-workspace-tsx.md new file mode 100644 index 0000000..117f870 --- /dev/null +++ b/.impeccable/critique/2026-05-31T12-57-16Z__apps-cloud-ui-src-routes-workspace-tsx.md @@ -0,0 +1,106 @@ +--- +target: cloud UI +total_score: 22 +p0_count: 1 +p1_count: 2 +timestamp: 2026-05-31T12-57-16Z +slug: apps-cloud-ui-src-routes-workspace-tsx +--- + +# Design Health Score + +| # | Heuristic | Score | Key Issue | +| --------- | ------------------------------- | --------- | ------------------------------------------------------------------------------------------------------------------------------------------ | +| 1 | Visibility of System Status | 1 | The intended UI has status panels, but the live page is replaced by a Vite import error. | +| 2 | Match System / Real World | 3 | Developer-tool concepts mostly map well, though `local presence`, `sync/apply receipts`, and `tool surface` need more user-facing framing. | +| 3 | User Control and Freedom | 2 | Copy, retry, and anchor navigation exist, but there is no clear active route, current step control, or way back from blocked setup states. | +| 4 | Consistency and Standards | 3 | The component vocabulary is restrained and consistent, but the repeated panel-header pattern flattens sections. | +| 5 | Error Prevention | 1 | Missing modules block rendering, and status copy can imply health even while required setup is incomplete. | +| 6 | Recognition Rather Than Recall | 3 | The setup path, metrics, and command callouts reduce recall, but several commands are detached from their exact next action. | +| 7 | Flexibility and Efficiency | 2 | Sidebar anchors and copy buttons help, but there are no power-user shortcuts, filters, or compact inspection affordances. | +| 8 | Aesthetic and Minimalist Design | 3 | Quiet, usable product styling, with some panel sameness and cool-token drift from the stated design system. | +| 9 | Error Recovery | 2 | Source includes a recovery panel, retry, and diagnostics, but the actual browser error bypasses it entirely. | +| 10 | Help and Documentation | 2 | Inline instructions exist, but the UI lacks contextual help for local presence, connector authorization, and audit interpretation. | +| **Total** | | **22/40** | **Promising, currently blocked** | + +# Anti-Patterns Verdict + +**LLM assessment**: This does not read as instant AI slop. It has a credible developer-tool shell, restrained borders, compact typography, and useful non-color status shapes. The weak spots are product-specific: too many equal panels, repeated eyebrow-plus-title headers, and a first screen that describes the system more than it drives the next task. + +**Deterministic scan**: `detect.mjs --json apps/cloud-ui/src/routes/workspace.tsx apps/cloud-ui/src/components apps/cloud-ui/src/styles/global.css` returned `[]`. No bundled detector findings. + +**Visual overlays**: No reliable user-visible overlay is available. The Vite page fails before the app renders because `src/routes/workspace.tsx` cannot resolve `../lib/cloud-api`; browser evidence is the Vite import-analysis overlay, not the intended UI. + +# Overall Impression + +The design direction is right for Caplets Cloud: calm, technical, inspectable. The app shell wants to be a focused cloud workspace dashboard, not a marketing page, and the source mostly honors that. The biggest opportunity is to make the first screen operational: one current blocker, one primary next action, then inspectable detail. + +# What's Working + +1. The visual system is product-appropriate. The sidebar, flat panels, tight radii, visible focus style, and reduced-motion handling support a serious developer tool. +2. The source includes real state thinking: loading, error, empty, ready, connector status, local presence, sync receipts, runtime rows, and audit rows. +3. Copy is mostly concrete. Labels like `Copy endpoint`, `Retry workspace load`, and `Open OAuth metadata` describe actions rather than vague confirmations. + +# Priority Issues + +**[P0] The cloud UI does not render** + +**Why it matters**: A user never reaches the workspace dashboard. Vite shows `[plugin:vite:import-analysis] Failed to resolve import "../lib/cloud-api" from "src/routes/workspace.tsx"` at `apps/cloud-ui/src/routes/workspace.tsx:16`. + +**Fix**: Restore or create `apps/cloud-ui/src/lib/cloud-api.ts` and `apps/cloud-ui/src/lib/mock-workspace.ts`, then make `pnpm --filter @caplets/cloud-ui typecheck` and the Vite route pass before any visual polish. + +**Suggested command**: `$impeccable harden cloud UI` + +**[P1] The first screen lacks a single next step** + +**Why it matters**: The UI presents endpoint copy, a four-step setup rail, connectors, runtime, local presence, receipts, and audit as peers. A first-time workspace owner has to infer which blocker matters now. + +**Fix**: Promote a state-driven "Next action" area directly under the header. When Sourcegraph needs OAuth, make that the primary action. When local presence is missing, make the doctor command the primary action. Move completed proof into compact secondary detail. + +**Suggested command**: `$impeccable layout cloud UI` + +**[P1] Sidebar health can contradict workspace blockers** + +**Why it matters**: The sidebar says `OAuth active` and `tool surface verified` while the setup rail can still show `Authorize connector` and `Start local presence` as needing action. That undermines trust in the status model. + +**Fix**: Replace the static sidebar health block with a summarized blocker count and the current highest-severity state. Add active section styling to the sidebar anchors so navigation communicates location. + +**Suggested command**: `$impeccable clarify cloud UI` + +**[P2] Panel hierarchy is too even** + +**Why it matters**: Connector catalog, tool surface, runtime, presence, receipts, and audit all use the same bordered panel language. The user cannot tell which panels are operational, which are proof, and which are historical. + +**Fix**: Create three section weights: primary task, live status, and audit/history. Give the task panel stronger action placement, make live status denser, and let audit/history become quieter table/detail content. + +**Suggested command**: `$impeccable distill cloud UI` + +**[P2] Design tokens drift from the documented warmth** + +**Why it matters**: `DESIGN.md` describes ember, parchment, charred ink, and warm technical surfaces. The CSS tokens use cool hue values for parchment, linen, paper, ash, and focus. The result risks reading as generic cool admin UI rather than Caplets' owned warm map language. + +**Fix**: Bring the CSS OKLCH hues back toward the documented palette, keep ember rare, and reserve cool tones only where they carry specific state meaning. + +**Suggested command**: `$impeccable colorize cloud UI` + +# Persona Red Flags + +**Alex, agent power user**: Alex cannot use the UI at all until the missing imports are fixed. Once rendered, the equal panel grid and missing active nav state slow scanning. The audit table has no filter or search, so repeated operational checks become manual. + +**Jordan, first-time connector setup user**: Jordan sees a slogan, endpoint, setup path, connector catalog, local presence, and audit trail, but no single "do this now" control. `Use connector setup to authorize Sourcegraph` is instructional text, not an actionable button. + +**Sam, security-conscious workspace admin**: Sam needs a trustworthy status summary. Static `OAuth active` sidebar copy conflicts with visible warning states, and the audit table is readable but lacks severity, actor, filtering, or export affordances. + +# Minor Observations + +- The loading state is a centered panel, not a skeleton, so it does not prepare the user for the workspace layout. +- `Copy endpoint` succeeds through a screen-reader-only live region, but visual users get no visible confirmation. +- `runtimeReasons[row.label]` can render empty explanatory text if a new runtime row label appears. +- The `ConnectorList` status lookup is repeated several times per row; deriving it once would reduce fragility. +- The mobile table conversion is thoughtful, but the audit rows need stronger labels or grouping when they become cards. + +# Questions To Consider + +1. What is the one action a workspace owner should take after opening this page when two blockers exist? +2. Should Caplets Cloud sell the concept on this screen, or assume the user is already here to configure and verify? +3. Which state should the sidebar summarize: authentication, connector readiness, local presence, or overall workspace health? diff --git a/.lintstagedrc.json b/.lintstagedrc.json index 69abf9b..ed97602 100644 --- a/.lintstagedrc.json +++ b/.lintstagedrc.json @@ -1,3 +1,4 @@ { - "*.{js,jsx,ts,tsx,mjs,cjs,json,jsonc,md,yml,yaml,css,astro}": ["oxfmt --check", "oxlint"] + "*.{js,jsx,ts,tsx,mjs,cjs,json,jsonc,md,yml,yaml,css,astro}": "oxfmt --check", + "*.{js,jsx,ts,tsx,mjs,cjs}": "oxlint" } diff --git a/.oxfmtrc.json b/.oxfmtrc.json index 2f61360..17a8580 100644 --- a/.oxfmtrc.json +++ b/.oxfmtrc.json @@ -1,6 +1,6 @@ { "$schema": "./node_modules/oxfmt/configuration_schema.json", - "ignorePatterns": [".brv/"], + "ignorePatterns": ["**/.brv/**"], "plugins": ["prettier-plugin-astro"], "overrides": [ { diff --git a/.oxlintrc.json b/.oxlintrc.json index 627f137..5c839c4 100644 --- a/.oxlintrc.json +++ b/.oxlintrc.json @@ -1,6 +1,6 @@ { "$schema": "./node_modules/oxlint/configuration_schema.json", - "ignorePatterns": [".brv/"], + "ignorePatterns": ["**/.brv/**"], "plugins": ["typescript", "unicorn", "oxc"], "categories": { "correctness": "error" diff --git a/AGENTS.md b/AGENTS.md index 84e2ebd..e8ce1a0 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -2,7 +2,7 @@ ## Commands -- Use `pnpm` only; the repo pins `pnpm@11.0.9` and requires Node `>=22` while CI runs Node 24. +- Use `pnpm` only; the repo pins `pnpm@11.5.0` and requires Node `>=24`. - Install with `pnpm install --frozen-lockfile` when matching CI. - Full local gate and pre-push hook: `pnpm verify` (`format:check -> lint -> typecheck -> schema:check -> test -> benchmark:check -> build`). - Fast focused checks: `pnpm format:check`, `pnpm lint`, `pnpm typecheck`, `pnpm test`, `pnpm build`. @@ -36,3 +36,4 @@ - CI runs `pnpm verify` plus `pnpm changeset status --since=origin/main` on PRs unless the PR has the `no changeset` label. - User-facing package changes usually need a changeset; current versioning is handled by Changesets and `pnpm version-packages`/`pnpm release`. - Pre-commit only runs `pnpm lint-staged` (`oxfmt --check` and `oxlint` on staged JS/TS/config/docs files); pre-push runs the full `pnpm verify`. +- Core Alchemy deploys the public landing page only from `apps/landing`; it does not deploy Cloud Worker or dashboard paths. diff --git a/README.md b/README.md index 2ac9e53..19e5d92 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@
- Caplets logo + Caplets logo

Caplets

@@ -12,7 +12,7 @@ npm CI MIT License - Node 22+ + Node 24+

@@ -47,7 +47,7 @@ In the deterministic benchmark, 106 flat tools became 3 top-level capabilities w ## Quick Start -Caplets requires Node.js 22 or newer. +Caplets requires Node.js 24 or newer. ```sh npm install -g caplets @@ -134,33 +134,85 @@ Completions include command names, options, common enum values, configured Caple Backends that require OAuth or token auth may need `caplets auth login ` before live downstream completions can return richer results. Completion never starts interactive login flows. -## Agent Plugins +## Agent Integrations Use Caplets as a normal MCP server everywhere, or install a native agent integration when your coding agent supports one. -| Agent | Install | What It Provides | -| -------------- | --------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------ | -| Any MCP client | Add `caplets serve` as a stdio MCP server | Universal progressive-disclosure gateway | -| Claude Code | `claude plugin marketplace add spiritledsoftware/caplets && claude plugin install caplets@caplets` | Claude Code plugin metadata, MCP config, and shared skill guidance | -| Codex | `codex plugin marketplace add spiritledsoftware/caplets`, then install `caplets` from Codex plugins | Codex plugin metadata, MCP config, and shared skill guidance | -| OpenCode | Install [`@caplets/opencode`](packages/opencode/README.md) | Native `caplets_` tools and prompt guidance hooks | -| Pi | Install [`@caplets/pi`](packages/pi/README.md) | Native `caplets_` tools with Pi prompt snippets/guidelines | +| Agent | Install | What It Provides | +| -------------- | -------------------------------------------------------------- | -------------------------------------------------------------- | +| Any MCP client | Add `caplets serve` or `caplets attach` manually in MCP config | Universal progressive-disclosure gateway | +| Claude Code | Add `caplets serve` or `caplets attach` manually in MCP config | Local or remote/Cloud progressive-disclosure gateway | +| Codex | Add `caplets serve` or `caplets attach` manually in MCP config | Local or remote/Cloud progressive-disclosure gateway | +| OpenCode | Install [`@caplets/opencode`](packages/opencode/README.md) | Native `caplets_` tools and prompt guidance hooks | +| Pi | Install [`@caplets/pi`](packages/pi/README.md) | Native `caplets_` tools with Pi prompt snippets/guidelines | -Codex and Claude Code plugins are plugin-native but MCP-backed. The installable plugin -lives under `plugins/caplets/`, with agent-specific manifests in `.codex-plugin/` and -`.claude-plugin/`, a shared `skills/` directory, and shared `mcp.json` config. The -repo-level `.agents/plugins/marketplace.json` and `.claude-plugin/marketplace.json` -files only advertise that installable plugin root. +Manual local MCP config: -The Claude Code and Codex commands install from this GitHub repository through each agent's -plugin marketplace flow; users do not need to clone the repository manually. Plugin MCP -configs run `caplets serve` directly, so install the Caplets CLI globally first. +```json +{ + "mcpServers": { + "caplets": { + "command": "caplets", + "args": ["serve"] + } + } +} +``` + +Manual remote or Cloud MCP config: + +```json +{ + "mcpServers": { + "caplets": { + "command": "caplets", + "args": ["attach"] + } + } +} +``` + +For Caplets Cloud, authenticate once and set the remote selection environment for the agent: + +```sh +caplets cloud auth login +export CAPLETS_MODE=cloud +export CAPLETS_REMOTE_URL=https://cloud.caplets.dev +``` + +For a self-hosted remote: + +```sh +export CAPLETS_MODE=remote +export CAPLETS_REMOTE_URL=https://caplets.example.com/caplets +export CAPLETS_REMOTE_TOKEN=... +``` + +## Core Alchemy + +Core Alchemy deploys the public landing page from `apps/landing`. It does not deploy the private Cloud Worker or Cloud dashboard; those belong to the nested Cloud repository. ### Remote Caplets service OpenCode and Pi can use native `caplets_` tools backed by a remote Caplets HTTP service. Codex, Claude Code, and any MCP client can connect to the same remote MCP endpoint directly. +Hosted Caplets Cloud uses browser-mediated Cloud Auth: + +```sh +caplets cloud auth login --workspace personal +caplets cloud auth status +caplets cloud auth workspaces +caplets cloud auth switch team +caplets cloud auth logout +``` + +Cloud Auth stores one Selected Workspace locally. `caplets attach --workspace ` must match that saved workspace; switch explicitly before attaching another hosted workspace. Self-hosted remotes continue to use `CAPLETS_REMOTE_URL`, `CAPLETS_REMOTE_TOKEN`, or Basic Auth credentials. + +Access tokens are short-lived. The CLI refreshes expired hosted credentials before attach, persists the rotated refresh token returned by Cloud, and treats revoked refresh credentials as a fresh-login requirement. `caplets cloud auth logout` clears local credentials; Cloud logout revokes the refresh credential family so rotated refresh tokens stop working together. + +Use `caplets attach --once` for a finite Project Binding smoke test, or `caplets attach` to run a remote-backed MCP server over stdio or HTTP with Project Binding and local overlay. + Start a local HTTP service. `--path` is the service base path; Caplets mounts MCP, control, and health endpoints underneath it: diff --git a/alchemy.run.ts b/alchemy.run.ts index ed65db3..efe5d07 100644 --- a/alchemy.run.ts +++ b/alchemy.run.ts @@ -3,18 +3,14 @@ import { Astro } from "alchemy/cloudflare"; import { GitHubComment } from "alchemy/github"; import { CloudflareStateStore } from "alchemy/state"; -const globalBaseDomain = "caplets.dev"; +import { buildAlchemyDomains } from "./infra/alchemy-domains.ts"; const app = await alchemy("caplets", { stateStore: (scope) => new CloudflareStateStore(scope), password: process.env.ALCHEMY_PASSWORD!, }); -const baseDomain = - app.stage === "prod" ? globalBaseDomain : `${app.stage}.preview.${globalBaseDomain}`; - -const landingPageDomain = baseDomain; -const landingPageUrl = `https://${landingPageDomain}`; +const { landingPageDomain, landingPageUrl } = buildAlchemyDomains(app.stage, { local: app.local }); export const landingPage = await Astro("landing-page", { cwd: "apps/landing", dev: { diff --git a/apps/landing/package.json b/apps/landing/package.json index f57b542..6842c48 100644 --- a/apps/landing/package.json +++ b/apps/landing/package.json @@ -15,10 +15,13 @@ "@astrojs/check": "^0.9.9", "@hugeicons/core-free-icons": "4.2.0", "@tailwindcss/vite": "^4.3.0", - "astro": "^6.4.2", + "astro": "^6.4.3", "tailwindcss": "^4.3.0", "typescript": "^6.0.3" }, + "devDependencies": { + "vite": "^7.3.5" + }, "engines": { "node": ">=22.12.0" } diff --git a/caplets/ast-grep/CAPLET.md b/caplets/ast-grep/CAPLET.md index 3b5ff0f..8110f23 100644 --- a/caplets/ast-grep/CAPLET.md +++ b/caplets/ast-grep/CAPLET.md @@ -6,9 +6,21 @@ tags: - mcp - code - search +setup: + commands: + - label: Install ast-grep MCP + command: npm + args: ["install", "-g", "ast-grep-mcp"] + timeoutMs: 120000 + maxOutputBytes: 200000 + verify: + - label: Check ast-grep MCP + command: ast-grep-mcp + args: ["--help"] + timeoutMs: 10000 + maxOutputBytes: 20000 mcpServer: - command: npx - args: [-y, ast-grep-mcp] + command: ast-grep-mcp --- # ast-grep MCP @@ -17,6 +29,12 @@ Use this Caplet to expose ast-grep's structural search, scan, rule testing, rewr The manifest uses the full `ast-grep-mcp` MCP server. +## Setup + +This Caplet installs `ast-grep-mcp` globally with npm, then verifies the installed binary with +`ast-grep-mcp --help`. Setup is explicit because hosted and local stdio runtimes need a stable +binary instead of running package-manager downloads during each MCP startup. + ## Safety Read-only search, scan, and normal test actions set `readOnlyHint: true`. Apply-all rewrite, snapshot-update, and scaffolding actions set `destructiveHint: true` because they can modify files. diff --git a/caplets/context7/CAPLET.md b/caplets/context7/CAPLET.md index 6668d04..341b19d 100644 --- a/caplets/context7/CAPLET.md +++ b/caplets/context7/CAPLET.md @@ -7,11 +7,21 @@ tags: - libraries - frameworks - api-reference +setup: + commands: + - label: Install Context7 MCP + command: npm + args: ["install", "-g", "@upstash/context7-mcp"] + timeoutMs: 120000 + maxOutputBytes: 200000 + verify: + - label: Check Context7 MCP + command: context7-mcp + args: ["--help"] + timeoutMs: 10000 + maxOutputBytes: 20000 mcpServer: - command: npx - args: - - -y - - "@upstash/context7-mcp" + command: context7-mcp --- # Context7 Documentation @@ -31,3 +41,9 @@ documentation before writing code or giving technical instructions. - Prefer primary documentation over snippets when implementation risk is high. - Record the library or package name clearly before searching. - Do not use this as a substitute for project-local types and tests. + +## Setup + +This Caplet installs `@upstash/context7-mcp` globally with npm, then verifies the installed +`context7-mcp` binary with `--help`. Setup is explicit so hosted and local stdio runtimes start a +known binary without running `npx` package downloads on every agent session. diff --git a/caplets/playwright/CAPLET.md b/caplets/playwright/CAPLET.md index 058838e..d692073 100644 --- a/caplets/playwright/CAPLET.md +++ b/caplets/playwright/CAPLET.md @@ -7,11 +7,27 @@ tags: - testing - mcp - frontend +setup: + commands: + - label: Install Playwright MCP + command: npm + args: ["install", "-g", "@playwright/mcp@0.0.75"] + timeoutMs: 120000 + maxOutputBytes: 200000 + - label: Install Chromium browser + command: npx + args: ["playwright", "install", "chromium"] + timeoutMs: 180000 + maxOutputBytes: 200000 + verify: + - label: Check Playwright MCP + command: playwright-mcp + args: ["--help"] + timeoutMs: 10000 + maxOutputBytes: 20000 mcpServer: - command: npx + command: playwright-mcp args: - - -y - - "@playwright/mcp@0.0.75" - --headless --- @@ -29,7 +45,10 @@ visual inspection, or end-to-end testing workflows. ## Setup -This Caplet starts Playwright MCP with `npx -y @playwright/mcp@0.0.75 --headless`. +This Caplet installs `@playwright/mcp@0.0.75` globally with npm, installs the Chromium browser +runtime with `npx playwright install chromium`, then verifies `playwright-mcp --help`. Setup is +explicit because browser automation needs both a stable MCP binary and a browser runtime before the +hosted or local stdio server starts. Remove `--headless`, or set `PLAYWRIGHT_MCP_HEADLESS=false` in a custom MCP environment, to use a visible browser. For advanced settings, create a diff --git a/plugins/caplets/assets/icon.png b/docs/assets/caplets-icon.png similarity index 100% rename from plugins/caplets/assets/icon.png rename to docs/assets/caplets-icon.png diff --git a/docs/native-integrations.md b/docs/native-integrations.md new file mode 100644 index 0000000..0ce55c5 --- /dev/null +++ b/docs/native-integrations.md @@ -0,0 +1,26 @@ +# Native Integrations And Project Binding + +Native integrations use the same Project Binding vocabulary as the CLI. + +Explicit remote mode is eager. If a user configures a remote service and the remote Project Binding path cannot start, the integration fails hard so the caller sees the configuration problem. + +Auto or configured hosted behavior is lazy. The native integration can start local Caplets immediately, then attach hosted Project Binding metadata when the remote side becomes available. When the lazy path fails, local Caplets remain available and the warning points to `caplets doctor`. + +## Remote Selection + +OpenCode and Pi use the same resolver as `caplets attach`. + +- `CAPLETS_MODE=local` exposes local/user/project Caplets only. +- `CAPLETS_MODE=remote` requires `CAPLETS_REMOTE_URL` and connects to a self-hosted Caplets service. +- `CAPLETS_MODE=cloud` requires `CAPLETS_REMOTE_URL` pointing at Caplets Cloud and uses saved `caplets cloud auth login` credentials. +- `CAPLETS_MODE=auto` treats Cloud URLs as Cloud, non-Cloud remote URLs as self-hosted, and no remote URL as local. + +Cloud mode starts Project Binding automatically for the current project and overlays local/project Caplets over the remote workspace. + +Native metadata should expose: + +- auth mode: `hosted_cloud`, `self_hosted_remote`, or `unconfigured` +- Selected Workspace ID or slug when hosted Cloud Auth is active +- Binding Session state +- Project Binding endpoint +- last recovery command diff --git a/docs/plans/2026-05-21-mcp-resources-prompts.md b/docs/plans/2026-05-21-mcp-resources-prompts.md index 5462346..397e1aa 100644 --- a/docs/plans/2026-05-21-mcp-resources-prompts.md +++ b/docs/plans/2026-05-21-mcp-resources-prompts.md @@ -1,5 +1,7 @@ # MCP Resources and Prompts Implementation Plan +> Superseded for remote/server environment naming: current client integrations use `CAPLETS_REMOTE_*`, while the process hosting `caplets serve --transport http` uses `CAPLETS_SERVER_*`. This plan remains historical implementation context. + > **For agentic workers:** REQUIRED SUB-SKILL: Use superpowers:subagent-driven-development (recommended) or superpowers:executing-plans to implement this plan task-by-task. Steps use checkbox (`- [ ]`) syntax for tracking. **Goal:** Add MCP resource, resource-template, prompt, and completion support to MCP-backed Caplets while keeping non-MCP backends tool-only. diff --git a/docs/plans/2026-05-29-cli-integration-setup.md b/docs/plans/2026-05-29-cli-integration-setup.md index 39df2d3..4eac40e 100644 --- a/docs/plans/2026-05-29-cli-integration-setup.md +++ b/docs/plans/2026-05-29-cli-integration-setup.md @@ -1,5 +1,7 @@ # CLI Integration Setup Implementation Plan +> Superseded for remote/server environment naming: current client integrations use `CAPLETS_REMOTE_*`, while the process hosting `caplets serve --transport http` uses `CAPLETS_SERVER_*`. This plan remains historical implementation context. + > **For agentic workers:** REQUIRED SUB-SKILL: Use superpowers:subagent-driven-development (recommended) or superpowers:executing-plans to implement this plan task-by-task. Steps use checkbox (`- [ ]`) syntax for tracking. **Goal:** Add a quick `caplets setup` CLI command that actually installs or configures supported agent integrations, with `--dry-run` available for preview. diff --git a/docs/plans/2026-06-04-remote-attach-and-agent-integrations.md b/docs/plans/2026-06-04-remote-attach-and-agent-integrations.md new file mode 100644 index 0000000..85ceaa2 --- /dev/null +++ b/docs/plans/2026-06-04-remote-attach-and-agent-integrations.md @@ -0,0 +1,1738 @@ +# Remote Attach And Agent Integrations Implementation Plan + +> **For agentic workers:** REQUIRED SUB-SKILL: Use superpowers:subagent-driven-development (recommended) or superpowers:executing-plans to implement this plan task-by-task. Steps use checkbox (`- [ ]`) syntax for tracking. + +**Goal:** Make `caplets serve` local-only, make `caplets attach` the remote-backed MCP server for self-hosted and Cloud upstreams, keep OpenCode/Pi on the shared resolver, and remove Codex/Claude native plugin artifacts. + +**Architecture:** Consolidate remote selection in Core around `CAPLETS_MODE` and `CAPLETS_REMOTE_*`, then reuse that resolver from the attach command and native integrations. `serve` keeps the existing local `CapletsEngine` path, while `attach` creates a remote-plus-local-overlay MCP surface and starts Project Binding automatically for Cloud selections. + +**Tech Stack:** TypeScript, Commander, Vitest, MCP SDK stdio and Streamable HTTP transports, Hono HTTP server, existing Cloud Auth store/client, existing Project Binding session manager, OpenCode and Pi native integration packages, pnpm. + +--- + +## Source Spec + +- Root design spec: `/Users/ianpascoe/src/caplets-mono/docs/superpowers/specs/2026-06-04-remote-attach-and-agent-integration-design.md` +- Core plan location follows `core/AGENTS.md`: `/Users/ianpascoe/src/caplets-mono/core/docs/plans/` + +## File Structure + +- Modify `packages/core/src/remote/options.ts`: expand mode parsing to `auto | local | remote | cloud`, add Cloud URL detection, and keep self-hosted auth resolution separate from Cloud Auth. +- Add `packages/core/src/remote/selection.ts`: resolve a full upstream selection for commands and integrations, including self-hosted remote options, Cloud credentials, refresh, selected workspace, and Project Binding metadata. +- Modify `packages/core/src/project-binding/attach.ts`: consume the shared selection helper for one-shot Project Binding probes and long-running sessions; stop treating saved Cloud Auth as an implicit remote when no remote URL or Cloud mode is selected. +- Add `packages/core/src/attach/options.ts`: resolve `caplets attach` server options, including `--transport stdio|http`, HTTP bind/auth options, and the remote selection. +- Add `packages/core/src/attach/server.ts`: start the remote-backed MCP server for stdio and HTTP transports and own the attach server lifecycle. +- Add `packages/core/src/serve/native-session.ts`: register MCP tools from a `NativeCapletsService` so `attach` can expose the remote-plus-local-overlay surface without inventing a second merge path. +- Modify `packages/core/src/serve/http.ts`: extract the session creation seam so HTTP serving can use either local `CapletsMcpSession` or native-service-backed sessions. +- Modify `packages/core/src/serve/index.ts`: export reusable serve helpers used by attach. +- Modify `packages/core/src/cli.ts`: change `caplets attach` from binding-only default to MCP server default; keep `--once` as the Project Binding smoke path. +- Modify `packages/core/src/native/options.ts`: use the shared resolver and expose `local | remote | cloud` semantics to OpenCode/Pi. +- Modify `packages/core/src/native/service.ts`: start Cloud Project Binding from saved Cloud Auth in Cloud mode and preserve local overlay precedence. +- Modify `packages/core/src/native/remote.ts`: adjust auth failure guidance for self-hosted vs Cloud modes. +- Modify `packages/core/src/native.ts`: export new resolver and option types. +- Modify `packages/core/test/remote-options.test.ts`: cover `CAPLETS_MODE=cloud`, auto Cloud detection, invalid mode/URL combinations, and self-hosted auth. +- Add `packages/core/test/remote-selection.test.ts`: cover saved Cloud Auth loading, refresh, workspace matching, token precedence, and no-implicit-cloud behavior. +- Modify `packages/core/test/attach-cli.test.ts`: cover attach server option parsing, `--once` Project Binding smoke behavior, local-mode rejection, and Cloud mode errors. +- Add `packages/core/test/attach-server.test.ts`: cover stdio/http attach server delegation using a fake native service and fake serve transports. +- Modify `packages/core/test/cloud-auth-refresh-attach.test.ts`: assert refresh occurs only through explicit Cloud selection. +- Modify `packages/core/test/native-options.test.ts`: cover Cloud mode and auto Cloud detection for native integrations. +- Modify `packages/core/test/native-remote.test.ts`: cover Cloud Project Binding startup and fallback semantics. +- Modify `packages/core/test/agent-plugins.test.ts`: invert plugin assertions so Codex/Claude plugin artifacts are absent and manual MCP docs are present. +- Delete `plugins/caplets/.codex-plugin/plugin.json`. +- Delete `plugins/caplets/.claude-plugin/plugin.json`. +- Delete `plugins/caplets/mcp.json`. +- Delete `plugins/caplets/skills/caplets/SKILL.md`. +- Delete `plugins/caplets/assets/icon.png` only if no package README or landing asset still references it; otherwise move the asset to a non-plugin docs asset path in the same task. +- Delete `plugins/caplets/` after required children are removed. +- Delete `.agents/plugins/marketplace.json`. +- Delete `.claude-plugin/marketplace.json`. +- Delete `scripts/sync-plugin-versions.ts`. +- Modify `package.json`: remove `scripts/sync-plugin-versions.ts` from `version-packages`. +- Modify `README.md`: replace Codex/Claude plugin install docs with manual MCP config for `serve` and `attach`. +- Modify `packages/cli/README.md` if it contains plugin install guidance. +- Modify `docs/native-integrations.md`: document OpenCode/Pi `CAPLETS_MODE` and `CAPLETS_REMOTE_*` behavior. +- Modify `packages/opencode/README.md`: document local, self-hosted, and Cloud env flows. +- Modify `packages/pi/README.md`: document local, self-hosted, and Cloud env/settings flows. +- Add a Changesets entry for `@caplets/core`, `caplets`, `@caplets/opencode`, and `@caplets/pi`. + +--- + +## Task 1: Shared Remote Mode Semantics + +**Files:** + +- Modify: `packages/core/src/remote/options.ts` +- Modify: `packages/core/test/remote-options.test.ts` + +- [ ] **Step 1: Add failing resolver tests** + +Append these cases to `packages/core/test/remote-options.test.ts`: + +```ts +it("supports explicit cloud mode with a Caplets Cloud URL", () => { + expect( + resolveRemoteMode( + {}, + { + CAPLETS_MODE: "cloud", + CAPLETS_REMOTE_URL: "https://cloud.caplets.dev", + }, + ), + ).toEqual({ mode: "cloud" }); +}); + +it("detects cloud mode in auto from CAPLETS_REMOTE_URL", () => { + expect(resolveRemoteMode({}, { CAPLETS_REMOTE_URL: "https://cloud.caplets.dev" })).toEqual({ + mode: "cloud", + }); +}); + +it("keeps non-Cloud CAPLETS_REMOTE_URL in self-hosted remote mode", () => { + expect( + resolveRemoteMode({}, { CAPLETS_REMOTE_URL: "https://caplets.example.com/caplets" }), + ).toEqual({ + mode: "remote", + }); +}); + +it("rejects explicit cloud mode with a non-Cloud URL", () => { + expect(() => + resolveRemoteMode( + {}, + { + CAPLETS_MODE: "cloud", + CAPLETS_REMOTE_URL: "https://caplets.example.com/caplets", + }, + ), + ).toThrow(/CAPLETS_MODE=cloud requires CAPLETS_REMOTE_URL to point at Caplets Cloud/u); +}); + +it("rejects explicit cloud mode without CAPLETS_REMOTE_URL", () => { + expect(() => resolveRemoteMode({}, { CAPLETS_MODE: "cloud" })).toThrow( + /CAPLETS_MODE=cloud requires CAPLETS_REMOTE_URL/u, + ); +}); + +it("parses cloud as a valid CAPLETS_MODE value", () => { + expect(() => resolveRemoteMode({}, { CAPLETS_MODE: "sidecar" })).toThrow( + /Expected CAPLETS_MODE to be auto, local, remote, or cloud/u, + ); +}); +``` + +- [ ] **Step 2: Run resolver tests to verify red** + +Run: + +```bash +pnpm --filter @caplets/core test -- test/remote-options.test.ts +``` + +Expected: FAIL because `cloud` is not accepted and auto always maps any remote URL to `remote`. + +- [ ] **Step 3: Implement mode expansion** + +In `packages/core/src/remote/options.ts`, change the mode type and parser: + +```ts +export type CapletsRemoteMode = "local" | "remote" | "cloud"; + +export function resolveRemoteMode( + input: CapletsRemoteModeInput = {}, + env: CapletsRemoteEnv = process.env, +): { mode: CapletsRemoteMode } { + const mode = parseCapletsMode(input.mode ?? env.CAPLETS_MODE ?? "auto"); + if (mode === "local") return { mode: "local" }; + + const rawUrl = + nonEmpty(input.remoteUrl, "remoteUrl") ?? + nonEmpty(env.CAPLETS_REMOTE_URL, "CAPLETS_REMOTE_URL"); + + if (mode === "remote") { + if (rawUrl === undefined) { + throw new CapletsError( + "REQUEST_INVALID", + "CAPLETS_MODE=remote requires CAPLETS_REMOTE_URL or remoteUrl.", + ); + } + return { mode: "remote" }; + } + + if (mode === "cloud") { + if (rawUrl === undefined) { + throw new CapletsError("REQUEST_INVALID", "CAPLETS_MODE=cloud requires CAPLETS_REMOTE_URL."); + } + if (!isCapletsCloudUrl(rawUrl)) { + throw new CapletsError( + "REQUEST_INVALID", + "CAPLETS_MODE=cloud requires CAPLETS_REMOTE_URL to point at Caplets Cloud.", + ); + } + return { mode: "cloud" }; + } + + if (rawUrl === undefined) return { mode: "local" }; + return isCapletsCloudUrl(rawUrl) ? { mode: "cloud" } : { mode: "remote" }; +} + +export function isCapletsCloudUrl(value: string): boolean { + let url: URL; + try { + url = new URL(value); + } catch { + return false; + } + const host = url.hostname.toLowerCase(); + return host === "cloud.caplets.dev" || host.endsWith(".preview.caplets.dev"); +} + +function parseCapletsMode(value: string): "auto" | CapletsRemoteMode { + if (value === "auto" || value === "local" || value === "remote" || value === "cloud") { + return value; + } + throw new CapletsError( + "REQUEST_INVALID", + `Expected CAPLETS_MODE to be auto, local, remote, or cloud, got ${value}`, + ); +} +``` + +- [ ] **Step 4: Run resolver tests to verify green** + +Run: + +```bash +pnpm --filter @caplets/core test -- test/remote-options.test.ts +``` + +Expected: PASS. + +- [ ] **Step 5: Commit** + +```bash +git add packages/core/src/remote/options.ts packages/core/test/remote-options.test.ts +git commit -m "feat(core): resolve cloud remote mode" +``` + +--- + +## Task 2: Full Upstream Selection With Cloud Auth + +**Files:** + +- Add: `packages/core/src/remote/selection.ts` +- Modify: `packages/core/src/project-binding/attach.ts` +- Add: `packages/core/test/remote-selection.test.ts` +- Modify: `packages/core/test/cloud-auth-refresh-attach.test.ts` + +- [ ] **Step 1: Add failing selection tests** + +Create `packages/core/test/remote-selection.test.ts`: + +```ts +import { describe, expect, it } from "vitest"; +import { CloudAuthStore } from "../src/cloud-auth/store"; +import { resolveRemoteSelection } from "../src/remote/selection"; +import { hostedCredentials, tempCloudAuthPath } from "./fixtures/cloud-auth"; + +describe("resolveRemoteSelection", () => { + it("rejects attach selection in local mode", async () => { + await expect(resolveRemoteSelection({}, { CAPLETS_MODE: "local" })).rejects.toThrow( + /caplets attach requires a remote upstream; use caplets serve for local-only MCP/u, + ); + }); + + it("rejects auto mode without a remote URL for attach", async () => { + await expect(resolveRemoteSelection({}, {})).rejects.toThrow(/CAPLETS_REMOTE_URL/u); + }); + + it("resolves self-hosted remote auth from CAPLETS_REMOTE variables", async () => { + await expect( + resolveRemoteSelection( + {}, + { + CAPLETS_MODE: "remote", + CAPLETS_REMOTE_URL: "https://caplets.example.com/caplets", + CAPLETS_REMOTE_TOKEN: "remote-token", + }, + ), + ).resolves.toMatchObject({ + kind: "self_hosted_remote", + remote: { + baseUrl: new URL("https://caplets.example.com/caplets"), + auth: { type: "bearer", token: "remote-token" }, + }, + }); + }); + + it("uses saved Cloud Auth in cloud mode and ignores self-hosted token vars", async () => { + const path = tempCloudAuthPath(); + await new CloudAuthStore({ path }).save(hostedCredentials({ accessToken: "cloud-access" })); + + const resolved = await resolveRemoteSelection( + {}, + { + CAPLETS_MODE: "cloud", + CAPLETS_REMOTE_URL: "https://cloud.caplets.dev", + CAPLETS_REMOTE_TOKEN: "self-hosted-token", + CAPLETS_CLOUD_AUTH_PATH: path, + }, + ); + + expect(resolved).toMatchObject({ + kind: "hosted_cloud", + selectedWorkspace: "personal", + remote: { + baseUrl: new URL("https://cloud.caplets.dev"), + auth: { type: "bearer", token: "cloud-access" }, + }, + }); + }); + + it("refreshes expired Cloud credentials before returning the upstream", async () => { + const path = tempCloudAuthPath(); + await new CloudAuthStore({ path }).save( + hostedCredentials({ + accessToken: "old-access", + refreshToken: "old-refresh", + expiresAt: "2026-06-03T00:00:00.000Z", + }), + ); + + const resolved = await resolveRemoteSelection( + { + fetch: async (url, init) => { + expect(String(url)).toBe("https://cloud.caplets.dev/api/cloud-client/refresh"); + expect(JSON.parse(String(init?.body))).toEqual({ refreshToken: "old-refresh" }); + return Response.json({ + status: "authenticated", + cloudUrl: "https://cloud.caplets.dev", + workspaceId: "workspace_personal", + workspaceSlug: "personal", + accessToken: "new-access", + refreshToken: "new-refresh", + expiresAt: "2999-01-01T00:00:00.000Z", + scope: ["project_binding:read", "project_binding:write"], + tokenType: "Bearer", + credentialFamilyId: "family_123", + }); + }, + }, + { + CAPLETS_MODE: "cloud", + CAPLETS_REMOTE_URL: "https://cloud.caplets.dev", + CAPLETS_CLOUD_AUTH_PATH: path, + }, + ); + + expect(resolved.remote.auth).toEqual({ type: "bearer", token: "new-access" }); + }); + + it("requires Cloud Auth when cloud mode is selected", async () => { + await expect( + resolveRemoteSelection( + {}, + { + CAPLETS_MODE: "cloud", + CAPLETS_REMOTE_URL: "https://cloud.caplets.dev", + }, + ), + ).rejects.toMatchObject({ + projectBindingCode: "cloud_auth_required", + }); + }); +}); +``` + +- [ ] **Step 2: Run selection tests to verify red** + +Run: + +```bash +pnpm --filter @caplets/core test -- test/remote-selection.test.ts +``` + +Expected: FAIL because `remote/selection.ts` does not exist. + +- [ ] **Step 3: Implement `resolveRemoteSelection`** + +Create `packages/core/src/remote/selection.ts` with these exports and behavior: + +```ts +import { CloudAuthClient } from "../cloud-auth/client"; +import { CloudAuthStore, type CloudAuthCredentials } from "../cloud-auth/store"; +import { projectBindingError } from "../project-binding/errors"; +import { resolveCapletsRemote, resolveRemoteMode, type ResolvedCapletsRemote } from "./options"; + +export type RemoteSelectionInput = { + remoteUrl?: string; + user?: string; + password?: string; + token?: string; + workspace?: string; + fetch?: typeof fetch; + requireUpstream?: boolean; +}; + +export type ResolvedRemoteSelection = + | { + kind: "self_hosted_remote"; + remote: ResolvedCapletsRemote; + } + | { + kind: "hosted_cloud"; + remote: ResolvedCapletsRemote; + selectedWorkspace: string; + credentials: CloudAuthCredentials; + cloudPresence: { + url: URL; + accessToken: string; + workspaceId: string; + }; + }; + +export async function resolveRemoteSelection( + input: RemoteSelectionInput = {}, + env: Record = process.env, +): Promise { + const mode = resolveRemoteMode({ mode: env.CAPLETS_MODE, remoteUrl: input.remoteUrl }, env); + if (mode.mode === "local") { + throw new Error( + "caplets attach requires a remote upstream; use caplets serve for local-only MCP.", + ); + } + + if (mode.mode === "remote") { + return { + kind: "self_hosted_remote", + remote: resolveCapletsRemote( + { + url: input.remoteUrl, + user: input.user, + password: input.password, + token: input.token, + workspace: input.workspace, + fetch: input.fetch, + }, + env, + ), + }; + } + + const store = new CloudAuthStore({ env }); + let credentials = await store.load(); + if (!credentials?.accessToken) throw projectBindingError("cloud_auth_required"); + + if (credentialsNeedRefresh(credentials)) { + if (!credentials.refreshToken) throw projectBindingError("cloud_auth_required"); + const refreshed = await new CloudAuthClient({ + cloudUrl: credentials.cloudUrl, + ...(input.fetch ? { fetch: input.fetch } : {}), + }).refresh({ refreshToken: credentials.refreshToken }); + credentials = { + ...credentials, + ...refreshed, + refreshToken: refreshed.refreshToken ?? credentials.refreshToken, + createdAt: credentials.createdAt, + lastRefreshAt: new Date().toISOString(), + }; + await store.save(credentials); + } + + const selectedWorkspace = credentials.workspaceSlug ?? credentials.workspaceId; + if ( + input.workspace && + input.workspace !== credentials.workspaceId && + input.workspace !== credentials.workspaceSlug + ) { + throw projectBindingError( + "workspace_switch_required", + `Requested workspace ${input.workspace} differs from saved Selected Workspace ${selectedWorkspace}.`, + ); + } + + const remoteUrl = input.remoteUrl ?? env.CAPLETS_REMOTE_URL ?? credentials.cloudUrl; + const remote = resolveCapletsRemote( + { + url: remoteUrl, + token: credentials.accessToken, + workspace: selectedWorkspace, + ...(input.fetch ? { fetch: input.fetch } : {}), + }, + {}, + ); + + return { + kind: "hosted_cloud", + remote, + selectedWorkspace, + credentials, + cloudPresence: { + url: new URL(remoteUrl), + accessToken: credentials.accessToken, + workspaceId: credentials.workspaceId, + }, + }; +} + +function credentialsNeedRefresh(credentials: { expiresAt: string }): boolean { + const expiresAt = Date.parse(credentials.expiresAt); + return Number.isFinite(expiresAt) && expiresAt <= Date.now() + 60_000; +} +``` + +During implementation, replace the plain `Error` local-mode failure with `CapletsError("REQUEST_INVALID", ...)` so JSON CLI handling remains structured. + +- [ ] **Step 4: Update Project Binding attach to use selection** + +In `packages/core/src/project-binding/attach.ts`: + +- Replace direct `resolveCapletsRemote(...)` calls with `await resolveRemoteSelection(...)`. +- Remove `hasExplicitRemote(...)`; saved Cloud Auth must not implicitly select Cloud without `CAPLETS_MODE=cloud` or `CAPLETS_MODE=auto` plus a Cloud `CAPLETS_REMOTE_URL`. +- Keep `authMode` values as `"self_hosted_remote"` and `"hosted_cloud"` from `selection.kind`. +- Keep `selectedWorkspace` only for Cloud selections. + +The resolved return should be shaped like: + +```ts +const selection = await resolveRemoteSelection(remoteInput, env); +return { + projectRoot: raw.projectRoot ?? process.cwd(), + json: raw.json === true, + verbose: raw.verbose === true, + once: raw.once === true, + remote: selection.remote, + authMode: selection.kind, + ...(selection.kind === "hosted_cloud" + ? { selectedWorkspace: selection.selectedWorkspace } + : remoteInput.workspace + ? { selectedWorkspace: remoteInput.workspace } + : {}), +}; +``` + +- [ ] **Step 5: Update Cloud refresh attach tests** + +In `packages/core/test/cloud-auth-refresh-attach.test.ts`, update every attach call that expects Cloud Auth to pass: + +```ts +{ + CAPLETS_MODE: "cloud", + CAPLETS_REMOTE_URL: "https://cloud.caplets.dev", + CAPLETS_CLOUD_AUTH_PATH: path, +} +``` + +Add one regression test: + +```ts +it("does not implicitly use saved Cloud Auth without cloud mode or a Cloud remote URL", async () => { + const path = tempCloudAuthPath(); + await new CloudAuthStore({ path }).save(hostedCredentials()); + + await expect( + attachProjectOnce({ projectRoot: "/repo" }, { CAPLETS_CLOUD_AUTH_PATH: path }), + ).rejects.toThrow(/CAPLETS_REMOTE_URL/u); +}); +``` + +- [ ] **Step 6: Run selection and attach tests** + +Run: + +```bash +pnpm --filter @caplets/core test -- test/remote-selection.test.ts test/cloud-auth-refresh-attach.test.ts test/attach-cli.test.ts +``` + +Expected: PASS. + +- [ ] **Step 7: Commit** + +```bash +git add packages/core/src/remote/selection.ts packages/core/src/project-binding/attach.ts packages/core/test/remote-selection.test.ts packages/core/test/cloud-auth-refresh-attach.test.ts packages/core/test/attach-cli.test.ts +git commit -m "feat(core): select remote upstreams for attach" +``` + +--- + +## Task 3: Native-Service-Backed MCP Sessions + +**Files:** + +- Add: `packages/core/src/serve/native-session.ts` +- Modify: `packages/core/src/serve/index.ts` +- Add: `packages/core/test/attach-server.test.ts` + +- [ ] **Step 1: Add failing session tests** + +Create `packages/core/test/attach-server.test.ts` with a fake MCP server: + +```ts +import { describe, expect, it, vi } from "vitest"; +import { NativeCapletsMcpSession } from "../src/serve/native-session"; + +describe("NativeCapletsMcpSession", () => { + it("registers tools from a native Caplets service", async () => { + const registered = new Map(); + const server = { + registerTool: vi.fn((name: string, definition: unknown, callback: unknown) => { + registered.set(name, { definition, callback }); + return { remove: vi.fn(), update: vi.fn() }; + }), + connect: vi.fn(async () => undefined), + close: vi.fn(async () => undefined), + }; + const service = { + listTools: () => [ + { + caplet: "remote-alpha", + toolName: "caplets_remote_alpha", + title: "Remote Alpha", + description: "Remote alpha tool", + promptGuidance: [], + inputSchema: { + type: "object", + properties: { operation: { type: "string", enum: ["inspect"] } }, + }, + operationNames: ["inspect"], + }, + ], + execute: vi.fn(async () => ({ ok: true })), + reload: vi.fn(async () => true), + onToolsChanged: vi.fn(() => () => undefined), + close: vi.fn(async () => undefined), + }; + + const session = new NativeCapletsMcpSession(service, { server }); + + expect([...registered.keys()]).toEqual(["remote-alpha"]); + const tool = registered.get("remote-alpha") as { + callback: (request: unknown) => Promise; + }; + await expect(tool.callback({ operation: "inspect" })).resolves.toEqual({ ok: true }); + expect(service.execute).toHaveBeenCalledWith("remote-alpha", { operation: "inspect" }); + await session.close(); + expect(service.close).toHaveBeenCalledOnce(); + }); + + it("updates registered tools when the native service changes", () => { + let listener: ((tools: unknown[]) => void) | undefined; + const removed = vi.fn(); + const updates: unknown[] = []; + const server = { + registerTool: vi.fn((_name: string, _definition: unknown, _callback: unknown) => ({ + remove: removed, + update: (definition: unknown) => updates.push(definition), + })), + connect: vi.fn(async () => undefined), + close: vi.fn(async () => undefined), + }; + const service = { + listTools: () => [ + { caplet: "alpha", title: "Alpha", description: "Alpha", promptGuidance: [] }, + ], + execute: vi.fn(async () => ({})), + reload: vi.fn(async () => true), + onToolsChanged: vi.fn((nextListener: (tools: unknown[]) => void) => { + listener = nextListener; + return () => undefined; + }), + close: vi.fn(async () => undefined), + }; + + new NativeCapletsMcpSession(service as never, { server }); + listener?.([{ caplet: "beta", title: "Beta", description: "Beta", promptGuidance: [] }]); + + expect(removed).toHaveBeenCalledOnce(); + expect(server.registerTool).toHaveBeenCalledWith( + "beta", + expect.objectContaining({ title: "Beta" }), + expect.any(Function), + ); + }); +}); +``` + +- [ ] **Step 2: Run session tests to verify red** + +Run: + +```bash +pnpm --filter @caplets/core test -- test/attach-server.test.ts +``` + +Expected: FAIL because `serve/native-session.ts` does not exist. + +- [ ] **Step 3: Implement native MCP session** + +Create `packages/core/src/serve/native-session.ts`: + +```ts +import { McpServer, type RegisteredTool } from "@modelcontextprotocol/sdk/server/mcp"; +import type { Transport } from "@modelcontextprotocol/sdk/shared/transport"; +import { version as packageJsonVersion } from "../../package.json"; +import type { NativeCapletsService, NativeCapletTool } from "../native/service"; + +export type NativeToolServer = Pick; + +export type NativeCapletsMcpSessionOptions = { + server?: NativeToolServer; +}; + +export class NativeCapletsMcpSession { + readonly server: NativeToolServer; + private readonly tools = new Map(); + private readonly unsubscribe: () => void; + private closed = false; + + constructor( + private readonly service: NativeCapletsService, + options: NativeCapletsMcpSessionOptions = {}, + ) { + this.server = + options.server ?? + new McpServer({ + name: "caplets", + version: packageJsonVersion, + }); + this.unsubscribe = service.onToolsChanged((tools) => this.reconcileTools(tools)); + this.reconcileTools(service.listTools()); + } + + async connect(transport: Transport): Promise { + await this.server.connect(transport); + } + + async close(): Promise { + if (this.closed) return; + this.closed = true; + this.unsubscribe(); + this.tools.clear(); + await this.server.close(); + await this.service.close(); + } + + private reconcileTools(next: NativeCapletTool[]): void { + const enabled = new Map(next.map((tool) => [tool.caplet, tool])); + for (const [id, registered] of this.tools) { + const tool = enabled.get(id); + if (!tool) { + registered.remove(); + this.tools.delete(id); + continue; + } + registered.update(this.definition(tool)); + } + for (const tool of enabled.values()) { + if (!this.tools.has(tool.caplet)) { + this.tools.set( + tool.caplet, + this.server.registerTool(tool.caplet, this.definition(tool), async (request) => + this.service.execute(tool.caplet, request), + ), + ); + } + } + } + + private definition(tool: NativeCapletTool) { + return { + title: tool.title, + description: tool.description, + inputSchema: tool.inputSchema, + }; + } +} +``` + +During implementation, verify the installed MCP SDK overload. If `registerTool` requires Zod `paramsSchema` instead of raw JSON Schema, convert missing or raw schemas through the existing generated Caplets schema for remote tools and document the lossless raw schema follow-up in the commit body. + +- [ ] **Step 4: Export the session** + +In `packages/core/src/serve/index.ts`, export: + +```ts +export { NativeCapletsMcpSession } from "./native-session"; +export type { NativeCapletsMcpSessionOptions, NativeToolServer } from "./native-session"; +``` + +- [ ] **Step 5: Run session tests** + +Run: + +```bash +pnpm --filter @caplets/core test -- test/attach-server.test.ts +``` + +Expected: PASS. + +- [ ] **Step 6: Commit** + +```bash +git add packages/core/src/serve/native-session.ts packages/core/src/serve/index.ts packages/core/test/attach-server.test.ts +git commit -m "feat(core): expose native caplets over mcp" +``` + +--- + +## Task 4: `caplets attach` MCP Server + +**Files:** + +- Add: `packages/core/src/attach/options.ts` +- Add: `packages/core/src/attach/server.ts` +- Modify: `packages/core/src/cli.ts` +- Modify: `packages/core/test/attach-cli.test.ts` +- Modify: `packages/core/test/attach-server.test.ts` + +- [ ] **Step 1: Add failing CLI contract tests** + +In `packages/core/test/attach-cli.test.ts`, update help expectations: + +```ts +expect(out.join("")).toContain("Start a remote-backed Caplets MCP server."); +expect(out.join("")).toContain("--transport "); +expect(out.join("")).toContain("--once"); +``` + +Add tests: + +```ts +it("runs attach as a stdio MCP server by default", async () => { + const served: unknown[] = []; + await runCli(["attach"], { + env: { + CAPLETS_MODE: "remote", + CAPLETS_REMOTE_URL: "https://caplets.example.com/caplets", + }, + attachServe: async (options) => { + served.push(options); + }, + } as never); + + expect(served).toHaveLength(1); + expect(served[0]).toMatchObject({ + transport: "stdio", + selection: { kind: "self_hosted_remote" }, + }); +}); + +it("rejects attach server in local mode", async () => { + await expect( + runCli(["attach"], { + env: { CAPLETS_MODE: "local" }, + attachServe: async () => undefined, + } as never), + ).rejects.toThrow(/use caplets serve for local-only MCP/u); +}); + +it("keeps attach --once as the finite Project Binding smoke path", async () => { + const out: string[] = []; + await runCli(["attach", "--once", "--remote-url", "https://caplets.example.com/caplets"], { + fetch: async () => Response.json({ error: "websocket_upgrade_required" }, { status: 426 }), + writeOut: (value) => out.push(value), + }); + expect(out.join("")).toContain("Project Binding available at"); +}); +``` + +The `attachServe` seam is intentionally test-only and mirrors the existing `serve` seam. + +- [ ] **Step 2: Run attach CLI tests to verify red** + +Run: + +```bash +pnpm --filter @caplets/core test -- test/attach-cli.test.ts +``` + +Expected: FAIL because `attach` does not accept `--transport` and defaults to Project Binding session behavior. + +- [ ] **Step 3: Implement attach option resolution** + +Create `packages/core/src/attach/options.ts`: + +```ts +import { resolveServeOptions, type RawServeOptions, type ServeOptions } from "../serve/options"; +import { + resolveRemoteSelection, + type RemoteSelectionInput, + type ResolvedRemoteSelection, +} from "../remote/selection"; + +export type RawAttachServeOptions = RemoteSelectionInput & + RawServeOptions & { + projectRoot?: string; + }; + +export type AttachServeOptions = ServeOptions & { + projectRoot: string; + selection: ResolvedRemoteSelection; +}; + +export async function resolveAttachServeOptions( + raw: RawAttachServeOptions = {}, + env: Record = process.env, +): Promise { + const selection = await resolveRemoteSelection(raw, env); + const serve = resolveServeOptions(raw, env); + return { + ...serve, + projectRoot: raw.projectRoot ?? process.cwd(), + selection, + }; +} +``` + +- [ ] **Step 4: Implement attach server lifecycle** + +Create `packages/core/src/attach/server.ts`: + +```ts +import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio"; +import { createNativeCapletsService } from "../native/service"; +import { NativeCapletsMcpSession } from "../serve/native-session"; +import { serveHttpWithSessionFactory } from "../serve/http"; +import type { AttachServeOptions } from "./options"; + +export type AttachServeIo = { + writeErr?: (value: string) => void; +}; + +export async function attachResolvedCaplets( + options: AttachServeOptions, + io: AttachServeIo = {}, +): Promise { + const service = createNativeCapletsService({ + mode: options.selection.kind === "hosted_cloud" ? "cloud" : "remote", + server: { + url: options.selection.remote.baseUrl.toString(), + fetch: options.selection.remote.fetch, + }, + remote: { + fetch: options.selection.remote.fetch, + cloud: + options.selection.kind === "hosted_cloud" + ? { + url: options.selection.cloudPresence.url.toString(), + accessToken: options.selection.cloudPresence.accessToken, + workspaceId: options.selection.cloudPresence.workspaceId, + projectRoot: options.projectRoot, + } + : undefined, + }, + ...(io.writeErr ? { writeErr: io.writeErr } : {}), + }); + await service.reload(); + + if (options.transport === "stdio") { + const session = new NativeCapletsMcpSession(service); + await session.connect(new StdioServerTransport()); + return; + } + + await serveHttpWithSessionFactory( + options, + () => new NativeCapletsMcpSession(service), + io.writeErr, + ); +} +``` + +During implementation, copy credentials and request headers from `selection.remote.requestInit` into the native remote client options. The snippet above shows the lifecycle shape; the final code must preserve Bearer and Basic Auth headers. + +- [ ] **Step 5: Extract HTTP session factory** + +In `packages/core/src/serve/http.ts`, extract the existing `createHttpSession(...)` path behind a function that can accept either: + +```ts +type HttpMcpSessionFactory = () => { + connect(transport: StreamableHTTPTransport): Promise; + close(): Promise; +}; +``` + +Export: + +```ts +export async function serveHttpWithSessionFactory( + options: HttpServeOptions, + createSession: HttpMcpSessionFactory, + writeErr?: (value: string) => void, +): Promise; +``` + +Keep `serveHttp(...)` behavior unchanged by calling the new helper with a factory that creates the existing local `CapletsMcpSession`. + +- [ ] **Step 6: Wire CLI default attach behavior** + +In `packages/core/src/cli.ts`: + +- Add `attachServe?: (options: AttachServeOptions) => Promise` to `CliIO`. +- Add attach options `--transport`, `--host`, `--port`, `--path`, `--user`, `--password`, `--token`, `--allow-unauthenticated-http`, and `--trust-proxy`. +- Keep `--once` on the existing `attachProjectOnce(...)` path. +- For non-`--once`, call `resolveAttachServeOptions(...)`, then `io.attachServe ?? attachResolvedCaplets`. +- Change description to `Start a remote-backed Caplets MCP server.` + +- [ ] **Step 7: Run attach tests** + +Run: + +```bash +pnpm --filter @caplets/core test -- test/attach-cli.test.ts test/attach-server.test.ts +``` + +Expected: PASS. + +- [ ] **Step 8: Commit** + +```bash +git add packages/core/src/attach/options.ts packages/core/src/attach/server.ts packages/core/src/serve/http.ts packages/core/src/cli.ts packages/core/test/attach-cli.test.ts packages/core/test/attach-server.test.ts +git commit -m "feat(core): serve remote mcp with attach" +``` + +--- + +## Task 5: Native Integration Cloud Mode + +**Files:** + +- Modify: `packages/core/src/native/options.ts` +- Modify: `packages/core/src/native/service.ts` +- Modify: `packages/core/src/native/remote.ts` +- Modify: `packages/core/src/native.ts` +- Modify: `packages/core/test/native-options.test.ts` +- Modify: `packages/core/test/native-remote.test.ts` + +- [ ] **Step 1: Add failing native option tests** + +Append to `packages/core/test/native-options.test.ts`: + +```ts +it("uses cloud mode in auto when CAPLETS_REMOTE_URL points at Caplets Cloud", () => { + expect( + resolveNativeCapletsServiceOptions( + {}, + { + CAPLETS_REMOTE_URL: "https://cloud.caplets.dev", + }, + ), + ).toMatchObject({ + mode: "cloud", + remote: { + url: new URL("https://cloud.caplets.dev/mcp"), + }, + }); +}); + +it("uses cloud mode when CAPLETS_MODE=cloud is explicit", () => { + expect( + resolveNativeCapletsServiceOptions( + {}, + { + CAPLETS_MODE: "cloud", + CAPLETS_REMOTE_URL: "https://cloud.caplets.dev", + }, + ), + ).toMatchObject({ mode: "cloud" }); +}); + +it("rejects CAPLETS_MODE=cloud with a self-hosted remote URL", () => { + expect(() => + resolveNativeCapletsServiceOptions( + {}, + { + CAPLETS_MODE: "cloud", + CAPLETS_REMOTE_URL: "https://caplets.example.com/caplets", + }, + ), + ).toThrow(/Caplets Cloud/u); +}); +``` + +- [ ] **Step 2: Add failing native Cloud service tests** + +Append to `packages/core/test/native-remote.test.ts`: + +```ts +it("starts Cloud Project Binding when native service runs in cloud mode", async () => { + const path = tempCloudAuthPath(); + await new CloudAuthStore({ path }).save(hostedCredentials({ accessToken: "cloud-access" })); + const factory = vi.fn(() => client([{ name: "remote", description: "Remote" }]).api); + + const service = createNativeCapletsService({ + mode: "cloud", + server: { url: "https://cloud.caplets.dev" }, + remoteClientFactory: factory, + projectConfigPath: tempProjectConfigWithTool("local"), + } as never); + + await service.reload(); + expect(service.listTools().map((tool) => tool.caplet)).toContain("remote"); + await service.close(); +}); +``` + +Use existing test helpers in this file for local overlay config, or add a small helper that writes `.caplets/config.json` into a temp directory and returns the path. + +- [ ] **Step 3: Run native tests to verify red** + +Run: + +```bash +pnpm --filter @caplets/core test -- test/native-options.test.ts test/native-remote.test.ts +``` + +Expected: FAIL because native mode only supports `local | remote`. + +- [ ] **Step 4: Update native option types** + +In `packages/core/src/native/options.ts`: + +- Change `type CapletsMode = "auto" | "local" | "remote";` to include `"cloud"`. +- Let `ResolvedNativeCapletsServiceOptions` use `mode: "remote" | "cloud"` for remote-backed services. +- Call `resolveRemoteMode(...)` from Task 1. +- For Cloud mode, return the MCP URL and request headers needed for Cloud Auth resolution but do not require `CAPLETS_CLOUD_TOKEN` env vars. + +The final union should be: + +```ts +export type ResolvedNativeCapletsServiceOptions = + | { mode: "local" } + | { + mode: "remote" | "cloud"; + remote: { + url: URL; + auth: NativeRemoteAuthOptions; + pollIntervalMs: number; + requestInit: RequestInit; + cloud?: ResolvedNativeCloudPresenceOptions; + fetch?: typeof fetch; + }; + }; +``` + +- [ ] **Step 5: Load saved Cloud Auth for native Cloud mode** + +In `packages/core/src/native/service.ts`, update `createNativeCapletsService(...)`: + +- Treat `resolved.mode === "cloud"` the same as remote-backed for composition. +- Before creating the SDK remote client, use the shared selection helper or a native equivalent to load saved Cloud Auth credentials. +- Populate `resolved.remote.requestInit` with `Authorization: Bearer `. +- Populate `resolved.remote.cloud` with Cloud Project Binding presence options. +- Preserve existing behavior where explicit self-hosted remote mode fails hard, while auto Cloud fallback can warn and return local only when the remote setup cannot initialize. + +Keep local overlay precedence unchanged: + +```ts +const localIds = new Set(localTools.map((tool) => tool.caplet)); +return [...remoteTools.filter((tool) => !localIds.has(tool.caplet)), ...localTools]; +``` + +- [ ] **Step 6: Update remote auth error copy** + +In `packages/core/src/native/remote.ts`, make `remoteAuthError(...)` accept an auth kind: + +```ts +function remoteAuthError(kind: "self_hosted_remote" | "hosted_cloud"): CapletsError { + return new CapletsError( + "AUTH_FAILED", + kind === "hosted_cloud" + ? "Caplets Cloud authentication failed; run caplets cloud auth login." + : "Remote Caplets authentication failed; check CAPLETS_REMOTE_TOKEN or CAPLETS_REMOTE_USER and CAPLETS_REMOTE_PASSWORD.", + ); +} +``` + +Thread the kind from native service creation into `RemoteNativeCapletsService`. + +- [ ] **Step 7: Run native tests** + +Run: + +```bash +pnpm --filter @caplets/core test -- test/native-options.test.ts test/native-remote.test.ts +``` + +Expected: PASS. + +- [ ] **Step 8: Commit** + +```bash +git add packages/core/src/native/options.ts packages/core/src/native/service.ts packages/core/src/native/remote.ts packages/core/src/native.ts packages/core/test/native-options.test.ts packages/core/test/native-remote.test.ts +git commit -m "feat(core): drive native integrations from cloud mode" +``` + +--- + +## Task 6: OpenCode And Pi Docs/Config Validation + +**Files:** + +- Modify: `packages/opencode/src/index.ts` +- Modify: `packages/opencode/test/opencode.test.ts` +- Modify: `packages/opencode/README.md` +- Modify: `packages/pi/src/index.ts` +- Modify: `packages/pi/test/pi.test.ts` +- Modify: `packages/pi/README.md` +- Modify: `docs/native-integrations.md` + +- [ ] **Step 1: Add integration config tests** + +In `packages/opencode/test/opencode.test.ts`, add: + +```ts +it("passes cloud mode config into the native service", async () => { + vi.resetModules(); + const nativeMocks = { + createNativeCapletsService: vi.fn(() => ({ + listTools: () => [], + execute: vi.fn(async () => ({})), + reload: vi.fn(async () => true), + onToolsChanged: vi.fn(() => () => {}), + close: vi.fn(async () => {}), + })), + registerNativeCapletsProcessCleanup: vi.fn(), + }; + vi.doMock("@caplets/core/native", () => nativeMocks); + const plugin = (await import("../src/index")).default; + + await plugin( + {} as never, + { mode: "cloud", server: { url: "https://cloud.caplets.dev" } } as never, + ); + + expect(nativeMocks.createNativeCapletsService).toHaveBeenCalledWith({ + mode: "cloud", + server: { url: "https://cloud.caplets.dev" }, + }); +}); +``` + +In `packages/pi/test/pi.test.ts`, add a settings extraction case: + +```ts +it("loads cloud mode from Pi settings", async () => { + fsMocks.readFile.mockImplementation(async (path: string) => + path.includes(".pi/agent/settings.json") + ? JSON.stringify({ caplets: { mode: "cloud", server: { url: "https://cloud.caplets.dev" } } }) + : Promise.reject(Object.assign(new Error("missing"), { code: "ENOENT" })), + ); + + await capletsPiExtension(mockPiApi()); + + expect(nativeMocks.createNativeCapletsService).toHaveBeenCalledWith( + expect.objectContaining({ + mode: "cloud", + server: { url: "https://cloud.caplets.dev" }, + }), + ); +}); +``` + +- [ ] **Step 2: Run package tests to verify red or confirm no code change needed** + +Run: + +```bash +pnpm --filter @caplets/opencode test +pnpm --filter @caplets/pi test +``` + +Expected: PASS if existing config plumbing already accepts `"cloud"` after Task 5 type changes; otherwise FAIL on narrow type validation and fix in Step 3. + +- [ ] **Step 3: Confirm config types accept cloud mode** + +In `packages/opencode/src/index.ts` and `packages/pi/src/index.ts`, keep the current config shape but ensure the imported `NativeCapletsServiceOptions` type includes `mode: "cloud"` after Task 5: + +```ts +export type CapletsOpenCodeConfig = Pick; +type PiNativeCapletsOptions = Pick; +``` + +No runtime special case should be added for Cloud. + +- [ ] **Step 4: Update native integration docs** + +In `docs/native-integrations.md`, add this contract: + +```md +## Remote Selection + +OpenCode and Pi use the same resolver as `caplets attach`. + +- `CAPLETS_MODE=local` exposes local/user/project Caplets only. +- `CAPLETS_MODE=remote` requires `CAPLETS_REMOTE_URL` and connects to a self-hosted Caplets service. +- `CAPLETS_MODE=cloud` requires `CAPLETS_REMOTE_URL` pointing at Caplets Cloud and uses saved `caplets cloud auth login` credentials. +- `CAPLETS_MODE=auto` treats Cloud URLs as Cloud, non-Cloud remote URLs as self-hosted, and no remote URL as local. + +Cloud mode starts Project Binding automatically for the current project and overlays local/project Caplets over the remote workspace. +``` + +In both integration READMEs, include the three copyable env examples: + +```bash +CAPLETS_MODE=local opencode +CAPLETS_MODE=remote CAPLETS_REMOTE_URL=https://caplets.example.com/caplets opencode +CAPLETS_MODE=cloud CAPLETS_REMOTE_URL=https://cloud.caplets.dev opencode +``` + +Use `pi` in the Pi README examples. + +- [ ] **Step 5: Run package tests** + +Run: + +```bash +pnpm --filter @caplets/opencode test +pnpm --filter @caplets/pi test +``` + +Expected: PASS. + +- [ ] **Step 6: Commit** + +```bash +git add packages/opencode/src/index.ts packages/opencode/test/opencode.test.ts packages/opencode/README.md packages/pi/src/index.ts packages/pi/test/pi.test.ts packages/pi/README.md docs/native-integrations.md +git commit -m "docs(core): document native cloud mode" +``` + +--- + +## Task 7: Remove Codex And Claude Plugin Artifacts + +**Files:** + +- Delete: `plugins/caplets/.codex-plugin/plugin.json` +- Delete: `plugins/caplets/.claude-plugin/plugin.json` +- Delete: `plugins/caplets/mcp.json` +- Delete: `plugins/caplets/skills/caplets/SKILL.md` +- Delete: `plugins/caplets/assets/icon.png` or move it to a non-plugin asset path if still referenced +- Delete: `.agents/plugins/marketplace.json` +- Delete: `.claude-plugin/marketplace.json` +- Delete: `scripts/sync-plugin-versions.ts` +- Modify: `package.json` +- Modify: `packages/core/test/agent-plugins.test.ts` + +- [ ] **Step 1: Invert plugin artifact tests** + +Replace `packages/core/test/agent-plugins.test.ts` with contract tests that assert absence: + +```ts +import { existsSync } from "node:fs"; +import { readFile } from "node:fs/promises"; +import path from "node:path"; +import { fileURLToPath } from "node:url"; +import { describe, expect, it } from "vitest"; + +const repoRoot = path.resolve(path.dirname(fileURLToPath(import.meta.url)), "../../.."); + +describe("Codex and Claude manual MCP setup", () => { + it("does not ship native Codex or Claude plugin artifacts", () => { + for (const removedPath of [ + "plugins/caplets", + ".agents/plugins/marketplace.json", + ".claude-plugin/marketplace.json", + "scripts/sync-plugin-versions.ts", + ]) { + expect(existsSync(path.join(repoRoot, removedPath)), removedPath).toBe(false); + } + }); + + it("documents manual MCP config for Codex and Claude users", async () => { + const readme = await readFile(path.join(repoRoot, "README.md"), "utf8"); + expect(readme).toContain('"command": "caplets"'); + expect(readme).toContain('"args": ["serve"]'); + expect(readme).toContain('"args": ["attach"]'); + expect(readme).not.toMatch(/plugin marketplace add|plugin install caplets@caplets/u); + }); + + it("does not keep version-package plugin sync wiring", async () => { + const packageJson = JSON.parse(await readFile(path.join(repoRoot, "package.json"), "utf8")) as { + scripts: Record; + }; + expect(packageJson.scripts["version-packages"] ?? "").not.toContain("sync-plugin-versions"); + }); +}); +``` + +- [ ] **Step 2: Run plugin tests to verify red** + +Run: + +```bash +pnpm --filter @caplets/core test -- test/agent-plugins.test.ts +``` + +Expected: FAIL because plugin artifacts still exist and README still references plugin install flows. + +- [ ] **Step 3: Delete plugin artifacts** + +Delete these paths: + +```bash +git rm -r plugins/caplets .agents/plugins/marketplace.json .claude-plugin/marketplace.json scripts/sync-plugin-versions.ts +``` + +If `git rm -r plugins/caplets` fails because the icon is referenced by `README.md`, move the image first: + +```bash +mkdir -p docs/assets +git mv plugins/caplets/assets/icon.png docs/assets/caplets-icon.png +git rm -r plugins/caplets .agents/plugins/marketplace.json .claude-plugin/marketplace.json scripts/sync-plugin-versions.ts +``` + +Then update the README image path from `plugins/caplets/assets/icon.png` to `docs/assets/caplets-icon.png`. + +- [ ] **Step 4: Remove version sync wiring** + +In `package.json`, remove `scripts/sync-plugin-versions.ts` from the `version-packages` script. The final script must still run Changesets and formatting for remaining generated files: + +```json +"version-packages": "changeset version && oxlint --fix --quiet && oxfmt --write ." +``` + +If the current script has additional non-plugin commands, preserve them and remove only the plugin sync command. + +- [ ] **Step 5: Run plugin tests** + +Run: + +```bash +pnpm --filter @caplets/core test -- test/agent-plugins.test.ts +``` + +Expected: PASS. + +- [ ] **Step 6: Commit** + +```bash +git add package.json packages/core/test/agent-plugins.test.ts README.md docs/assets/caplets-icon.png +git add -u plugins .agents .claude-plugin scripts +git commit -m "refactor(core): remove codex and claude plugins" +``` + +--- + +## Task 8: Manual MCP Documentation + +**Files:** + +- Modify: `README.md` +- Modify: `packages/cli/README.md` +- Modify: `packages/core/test/agent-plugins.test.ts` + +- [ ] **Step 1: Add docs contract assertions** + +Extend `packages/core/test/agent-plugins.test.ts`: + +```ts +it("documents serve for local MCP and attach for remote MCP", async () => { + const readme = await readFile(path.join(repoRoot, "README.md"), "utf8"); + expect(readme).toContain("caplets serve"); + expect(readme).toContain("caplets attach"); + expect(readme).toContain("CAPLETS_MODE=cloud"); + expect(readme).toContain("CAPLETS_REMOTE_URL=https://cloud.caplets.dev"); + expect(readme).toContain("CAPLETS_MODE=remote"); +}); +``` + +- [ ] **Step 2: Update top-level Core README integration table** + +In `README.md`, replace the existing agent integration table rows for Claude and Codex with: + +```md +| Codex | Add `caplets serve` or `caplets attach` manually in MCP config | Local or remote/Cloud progressive-disclosure gateway | +| Claude Code | Add `caplets serve` or `caplets attach` manually in MCP config | Local or remote/Cloud progressive-disclosure gateway | +``` + +Add the manual MCP examples exactly: + +```json +{ + "mcpServers": { + "caplets": { + "command": "caplets", + "args": ["serve"] + } + } +} +``` + +```json +{ + "mcpServers": { + "caplets": { + "command": "caplets", + "args": ["attach"] + } + } +} +``` + +Add Cloud env setup: + +```bash +caplets cloud auth login +export CAPLETS_MODE=cloud +export CAPLETS_REMOTE_URL=https://cloud.caplets.dev +``` + +Add self-hosted env setup: + +```bash +export CAPLETS_MODE=remote +export CAPLETS_REMOTE_URL=https://caplets.example.com/caplets +export CAPLETS_REMOTE_TOKEN=... +``` + +- [ ] **Step 3: Update CLI README** + +If `packages/cli/README.md` exists and references plugin installs, replace those paragraphs with the same manual MCP examples from Step 2. If it does not contain plugin guidance, add a short `Manual MCP setup` section with the two JSON examples. + +- [ ] **Step 4: Run docs contract tests** + +Run: + +```bash +pnpm --filter @caplets/core test -- test/agent-plugins.test.ts +``` + +Expected: PASS. + +- [ ] **Step 5: Commit** + +```bash +git add README.md packages/cli/README.md packages/core/test/agent-plugins.test.ts +git commit -m "docs(core): prefer manual mcp setup" +``` + +--- + +## Task 9: CLI Error Handling And Regression Matrix + +**Files:** + +- Modify: `packages/core/test/attach-cli.test.ts` +- Modify: `packages/core/test/remote-options.test.ts` +- Modify: `packages/core/test/native-options.test.ts` +- Modify: `packages/core/src/cli.ts` +- Modify: `packages/core/src/remote/selection.ts` + +- [ ] **Step 1: Add explicit error tests** + +Add these cases across the listed test files: + +```ts +it("prints JSON error for attach --once when cloud auth is missing", async () => { + const out: string[] = []; + let exitCode = 0; + await runCli(["attach", "--once", "--json"], { + env: { + CAPLETS_MODE: "cloud", + CAPLETS_REMOTE_URL: "https://cloud.caplets.dev", + }, + writeOut: (value) => out.push(value), + setExitCode: (code) => { + exitCode = code; + }, + }); + + expect(exitCode).toBe(1); + expect(JSON.parse(out.join(""))).toMatchObject({ + error: { + code: "cloud_auth_required", + recoveryCommand: "caplets cloud auth login", + }, + }); +}); + +it("references CAPLETS_REMOTE_TOKEN or Basic Auth vars for self-hosted auth failures", async () => { + await expect( + resolveCapletsRemote( + { user: "caplets" }, + { CAPLETS_REMOTE_URL: "https://caplets.example.com/caplets" }, + ), + ).toThrow(/CAPLETS_REMOTE_PASSWORD/u); +}); +``` + +- [ ] **Step 2: Run focused regression tests** + +Run: + +```bash +pnpm --filter @caplets/core test -- test/attach-cli.test.ts test/remote-options.test.ts test/native-options.test.ts +``` + +Expected: FAIL for any missing structured error handling. + +- [ ] **Step 3: Normalize errors** + +In `packages/core/src/remote/selection.ts`, throw `CapletsError` or `ProjectBindingError` for every user-facing failure: + +- local mode for attach: `REQUEST_INVALID` +- missing remote URL for attach: `REQUEST_INVALID` +- missing Cloud Auth: existing `projectBindingError("cloud_auth_required")` +- workspace mismatch: existing `projectBindingError("workspace_switch_required")` +- Cloud URL mismatch: `REQUEST_INVALID` + +In `packages/core/src/cli.ts`, ensure the `--once --json` handler serializes these errors consistently with the existing Project Binding JSON branch. + +- [ ] **Step 4: Run regression tests** + +Run: + +```bash +pnpm --filter @caplets/core test -- test/attach-cli.test.ts test/remote-options.test.ts test/native-options.test.ts +``` + +Expected: PASS. + +- [ ] **Step 5: Commit** + +```bash +git add packages/core/src/cli.ts packages/core/src/remote/selection.ts packages/core/test/attach-cli.test.ts packages/core/test/remote-options.test.ts packages/core/test/native-options.test.ts +git commit -m "fix(core): clarify attach remote errors" +``` + +--- + +## Task 10: Changeset And Full Verification + +**Files:** + +- Add: `.changeset/.md` +- Modify: any generated schema or docs files changed by package scripts + +- [ ] **Step 1: Add Changesets entry** + +Create a changeset: + +```bash +pnpm changeset +``` + +Use this content: + +```md +--- +"@caplets/core": minor +"caplets": minor +"@caplets/opencode": minor +"@caplets/pi": minor +--- + +Make `caplets attach` the remote-backed MCP server command, add Cloud-aware `CAPLETS_MODE` resolution, keep OpenCode and Pi on the shared resolver, and remove Codex/Claude plugin artifacts in favor of manual MCP configuration. +``` + +- [ ] **Step 2: Run formatting** + +Run: + +```bash +pnpm format:check +``` + +Expected: PASS. If it fails only on changed files, run `pnpm format` and re-run `pnpm format:check`. + +- [ ] **Step 3: Run Core focused tests** + +Run: + +```bash +pnpm --filter @caplets/core test -- test/remote-options.test.ts test/remote-selection.test.ts test/attach-cli.test.ts test/attach-server.test.ts test/cloud-auth-refresh-attach.test.ts test/native-options.test.ts test/native-remote.test.ts test/agent-plugins.test.ts +``` + +Expected: PASS. + +- [ ] **Step 4: Run integration package tests** + +Run: + +```bash +pnpm --filter @caplets/opencode test +pnpm --filter @caplets/pi test +``` + +Expected: PASS. + +- [ ] **Step 5: Run Core verification** + +Run: + +```bash +pnpm core:verify +``` + +Expected: PASS. + +- [ ] **Step 6: Run root coordination verification** + +Run: + +```bash +pnpm verify +``` + +Expected: PASS. + +- [ ] **Step 7: Manual smoke commands** + +Build first: + +```bash +pnpm core:build +``` + +Smoke local serve help: + +```bash +node core/packages/cli/dist/index.js serve --help +``` + +Expected output includes `Serve configured Caplets as an MCP server.` and does not mention Cloud Auth. + +Smoke attach help: + +```bash +node core/packages/cli/dist/index.js attach --help +``` + +Expected output includes `Start a remote-backed Caplets MCP server.`, `--transport `, `--once`, and `--remote-url `. + +Smoke local-mode attach rejection: + +```bash +CAPLETS_MODE=local node core/packages/cli/dist/index.js attach --transport stdio +``` + +Expected: exits non-zero with `use caplets serve for local-only MCP`. + +- [ ] **Step 8: Final commit** + +```bash +git add . +git commit -m "chore(core): verify remote attach integration" +``` + +If every previous task already committed all files and the working tree is clean, skip the final commit and record the verification commands in the final response. + +--- + +## Self-Review Checklist + +- [ ] `caplets serve` remains local-only for stdio and HTTP and does not consult Cloud Auth. +- [ ] `caplets attach` starts an MCP server by default and supports stdio and HTTP transports. +- [ ] `caplets attach --once` remains a finite Project Binding smoke path. +- [ ] `CAPLETS_MODE=local` rejects attach and points users to `caplets serve`. +- [ ] `CAPLETS_MODE=remote` requires `CAPLETS_REMOTE_URL` and uses self-hosted token or Basic Auth. +- [ ] `CAPLETS_MODE=cloud` requires a Cloud URL and saved `caplets cloud auth login` credentials. +- [ ] `CAPLETS_MODE=auto` detects Cloud from `CAPLETS_REMOTE_URL`, detects self-hosted remotes from non-Cloud URLs, and falls back to local only for native integrations with no remote URL. +- [ ] Cloud mode ignores self-hosted `CAPLETS_REMOTE_TOKEN` and uses saved Cloud Auth. +- [ ] Cloud mode refreshes expired saved credentials before attach/native remote use. +- [ ] Cloud mode starts Project Binding automatically and preserves local/project overlay precedence. +- [ ] OpenCode and Pi remain installed native integrations and require no Cloud-specific plugin manifest. +- [ ] Codex and Claude plugin marketplace metadata, bundled MCP config, and shared plugin skill are removed. +- [ ] Codex and Claude docs show manual MCP config for both `serve` and `attach`. +- [ ] Focused tests, package tests, `pnpm core:verify`, and root `pnpm verify` pass. diff --git a/docs/project-binding.md b/docs/project-binding.md new file mode 100644 index 0000000..29883e3 --- /dev/null +++ b/docs/project-binding.md @@ -0,0 +1,55 @@ +# Project Binding + +Project Binding connects one local project root to a remote Caplets runtime so project-bound tools can run against the same files the user is editing. + +## Attach Modes + +`caplets attach --once` validates Cloud Auth or self-hosted remote credentials, bootstraps `.caplets/.gitignore`, checks the Project Binding endpoint, runs sync preflight when the project root exists, and exits. + +`caplets attach` opens a foreground Binding Session. It reports state events, keeps the Project Binding lease alive, and exits only when interrupted or when the session reaches a terminal state. + +Hosted Cloud uses `caplets cloud auth login` and a Selected Workspace. Self-hosted remotes use `CAPLETS_REMOTE_URL` plus `CAPLETS_REMOTE_TOKEN` or Basic Auth credentials. Passing `--workspace` must match the saved Selected Workspace; use `caplets cloud auth switch ` for an explicit switch. + +## Binding Session Loop + +Foreground attach creates a server-side Binding Session through the Project Binding control API, opens the control WebSocket, emits normalized JSON events, sends periodic heartbeats, and sends a remote session-end request when interrupted. A single reconnectable WebSocket close emits a `reconnecting` event before retrying the same Binding Session. + +`caplets attach --once` remains finite. It only probes the HTTP equivalent of the WebSocket endpoint and accepts the `websocket_upgrade_required` response as proof that the endpoint is reachable. + +Hosted attach refreshes expired local Cloud Auth credentials before creating the Binding Session. If the saved refresh credential has been revoked, attach fails closed and asks the user to log in again. + +## States + +Binding Session states are: + +- `not_attached` +- `attaching` +- `syncing` +- `ready` +- `degraded` +- `blocked` +- `offline` +- `cleaning_up` +- `ended` +- `expired` + +Terminal states include a reason with a stable code, message, optional request ID, and recovery command. + +## Sync Safety + +Sync filtering applies in this order: + +- Caplets hard denylist, including `.git`, `node_modules`, `.venv`, caches, build outputs, archives, private keys, and unsafe env files. +- `.gitignore`. +- `.capletsignore`. + +Safe env templates remain allowed: `.env.example`, `.env.sample`, and `.env.template`. + +Hosted defaults are Free 25 MiB per file and 250 MiB per project, Plus 100 MiB and 1 GiB, Pro 250 MiB and 5 GiB, and Enterprise policy-controlled. Self-hosted defaults to 250 MiB and 5 GiB. + +## Recovery + +- `cloud_auth_required`: `caplets cloud auth login` +- `workspace_switch_required`: `caplets cloud auth switch ` +- `sync_size_limit_exceeded`: add exclusions to `.capletsignore` or upgrade the workspace plan +- `endpoint_unavailable`: `caplets doctor` diff --git a/infra/alchemy-domains.ts b/infra/alchemy-domains.ts new file mode 100644 index 0000000..bb4c388 --- /dev/null +++ b/infra/alchemy-domains.ts @@ -0,0 +1,22 @@ +const globalBaseDomain = "caplets.dev"; + +export interface AlchemyDomains { + baseDomain: string; + landingPageDomain: string; + landingPageUrl: string; +} + +export function buildAlchemyDomains( + stage: string, + { local = false }: { local?: boolean } = {}, +): AlchemyDomains { + const baseDomain = stage === "prod" ? globalBaseDomain : `${stage}.preview.${globalBaseDomain}`; + const landingPageDomain = baseDomain; + const landingPageUrl = local ? `http://localhost:4321` : `https://${landingPageDomain}`; + + return { + baseDomain, + landingPageDomain, + landingPageUrl, + }; +} diff --git a/scripts/alchemy-fetch-compat.test.ts b/infra/alchemy-fetch-compat.test.ts similarity index 93% rename from scripts/alchemy-fetch-compat.test.ts rename to infra/alchemy-fetch-compat.test.ts index 446dd42..55b94f1 100644 --- a/scripts/alchemy-fetch-compat.test.ts +++ b/infra/alchemy-fetch-compat.test.ts @@ -7,7 +7,7 @@ test("Alchemy fetch compatibility shim removes userland undici dispatcher before return new Response("ok"); }; - await import("./alchemy-fetch-compat"); + await import("./alchemy-fetch-compat.js"); const response = await globalThis.fetch("https://example.test", { dispatcher: { dispatch() {} }, diff --git a/scripts/alchemy-fetch-compat.ts b/infra/alchemy-fetch-compat.ts similarity index 100% rename from scripts/alchemy-fetch-compat.ts rename to infra/alchemy-fetch-compat.ts diff --git a/infra/alchemy-runner.test.ts b/infra/alchemy-runner.test.ts new file mode 100644 index 0000000..dc03509 --- /dev/null +++ b/infra/alchemy-runner.test.ts @@ -0,0 +1,39 @@ +import { expect, test } from "vitest"; +import { fileURLToPath } from "node:url"; + +import { buildAlchemyDomains } from "./alchemy-domains.js"; +import { buildNodeOptions } from "./alchemy-runner.js"; + +const shimPath = fileURLToPath(new URL("./alchemy-fetch-compat.ts", import.meta.url)); + +test("Alchemy runner injects fetch shim through NODE_OPTIONS for child processes", () => { + expect(buildNodeOptions(undefined)).toBe(`--import=${shimPath}`); +}); + +test("Alchemy runner preserves existing NODE_OPTIONS after the fetch shim", () => { + expect(buildNodeOptions("--trace-warnings")).toBe(`--import=${shimPath} --trace-warnings`); +}); + +test("Alchemy runner keeps fetch compatibility shim for cloud deployments", () => { + expect(buildNodeOptions()).toContain("alchemy-fetch-compat"); +}); + +test.each([ + { + landingPageDomain: "caplets.dev", + stage: "prod", + }, + { + landingPageDomain: "branch.preview.caplets.dev", + stage: "branch", + }, + { + landingPageDomain: "dev.preview.caplets.dev", + stage: "dev", + }, +])("derives matching domains for $stage", ({ landingPageDomain, stage }) => { + expect(buildAlchemyDomains(stage)).toMatchObject({ + landingPageDomain, + landingPageUrl: `https://${landingPageDomain}`, + }); +}); diff --git a/scripts/alchemy-runner.ts b/infra/alchemy-runner.ts similarity index 100% rename from scripts/alchemy-runner.ts rename to infra/alchemy-runner.ts diff --git a/mise.toml b/mise.toml index 6ea5a7e..bbf696b 100644 --- a/mise.toml +++ b/mise.toml @@ -1,2 +1,3 @@ [tools] node = "24" +pnpm = "11.5.0" diff --git a/output/playwright/cloud-ui-critique.png b/output/playwright/cloud-ui-critique.png new file mode 100644 index 0000000..a398c92 Binary files /dev/null and b/output/playwright/cloud-ui-critique.png differ diff --git a/package.json b/package.json index 0917b59..a00a7a1 100644 --- a/package.json +++ b/package.json @@ -1,20 +1,21 @@ { - "name": "@caplets/monorepo", + "name": "@caplets/core-mono", "private": true, "type": "module", "scripts": { - "alchemy:dev": "tsx ./scripts/alchemy-runner.ts dev", - "alchemy:deploy": "tsx ./scripts/alchemy-runner.ts deploy", - "alchemy:destroy": "tsx ./scripts/alchemy-runner.ts destroy", - "clean": "turbo clean", - "build": "turbo build", - "build:watch": "turbo build:watch", + "alchemy:deploy": "tsx ./infra/alchemy-runner.ts deploy", + "alchemy:destroy": "tsx ./infra/alchemy-runner.ts destroy", + "alchemy:dev": "tsx ./infra/alchemy-runner.ts dev", "benchmark": "pnpm --filter @caplets/benchmarks benchmark", "benchmark:check": "pnpm --filter @caplets/benchmarks benchmark:check", "benchmark:live": "pnpm --filter @caplets/benchmarks benchmark:live", "benchmark:live:opencode": "pnpm --filter @caplets/benchmarks benchmark:live:opencode", "benchmark:live:pi": "pnpm --filter @caplets/benchmarks benchmark:live:pi", + "build": "turbo build", + "build:watch": "turbo build:watch", "changeset": "changeset", + "clean": "turbo clean", + "clean-install": "rm -rf **/node_modules pnpm-lock.yaml && pnpm install", "dev": "tsx ./scripts/dev.ts", "format": "oxfmt .", "format:check": "oxfmt --check .", @@ -25,30 +26,30 @@ "release": "turbo build && changeset publish", "schema:check": "tsx ./scripts/generate-config-schema.ts --check", "schema:generate": "tsx ./scripts/generate-config-schema.ts", - "typecheck": "tsgo --noEmit && turbo typecheck", "test": "vitest run", + "typecheck": "tsgo --noEmit && turbo typecheck", "verify": "pnpm format:check && pnpm lint && pnpm typecheck && pnpm schema:check && pnpm test && pnpm benchmark:check && pnpm build", - "version-packages": "changeset version && tsx scripts/sync-plugin-versions.ts && oxfmt plugins/caplets/.codex-plugin/plugin.json plugins/caplets/.claude-plugin/plugin.json" + "version-packages": "changeset version && oxlint --fix --quiet && oxfmt --write ." }, "devDependencies": { "@changesets/cli": "^2.31.0", - "@cloudflare/workers-types": "^4.20260529.1", + "@cloudflare/workers-types": "^4.20260603.1", "@types/node": "^25.9.1", - "@typescript/native-preview": "7.0.0-dev.20260527.2", - "alchemy": "0.93.9", + "@typescript/native-preview": "7.0.0-dev.20260603.1", + "alchemy": "0.93.10", "husky": "^9.1.7", - "lint-staged": "^17.0.5", - "oxfmt": "^0.52.0", - "oxlint": "^1.67.0", + "lint-staged": "^17.0.7", + "oxfmt": "^0.53.0", + "oxlint": "^1.68.0", "prettier-plugin-astro": "^0.14.1", "rolldown": "^1.0.3", - "tsx": "^4.22.3", + "tsx": "^4.22.4", "turbo": "^2.9.16", "typescript": "^6.0.3", - "vitest": "^4.1.7" + "vitest": "^4.1.8" }, "engines": { - "node": ">=22" + "node": ">=24" }, - "packageManager": "pnpm@11.4.0" + "packageManager": "pnpm@11.5.0" } diff --git a/packages/benchmarks/package.json b/packages/benchmarks/package.json index 91a13dc..e16919a 100644 --- a/packages/benchmarks/package.json +++ b/packages/benchmarks/package.json @@ -17,9 +17,9 @@ }, "devDependencies": { "@types/node": "^25.9.1", - "@typescript/native-preview": "7.0.0-dev.20260527.2", + "@typescript/native-preview": "7.0.0-dev.20260603.1", "caplets": "workspace:*", "typescript": "^6.0.3", - "vitest": "^4.1.7" + "vitest": "^4.1.8" } } diff --git a/packages/cli/package.json b/packages/cli/package.json index 8979eb3..7bd4449 100644 --- a/packages/cli/package.json +++ b/packages/cli/package.json @@ -46,10 +46,10 @@ }, "devDependencies": { "@types/node": "^25.9.1", - "@typescript/native-preview": "7.0.0-dev.20260527.2", + "@typescript/native-preview": "7.0.0-dev.20260603.1", "rolldown": "^1.0.3", "typescript": "^6.0.3", - "vitest": "^4.1.7" + "vitest": "^4.1.8" }, "engines": { "node": ">=22" diff --git a/packages/core/package.json b/packages/core/package.json index 380184e..02283f4 100644 --- a/packages/core/package.json +++ b/packages/core/package.json @@ -38,6 +38,22 @@ "./native": { "types": "./dist/native.d.ts", "default": "./dist/native.js" + }, + "./caplet-source": { + "types": "./dist/caplet-source/index.d.ts", + "default": "./dist/caplet-source.js" + }, + "./caplet-source/filesystem": { + "types": "./dist/caplet-source/filesystem.d.ts", + "default": "./dist/caplet-source/filesystem.js" + }, + "./runtime-plan": { + "types": "./dist/runtime-plan/index.d.ts", + "default": "./dist/runtime-plan.js" + }, + "./config-runtime": { + "types": "./dist/config-runtime.d.ts", + "default": "./dist/config-runtime.js" } }, "publishConfig": { @@ -57,7 +73,7 @@ "@hono/node-server": "^2.0.4", "@modelcontextprotocol/sdk": "^1.29.0", "commander": "^15.0.0", - "graphql": "^16.14.0", + "graphql": "^16.14.1", "hono": "^4.12.23", "vfile": "^6.0.3", "vfile-matter": "^5.0.1", @@ -66,10 +82,10 @@ }, "devDependencies": { "@types/node": "^25.9.1", - "@typescript/native-preview": "7.0.0-dev.20260527.2", + "@typescript/native-preview": "7.0.0-dev.20260603.1", "rolldown": "^1.0.3", "typescript": "^6.0.3", - "vitest": "^4.1.7" + "vitest": "^4.1.8" }, "engines": { "node": ">=22" diff --git a/packages/core/rolldown.config.ts b/packages/core/rolldown.config.ts index b3d04df..9ed8b39 100644 --- a/packages/core/rolldown.config.ts +++ b/packages/core/rolldown.config.ts @@ -1,14 +1,29 @@ import { defineConfig } from "rolldown"; -export default defineConfig({ - input: { - index: "src/index.ts", - "generated-tool-input-schema": "src/generated-tool-input-schema.ts", - native: "src/native.ts", +export default defineConfig([ + { + input: { + index: "src/index.ts", + "caplet-source/filesystem": "src/caplet-source/filesystem.ts", + "config-runtime": "src/config-runtime.ts", + "generated-tool-input-schema": "src/generated-tool-input-schema.ts", + native: "src/native.ts", + }, + output: { + dir: "./dist", + format: "esm", + }, + platform: "node", }, - output: { - dir: "./dist", - format: "esm", + { + input: { + "caplet-source": "src/caplet-source/index.ts", + "runtime-plan": "src/runtime-plan/index.ts", + }, + output: { + dir: "./dist", + format: "esm", + }, + platform: "browser", }, - platform: "node", -}); +]); diff --git a/packages/core/src/attach/options.ts b/packages/core/src/attach/options.ts new file mode 100644 index 0000000..22a2108 --- /dev/null +++ b/packages/core/src/attach/options.ts @@ -0,0 +1,29 @@ +import { + resolveRemoteSelection, + type RemoteSelectionInput, + type ResolvedRemoteSelection, +} from "../remote/selection"; +import { resolveServeOptions, type RawServeOptions, type ServeOptions } from "../serve/options"; + +export type RawAttachServeOptions = RemoteSelectionInput & + RawServeOptions & { + projectRoot?: string; + }; + +export type AttachServeOptions = ServeOptions & { + projectRoot: string; + selection: ResolvedRemoteSelection; +}; + +export async function resolveAttachServeOptions( + raw: RawAttachServeOptions = {}, + env: Record = process.env, +): Promise { + const selection = await resolveRemoteSelection(raw, env); + const serve = resolveServeOptions(raw, env); + return { + ...serve, + projectRoot: raw.projectRoot ?? process.cwd(), + selection, + }; +} diff --git a/packages/core/src/attach/server.ts b/packages/core/src/attach/server.ts new file mode 100644 index 0000000..c1faeca --- /dev/null +++ b/packages/core/src/attach/server.ts @@ -0,0 +1,77 @@ +import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio"; +import type { CapletsRemoteAuth } from "../remote/options"; +import { createSdkRemoteCapletsClient } from "../native/remote"; +import { createNativeCapletsService } from "../native/service"; +import type { NativeRemoteAuthOptions } from "../native/options"; +import { serveHttpWithSessionFactory } from "../serve/http"; +import { NativeCapletsMcpSession } from "../serve/native-session"; +import type { AttachServeOptions } from "./options"; + +export type AttachServeIo = { + writeErr?: (value: string) => void; +}; + +export async function attachResolvedCaplets( + options: AttachServeOptions, + io: AttachServeIo = {}, +): Promise { + if (options.transport === "stdio") { + const service = createAttachNativeService(options, io); + const session = new NativeCapletsMcpSession(service); + await service.reload(); + await session.connect(new StdioServerTransport()); + return; + } + + await serveHttpWithSessionFactory( + options, + async () => { + const service = createAttachNativeService(options, io); + await service.reload(); + return new NativeCapletsMcpSession(service); + }, + io.writeErr, + ); +} + +function createAttachNativeService(options: AttachServeOptions, io: AttachServeIo) { + return createNativeCapletsService({ + mode: options.selection.kind === "hosted_cloud" ? "cloud" : "remote", + server: { + url: options.selection.remote.baseUrl.toString(), + ...(options.selection.remote.fetch ? { fetch: options.selection.remote.fetch } : {}), + }, + remote: { + ...(options.selection.remote.fetch ? { fetch: options.selection.remote.fetch } : {}), + ...(options.selection.kind === "hosted_cloud" + ? { + cloud: { + url: options.selection.cloudPresence.url.toString(), + accessToken: options.selection.cloudPresence.accessToken, + workspaceId: options.selection.cloudPresence.workspaceId, + projectRoot: options.projectRoot, + }, + } + : {}), + }, + remoteClientFactory: (resolved) => + createSdkRemoteCapletsClient({ + ...resolved, + requestInit: options.selection.remote.requestInit, + auth: nativeAuthFromRemoteAuth(options.selection.remote.auth), + url: options.selection.remote.mcpUrl, + ...(options.selection.remote.fetch ? { fetch: options.selection.remote.fetch } : {}), + }), + ...(io.writeErr ? { writeErr: io.writeErr } : {}), + }); +} + +function nativeAuthFromRemoteAuth(auth: CapletsRemoteAuth): NativeRemoteAuthOptions { + if (auth.type === "basic") { + return { enabled: true, user: auth.user, password: auth.password }; + } + if (auth.type === "none") { + return { enabled: false, user: auth.user }; + } + return { enabled: false, user: "caplets" }; +} diff --git a/packages/core/src/caplet-files-bundle.ts b/packages/core/src/caplet-files-bundle.ts new file mode 100644 index 0000000..a07988a --- /dev/null +++ b/packages/core/src/caplet-files-bundle.ts @@ -0,0 +1,1158 @@ +import { parse as parseYaml } from "yaml"; +import { z } from "zod"; +import { + FORBIDDEN_HEADERS, + HEADER_NAME_PATTERN, + HTTP_BASE_URL_PATTERN, + SERVER_ID_PATTERN, + isAllowedHttpBaseUrl, + isAllowedRemoteUrl, + isUrl, + validateHttpActionHeaders, +} from "./config/validation"; +import { CapletsError, redactSecrets } from "./errors"; +import { nestedSchema, schemaPath } from "./schema-utils"; + +const MAX_CAPLET_FILE_BYTES = 128 * 1024; +const MAX_CAPLET_BODY_CHARS = 64 * 1024; + +const capletRemoteAuthSchema = z + .discriminatedUnion("type", [ + z.object({ type: z.literal("none") }).strict(), + z.object({ type: z.literal("bearer"), token: z.string().min(1) }).strict(), + z + .object({ type: z.literal("headers"), headers: z.record(z.string(), z.string().min(1)) }) + .strict(), + z + .object({ + type: z.literal("oauth2"), + authorizationUrl: z.string().min(1).optional(), + tokenUrl: z.string().min(1).optional(), + issuer: z.string().min(1).optional(), + resourceMetadataUrl: z.string().min(1).optional(), + authorizationServerMetadataUrl: z.string().min(1).optional(), + openidConfigurationUrl: z.string().min(1).optional(), + clientMetadataUrl: z.string().min(1).optional(), + clientId: z.string().min(1).optional(), + clientSecret: z.string().min(1).optional(), + scopes: z.array(z.string().min(1)).optional(), + redirectUri: z.string().min(1).optional(), + }) + .strict(), + z + .object({ + type: z.literal("oidc"), + authorizationUrl: z.string().min(1).optional(), + tokenUrl: z.string().min(1).optional(), + issuer: z.string().min(1).optional(), + resourceMetadataUrl: z.string().min(1).optional(), + authorizationServerMetadataUrl: z.string().min(1).optional(), + openidConfigurationUrl: z.string().min(1).optional(), + clientMetadataUrl: z.string().min(1).optional(), + clientId: z.string().min(1).optional(), + clientSecret: z.string().min(1).optional(), + scopes: z.array(z.string().min(1)).optional(), + redirectUri: z.string().min(1).optional(), + }) + .strict(), + ]) + .describe("Authentication settings for a remote MCP server."); + +const capletSetupCommandSchema = z + .object({ + label: z.string().min(1).describe("Human-readable setup or verification step label."), + command: z.string().min(1).describe("Executable command to spawn without a shell."), + args: z.array(z.string()).optional().describe("Arguments passed to the command."), + env: z.record(z.string(), z.string()).optional().describe("Additional environment variables."), + cwd: z.string().min(1).optional().describe("Working directory for this command."), + timeoutMs: z.number().int().positive().optional(), + maxOutputBytes: z.number().int().positive().optional(), + }) + .strict(); + +const capletSetupSchema = z + .object({ + commands: z.array(capletSetupCommandSchema).optional(), + verify: z.array(capletSetupCommandSchema).optional(), + }) + .strict() + .refine( + (setup) => (setup.commands?.length ?? 0) > 0 || (setup.verify?.length ?? 0) > 0, + "setup must define at least one command or verify step", + ) + .describe("Optional explicit setup and verification metadata for this Caplet."); + +const capletProjectBindingSchema = z + .object({ required: z.literal(true) }) + .strict() + .describe("Project Binding requirements for Caplets that need an attached project."); + +const capletRuntimeFeatureSchema = z.enum(["docker", "browser"]); + +const capletRuntimeRequirementsSchema = z + .object({ + features: z + .array(capletRuntimeFeatureSchema) + .refine( + (features) => new Set(features).size === features.length, + "runtime.features must not contain duplicate feature names", + ) + .optional(), + resources: z + .object({ + class: z.enum(["standard", "large", "heavy"]).optional(), + }) + .strict() + .optional(), + }) + .strict() + .describe("Runtime feature and resource requirements for hosted execution."); + +const capletEndpointAuthSchema = z + .discriminatedUnion("type", [ + z.object({ type: z.literal("none") }).strict(), + z.object({ type: z.literal("bearer"), token: z.string().min(1) }).strict(), + z + .object({ type: z.literal("headers"), headers: z.record(z.string(), z.string().min(1)) }) + .strict(), + z + .object({ + type: z.literal("oauth2"), + authorizationUrl: z.string().min(1).optional(), + tokenUrl: z.string().min(1).optional(), + issuer: z.string().min(1).optional(), + resourceMetadataUrl: z.string().min(1).optional(), + authorizationServerMetadataUrl: z.string().min(1).optional(), + openidConfigurationUrl: z.string().min(1).optional(), + clientMetadataUrl: z.string().min(1).optional(), + clientId: z.string().min(1).optional(), + clientSecret: z.string().min(1).optional(), + scopes: z.array(z.string().min(1)).optional(), + redirectUri: z.string().min(1).optional(), + }) + .strict(), + z + .object({ + type: z.literal("oidc"), + authorizationUrl: z.string().min(1).optional(), + tokenUrl: z.string().min(1).optional(), + issuer: z.string().min(1).optional(), + resourceMetadataUrl: z.string().min(1).optional(), + authorizationServerMetadataUrl: z.string().min(1).optional(), + openidConfigurationUrl: z.string().min(1).optional(), + clientMetadataUrl: z.string().min(1).optional(), + clientId: z.string().min(1).optional(), + clientSecret: z.string().min(1).optional(), + scopes: z.array(z.string().min(1)).optional(), + redirectUri: z.string().min(1).optional(), + }) + .strict(), + ]) + .describe("Authentication settings for an OpenAPI or GraphQL endpoint."); + +const capletMcpServerSchema = z + .object({ + transport: z + .enum(["stdio", "http", "sse"]) + .optional() + .describe("Downstream MCP transport. Defaults to stdio when command is present."), + command: z.string().min(1).optional().describe("Executable command for stdio servers."), + args: z.array(z.string()).optional().describe("Arguments passed to the stdio command."), + env: z + .record(z.string(), z.string()) + .optional() + .describe("Environment variables for stdio servers. Supports ${VAR} and $env:VAR."), + cwd: z.string().min(1).optional().describe("Working directory for stdio servers."), + url: z.string().min(1).optional().describe("Remote MCP server URL for http or sse transport."), + auth: capletRemoteAuthSchema.optional(), + startupTimeoutMs: z + .number() + .int() + .positive() + .optional() + .describe("Timeout in milliseconds for starting or checking a downstream server."), + callTimeoutMs: z + .number() + .int() + .positive() + .optional() + .describe("Timeout in milliseconds for downstream tool calls."), + toolCacheTtlMs: z + .number() + .int() + .nonnegative() + .optional() + .describe("Milliseconds downstream tool metadata stays fresh. Set 0 to refresh every time."), + disabled: z + .boolean() + .optional() + .describe("When true, omit this Caplet from discovery and do not start its MCP server."), + projectBinding: capletProjectBindingSchema.optional(), + runtime: capletRuntimeRequirementsSchema.optional(), + }) + .strict() + .superRefine((server, ctx) => { + const effectiveTransport = server.transport ?? (server.command ? "stdio" : undefined); + const hasStdio = Boolean(server.command); + const hasRemote = Boolean(server.url); + if (hasStdio === hasRemote) { + ctx.addIssue({ + code: "custom", + message: "mcpServer must define exactly one connection shape: command or url", + }); + } + + if (effectiveTransport === "stdio" && !server.command) { + ctx.addIssue({ + code: "custom", + path: ["command"], + message: "stdio servers require command", + }); + } + + if ((effectiveTransport === "http" || effectiveTransport === "sse") && !server.url) { + ctx.addIssue({ + code: "custom", + path: ["url"], + message: "remote servers require url", + }); + } + + if (server.url && !hasEnvReference(server.url) && !isAllowedRemoteUrl(server.url)) { + ctx.addIssue({ + code: "custom", + path: ["url"], + message: "remote url must use https except loopback development urls", + }); + } + + if (server.auth?.type === "oauth2" || server.auth?.type === "oidc") { + for (const field of [ + "authorizationUrl", + "tokenUrl", + "issuer", + "clientMetadataUrl", + "redirectUri", + ] as const) { + const value = server.auth[field]; + if (value && !hasEnvReference(value) && !isUrl(value)) { + ctx.addIssue({ + code: "custom", + path: ["auth", field], + message: `${field} must be a URL or environment reference`, + }); + } + } + } + + if (server.auth?.type === "headers") { + for (const headerName of Object.keys(server.auth.headers)) { + const normalized = headerName.toLowerCase(); + if (!HEADER_NAME_PATTERN.test(headerName) || FORBIDDEN_HEADERS.has(normalized)) { + ctx.addIssue({ + code: "custom", + path: ["auth", "headers", headerName], + message: `header ${headerName} is not allowed`, + }); + } + } + } + }); + +const capletOpenApiEndpointSchema = z + .object({ + specPath: z.string().min(1).optional().describe("Local OpenAPI specification path."), + specUrl: z.string().min(1).optional().describe("Remote OpenAPI specification URL."), + baseUrl: z.string().min(1).optional().describe("Override base URL for OpenAPI requests."), + auth: capletEndpointAuthSchema.describe( + 'Explicit OpenAPI request auth config. Use {"type":"none"} for public APIs.', + ), + requestTimeoutMs: z + .number() + .int() + .positive() + .optional() + .describe("Timeout in milliseconds for OpenAPI HTTP requests."), + operationCacheTtlMs: z + .number() + .int() + .nonnegative() + .optional() + .describe( + "Milliseconds OpenAPI operation metadata stays fresh. Set 0 to refresh every time.", + ), + disabled: z.boolean().optional().describe("When true, omit this Caplet from discovery."), + projectBinding: capletProjectBindingSchema.optional(), + runtime: capletRuntimeRequirementsSchema.optional(), + }) + .strict() + .superRefine((endpoint, ctx) => { + if (Boolean(endpoint.specPath) === Boolean(endpoint.specUrl)) { + ctx.addIssue({ + code: "custom", + message: "openapiEndpoint must define exactly one spec source: specPath or specUrl", + }); + } + if ( + endpoint.specUrl && + !hasEnvReference(endpoint.specUrl) && + !isAllowedRemoteUrl(endpoint.specUrl) + ) { + ctx.addIssue({ + code: "custom", + path: ["specUrl"], + message: "OpenAPI specUrl must use https except loopback development urls", + }); + } + if ( + endpoint.baseUrl && + !hasEnvReference(endpoint.baseUrl) && + !isAllowedRemoteUrl(endpoint.baseUrl) + ) { + ctx.addIssue({ + code: "custom", + path: ["baseUrl"], + message: "OpenAPI baseUrl must use https except loopback development urls", + }); + } + validateEndpointAuthHeaders(endpoint.auth, ctx); + }); + +const capletGraphQlOperationSchema = z + .object({ + document: z.string().min(1).optional().describe("Inline GraphQL operation document."), + documentPath: z.string().min(1).optional().describe("Path to a GraphQL operation document."), + operationName: z.string().min(1).optional().describe("Operation name to execute."), + description: z.string().min(1).optional().describe("Operation capability description."), + }) + .strict() + .superRefine((operation, ctx) => { + if (Boolean(operation.document) === Boolean(operation.documentPath)) { + ctx.addIssue({ + code: "custom", + message: + "GraphQL operation must define exactly one document source: document or documentPath", + }); + } + }); + +const capletGraphQlEndpointSchema = z + .object({ + endpointUrl: z.string().min(1).describe("GraphQL HTTP endpoint URL."), + schemaPath: z.string().min(1).optional().describe("Local GraphQL SDL or introspection path."), + schemaUrl: z.string().min(1).optional().describe("Remote GraphQL SDL or introspection URL."), + introspection: z + .literal(true) + .optional() + .describe("Load schema through endpoint introspection."), + operations: z + .record(z.string().regex(SERVER_ID_PATTERN), capletGraphQlOperationSchema) + .optional() + .describe("Configured GraphQL operations keyed by stable tool name."), + auth: capletEndpointAuthSchema.describe( + 'Explicit GraphQL request auth config. Use {"type":"none"} for public APIs.', + ), + requestTimeoutMs: z + .number() + .int() + .positive() + .optional() + .describe("Timeout in milliseconds for GraphQL HTTP requests."), + operationCacheTtlMs: z + .number() + .int() + .nonnegative() + .optional() + .describe( + "Milliseconds GraphQL operation metadata stays fresh. Set 0 to refresh every time.", + ), + selectionDepth: z + .number() + .int() + .positive() + .max(5) + .optional() + .describe("Maximum depth for auto-generated GraphQL selection sets."), + disabled: z.boolean().optional().describe("When true, omit this Caplet from discovery."), + projectBinding: capletProjectBindingSchema.optional(), + runtime: capletRuntimeRequirementsSchema.optional(), + }) + .strict() + .superRefine((endpoint, ctx) => { + const sourceCount = + Number(Boolean(endpoint.schemaPath)) + + Number(Boolean(endpoint.schemaUrl)) + + Number(endpoint.introspection === true); + if (sourceCount !== 1) { + ctx.addIssue({ + code: "custom", + message: + "graphqlEndpoint must define exactly one schema source: schemaPath, schemaUrl, or introspection", + }); + } + if ( + endpoint.endpointUrl && + !hasEnvReference(endpoint.endpointUrl) && + !isAllowedRemoteUrl(endpoint.endpointUrl) + ) { + ctx.addIssue({ + code: "custom", + path: ["endpointUrl"], + message: "GraphQL endpointUrl must use https except loopback development urls", + }); + } + if ( + endpoint.schemaUrl && + !hasEnvReference(endpoint.schemaUrl) && + !isAllowedRemoteUrl(endpoint.schemaUrl) + ) { + ctx.addIssue({ + code: "custom", + path: ["schemaUrl"], + message: "GraphQL schemaUrl must use https except loopback development urls", + }); + } + validateEndpointAuthHeaders(endpoint.auth, ctx); + }); + +const httpScalarMappingSchema = z.record( + z.string(), + z.union([z.string(), z.number(), z.boolean()]), +); + +const capletHttpActionSchema = z + .object({ + method: z + .enum(["GET", "POST", "PUT", "PATCH", "DELETE"]) + .describe("HTTP method used for this action."), + path: z + .string() + .min(1) + .regex(/^\//, "HTTP action path must start with /") + .describe("URL path appended to the HTTP API baseUrl.") + .refine((value) => !value.startsWith("//"), "HTTP action path must not start with //") + .refine((value) => !isUrl(value), "HTTP action path must be a URL path, not a URL"), + description: z.string().min(1).optional().describe("Action capability description."), + inputSchema: z + .record(z.string(), z.unknown()) + .optional() + .describe("JSON Schema for call_tool arguments."), + query: httpScalarMappingSchema.optional().describe("Query parameter mapping."), + headers: httpScalarMappingSchema.optional().describe("Request header mapping."), + jsonBody: z.unknown().optional().describe("JSON request body mapping."), + }) + .strict() + .superRefine((action, ctx) => { + if (action.method === "GET" && action.jsonBody !== undefined) { + ctx.addIssue({ + code: "custom", + path: ["jsonBody"], + message: "HTTP GET actions must not define jsonBody", + }); + } + }); + +const capletHttpApiSchema = z + .object({ + baseUrl: z + .string() + .min(1) + .regex( + HTTP_BASE_URL_PATTERN, + "HTTP API baseUrl must not include credentials, query, or fragment", + ) + .describe("Base URL for HTTP action requests."), + auth: capletEndpointAuthSchema.describe( + 'Explicit HTTP API request auth config. Use {"type":"none"} for public APIs.', + ), + actions: z + .record(z.string().regex(SERVER_ID_PATTERN), capletHttpActionSchema) + .refine( + (actions) => Object.keys(actions).length > 0, + "HTTP API must define at least one action", + ) + .describe("Configured HTTP actions keyed by stable tool name."), + requestTimeoutMs: z + .number() + .int() + .positive() + .optional() + .describe("Timeout in milliseconds for HTTP action requests."), + maxResponseBytes: z + .number() + .int() + .positive() + .optional() + .describe("Maximum HTTP action response body bytes to read."), + disabled: z.boolean().optional().describe("When true, omit this Caplet from discovery."), + projectBinding: capletProjectBindingSchema.optional(), + runtime: capletRuntimeRequirementsSchema.optional(), + }) + .strict() + .superRefine((api, ctx) => { + if (api.baseUrl && !hasEnvReference(api.baseUrl) && !isAllowedHttpBaseUrl(api.baseUrl)) { + ctx.addIssue({ + code: "custom", + path: ["baseUrl"], + message: + "HTTP API baseUrl must use https except loopback development urls and must not include credentials, query, or fragment", + }); + } + validateEndpointAuthHeaders(api.auth, ctx); + for (const [actionName, action] of Object.entries(api.actions)) { + if (action.headers) { + validateHttpActionHeaders(action.headers, ctx, ["actions", actionName, "headers"]); + } + } + }); + +const capletCliToolOutputSchema = z + .object({ + type: z.enum(["text", "json"]).optional(), + }) + .strict(); + +const capletCliToolAnnotationsSchema = z + .object({ + readOnlyHint: z.boolean().optional(), + destructiveHint: z.boolean().optional(), + idempotentHint: z.boolean().optional(), + openWorldHint: z.boolean().optional(), + }) + .strict(); + +const capletCliToolActionSchema = z + .object({ + description: z.string().min(1).optional().describe("Action capability description."), + inputSchema: z + .record(z.string(), z.unknown()) + .optional() + .describe("JSON Schema for call_tool arguments."), + outputSchema: z + .record(z.string(), z.unknown()) + .optional() + .describe("JSON Schema for structuredContent returned by this action."), + command: z.string().min(1).describe("Executable command to spawn without a shell."), + args: z.array(z.string()).optional().describe("Arguments passed to the command."), + env: z.record(z.string(), z.string()).optional().describe("Additional environment variables."), + cwd: z.string().min(1).optional().describe("Working directory for this action."), + timeoutMs: z.number().int().positive().optional(), + maxOutputBytes: z.number().int().positive().optional(), + output: capletCliToolOutputSchema.optional(), + annotations: capletCliToolAnnotationsSchema.optional(), + }) + .strict(); + +const capletCliToolsSchema = z + .object({ + actions: z + .record(z.string().regex(SERVER_ID_PATTERN), capletCliToolActionSchema) + .refine( + (actions) => Object.keys(actions).length > 0, + "CLI tools backend must define at least one action", + ) + .describe("Configured CLI actions keyed by stable tool name."), + cwd: z.string().min(1).optional().describe("Default working directory for CLI actions."), + env: z.record(z.string(), z.string()).optional().describe("Default environment variables."), + timeoutMs: z.number().int().positive().optional(), + maxOutputBytes: z.number().int().positive().optional(), + disabled: z.boolean().optional().describe("When true, omit this Caplet from discovery."), + projectBinding: capletProjectBindingSchema.optional(), + runtime: capletRuntimeRequirementsSchema.optional(), + }) + .strict(); + +const capletSetSchema = z + .object({ + configPath: z.string().min(1).optional().describe("Child Caplets config.json path."), + capletsRoot: z.string().min(1).optional().describe("Child Markdown Caplets root directory."), + defaultSearchLimit: z.number().int().positive().optional(), + maxSearchLimit: z.number().int().positive().max(50).optional(), + toolCacheTtlMs: z.number().int().nonnegative().optional(), + disabled: z.boolean().optional().describe("When true, omit this Caplet from discovery."), + projectBinding: capletProjectBindingSchema.optional(), + runtime: capletRuntimeRequirementsSchema.optional(), + }) + .strict() + .superRefine((set, ctx) => { + if (!set.configPath && !set.capletsRoot) { + ctx.addIssue({ + code: "custom", + message: "capletSet must define at least one source: configPath or capletsRoot", + }); + } + if ( + set.defaultSearchLimit !== undefined && + set.maxSearchLimit !== undefined && + set.defaultSearchLimit > set.maxSearchLimit + ) { + ctx.addIssue({ + code: "custom", + path: ["defaultSearchLimit"], + message: "defaultSearchLimit must be <= maxSearchLimit", + }); + } + }); + +export const capletFileSchema = z + .object({ + $schema: z + .string() + .url() + .optional() + .describe("Optional JSON Schema URL for editor validation."), + name: z.string().trim().min(1).max(80).describe("Human-readable Caplet display name."), + description: z + .string() + .describe("Compact capability description shown before the full Caplet card is disclosed.") + .refine( + (value) => value.trim().length >= 10, + "description must contain at least 10 non-whitespace characters", + ) + .refine((value) => value.length <= 1500, "description must be at most 1500 characters"), + tags: z + .array(z.string().trim().min(1).max(80)) + .optional() + .describe("Optional tags for grouping or searching Caplets."), + setup: capletSetupSchema.optional(), + projectBinding: capletProjectBindingSchema.optional(), + runtime: capletRuntimeRequirementsSchema.optional(), + mcpServer: capletMcpServerSchema + .describe("MCP server backend configuration for this Caplet.") + .optional(), + openapiEndpoint: capletOpenApiEndpointSchema + .describe("OpenAPI endpoint backend configuration for this Caplet.") + .optional(), + graphqlEndpoint: capletGraphQlEndpointSchema + .describe("GraphQL endpoint backend configuration for this Caplet.") + .optional(), + httpApi: capletHttpApiSchema + .describe("HTTP API backend configuration for this Caplet.") + .optional(), + cliTools: capletCliToolsSchema + .describe("CLI tools backend configuration for this Caplet.") + .optional(), + capletSet: capletSetSchema + .describe("Nested Caplet collection backend configuration for this Caplet.") + .optional(), + }) + .strict() + .superRefine((frontmatter, ctx) => { + const backendCount = + Number(Boolean(frontmatter.mcpServer)) + + Number(Boolean(frontmatter.openapiEndpoint)) + + Number(Boolean(frontmatter.graphqlEndpoint)) + + Number(Boolean(frontmatter.httpApi)) + + Number(Boolean(frontmatter.cliTools)) + + Number(Boolean(frontmatter.capletSet)); + if (backendCount !== 1) { + ctx.addIssue({ + code: "custom", + message: + "Caplet file must define exactly one backend: mcpServer, openapiEndpoint, graphqlEndpoint, httpApi, cliTools, or capletSet", + }); + } + }); + +type CapletFileFrontmatter = z.infer; + +export function capletJsonSchema(): unknown { + return patchCapletJsonSchema({ + $schema: "https://json-schema.org/draft/2020-12/schema", + $id: "https://raw.githubusercontent.com/spiritledsoftware/caplets/main/schemas/caplet.schema.json", + title: "Caplet file frontmatter", + description: "YAML frontmatter schema for a Markdown Caplet file.", + ...z.toJSONSchema(capletFileSchema, { io: "input" }), + }); +} + +export type CapletFileConfig = { + mcpServers?: Record; + openapiEndpoints?: Record; + graphqlEndpoints?: Record; + httpApis?: Record; + cliTools?: Record; + capletSets?: Record; +}; + +export type CapletFileLoadResult = { + config: CapletFileConfig; + paths: Record; +}; + +export type CapletFileMapInput = { + files: Array<{ path: string; content: string }>; +}; + +export type CapletFileWarning = { + path?: string | undefined; + message: string; +}; + +export type BestEffortCapletFileLoadResult = CapletFileLoadResult & { + warnings: CapletFileWarning[]; +}; + +export function loadCapletFilesFromMap( + input: CapletFileMapInput, +): CapletFileLoadResult | undefined { + const files = new Map(); + for (const file of input.files) { + const path = normalizeMapPath(file.path); + if (files.has(path)) { + throw new CapletsError("CONFIG_INVALID", `Duplicate Caplet file path ${path}`); + } + files.set(path, file.content); + } + + return buildCapletFileLoadResultFromEntries( + "in-memory bundle", + discoverCapletFileMapCandidates([...files.keys()]), + (path) => { + const content = files.get(path); + if (content === undefined) { + throw new CapletsError("CONFIG_INVALID", `Caplet file at ${path} was not found`); + } + return readCapletFileContent(path, content, mapDirname(path), normalizeBundleLocalPath); + }, + ); +} + +export function buildCapletFileLoadResultFromEntries( + root: string, + candidates: Array<{ id: string; path: string }>, + readConfig: (path: string) => unknown, + warnings?: CapletFileWarning[], +): BestEffortCapletFileLoadResult | undefined { + const servers: Record = {}; + const openapiEndpoints: Record = {}; + const graphqlEndpoints: Record = {}; + const httpApis: Record = {}; + const cliTools: Record = {}; + const capletSets: Record = {}; + const paths: Record = {}; + + function hasId(id: string): boolean { + return Boolean( + servers[id] || + openapiEndpoints[id] || + graphqlEndpoints[id] || + httpApis[id] || + cliTools[id] || + capletSets[id], + ); + } + + for (const candidate of candidates) { + if (hasId(candidate.id)) { + const message = `Duplicate Caplet ID ${candidate.id} under ${root}`; + if (!warnings) { + throw new CapletsError("CONFIG_INVALID", message); + } + warnings.push({ + path: candidate.path, + message: `${message}; skipping duplicate at ${candidate.path}`, + }); + continue; + } + + let config: unknown; + try { + config = readConfig(candidate.path); + } catch (error) { + if (!warnings) { + throw error; + } + warnings.push({ + path: candidate.path, + message: `Skipping invalid Caplet file at ${candidate.path}: ${errorMessage(error)}`, + }); + continue; + } + + paths[candidate.id] = candidate.path; + if (isPlainObject(config) && config.backend === "openapi") { + const { backend: _backend, ...endpoint } = config; + openapiEndpoints[candidate.id] = endpoint; + } else if (isPlainObject(config) && config.backend === "graphql") { + const { backend: _backend, ...endpoint } = config; + graphqlEndpoints[candidate.id] = endpoint; + } else if (isPlainObject(config) && config.backend === "http") { + const { backend: _backend, ...endpoint } = config; + httpApis[candidate.id] = endpoint; + } else if (isPlainObject(config) && config.backend === "cli") { + const { backend: _backend, ...endpoint } = config; + cliTools[candidate.id] = endpoint; + } else if (isPlainObject(config) && config.backend === "caplets") { + const { backend: _backend, ...endpoint } = config; + capletSets[candidate.id] = endpoint; + } else { + servers[candidate.id] = config; + } + } + + const hasServers = Object.keys(servers).length > 0; + const hasOpenApi = Object.keys(openapiEndpoints).length > 0; + const hasGraphQl = Object.keys(graphqlEndpoints).length > 0; + const hasHttpApis = Object.keys(httpApis).length > 0; + const hasCliTools = Object.keys(cliTools).length > 0; + const hasCapletSets = Object.keys(capletSets).length > 0; + const config = { + ...(hasServers ? { mcpServers: servers } : {}), + ...(hasOpenApi ? { openapiEndpoints } : {}), + ...(hasGraphQl ? { graphqlEndpoints } : {}), + ...(hasHttpApis ? { httpApis } : {}), + ...(hasCliTools ? { cliTools } : {}), + ...(hasCapletSets ? { capletSets } : {}), + }; + const hasConfig = Object.keys(config).length > 0; + if (!hasConfig && warnings?.length === 0) { + return undefined; + } + + return { config, paths, warnings: warnings ?? [] }; +} + +function discoverCapletFileMapCandidates(paths: string[]): Array<{ id: string; path: string }> { + const sorted = [...paths].sort((left, right) => left.localeCompare(right)); + const candidates: Array<{ id: string; path: string; isDirectoryCaplet: boolean }> = []; + for (const path of sorted) { + const segments = path.split("/"); + const fileName = segments.at(-1); + if (!fileName) { + continue; + } + if (fileName === "CAPLET.md" && segments.length > 1) { + candidates.push({ id: segments.at(-2) ?? "CAPLET", path, isDirectoryCaplet: true }); + continue; + } + if (segments.length === 1 && extname(fileName).toLowerCase() === ".md") { + candidates.push({ + id: basename(fileName, extname(fileName)), + path, + isDirectoryCaplet: false, + }); + } + } + + return candidates.map(({ id, path }) => { + validateCapletId(id, path); + return { id, path }; + }); +} + +export function readCapletFileContent( + path: string, + text: string, + baseDir: string, + normalizePath: (value: string | undefined, baseDir: string) => string | undefined, +): unknown { + if (byteLength(text) > MAX_CAPLET_FILE_BYTES) { + throw new CapletsError( + "CONFIG_INVALID", + `Caplet file at ${path} exceeds the ${MAX_CAPLET_FILE_BYTES} byte limit`, + ); + } + const { frontmatter, body } = parseFrontmatter(text, path); + if (body.length > MAX_CAPLET_BODY_CHARS) { + throw new CapletsError( + "CONFIG_INVALID", + `Caplet file at ${path} body exceeds the ${MAX_CAPLET_BODY_CHARS} character limit`, + ); + } + const parsed = capletFileSchema.safeParse(frontmatter); + if (!parsed.success) { + throw new CapletsError( + "CONFIG_INVALID", + `Caplet file at ${path} has invalid frontmatter`, + parsed.error.issues, + ); + } + + return capletToServerConfig(parsed.data, body, baseDir, normalizePath); +} + +function capletToServerConfig( + frontmatter: CapletFileFrontmatter, + body: string, + baseDir: string, + normalizePath: (value: string | undefined, baseDir: string) => string | undefined, +): unknown { + if (frontmatter.openapiEndpoint) { + return { + ...frontmatter.openapiEndpoint, + specPath: normalizePath(frontmatter.openapiEndpoint.specPath, baseDir), + backend: "openapi", + name: frontmatter.name, + description: frontmatter.description, + ...sharedCapletFields(frontmatter), + body, + }; + } + + if (frontmatter.graphqlEndpoint) { + return { + ...frontmatter.graphqlEndpoint, + schemaPath: normalizePath(frontmatter.graphqlEndpoint.schemaPath, baseDir), + operations: normalizeGraphQlOperations( + frontmatter.graphqlEndpoint.operations, + baseDir, + normalizePath, + ), + backend: "graphql", + name: frontmatter.name, + description: frontmatter.description, + ...sharedCapletFields(frontmatter), + body, + }; + } + + if (frontmatter.httpApi) { + return { + ...frontmatter.httpApi, + backend: "http", + name: frontmatter.name, + description: frontmatter.description, + ...sharedCapletFields(frontmatter), + body, + }; + } + + if (frontmatter.cliTools) { + return { + ...frontmatter.cliTools, + cwd: normalizePath(frontmatter.cliTools.cwd, baseDir), + actions: normalizeCliToolActions(frontmatter.cliTools.actions, baseDir, normalizePath), + backend: "cli", + name: frontmatter.name, + description: frontmatter.description, + ...sharedCapletFields(frontmatter), + body, + }; + } + + if (frontmatter.capletSet) { + return { + ...frontmatter.capletSet, + configPath: normalizePath(frontmatter.capletSet.configPath, baseDir), + capletsRoot: normalizePath(frontmatter.capletSet.capletsRoot, baseDir), + backend: "caplets", + name: frontmatter.name, + description: frontmatter.description, + ...sharedCapletFields(frontmatter), + body, + }; + } + + return { + ...frontmatter.mcpServer!, + name: frontmatter.name, + description: frontmatter.description, + ...sharedCapletFields(frontmatter), + body, + }; +} + +function sharedCapletFields(frontmatter: CapletFileFrontmatter): Record { + return { + ...(frontmatter.tags ? { tags: frontmatter.tags } : {}), + ...(frontmatter.setup ? { setup: frontmatter.setup } : {}), + ...(frontmatter.projectBinding ? { projectBinding: frontmatter.projectBinding } : {}), + ...(frontmatter.runtime ? { runtime: frontmatter.runtime } : {}), + }; +} + +function normalizeCliToolActions( + actions: z.infer["actions"], + baseDir: string, + normalizePath: (value: string | undefined, baseDir: string) => string | undefined, +): z.infer["actions"] { + return Object.fromEntries( + Object.entries(actions).map(([name, action]) => [ + name, + { + ...action, + cwd: normalizePath(action.cwd, baseDir) as string | undefined, + }, + ]), + ); +} + +function normalizeGraphQlOperations( + operations: z.infer["operations"], + baseDir: string, + normalizePath: (value: string | undefined, baseDir: string) => string | undefined, +): z.infer["operations"] { + if (!operations) { + return undefined; + } + return Object.fromEntries( + Object.entries(operations).map(([name, operation]) => [ + name, + { + ...operation, + documentPath: normalizePath(operation.documentPath, baseDir), + }, + ]), + ); +} + +export function normalizeBundleLocalPath( + value: string | undefined, + baseDir: string, +): string | undefined { + if (!value || isMapAbsolutePath(value) || hasEnvReference(value)) { + return value; + } + const parts = [...(baseDir ? baseDir.split("/") : []), ...value.split("/")]; + const normalized: string[] = []; + for (const part of parts) { + if (!part || part === ".") { + continue; + } + if (part === "..") { + normalized.pop(); + continue; + } + normalized.push(part); + } + return normalized.join("/"); +} + +export function normalizeMapPath(path: string): string { + const normalized = path.trim().replace(/\\/g, "/").replace(/^\.\//u, ""); + if (!normalized || normalized.startsWith("/") || normalized.includes("/../")) { + throw new CapletsError("CONFIG_INVALID", `Invalid Caplet file path ${path}`); + } + return normalized; +} + +export function mapDirname(path: string): string { + return path.split("/").slice(0, -1).join("/"); +} + +function basename(path: string, suffix = ""): string { + const name = path.split("/").filter(Boolean).at(-1) ?? path; + return suffix && name.endsWith(suffix) ? name.slice(0, -suffix.length) : name; +} + +function extname(path: string): string { + const name = basename(path); + const index = name.lastIndexOf("."); + return index > 0 ? name.slice(index) : ""; +} + +function isMapAbsolutePath(value: string): boolean { + return value.startsWith("/") || /^[A-Za-z]:[\\/]/u.test(value); +} + +function byteLength(value: string): number { + return new TextEncoder().encode(value).byteLength; +} + +function validateEndpointAuthHeaders( + auth: z.infer | undefined, + ctx: z.RefinementCtx, +): void { + if (auth?.type !== "headers") { + return; + } + for (const headerName of Object.keys(auth.headers)) { + const normalized = headerName.toLowerCase(); + if (!HEADER_NAME_PATTERN.test(headerName) || FORBIDDEN_HEADERS.has(normalized)) { + ctx.addIssue({ + code: "custom", + path: ["auth", "headers", headerName], + message: `header ${headerName} is not allowed`, + }); + } + } +} + +function parseFrontmatter(text: string, path: string): { frontmatter: unknown; body: string } { + if (!text.startsWith("---\n") && !text.startsWith("---\r\n")) { + throw new CapletsError( + "CONFIG_INVALID", + `Caplet file at ${path} must start with fenced YAML frontmatter`, + ); + } + + try { + const newline = text.startsWith("---\r\n") ? "\r\n" : "\n"; + const fence = `${newline}---`; + const fenceIndex = text.indexOf(fence, 3); + if (fenceIndex < 0) { + throw new Error("missing closing frontmatter fence"); + } + + const frontmatterText = text.slice(3 + newline.length, fenceIndex); + const afterFenceIndex = fenceIndex + fence.length; + const bodyStart = + text.slice(afterFenceIndex, afterFenceIndex + 2) === "\r\n" + ? afterFenceIndex + 2 + : text.slice(afterFenceIndex, afterFenceIndex + 1) === "\n" + ? afterFenceIndex + 1 + : afterFenceIndex; + const frontmatter = parseYaml(frontmatterText); + if (!isPlainObject(frontmatter) || Object.keys(frontmatter).length === 0) { + throw new Error("empty frontmatter"); + } + return { + frontmatter, + body: text.slice(bodyStart), + }; + } catch (error) { + throw new CapletsError( + "CONFIG_INVALID", + `Caplet file at ${path} has invalid YAML frontmatter`, + redactSecrets(error), + ); + } +} + +function isPlainObject(value: unknown): value is Record { + return Boolean(value) && typeof value === "object" && !Array.isArray(value); +} + +export function validateCapletId(id: string, path: string): void { + if (!SERVER_ID_PATTERN.test(id)) { + throw new CapletsError( + "CONFIG_INVALID", + `Caplet file at ${path} derives invalid ID ${id}; ID must match ^[a-zA-Z0-9_-]{1,64}$`, + ); + } +} + +export function errorMessage(error: unknown): string { + return error instanceof Error ? error.message : String(error); +} + +function hasEnvReference(value: string): boolean { + return /\$\{[A-Za-z_][A-Za-z0-9_]*\}|\$env:[A-Za-z_][A-Za-z0-9_]*/.test(value); +} + +function patchCapletJsonSchema(schema: T): T { + const httpApiProperties = schemaPath>(schema, [ + "properties", + "httpApi", + "properties", + ]); + const actions = nestedSchema>(httpApiProperties, "actions"); + if (actions) { + actions.minProperties = 1; + } + const baseUrl = nestedSchema>(httpApiProperties, "baseUrl"); + if (baseUrl) { + baseUrl.format = "uri"; + } + const cliToolsProperties = schemaPath>(schema, [ + "properties", + "cliTools", + "properties", + ]); + const cliActions = nestedSchema>(cliToolsProperties, "actions"); + if (cliActions) { + cliActions.minProperties = 1; + } + return schema; +} diff --git a/packages/core/src/caplet-files.ts b/packages/core/src/caplet-files.ts index 51209af..1652c80 100644 --- a/packages/core/src/caplet-files.ts +++ b/packages/core/src/caplet-files.ts @@ -1,631 +1,28 @@ import { existsSync, readdirSync, readFileSync, statSync } from "node:fs"; import { basename, dirname, extname, isAbsolute, join } from "node:path"; -import { VFile } from "vfile"; -import { matter as parseMatter } from "vfile-matter"; -import { z } from "zod"; +import { CapletsError } from "./errors"; +export { capletFileSchema, capletJsonSchema, loadCapletFilesFromMap } from "./caplet-files-bundle"; +export type { + BestEffortCapletFileLoadResult, + CapletFileConfig, + CapletFileLoadResult, + CapletFileMapInput, + CapletFileWarning, +} from "./caplet-files-bundle"; import { - FORBIDDEN_HEADERS, - HEADER_NAME_PATTERN, - HTTP_BASE_URL_PATTERN, - SERVER_ID_PATTERN, - isAllowedHttpBaseUrl, - isAllowedRemoteUrl, - isUrl, - validateHttpActionHeaders, -} from "./config/validation"; -import { CapletsError, redactSecrets } from "./errors"; -import { nestedSchema, schemaPath } from "./schema-utils"; + buildCapletFileLoadResultFromEntries, + errorMessage, + readCapletFileContent, + validateCapletId, +} from "./caplet-files-bundle"; +import type { + BestEffortCapletFileLoadResult, + CapletFileConfig, + CapletFileLoadResult, + CapletFileWarning, +} from "./caplet-files-bundle"; const MAX_CAPLET_FILE_BYTES = 128 * 1024; -const MAX_CAPLET_BODY_CHARS = 64 * 1024; - -const capletRemoteAuthSchema = z - .discriminatedUnion("type", [ - z.object({ type: z.literal("none") }).strict(), - z.object({ type: z.literal("bearer"), token: z.string().min(1) }).strict(), - z - .object({ type: z.literal("headers"), headers: z.record(z.string(), z.string().min(1)) }) - .strict(), - z - .object({ - type: z.literal("oauth2"), - authorizationUrl: z.string().min(1).optional(), - tokenUrl: z.string().min(1).optional(), - issuer: z.string().min(1).optional(), - resourceMetadataUrl: z.string().min(1).optional(), - authorizationServerMetadataUrl: z.string().min(1).optional(), - openidConfigurationUrl: z.string().min(1).optional(), - clientMetadataUrl: z.string().min(1).optional(), - clientId: z.string().min(1).optional(), - clientSecret: z.string().min(1).optional(), - scopes: z.array(z.string().min(1)).optional(), - redirectUri: z.string().min(1).optional(), - }) - .strict(), - z - .object({ - type: z.literal("oidc"), - authorizationUrl: z.string().min(1).optional(), - tokenUrl: z.string().min(1).optional(), - issuer: z.string().min(1).optional(), - resourceMetadataUrl: z.string().min(1).optional(), - authorizationServerMetadataUrl: z.string().min(1).optional(), - openidConfigurationUrl: z.string().min(1).optional(), - clientMetadataUrl: z.string().min(1).optional(), - clientId: z.string().min(1).optional(), - clientSecret: z.string().min(1).optional(), - scopes: z.array(z.string().min(1)).optional(), - redirectUri: z.string().min(1).optional(), - }) - .strict(), - ]) - .describe("Authentication settings for a remote MCP server."); - -const capletEndpointAuthSchema = z - .discriminatedUnion("type", [ - z.object({ type: z.literal("none") }).strict(), - z.object({ type: z.literal("bearer"), token: z.string().min(1) }).strict(), - z - .object({ type: z.literal("headers"), headers: z.record(z.string(), z.string().min(1)) }) - .strict(), - z - .object({ - type: z.literal("oauth2"), - authorizationUrl: z.string().min(1).optional(), - tokenUrl: z.string().min(1).optional(), - issuer: z.string().min(1).optional(), - resourceMetadataUrl: z.string().min(1).optional(), - authorizationServerMetadataUrl: z.string().min(1).optional(), - openidConfigurationUrl: z.string().min(1).optional(), - clientMetadataUrl: z.string().min(1).optional(), - clientId: z.string().min(1).optional(), - clientSecret: z.string().min(1).optional(), - scopes: z.array(z.string().min(1)).optional(), - redirectUri: z.string().min(1).optional(), - }) - .strict(), - z - .object({ - type: z.literal("oidc"), - authorizationUrl: z.string().min(1).optional(), - tokenUrl: z.string().min(1).optional(), - issuer: z.string().min(1).optional(), - resourceMetadataUrl: z.string().min(1).optional(), - authorizationServerMetadataUrl: z.string().min(1).optional(), - openidConfigurationUrl: z.string().min(1).optional(), - clientMetadataUrl: z.string().min(1).optional(), - clientId: z.string().min(1).optional(), - clientSecret: z.string().min(1).optional(), - scopes: z.array(z.string().min(1)).optional(), - redirectUri: z.string().min(1).optional(), - }) - .strict(), - ]) - .describe("Authentication settings for an OpenAPI or GraphQL endpoint."); - -const capletMcpServerSchema = z - .object({ - transport: z - .enum(["stdio", "http", "sse"]) - .optional() - .describe("Downstream MCP transport. Defaults to stdio when command is present."), - command: z.string().min(1).optional().describe("Executable command for stdio servers."), - args: z.array(z.string()).optional().describe("Arguments passed to the stdio command."), - env: z - .record(z.string(), z.string()) - .optional() - .describe("Environment variables for stdio servers. Supports ${VAR} and $env:VAR."), - cwd: z.string().min(1).optional().describe("Working directory for stdio servers."), - url: z.string().min(1).optional().describe("Remote MCP server URL for http or sse transport."), - auth: capletRemoteAuthSchema.optional(), - startupTimeoutMs: z - .number() - .int() - .positive() - .optional() - .describe("Timeout in milliseconds for starting or checking a downstream server."), - callTimeoutMs: z - .number() - .int() - .positive() - .optional() - .describe("Timeout in milliseconds for downstream tool calls."), - toolCacheTtlMs: z - .number() - .int() - .nonnegative() - .optional() - .describe("Milliseconds downstream tool metadata stays fresh. Set 0 to refresh every time."), - disabled: z - .boolean() - .optional() - .describe("When true, omit this Caplet from discovery and do not start its MCP server."), - }) - .strict() - .superRefine((server, ctx) => { - const effectiveTransport = server.transport ?? (server.command ? "stdio" : undefined); - const hasStdio = Boolean(server.command); - const hasRemote = Boolean(server.url); - if (hasStdio === hasRemote) { - ctx.addIssue({ - code: "custom", - message: "mcpServer must define exactly one connection shape: command or url", - }); - } - - if (effectiveTransport === "stdio" && !server.command) { - ctx.addIssue({ - code: "custom", - path: ["command"], - message: "stdio servers require command", - }); - } - - if ((effectiveTransport === "http" || effectiveTransport === "sse") && !server.url) { - ctx.addIssue({ - code: "custom", - path: ["url"], - message: "remote servers require url", - }); - } - - if (server.url && !hasEnvReference(server.url) && !isAllowedRemoteUrl(server.url)) { - ctx.addIssue({ - code: "custom", - path: ["url"], - message: "remote url must use https except loopback development urls", - }); - } - - if (server.auth?.type === "oauth2" || server.auth?.type === "oidc") { - for (const field of [ - "authorizationUrl", - "tokenUrl", - "issuer", - "clientMetadataUrl", - "redirectUri", - ] as const) { - const value = server.auth[field]; - if (value && !hasEnvReference(value) && !isUrl(value)) { - ctx.addIssue({ - code: "custom", - path: ["auth", field], - message: `${field} must be a URL or environment reference`, - }); - } - } - } - - if (server.auth?.type === "headers") { - for (const headerName of Object.keys(server.auth.headers)) { - const normalized = headerName.toLowerCase(); - if (!HEADER_NAME_PATTERN.test(headerName) || FORBIDDEN_HEADERS.has(normalized)) { - ctx.addIssue({ - code: "custom", - path: ["auth", "headers", headerName], - message: `header ${headerName} is not allowed`, - }); - } - } - } - }); - -const capletOpenApiEndpointSchema = z - .object({ - specPath: z.string().min(1).optional().describe("Local OpenAPI specification path."), - specUrl: z.string().min(1).optional().describe("Remote OpenAPI specification URL."), - baseUrl: z.string().min(1).optional().describe("Override base URL for OpenAPI requests."), - auth: capletEndpointAuthSchema.describe( - 'Explicit OpenAPI request auth config. Use {"type":"none"} for public APIs.', - ), - requestTimeoutMs: z - .number() - .int() - .positive() - .optional() - .describe("Timeout in milliseconds for OpenAPI HTTP requests."), - operationCacheTtlMs: z - .number() - .int() - .nonnegative() - .optional() - .describe( - "Milliseconds OpenAPI operation metadata stays fresh. Set 0 to refresh every time.", - ), - disabled: z.boolean().optional().describe("When true, omit this Caplet from discovery."), - }) - .strict() - .superRefine((endpoint, ctx) => { - if (Boolean(endpoint.specPath) === Boolean(endpoint.specUrl)) { - ctx.addIssue({ - code: "custom", - message: "openapiEndpoint must define exactly one spec source: specPath or specUrl", - }); - } - if ( - endpoint.specUrl && - !hasEnvReference(endpoint.specUrl) && - !isAllowedRemoteUrl(endpoint.specUrl) - ) { - ctx.addIssue({ - code: "custom", - path: ["specUrl"], - message: "OpenAPI specUrl must use https except loopback development urls", - }); - } - if ( - endpoint.baseUrl && - !hasEnvReference(endpoint.baseUrl) && - !isAllowedRemoteUrl(endpoint.baseUrl) - ) { - ctx.addIssue({ - code: "custom", - path: ["baseUrl"], - message: "OpenAPI baseUrl must use https except loopback development urls", - }); - } - validateEndpointAuthHeaders(endpoint.auth, ctx); - }); - -const capletGraphQlOperationSchema = z - .object({ - document: z.string().min(1).optional().describe("Inline GraphQL operation document."), - documentPath: z.string().min(1).optional().describe("Path to a GraphQL operation document."), - operationName: z.string().min(1).optional().describe("Operation name to execute."), - description: z.string().min(1).optional().describe("Operation capability description."), - }) - .strict() - .superRefine((operation, ctx) => { - if (Boolean(operation.document) === Boolean(operation.documentPath)) { - ctx.addIssue({ - code: "custom", - message: - "GraphQL operation must define exactly one document source: document or documentPath", - }); - } - }); - -const capletGraphQlEndpointSchema = z - .object({ - endpointUrl: z.string().min(1).describe("GraphQL HTTP endpoint URL."), - schemaPath: z.string().min(1).optional().describe("Local GraphQL SDL or introspection path."), - schemaUrl: z.string().min(1).optional().describe("Remote GraphQL SDL or introspection URL."), - introspection: z - .literal(true) - .optional() - .describe("Load schema through endpoint introspection."), - operations: z - .record(z.string().regex(SERVER_ID_PATTERN), capletGraphQlOperationSchema) - .optional() - .describe("Configured GraphQL operations keyed by stable tool name."), - auth: capletEndpointAuthSchema.describe( - 'Explicit GraphQL request auth config. Use {"type":"none"} for public APIs.', - ), - requestTimeoutMs: z - .number() - .int() - .positive() - .optional() - .describe("Timeout in milliseconds for GraphQL HTTP requests."), - operationCacheTtlMs: z - .number() - .int() - .nonnegative() - .optional() - .describe( - "Milliseconds GraphQL operation metadata stays fresh. Set 0 to refresh every time.", - ), - selectionDepth: z - .number() - .int() - .positive() - .max(5) - .optional() - .describe("Maximum depth for auto-generated GraphQL selection sets."), - disabled: z.boolean().optional().describe("When true, omit this Caplet from discovery."), - }) - .strict() - .superRefine((endpoint, ctx) => { - const sourceCount = - Number(Boolean(endpoint.schemaPath)) + - Number(Boolean(endpoint.schemaUrl)) + - Number(endpoint.introspection === true); - if (sourceCount !== 1) { - ctx.addIssue({ - code: "custom", - message: - "graphqlEndpoint must define exactly one schema source: schemaPath, schemaUrl, or introspection", - }); - } - if ( - endpoint.endpointUrl && - !hasEnvReference(endpoint.endpointUrl) && - !isAllowedRemoteUrl(endpoint.endpointUrl) - ) { - ctx.addIssue({ - code: "custom", - path: ["endpointUrl"], - message: "GraphQL endpointUrl must use https except loopback development urls", - }); - } - if ( - endpoint.schemaUrl && - !hasEnvReference(endpoint.schemaUrl) && - !isAllowedRemoteUrl(endpoint.schemaUrl) - ) { - ctx.addIssue({ - code: "custom", - path: ["schemaUrl"], - message: "GraphQL schemaUrl must use https except loopback development urls", - }); - } - validateEndpointAuthHeaders(endpoint.auth, ctx); - }); - -const httpScalarMappingSchema = z.record( - z.string(), - z.union([z.string(), z.number(), z.boolean()]), -); - -const capletHttpActionSchema = z - .object({ - method: z - .enum(["GET", "POST", "PUT", "PATCH", "DELETE"]) - .describe("HTTP method used for this action."), - path: z - .string() - .min(1) - .regex(/^\//, "HTTP action path must start with /") - .describe("URL path appended to the HTTP API baseUrl.") - .refine((value) => !value.startsWith("//"), "HTTP action path must not start with //") - .refine((value) => !isUrl(value), "HTTP action path must be a URL path, not a URL"), - description: z.string().min(1).optional().describe("Action capability description."), - inputSchema: z - .record(z.string(), z.unknown()) - .optional() - .describe("JSON Schema for call_tool arguments."), - query: httpScalarMappingSchema.optional().describe("Query parameter mapping."), - headers: httpScalarMappingSchema.optional().describe("Request header mapping."), - jsonBody: z.unknown().optional().describe("JSON request body mapping."), - }) - .strict() - .superRefine((action, ctx) => { - if (action.method === "GET" && action.jsonBody !== undefined) { - ctx.addIssue({ - code: "custom", - path: ["jsonBody"], - message: "HTTP GET actions must not define jsonBody", - }); - } - }); - -const capletHttpApiSchema = z - .object({ - baseUrl: z - .string() - .min(1) - .regex( - HTTP_BASE_URL_PATTERN, - "HTTP API baseUrl must not include credentials, query, or fragment", - ) - .describe("Base URL for HTTP action requests."), - auth: capletEndpointAuthSchema.describe( - 'Explicit HTTP API request auth config. Use {"type":"none"} for public APIs.', - ), - actions: z - .record(z.string().regex(SERVER_ID_PATTERN), capletHttpActionSchema) - .refine( - (actions) => Object.keys(actions).length > 0, - "HTTP API must define at least one action", - ) - .describe("Configured HTTP actions keyed by stable tool name."), - requestTimeoutMs: z - .number() - .int() - .positive() - .optional() - .describe("Timeout in milliseconds for HTTP action requests."), - maxResponseBytes: z - .number() - .int() - .positive() - .optional() - .describe("Maximum HTTP action response body bytes to read."), - disabled: z.boolean().optional().describe("When true, omit this Caplet from discovery."), - }) - .strict() - .superRefine((api, ctx) => { - if (api.baseUrl && !hasEnvReference(api.baseUrl) && !isAllowedHttpBaseUrl(api.baseUrl)) { - ctx.addIssue({ - code: "custom", - path: ["baseUrl"], - message: - "HTTP API baseUrl must use https except loopback development urls and must not include credentials, query, or fragment", - }); - } - validateEndpointAuthHeaders(api.auth, ctx); - for (const [actionName, action] of Object.entries(api.actions)) { - if (action.headers) { - validateHttpActionHeaders(action.headers, ctx, ["actions", actionName, "headers"]); - } - } - }); - -const capletCliToolOutputSchema = z - .object({ - type: z.enum(["text", "json"]).optional(), - }) - .strict(); - -const capletCliToolAnnotationsSchema = z - .object({ - readOnlyHint: z.boolean().optional(), - destructiveHint: z.boolean().optional(), - idempotentHint: z.boolean().optional(), - openWorldHint: z.boolean().optional(), - }) - .strict(); - -const capletCliToolActionSchema = z - .object({ - description: z.string().min(1).optional().describe("Action capability description."), - inputSchema: z - .record(z.string(), z.unknown()) - .optional() - .describe("JSON Schema for call_tool arguments."), - outputSchema: z - .record(z.string(), z.unknown()) - .optional() - .describe("JSON Schema for structuredContent returned by this action."), - command: z.string().min(1).describe("Executable command to spawn without a shell."), - args: z.array(z.string()).optional().describe("Arguments passed to the command."), - env: z.record(z.string(), z.string()).optional().describe("Additional environment variables."), - cwd: z.string().min(1).optional().describe("Working directory for this action."), - timeoutMs: z.number().int().positive().optional(), - maxOutputBytes: z.number().int().positive().optional(), - output: capletCliToolOutputSchema.optional(), - annotations: capletCliToolAnnotationsSchema.optional(), - }) - .strict(); - -const capletCliToolsSchema = z - .object({ - actions: z - .record(z.string().regex(SERVER_ID_PATTERN), capletCliToolActionSchema) - .refine( - (actions) => Object.keys(actions).length > 0, - "CLI tools backend must define at least one action", - ) - .describe("Configured CLI actions keyed by stable tool name."), - cwd: z.string().min(1).optional().describe("Default working directory for CLI actions."), - env: z.record(z.string(), z.string()).optional().describe("Default environment variables."), - timeoutMs: z.number().int().positive().optional(), - maxOutputBytes: z.number().int().positive().optional(), - disabled: z.boolean().optional().describe("When true, omit this Caplet from discovery."), - }) - .strict(); - -const capletSetSchema = z - .object({ - configPath: z.string().min(1).optional().describe("Child Caplets config.json path."), - capletsRoot: z.string().min(1).optional().describe("Child Markdown Caplets root directory."), - defaultSearchLimit: z.number().int().positive().optional(), - maxSearchLimit: z.number().int().positive().max(50).optional(), - toolCacheTtlMs: z.number().int().nonnegative().optional(), - disabled: z.boolean().optional().describe("When true, omit this Caplet from discovery."), - }) - .strict() - .superRefine((set, ctx) => { - if (!set.configPath && !set.capletsRoot) { - ctx.addIssue({ - code: "custom", - message: "capletSet must define at least one source: configPath or capletsRoot", - }); - } - if ( - set.defaultSearchLimit !== undefined && - set.maxSearchLimit !== undefined && - set.defaultSearchLimit > set.maxSearchLimit - ) { - ctx.addIssue({ - code: "custom", - path: ["defaultSearchLimit"], - message: "defaultSearchLimit must be <= maxSearchLimit", - }); - } - }); - -export const capletFileSchema = z - .object({ - $schema: z - .string() - .url() - .optional() - .describe("Optional JSON Schema URL for editor validation."), - name: z.string().trim().min(1).max(80).describe("Human-readable Caplet display name."), - description: z - .string() - .describe("Compact capability description shown before the full Caplet card is disclosed.") - .refine( - (value) => value.trim().length >= 10, - "description must contain at least 10 non-whitespace characters", - ) - .refine((value) => value.length <= 1500, "description must be at most 1500 characters"), - tags: z - .array(z.string().trim().min(1).max(80)) - .optional() - .describe("Optional tags for grouping or searching Caplets."), - mcpServer: capletMcpServerSchema - .describe("MCP server backend configuration for this Caplet.") - .optional(), - openapiEndpoint: capletOpenApiEndpointSchema - .describe("OpenAPI endpoint backend configuration for this Caplet.") - .optional(), - graphqlEndpoint: capletGraphQlEndpointSchema - .describe("GraphQL endpoint backend configuration for this Caplet.") - .optional(), - httpApi: capletHttpApiSchema - .describe("HTTP API backend configuration for this Caplet.") - .optional(), - cliTools: capletCliToolsSchema - .describe("CLI tools backend configuration for this Caplet.") - .optional(), - capletSet: capletSetSchema - .describe("Nested Caplet collection backend configuration for this Caplet.") - .optional(), - }) - .strict() - .superRefine((frontmatter, ctx) => { - const backendCount = - Number(Boolean(frontmatter.mcpServer)) + - Number(Boolean(frontmatter.openapiEndpoint)) + - Number(Boolean(frontmatter.graphqlEndpoint)) + - Number(Boolean(frontmatter.httpApi)) + - Number(Boolean(frontmatter.cliTools)) + - Number(Boolean(frontmatter.capletSet)); - if (backendCount !== 1) { - ctx.addIssue({ - code: "custom", - message: - "Caplet file must define exactly one backend: mcpServer, openapiEndpoint, graphqlEndpoint, httpApi, cliTools, or capletSet", - }); - } - }); - -type CapletFileFrontmatter = z.infer; - -export function capletJsonSchema(): unknown { - return patchCapletJsonSchema({ - $schema: "https://json-schema.org/draft/2020-12/schema", - $id: "https://raw.githubusercontent.com/spiritledsoftware/caplets/main/schemas/caplet.schema.json", - title: "Caplet file frontmatter", - description: "YAML frontmatter schema for a Markdown Caplet file.", - ...z.toJSONSchema(capletFileSchema, { io: "input" }), - }); -} - -export type CapletFileConfig = { - mcpServers?: Record; - openapiEndpoints?: Record; - graphqlEndpoints?: Record; - httpApis?: Record; - cliTools?: Record; - capletSets?: Record; -}; - -export type CapletFileLoadResult = { - config: CapletFileConfig; - paths: Record; -}; - -export type CapletFileWarning = { - path?: string | undefined; - message: string; -}; - -export type BestEffortCapletFileLoadResult = CapletFileLoadResult & { - warnings: CapletFileWarning[]; -}; export function loadCapletFiles(root: string): CapletFileConfig | undefined { return loadCapletFilesWithPaths(root)?.config; @@ -636,65 +33,9 @@ export function loadCapletFilesWithPaths(root: string): CapletFileLoadResult | u return undefined; } - const servers: Record = {}; - const openapiEndpoints: Record = {}; - const graphqlEndpoints: Record = {}; - const httpApis: Record = {}; - const cliTools: Record = {}; - const capletSets: Record = {}; - const paths: Record = {}; - for (const candidate of discoverCapletFiles(root)) { - if ( - servers[candidate.id] || - openapiEndpoints[candidate.id] || - graphqlEndpoints[candidate.id] || - httpApis[candidate.id] || - cliTools[candidate.id] || - capletSets[candidate.id] - ) { - throw new CapletsError("CONFIG_INVALID", `Duplicate Caplet ID ${candidate.id} under ${root}`); - } - paths[candidate.id] = candidate.path; - const config = readCapletFile(candidate.path); - if (isPlainObject(config) && config.backend === "openapi") { - const { backend: _backend, ...endpoint } = config; - openapiEndpoints[candidate.id] = endpoint; - } else if (isPlainObject(config) && config.backend === "graphql") { - const { backend: _backend, ...endpoint } = config; - graphqlEndpoints[candidate.id] = endpoint; - } else if (isPlainObject(config) && config.backend === "http") { - const { backend: _backend, ...endpoint } = config; - httpApis[candidate.id] = endpoint; - } else if (isPlainObject(config) && config.backend === "cli") { - const { backend: _backend, ...endpoint } = config; - cliTools[candidate.id] = endpoint; - } else if (isPlainObject(config) && config.backend === "caplets") { - const { backend: _backend, ...endpoint } = config; - capletSets[candidate.id] = endpoint; - } else { - servers[candidate.id] = config; - } - } - - const hasServers = Object.keys(servers).length > 0; - const hasOpenApi = Object.keys(openapiEndpoints).length > 0; - const hasGraphQl = Object.keys(graphqlEndpoints).length > 0; - const hasHttpApis = Object.keys(httpApis).length > 0; - const hasCliTools = Object.keys(cliTools).length > 0; - const hasCapletSets = Object.keys(capletSets).length > 0; - return hasServers || hasOpenApi || hasGraphQl || hasHttpApis || hasCliTools || hasCapletSets - ? { - config: { - ...(hasServers ? { mcpServers: servers } : {}), - ...(hasOpenApi ? { openapiEndpoints } : {}), - ...(hasGraphQl ? { graphqlEndpoints } : {}), - ...(hasHttpApis ? { httpApis } : {}), - ...(hasCliTools ? { cliTools } : {}), - ...(hasCapletSets ? { capletSets } : {}), - }, - paths, - } - : undefined; + return buildCapletFileLoadResultFromEntries(root, discoverCapletFiles(root), (path) => + readCapletFile(path), + ); } export function loadCapletFilesWithPathsBestEffort( @@ -705,101 +46,12 @@ export function loadCapletFilesWithPathsBestEffort( } const warnings: CapletFileWarning[] = []; - return buildCapletFileLoadResult(root, discoverCapletFilesBestEffort(root, warnings), warnings); -} - -function buildCapletFileLoadResult( - root: string, - candidates: Array<{ id: string; path: string }>, - warnings?: CapletFileWarning[], -): BestEffortCapletFileLoadResult | undefined { - const servers: Record = {}; - const openapiEndpoints: Record = {}; - const graphqlEndpoints: Record = {}; - const httpApis: Record = {}; - const cliTools: Record = {}; - const capletSets: Record = {}; - const paths: Record = {}; - - function hasId(id: string): boolean { - return Boolean( - servers[id] || - openapiEndpoints[id] || - graphqlEndpoints[id] || - httpApis[id] || - cliTools[id] || - capletSets[id], - ); - } - - for (const candidate of candidates) { - if (hasId(candidate.id)) { - const message = `Duplicate Caplet ID ${candidate.id} under ${root}`; - if (!warnings) { - throw new CapletsError("CONFIG_INVALID", message); - } - warnings.push({ - path: candidate.path, - message: `${message}; skipping duplicate at ${candidate.path}`, - }); - continue; - } - - let config: unknown; - try { - config = readCapletFile(candidate.path); - } catch (error) { - if (!warnings) { - throw error; - } - warnings.push({ - path: candidate.path, - message: `Skipping invalid Caplet file at ${candidate.path}: ${errorMessage(error)}`, - }); - continue; - } - - paths[candidate.id] = candidate.path; - if (isPlainObject(config) && config.backend === "openapi") { - const { backend: _backend, ...endpoint } = config; - openapiEndpoints[candidate.id] = endpoint; - } else if (isPlainObject(config) && config.backend === "graphql") { - const { backend: _backend, ...endpoint } = config; - graphqlEndpoints[candidate.id] = endpoint; - } else if (isPlainObject(config) && config.backend === "http") { - const { backend: _backend, ...endpoint } = config; - httpApis[candidate.id] = endpoint; - } else if (isPlainObject(config) && config.backend === "cli") { - const { backend: _backend, ...endpoint } = config; - cliTools[candidate.id] = endpoint; - } else if (isPlainObject(config) && config.backend === "caplets") { - const { backend: _backend, ...endpoint } = config; - capletSets[candidate.id] = endpoint; - } else { - servers[candidate.id] = config; - } - } - - const hasServers = Object.keys(servers).length > 0; - const hasOpenApi = Object.keys(openapiEndpoints).length > 0; - const hasGraphQl = Object.keys(graphqlEndpoints).length > 0; - const hasHttpApis = Object.keys(httpApis).length > 0; - const hasCliTools = Object.keys(cliTools).length > 0; - const hasCapletSets = Object.keys(capletSets).length > 0; - const config = { - ...(hasServers ? { mcpServers: servers } : {}), - ...(hasOpenApi ? { openapiEndpoints } : {}), - ...(hasGraphQl ? { graphqlEndpoints } : {}), - ...(hasHttpApis ? { httpApis } : {}), - ...(hasCliTools ? { cliTools } : {}), - ...(hasCapletSets ? { capletSets } : {}), - }; - const hasConfig = Object.keys(config).length > 0; - if (!hasConfig && warnings?.length === 0) { - return undefined; - } - - return { config, paths, warnings: warnings ?? [] }; + return buildCapletFileLoadResultFromEntries( + root, + discoverCapletFilesBestEffort(root, warnings), + (path) => readCapletFile(path), + warnings, + ); } export function discoverCapletFiles(root: string): Array<{ id: string; path: string }> { @@ -913,10 +165,6 @@ function discoverCapletFilesBestEffort( return Array.from(byId.values()).map(({ id, path }) => ({ id, path })); } -function errorMessage(error: unknown): string { - return error instanceof Error ? error.message : String(error); -} - function readCapletFile(path: string): unknown { const stat = statSync(path); if (stat.size > MAX_CAPLET_FILE_BYTES) { @@ -926,138 +174,13 @@ function readCapletFile(path: string): unknown { ); } const text = readFileSync(path, "utf8"); - const { frontmatter, body } = parseFrontmatter(text, path); - if (body.length > MAX_CAPLET_BODY_CHARS) { - throw new CapletsError( - "CONFIG_INVALID", - `Caplet file at ${path} body exceeds the ${MAX_CAPLET_BODY_CHARS} character limit`, - ); - } - const parsed = capletFileSchema.safeParse(frontmatter); - if (!parsed.success) { - throw new CapletsError( - "CONFIG_INVALID", - `Caplet file at ${path} has invalid frontmatter`, - parsed.error.issues, - ); - } - - return capletToServerConfig(parsed.data, body, dirname(path)); + return readCapletFileContent(path, text, dirname(path), normalizeLocalPath); } export function validateCapletFile(path: string): void { readCapletFile(path); } -function capletToServerConfig( - frontmatter: CapletFileFrontmatter, - body: string, - baseDir: string, -): unknown { - if (frontmatter.openapiEndpoint) { - return { - ...frontmatter.openapiEndpoint, - specPath: normalizeLocalPath(frontmatter.openapiEndpoint.specPath, baseDir), - backend: "openapi", - name: frontmatter.name, - description: frontmatter.description, - ...(frontmatter.tags ? { tags: frontmatter.tags } : {}), - body, - }; - } - - if (frontmatter.graphqlEndpoint) { - return { - ...frontmatter.graphqlEndpoint, - schemaPath: normalizeLocalPath(frontmatter.graphqlEndpoint.schemaPath, baseDir), - operations: normalizeGraphQlOperations(frontmatter.graphqlEndpoint.operations, baseDir), - backend: "graphql", - name: frontmatter.name, - description: frontmatter.description, - ...(frontmatter.tags ? { tags: frontmatter.tags } : {}), - body, - }; - } - - if (frontmatter.httpApi) { - return { - ...frontmatter.httpApi, - backend: "http", - name: frontmatter.name, - description: frontmatter.description, - ...(frontmatter.tags ? { tags: frontmatter.tags } : {}), - body, - }; - } - - if (frontmatter.cliTools) { - return { - ...frontmatter.cliTools, - cwd: normalizeLocalPath(frontmatter.cliTools.cwd, baseDir), - actions: normalizeCliToolActions(frontmatter.cliTools.actions, baseDir), - backend: "cli", - name: frontmatter.name, - description: frontmatter.description, - ...(frontmatter.tags ? { tags: frontmatter.tags } : {}), - body, - }; - } - - if (frontmatter.capletSet) { - return { - ...frontmatter.capletSet, - configPath: normalizeLocalPath(frontmatter.capletSet.configPath, baseDir), - capletsRoot: normalizeLocalPath(frontmatter.capletSet.capletsRoot, baseDir), - backend: "caplets", - name: frontmatter.name, - description: frontmatter.description, - ...(frontmatter.tags ? { tags: frontmatter.tags } : {}), - body, - }; - } - - return { - ...frontmatter.mcpServer!, - name: frontmatter.name, - description: frontmatter.description, - ...(frontmatter.tags ? { tags: frontmatter.tags } : {}), - body, - }; -} - -function normalizeCliToolActions( - actions: z.infer["actions"], - baseDir: string, -): z.infer["actions"] { - return Object.fromEntries( - Object.entries(actions).map(([name, action]) => [ - name, - { - ...action, - cwd: normalizeLocalPath(action.cwd, baseDir) as string | undefined, - }, - ]), - ); -} - -function normalizeGraphQlOperations( - operations: z.infer["operations"], - baseDir: string, -): z.infer["operations"] { - if (!operations) { - return undefined; - } - return Object.fromEntries( - Object.entries(operations).map(([name, operation]) => [ - name, - { - ...operation, - documentPath: normalizeLocalPath(operation.documentPath, baseDir), - }, - ]), - ); -} - function normalizeLocalPath(value: string | undefined, baseDir: string): string | undefined { if (!value || isAbsolute(value) || hasEnvReference(value)) { return value; @@ -1065,91 +188,6 @@ function normalizeLocalPath(value: string | undefined, baseDir: string): string return join(baseDir, value); } -function validateEndpointAuthHeaders( - auth: z.infer | undefined, - ctx: z.RefinementCtx, -): void { - if (auth?.type !== "headers") { - return; - } - for (const headerName of Object.keys(auth.headers)) { - const normalized = headerName.toLowerCase(); - if (!HEADER_NAME_PATTERN.test(headerName) || FORBIDDEN_HEADERS.has(normalized)) { - ctx.addIssue({ - code: "custom", - path: ["auth", "headers", headerName], - message: `header ${headerName} is not allowed`, - }); - } - } -} - -function parseFrontmatter(text: string, path: string): { frontmatter: unknown; body: string } { - if (!text.startsWith("---\n") && !text.startsWith("---\r\n")) { - throw new CapletsError( - "CONFIG_INVALID", - `Caplet file at ${path} must start with fenced YAML frontmatter`, - ); - } - - try { - const file = new VFile({ path, value: text }); - parseMatter(file, { strip: true }); - if (!isPlainObject(file.data.matter) || Object.keys(file.data.matter).length === 0) { - throw new Error("empty frontmatter"); - } - return { - frontmatter: file.data.matter, - body: String(file), - }; - } catch (error) { - throw new CapletsError( - "CONFIG_INVALID", - `Caplet file at ${path} has invalid YAML frontmatter`, - redactSecrets(error), - ); - } -} - -function isPlainObject(value: unknown): value is Record { - return Boolean(value) && typeof value === "object" && !Array.isArray(value); -} - -function validateCapletId(id: string, path: string): void { - if (!SERVER_ID_PATTERN.test(id)) { - throw new CapletsError( - "CONFIG_INVALID", - `Caplet file at ${path} derives invalid ID ${id}; ID must match ^[a-zA-Z0-9_-]{1,64}$`, - ); - } -} - function hasEnvReference(value: string): boolean { return /\$\{[A-Za-z_][A-Za-z0-9_]*\}|\$env:[A-Za-z_][A-Za-z0-9_]*/.test(value); } - -function patchCapletJsonSchema(schema: T): T { - const httpApiProperties = schemaPath>(schema, [ - "properties", - "httpApi", - "properties", - ]); - const actions = nestedSchema>(httpApiProperties, "actions"); - if (actions) { - actions.minProperties = 1; - } - const baseUrl = nestedSchema>(httpApiProperties, "baseUrl"); - if (baseUrl) { - baseUrl.format = "uri"; - } - const cliToolsProperties = schemaPath>(schema, [ - "properties", - "cliTools", - "properties", - ]); - const cliActions = nestedSchema>(cliToolsProperties, "actions"); - if (cliActions) { - cliActions.minProperties = 1; - } - return schema; -} diff --git a/packages/core/src/caplet-source/bundle.ts b/packages/core/src/caplet-source/bundle.ts new file mode 100644 index 0000000..6336db9 --- /dev/null +++ b/packages/core/src/caplet-source/bundle.ts @@ -0,0 +1,33 @@ +import { CapletsError } from "../errors"; +import type { CapletSource, CapletSourceFile } from "./types"; +import { normalizeCapletSourcePath } from "./types"; + +export class BundleCapletSource implements CapletSource { + private readonly files: Map; + + constructor(files: CapletSourceFile[]) { + this.files = new Map(); + for (const file of files) { + const path = normalizeCapletSourcePath(file.path); + if (!path) { + throw new CapletsError("CONFIG_INVALID", `Invalid bundle file path ${file.path}`); + } + if (this.files.has(path)) { + throw new CapletsError("CONFIG_INVALID", `Duplicate bundle file path ${path}`); + } + this.files.set(path, { path, content: file.content }); + } + } + + async listFiles(): Promise { + return [...this.files.values()].sort((left, right) => left.path.localeCompare(right.path)); + } + + async readFile(path: string): Promise { + const normalized = normalizeCapletSourcePath(path); + if (!normalized) { + return undefined; + } + return this.files.get(normalized); + } +} diff --git a/packages/core/src/caplet-source/filesystem.ts b/packages/core/src/caplet-source/filesystem.ts new file mode 100644 index 0000000..a84e224 --- /dev/null +++ b/packages/core/src/caplet-source/filesystem.ts @@ -0,0 +1,65 @@ +import { Dirent, existsSync, readdirSync, readFileSync, statSync } from "node:fs"; +import { isAbsolute, join, relative, resolve, sep } from "node:path"; +import type { CapletSource, CapletSourceFile } from "./types"; +import { normalizeCapletSourcePath } from "./types"; + +export class FilesystemCapletSource implements CapletSource { + private readonly root: string; + + constructor(root: string) { + this.root = resolve(root); + } + + async listFiles(): Promise { + if (!existsSync(this.root) || !statSync(this.root).isDirectory()) { + return []; + } + return walkFiles(this.root, this.root).sort((left, right) => + left.path.localeCompare(right.path), + ); + } + + async readFile(path: string): Promise { + const normalized = normalizeCapletSourcePath(path); + if (!normalized) { + return undefined; + } + const absolute = resolve(this.root, normalized); + if ( + !isWithinRoot(this.root, absolute) || + !existsSync(absolute) || + !statSync(absolute).isFile() + ) { + return undefined; + } + return { path: normalized, content: readFileSync(absolute, "utf8") }; + } +} + +function walkFiles(root: string, dir: string): CapletSourceFile[] { + const files: CapletSourceFile[] = []; + for (const entry of readdirSync(dir, { withFileTypes: true }).sort(compareDirents)) { + const absolute = join(dir, entry.name); + if (entry.isDirectory()) { + files.push(...walkFiles(root, absolute)); + continue; + } + if (!entry.isFile()) { + continue; + } + const normalized = normalizeCapletSourcePath(relative(root, absolute)); + if (normalized) { + files.push({ path: normalized, content: readFileSync(absolute, "utf8") }); + } + } + return files; +} + +function compareDirents(left: Dirent, right: Dirent): number { + return left.name.localeCompare(right.name); +} + +function isWithinRoot(root: string, absolute: string): boolean { + const rel = relative(root, absolute); + return rel === "" || (!rel.startsWith(`..${sep}`) && rel !== ".." && !isAbsolute(rel)); +} diff --git a/packages/core/src/caplet-source/index.ts b/packages/core/src/caplet-source/index.ts new file mode 100644 index 0000000..4c37301 --- /dev/null +++ b/packages/core/src/caplet-source/index.ts @@ -0,0 +1,9 @@ +export { BundleCapletSource } from "./bundle"; +export { parseCapletSource } from "./parse"; +export type { + CapletSourceParseMessage, + CapletSourceParseResult, + CapletSourceReference, + ParsedCapletSourceCaplet, +} from "./parse"; +export type { CapletSource, CapletSourceFile } from "./types"; diff --git a/packages/core/src/caplet-source/parse.ts b/packages/core/src/caplet-source/parse.ts new file mode 100644 index 0000000..37bca58 --- /dev/null +++ b/packages/core/src/caplet-source/parse.ts @@ -0,0 +1,181 @@ +import { loadCapletFilesFromMap } from "../caplet-files-bundle"; +import { parseConfig, type CapletConfig, type CapletsConfig } from "../config-runtime"; +import { planCapletRuntimeRoutes, type CapletRuntimePlan } from "../runtime-plan"; +import type { CapletSource } from "./types"; + +export type CapletSourceReference = { + path: string; + exists: boolean; +}; + +export type ParsedCapletSourceCaplet = { + id: string; + name: string; + description: string; + backend: CapletConfig["backend"]; + sourcePath: string; + setupRequired: boolean; + authRequired: boolean; + projectBindingRequired: boolean; + runtime: CapletRuntimePlan["runtime"] & { + route: CapletRuntimePlan["route"]; + setupTarget?: CapletRuntimePlan["setupTarget"] | undefined; + }; + localReferences: CapletSourceReference[]; + config: CapletConfig; +}; + +export type CapletSourceParseMessage = { + path?: string | undefined; + message: string; +}; + +export type CapletSourceParseResult = { + ok: boolean; + config?: CapletsConfig | undefined; + resolvedCaplets: ParsedCapletSourceCaplet[]; + warnings: CapletSourceParseMessage[]; + errors: CapletSourceParseMessage[]; +}; + +export async function parseCapletSource(source: CapletSource): Promise { + const files = await source.listFiles(); + let loaded: ReturnType; + try { + loaded = loadCapletFilesFromMap({ files }); + } catch (error) { + return { + ok: false, + resolvedCaplets: [], + warnings: [], + errors: [{ message: errorMessage(error) }], + }; + } + + if (!loaded) { + return { + ok: false, + resolvedCaplets: [], + warnings: [], + errors: [ + { + message: + "Caplet source must include at least one CAPLET.md or top-level Markdown Caplet file.", + }, + ], + }; + } + + let config: CapletsConfig; + try { + config = parseConfig({ version: 1, ...loaded.config }); + } catch (error) { + return { + ok: false, + resolvedCaplets: [], + warnings: [], + errors: [{ message: errorMessage(error) }], + }; + } + + const configCaplets = capletsFromConfig(config); + const plansById = new Map( + planCapletRuntimeRoutes(configCaplets, { deployment: "hosted" }).map((plan) => [plan.id, plan]), + ); + const caplets = configCaplets.map((caplet) => { + const plan = plansById.get(caplet.server); + return { + id: caplet.server, + name: caplet.name, + description: caplet.description, + backend: caplet.backend, + sourcePath: loaded.paths[caplet.server] ?? "CAPLET.md", + setupRequired: Boolean(caplet.setup), + authRequired: authRequired("auth" in caplet ? caplet.auth : undefined), + projectBindingRequired: plan?.projectBindingRequired ?? false, + runtime: { + ...(plan?.runtime ?? { + features: [], + featureProvenance: [], + resources: { class: "standard", cpu: 2, memoryMb: 4096, diskMb: 8192 }, + }), + route: plan?.route ?? "local_only", + ...(plan?.setupTarget === undefined ? {} : { setupTarget: plan.setupTarget }), + }, + localReferences: localReferencePaths(caplet).map((path) => ({ path, exists: false })), + config: caplet, + }; + }); + + for (const caplet of caplets) { + for (const reference of caplet.localReferences) { + reference.exists = Boolean(await source.readFile(reference.path)); + } + } + + const errors = caplets.flatMap((caplet) => + caplet.localReferences + .filter((reference) => !reference.exists) + .map((reference) => ({ + path: caplet.sourcePath, + message: `Referenced file ${reference.path} was not found.`, + })), + ); + + return { + ok: errors.length === 0, + config, + resolvedCaplets: errors.length === 0 ? caplets : [], + warnings: [], + errors, + }; +} + +function capletsFromConfig(config: CapletsConfig): CapletConfig[] { + return [ + ...Object.values(config.mcpServers), + ...Object.values(config.openapiEndpoints), + ...Object.values(config.graphqlEndpoints), + ...Object.values(config.httpApis), + ...Object.values(config.cliTools), + ...Object.values(config.capletSets), + ]; +} + +function localReferencePaths(caplet: CapletConfig): string[] { + if (caplet.backend === "openapi") { + return filterLocalReferences([caplet.specPath]); + } + if (caplet.backend === "graphql") { + return filterLocalReferences([ + caplet.schemaPath, + ...Object.values(caplet.operations ?? {}).map((operation) => operation.documentPath), + ]); + } + if (caplet.backend === "caplets") { + return filterLocalReferences([caplet.configPath]); + } + return []; +} + +function filterLocalReferences(values: Array): string[] { + return values.filter( + (value): value is string => + typeof value === "string" && + value.length > 0 && + !hasEnvReference(value) && + !/^[a-z][a-z0-9+.-]*:/iu.test(value), + ); +} + +function authRequired(auth: unknown): boolean { + return auth !== null && typeof auth === "object" && "type" in auth && auth.type !== "none"; +} + +function hasEnvReference(value: string): boolean { + return /\$\{[A-Za-z_][A-Za-z0-9_]*\}|\$env:[A-Za-z_][A-Za-z0-9_]*/u.test(value); +} + +function errorMessage(error: unknown): string { + return error instanceof Error ? error.message : String(error); +} diff --git a/packages/core/src/caplet-source/types.ts b/packages/core/src/caplet-source/types.ts new file mode 100644 index 0000000..b1e539a --- /dev/null +++ b/packages/core/src/caplet-source/types.ts @@ -0,0 +1,33 @@ +export type CapletSourceFile = { + path: string; + content: string; +}; + +export type CapletSource = { + listFiles(): Promise; + readFile(path: string): Promise; +}; + +export function normalizeCapletSourcePath(path: string): string | undefined { + const normalized = path.trim().replace(/\\/g, "/").replace(/^\.\//u, ""); + if (!normalized || normalized.startsWith("/") || /^[A-Za-z]:\//u.test(normalized)) { + return undefined; + } + + const stack: string[] = []; + for (const segment of normalized.split("/")) { + if (!segment || segment === ".") { + continue; + } + if (segment === "..") { + if (stack.length === 0) { + return undefined; + } + stack.pop(); + continue; + } + stack.push(segment); + } + + return stack.length > 0 ? stack.join("/") : undefined; +} diff --git a/packages/core/src/cli.ts b/packages/core/src/cli.ts index eba41cf..9aa0528 100644 --- a/packages/core/src/cli.ts +++ b/packages/core/src/cli.ts @@ -20,6 +20,7 @@ import { } from "./cli/auth"; import { cliCommands } from "./cli/commands"; import { initConfig } from "./cli/init"; +import { doctorJsonReport, formatDoctorReport } from "./cli/doctor"; import { completeCliWords, completionScript, @@ -27,6 +28,13 @@ import { trailingSpaceCompletionToken, type CompletionShell, } from "./cli/completion"; +import { CloudAuthClient } from "./cloud-auth/client"; +import { openBrowserUrl } from "./cloud-auth/open-url"; +import { + CloudAuthStore, + redactedCloudAuthStatus, + type CloudAuthCredentials, +} from "./cloud-auth/store"; import { formatCapletList, formatConfigPaths, @@ -54,10 +62,26 @@ import { } from "./config"; import { CapletsEngine } from "./engine"; import { CapletsError } from "./errors"; +import { resolveAttachServeOptions, type AttachServeOptions } from "./attach/options"; +import { attachResolvedCaplets } from "./attach/server"; +import { attachProjectOnce } from "./project-binding/attach"; +import { ProjectBindingError } from "./project-binding/errors"; +import type { ProjectBindingWebSocketFactory } from "./project-binding/transport"; import { RemoteControlClient } from "./remote-control/client"; import type { RemoteCliCommand } from "./remote-control/types"; import { resolveCapletsMode, resolveCapletsServer } from "./server/options"; -import { resolveServeOptions, serveResolvedCaplets, type ServeOptions } from "./serve"; +import { + daemonStatus, + disableDaemon, + enableDaemon, + resolveServeOptions, + restartDaemon, + serveResolvedCaplets, + startDaemon, + stopDaemon, + type ServeDaemonOperationOptions, + type ServeOptions, +} from "./serve"; export { initConfig, starterConfig } from "./cli/init"; export { installCaplets, normalizeGitRepo } from "./cli/install"; @@ -74,10 +98,14 @@ type CliIO = { writeErr?: (value: string) => void; env?: NodeJS.ProcessEnv | Record; fetch?: typeof fetch; + signal?: AbortSignal; + projectBindingWebSocketFactory?: ProjectBindingWebSocketFactory; authDir?: string; version?: string; setExitCode?: (code: number) => void; serve?: (options: ServeOptions) => Promise; + attachServe?: (options: AttachServeOptions) => Promise; + daemon?: ServeDaemonOperationOptions; runSetupCommand?: SetupCommandRunner; }; @@ -108,6 +136,110 @@ function normalizeCompletionWords(words: string[]): string[] { return words.map((word) => (word === trailingSpaceCompletionToken ? "" : word)); } +type ServeDaemonCommandOptions = { + transport?: string; + host?: string; + port?: string; + path?: string; + user?: string; + password?: string; + allowUnauthenticatedHttp?: boolean; + trustProxy?: boolean; + json?: boolean; +}; + +function addServeDaemonCommand( + parent: Command, + name: string, + description: string, + action: (options: ServeDaemonCommandOptions) => Promise, +): void { + parent + .command(name) + .description(description) + .option("--transport ", "server transport: http") + .option("--host ", "HTTP bind host") + .option("--port ", "HTTP bind port") + .option("--path ", "HTTP service base path") + .option("--user ", "HTTP Basic Auth username") + .option("--password ", "HTTP Basic Auth password") + .option( + "--allow-unauthenticated-http", + "allow unauthenticated HTTP serving on non-loopback hosts", + ) + .option("--trust-proxy", "trust X-Forwarded-* headers from a reverse proxy") + .option("--json", "print JSON output") + .action(function (this: Command, options: ServeDaemonCommandOptions) { + return action({ ...this.parent?.opts(), ...options }); + }); +} + +function cloudAuthStore( + env: NodeJS.ProcessEnv | Record, +): CloudAuthStore { + return new CloudAuthStore({ env }); +} + +function cloudAuthStatus(credentials: CloudAuthCredentials | undefined): Record { + return redactedCloudAuthStatus(credentials); +} + +function isProjectBindingWebSocketUnavailable(error: unknown): boolean { + return ( + error instanceof CapletsError && + error.code === "SERVER_UNAVAILABLE" && + error.message.includes("Project Binding WebSocket unavailable") + ); +} + +function isProjectBindingCliError(error: unknown): error is ProjectBindingError { + return error instanceof ProjectBindingError; +} + +function serveRawOptions(options: ServeDaemonCommandOptions) { + return { + ...(options.transport !== undefined ? { transport: options.transport } : {}), + ...(options.host !== undefined ? { host: options.host } : {}), + ...(options.port !== undefined ? { port: options.port } : {}), + ...(options.path !== undefined ? { path: options.path } : {}), + ...(options.user !== undefined ? { user: options.user } : {}), + ...(options.password !== undefined ? { password: options.password } : {}), + ...(options.allowUnauthenticatedHttp !== undefined + ? { allowUnauthenticatedHttp: options.allowUnauthenticatedHttp } + : {}), + ...(options.trustProxy !== undefined ? { trustProxy: options.trustProxy } : {}), + }; +} + +async function waitForCloudLogin( + client: CloudAuthClient, + loginId: string, + env: NodeJS.ProcessEnv | Record, +) { + const timeoutMs = numberEnv(env.CAPLETS_CLOUD_AUTH_TIMEOUT_MS, 120_000); + const intervalMs = numberEnv(env.CAPLETS_CLOUD_AUTH_POLL_INTERVAL_MS, 1_500); + const started = Date.now(); + while (Date.now() - started <= timeoutMs) { + const result = await client.pollLogin(loginId); + if (result.status !== "pending" && result.status !== "workspace_selection_required") { + return result; + } + await sleep(intervalMs); + } + return { status: "expired" as const, message: "Cloud Auth login timed out." }; +} + +function numberEnv(value: string | undefined, fallback: number): number { + if (value === undefined) return fallback; + const parsed = Number(value); + return Number.isFinite(parsed) && parsed >= 0 ? parsed : fallback; +} + +async function sleep(ms: number): Promise { + if (ms <= 0) return; + await new Promise((resolve) => setTimeout(resolve, ms)); +} + export function createProgram(io: CliIO = {}): Command { const writeOut = io.writeOut ?? ((value: string) => process.stdout.write(value)); const writeErr = io.writeErr ?? ((value: string) => process.stderr.write(value)); @@ -196,7 +328,7 @@ export function createProgram(io: CliIO = {}): Command { if (suggestions.length > 0) writeOut(`${suggestions.join("\n")}\n`); }); - program + const serve = program .command(cliCommands.serve) .description("Serve configured Caplets as an MCP server.") .option("--transport ", "server transport: stdio or http") @@ -238,6 +370,389 @@ export function createProgram(io: CliIO = {}): Command { }, ); + const daemonOptions = (): ServeDaemonOperationOptions => ({ + env, + ...io.daemon, + }); + + addServeDaemonCommand( + serve, + "start", + "Start the default Caplets HTTP daemon.", + async (options) => { + const result = await startDaemon(serveRawOptions(options), daemonOptions()); + const serveConfig = result.status.config?.serve; + writeOut( + `Started Caplets HTTP daemon on ${serveConfig?.host ?? "127.0.0.1"}:${serveConfig?.port ?? 5387}.\n`, + ); + if (options.json) writeOut(`${JSON.stringify(result.status, null, 2)}\n`); + }, + ); + addServeDaemonCommand(serve, "stop", "Stop the default Caplets HTTP daemon.", async (options) => { + const result = await stopDaemon(daemonOptions()); + if (options.json) { + writeOut(`${JSON.stringify(result.status, null, 2)}\n`); + return; + } + writeOut("Stopped Caplets HTTP daemon.\n"); + }); + addServeDaemonCommand( + serve, + "status", + "Show the default Caplets HTTP daemon status.", + async (options) => { + const status = await daemonStatus(daemonOptions()); + if (options.json) { + writeOut(`${JSON.stringify(status, null, 2)}\n`); + return; + } + writeOut( + status.running + ? `Caplets HTTP daemon is running${status.pid ? ` (pid ${status.pid})` : ""}.\n` + : "Caplets HTTP daemon is stopped.\n", + ); + }, + ); + addServeDaemonCommand( + serve, + "restart", + "Restart the default Caplets HTTP daemon.", + async (options) => { + const result = await restartDaemon(serveRawOptions(options), daemonOptions()); + if (options.json) { + writeOut(`${JSON.stringify(result.status, null, 2)}\n`); + return; + } + const serveConfig = result.status.config?.serve; + writeOut( + `Restarted Caplets HTTP daemon on ${serveConfig?.host ?? "127.0.0.1"}:${serveConfig?.port ?? 5387}.\n`, + ); + }, + ); + addServeDaemonCommand( + serve, + "enable", + "Enable the default Caplets HTTP daemon at login.", + async (options) => { + const result = await enableDaemon(daemonOptions()); + if (options.json) { + writeOut(`${JSON.stringify(result, null, 2)}\n`); + return; + } + writeOut(`Enabled Caplets HTTP daemon at login (${result.descriptor.kind}).\n`); + }, + ); + addServeDaemonCommand( + serve, + "disable", + "Disable the default Caplets HTTP daemon at login.", + async (options) => { + const result = await disableDaemon(daemonOptions()); + if (options.json) { + writeOut(`${JSON.stringify(result, null, 2)}\n`); + return; + } + writeOut(`Disabled Caplets HTTP daemon at login (${result.descriptor.kind}).\n`); + }, + ); + + program + .command(cliCommands.attach) + .description("Start a remote-backed Caplets MCP server.") + .option("--transport ", "server transport: stdio or http") + .option("--host ", "HTTP bind host") + .option("--port ", "HTTP bind port") + .option("--path ", "HTTP service base path") + .option("--remote-url ", "remote Caplets service base URL") + .option("--user ", "remote Basic Auth username") + .option("--password ", "remote Basic Auth password") + .option("--token ", "remote bearer token") + .option("--workspace ", "hosted Cloud workspace ID or slug") + .option( + "--allow-unauthenticated-http", + "allow unauthenticated HTTP serving on non-loopback hosts", + ) + .option("--trust-proxy", "trust X-Forwarded-* headers from a reverse proxy") + .option("--json", "print JSON status events") + .option("--verbose", "print detailed attach diagnostics") + .option("--once", "validate Project Binding once and exit") + .option("--project-root ", "test-only project root override") + .action( + async (options: { + remoteUrl?: string; + transport?: string; + host?: string; + port?: string; + path?: string; + user?: string; + password?: string; + token?: string; + workspace?: string; + allowUnauthenticatedHttp?: boolean; + trustProxy?: boolean; + json?: boolean; + verbose?: boolean; + once?: boolean; + projectRoot?: string; + }) => { + try { + const attachOptions = { ...options, ...(io.fetch ? { fetch: io.fetch } : {}) }; + if (!options.once) { + const resolved = await resolveAttachServeOptions(attachOptions, env); + await ( + io.attachServe ?? + ((serveOptions) => attachResolvedCaplets(serveOptions, { writeErr })) + )(resolved); + return; + } + const result = await attachProjectOnce(attachOptions, env); + if (options.json) { + writeOut(`${JSON.stringify(result, null, 2)}\n`); + return; + } + writeOut(`Project Binding available at ${result.webSocketUrl}.\n`); + } catch (error) { + if (options.json && isProjectBindingWebSocketUnavailable(error)) { + writeOut( + `${JSON.stringify( + { + ok: false, + error: { + code: "PROJECT_BINDING_WEBSOCKET_UNAVAILABLE", + message: error instanceof Error ? error.message : String(error), + }, + }, + null, + 2, + )}\n`, + ); + setExitCode(1); + return; + } + if (options.json && isProjectBindingCliError(error)) { + writeOut( + `${JSON.stringify( + { + ok: false, + error: { + code: error.projectBindingCode, + message: error.message, + recoveryCommand: error.recoveryCommand, + requestId: error.requestId, + }, + }, + null, + 2, + )}\n`, + ); + setExitCode(1); + return; + } + if (options.json && error instanceof CapletsError) { + writeOut( + `${JSON.stringify( + { + ok: false, + error: { + code: error.code, + message: error.message, + }, + }, + null, + 2, + )}\n`, + ); + setExitCode(1); + return; + } + throw error; + } + }, + ); + + const cloud = program.command(cliCommands.cloud).description("Manage hosted Caplets Cloud."); + const cloudAuth = cloud + .command("auth") + .description("Authenticate this Caplets client to hosted Caplets Cloud."); + cloudAuth + .command("login") + .description("Log in to hosted Caplets Cloud.") + .option("--cloud-url ", "hosted Caplets Cloud URL") + .option("--workspace ", "workspace ID or slug to select") + .option("--device-name ", "device label for this Cloud Auth credential") + .option("--no-open", "print the login URL without opening a browser") + .option("--json", "print JSON output") + .action( + async (options: { + cloudUrl?: string; + workspace?: string; + deviceName?: string; + open?: boolean; + json?: boolean; + }) => { + const cloudUrl = options.cloudUrl ?? env.CAPLETS_CLOUD_URL ?? "https://cloud.caplets.dev"; + const client = new CloudAuthClient({ cloudUrl, ...(io.fetch ? { fetch: io.fetch } : {}) }); + const started = await client.startLogin({ + requestedWorkspace: options.workspace, + deviceName: options.deviceName ?? env.CAPLETS_DEVICE_NAME ?? "Caplets CLI", + }); + if (options.open !== false) await openBrowserUrl(started.loginUrl); + if (!options.json) { + writeOut(`Open ${started.loginUrl}\n`); + writeOut(`Enter code ${started.userCode} if prompted.\n`); + } + + const completed = await waitForCloudLogin(client, started.loginId, env); + if (completed.status !== "completed") { + throw new CapletsError("AUTH_FAILED", `Cloud Auth login ${completed.status}.`); + } + const exchanged = await client.exchangeToken({ + loginId: started.loginId, + oneTimeCode: completed.oneTimeCode, + }); + const now = new Date().toISOString(); + const credentials: CloudAuthCredentials = { + version: 2, + cloudUrl: exchanged.cloudUrl, + workspaceId: exchanged.workspaceId, + ...(exchanged.workspaceSlug ? { workspaceSlug: exchanged.workspaceSlug } : {}), + accessToken: exchanged.accessToken, + refreshToken: exchanged.refreshToken ?? "", + expiresAt: exchanged.expiresAt, + scope: exchanged.scope, + tokenType: exchanged.tokenType, + credentialFamilyId: exchanged.credentialFamilyId, + deviceName: exchanged.deviceName ?? options.deviceName ?? "Caplets CLI", + createdAt: now, + lastRefreshAt: now, + }; + await cloudAuthStore(env).save(credentials); + const status = cloudAuthStatus(credentials); + if (options.json) { + writeOut(`${JSON.stringify(status, null, 2)}\n`); + return; + } + writeOut( + `Authenticated to ${credentials.cloudUrl} as workspace ${credentials.workspaceSlug ?? credentials.workspaceId}.\n`, + ); + }, + ); + cloudAuth + .command("status") + .description("Show hosted Caplets Cloud authentication status.") + .option("--json", "print JSON output") + .action(async (options: { json?: boolean }) => { + const credentials = await cloudAuthStore(env).load(); + if (options.json) { + writeOut(`${JSON.stringify(cloudAuthStatus(credentials), null, 2)}\n`); + return; + } + writeOut( + credentials + ? `Authenticated to ${credentials.cloudUrl} as workspace ${credentials.workspaceSlug ?? credentials.workspaceId}.\n` + : "Not authenticated to hosted Caplets Cloud.\n", + ); + }); + cloudAuth + .command("logout") + .description("Log out of hosted Caplets Cloud.") + .action(async () => { + const store = cloudAuthStore(env); + const credentials = await store.load(); + if (credentials?.refreshToken) { + await new CloudAuthClient({ + cloudUrl: credentials.cloudUrl, + ...(io.fetch ? { fetch: io.fetch } : {}), + }) + .logout(credentials.refreshToken) + .catch(() => undefined); + } + await store.clear(); + writeOut("Logged out of hosted Caplets Cloud.\n"); + }); + cloudAuth + .command("workspaces") + .description("List hosted Caplets Cloud workspaces.") + .option("--json", "print JSON output") + .action(async (options: { json?: boolean }) => { + const credentials = await cloudAuthStore(env).load(); + const workspaces = credentials?.accessToken + ? ( + await new CloudAuthClient({ + cloudUrl: credentials.cloudUrl, + ...(io.fetch ? { fetch: io.fetch } : {}), + }) + .workspaces(credentials.accessToken) + .catch(() => ({ + workspaces: [ + { + workspaceId: credentials.workspaceId, + ...(credentials.workspaceSlug ? { slug: credentials.workspaceSlug } : {}), + }, + ], + })) + ).workspaces.map((workspace) => ({ + ...workspace, + selected: + workspace.workspaceId === credentials.workspaceId || + workspace.slug === credentials.workspaceSlug, + })) + : []; + if (options.json) { + writeOut(`${JSON.stringify({ workspaces }, null, 2)}\n`); + return; + } + if (workspaces.length === 0) { + writeOut("No hosted Caplets Cloud workspaces available. Run caplets cloud auth login.\n"); + return; + } + for (const workspace of workspaces) { + writeOut(`${workspace.selected ? "* " : " "}${workspace.slug ?? workspace.workspaceId}\n`); + } + }); + cloudAuth + .command("switch") + .description("Switch the hosted Caplets Cloud Selected Workspace.") + .argument("", "workspace ID or slug") + .option("--json", "print JSON output") + .action(async (workspace: string, options: { json?: boolean }) => { + const store = cloudAuthStore(env); + const credentials = await store.load(); + if (!credentials) { + throw new CapletsError("AUTH_REQUIRED", "Run caplets cloud auth login first."); + } + const client = new CloudAuthClient({ + cloudUrl: credentials.cloudUrl, + ...(io.fetch ? { fetch: io.fetch } : {}), + }); + const switched = await client.switchWorkspace({ + accessToken: credentials.accessToken, + refreshToken: credentials.refreshToken, + workspace, + deviceName: credentials.deviceName, + }); + const now = new Date().toISOString(); + const next: CloudAuthCredentials = { + ...credentials, + workspaceId: switched.workspaceId, + workspaceSlug: switched.workspaceSlug, + accessToken: switched.accessToken, + refreshToken: switched.refreshToken ?? credentials.refreshToken, + expiresAt: switched.expiresAt, + scope: switched.scope, + tokenType: switched.tokenType, + credentialFamilyId: switched.credentialFamilyId, + lastRefreshAt: now, + selectedWorkspaceSwitchedAt: now, + }; + await store.save(next); + if (options.json) { + writeOut(`${JSON.stringify(cloudAuthStatus(next), null, 2)}\n`); + return; + } + writeOut(`Selected workspace ${next.workspaceSlug ?? next.workspaceId}.\n`); + }); + program .command(cliCommands.init) .description("Create a starter Caplets config file.") @@ -271,6 +786,8 @@ export function createProgram(io: CliIO = {}): Command { .option("--server-url ", "remote Caplets service base URL") .option("--output ", "config path to write for generic MCP setup") .option("--dry-run", "print actions without running commands or writing files") + .option("--yes", "approve Caplet setup commands for the exact current content hash") + .option("--target ", "Caplet setup target: local, remote, or cloud", parseSetupTarget) .option("--format ", "output format: plain or json", parseSetupFormat) .action( async ( @@ -280,6 +797,8 @@ export function createProgram(io: CliIO = {}): Command { serverUrl?: string; output?: string; dryRun?: boolean; + yes?: boolean; + target?: "local" | "remote" | "cloud"; format?: SetupFormat; }, ) => { @@ -293,6 +812,18 @@ export function createProgram(io: CliIO = {}): Command { }, ); + program + .command(cliCommands.doctor) + .description("Diagnose Caplets local, remote, and project-sync configuration.") + .option("--json", "print JSON output") + .action(async (options: { json?: boolean }) => { + if (options.json) { + writeOut(`${JSON.stringify(await doctorJsonReport({ env }), null, 2)}\n`); + return; + } + writeOut(await formatDoctorReport({ env })); + }); + program .command(cliCommands.list) .description("List configured Caplets.") @@ -1368,6 +1899,11 @@ function parseSetupFormat(value: string): SetupFormat { throw new CapletsError("REQUEST_INVALID", "setup format must be plain or json"); } +function parseSetupTarget(value: string): "local" | "remote" | "cloud" { + if (value === "local" || value === "remote" || value === "cloud") return value; + throw new CapletsError("REQUEST_INVALID", "setup target must be local, remote, or cloud"); +} + function parseQualifiedTarget( capletOrTarget: string, toolArgument?: string | undefined, diff --git a/packages/core/src/cli/add.ts b/packages/core/src/cli/add.ts index fe371bb..5679809 100644 --- a/packages/core/src/cli/add.ts +++ b/packages/core/src/cli/add.ts @@ -5,6 +5,7 @@ import { mkdirSync, mkdtempSync, openSync, + realpathSync, rmSync, writeFileSync, writeSync, @@ -373,14 +374,18 @@ function renderLocalPaths(fields: YamlField[], outputDir: string): YamlField[] { } function localPathRelativeToOutput(path: string, outputDir: string): string { - const absolutePath = resolve(path); - const rendered = relative(outputDir, resolve(path)); + const absolutePath = displayPath(resolve(path)); + const rendered = relative(outputDir, absolutePath); if (rendered.startsWith("../..") || rendered.startsWith("..\\..")) { return absolutePath; } return rendered === "" ? "." : rendered; } +function displayPath(path: string): string { + return path; +} + function rejectUnsafeDestinationParents(path: string): void { const parent = dirname(resolve(path)); const root = parse(parent).root; @@ -394,6 +399,7 @@ function rejectUnsafeDestinationParents(path: string): void { return; } if (stats.isSymbolicLink()) { + if (isDarwinSystemAliasSymlink(current)) continue; throw new CapletsError( "CONFIG_EXISTS", `Output parent path ${current} is a symlink; remove it before writing`, @@ -408,6 +414,16 @@ function rejectUnsafeDestinationParents(path: string): void { } } +function isDarwinSystemAliasSymlink(path: string): boolean { + if (process.platform !== "darwin") return false; + if (path !== "/var" && path !== "/tmp") return false; + try { + return realpathSync(path) === `/private${path}`; + } catch { + return false; + } +} + function lstatIfExists(path: string): ReturnType | undefined { try { return lstatSync(path); diff --git a/packages/core/src/cli/commands.ts b/packages/core/src/cli/commands.ts index 5fe5535..17f96e6 100644 --- a/packages/core/src/cli/commands.ts +++ b/packages/core/src/cli/commands.ts @@ -5,8 +5,11 @@ export const cliCommands = { completion: "completion", completeHidden: "__complete", serve: "serve", + attach: "attach", + cloud: "cloud", init: "init", setup: "setup", + doctor: "doctor", list: "list", install: "install", add: "add", @@ -30,8 +33,11 @@ export const cliCommands = { export const topLevelCommandNames = [ cliCommands.serve, + cliCommands.attach, + cliCommands.cloud, cliCommands.init, cliCommands.setup, + cliCommands.doctor, cliCommands.list, cliCommands.install, cliCommands.add, @@ -57,8 +63,10 @@ export const topLevelCommandNames = [ export const cliSubcommands = { [cliCommands.add]: ["cli", "mcp", "openapi", "graphql", "http"], [cliCommands.auth]: ["login", "logout", "list"], + [cliCommands.cloud]: ["auth"], [cliCommands.completion]: [...completionShells], [cliCommands.config]: ["path", "paths"], + [cliCommands.serve]: ["start", "stop", "status", "restart", "enable", "disable"], [cliCommands.setup]: ["codex", "claude-code", "opencode", "pi", "mcp-client"], } as const satisfies Record; diff --git a/packages/core/src/cli/doctor.ts b/packages/core/src/cli/doctor.ts new file mode 100644 index 0000000..83f9649 --- /dev/null +++ b/packages/core/src/cli/doctor.ts @@ -0,0 +1,153 @@ +import { findProjectRoot, fingerprintProjectRoot } from "../cloud/project-root"; +import { CloudAuthStore, redactedCloudAuthStatus } from "../cloud-auth/store"; +import { projectBindingWorkspacePaths } from "../project-binding/workspaces"; +import { resolveCapletsRemote } from "../remote/options"; +import { resolveCapletsServer } from "../server/options"; +import type { MutagenProjectSyncDoctorData } from "../project-binding/mutagen"; + +export type DoctorOptions = { + env?: NodeJS.ProcessEnv | Record; + cwd?: string; + syncStatus?: MutagenProjectSyncDoctorData; + cloudAuthStore?: CloudAuthStore; +}; + +export type DoctorJsonReport = { + server: Record; + remote: Record; + projectBinding: Record; + sync: Record; + daemon: Record; + cloudAuth: Record; +}; + +export async function doctorJsonReport(options: DoctorOptions = {}): Promise { + const env = options.env ?? process.env; + const root = findProjectRoot(options.cwd ?? process.cwd()); + const projectFingerprint = fingerprintProjectRoot(root); + const paths = projectBindingWorkspacePaths(projectFingerprint, { env }); + const server = resolveServerSection(env); + const remote = resolveRemoteSection(env); + const credentials = await (options.cloudAuthStore ?? new CloudAuthStore({ env })).load(); + + return { + server, + remote, + projectBinding: { + state: "not_attached", + projectRoot: root, + projectFingerprint, + workspacePath: paths.project, + authMode: credentials + ? "hosted_cloud" + : remote.configured + ? "self_hosted_remote" + : "unconfigured", + selectedWorkspace: + credentials?.workspaceSlug ?? credentials?.workspaceId ?? remote.workspace ?? null, + webSocketUrl: remote.webSocketUrl, + lease: null, + lastUpgradeError: null, + recoveryCommand: + credentials || remote.configured ? "caplets attach --once" : "caplets cloud auth login", + }, + sync: { + state: options.syncStatus?.state ?? "idle", + diagnosticCode: options.syncStatus?.diagnosticCode ?? null, + mutagenBinary: options.syncStatus?.mutagenBinary ?? "mutagen", + mutagenVersion: options.syncStatus?.mutagenVersion ?? null, + lastCommand: options.syncStatus?.lastCommand ?? null, + }, + daemon: { + configured: false, + running: false, + }, + cloudAuth: redactedCloudAuthStatus(credentials), + }; +} + +export async function formatDoctorReport(options: DoctorOptions = {}): Promise { + const report = await doctorJsonReport(options); + const lines = [ + "Server hosting", + ` Configured: ${yesNo(Boolean(report.server.configured))}`, + ...(report.server.configured ? [` Base URL: ${report.server.baseUrl}`] : []), + "", + "Remote client", + ` Configured: ${yesNo(Boolean(report.remote.configured))}`, + ...(report.remote.configured + ? [ + ` MCP URL: ${report.remote.mcpUrl}`, + ` Control URL: ${report.remote.controlUrl}`, + ` Health URL: ${report.remote.healthUrl}`, + ` WebSocket URL: ${report.remote.webSocketUrl}`, + ` Auth: ${report.remote.auth}`, + ] + : []), + "", + "Project Binding", + ` State: ${report.projectBinding.state}`, + ` Project root: ${report.projectBinding.projectRoot}`, + ` Project fingerprint: ${report.projectBinding.projectFingerprint}`, + ` Workspace path: ${report.projectBinding.workspacePath}`, + ` Auth mode: ${report.projectBinding.authMode}`, + ` Selected Workspace: ${report.projectBinding.selectedWorkspace ?? "none"}`, + ` Binding Session: ${report.projectBinding.state}`, + ` Recovery: ${report.projectBinding.recoveryCommand}`, + "", + "Project sync", + ` State: ${report.sync.state}`, + ` Mutagen: ${report.sync.mutagenVersion ?? report.sync.mutagenBinary}`, + ...(report.sync.diagnosticCode ? [` Diagnostic: ${report.sync.diagnosticCode}`] : []), + "", + "Daemon", + ` Running: ${yesNo(Boolean(report.daemon.running))}`, + "", + "Cloud Auth", + ` Authenticated: ${yesNo(Boolean(report.cloudAuth.authenticated))}`, + ...(report.cloudAuth.cloudUrl ? [` Cloud URL: ${report.cloudAuth.cloudUrl}`] : []), + ...(report.cloudAuth.workspaceSlug || report.cloudAuth.workspaceId + ? [` Selected Workspace: ${report.cloudAuth.workspaceSlug ?? report.cloudAuth.workspaceId}`] + : []), + ]; + return `${lines.join("\n")}\n`; +} + +function resolveServerSection(env: NodeJS.ProcessEnv | Record) { + try { + const server = resolveCapletsServer({}, env); + return { + configured: true, + baseUrl: server.baseUrl.href, + mcpUrl: server.mcpUrl.href, + controlUrl: server.controlUrl.href, + healthUrl: server.healthUrl.href, + auth: server.auth.enabled ? "basic" : "none", + }; + } catch { + return { configured: false }; + } +} + +function resolveRemoteSection(env: NodeJS.ProcessEnv | Record) { + try { + const remote = resolveCapletsRemote({}, env); + return { + configured: true, + baseUrl: remote.baseUrl.href, + mcpUrl: remote.mcpUrl.href, + controlUrl: remote.controlUrl.href, + healthUrl: remote.healthUrl.href, + webSocketUrl: remote.projectBindingWebSocketUrl.href, + auth: remote.auth.type, + tokenPresent: remote.auth.type === "bearer", + workspace: remote.workspace ?? null, + }; + } catch { + return { configured: false }; + } +} + +function yesNo(value: boolean): string { + return value ? "yes" : "no"; +} diff --git a/packages/core/src/cli/install.ts b/packages/core/src/cli/install.ts index 847e4c8..a319cdd 100644 --- a/packages/core/src/cli/install.ts +++ b/packages/core/src/cli/install.ts @@ -197,6 +197,7 @@ function rejectUnsafeInstallParents(path: string): void { return; } if (stats.isSymbolicLink()) { + if (isDarwinSystemAliasSymlink(current)) continue; throw new CapletsError( "CONFIG_EXISTS", `Install destination parent ${current} is a symlink; remove it before installing`, @@ -211,6 +212,16 @@ function rejectUnsafeInstallParents(path: string): void { } } +function isDarwinSystemAliasSymlink(path: string): boolean { + if (process.platform !== "darwin") return false; + if (path !== "/var" && path !== "/tmp") return false; + try { + return realpathSync(path) === `/private${path}`; + } catch { + return false; + } +} + function rejectUnsafeInstallDestination(plan: InstallPlan, force: boolean): void { const stats = lstatIfExists(plan.destination); if (!stats) { diff --git a/packages/core/src/cli/setup-caplet.ts b/packages/core/src/cli/setup-caplet.ts new file mode 100644 index 0000000..e4c0c4e --- /dev/null +++ b/packages/core/src/cli/setup-caplet.ts @@ -0,0 +1,118 @@ +import type { CapletConfig } from "../config"; +import { loadConfig, resolveConfigPath, resolveProjectConfigPath } from "../config"; +import { CapletsError } from "../errors"; +import { capletSetupContentHash } from "../setup/hash"; +import { LocalSetupStore } from "../setup/local-store"; +import { runCapletSetup, type SetupSpawn } from "../setup/runner"; +import type { SetupActor, SetupTargetKind } from "../setup/types"; + +export type CapletSetupCliOptions = { + yes?: boolean; + target?: SetupTargetKind; + remote?: boolean; + configPath?: string | undefined; + projectConfigPath?: string | undefined; + baseDir?: string | undefined; + spawn?: SetupSpawn; +}; + +export async function runCapletSetupCli( + capletId: string, + options: CapletSetupCliOptions = {}, +): Promise { + const targetKind = resolveSetupTarget(options); + if (targetKind === "hosted_sandbox") { + throw new CapletsError( + "REQUEST_INVALID", + "Cloud setup runs through the Caplets Cloud API, not the local CLI runner", + ); + } + + const configPath = options.configPath ?? resolveConfigPath(); + const projectConfigPath = options.projectConfigPath ?? resolveProjectConfigPath(); + const config = loadConfig(configPath, projectConfigPath); + const caplet = Object.values({ + ...config.mcpServers, + ...config.openapiEndpoints, + ...config.graphqlEndpoints, + ...config.httpApis, + ...config.cliTools, + ...config.capletSets, + }).find((entry) => entry.server === capletId); + if (!caplet) throw new CapletsError("CONFIG_INVALID", `Unknown Caplet ID: ${capletId}`); + if (!caplet.setup || (!caplet.setup.commands?.length && !caplet.setup.verify?.length)) { + return `No setup metadata is defined for ${caplet.name} (${caplet.server}).\n`; + } + + const contentHash = capletSetupContentHash(caplet as CapletConfig); + const projectFingerprint = "default"; + const store = new LocalSetupStore(options.baseDir ? { baseDir: options.baseDir } : {}); + const existingApproval = await store.getApproval( + projectFingerprint, + caplet.server, + contentHash, + targetKind, + ); + const actor: SetupActor = options.yes ? "cli-yes" : "cli-interactive"; + if (!existingApproval && !options.yes) { + return [ + `Setup approval required for ${caplet.name} (${caplet.server}).`, + `Content hash: ${contentHash}`, + `Target: ${targetKind}`, + "", + "Commands:", + ...formatCommands(caplet.setup.commands ?? []), + "Verify:", + ...formatCommands(caplet.setup.verify ?? []), + "", + `Run caplets setup ${caplet.server} --yes to approve and execute these exact steps.`, + "", + ].join("\n"); + } + + if (options.yes && !existingApproval) { + await store.approve({ + projectFingerprint, + capletId: caplet.server, + contentHash, + targetKind, + approvedAt: new Date().toISOString(), + actor, + }); + } + + const attempts = await runCapletSetup({ + projectFingerprint, + capletId: caplet.server, + contentHash, + targetKind, + setup: caplet.setup, + actor, + approved: true, + store, + ...(options.spawn ? { spawn: options.spawn } : {}), + }); + const failed = attempts.find((attempt) => attempt.status === "failed"); + if (failed) { + throw new CapletsError( + "SERVER_UNAVAILABLE", + `Setup failed for ${caplet.server}: ${failed.commandLabel}`, + { attempts }, + ); + } + return `Completed setup for ${caplet.name} (${caplet.server}).\n`; +} + +function resolveSetupTarget(options: CapletSetupCliOptions): SetupTargetKind { + if (options.target) return options.target; + return options.remote ? "remote_host" : "local_host"; +} + +function formatCommands( + commands: Array<{ label: string; command: string; args?: string[] | undefined }>, +): string[] { + if (commands.length === 0) return [" none"]; + return commands.map( + (command) => ` - ${command.label}: ${[command.command, ...(command.args ?? [])].join(" ")}`, + ); +} diff --git a/packages/core/src/cli/setup.ts b/packages/core/src/cli/setup.ts index 22e1e3d..0d3e06c 100644 --- a/packages/core/src/cli/setup.ts +++ b/packages/core/src/cli/setup.ts @@ -3,6 +3,8 @@ import { mkdirSync, writeFileSync } from "node:fs"; import { dirname } from "node:path"; import { promisify } from "node:util"; import { CapletsError } from "../errors"; +import { runCapletSetupCli } from "./setup-caplet"; +import { isSetupTargetKind, type SetupTargetKind } from "../setup/types"; const execFileAsync = promisify(execFile); @@ -16,6 +18,7 @@ export const setupIntegrationIds = [ export type SetupIntegrationId = (typeof setupIntegrationIds)[number]; export type SetupFormat = "plain" | "json"; +export type SetupTargetOption = SetupTargetKind | "local" | "remote" | "cloud" | "hosted_worker"; export type SetupCommandResult = { stdout: string; @@ -32,6 +35,8 @@ export type SetupOptions = { env?: NodeJS.ProcessEnv | Record; format?: SetupFormat; runCommand?: SetupCommandRunner; + yes?: boolean; + target?: SetupTargetOption; }; type SetupAction = @@ -49,6 +54,7 @@ type SetupResult = { integration: SetupIntegrationId; name: string; mode: "local" | "remote"; + targetKind: SetupTargetKind; dryRun: boolean; actions: SetupActionResult[]; nextSteps: string[]; @@ -84,6 +90,13 @@ export function formatSetupMenu(): string { } export async function runSetup(integration: string, options: SetupOptions = {}): Promise { + if (!setupIntegrationIds.includes(integration as SetupIntegrationId)) { + return await runCapletSetupCli(integration, { + ...(options.yes === undefined ? {} : { yes: options.yes }), + target: resolveSetupTargetKind(options), + ...(options.remote === undefined ? {} : { remote: options.remote }), + }); + } const result = await executeSetup(integration, options); if (options.format === "json") return `${JSON.stringify(result, null, 2)}\n`; return formatSetupResult(result); @@ -138,6 +151,7 @@ async function executeSetup(integration: string, options: SetupOptions): Promise integration: id, name: definition.name, mode: options.remote ? "remote" : "local", + targetKind: resolveSetupTargetKind(options), dryRun: Boolean(options.dryRun), actions, nextSteps: definition.nextSteps, @@ -345,7 +359,7 @@ async function defaultSetupCommandRunner( function formatSetupResult(result: SetupResult): string { const lines = [ - `${result.dryRun ? "Dry run" : "Completed"} ${result.name} setup (${result.mode})`, + `${result.dryRun ? "Dry run" : "Completed"} ${result.name} setup (${result.mode}, ${result.targetKind})`, "", ]; for (const action of result.actions) { @@ -368,3 +382,17 @@ function nonEmpty(value: string | undefined): string | undefined { const trimmed = value?.trim(); return trimmed ? trimmed : undefined; } + +function resolveSetupTargetKind(options: SetupOptions): SetupTargetKind { + if (options.target !== undefined) { + if (isSetupTargetKind(options.target)) return options.target; + if (options.target === "local") return "local_host"; + if (options.target === "remote") return "remote_host"; + if (options.target === "cloud" || options.target === "hosted_worker") return "hosted_sandbox"; + throw new CapletsError( + "REQUEST_INVALID", + "setup target must be one of: local_host, remote_host, hosted_sandbox", + ); + } + return options.remote ? "remote_host" : "local_host"; +} diff --git a/packages/core/src/cloud-auth/client.ts b/packages/core/src/cloud-auth/client.ts new file mode 100644 index 0000000..ae6c9c1 --- /dev/null +++ b/packages/core/src/cloud-auth/client.ts @@ -0,0 +1,181 @@ +import { CapletsError } from "../errors"; +import { redactCloudAuthSecrets, type CloudAuthRecovery, type CloudAuthErrorCode } from "./errors"; +import type { + CloudAuthLoginPollResult, + CloudAuthLoginStart, + CloudAuthTokenResponse, + CloudAuthWorkspace, +} from "./types"; + +export type CloudAuthClientOptions = { + cloudUrl: string; + fetch?: typeof fetch; +}; + +export type StartLoginInput = { + requestedWorkspace?: string | undefined; + deviceName?: string | undefined; + scope?: string[] | undefined; +}; + +export type ExchangeTokenInput = { + loginId: string; + oneTimeCode: string; +}; + +export type RefreshTokenInput = { + refreshToken: string; +}; + +export type CloudAuthClientCredentials = Required< + Pick< + CloudAuthTokenResponse, + "workspaceId" | "accessToken" | "expiresAt" | "tokenType" | "credentialFamilyId" + > +> & + Pick & { + cloudUrl: string; + scope: string[]; + redacted: Record; + }; + +export class CloudAuthClient { + private readonly cloudUrl: URL; + private readonly fetchImpl: typeof fetch; + + constructor(options: CloudAuthClientOptions) { + this.cloudUrl = new URL(options.cloudUrl); + this.fetchImpl = options.fetch ?? fetch; + } + + async startLogin(input: StartLoginInput = {}): Promise { + return await this.requestJson("/api/cloud-client/login/start", { + method: "POST", + body: JSON.stringify({ + ...(input.requestedWorkspace ? { requestedWorkspace: input.requestedWorkspace } : {}), + ...(input.deviceName ? { deviceName: input.deviceName } : {}), + ...(input.scope ? { scope: input.scope } : {}), + }), + }); + } + + async pollLogin(loginId: string): Promise { + return await this.requestJson(`/api/cloud-client/login/${loginId}`); + } + + async exchangeToken(input: ExchangeTokenInput): Promise { + const response = await this.requestJson("/api/cloud-client/token", { + method: "POST", + body: JSON.stringify(input), + }); + return normalizeCredentials(response, this.cloudUrl.origin); + } + + async refresh(input: RefreshTokenInput): Promise { + const response = await this.requestJson("/api/cloud-client/refresh", { + method: "POST", + body: JSON.stringify(input), + }); + return normalizeCredentials(response, this.cloudUrl.origin); + } + + async logout(refreshToken: string): Promise { + await this.requestJson("/api/cloud-client/logout", { + method: "POST", + body: JSON.stringify({ refreshToken }), + }); + } + + async workspaces(accessToken: string): Promise<{ workspaces: CloudAuthWorkspace[] }> { + return await this.requestJson<{ workspaces: CloudAuthWorkspace[] }>( + "/api/cloud-client/workspaces", + { + headers: { Authorization: `Bearer ${accessToken}` }, + }, + ); + } + + async switchWorkspace(input: { + accessToken: string; + workspace: string; + refreshToken?: string | undefined; + deviceName?: string | undefined; + }): Promise { + const response = await this.requestJson("/api/cloud-client/switch", { + method: "POST", + headers: { Authorization: `Bearer ${input.accessToken}` }, + body: JSON.stringify({ + workspace: input.workspace, + ...(input.refreshToken ? { refreshToken: input.refreshToken } : {}), + ...(input.deviceName ? { deviceName: input.deviceName } : {}), + }), + }); + return normalizeCredentials(response, this.cloudUrl.origin); + } + + private async requestJson(path: string, init: RequestInit = {}): Promise { + const headers = new Headers(init.headers); + if (init.body !== undefined && !headers.has("content-type")) { + headers.set("content-type", "application/json"); + } + const response = await this.fetchImpl(new URL(path, this.cloudUrl), { ...init, headers }); + const requestId = response.headers.get("x-request-id") ?? undefined; + const body = (await response.json().catch(() => ({}))) as Record; + if (!response.ok) { + const code = typeof body.error === "string" ? body.error : "endpoint_unavailable"; + const message = + typeof body.message === "string" + ? body.message + : `Cloud Auth request failed (${response.status}).`; + const recovery: CloudAuthRecovery = { + code: code as CloudAuthErrorCode, + message, + recoveryCommand: + code === "workspace_switch_required" + ? "caplets cloud auth switch " + : "caplets cloud auth login", + requestId, + }; + throw new CapletsError("AUTH_FAILED", message, redactCloudAuthSecrets(recovery)); + } + return { ...body, ...(requestId && !body.requestId ? { requestId } : {}) } as T; + } +} + +function normalizeCredentials( + response: CloudAuthTokenResponse, + fallbackCloudUrl: string, +): CloudAuthClientCredentials { + const scope = Array.isArray(response.scope) + ? response.scope.map(String) + : typeof response.scope === "string" + ? response.scope.split(/\s+/u).filter(Boolean) + : ["project_binding:read", "project_binding:write"]; + const credentialFamilyId = response.credentialFamilyId ?? "cloud_client_credential_family"; + const tokenType = response.tokenType ?? "Bearer"; + const credentials: CloudAuthClientCredentials = { + cloudUrl: response.cloudUrl ?? fallbackCloudUrl, + workspaceId: response.workspaceId, + ...(response.workspaceSlug ? { workspaceSlug: response.workspaceSlug } : {}), + accessToken: response.accessToken, + ...(response.refreshToken ? { refreshToken: response.refreshToken } : {}), + expiresAt: response.expiresAt, + scope, + tokenType, + credentialFamilyId, + ...(response.deviceName ? { deviceName: response.deviceName } : {}), + ...(response.requestId ? { requestId: response.requestId } : {}), + redacted: { + cloudUrl: response.cloudUrl ?? fallbackCloudUrl, + workspaceId: response.workspaceId, + ...(response.workspaceSlug ? { workspaceSlug: response.workspaceSlug } : {}), + expiresAt: response.expiresAt, + scope, + tokenType, + credentialFamilyId, + ...(response.deviceName ? { deviceName: response.deviceName } : {}), + ...(response.requestId ? { requestId: response.requestId } : {}), + }, + }; + return credentials; +} diff --git a/packages/core/src/cloud-auth/errors.ts b/packages/core/src/cloud-auth/errors.ts new file mode 100644 index 0000000..0bb12f0 --- /dev/null +++ b/packages/core/src/cloud-auth/errors.ts @@ -0,0 +1,74 @@ +import { CapletsError } from "../errors"; + +export type CloudAuthErrorCode = + | "cloud_auth_required" + | "cloud_auth_expired" + | "cloud_auth_revoked" + | "workspace_selection_required" + | "workspace_switch_required" + | "workspace_forbidden" + | "endpoint_unavailable"; + +export type CloudAuthRecovery = { + code: CloudAuthErrorCode; + message: string; + recoveryCommand: string; + requestId?: string | undefined; +}; + +const SECRET_PATTERN = + /(cap_access_[a-z0-9._~+/=-]+|cap_refresh_[a-z0-9._~+/=-]+|one_time_code_[a-z0-9._~+/=-]+|Bearer\s+)[^\s"]*/giu; + +export function redactCloudAuthSecrets(value: unknown): unknown { + if (typeof value === "string") return value.replace(SECRET_PATTERN, "$1[REDACTED]"); + if (Array.isArray(value)) return value.map((item) => redactCloudAuthSecrets(item)); + if (value && typeof value === "object") { + const redacted: Record = {}; + for (const [key, nested] of Object.entries(value)) { + redacted[key] = /token|secret|code|authorization|credential/i.test(key) + ? "[REDACTED]" + : redactCloudAuthSecrets(nested); + } + return redacted; + } + return value; +} + +export function cloudAuthRecovery(code: CloudAuthErrorCode, detail?: string): CloudAuthRecovery { + const recoveryCommand = + code === "workspace_switch_required" + ? "caplets cloud auth switch " + : code === "workspace_selection_required" + ? "caplets cloud auth login --workspace " + : "caplets cloud auth login"; + return { + code, + message: detail ?? defaultMessage(code), + recoveryCommand, + }; +} + +export function cloudAuthError(code: CloudAuthErrorCode, detail?: string): CapletsError { + const recovery = cloudAuthRecovery(code, detail); + return new CapletsError("AUTH_REQUIRED", recovery.message, recovery); +} + +function defaultMessage(code: CloudAuthErrorCode): string { + switch (code) { + case "cloud_auth_expired": + return "Hosted Caplets Cloud credentials have expired."; + case "cloud_auth_revoked": + return "Hosted Caplets Cloud credentials were revoked."; + case "workspace_selection_required": + return "Select a hosted Caplets Cloud workspace before attaching this project."; + case "workspace_switch_required": + return "The requested workspace differs from the saved Selected Workspace."; + case "workspace_forbidden": + return "The saved Cloud Auth credential cannot access the requested workspace."; + case "endpoint_unavailable": + return "Hosted Caplets Cloud is unavailable."; + case "cloud_auth_required": + default: + return "Run caplets cloud auth login before using hosted Project Binding."; + } +} diff --git a/packages/core/src/cloud-auth/open-url.ts b/packages/core/src/cloud-auth/open-url.ts new file mode 100644 index 0000000..aa793f8 --- /dev/null +++ b/packages/core/src/cloud-auth/open-url.ts @@ -0,0 +1,24 @@ +import { spawn } from "node:child_process"; + +export type OpenUrlResult = { + opened: boolean; + command?: string | undefined; +}; + +export async function openBrowserUrl( + url: string, + options: { opener?: (url: string) => Promise | OpenUrlResult } = {}, +): Promise { + if (options.opener) return await options.opener(url); + const command = + process.platform === "darwin" ? "open" : process.platform === "win32" ? "cmd" : "xdg-open"; + const args = process.platform === "win32" ? ["/c", "start", "", url] : [url]; + return await new Promise((resolve) => { + const child = spawn(command, args, { detached: true, stdio: "ignore" }); + child.once("error", () => resolve({ opened: false, command })); + child.once("spawn", () => { + child.unref(); + resolve({ opened: true, command }); + }); + }); +} diff --git a/packages/core/src/cloud-auth/store.ts b/packages/core/src/cloud-auth/store.ts new file mode 100644 index 0000000..7e302de --- /dev/null +++ b/packages/core/src/cloud-auth/store.ts @@ -0,0 +1,133 @@ +import { existsSync, mkdirSync, readFileSync, rmSync, writeFileSync } from "node:fs"; +import { homedir } from "node:os"; +import { dirname, posix, win32 } from "node:path"; +import { defaultConfigBaseDir } from "../config/paths"; +import type { RedactedCloudAuthStatus } from "./types"; + +type CloudAuthPathEnv = Partial< + Record<"CAPLETS_CLOUD_AUTH_PATH" | "XDG_CONFIG_HOME" | "APPDATA", string> +>; + +export type CloudAuthCredentials = { + version?: 1 | 2 | undefined; + cloudUrl: string; + workspaceId: string; + workspaceSlug?: string | undefined; + accessToken: string; + refreshToken: string; + expiresAt: string; + scope?: string[] | undefined; + tokenType?: string | undefined; + credentialFamilyId?: string | undefined; + deviceName?: string | undefined; + createdAt?: string | undefined; + lastRefreshAt?: string | undefined; + selectedWorkspaceSwitchedAt?: string | undefined; +}; + +export type CloudAuthStoreOptions = { + path?: string; + env?: CloudAuthPathEnv; + home?: string; + platform?: NodeJS.Platform; +}; + +export class CloudAuthStore { + readonly path: string; + + constructor(options: CloudAuthStoreOptions = {}) { + this.path = options.path ?? cloudAuthPath(options); + } + + async load(): Promise { + if (!existsSync(this.path)) return undefined; + return migrateCredentials(JSON.parse(readFileSync(this.path, "utf8"))); + } + + async save(credentials: CloudAuthCredentials): Promise { + mkdirSync(dirname(this.path), { recursive: true }); + writeFileSync(this.path, `${JSON.stringify(migrateCredentials(credentials), null, 2)}\n`, { + mode: 0o600, + }); + } + + async clear(): Promise { + rmSync(this.path, { force: true }); + } +} + +export function migrateCredentials(value: unknown): CloudAuthCredentials { + const record = isRecord(value) ? value : {}; + const now = new Date().toISOString(); + return { + version: 2, + cloudUrl: stringValue(record.cloudUrl) ?? "https://cloud.caplets.dev", + workspaceId: stringValue(record.workspaceId) ?? "", + ...(stringValue(record.workspaceSlug) + ? { workspaceSlug: stringValue(record.workspaceSlug) } + : {}), + accessToken: stringValue(record.accessToken) ?? "", + refreshToken: stringValue(record.refreshToken) ?? "", + expiresAt: stringValue(record.expiresAt) ?? now, + scope: arrayValue(record.scope) ?? ["project_binding:read", "project_binding:write"], + tokenType: stringValue(record.tokenType) ?? "Bearer", + credentialFamilyId: stringValue(record.credentialFamilyId) ?? "legacy_family", + deviceName: stringValue(record.deviceName) ?? "Caplets CLI", + createdAt: stringValue(record.createdAt) ?? now, + lastRefreshAt: stringValue(record.lastRefreshAt) ?? stringValue(record.createdAt) ?? now, + ...(stringValue(record.selectedWorkspaceSwitchedAt) + ? { selectedWorkspaceSwitchedAt: stringValue(record.selectedWorkspaceSwitchedAt) } + : {}), + }; +} + +export function redactedCloudAuthStatus( + credentials: CloudAuthCredentials | undefined, + now = new Date(), +): RedactedCloudAuthStatus { + if (!credentials) return { authenticated: false, status: "unauthenticated" }; + const expired = Number.isFinite(Date.parse(credentials.expiresAt)) + ? Date.parse(credentials.expiresAt) <= now.getTime() + : false; + const refreshable = expired && Boolean(credentials.refreshToken); + return { + authenticated: !expired, + status: refreshable ? "refreshable" : expired ? "expired" : "authenticated", + cloudUrl: credentials.cloudUrl, + workspaceId: credentials.workspaceId, + ...(credentials.workspaceSlug ? { workspaceSlug: credentials.workspaceSlug } : {}), + expiresAt: credentials.expiresAt, + scope: credentials.scope, + tokenType: credentials.tokenType, + credentialFamilyId: credentials.credentialFamilyId, + deviceName: credentials.deviceName, + createdAt: credentials.createdAt, + lastRefreshAt: credentials.lastRefreshAt, + selectedWorkspaceSwitchedAt: credentials.selectedWorkspaceSwitchedAt, + }; +} + +export function cloudAuthPath(options: CloudAuthStoreOptions = {}): string { + const env = options.env ?? process.env; + if (env.CAPLETS_CLOUD_AUTH_PATH?.trim()) return env.CAPLETS_CLOUD_AUTH_PATH.trim(); + const platform = options.platform ?? process.platform; + const home = options.home ?? homedir(); + if (platform === "win32") { + return win32.join(defaultConfigBaseDir(env, home, platform), "Caplets", "cloud-auth.json"); + } + return posix.join(defaultConfigBaseDir(env, home, platform), "caplets", "cloud-auth.json"); +} + +function isRecord(value: unknown): value is Record { + return typeof value === "object" && value !== null && !Array.isArray(value); +} + +function stringValue(value: unknown): string | undefined { + return typeof value === "string" && value.trim() ? value : undefined; +} + +function arrayValue(value: unknown): string[] | undefined { + if (Array.isArray(value)) return value.map(String).filter(Boolean); + if (typeof value === "string") return value.split(/\s+/u).filter(Boolean); + return undefined; +} diff --git a/packages/core/src/cloud-auth/types.ts b/packages/core/src/cloud-auth/types.ts new file mode 100644 index 0000000..d0f3139 --- /dev/null +++ b/packages/core/src/cloud-auth/types.ts @@ -0,0 +1,86 @@ +export const CLOUD_AUTH_STATES = [ + "unauthenticated", + "login_pending", + "workspace_selection_required", + "authenticated", + "refreshable", + "switch_required", + "expired", + "revoked", +] as const; + +export type CloudAuthState = (typeof CLOUD_AUTH_STATES)[number]; + +export type CloudAuthScope = "project_binding:read" | "project_binding:write" | string; + +export type CloudAuthWorkspace = { + workspaceId: string; + slug?: string | undefined; + displayName?: string | undefined; + name?: string | undefined; + role?: string | undefined; + selected?: boolean | undefined; +}; + +export type CloudAuthLoginStart = { + loginId: string; + loginUrl: string; + userCode: string; + expiresAt: string; + requestId?: string | undefined; +}; + +export type CloudAuthLoginPollResult = + | { + status: "pending"; + expiresAt?: string | undefined; + requestId?: string | undefined; + } + | { + status: "workspace_selection_required"; + workspaces: CloudAuthWorkspace[]; + expiresAt?: string | undefined; + requestId?: string | undefined; + } + | { + status: "completed"; + selectedWorkspace?: Pick | undefined; + oneTimeCode: string; + requestId?: string | undefined; + } + | { + status: "expired" | "denied" | "consumed"; + message?: string | undefined; + requestId?: string | undefined; + }; + +export type CloudAuthTokenResponse = { + status?: "authenticated" | undefined; + cloudUrl?: string | undefined; + workspaceId: string; + workspaceSlug?: string | undefined; + accessToken: string; + refreshToken?: string | undefined; + expiresAt: string; + scope?: CloudAuthScope[] | string | undefined; + tokenType?: "Bearer" | string | undefined; + credentialFamilyId?: string | undefined; + deviceName?: string | undefined; + requestId?: string | undefined; +}; + +export type RedactedCloudAuthStatus = { + authenticated: boolean; + status: CloudAuthState; + cloudUrl?: string | undefined; + workspaceId?: string | undefined; + workspaceSlug?: string | undefined; + expiresAt?: string | undefined; + scope?: CloudAuthScope[] | undefined; + tokenType?: string | undefined; + credentialFamilyId?: string | undefined; + deviceName?: string | undefined; + createdAt?: string | undefined; + lastRefreshAt?: string | undefined; + selectedWorkspaceSwitchedAt?: string | undefined; +}; diff --git a/packages/core/src/cloud/apply.ts b/packages/core/src/cloud/apply.ts new file mode 100644 index 0000000..5463073 --- /dev/null +++ b/packages/core/src/cloud/apply.ts @@ -0,0 +1,111 @@ +import { createHash } from "node:crypto"; +import { + existsSync, + lstatSync, + mkdirSync, + readFileSync, + realpathSync, + writeFileSync, +} from "node:fs"; +import { dirname, relative, resolve } from "node:path"; + +export type ApplyReceiptInput = { + projectFingerprint: string; + filesChanged: string[]; + skipped: string[]; + policyWarnings: string[]; +}; + +export type ApplyReceipt = ApplyReceiptInput & { + status: "applied"; +}; + +export type ApplyConflict = { + path: string; + kind: "content" | "delete_modify" | "binary"; + message?: string; +}; + +export type RemoteFileChange = { + path: string; + baseSha256?: string; + content: string; +}; + +export function createApplyReceipt(input: ApplyReceiptInput): ApplyReceipt { + return { status: "applied", ...input }; +} + +export function classifyApplyResult(input: { + conflicts: ApplyConflict[]; +}): + | { status: "applied"; recoverable: false } + | { status: "apply_conflict"; recoverable: true; conflicts: ApplyConflict[] } { + if (input.conflicts.length === 0) return { status: "applied", recoverable: false }; + return { status: "apply_conflict", recoverable: true, conflicts: input.conflicts }; +} + +export function applyRemoteFileChanges( + projectRoot: string, + changes: RemoteFileChange[], +): ApplyReceipt | { status: "apply_conflict"; recoverable: true; conflicts: ApplyConflict[] } { + const root = resolve(projectRoot); + const realRoot = realpathSync(root); + const conflicts: ApplyConflict[] = []; + const writable: Array<{ path: string; absolutePath: string; content: string }> = []; + + for (const change of changes) { + const absolutePath = resolve(root, change.path); + if (relative(root, absolutePath).startsWith("..")) { + conflicts.push({ path: change.path, kind: "content", message: "Path escapes project root." }); + continue; + } + if (pathHasSymlink(root, realRoot, absolutePath)) { + conflicts.push({ path: change.path, kind: "content", message: "Path traverses a symlink." }); + continue; + } + const current = existsSync(absolutePath) ? readFileSync(absolutePath, "utf8") : ""; + if (change.baseSha256 && sha256(current) !== change.baseSha256) { + conflicts.push({ + path: change.path, + kind: "content", + message: "Local file changed since the remote sandbox base.", + }); + continue; + } + writable.push({ path: change.path, absolutePath, content: change.content }); + } + + if (conflicts.length > 0) { + return { status: "apply_conflict", recoverable: true, conflicts }; + } + + for (const change of writable) { + mkdirSync(dirname(change.absolutePath), { recursive: true }); + writeFileSync(change.absolutePath, change.content, "utf8"); + } + + return createApplyReceipt({ + projectFingerprint: sha256(root), + filesChanged: writable.map((change) => change.path), + skipped: [], + policyWarnings: [], + }); +} + +export function sha256(value: string): string { + return createHash("sha256").update(value).digest("hex"); +} + +function pathHasSymlink(root: string, realRoot: string, target: string): boolean { + let current = root; + for (const part of relative(root, target).split(/[\\/]+/u)) { + if (!part) continue; + current = resolve(current, part); + if (!existsSync(current)) continue; + if (lstatSync(current).isSymbolicLink()) return true; + const real = realpathSync(current); + if (relative(realRoot, real).startsWith("..")) return true; + } + return false; +} diff --git a/packages/core/src/cloud/client.ts b/packages/core/src/cloud/client.ts new file mode 100644 index 0000000..871538b --- /dev/null +++ b/packages/core/src/cloud/client.ts @@ -0,0 +1,116 @@ +import type { ProjectSyncFile } from "./sync"; + +export type CapletsCloudClientOptions = { + baseUrl: URL; + accessToken: string; + fetch?: typeof fetch; +}; + +export type RegisterPresenceInput = { + workspaceId: string; + projectRoot: string; + projectFingerprint: string; + allowedCapletIds: string[]; + projectFiles?: ProjectSyncFile[] | undefined; + fallbackConsent?: "allow" | "deny" | undefined; +}; + +export type RegisterPresenceResult = { + presenceId: string; + expiresAt: string; +}; + +export type HeartbeatPresenceResult = RegisterPresenceResult; + +export class CapletsCloudClient { + private readonly fetchImpl: typeof fetch; + + constructor(private readonly options: CapletsCloudClientOptions) { + this.fetchImpl = options.fetch ?? fetch; + } + + async registerPresence(input: RegisterPresenceInput): Promise { + const response = await this.fetchImpl(this.endpoint("api/project-bindings"), { + method: "POST", + headers: this.headers({ json: true }), + body: JSON.stringify({ + workspaceId: input.workspaceId, + projectRoot: input.projectRoot, + projectFingerprint: input.projectFingerprint, + state: "ready", + syncState: "idle", + allowedCapletIds: input.allowedCapletIds, + fallbackConsent: input.fallbackConsent ?? "deny", + projectFiles: input.projectFiles ?? [], + }), + }); + if (!response.ok) { + throw new Error(`Caplets Cloud Project Binding registration failed: HTTP ${response.status}`); + } + const body = (await response.json()) as { binding?: { bindingId?: string } }; + return { + presenceId: body.binding?.bindingId ?? `${input.workspaceId}:${input.projectFingerprint}`, + expiresAt: new Date(Date.now() + 60_000).toISOString(), + }; + } + + async stopPresence(presenceId: string): Promise { + const response = await this.fetchImpl( + this.endpoint(`api/project-bindings/${encodeURIComponent(presenceId)}`), + { + method: "PATCH", + headers: this.headers({ json: true }), + body: JSON.stringify({ state: "offline" }), + }, + ); + if (!response.ok && response.status !== 404) { + throw new Error(`Caplets Cloud Project Binding stop failed: HTTP ${response.status}`); + } + } + + async heartbeatPresence(presenceId: string): Promise { + const response = await this.fetchImpl( + this.endpoint(`api/project-bindings/${encodeURIComponent(presenceId)}`), + { + method: "PATCH", + headers: this.headers({ json: true }), + body: JSON.stringify({ state: "ready", syncState: "idle" }), + }, + ); + if (!response.ok) { + throw new Error(`Caplets Cloud Project Binding heartbeat failed: HTTP ${response.status}`); + } + return { + presenceId, + expiresAt: new Date(Date.now() + 60_000).toISOString(), + }; + } + + async updatePresenceCaplets(presenceId: string, allowedCapletIds: string[]): Promise { + const response = await this.fetchImpl( + this.endpoint(`api/project-bindings/${encodeURIComponent(presenceId)}`), + { + method: "PATCH", + headers: this.headers({ json: true }), + body: JSON.stringify({ allowedCapletIds }), + }, + ); + if (!response.ok) { + throw new Error(`Caplets Cloud Project Binding update failed: HTTP ${response.status}`); + } + } + + private headers(options: { json?: boolean } = {}): Headers { + const headers = new Headers(); + headers.set("authorization", `Bearer ${this.options.accessToken}`); + if (options.json) headers.set("content-type", "application/json"); + return headers; + } + + private endpoint(path: string): URL { + const url = new URL(this.options.baseUrl.href); + const basePath = url.pathname === "/" ? "" : url.pathname.replace(/\/+$/u, ""); + url.pathname = `${basePath}/${path.replace(/^\/+/u, "")}`; + return url; + } +} diff --git a/packages/core/src/cloud/presence.ts b/packages/core/src/cloud/presence.ts new file mode 100644 index 0000000..3dfa096 --- /dev/null +++ b/packages/core/src/cloud/presence.ts @@ -0,0 +1,88 @@ +import type { CapletsCloudClient, RegisterPresenceInput } from "./client"; + +type PresenceClient = Pick & { + heartbeatPresence?: (presenceId: string) => Promise; + stopPresence?: (presenceId: string) => Promise; + updatePresenceCaplets?: (presenceId: string, allowedCapletIds: string[]) => Promise; +}; + +export type ProjectBindingSessionManagerOptions = RegisterPresenceInput & { + client: PresenceClient; + heartbeatIntervalMs?: number; + setInterval?: typeof setInterval; + clearInterval?: typeof clearInterval; + onError?: (error: unknown) => void; +}; + +export class ProjectBindingSessionManager { + private presenceId: string | undefined; + private heartbeatTimer: ReturnType | undefined; + private startPromise: Promise | undefined; + + constructor(private readonly options: ProjectBindingSessionManagerOptions) {} + + async start(): Promise { + if (this.startPromise) { + return await this.startPromise; + } + this.startPromise = this.register(); + return await this.startPromise; + } + + private async register(): Promise { + const result = await this.options.client.registerPresence({ + workspaceId: this.options.workspaceId, + projectRoot: this.options.projectRoot, + projectFingerprint: this.options.projectFingerprint, + allowedCapletIds: this.options.allowedCapletIds, + projectFiles: this.options.projectFiles, + fallbackConsent: this.options.fallbackConsent ?? "deny", + }); + this.presenceId = result.presenceId; + this.startHeartbeat(); + } + + async close(): Promise { + await this.startPromise?.catch(() => undefined); + const presenceId = this.presenceId; + this.presenceId = undefined; + this.stopHeartbeat(); + if (presenceId && this.options.client.stopPresence) { + await this.options.client.stopPresence(presenceId); + } + } + + async updateAllowedCapletIds(allowedCapletIds: string[]): Promise { + await this.startPromise?.catch(() => undefined); + const presenceId = this.presenceId; + if (!presenceId || !this.options.client.updatePresenceCaplets) { + return; + } + await this.options.client.updatePresenceCaplets(presenceId, allowedCapletIds); + } + + private startHeartbeat(): void { + if (!this.options.client.heartbeatPresence || this.options.heartbeatIntervalMs === undefined) { + return; + } + const setIntervalImpl = this.options.setInterval ?? setInterval; + this.heartbeatTimer = setIntervalImpl(() => { + const presenceId = this.presenceId; + if (!presenceId || !this.options.client.heartbeatPresence) return; + void this.options.client.heartbeatPresence(presenceId).catch((error) => { + this.options.onError?.(error); + }); + }, this.options.heartbeatIntervalMs); + } + + private stopHeartbeat(): void { + const timer = this.heartbeatTimer; + this.heartbeatTimer = undefined; + if (timer) { + (this.options.clearInterval ?? clearInterval)(timer); + } + } +} + +export type LocalPresenceManagerOptions = ProjectBindingSessionManagerOptions; +export const LocalPresenceManager = ProjectBindingSessionManager; diff --git a/packages/core/src/cloud/project-root.ts b/packages/core/src/cloud/project-root.ts new file mode 100644 index 0000000..4a51678 --- /dev/null +++ b/packages/core/src/cloud/project-root.ts @@ -0,0 +1,35 @@ +import { createHash } from "node:crypto"; +import { existsSync, readFileSync, statSync } from "node:fs"; +import { dirname, join, resolve } from "node:path"; + +const ROOT_MARKERS = [".caplets", ".git", "package.json", "pnpm-workspace.yaml"] as const; + +export function findProjectRoot(start = process.cwd()): string { + let current = resolve(start); + while (true) { + if (ROOT_MARKERS.some((marker) => existsSync(join(current, marker)))) { + return current; + } + const parent = dirname(current); + if (parent === current) return resolve(start); + current = parent; + } +} + +export function fingerprintProjectRoot(root: string): string { + const resolved = resolve(root); + const hash = createHash("sha256"); + hash.update(resolved); + for (const marker of ROOT_MARKERS) { + const path = join(resolved, marker); + if (!existsSync(path)) continue; + hash.update(marker); + try { + const stat = statSync(path); + hash.update(stat.isDirectory() ? "directory" : readFileSync(path)); + } catch { + hash.update("unreadable"); + } + } + return `sha256:${hash.digest("hex")}`; +} diff --git a/packages/core/src/cloud/runtime-adapter.ts b/packages/core/src/cloud/runtime-adapter.ts new file mode 100644 index 0000000..f98d959 --- /dev/null +++ b/packages/core/src/cloud/runtime-adapter.ts @@ -0,0 +1,178 @@ +import type { CapletConfig } from "../config"; +import { CapletsEngine } from "../engine"; +import { CapletsError } from "../errors"; +import { capletSetupContentHash } from "../setup/hash"; +import { LocalSetupStore } from "../setup/local-store"; +import { runCapletSetup } from "../setup/runner"; +import type { SetupActor, SetupAttempt, SetupPlan } from "../setup/types"; + +export type CloudRuntimeAdapterOptions = { + configPath?: string; + projectConfigPath?: string; + authDir?: string; + runtimeId: string; + sandboxId?: string; + executionKind: "cloud" | "local-fallback"; + setupStore?: LocalSetupStore; +}; + +export type CloudRuntimeAdapter = { + listTools(): Promise; + callTool(name: string, args: unknown): Promise; + checkBackend(capletId: string): Promise; + setupPlan(capletId: string): Promise; + runSetup( + capletId: string, + input: { approved: boolean; actor: SetupActor }, + ): Promise; + close(): Promise; +}; + +export function createCloudRuntimeAdapter( + options: CloudRuntimeAdapterOptions, +): CloudRuntimeAdapter { + return new DefaultCloudRuntimeAdapter(options); +} + +class DefaultCloudRuntimeAdapter implements CloudRuntimeAdapter { + private readonly engine: CapletsEngine; + private readonly setupStore: LocalSetupStore; + + constructor(private readonly options: CloudRuntimeAdapterOptions) { + this.engine = new CapletsEngine({ + ...(options.configPath === undefined ? {} : { configPath: options.configPath }), + ...(options.projectConfigPath === undefined + ? {} + : { projectConfigPath: options.projectConfigPath }), + ...(options.authDir === undefined ? {} : { authDir: options.authDir }), + watch: false, + }); + this.setupStore = options.setupStore ?? new LocalSetupStore(); + } + + async listTools(): Promise { + return { + tools: this.enabledCaplets().map((caplet) => ({ + name: caplet.server, + title: caplet.name, + description: caplet.description, + inputSchema: { type: "object", additionalProperties: true }, + _meta: { caplets: { execution: this.executionMetadata() } }, + })), + }; + } + + async callTool(name: string, args: unknown): Promise { + const request = + isRecord(args) && typeof args.operation === "string" + ? args + : { operation: "call_tool", tool: name, arguments: isRecord(args) ? args : {} }; + const result = await this.engine.execute(name, request); + return annotateExecution(result, this.executionMetadata()); + } + + async checkBackend(capletId: string): Promise { + return annotateExecution( + await this.engine.execute(capletId, { operation: "check_backend" }), + this.executionMetadata(), + ); + } + + async setupPlan(capletId: string): Promise { + const caplet = this.requireCaplet(capletId); + const contentHash = capletSetupContentHash(caplet); + const projectFingerprint = "hosted"; + const targetKind = "hosted_sandbox"; + const approved = Boolean( + await this.setupStore.getApproval(projectFingerprint, capletId, contentHash, targetKind), + ); + return { + projectFingerprint, + capletId, + name: caplet.name, + contentHash, + targetKind, + setup: caplet.setup ?? {}, + approved, + commands: caplet.setup?.commands ?? [], + verify: caplet.setup?.verify ?? [], + }; + } + + async runSetup( + capletId: string, + input: { approved: boolean; actor: SetupActor }, + ): Promise { + const plan = await this.setupPlan(capletId); + if (input.approved && !plan.approved) { + await this.setupStore.approve({ + projectFingerprint: plan.projectFingerprint, + capletId, + contentHash: plan.contentHash, + targetKind: plan.targetKind, + actor: input.actor, + approvedAt: new Date().toISOString(), + }); + } + return await runCapletSetup({ + capletId, + projectFingerprint: plan.projectFingerprint, + contentHash: plan.contentHash, + targetKind: plan.targetKind, + setup: plan.setup, + actor: input.actor, + approved: input.approved || plan.approved, + store: this.setupStore, + }); + } + + async close(): Promise { + await this.engine.close(); + } + + private enabledCaplets(): CapletConfig[] { + return Object.values({ + ...this.engine.currentConfig().mcpServers, + ...this.engine.currentConfig().openapiEndpoints, + ...this.engine.currentConfig().graphqlEndpoints, + ...this.engine.currentConfig().httpApis, + ...this.engine.currentConfig().cliTools, + ...this.engine.currentConfig().capletSets, + }).filter((caplet) => !caplet.disabled); + } + + private requireCaplet(capletId: string): CapletConfig { + const caplet = this.enabledCaplets().find((entry) => entry.server === capletId); + if (!caplet) throw new CapletsError("CONFIG_INVALID", `Unknown Caplet ID: ${capletId}`); + return caplet; + } + + private executionMetadata() { + return { + kind: this.options.executionKind, + runtimeId: this.options.runtimeId, + ...(this.options.sandboxId ? { sandboxId: this.options.sandboxId } : {}), + ...(this.options.executionKind === "local-fallback" ? { fallback: true } : {}), + }; + } +} + +function annotateExecution(result: unknown, execution: Record): unknown { + if (!isRecord(result)) return result; + const meta = isRecord(result._meta) ? result._meta : {}; + const caplets = isRecord(meta.caplets) ? meta.caplets : {}; + return { + ...result, + _meta: { + ...meta, + caplets: { + ...caplets, + execution, + }, + }, + }; +} + +function isRecord(value: unknown): value is Record { + return typeof value === "object" && value !== null && !Array.isArray(value); +} diff --git a/packages/core/src/cloud/runtime-http.ts b/packages/core/src/cloud/runtime-http.ts new file mode 100644 index 0000000..ff30940 --- /dev/null +++ b/packages/core/src/cloud/runtime-http.ts @@ -0,0 +1,56 @@ +import { Hono } from "hono"; +import { createCloudRuntimeAdapter, type CloudRuntimeAdapterOptions } from "./runtime-adapter"; + +export type RuntimeHttpOptions = CloudRuntimeAdapterOptions & { + token: string; +}; + +export function createRuntimeHttpApp(options: RuntimeHttpOptions): Hono { + const app = new Hono(); + let adapter: ReturnType | undefined; + const runtimeAdapter = () => { + adapter ??= createCloudRuntimeAdapter(options); + return adapter; + }; + + app.use("/runtime/*", async (c, next) => { + const authorization = c.req.header("authorization") ?? ""; + if (authorization !== `Bearer ${options.token}`) { + return c.json({ error: "unauthorized" }, 401); + } + await next(); + }); + + app.get("/healthz", (c) => c.json({ status: "ok", runtimeId: options.runtimeId })); + + app.post("/runtime/tools/list", async (c) => c.json(await runtimeAdapter().listTools())); + + app.post("/runtime/tools/call", async (c) => { + const body = (await c.req.json().catch(() => ({}))) as { name?: string; arguments?: unknown }; + if (!body.name) return c.json({ error: "tool_name_required" }, 400); + return c.json(await runtimeAdapter().callTool(body.name, body.arguments ?? {})); + }); + + app.post("/runtime/caplets/:id/check", async (c) => { + return c.json(await runtimeAdapter().checkBackend(c.req.param("id"))); + }); + + app.get("/runtime/caplets/:id/setup", async (c) => { + return c.json(await runtimeAdapter().setupPlan(c.req.param("id"))); + }); + + app.post("/runtime/caplets/:id/setup/run", async (c) => { + const body = (await c.req.json().catch(() => ({}))) as { + approved?: boolean; + actor?: "cli-interactive" | "cli-yes" | "ui" | "automation"; + }; + return c.json( + await runtimeAdapter().runSetup(c.req.param("id"), { + approved: body.approved === true, + actor: body.actor ?? "automation", + }), + ); + }); + + return app; +} diff --git a/packages/core/src/cloud/sync.ts b/packages/core/src/cloud/sync.ts new file mode 100644 index 0000000..129bf20 --- /dev/null +++ b/packages/core/src/cloud/sync.ts @@ -0,0 +1,43 @@ +import { readFileSync } from "node:fs"; +import { join } from "node:path"; +import { buildProjectSyncManifest } from "../project-binding/sync-filter"; + +export type ProjectSyncFile = { + path: string; + content: string; +}; + +export class ProjectSyncCoordinator { + private readonly queues = new Map>(); + + async runMutating(projectId: string, task: () => Promise): Promise { + const previous = this.queues.get(projectId) ?? Promise.resolve(); + let release!: () => void; + const next = new Promise((resolve) => { + release = resolve; + }); + const queued = previous.catch(() => undefined).then(() => next); + this.queues.set(projectId, queued); + + await previous.catch(() => undefined); + try { + return await task(); + } finally { + release(); + if (this.queues.get(projectId) === queued) { + this.queues.delete(projectId); + } + } + } +} + +export function projectSyncManifest(projectRoot: string): string[] { + return buildProjectSyncManifest({ projectRoot }).files.map((file) => file.relativePath); +} + +export function projectSyncFiles(projectRoot: string): ProjectSyncFile[] { + return projectSyncManifest(projectRoot).map((path) => ({ + path, + content: readFileSync(join(projectRoot, path), "utf8"), + })); +} diff --git a/packages/core/src/config-runtime.ts b/packages/core/src/config-runtime.ts new file mode 100644 index 0000000..48cc63c --- /dev/null +++ b/packages/core/src/config-runtime.ts @@ -0,0 +1,664 @@ +import { z } from "zod"; +import { + FORBIDDEN_HEADERS, + HEADER_NAME_PATTERN, + HTTP_BASE_URL_PATTERN, + SERVER_ID_PATTERN, + isAllowedHttpBaseUrl, + isAllowedRemoteUrl, + isUrl, + validateHttpActionHeaders, +} from "./config/validation"; +import { CapletsError } from "./errors"; + +export type RemoteAuthConfig = + | { type: "none" } + | { type: "bearer"; token: string } + | { type: "headers"; headers: Record } + | { + type: "oauth2" | "oidc"; + authorizationUrl?: string | undefined; + tokenUrl?: string | undefined; + issuer?: string | undefined; + resourceMetadataUrl?: string | undefined; + authorizationServerMetadataUrl?: string | undefined; + openidConfigurationUrl?: string | undefined; + clientMetadataUrl?: string | undefined; + clientId?: string | undefined; + clientSecret?: string | undefined; + scopes?: string[] | undefined; + redirectUri?: string | undefined; + }; + +export type CapletSetupCommandConfig = { + label: string; + command: string; + args?: string[] | undefined; + env?: Record | undefined; + cwd?: string | undefined; + timeoutMs?: number | undefined; + maxOutputBytes?: number | undefined; +}; + +export type CapletSetupConfig = { + commands?: CapletSetupCommandConfig[] | undefined; + verify?: CapletSetupCommandConfig[] | undefined; +}; + +export type ProjectBindingConfig = { required: true }; +export type RuntimeFeature = "docker" | "browser"; +export type RuntimeResourceClass = "standard" | "large" | "heavy"; +export type RuntimeRequirementsConfig = { + features?: RuntimeFeature[] | undefined; + resources?: { class?: RuntimeResourceClass | undefined } | undefined; +}; + +export type CapletServerConfig = CommonCapletConfig & { + backend: "mcp"; + transport: "stdio" | "http" | "sse"; + command?: string | undefined; + args?: string[] | undefined; + env?: Record | undefined; + cwd?: string | undefined; + url?: string | undefined; + auth?: RemoteAuthConfig | undefined; + startupTimeoutMs: number; + callTimeoutMs: number; + toolCacheTtlMs: number; +}; + +export type OpenApiAuthConfig = RemoteAuthConfig; + +export type OpenApiEndpointConfig = CommonCapletConfig & { + backend: "openapi"; + specPath?: string | undefined; + specUrl?: string | undefined; + baseUrl?: string | undefined; + auth: OpenApiAuthConfig; + requestTimeoutMs: number; + operationCacheTtlMs: number; +}; + +export type GraphQlOperationConfig = { + document?: string | undefined; + documentPath?: string | undefined; + operationName?: string | undefined; + description?: string | undefined; +}; + +export type GraphQlEndpointConfig = CommonCapletConfig & { + backend: "graphql"; + endpointUrl: string; + schemaPath?: string | undefined; + schemaUrl?: string | undefined; + introspection?: true | undefined; + operations?: Record | undefined; + auth: OpenApiAuthConfig; + requestTimeoutMs: number; + operationCacheTtlMs: number; + selectionDepth: number; +}; + +export type HttpActionConfig = { + method: "GET" | "POST" | "PUT" | "PATCH" | "DELETE"; + path: string; + description?: string | undefined; + inputSchema?: Record | undefined; + outputSchema?: Record | undefined; + query?: Record | undefined; + headers?: Record | undefined; + jsonBody?: unknown; +}; + +export type HttpApiConfig = CommonCapletConfig & { + backend: "http"; + baseUrl: string; + auth: OpenApiAuthConfig; + actions: Record; + requestTimeoutMs: number; + maxResponseBytes: number; +}; + +export type CliToolActionConfig = { + description?: string | undefined; + inputSchema?: Record | undefined; + outputSchema?: Record | undefined; + command: string; + args?: string[] | undefined; + env?: Record | undefined; + cwd?: string | undefined; + timeoutMs?: number | undefined; + maxOutputBytes?: number | undefined; + output?: { type: "text" | "json" } | undefined; + annotations?: + | { + readOnlyHint?: boolean | undefined; + destructiveHint?: boolean | undefined; + idempotentHint?: boolean | undefined; + openWorldHint?: boolean | undefined; + } + | undefined; +}; + +export type CliToolsConfig = CommonCapletConfig & { + backend: "cli"; + actions: Record; + cwd?: string | undefined; + env?: Record | undefined; + timeoutMs: number; + maxOutputBytes: number; +}; + +export type CapletSetConfig = CommonCapletConfig & { + backend: "caplets"; + configPath?: string | undefined; + capletsRoot?: string | undefined; + defaultSearchLimit: number; + maxSearchLimit: number; + toolCacheTtlMs: number; +}; + +export type CapletConfig = + | CapletServerConfig + | OpenApiEndpointConfig + | GraphQlEndpointConfig + | HttpApiConfig + | CliToolsConfig + | CapletSetConfig; + +export type CapletsConfig = { + version: 1; + options: { + defaultSearchLimit: number; + maxSearchLimit: number; + completion: { + discoveryTimeoutMs: number; + overallTimeoutMs: number; + cacheTtlMs: number; + negativeCacheTtlMs: number; + }; + }; + mcpServers: Record; + openapiEndpoints: Record; + graphqlEndpoints: Record; + httpApis: Record; + cliTools: Record; + capletSets: Record; +}; + +type CommonCapletConfig = { + server: string; + name: string; + description: string; + tags?: string[] | undefined; + body?: string | undefined; + setup?: CapletSetupConfig | undefined; + projectBinding?: ProjectBindingConfig | undefined; + runtime?: RuntimeRequirementsConfig | undefined; + disabled: boolean; +}; + +const stringMapSchema = z.record(z.string(), z.string()); +const authSchema = z.discriminatedUnion("type", [ + z.object({ type: z.literal("none") }).strict(), + z.object({ type: z.literal("bearer"), token: z.string().min(1) }).strict(), + z.object({ type: z.literal("headers"), headers: stringMapSchema }).strict(), + oauthLikeSchema("oauth2"), + oauthLikeSchema("oidc"), +]); +const setupCommandSchema = z + .object({ + label: z.string().min(1), + command: z.string().min(1), + args: z.array(z.string()).optional(), + env: stringMapSchema.optional(), + cwd: z.string().min(1).optional(), + timeoutMs: z.number().int().positive().optional(), + maxOutputBytes: z.number().int().positive().optional(), + }) + .strict(); +const setupSchema = z + .object({ + commands: z.array(setupCommandSchema).optional(), + verify: z.array(setupCommandSchema).optional(), + }) + .strict() + .refine( + (setup) => (setup.commands?.length ?? 0) > 0 || (setup.verify?.length ?? 0) > 0, + "setup must define at least one command or verify step", + ); +const projectBindingSchema = z.object({ required: z.literal(true) }).strict(); +const runtimeFeatureSchema = z.enum(["docker", "browser"]); +const runtimeFeaturesSchema = z + .array(runtimeFeatureSchema) + .refine((features) => new Set(features).size === features.length, { + message: "runtime.features must not contain duplicate feature names", + }); +const runtimeRequirementsSchema = z + .object({ + features: runtimeFeaturesSchema.optional(), + resources: z + .object({ + class: z.enum(["standard", "large", "heavy"]).optional(), + }) + .strict() + .optional(), + }) + .strict(); +const commonSchema = { + name: z.string().trim().min(1).max(80), + description: z + .string() + .refine( + (value) => value.trim().length >= 10, + "description must contain at least 10 non-whitespace characters", + ) + .refine((value) => value.length <= 1500, "description must be at most 1500 characters"), + tags: z.array(z.string().trim().min(1).max(80)).optional(), + body: z.string().optional(), + setup: setupSchema.optional(), + projectBinding: projectBindingSchema.optional(), + runtime: runtimeRequirementsSchema.optional(), + disabled: z.boolean().default(false), +}; +const mcpServerSchema = z + .object({ + ...commonSchema, + transport: z.enum(["stdio", "http", "sse"]).optional(), + command: z.string().min(1).optional(), + args: z.array(z.string()).optional(), + env: stringMapSchema.optional(), + cwd: z.string().min(1).optional(), + url: z.string().min(1).optional(), + auth: authSchema.optional(), + startupTimeoutMs: z.number().int().positive().default(10_000), + callTimeoutMs: z.number().int().positive().default(60_000), + toolCacheTtlMs: z.number().int().nonnegative().default(30_000), + }) + .strict(); +const openApiEndpointSchema = z + .object({ + ...commonSchema, + specPath: z.string().min(1).optional(), + specUrl: z.string().min(1).optional(), + baseUrl: z.string().min(1).optional(), + auth: authSchema, + requestTimeoutMs: z.number().int().positive().default(60_000), + operationCacheTtlMs: z.number().int().nonnegative().default(30_000), + }) + .strict(); +const graphQlOperationSchema = z + .object({ + document: z.string().min(1).optional(), + documentPath: z.string().min(1).optional(), + operationName: z.string().min(1).optional(), + description: z.string().min(1).optional(), + }) + .strict() + .refine((operation) => Boolean(operation.document) !== Boolean(operation.documentPath), { + message: "GraphQL operation must define exactly one document source", + }); +const graphQlEndpointSchema = z + .object({ + ...commonSchema, + endpointUrl: z.string().min(1), + schemaPath: z.string().min(1).optional(), + schemaUrl: z.string().min(1).optional(), + introspection: z.literal(true).optional(), + operations: z.record(z.string().regex(SERVER_ID_PATTERN), graphQlOperationSchema).optional(), + auth: authSchema, + requestTimeoutMs: z.number().int().positive().default(60_000), + operationCacheTtlMs: z.number().int().nonnegative().default(30_000), + selectionDepth: z.number().int().positive().max(5).default(2), + }) + .strict(); +const scalarMapSchema = z.record(z.string(), z.union([z.string(), z.number(), z.boolean()])); +const httpActionSchema = z + .object({ + method: z.enum(["GET", "POST", "PUT", "PATCH", "DELETE"]), + path: z + .string() + .min(1) + .regex(/^\//, "HTTP action path must start with /") + .refine((value) => !value.startsWith("//"), "HTTP action path must not start with //") + .refine((value) => !isUrl(value), "HTTP action path must be a URL path, not a URL"), + description: z.string().min(1).optional(), + inputSchema: z.record(z.string(), z.unknown()).optional(), + outputSchema: z.record(z.string(), z.unknown()).optional(), + query: scalarMapSchema.optional(), + headers: scalarMapSchema.optional(), + jsonBody: z.unknown().optional(), + }) + .strict() + .refine((action) => action.method !== "GET" || action.jsonBody === undefined, { + path: ["jsonBody"], + message: "HTTP GET actions must not define jsonBody", + }); +const httpApiSchema = z + .object({ + ...commonSchema, + baseUrl: z + .string() + .min(1) + .regex( + HTTP_BASE_URL_PATTERN, + "HTTP API baseUrl must not include credentials, query, or fragment", + ), + auth: authSchema, + actions: z + .record(z.string().regex(SERVER_ID_PATTERN), httpActionSchema) + .refine( + (actions) => Object.keys(actions).length > 0, + "HTTP API must define at least one action", + ), + requestTimeoutMs: z.number().int().positive().default(60_000), + maxResponseBytes: z.number().int().positive().default(200_000), + }) + .strict(); +const cliActionSchema = z + .object({ + description: z.string().min(1).optional(), + inputSchema: z.record(z.string(), z.unknown()).optional(), + outputSchema: z.record(z.string(), z.unknown()).optional(), + command: z.string().min(1), + args: z.array(z.string()).optional(), + env: stringMapSchema.optional(), + cwd: z.string().min(1).optional(), + timeoutMs: z.number().int().positive().optional(), + maxOutputBytes: z.number().int().positive().optional(), + output: z + .object({ type: z.enum(["text", "json"]).default("text") }) + .strict() + .optional(), + annotations: z + .object({ + readOnlyHint: z.boolean().optional(), + destructiveHint: z.boolean().optional(), + idempotentHint: z.boolean().optional(), + openWorldHint: z.boolean().optional(), + }) + .strict() + .optional(), + }) + .strict(); +const cliToolsSchema = z + .object({ + ...commonSchema, + actions: z + .record(z.string().regex(SERVER_ID_PATTERN), cliActionSchema) + .refine( + (actions) => Object.keys(actions).length > 0, + "CLI tools backend must define at least one action", + ), + cwd: z.string().min(1).optional(), + env: stringMapSchema.optional(), + timeoutMs: z.number().int().positive().default(60_000), + maxOutputBytes: z.number().int().positive().default(200_000), + }) + .strict(); +const capletSetSchema = z + .object({ + ...commonSchema, + configPath: z.string().min(1).optional(), + capletsRoot: z.string().min(1).optional(), + defaultSearchLimit: z.number().int().positive().default(20), + maxSearchLimit: z.number().int().positive().max(50).default(50), + toolCacheTtlMs: z.number().int().nonnegative().default(30_000), + }) + .strict(); + +const configSchema = z + .object({ + version: z.literal(1).default(1), + defaultSearchLimit: z.number().int().positive().default(20), + maxSearchLimit: z.number().int().positive().max(50).default(50), + completion: z + .object({ + discoveryTimeoutMs: z.number().int().positive().default(750), + overallTimeoutMs: z.number().int().positive().default(1500), + cacheTtlMs: z.number().int().nonnegative().default(300_000), + negativeCacheTtlMs: z.number().int().nonnegative().default(30_000), + }) + .strict() + .default({ + discoveryTimeoutMs: 750, + overallTimeoutMs: 1500, + cacheTtlMs: 300_000, + negativeCacheTtlMs: 30_000, + }), + mcpServers: z.record(z.string().regex(SERVER_ID_PATTERN), mcpServerSchema).default({}), + openapiEndpoints: z + .record(z.string().regex(SERVER_ID_PATTERN), openApiEndpointSchema) + .default({}), + graphqlEndpoints: z + .record(z.string().regex(SERVER_ID_PATTERN), graphQlEndpointSchema) + .default({}), + httpApis: z.record(z.string().regex(SERVER_ID_PATTERN), httpApiSchema).default({}), + cliTools: z.record(z.string().regex(SERVER_ID_PATTERN), cliToolsSchema).default({}), + capletSets: z.record(z.string().regex(SERVER_ID_PATTERN), capletSetSchema).default({}), + }) + .strict() + .superRefine((config, ctx) => { + if (config.defaultSearchLimit > config.maxSearchLimit) { + ctx.addIssue({ + code: "custom", + path: ["defaultSearchLimit"], + message: "defaultSearchLimit must be <= maxSearchLimit", + }); + } + validateBackends(config, ctx); + }); + +export function parseConfig(input: unknown): CapletsConfig { + const parsed = configSchema.safeParse(input); + if (!parsed.success) { + throw new CapletsError("CONFIG_INVALID", "Caplets config is invalid", parsed.error.issues); + } + const config = parsed.data; + return { + version: 1, + options: { + defaultSearchLimit: config.defaultSearchLimit, + maxSearchLimit: config.maxSearchLimit, + completion: config.completion, + }, + mcpServers: mapBackend(config.mcpServers, "mcp", (id, raw) => { + const server = raw as z.infer; + return { + ...server, + server: id, + transport: server.transport ?? (server.command ? "stdio" : "http"), + }; + }), + openapiEndpoints: mapBackend(config.openapiEndpoints, "openapi"), + graphqlEndpoints: mapBackend(config.graphqlEndpoints, "graphql"), + httpApis: mapBackend(config.httpApis, "http"), + cliTools: mapBackend(config.cliTools, "cli"), + capletSets: mapBackend(config.capletSets, "caplets"), + }; +} + +function oauthLikeSchema(type: "oauth2" | "oidc") { + return z + .object({ + type: z.literal(type), + authorizationUrl: z.string().min(1).optional(), + tokenUrl: z.string().min(1).optional(), + issuer: z.string().min(1).optional(), + resourceMetadataUrl: z.string().min(1).optional(), + authorizationServerMetadataUrl: z.string().min(1).optional(), + openidConfigurationUrl: z.string().min(1).optional(), + clientMetadataUrl: z.string().min(1).optional(), + clientId: z.string().min(1).optional(), + clientSecret: z.string().min(1).optional(), + scopes: z.array(z.string().min(1)).optional(), + redirectUri: z.string().min(1).optional(), + }) + .strict(); +} + +function validateBackends(config: z.infer, ctx: z.RefinementCtx): void { + for (const [server, raw] of Object.entries(config.mcpServers)) { + const effectiveTransport = raw.transport ?? (raw.command ? "stdio" : undefined); + const hasCommand = Boolean(raw.command); + const hasUrl = Boolean(raw.url); + if (hasCommand === hasUrl) { + ctx.addIssue({ + code: "custom", + path: ["mcpServers", server], + message: "MCP server must define exactly one connection shape: command or url", + }); + } + if (effectiveTransport === "stdio" && !raw.command) { + ctx.addIssue({ + code: "custom", + path: ["mcpServers", server, "command"], + message: "stdio servers require command", + }); + } + if ((effectiveTransport === "http" || effectiveTransport === "sse") && !raw.url) { + ctx.addIssue({ + code: "custom", + path: ["mcpServers", server, "url"], + message: "remote servers require url", + }); + } + if (raw.url && !hasEnvReference(raw.url) && !isAllowedRemoteUrl(raw.url)) { + ctx.addIssue({ + code: "custom", + path: ["mcpServers", server, "url"], + message: "remote url must use https except loopback development urls", + }); + } + validateAuthHeaders(raw.auth, ctx, ["mcpServers", server, "auth"]); + } + for (const [server, raw] of Object.entries(config.openapiEndpoints)) { + if (Boolean(raw.specPath) === Boolean(raw.specUrl)) { + ctx.addIssue({ + code: "custom", + path: ["openapiEndpoints", server], + message: "OpenAPI endpoint must define exactly one spec source: specPath or specUrl", + }); + } + if (raw.specUrl && !hasEnvReference(raw.specUrl) && !isAllowedRemoteUrl(raw.specUrl)) { + ctx.addIssue({ + code: "custom", + path: ["openapiEndpoints", server, "specUrl"], + message: "OpenAPI specUrl must use https except loopback development urls", + }); + } + if (raw.baseUrl && !hasEnvReference(raw.baseUrl) && !isAllowedRemoteUrl(raw.baseUrl)) { + ctx.addIssue({ + code: "custom", + path: ["openapiEndpoints", server, "baseUrl"], + message: "OpenAPI baseUrl must use https except loopback development urls", + }); + } + validateAuthHeaders(raw.auth, ctx, ["openapiEndpoints", server, "auth"]); + } + for (const [server, raw] of Object.entries(config.graphqlEndpoints)) { + const sourceCount = + Number(Boolean(raw.schemaPath)) + + Number(Boolean(raw.schemaUrl)) + + Number(raw.introspection === true); + if (sourceCount !== 1) { + ctx.addIssue({ + code: "custom", + path: ["graphqlEndpoints", server], + message: "GraphQL endpoint must define exactly one schema source", + }); + } + if ( + raw.endpointUrl && + !hasEnvReference(raw.endpointUrl) && + !isAllowedRemoteUrl(raw.endpointUrl) + ) { + ctx.addIssue({ + code: "custom", + path: ["graphqlEndpoints", server, "endpointUrl"], + message: "GraphQL endpointUrl must use https except loopback development urls", + }); + } + validateAuthHeaders(raw.auth, ctx, ["graphqlEndpoints", server, "auth"]); + } + for (const [server, raw] of Object.entries(config.httpApis)) { + if (raw.baseUrl && !hasEnvReference(raw.baseUrl) && !isAllowedHttpBaseUrl(raw.baseUrl)) { + ctx.addIssue({ + code: "custom", + path: ["httpApis", server, "baseUrl"], + message: + "HTTP API baseUrl must use https except loopback development urls and must not include credentials, query, or fragment", + }); + } + validateAuthHeaders(raw.auth, ctx, ["httpApis", server, "auth"]); + for (const [actionName, action] of Object.entries(raw.actions)) { + if (action.headers) + validateHttpActionHeaders(action.headers, ctx, [ + "httpApis", + server, + "actions", + actionName, + "headers", + ]); + } + } + for (const [server, raw] of Object.entries(config.capletSets)) { + if (!raw.configPath && !raw.capletsRoot) { + ctx.addIssue({ + code: "custom", + path: ["capletSets", server], + message: "Caplet set must define at least one source: configPath or capletsRoot", + }); + } + if (raw.defaultSearchLimit > raw.maxSearchLimit) { + ctx.addIssue({ + code: "custom", + path: ["capletSets", server, "defaultSearchLimit"], + message: "defaultSearchLimit must be <= maxSearchLimit", + }); + } + } +} + +function validateAuthHeaders( + auth: RemoteAuthConfig | undefined, + ctx: z.RefinementCtx, + path: Array, +): void { + if (auth?.type !== "headers") return; + for (const headerName of Object.keys(auth.headers)) { + const normalized = headerName.toLowerCase(); + if (!HEADER_NAME_PATTERN.test(headerName) || FORBIDDEN_HEADERS.has(normalized)) { + ctx.addIssue({ + code: "custom", + path: [...path, "headers", headerName], + message: `header ${headerName} is not allowed`, + }); + } + } +} + +function mapBackend( + records: Record, + backend: B, + prepare?: (id: string, raw: object) => object, +): Record> { + return Object.fromEntries( + Object.entries(records).map(([id, raw]) => [ + id, + stripUndefined({ + ...(prepare ? prepare(id, raw) : raw), + server: id, + backend, + }) as Extract, + ]), + ); +} + +function stripUndefined(value: Record): Record { + return Object.fromEntries(Object.entries(value).filter(([, nested]) => nested !== undefined)); +} + +function hasEnvReference(value: string): boolean { + return /\$\{?[A-Z_][A-Z0-9_]*\}?|\$env:[A-Z_][A-Z0-9_]*/u.test(value); +} diff --git a/packages/core/src/config.ts b/packages/core/src/config.ts index b165569..8babef2 100644 --- a/packages/core/src/config.ts +++ b/packages/core/src/config.ts @@ -66,6 +66,29 @@ export type RemoteAuthConfig = redirectUri?: string | undefined; }; +export type CapletSetupCommandConfig = { + label: string; + command: string; + args?: string[] | undefined; + env?: Record | undefined; + cwd?: string | undefined; + timeoutMs?: number | undefined; + maxOutputBytes?: number | undefined; +}; + +export type CapletSetupConfig = { + commands?: CapletSetupCommandConfig[] | undefined; + verify?: CapletSetupCommandConfig[] | undefined; +}; + +export type ProjectBindingConfig = { required: true }; +export type RuntimeFeature = "docker" | "browser"; +export type RuntimeResourceClass = "standard" | "large" | "heavy"; +export type RuntimeRequirementsConfig = { + features?: RuntimeFeature[] | undefined; + resources?: { class?: RuntimeResourceClass | undefined } | undefined; +}; + export type CapletServerConfig = { server: string; backend: "mcp"; @@ -84,6 +107,9 @@ export type CapletServerConfig = { callTimeoutMs: number; toolCacheTtlMs: number; disabled: boolean; + setup?: CapletSetupConfig | undefined; + projectBinding?: ProjectBindingConfig | undefined; + runtime?: RuntimeRequirementsConfig | undefined; }; export type OpenApiAuthConfig = @@ -106,6 +132,9 @@ export type OpenApiEndpointConfig = { requestTimeoutMs: number; operationCacheTtlMs: number; disabled: boolean; + setup?: CapletSetupConfig | undefined; + projectBinding?: ProjectBindingConfig | undefined; + runtime?: RuntimeRequirementsConfig | undefined; }; export type GraphQlOperationConfig = { @@ -132,6 +161,9 @@ export type GraphQlEndpointConfig = { operationCacheTtlMs: number; selectionDepth: number; disabled: boolean; + setup?: CapletSetupConfig | undefined; + projectBinding?: ProjectBindingConfig | undefined; + runtime?: RuntimeRequirementsConfig | undefined; }; export type HttpActionConfig = { @@ -158,6 +190,9 @@ export type HttpApiConfig = { requestTimeoutMs: number; maxResponseBytes: number; disabled: boolean; + setup?: CapletSetupConfig | undefined; + projectBinding?: ProjectBindingConfig | undefined; + runtime?: RuntimeRequirementsConfig | undefined; }; export type CliToolOutputConfig = { @@ -198,6 +233,9 @@ export type CliToolsConfig = { timeoutMs: number; maxOutputBytes: number; disabled: boolean; + setup?: CapletSetupConfig | undefined; + projectBinding?: ProjectBindingConfig | undefined; + runtime?: RuntimeRequirementsConfig | undefined; }; export type CapletSetConfig = { @@ -213,6 +251,9 @@ export type CapletSetConfig = { maxSearchLimit: number; toolCacheTtlMs: number; disabled: boolean; + setup?: CapletSetupConfig | undefined; + projectBinding?: ProjectBindingConfig | undefined; + runtime?: RuntimeRequirementsConfig | undefined; }; export type CapletConfig = @@ -360,6 +401,61 @@ const openApiAuthSchema = z ]) .describe("Authentication settings for an OpenAPI endpoint."); +const setupCommandSchema = z + .object({ + label: z.string().min(1).describe("Human-readable setup or verification step label."), + command: z.string().min(1).describe("Executable command to spawn without a shell."), + args: z.array(z.string()).optional().describe("Arguments passed to the command."), + env: z.record(z.string(), z.string()).optional().describe("Additional environment variables."), + cwd: z.string().min(1).optional().describe("Working directory for this command."), + timeoutMs: z.number().int().positive().optional(), + maxOutputBytes: z.number().int().positive().optional(), + }) + .strict(); + +const setupSchema = z + .object({ + commands: z.array(setupCommandSchema).optional(), + verify: z.array(setupCommandSchema).optional(), + }) + .strict() + .refine( + (setup) => (setup.commands?.length ?? 0) > 0 || (setup.verify?.length ?? 0) > 0, + "setup must define at least one command or verify step", + ); + +const projectBindingSchema = z + .object({ + required: z.literal(true).describe("Requires Project Binding before this Caplet can run."), + }) + .strict() + .describe("Project Binding requirements for Caplets that need an attached project."); + +const runtimeFeatureSchema = z.enum(["docker", "browser"]); +const runtimeFeaturesSchema = z + .array(runtimeFeatureSchema) + .refine((features) => new Set(features).size === features.length, { + message: "runtime.features must not contain duplicate feature names", + }) + .describe("Runtime features required by this Caplet."); + +const runtimeRequirementsSchema = z + .object({ + features: runtimeFeaturesSchema.optional(), + resources: z + .object({ + class: z + .enum(["standard", "large", "heavy"]) + .optional() + .describe("Requested hosted sandbox resource class."), + }) + .strict() + .optional() + .describe("Hosted sandbox resource requirements."), + }) + .strict() + .describe("Runtime feature and resource requirements for hosted execution."); + const publicServerSchema = z .object({ name: z.string().trim().min(1).max(80).describe("Human-readable server display name."), @@ -385,6 +481,9 @@ const publicServerSchema = z url: z.string().url().optional().describe("Remote MCP server URL for http or sse transport."), auth: remoteAuthSchema.optional(), tags: z.array(z.string().trim().min(1).max(80)).optional(), + setup: setupSchema.optional(), + projectBinding: projectBindingSchema.optional(), + runtime: runtimeRequirementsSchema.optional(), startupTimeoutMs: z .number() .int() @@ -432,6 +531,9 @@ const publicOpenApiEndpointSchema = z 'Explicit OpenAPI request auth config. Use {"type":"none"} for public APIs.', ), tags: z.array(z.string().trim().min(1).max(80)).optional(), + setup: setupSchema.optional(), + projectBinding: projectBindingSchema.optional(), + runtime: runtimeRequirementsSchema.optional(), requestTimeoutMs: z .number() .int() @@ -501,6 +603,9 @@ const publicGraphQlEndpointSchema = z 'Explicit GraphQL request auth config. Use {"type":"none"} for public APIs.', ), tags: z.array(z.string().trim().min(1).max(80)).optional(), + setup: setupSchema.optional(), + projectBinding: projectBindingSchema.optional(), + runtime: runtimeRequirementsSchema.optional(), requestTimeoutMs: z .number() .int() @@ -614,6 +719,9 @@ const publicHttpApiSchema = z ) .describe("Configured HTTP actions keyed by stable tool name."), tags: z.array(z.string().trim().min(1).max(80)).optional(), + setup: setupSchema.optional(), + projectBinding: projectBindingSchema.optional(), + runtime: runtimeRequirementsSchema.optional(), requestTimeoutMs: z .number() .int() @@ -706,6 +814,9 @@ const publicCliToolsSchema = z .optional() .describe("Default environment variables for CLI actions."), tags: z.array(z.string().trim().min(1).max(80)).optional(), + setup: setupSchema.optional(), + projectBinding: projectBindingSchema.optional(), + runtime: runtimeRequirementsSchema.optional(), timeoutMs: z .number() .int() @@ -759,6 +870,9 @@ const publicCapletSetSchema = z .default(30_000) .describe("Milliseconds child Caplet metadata stays fresh. Set 0 to refresh every time."), tags: z.array(z.string().trim().min(1).max(80)).optional(), + setup: setupSchema.optional(), + projectBinding: projectBindingSchema.optional(), + runtime: runtimeRequirementsSchema.optional(), disabled: z.boolean().default(false).describe("When true, omit this Caplet set."), }) .strict() diff --git a/packages/core/src/config/paths.ts b/packages/core/src/config/paths.ts index 3c33c49..6a15072 100644 --- a/packages/core/src/config/paths.ts +++ b/packages/core/src/config/paths.ts @@ -95,7 +95,7 @@ export function resolveConfigPath(path?: string): string { } export function resolveProjectConfigPath(cwd = process.cwd()): string { - return join(cwd, PROJECT_CONFIG_FILE); + return join(displayPath(cwd), PROJECT_CONFIG_FILE); } export function resolveCapletsRoot(configPath = resolveConfigPath()): string { @@ -103,5 +103,9 @@ export function resolveCapletsRoot(configPath = resolveConfigPath()): string { } export function resolveProjectCapletsRoot(cwd = process.cwd()): string { - return join(cwd, ".caplets"); + return join(displayPath(cwd), ".caplets"); +} + +function displayPath(path: string): string { + return path; } diff --git a/packages/core/src/index.ts b/packages/core/src/index.ts index bc092e8..d528526 100644 --- a/packages/core/src/index.ts +++ b/packages/core/src/index.ts @@ -1,8 +1,61 @@ export { CapletsRuntime } from "./runtime"; export { runCli, createProgram } from "./cli"; export { parseConfig, loadConfig } from "./config"; +export { BundleCapletSource, parseCapletSource } from "./caplet-source"; +export { FilesystemCapletSource } from "./caplet-source/filesystem"; +export { + classifyCapletRuntimeRoute, + planCapletRuntimeRoute, + planCapletRuntimeRoutes, +} from "./runtime-plan"; +export type { + CapletSource, + CapletSourceFile, + CapletSourceParseMessage, + CapletSourceParseResult, + CapletSourceReference, + ParsedCapletSourceCaplet, +} from "./caplet-source"; +export type { + CapletRuntimePlan, + RuntimePlanDeployment, + RuntimePlanOptions, + RuntimeRouteKind, + SetupTargetKind as RuntimePlanSetupTargetKind, +} from "./runtime-plan"; export { capabilityDescription, ServerRegistry } from "./registry"; export { generatedToolInputSchema, handleServerTool } from "./tools"; +export type { CapletExecutionMetadata, CapletResultMetadata } from "./tools"; +export type { CapletSetupCommandConfig, CapletSetupConfig } from "./config"; +export { capletSetupContentHash, stableJson } from "./setup/hash"; +export { LocalSetupStore } from "./setup/local-store"; +export { runCapletSetup } from "./setup/runner"; +export { CloudAuthClient } from "./cloud-auth/client"; +export { openBrowserUrl } from "./cloud-auth/open-url"; +export { + CloudAuthStore, + cloudAuthPath, + migrateCredentials, + redactedCloudAuthStatus, +} from "./cloud-auth/store"; +export type { CloudAuthCredentials, CloudAuthStoreOptions } from "./cloud-auth/store"; +export type { + CloudAuthLoginPollResult, + CloudAuthLoginStart, + CloudAuthScope, + CloudAuthState, + CloudAuthTokenResponse, + CloudAuthWorkspace, + RedactedCloudAuthStatus, +} from "./cloud-auth/types"; +export type { + SetupActor, + SetupApproval, + SetupAttempt, + SetupAttemptStatus, + SetupPlan, + SetupTargetKind, +} from "./setup/types"; export { hasRenderableStructuredContent, markdownCallToolResultContent, @@ -12,3 +65,97 @@ export type { ResultMarkdownContext } from "./result-content"; export { serveCaplets, serveHttp, serveResolvedCaplets, serveStdio } from "./serve"; export type { HttpServeOptions, RawServeOptions, ServeOptions, StdioServeOptions } from "./serve"; +export { PROJECT_BINDING_STATES, PROJECT_BINDING_SYNC_STATES } from "./project-binding/types"; +export type { + BindingTerminalReason, + ProjectBindingLease, + ProjectBindingSetupReceipt, + ProjectBindingState, + ProjectBindingSyncState, + ProjectBindingWorkspaceMetadata, +} from "./project-binding/types"; +export { + PROJECT_BINDING_ERROR_CODES, + ProjectBindingError, + projectBindingError, + projectBindingRecovery, +} from "./project-binding/errors"; +export type { ProjectBindingErrorCode, ProjectBindingRecovery } from "./project-binding/errors"; +export { buildProjectSyncManifest } from "./project-binding/sync-filter"; +export type { + ProjectSyncExclusionSource, + ProjectSyncExclusionSummary, + ProjectSyncManifest, + ProjectSyncManifestFile, +} from "./project-binding/sync-filter"; +export { DEFAULT_SYNC_LIMITS, enforceProjectSyncSizeLimits } from "./project-binding/sync-size"; +export type { + ProjectSyncLimits, + ProjectSyncSizeResult, + ProjectSyncTier, +} from "./project-binding/sync-size"; +export { + PROJECT_BINDING_CONNECT_PATH, + PROJECT_BINDINGS_CONTROL_PATH, + projectBindingConnectPath, + projectBindingConnectUrl, + projectBindingStatusPath, + projectBindingStatusUrl, +} from "./project-binding/routes"; +export { + attachProjectOnce, + attachProjectSession, + resolveAttachOptions, +} from "./project-binding/attach"; +export type { + AttachSessionEvent, + RawAttachOptions, + ResolvedAttachOptions, +} from "./project-binding/attach"; +export { runProjectBindingSession } from "./project-binding/session"; +export type { + ProjectBindingSessionEvent, + ProjectBindingSocketClientMessage, + ProjectBindingSocketServerMessage, + RunProjectBindingSessionInput, +} from "./project-binding/session"; +export { defaultProjectBindingWebSocketFactory } from "./project-binding/transport"; +export type { + ProjectBindingWebSocket, + ProjectBindingWebSocketFactory, +} from "./project-binding/transport"; +export { + ProjectBindingWorkspaceStore, + projectBindingWorkspacePaths, + projectBindingWorkspaceRoot, +} from "./project-binding/workspaces"; +export type { + EnsureProjectBindingWorkspaceInput, + ProjectBindingCleanupResult, + ProjectBindingWorkspacePaths, + ProjectBindingWorkspaceRootOptions, + ProjectBindingWorkspaceStoreOptions, +} from "./project-binding/workspaces"; +export { + ManagedMutagenProjectSync, + mutagenProjectSyncDoctorData, + mutagenSyncName, + parseMutagenVersionOutput as parseManagedMutagenVersionOutput, + planMutagenSyncCreateCommand, + planMutagenSyncListCommand, + planMutagenSyncTerminateCommand, + planMutagenVersionCommand, +} from "./project-binding/mutagen"; +export type { + ManagedMutagenProjectSyncOptions, + ManagedSyncDiagnosticCode, + ManagedSyncState, + ManagedSyncStateSnapshot, + MutagenCommandPlan, + MutagenLastCommandStatus, + MutagenProcessResult, + MutagenProcessRunner, + MutagenProjectSyncBindingInput, + MutagenProjectSyncDoctorData, + StartMutagenProjectSyncInput, +} from "./project-binding/mutagen"; diff --git a/packages/core/src/native/options.ts b/packages/core/src/native/options.ts index 9d90c81..f96b2e6 100644 --- a/packages/core/src/native/options.ts +++ b/packages/core/src/native/options.ts @@ -1,18 +1,28 @@ import { CapletsError } from "../errors"; +import { mcpUrlForBase, type CapletsServerEnv, type CapletsServerInput } from "../server/options"; import { - mcpUrlForBase, - resolveCapletsMode, - resolveCapletsServer, - type CapletsMode, - type CapletsServerEnv, - type CapletsServerInput, -} from "../server/options"; + resolveCapletsRemote, + resolveRemoteMode, + type CapletsRemoteAuth, + type CapletsRemoteEnv, +} from "../remote/options"; + +type CapletsMode = "auto" | "local" | "remote" | "cloud"; export type NativeCapletsMode = CapletsMode; export type NativeRemoteCapletsOptions = { pollIntervalMs?: number; fetch?: typeof fetch; + cloud?: NativeCloudPresenceInput; +}; + +export type NativeCloudPresenceInput = { + url?: string; + accessToken?: string; + workspaceId?: string; + projectRoot?: string; + heartbeatIntervalMs?: number; }; export type NativeCapletsServiceResolutionInput = { @@ -21,7 +31,7 @@ export type NativeCapletsServiceResolutionInput = { remote?: NativeRemoteCapletsOptions; }; -export type NativeCapletsEnv = CapletsServerEnv; +export type NativeCapletsEnv = CapletsServerEnv & CapletsRemoteEnv; export type NativeRemoteAuthOptions = | { enabled: false; user: string } @@ -30,26 +40,28 @@ export type NativeRemoteAuthOptions = export type ResolvedNativeCapletsServiceOptions = | { mode: "local" } | { - mode: "remote"; + mode: "remote" | "cloud"; remote: { url: URL; auth: NativeRemoteAuthOptions; pollIntervalMs: number; requestInit: RequestInit; + cloud?: ResolvedNativeCloudPresenceOptions; fetch?: typeof fetch; }; }; const DEFAULT_POLL_INTERVAL_MS = 30_000; +const DEFAULT_PRESENCE_HEARTBEAT_INTERVAL_MS = 30_000; export function resolveNativeCapletsServiceOptions( input: NativeCapletsServiceResolutionInput = {}, env: NativeCapletsEnv = process.env, ): ResolvedNativeCapletsServiceOptions { - const mode = resolveCapletsMode( + const mode = resolveRemoteMode( { ...(input.mode ? { mode: input.mode } : {}), - ...(input.server?.url ? { serverUrl: input.server.url } : {}), + ...(input.server?.url ? { remoteUrl: input.server.url } : {}), }, env, ); @@ -58,23 +70,48 @@ export function resolveNativeCapletsServiceOptions( } const serverFetch = input.remote?.fetch ?? input.server?.fetch; - const server = resolveCapletsServer( - { ...input.server, ...(serverFetch ? { fetch: serverFetch } : {}) }, - env, - ); + const serverInput = { + ...input.server, + ...(serverFetch ? { fetch: serverFetch } : {}), + }; + const server = + mode.mode === "cloud" + ? resolveCapletsRemote( + { + url: input.server?.url ?? env.CAPLETS_REMOTE_URL ?? "", + ...(serverFetch ? { fetch: serverFetch } : {}), + }, + {}, + ) + : resolveCapletsRemote(serverInput, env); + const cloud = resolveNativeCloudPresence(input.remote?.cloud, env); return { - mode: "remote", + mode: mode.mode, remote: { url: mcpUrlForBase(server.baseUrl), - auth: server.auth, + auth: nativeAuthFromRemoteAuth(server.auth), pollIntervalMs: parsePollInterval(input.remote?.pollIntervalMs), - requestInit: server.requestInit, + requestInit: + mode.mode === "cloud" && cloud + ? { headers: { Authorization: `Bearer ${cloud.accessToken}` } } + : server.requestInit, + ...(cloud ? { cloud } : {}), ...(server.fetch ? { fetch: server.fetch } : {}), }, }; } +function nativeAuthFromRemoteAuth(auth: CapletsRemoteAuth): NativeRemoteAuthOptions { + if (auth.type === "basic") { + return { enabled: true, user: auth.user, password: auth.password }; + } + if (auth.type === "none") { + return { enabled: false, user: auth.user }; + } + return { enabled: false, user: "caplets" }; +} + function parsePollInterval(value: number | undefined): number { if (value === undefined) { return DEFAULT_POLL_INTERVAL_MS; @@ -84,3 +121,51 @@ function parsePollInterval(value: number | undefined): number { } return value; } + +export type ResolvedNativeCloudPresenceOptions = { + url: URL; + accessToken: string; + workspaceId: string; + projectRoot?: string; + heartbeatIntervalMs: number; +}; + +function resolveNativeCloudPresence( + input: NativeCloudPresenceInput | undefined, + env: NativeCapletsEnv, +): ResolvedNativeCloudPresenceOptions | undefined { + const url = input?.url ?? env.CAPLETS_CLOUD_URL; + const accessToken = input?.accessToken ?? env.CAPLETS_CLOUD_TOKEN; + const workspaceId = input?.workspaceId ?? env.CAPLETS_CLOUD_WORKSPACE_ID; + if (!url && !accessToken && !workspaceId && !input?.projectRoot) { + return undefined; + } + if (!url || !accessToken || !workspaceId) { + throw new CapletsError( + "REQUEST_INVALID", + "Cloud presence requires CAPLETS_CLOUD_URL, CAPLETS_CLOUD_TOKEN, and CAPLETS_CLOUD_WORKSPACE_ID.", + ); + } + return { + url: new URL(url), + accessToken, + workspaceId, + ...((input?.projectRoot ?? env.CAPLETS_PROJECT_ROOT) + ? { projectRoot: input?.projectRoot ?? env.CAPLETS_PROJECT_ROOT } + : {}), + heartbeatIntervalMs: parsePresenceHeartbeatInterval(input?.heartbeatIntervalMs), + }; +} + +function parsePresenceHeartbeatInterval(value: number | undefined): number { + if (value === undefined) { + return DEFAULT_PRESENCE_HEARTBEAT_INTERVAL_MS; + } + if (!Number.isInteger(value) || value < 1_000) { + throw new CapletsError( + "REQUEST_INVALID", + "cloud.heartbeatIntervalMs must be an integer >= 1000.", + ); + } + return value; +} diff --git a/packages/core/src/native/remote.ts b/packages/core/src/native/remote.ts index a6c77d2..4dd5397 100644 --- a/packages/core/src/native/remote.ts +++ b/packages/core/src/native/remote.ts @@ -27,13 +27,14 @@ export type RemoteCapletsClient = { }; export type RemoteCapletsClientOptions = ResolvedNativeCapletsServiceOptions & { - mode: "remote"; + mode: "remote" | "cloud"; }; export type RemoteNativeCapletsServiceOptions = { client: RemoteCapletsClient; clientFactory?: () => RemoteCapletsClient; pollIntervalMs: number; + authKind?: "self_hosted_remote" | "hosted_cloud"; writeErr?: (value: string) => void; }; @@ -118,7 +119,7 @@ export class RemoteNativeCapletsService implements NativeCapletsService { return await this.client.callTool(capletId, request); } catch (error) { if (isAuthFailure(error)) { - throw remoteAuthError(); + throw remoteAuthError(this.options.authKind ?? "self_hosted_remote"); } if (isSessionFailure(error)) { if (!(await this.resetClient()) || this.closed) { @@ -128,7 +129,7 @@ export class RemoteNativeCapletsService implements NativeCapletsService { return await this.client.callTool(capletId, request); } catch (retryError) { if (isAuthFailure(retryError)) { - throw remoteAuthError(); + throw remoteAuthError(this.options.authKind ?? "self_hosted_remote"); } throw retryError; } @@ -273,10 +274,12 @@ function errorMessage(error: unknown): string { return error instanceof Error ? error.message : String(error); } -function remoteAuthError(): CapletsError { +function remoteAuthError(kind: "self_hosted_remote" | "hosted_cloud"): CapletsError { return new CapletsError( "AUTH_FAILED", - "Remote Caplets authentication failed; check CAPLETS_SERVER_USER and CAPLETS_SERVER_PASSWORD.", + kind === "hosted_cloud" + ? "Caplets Cloud authentication failed; run caplets cloud auth login." + : "Remote Caplets authentication failed; check CAPLETS_REMOTE_TOKEN or CAPLETS_REMOTE_USER and CAPLETS_REMOTE_PASSWORD.", ); } diff --git a/packages/core/src/native/service.ts b/packages/core/src/native/service.ts index a9fc481..797aa14 100644 --- a/packages/core/src/native/service.ts +++ b/packages/core/src/native/service.ts @@ -1,5 +1,13 @@ import type { NativeCapletsServiceResolutionInput } from "./options"; -import { resolveNativeCapletsServiceOptions } from "./options"; +import { + resolveNativeCapletsServiceOptions, + type NativeRemoteAuthOptions, + type ResolvedNativeCloudPresenceOptions, +} from "./options"; +import { CapletsCloudClient } from "../cloud/client"; +import { ProjectBindingSessionManager } from "../cloud/presence"; +import { projectSyncFiles } from "../cloud/sync"; +import { findProjectRoot, fingerprintProjectRoot } from "../cloud/project-root"; import { createSdkRemoteCapletsClient, RemoteNativeCapletsService, @@ -19,6 +27,12 @@ import { type LocalOverlayConfigWithSources, } from "../config"; import { generatedToolInputJsonSchemaForCaplet } from "../generated-tool-input-schema"; +import type { CapletsRemoteAuth } from "../remote/options"; +import { resolveRemoteSelection } from "../remote/selection"; + +const REMOTE_PROJECT_BINDING_FALLBACK_WARNING = + "Remote project binding unavailable; using local Caplets only. Run caplets doctor for details.\n"; +let hasWarnedRemoteProjectBindingFallback = false; export type NativeCapletsServiceOptions = NativeCapletsServiceResolutionInput & { configPath?: string; @@ -27,12 +41,7 @@ export type NativeCapletsServiceOptions = NativeCapletsServiceResolutionInput & watchDebounceMs?: number; watch?: boolean; writeErr?: (value: string) => void; - remoteClientFactory?: ( - options: Extract< - ReturnType, - { mode: "remote" } - >["remote"], - ) => RemoteCapletsClient; + remoteClientFactory?: (options: ResolvedNativeRemoteOptions) => RemoteCapletsClient; localServiceFactory?: (options: LocalNativeCapletsServiceOptions) => NativeCapletsService; }; @@ -61,23 +70,14 @@ export function createNativeCapletsService( ): NativeCapletsService { const resolved = resolveNativeCapletsServiceOptions(options); if (resolved.mode === "remote") { - const localOptions = { - ...options, - mode: "local", - configLoader: createLocalOverlayConfigLoader(options), - } satisfies LocalNativeCapletsServiceOptions; - const local = (options.localServiceFactory ?? createDefaultNativeCapletsService)(localOptions); + const local = createLocalOverlayService(options); try { - const client = (options.remoteClientFactory ?? createSdkRemoteCapletsClient)(resolved.remote); - const remote = new RemoteNativeCapletsService({ - client, - clientFactory: () => - (options.remoteClientFactory ?? createSdkRemoteCapletsClient)(resolved.remote), - pollIntervalMs: resolved.remote.pollIntervalMs, - ...(options.writeErr ? { writeErr: options.writeErr } : {}), - }); - return new CompositeNativeCapletsService(remote, local, options); + return createCompositeRemoteService(resolved.remote, local, options, "self_hosted_remote"); } catch (error) { + if (options.mode !== "remote") { + warnRemoteProjectBindingFallback(options); + return local; + } void local.close().catch((closeError) => { writeErr( options, @@ -87,9 +87,16 @@ export function createNativeCapletsService( throw error; } } + if (resolved.mode === "cloud") { + return new CloudNativeCapletsService(options, resolved.remote); + } return new DefaultNativeCapletsService(options); } +export function resetNativeProjectBindingFallbackWarningForTests(): void { + hasWarnedRemoteProjectBindingFallback = false; +} + type LocalNativeCapletsServiceOptions = NativeCapletsServiceOptions & { configLoader?: (configPath: string, projectConfigPath: string) => CapletsConfig; }; @@ -143,6 +150,149 @@ function createDefaultNativeCapletsService( return new DefaultNativeCapletsService(options); } +type ResolvedNativeRemoteOptions = Extract< + Exclude, { mode: "local" }>, + { remote: unknown } +>["remote"]; + +function createLocalOverlayService(options: NativeCapletsServiceOptions): NativeCapletsService { + const localOptions = { + ...options, + mode: "local", + configLoader: createLocalOverlayConfigLoader(options), + } satisfies LocalNativeCapletsServiceOptions; + return (options.localServiceFactory ?? createDefaultNativeCapletsService)(localOptions); +} + +function createCompositeRemoteService( + remoteOptions: ResolvedNativeRemoteOptions, + local: NativeCapletsService, + options: NativeCapletsServiceOptions, + authKind: "self_hosted_remote" | "hosted_cloud", +): NativeCapletsService { + const client = (options.remoteClientFactory ?? createSdkRemoteCapletsClient)(remoteOptions); + const remote = new RemoteNativeCapletsService({ + client, + clientFactory: () => + (options.remoteClientFactory ?? createSdkRemoteCapletsClient)(remoteOptions), + pollIntervalMs: remoteOptions.pollIntervalMs, + authKind, + ...(options.writeErr ? { writeErr: options.writeErr } : {}), + }); + const presence = createProjectBindingSessionManager(remoteOptions.cloud, local, options); + return new CompositeNativeCapletsService(remote, local, options, presence); +} + +class CloudNativeCapletsService implements NativeCapletsService { + private readonly local: NativeCapletsService; + private readonly listeners = new Set(); + private delegate: NativeCapletsService | undefined; + private unsubscribeDelegate: (() => void) | undefined; + private closed = false; + + constructor( + private readonly options: NativeCapletsServiceOptions, + private readonly baseRemote: ResolvedNativeRemoteOptions, + ) { + this.local = createLocalOverlayService(options); + } + + listTools(): NativeCapletTool[] { + return this.delegate?.listTools() ?? this.local.listTools(); + } + + async execute(capletId: string, request: unknown): Promise { + return await (this.delegate ?? this.local).execute(capletId, request); + } + + async reload(): Promise { + if (this.closed) return false; + if (!this.delegate) { + try { + const cloudFetch = this.options.remote?.fetch ?? this.options.server?.fetch; + const remoteUrl = + this.options.server?.url ?? this.baseRemote.url.toString().replace(/\/mcp$/u, ""); + const selection = await resolveRemoteSelection( + { + mode: "cloud", + remoteUrl, + ...(cloudFetch ? { fetch: cloudFetch } : {}), + }, + { + ...process.env, + CAPLETS_MODE: "cloud", + CAPLETS_REMOTE_URL: remoteUrl, + }, + ); + if (selection.kind !== "hosted_cloud") { + throw new CapletsError("REQUEST_INVALID", "CAPLETS_MODE=cloud requires Caplets Cloud."); + } + const cloudPresence = { + url: selection.cloudPresence.url, + accessToken: selection.cloudPresence.accessToken, + workspaceId: selection.cloudPresence.workspaceId, + ...(this.options.remote?.cloud?.projectRoot + ? { projectRoot: this.options.remote.cloud.projectRoot } + : {}), + heartbeatIntervalMs: + this.options.remote?.cloud?.heartbeatIntervalMs ?? + this.baseRemote.cloud?.heartbeatIntervalMs ?? + 30_000, + } satisfies ResolvedNativeCloudPresenceOptions; + const remoteOptions = { + ...this.baseRemote, + url: selection.remote.mcpUrl, + auth: nativeAuthFromRemoteAuth(selection.remote.auth), + requestInit: selection.remote.requestInit, + ...(selection.remote.fetch ? { fetch: selection.remote.fetch } : {}), + cloud: cloudPresence, + } satisfies ResolvedNativeRemoteOptions; + this.delegate = createCompositeRemoteService( + remoteOptions, + this.local, + this.options, + "hosted_cloud", + ); + this.unsubscribeDelegate = this.delegate.onToolsChanged((tools) => this.emit(tools)); + } catch (error) { + if (this.options.mode === "cloud") throw error; + warnRemoteProjectBindingFallback(this.options); + return await this.local.reload(); + } + } + return await this.delegate.reload(); + } + + onToolsChanged(listener: NativeCapletsToolsChangedListener): () => void { + this.listeners.add(listener); + return () => this.listeners.delete(listener); + } + + async close(): Promise { + if (this.closed) return; + this.closed = true; + this.unsubscribeDelegate?.(); + this.listeners.clear(); + await (this.delegate ? this.delegate.close() : this.local.close()); + } + + private emit(tools: NativeCapletTool[]): void { + for (const listener of this.listeners) { + listener(tools); + } + } +} + +function nativeAuthFromRemoteAuth(auth: CapletsRemoteAuth): NativeRemoteAuthOptions { + if (auth.type === "basic") { + return { enabled: true, user: auth.user, password: auth.password }; + } + if (auth.type === "none") { + return { enabled: false, user: auth.user }; + } + return { enabled: false, user: "caplets" }; +} + class CompositeNativeCapletsService implements NativeCapletsService { private readonly listeners = new Set(); private readonly unsubscribers: Array<() => void>; @@ -154,12 +304,19 @@ class CompositeNativeCapletsService implements NativeCapletsService { private readonly remote: NativeCapletsService, private readonly local: NativeCapletsService, private readonly options: NativeCapletsServiceOptions, + private readonly presence?: ProjectBindingSessionManager, ) { this.unsubscribers = [ this.remote.onToolsChanged(() => this.updateMergedTools()), this.local.onToolsChanged(() => this.updateMergedTools()), ]; this.tools = this.mergeTools(); + void this.presence?.start().catch((error) => { + writeErr( + options, + `Could not register Caplets Cloud Project Binding: ${errorMessage(error)}\n`, + ); + }); } listTools(): NativeCapletTool[] { @@ -184,6 +341,11 @@ class CompositeNativeCapletsService implements NativeCapletsService { if (remoteReloaded === undefined || localReloaded === undefined) { return false; } + if (localReloaded) { + await this.presence?.updateAllowedCapletIds( + this.local.listTools().map((tool) => tool.caplet), + ); + } this.updateMergedTools(); return remoteReloaded || localReloaded; } @@ -202,7 +364,7 @@ class CompositeNativeCapletsService implements NativeCapletsService { unsubscribe(); } this.listeners.clear(); - await Promise.all([this.remote.close(), this.local.close()]); + await Promise.all([this.remote.close(), this.local.close(), this.presence?.close()]); } private updateMergedTools(): void { @@ -245,6 +407,35 @@ class CompositeNativeCapletsService implements NativeCapletsService { } } +function createProjectBindingSessionManager( + cloud: ResolvedNativeRemoteOptions["cloud"], + local: NativeCapletsService, + options: NativeCapletsServiceOptions, +): ProjectBindingSessionManager | undefined { + if (!cloud) { + return undefined; + } + const projectRoot = cloud.projectRoot ?? findProjectRoot(); + const cloudFetch = options.remote?.fetch ?? options.server?.fetch; + const clientOptions = { + baseUrl: cloud.url, + accessToken: cloud.accessToken, + ...(cloudFetch ? { fetch: cloudFetch } : {}), + }; + return new ProjectBindingSessionManager({ + client: new CapletsCloudClient(clientOptions), + workspaceId: cloud.workspaceId, + projectRoot, + projectFingerprint: fingerprintProjectRoot(projectRoot), + projectFiles: projectSyncFiles(projectRoot), + allowedCapletIds: local.listTools().map((tool) => tool.caplet), + heartbeatIntervalMs: cloud.heartbeatIntervalMs, + onError: (error) => { + writeErr(options, `Caplets Cloud Project Binding heartbeat failed: ${errorMessage(error)}\n`); + }, + }); +} + function createLocalOverlayConfigLoader(options: NativeCapletsServiceOptions) { let hasLoaded = false; let previousWarnings = new Set(); @@ -292,6 +483,14 @@ function writeErr(options: NativeCapletsServiceOptions, message: string): void { options.writeErr?.(message); } +function warnRemoteProjectBindingFallback(options: NativeCapletsServiceOptions): void { + if (hasWarnedRemoteProjectBindingFallback) { + return; + } + hasWarnedRemoteProjectBindingFallback = true; + writeErr(options, REMOTE_PROJECT_BINDING_FALLBACK_WARNING); +} + function errorMessage(error: unknown): string { return error instanceof Error ? error.message : String(error); } diff --git a/packages/core/src/project-binding/attach.ts b/packages/core/src/project-binding/attach.ts new file mode 100644 index 0000000..b15d3f8 --- /dev/null +++ b/packages/core/src/project-binding/attach.ts @@ -0,0 +1,151 @@ +import { existsSync } from "node:fs"; +import { CapletsError } from "../errors"; +import type { ResolvedCapletsRemote } from "../remote/options"; +import { resolveRemoteSelection } from "../remote/selection"; +import { ProjectBindingError } from "./errors"; +import { bootstrapProjectBindingGitignore } from "./gitignore"; +import { runProjectBindingSession, type ProjectBindingSessionEvent } from "./session"; +import { buildProjectSyncManifest } from "./sync-filter"; +import { enforceProjectSyncSizeLimits, type ProjectSyncTier } from "./sync-size"; +import type { ProjectBindingWebSocketFactory } from "./transport"; + +export type RawAttachOptions = { + remoteUrl?: string; + user?: string; + password?: string; + token?: string; + workspace?: string; + json?: boolean; + verbose?: boolean; + once?: boolean; + projectRoot?: string; + fetch?: typeof fetch; +}; + +export type ResolvedAttachOptions = { + projectRoot: string; + json: boolean; + verbose: boolean; + once: boolean; + remote: ResolvedCapletsRemote; + authMode: "self_hosted_remote" | "hosted_cloud"; + selectedWorkspace?: string | undefined; +}; + +export async function resolveAttachOptions( + raw: RawAttachOptions = {}, + env: Record = process.env, +): Promise { + return await resolveAttachOptionsForRun(raw, env); +} + +export async function resolveAttachOptionsForRun( + raw: RawAttachOptions = {}, + env: Record = process.env, +): Promise { + const remoteInput = { + ...(raw.remoteUrl !== undefined ? { remoteUrl: raw.remoteUrl } : {}), + ...(raw.user !== undefined ? { user: raw.user } : {}), + ...(raw.password !== undefined ? { password: raw.password } : {}), + ...(raw.token !== undefined ? { token: raw.token } : {}), + ...(raw.workspace !== undefined ? { workspace: raw.workspace } : {}), + ...(raw.fetch !== undefined ? { fetch: raw.fetch } : {}), + }; + const selection = await resolveRemoteSelection(remoteInput, env); + return { + projectRoot: raw.projectRoot ?? process.cwd(), + json: raw.json === true, + verbose: raw.verbose === true, + once: raw.once === true, + remote: selection.remote, + authMode: selection.kind, + ...(selection.kind === "hosted_cloud" + ? { selectedWorkspace: selection.selectedWorkspace } + : raw.workspace + ? { selectedWorkspace: raw.workspace } + : {}), + }; +} + +export async function attachProjectOnce( + raw: RawAttachOptions = {}, + env: Record = process.env, +): Promise<{ ok: true; projectRoot: string; webSocketUrl: string }> { + const resolved = await resolveAttachOptionsForRun({ ...raw, once: true }, env); + bootstrapProjectBindingGitignore(resolved.projectRoot); + preflightProjectSync(resolved.projectRoot, hostedTier(env)); + const response = await (resolved.remote.fetch ?? fetch)(projectBindingProbeUrl(resolved.remote), { + ...resolved.remote.requestInit, + method: "GET", + }); + if (response.status !== 101 && !(await isWebSocketUpgradeRequired(response))) { + throw new CapletsError( + "SERVER_UNAVAILABLE", + `Project Binding WebSocket unavailable at ${resolved.remote.projectBindingWebSocketUrl}. Run caplets doctor for details.`, + ); + } + return { + ok: true, + projectRoot: resolved.projectRoot, + webSocketUrl: resolved.remote.projectBindingWebSocketUrl.toString(), + }; +} + +export type AttachSessionEvent = ProjectBindingSessionEvent; + +export async function attachProjectSession( + raw: RawAttachOptions = {}, + env: Record = process.env, + options: { + heartbeatIntervalMs?: number | undefined; + signal?: AbortSignal | undefined; + webSocketFactory?: ProjectBindingWebSocketFactory | undefined; + onEvent?: (event: AttachSessionEvent) => void; + } = {}, +) { + const resolved = await resolveAttachOptionsForRun(raw, env); + bootstrapProjectBindingGitignore(resolved.projectRoot); + preflightProjectSync(resolved.projectRoot, hostedTier(env)); + return await runProjectBindingSession({ + projectRoot: resolved.projectRoot, + remote: resolved.remote, + fetch: resolved.remote.fetch, + signal: options.signal, + heartbeatIntervalMs: options.heartbeatIntervalMs, + webSocketFactory: options.webSocketFactory, + onEvent: options.onEvent, + }); +} + +function projectBindingProbeUrl(remote: ResolvedCapletsRemote): URL { + const url = new URL(remote.projectBindingWebSocketUrl); + if (url.protocol === "wss:") url.protocol = "https:"; + if (url.protocol === "ws:") url.protocol = "http:"; + return url; +} + +async function isWebSocketUpgradeRequired(response: Response): Promise { + if (response.status !== 426) return false; + const contentType = response.headers.get("content-type") ?? ""; + if (!contentType.includes("application/json")) return false; + const body = (await response.json().catch(() => undefined)) as { error?: unknown } | undefined; + return body?.error === "websocket_upgrade_required"; +} + +function preflightProjectSync(projectRoot: string, tier: ProjectSyncTier): void { + if (!existsSync(projectRoot)) return; + const manifest = buildProjectSyncManifest({ projectRoot }); + const size = enforceProjectSyncSizeLimits({ tier, files: manifest.files }); + if (!size.ok) { + throw new ProjectBindingError({ + code: size.code, + message: "Project sync size exceeds the selected workspace policy.", + recoveryCommand: size.recoveryCommand, + }); + } +} + +function hostedTier(env: Record): ProjectSyncTier { + const value = env.CAPLETS_CLOUD_TIER?.toLowerCase(); + return value === "plus" || value === "pro" || value === "enterprise" ? value : "free"; +} diff --git a/packages/core/src/project-binding/errors.ts b/packages/core/src/project-binding/errors.ts new file mode 100644 index 0000000..e47ee2d --- /dev/null +++ b/packages/core/src/project-binding/errors.ts @@ -0,0 +1,104 @@ +import { CapletsError } from "../errors"; + +export const PROJECT_BINDING_ERROR_CODES = [ + "cloud_auth_required", + "cloud_auth_expired", + "cloud_auth_revoked", + "workspace_selection_required", + "workspace_switch_required", + "workspace_forbidden", + "project_binding_forbidden", + "endpoint_unavailable", + "websocket_upgrade_required", + "sync_required", + "sync_failed", + "sync_size_limit_exceeded", + "lease_conflict", + "lease_expired", + "policy_denied", + "usage_limit_reached", + "billing_required", + "subscription_past_due", + "email_verification_required", + "remote_credentials_required", + "remote_auth_failed", +] as const; + +export type ProjectBindingErrorCode = (typeof PROJECT_BINDING_ERROR_CODES)[number]; + +export type ProjectBindingRecovery = { + code: ProjectBindingErrorCode; + message: string; + recoveryCommand?: string | undefined; + requestId?: string | undefined; +}; + +export class ProjectBindingError extends CapletsError { + readonly projectBindingCode: ProjectBindingErrorCode; + readonly recoveryCommand?: string | undefined; + readonly requestId?: string | undefined; + + constructor(input: ProjectBindingRecovery) { + super("SERVER_UNAVAILABLE", input.message, input); + this.name = "ProjectBindingError"; + this.projectBindingCode = input.code; + this.recoveryCommand = input.recoveryCommand; + this.requestId = input.requestId; + } +} + +export function projectBindingRecovery( + code: ProjectBindingErrorCode, + message = defaultProjectBindingMessage(code), +): ProjectBindingRecovery { + return { + code, + message, + recoveryCommand: recoveryCommandFor(code), + }; +} + +export function projectBindingError( + code: ProjectBindingErrorCode, + message?: string, +): ProjectBindingError { + return new ProjectBindingError(projectBindingRecovery(code, message)); +} + +function recoveryCommandFor(code: ProjectBindingErrorCode): string | undefined { + switch (code) { + case "cloud_auth_required": + case "cloud_auth_expired": + case "cloud_auth_revoked": + case "workspace_selection_required": + return "caplets cloud auth login"; + case "workspace_switch_required": + return "caplets cloud auth switch "; + case "sync_size_limit_exceeded": + return "Add exclusions to .capletsignore or upgrade the workspace plan."; + case "remote_credentials_required": + case "remote_auth_failed": + return "Set CAPLETS_REMOTE_URL and remote credentials."; + case "endpoint_unavailable": + case "websocket_upgrade_required": + return "caplets doctor"; + default: + return undefined; + } +} + +function defaultProjectBindingMessage(code: ProjectBindingErrorCode): string { + switch (code) { + case "sync_size_limit_exceeded": + return "Project sync size exceeds the selected workspace policy."; + case "workspace_switch_required": + return "The requested workspace differs from the saved Selected Workspace."; + case "cloud_auth_required": + return "Hosted Project Binding requires Cloud Auth."; + case "endpoint_unavailable": + case "websocket_upgrade_required": + return "Project Binding endpoint is unavailable."; + default: + return code.replace(/_/gu, " "); + } +} diff --git a/packages/core/src/project-binding/gitignore.ts b/packages/core/src/project-binding/gitignore.ts new file mode 100644 index 0000000..75239b9 --- /dev/null +++ b/packages/core/src/project-binding/gitignore.ts @@ -0,0 +1,31 @@ +import { existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs"; +import { join } from "node:path"; + +const CAPLETS_GITIGNORE_CONTENT = "*\n!.gitignore\n"; + +export type ProjectBindingGitignoreBootstrap = { + path: string; + changed: boolean; +}; + +export function bootstrapProjectBindingGitignore( + projectRoot: string, +): ProjectBindingGitignoreBootstrap { + const capletsDir = join(projectRoot, ".caplets"); + const gitignorePath = join(capletsDir, ".gitignore"); + if (!existsSync(projectRoot)) return { path: gitignorePath, changed: false }; + mkdirSync(capletsDir, { recursive: true }); + + if (!existsSync(gitignorePath)) { + writeFileSync(gitignorePath, CAPLETS_GITIGNORE_CONTENT, { mode: 0o600 }); + return { path: gitignorePath, changed: true }; + } + + const existing = readFileSync(gitignorePath, "utf8"); + if (existing.startsWith(CAPLETS_GITIGNORE_CONTENT)) { + return { path: gitignorePath, changed: false }; + } + + writeFileSync(gitignorePath, `${CAPLETS_GITIGNORE_CONTENT}${existing}`, { mode: 0o600 }); + return { path: gitignorePath, changed: true }; +} diff --git a/packages/core/src/project-binding/mutagen.ts b/packages/core/src/project-binding/mutagen.ts new file mode 100644 index 0000000..daacdf7 --- /dev/null +++ b/packages/core/src/project-binding/mutagen.ts @@ -0,0 +1,453 @@ +import { spawn } from "node:child_process"; + +export type ManagedSyncState = "idle" | "starting" | "syncing" | "ready" | "blocked" | "stopped"; + +export type ManagedSyncDiagnosticCode = + | "project_sync_binary_missing" + | "project_sync_auth_failed" + | "project_sync_conflict" + | "project_sync_process_exit" + | "project_sync_status_unavailable"; + +export type MutagenCommandPlan = { + command: string; + args: string[]; +}; + +export type MutagenProcessResult = { + stdout?: string; + stderr?: string; + exitCode?: number; +}; + +export type MutagenProcessRunner = ( + command: string, + args: string[], +) => Promise; + +export type MutagenLastCommandStatus = MutagenCommandPlan & { + stdout: string; + stderr: string; + exitCode?: number; +}; + +export type ManagedSyncStateSnapshot = { + state: ManagedSyncState; + publicMessage: string; + bindingId?: string; + diagnosticCode?: ManagedSyncDiagnosticCode; + mutagenBinary?: string; + mutagenVersion?: string; + lastCommand?: MutagenLastCommandStatus; +}; + +export type MutagenProjectSyncDoctorData = { + state: ManagedSyncState; + diagnosticCode?: ManagedSyncDiagnosticCode; + mutagenBinary?: string; + mutagenVersion?: string; + lastCommand?: MutagenLastCommandStatus; +}; + +export type StartMutagenProjectSyncInput = { + bindingId: string; + localProjectRoot: string; + serverProjectRoot: string; +}; + +export type MutagenProjectSyncBindingInput = { + bindingId: string; +}; + +export type ManagedMutagenProjectSyncOptions = { + mutagenBinary?: string; + runner?: MutagenProcessRunner; +}; + +type MutagenVersionInfo = { + version: string; +}; + +type ManagedSyncStateUpdate = { + state: ManagedSyncState; + publicMessage: string; + bindingId?: string | undefined; + diagnosticCode?: ManagedSyncDiagnosticCode | undefined; +}; + +const readyStatuses = new Set(["watching", "ready", "ok"]); +const syncingStatuses = new Set([ + "connecting", + "halted on root", + "reconciling", + "scanning", + "staging", + "syncing", + "transitioning", + "watching for changes", +]); + +export function planMutagenVersionCommand(mutagenBinary = "mutagen"): MutagenCommandPlan { + return { command: mutagenBinary, args: ["version"] }; +} + +export function planMutagenSyncCreateCommand( + input: StartMutagenProjectSyncInput, + mutagenBinary = "mutagen", +): MutagenCommandPlan { + return { + command: mutagenBinary, + args: [ + "sync", + "create", + input.localProjectRoot, + input.serverProjectRoot, + "--name", + mutagenSyncName(input.bindingId), + ], + }; +} + +export function planMutagenSyncListCommand(mutagenBinary = "mutagen"): MutagenCommandPlan { + return { command: mutagenBinary, args: ["sync", "list", "--template", "json"] }; +} + +export function planMutagenSyncTerminateCommand( + bindingId: string, + mutagenBinary = "mutagen", +): MutagenCommandPlan { + return { command: mutagenBinary, args: ["sync", "terminate", mutagenSyncName(bindingId)] }; +} + +export function mutagenSyncName(bindingId: string): string { + return `caplets-${bindingId}`; +} + +export class ManagedMutagenProjectSync { + readonly mutagenBinary: string; + + #runner: MutagenProcessRunner; + #snapshot: ManagedSyncStateSnapshot; + + constructor(options: ManagedMutagenProjectSyncOptions = {}) { + this.mutagenBinary = options.mutagenBinary ?? "mutagen"; + this.#runner = options.runner ?? defaultMutagenProcessRunner; + this.#snapshot = { + state: "idle", + publicMessage: "Project sync is idle.", + mutagenBinary: this.mutagenBinary, + }; + } + + async start(input: StartMutagenProjectSyncInput): Promise { + this.#setState({ + state: "starting", + bindingId: input.bindingId, + publicMessage: "Project sync is starting.", + }); + const versionResult = await this.#run(planMutagenVersionCommand(this.mutagenBinary)); + if (versionResult.blocked) { + return this.snapshot(); + } + this.#snapshot.mutagenVersion = parseMutagenVersionOutput( + versionResult.result.stdout ?? "", + ).version; + + const createResult = await this.#run(planMutagenSyncCreateCommand(input, this.mutagenBinary)); + if (createResult.blocked) { + return this.snapshot(); + } + this.#setState({ + state: "syncing", + bindingId: input.bindingId, + publicMessage: "Project sync is starting.", + }); + return this.snapshot(); + } + + async refresh(input: MutagenProjectSyncBindingInput): Promise { + const listResult = await this.#run( + planMutagenSyncListCommand(this.mutagenBinary), + input.bindingId, + ); + if (listResult.blocked) { + return this.snapshot(); + } + + let session: { name: string; status: string } | undefined; + try { + session = findMutagenSyncSession(listResult.result.stdout, mutagenSyncName(input.bindingId)); + } catch { + this.#block(input.bindingId, "project_sync_status_unavailable"); + return this.snapshot(); + } + if (!session) { + this.#block(input.bindingId, "project_sync_status_unavailable"); + return this.snapshot(); + } + + const normalizedStatus = session.status.toLocaleLowerCase(); + if (readyStatuses.has(normalizedStatus)) { + this.#setState({ + state: "ready", + bindingId: input.bindingId, + publicMessage: "Project sync is ready.", + }); + return this.snapshot(); + } + if (syncingStatuses.has(normalizedStatus)) { + this.#setState({ + state: "syncing", + bindingId: input.bindingId, + publicMessage: "Project sync is catching up.", + }); + return this.snapshot(); + } + + this.#block(input.bindingId, mapTextToDiagnosticCode(session.status)); + return this.snapshot(); + } + + async stop(input: MutagenProjectSyncBindingInput): Promise { + const stopResult = await this.#run( + planMutagenSyncTerminateCommand(input.bindingId, this.mutagenBinary), + input.bindingId, + ); + if (stopResult.blocked) { + return this.snapshot(); + } + this.#setState({ + state: "stopped", + bindingId: input.bindingId, + publicMessage: "Project sync has stopped.", + }); + return this.snapshot(); + } + + snapshot(): ManagedSyncStateSnapshot { + const snapshot: ManagedSyncStateSnapshot = { + ...this.#snapshot, + }; + if (this.#snapshot.lastCommand) { + snapshot.lastCommand = { + ...this.#snapshot.lastCommand, + args: [...this.#snapshot.lastCommand.args], + }; + } + return snapshot; + } + + async #run( + plan: MutagenCommandPlan, + bindingId = this.#snapshot.bindingId, + ): Promise<{ blocked: false; result: Required } | { blocked: true }> { + try { + const result = normalizeProcessResult(await this.#runner(plan.command, [...plan.args])); + this.#snapshot.lastCommand = { ...plan, ...result, args: [...plan.args] }; + if (result.exitCode !== 0) { + this.#block(bindingId, "project_sync_process_exit"); + return { blocked: true }; + } + return { blocked: false, result }; + } catch (error) { + const errorResult: MutagenProcessResult = { + stdout: "", + stderr: error instanceof Error ? error.message : String(error), + }; + const exitCode = errorExitCode(error); + if (exitCode !== undefined) { + errorResult.exitCode = exitCode; + } + this.#snapshot.lastCommand = commandStatus(plan, errorResult); + this.#block(bindingId, mapErrorToDiagnosticCode(error)); + return { blocked: true }; + } + } + + #block(bindingId: string | undefined, diagnosticCode: ManagedSyncDiagnosticCode): void { + this.#setState({ + state: "blocked", + bindingId, + diagnosticCode, + publicMessage: "Project sync is blocked.", + }); + } + + #setState(next: ManagedSyncStateUpdate): void { + const snapshot: ManagedSyncStateSnapshot = { + ...this.#snapshot, + state: next.state, + publicMessage: next.publicMessage, + mutagenBinary: this.mutagenBinary, + }; + if (next.bindingId !== undefined) { + snapshot.bindingId = next.bindingId; + } + if (next.diagnosticCode !== undefined) { + snapshot.diagnosticCode = next.diagnosticCode; + } else { + delete snapshot.diagnosticCode; + } + this.#snapshot = snapshot; + } +} + +export function mutagenProjectSyncDoctorData( + snapshot: ManagedSyncStateSnapshot, +): MutagenProjectSyncDoctorData { + const doctorData: MutagenProjectSyncDoctorData = { + state: snapshot.state, + }; + if (snapshot.diagnosticCode !== undefined) { + doctorData.diagnosticCode = snapshot.diagnosticCode; + } + if (snapshot.mutagenBinary !== undefined) { + doctorData.mutagenBinary = snapshot.mutagenBinary; + } + if (snapshot.mutagenVersion !== undefined) { + doctorData.mutagenVersion = snapshot.mutagenVersion; + } + if (snapshot.lastCommand !== undefined) { + doctorData.lastCommand = snapshot.lastCommand; + } + return doctorData; +} + +export function parseMutagenVersionOutput(output: string): MutagenVersionInfo { + return { version: output.match(/Mutagen version\s+([^\s]+)/u)?.[1] ?? "unknown" }; +} + +async function defaultMutagenProcessRunner( + command: string, + args: string[], +): Promise { + return new Promise((resolve, reject) => { + const child = spawn(command, args, { stdio: ["ignore", "pipe", "pipe"] }); + let stdout = ""; + let stderr = ""; + child.stdout.setEncoding("utf8"); + child.stderr.setEncoding("utf8"); + child.stdout.on("data", (chunk: string) => { + stdout += chunk; + }); + child.stderr.on("data", (chunk: string) => { + stderr += chunk; + }); + child.on("error", reject); + child.on("close", (exitCode) => { + resolve(exitCode === null ? { stdout, stderr } : { stdout, stderr, exitCode }); + }); + }); +} + +function normalizeProcessResult(result: MutagenProcessResult): Required { + return { + stdout: result.stdout ?? "", + stderr: result.stderr ?? "", + exitCode: result.exitCode ?? 0, + }; +} + +function commandStatus( + plan: MutagenCommandPlan, + result: MutagenProcessResult, +): MutagenLastCommandStatus { + const status: MutagenLastCommandStatus = { + ...plan, + args: [...plan.args], + stdout: result.stdout ?? "", + stderr: result.stderr ?? "", + }; + if (result.exitCode !== undefined) { + status.exitCode = result.exitCode; + } + return status; +} + +function mapErrorToDiagnosticCode(error: unknown): ManagedSyncDiagnosticCode { + const text = errorText(error); + if (errorCode(error) === "ENOENT" || /\bnot found\b|enoent|no such file/u.test(text)) { + return "project_sync_binary_missing"; + } + return mapTextToDiagnosticCode(text, errorExitCode(error)); +} + +function mapTextToDiagnosticCode(text: string, exitCode?: number): ManagedSyncDiagnosticCode { + const normalized = text.toLocaleLowerCase(); + if (/auth|credential|permission denied|unauthorized|forbidden/u.test(normalized)) { + return "project_sync_auth_failed"; + } + if (/already exists|conflict|duplicate|in use/u.test(normalized)) { + return "project_sync_conflict"; + } + if (exitCode !== undefined || /exit|failed|terminated/u.test(normalized)) { + return "project_sync_process_exit"; + } + return "project_sync_status_unavailable"; +} + +function errorText(error: unknown): string { + return error instanceof Error + ? error.message.toLocaleLowerCase() + : String(error).toLocaleLowerCase(); +} + +function errorCode(error: unknown): unknown { + return typeof error === "object" && error !== null && "code" in error + ? (error as { code?: unknown }).code + : undefined; +} + +function errorExitCode(error: unknown): number | undefined { + return typeof error === "object" && error !== null && "exitCode" in error + ? (error as { exitCode?: number }).exitCode + : undefined; +} + +function findMutagenSyncSession( + stdout: string, + name: string, +): { name: string; status: string } | undefined { + const parsed = JSON.parse(stdout) as unknown; + for (const entry of collectCandidateSessions(parsed)) { + if (entry.name === name) { + return entry; + } + } + return undefined; +} + +function collectCandidateSessions(value: unknown): Array<{ name: string; status: string }> { + if (Array.isArray(value)) { + return value.flatMap(collectCandidateSessions); + } + if (!isRecord(value)) { + return []; + } + + const ownSession = sessionFromRecord(value); + const nested = ["synchronizations", "sessions", "syncs"].flatMap((key) => + collectCandidateSessions(value[key]), + ); + return ownSession ? [ownSession, ...nested] : nested; +} + +function sessionFromRecord( + value: Record, +): { name: string; status: string } | undefined { + const name = stringProperty(value, "name") ?? stringProperty(value, "Name"); + const status = + stringProperty(value, "status") ?? + stringProperty(value, "Status") ?? + stringProperty(value, "sessionStatus") ?? + stringProperty(value, "SessionStatus"); + return name && status ? { name, status } : undefined; +} + +function stringProperty(value: Record, key: string): string | undefined { + return typeof value[key] === "string" ? value[key] : undefined; +} + +function isRecord(value: unknown): value is Record { + return typeof value === "object" && value !== null; +} diff --git a/packages/core/src/project-binding/routes.ts b/packages/core/src/project-binding/routes.ts new file mode 100644 index 0000000..e0cbd83 --- /dev/null +++ b/packages/core/src/project-binding/routes.ts @@ -0,0 +1,36 @@ +import { PROJECT_BINDING_STATES, type ProjectBindingState } from "./types"; + +export { PROJECT_BINDING_STATES }; +export type { ProjectBindingState }; + +export const PROJECT_BINDINGS_CONTROL_PATH = "/control/project-bindings"; +export const PROJECT_BINDING_CONNECT_PATH = `${PROJECT_BINDINGS_CONTROL_PATH}/connect`; + +export function projectBindingConnectPath(): string { + return PROJECT_BINDING_CONNECT_PATH; +} + +export function projectBindingStatusPath(bindingId: string): string { + return `${PROJECT_BINDINGS_CONTROL_PATH}/${encodeURIComponent(bindingId)}/status`; +} + +export function projectBindingConnectUrl(baseUrl: string | URL): string { + return withBasePath(baseUrl, projectBindingConnectPath()).toString(); +} + +export function projectBindingStatusUrl(baseUrl: string | URL, bindingId: string): string { + return withBasePath(baseUrl, projectBindingStatusPath(bindingId)).toString(); +} + +function withBasePath(baseUrl: string | URL, path: string): URL { + const url = new URL(baseUrl); + url.pathname = `${trimTrailingSlash(url.pathname)}${path}`; + url.search = ""; + url.hash = ""; + return url; +} + +function trimTrailingSlash(pathname: string): string { + if (pathname === "/") return ""; + return pathname.replace(/\/+$/u, ""); +} diff --git a/packages/core/src/project-binding/session.ts b/packages/core/src/project-binding/session.ts new file mode 100644 index 0000000..4a374d1 --- /dev/null +++ b/packages/core/src/project-binding/session.ts @@ -0,0 +1,393 @@ +import { Buffer } from "node:buffer"; +import { fingerprintProjectRoot } from "../cloud/project-root"; +import { CapletsError } from "../errors"; +import type { ResolvedCapletsRemote } from "../remote/options"; +import type { BindingTerminalReason, ProjectBindingState, ProjectBindingSyncState } from "./types"; +import { + defaultProjectBindingWebSocketFactory, + PROJECT_BINDING_SOCKET_OPEN, + type ProjectBindingSocketEvent, + type ProjectBindingWebSocket, + type ProjectBindingWebSocketFactory, +} from "./transport"; + +export type ProjectBindingSessionEvent = + | { type: "state"; state: ProjectBindingState; message?: string | undefined; requestId?: string } + | { + type: "ready"; + bindingId: string; + sessionId: string; + projectRoot: string; + projectFingerprint: string; + webSocketUrl: string; + requestId?: string | undefined; + } + | { + type: "reconnecting"; + bindingId: string; + sessionId: string; + attempt: number; + reason: string; + requestId?: string | undefined; + } + | { type: "heartbeat"; bindingId: string; sessionId: string; state: ProjectBindingState } + | { type: "ended"; bindingId?: string; sessionId?: string; reason: BindingTerminalReason }; + +export type ProjectBindingSocketServerMessage = + | { + type: "state"; + state: ProjectBindingState; + syncState: ProjectBindingSyncState; + requestId?: string | undefined; + } + | { + type: "ready"; + bindingId: string; + sessionId: string; + syncState: ProjectBindingSyncState; + requestId?: string | undefined; + } + | { type: "blocked"; reason: BindingTerminalReason } + | { type: "ended"; reason: BindingTerminalReason }; + +export type ProjectBindingSocketClientMessage = + | { + type: "heartbeat"; + bindingId: string; + sessionId: string; + state: ProjectBindingState; + syncState: ProjectBindingSyncState; + } + | { type: "end"; bindingId: string; sessionId: string; reason: BindingTerminalReason }; + +export type RunProjectBindingSessionInput = { + projectRoot: string; + remote: ResolvedCapletsRemote; + fetch?: typeof fetch | undefined; + webSocketFactory?: ProjectBindingWebSocketFactory | undefined; + signal?: AbortSignal | undefined; + heartbeatIntervalMs?: number | undefined; + onEvent?: ((event: ProjectBindingSessionEvent) => void) | undefined; +}; + +export async function runProjectBindingSession(input: RunProjectBindingSessionInput): Promise<{ + ok: true; + bindingId: string; + sessionId: string; + projectRoot: string; + projectFingerprint: string; + webSocketUrl: string; + ended: true; +}> { + const fetchImpl = input.fetch ?? input.remote.fetch ?? fetch; + const webSocketFactory = input.webSocketFactory ?? defaultProjectBindingWebSocketFactory; + const heartbeatIntervalMs = input.heartbeatIntervalMs ?? 15_000; + const projectFingerprint = fingerprintProjectRoot(input.projectRoot); + const requestInit = input.remote.requestInit; + input.onEvent?.({ type: "state", state: "attaching" }); + + const created = await postJson<{ + binding: { + bindingId: string; + state?: ProjectBindingState; + syncState?: ProjectBindingSyncState; + }; + sessionId: string; + }>(fetchImpl, sessionUrl(input.remote), requestInit, { + projectRoot: input.projectRoot, + projectFingerprint, + workspaceId: input.remote.workspace ?? "default", + }); + const bindingId = created.binding.bindingId; + const sessionId = created.sessionId; + let state: ProjectBindingState = created.binding.state ?? "attaching"; + let syncState: ProjectBindingSyncState = created.binding.syncState ?? "pending"; + let ended = false; + let heartbeatTimer: ReturnType | undefined; + const publicWebSocketUrl = input.remote.projectBindingWebSocketUrl.toString(); + const socketUrl = bindingSocketUrl(input.remote, bindingId, sessionId, projectFingerprint); + const socketProtocols = bindingSocketProtocols(input.remote); + + const emitReady = (requestId?: string | undefined) => { + input.onEvent?.({ + type: "ready", + bindingId, + sessionId, + projectRoot: input.projectRoot, + projectFingerprint, + webSocketUrl: publicWebSocketUrl, + ...(requestId ? { requestId } : {}), + }); + }; + + const heartbeat = async (socket?: ProjectBindingWebSocket | undefined) => { + const payload: ProjectBindingSocketClientMessage = { + type: "heartbeat", + bindingId, + sessionId, + state, + syncState, + }; + if (socket?.readyState === PROJECT_BINDING_SOCKET_OPEN) { + socket.send(JSON.stringify(payload)); + } + await postJson(fetchImpl, heartbeatUrl(input.remote, bindingId), requestInit, { + sessionId, + state, + syncState, + }).catch(() => undefined); + input.onEvent?.({ type: "heartbeat", bindingId, sessionId, state }); + }; + + const connect = async (attempt: number): Promise => { + const socket = webSocketFactory(socketUrl, socketProtocols); + await waitForOpen(socket, input.signal); + if (input.signal?.aborted) { + closeSocket(socket, 1000, "aborted"); + return; + } + + const closePromise = new Promise<{ reconnect: boolean; reason: string }>((resolve) => { + listen(socket, "message", (event) => { + const message = parseSocketMessage(event.data); + if (!message) return; + if (message.type === "state") { + state = message.state; + syncState = message.syncState; + input.onEvent?.({ + type: "state", + state, + ...(message.requestId ? { requestId: message.requestId } : {}), + }); + return; + } + if (message.type === "ready") { + state = "ready"; + syncState = message.syncState; + emitReady(message.requestId); + return; + } + if (message.type === "blocked") { + state = "blocked"; + input.onEvent?.({ type: "ended", bindingId, sessionId, reason: message.reason }); + resolve({ reconnect: false, reason: message.reason.message }); + return; + } + input.onEvent?.({ type: "ended", bindingId, sessionId, reason: message.reason }); + resolve({ reconnect: false, reason: message.reason.message }); + }); + listen(socket, "close", (event) => { + resolve({ + reconnect: !input.signal?.aborted && attempt < 1, + reason: event.reason ?? `WebSocket closed${event.code ? ` (${event.code})` : ""}.`, + }); + }); + listen(socket, "error", () => { + resolve({ reconnect: !input.signal?.aborted && attempt < 1, reason: "WebSocket error." }); + }); + }); + + heartbeatTimer = setInterval(() => { + void heartbeat(socket); + }, heartbeatIntervalMs); + await heartbeat(socket); + + const closed = await Promise.race([closePromise, waitForAbort(input.signal)]); + if (heartbeatTimer) clearInterval(heartbeatTimer); + heartbeatTimer = undefined; + closeSocket(socket, 1000, "Binding Session closed."); + + if (closed === "abort") return; + if (closed.reconnect) { + input.onEvent?.({ + type: "reconnecting", + bindingId, + sessionId, + attempt: attempt + 1, + reason: closed.reason, + }); + await connect(attempt + 1); + } + }; + + try { + await connect(0); + } finally { + ended = true; + if (heartbeatTimer) clearInterval(heartbeatTimer); + const reason: BindingTerminalReason = input.signal?.aborted + ? { code: "interrupted", message: "Binding Session ended." } + : { code: "completed", message: "Binding Session completed." }; + await endRemoteSession(fetchImpl, input.remote, requestInit, bindingId, sessionId, reason); + input.onEvent?.({ type: "ended", bindingId, sessionId, reason }); + } + + return { + ok: true, + bindingId, + sessionId, + projectRoot: input.projectRoot, + projectFingerprint, + webSocketUrl: publicWebSocketUrl, + ended, + }; +} + +async function postJson( + fetchImpl: typeof fetch, + url: URL, + requestInit: RequestInit, + body: unknown, +): Promise { + const headers = new Headers(requestInit.headers); + headers.set("content-type", "application/json"); + const response = await fetchImpl(url, { + ...requestInit, + method: "POST", + headers, + body: JSON.stringify(body), + }); + if (!response.ok) { + throw new CapletsError( + "SERVER_UNAVAILABLE", + `Project Binding request failed (${response.status}).`, + ); + } + return (await response.json().catch(() => ({}))) as T; +} + +async function endRemoteSession( + fetchImpl: typeof fetch, + remote: ResolvedCapletsRemote, + requestInit: RequestInit, + bindingId: string, + sessionId: string, + reason: BindingTerminalReason, +): Promise { + const headers = new Headers(requestInit.headers); + headers.set("content-type", "application/json"); + await fetchImpl(endSessionUrl(remote, bindingId), { + ...requestInit, + method: "DELETE", + headers, + body: JSON.stringify({ sessionId, terminalReason: reason }), + }).catch(() => undefined); +} + +function sessionUrl(remote: ResolvedCapletsRemote): URL { + return controlProjectBindingUrl(remote, "sessions"); +} + +function heartbeatUrl(remote: ResolvedCapletsRemote, bindingId: string): URL { + return controlProjectBindingUrl(remote, `${encodeURIComponent(bindingId)}/heartbeat`); +} + +function endSessionUrl(remote: ResolvedCapletsRemote, bindingId: string): URL { + return controlProjectBindingUrl(remote, `${encodeURIComponent(bindingId)}/session`); +} + +function controlProjectBindingUrl(remote: ResolvedCapletsRemote, suffix: string): URL { + const url = new URL(remote.projectBindingWebSocketUrl); + if (url.protocol === "wss:") url.protocol = "https:"; + if (url.protocol === "ws:") url.protocol = "http:"; + url.pathname = url.pathname.replace(/\/connect$/u, `/${suffix}`); + url.search = ""; + url.hash = ""; + return url; +} + +function bindingSocketUrl( + remote: ResolvedCapletsRemote, + bindingId: string, + sessionId: string, + projectFingerprint: string, +): string { + const url = new URL(remote.projectBindingWebSocketUrl); + url.searchParams.set("bindingId", bindingId); + url.searchParams.set("sessionId", sessionId); + url.searchParams.set("projectFingerprint", projectFingerprint); + return url.toString(); +} + +function bindingSocketProtocols(remote: ResolvedCapletsRemote): string[] | undefined { + if (remote.auth.type !== "bearer") return undefined; + return [ + "caplets.project-binding.v1", + `caplets.bearer.${Buffer.from(remote.auth.token).toString("base64url")}`, + ]; +} + +function parseSocketMessage(data: unknown): ProjectBindingSocketServerMessage | undefined { + const text = + typeof data === "string" + ? data + : data instanceof ArrayBuffer + ? new TextDecoder().decode(data) + : undefined; + if (!text) return undefined; + const parsed = JSON.parse(text) as Partial; + return typeof parsed.type === "string" + ? (parsed as ProjectBindingSocketServerMessage) + : undefined; +} + +async function waitForOpen( + socket: ProjectBindingWebSocket, + signal: AbortSignal | undefined, +): Promise { + if (socket.readyState === PROJECT_BINDING_SOCKET_OPEN) { + return; + } + await Promise.race([ + new Promise((resolve, reject) => { + listen(socket, "open", () => resolve(), { once: true }); + listen( + socket, + "error", + () => + reject( + new CapletsError("SERVER_UNAVAILABLE", "Project Binding WebSocket failed to open."), + ), + { + once: true, + }, + ); + }), + waitForAbort(signal).then(() => undefined), + ]); +} + +function waitForAbort(signal: AbortSignal | undefined): Promise<"abort"> { + if (signal?.aborted) return Promise.resolve("abort"); + return new Promise((resolve) => { + signal?.addEventListener("abort", () => resolve("abort"), { once: true }); + }); +} + +function listen( + socket: ProjectBindingWebSocket, + type: "open" | "message" | "close" | "error", + listener: (event: ProjectBindingSocketEvent) => void, + options?: { once?: boolean }, +): void { + if (socket.addEventListener) { + socket.addEventListener(type, listener, options); + return; + } + const key = `on${type}` as const; + const existing = socket[key]; + const wrapper = (event: ProjectBindingSocketEvent) => { + existing?.(event); + listener(event); + if (options?.once && socket[key] === wrapper) socket[key] = existing ?? null; + }; + socket[key] = wrapper; +} + +function closeSocket(socket: ProjectBindingWebSocket, code: number, reason: string): void { + try { + socket.close(code, reason); + } catch { + // Best-effort cleanup; the REST lease end is the durable cleanup path. + } +} diff --git a/packages/core/src/project-binding/sync-filter.ts b/packages/core/src/project-binding/sync-filter.ts new file mode 100644 index 0000000..7881ae1 --- /dev/null +++ b/packages/core/src/project-binding/sync-filter.ts @@ -0,0 +1,206 @@ +import { existsSync, readdirSync, readFileSync, statSync } from "node:fs"; +import { join, relative, sep } from "node:path"; + +export type ProjectSyncExclusionSource = "hard_denylist" | "gitignore" | "capletsignore"; + +export type ProjectSyncExclusionSummary = { + source: ProjectSyncExclusionSource; + pattern: string; + count: number; +}; + +export type ProjectSyncManifestFile = { + relativePath: string; + sizeBytes: number; +}; + +export type ProjectSyncManifest = { + projectRoot: string; + files: ProjectSyncManifestFile[]; + totalBytes: number; + exclusionSummary: ProjectSyncExclusionSummary[]; +}; + +type IgnoreRule = { + pattern: string; + negated: boolean; +}; + +const HARD_DENYLIST = [ + ".git/", + ".hg/", + ".svn/", + "node_modules/", + ".venv/", + "venv/", + "__pycache__/", + ".pytest_cache/", + ".mypy_cache/", + ".ruff_cache/", + ".next/", + ".nuxt/", + ".turbo/", + ".cache/", + "dist/", + "build/", + "coverage/", + ".DS_Store", + ".env", + ".env.local", + ".env.development", + ".env.production", + ".npmrc", + ".pypirc", + "id_rsa", + "id_ed25519", + "*.pem", + "*.key", + "*.p12", + "*.zip", + "*.tar", + "*.tar.gz", + "*.tgz", + "*.rar", + "*.7z", +]; + +const SAFE_TEMPLATE_ALLOWLIST = [/^\.env\.(example|sample|template)$/u]; + +export function buildProjectSyncManifest(input: { projectRoot: string }): ProjectSyncManifest { + const gitignore = [ + ...loadIgnoreFile(input.projectRoot, ".gitignore"), + ...loadIgnoreFile(input.projectRoot, join(".git", "info", "exclude")), + ]; + const capletsignore = loadIgnoreFile(input.projectRoot, ".capletsignore"); + const files: ProjectSyncManifestFile[] = []; + const excluded = new Map(); + + walk(input.projectRoot, (absolutePath, directory) => { + const relativePath = normalizeRelative(relative(input.projectRoot, absolutePath)); + if (!relativePath) return true; + const denial = hardDenylistPattern(relativePath, directory); + if (denial && !safeTemplate(relativePath)) { + addExcluded(excluded, "hard_denylist", denial); + return false; + } + const gitPattern = matchingIgnorePattern(gitignore, relativePath, directory); + if (gitPattern) { + addExcluded(excluded, "gitignore", gitPattern); + return false; + } + const capletsPattern = matchingIgnorePattern(capletsignore, relativePath, directory); + if (capletsPattern && !safeTemplate(relativePath)) { + addExcluded(excluded, "capletsignore", capletsPattern); + return false; + } + if (!directory) { + files.push({ relativePath, sizeBytes: statSync(absolutePath).size }); + } + return true; + }); + + files.sort((a, b) => a.relativePath.localeCompare(b.relativePath)); + return { + projectRoot: input.projectRoot, + files, + totalBytes: files.reduce((total, file) => total + file.sizeBytes, 0), + exclusionSummary: [...excluded.values()].sort((a, b) => + `${a.source}:${a.pattern}`.localeCompare(`${b.source}:${b.pattern}`), + ), + }; +} + +function walk(root: string, visit: (absolutePath: string, directory: boolean) => boolean): void { + for (const entry of readdirSync(root, { withFileTypes: true })) { + if (entry.isSymbolicLink()) continue; + const absolutePath = join(root, entry.name); + const directory = entry.isDirectory(); + if (!visit(absolutePath, directory)) continue; + if (directory) walk(absolutePath, visit); + } +} + +function loadIgnoreFile(root: string, name: string): IgnoreRule[] { + const path = join(root, name); + if (!existsSync(path)) return []; + return readFileSync(path, "utf8") + .split(/\r?\n/u) + .map((line) => line.trim()) + .filter((line) => line.length > 0 && !line.startsWith("#")) + .map((line) => { + const negated = line.startsWith("!"); + return { pattern: negated ? line.slice(1) : line, negated }; + }) + .filter((rule) => rule.pattern.length > 0); +} + +function matchingIgnorePattern( + rules: IgnoreRule[], + relativePath: string, + directory: boolean, +): string | undefined { + let matchedPattern: string | undefined; + for (const rule of rules) { + if (!matchesPattern(relativePath, rule.pattern, directory)) continue; + matchedPattern = rule.negated ? undefined : rule.pattern; + } + return matchedPattern; +} + +function hardDenylistPattern(relativePath: string, directory: boolean): string | undefined { + return HARD_DENYLIST.find((pattern) => matchesPattern(relativePath, pattern, directory)); +} + +function matchesPattern(relativePath: string, pattern: string, directory: boolean): boolean { + const normalized = pattern.replace(/\\/gu, "/"); + const anchored = normalized.startsWith("/"); + const body = anchored ? normalized.replace(/^\/+/u, "") : normalized; + if (!body) return false; + if (body.endsWith("/")) { + const prefix = body.slice(0, -1); + if (!prefix) return false; + return directory + ? matchesPathOrDescendant(relativePath, prefix, anchored) + : matchesDescendant(relativePath, prefix, anchored); + } + if (body.startsWith("*.")) { + return anchored + ? !relativePath.includes("/") && relativePath.endsWith(body.slice(1)) + : relativePath.endsWith(body.slice(1)); + } + return matchesPathOrDescendant(relativePath, body, anchored || body.includes("/")); +} + +function matchesDescendant(relativePath: string, pattern: string, anchored: boolean): boolean { + if (relativePath.startsWith(`${pattern}/`)) return true; + if (anchored) return false; + return relativePath.includes(`/${pattern}/`); +} + +function matchesPathOrDescendant( + relativePath: string, + pattern: string, + anchored: boolean, +): boolean { + if (relativePath === pattern || relativePath.startsWith(`${pattern}/`)) return true; + if (anchored) return false; + return relativePath.split("/").includes(pattern); +} + +function safeTemplate(relativePath: string): boolean { + return SAFE_TEMPLATE_ALLOWLIST.some((pattern) => pattern.test(relativePath)); +} + +function addExcluded( + excluded: Map, + source: ProjectSyncExclusionSource, + pattern: string, +): void { + const key = `${source}:${pattern}`; + const existing = excluded.get(key); + excluded.set(key, { source, pattern, count: (existing?.count ?? 0) + 1 }); +} + +function normalizeRelative(value: string): string { + return value.split(sep).join("/"); +} diff --git a/packages/core/src/project-binding/sync-size.ts b/packages/core/src/project-binding/sync-size.ts new file mode 100644 index 0000000..0ef08d7 --- /dev/null +++ b/packages/core/src/project-binding/sync-size.ts @@ -0,0 +1,62 @@ +import type { ProjectBindingErrorCode } from "./errors"; +import type { ProjectSyncManifestFile } from "./sync-filter"; + +export type ProjectSyncTier = "free" | "plus" | "pro" | "enterprise" | "self_hosted"; + +export type ProjectSyncLimits = { + maxSingleFileBytes: number; + maxProjectBytes: number; +}; + +export const DEFAULT_SYNC_LIMITS: Record = { + free: { maxSingleFileBytes: 25 * 1024 * 1024, maxProjectBytes: 250 * 1024 * 1024 }, + plus: { maxSingleFileBytes: 100 * 1024 * 1024, maxProjectBytes: 1024 * 1024 * 1024 }, + pro: { maxSingleFileBytes: 250 * 1024 * 1024, maxProjectBytes: 5 * 1024 * 1024 * 1024 }, + enterprise: { maxSingleFileBytes: 250 * 1024 * 1024, maxProjectBytes: 5 * 1024 * 1024 * 1024 }, + self_hosted: { maxSingleFileBytes: 250 * 1024 * 1024, maxProjectBytes: 5 * 1024 * 1024 * 1024 }, +}; + +export type ProjectSyncSizeResult = + | { + ok: true; + totalBytes: number; + maxSingleFileBytes: number; + maxProjectBytes: number; + } + | { + ok: false; + code: ProjectBindingErrorCode; + totalBytes: number; + maxSingleFileBytes: number; + maxProjectBytes: number; + largestFileBytes?: number | undefined; + recoveryCommand: string; + }; + +export function enforceProjectSyncSizeLimits(input: { + tier: ProjectSyncTier; + files: ProjectSyncManifestFile[]; + limits?: Partial | undefined; +}): ProjectSyncSizeResult { + const defaults = DEFAULT_SYNC_LIMITS[input.tier]; + const limits = { ...defaults, ...input.limits }; + const totalBytes = input.files.reduce((total, file) => total + file.sizeBytes, 0); + const largestFileBytes = Math.max(0, ...input.files.map((file) => file.sizeBytes)); + if (largestFileBytes > limits.maxSingleFileBytes || totalBytes > limits.maxProjectBytes) { + return { + ok: false, + code: "sync_size_limit_exceeded", + totalBytes, + maxSingleFileBytes: limits.maxSingleFileBytes, + maxProjectBytes: limits.maxProjectBytes, + largestFileBytes, + recoveryCommand: "Add exclusions to .capletsignore or upgrade the workspace plan.", + }; + } + return { + ok: true, + totalBytes, + maxSingleFileBytes: limits.maxSingleFileBytes, + maxProjectBytes: limits.maxProjectBytes, + }; +} diff --git a/packages/core/src/project-binding/transport.ts b/packages/core/src/project-binding/transport.ts new file mode 100644 index 0000000..feb2eae --- /dev/null +++ b/packages/core/src/project-binding/transport.ts @@ -0,0 +1,42 @@ +export type ProjectBindingSocketEvent = { + data?: unknown; + code?: number | undefined; + reason?: string | undefined; +}; + +export type ProjectBindingWebSocket = { + readonly readyState?: number; + send(data: string): void; + close(code?: number, reason?: string): void; + addEventListener?: ( + type: "open" | "message" | "close" | "error", + listener: (event: ProjectBindingSocketEvent) => void, + options?: { once?: boolean }, + ) => void; + removeEventListener?: ( + type: "open" | "message" | "close" | "error", + listener: (event: ProjectBindingSocketEvent) => void, + ) => void; + onopen?: ((event: ProjectBindingSocketEvent) => void) | null; + onmessage?: ((event: ProjectBindingSocketEvent) => void) | null; + onclose?: ((event: ProjectBindingSocketEvent) => void) | null; + onerror?: ((event: ProjectBindingSocketEvent) => void) | null; +}; + +export type ProjectBindingWebSocketFactory = ( + url: string, + protocols?: string | string[] | undefined, +) => ProjectBindingWebSocket; + +export const PROJECT_BINDING_SOCKET_OPEN = 1; + +export function defaultProjectBindingWebSocketFactory( + url: string, + protocols?: string | string[] | undefined, +): ProjectBindingWebSocket { + const WebSocketCtor = globalThis.WebSocket; + if (!WebSocketCtor) { + throw new Error("WebSocket is not available in this runtime."); + } + return new WebSocketCtor(url, protocols) as ProjectBindingWebSocket; +} diff --git a/packages/core/src/project-binding/types.ts b/packages/core/src/project-binding/types.ts new file mode 100644 index 0000000..77f176b --- /dev/null +++ b/packages/core/src/project-binding/types.ts @@ -0,0 +1,65 @@ +export type ProjectBindingState = + | "not_attached" + | "attaching" + | "syncing" + | "ready" + | "degraded" + | "blocked" + | "offline" + | "cleaning_up" + | "ended" + | "expired"; + +export const PROJECT_BINDING_STATES: readonly ProjectBindingState[] = [ + "not_attached", + "attaching", + "syncing", + "ready", + "degraded", + "blocked", + "offline", + "cleaning_up", + "ended", + "expired", +]; + +export const PROJECT_BINDING_SYNC_STATES = [ + "not_started", + "pending", + "syncing", + "idle", + "failed", +] as const; + +export type ProjectBindingSyncState = (typeof PROJECT_BINDING_SYNC_STATES)[number]; + +export type BindingTerminalReason = { + code: import("./errors").ProjectBindingErrorCode | "interrupted" | "completed"; + message: string; + recoveryCommand?: string | undefined; + requestId?: string | undefined; +}; + +export type ProjectBindingLease = { + bindingId: string; + projectFingerprint: string; + state: ProjectBindingState; + active: boolean; + updatedAt: string; + expiresAt?: string; + diagnosticCode?: string; +}; + +export type ProjectBindingWorkspaceMetadata = { + projectFingerprint: string; + projectRoot: string; + createdAt: string; + lastActiveAt: string; +}; + +export type ProjectBindingSetupReceipt = { + capletId: string; + status: "succeeded" | "failed" | "skipped"; + recordedAt?: string; + contentHash?: string; +}; diff --git a/packages/core/src/project-binding/workspaces.ts b/packages/core/src/project-binding/workspaces.ts new file mode 100644 index 0000000..2b56284 --- /dev/null +++ b/packages/core/src/project-binding/workspaces.ts @@ -0,0 +1,305 @@ +import { + existsSync, + mkdirSync, + readdirSync, + readFileSync, + rmSync, + statSync, + writeFileSync, +} from "node:fs"; +import { homedir } from "node:os"; +import { join, posix, win32 } from "node:path"; +import type { + ProjectBindingLease, + ProjectBindingSetupReceipt, + ProjectBindingWorkspaceMetadata, +} from "./types"; + +const DEFAULT_STALE_LEASE_TTL_MS = 2 * 60 * 1000; +const DEFAULT_INACTIVE_WORKSPACE_TTL_MS = 30 * 24 * 60 * 60 * 1000; +const DEFAULT_SOFT_DISK_CAP_BYTES = 10 * 1024 * 1024 * 1024; + +type PathEnv = Partial>; + +export type ProjectBindingWorkspaceRootOptions = { + env?: PathEnv; + platform?: NodeJS.Platform; + homedir?: string; + root?: string; +}; + +export type ProjectBindingWorkspacePaths = { + projectFingerprint: string; + root: string; + project: string; + metadata: string; + leases: string; + setup: string; + setupReceipts: string; + lease(bindingId: string): string; +}; + +export type ProjectBindingWorkspaceStoreOptions = ProjectBindingWorkspaceRootOptions & { + now?: () => Date; + staleLeaseTtlMs?: number; + inactiveWorkspaceTtlMs?: number; + softDiskCapBytes?: number; + workspaceSizeBytes?: (paths: ProjectBindingWorkspacePaths) => number; +}; + +export type EnsureProjectBindingWorkspaceInput = { + projectFingerprint: string; + projectRoot: string; + lastActiveAt?: string; + createdAt?: string; +}; + +export type ProjectBindingCleanupResult = { + expiredLeases: string[]; + deletedWorkspaces: string[]; + retainedWorkspaces: string[]; +}; + +export function projectBindingWorkspaceRoot( + options: ProjectBindingWorkspaceRootOptions = {}, +): string { + if (options.root) return options.root; + + const platform = options.platform ?? process.platform; + const home = options.homedir ?? homedir(); + const env = options.env ?? process.env; + if (platform === "win32") { + const base = + env.LOCALAPPDATA && win32.isAbsolute(env.LOCALAPPDATA) + ? env.LOCALAPPDATA + : win32.join(home, "AppData", "Local"); + return win32.join(base, "Caplets", "State", "workspaces"); + } + + const base = + env.XDG_STATE_HOME && posix.isAbsolute(env.XDG_STATE_HOME) + ? env.XDG_STATE_HOME + : posix.join(home, ".local", "state"); + return posix.join(base, "caplets", "workspaces"); +} + +export function projectBindingWorkspacePaths( + projectFingerprint: string, + options: ProjectBindingWorkspaceRootOptions = {}, +): ProjectBindingWorkspacePaths { + assertPathSegment(projectFingerprint, "project fingerprint"); + const pathJoin = pathJoinFor(options.platform); + const root = pathJoin(projectBindingWorkspaceRoot(options), projectFingerprint); + const leases = pathJoin(root, "leases"); + const setup = pathJoin(root, "setup"); + return { + projectFingerprint, + root, + project: pathJoin(root, "project"), + metadata: pathJoin(root, "metadata.json"), + leases, + setup, + setupReceipts: pathJoin(setup, "receipts.json"), + lease(bindingId: string) { + assertPathSegment(bindingId, "binding ID"); + return pathJoin(leases, `${bindingId}.json`); + }, + }; +} + +export class ProjectBindingWorkspaceStore { + private readonly root: string; + private readonly now: () => Date; + private readonly staleLeaseTtlMs: number; + private readonly inactiveWorkspaceTtlMs: number; + private readonly softDiskCapBytes: number; + private readonly workspaceSizeBytes: (paths: ProjectBindingWorkspacePaths) => number; + + constructor(private readonly options: ProjectBindingWorkspaceStoreOptions = {}) { + this.root = projectBindingWorkspaceRoot(options); + this.now = options.now ?? (() => new Date()); + this.staleLeaseTtlMs = options.staleLeaseTtlMs ?? DEFAULT_STALE_LEASE_TTL_MS; + this.inactiveWorkspaceTtlMs = + options.inactiveWorkspaceTtlMs ?? DEFAULT_INACTIVE_WORKSPACE_TTL_MS; + this.softDiskCapBytes = options.softDiskCapBytes ?? DEFAULT_SOFT_DISK_CAP_BYTES; + this.workspaceSizeBytes = options.workspaceSizeBytes ?? ((paths) => directorySize(paths.root)); + } + + paths(projectFingerprint: string): ProjectBindingWorkspacePaths { + return projectBindingWorkspacePaths(projectFingerprint, { ...this.options, root: this.root }); + } + + async ensureWorkspace( + input: EnsureProjectBindingWorkspaceInput, + ): Promise { + const paths = this.paths(input.projectFingerprint); + const now = this.now().toISOString(); + const existing = this.readMetadata(input.projectFingerprint); + const metadata: ProjectBindingWorkspaceMetadata = { + projectFingerprint: input.projectFingerprint, + projectRoot: input.projectRoot, + createdAt: input.createdAt ?? existing?.createdAt ?? now, + lastActiveAt: input.lastActiveAt ?? now, + }; + + mkdirSync(paths.project, { recursive: true }); + mkdirSync(paths.leases, { recursive: true }); + mkdirSync(paths.setup, { recursive: true }); + writeJson(paths.metadata, metadata); + return paths; + } + + async writeLease(lease: ProjectBindingLease): Promise { + const paths = this.paths(lease.projectFingerprint); + mkdirSync(paths.leases, { recursive: true }); + writeJson(paths.lease(lease.bindingId), lease); + if (lease.active) { + const metadata = this.readMetadata(lease.projectFingerprint); + if (metadata) { + writeJson(paths.metadata, { ...metadata, lastActiveAt: lease.updatedAt }); + } + } + } + + async listLeases(projectFingerprint: string): Promise { + return this.leasesFor(this.paths(projectFingerprint)).map((entry) => entry.lease); + } + + async writeSetupReceipts( + projectFingerprint: string, + receipts: ProjectBindingSetupReceipt[], + ): Promise { + const paths = this.paths(projectFingerprint); + mkdirSync(paths.setup, { recursive: true }); + writeJson(paths.setupReceipts, receipts); + } + + async cleanup(): Promise { + const expiredLeases: string[] = []; + const deletedWorkspaces: string[] = []; + const retainedWorkspaces: string[] = []; + const candidates: WorkspaceCandidate[] = []; + + for (const paths of this.workspacePaths()) { + const leases = this.leasesFor(paths); + for (const entry of leases) { + if (!entry.lease.active && this.isStaleLease(entry.lease)) { + rmSync(entry.path, { force: true }); + expiredLeases.push(entry.path); + } + } + + const active = this.leasesFor(paths).some((entry) => entry.lease.active); + if (active) { + retainedWorkspaces.push(paths.root); + continue; + } + + const metadata = this.readMetadata(paths.projectFingerprint); + const lastActiveMs = metadata + ? Date.parse(metadata.lastActiveAt) + : workspaceMtime(paths.root); + const sizeBytes = this.workspaceSizeBytes(paths); + candidates.push({ paths, lastActiveMs, sizeBytes }); + } + + for (const candidate of candidates) { + if (this.isInactiveWorkspace(candidate.lastActiveMs)) { + rmSync(candidate.paths.root, { recursive: true, force: true }); + deletedWorkspaces.push(candidate.paths.root); + } + } + + const remaining = candidates + .filter((candidate) => !deletedWorkspaces.includes(candidate.paths.root)) + .sort((first, second) => first.lastActiveMs - second.lastActiveMs); + let totalBytes = remaining.reduce((sum, candidate) => sum + candidate.sizeBytes, 0); + for (const candidate of remaining) { + if (totalBytes <= this.softDiskCapBytes) { + retainedWorkspaces.push(candidate.paths.root); + continue; + } + rmSync(candidate.paths.root, { recursive: true, force: true }); + deletedWorkspaces.push(candidate.paths.root); + totalBytes -= candidate.sizeBytes; + } + + return { expiredLeases, deletedWorkspaces, retainedWorkspaces }; + } + + private readMetadata(projectFingerprint: string): ProjectBindingWorkspaceMetadata | undefined { + const path = this.paths(projectFingerprint).metadata; + if (!existsSync(path)) return undefined; + return JSON.parse(readFileSync(path, "utf8")) as ProjectBindingWorkspaceMetadata; + } + + private workspacePaths(): ProjectBindingWorkspacePaths[] { + if (!existsSync(this.root)) return []; + return readdirSync(this.root, { withFileTypes: true }) + .filter((entry) => entry.isDirectory()) + .map((entry) => this.paths(entry.name)); + } + + private leasesFor( + paths: ProjectBindingWorkspacePaths, + ): { path: string; lease: ProjectBindingLease }[] { + if (!existsSync(paths.leases)) return []; + return readdirSync(paths.leases, { withFileTypes: true }) + .filter((entry) => entry.isFile() && entry.name.endsWith(".json")) + .map((entry) => { + const path = join(paths.leases, entry.name); + return { path, lease: JSON.parse(readFileSync(path, "utf8")) as ProjectBindingLease }; + }); + } + + private isStaleLease(lease: ProjectBindingLease): boolean { + const parsedExpiresAt = lease.expiresAt ? Date.parse(lease.expiresAt) : Number.NaN; + const staleAt = Number.isFinite(parsedExpiresAt) + ? parsedExpiresAt + : Date.parse(lease.updatedAt) + this.staleLeaseTtlMs; + return staleAt <= this.now().getTime(); + } + + private isInactiveWorkspace(lastActiveMs: number): boolean { + return lastActiveMs + this.inactiveWorkspaceTtlMs <= this.now().getTime(); + } +} + +type WorkspaceCandidate = { + paths: ProjectBindingWorkspacePaths; + lastActiveMs: number; + sizeBytes: number; +}; + +function writeJson(path: string, value: unknown): void { + writeFileSync(path, `${JSON.stringify(value, null, 2)}\n`, { mode: 0o600 }); +} + +function directorySize(path: string): number { + if (!existsSync(path)) return 0; + const stat = statSync(path); + if (stat.isFile()) return stat.size; + if (!stat.isDirectory()) return 0; + return readdirSync(path).reduce((sum, entry) => sum + directorySize(join(path, entry)), 0); +} + +function workspaceMtime(path: string): number { + return existsSync(path) ? statSync(path).mtimeMs : 0; +} + +function pathJoinFor(platform = process.platform): typeof join { + return platform === "win32" ? win32.join : join; +} + +function assertPathSegment(value: string, label: string): void { + if ( + !value || + value.includes("/") || + value.includes("\\") || + value.includes("\0") || + value === "." || + value === ".." + ) { + throw new Error(`Invalid ${label}: ${value}`); + } +} diff --git a/packages/core/src/remote-control/client.ts b/packages/core/src/remote-control/client.ts index 1729663..7e3398e 100644 --- a/packages/core/src/remote-control/client.ts +++ b/packages/core/src/remote-control/client.ts @@ -41,7 +41,7 @@ export class RemoteControlClient { if (response.status === 401 || response.status === 403) { throw new CapletsError( "AUTH_FAILED", - "Caplets server authentication failed. Check CAPLETS_SERVER_USER and CAPLETS_SERVER_PASSWORD.", + "Caplets remote authentication failed. Check CAPLETS_REMOTE_USER and CAPLETS_REMOTE_PASSWORD.", ); } diff --git a/packages/core/src/remote/options.ts b/packages/core/src/remote/options.ts new file mode 100644 index 0000000..6eb8f1b --- /dev/null +++ b/packages/core/src/remote/options.ts @@ -0,0 +1,195 @@ +import { Buffer } from "node:buffer"; +import { CapletsError } from "../errors"; +import { appendBasePath, parseServerBaseUrl } from "../server/options"; + +export type CapletsRemoteEnv = Partial< + Record< + | "CAPLETS_MODE" + | "CAPLETS_REMOTE_URL" + | "CAPLETS_REMOTE_USER" + | "CAPLETS_REMOTE_PASSWORD" + | "CAPLETS_REMOTE_TOKEN" + | "CAPLETS_REMOTE_WORKSPACE" + | "CAPLETS_SERVER_URL", + string + > +>; + +export type CapletsRemoteModeInput = { + mode?: string; + remoteUrl?: string; +}; + +export type CapletsRemoteMode = "local" | "remote" | "cloud"; + +export type CapletsRemoteInput = { + url?: string; + user?: string; + password?: string; + token?: string; + workspace?: string; + fetch?: typeof fetch; +}; + +export type CapletsRemoteAuth = + | { type: "none"; user: string } + | { type: "basic"; user: string; password: string } + | { type: "bearer"; token: string }; + +export type ResolvedCapletsRemote = { + baseUrl: URL; + mcpUrl: URL; + controlUrl: URL; + healthUrl: URL; + projectBindingWebSocketUrl: URL; + auth: CapletsRemoteAuth; + requestInit: RequestInit; + workspace?: string | undefined; + fetch?: typeof fetch; +}; + +const DEFAULT_REMOTE_USER = "caplets"; + +export function resolveRemoteMode( + input: CapletsRemoteModeInput = {}, + env: CapletsRemoteEnv = process.env, +): { mode: CapletsRemoteMode } { + const mode = parseCapletsMode(input.mode ?? env.CAPLETS_MODE ?? "auto"); + if (mode === "local") return { mode: "local" }; + + const rawUrl = + nonEmpty(input.remoteUrl, "remoteUrl") ?? + nonEmpty(env.CAPLETS_REMOTE_URL, "CAPLETS_REMOTE_URL"); + if (mode === "remote") { + if (rawUrl === undefined) { + throw new CapletsError( + "REQUEST_INVALID", + "CAPLETS_MODE=remote requires CAPLETS_REMOTE_URL or remoteUrl.", + ); + } + return { mode: "remote" }; + } + + if (mode === "cloud") { + if (rawUrl === undefined) { + throw new CapletsError("REQUEST_INVALID", "CAPLETS_MODE=cloud requires CAPLETS_REMOTE_URL."); + } + if (!isCapletsCloudUrl(rawUrl)) { + throw new CapletsError( + "REQUEST_INVALID", + "CAPLETS_MODE=cloud requires CAPLETS_REMOTE_URL to point at Caplets Cloud.", + ); + } + return { mode: "cloud" }; + } + + if (rawUrl === undefined) return { mode: "local" }; + return isCapletsCloudUrl(rawUrl) ? { mode: "cloud" } : { mode: "remote" }; +} + +export function resolveCapletsRemote( + input: CapletsRemoteInput = {}, + env: CapletsRemoteEnv = process.env, +): ResolvedCapletsRemote { + const rawUrl = + nonEmpty(input.url, "url") ?? nonEmpty(env.CAPLETS_REMOTE_URL, "CAPLETS_REMOTE_URL"); + if (rawUrl === undefined) { + throw new CapletsError("REQUEST_INVALID", "CAPLETS_REMOTE_URL or url is required."); + } + + const baseUrl = parseServerBaseUrl(rawUrl); + const token = + nonEmpty(input.token, "token") ?? nonEmpty(env.CAPLETS_REMOTE_TOKEN, "CAPLETS_REMOTE_TOKEN"); + const userWasExplicit = input.user !== undefined || hasEnv(env.CAPLETS_REMOTE_USER); + const user = + nonEmpty(input.user, "user") ?? + nonEmpty(env.CAPLETS_REMOTE_USER, "CAPLETS_REMOTE_USER") ?? + DEFAULT_REMOTE_USER; + const password = + nonEmpty(input.password, "password") ?? + nonEmpty(env.CAPLETS_REMOTE_PASSWORD, "CAPLETS_REMOTE_PASSWORD"); + const workspace = + nonEmpty(input.workspace, "workspace") ?? + nonEmpty(env.CAPLETS_REMOTE_WORKSPACE, "CAPLETS_REMOTE_WORKSPACE"); + + if (token && password) { + throw new CapletsError( + "REQUEST_INVALID", + "Use either CAPLETS_REMOTE_TOKEN or CAPLETS_REMOTE_PASSWORD, not both.", + ); + } + + if (!token && userWasExplicit && password === undefined) { + throw new CapletsError( + "REQUEST_INVALID", + "Remote Caplets Basic Auth requires a password; set CAPLETS_REMOTE_PASSWORD or password.", + ); + } + + const auth: CapletsRemoteAuth = token + ? { type: "bearer", token } + : password === undefined + ? { type: "none", user } + : { type: "basic", user, password }; + const requestInit: RequestInit = + auth.type === "bearer" + ? { headers: { Authorization: `Bearer ${auth.token}` } } + : auth.type === "basic" + ? { headers: { Authorization: basicAuthHeader(auth.user, auth.password) } } + : {}; + + return { + baseUrl, + mcpUrl: appendBasePath(baseUrl, "mcp"), + controlUrl: appendBasePath(baseUrl, "control"), + healthUrl: appendBasePath(baseUrl, "healthz"), + projectBindingWebSocketUrl: projectBindingWebSocketUrlForBase(baseUrl), + auth, + requestInit, + ...(workspace ? { workspace } : {}), + ...(input.fetch ? { fetch: input.fetch } : {}), + }; +} + +export function projectBindingWebSocketUrlForBase(baseUrl: URL): URL { + const url = appendBasePath(baseUrl, "control/project-bindings/connect"); + if (url.protocol === "https:") url.protocol = "wss:"; + if (url.protocol === "http:") url.protocol = "ws:"; + return url; +} + +export function isCapletsCloudUrl(value: string): boolean { + let url: URL; + try { + url = new URL(value); + } catch { + return false; + } + const host = url.hostname.toLowerCase(); + return host === "cloud.caplets.dev" || host.endsWith(".preview.caplets.dev"); +} + +function parseCapletsMode(value: string): "auto" | CapletsRemoteMode { + if (value === "auto" || value === "local" || value === "remote" || value === "cloud") { + return value; + } + throw new CapletsError( + "REQUEST_INVALID", + `Expected CAPLETS_MODE to be auto, local, remote, or cloud, got ${value}`, + ); +} + +function basicAuthHeader(user: string, password: string): string { + return `Basic ${Buffer.from(`${user}:${password}`).toString("base64")}`; +} + +function nonEmpty(value: string | undefined, label: string): string | undefined { + if (value === undefined) return undefined; + const trimmed = value.trim(); + if (!trimmed) throw new CapletsError("REQUEST_INVALID", `${label} must not be empty`); + return trimmed; +} + +function hasEnv(value: string | undefined): boolean { + return value !== undefined && value.trim() !== ""; +} diff --git a/packages/core/src/remote/selection.ts b/packages/core/src/remote/selection.ts new file mode 100644 index 0000000..835ce1e --- /dev/null +++ b/packages/core/src/remote/selection.ts @@ -0,0 +1,134 @@ +import { CloudAuthClient } from "../cloud-auth/client"; +import { CloudAuthStore, type CloudAuthCredentials } from "../cloud-auth/store"; +import { CapletsError } from "../errors"; +import { projectBindingError } from "../project-binding/errors"; +import { resolveCapletsRemote, resolveRemoteMode, type ResolvedCapletsRemote } from "./options"; + +export type RemoteSelectionInput = { + mode?: string; + remoteUrl?: string; + user?: string; + password?: string; + token?: string; + workspace?: string; + fetch?: typeof fetch; +}; + +export type ResolvedRemoteSelection = + | { + kind: "self_hosted_remote"; + remote: ResolvedCapletsRemote; + } + | { + kind: "hosted_cloud"; + remote: ResolvedCapletsRemote; + selectedWorkspace: string; + credentials: CloudAuthCredentials; + cloudPresence: { + url: URL; + accessToken: string; + workspaceId: string; + }; + }; + +export async function resolveRemoteSelection( + input: RemoteSelectionInput = {}, + env: Record = process.env, +): Promise { + const modeValue = input.mode ?? env.CAPLETS_MODE; + const mode = resolveRemoteMode( + { + ...(modeValue !== undefined ? { mode: modeValue } : {}), + ...(input.remoteUrl !== undefined ? { remoteUrl: input.remoteUrl } : {}), + }, + env, + ); + + if (mode.mode === "local") { + throw new CapletsError( + "REQUEST_INVALID", + "caplets attach requires a remote upstream; set CAPLETS_REMOTE_URL or use caplets serve for local-only MCP.", + ); + } + + if (mode.mode === "remote") { + return { + kind: "self_hosted_remote", + remote: resolveCapletsRemote( + { + ...(input.remoteUrl !== undefined ? { url: input.remoteUrl } : {}), + ...(input.user !== undefined ? { user: input.user } : {}), + ...(input.password !== undefined ? { password: input.password } : {}), + ...(input.token !== undefined ? { token: input.token } : {}), + ...(input.workspace !== undefined ? { workspace: input.workspace } : {}), + ...(input.fetch !== undefined ? { fetch: input.fetch } : {}), + }, + env, + ), + }; + } + + const store = new CloudAuthStore({ env }); + let credentials = await store.load(); + if (!credentials?.accessToken) { + throw projectBindingError("cloud_auth_required"); + } + + if (credentialsNeedRefresh(credentials)) { + if (!credentials.refreshToken) { + throw projectBindingError("cloud_auth_required"); + } + const refreshed = await new CloudAuthClient({ + cloudUrl: credentials.cloudUrl, + ...(input.fetch !== undefined ? { fetch: input.fetch } : {}), + }).refresh({ refreshToken: credentials.refreshToken }); + credentials = { + ...credentials, + ...refreshed, + refreshToken: refreshed.refreshToken ?? credentials.refreshToken, + createdAt: credentials.createdAt, + lastRefreshAt: new Date().toISOString(), + }; + await store.save(credentials); + } + + const selectedWorkspace = credentials.workspaceSlug ?? credentials.workspaceId; + if ( + input.workspace && + input.workspace !== credentials.workspaceId && + input.workspace !== credentials.workspaceSlug + ) { + throw projectBindingError( + "workspace_switch_required", + `Requested workspace ${input.workspace} differs from saved Selected Workspace ${selectedWorkspace}.`, + ); + } + + const remoteUrl = input.remoteUrl ?? env.CAPLETS_REMOTE_URL ?? credentials.cloudUrl; + const remote = resolveCapletsRemote( + { + url: remoteUrl, + token: credentials.accessToken, + workspace: selectedWorkspace, + ...(input.fetch !== undefined ? { fetch: input.fetch } : {}), + }, + {}, + ); + + return { + kind: "hosted_cloud", + remote, + selectedWorkspace, + credentials, + cloudPresence: { + url: new URL(remoteUrl), + accessToken: credentials.accessToken, + workspaceId: credentials.workspaceId, + }, + }; +} + +function credentialsNeedRefresh(credentials: { expiresAt: string }): boolean { + const expiresAt = Date.parse(credentials.expiresAt); + return Number.isFinite(expiresAt) && expiresAt <= Date.now() + 60_000; +} diff --git a/packages/core/src/runtime-plan/features.ts b/packages/core/src/runtime-plan/features.ts new file mode 100644 index 0000000..dc90dad --- /dev/null +++ b/packages/core/src/runtime-plan/features.ts @@ -0,0 +1,139 @@ +import type { CapletConfig, RuntimeFeature } from "../config-runtime"; +import type { RuntimeFeatureProvenance } from "./types"; + +export type RuntimeFeatureInference = { + features: RuntimeFeature[]; + provenance: RuntimeFeatureProvenance[]; +}; + +type CommandSource = RuntimeFeatureProvenance["source"]; + +type CommandRecord = { + source: CommandSource; + command: string; + args: string[]; +}; + +export function inferRuntimeFeatures( + caplet: CapletConfig | Record, +): RuntimeFeatureInference { + const provenance: RuntimeFeatureProvenance[] = []; + for (const feature of explicitFeatures(caplet)) { + provenance.push({ feature, source: "explicit", matched: "runtime.features" }); + } + for (const command of commandRecords(caplet)) { + const text = [command.command, ...command.args].join(" "); + const dockerMatch = matchDocker(command.command, command.args); + if (dockerMatch) { + provenance.push({ + feature: "docker", + source: command.source, + matched: dockerMatch, + command: text, + }); + } + const browserMatch = matchBrowser(command.command, command.args); + if (browserMatch) { + provenance.push({ + feature: "browser", + source: command.source, + matched: browserMatch, + command: text, + }); + } + } + return { + features: orderedFeatures([...new Set(provenance.map((entry) => entry.feature))]), + provenance, + }; +} + +function explicitFeatures(caplet: Record): RuntimeFeature[] { + const runtime = caplet.runtime; + if (!runtime || typeof runtime !== "object" || Array.isArray(runtime)) return []; + const features = (runtime as { features?: unknown }).features; + return Array.isArray(features) + ? features.filter( + (feature): feature is RuntimeFeature => feature === "docker" || feature === "browser", + ) + : []; +} + +function commandRecords(caplet: Record): CommandRecord[] { + return [ + ...setupCommands(caplet.setup, "setup.commands"), + ...setupCommands(caplet.setup, "setup.verify", true), + ...mcpCommands(caplet), + ...cliCommands(caplet), + ]; +} + +function setupCommands(setup: unknown, source: CommandSource, verify = false): CommandRecord[] { + if (!setup || typeof setup !== "object" || Array.isArray(setup)) return []; + const values = (setup as { commands?: unknown; verify?: unknown })[ + verify ? "verify" : "commands" + ]; + if (!Array.isArray(values)) return []; + return values.flatMap((value) => commandRecordFrom(value, source)); +} + +function mcpCommands(caplet: Record): CommandRecord[] { + if (caplet.backend !== "mcp" || typeof caplet.command !== "string") return []; + return [{ source: "mcp.command", command: caplet.command, args: stringArray(caplet.args) }]; +} + +function cliCommands(caplet: Record): CommandRecord[] { + if (caplet.backend !== "cli") return []; + const records: CommandRecord[] = []; + if (typeof caplet.command === "string") { + records.push({ + source: "cli.command", + command: caplet.command, + args: stringArray(caplet.args), + }); + } + const actions = caplet.actions; + if (actions && typeof actions === "object" && !Array.isArray(actions)) { + for (const action of Object.values(actions)) { + records.push(...commandRecordFrom(action, "cli.action")); + } + } + return records; +} + +function commandRecordFrom(value: unknown, source: CommandSource): CommandRecord[] { + if (!value || typeof value !== "object" || Array.isArray(value)) return []; + const command = (value as { command?: unknown }).command; + if (typeof command !== "string") return []; + return [{ source, command, args: stringArray((value as { args?: unknown }).args) }]; +} + +function stringArray(value: unknown): string[] { + return Array.isArray(value) + ? value.filter((item): item is string => typeof item === "string") + : []; +} + +function matchDocker(command: string, args: string[]): string | undefined { + const text = [command, ...args].join(" ").toLowerCase(); + if (text.includes("docker-mcp")) return "docker-mcp"; + if (/\bdocker(?:-compose)?\b/u.test(text)) return command === "docker" ? command : text; + return text.includes("docker mcp") ? "docker mcp" : undefined; +} + +function matchBrowser(command: string, args: string[]): string | undefined { + const text = [command, ...args].join(" ").toLowerCase(); + if (text.includes("@playwright/mcp")) return "@playwright/mcp"; + if (text.includes("playwright install")) return "playwright install"; + if (text.includes("playwright")) return "playwright"; + if (text.includes("browser-use")) return "browser-use"; + if (text.includes("puppeteer")) return "puppeteer"; + if (text.includes("chromium")) return "chromium"; + return /\bchrome\b/u.test(text) ? "chrome" : undefined; +} + +function orderedFeatures(features: RuntimeFeature[]): RuntimeFeature[] { + return ["docker", "browser"].filter((feature): feature is RuntimeFeature => + features.includes(feature as RuntimeFeature), + ); +} diff --git a/packages/core/src/runtime-plan/index.ts b/packages/core/src/runtime-plan/index.ts new file mode 100644 index 0000000..f1af219 --- /dev/null +++ b/packages/core/src/runtime-plan/index.ts @@ -0,0 +1,4 @@ +export * from "./types"; +export * from "./features"; +export * from "./resources"; +export * from "./planner"; diff --git a/packages/core/src/runtime-plan/planner.ts b/packages/core/src/runtime-plan/planner.ts new file mode 100644 index 0000000..5751548 --- /dev/null +++ b/packages/core/src/runtime-plan/planner.ts @@ -0,0 +1,113 @@ +import type { CapletConfig } from "../config-runtime"; +import type { + CapletRuntimePlan, + RuntimePlanOptions, + RuntimeRouteKind, + SetupTargetKind, +} from "./types"; +import { inferRuntimeFeatures } from "./features"; +import { resolveRuntimeResources } from "./resources"; + +export function planCapletRuntimeRoutes( + caplets: Array>, + options: RuntimePlanOptions = {}, +): CapletRuntimePlan[] { + return caplets.map((caplet) => planSingleCaplet(caplet, options)); +} + +export function planCapletRuntimeRoute( + caplet: CapletConfig | Record, + options: RuntimePlanOptions = {}, +): CapletRuntimePlan { + return planCapletRuntimeRoutes([caplet], options)[0] ?? planSingleCaplet(caplet, options); +} + +function planSingleCaplet( + caplet: CapletConfig | Record, + options: RuntimePlanOptions, +): CapletRuntimePlan { + const route = classifyCapletRuntimeRoute(caplet); + const setupRequired = Boolean(caplet.setup); + const projectBindingRequired = projectBindingRequiredFor(caplet); + const features = inferRuntimeFeatures(caplet); + const runtime = { + features: features.features, + featureProvenance: features.provenance, + resources: resolveRuntimeResources({ + backend: typeof caplet.backend === "string" ? caplet.backend : undefined, + features: features.features, + explicitClass: explicitResourceClass(caplet), + policy: options.resourcePolicy, + setupRequired, + }), + }; + return { + id: String(caplet.server ?? ""), + backend: typeof caplet.backend === "string" ? caplet.backend : "unknown", + route, + setupRequired, + authRequired: authRequired("auth" in caplet ? caplet.auth : undefined), + ...(route === "process" || route === "project_bound_process" + ? { setupTarget: setupTargetFor(options.deployment) } + : {}), + projectBindingRequired, + runtime, + caplet, + }; +} + +export function classifyCapletRuntimeRoute(caplet: Record): RuntimeRouteKind { + if (projectBindingRequiredFor(caplet)) { + return "project_bound_process"; + } + if (caplet.setup) { + return "process"; + } + if (caplet.backend === "cli") { + return "process"; + } + if (caplet.backend === "mcp") { + return caplet.transport === "stdio" || Boolean(caplet.command) ? "process" : "worker_safe"; + } + if (caplet.backend === "openapi" || caplet.backend === "graphql" || caplet.backend === "http") { + return "worker_safe"; + } + if (caplet.backend === "caplets") { + return "worker_safe"; + } + return "local_only"; +} + +function setupTargetFor(deployment: RuntimePlanOptions["deployment"]): SetupTargetKind { + if (deployment === "local") return "local_host"; + return deployment === "self_hosted" ? "remote_host" : "hosted_sandbox"; +} + +function authRequired(auth: unknown): boolean { + return auth !== null && typeof auth === "object" && "type" in auth && auth.type !== "none"; +} + +function projectBindingRequiredFor(caplet: Record): boolean { + const projectBinding = caplet.projectBinding; + return ( + Boolean(projectBinding) && + typeof projectBinding === "object" && + !Array.isArray(projectBinding) && + (projectBinding as { required?: unknown }).required === true + ); +} + +function explicitResourceClass(caplet: Record) { + const runtime = caplet.runtime; + if (!runtime || typeof runtime !== "object" || Array.isArray(runtime)) return undefined; + const resources = (runtime as { resources?: unknown }).resources; + if (!resources || typeof resources !== "object" || Array.isArray(resources)) return undefined; + const value = (resources as { class?: unknown }).class; + return value === "small" || + value === "medium" || + value === "standard" || + value === "large" || + value === "heavy" + ? value + : undefined; +} diff --git a/packages/core/src/runtime-plan/resources.ts b/packages/core/src/runtime-plan/resources.ts new file mode 100644 index 0000000..7a51fc8 --- /dev/null +++ b/packages/core/src/runtime-plan/resources.ts @@ -0,0 +1,88 @@ +import type { + HostedRuntimeResourceClass, + RuntimeResourcePolicy, + RuntimeResourceResolution, +} from "./types"; + +const defaults: Record = { + small: { class: "small", cpu: 1, memoryMb: 1024, diskMb: 4096 }, + medium: { class: "medium", cpu: 2, memoryMb: 4096, diskMb: 8192 }, + standard: { class: "standard", cpu: 2, memoryMb: 4096, diskMb: 8192 }, + large: { class: "large", cpu: 4, memoryMb: 8192, diskMb: 20480 }, + heavy: { class: "heavy", cpu: 8, memoryMb: 16384, diskMb: 40960 }, +}; + +const rank: Record = { + small: 0, + standard: 1, + medium: 1, + large: 2, + heavy: 3, +}; + +type ResourceInput = { + backend?: string | undefined; + features: string[]; + explicitClass?: HostedRuntimeResourceClass | undefined; + setupRequired?: boolean | undefined; + policy?: RuntimeResourcePolicy | undefined; +}; + +export function resolveRuntimeResources(input: ResourceInput): RuntimeResourceResolution; +export function resolveRuntimeResources( + caplet: Record, + features: string[], + policy?: RuntimeResourcePolicy | undefined, +): RuntimeResourceResolution; +export function resolveRuntimeResources( + inputOrCaplet: ResourceInput | Record, + features?: string[], + policy?: RuntimeResourcePolicy | undefined, +): RuntimeResourceResolution { + const caplet = inputOrCaplet as Record; + const input = + features === undefined + ? (inputOrCaplet as ResourceInput) + : { + backend: typeof caplet.backend === "string" ? caplet.backend : undefined, + features, + explicitClass: explicitResourceClass(caplet), + setupRequired: Boolean(caplet.setup), + policy, + }; + const requested = input.explicitClass ?? defaultResourceClass(input); + const capped = capClass(requested, input.policy?.maxClass); + const resolved = defaults[capped] ?? defaults.standard!; + return { + ...resolved, + ...(requested !== capped ? { cappedByPolicy: input.policy?.maxClass } : {}), + }; +} + +function defaultResourceClass(input: ResourceInput): HostedRuntimeResourceClass { + const hasDocker = input.features.includes("docker"); + const hasBrowser = input.features.includes("browser"); + if (hasDocker && hasBrowser) return "heavy"; + if (hasDocker || hasBrowser) return "large"; + if (input.backend === "cli" || input.backend === "mcp" || input.setupRequired) return "medium"; + return "small"; +} + +function explicitResourceClass( + caplet: Record, +): HostedRuntimeResourceClass | undefined { + const runtime = caplet.runtime; + if (!runtime || typeof runtime !== "object" || Array.isArray(runtime)) return undefined; + const resources = (runtime as { resources?: unknown }).resources; + if (!resources || typeof resources !== "object" || Array.isArray(resources)) return undefined; + const value = (resources as { class?: unknown }).class; + return typeof value === "string" ? (value as HostedRuntimeResourceClass) : undefined; +} + +function capClass( + requested: HostedRuntimeResourceClass, + maxClass: HostedRuntimeResourceClass | undefined, +) { + if (!maxClass) return requested; + return (rank[requested] ?? 0) > (rank[maxClass] ?? 0) ? maxClass : requested; +} diff --git a/packages/core/src/runtime-plan/types.ts b/packages/core/src/runtime-plan/types.ts new file mode 100644 index 0000000..5869b84 --- /dev/null +++ b/packages/core/src/runtime-plan/types.ts @@ -0,0 +1,158 @@ +import type { CapletConfig, RuntimeFeature, RuntimeResourceClass } from "../config-runtime"; + +export type HostedRuntimeResourceClass = RuntimeResourceClass | "small" | "medium"; + +export type { RuntimeFeature, RuntimeResourceClass }; + +export type RuntimeRouteKind = "worker_safe" | "process" | "project_bound_process" | "local_only"; +export type SetupTargetKind = "local_host" | "remote_host" | "hosted_sandbox"; +export type HostedSetupState = + | "not_required" + | "approval_required" + | "approved" + | "queued" + | "running" + | "verifying" + | "ready" + | "failed" + | "expired"; + +export type HostedBackendCheckState = + | "not_run" + | "queued" + | "running" + | "passed" + | "failed" + | "stale"; + +export type HostedSandboxState = + | "not_started" + | "preparing" + | "uploading_bundle" + | "running_setup" + | "starting_adapter" + | "ready" + | "busy" + | "degraded" + | "stopping" + | "stopped" + | "failed"; + +export const HIDDEN_REASON_CODES = [ + "setup_required", + "setup_running", + "setup_failed", + "verify_failed", + "backend_auth_required", + "backend_check_failed", + "project_binding_required", + "project_binding_syncing", + "project_binding_blocked", + "project_binding_stale", + "provider_unavailable", + "provider_capacity_exhausted", + "provider_queue_timeout", + "policy_denied", + "billing_required", + "subscription_past_due", + "usage_limit_reached", + "email_verification_required", + "docker_required", + "docker_denied", + "browser_required", + "browser_denied", + "resource_class_denied", + "local_only", + "invalid_bundle", + "unsupported_backend", +] as const; + +export type HiddenReasonCode = (typeof HIDDEN_REASON_CODES)[number]; + +export type RuntimePlanDeployment = "hosted" | "self_hosted" | "local"; + +export type RuntimePlanOptions = { + deployment?: RuntimePlanDeployment | undefined; + resourcePolicy?: RuntimeResourcePolicy | undefined; +}; + +export type RuntimeFeatureProvenanceSource = + | "explicit" + | "setup.commands" + | "setup.verify" + | "mcp.command" + | "cli.command" + | "cli.action"; + +export type RuntimeFeatureProvenance = { + feature: RuntimeFeature; + source: RuntimeFeatureProvenanceSource; + matched: string; + command?: string | undefined; +}; + +export type RuntimeResourcePolicy = { + maxClass?: HostedRuntimeResourceClass | undefined; +}; + +export type RuntimeResourceResolution = { + class: HostedRuntimeResourceClass; + cpu: number; + memoryMb: number; + diskMb: number; + cappedByPolicy?: HostedRuntimeResourceClass | undefined; +}; + +export type RuntimeRequirementsResolution = { + features: RuntimeFeature[]; + featureProvenance: RuntimeFeatureProvenance[]; + resources: RuntimeResourceResolution; +}; + +export type CapletRuntimePlan = { + id: string; + backend: CapletConfig["backend"] | string; + route: RuntimeRouteKind; + setupTarget?: SetupTargetKind | undefined; + setupRequired: boolean; + authRequired: boolean; + projectBindingRequired: boolean; + runtime: RuntimeRequirementsResolution; + caplet: CapletConfig | Record; +}; + +export type HostedRoutePlan = { + workspaceId: string; + capletId: string; + contentHash: string; + bundleRevision: string; + route: RuntimeRouteKind; + backend: string; + runtimeFeatures: string[]; + resourceClass: HostedRuntimeResourceClass; + setupState: HostedSetupState; + checkState: HostedBackendCheckState; + projectBindingRequired: boolean; + projectFingerprint?: string | undefined; + hiddenReasons: HiddenReasonCode[]; + primaryHiddenReason?: HiddenReasonCode | undefined; + policyDecision: "allowed" | "denied" | "not_evaluated"; + provenanceSource: "bundle_validation" | "install" | "runtime_refresh" | "call"; + updatedAt: string; +}; + +export type HostedCallProvenance = { + requestId: string; + workspaceId: string; + capletId: string; + contentHash: string; + route: RuntimeRouteKind; + backend: string; + provider?: "daytona" | undefined; + sandboxId?: string | undefined; + snapshotId?: string | undefined; + runtimeFeatures: string[]; + projectFingerprint?: string | undefined; + usageEventIds: string[]; + auditEventId?: string | undefined; +}; diff --git a/packages/core/src/serve/daemon/config.ts b/packages/core/src/serve/daemon/config.ts new file mode 100644 index 0000000..cba40c7 --- /dev/null +++ b/packages/core/src/serve/daemon/config.ts @@ -0,0 +1,94 @@ +import { existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs"; +import { dirname } from "node:path"; +import type { + DaemonCommandPlan, + ServeDaemonConfig, + ServeDaemonPaths, + ServeDaemonState, + ServeDaemonStatus, +} from "./types"; + +export function readDaemonConfig(paths: ServeDaemonPaths): ServeDaemonConfig | undefined { + return readJson(paths.configFile); +} + +export function writeDaemonConfig( + paths: ServeDaemonPaths, + serve: ServeDaemonConfig["serve"], + command: DaemonCommandPlan, + now = new Date(), +): ServeDaemonConfig { + const config: ServeDaemonConfig = { + instance: "default", + serve, + command, + paths, + updatedAt: now.toISOString(), + }; + writeJson(paths.configFile, config); + return config; +} + +export function readDaemonState(paths: ServeDaemonPaths): ServeDaemonState | undefined { + return readJson(paths.stateFile); +} + +export function writeDaemonState( + paths: ServeDaemonPaths, + state: Omit & { updatedAt?: string }, + now = new Date(), +): ServeDaemonState { + const next: ServeDaemonState = { + instance: "default", + ...state, + updatedAt: state.updatedAt ?? now.toISOString(), + }; + writeJson(paths.stateFile, next); + return next; +} + +export function redactDaemonStatus(status: ServeDaemonStatus): ServeDaemonStatus { + return redactDaemonValue(status) as ServeDaemonStatus; +} + +function redactDaemonValue(value: unknown): unknown { + if (Array.isArray(value)) return redactDaemonArray(value); + if (!value || typeof value !== "object") return value; + const redacted: Record = {}; + for (const [key, nested] of Object.entries(value)) { + redacted[key] = /password|token|secret|authorization|credential/iu.test(key) + ? "[REDACTED]" + : redactDaemonValue(nested); + } + return redacted; +} + +function redactDaemonArray(value: unknown[]): unknown[] { + const redacted: unknown[] = []; + let redactNext = false; + for (const item of value) { + if (redactNext) { + redacted.push("[REDACTED]"); + redactNext = false; + continue; + } + redacted.push(redactDaemonValue(item)); + if ( + typeof item === "string" && + /--(?:password|token|secret|authorization|credential)$/iu.test(item) + ) { + redactNext = true; + } + } + return redacted; +} + +function readJson(path: string): T | undefined { + if (!existsSync(path)) return undefined; + return JSON.parse(readFileSync(path, "utf8")) as T; +} + +function writeJson(path: string, value: unknown): void { + mkdirSync(dirname(path), { recursive: true }); + writeFileSync(path, `${JSON.stringify(value, null, 2)}\n`); +} diff --git a/packages/core/src/serve/daemon/index.ts b/packages/core/src/serve/daemon/index.ts new file mode 100644 index 0000000..6dcc459 --- /dev/null +++ b/packages/core/src/serve/daemon/index.ts @@ -0,0 +1,181 @@ +import { mkdirSync, readFileSync, rmSync, writeFileSync } from "node:fs"; +import { CapletsError } from "../../errors"; +import { resolveDaemonServeOptions, type RawServeOptions } from "../options"; +import { + readDaemonConfig, + readDaemonState, + redactDaemonStatus, + writeDaemonConfig, + writeDaemonState, +} from "./config"; +import { buildDaemonPlatformDescriptor } from "./platform"; +import { createNodeDaemonProcessRunner, daemonServeCommand } from "./process"; +import { resolveServeDaemonPaths } from "./paths"; +import type { + DaemonPlatformDescriptor, + ServeDaemonOperationOptions, + ServeDaemonOperationResult, + ServeDaemonStatus, +} from "./types"; + +export type ServeDaemonServiceResult = { + enabled: boolean; + descriptor: DaemonPlatformDescriptor; + status: ServeDaemonStatus; +}; + +export async function startDaemon( + raw: RawServeOptions = {}, + options: ServeDaemonOperationOptions = {}, +): Promise { + const paths = resolveServeDaemonPaths(options); + const processRunner = options.process ?? createNodeDaemonProcessRunner(); + const existing = await daemonStatus({ ...options, process: processRunner }); + if (existing.running) { + throw new CapletsError("REQUEST_INVALID", "Caplets HTTP daemon is already running."); + } + + const serve = resolveDaemonServeOptions(raw, options.env ?? process.env); + const command = daemonServeCommand(serve); + mkdirSync(paths.logDir, { recursive: true }); + const config = writeDaemonConfig(paths, serve, command); + const pid = await processRunner.start({ + args: command.args, + stdoutLog: paths.stdoutLog, + stderrLog: paths.stderrLog, + configFile: paths.configFile, + }); + writeFileSync(paths.pidFile, `${pid}\n`); + const now = new Date().toISOString(); + const state = writeDaemonState(paths, { + running: true, + pid, + startedAt: now, + enabled: existing.enabled, + updatedAt: now, + }); + + return { + status: redactDaemonStatus({ ...state, paths, config }), + }; +} + +export async function stopDaemon( + options: ServeDaemonOperationOptions = {}, +): Promise { + const paths = resolveServeDaemonPaths(options); + const processRunner = options.process ?? createNodeDaemonProcessRunner(); + const existing = await daemonStatus({ ...options, process: processRunner }); + if (existing.running && existing.pid !== undefined) { + await processRunner.stop(existing.pid); + } + rmSync(paths.pidFile, { force: true }); + const state = writeDaemonState(paths, { + running: false, + enabled: existing.enabled, + }); + return { + status: redactDaemonStatus({ + ...state, + paths, + ...configProperty(readDaemonConfig(paths)), + }), + }; +} + +export async function restartDaemon( + raw: RawServeOptions = {}, + options: ServeDaemonOperationOptions = {}, +): Promise { + await stopDaemon(options); + return startDaemon(raw, options); +} + +export async function daemonStatus( + options: ServeDaemonOperationOptions = {}, +): Promise { + const paths = resolveServeDaemonPaths(options); + const processRunner = options.process ?? createNodeDaemonProcessRunner(); + const config = readDaemonConfig(paths); + const storedState = readDaemonState(paths); + const pid = readPid(paths.pidFile) ?? storedState?.pid; + const running = pid === undefined ? false : await processRunner.isRunning(pid); + if (!running) { + rmSync(paths.pidFile, { force: true }); + } + const state = writeDaemonState(paths, { + running, + ...(running && pid !== undefined ? { pid } : {}), + ...(running && storedState?.startedAt ? { startedAt: storedState.startedAt } : {}), + enabled: storedState?.enabled ?? false, + }); + return redactDaemonStatus({ ...state, paths, ...(config ? { config } : {}) }); +} + +export async function enableDaemon( + options: ServeDaemonOperationOptions = {}, +): Promise { + return setDaemonEnabled(true, options); +} + +export async function disableDaemon( + options: ServeDaemonOperationOptions = {}, +): Promise { + return setDaemonEnabled(false, options); +} + +async function setDaemonEnabled( + enabled: boolean, + options: ServeDaemonOperationOptions, +): Promise { + const paths = resolveServeDaemonPaths(options); + const config = readDaemonConfig(paths); + const command = config?.command ?? daemonServeCommand(resolveDaemonServeOptions({}, options.env)); + const descriptor = buildDaemonPlatformDescriptor({ + ...(options.platform !== undefined ? { platform: options.platform } : {}), + ...(options.serviceAvailable !== undefined + ? { serviceAvailable: options.serviceAvailable } + : {}), + paths, + command, + }); + const current = await daemonStatus(options); + const state = writeDaemonState(paths, { + running: current.running, + ...(current.running && current.pid !== undefined ? { pid: current.pid } : {}), + ...(current.running && current.startedAt ? { startedAt: current.startedAt } : {}), + enabled, + }); + return { + enabled, + descriptor, + status: redactDaemonStatus({ ...state, paths, ...configProperty(config) }), + }; +} + +function configProperty(config: ReturnType): { + config?: NonNullable; +} { + return config ? { config } : {}; +} + +function readPid(path: string): number | undefined { + try { + const value = Number(readFileSync(path, "utf8").trim()); + return Number.isInteger(value) && value > 0 ? value : undefined; + } catch { + return undefined; + } +} + +export { buildDaemonPlatformDescriptor } from "./platform"; +export { resolveServeDaemonPaths } from "./paths"; +export type { + DaemonPlatformDescriptor, + DaemonProcessRunner, + ServeDaemonConfig, + ServeDaemonOperationOptions, + ServeDaemonPaths, + ServeDaemonState, + ServeDaemonStatus, +} from "./types"; diff --git a/packages/core/src/serve/daemon/paths.ts b/packages/core/src/serve/daemon/paths.ts new file mode 100644 index 0000000..a36ceda --- /dev/null +++ b/packages/core/src/serve/daemon/paths.ts @@ -0,0 +1,66 @@ +import { homedir } from "node:os"; +import { dirname, posix, win32 } from "node:path"; +import { defaultConfigBaseDir, defaultStateBaseDir } from "../../config/paths"; +import type { ServeDaemonOperationOptions, ServeDaemonPaths } from "./types"; + +export function resolveServeDaemonPaths( + options: Pick = {}, +): ServeDaemonPaths { + const platform = options.platform ?? process.platform; + const home = options.home ?? homedir(); + const env = options.env ?? process.env; + const path = platform === "win32" ? win32 : posix; + const configBase = defaultConfigBaseDir(env as NodeJS.ProcessEnv, home, platform); + const stateBase = defaultStateBaseDir(env as NodeJS.ProcessEnv, home, platform); + + if (platform === "win32") { + const stateDir = path.join(stateBase, "Caplets", "State", "serve", "default"); + const logDir = path.join(stateDir, "logs"); + return { + instance: "default", + stateDir, + logDir, + stateFile: path.join(stateDir, "state.json"), + pidFile: path.join(stateDir, "server.pid"), + stdoutLog: path.join(logDir, "stdout.log"), + stderrLog: path.join(logDir, "stderr.log"), + configFile: path.join(configBase, "Caplets", "serve", "default.json"), + }; + } + + const stateDir = path.join(stateBase, "caplets", "serve", "default"); + const logDir = path.join(stateDir, "logs"); + return { + instance: "default", + stateDir, + logDir, + stateFile: path.join(stateDir, "state.json"), + pidFile: path.join(stateDir, "server.pid"), + stdoutLog: path.join(logDir, "stdout.log"), + stderrLog: path.join(logDir, "stderr.log"), + configFile: path.join(configBase, "caplets", "serve", "default.json"), + }; +} + +export function daemonServiceDescriptorPath( + paths: ServeDaemonPaths, + platform: NodeJS.Platform, +): string { + const path = platform === "win32" ? win32 : posix; + if (platform === "darwin") { + return path.join( + dirname(dirname(paths.configFile)), + "launchd", + "dev.caplets.serve.default.plist", + ); + } + if (platform === "linux") { + return path.join( + dirname(dirname(paths.configFile)), + "systemd", + "user", + "caplets-serve-default.service", + ); + } + return paths.configFile; +} diff --git a/packages/core/src/serve/daemon/platform-darwin.ts b/packages/core/src/serve/daemon/platform-darwin.ts new file mode 100644 index 0000000..1df79f3 --- /dev/null +++ b/packages/core/src/serve/daemon/platform-darwin.ts @@ -0,0 +1,38 @@ +import { escapeXml } from "./platform"; +import type { DaemonCommandPlan, LaunchdUserAgentDescriptor, ServeDaemonPaths } from "./types"; + +export function buildLaunchdUserAgentDescriptor( + paths: ServeDaemonPaths, + command: DaemonCommandPlan, +): LaunchdUserAgentDescriptor { + const label = "dev.caplets.serve.default"; + return { + kind: "launchd-user-agent", + label, + path: `${paths.configFile}.plist`, + plist: [ + '', + '', + '', + "", + " Label", + ` ${label}`, + " ProgramArguments", + " ", + ` ${escapeXml(command.executable)}`, + ...command.args.map((arg) => ` ${escapeXml(arg)}`), + " ", + " RunAtLoad", + " ", + " KeepAlive", + " ", + " StandardOutPath", + ` ${escapeXml(paths.stdoutLog)}`, + " StandardErrorPath", + ` ${escapeXml(paths.stderrLog)}`, + "", + "", + "", + ].join("\n"), + }; +} diff --git a/packages/core/src/serve/daemon/platform-linux.ts b/packages/core/src/serve/daemon/platform-linux.ts new file mode 100644 index 0000000..4ea6d13 --- /dev/null +++ b/packages/core/src/serve/daemon/platform-linux.ts @@ -0,0 +1,48 @@ +import type { + DaemonCommandPlan, + ManualServiceDescriptor, + ServeDaemonPaths, + SystemdUserServiceDescriptor, +} from "./types"; + +export function buildLinuxServiceDescriptor( + paths: ServeDaemonPaths, + command: DaemonCommandPlan, + serviceAvailable = true, +): SystemdUserServiceDescriptor | ManualServiceDescriptor { + if (!serviceAvailable) { + return { + kind: "manual", + reason: "Linux systemd user service is not available; run the daemon command manually.", + command, + }; + } + + return { + kind: "systemd-user", + unitName: "caplets-serve-default.service", + path: `${paths.configFile}.service`, + unit: [ + "[Unit]", + "Description=Caplets HTTP daemon (default)", + "After=network.target", + "", + "[Service]", + "Type=simple", + `ExecStart=${shellJoin([command.executable, ...command.args])}`, + "Restart=on-failure", + `StandardOutput=append:${paths.stdoutLog}`, + `StandardError=append:${paths.stderrLog}`, + "", + "[Install]", + "WantedBy=default.target", + "", + ].join("\n"), + }; +} + +function shellJoin(args: string[]): string { + return args + .map((arg) => (/^[A-Za-z0-9_./:=@-]+$/u.test(arg) ? arg : `'${arg.replaceAll("'", "'\\''")}'`)) + .join(" "); +} diff --git a/packages/core/src/serve/daemon/platform-windows.ts b/packages/core/src/serve/daemon/platform-windows.ts new file mode 100644 index 0000000..0cf5b22 --- /dev/null +++ b/packages/core/src/serve/daemon/platform-windows.ts @@ -0,0 +1,21 @@ +import type { DaemonCommandPlan, WindowsScheduledTaskDescriptor } from "./types"; + +export function buildWindowsScheduledTaskDescriptor( + command: DaemonCommandPlan, +): WindowsScheduledTaskDescriptor { + const taskName = "Caplets Serve Default"; + const taskRun = commandLine([command.executable, ...command.args]); + return { + kind: "windows-scheduled-task", + taskName, + commands: { + register: `schtasks /Create /TN "${taskName}" /SC ONLOGON /TR "${taskRun}" /F`, + unregister: `schtasks /Delete /TN "${taskName}" /F`, + query: `schtasks /Query /TN "${taskName}"`, + }, + }; +} + +function commandLine(args: string[]): string { + return args.map((arg) => (arg.includes(" ") ? `\\"${arg}\\"` : arg)).join(" "); +} diff --git a/packages/core/src/serve/daemon/platform.ts b/packages/core/src/serve/daemon/platform.ts new file mode 100644 index 0000000..11434bf --- /dev/null +++ b/packages/core/src/serve/daemon/platform.ts @@ -0,0 +1,40 @@ +import { buildLaunchdUserAgentDescriptor } from "./platform-darwin"; +import { buildLinuxServiceDescriptor } from "./platform-linux"; +import { buildWindowsScheduledTaskDescriptor } from "./platform-windows"; +import type { DaemonCommandPlan, DaemonPlatformDescriptor, ServeDaemonPaths } from "./types"; + +export type BuildDaemonPlatformDescriptorOptions = { + platform?: NodeJS.Platform; + serviceAvailable?: boolean; + paths: ServeDaemonPaths; + command: DaemonCommandPlan; +}; + +export function buildDaemonPlatformDescriptor( + options: BuildDaemonPlatformDescriptorOptions, +): DaemonPlatformDescriptor { + const platform = options.platform ?? process.platform; + if (platform === "darwin") { + return buildLaunchdUserAgentDescriptor(options.paths, options.command); + } + if (platform === "linux") { + return buildLinuxServiceDescriptor(options.paths, options.command, options.serviceAvailable); + } + if (platform === "win32") { + return buildWindowsScheduledTaskDescriptor(options.command); + } + return { + kind: "manual", + reason: `Automatic user service descriptors are not available on ${platform}.`, + command: options.command, + }; +} + +export function escapeXml(value: string): string { + return value + .replaceAll("&", "&") + .replaceAll("<", "<") + .replaceAll(">", ">") + .replaceAll('"', """) + .replaceAll("'", "'"); +} diff --git a/packages/core/src/serve/daemon/process.ts b/packages/core/src/serve/daemon/process.ts new file mode 100644 index 0000000..7458933 --- /dev/null +++ b/packages/core/src/serve/daemon/process.ts @@ -0,0 +1,76 @@ +import { spawn } from "node:child_process"; +import { closeSync, mkdirSync, openSync } from "node:fs"; +import { dirname } from "node:path"; +import type { HttpServeOptions } from "../options"; +import type { DaemonCommandPlan, DaemonProcessRunner, DaemonProcessStart } from "./types"; + +export function daemonServeCommand(options: HttpServeOptions): DaemonCommandPlan { + return { + executable: process.argv[1] ?? "caplets", + args: daemonServeArgs(options), + }; +} + +export function daemonServeArgs(options: HttpServeOptions): string[] { + const args = [ + "serve", + "--transport", + "http", + "--host", + options.host, + "--port", + String(options.port), + "--path", + options.path, + "--user", + options.auth.user, + ]; + if (options.auth.enabled) { + args.push("--password", options.auth.password); + } + if (options.warnUnauthenticatedNetwork) { + args.push("--allow-unauthenticated-http"); + } + if (options.trustProxy) { + args.push("--trust-proxy"); + } + return args; +} + +export function createNodeDaemonProcessRunner(): DaemonProcessRunner { + return { + async isRunning(pid: number): Promise { + try { + process.kill(pid, 0); + return true; + } catch { + return false; + } + }, + async start(command: DaemonProcessStart): Promise { + mkdirSync(dirname(command.stdoutLog), { recursive: true }); + mkdirSync(dirname(command.stderrLog), { recursive: true }); + const stdout = openSync(command.stdoutLog, "a"); + const stderr = openSync(command.stderrLog, "a"); + try { + const child = spawn(process.execPath, [process.argv[1] ?? "caplets", ...command.args], { + detached: true, + stdio: ["ignore", stdout, stderr], + env: process.env, + }); + child.unref(); + return child.pid ?? 0; + } finally { + closeSync(stdout); + closeSync(stderr); + } + }, + async stop(pid: number): Promise { + try { + process.kill(pid, "SIGTERM"); + } catch { + return; + } + }, + }; +} diff --git a/packages/core/src/serve/daemon/types.ts b/packages/core/src/serve/daemon/types.ts new file mode 100644 index 0000000..0e34eb6 --- /dev/null +++ b/packages/core/src/serve/daemon/types.ts @@ -0,0 +1,106 @@ +import type { HttpServeOptions, RawServeOptions } from "../options"; + +export type ServeDaemonInstance = "default"; + +export type ServeDaemonPaths = { + instance: ServeDaemonInstance; + stateDir: string; + logDir: string; + stateFile: string; + pidFile: string; + stdoutLog: string; + stderrLog: string; + configFile: string; +}; + +export type ServeDaemonConfig = { + instance: ServeDaemonInstance; + serve: HttpServeOptions; + command: DaemonCommandPlan; + paths: ServeDaemonPaths; + updatedAt: string; +}; + +export type ServeDaemonState = { + instance: ServeDaemonInstance; + running: boolean; + pid?: number; + startedAt?: string; + updatedAt: string; + enabled: boolean; +}; + +export type ServeDaemonStatus = ServeDaemonState & { + paths: ServeDaemonPaths; + config?: ServeDaemonConfig; +}; + +export type DaemonCommandPlan = { + executable: string; + args: string[]; +}; + +export type DaemonProcessStart = { + args: string[]; + stdoutLog: string; + stderrLog: string; + configFile: string; +}; + +export type DaemonProcessRunner = { + isRunning(pid: number): Promise; + start(command: DaemonProcessStart): Promise; + stop(pid: number): Promise; +}; + +export type ServeDaemonOperationOptions = { + env?: NodeJS.ProcessEnv | Record; + home?: string; + platform?: NodeJS.Platform; + process?: DaemonProcessRunner; + serviceAvailable?: boolean; +}; + +export type ServeDaemonStartOptions = ServeDaemonOperationOptions & { + raw?: RawServeOptions; +}; + +export type ServeDaemonOperationResult = { + status: ServeDaemonStatus; +}; + +export type LaunchdUserAgentDescriptor = { + kind: "launchd-user-agent"; + label: string; + path: string; + plist: string; +}; + +export type SystemdUserServiceDescriptor = { + kind: "systemd-user"; + unitName: string; + path: string; + unit: string; +}; + +export type ManualServiceDescriptor = { + kind: "manual"; + reason: string; + command: DaemonCommandPlan; +}; + +export type WindowsScheduledTaskDescriptor = { + kind: "windows-scheduled-task"; + taskName: string; + commands: { + register: string; + unregister: string; + query: string; + }; +}; + +export type DaemonPlatformDescriptor = + | LaunchdUserAgentDescriptor + | SystemdUserServiceDescriptor + | ManualServiceDescriptor + | WindowsScheduledTaskDescriptor; diff --git a/packages/core/src/serve/http.ts b/packages/core/src/serve/http.ts index cbc1bc9..c6b9326 100644 --- a/packages/core/src/serve/http.ts +++ b/packages/core/src/serve/http.ts @@ -20,10 +20,18 @@ type HttpServeIo = { writeErr?: (value: string) => void; control?: Omit; authFlowStore?: RemoteAuthFlowStore; + sessionFactory?: HttpMcpSessionFactory; }; +type HttpMcpSession = { + connect(transport: StreamableHTTPTransport): Promise; + close(): Promise; +}; + +export type HttpMcpSessionFactory = () => HttpMcpSession | Promise; + type HttpSession = { - server: CapletsMcpSession; + server: HttpMcpSession; transport: StreamableHTTPTransport; }; @@ -101,7 +109,7 @@ export function createHttpServeApp( const nextSessionId = randomUUID(); const session = await createHttpSession( - engine, + io.sessionFactory ?? (() => new CapletsMcpSession(engine)), nextSessionId, options, async (closedSessionId) => { @@ -149,6 +157,20 @@ export function createHttpServeApp( ); }); + app.get(routePath(paths.control, "project-bindings/connect"), basicAuth(options.auth), (c) => + c.json({ error: "websocket_upgrade_required" }, 426), + ); + + app.get( + routePath(paths.control, "project-bindings/:bindingId/status"), + basicAuth(options.auth), + (c) => + c.json({ + bindingId: c.req.param("bindingId"), + state: "not_attached", + }), + ); + app.get(routePath(paths.control, "auth/callback/:flowId"), async (c) => { const flowId = c.req.param("flowId"); const result = await dispatchRemoteCliRequest( @@ -266,6 +288,35 @@ export async function serveHttp( installHttpSignalHandlers(server, app, engine, writeErr); } +export async function serveHttpWithSessionFactory( + options: HttpServeOptions, + createSession: HttpMcpSessionFactory, + writeErr: (value: string) => void = (value) => process.stderr.write(value), +): Promise { + const engine = new CapletsEngine({}); + const app = createHttpServeApp(options, engine, { + writeErr, + sessionFactory: createSession, + control: { + projectCapletsRoot: resolveProjectCapletsRoot(), + }, + }); + const paths = servicePaths(options.path); + const origin = `http://${formatHost(options.host)}:${options.port}`; + const baseUrl = `${origin}${paths.base === "/" ? "" : paths.base}`; + const server = serve({ fetch: app.fetch, hostname: options.host, port: options.port }, () => { + writeErr(`Caplets HTTP service listening on ${baseUrl}\n`); + writeErr(`MCP endpoint: ${origin}${paths.mcp}\n`); + writeErr(`Control endpoint: ${origin}${paths.control}\n`); + writeErr(`Health check: ${origin}${paths.health}\n`); + writeErr( + `Basic Auth: ${options.auth.enabled ? `enabled (user: ${options.auth.user})` : "disabled"}\n`, + ); + }); + + installHttpSignalHandlers(server, app, engine, writeErr); +} + function projectCapletsRootForEngineOptions(engineOptions: CapletsEngineOptions): string { return engineOptions.projectConfigPath ? resolveProjectCapletsRootForConfigPath(engineOptions.projectConfigPath) @@ -295,7 +346,7 @@ export function servicePaths(base: string): { } async function createHttpSession( - engine: CapletsEngine, + createServer: HttpMcpSessionFactory, sessionId: string, options: HttpServeOptions, onClose: (sessionId: string) => Promise, @@ -305,7 +356,7 @@ async function createHttpSession( onsessionclosed: onClose, ...(options.loopback ? dnsRebindingOptions(options) : {}), }); - const server = new CapletsMcpSession(engine); + const server = await createServer(); await server.connect(transport); return { server, transport }; } diff --git a/packages/core/src/serve/index.ts b/packages/core/src/serve/index.ts index 764479c..790e492 100644 --- a/packages/core/src/serve/index.ts +++ b/packages/core/src/serve/index.ts @@ -4,9 +4,30 @@ import { resolveServeOptions, type RawServeOptions, type ServeOptions } from "./ import { serveStdio } from "./stdio"; export { serveHttp } from "./http"; -export { resolveServeOptions } from "./options"; +export { resolveDaemonServeOptions, resolveServeOptions } from "./options"; export type { HttpServeOptions, RawServeOptions, ServeOptions, StdioServeOptions } from "./options"; +export { NativeCapletsMcpSession } from "./native-session"; +export type { NativeCapletsMcpSessionOptions, NativeToolServer } from "./native-session"; export { serveStdio } from "./stdio"; +export { + buildDaemonPlatformDescriptor, + daemonStatus, + disableDaemon, + enableDaemon, + resolveServeDaemonPaths, + restartDaemon, + startDaemon, + stopDaemon, +} from "./daemon"; +export type { + DaemonPlatformDescriptor, + DaemonProcessRunner, + ServeDaemonConfig, + ServeDaemonOperationOptions, + ServeDaemonPaths, + ServeDaemonState, + ServeDaemonStatus, +} from "./daemon"; export type ServeCapletsOptions = { raw: RawServeOptions; diff --git a/packages/core/src/serve/native-session.ts b/packages/core/src/serve/native-session.ts new file mode 100644 index 0000000..4ac3763 --- /dev/null +++ b/packages/core/src/serve/native-session.ts @@ -0,0 +1,114 @@ +import { McpServer, type RegisteredTool } from "@modelcontextprotocol/sdk/server/mcp"; +import type { Transport } from "@modelcontextprotocol/sdk/shared/transport"; +import { z } from "zod"; +import { version as packageJsonVersion } from "../../package.json"; +import type { NativeCapletTool, NativeCapletsService } from "../native/service"; + +export type NativeToolServer = Pick; + +export type NativeCapletsMcpSessionOptions = { + server?: NativeToolServer; +}; + +export class NativeCapletsMcpSession { + readonly server: NativeToolServer; + private readonly tools = new Map(); + private readonly unsubscribe: () => void; + private closed = false; + + constructor( + private readonly service: NativeCapletsService, + options: NativeCapletsMcpSessionOptions = {}, + ) { + this.server = + options.server ?? + new McpServer({ + name: "caplets", + version: packageJsonVersion, + }); + this.unsubscribe = service.onToolsChanged((tools) => this.reconcileTools(tools)); + this.reconcileTools(service.listTools()); + } + + async connect(transport: Transport): Promise { + await this.server.connect(transport); + } + + async close(): Promise { + if (this.closed) return; + this.closed = true; + this.unsubscribe(); + this.tools.clear(); + await this.server.close(); + await this.service.close(); + } + + private reconcileTools(next: NativeCapletTool[]): void { + const enabled = new Map(next.map((tool) => [tool.caplet, tool])); + for (const [id, registered] of this.tools) { + const tool = enabled.get(id); + if (!tool) { + registered.remove(); + this.tools.delete(id); + continue; + } + registered.update(this.definition(tool)); + } + for (const tool of enabled.values()) { + if (!this.tools.has(tool.caplet)) { + this.tools.set( + tool.caplet, + this.server.registerTool( + tool.caplet, + this.definition(tool), + async (request: unknown) => (await this.service.execute(tool.caplet, request)) as never, + ), + ); + } + } + } + + private definition(tool: NativeCapletTool) { + return { + title: tool.title, + description: tool.description, + inputSchema: isRecord(tool.inputSchema) ? jsonSchemaToZodShape(tool.inputSchema) : undefined, + }; + } +} + +function jsonSchemaToZodShape(schema: Record): Record { + const properties = isRecord(schema.properties) ? schema.properties : {}; + const shape: Record = {}; + for (const [key, value] of Object.entries(properties)) { + shape[key] = jsonSchemaPropertyToZod(value); + } + return shape; +} + +function jsonSchemaPropertyToZod(value: unknown): z.ZodTypeAny { + if (!isRecord(value)) return z.unknown().optional(); + if (Array.isArray(value.enum) && value.enum.every((item) => typeof item === "string")) { + const values = value.enum as string[]; + if (values.length > 0) return z.enum(values as [string, ...string[]]).optional(); + } + switch (value.type) { + case "string": + return z.string().optional(); + case "number": + case "integer": + return z.number().optional(); + case "boolean": + return z.boolean().optional(); + case "array": + return z.array(z.unknown()).optional(); + case "object": + return z.record(z.string(), z.unknown()).optional(); + default: + return z.unknown().optional(); + } +} + +function isRecord(value: unknown): value is Record { + return value !== null && typeof value === "object" && !Array.isArray(value); +} diff --git a/packages/core/src/serve/options.ts b/packages/core/src/serve/options.ts index b36bdc4..cc22759 100644 --- a/packages/core/src/serve/options.ts +++ b/packages/core/src/serve/options.ts @@ -112,6 +112,16 @@ export function resolveServeOptions( }; } +export function resolveDaemonServeOptions( + raw: RawServeOptions, + env: ServeEnv = process.env, +): HttpServeOptions { + if (raw.transport !== undefined && raw.transport !== "http") { + throw new CapletsError("REQUEST_INVALID", "Daemonized serve requires --transport http."); + } + return resolveServeOptions({ ...raw, transport: "http" }, env) as HttpServeOptions; +} + export function isLoopbackHost(host: string): boolean { const normalized = host.toLocaleLowerCase(); return normalized === "localhost" || normalized === "127.0.0.1" || normalized === "::1"; diff --git a/packages/core/src/server/options.ts b/packages/core/src/server/options.ts index 0c1d563..bd45e45 100644 --- a/packages/core/src/server/options.ts +++ b/packages/core/src/server/options.ts @@ -6,7 +6,14 @@ export type CapletsMode = "auto" | "local" | "remote"; export type CapletsServerEnv = Partial< Record< - "CAPLETS_MODE" | "CAPLETS_SERVER_URL" | "CAPLETS_SERVER_USER" | "CAPLETS_SERVER_PASSWORD", + | "CAPLETS_MODE" + | "CAPLETS_SERVER_URL" + | "CAPLETS_SERVER_USER" + | "CAPLETS_SERVER_PASSWORD" + | "CAPLETS_CLOUD_URL" + | "CAPLETS_CLOUD_TOKEN" + | "CAPLETS_CLOUD_WORKSPACE_ID" + | "CAPLETS_PROJECT_ROOT", string > >; diff --git a/packages/core/src/setup/hash.ts b/packages/core/src/setup/hash.ts new file mode 100644 index 0000000..7f47d42 --- /dev/null +++ b/packages/core/src/setup/hash.ts @@ -0,0 +1,50 @@ +import { createHash } from "node:crypto"; +import type { CapletConfig } from "../config"; + +export function capletSetupContentHash(caplet: CapletConfig): string { + return createHash("sha256") + .update(stableJson(stableCapletForHash(caplet))) + .digest("hex"); +} + +export function stableJson(value: unknown): string { + return JSON.stringify(sortJson(value)); +} + +function stableCapletForHash(caplet: CapletConfig): Record { + return { + server: caplet.server, + name: caplet.name, + description: caplet.description, + backend: caplet.backend, + tags: caplet.tags, + body: caplet.body, + setup: caplet.setup, + backendConfig: Object.fromEntries( + Object.entries(caplet).filter( + ([key]) => + ![ + "server", + "name", + "description", + "backend", + "tags", + "body", + "setup", + "disabled", + ].includes(key), + ), + ), + }; +} + +function sortJson(value: unknown): unknown { + if (Array.isArray(value)) return value.map(sortJson); + if (!value || typeof value !== "object") return value; + return Object.fromEntries( + Object.entries(value as Record) + .filter(([, entry]) => entry !== undefined) + .sort(([left], [right]) => left.localeCompare(right)) + .map(([key, entry]) => [key, sortJson(entry)]), + ); +} diff --git a/packages/core/src/setup/local-store.ts b/packages/core/src/setup/local-store.ts new file mode 100644 index 0000000..3fb8c01 --- /dev/null +++ b/packages/core/src/setup/local-store.ts @@ -0,0 +1,162 @@ +import { existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs"; +import { join } from "node:path"; +import { defaultCacheBaseDir } from "../config/paths"; +import { CapletsError } from "../errors"; +import { + isSetupTargetKind, + type SetupApproval, + type SetupAttempt, + type SetupTargetKind, +} from "./types"; + +type SetupApprovalInput = Omit & { + projectFingerprint?: string | undefined; +}; + +const DEFAULT_PROJECT_FINGERPRINT = "default"; + +export type LocalSetupStoreOptions = { + baseDir?: string; + now?: () => Date; + maxAttempts?: number; + retentionDays?: number; +}; + +export class LocalSetupStore { + private readonly root: string; + private readonly now: () => Date; + private readonly maxAttempts: number; + private readonly retentionDays: number; + + constructor(options: LocalSetupStoreOptions = {}) { + this.root = options.baseDir ?? join(defaultCacheBaseDir(), "caplets", "setup"); + this.now = options.now ?? (() => new Date()); + this.maxAttempts = options.maxAttempts ?? 3; + this.retentionDays = options.retentionDays ?? 7; + } + + async getApproval( + capletId: string, + contentHash: string, + targetKind: SetupTargetKind, + ): Promise; + async getApproval( + projectFingerprint: string, + capletId: string, + contentHash: string, + targetKind: SetupTargetKind, + ): Promise; + async getApproval( + ...args: [string, string, SetupTargetKind] | [string, string, string, SetupTargetKind] + ) { + const [projectFingerprint, capletId, contentHash, targetKind] = + args.length === 3 ? [DEFAULT_PROJECT_FINGERPRINT, args[0], args[1], args[2]] : args; + assertSetupTargetKind(targetKind); + return this.approvals().find( + (approval) => + approval.projectFingerprint === projectFingerprint && + approval.capletId === capletId && + approval.contentHash === contentHash && + approval.targetKind === targetKind, + ); + } + + async approve(input: SetupApprovalInput): Promise { + const approval = { + ...input, + projectFingerprint: input.projectFingerprint ?? DEFAULT_PROJECT_FINGERPRINT, + }; + assertSetupTargetKind(approval.targetKind); + const approvals = this.approvals().filter( + (existing) => + existing.projectFingerprint !== approval.projectFingerprint || + existing.capletId !== approval.capletId || + existing.contentHash !== approval.contentHash || + existing.targetKind !== approval.targetKind, + ); + approvals.push(approval); + mkdirSync(this.root, { recursive: true }); + writeFileSync(this.approvalsPath(), `${JSON.stringify(approvals, null, 2)}\n`, { + mode: 0o600, + }); + return approval; + } + + async recordAttempt(attempt: SetupAttempt): Promise { + assertSetupTargetKind(attempt.targetKind); + const projectFingerprint = attempt.projectFingerprint ?? DEFAULT_PROJECT_FINGERPRINT; + const attempts = this.prunedAttempts([ + ...this.attempts(projectFingerprint, attempt.capletId), + { ...attempt, projectFingerprint }, + ]); + mkdirSync(this.attemptsDir(projectFingerprint), { recursive: true }); + writeFileSync( + this.attemptsPath(projectFingerprint, attempt.capletId), + attempts.map((entry) => JSON.stringify(entry)).join("\n") + "\n", + { mode: 0o600 }, + ); + } + + async listAttempts(capletId: string): Promise; + async listAttempts(projectFingerprint: string, capletId: string): Promise; + async listAttempts(...args: [string] | [string, string]): Promise { + const [projectFingerprint, capletId] = + args.length === 1 ? [DEFAULT_PROJECT_FINGERPRINT, args[0]] : args; + return this.attempts(projectFingerprint, capletId); + } + + retention(): { maxAttempts: number; days: number } { + return { maxAttempts: this.maxAttempts, days: this.retentionDays }; + } + + private approvals(): SetupApproval[] { + const path = this.approvalsPath(); + if (!existsSync(path)) return []; + const approvals = JSON.parse(readFileSync(path, "utf8")) as SetupApprovalInput[]; + return approvals.map((approval) => ({ + ...approval, + projectFingerprint: approval.projectFingerprint ?? DEFAULT_PROJECT_FINGERPRINT, + })); + } + + private prunedAttempts(attempts: SetupAttempt[]): SetupAttempt[] { + const cutoffMs = this.now().getTime() - this.retentionDays * 24 * 60 * 60 * 1000; + return attempts + .filter((attempt) => new Date(attempt.finishedAt).getTime() >= cutoffMs) + .slice(-this.maxAttempts); + } + + private approvalsPath(): string { + return join(this.root, "approvals.json"); + } + + private attempts(projectFingerprint: string, capletId: string): SetupAttempt[] { + const path = this.attemptsPath(projectFingerprint, capletId); + if (!existsSync(path)) return []; + return readFileSync(path, "utf8") + .split("\n") + .filter(Boolean) + .map((line) => JSON.parse(line) as SetupAttempt); + } + + private attemptsDir(projectFingerprint: string): string { + return join(this.root, "projects", safeFileName(projectFingerprint), "attempts"); + } + + private attemptsPath(projectFingerprint: string, capletId: string): string { + return join(this.attemptsDir(projectFingerprint), `${safeFileName(capletId)}.jsonl`); + } +} + +function safeFileName(value: string): string { + return value.replace(/[^a-zA-Z0-9._-]/gu, "_"); +} + +function assertSetupTargetKind(value: string): asserts value is SetupTargetKind { + if (!isSetupTargetKind(value)) { + throw new CapletsError( + "REQUEST_INVALID", + "setup target must be one of: local_host, remote_host, hosted_sandbox", + ); + } +} diff --git a/packages/core/src/setup/runner.ts b/packages/core/src/setup/runner.ts new file mode 100644 index 0000000..e644645 --- /dev/null +++ b/packages/core/src/setup/runner.ts @@ -0,0 +1,233 @@ +import { spawn } from "node:child_process"; +import { randomUUID } from "node:crypto"; +import { isAbsolute, resolve } from "node:path"; +import type { CapletSetupCommandConfig, CapletSetupConfig } from "../config"; +import type { RuntimeFeature } from "../config-runtime"; +import { CapletsError } from "../errors"; +import type { LocalSetupStore } from "./local-store"; +import { + isSetupTargetKind, + type SetupActor, + type SetupAttempt, + type SetupTargetKind, +} from "./types"; + +export type SpawnResult = { + exitCode?: number | undefined; + signal?: string | undefined; + stdout: string; + stderr: string; + durationMs: number; +}; + +export type SetupSpawn = ( + command: string, + args: string[], + options: { + cwd?: string | undefined; + env: NodeJS.ProcessEnv; + timeoutMs: number; + maxOutputBytes: number; + }, +) => Promise; + +export type RunCapletSetupOptions = { + projectFingerprint?: string; + capletId: string; + contentHash: string; + setupHash?: string | undefined; + targetKind: SetupTargetKind; + runtimeFeatures?: RuntimeFeature[] | undefined; + projectBindingRequired?: boolean | undefined; + projectWorkspacePath?: string | undefined; + setup: CapletSetupConfig; + actor: SetupActor; + approved: boolean; + store: Pick; + spawn?: SetupSpawn; + now?: () => Date; +}; + +const DEFAULT_TIMEOUT_MS = 120_000; +const DEFAULT_MAX_OUTPUT_BYTES = 200_000; + +export async function runCapletSetup(options: RunCapletSetupOptions): Promise { + assertSetupTargetKind(options.targetKind); + if (!options.approved) { + throw new CapletsError("REQUEST_INVALID", "Setup approval is required before commands run"); + } + + const attempts: SetupAttempt[] = []; + const commands = options.setup.commands ?? []; + const verify = options.setup.verify ?? []; + for (const phase of ["commands", "verify"] as const) { + for (const command of phase === "commands" ? commands : verify) { + const attempt = await runSetupCommand(options, phase, command); + attempts.push(attempt); + await options.store.recordAttempt(attempt); + if (attempt.status !== "succeeded") { + return attempts; + } + } + } + return attempts; +} + +async function runSetupCommand( + options: RunCapletSetupOptions, + phase: "commands" | "verify", + command: CapletSetupCommandConfig, +): Promise { + const now = options.now ?? (() => new Date()); + const startedAt = now(); + const argv = [command.command, ...(command.args ?? [])]; + const env = { + ...process.env, + ...command.env, + }; + const timeoutMs = command.timeoutMs ?? DEFAULT_TIMEOUT_MS; + const maxOutputBytes = command.maxOutputBytes ?? DEFAULT_MAX_OUTPUT_BYTES; + const cwd = resolveCwd(command.cwd); + assertProjectWorkspaceSetupAllowed({ + cwd, + projectBindingRequired: options.projectBindingRequired === true, + projectWorkspacePath: options.projectWorkspacePath, + }); + const spawnImpl = options.spawn ?? spawnCommand; + const result = await spawnImpl(command.command, command.args ?? [], { + cwd, + env, + timeoutMs, + maxOutputBytes, + }); + const finishedAt = now(); + const redacted = redactsSecrets(command.env); + const stdout = redactOutput(result.stdout, command.env); + const stderr = redactOutput(result.stderr, command.env); + return { + attemptId: randomUUID(), + projectFingerprint: options.projectFingerprint ?? "default", + capletId: options.capletId, + contentHash: options.contentHash, + ...(options.setupHash === undefined ? {} : { setupHash: options.setupHash }), + targetKind: options.targetKind, + ...(options.runtimeFeatures === undefined ? {} : { runtimeFeatures: options.runtimeFeatures }), + actor: options.actor, + status: result.exitCode === 0 && !result.signal ? "succeeded" : "failed", + phase, + commandLabel: command.label, + argv, + ...(result.exitCode === undefined ? {} : { exitCode: result.exitCode }), + ...(result.signal === undefined ? {} : { signal: result.signal }), + durationMs: result.durationMs, + startedAt: startedAt.toISOString(), + finishedAt: finishedAt.toISOString(), + stdout: capBytes(stdout, maxOutputBytes), + stderr: capBytes(stderr, maxOutputBytes), + redacted, + retention: options.store.retention(), + }; +} + +function assertProjectWorkspaceSetupAllowed(input: { + cwd?: string | undefined; + projectBindingRequired: boolean; + projectWorkspacePath?: string | undefined; +}): void { + if (input.projectBindingRequired || !input.cwd || !input.projectWorkspacePath) return; + const workspacePath = resolve(input.projectWorkspacePath); + const cwd = resolve(input.cwd); + if (cwd === workspacePath || cwd.startsWith(`${workspacePath}/`)) { + throw new CapletsError( + "REQUEST_INVALID", + "Non-project setup cannot run inside project workspace without projectBinding.required", + ); + } +} + +export async function spawnCommand( + command: string, + args: string[], + options: { + cwd?: string | undefined; + env: NodeJS.ProcessEnv; + timeoutMs: number; + maxOutputBytes: number; + }, +): Promise { + const startedAt = Date.now(); + return await new Promise((resolvePromise, reject) => { + const child = spawn(command, args, { + cwd: options.cwd, + env: options.env, + shell: false, + stdio: ["ignore", "pipe", "pipe"], + }); + const chunks = { stdout: "", stderr: "" }; + const timer = setTimeout(() => { + child.kill("SIGTERM"); + }, options.timeoutMs); + child.on("error", (error) => { + clearTimeout(timer); + reject(error); + }); + child.stdout?.setEncoding("utf8"); + child.stderr?.setEncoding("utf8"); + child.stdout?.on("data", (chunk) => { + chunks.stdout = capBytes(chunks.stdout + chunk, options.maxOutputBytes); + }); + child.stderr?.on("data", (chunk) => { + chunks.stderr = capBytes(chunks.stderr + chunk, options.maxOutputBytes); + }); + child.on("close", (exitCode, signal) => { + clearTimeout(timer); + resolvePromise({ + exitCode: exitCode ?? undefined, + signal: signal ?? undefined, + stdout: chunks.stdout, + stderr: chunks.stderr, + durationMs: Date.now() - startedAt, + }); + }); + }); +} + +function resolveCwd(cwd: string | undefined): string | undefined { + if (!cwd) return undefined; + if (!isAbsolute(cwd)) { + throw new CapletsError("CONFIG_INVALID", "Setup command cwd must be absolute"); + } + return resolve(cwd); +} + +function redactsSecrets(env: Record | undefined): boolean { + return Object.entries(env ?? {}).some(([key, value]) => isSecretKey(key) && value.length > 0); +} + +function redactOutput(output: string, env: Record | undefined): string { + let redacted = output; + for (const [key, value] of Object.entries(env ?? {})) { + if (!isSecretKey(key) || !value) continue; + redacted = redacted.split(value).join("[REDACTED]"); + } + return redacted; +} + +function isSecretKey(key: string): boolean { + return /TOKEN|SECRET|PASSWORD|KEY|AUTH/iu.test(key); +} + +function capBytes(value: string, maxBytes: number): string { + const bytes = Buffer.byteLength(value); + if (bytes <= maxBytes) return value; + return Buffer.from(value).subarray(0, maxBytes).toString("utf8"); +} + +function assertSetupTargetKind(value: string): asserts value is SetupTargetKind { + if (!isSetupTargetKind(value)) { + throw new CapletsError( + "REQUEST_INVALID", + "setup target must be one of: local_host, remote_host, hosted_sandbox", + ); + } +} diff --git a/packages/core/src/setup/types.ts b/packages/core/src/setup/types.ts new file mode 100644 index 0000000..f59233b --- /dev/null +++ b/packages/core/src/setup/types.ts @@ -0,0 +1,60 @@ +import type { CapletSetupCommandConfig, CapletSetupConfig } from "../config"; +import type { RuntimeFeature } from "../config-runtime"; + +export const setupTargetKinds = ["local_host", "remote_host", "hosted_sandbox"] as const; + +export type SetupTargetKind = (typeof setupTargetKinds)[number]; +export type SetupActor = "cli-interactive" | "cli-yes" | "ui" | "automation"; +export type SetupAttemptStatus = "running" | "succeeded" | "failed"; + +export type SetupApproval = { + projectFingerprint: string; + capletId: string; + contentHash: string; + targetKind: SetupTargetKind; + approvedAt: string; + actor: SetupActor; +}; + +export type SetupAttempt = { + attemptId: string; + projectFingerprint: string; + capletId: string; + contentHash: string; + setupHash?: string | undefined; + targetKind: SetupTargetKind; + runtimeFeatures?: RuntimeFeature[] | undefined; + actor: SetupActor; + status: SetupAttemptStatus; + phase: "commands" | "verify"; + commandLabel: string; + argv: string[]; + exitCode?: number | undefined; + signal?: string | undefined; + durationMs: number; + startedAt: string; + finishedAt: string; + stdout: string; + stderr: string; + redacted: boolean; + retention: { + maxAttempts: number; + days: number; + }; +}; + +export type SetupPlan = { + projectFingerprint: string; + capletId: string; + name: string; + contentHash: string; + targetKind: SetupTargetKind; + setup: CapletSetupConfig; + approved: boolean; + commands: CapletSetupCommandConfig[]; + verify: CapletSetupCommandConfig[]; +}; + +export function isSetupTargetKind(value: string): value is SetupTargetKind { + return setupTargetKinds.includes(value as SetupTargetKind); +} diff --git a/packages/core/src/tools.ts b/packages/core/src/tools.ts index 5509769..e058980 100644 --- a/packages/core/src/tools.ts +++ b/packages/core/src/tools.ts @@ -430,6 +430,23 @@ export type CapletArtifact = { pathResolution: "absolute" | "relative-to-mcp-server"; }; +export type CapletExecutionMetadata = { + kind: "local" | "remote" | "cloud" | "local-fallback"; + runtimeId?: string | undefined; + sandboxId?: string | undefined; + presenceId?: string | undefined; + fallback?: boolean | undefined; + fallbackReason?: "hosted_runtime_limit_reached" | "hosted_runtime_degraded" | undefined; + project?: + | { + bound: boolean; + fingerprint?: string | undefined; + syncReceiptId?: string | undefined; + applyReceiptId?: string | undefined; + } + | undefined; +}; + export type CapletResultMetadata = { id: string; name: string; @@ -441,6 +458,7 @@ export type CapletResultMetadata = { status: "ok" | "error"; elapsedMs?: number; artifacts?: CapletArtifact[]; + execution?: CapletExecutionMetadata | undefined; }; export function metadataFor( @@ -448,6 +466,7 @@ export function metadataFor( operation: RequiredOperationRequest["operation"], target?: string | { tool?: string; uri?: string; prompt?: string }, startedAt?: number, + execution?: CapletExecutionMetadata, ): CapletResultMetadata { const targetFields = typeof target === "string" ? { tool: target } : (target ?? {}); return { @@ -458,6 +477,7 @@ export function metadataFor( ...targetFields, status: "ok", ...(startedAt === undefined ? {} : { elapsedMs: Date.now() - startedAt }), + ...(execution === undefined ? {} : { execution }), }; } diff --git a/packages/core/test/agent-plugins.test.ts b/packages/core/test/agent-plugins.test.ts index ac252c1..44adce0 100644 --- a/packages/core/test/agent-plugins.test.ts +++ b/packages/core/test/agent-plugins.test.ts @@ -1,4 +1,4 @@ -import { existsSync, lstatSync } from "node:fs"; +import { existsSync } from "node:fs"; import { readFile } from "node:fs/promises"; import path from "node:path"; import { fileURLToPath } from "node:url"; @@ -6,162 +6,39 @@ import { describe, expect, it } from "vitest"; const repoRoot = path.resolve(path.dirname(fileURLToPath(import.meta.url)), "../../.."); -async function readJson(filePath: string): Promise { - return JSON.parse(await readFile(filePath, "utf8")) as T; -} - -describe("root agent plugin artifacts", () => { - it("declares agent plugin components using agent-specific files", async () => { - for (const pluginManifest of [ - "plugins/caplets/.codex-plugin/plugin.json", - "plugins/caplets/.claude-plugin/plugin.json", +describe("Codex and Claude manual MCP setup", () => { + it("does not ship native Codex or Claude plugin artifacts", () => { + for (const removedPath of [ + "plugins/caplets", + ".agents/plugins/marketplace.json", + ".claude-plugin/marketplace.json", + "scripts/sync-plugin-versions.ts", ]) { - const manifest = await readJson>(path.join(repoRoot, pluginManifest)); - - expect(manifest.skills).toBe("./skills/"); - expect(manifest.mcpServers).toBe("./mcp.json"); - expect(manifest.hooks).toBeUndefined(); + expect(existsSync(path.join(repoRoot, removedPath)), removedPath).toBe(false); } }); - it("keeps plugin manifest versions aligned with the CLI package", async () => { - const [rootPackage, cliPackage, codexManifest, claudeManifest] = await Promise.all([ - readJson<{ scripts: Record }>(path.join(repoRoot, "package.json")), - readJson<{ version: string }>(path.join(repoRoot, "packages/cli/package.json")), - readJson<{ version: string }>( - path.join(repoRoot, "plugins/caplets/.codex-plugin/plugin.json"), - ), - readJson<{ version: string }>( - path.join(repoRoot, "plugins/caplets/.claude-plugin/plugin.json"), - ), - ]); - - expect(codexManifest.version).toBe(cliPackage.version); - expect(claudeManifest.version).toBe(cliPackage.version); - expect(rootPackage.scripts["version-packages"]).toContain("scripts/sync-plugin-versions.ts"); - expect(rootPackage.scripts["version-packages"]).toContain("oxfmt"); - }); - - it("declares a Claude Code marketplace entry using Claude's schema", async () => { - const marketplace = await readJson<{ - name: string; - owner: { name: string }; - plugins: Array<{ - name: string; - source: string; - }>; - }>(path.join(repoRoot, ".claude-plugin/marketplace.json")); - - expect(marketplace.name).toBe("caplets"); - expect(marketplace.owner.name).toBe("Spirit-Led Software LLC"); - expect(marketplace.plugins).toEqual([ - expect.objectContaining({ - name: "caplets", - source: "./plugins/caplets", - }), - ]); - }); - - it("declares a Codex marketplace entry using Codex's schema", async () => { - const marketplace = await readJson<{ - name: string; - plugins: Array<{ - name: string; - source: { source: string; path: string }; - }>; - }>(path.join(repoRoot, ".agents/plugins/marketplace.json")); - - expect(marketplace.name).toBe("caplets"); - expect(marketplace.plugins).toEqual([ - expect.objectContaining({ - name: "caplets", - source: { source: "local", path: "./plugins/caplets" }, - }), - ]); - }); - - it("runs the globally installed Caplets CLI in both MCP configs", async () => { - const mcp = await readJson<{ mcpServers: { caplets: { command: string; args: string[] } } }>( - path.join(repoRoot, "plugins/caplets/mcp.json"), - ); - - expect(mcp.mcpServers.caplets).toEqual({ - command: "caplets", - args: ["serve"], - }); - expect(JSON.stringify(mcp)).not.toContain("caplets@"); - }); - - it("documents remote Caplets service configuration for MCP-backed plugins", async () => { + it("documents manual MCP config for Codex and Claude users", async () => { const readme = await readFile(path.join(repoRoot, "README.md"), "utf8"); - - expect(readme).toContain("CAPLETS_SERVER_URL"); - expect(readme).toContain("caplets serve --transport http"); - expect(readme).toContain("https://caplets.example.com/caplets"); - expect(readme).toContain("/control"); - expect(readme).toMatch(/HTTPS\/TLS|TLS|HTTPS/); - }); - - it("uses a strong shared plugin skill for automatic selection", async () => { - const skill = await readFile( - path.join(repoRoot, "plugins/caplets/skills/caplets/SKILL.md"), - "utf8", - ); - - expect(skill).toContain("name: caplets"); - expect(skill).toContain("when_to_use:"); - expect(skill).toContain("external tools"); - expect(skill).toContain("MCP servers"); - expect(skill).toContain("OpenAPI"); - expect(skill).toContain("GraphQL"); - expect(skill).toContain("HTTP endpoints"); - expect(skill).toContain("call_tool"); - expect(skill).toContain("Skip this skill for normal local code edits"); + expect(readme).toContain('"command": "caplets"'); + expect(readme).toContain('"args": ["serve"]'); + expect(readme).toContain('"args": ["attach"]'); + expect(readme).not.toMatch(/plugin marketplace add|plugin install caplets@caplets/u); }); - it("keeps the Codex marketplace source self-contained for plugin installs", () => { - const pluginRoot = path.join(repoRoot, "plugins/caplets"); - const skillDir = path.join(pluginRoot, "skills"); - - expect(lstatSync(pluginRoot).isDirectory()).toBe(true); - expect(lstatSync(skillDir).isDirectory()).toBe(true); - expect(lstatSync(skillDir).isSymbolicLink()).toBe(false); - expect(existsSync(path.join(pluginRoot, ".codex-plugin/plugin.json"))).toBe(true); - expect(existsSync(path.join(pluginRoot, "skills/caplets/SKILL.md"))).toBe(true); - expect(existsSync(path.join(pluginRoot, "mcp.json"))).toBe(true); - }); - - it("keeps plugin metadata and components in documented locations", () => { - for (const forbiddenPath of [ - "packages/codex", - "packages/claude-code", - "packages/agent-plugin-shared", - ".codex-plugin", - ".codex-plugins", - ".mcp.json", - "hooks", - ".claude-plugin/plugin.json", - ".claude-plugin/.mcp.json", - ".codex-plugin/hooks.json", - ".claude-plugin/hooks.json", - ".codex-plugin/hooks", - ".claude-plugin/hooks", - ".claude-plugin/skills", - ]) { - expect(existsSync(path.join(repoRoot, forbiddenPath)), forbiddenPath).toBe(false); - } - - for (const requiredPath of [ - "plugins/caplets/.codex-plugin/plugin.json", - "plugins/caplets/.claude-plugin/plugin.json", - "plugins/caplets/mcp.json", - "plugins/caplets/skills/caplets/SKILL.md", - "plugins/caplets/assets/icon.png", - ".claude-plugin/marketplace.json", - ".agents/plugins/marketplace.json", - "scripts/sync-plugin-versions.ts", - ]) { - expect(existsSync(path.join(repoRoot, requiredPath)), requiredPath).toBe(true); - } + it("documents serve for local MCP and attach for remote MCP", async () => { + const readme = await readFile(path.join(repoRoot, "README.md"), "utf8"); + expect(readme).toContain("caplets serve"); + expect(readme).toContain("caplets attach"); + expect(readme).toContain("CAPLETS_MODE=cloud"); + expect(readme).toContain("CAPLETS_REMOTE_URL=https://cloud.caplets.dev"); + expect(readme).toContain("CAPLETS_MODE=remote"); + }); + + it("does not keep version-package plugin sync wiring", async () => { + const packageJson = JSON.parse(await readFile(path.join(repoRoot, "package.json"), "utf8")) as { + scripts: Record; + }; + expect(packageJson.scripts["version-packages"] ?? "").not.toContain("sync-plugin-versions"); }); }); diff --git a/packages/core/test/attach-cli.test.ts b/packages/core/test/attach-cli.test.ts new file mode 100644 index 0000000..291562f --- /dev/null +++ b/packages/core/test/attach-cli.test.ts @@ -0,0 +1,247 @@ +import { mkdtempSync, rmSync } from "node:fs"; +import { tmpdir } from "node:os"; +import { join } from "node:path"; +import { afterEach, describe, expect, it } from "vitest"; +import { attachProjectOnce, resolveAttachOptions } from "../src/project-binding/attach"; +import { runCli } from "../src/cli"; +import { CloudAuthStore } from "../src/cloud-auth/store"; +import { hostedCredentials, tempCloudAuthPath } from "./fixtures/cloud-auth"; + +const tempDirs: string[] = []; + +afterEach(() => { + for (const dir of tempDirs.splice(0)) { + rmSync(dir, { recursive: true, force: true }); + } +}); + +describe("caplets attach CLI", () => { + it("shows attach help", async () => { + const out: string[] = []; + + await runCli(["attach", "--help"], { writeOut: (value) => out.push(value) }); + + expect(out.join("")).toContain("Start a remote-backed Caplets MCP server."); + expect(out.join("")).toContain("--transport "); + expect(out.join("")).toContain("--remote-url "); + expect(out.join("")).toContain("--workspace "); + expect(out.join("")).toContain("--once"); + }); + + it("runs attach as a stdio MCP server by default", async () => { + const served: unknown[] = []; + await runCli(["attach"], { + env: { + CAPLETS_MODE: "remote", + CAPLETS_REMOTE_URL: "https://caplets.example.com/caplets", + }, + attachServe: async (options: unknown) => { + served.push(options); + }, + } as never); + + expect(served).toHaveLength(1); + expect(served[0]).toMatchObject({ + transport: "stdio", + selection: { kind: "self_hosted_remote" }, + }); + }); + + it("rejects attach server in local mode", async () => { + await expect( + runCli(["attach"], { + env: { CAPLETS_MODE: "local" }, + attachServe: async () => undefined, + } as never), + ).rejects.toThrow(/use caplets serve for local-only MCP/u); + }); + + it("resolves attach options from flags, env, and the caller cwd", async () => { + const resolved = await resolveAttachOptions( + { + remoteUrl: "https://caplets.example.com/caplets", + token: "token", + workspace: "workspace", + once: true, + projectRoot: "/repo", + }, + { CAPLETS_REMOTE_URL: "https://env.example.com" }, + ); + + expect(resolved).toMatchObject({ + projectRoot: "/repo", + once: true, + remote: { + baseUrl: new URL("https://caplets.example.com/caplets"), + workspace: "workspace", + auth: { type: "bearer", token: "token" }, + }, + }); + }); + + it("reports WebSocket upgrade failures clearly in once mode", async () => { + await expect( + attachProjectOnce({ + projectRoot: "/repo", + remoteUrl: "https://caplets.example.com/caplets", + fetch: async () => new Response("upgrade blocked", { status: 426 }), + }), + ).rejects.toMatchObject({ + code: "SERVER_UNAVAILABLE", + message: expect.stringContaining("Project Binding WebSocket unavailable"), + }); + }); + + it("probes the HTTP equivalent of the Project Binding WebSocket URL", async () => { + let requestedUrl: string | undefined; + + await expect( + attachProjectOnce({ + projectRoot: "/repo", + remoteUrl: "http://127.0.0.1:8787/caplets", + fetch: async (url) => { + requestedUrl = String(url); + return Response.json({ error: "websocket_upgrade_required" }, { status: 426 }); + }, + }), + ).resolves.toMatchObject({ + ok: true, + webSocketUrl: "ws://127.0.0.1:8787/caplets/control/project-bindings/connect", + }); + expect(requestedUrl).toBe("http://127.0.0.1:8787/caplets/control/project-bindings/connect"); + }); + + it("runs once from the CLI and reports WebSocket availability", async () => { + const out: string[] = []; + const cwd = process.cwd(); + const projectRoot = tempProjectRoot(); + + try { + process.chdir(projectRoot); + + await runCli(["attach", "--remote-url", "https://caplets.example.com/caplets", "--once"], { + fetch: async () => Response.json({ error: "websocket_upgrade_required" }, { status: 426 }), + writeOut: (value) => out.push(value), + }); + } finally { + process.chdir(cwd); + } + + expect(out.join("")).toContain( + "Project Binding available at wss://caplets.example.com/caplets/control/project-bindings/connect.", + ); + }); + + it("keeps attach --once as the finite Project Binding smoke path", async () => { + const out: string[] = []; + await runCli(["attach", "--once", "--remote-url", "https://caplets.example.com/caplets"], { + fetch: async () => Response.json({ error: "websocket_upgrade_required" }, { status: 426 }), + writeOut: (value) => out.push(value), + }); + expect(out.join("")).toContain("Project Binding available at"); + }); + + it("prints structured JSON for CLI WebSocket failures", async () => { + const out: string[] = []; + let exitCode = 0; + const cwd = process.cwd(); + const projectRoot = tempProjectRoot(); + + try { + process.chdir(projectRoot); + + await runCli( + ["attach", "--remote-url", "https://caplets.example.com/caplets", "--once", "--json"], + { + fetch: async () => new Response("upgrade blocked", { status: 426 }), + writeOut: (value) => out.push(value), + setExitCode: (code) => { + exitCode = code; + }, + }, + ); + } finally { + process.chdir(cwd); + } + + expect(exitCode).toBe(1); + expect(JSON.parse(out.join(""))).toMatchObject({ + ok: false, + error: { code: "PROJECT_BINDING_WEBSOCKET_UNAVAILABLE" }, + }); + }); + + it("prints JSON error for attach --once when cloud auth is missing", async () => { + const out: string[] = []; + let exitCode = 0; + await runCli(["attach", "--once", "--json"], { + env: { + CAPLETS_MODE: "cloud", + CAPLETS_REMOTE_URL: "https://cloud.caplets.dev", + }, + writeOut: (value) => out.push(value), + setExitCode: (code) => { + exitCode = code; + }, + }); + + expect(exitCode).toBe(1); + expect(JSON.parse(out.join(""))).toMatchObject({ + error: { + code: "cloud_auth_required", + recoveryCommand: "caplets cloud auth login", + }, + }); + }); + + it("rejects attach --workspace when it differs from the saved Selected Workspace", async () => { + const path = tempCloudAuthPath(); + const out: string[] = []; + let exitCode = 0; + await new CloudAuthStore({ path }).save(hostedCredentials({ workspaceSlug: "personal" })); + + await runCli(["attach", "--workspace", "team", "--once", "--json", "--project-root", "/repo"], { + env: { + CAPLETS_MODE: "cloud", + CAPLETS_REMOTE_URL: "https://cloud.caplets.dev", + CAPLETS_CLOUD_AUTH_PATH: path, + }, + writeOut: (value) => out.push(value), + setExitCode: (code) => { + exitCode = code; + }, + }); + + expect(exitCode).toBe(1); + expect(JSON.parse(out[0] ?? "{}")).toMatchObject({ + error: { + code: "workspace_switch_required", + recoveryCommand: "caplets cloud auth switch ", + }, + }); + }); + + it("does not print a first-time project sync approval prompt", async () => { + const path = tempCloudAuthPath(); + const out: string[] = []; + await new CloudAuthStore({ path }).save(hostedCredentials()); + + await runCli(["attach", "--once", "--json", "--project-root", "/repo"], { + env: { + CAPLETS_MODE: "cloud", + CAPLETS_REMOTE_URL: "https://cloud.caplets.dev", + CAPLETS_CLOUD_AUTH_PATH: path, + }, + fetch: async () => Response.json({ error: "websocket_upgrade_required" }, { status: 426 }), + writeOut: (value) => out.push(value), + }); + + expect(out.join("")).not.toMatch(/approve|approval|confirm/i); + }); +}); + +function tempProjectRoot(): string { + const root = mkdtempSync(join(tmpdir(), "caplets-attach-cli-")); + tempDirs.push(root); + return root; +} diff --git a/packages/core/test/attach-server.test.ts b/packages/core/test/attach-server.test.ts new file mode 100644 index 0000000..70aa997 --- /dev/null +++ b/packages/core/test/attach-server.test.ts @@ -0,0 +1,82 @@ +import { describe, expect, it, vi } from "vitest"; +import { NativeCapletsMcpSession } from "../src/serve/native-session"; + +describe("NativeCapletsMcpSession", () => { + it("registers tools from a native Caplets service", async () => { + const registered = new Map(); + const server = { + registerTool: vi.fn((name: string, definition: unknown, callback: unknown) => { + registered.set(name, { definition, callback }); + return { remove: vi.fn(), update: vi.fn() }; + }), + connect: vi.fn(async () => undefined), + close: vi.fn(async () => undefined), + }; + const service = { + listTools: () => [ + { + caplet: "remote-alpha", + toolName: "caplets_remote_alpha", + title: "Remote Alpha", + description: "Remote alpha tool", + promptGuidance: [], + inputSchema: { + type: "object", + properties: { operation: { type: "string", enum: ["inspect"] } }, + }, + operationNames: ["inspect"], + }, + ], + execute: vi.fn(async () => ({ ok: true })), + reload: vi.fn(async () => true), + onToolsChanged: vi.fn(() => () => undefined), + close: vi.fn(async () => undefined), + }; + + const session = new NativeCapletsMcpSession(service, { server: server as never }); + + expect([...registered.keys()]).toEqual(["remote-alpha"]); + const tool = registered.get("remote-alpha") as { + callback: (request: unknown) => Promise; + }; + await expect(tool.callback({ operation: "inspect" })).resolves.toEqual({ ok: true }); + expect(service.execute).toHaveBeenCalledWith("remote-alpha", { operation: "inspect" }); + await session.close(); + expect(service.close).toHaveBeenCalledOnce(); + }); + + it("updates registered tools when the native service changes", () => { + let listener: ((tools: unknown[]) => void) | undefined; + const removed = vi.fn(); + const server = { + registerTool: vi.fn((_name: string, _definition: unknown, _callback: unknown) => ({ + remove: removed, + update: vi.fn(), + })), + connect: vi.fn(async () => undefined), + close: vi.fn(async () => undefined), + }; + const service = { + listTools: () => [ + { caplet: "alpha", title: "Alpha", description: "Alpha", promptGuidance: [] }, + ], + execute: vi.fn(async () => ({})), + reload: vi.fn(async () => true), + onToolsChanged: vi.fn((nextListener: (tools: unknown[]) => void) => { + listener = nextListener; + return () => undefined; + }), + close: vi.fn(async () => undefined), + }; + + new NativeCapletsMcpSession(service as never, { server: server as never }); + listener?.([{ caplet: "beta", title: "Beta", description: "Beta", promptGuidance: [] }]); + + expect(removed).toHaveBeenCalledOnce(); + expect(server.registerTool).toHaveBeenCalledWith( + "beta", + expect.objectContaining({ title: "Beta" }), + expect.any(Function), + ); + }); +}); diff --git a/packages/core/test/caplet-files.test.ts b/packages/core/test/caplet-files.test.ts new file mode 100644 index 0000000..1b0fa24 --- /dev/null +++ b/packages/core/test/caplet-files.test.ts @@ -0,0 +1,62 @@ +import { describe, expect, it } from "vitest"; +import { loadCapletFilesFromMap } from "../src/caplet-files"; + +describe("in-memory Caplet files", () => { + it("loads directory CAPLET.md files from an in-memory map", () => { + const result = loadCapletFilesFromMap({ + files: [ + { + path: "pypi/CAPLET.md", + content: `--- +name: PyPI +description: Query Python package metadata. +openapiEndpoint: + specPath: ./openapi.yaml + auth: + type: none +--- + +# PyPI +`, + }, + ], + }); + + expect(result?.paths).toEqual({ pypi: "pypi/CAPLET.md" }); + expect(result?.config.openapiEndpoints?.pypi).toEqual( + expect.objectContaining({ + name: "PyPI", + description: "Query Python package metadata.", + specPath: "pypi/openapi.yaml", + body: "\n# PyPI\n", + }), + ); + }); + + it("rejects duplicate in-memory caplet ids", () => { + expect(() => + loadCapletFilesFromMap({ + files: [ + { path: "search.md", content: caplet("Search A") }, + { path: "search/CAPLET.md", content: caplet("Search B") }, + ], + }), + ).toThrow(/Duplicate Caplet ID search/); + }); +}); + +function caplet(name: string): string { + return `--- +name: ${name} +description: Search project resources. +httpApi: + baseUrl: https://example.com + auth: + type: none + actions: + list: + method: GET + path: /list +--- +`; +} diff --git a/packages/core/test/caplet-source.test.ts b/packages/core/test/caplet-source.test.ts new file mode 100644 index 0000000..7da1713 --- /dev/null +++ b/packages/core/test/caplet-source.test.ts @@ -0,0 +1,186 @@ +import { mkdirSync, mkdtempSync, rmSync, writeFileSync } from "node:fs"; +import { tmpdir } from "node:os"; +import { join } from "node:path"; +import { afterEach, describe, expect, it } from "vitest"; +import { BundleCapletSource } from "../src/caplet-source/bundle"; +import { FilesystemCapletSource } from "../src/caplet-source/filesystem"; +import { parseCapletSource } from "../src/caplet-source/parse"; + +const fixtureFiles = [ + { + path: "./weather/CAPLET.md", + content: `--- +name: Weather +description: Query weather forecast metadata. +openapiEndpoint: + specPath: ./openapi.yaml + auth: + type: bearer + token: \${WEATHER_TOKEN} +--- + +# Weather +`, + }, + { + path: "weather/openapi.yaml", + content: `openapi: 3.1.0 +info: + title: Weather + version: 1.0.0 +paths: {} +`, + }, + { + path: "tools/CAPLET.md", + content: `--- +name: Project Tools +description: Run project maintenance tools. +setup: + commands: + - label: Install tools + command: pnpm + args: [install] +cliTools: + projectBinding: + required: true + runtime: + features: [docker] + resources: + class: heavy + actions: + list_files: + description: List project files. + command: npx + args: [-y, "@playwright/mcp", ./scripts/list-files.js] +--- + +# Project Tools +`, + }, + { + path: "tools/scripts/list-files.js", + content: "console.log(JSON.stringify(process.argv.slice(2)));\n", + }, +]; + +const tempDirs: string[] = []; + +afterEach(() => { + for (const dir of tempDirs.splice(0)) { + rmSync(dir, { recursive: true, force: true }); + } +}); + +describe("CapletSource adapters", () => { + it("list and read normalized relative files for bundles", async () => { + const source = new BundleCapletSource(fixtureFiles); + + await expect(source.listFiles()).resolves.toEqual([ + expect.objectContaining({ path: "tools/CAPLET.md" }), + expect.objectContaining({ path: "tools/scripts/list-files.js" }), + expect.objectContaining({ path: "weather/CAPLET.md" }), + expect.objectContaining({ path: "weather/openapi.yaml" }), + ]); + await expect(source.readFile("./weather\\openapi.yaml")).resolves.toEqual({ + path: "weather/openapi.yaml", + content: fixtureFiles[1]!.content, + }); + await expect(source.readFile("../outside.yaml")).resolves.toBeUndefined(); + }); + + it("list and read normalized relative files for filesystems", async () => { + const root = writeFixtureTree(); + const source = new FilesystemCapletSource(root); + + await expect(source.listFiles()).resolves.toEqual([ + expect.objectContaining({ path: "tools/CAPLET.md" }), + expect.objectContaining({ path: "tools/scripts/list-files.js" }), + expect.objectContaining({ path: "weather/CAPLET.md" }), + expect.objectContaining({ path: "weather/openapi.yaml" }), + ]); + await expect(source.readFile("./tools/scripts/list-files.js")).resolves.toEqual({ + path: "tools/scripts/list-files.js", + content: fixtureFiles[3]!.content, + }); + await expect(source.readFile("/absolute.js")).resolves.toBeUndefined(); + }); + + it("parses equivalent bundle and filesystem multi-file Caplets identically", async () => { + const bundle = await parseCapletSource(new BundleCapletSource(fixtureFiles)); + const filesystem = await parseCapletSource(new FilesystemCapletSource(writeFixtureTree())); + + expect(summary(bundle)).toEqual(summary(filesystem)); + expect(summary(bundle)).toEqual([ + { + id: "weather", + backend: "openapi", + setupRequired: false, + authRequired: true, + projectBindingRequired: false, + runtime: { + route: "worker_safe", + setupTarget: undefined, + features: [], + resources: { class: "small", cpu: 1, memoryMb: 1024, diskMb: 4096 }, + }, + localReferences: [{ path: "weather/openapi.yaml", exists: true }], + }, + { + id: "tools", + backend: "cli", + setupRequired: true, + authRequired: false, + projectBindingRequired: true, + runtime: { + route: "project_bound_process", + setupTarget: "hosted_sandbox", + features: ["docker", "browser"], + resources: { class: "heavy", cpu: 8, memoryMb: 16384, diskMb: 40960 }, + }, + localReferences: [], + }, + ]); + }); + + it("reports missing local references through shared parser semantics", async () => { + const result = await parseCapletSource( + new BundleCapletSource(fixtureFiles.filter((file) => file.path !== "weather/openapi.yaml")), + ); + + expect(result.ok).toBe(false); + expect(result.errors.map((error) => error.message).join("\n")).toMatch( + /weather\/openapi\.yaml/, + ); + }); +}); + +function summary(result: Awaited>) { + expect(result.ok).toBe(true); + return result.resolvedCaplets.map((caplet) => ({ + id: caplet.id, + backend: caplet.backend, + setupRequired: caplet.setupRequired, + authRequired: caplet.authRequired, + projectBindingRequired: caplet.projectBindingRequired, + runtime: { + route: caplet.runtime.route, + setupTarget: caplet.runtime.setupTarget, + features: caplet.runtime.features, + resources: caplet.runtime.resources, + }, + localReferences: caplet.localReferences, + })); +} + +function writeFixtureTree(): string { + const root = mkdtempSync(join(tmpdir(), "caplets-source-")); + tempDirs.push(root); + for (const file of fixtureFiles) { + const normalized = file.path.replace(/^\.\//u, ""); + const path = join(root, normalized); + mkdirSync(path.split("/").slice(0, -1).join("/"), { recursive: true }); + writeFileSync(path, file.content, "utf8"); + } + return root; +} diff --git a/packages/core/test/cli.test.ts b/packages/core/test/cli.test.ts index ec64ac8..c8fda36 100644 --- a/packages/core/test/cli.test.ts +++ b/packages/core/test/cli.test.ts @@ -113,11 +113,12 @@ describe("cli init", () => { try { mkdirSync(projectRoot, { recursive: true }); process.chdir(projectRoot); + const expectedConfigPath = join(process.cwd(), ".caplets", "config.json"); await runCli(["init"], { writeOut: (value) => out.push(value) }); expect(existsSync(projectConfigPath)).toBe(true); - expect(out.join("")).toBe(`Created Caplets config at ${projectConfigPath}\n`); + expect(out.join("")).toBe(`Created Caplets config at ${expectedConfigPath}\n`); } finally { process.chdir(cwd); rmSync(dir, { recursive: true, force: true }); @@ -440,6 +441,7 @@ describe("cli init", () => { ); process.env.CAPLETS_CONFIG = configPath; process.chdir(projectRoot); + const expectedProjectCapletPath = join(process.cwd(), ".caplets", "github.md"); await runCli(["list", "--json"], { writeOut: (value) => out.push(value) }); @@ -447,7 +449,7 @@ describe("cli init", () => { expect.objectContaining({ server: "github", source: "project-file", - path: projectCapletPath, + path: expectedProjectCapletPath, shadows: [{ kind: "global-config", path: configPath }], }), ]); @@ -972,6 +974,7 @@ describe("cli init", () => { writeCliRepo(repo); mkdirSync(projectRoot, { recursive: true }); process.chdir(projectRoot); + const expectedOutput = join(process.cwd(), ".caplets", "repo-tools.md"); await runCli(["add", "cli", "repo-tools", "--repo", repo, "--include", "package"], { writeOut: (value) => out.push(value), @@ -979,7 +982,7 @@ describe("cli init", () => { const output = join(projectRoot, ".caplets", "repo-tools.md"); expect(readFileSync(output, "utf8")).toContain("package_test:"); - expect(out.join("")).toBe(`Wrote CLI Caplet to ${output}\n`); + expect(out.join("")).toBe(`Wrote CLI Caplet to ${expectedOutput}\n`); } finally { process.chdir(cwd); rmSync(dir, { recursive: true, force: true }); @@ -1543,12 +1546,13 @@ describe("cli init", () => { process.env.CAPLETS_CONFIG = configPath; mkdirSync(projectRoot, { recursive: true }); process.chdir(projectRoot); + const expectedDestination = join(process.cwd(), ".caplets", "github"); await runCli(["install", repo, "github"], { writeOut: (value) => out.push(value) }); expect(existsSync(join(projectRoot, ".caplets", "github", "CAPLET.md"))).toBe(true); expect(existsSync(join(projectRoot, ".caplets", "filesystem.md"))).toBe(false); - expect(out.join("")).toBe(`Installed github to ${join(projectRoot, ".caplets", "github")}\n`); + expect(out.join("")).toBe(`Installed github to ${expectedDestination}\n`); } finally { process.chdir(cwd); rmSync(dir, { recursive: true, force: true }); diff --git a/packages/core/test/cloud-apply.test.ts b/packages/core/test/cloud-apply.test.ts new file mode 100644 index 0000000..e0499d2 --- /dev/null +++ b/packages/core/test/cloud-apply.test.ts @@ -0,0 +1,97 @@ +import { mkdirSync, mkdtempSync, readFileSync, rmSync, symlinkSync, writeFileSync } from "node:fs"; +import { tmpdir } from "node:os"; +import { join } from "node:path"; +import { describe, expect, it } from "vitest"; +import { + applyRemoteFileChanges, + classifyApplyResult, + createApplyReceipt, + sha256, +} from "../src/cloud/apply"; + +describe("cloud apply receipts", () => { + it("creates a clean apply receipt", () => { + expect( + createApplyReceipt({ + projectFingerprint: "sha256:abc", + filesChanged: ["src/app.ts"], + skipped: [], + policyWarnings: [], + }), + ).toEqual({ + status: "applied", + projectFingerprint: "sha256:abc", + filesChanged: ["src/app.ts"], + skipped: [], + policyWarnings: [], + }); + }); + + it("classifies conflicts as recoverable", () => { + expect(classifyApplyResult({ conflicts: [{ path: "src/app.ts", kind: "content" }] })).toEqual({ + status: "apply_conflict", + recoverable: true, + conflicts: [{ path: "src/app.ts", kind: "content" }], + }); + }); + + it("implicitly applies clean remote sandbox file changes", () => { + const dir = mkdtempSync(join(tmpdir(), "caplets-apply-")); + try { + mkdirSync(join(dir, "src")); + writeFileSync(join(dir, "src/app.ts"), "old", "utf8"); + + const result = applyRemoteFileChanges(dir, [ + { path: "src/app.ts", baseSha256: sha256("old"), content: "new" }, + ]); + + expect(result).toMatchObject({ status: "applied", filesChanged: ["src/app.ts"] }); + expect(readFileSync(join(dir, "src/app.ts"), "utf8")).toBe("new"); + } finally { + rmSync(dir, { recursive: true, force: true }); + } + }); + + it("returns conflicts without writing when local files diverged", () => { + const dir = mkdtempSync(join(tmpdir(), "caplets-apply-conflict-")); + try { + mkdirSync(join(dir, "src")); + writeFileSync(join(dir, "src/app.ts"), "local edit", "utf8"); + + const result = applyRemoteFileChanges(dir, [ + { path: "src/app.ts", baseSha256: sha256("old"), content: "remote edit" }, + ]); + + expect(result).toMatchObject({ + status: "apply_conflict", + recoverable: true, + conflicts: [expect.objectContaining({ path: "src/app.ts", kind: "content" })], + }); + expect(readFileSync(join(dir, "src/app.ts"), "utf8")).toBe("local edit"); + } finally { + rmSync(dir, { recursive: true, force: true }); + } + }); + + it("does not follow project symlinks while applying changes", () => { + const dir = mkdtempSync(join(tmpdir(), "caplets-apply-symlink-")); + const outside = mkdtempSync(join(tmpdir(), "caplets-outside-")); + try { + writeFileSync(join(outside, "target.txt"), "outside", "utf8"); + symlinkSync(join(outside, "target.txt"), join(dir, "link.txt")); + + const result = applyRemoteFileChanges(dir, [ + { path: "link.txt", baseSha256: sha256("outside"), content: "remote edit" }, + ]); + + expect(result).toMatchObject({ + status: "apply_conflict", + conflicts: [expect.objectContaining({ path: "link.txt" })], + }); + expect(readFileSync(join(outside, "target.txt"), "utf8")).toBe("outside"); + } finally { + rmSync(dir, { recursive: true, force: true }); + rmSync(outside, { recursive: true, force: true }); + } + }); +}); diff --git a/packages/core/test/cloud-auth-client.test.ts b/packages/core/test/cloud-auth-client.test.ts new file mode 100644 index 0000000..71461c6 --- /dev/null +++ b/packages/core/test/cloud-auth-client.test.ts @@ -0,0 +1,73 @@ +import { describe, expect, it } from "vitest"; + +import { CloudAuthClient } from "../src/cloud-auth/client"; + +describe("CloudAuthClient", () => { + it("starts a browser-mediated CLI login transaction", async () => { + const requests: Request[] = []; + const client = new CloudAuthClient({ + cloudUrl: "https://cloud.caplets.dev", + fetch: async (input, init) => { + const request = new Request(input, init); + requests.push(request); + return Response.json( + { + loginId: "login_123", + loginUrl: "https://cloud.caplets.dev/cli-login/login_123", + userCode: "ABCD-EFGH", + expiresAt: "2026-06-03T12:10:00.000Z", + requestId: "req_login_start", + }, + { status: 201, headers: { "x-request-id": "req_login_start" } }, + ); + }, + }); + + const result = await client.startLogin({ + requestedWorkspace: "team", + deviceName: "MacBook", + }); + + expect(requests[0]?.url).toBe("https://cloud.caplets.dev/api/cloud-client/login/start"); + await expect(requests[0]?.json()).resolves.toMatchObject({ + requestedWorkspace: "team", + deviceName: "MacBook", + }); + expect(result).toMatchObject({ + loginId: "login_123", + userCode: "ABCD-EFGH", + requestId: "req_login_start", + }); + }); + + it("exchanges a completed one-time login for redacted workspace-scoped credentials", async () => { + const client = new CloudAuthClient({ + cloudUrl: "https://cloud.caplets.dev", + fetch: async () => + Response.json({ + status: "authenticated", + cloudUrl: "https://cloud.caplets.dev", + workspaceId: "workspace_team", + workspaceSlug: "team", + accessToken: "cap_access_secret", + refreshToken: "cap_refresh_secret", + expiresAt: "2026-06-03T13:00:00.000Z", + scope: ["project_binding:read", "project_binding:write"], + tokenType: "Bearer", + credentialFamilyId: "family_123", + deviceName: "MacBook", + requestId: "req_token", + }), + }); + + const credentials = await client.exchangeToken({ + loginId: "login_123", + oneTimeCode: "one_time_code_secret", + }); + + expect(credentials.workspaceId).toBe("workspace_team"); + expect(credentials.scope).toEqual(["project_binding:read", "project_binding:write"]); + expect(JSON.stringify(credentials.redacted)).not.toContain("cap_access_secret"); + expect(JSON.stringify(credentials.redacted)).not.toContain("cap_refresh_secret"); + }); +}); diff --git a/packages/core/test/cloud-auth-login-cli.test.ts b/packages/core/test/cloud-auth-login-cli.test.ts new file mode 100644 index 0000000..7cb8668 --- /dev/null +++ b/packages/core/test/cloud-auth-login-cli.test.ts @@ -0,0 +1,125 @@ +import { readFileSync } from "node:fs"; +import { describe, expect, it } from "vitest"; + +import { runCli } from "../src/cli"; +import { assertNoSecrets, tempCloudAuthPath } from "./fixtures/cloud-auth"; + +describe("caplets cloud auth login", () => { + it("polls completion, writes one workspace-scoped profile, and redacts JSON", async () => { + const path = tempCloudAuthPath(); + const responses = [ + Response.json({ + loginId: "login_123", + loginUrl: "https://cloud.caplets.dev/cli-login/login_123", + userCode: "ABCD-EFGH", + expiresAt: "2026-06-03T12:10:00.000Z", + requestId: "req_start", + }), + Response.json({ + status: "completed", + selectedWorkspace: { workspaceId: "workspace_team", slug: "team" }, + oneTimeCode: "one_time_code_secret", + requestId: "req_poll", + }), + Response.json({ + status: "authenticated", + cloudUrl: "https://cloud.caplets.dev", + workspaceId: "workspace_team", + workspaceSlug: "team", + accessToken: "cap_access_secret", + refreshToken: "cap_refresh_secret", + expiresAt: "2099-06-03T13:00:00.000Z", + scope: ["project_binding:read", "project_binding:write"], + tokenType: "Bearer", + credentialFamilyId: "family_123", + deviceName: "Test Device", + requestId: "req_token", + }), + ]; + const out: string[] = []; + + await runCli( + [ + "cloud", + "auth", + "login", + "--cloud-url", + "https://cloud.caplets.dev", + "--workspace", + "team", + "--no-open", + "--json", + ], + { + env: { CAPLETS_CLOUD_AUTH_PATH: path, CAPLETS_CLOUD_AUTH_POLL_INTERVAL_MS: "0" }, + fetch: async () => responses.shift() ?? Response.json({}, { status: 500 }), + writeOut: (value) => out.push(value), + }, + ); + + expect(JSON.parse(out.join(""))).toMatchObject({ + authenticated: true, + status: "authenticated", + cloudUrl: "https://cloud.caplets.dev", + workspaceId: "workspace_team", + workspaceSlug: "team", + }); + assertNoSecrets(out.join("")); + expect(readFileSync(path, "utf8")).toContain("cap_refresh_secret"); + }); + + it("continues polling while browser workspace selection is required", async () => { + const path = tempCloudAuthPath(); + const requests: string[] = []; + const responses = [ + Response.json({ + loginId: "login_123", + loginUrl: "https://cloud.caplets.dev/cli-login/login_123", + userCode: "ABCD-EFGH", + expiresAt: "2026-06-03T12:10:00.000Z", + }), + Response.json({ + status: "workspace_selection_required", + workspaces: [ + { workspaceId: "workspace_personal", slug: "personal" }, + { workspaceId: "workspace_team", slug: "team" }, + ], + expiresAt: "2026-06-03T12:10:00.000Z", + }), + Response.json({ + status: "completed", + selectedWorkspace: { workspaceId: "workspace_team", slug: "team" }, + oneTimeCode: "one_time_code_secret", + }), + Response.json({ + status: "authenticated", + cloudUrl: "https://cloud.caplets.dev", + workspaceId: "workspace_team", + workspaceSlug: "team", + accessToken: "cap_access_secret", + refreshToken: "cap_refresh_secret", + expiresAt: "2099-06-03T13:00:00.000Z", + scope: ["project_binding:read", "project_binding:write"], + tokenType: "Bearer", + credentialFamilyId: "family_123", + }), + ]; + + await runCli( + ["cloud", "auth", "login", "--cloud-url", "https://cloud.caplets.dev", "--no-open", "--json"], + { + env: { CAPLETS_CLOUD_AUTH_PATH: path, CAPLETS_CLOUD_AUTH_POLL_INTERVAL_MS: "0" }, + fetch: async (input) => { + requests.push(String(input)); + return responses.shift() ?? Response.json({}, { status: 500 }); + }, + writeOut: () => undefined, + }, + ); + + expect( + requests.filter((url) => url.endsWith("/api/cloud-client/login/login_123")), + ).toHaveLength(2); + expect(readFileSync(path, "utf8")).toContain("workspace_team"); + }); +}); diff --git a/packages/core/test/cloud-auth-refresh-attach.test.ts b/packages/core/test/cloud-auth-refresh-attach.test.ts new file mode 100644 index 0000000..a32f411 --- /dev/null +++ b/packages/core/test/cloud-auth-refresh-attach.test.ts @@ -0,0 +1,99 @@ +import { describe, expect, it } from "vitest"; +import { CloudAuthStore } from "../src/cloud-auth/store"; +import { attachProjectOnce } from "../src/project-binding/attach"; +import { hostedCredentials, tempCloudAuthPath } from "./fixtures/cloud-auth"; + +describe("hosted Cloud Auth refresh before attach", () => { + it("refreshes expired hosted credentials, persists rotation, and attaches with the new access token", async () => { + const path = tempCloudAuthPath(); + const store = new CloudAuthStore({ path }); + await store.save( + hostedCredentials({ + accessToken: "old_access", + refreshToken: "old_refresh", + expiresAt: "2026-06-03T00:00:00.000Z", + }), + ); + const authorizationHeaders: string[] = []; + + await expect( + attachProjectOnce( + { + projectRoot: "/repo", + fetch: async (url, init) => { + if (String(url).endsWith("/api/cloud-client/refresh")) { + expect(JSON.parse(String(init?.body))).toEqual({ refreshToken: "old_refresh" }); + return Response.json({ + status: "authenticated", + cloudUrl: "https://cloud.caplets.dev", + workspaceId: "workspace_personal", + workspaceSlug: "personal", + accessToken: "new_access", + refreshToken: "new_refresh", + expiresAt: "2999-01-01T00:00:00.000Z", + scope: ["project_binding:read", "project_binding:write"], + tokenType: "Bearer", + credentialFamilyId: "family_123", + }); + } + authorizationHeaders.push(headerValue(init?.headers, "authorization")); + return Response.json({ error: "websocket_upgrade_required" }, { status: 426 }); + }, + }, + { + CAPLETS_MODE: "cloud", + CAPLETS_REMOTE_URL: "https://cloud.caplets.dev", + CAPLETS_CLOUD_AUTH_PATH: path, + }, + ), + ).resolves.toMatchObject({ ok: true }); + + await expect(store.load()).resolves.toMatchObject({ + accessToken: "new_access", + refreshToken: "new_refresh", + expiresAt: "2999-01-01T00:00:00.000Z", + }); + expect(authorizationHeaders).toEqual(["Bearer new_access"]); + }); + + it("fails closed when the saved refresh token is revoked", async () => { + const path = tempCloudAuthPath(); + await new CloudAuthStore({ path }).save( + hostedCredentials({ + expiresAt: "2026-06-03T00:00:00.000Z", + refreshToken: "revoked_refresh", + }), + ); + + await expect( + attachProjectOnce( + { + projectRoot: "/repo", + fetch: async () => + Response.json( + { error: "invalid_refresh_token", message: "Refresh token was revoked." }, + { status: 401 }, + ), + }, + { + CAPLETS_MODE: "cloud", + CAPLETS_REMOTE_URL: "https://cloud.caplets.dev", + CAPLETS_CLOUD_AUTH_PATH: path, + }, + ), + ).rejects.toMatchObject({ code: "AUTH_FAILED" }); + }); + + it("does not implicitly use saved Cloud Auth without cloud mode or a Cloud remote URL", async () => { + const path = tempCloudAuthPath(); + await new CloudAuthStore({ path }).save(hostedCredentials()); + + await expect( + attachProjectOnce({ projectRoot: "/repo" }, { CAPLETS_CLOUD_AUTH_PATH: path }), + ).rejects.toThrow(/CAPLETS_REMOTE_URL/u); + }); +}); + +function headerValue(headers: RequestInit["headers"] | undefined, name: string): string { + return new Headers(headers).get(name) ?? ""; +} diff --git a/packages/core/test/cloud-auth.test.ts b/packages/core/test/cloud-auth.test.ts new file mode 100644 index 0000000..5b29581 --- /dev/null +++ b/packages/core/test/cloud-auth.test.ts @@ -0,0 +1,170 @@ +import { existsSync, mkdtempSync, rmSync, statSync } from "node:fs"; +import { tmpdir } from "node:os"; +import { join } from "node:path"; +import { afterEach, describe, expect, it } from "vitest"; +import { + CloudAuthStore, + cloudAuthPath, + redactedCloudAuthStatus, + type CloudAuthCredentials, +} from "../src/cloud-auth/store"; +import { runCli } from "../src/cli"; + +const tempDirs: string[] = []; +const credentials: CloudAuthCredentials = { + version: 2, + cloudUrl: "https://cloud.caplets.dev", + workspaceId: "ws_123", + workspaceSlug: "team", + accessToken: "access", + refreshToken: "refresh", + expiresAt: "2099-06-02T12:00:00.000Z", + scope: ["project_binding:read", "project_binding:write"], + tokenType: "Bearer", + credentialFamilyId: "family_123", + deviceName: "Test Device", + createdAt: "2026-06-03T12:00:00.000Z", + lastRefreshAt: "2026-06-03T12:00:00.000Z", +}; + +afterEach(() => { + for (const dir of tempDirs.splice(0)) rmSync(dir, { recursive: true, force: true }); +}); + +describe("caplets cloud auth CLI", () => { + it("shows Cloud Auth help", async () => { + const out: string[] = []; + + await runCli(["cloud", "auth", "--help"], { writeOut: (value) => out.push(value) }); + + expect(out.join("")).toContain("Authenticate this Caplets client to hosted Caplets Cloud."); + expect(out.join("")).toContain("login"); + expect(out.join("")).toContain("status"); + expect(out.join("")).toContain("logout"); + expect(out.join("")).toContain("workspaces"); + }); + + it("prints unauthenticated status as JSON when no credentials are stored", async () => { + const out: string[] = []; + + await runCli(["cloud", "auth", "status", "--json"], { + env: { CAPLETS_CLOUD_AUTH_PATH: tempAuthPath() }, + writeOut: (value) => out.push(value), + }); + + expect(JSON.parse(out.join(""))).toEqual({ + authenticated: false, + status: "unauthenticated", + }); + }); + + it("prints authenticated status and stored workspace as JSON", async () => { + const path = tempAuthPath(); + await new CloudAuthStore({ path }).save(credentials); + const out: string[] = []; + + await runCli(["cloud", "auth", "status", "--json"], { + env: { CAPLETS_CLOUD_AUTH_PATH: path }, + writeOut: (value) => out.push(value), + }); + + expect(JSON.parse(out.join(""))).toEqual({ + authenticated: true, + status: "authenticated", + cloudUrl: "https://cloud.caplets.dev", + workspaceId: "ws_123", + workspaceSlug: "team", + expiresAt: "2099-06-02T12:00:00.000Z", + scope: ["project_binding:read", "project_binding:write"], + tokenType: "Bearer", + credentialFamilyId: "family_123", + deviceName: "Test Device", + createdAt: "2026-06-03T12:00:00.000Z", + lastRefreshAt: "2026-06-03T12:00:00.000Z", + }); + }); + + it("lists the stored workspace as JSON", async () => { + const path = tempAuthPath(); + await new CloudAuthStore({ path }).save(credentials); + const out: string[] = []; + + await runCli(["cloud", "auth", "workspaces", "--json"], { + env: { CAPLETS_CLOUD_AUTH_PATH: path }, + writeOut: (value) => out.push(value), + }); + + expect(JSON.parse(out.join(""))).toEqual({ + workspaces: [{ workspaceId: "ws_123", slug: "team", selected: true }], + }); + }); + + it("logs out by deleting stored Cloud Auth credentials", async () => { + const path = tempAuthPath(); + await new CloudAuthStore({ path }).save(credentials); + + await runCli(["cloud", "auth", "logout"], { + env: { CAPLETS_CLOUD_AUTH_PATH: path }, + writeOut: () => undefined, + }); + + expect(existsSync(path)).toBe(false); + }); +}); + +describe("CloudAuthStore", () => { + it("stores refreshable Cloud Auth credentials with restrictive file permissions", async () => { + const path = tempAuthPath(); + const store = new CloudAuthStore({ path }); + + await store.save(credentials); + + expect(await store.load()).toEqual(credentials); + if (process.platform !== "win32") { + expect(statSync(path).mode & 0o777).toBe(0o600); + } + }); + + it("classifies expired credentials with a refresh token as refreshable without exposing secrets", () => { + const status = redactedCloudAuthStatus( + { + ...credentials, + accessToken: "secret_access", + refreshToken: "secret_refresh", + expiresAt: "2026-06-03T00:00:00.000Z", + }, + new Date("2026-06-04T00:00:00.000Z"), + ); + + expect(status).toMatchObject({ + authenticated: false, + status: "refreshable", + workspaceId: "ws_123", + }); + expect(JSON.stringify(status)).not.toContain("secret_access"); + expect(JSON.stringify(status)).not.toContain("secret_refresh"); + }); + + it("uses platform config directories for the default path", () => { + expect( + cloudAuthPath({ + env: { XDG_CONFIG_HOME: "/config" }, + home: "/home/alice", + platform: "linux", + }), + ).toBe("/config/caplets/cloud-auth.json"); + expect( + cloudAuthPath({ + env: { APPDATA: "C:\\Users\\Alice\\AppData\\Roaming" }, + home: "C:\\Users\\Alice", + platform: "win32", + }), + ).toBe("C:\\Users\\Alice\\AppData\\Roaming\\Caplets\\cloud-auth.json"); + }); +}); + +function tempAuthPath(): string { + const dir = mkdtempSync(join(tmpdir(), "caplets-cloud-auth-")); + tempDirs.push(dir); + return join(dir, "cloud-auth.json"); +} diff --git a/packages/core/test/cloud-bundle-runtime.test.ts b/packages/core/test/cloud-bundle-runtime.test.ts new file mode 100644 index 0000000..53c5694 --- /dev/null +++ b/packages/core/test/cloud-bundle-runtime.test.ts @@ -0,0 +1,111 @@ +import { describe, expect, it } from "vitest"; +import { BundleCapletSource, parseCapletSource } from "../src/caplet-source"; +import { classifyCapletRuntimeRoute, planCapletRuntimeRoutes } from "../src/runtime-plan"; + +describe("neutral hosted Caplet bundle runtime", () => { + it("validates a bundle with a CAPLET.md and companion OpenAPI file", async () => { + const parsed = await parseCapletSource( + new BundleCapletSource([ + { + path: "CAPLET.md", + content: `--- +name: PyPI +description: Query Python package metadata. +openapiEndpoint: + specPath: ./openapi.yaml + auth: + type: none +--- + +# PyPI +`, + }, + { + path: "openapi.yaml", + content: `openapi: 3.1.0 +info: + title: PyPI + version: 1.0.0 +paths: {} +`, + }, + ]), + ); + + expect(parsed.ok).toBe(true); + expect(parsed.resolvedCaplets).toEqual([ + expect.objectContaining({ + id: "CAPLET", + backend: "openapi", + sourcePath: "CAPLET.md", + }), + ]); + expect( + planCapletRuntimeRoutes( + parsed.resolvedCaplets.map((caplet) => caplet.config), + { deployment: "hosted" }, + ), + ).toEqual([expect.objectContaining({ id: "CAPLET", route: "worker_safe" })]); + expect(parsed.errors).toEqual([]); + }); + + it("rejects missing local references", async () => { + const parsed = await parseCapletSource( + new BundleCapletSource([ + { + path: "CAPLET.md", + content: `--- +name: Missing Spec +description: Missing OpenAPI spec file. +openapiEndpoint: + specPath: ./missing.yaml + auth: + type: none +--- +`, + }, + ]), + ); + + expect(parsed.ok).toBe(false); + expect(parsed.errors.map((error) => error.message).join("\n")).toMatch(/missing\.yaml/); + }); + + it("classifies remote-safe backends for worker execution", () => { + expect( + classifyCapletRuntimeRoute({ + backend: "mcp", + transport: "http", + url: "https://example.com/mcp", + }), + ).toBe("worker_safe"); + expect(classifyCapletRuntimeRoute({ backend: "http" })).toBe("worker_safe"); + expect(classifyCapletRuntimeRoute({ backend: "graphql", introspection: true })).toBe( + "worker_safe", + ); + }); + + it("classifies process-backed and setup routes semantically", () => { + expect( + classifyCapletRuntimeRoute({ + backend: "mcp", + transport: "stdio", + command: "uvx", + }), + ).toBe("process"); + expect(classifyCapletRuntimeRoute({ backend: "cli", actions: {} })).toBe("process"); + expect( + classifyCapletRuntimeRoute({ + backend: "openapi", + setup: { commands: [{ label: "Install", command: "npm" }] }, + }), + ).toBe("process"); + expect( + classifyCapletRuntimeRoute({ + backend: "cli", + projectBinding: { required: true }, + actions: {}, + }), + ).toBe("project_bound_process"); + }); +}); diff --git a/packages/core/test/cloud-client.test.ts b/packages/core/test/cloud-client.test.ts new file mode 100644 index 0000000..4919501 --- /dev/null +++ b/packages/core/test/cloud-client.test.ts @@ -0,0 +1,104 @@ +import { describe, expect, it, vi } from "vitest"; +import { CapletsCloudClient } from "../src/cloud/client"; + +describe("CapletsCloudClient", () => { + it("registers Project Binding with bearer auth and synced project files", async () => { + const fetch = vi.fn(async () => + Response.json({ binding: { bindingId: "project_binding_1" } }, { status: 201 }), + ); + const client = new CapletsCloudClient({ + baseUrl: new URL("https://cloud.caplets.dev"), + accessToken: "token", + fetch, + }); + + await expect( + client.registerPresence({ + workspaceId: "ws_1", + projectRoot: "/repo", + projectFingerprint: "sha256:abc", + allowedCapletIds: ["repo-cli"], + projectFiles: [{ path: "src/app.ts", content: "app" }], + }), + ).resolves.toMatchObject({ presenceId: "project_binding_1" }); + + expect(fetch).toHaveBeenCalledWith( + new URL("https://cloud.caplets.dev/api/project-bindings"), + expect.objectContaining({ + method: "POST", + headers: expect.any(Headers), + }), + ); + const [, init] = fetch.mock.calls[0] as unknown as [URL, RequestInit]; + const headers = init.headers; + expect(headers).toBeInstanceOf(Headers); + expect((headers as Headers).get("authorization")).toBe("Bearer token"); + expect(JSON.parse(init.body as string)).toMatchObject({ + workspaceId: "ws_1", + projectRoot: "/repo", + projectFingerprint: "sha256:abc", + state: "ready", + syncState: "idle", + allowedCapletIds: ["repo-cli"], + fallbackConsent: "deny", + projectFiles: [{ path: "src/app.ts", content: "app" }], + }); + }); + + it("marks Project Binding offline and ignores missing records", async () => { + const fetch = vi.fn(async () => new Response(null, { status: 404 })); + const client = new CapletsCloudClient({ + baseUrl: new URL("https://cloud.caplets.dev/ws/ian"), + accessToken: "token", + fetch, + }); + + await expect(client.stopPresence("presence_1")).resolves.toBeUndefined(); + + expect(fetch).toHaveBeenCalledWith( + new URL("https://cloud.caplets.dev/ws/ian/api/project-bindings/presence_1"), + expect.objectContaining({ method: "PATCH", body: JSON.stringify({ state: "offline" }) }), + ); + }); + + it("heartbeats Project Binding state", async () => { + const fetch = vi.fn(async () => Response.json({ binding: { bindingId: "presence_1" } })); + const client = new CapletsCloudClient({ + baseUrl: new URL("https://cloud.caplets.dev"), + accessToken: "token", + fetch, + }); + + await expect(client.heartbeatPresence("presence_1")).resolves.toEqual({ + presenceId: "presence_1", + expiresAt: expect.any(String), + }); + + expect(fetch).toHaveBeenCalledWith( + new URL("https://cloud.caplets.dev/api/project-bindings/presence_1"), + expect.objectContaining({ + method: "PATCH", + body: JSON.stringify({ state: "ready", syncState: "idle" }), + }), + ); + }); + + it("updates visible local Caplet allowlist on the Project Binding", async () => { + const fetch = vi.fn(async () => Response.json({ ok: true })); + const client = new CapletsCloudClient({ + baseUrl: new URL("https://cloud.caplets.dev"), + accessToken: "token", + fetch, + }); + + await expect(client.updatePresenceCaplets("presence_1", ["repo-cli"])).resolves.toBeUndefined(); + + expect(fetch).toHaveBeenCalledWith( + new URL("https://cloud.caplets.dev/api/project-bindings/presence_1"), + expect.objectContaining({ + method: "PATCH", + body: JSON.stringify({ allowedCapletIds: ["repo-cli"] }), + }), + ); + }); +}); diff --git a/packages/core/test/cloud-mutagen.test.ts b/packages/core/test/cloud-mutagen.test.ts new file mode 100644 index 0000000..f3c0d11 --- /dev/null +++ b/packages/core/test/cloud-mutagen.test.ts @@ -0,0 +1,55 @@ +import { describe, expect, it, vi } from "vitest"; +import { + ManagedMutagenProjectSync, + mutagenProjectSyncDoctorData, + parseMutagenVersionOutput, +} from "../src/project-binding/mutagen"; + +describe("managed Project Binding sync adapter", () => { + it("records available Mutagen version information after start", async () => { + const run = vi.fn(async (command: string, args: string[]) => { + if (args[0] === "version") { + return { stdout: "Mutagen version 0.18.1\nLicense profile: mit\n", exitCode: 0 }; + } + return { stdout: "", exitCode: 0 }; + }); + const sync = new ManagedMutagenProjectSync({ mutagenBinary: "/bin/mutagen", runner: run }); + + await sync.start({ + bindingId: "bind_1", + localProjectRoot: "/repo", + serverProjectRoot: "/state/workspaces/fingerprint/project", + }); + + expect(mutagenProjectSyncDoctorData(sync.snapshot())).toMatchObject({ + state: "syncing", + mutagenBinary: "/bin/mutagen", + mutagenVersion: "0.18.1", + }); + }); + + it("blocks with a stable diagnostic when the binary is unavailable", async () => { + const sync = new ManagedMutagenProjectSync({ + runner: async () => { + throw new Error("not found"); + }, + }); + + await sync.start({ + bindingId: "bind_1", + localProjectRoot: "/repo", + serverProjectRoot: "/state/workspaces/fingerprint/project", + }); + + expect(mutagenProjectSyncDoctorData(sync.snapshot())).toMatchObject({ + state: "blocked", + diagnosticCode: "project_sync_binary_missing", + }); + }); + + it("parses unknown version output conservatively", () => { + expect(parseMutagenVersionOutput("mutagen dev build")).toEqual({ + version: "unknown", + }); + }); +}); diff --git a/packages/core/test/cloud-presence.test.ts b/packages/core/test/cloud-presence.test.ts new file mode 100644 index 0000000..e2f2ae6 --- /dev/null +++ b/packages/core/test/cloud-presence.test.ts @@ -0,0 +1,99 @@ +import { describe, expect, it, vi } from "vitest"; +import { LocalPresenceManager } from "../src/cloud/presence"; + +describe("LocalPresenceManager", () => { + it("registers and stops local presence", async () => { + const client = { + registerPresence: vi.fn(async () => ({ + presenceId: "presence_1", + expiresAt: "2026-05-30T00:05:00.000Z", + })), + stopPresence: vi.fn(async () => undefined), + }; + const manager = new LocalPresenceManager({ + client, + workspaceId: "ws_1", + projectRoot: "/repo", + projectFingerprint: "sha256:abc", + allowedCapletIds: ["repo-cli"], + }); + + await manager.start(); + await manager.close(); + + expect(client.registerPresence).toHaveBeenCalledOnce(); + expect(client.stopPresence).toHaveBeenCalledWith("presence_1"); + }); + + it("does not stop before registration succeeds", async () => { + const client = { + registerPresence: vi.fn(async () => { + throw new Error("offline"); + }), + stopPresence: vi.fn(async () => undefined), + }; + const manager = new LocalPresenceManager({ + client, + workspaceId: "ws_1", + projectRoot: "/repo", + projectFingerprint: "sha256:abc", + allowedCapletIds: ["repo-cli"], + }); + + await expect(manager.start()).rejects.toThrow("offline"); + await manager.close(); + + expect(client.stopPresence).not.toHaveBeenCalled(); + }); + + it("heartbeats active local presence until closed", async () => { + vi.useFakeTimers(); + const client = { + registerPresence: vi.fn(async () => ({ + presenceId: "presence_1", + expiresAt: "2026-05-30T00:05:00.000Z", + })), + heartbeatPresence: vi.fn(async () => undefined), + stopPresence: vi.fn(async () => undefined), + }; + const manager = new LocalPresenceManager({ + client, + workspaceId: "ws_1", + projectRoot: "/repo", + projectFingerprint: "sha256:abc", + allowedCapletIds: ["repo-cli"], + heartbeatIntervalMs: 1_000, + }); + + await manager.start(); + await vi.advanceTimersByTimeAsync(1_000); + await manager.close(); + await vi.advanceTimersByTimeAsync(1_000); + + expect(client.heartbeatPresence).toHaveBeenCalledTimes(1); + expect(client.heartbeatPresence).toHaveBeenCalledWith("presence_1"); + vi.useRealTimers(); + }); + + it("updates active local presence with the current local Caplet set", async () => { + const client = { + registerPresence: vi.fn(async () => ({ + presenceId: "presence_1", + expiresAt: "2026-05-30T00:05:00.000Z", + })), + updatePresenceCaplets: vi.fn(async () => undefined), + }; + const manager = new LocalPresenceManager({ + client, + workspaceId: "ws_1", + projectRoot: "/repo", + projectFingerprint: "sha256:abc", + allowedCapletIds: ["repo-cli"], + }); + + await manager.start(); + await manager.updateAllowedCapletIds(["repo-cli", "eslint"]); + + expect(client.updatePresenceCaplets).toHaveBeenCalledWith("presence_1", ["repo-cli", "eslint"]); + }); +}); diff --git a/packages/core/test/cloud-project-root.test.ts b/packages/core/test/cloud-project-root.test.ts new file mode 100644 index 0000000..907c9a6 --- /dev/null +++ b/packages/core/test/cloud-project-root.test.ts @@ -0,0 +1,34 @@ +import { mkdirSync, mkdtempSync, rmSync, writeFileSync } from "node:fs"; +import { tmpdir } from "node:os"; +import { join } from "node:path"; +import { afterEach, describe, expect, it } from "vitest"; +import { fingerprintProjectRoot, findProjectRoot } from "../src/cloud/project-root"; + +describe("project root detection", () => { + const dirs: string[] = []; + + afterEach(() => { + for (const dir of dirs.splice(0)) rmSync(dir, { recursive: true, force: true }); + }); + + it("finds the nearest .caplets or git root", () => { + const root = mkdtempSync(join(tmpdir(), "caplets-project-root-")); + dirs.push(root); + mkdirSync(join(root, ".caplets")); + mkdirSync(join(root, "src", "nested"), { recursive: true }); + + expect(findProjectRoot(join(root, "src", "nested"))).toBe(root); + }); + + it("creates a stable fingerprint from root path and marker files", () => { + const root = mkdtempSync(join(tmpdir(), "caplets-project-fingerprint-")); + dirs.push(root); + writeFileSync(join(root, "package.json"), '{"name":"demo"}'); + + const first = fingerprintProjectRoot(root); + const second = fingerprintProjectRoot(root); + + expect(first).toMatch(/^sha256:/u); + expect(second).toBe(first); + }); +}); diff --git a/packages/core/test/cloud-runtime-adapter-provenance.test.ts b/packages/core/test/cloud-runtime-adapter-provenance.test.ts new file mode 100644 index 0000000..2ac3688 --- /dev/null +++ b/packages/core/test/cloud-runtime-adapter-provenance.test.ts @@ -0,0 +1,25 @@ +import { describe, expect, it } from "vitest"; +import { join } from "node:path"; +import { tmpdir } from "node:os"; +import { createRuntimeHttpApp } from "../src/cloud/runtime-http"; + +describe("Cloud runtime adapter HTTP provenance boundary", () => { + it("rejects runtime adapter calls without the runtime bearer token", async () => { + const app = createRuntimeHttpApp({ + configPath: join(tmpdir(), "caplets-missing-config.json"), + projectConfigPath: join(tmpdir(), "caplets-missing-project-config.json"), + runtimeId: "runtime_1", + sandboxId: "sandbox_1", + executionKind: "cloud", + token: "runtime_secret", + }); + + const response = await app.request("http://adapter.local/runtime/tools/list", { + method: "POST", + headers: { authorization: "Bearer wrong" }, + }); + + expect(response.status).toBe(401); + await expect(response.json()).resolves.toEqual({ error: "unauthorized" }); + }); +}); diff --git a/packages/core/test/cloud-sync.test.ts b/packages/core/test/cloud-sync.test.ts new file mode 100644 index 0000000..3ec14d7 --- /dev/null +++ b/packages/core/test/cloud-sync.test.ts @@ -0,0 +1,81 @@ +import { mkdirSync, mkdtempSync, rmSync, symlinkSync, writeFileSync } from "node:fs"; +import { tmpdir } from "node:os"; +import { join } from "node:path"; +import { describe, expect, it, vi } from "vitest"; +import { ProjectSyncCoordinator, projectSyncFiles, projectSyncManifest } from "../src/cloud/sync"; + +describe("ProjectSyncCoordinator", () => { + it("serializes mutating calls per project target", async () => { + const events: string[] = []; + const coordinator = new ProjectSyncCoordinator(); + + await Promise.all([ + coordinator.runMutating("project_1", async () => { + events.push("first:start"); + await Promise.resolve(); + events.push("first:end"); + }), + coordinator.runMutating("project_1", async () => { + events.push("second:start"); + events.push("second:end"); + }), + ]); + + expect(events).toEqual(["first:start", "first:end", "second:start", "second:end"]); + }); + + it("allows independent project targets to run independently", async () => { + const coordinator = new ProjectSyncCoordinator(); + const task = vi.fn(async () => undefined); + + await Promise.all([coordinator.runMutating("a", task), coordinator.runMutating("b", task)]); + + expect(task).toHaveBeenCalledTimes(2); + }); + + it("builds hosted upload scope from the Project Binding sync filter", () => { + const dir = mkdtempSync(join(tmpdir(), "caplets-sync-")); + const external = mkdtempSync(join(tmpdir(), "caplets-sync-external-")); + try { + mkdirSync(join(dir, "src")); + mkdirSync(join(dir, "dist")); + mkdirSync(join(dir, "node_modules", "pkg"), { recursive: true }); + mkdirSync(join(dir, "secrets")); + mkdirSync(join(dir, ".git", "info"), { recursive: true }); + writeFileSync(join(dir, ".gitignore"), "dist\n*.env\n!important.env\n", "utf8"); + writeFileSync(join(dir, ".git", "info", "exclude"), "tmp\n", "utf8"); + writeFileSync(join(dir, ".capletsignore"), "secrets\n", "utf8"); + writeFileSync(join(dir, "src/app.ts"), "app", "utf8"); + writeFileSync(join(dir, "dist/app.js"), "build", "utf8"); + writeFileSync(join(dir, "node_modules", "pkg", "index.js"), "pkg", "utf8"); + writeFileSync(join(dir, "secrets/token"), "secret", "utf8"); + writeFileSync(join(dir, ".env"), "secret", "utf8"); + writeFileSync(join(dir, ".env.example"), "SAFE=\n", "utf8"); + writeFileSync(join(dir, "deploy.pem"), "secret", "utf8"); + writeFileSync(join(dir, "important.env"), "ok", "utf8"); + mkdirSync(join(dir, "tmp")); + writeFileSync(join(dir, "tmp/cache"), "cache", "utf8"); + writeFileSync(join(external, "secret.txt"), "secret", "utf8"); + symlinkSync(join(external, "secret.txt"), join(dir, "linked-secret")); + symlinkSync(external, join(dir, "linked-dir")); + + expect(projectSyncManifest(dir)).toEqual([ + ".capletsignore", + ".env.example", + ".gitignore", + "important.env", + "src/app.ts", + ]); + expect(projectSyncFiles(dir)).toEqual([ + { path: ".capletsignore", content: "secrets\n" }, + { path: ".env.example", content: "SAFE=\n" }, + { path: ".gitignore", content: "dist\n*.env\n!important.env\n" }, + { path: "important.env", content: "ok" }, + { path: "src/app.ts", content: "app" }, + ]); + } finally { + rmSync(dir, { recursive: true, force: true }); + rmSync(external, { recursive: true, force: true }); + } + }); +}); diff --git a/packages/core/test/config.test.ts b/packages/core/test/config.test.ts index d60ecd0..d13a25c 100644 --- a/packages/core/test/config.test.ts +++ b/packages/core/test/config.test.ts @@ -89,6 +89,89 @@ describe("config", () => { rmSync(dir, { recursive: true, force: true }); }); + it("loads top-level setup metadata from CAPLET.md", () => { + const dir = mkdtempSync(join(tmpdir(), "caplets-setup-files-")); + const root = join(dir, ".caplets"); + mkdirSync(root, { recursive: true }); + writeFileSync( + join(root, "ast-grep.md"), + [ + "---", + "name: ast-grep", + "description: Structural search through ast-grep MCP.", + "setup:", + " commands:", + " - label: Install ast-grep MCP", + " command: npm", + " args: [install, -g, ast-grep-mcp]", + " timeoutMs: 120000", + " maxOutputBytes: 200000", + " verify:", + " - label: Check ast-grep MCP", + " command: ast-grep-mcp", + " args: [--version]", + " timeoutMs: 10000", + " maxOutputBytes: 20000", + "mcpServer:", + " command: ast-grep-mcp", + "---", + "", + "# ast-grep", + "", + ].join("\n"), + ); + + const config = loadCapletFiles(root); + + expect(config?.mcpServers?.["ast-grep"]).toMatchObject({ + setup: { + commands: [ + { + label: "Install ast-grep MCP", + command: "npm", + args: ["install", "-g", "ast-grep-mcp"], + timeoutMs: 120000, + maxOutputBytes: 200000, + }, + ], + verify: [ + { + label: "Check ast-grep MCP", + command: "ast-grep-mcp", + args: ["--version"], + timeoutMs: 10000, + maxOutputBytes: 20000, + }, + ], + }, + }); + rmSync(dir, { recursive: true, force: true }); + }); + + it("rejects setup commands that look like agent tools", () => { + const root = mkdtempSync(join(tmpdir(), "caplets-setup-invalid-")); + writeFileSync( + join(root, "bad.md"), + [ + "---", + "name: Bad", + "description: Invalid setup metadata.", + "setup:", + " commands:", + " - label: Bad", + " command: npm", + " inputSchema: {}", + "mcpServer:", + " command: bad", + "---", + "", + ].join("\n"), + ); + + expect(() => loadCapletFiles(root)).toThrow(CapletsError); + rmSync(root, { recursive: true, force: true }); + }); + it("rejects OpenAPI executable backend maps from project config", () => { const dir = mkdtempSync(join(tmpdir(), "caplets-project-openapi-")); const projectConfigPath = join(dir, ".caplets", "config.json"); @@ -688,8 +771,16 @@ describe("config", () => { expect(config.mcpServers.context7).toMatchObject({ server: "context7", name: "Context7 Documentation", - command: "npx", - args: ["-y", "@upstash/context7-mcp"], + command: "context7-mcp", + setup: { + commands: [ + { + label: "Install Context7 MCP", + command: "npm", + args: ["install", "-g", "@upstash/context7-mcp"], + }, + ], + }, }); expect(config.mcpServers.github).toMatchObject({ server: "github", @@ -708,8 +799,16 @@ describe("config", () => { expect(config.mcpServers["ast-grep"]).toMatchObject({ server: "ast-grep", name: "ast-grep", - command: "npx", - args: ["-y", "ast-grep-mcp"], + command: "ast-grep-mcp", + setup: { + verify: [ + { + label: "Check ast-grep MCP", + command: "ast-grep-mcp", + args: ["--help"], + }, + ], + }, }); expect(config.httpApis.osv).toMatchObject({ server: "osv", @@ -763,8 +862,22 @@ describe("config", () => { expect(config.mcpServers.playwright).toMatchObject({ server: "playwright", name: "Playwright", - command: "npx", - args: ["-y", "@playwright/mcp@0.0.75", "--headless"], + command: "playwright-mcp", + args: ["--headless"], + setup: { + commands: [ + { + label: "Install Playwright MCP", + command: "npm", + args: ["install", "-g", "@playwright/mcp@0.0.75"], + }, + { + label: "Install Chromium browser", + command: "npx", + args: ["playwright", "install", "chromium"], + }, + ], + }, }); expect(config.mcpServers.lsp).toMatchObject({ server: "lsp", @@ -1482,52 +1595,55 @@ describe("config", () => { } }); - it("skips all entries for duplicate IDs after precedence in best-effort mode", () => { - const root = mkdtempSync(join(tmpdir(), "caplets-files-")); - try { - writeFileSync( - join(root, "tools.md"), - [ - "---", - "name: Tools Lower", - "description: Lowercase extension Caplet.", - "mcpServer:", - " command: lower-tools", - "---", - "# Tools Lower", - ].join("\n"), - ); - writeFileSync( - join(root, "tools.MD"), - [ - "---", - "name: Tools Upper", - "description: Uppercase extension Caplet.", - "mcpServer:", - " command: upper-tools", - "---", - "# Tools Upper", - ].join("\n"), - ); - - const result = loadCapletFilesWithPathsBestEffort(root); - - expect(result).toEqual({ - config: {}, - paths: {}, - warnings: [ - expect.objectContaining({ - path: join(root, "tools.MD"), - message: expect.stringContaining("Duplicate Caplet ID tools"), - }), - ], - }); - expect(result?.warnings[0]?.message).toContain(join(root, "tools.md")); - expect(result?.warnings[0]?.message).toContain(join(root, "tools.MD")); - } finally { - rmSync(root, { recursive: true, force: true }); - } - }); + it.runIf(isCaseSensitiveTempFs())( + "skips all entries for duplicate IDs after precedence in best-effort mode", + () => { + const root = mkdtempSync(join(tmpdir(), "caplets-files-")); + try { + writeFileSync( + join(root, "tools.md"), + [ + "---", + "name: Tools Lower", + "description: Lowercase extension Caplet.", + "mcpServer:", + " command: lower-tools", + "---", + "# Tools Lower", + ].join("\n"), + ); + writeFileSync( + join(root, "tools.MD"), + [ + "---", + "name: Tools Upper", + "description: Uppercase extension Caplet.", + "mcpServer:", + " command: upper-tools", + "---", + "# Tools Upper", + ].join("\n"), + ); + + const result = loadCapletFilesWithPathsBestEffort(root); + + expect(result).toEqual({ + config: {}, + paths: {}, + warnings: [ + expect.objectContaining({ + path: join(root, "tools.MD"), + message: expect.stringContaining("Duplicate Caplet ID tools"), + }), + ], + }); + expect(result?.warnings[0]?.message).toContain(join(root, "tools.md")); + expect(result?.warnings[0]?.message).toContain(join(root, "tools.MD")); + } finally { + rmSync(root, { recursive: true, force: true }); + } + }, + ); it("rejects invalid OIDC URL fields in Caplet files", () => { const root = mkdtempSync(join(tmpdir(), "caplets-files-")); @@ -1952,6 +2068,17 @@ describe("config", () => { }); }); +function isCaseSensitiveTempFs(): boolean { + const root = mkdtempSync(join(tmpdir(), "caplets-case-check-")); + try { + writeFileSync(join(root, "case.md"), "lower"); + writeFileSync(join(root, "case.MD"), "upper"); + return readdirSync(root).length === 2; + } finally { + rmSync(root, { recursive: true, force: true }); + } +} + function markdownLinkTargets(markdown: string): string[] { return [...markdown.matchAll(/\[[^\]]+\]\(([^)\s]+)(?:\s+"[^"]*")?\)/g)].flatMap((match) => match[1] ? [match[1]] : [], diff --git a/packages/core/test/doctor-cli.test.ts b/packages/core/test/doctor-cli.test.ts new file mode 100644 index 0000000..9d9ee16 --- /dev/null +++ b/packages/core/test/doctor-cli.test.ts @@ -0,0 +1,66 @@ +import { describe, expect, it } from "vitest"; +import { runCli } from "../src/cli"; + +describe("caplets doctor", () => { + it("shows sectioned local diagnostics without stale presence wording", async () => { + const out: string[] = []; + + await runCli(["doctor"], { + env: {}, + writeOut: (value) => out.push(value), + }); + + const report = out.join(""); + expect(report).toContain("Server hosting"); + expect(report).toContain("Remote client"); + expect(report).toContain("Project Binding"); + expect(report).toContain("Project sync"); + expect(report).toContain("Daemon"); + expect(report).toContain("Cloud Auth"); + expect(report).not.toContain("local presence"); + }); + + it("shows remote client derived URLs and auth state", async () => { + const out: string[] = []; + + await runCli(["doctor"], { + env: { + CAPLETS_REMOTE_URL: "https://cloud.caplets.dev/ws/ian", + CAPLETS_REMOTE_TOKEN: "secret", + CAPLETS_REMOTE_WORKSPACE: "ws_1", + }, + writeOut: (value) => out.push(value), + }); + + const report = out.join(""); + expect(report).toContain("MCP URL: https://cloud.caplets.dev/ws/ian/mcp"); + expect(report).toContain("Control URL: https://cloud.caplets.dev/ws/ian/control"); + expect(report).toContain("Health URL: https://cloud.caplets.dev/ws/ian/healthz"); + expect(report).toContain( + "WebSocket URL: wss://cloud.caplets.dev/ws/ian/control/project-bindings/connect", + ); + expect(report).toContain("Auth: bearer"); + expect(report).not.toContain("secret"); + }); + + it("emits JSON diagnostics with separate server, remote, binding, sync, daemon, and auth sections", async () => { + const out: string[] = []; + + await runCli(["doctor", "--json"], { + env: { + CAPLETS_SERVER_URL: "http://127.0.0.1:5387/caplets", + CAPLETS_REMOTE_URL: "https://cloud.caplets.dev/ws/ian", + }, + writeOut: (value) => out.push(value), + }); + + expect(JSON.parse(out.join(""))).toMatchObject({ + server: { configured: true }, + remote: { configured: true }, + projectBinding: { state: "not_attached" }, + sync: { state: "idle" }, + daemon: { running: false }, + cloudAuth: { authenticated: false }, + }); + }); +}); diff --git a/packages/core/test/engine.test.ts b/packages/core/test/engine.test.ts index 90792e1..8f592c1 100644 --- a/packages/core/test/engine.test.ts +++ b/packages/core/test/engine.test.ts @@ -208,6 +208,7 @@ describe("CapletsEngine", () => { return true; }); + await watcherReady(); writeConfig(configPath, { mcpServers: { beta: { @@ -243,6 +244,7 @@ describe("CapletsEngine", () => { return true; }); + await watcherReady(); writeFileSync(nestedFile, "after"); await eventually(() => expect(reloads).toBeGreaterThan(0)); @@ -269,6 +271,7 @@ describe("CapletsEngine", () => { return true; }); + await watcherReady(); writeFileSync(projectFile, "after"); await eventually(() => expect(reloads).toBeGreaterThan(0)); @@ -313,3 +316,7 @@ async function eventually(assertion: () => void): Promise { throw lastError; } } + +async function watcherReady(): Promise { + await new Promise((resolve) => setTimeout(resolve, 20)); +} diff --git a/packages/core/test/fixtures/cloud-auth.ts b/packages/core/test/fixtures/cloud-auth.ts new file mode 100644 index 0000000..4543792 --- /dev/null +++ b/packages/core/test/fixtures/cloud-auth.ts @@ -0,0 +1,41 @@ +import { mkdtempSync } from "node:fs"; +import { tmpdir } from "node:os"; +import { join } from "node:path"; +import { expect } from "vitest"; + +import type { CloudAuthCredentials } from "../../src/cloud-auth/store"; + +export const fixedNow = "2026-06-03T12:00:00.000Z"; +export const fixedLater = "2999-01-01T00:00:00.000Z"; + +export function tempCloudAuthPath(): string { + return join(mkdtempSync(join(tmpdir(), "caplets-cloud-auth-")), "cloud-auth.json"); +} + +export function hostedCredentials( + overrides: Partial = {}, +): CloudAuthCredentials { + return { + version: 2, + cloudUrl: "https://cloud.caplets.dev", + workspaceId: "workspace_personal", + workspaceSlug: "personal", + accessToken: "cap_access_secret", + refreshToken: "cap_refresh_secret", + expiresAt: fixedLater, + scope: ["project_binding:read", "project_binding:write"], + tokenType: "Bearer", + credentialFamilyId: "family_123", + deviceName: "Test Device", + createdAt: fixedNow, + lastRefreshAt: fixedNow, + ...overrides, + }; +} + +export function assertNoSecrets(output: string): void { + expect(output).not.toContain("cap_access_secret"); + expect(output).not.toContain("cap_refresh_secret"); + expect(output).not.toContain("Authorization"); + expect(output).not.toContain("one_time_code_secret"); +} diff --git a/packages/core/test/fixtures/project-binding/project/build.js b/packages/core/test/fixtures/project-binding/project/build.js new file mode 100644 index 0000000..fcf23bc --- /dev/null +++ b/packages/core/test/fixtures/project-binding/project/build.js @@ -0,0 +1 @@ +console.log(process.cwd()); diff --git a/packages/core/test/fixtures/project-binding/project/package.json b/packages/core/test/fixtures/project-binding/project/package.json new file mode 100644 index 0000000..9e37887 --- /dev/null +++ b/packages/core/test/fixtures/project-binding/project/package.json @@ -0,0 +1,6 @@ +{ + "name": "project-binding-fixture", + "scripts": { + "build": "node build.js" + } +} diff --git a/packages/core/test/native-options.test.ts b/packages/core/test/native-options.test.ts index 7a312ae..01a9b1c 100644 --- a/packages/core/test/native-options.test.ts +++ b/packages/core/test/native-options.test.ts @@ -13,7 +13,7 @@ describe("resolveNativeCapletsServiceOptions", () => { it("uses remote mode in auto when a server URL is configured", () => { expect( - resolveNativeCapletsServiceOptions({}, { CAPLETS_SERVER_URL: "http://127.0.0.1:5387" }), + resolveNativeCapletsServiceOptions({}, { CAPLETS_REMOTE_URL: "http://127.0.0.1:5387" }), ).toMatchObject({ mode: "remote", remote: { @@ -24,15 +24,61 @@ describe("resolveNativeCapletsServiceOptions", () => { }); }); + it("uses cloud mode in auto when CAPLETS_REMOTE_URL points at Caplets Cloud", () => { + expect( + resolveNativeCapletsServiceOptions( + {}, + { + CAPLETS_REMOTE_URL: "https://cloud.caplets.dev", + }, + ), + ).toMatchObject({ + mode: "cloud", + remote: { + url: new URL("https://cloud.caplets.dev/mcp"), + }, + }); + }); + + it("uses cloud mode when CAPLETS_MODE=cloud is explicit", () => { + expect( + resolveNativeCapletsServiceOptions( + {}, + { + CAPLETS_MODE: "cloud", + CAPLETS_REMOTE_URL: "https://cloud.caplets.dev", + }, + ), + ).toMatchObject({ mode: "cloud" }); + }); + + it("rejects CAPLETS_MODE=cloud with a self-hosted remote URL", () => { + expect(() => + resolveNativeCapletsServiceOptions( + {}, + { + CAPLETS_MODE: "cloud", + CAPLETS_REMOTE_URL: "https://caplets.example.com/caplets", + }, + ), + ).toThrow(/Caplets Cloud/u); + }); + it("lets explicit local mode ignore server env vars", () => { expect( resolveNativeCapletsServiceOptions( { mode: "local" }, - { CAPLETS_SERVER_URL: "http://127.0.0.1:5387" }, + { CAPLETS_REMOTE_URL: "http://127.0.0.1:5387" }, ), ).toEqual({ mode: "local" }); }); + it("does not treat server hosting env vars as native remote client settings", () => { + expect( + resolveNativeCapletsServiceOptions({}, { CAPLETS_SERVER_URL: "http://127.0.0.1:5387" }), + ).toEqual({ mode: "local" }); + }); + it("requires a URL in explicit remote mode", () => { expect(() => resolveNativeCapletsServiceOptions({ mode: "remote" }, {})).toThrow( expect.objectContaining({ code: "REQUEST_INVALID" }) as CapletsError, @@ -76,9 +122,9 @@ describe("resolveNativeCapletsServiceOptions", () => { }, }, { - CAPLETS_SERVER_URL: "https://env.example.com", - CAPLETS_SERVER_USER: "env-user", - CAPLETS_SERVER_PASSWORD: ["env", "password"].join("-"), + CAPLETS_REMOTE_URL: "https://env.example.com", + CAPLETS_REMOTE_USER: "env-user", + CAPLETS_REMOTE_PASSWORD: ["env", "password"].join("-"), }, ), ).toMatchObject({ diff --git a/packages/core/test/native-remote.test.ts b/packages/core/test/native-remote.test.ts index feb26c6..8f3f610 100644 --- a/packages/core/test/native-remote.test.ts +++ b/packages/core/test/native-remote.test.ts @@ -4,8 +4,13 @@ import { dirname, join } from "node:path"; import { afterEach, describe, expect, it, vi } from "vitest"; import type { CapletsError } from "../src/errors"; +import { CloudAuthStore } from "../src/cloud-auth/store"; import { RemoteNativeCapletsService, type RemoteCapletsClient } from "../src/native/remote"; -import { createNativeCapletsService } from "../src/native/service"; +import { + createNativeCapletsService, + resetNativeProjectBindingFallbackWarningForTests, +} from "../src/native/service"; +import { hostedCredentials, tempCloudAuthPath } from "./fixtures/cloud-auth"; function client( tools: Array<{ name: string; title?: string | undefined; description?: string | undefined }> = [ @@ -240,7 +245,7 @@ describe("RemoteNativeCapletsService", () => { await expect(service.execute("alpha", {})).rejects.toMatchObject({ code: "AUTH_FAILED", - message: expect.stringContaining("CAPLETS_SERVER_USER"), + message: expect.stringContaining("CAPLETS_REMOTE_TOKEN"), } satisfies Partial); await service.close(); @@ -279,6 +284,8 @@ describe("createNativeCapletsService remote mode", () => { const dirs: string[] = []; afterEach(() => { + resetNativeProjectBindingFallbackWarningForTests(); + vi.unstubAllEnvs(); for (const dir of dirs.splice(0)) { rmSync(dir, { recursive: true, force: true }); } @@ -377,6 +384,67 @@ describe("createNativeCapletsService remote mode", () => { ); }); + it("fails hard when explicit remote mode cannot create the remote Project Binding service", () => { + const localClose = vi.fn(async () => undefined); + const localService = { + listTools: vi.fn(() => []), + execute: vi.fn(async () => undefined), + reload: vi.fn(async () => true), + onToolsChanged: vi.fn(() => () => undefined), + close: localClose, + }; + + expect(() => + createNativeCapletsService({ + mode: "remote", + server: { url: "http://127.0.0.1:5387" }, + localServiceFactory: vi.fn(() => localService), + remoteClientFactory: vi.fn(() => { + throw new Error("Project Binding unavailable"); + }), + }), + ).toThrow("Project Binding unavailable"); + + expect(localClose).toHaveBeenCalledTimes(1); + }); + + it("falls back to local overlay once when configured remote Project Binding is unavailable", async () => { + const writeErr = vi.fn(); + const { dir, configPath, projectConfigPath } = tempConfig({ + mcpServers: { + local: { name: "Local", description: "Local Caplet.", command: process.execPath }, + }, + }); + dirs.push(dir); + + const service = createNativeCapletsService({ + server: { url: "http://127.0.0.1:5387" }, + remoteClientFactory: vi.fn(() => { + throw new Error("Project Binding unavailable"); + }), + configPath, + projectConfigPath, + writeErr, + }); + const secondService = createNativeCapletsService({ + server: { url: "http://127.0.0.1:5387" }, + remoteClientFactory: vi.fn(() => { + throw new Error("Project Binding unavailable"); + }), + configPath, + projectConfigPath, + writeErr, + }); + + expect(service.listTools().map((tool) => tool.caplet)).toEqual(["local"]); + expect(writeErr).toHaveBeenCalledTimes(1); + expect(writeErr).toHaveBeenCalledWith( + "Remote project binding unavailable; using local Caplets only. Run caplets doctor for details.\n", + ); + await service.close(); + await secondService.close(); + }); + it("lists local overlay Caplets after remote tools and shadows matching remote Caplets", async () => { const fixture = client([ { name: "shared", title: "Remote Shared" }, @@ -634,6 +702,37 @@ describe("createNativeCapletsService remote mode", () => { await service.close(); }); + it("starts Cloud Project Binding when native service runs in cloud mode", async () => { + const path = tempCloudAuthPath(); + vi.stubEnv("CAPLETS_CLOUD_AUTH_PATH", path); + await new CloudAuthStore({ path }).save(hostedCredentials({ accessToken: "cloud-access" })); + const factory = vi.fn(() => client([{ name: "remote", description: "Remote" }]).api); + const { dir, configPath, projectConfigPath } = tempConfig({ + mcpServers: { + local: { name: "Local", description: "Local Caplet.", command: process.execPath }, + }, + }); + dirs.push(dir); + + const service = createNativeCapletsService({ + mode: "cloud", + server: { url: "https://cloud.caplets.dev" }, + remoteClientFactory: factory, + configPath, + projectConfigPath, + }); + + await service.reload(); + expect(service.listTools().map((tool) => tool.caplet)).toContain("remote"); + expect(factory).toHaveBeenCalledWith( + expect.objectContaining({ + url: new URL("https://cloud.caplets.dev/mcp"), + requestInit: { headers: { Authorization: "Bearer cloud-access" } }, + }), + ); + await service.close(); + }); + it("picks up valid local overlay additions when existing warnings are unchanged", async () => { const fixture = client([{ name: "remote", title: "Remote" }]); const writeErr = vi.fn(); @@ -703,6 +802,122 @@ describe("createNativeCapletsService remote mode", () => { vi.useRealTimers(); }); + it("registers and tears down local presence in cloud remote mode", async () => { + const fixture = client(); + const fetch = vi.fn( + async (input: Parameters[0], init?: RequestInit) => { + const url = new URL(input.toString()); + if (url.pathname.endsWith("/api/project-bindings") && init?.method === "POST") { + return Response.json({ + binding: { bindingId: "presence_1" }, + }); + } + if (url.pathname.endsWith("/api/project-bindings/presence_1") && init?.method === "PATCH") { + return Response.json({ + binding: { bindingId: "presence_1" }, + }); + } + return new Response("not found", { status: 404 }); + }, + ); + const { dir, configPath, projectConfigPath } = tempConfig({ + mcpServers: { + local: { name: "Local", description: "Local Caplet.", command: process.execPath }, + }, + }); + dirs.push(dir); + + const service = createNativeCapletsService({ + mode: "remote", + server: { url: "http://127.0.0.1:5387", fetch }, + remote: { + cloud: { + url: "https://cloud.caplets.dev", + accessToken: "token", + workspaceId: "ws_1", + projectRoot: dirname(projectConfigPath), + heartbeatIntervalMs: 60_000, + }, + }, + remoteClientFactory: vi.fn(() => fixture.api), + configPath, + projectConfigPath, + }); + + await vi.waitFor(() => expect(fetch).toHaveBeenCalledWith(expect.any(URL), expect.anything())); + await service.close(); + + const projectBindingBodies = fetch.mock.calls + .map(([, init]) => init?.body) + .filter((body): body is string => typeof body === "string") + .map( + (body) => JSON.parse(body) as { projectFiles?: Array<{ path: string; content: string }> }, + ); + expect(projectBindingBodies[0]?.projectFiles).toEqual([{ path: "config.json", content: "{}" }]); + expect(fetch).toHaveBeenCalledWith( + new URL("https://cloud.caplets.dev/api/project-bindings/presence_1"), + expect.objectContaining({ + method: "PATCH", + body: JSON.stringify({ state: "offline" }), + }), + ); + }); + + it("updates local presence after local overlay reload changes the Caplet set", async () => { + const fixture = client(); + const fetch = vi.fn( + async (input: Parameters[0], init?: RequestInit) => { + const url = new URL(input.toString()); + if (url.pathname.endsWith("/api/project-bindings") && init?.method === "POST") { + return Response.json({ + binding: { bindingId: "presence_1" }, + }); + } + if (url.pathname.endsWith("/api/project-bindings/presence_1") && init?.method === "PATCH") { + return Response.json({ + binding: { bindingId: "presence_1" }, + }); + } + return new Response("not found", { status: 404 }); + }, + ); + const { dir, configPath, projectConfigPath } = tempConfig({}); + dirs.push(dir); + const service = createNativeCapletsService({ + mode: "remote", + server: { url: "http://127.0.0.1:5387", fetch }, + remote: { + cloud: { + url: "https://cloud.caplets.dev", + accessToken: "token", + workspaceId: "ws_1", + projectRoot: dirname(projectConfigPath), + }, + }, + remoteClientFactory: vi.fn(() => fixture.api), + configPath, + projectConfigPath, + }); + await vi.waitFor(() => expect(fetch).toHaveBeenCalledWith(expect.any(URL), expect.anything())); + + writeFileSync( + configPath, + JSON.stringify({ + mcpServers: { + local: { name: "Local", description: "Local Caplet.", command: process.execPath }, + }, + }), + "utf8", + ); + await service.reload(); + + expect(fetch).toHaveBeenCalledWith( + new URL("https://cloud.caplets.dev/api/project-bindings"), + expect.objectContaining({ method: "POST" }), + ); + await service.close(); + }); + it("fails fast for invalid remote config", () => { expect(() => createNativeCapletsService({ mode: "remote", server: { url: "http://example.com" } }), diff --git a/packages/core/test/native.test.ts b/packages/core/test/native.test.ts index ef04063..4e301ef 100644 --- a/packages/core/test/native.test.ts +++ b/packages/core/test/native.test.ts @@ -267,6 +267,7 @@ describe("native Caplets service", () => { }); try { + await watcherReady(); writeFileSync( configPath, JSON.stringify({ @@ -310,6 +311,7 @@ describe("native Caplets service", () => { }); try { + await watcherReady(); writeFileSync( configPath, JSON.stringify({ @@ -323,7 +325,7 @@ describe("native Caplets service", () => { }), ); - await expect.poll(() => events).toEqual([["beta"]]); + await expect.poll(() => events.at(-1)).toEqual(["beta"]); } finally { await service.close(); } @@ -345,3 +347,7 @@ describe("native Caplets service", () => { return { dir, configPath, projectConfigPath }; } }); + +async function watcherReady(): Promise { + await new Promise((resolve) => setTimeout(resolve, 100)); +} diff --git a/packages/core/test/package-boundaries.test.ts b/packages/core/test/package-boundaries.test.ts index bd7c8b3..55ed399 100644 --- a/packages/core/test/package-boundaries.test.ts +++ b/packages/core/test/package-boundaries.test.ts @@ -89,6 +89,24 @@ describe("package boundaries", () => { expect(missingTypeDefinitions).toEqual([]); }); + + it("does not publish obsolete Cloud-specific runtime exports", () => { + expect(Object.keys(corePackage.exports)).not.toContain("./cloud-runtime"); + expect(Object.keys(corePackage.exports)).not.toContain("./cloud/bundle-runtime"); + }); + + it("keeps Worker-safe core exports on dedicated bundles", () => { + const dedicatedExports = ["./caplet-source", "./runtime-plan"] as const; + const rootDefault = (corePackage.exports["."] as { default: string }).default; + + for (const specifier of dedicatedExports) { + const target = corePackage.exports[specifier] as { default: string; types: string }; + + expect(target.default, specifier).not.toBe(rootDefault); + expect(target.default, specifier).not.toBe("./dist/index.js"); + expect(target.types, specifier).not.toBe("./dist/index.d.ts"); + } + }); }); function scanFiles(roots: string[]): string[] { diff --git a/packages/core/test/project-binding-gitignore.test.ts b/packages/core/test/project-binding-gitignore.test.ts new file mode 100644 index 0000000..b2da835 --- /dev/null +++ b/packages/core/test/project-binding-gitignore.test.ts @@ -0,0 +1,61 @@ +import { existsSync, mkdtempSync, readFileSync, rmSync, writeFileSync } from "node:fs"; +import { tmpdir } from "node:os"; +import { join } from "node:path"; +import { afterEach, describe, expect, it } from "vitest"; +import { attachProjectOnce } from "../src/project-binding/attach"; +import { bootstrapProjectBindingGitignore } from "../src/project-binding/gitignore"; + +const tempDirs: string[] = []; + +afterEach(() => { + for (const dir of tempDirs.splice(0)) { + rmSync(dir, { recursive: true, force: true }); + } +}); + +describe("Project Binding gitignore bootstrap", () => { + it("creates only .caplets/.gitignore with private-state ignore rules", () => { + const projectRoot = tempProjectRoot(); + + const result = bootstrapProjectBindingGitignore(projectRoot); + + expect(result).toEqual({ path: join(projectRoot, ".caplets", ".gitignore"), changed: true }); + expect(readFileSync(result.path, "utf8")).toBe("*\n!.gitignore\n"); + expect(existsSync(join(projectRoot, ".caplets", "config.json"))).toBe(false); + expect(existsSync(join(projectRoot, ".capletsignore"))).toBe(false); + }); + + it("is idempotent and preserves existing ignore entries", () => { + const projectRoot = tempProjectRoot(); + const gitignorePath = join(projectRoot, ".caplets", ".gitignore"); + bootstrapProjectBindingGitignore(projectRoot); + writeFileSync(gitignorePath, `${readFileSync(gitignorePath, "utf8")}custom\n`, "utf8"); + + const result = bootstrapProjectBindingGitignore(projectRoot); + + expect(result.changed).toBe(false); + expect(readFileSync(gitignorePath, "utf8")).toBe("*\n!.gitignore\ncustom\n"); + }); + + it("bootstraps .caplets/.gitignore during attach once", async () => { + const projectRoot = tempProjectRoot(); + + await attachProjectOnce({ + projectRoot, + remoteUrl: "http://127.0.0.1:8787/caplets", + fetch: async () => Response.json({ error: "websocket_upgrade_required" }, { status: 426 }), + }); + + expect(readFileSync(join(projectRoot, ".caplets", ".gitignore"), "utf8")).toBe( + "*\n!.gitignore\n", + ); + expect(existsSync(join(projectRoot, ".caplets", "config.json"))).toBe(false); + expect(existsSync(join(projectRoot, ".capletsignore"))).toBe(false); + }); +}); + +function tempProjectRoot(): string { + const root = mkdtempSync(join(tmpdir(), "caplets-project-binding-")); + tempDirs.push(root); + return root; +} diff --git a/packages/core/test/project-binding-integration.test.ts b/packages/core/test/project-binding-integration.test.ts new file mode 100644 index 0000000..59d2162 --- /dev/null +++ b/packages/core/test/project-binding-integration.test.ts @@ -0,0 +1,123 @@ +import { + cpSync, + existsSync, + mkdirSync, + mkdtempSync, + readFileSync, + rmSync, + writeFileSync, +} from "node:fs"; +import { tmpdir } from "node:os"; +import { join, resolve } from "node:path"; +import { afterEach, describe, expect, it, vi } from "vitest"; +import { ManagedMutagenProjectSync } from "../src/project-binding/mutagen"; +import { ProjectBindingWorkspaceStore } from "../src/project-binding/workspaces"; +import { createNativeCapletsService } from "../src/native/service"; +import type { RemoteCapletsClient } from "../src/native/remote"; + +const dirs: string[] = []; +const fixtureProjectRoot = resolve(import.meta.dirname, "fixtures/project-binding/project"); + +afterEach(() => { + for (const dir of dirs.splice(0)) { + rmSync(dir, { recursive: true, force: true }); + } +}); + +describe("Project Binding integration", () => { + it("syncs an attached project into the self-hosted server workspace", async () => { + const stateRoot = mkdtempSync(join(tmpdir(), "caplets-project-binding-state-")); + dirs.push(stateRoot); + const workspaces = new ProjectBindingWorkspaceStore({ root: stateRoot }); + const workspace = await workspaces.ensureWorkspace({ + projectFingerprint: "sha256-fixture", + projectRoot: fixtureProjectRoot, + }); + const sync = new ManagedMutagenProjectSync({ + runner: async (_command, args) => { + if (args[0] === "version") return { stdout: "Mutagen version 0.18.1\n", exitCode: 0 }; + if (args[0] === "sync" && args[1] === "create") { + cpSync(fixtureProjectRoot, workspace.project, { recursive: true }); + return { stdout: "", exitCode: 0 }; + } + if (args[0] === "sync" && args[1] === "list") { + return { + stdout: JSON.stringify([{ name: "caplets-bind_fixture", status: "ready" }]), + exitCode: 0, + }; + } + return { stdout: "", exitCode: 0 }; + }, + }); + + await sync.start({ + bindingId: "bind_fixture", + localProjectRoot: fixtureProjectRoot, + serverProjectRoot: workspace.project, + }); + await sync.refresh({ bindingId: "bind_fixture" }); + + expect(sync.snapshot()).toMatchObject({ state: "ready", bindingId: "bind_fixture" }); + expect(existsSync(join(workspace.project, "package.json"))).toBe(true); + expect(readFileSync(join(workspace.project, "build.js"), "utf8")).toContain("process.cwd()"); + }); + + it("preserves local overlay shadowing while remote-only Caplets execute remotely", async () => { + const dir = mkdtempSync(join(tmpdir(), "caplets-project-binding-native-")); + dirs.push(dir); + const userDir = join(dir, "user"); + const projectDir = join(dir, "project", ".caplets"); + mkdirSync(userDir, { recursive: true }); + mkdirSync(projectDir, { recursive: true }); + const configPath = join(userDir, "config.json"); + const projectConfigPath = join(projectDir, "config.json"); + writeFileSync( + configPath, + JSON.stringify({ + mcpServers: { + build: { name: "Local Build", description: "Local build.", command: process.execPath }, + }, + }), + "utf8", + ); + writeFileSync(projectConfigPath, JSON.stringify({}), "utf8"); + const remoteClient = remoteClientFixture([ + { name: "build", title: "Remote Build" }, + { name: "deploy", title: "Remote Deploy" }, + ]); + const service = createNativeCapletsService({ + mode: "remote", + server: { url: "http://127.0.0.1:5387" }, + remoteClientFactory: vi.fn(() => remoteClient), + configPath, + projectConfigPath, + }); + + await service.reload(); + expect(service.listTools().map((tool) => [tool.caplet, tool.title])).toEqual([ + ["deploy", "Remote Deploy"], + ["build", "Local Build"], + ]); + + await expect(service.execute("build", { operation: "inspect" })).resolves.toMatchObject({ + content: expect.any(Array), + }); + await expect(service.execute("deploy", { input: true })).resolves.toEqual({ + name: "deploy", + args: { input: true }, + }); + expect(remoteClient.callTool).toHaveBeenCalledTimes(1); + await service.close(); + }); +}); + +function remoteClientFixture( + tools: Array<{ name: string; title?: string | undefined; description?: string | undefined }>, +): RemoteCapletsClient { + return { + listTools: vi.fn(async () => tools), + callTool: vi.fn(async (name: string, args: unknown) => ({ name, args })), + onToolsChanged: vi.fn(() => () => undefined), + close: vi.fn(async () => undefined), + }; +} diff --git a/packages/core/test/project-binding-mutagen.test.ts b/packages/core/test/project-binding-mutagen.test.ts new file mode 100644 index 0000000..914b137 --- /dev/null +++ b/packages/core/test/project-binding-mutagen.test.ts @@ -0,0 +1,203 @@ +import { describe, expect, it, vi } from "vitest"; +import { + ManagedMutagenProjectSync, + mutagenProjectSyncDoctorData, + planMutagenSyncCreateCommand, + planMutagenSyncListCommand, + planMutagenSyncTerminateCommand, + planMutagenVersionCommand, + type ManagedSyncStateSnapshot, + type MutagenProcessRunner, +} from "../src/project-binding/mutagen"; + +const bindingId = "bind_123"; +const localProjectRoot = "/Users/alice/project"; +const serverProjectRoot = "/state/caplets/workspaces/fp/project"; + +describe("project binding Mutagen command planning", () => { + it("plans the version command", () => { + expect(planMutagenVersionCommand()).toEqual({ command: "mutagen", args: ["version"] }); + }); + + it("plans sync creation with the project roots and binding-scoped name", () => { + expect( + planMutagenSyncCreateCommand({ bindingId, localProjectRoot, serverProjectRoot }), + ).toEqual({ + command: "mutagen", + args: ["sync", "create", localProjectRoot, serverProjectRoot, "--name", "caplets-bind_123"], + }); + }); + + it("plans sync list as JSON for status inspection", () => { + expect(planMutagenSyncListCommand()).toEqual({ + command: "mutagen", + args: ["sync", "list", "--template", "json"], + }); + }); + + it("plans sync termination by binding-scoped name", () => { + expect(planMutagenSyncTerminateCommand(bindingId)).toEqual({ + command: "mutagen", + args: ["sync", "terminate", "caplets-bind_123"], + }); + }); +}); + +describe("managed project sync state transitions", () => { + it("starts project sync through an injectable process runner", async () => { + const runner = recordRunner([ + { stdout: "Mutagen version 0.18.1\nLicense profile: mit\n" }, + { stdout: "" }, + ]); + const sync = new ManagedMutagenProjectSync({ runner }); + + await sync.start({ bindingId, localProjectRoot, serverProjectRoot }); + + expect(runner.calls).toEqual([ + { command: "mutagen", args: ["version"] }, + { + command: "mutagen", + args: ["sync", "create", localProjectRoot, serverProjectRoot, "--name", "caplets-bind_123"], + }, + ]); + expect(sync.snapshot()).toEqual({ + state: "syncing", + bindingId, + publicMessage: "Project sync is starting.", + mutagenBinary: "mutagen", + mutagenVersion: "0.18.1", + lastCommand: { + args: ["sync", "create", localProjectRoot, serverProjectRoot, "--name", "caplets-bind_123"], + command: "mutagen", + exitCode: 0, + stderr: "", + stdout: "", + }, + } satisfies ManagedSyncStateSnapshot); + }); + + it("marks project sync ready when the named session is watching cleanly", async () => { + const sync = new ManagedMutagenProjectSync({ + runner: recordRunner([ + { + stdout: JSON.stringify({ + synchronizations: [{ name: "caplets-bind_123", status: "Watching" }], + }), + }, + ]), + }); + + await sync.refresh({ bindingId }); + + expect(sync.snapshot()).toMatchObject({ + state: "ready", + bindingId, + publicMessage: "Project sync is ready.", + }); + }); + + it("marks project sync syncing while the named session is staging or scanning", async () => { + const sync = new ManagedMutagenProjectSync({ + runner: recordRunner([ + { + stdout: JSON.stringify({ sessions: [{ name: "caplets-bind_123", status: "Scanning" }] }), + }, + ]), + }); + + await sync.refresh({ bindingId }); + + expect(sync.snapshot()).toMatchObject({ + state: "syncing", + publicMessage: "Project sync is catching up.", + }); + }); + + it("terminates project sync and transitions to stopped", async () => { + const runner = recordRunner([{ stdout: "" }]); + const sync = new ManagedMutagenProjectSync({ runner }); + + await sync.stop({ bindingId }); + + expect(runner.calls).toEqual([ + { command: "mutagen", args: ["sync", "terminate", "caplets-bind_123"] }, + ]); + expect(sync.snapshot()).toMatchObject({ + state: "stopped", + bindingId, + publicMessage: "Project sync has stopped.", + }); + }); + + it.each([ + { + name: "missing binary", + error: Object.assign(new Error("spawn mutagen ENOENT"), { code: "ENOENT" }), + diagnosticCode: "project_sync_binary_missing", + }, + { + name: "auth failure", + error: new Error("permission denied: unable to authenticate"), + diagnosticCode: "project_sync_auth_failed", + }, + { + name: "conflict", + error: new Error("synchronization session already exists with this name"), + diagnosticCode: "project_sync_conflict", + }, + { + name: "process exit", + error: Object.assign(new Error("mutagen exited with code 2"), { exitCode: 2 }), + diagnosticCode: "project_sync_process_exit", + }, + ])("maps $name to a blocked project sync diagnostic", async ({ error, diagnosticCode }) => { + const sync = new ManagedMutagenProjectSync({ + runner: recordRunner([error]), + }); + + await sync.start({ bindingId, localProjectRoot, serverProjectRoot }); + + expect(sync.snapshot()).toMatchObject({ + state: "blocked", + bindingId, + diagnosticCode, + publicMessage: "Project sync is blocked.", + }); + }); + + it("keeps Mutagen details in doctor-level data", async () => { + const runner = recordRunner([ + { stdout: "Mutagen version 0.18.1\nLicense profile: mit\n" }, + { stdout: "" }, + ]); + const sync = new ManagedMutagenProjectSync({ runner, mutagenBinary: "/usr/local/bin/mutagen" }); + + await sync.start({ bindingId, localProjectRoot, serverProjectRoot }); + + expect(mutagenProjectSyncDoctorData(sync.snapshot())).toMatchObject({ + state: "syncing", + mutagenBinary: "/usr/local/bin/mutagen", + mutagenVersion: "0.18.1", + lastCommand: { + command: "/usr/local/bin/mutagen", + exitCode: 0, + }, + }); + }); +}); + +function recordRunner( + results: Array> | Error>, +): MutagenProcessRunner & { calls: Array<{ command: string; args: string[] }> } { + const calls: Array<{ command: string; args: string[] }> = []; + const run = vi.fn(async (command, args) => { + calls.push({ command, args }); + const result = results.shift(); + if (result instanceof Error) { + throw result; + } + return result ?? { stdout: "" }; + }) as unknown as MutagenProcessRunner & { calls: Array<{ command: string; args: string[] }> }; + run.calls = calls; + return run; +} diff --git a/packages/core/test/project-binding-routes.test.ts b/packages/core/test/project-binding-routes.test.ts new file mode 100644 index 0000000..441265e --- /dev/null +++ b/packages/core/test/project-binding-routes.test.ts @@ -0,0 +1,37 @@ +import { describe, expect, it } from "vitest"; +import { + PROJECT_BINDING_STATES, + projectBindingConnectUrl, + projectBindingStatusUrl, + type ProjectBindingState, +} from "../src/project-binding/routes"; + +describe("project binding routes", () => { + it("derives the connect URL from a hosted base URL", () => { + expect(projectBindingConnectUrl("https://example.com/caplets")).toBe( + "https://example.com/caplets/control/project-bindings/connect", + ); + }); + + it("derives a binding status URL from a hosted base URL", () => { + expect(projectBindingStatusUrl("https://example.com/caplets", "bind_123")).toBe( + "https://example.com/caplets/control/project-bindings/bind_123/status", + ); + }); + + it("exposes the exact project binding states", () => { + const states: ProjectBindingState[] = [ + "not_attached", + "attaching", + "syncing", + "ready", + "degraded", + "blocked", + "offline", + "cleaning_up", + "ended", + "expired", + ]; + expect(PROJECT_BINDING_STATES).toEqual(states); + }); +}); diff --git a/packages/core/test/project-binding-session.test.ts b/packages/core/test/project-binding-session.test.ts new file mode 100644 index 0000000..1d8dc01 --- /dev/null +++ b/packages/core/test/project-binding-session.test.ts @@ -0,0 +1,211 @@ +import { Buffer } from "node:buffer"; +import { describe, expect, it } from "vitest"; +import { resolveCapletsRemote } from "../src/remote/options"; +import { runProjectBindingSession } from "../src/project-binding/session"; +import type { + ProjectBindingSocketEvent, + ProjectBindingWebSocket, +} from "../src/project-binding/transport"; + +describe("runProjectBindingSession", () => { + it("creates a session, opens WebSocket, sends heartbeats, and ends remotely on abort", async () => { + const controller = new AbortController(); + const requests: { method: string; url: string; body?: unknown }[] = []; + const events: unknown[] = []; + let socketUrl = ""; + let socketProtocols: string | string[] | undefined; + const socket = new FakeProjectBindingSocket([ + { type: "state", state: "syncing", syncState: "syncing" }, + { type: "ready", bindingId: "binding_1", sessionId: "binding_session_1", syncState: "idle" }, + ]); + + const result = await runProjectBindingSession({ + projectRoot: "/repo", + remote: resolveCapletsRemote({ + url: "https://cloud.caplets.dev", + token: "cap_access_secret", + workspace: "personal", + }), + fetch: async (url, init) => { + const body = init?.body ? JSON.parse(String(init.body)) : undefined; + requests.push({ method: init?.method ?? "GET", url: String(url), body }); + if (String(url).endsWith("/control/project-bindings/sessions")) { + return Response.json( + { + binding: { bindingId: "binding_1", state: "attaching", syncState: "pending" }, + sessionId: "binding_session_1", + }, + { status: 201 }, + ); + } + return Response.json({ ok: true, binding: { bindingId: "binding_1" } }); + }, + webSocketFactory: (url, protocols) => { + socketUrl = url; + socketProtocols = protocols; + return socket; + }, + signal: controller.signal, + heartbeatIntervalMs: 1, + onEvent: (event) => { + events.push(event); + if (event.type === "ready") controller.abort(); + }, + }); + + expect(result).toMatchObject({ bindingId: "binding_1", sessionId: "binding_session_1" }); + expect(socketUrl).toContain("bindingId=binding_1"); + expect(socketUrl).toContain("sessionId=binding_session_1"); + expect(socketUrl).not.toContain("accessToken="); + expect(socketProtocols).toEqual([ + "caplets.project-binding.v1", + `caplets.bearer.${Buffer.from("cap_access_secret").toString("base64url")}`, + ]); + expect(socket.sent.map((item) => item.type)).toContain("heartbeat"); + expect(requests.some((request) => request.url.endsWith("/heartbeat"))).toBe(true); + expect( + requests.some((request) => request.method === "DELETE" && request.url.endsWith("/session")), + ).toBe(true); + expect(events).toContainEqual(expect.objectContaining({ type: "ready" })); + expect(events).toContainEqual(expect.objectContaining({ type: "ended" })); + }); + + it("emits a reconnecting event after one reconnectable socket close", async () => { + const controller = new AbortController(); + const events: unknown[] = []; + const sockets = [ + new FakeProjectBindingSocket([], { closeImmediately: true }), + new FakeProjectBindingSocket([ + { + type: "ready", + bindingId: "binding_1", + sessionId: "binding_session_1", + syncState: "idle", + }, + ]), + ]; + + await runProjectBindingSession({ + projectRoot: "/repo", + remote: resolveCapletsRemote({ url: "https://cloud.caplets.dev", token: "token" }), + fetch: async (url) => { + if (String(url).endsWith("/sessions")) { + return Response.json( + { binding: { bindingId: "binding_1" }, sessionId: "binding_session_1" }, + { status: 201 }, + ); + } + return Response.json({ ok: true }); + }, + webSocketFactory: () => sockets.shift() ?? new FakeProjectBindingSocket([]), + signal: controller.signal, + heartbeatIntervalMs: 1, + onEvent: (event) => { + events.push(event); + if (event.type === "ready") controller.abort(); + }, + }); + + expect(events).toContainEqual(expect.objectContaining({ type: "reconnecting", attempt: 1 })); + }); + + it("cleans up once listeners in the on-event WebSocket fallback path", async () => { + const controller = new AbortController(); + const socket = new FallbackProjectBindingSocket(); + + await runProjectBindingSession({ + projectRoot: "/repo", + remote: resolveCapletsRemote({ url: "https://cloud.caplets.dev", token: "token" }), + fetch: async (url) => { + if (String(url).endsWith("/sessions")) { + return Response.json( + { binding: { bindingId: "binding_1" }, sessionId: "binding_session_1" }, + { status: 201 }, + ); + } + return Response.json({ ok: true }); + }, + webSocketFactory: () => socket, + signal: controller.signal, + heartbeatIntervalMs: 1, + onEvent: (event) => { + if (event.type === "ready") controller.abort(); + }, + }); + + expect(socket.onopen).toBeNull(); + }); +}); + +class FakeProjectBindingSocket implements ProjectBindingWebSocket { + readonly readyState = 1; + readonly sent: { type: string }[] = []; + private readonly listeners = new Map< + string, + ((event: { data?: unknown; reason?: string }) => void)[] + >(); + + constructor( + private readonly messages: unknown[], + options: { closeImmediately?: boolean } = {}, + ) { + setTimeout(() => { + if (options.closeImmediately) { + this.dispatch("close", { reason: "network reset" }); + return; + } + for (const message of this.messages) { + this.dispatch("message", { data: JSON.stringify(message) }); + } + }, 0); + } + + send(data: string): void { + this.sent.push(JSON.parse(data) as { type: string }); + } + + close(): void {} + + addEventListener( + type: "open" | "message" | "close" | "error", + listener: (event: { data?: unknown; reason?: string }) => void, + ): void { + this.listeners.set(type, [...(this.listeners.get(type) ?? []), listener]); + } + + private dispatch(type: string, event: { data?: unknown; reason?: string }): void { + for (const listener of this.listeners.get(type) ?? []) listener(event); + } +} + +class FallbackProjectBindingSocket implements ProjectBindingWebSocket { + readyState = 0; + readonly sent: { type: string }[] = []; + onopen: ((event: ProjectBindingSocketEvent) => void) | null = null; + onmessage: ((event: ProjectBindingSocketEvent) => void) | null = null; + onclose: ((event: ProjectBindingSocketEvent) => void) | null = null; + onerror: ((event: ProjectBindingSocketEvent) => void) | null = null; + + constructor() { + setTimeout(() => { + this.readyState = 1; + this.onopen?.({}); + setTimeout(() => { + this.onmessage?.({ + data: JSON.stringify({ + type: "ready", + bindingId: "binding_1", + sessionId: "binding_session_1", + syncState: "idle", + }), + }); + }, 0); + }, 0); + } + + send(data: string): void { + this.sent.push(JSON.parse(data) as { type: string }); + } + + close(): void {} +} diff --git a/packages/core/test/project-binding-sync-filter.test.ts b/packages/core/test/project-binding-sync-filter.test.ts new file mode 100644 index 0000000..e07cc5e --- /dev/null +++ b/packages/core/test/project-binding-sync-filter.test.ts @@ -0,0 +1,79 @@ +import { mkdirSync, mkdtempSync, writeFileSync } from "node:fs"; +import { tmpdir } from "node:os"; +import { join } from "node:path"; +import { describe, expect, it } from "vitest"; + +import { buildProjectSyncManifest } from "../src/project-binding/sync-filter"; + +describe("Project Binding sync filter", () => { + it("honors hard denylist, .gitignore, and .capletsignore while allowing safe env templates", () => { + const root = mkdtempSync(join(tmpdir(), "caplets-sync-filter-")); + mkdirSync(join(root, ".git")); + mkdirSync(join(root, "node_modules"), { recursive: true }); + mkdirSync(join(root, "src"), { recursive: true }); + writeFileSync(join(root, ".git", "config"), "secret"); + writeFileSync(join(root, "node_modules", "pkg.js"), "ignored"); + writeFileSync(join(root, ".env"), "SECRET=1"); + writeFileSync(join(root, ".env.example"), "SECRET="); + writeFileSync(join(root, ".gitignore"), "dist\n"); + writeFileSync(join(root, ".capletsignore"), "tmp-local\n.env.example\n"); + writeFileSync(join(root, "dist"), "ignored by gitignore"); + writeFileSync(join(root, "tmp-local"), "ignored by capletsignore"); + writeFileSync(join(root, "src", "index.ts"), "console.log('ok');"); + + const manifest = buildProjectSyncManifest({ projectRoot: root }); + + expect(manifest.files.map((file) => file.relativePath).sort()).toEqual([ + ".capletsignore", + ".env.example", + ".gitignore", + "src/index.ts", + ]); + expect(manifest.exclusionSummary).toEqual( + expect.arrayContaining([ + expect.objectContaining({ source: "hard_denylist", pattern: ".git/" }), + expect.objectContaining({ source: "hard_denylist", pattern: "node_modules/" }), + expect.objectContaining({ source: "gitignore", pattern: "dist" }), + expect.objectContaining({ source: "capletsignore", pattern: "tmp-local" }), + ]), + ); + expect(JSON.stringify(manifest.exclusionSummary)).not.toContain(".git/config"); + expect(JSON.stringify(manifest.exclusionSummary)).not.toContain("SECRET=1"); + }); + + it("honors gitignore negation rules in order", () => { + const root = mkdtempSync(join(tmpdir(), "caplets-sync-filter-negation-")); + writeFileSync(join(root, ".gitignore"), "*.log\n!deploy.log\n"); + writeFileSync(join(root, "debug.log"), "debug"); + writeFileSync(join(root, "deploy.log"), "deploy"); + + const manifest = buildProjectSyncManifest({ projectRoot: root }); + + expect(manifest.files.map((file) => file.relativePath).sort()).toEqual([ + ".gitignore", + "deploy.log", + ]); + expect(manifest.exclusionSummary).toEqual([ + expect.objectContaining({ source: "gitignore", pattern: "*.log", count: 1 }), + ]); + }); + + it("keeps leading slash ignore patterns anchored to the project root", () => { + const root = mkdtempSync(join(tmpdir(), "caplets-sync-filter-anchor-")); + mkdirSync(join(root, "artifact"), { recursive: true }); + mkdirSync(join(root, "src", "artifact"), { recursive: true }); + writeFileSync(join(root, ".gitignore"), "/artifact\n"); + writeFileSync(join(root, "artifact", "top.js"), "top"); + writeFileSync(join(root, "src", "artifact", "nested.js"), "nested"); + + const manifest = buildProjectSyncManifest({ projectRoot: root }); + + expect(manifest.files.map((file) => file.relativePath).sort()).toEqual([ + ".gitignore", + "src/artifact/nested.js", + ]); + expect(manifest.exclusionSummary).toEqual([ + expect.objectContaining({ source: "gitignore", pattern: "/artifact", count: 1 }), + ]); + }); +}); diff --git a/packages/core/test/project-binding-sync-size.test.ts b/packages/core/test/project-binding-sync-size.test.ts new file mode 100644 index 0000000..287e9c0 --- /dev/null +++ b/packages/core/test/project-binding-sync-size.test.ts @@ -0,0 +1,26 @@ +import { describe, expect, it } from "vitest"; + +import { + DEFAULT_SYNC_LIMITS, + enforceProjectSyncSizeLimits, +} from "../src/project-binding/sync-size"; + +describe("Project Binding sync size limits", () => { + it("returns sync_size_limit_exceeded with safe totals for hosted Free", () => { + const result = enforceProjectSyncSizeLimits({ + tier: "free", + files: [ + { relativePath: "src/a.ts", sizeBytes: 10 * 1024 * 1024 }, + { relativePath: "data/big.bin", sizeBytes: 30 * 1024 * 1024 }, + ], + }); + + expect(result).toMatchObject({ + ok: false, + code: "sync_size_limit_exceeded", + maxSingleFileBytes: DEFAULT_SYNC_LIMITS.free.maxSingleFileBytes, + recoveryCommand: "Add exclusions to .capletsignore or upgrade the workspace plan.", + }); + expect(JSON.stringify(result)).not.toContain("data/big.bin"); + }); +}); diff --git a/packages/core/test/project-binding-workspaces.test.ts b/packages/core/test/project-binding-workspaces.test.ts new file mode 100644 index 0000000..fbebcf2 --- /dev/null +++ b/packages/core/test/project-binding-workspaces.test.ts @@ -0,0 +1,221 @@ +import { existsSync, mkdtempSync, readFileSync, rmSync, writeFileSync } from "node:fs"; +import { tmpdir } from "node:os"; +import { join, win32 } from "node:path"; +import { afterEach, describe, expect, it } from "vitest"; +import { + ProjectBindingWorkspaceStore, + projectBindingWorkspacePaths, + projectBindingWorkspaceRoot, +} from "../src/project-binding/workspaces"; + +const baseNow = new Date("2026-06-02T12:00:00.000Z"); +const fingerprint = "sha256_abc"; + +const tempDirs: string[] = []; + +afterEach(() => { + for (const dir of tempDirs.splice(0)) { + rmSync(dir, { recursive: true, force: true }); + } +}); + +describe("project binding workspace layout", () => { + it("uses XDG_STATE_HOME for self-hosted workspace roots", () => { + const root = projectBindingWorkspaceRoot({ + env: { XDG_STATE_HOME: "/state" }, + platform: "linux", + homedir: "/home/alice", + }); + expect(root).toBe("/state/caplets/workspaces"); + }); + + it("falls back to ~/.local/state on Unix platforms", () => { + const root = projectBindingWorkspaceRoot({ + env: {}, + platform: "linux", + homedir: "/home/alice", + }); + expect(root).toBe("/home/alice/.local/state/caplets/workspaces"); + }); + + it("uses LOCALAPPDATA for Windows self-hosted workspace roots", () => { + const root = projectBindingWorkspaceRoot({ + env: { LOCALAPPDATA: "C:\\Users\\Alice\\AppData\\Local" }, + platform: "win32", + homedir: "C:\\Users\\Alice", + }); + expect(root).toBe( + win32.join("C:\\Users\\Alice\\AppData\\Local", "Caplets", "State", "workspaces"), + ); + }); + + it("derives per-fingerprint project, metadata, lease, and receipt paths", () => { + const paths = projectBindingWorkspacePaths(fingerprint, { root: "/state/caplets/workspaces" }); + expect(paths.root).toBe("/state/caplets/workspaces/sha256_abc"); + expect(paths.project).toBe("/state/caplets/workspaces/sha256_abc/project"); + expect(paths.metadata).toBe("/state/caplets/workspaces/sha256_abc/metadata.json"); + expect(paths.lease("bind_123")).toBe( + "/state/caplets/workspaces/sha256_abc/leases/bind_123.json", + ); + expect(paths.setupReceipts).toBe("/state/caplets/workspaces/sha256_abc/setup/receipts.json"); + }); + + it("derives Windows per-fingerprint project paths", () => { + const paths = projectBindingWorkspacePaths(fingerprint, { + env: { LOCALAPPDATA: "C:\\Users\\Alice\\AppData\\Local" }, + platform: "win32", + homedir: "C:\\Users\\Alice", + }); + expect(paths.project).toBe( + win32.join( + "C:\\Users\\Alice\\AppData\\Local", + "Caplets", + "State", + "workspaces", + fingerprint, + "project", + ), + ); + }); + + it("creates metadata, lease, and setup receipt directories", async () => { + const root = tempRoot(); + const store = new ProjectBindingWorkspaceStore({ root, now: () => baseNow }); + + const paths = await store.ensureWorkspace({ + projectFingerprint: fingerprint, + projectRoot: "/repo", + }); + await store.writeLease({ + bindingId: "bind_123", + projectFingerprint: fingerprint, + state: "ready", + active: true, + updatedAt: baseNow.toISOString(), + }); + await store.writeSetupReceipts(fingerprint, [{ capletId: "repo-cli", status: "succeeded" }]); + + expect(existsSync(paths.project)).toBe(true); + expect(JSON.parse(readFileSync(paths.metadata, "utf8"))).toMatchObject({ + projectFingerprint: fingerprint, + projectRoot: "/repo", + lastActiveAt: baseNow.toISOString(), + }); + expect(JSON.parse(readFileSync(paths.lease("bind_123"), "utf8"))).toMatchObject({ + bindingId: "bind_123", + active: true, + }); + expect(JSON.parse(readFileSync(paths.setupReceipts, "utf8"))).toEqual([ + { capletId: "repo-cli", status: "succeeded" }, + ]); + }); +}); + +describe("project binding workspace cleanup", () => { + it("keeps active leases and their workspaces even when old", async () => { + const root = tempRoot(); + const store = new ProjectBindingWorkspaceStore({ + root, + now: () => baseNow, + }); + await workspace(store, "active-old", 60); + await store.writeLease({ + bindingId: "bind_active", + projectFingerprint: "active-old", + state: "ready", + active: true, + updatedAt: daysAgo(60), + }); + + const result = await store.cleanup(); + + expect(result.deletedWorkspaces).toEqual([]); + expect(existsSync(join(root, "active-old"))).toBe(true); + expect(existsSync(join(root, "active-old", "leases", "bind_active.json"))).toBe(true); + }); + + it("expires inactive stale leases after two minutes", async () => { + const root = tempRoot(); + const store = new ProjectBindingWorkspaceStore({ + root, + now: () => baseNow, + }); + await workspace(store, "lease-stale", 1); + await store.writeLease({ + bindingId: "bind_stale", + projectFingerprint: "lease-stale", + state: "offline", + active: false, + updatedAt: new Date(baseNow.getTime() - 121_000).toISOString(), + }); + + const result = await store.cleanup(); + + expect(result.expiredLeases).toEqual([join(root, "lease-stale", "leases", "bind_stale.json")]); + expect(existsSync(join(root, "lease-stale", "leases", "bind_stale.json"))).toBe(false); + expect(existsSync(join(root, "lease-stale"))).toBe(true); + }); + + it("deletes inactive workspaces after thirty days", async () => { + const root = tempRoot(); + const store = new ProjectBindingWorkspaceStore({ + root, + now: () => baseNow, + }); + await workspace(store, "recent", 29); + await workspace(store, "old", 31); + + const result = await store.cleanup(); + + expect(result.deletedWorkspaces).toEqual([join(root, "old")]); + expect(existsSync(join(root, "recent"))).toBe(true); + expect(existsSync(join(root, "old"))).toBe(false); + }); + + it("applies the soft disk cap by deleting oldest inactive workspaces first", async () => { + const root = tempRoot(); + const sizes = new Map(); + const store = new ProjectBindingWorkspaceStore({ + root, + now: () => baseNow, + softDiskCapBytes: 100, + workspaceSizeBytes: (paths) => sizes.get(paths.projectFingerprint) ?? 0, + }); + await workspace(store, "oldest", 5); + await workspace(store, "middle", 3); + await workspace(store, "newest", 1); + sizes.set("oldest", 60); + sizes.set("middle", 50); + sizes.set("newest", 40); + + const result = await store.cleanup(); + + expect(result.deletedWorkspaces).toEqual([join(root, "oldest")]); + expect(existsSync(join(root, "oldest"))).toBe(false); + expect(existsSync(join(root, "middle"))).toBe(true); + expect(existsSync(join(root, "newest"))).toBe(true); + }); +}); + +function tempRoot(): string { + const dir = mkdtempSync(join(tmpdir(), "caplets-project-binding-")); + tempDirs.push(dir); + return dir; +} + +async function workspace( + store: ProjectBindingWorkspaceStore, + projectFingerprint: string, + inactiveDays: number, +) { + await store.ensureWorkspace({ + projectFingerprint, + projectRoot: `/repos/${projectFingerprint}`, + lastActiveAt: daysAgo(inactiveDays), + }); + writeFileSync(join(store.paths(projectFingerprint).project, "CAPLET.md"), "# Test\n"); +} + +function daysAgo(days: number): string { + return new Date(baseNow.getTime() - days * 24 * 60 * 60 * 1000).toISOString(); +} diff --git a/packages/core/test/remote-control-client.test.ts b/packages/core/test/remote-control-client.test.ts index 0c22c81..532701f 100644 --- a/packages/core/test/remote-control-client.test.ts +++ b/packages/core/test/remote-control-client.test.ts @@ -67,7 +67,7 @@ describe("RemoteControlClient", () => { await expect(client.request("list", {})).rejects.toMatchObject({ code: "AUTH_FAILED", - message: expect.stringContaining("CAPLETS_SERVER_USER"), + message: expect.stringContaining("CAPLETS_REMOTE_USER"), }); try { diff --git a/packages/core/test/remote-options.test.ts b/packages/core/test/remote-options.test.ts new file mode 100644 index 0000000..c557aba --- /dev/null +++ b/packages/core/test/remote-options.test.ts @@ -0,0 +1,127 @@ +import { Buffer } from "node:buffer"; +import { describe, expect, it } from "vitest"; +import type { CapletsError } from "../src/errors"; +import { resolveCapletsRemote, resolveRemoteMode } from "../src/remote/options"; + +describe("resolveRemoteMode", () => { + it("uses local mode by default without remote client settings", () => { + expect(resolveRemoteMode({}, {})).toEqual({ mode: "local" }); + }); + + it("uses remote mode in auto when CAPLETS_REMOTE_URL is configured", () => { + expect(resolveRemoteMode({}, { CAPLETS_REMOTE_URL: "https://example.com/caplets" })).toEqual({ + mode: "remote", + }); + }); + + it("does not treat CAPLETS_SERVER_URL as client remote configuration", () => { + expect(resolveRemoteMode({}, { CAPLETS_SERVER_URL: "https://example.com/caplets" })).toEqual({ + mode: "local", + }); + }); + + it("requires CAPLETS_REMOTE_URL in explicit remote mode", () => { + expect(() => resolveRemoteMode({ mode: "remote" }, {})).toThrow( + expect.objectContaining({ code: "REQUEST_INVALID" }) as CapletsError, + ); + }); + + it("supports explicit cloud mode with a Caplets Cloud URL", () => { + expect( + resolveRemoteMode( + {}, + { + CAPLETS_MODE: "cloud", + CAPLETS_REMOTE_URL: "https://cloud.caplets.dev", + }, + ), + ).toEqual({ mode: "cloud" }); + }); + + it("detects cloud mode in auto from CAPLETS_REMOTE_URL", () => { + expect(resolveRemoteMode({}, { CAPLETS_REMOTE_URL: "https://cloud.caplets.dev" })).toEqual({ + mode: "cloud", + }); + }); + + it("keeps non-Cloud CAPLETS_REMOTE_URL in self-hosted remote mode", () => { + expect( + resolveRemoteMode({}, { CAPLETS_REMOTE_URL: "https://caplets.example.com/caplets" }), + ).toEqual({ mode: "remote" }); + }); + + it("rejects explicit cloud mode with a non-Cloud URL", () => { + expect(() => + resolveRemoteMode( + {}, + { + CAPLETS_MODE: "cloud", + CAPLETS_REMOTE_URL: "https://caplets.example.com/caplets", + }, + ), + ).toThrow(/CAPLETS_MODE=cloud requires CAPLETS_REMOTE_URL to point at Caplets Cloud/u); + }); + + it("rejects explicit cloud mode without CAPLETS_REMOTE_URL", () => { + expect(() => resolveRemoteMode({}, { CAPLETS_MODE: "cloud" })).toThrow( + /CAPLETS_MODE=cloud requires CAPLETS_REMOTE_URL/u, + ); + }); + + it("parses cloud as a valid CAPLETS_MODE value", () => { + expect(() => resolveRemoteMode({}, { CAPLETS_MODE: "sidecar" })).toThrow( + /Expected CAPLETS_MODE to be auto, local, remote, or cloud/u, + ); + }); +}); + +describe("resolveCapletsRemote", () => { + it("derives remote service URLs and Basic Auth from CAPLETS_REMOTE variables", () => { + const password = "remote-password"; + const resolved = resolveCapletsRemote( + {}, + { + CAPLETS_REMOTE_URL: "https://example.com/caplets/", + CAPLETS_REMOTE_USER: "env-user", + CAPLETS_REMOTE_PASSWORD: password, + }, + ); + + expect(resolved).toMatchObject({ + baseUrl: new URL("https://example.com/caplets"), + mcpUrl: new URL("https://example.com/caplets/mcp"), + controlUrl: new URL("https://example.com/caplets/control"), + healthUrl: new URL("https://example.com/caplets/healthz"), + projectBindingWebSocketUrl: new URL( + "wss://example.com/caplets/control/project-bindings/connect", + ), + auth: { type: "basic", user: "env-user", password }, + }); + expect(resolved.workspace).toBeUndefined(); + expect(new Headers(resolved.requestInit.headers).get("authorization")).toBe( + `Basic ${Buffer.from(`env-user:${password}`).toString("base64")}`, + ); + }); + + it("supports bearer token and workspace settings", () => { + const resolved = resolveCapletsRemote( + { token: "input-token", workspace: "team" }, + { CAPLETS_REMOTE_URL: "https://example.com" }, + ); + + expect(resolved.auth).toEqual({ type: "bearer", token: "input-token" }); + expect(resolved.workspace).toBe("team"); + expect(new Headers(resolved.requestInit.headers).get("authorization")).toBe( + "Bearer input-token", + ); + }); + + it("references CAPLETS_REMOTE_TOKEN or Basic Auth vars for self-hosted auth failures", () => { + expect(() => + resolveCapletsRemote( + { user: "caplets" }, + { CAPLETS_REMOTE_URL: "https://caplets.example.com/caplets" }, + ), + ).toThrow(/CAPLETS_REMOTE_PASSWORD/u); + }); +}); diff --git a/packages/core/test/remote-selection.test.ts b/packages/core/test/remote-selection.test.ts new file mode 100644 index 0000000..d54e0cb --- /dev/null +++ b/packages/core/test/remote-selection.test.ts @@ -0,0 +1,112 @@ +import { describe, expect, it } from "vitest"; +import { CloudAuthStore } from "../src/cloud-auth/store"; +import { resolveRemoteSelection } from "../src/remote/selection"; +import { hostedCredentials, tempCloudAuthPath } from "./fixtures/cloud-auth"; + +describe("resolveRemoteSelection", () => { + it("rejects attach selection in local mode", async () => { + await expect(resolveRemoteSelection({}, { CAPLETS_MODE: "local" })).rejects.toThrow( + /caplets attach requires a remote upstream; set CAPLETS_REMOTE_URL or use caplets serve/u, + ); + }); + + it("rejects auto mode without a remote URL for attach", async () => { + await expect(resolveRemoteSelection({}, {})).rejects.toThrow(/CAPLETS_REMOTE_URL/u); + }); + + it("resolves self-hosted remote auth from CAPLETS_REMOTE variables", async () => { + await expect( + resolveRemoteSelection( + {}, + { + CAPLETS_MODE: "remote", + CAPLETS_REMOTE_URL: "https://caplets.example.com/caplets", + CAPLETS_REMOTE_TOKEN: "remote-token", + }, + ), + ).resolves.toMatchObject({ + kind: "self_hosted_remote", + remote: { + baseUrl: new URL("https://caplets.example.com/caplets"), + auth: { type: "bearer", token: "remote-token" }, + }, + }); + }); + + it("uses saved Cloud Auth in cloud mode and ignores self-hosted token vars", async () => { + const path = tempCloudAuthPath(); + await new CloudAuthStore({ path }).save(hostedCredentials({ accessToken: "cloud-access" })); + + const resolved = await resolveRemoteSelection( + {}, + { + CAPLETS_MODE: "cloud", + CAPLETS_REMOTE_URL: "https://cloud.caplets.dev", + CAPLETS_REMOTE_TOKEN: "self-hosted-token", + CAPLETS_CLOUD_AUTH_PATH: path, + }, + ); + + expect(resolved).toMatchObject({ + kind: "hosted_cloud", + selectedWorkspace: "personal", + remote: { + baseUrl: new URL("https://cloud.caplets.dev"), + auth: { type: "bearer", token: "cloud-access" }, + }, + }); + }); + + it("refreshes expired Cloud credentials before returning the upstream", async () => { + const path = tempCloudAuthPath(); + await new CloudAuthStore({ path }).save( + hostedCredentials({ + accessToken: "old-access", + refreshToken: "old-refresh", + expiresAt: "2026-06-03T00:00:00.000Z", + }), + ); + + const resolved = await resolveRemoteSelection( + { + fetch: async (url, init) => { + expect(String(url)).toBe("https://cloud.caplets.dev/api/cloud-client/refresh"); + expect(JSON.parse(String(init?.body))).toEqual({ refreshToken: "old-refresh" }); + return Response.json({ + status: "authenticated", + cloudUrl: "https://cloud.caplets.dev", + workspaceId: "workspace_personal", + workspaceSlug: "personal", + accessToken: "new-access", + refreshToken: "new-refresh", + expiresAt: "2999-01-01T00:00:00.000Z", + scope: ["project_binding:read", "project_binding:write"], + tokenType: "Bearer", + credentialFamilyId: "family_123", + }); + }, + }, + { + CAPLETS_MODE: "cloud", + CAPLETS_REMOTE_URL: "https://cloud.caplets.dev", + CAPLETS_CLOUD_AUTH_PATH: path, + }, + ); + + expect(resolved.remote.auth).toEqual({ type: "bearer", token: "new-access" }); + }); + + it("requires Cloud Auth when cloud mode is selected", async () => { + await expect( + resolveRemoteSelection( + {}, + { + CAPLETS_MODE: "cloud", + CAPLETS_REMOTE_URL: "https://cloud.caplets.dev", + }, + ), + ).rejects.toMatchObject({ + projectBindingCode: "cloud_auth_required", + }); + }); +}); diff --git a/packages/core/test/runtime-features.test.ts b/packages/core/test/runtime-features.test.ts new file mode 100644 index 0000000..837feb7 --- /dev/null +++ b/packages/core/test/runtime-features.test.ts @@ -0,0 +1,113 @@ +import { describe, expect, it } from "vitest"; +import type { CapletConfig } from "../src/config-runtime"; +import { inferRuntimeFeatures, resolveRuntimeResources } from "../src/runtime-plan"; + +describe("runtime feature inference", () => { + it("does not infer features for ordinary filesystem MCP packages", () => { + expect( + inferRuntimeFeatures(mcp("npx", ["-y", "@modelcontextprotocol/server-filesystem"])), + ).toMatchObject({ features: [], provenance: [] }); + }); + + it("infers docker from executable and package command patterns", () => { + expect(inferRuntimeFeatures(mcp("docker", ["run", "mcp/server"]))).toMatchObject({ + features: ["docker"], + }); + expect(inferRuntimeFeatures(mcp("npx", ["-y", "docker-mcp"])).provenance).toEqual([ + expect.objectContaining({ + feature: "docker", + source: "mcp.command", + command: "npx -y docker-mcp", + matched: "docker-mcp", + }), + ]); + }); + + it("infers browser from Playwright, browser-use, and setup commands with provenance", () => { + expect(inferRuntimeFeatures(mcp("npx", ["-y", "@playwright/mcp"]))).toMatchObject({ + features: ["browser"], + }); + expect(inferRuntimeFeatures(mcp("uvx", ["browser-use"]))).toMatchObject({ + features: ["browser"], + }); + + const inferred = inferRuntimeFeatures({ + ...mcp("node", ["server.js"]), + setup: { verify: [{ label: "Browsers", command: "npx", args: ["playwright", "install"] }] }, + }); + expect(inferred.provenance).toEqual([ + expect.objectContaining({ + feature: "browser", + source: "setup.verify", + command: "npx playwright install", + matched: "playwright install", + }), + ]); + }); + + it("merges explicit features before inferred features in stable order", () => { + const inferred = inferRuntimeFeatures({ + ...mcp("npx", ["-y", "@playwright/mcp"]), + runtime: { features: ["docker"] }, + }); + + expect(inferred.features).toEqual(["docker", "browser"]); + expect(inferred.provenance).toEqual( + expect.arrayContaining([ + expect.objectContaining({ + feature: "docker", + source: "explicit", + matched: "runtime.features", + }), + expect.objectContaining({ feature: "browser", source: "mcp.command" }), + ]), + ); + }); + + it("extracts CLI action commands and resolves resource defaults", () => { + const caplet = { + server: "repo", + backend: "cli", + name: "Repo", + description: "Run repository automation.", + disabled: false, + actions: { + inspect: { command: "uvx", args: ["browser-use"] }, + }, + timeoutMs: 1000, + maxOutputBytes: 1000, + } satisfies CapletConfig; + const inferred = inferRuntimeFeatures(caplet); + + expect(inferred).toMatchObject({ features: ["browser"] }); + expect(resolveRuntimeResources(caplet, inferred.features)).toEqual({ + class: "large", + cpu: 4, + memoryMb: 8192, + diskMb: 20480, + }); + expect( + resolveRuntimeResources( + { ...caplet, runtime: { resources: { class: "heavy" } } }, + inferred.features, + { maxClass: "large" }, + ), + ).toMatchObject({ class: "large" }); + }); +}); + +function mcp(command: string, args: string[] = []): CapletConfig { + return { + server: "mcp", + backend: "mcp", + name: "MCP", + description: "Run an MCP test server.", + disabled: false, + transport: "stdio", + command, + args, + startupTimeoutMs: 1000, + callTimeoutMs: 1000, + toolCacheTtlMs: 1000, + }; +} diff --git a/packages/core/test/runtime-plan-contract.test.ts b/packages/core/test/runtime-plan-contract.test.ts new file mode 100644 index 0000000..1a9a8e1 --- /dev/null +++ b/packages/core/test/runtime-plan-contract.test.ts @@ -0,0 +1,128 @@ +import { describe, expect, it } from "vitest"; +import { + HIDDEN_REASON_CODES, + inferRuntimeFeatures, + planCapletRuntimeRoute, + resolveRuntimeResources, + type HiddenReasonCode, +} from "../src/runtime-plan"; + +const runtimeCapletFixtures = { + httpAction: { server: "http_action", backend: "http", expectedRoute: "worker_safe" }, + openapi: { server: "openapi_weather", backend: "openapi", expectedRoute: "worker_safe" }, + graphql: { server: "graphql_inventory", backend: "graphql", expectedRoute: "worker_safe" }, + remoteMcp: { + server: "remote_mcp", + backend: "mcp", + transport: "http", + expectedRoute: "worker_safe", + }, + cli: { server: "cli_process", backend: "cli", command: "node", expectedRoute: "process" }, + stdioMcp: { + server: "stdio_mcp", + backend: "mcp", + transport: "stdio", + command: "node", + expectedRoute: "process", + }, + setupBacked: { + server: "setup_backed", + backend: "cli", + setup: { commands: [{ label: "Install", command: "pnpm", args: ["install"] }] }, + expectedRoute: "process", + }, + docker: { + server: "docker_tool", + backend: "cli", + runtime: { features: ["docker"] }, + expectedRoute: "process", + }, + browser: { + server: "browser_tool", + backend: "cli", + runtime: { features: ["browser"] }, + expectedRoute: "process", + }, + projectBound: { + server: "project_bound", + backend: "cli", + projectBinding: { required: true }, + expectedRoute: "project_bound_process", + }, + localOnly: { server: "local_only", backend: "unknown", expectedRoute: "local_only" }, +} as const; + +describe("hosted runtime route-plan contract", () => { + it("classifies canonical fixture routes", () => { + for (const fixture of Object.values(runtimeCapletFixtures)) { + expect(planCapletRuntimeRoute(fixture).route).toBe(fixture.expectedRoute); + } + }); + + it("infers Docker and browser features from explicit and command provenance", () => { + expect(inferRuntimeFeatures({ runtime: { features: ["docker"] } }).features).toContain( + "docker", + ); + expect(inferRuntimeFeatures({ runtime: { features: ["browser"] } }).features).toContain( + "browser", + ); + expect( + inferRuntimeFeatures({ + setup: { commands: [{ label: "Build", command: "docker", args: ["build", "."] }] }, + }).features, + ).toContain("docker"); + expect( + inferRuntimeFeatures({ command: "playwright", backend: "mcp", transport: "stdio" }).features, + ).toContain("browser"); + }); + + it("resolves Hosted Sandbox resource classes conservatively", () => { + expect(resolveRuntimeResources({ features: [], backend: "http" }).class).toBe("small"); + expect(resolveRuntimeResources({ features: [], backend: "cli" }).class).toBe("medium"); + expect(resolveRuntimeResources({ features: ["docker"], backend: "cli" }).class).toBe("large"); + expect(resolveRuntimeResources({ features: ["browser"], backend: "cli" }).class).toBe("large"); + expect(resolveRuntimeResources({ features: ["docker", "browser"], backend: "cli" }).class).toBe( + "heavy", + ); + expect( + resolveRuntimeResources({ + features: ["docker"], + backend: "cli", + policy: { maxClass: "medium" }, + }), + ).toMatchObject({ class: "medium", cappedByPolicy: "medium" }); + }); + + it("exports every canonical hidden reason code as a stable literal union", () => { + const required: HiddenReasonCode[] = [ + "setup_required", + "setup_running", + "setup_failed", + "verify_failed", + "backend_auth_required", + "backend_check_failed", + "project_binding_required", + "project_binding_syncing", + "project_binding_blocked", + "project_binding_stale", + "provider_unavailable", + "provider_capacity_exhausted", + "provider_queue_timeout", + "policy_denied", + "billing_required", + "subscription_past_due", + "usage_limit_reached", + "email_verification_required", + "docker_required", + "docker_denied", + "browser_required", + "browser_denied", + "resource_class_denied", + "local_only", + "invalid_bundle", + "unsupported_backend", + ]; + + expect(HIDDEN_REASON_CODES).toEqual(required); + }); +}); diff --git a/packages/core/test/runtime-plan.test.ts b/packages/core/test/runtime-plan.test.ts new file mode 100644 index 0000000..1eb94a2 --- /dev/null +++ b/packages/core/test/runtime-plan.test.ts @@ -0,0 +1,103 @@ +import { describe, expect, it } from "vitest"; +import type { CapletConfig } from "../src/config"; +import { planCapletRuntimeRoutes } from "../src/runtime-plan/planner"; + +describe("runtime route planning", () => { + it("plans route and setup target rules for neutral Caplet configs", () => { + expect(routes([caplet("cli", { backend: "cli" })])).toEqual([ + { id: "cli", route: "process", setupTarget: "hosted_sandbox" }, + ]); + expect( + routes([caplet("stdio", { backend: "mcp", transport: "stdio", command: "uvx" })]), + ).toEqual([{ id: "stdio", route: "process", setupTarget: "hosted_sandbox" }]); + expect(routes([caplet("command", { backend: "mcp", command: "node" })])).toEqual([ + { id: "command", route: "process", setupTarget: "hosted_sandbox" }, + ]); + expect( + routes([ + caplet("remote", { backend: "mcp", transport: "sse", url: "https://example.com/sse" }), + ]), + ).toEqual([{ id: "remote", route: "worker_safe", setupTarget: undefined }]); + expect(routes([caplet("http-api", { backend: "http" })])).toEqual([ + { id: "http-api", route: "worker_safe", setupTarget: undefined }, + ]); + expect(routes([caplet("setup", { backend: "openapi", setup: setup() })], "hosted")).toEqual([ + { id: "setup", route: "process", setupTarget: "hosted_sandbox" }, + ]); + expect( + routes([caplet("setup", { backend: "openapi", setup: setup() })], "self_hosted"), + ).toEqual([{ id: "setup", route: "process", setupTarget: "remote_host" }]); + expect( + routes([caplet("project", { backend: "cli", projectBinding: { required: true } })]), + ).toEqual([{ id: "project", route: "project_bound_process", setupTarget: "hosted_sandbox" }]); + expect(routes([caplet("unknown", { backend: "native" })])).toEqual([ + { id: "unknown", route: "local_only", setupTarget: undefined }, + ]); + }); + + it("keeps Caplet sets worker-safe facades even when children require process routes", () => { + const plans = planCapletRuntimeRoutes([ + caplet("child", { backend: "cli" }), + caplet("set", { backend: "caplets", dependencies: ["child"] }), + caplet("remote-set", { backend: "caplets", dependencies: ["worker"] }), + caplet("worker", { backend: "openapi" }), + ]); + + expect(plans.find((plan) => plan.id === "set")).toEqual( + expect.objectContaining({ route: "worker_safe" }), + ); + expect(plans.find((plan) => plan.id === "remote-set")).toEqual( + expect.objectContaining({ route: "worker_safe" }), + ); + }); + + it("adds runtime feature provenance and resource defaults to plans", () => { + const [plan] = planCapletRuntimeRoutes([ + caplet("browser", { + backend: "cli", + runtime: { features: ["docker"] }, + actions: { + inspect: { command: "npx", args: ["-y", "@playwright/mcp"] }, + }, + }), + ]); + + expect(plan?.runtime).toMatchObject({ + features: ["docker", "browser"], + resources: { class: "heavy", cpu: 8, memoryMb: 16384, diskMb: 40960 }, + }); + expect(plan?.runtime.featureProvenance).toEqual( + expect.arrayContaining([ + expect.objectContaining({ feature: "docker", source: "explicit" }), + expect.objectContaining({ + feature: "browser", + source: "cli.action", + command: "npx -y @playwright/mcp", + matched: "@playwright/mcp", + }), + ]), + ); + }); +}); + +function routes(caplets: CapletConfig[], deployment: "hosted" | "self_hosted" = "hosted") { + return planCapletRuntimeRoutes(caplets, { deployment }).map((plan) => ({ + id: plan.id, + route: plan.route, + setupTarget: plan.setupTarget, + })); +} + +function caplet(id: string, overrides: Record): CapletConfig { + return { + server: id, + name: id, + description: `Test Caplet ${id}.`, + disabled: false, + ...overrides, + } as CapletConfig; +} + +function setup() { + return { commands: [{ label: "Install", command: "pnpm" }] }; +} diff --git a/packages/core/test/serve-daemon.test.ts b/packages/core/test/serve-daemon.test.ts new file mode 100644 index 0000000..de63c8f --- /dev/null +++ b/packages/core/test/serve-daemon.test.ts @@ -0,0 +1,375 @@ +import { mkdtempSync, readFileSync, rmSync } from "node:fs"; +import { tmpdir } from "node:os"; +import { join, posix, win32 } from "node:path"; +import { describe, expect, it } from "vitest"; +import { runCli } from "../src/cli"; +import type { CapletsError } from "../src/errors"; +import { + buildDaemonPlatformDescriptor, + daemonStatus, + disableDaemon, + enableDaemon, + resolveServeDaemonPaths, + restartDaemon, + startDaemon, + stopDaemon, + type DaemonProcessRunner, +} from "../src/serve"; + +describe("caplets serve daemon CLI", () => { + it("shows daemon subcommand help", async () => { + const out: string[] = []; + + await runCli(["serve", "start", "--help"], { writeOut: (value) => out.push(value) }); + await runCli(["serve", "status", "--help"], { writeOut: (value) => out.push(value) }); + + const text = out.join(""); + expect(text).toContain("Start the default Caplets HTTP daemon."); + expect(text).toContain("Show the default Caplets HTTP daemon status."); + expect(text).toContain("--transport "); + }); + + it("rejects stdio daemon start", async () => { + await expect( + runCli(["serve", "start", "--transport", "stdio"], { writeErr: () => {} }), + ).rejects.toThrow( + expect.objectContaining({ + code: "REQUEST_INVALID", + message: "Daemonized serve requires --transport http.", + }) as CapletsError, + ); + }); + + it("defaults daemon start to HTTP", async () => { + const dir = mkdtempSync(join(tmpdir(), "caplets-daemon-cli-")); + const out: string[] = []; + try { + await runCli(["serve", "start"], { + env: { XDG_CONFIG_HOME: join(dir, "config"), XDG_STATE_HOME: join(dir, "state") }, + writeOut: (value) => out.push(value), + daemon: { + process: fakeProcessRunner({ running: false, pid: 1200 }), + }, + }); + + expect(out.join("")).toContain("Started Caplets HTTP daemon on 127.0.0.1:5387."); + const config = JSON.parse( + readFileSync(join(dir, "config", "caplets", "serve", "default.json"), "utf8"), + ) as { serve: { transport: string } }; + expect(config.serve.transport).toBe("http"); + } finally { + rmSync(dir, { recursive: true, force: true }); + } + }); + + it("prints redacted JSON status", async () => { + const dir = mkdtempSync(join(tmpdir(), "caplets-daemon-cli-")); + const out: string[] = []; + try { + await startDaemon( + { password: "super-secret-password" }, + { + env: { XDG_CONFIG_HOME: join(dir, "config"), XDG_STATE_HOME: join(dir, "state") }, + process: fakeProcessRunner({ running: false, pid: 1300 }), + }, + ); + + await runCli(["serve", "status", "--json"], { + env: { XDG_CONFIG_HOME: join(dir, "config"), XDG_STATE_HOME: join(dir, "state") }, + writeOut: (value) => out.push(value), + daemon: { + process: fakeProcessRunner({ running: true, pid: 1300 }), + }, + }); + + const status = JSON.parse(out.join("")) as { + config: { serve: { auth: { password: string } } }; + }; + expect(status.config.serve.auth.password).toBe("[REDACTED]"); + expect(out.join("")).not.toContain("super-secret-password"); + } finally { + rmSync(dir, { recursive: true, force: true }); + } + }); +}); + +describe("serve daemon paths", () => { + it("uses XDG state and config roots for macOS and Linux", () => { + const paths = resolveServeDaemonPaths({ + env: { XDG_CONFIG_HOME: "/config", XDG_STATE_HOME: "/state" }, + home: "/home/alice", + platform: "linux", + }); + + expect(paths.stateFile).toBe(posix.join("/state", "caplets", "serve", "default", "state.json")); + expect(paths.pidFile).toBe(posix.join("/state", "caplets", "serve", "default", "server.pid")); + expect(paths.stdoutLog).toBe( + posix.join("/state", "caplets", "serve", "default", "logs", "stdout.log"), + ); + expect(paths.stderrLog).toBe( + posix.join("/state", "caplets", "serve", "default", "logs", "stderr.log"), + ); + expect(paths.configFile).toBe(posix.join("/config", "caplets", "serve", "default.json")); + }); + + it("uses LOCALAPPDATA state and APPDATA config roots for Windows", () => { + const paths = resolveServeDaemonPaths({ + env: { + APPDATA: "C:\\Users\\Alice\\AppData\\Roaming", + LOCALAPPDATA: "C:\\Users\\Alice\\AppData\\Local", + }, + home: "C:\\Users\\Alice", + platform: "win32", + }); + + expect(paths.stateFile).toBe( + win32.join( + "C:\\Users\\Alice\\AppData\\Local", + "Caplets", + "State", + "serve", + "default", + "state.json", + ), + ); + expect(paths.pidFile).toBe( + win32.join( + "C:\\Users\\Alice\\AppData\\Local", + "Caplets", + "State", + "serve", + "default", + "server.pid", + ), + ); + expect(paths.stdoutLog).toBe( + win32.join( + "C:\\Users\\Alice\\AppData\\Local", + "Caplets", + "State", + "serve", + "default", + "logs", + "stdout.log", + ), + ); + expect(paths.configFile).toBe( + win32.join("C:\\Users\\Alice\\AppData\\Roaming", "Caplets", "serve", "default.json"), + ); + }); +}); + +describe("serve daemon lifecycle", () => { + it("starts, reports status, and stops the default instance", async () => { + const dir = mkdtempSync(join(tmpdir(), "caplets-daemon-")); + const process = fakeProcessRunner({ running: false, pid: 1400 }); + try { + const options = { + env: { XDG_CONFIG_HOME: join(dir, "config"), XDG_STATE_HOME: join(dir, "state") }, + process, + }; + + const started = await startDaemon({ port: "5480", password: "secret-password" }, options); + expect(started.status.running).toBe(true); + expect(started.status.pid).toBe(1400); + expect(process.starts[0]?.args).toEqual([ + "serve", + "--transport", + "http", + "--host", + "127.0.0.1", + "--port", + "5480", + "--path", + "/", + "--user", + "caplets", + "--password", + "secret-password", + ]); + + const status = await daemonStatus({ + ...options, + process: fakeProcessRunner({ running: true, pid: 1400 }), + }); + expect(status.running).toBe(true); + expect(status.config?.serve.port).toBe(5480); + + const stopped = await stopDaemon({ + ...options, + process: fakeProcessRunner({ running: true, pid: 1400 }), + }); + expect(stopped.status.running).toBe(false); + expect(stopped.status.pid).toBeUndefined(); + + const afterStop = await daemonStatus({ + ...options, + process: fakeProcessRunner({ running: true, pid: 1400 }), + }); + expect(afterStop.running).toBe(false); + } finally { + rmSync(dir, { recursive: true, force: true }); + } + }); + + it("fails start when already running and lets restart apply config changes", async () => { + const dir = mkdtempSync(join(tmpdir(), "caplets-daemon-")); + try { + const env = { XDG_CONFIG_HOME: join(dir, "config"), XDG_STATE_HOME: join(dir, "state") }; + await startDaemon( + { port: "5480" }, + { env, process: fakeProcessRunner({ running: false, pid: 1400 }) }, + ); + + await expect( + startDaemon( + { port: "5481" }, + { env, process: fakeProcessRunner({ running: true, pid: 1400 }) }, + ), + ).rejects.toThrow("Caplets HTTP daemon is already running."); + + const process = fakeProcessRunner({ running: true, pid: 1400, nextPid: 1401 }); + const restarted = await restartDaemon({ port: "5481" }, { env, process }); + + expect(restarted.status.running).toBe(true); + expect(restarted.status.pid).toBe(1401); + expect(process.stops).toEqual([1400]); + expect(process.starts[0]?.args).toContain("5481"); + } finally { + rmSync(dir, { recursive: true, force: true }); + } + }); + + it("enables and disables the platform service without installing in tests", async () => { + const dir = mkdtempSync(join(tmpdir(), "caplets-daemon-")); + try { + const env = { XDG_CONFIG_HOME: join(dir, "config"), XDG_STATE_HOME: join(dir, "state") }; + await startDaemon( + { port: "5482" }, + { env, process: fakeProcessRunner({ running: false, pid: 1400 }) }, + ); + + const enabled = await enableDaemon({ env, platform: "linux", serviceAvailable: true }); + expect(enabled.enabled).toBe(true); + expect(enabled.descriptor.kind).toBe("systemd-user"); + + const disabled = await disableDaemon({ env, platform: "linux", serviceAvailable: true }); + expect(disabled.enabled).toBe(false); + expect(disabled.descriptor.kind).toBe("systemd-user"); + } finally { + rmSync(dir, { recursive: true, force: true }); + } + }); +}); + +describe("serve daemon platform descriptors", () => { + it("describes a macOS launchd user agent", () => { + const descriptor = buildDaemonPlatformDescriptor({ + platform: "darwin", + paths: resolveServeDaemonPaths({ + env: { XDG_CONFIG_HOME: "/config", XDG_STATE_HOME: "/state" }, + home: "/Users/alice", + platform: "darwin", + }), + command: { executable: "/usr/local/bin/caplets", args: ["serve", "--transport", "http"] }, + }); + + expect(descriptor.kind).toBe("launchd-user-agent"); + if (descriptor.kind !== "launchd-user-agent") throw new Error("expected launchd descriptor"); + expect(descriptor.label).toBe("dev.caplets.serve.default"); + expect(descriptor.plist).toContain("Label"); + expect(descriptor.plist).toContain("dev.caplets.serve.default"); + expect(descriptor.plist).toContain("/usr/local/bin/caplets"); + }); + + it("describes a Linux systemd user service when available", () => { + const descriptor = buildDaemonPlatformDescriptor({ + platform: "linux", + serviceAvailable: true, + paths: resolveServeDaemonPaths({ + env: { XDG_CONFIG_HOME: "/config", XDG_STATE_HOME: "/state" }, + home: "/home/alice", + platform: "linux", + }), + command: { executable: "/usr/bin/caplets", args: ["serve", "--transport", "http"] }, + }); + + expect(descriptor.kind).toBe("systemd-user"); + if (descriptor.kind !== "systemd-user") throw new Error("expected systemd descriptor"); + expect(descriptor.unitName).toBe("caplets-serve-default.service"); + expect(descriptor.unit).toContain("[Service]"); + expect(descriptor.unit).toContain("ExecStart=/usr/bin/caplets serve --transport http"); + }); + + it("describes a Linux fallback when systemd user services are unavailable", () => { + const descriptor = buildDaemonPlatformDescriptor({ + platform: "linux", + serviceAvailable: false, + paths: resolveServeDaemonPaths({ + env: { XDG_CONFIG_HOME: "/config", XDG_STATE_HOME: "/state" }, + home: "/home/alice", + platform: "linux", + }), + command: { executable: "/usr/bin/caplets", args: ["serve", "--transport", "http"] }, + }); + + expect(descriptor.kind).toBe("manual"); + if (descriptor.kind !== "manual") throw new Error("expected manual descriptor"); + expect(descriptor.reason).toContain("systemd user service is not available"); + }); + + it("describes a Windows per-user Scheduled Task command plan", () => { + const descriptor = buildDaemonPlatformDescriptor({ + platform: "win32", + paths: resolveServeDaemonPaths({ + env: { + APPDATA: "C:\\Users\\Alice\\AppData\\Roaming", + LOCALAPPDATA: "C:\\Users\\Alice\\AppData\\Local", + }, + home: "C:\\Users\\Alice", + platform: "win32", + }), + command: { + executable: "C:\\Program Files\\nodejs\\caplets.cmd", + args: ["serve", "--transport", "http"], + }, + }); + + expect(descriptor.kind).toBe("windows-scheduled-task"); + if (descriptor.kind !== "windows-scheduled-task") + throw new Error("expected scheduled task descriptor"); + expect(descriptor.taskName).toBe("Caplets Serve Default"); + expect(descriptor.commands.register).toContain("schtasks"); + expect(descriptor.commands.register).toContain("/SC ONLOGON"); + expect(descriptor.commands.register).toContain("caplets.cmd"); + }); +}); + +function fakeProcessRunner(initial: { + running: boolean; + pid: number; + nextPid?: number; +}): DaemonProcessRunner & { + starts: Array<{ args: string[]; stdoutLog: string; stderrLog: string }>; + stops: number[]; +} { + let running = initial.running; + let pid = initial.pid; + const starts: Array<{ args: string[]; stdoutLog: string; stderrLog: string }> = []; + const stops: number[] = []; + return { + starts, + stops, + isRunning: async (candidate) => running && candidate === pid, + start: async (command) => { + pid = initial.nextPid ?? pid; + running = true; + starts.push(command); + return pid; + }, + stop: async (candidate) => { + stops.push(candidate); + running = false; + }, + }; +} diff --git a/packages/core/test/serve-http.test.ts b/packages/core/test/serve-http.test.ts index b42d3dd..186f72a 100644 --- a/packages/core/test/serve-http.test.ts +++ b/packages/core/test/serve-http.test.ts @@ -120,6 +120,55 @@ describe("createHttpServeApp", () => { await engine.close(); }); + it("exposes authenticated Project Binding status under the control namespace", async () => { + const { engine } = testEngine(); + const testPassword = ["test", "password"].join("-"); + const app = createHttpServeApp( + httpOptions({ auth: { enabled: true, user: "caplets", password: testPassword } }), + engine, + { writeErr: () => {} }, + ); + + const missing = await app.request( + "http://127.0.0.1:5387/control/project-bindings/bind_123/status", + ); + expect(missing.status).toBe(401); + + const response = await app.request( + "http://127.0.0.1:5387/control/project-bindings/bind_123/status", + { + headers: { + authorization: `Basic ${Buffer.from(`caplets:${testPassword}`).toString("base64")}`, + }, + }, + ); + expect(response.status).toBe(200); + await expect(response.json()).resolves.toMatchObject({ + bindingId: "bind_123", + state: "not_attached", + }); + + await engine.close(); + }); + + it("exposes the Project Binding WebSocket upgrade route under a base path", async () => { + const { engine } = testEngine(); + const app = createHttpServeApp(httpOptions({ path: "/caplets" }), engine, { + writeErr: () => {}, + }); + + const response = await app.request( + "http://127.0.0.1:5387/caplets/control/project-bindings/connect", + ); + + expect(response.status).toBe(426); + await expect(response.json()).resolves.toMatchObject({ + error: "websocket_upgrade_required", + }); + + await engine.close(); + }); + it("mounts service routes under a base path", async () => { const { engine } = testEngine(); const app = createHttpServeApp(httpOptions({ path: "/caplets" }), engine, { diff --git a/packages/core/test/serve-options.test.ts b/packages/core/test/serve-options.test.ts index cbe6400..13d3e02 100644 --- a/packages/core/test/serve-options.test.ts +++ b/packages/core/test/serve-options.test.ts @@ -1,5 +1,5 @@ import { describe, expect, it } from "vitest"; -import { resolveServeOptions } from "../src/serve/options"; +import { resolveDaemonServeOptions, resolveServeOptions } from "../src/serve/options"; describe("resolveServeOptions", () => { it("defaults serve to stdio", () => { @@ -176,6 +176,21 @@ describe("resolveServeOptions", () => { ); }); + it("defaults daemonized serve to HTTP", () => { + expect(resolveDaemonServeOptions({}, {})).toMatchObject({ + transport: "http", + host: "127.0.0.1", + port: 5387, + path: "/", + }); + }); + + it("rejects daemonized stdio serve", () => { + expect(() => resolveDaemonServeOptions({ transport: "stdio" }, {})).toThrow( + "Daemonized serve requires --transport http.", + ); + }); + it("rejects invalid port and path", () => { expect(() => resolveServeOptions({ transport: "http", port: "0" }, {})).toThrow( /valid TCP port/u, diff --git a/packages/core/test/setup-runner.test.ts b/packages/core/test/setup-runner.test.ts new file mode 100644 index 0000000..fb92bb6 --- /dev/null +++ b/packages/core/test/setup-runner.test.ts @@ -0,0 +1,372 @@ +import { mkdtempSync, rmSync } from "node:fs"; +import { tmpdir } from "node:os"; +import { join } from "node:path"; +import { describe, expect, it } from "vitest"; +import type { CapletConfig } from "../src/config"; +import { runSetup } from "../src/cli/setup"; +import { capletSetupContentHash } from "../src/setup/hash"; +import { LocalSetupStore } from "../src/setup/local-store"; +import { runCapletSetup, type SetupSpawn } from "../src/setup/runner"; +import type { SetupAttempt, SetupTargetKind } from "../src/setup/types"; + +describe("setup runner", () => { + it("accepts only local_host, remote_host, and hosted_sandbox setup targets", async () => { + const accepted: SetupTargetKind[] = ["local_host", "remote_host", "hosted_sandbox"]; + expect([...accepted].sort()).toEqual(["hosted_sandbox", "local_host", "remote_host"]); + + for (const targetKind of accepted) { + await expect( + runCapletSetup({ + projectFingerprint: "project", + capletId: "ast-grep", + contentHash: "hash", + targetKind, + actor: "cli-yes", + approved: true, + setup: { commands: [] }, + store: memoryStore(), + spawn: successfulSpawn(), + }), + ).resolves.toEqual([]); + } + }); + + it.each(["local", "remote_server", "hosted_container"])( + "rejects legacy stored setup target %s", + async (targetKind) => { + await expect( + runCapletSetup({ + projectFingerprint: "project", + capletId: "ast-grep", + contentHash: "hash", + targetKind: targetKind as SetupTargetKind, + actor: "cli-yes", + approved: true, + setup: { commands: [] }, + store: memoryStore(), + spawn: successfulSpawn(), + }), + ).rejects.toMatchObject({ + code: "REQUEST_INVALID", + message: "setup target must be one of: local_host, remote_host, hosted_sandbox", + }); + }, + ); + + it("changes content hash when setup metadata changes", () => { + const first = caplet("npm", ["install", "-g", "first"]); + const second = caplet("npm", ["install", "-g", "second"]); + expect(capletSetupContentHash(first)).not.toBe(capletSetupContentHash(second)); + }); + + it("requires approval before commands run", async () => { + const store = memoryStore(); + await expect( + runCapletSetup({ + projectFingerprint: "project", + capletId: "ast-grep", + contentHash: "hash", + targetKind: "local_host", + actor: "cli-interactive", + approved: false, + setup: { commands: [{ label: "Install", command: "npm" }] }, + store, + spawn: successfulSpawn(), + }), + ).rejects.toMatchObject({ code: "REQUEST_INVALID" }); + expect(store.attempts).toEqual([]); + }); + + it("records successful setup and verify attempts without executing real package managers", async () => { + const store = memoryStore(); + const attempts = await runCapletSetup({ + projectFingerprint: "project", + capletId: "ast-grep", + contentHash: "hash", + targetKind: "local_host", + actor: "cli-yes", + approved: true, + setup: { + commands: [{ label: "Install", command: "npm", args: ["install"] }], + verify: [{ label: "Verify", command: "ast-grep-mcp", args: ["--help"] }], + }, + store, + spawn: successfulSpawn(), + }); + expect(attempts).toHaveLength(2); + expect(attempts.map((attempt) => attempt.status)).toEqual(["succeeded", "succeeded"]); + expect(attempts[0]?.actor).toBe("cli-yes"); + expect(attempts[0]?.projectFingerprint).toBe("project"); + expect(store.attempts).toHaveLength(2); + }); + + it("leaves status failed when verify fails", async () => { + const store = memoryStore(); + const attempts = await runCapletSetup({ + projectFingerprint: "project", + capletId: "ast-grep", + contentHash: "hash", + targetKind: "local_host", + actor: "cli-yes", + approved: true, + setup: { + commands: [{ label: "Install", command: "npm" }], + verify: [{ label: "Verify", command: "ast-grep-mcp" }], + }, + store, + spawn: async (command) => ({ + exitCode: command === "ast-grep-mcp" ? 1 : 0, + stdout: "", + stderr: "missing", + durationMs: 1, + }), + }); + expect(attempts.at(-1)).toMatchObject({ phase: "verify", status: "failed" }); + }); + + it("caps output and redacts secret-looking env values", async () => { + const store = memoryStore(); + const attempts = await runCapletSetup({ + projectFingerprint: "project", + capletId: "secret", + contentHash: "hash", + targetKind: "local_host", + actor: "cli-yes", + approved: true, + setup: { + commands: [ + { + label: "Install", + command: "echo", + env: { API_TOKEN: "super-secret-value" }, + maxOutputBytes: 12, + }, + ], + }, + store, + spawn: async () => ({ + exitCode: 0, + stdout: "super-secret-value with trailing data", + stderr: "", + durationMs: 1, + }), + }); + expect(attempts[0]?.stdout).toBe("[REDACTED] w"); + expect(attempts[0]?.redacted).toBe(true); + }); + + it("keys approvals by project fingerprint, caplet, content hash, and target", async () => { + const dir = mkdtempSync(join(tmpdir(), "caplets-setup-store-")); + try { + const store = new LocalSetupStore({ baseDir: dir }); + await store.approve({ + projectFingerprint: "project-a", + capletId: "ast-grep", + contentHash: "hash", + targetKind: "remote_host", + actor: "cli-yes", + approvedAt: "2026-06-02T12:00:00.000Z", + }); + + await expect( + store.getApproval("project-a", "ast-grep", "hash", "remote_host"), + ).resolves.toMatchObject({ projectFingerprint: "project-a" }); + await expect( + store.getApproval("project-b", "ast-grep", "hash", "remote_host"), + ).resolves.toBeUndefined(); + await expect( + store.getApproval("project-a", "ast-grep", "hash", "local_host"), + ).resolves.toBeUndefined(); + } finally { + rmSync(dir, { recursive: true, force: true }); + } + }); + + it("keeps local attempts to the free retention window", async () => { + const dir = mkdtempSync(join(tmpdir(), "caplets-setup-store-")); + try { + const store = new LocalSetupStore({ baseDir: dir, maxAttempts: 3, retentionDays: 7 }); + for (let index = 0; index < 5; index += 1) { + await store.recordAttempt({ + ...attempt(index), + capletId: "ast-grep", + }); + } + const attempts = await store.listAttempts("project", "ast-grep"); + expect(attempts).toHaveLength(3); + expect(attempts.map((entry) => entry.commandLabel)).toEqual(["2", "3", "4"]); + } finally { + rmSync(dir, { recursive: true, force: true }); + } + }); + + it("keeps attempt retention scoped to a project fingerprint", async () => { + const dir = mkdtempSync(join(tmpdir(), "caplets-setup-store-")); + try { + const store = new LocalSetupStore({ baseDir: dir, maxAttempts: 3, retentionDays: 7 }); + await store.recordAttempt({ + ...attempt(0), + projectFingerprint: "project-a", + commandLabel: "a", + }); + await store.recordAttempt({ + ...attempt(1), + projectFingerprint: "project-b", + commandLabel: "b", + }); + + await expect(store.listAttempts("project-a", "ast-grep")).resolves.toMatchObject([ + { projectFingerprint: "project-a", commandLabel: "a" }, + ]); + await expect(store.listAttempts("project-b", "ast-grep")).resolves.toMatchObject([ + { projectFingerprint: "project-b", commandLabel: "b" }, + ]); + } finally { + rmSync(dir, { recursive: true, force: true }); + } + }); + + it("uses neutral setup target names in CLI setup copy", async () => { + const local = await runSetup("opencode", { + target: "local_host", + dryRun: true, + format: "json", + }); + expect(JSON.parse(local)).toMatchObject({ targetKind: "local_host" }); + + const remoteServer = await runSetup("opencode", { + remote: true, + target: "remote_host", + dryRun: true, + format: "json", + }); + expect(JSON.parse(remoteServer)).toMatchObject({ targetKind: "remote_host" }); + + const hostedContainer = await runSetup("opencode", { + target: "hosted_sandbox", + dryRun: true, + format: "json", + }); + expect(JSON.parse(hostedContainer)).toMatchObject({ targetKind: "hosted_sandbox" }); + }); + + it.each(["remote", "cloud", "hosted_worker"])( + "serializes legacy CLI setup alias %s to a semantic target", + async (target) => { + const result = await runSetup("opencode", { + target: target as "remote" | "cloud" | "hosted_worker", + dryRun: true, + format: "json", + }); + expect(JSON.parse(result).targetKind).toBe( + target === "remote" ? "remote_host" : "hosted_sandbox", + ); + }, + ); + + it("records setup hash and runtime features without requiring project output retention", async () => { + const store = memoryStore(); + const attempts = await runCapletSetup({ + projectFingerprint: "project", + capletId: "browser", + contentHash: "content", + setupHash: "setup", + targetKind: "hosted_sandbox", + runtimeFeatures: ["browser"], + actor: "cli-yes", + approved: true, + setup: { commands: [{ label: "Install", command: "npx", args: ["playwright", "install"] }] }, + store, + spawn: successfulSpawn(), + }); + + expect(attempts[0]).toMatchObject({ + setupHash: "setup", + runtimeFeatures: ["browser"], + targetKind: "hosted_sandbox", + }); + }); + + it("rejects non-project setup commands that run inside a synced project workspace", async () => { + const projectRoot = mkdtempSync(join(tmpdir(), "caplets-project-")); + try { + await expect( + runCapletSetup({ + capletId: "global-tool", + contentHash: "hash", + targetKind: "local_host", + actor: "cli-yes", + approved: true, + projectWorkspacePath: projectRoot, + projectBindingRequired: false, + setup: { + commands: [{ label: "Install", command: "npm", cwd: join(projectRoot, "tools") }], + }, + store: memoryStore(), + spawn: successfulSpawn(), + }), + ).rejects.toMatchObject({ + code: "REQUEST_INVALID", + message: expect.stringContaining("Non-project setup cannot run inside project workspace"), + }); + } finally { + rmSync(projectRoot, { recursive: true, force: true }); + } + }); +}); + +function caplet(command: string, args: string[]): CapletConfig { + return { + server: "ast-grep", + backend: "mcp", + name: "ast-grep", + description: "Structural search", + transport: "stdio", + command: "ast-grep-mcp", + startupTimeoutMs: 10, + callTimeoutMs: 10, + toolCacheTtlMs: 10, + disabled: false, + setup: { commands: [{ label: "Install", command, args }] }, + }; +} + +function successfulSpawn(): SetupSpawn { + return async () => ({ exitCode: 0, stdout: "ok", stderr: "", durationMs: 1 }); +} + +function memoryStore() { + const attempts: SetupAttempt[] = []; + return { + attempts, + retention: () => ({ maxAttempts: 3, days: 7 }), + recordAttempt: async (attempt: SetupAttempt) => { + attempts.push(attempt); + }, + }; +} + +function attempt(index: number): SetupAttempt { + return { + attemptId: `attempt-${index}`, + projectFingerprint: "project", + capletId: "ast-grep", + contentHash: "hash", + setupHash: "hash", + targetKind: "local_host", + runtimeFeatures: [], + actor: "cli-yes", + status: "succeeded", + phase: "commands", + commandLabel: String(index), + argv: ["true"], + exitCode: 0, + durationMs: 1, + startedAt: new Date(Date.now() + index).toISOString(), + finishedAt: new Date(Date.now() + index).toISOString(), + stdout: "", + stderr: "", + redacted: false, + retention: { maxAttempts: 3, days: 7 }, + }; +} diff --git a/packages/opencode/README.md b/packages/opencode/README.md index af04172..5a37e1f 100644 --- a/packages/opencode/README.md +++ b/packages/opencode/README.md @@ -18,21 +18,22 @@ rebuilt from current Caplets state for the tools registered when the plugin load current plugin API snapshots `Hooks.tool` at plugin load, so adding, removing, or renaming native tools still requires restarting OpenCode; newly added tools are not advertised until restart. -## Remote Caplets service +## Remote Selection -By default the plugin reads local Caplets config. To use a remote `caplets serve --transport http` service, set environment variables: +By default the plugin reads local Caplets config. Use `CAPLETS_MODE` and `CAPLETS_REMOTE_*` to select local, self-hosted remote, or Caplets Cloud behavior: ```sh -CAPLETS_MODE=remote CAPLETS_SERVER_URL=http://127.0.0.1:5387/caplets opencode +CAPLETS_MODE=local opencode +CAPLETS_MODE=remote CAPLETS_REMOTE_URL=https://caplets.example.com/caplets opencode +CAPLETS_MODE=cloud CAPLETS_REMOTE_URL=https://cloud.caplets.dev opencode ``` -For authenticated remote services, keep the password in the environment: +Run `caplets cloud auth login` before Cloud mode. For authenticated self-hosted remotes, keep credentials in the environment: ```sh CAPLETS_MODE=remote \ -CAPLETS_SERVER_URL=https://caplets.example.com/caplets \ -CAPLETS_SERVER_USER=caplets \ -CAPLETS_SERVER_PASSWORD=... \ +CAPLETS_REMOTE_URL=https://caplets.example.com/caplets \ +CAPLETS_REMOTE_TOKEN=... \ opencode ``` @@ -58,4 +59,4 @@ export default { }; ``` -Plugin config overrides environment variables. The explicit config shape is `{ mode, server: { url, user }, remote: { pollIntervalMs } }`. Prefer `CAPLETS_SERVER_PASSWORD` for the Basic Auth password unless your OpenCode setup provides secure secret storage. +Plugin config overrides environment variables. The explicit config shape is `{ mode, server: { url, user }, remote: { pollIntervalMs } }`. Prefer `CAPLETS_REMOTE_TOKEN` or `CAPLETS_REMOTE_PASSWORD` for self-hosted credentials unless your OpenCode setup provides secure secret storage. diff --git a/packages/opencode/package.json b/packages/opencode/package.json index 2a80f31..b9aa547 100644 --- a/packages/opencode/package.json +++ b/packages/opencode/package.json @@ -38,10 +38,10 @@ }, "devDependencies": { "@types/node": "^25.9.1", - "@typescript/native-preview": "7.0.0-dev.20260527.2", + "@typescript/native-preview": "7.0.0-dev.20260603.1", "rolldown": "^1.0.3", "typescript": "^6.0.3", - "vitest": "^4.1.7" + "vitest": "^4.1.8" }, "peerDependencies": { "@opencode-ai/plugin": ">=1" diff --git a/packages/opencode/test/opencode.test.ts b/packages/opencode/test/opencode.test.ts index 574f727..660d8be 100644 --- a/packages/opencode/test/opencode.test.ts +++ b/packages/opencode/test/opencode.test.ts @@ -214,6 +214,32 @@ describe("@caplets/opencode", () => { }); }); + it("passes cloud mode config into the native service", async () => { + vi.resetModules(); + const nativeMocks = { + createNativeCapletsService: vi.fn(() => ({ + listTools: () => [], + execute: vi.fn(async () => ({})), + reload: vi.fn(async () => true), + onToolsChanged: vi.fn(() => () => {}), + close: vi.fn(async () => {}), + })), + registerNativeCapletsProcessCleanup: vi.fn(), + }; + vi.doMock("@caplets/core/native", () => nativeMocks); + const plugin = (await import("../src/index")).default; + + await plugin( + {} as never, + { mode: "cloud", server: { url: "https://cloud.caplets.dev" } } as never, + ); + + expect(nativeMocks.createNativeCapletsService).toHaveBeenCalledWith({ + mode: "cloud", + server: { url: "https://cloud.caplets.dev" }, + }); + }); + it("awaits initial native service reload before creating hooks", async () => { vi.resetModules(); const tools = [ diff --git a/packages/pi/README.md b/packages/pi/README.md index 9030f54..30dc9da 100644 --- a/packages/pi/README.md +++ b/packages/pi/README.md @@ -35,19 +35,18 @@ running without `getActiveTools()` / `setActiveTools()`, stale tools may remain Pi reloads extensions or restarts, but calls to removed Caplets return Caplets' normal structured "server not found" error. -## Remote Caplets service +## Remote Selection -By default the extension uses the local Caplets native service. To connect Pi to a remote -`caplets serve --transport http` service, prefer environment variables for connection details, -especially the password: +By default the extension uses the local Caplets native service. Use `CAPLETS_MODE` and `CAPLETS_REMOTE_*` to select local, self-hosted remote, or Caplets Cloud behavior: ```sh -export CAPLETS_MODE="remote" -export CAPLETS_SERVER_URL="https://caplets.example.com/caplets" -export CAPLETS_SERVER_USER="caplets" -export CAPLETS_SERVER_PASSWORD="..." # or load from your shell/secret manager +CAPLETS_MODE=local pi +CAPLETS_MODE=remote CAPLETS_REMOTE_URL=https://caplets.example.com/caplets pi +CAPLETS_MODE=cloud CAPLETS_REMOTE_URL=https://cloud.caplets.dev pi ``` +Run `caplets cloud auth login` before Cloud mode. For authenticated self-hosted remotes, prefer `CAPLETS_REMOTE_TOKEN`, or `CAPLETS_REMOTE_USER` plus `CAPLETS_REMOTE_PASSWORD`, from your shell or secret manager. + Pi currently calls extension factories with the Pi API only, so this extension reads its remote settings from the top-level `caplets` key in `~/.pi/agent/settings.json` when no programmatic options are supplied: @@ -97,5 +96,5 @@ export default createCapletsPiExtension({ ``` The explicit config shape is `{ mode, server: { url, user }, remote: { pollIntervalMs } }`. -Prefer environment variables for `CAPLETS_SERVER_PASSWORD` rather than storing passwords in +Prefer environment variables for `CAPLETS_REMOTE_TOKEN` or `CAPLETS_REMOTE_PASSWORD` rather than storing passwords in settings files or source code. diff --git a/packages/pi/package.json b/packages/pi/package.json index 4f37e83..afdf059 100644 --- a/packages/pi/package.json +++ b/packages/pi/package.json @@ -38,10 +38,10 @@ }, "devDependencies": { "@types/node": "^25.9.1", - "@typescript/native-preview": "7.0.0-dev.20260527.2", + "@typescript/native-preview": "7.0.0-dev.20260603.1", "rolldown": "^1.0.3", "typescript": "^6.0.3", - "vitest": "^4.1.7" + "vitest": "^4.1.8" }, "peerDependencies": { "@earendil-works/pi-coding-agent": "*", diff --git a/packages/pi/src/index.ts b/packages/pi/src/index.ts index 472d240..3b7aff4 100644 --- a/packages/pi/src/index.ts +++ b/packages/pi/src/index.ts @@ -267,7 +267,9 @@ function parsePiNativeOptions( const result: PiCapletsSettings = {}; const mode = (value as Record).mode; if (mode !== undefined) { - if (mode !== "auto" && mode !== "local" && mode !== "remote") return undefined; + if (mode !== "auto" && mode !== "local" && mode !== "remote" && mode !== "cloud") { + return undefined; + } result.mode = mode; } const statusWidget = (value as Record).statusWidget; @@ -358,6 +360,7 @@ function shouldShowStatusWidget( } return ( options.mode === "remote" || + options.mode === "cloud" || !!options.server?.url || process.env.CAPLETS_SERVER_URL !== undefined ); diff --git a/packages/pi/test/pi.test.ts b/packages/pi/test/pi.test.ts index c772386..544e69d 100644 --- a/packages/pi/test/pi.test.ts +++ b/packages/pi/test/pi.test.ts @@ -980,6 +980,28 @@ describe("@caplets/pi", () => { }); }); + it("loads cloud mode from Pi settings", async () => { + const service = mockService([]); + nativeMocks.createNativeCapletsService.mockReturnValueOnce(service); + fsMocks.readFile.mockImplementation(async (path: string) => + path.includes(".pi/agent/settings.json") + ? JSON.stringify({ + caplets: { mode: "cloud", server: { url: "https://cloud.caplets.dev" } }, + }) + : Promise.reject(Object.assign(new Error("missing"), { code: "ENOENT" })), + ); + const { api } = mockPiApi(); + + await capletsPiExtension(api as unknown as PiExtensionApi); + + expect(nativeMocks.createNativeCapletsService).toHaveBeenCalledWith( + expect.objectContaining({ + mode: "cloud", + server: { url: "https://cloud.caplets.dev" }, + }), + ); + }); + it("ignores package entry args and uses empty settings without top-level caplets config", async () => { const service = mockService([]); nativeMocks.createNativeCapletsService.mockReturnValueOnce(service); diff --git a/plugins/caplets/.claude-plugin/plugin.json b/plugins/caplets/.claude-plugin/plugin.json deleted file mode 100644 index 79da695..0000000 --- a/plugins/caplets/.claude-plugin/plugin.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "name": "caplets", - "version": "0.17.9", - "description": "Expose configured Caplets as progressive-disclosure tools in Claude Code.", - "author": { - "name": "Spirit-Led Software LLC" - }, - "homepage": "https://github.com/spiritledsoftware/caplets#readme", - "repository": "https://github.com/spiritledsoftware/caplets", - "license": "MIT", - "keywords": ["caplets", "mcp", "claude-code", "tools"], - "skills": "./skills/", - "mcpServers": "./mcp.json" -} diff --git a/plugins/caplets/.codex-plugin/plugin.json b/plugins/caplets/.codex-plugin/plugin.json deleted file mode 100644 index 05b1298..0000000 --- a/plugins/caplets/.codex-plugin/plugin.json +++ /dev/null @@ -1,28 +0,0 @@ -{ - "name": "caplets", - "version": "0.17.9", - "description": "Expose configured Caplets as progressive-disclosure tools in Codex.", - "author": { - "name": "Spirit-Led Software LLC" - }, - "homepage": "https://github.com/spiritledsoftware/caplets#readme", - "repository": "https://github.com/spiritledsoftware/caplets", - "license": "MIT", - "keywords": ["caplets", "mcp", "codex", "tools"], - "skills": "./skills/", - "mcpServers": "./mcp.json", - "interface": { - "displayName": "Caplets", - "shortDescription": "Progressive disclosure for Caplets tools.", - "longDescription": "Use Caplets to discover and call configured MCP, OpenAPI, GraphQL, HTTP, and CLI tools without flattening every downstream tool into context.", - "developerName": "Spirit-Led Software LLC", - "category": "Developer Tools", - "capabilities": ["MCP", "Tools"], - "composerIcon": "./assets/icon.png", - "websiteURL": "https://github.com/spiritledsoftware/caplets", - "defaultPrompt": [ - "Use Caplets to discover configured capability domains via progressive discovery before calling downstream tools." - ], - "brandColor": "#E0582F" - } -} diff --git a/plugins/caplets/mcp.json b/plugins/caplets/mcp.json deleted file mode 100644 index 399fe48..0000000 --- a/plugins/caplets/mcp.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "mcpServers": { - "caplets": { - "command": "caplets", - "args": ["serve"] - } - } -} diff --git a/plugins/caplets/skills/caplets/SKILL.md b/plugins/caplets/skills/caplets/SKILL.md deleted file mode 100644 index 95315db..0000000 --- a/plugins/caplets/skills/caplets/SKILL.md +++ /dev/null @@ -1,48 +0,0 @@ ---- -name: caplets -description: Use Caplets to discover and call configured external tools through progressive disclosure before using downstream MCP, API, or CLI capabilities. -when_to_use: Trigger when the user asks to use an integration, inspect available tools, call a configured service, query external information, access an MCP/OpenAPI/GraphQL/HTTP backend, run curated repository commands, or use a capability that may not appear as a direct top-level tool. Do not use for ordinary local code edits that only need built-in file, shell, or search tools. ---- - -# Caplets - -Use Caplets before searching for or calling downstream tools exposed through configured Caplets backends, including MCP servers, OpenAPI services, GraphQL endpoints, HTTP endpoints, external information services, project systems, source-control systems, or curated CLI commands. - -Caplets exposes progressive discovery operations instead of flattening every downstream tool into the agent context. Start with the configured capability domain, inspect only what you need, then call the specific downstream tool. - -## Trigger Heuristics - -- Use this skill when the user mentions Caplets, configured tools, MCP, OpenAPI, GraphQL, HTTP tools, external information, project systems, source-control systems, or other installed integration domains. -- Use this skill when the task needs a capability that may exist behind Caplets but is not directly available as a top-level tool. -- Use this skill before broad tool discovery so you can search Caplets capability domains first. -- Skip this skill for normal local code edits, file reads, shell commands, or repository searches that do not need an external or configured Caplets backend. - -## Workflow - -1. Read the caplet card with `get_caplet` when you need to understand what a configured Caplet provides. -2. Check backend availability with `check_backend` or the equivalent operation before relying on a backend. -3. Discover tools with `list_tools` or `search_tools`. -4. Inspect a downstream tool schema with `get_tool` before calling it. -5. Call downstream tools with `call_tool`, putting downstream inputs inside the top-level `arguments` object. - -## Guidance - -- Prefer `search_tools` when you know the capability you need. -- Prefer `list_tools` when exploring a small or unfamiliar Caplet. -- Keep downstream arguments nested under `arguments`; do not put downstream fields at the top level. -- Request only the output fields needed when the Caplet supports field selection. -- Treat Caplet backends as live integrations: handle unavailable services, auth failures, validation errors, and partial responses explicitly. -- Avoid loading broad tool lists unless the user task requires exploration. -- When Caplets is configured as a remote MCP HTTP service, treat connection/auth failures as remote-service issues and ask the user to verify `CAPLETS_SERVER_URL`, Basic Auth credentials, and that `caplets serve --transport http` is running. - -## Example - -```json -{ - "operation": "call_tool", - "tool": "example_tool", - "arguments": { - "query": "what the user needs" - } -} -``` diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 77edf9f..5d586d3 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -12,29 +12,29 @@ importers: specifier: ^2.31.0 version: 2.31.0(@types/node@25.9.1) '@cloudflare/workers-types': - specifier: ^4.20260529.1 - version: 4.20260529.1 + specifier: ^4.20260603.1 + version: 4.20260603.1 '@types/node': specifier: ^25.9.1 version: 25.9.1 '@typescript/native-preview': - specifier: 7.0.0-dev.20260527.2 - version: 7.0.0-dev.20260527.2 + specifier: 7.0.0-dev.20260603.1 + version: 7.0.0-dev.20260603.1 alchemy: - specifier: 0.93.9 - version: 0.93.9(vite@7.3.3(@types/node@25.9.1)(jiti@2.7.0)(lightningcss@1.32.0)(tsx@4.22.3)(yaml@2.9.0))(workerd@1.20260526.1) + specifier: 0.93.10 + version: 0.93.10(vite@8.0.16(@types/node@25.9.1)(esbuild@0.28.0)(jiti@2.7.0)(tsx@4.22.4)(yaml@2.9.0))(workerd@1.20260601.1) husky: specifier: ^9.1.7 version: 9.1.7 lint-staged: - specifier: ^17.0.5 - version: 17.0.5 + specifier: ^17.0.7 + version: 17.0.7 oxfmt: - specifier: ^0.52.0 - version: 0.52.0 + specifier: ^0.53.0 + version: 0.53.0 oxlint: - specifier: ^1.67.0 - version: 1.67.0 + specifier: ^1.68.0 + version: 1.68.0 prettier-plugin-astro: specifier: ^0.14.1 version: 0.14.1 @@ -42,8 +42,8 @@ importers: specifier: ^1.0.3 version: 1.0.3 tsx: - specifier: ^4.22.3 - version: 4.22.3 + specifier: ^4.22.4 + version: 4.22.4 turbo: specifier: ^2.9.16 version: 2.9.16 @@ -51,8 +51,8 @@ importers: specifier: ^6.0.3 version: 6.0.3 vitest: - specifier: ^4.1.7 - version: 4.1.7(@types/node@25.9.1)(vite@7.3.3(@types/node@25.9.1)(jiti@2.7.0)(lightningcss@1.32.0)(tsx@4.22.3)(yaml@2.9.0)) + specifier: ^4.1.8 + version: 4.1.8(@types/node@25.9.1)(vite@8.0.16(@types/node@25.9.1)(esbuild@0.28.0)(jiti@2.7.0)(tsx@4.22.4)(yaml@2.9.0)) apps/landing: dependencies: @@ -64,16 +64,20 @@ importers: version: 4.2.0 '@tailwindcss/vite': specifier: ^4.3.0 - version: 4.3.0(vite@7.3.3(@types/node@25.9.1)(jiti@2.7.0)(lightningcss@1.32.0)(tsx@4.22.3)(yaml@2.9.0)) + version: 4.3.0(vite@7.3.5(@types/node@25.9.1)(jiti@2.7.0)(lightningcss@1.32.0)(tsx@4.22.4)(yaml@2.9.0)) astro: - specifier: ^6.4.2 - version: 6.4.2(@types/node@25.9.1)(aws4fetch@1.0.20)(jiti@2.7.0)(lightningcss@1.32.0)(rollup@4.60.4)(tsx@4.22.3)(yaml@2.9.0) + specifier: ^6.4.3 + version: 6.4.3(@types/node@25.9.1)(aws4fetch@1.0.20)(jiti@2.7.0)(lightningcss@1.32.0)(rollup@4.61.0)(tsx@4.22.4)(yaml@2.9.0) tailwindcss: specifier: ^4.3.0 version: 4.3.0 typescript: specifier: ^6.0.3 version: 6.0.3 + devDependencies: + vite: + specifier: ^7.3.5 + version: 7.3.5(@types/node@25.9.1)(jiti@2.7.0)(lightningcss@1.32.0)(tsx@4.22.4)(yaml@2.9.0) packages/benchmarks: dependencies: @@ -88,8 +92,8 @@ importers: specifier: ^25.9.1 version: 25.9.1 '@typescript/native-preview': - specifier: 7.0.0-dev.20260527.2 - version: 7.0.0-dev.20260527.2 + specifier: 7.0.0-dev.20260603.1 + version: 7.0.0-dev.20260603.1 caplets: specifier: workspace:* version: link:../cli @@ -97,8 +101,8 @@ importers: specifier: ^6.0.3 version: 6.0.3 vitest: - specifier: ^4.1.7 - version: 4.1.7(@types/node@25.9.1)(vite@7.3.3(@types/node@25.9.1)(jiti@2.7.0)(lightningcss@1.32.0)(tsx@4.22.3)(yaml@2.9.0)) + specifier: ^4.1.8 + version: 4.1.8(@types/node@25.9.1)(vite@8.0.16(@types/node@25.9.1)(esbuild@0.28.0)(jiti@2.7.0)(tsx@4.22.4)(yaml@2.9.0)) packages/cli: dependencies: @@ -113,8 +117,8 @@ importers: specifier: ^25.9.1 version: 25.9.1 '@typescript/native-preview': - specifier: 7.0.0-dev.20260527.2 - version: 7.0.0-dev.20260527.2 + specifier: 7.0.0-dev.20260603.1 + version: 7.0.0-dev.20260603.1 rolldown: specifier: ^1.0.3 version: 1.0.3 @@ -122,8 +126,8 @@ importers: specifier: ^6.0.3 version: 6.0.3 vitest: - specifier: ^4.1.7 - version: 4.1.7(@types/node@25.9.1)(vite@7.3.3(@types/node@25.9.1)(jiti@2.7.0)(lightningcss@1.32.0)(tsx@4.22.3)(yaml@2.9.0)) + specifier: ^4.1.8 + version: 4.1.8(@types/node@25.9.1)(vite@8.0.16(@types/node@25.9.1)(esbuild@0.28.0)(jiti@2.7.0)(tsx@4.22.4)(yaml@2.9.0)) packages/core: dependencies: @@ -143,8 +147,8 @@ importers: specifier: ^15.0.0 version: 15.0.0 graphql: - specifier: ^16.14.0 - version: 16.14.0 + specifier: ^16.14.1 + version: 16.14.1 hono: specifier: ^4.12.23 version: 4.12.23 @@ -165,8 +169,8 @@ importers: specifier: ^25.9.1 version: 25.9.1 '@typescript/native-preview': - specifier: 7.0.0-dev.20260527.2 - version: 7.0.0-dev.20260527.2 + specifier: 7.0.0-dev.20260603.1 + version: 7.0.0-dev.20260603.1 rolldown: specifier: ^1.0.3 version: 1.0.3 @@ -174,8 +178,8 @@ importers: specifier: ^6.0.3 version: 6.0.3 vitest: - specifier: ^4.1.7 - version: 4.1.7(@types/node@25.9.1)(vite@7.3.3(@types/node@25.9.1)(jiti@2.7.0)(lightningcss@1.32.0)(tsx@4.22.3)(yaml@2.9.0)) + specifier: ^4.1.8 + version: 4.1.8(@types/node@25.9.1)(vite@8.0.16(@types/node@25.9.1)(esbuild@0.28.0)(jiti@2.7.0)(tsx@4.22.4)(yaml@2.9.0)) packages/opencode: dependencies: @@ -184,14 +188,14 @@ importers: version: link:../core '@opencode-ai/plugin': specifier: '>=1' - version: 1.15.10 + version: 1.15.13 devDependencies: '@types/node': specifier: ^25.9.1 version: 25.9.1 '@typescript/native-preview': - specifier: 7.0.0-dev.20260527.2 - version: 7.0.0-dev.20260527.2 + specifier: 7.0.0-dev.20260603.1 + version: 7.0.0-dev.20260603.1 rolldown: specifier: ^1.0.3 version: 1.0.3 @@ -199,8 +203,8 @@ importers: specifier: ^6.0.3 version: 6.0.3 vitest: - specifier: ^4.1.7 - version: 4.1.7(@types/node@25.9.1)(vite@7.3.3(@types/node@25.9.1)(jiti@2.7.0)(lightningcss@1.32.0)(tsx@4.22.3)(yaml@2.9.0)) + specifier: ^4.1.8 + version: 4.1.8(@types/node@25.9.1)(vite@8.0.16(@types/node@25.9.1)(esbuild@0.28.0)(jiti@2.7.0)(tsx@4.22.4)(yaml@2.9.0)) packages/pi: dependencies: @@ -209,17 +213,17 @@ importers: version: link:../core '@earendil-works/pi-coding-agent': specifier: '*' - version: 0.75.5(@modelcontextprotocol/sdk@1.29.0(zod@4.4.3))(ws@8.21.0)(zod@4.4.3) + version: 0.78.0(@modelcontextprotocol/sdk@1.29.0(zod@4.4.3))(ws@8.21.0)(zod@4.4.3) '@earendil-works/pi-tui': specifier: '*' - version: 0.75.5 + version: 0.78.0 devDependencies: '@types/node': specifier: ^25.9.1 version: 25.9.1 '@typescript/native-preview': - specifier: 7.0.0-dev.20260527.2 - version: 7.0.0-dev.20260527.2 + specifier: 7.0.0-dev.20260603.1 + version: 7.0.0-dev.20260603.1 rolldown: specifier: ^1.0.3 version: 1.0.3 @@ -227,8 +231,8 @@ importers: specifier: ^6.0.3 version: 6.0.3 vitest: - specifier: ^4.1.7 - version: 4.1.7(@types/node@25.9.1)(vite@7.3.3(@types/node@25.9.1)(jiti@2.7.0)(lightningcss@1.32.0)(tsx@4.22.3)(yaml@2.9.0)) + specifier: ^4.1.8 + version: 4.1.8(@types/node@25.9.1)(vite@8.0.16(@types/node@25.9.1)(esbuild@0.28.0)(jiti@2.7.0)(tsx@4.22.4)(yaml@2.9.0)) packages: @@ -319,130 +323,134 @@ packages: resolution: {integrity: sha512-u+NT61JZEkRFtpL0CAw1N1dwxnaLgwVXQl/zjJxTGgLyS/jTIdg2SdoEoCTHxgDyCnqa1HEi9QOoE9/pYRNpOQ==} engines: {node: '>=20.0.0'} - '@aws-sdk/client-cognito-identity@3.1056.0': - resolution: {integrity: sha512-Fywg6+B39uGiYZRYFEsOXbIeHQ8wvtMqlt6FUwWev8N2H+V0pVdgCKn32pSOzud1i17wnm5gpB2VXZEoyVHc2A==} - engines: {node: '>=20.0.0'} - - '@aws-sdk/core@3.974.13': - resolution: {integrity: sha512-+Y5/4tHki0uYgyx8eun146DegRVQBpdKGK5RbV0FTKJPpaKTchvqVxrrRFK6Wk0JksO4iAZKw3eqxGEIwtO98w==} + '@aws-sdk/client-cognito-identity@3.1060.0': + resolution: {integrity: sha512-JS3YVzOnwLYD+OzAYVXVrP/IzaQrW8c9c/pI2eehsltvqSrl9pyNu5RzcgAxy79zHwv5f21j6FBWcgQ7Bj9eHA==} engines: {node: '>=20.0.0'} '@aws-sdk/core@3.974.15': resolution: {integrity: sha512-UpA0rTGW/tHGITcCqHisbuuEPraYg9GG+mWmXjY5+RxZBMLGe6aL9oe0ix50LztwAcPIkGZLH0yWdMIkCM10hw==} engines: {node: '>=20.0.0'} - '@aws-sdk/credential-provider-cognito-identity@3.972.38': - resolution: {integrity: sha512-OHkK6xOx/IHkSbQdDWxnVCLU+j28EFl8wyWgBILQDFAPY8n240C/O4gjmFx+zFU12lL8njgJQ5GWAIWq88CnSQ==} + '@aws-sdk/core@3.974.17': + resolution: {integrity: sha512-r8o4h2K7j6P9ngno+8ei0aK0U/4JwDb7A2fMMxGVoSqDN8AFlIzSDeZHME9LcVLR2codyhtr1WAAg+/nmkeeMA==} engines: {node: '>=20.0.0'} - '@aws-sdk/credential-provider-env@3.972.39': - resolution: {integrity: sha512-29wX9zpAvEt1vcj0psha+y6ygBHy2V/S72mp6e7q0KARLWXq+pwE/lR6qGkwknQvruh52lXvlqZIga8Hdxkucw==} + '@aws-sdk/credential-provider-cognito-identity@3.972.40': + resolution: {integrity: sha512-viZSv9qWrcfWvpnhy8FPQ5y0ee4TiCOX/xM8LSQXR+xJn0P4DV7B+XwXfOZ+Ik3+yQ/aO69qVnngEpXExAwizA==} engines: {node: '>=20.0.0'} '@aws-sdk/credential-provider-env@3.972.41': resolution: {integrity: sha512-n1EbJ98yvPWWdHZZv8bRBMqqDQJrtgtxyJ4xLy2Uqrh25BCOZQ7nnS1CsFXvuH8r0b0KVHDZEGEH5FxmEMP8jg==} engines: {node: '>=20.0.0'} - '@aws-sdk/credential-provider-http@3.972.41': - resolution: {integrity: sha512-IA3CQTjtJkb6u1H4mE4936c8OPBMa9Jggtwe8U2Mqw/vvb/tZ5Ebd0mcZcX0uKWQhOyYo/+qNIwkV5Xh+FeJJA==} + '@aws-sdk/credential-provider-env@3.972.43': + resolution: {integrity: sha512-g0XVQKzaA/4cq1vz1IvCQwYM+1Pkv01J9yHDpCTXekVuGZRDEz0wqBQ1AuYTq7FM6uik4uBGH8Tb5d9YvgeA7g==} engines: {node: '>=20.0.0'} '@aws-sdk/credential-provider-http@3.972.43': resolution: {integrity: sha512-TT76RN1NkI9WoyZqCNxOw6/WBMF7pYOTJcXbMokNFU+euSG40Kaf/t/FhDACVZWP+43wEM6ZynIPIkzS1wR1iA==} engines: {node: '>=20.0.0'} - '@aws-sdk/credential-provider-ini@3.972.43': - resolution: {integrity: sha512-4mzII+3mZEVXXE1xzrLQrCJL7/r62A63bA6SVzZoNL5rqCJghpf+xgGltVrIBBs0n+mOZBKrQl2tRREtvZ5l6A==} + '@aws-sdk/credential-provider-http@3.972.45': + resolution: {integrity: sha512-w9PuOoKCt6+xoESvY+zlV0u3PKQ0mVL259PcsVR6a3S/uYJJHnIi4r1NxdJHEcNldUVRIciltWnFMGBR4YEm3g==} engines: {node: '>=20.0.0'} - '@aws-sdk/credential-provider-ini@3.972.45': - resolution: {integrity: sha512-sJe5ZWibO4s7RWjFQ8Zol76KxoJcIYyEZH1/wxQSBMSIAAxzaJ8cS/ITAaIHWUQvDKQdt18+cJAHKWB7n1Jmrg==} + '@aws-sdk/credential-provider-ini@3.972.46': + resolution: {integrity: sha512-hvcgcwOiS0nb2XFb5Op1Pz/vYaWz5K8kKullziGpdNRuG0NwzRXseuPt2CoBqknHGaSPVesu1aOn2OcctEYdCA==} engines: {node: '>=20.0.0'} - '@aws-sdk/credential-provider-login@3.972.43': - resolution: {integrity: sha512-HG7kQCwXtbv3oBV61Ins0oNX8KKyvrMqqRkb6ZiAfQHbMuHaiNaEb2KnpKLPkNpqImSBK82UkVE/kaY6IfWikA==} + '@aws-sdk/credential-provider-ini@3.972.48': + resolution: {integrity: sha512-+6BQ6Lrnc+EyAGElLRW6j+Sa+RirPHnIJsobvYO6nnyK+oGKmz1ne/ieclbLWyjyDKEU3/JVJWcWY3VLFPvGtQ==} engines: {node: '>=20.0.0'} '@aws-sdk/credential-provider-login@3.972.45': resolution: {integrity: sha512-MZQv4SNjByk1iOKmrqmzcUF/uCB05wjvEHyXKxmGQTUANTIVayX6HPUF0bzkWLvtnkH7sAn9kUCfkXbSpj9sDA==} engines: {node: '>=20.0.0'} - '@aws-sdk/credential-provider-node@3.972.44': - resolution: {integrity: sha512-sDaBIT0yrNNIPfvlsiTCmANm07zKju+ipWODjEXgZlsjMeIJR3LVp7RDyAOzUoAsTbDfYKDWp+i5WrFiQP6rmQ==} + '@aws-sdk/credential-provider-login@3.972.47': + resolution: {integrity: sha512-Iy2ebWVgrZBH05464uJiQYu6HSSiROnwVZptthEFXx2gWjo1ORCxEAFZB5Cr2MdfrSnZ+0QUPkZ1ZpCqpkUrLQ==} engines: {node: '>=20.0.0'} - '@aws-sdk/credential-provider-node@3.972.46': - resolution: {integrity: sha512-cS4w0jzDRb1jOlkiJS3y80OxddHzkky/MN9k3NYs5jganNKVLjF0lpvjlwS118oGMr3cdAfOlVdo8gLurTSE7w==} + '@aws-sdk/credential-provider-node@3.972.47': + resolution: {integrity: sha512-HrId+C0DWA5qDIyLG64/kjUB2RNtPypxmABnIctK+TA1P1kHlOYoE/Wf5T5tKOMKgb08P7k/zNyhvfJ3lh5Oag==} engines: {node: '>=20.0.0'} - '@aws-sdk/credential-provider-process@3.972.39': - resolution: {integrity: sha512-2k/amBifLd75eXNwgvPw/2lKYSQ3NhvHQgkVKVjfUq13/eJ3JRtHmznuFenn74OK3sSfp4SMy1YB2w+UVXoKqA==} + '@aws-sdk/credential-provider-node@3.972.50': + resolution: {integrity: sha512-b05Aelq5cqAvCCDQjCYacl0XmR8QhBNSqLbsdISkQmlQBa5oPS66zYPteWcSp5LswbpoIe552EUGjluKiadBig==} engines: {node: '>=20.0.0'} '@aws-sdk/credential-provider-process@3.972.41': resolution: {integrity: sha512-7I/n1zkysouLOWvkEhjNEP4vMnD2v4kzzr3/3QBdrripEpn7ap1/I5DF3Hou1SUqkKWo1f3oPGMyFAA1FAMvsQ==} engines: {node: '>=20.0.0'} - '@aws-sdk/credential-provider-sso@3.972.43': - resolution: {integrity: sha512-LPc3+Y4vhH1T4x6CMqwCM6hk5+SRf/Lwmgm8INm95wxTtIRHcMwQUVkDzWu4Iw/RSncxYM2BC01OrYbxOPZvyg==} + '@aws-sdk/credential-provider-process@3.972.43': + resolution: {integrity: sha512-GPokLNyvTfCmuaHk+v3GKVs4ZT3cMu5kgS2a+NPkOMt96cq6fSIK0g+mZHpGS6Cd4QGrPKesANEaLUKgOskTzg==} engines: {node: '>=20.0.0'} '@aws-sdk/credential-provider-sso@3.972.45': resolution: {integrity: sha512-oHgbz/eFD8IKiksqDsz9ZMU4A59BpQq4QwJedBnGD80ZqYcHPPHZBwjBnxLVkB7iRVVHWpDclR8yWdD2PkQIUA==} engines: {node: '>=20.0.0'} - '@aws-sdk/credential-provider-web-identity@3.972.43': - resolution: {integrity: sha512-wQtL34lUD/09VXjwAUo2T+I3aEXRDxMB3DKmTJL/Zj0Gi6sLDTrVhae1XVt01yzkquOWajI/sZW72JGDZ1ciTw==} + '@aws-sdk/credential-provider-sso@3.972.47': + resolution: {integrity: sha512-0AzvLrzlvJs0DzbeWGvNj+bX3Uzd7VNS6vDqCOdZzBlCGKGd78uxctJSW9iK/Rt/nxiJqpTvrYQlVJ4guVM2Dw==} engines: {node: '>=20.0.0'} '@aws-sdk/credential-provider-web-identity@3.972.45': resolution: {integrity: sha512-CDhzKdb2onv5bpnjn/acgdNmJOQthPDLsPizU7rZflsEcgMMp8Mlri+U5hdxf8ldvZJpvM3vLU6D56vfJm5AMQ==} engines: {node: '>=20.0.0'} - '@aws-sdk/credential-providers@3.1056.0': - resolution: {integrity: sha512-Qp7ndCG+dZldiaURze6BM/dLkHQJxwi6WNRR1sR9lhX9jS9QG5ZIOiY3jm6T668vgGqHuNQS7r/P9pimxnHyyg==} + '@aws-sdk/credential-provider-web-identity@3.972.47': + resolution: {integrity: sha512-eksfbUErOejUAGWBAcNqaP7IX21oUOEo73d9R56k9Ua4d57qS90NEYkWJsuSGzTXMFulCu17qXJI/qGmM7hvoA==} engines: {node: '>=20.0.0'} - '@aws-sdk/eventstream-handler-node@3.972.17': - resolution: {integrity: sha512-WFwdNcjchKZr7jKYgGimUZO8sSKQF/le7GGqgeCzz/lHozInE6b0gFJ1YMr8NaIeAoWJwgtrF7RE4/qMgosAdQ==} + '@aws-sdk/credential-providers@3.1060.0': + resolution: {integrity: sha512-fcazJa+YQTJo+Cxc8K7IOTHpEzc2vUBKnchjNpqr9rLcTKGXajl3U0SByi4YDo89AC4WP2d6LqQaTNysuWMNhA==} engines: {node: '>=20.0.0'} - '@aws-sdk/middleware-eventstream@3.972.13': - resolution: {integrity: sha512-ECfsw7mf6G/sxNbKbGE3/h1xeIArY/yRI1IjDGYkLgDIankh+aDOtDRSr40LVlIHGL9+jEH1cVuxmbJ8NLL/1A==} + '@aws-sdk/eventstream-handler-node@3.972.18': + resolution: {integrity: sha512-QPQhwY/fstR8fMZFWrsJRNoTP6D1RjRPHGRX7u9/VkF3opCsvD0oXPz6qzkX94SchzvuS5vyFZbJbPcMEs2Jeg==} engines: {node: '>=20.0.0'} - '@aws-sdk/middleware-websocket@3.972.21': - resolution: {integrity: sha512-yr+5+C7v9R55sAJ89A55Wrm7wIKPVn5cm6J3Hztnd5s/iwEUKxyJqCnIxJu4fVXgG9XBQD1Jc4rsWC1ozahJjA==} - engines: {node: '>= 14.0.0'} - - '@aws-sdk/nested-clients@3.997.11': - resolution: {integrity: sha512-nWXXJ1r/r8N2Gw1pWolRgED38/A9A8DHR2ETWIv220zh4PZHcybbR4hUVWWktmNXTRHzDJwRluapHn0rZxuoqA==} + '@aws-sdk/middleware-eventstream@3.972.14': + resolution: {integrity: sha512-DoZ4djVj/74XQ6M/IwxuKh543tTvLCL7u1Dx+VDHMgW9yGNrFSJJ1l0LrUQRaekic5CB12wUiiOoHL0VI6H0gg==} engines: {node: '>=20.0.0'} + '@aws-sdk/middleware-websocket@3.972.23': + resolution: {integrity: sha512-F0d4A9pJFiwljyKgSwU1Z5n+CXSv8bp+V5SthbS2rftB8wBN9z1K2Yyv3xbeK0AM2T0g4q6Ptf0shFF+oQZyiA==} + engines: {node: '>= 14.0.0'} + '@aws-sdk/nested-clients@3.997.13': resolution: {integrity: sha512-2pA6eyb5nSo/ZD2cayhOTEMoGQYgspq0RI05GDLkzQ3ajZ6isS6waV6E92Am/hz4LIlLUTrbwPLurJ/fuiHvkg==} engines: {node: '>=20.0.0'} - '@aws-sdk/signature-v4-multi-region@3.996.28': - resolution: {integrity: sha512-qs9z5LqXO/CZC2Lg9SGKpoLU8Rhi+m2pFKZqfO9pytX1clc0katqtsDNupJxFy0xT9wsZSPzM2v1y+/H/zfp5Q==} + '@aws-sdk/nested-clients@3.997.15': + resolution: {integrity: sha512-Fpri1/PXKMKveORZ7E00VLTlWS5DkfZkW70PUE+bOnpWpAeHAQLoiDHhkzN3kNWbbSsGg64+IZYiq/EZgME3Mg==} engines: {node: '>=20.0.0'} '@aws-sdk/signature-v4-multi-region@3.996.30': resolution: {integrity: sha512-HULDLMVzkmTSEv6//7kx2kRevp/VYUpm8hJNNFbmhxDn0fUiGTxVcM9yg31TukvTq8nyOBDUN2gH0o5IRbKjdw==} engines: {node: '>=20.0.0'} - '@aws-sdk/token-providers@3.1048.0': - resolution: {integrity: sha512-k0y/GcuesuSfWyUM0WamrGyeZmltRYaPbHO82UDA6mZ/doB+FOHKutikPAtSXMn/hDz970cF+iRuuiYO9VEbAA==} + '@aws-sdk/signature-v4-multi-region@3.996.31': + resolution: {integrity: sha512-Kn2up9SlG1KC6wRtwf0d7waTGF6rvp9DxYqB54x6UCKdQ6kyaXCqHL4WGb5vUJga5kS8FxnjhY0LqM28aMvnNQ==} engines: {node: '>=20.0.0'} - '@aws-sdk/token-providers@3.1052.0': - resolution: {integrity: sha512-QqZNB3so7UIDxZtroc85TQaLVxdZRFm0eWM1CSR2N+b06as9TOrilvrlTZuj3guYlxMs6yLOgGxnklJ5qMYtTw==} + '@aws-sdk/token-providers@3.1048.0': + resolution: {integrity: sha512-k0y/GcuesuSfWyUM0WamrGyeZmltRYaPbHO82UDA6mZ/doB+FOHKutikPAtSXMn/hDz970cF+iRuuiYO9VEbAA==} engines: {node: '>=20.0.0'} '@aws-sdk/token-providers@3.1056.0': resolution: {integrity: sha512-81duvlltQlsfn5K+o8zILcystBRdbT1G2JJYVCML5NZHBz4CL/zf+sAemCtBh/uh6RQUMyInGeZLQ7/8igZhbA==} engines: {node: '>=20.0.0'} + '@aws-sdk/token-providers@3.1060.0': + resolution: {integrity: sha512-6NZaMKkFhpaNiwLpHi1sZaYjidL/lCJE6ME6NxwA8gv9vQna+Kr0j4OFwVoz6tANRWM3WbGz6jiPsGX/Vkjwow==} + engines: {node: '>=20.0.0'} + + '@aws-sdk/types@3.973.10': + resolution: {integrity: sha512-992QrTO7G9qCvKD0fx1rMlqcL14plUcRAbwmqqYVsuF3GrqcvlAL9qxR+baMafarEZ+l7DUQ5lCMmt5mbMhF7g==} + engines: {node: '>=20.0.0'} + '@aws-sdk/types@3.973.9': resolution: {integrity: sha512-kuBfgQVdcz5Bmapc4A13YbpVw/pXkesfhetcFYwbntqas8sF41OHyd4o28+/TG2ZQdHBsv90Lsu5y6oitvYCdg==} engines: {node: '>=20.0.0'} @@ -451,14 +459,14 @@ packages: resolution: {integrity: sha512-WhlJNNINQB+9qtLtZJcpQdgZw3SCDCpXdUJP7cToGwHbCWCnRckGlc6Bx/OhWwIYFNAn+FIydY8SZ0QmVu3xTQ==} engines: {node: '>=20.0.0'} - '@aws-sdk/xml-builder@3.972.25': - resolution: {integrity: sha512-GH+Kjz4nPKWKHnsiQpnhP1MJdTGIcK4rAka6tzakgjjUkVgNsmPeEbbRAf09SzS1hjGu6duGHCBsxYke0BhHjQ==} - engines: {node: '>=20.0.0'} - '@aws-sdk/xml-builder@3.972.26': resolution: {integrity: sha512-cDbrqvDS73whl6YAPSPq0U6whzG6UWI9PuWh0wrUuGoZexhWEqhdunbukV7iBoaWnFV1AODutM5hOD6rtn439g==} engines: {node: '>=20.0.0'} + '@aws-sdk/xml-builder@3.972.27': + resolution: {integrity: sha512-hpsCXCOI436kxWpjtRuIHVvuPP81MOw8f18jzfZeg+UOiiOvlqWcmWChzEhJEu16cOC6+ku4ncBN+7rdt+DZ9g==} + engines: {node: '>=20.0.0'} + '@aws/lambda-invoke-store@0.2.4': resolution: {integrity: sha512-iY8yvjE0y651BixKNPgmv1WrQc+GZ142sb0z4gYnChDDY2YqI4P/jsSopBWrKfAt7LOJAkOXt7rC/hms+WclQQ==} engines: {node: '>=18.0.0'} @@ -543,12 +551,12 @@ packages: '@changesets/write@0.4.0': resolution: {integrity: sha512-CdTLvIOPiCNuH71pyDu3rA+Q0n65cmAbXnwWH84rKGiFumFzkmHNT8KHTMEchcxN+Kl8I54xGUhJ7l3E7X396Q==} - '@clack/core@1.3.1': - resolution: {integrity: sha512-fT1qHVGAag4IEkrupZ6lRRbNCs1vS9P01KB/sG8zKgvUztbYtFBtQpjSITNwooDZ83tpsPzP0mRNs1/KVszCRA==} + '@clack/core@1.4.0': + resolution: {integrity: sha512-7Wctjq6f7c1CPz8sPpkwUnz8yRgVANkpNupb81q432FjcJg4l+Sw7XANdNSdWfAKq0IHI0JTcUeK5dxs/HrGPw==} engines: {node: '>= 20.12.0'} - '@clack/prompts@1.4.0': - resolution: {integrity: sha512-S0My7XPGIgpRWMDG8uRqalbgT+a6FmCUdOW+HaIOVVpUPHOb7RrpvjTjiODadKp06fsrVDJZlIzc6yCTp4AnxA==} + '@clack/prompts@1.5.0': + resolution: {integrity: sha512-wKh+wTjmrUoUdkZg8KpJO5X+p9PWV+KE9mePseq9UYWkukgTKsGS47RRL2HstwVcvDQH+PenrPJWII8+MfiiyA==} engines: {node: '>= 20.12.0'} '@cloudflare/kv-asset-handler@0.5.0': @@ -579,8 +587,8 @@ packages: cpu: [x64] os: [darwin] - '@cloudflare/workerd-darwin-64@1.20260526.1': - resolution: {integrity: sha512-/pR3GH3gfv0PUp7DjI8v0aAIDOqFwibq4bg5xT7TZgcVdBV/cJQWckdXCMqiRtHiawLwogUX00EIOINkYJ1Zqg==} + '@cloudflare/workerd-darwin-64@1.20260601.1': + resolution: {integrity: sha512-iXZBVuRbvuVqQ/63wul01hHCv/3R8G5S8zbkjfoHvyPZFynmlKTV59Hk+H8whyGwFAZuB71UJGLr+G5mJKfjWA==} engines: {node: '>=16'} cpu: [x64] os: [darwin] @@ -591,8 +599,8 @@ packages: cpu: [arm64] os: [darwin] - '@cloudflare/workerd-darwin-arm64@1.20260526.1': - resolution: {integrity: sha512-rcyu0iANYfaiezKh3Mcao1O4IIgVfQldxduiL5TZT1sP0NIeRY4YReSTrzPxNnXxSYaIqaqRHMcHbUM/ic4knA==} + '@cloudflare/workerd-darwin-arm64@1.20260601.1': + resolution: {integrity: sha512-veGpZQGBw07Twt+Y4z3oyo+/obKHt0iWUwvDV5GOiDAYjC/zW+YGstgVzg4SHq+k1sLH3ElqL2TXx20I5WBv3Q==} engines: {node: '>=16'} cpu: [arm64] os: [darwin] @@ -603,8 +611,8 @@ packages: cpu: [x64] os: [linux] - '@cloudflare/workerd-linux-64@1.20260526.1': - resolution: {integrity: sha512-5EZAEnlLwa9oGJRo8Nd3iY5Wcd9ROGNNG90xNIGp8MEjj8v2jTn42NC47fCZKFdnLj3+S+vWEhu1x0GVJnALjA==} + '@cloudflare/workerd-linux-64@1.20260601.1': + resolution: {integrity: sha512-n/9hDz7fPGpYF0J684+Xr5zgjcS2jdmY2Of5m6e+eQ/M9+RfR+UaU8Ee/tkA1dDC0LYQB13hfPafZG66Ff1CsA==} engines: {node: '>=16'} cpu: [x64] os: [linux] @@ -615,8 +623,8 @@ packages: cpu: [arm64] os: [linux] - '@cloudflare/workerd-linux-arm64@1.20260526.1': - resolution: {integrity: sha512-X/YBQXeXFeCN7QTStoWrATEBc9WKl7PIqkw/dQkjyJ72gh3rkLe0+Xkzp3wO7gtxTDQMa7NPGy1W4+sdMf8q1g==} + '@cloudflare/workerd-linux-arm64@1.20260601.1': + resolution: {integrity: sha512-VHRZZbexATS+n+1j3x/CZaYbIJEye0J3iIHgG0Wp+l+NrZCKQ8qi8Lq1uTV0dLJQ67FuZtJtWdQ95mm9F7Fc+A==} engines: {node: '>=16'} cpu: [arm64] os: [linux] @@ -627,35 +635,35 @@ packages: cpu: [x64] os: [win32] - '@cloudflare/workerd-windows-64@1.20260526.1': - resolution: {integrity: sha512-R+tqpFFdcfZIljx8fIW9rj9fRTtDgfoA2yonsfAGa6e8snrmr+38mdFHtkRC0D3UyZpn/hOtmXiUBfdX2gMR7Q==} + '@cloudflare/workerd-windows-64@1.20260601.1': + resolution: {integrity: sha512-ye0C7MFLkeH16iTo8Tcjv2KiFmp23+sZGvUzSQa4xhP0QMe6EoJ+H/4SqqvnZ5nfN54slqKvx2VnXceENWe2CQ==} engines: {node: '>=16'} cpu: [x64] os: [win32] - '@cloudflare/workers-types@4.20260529.1': - resolution: {integrity: sha512-33n3nsaWELSgn4DLKj1X9dwZc3kVDnO+jF/hLH9fdaXG9mQzKDeUkQaVRWLJXvrPXPa9RaIuSAFO4Zh9YOqOog==} + '@cloudflare/workers-types@4.20260603.1': + resolution: {integrity: sha512-TLeVHoBbcYv35S5TdRWUoj3IJ56BhHtrsuci+O7ithU8yz7ttNdCk6rAl1QUSGNVEWSIp54bWOuV/xmX1zu79g==} '@cspotcode/source-map-support@0.8.1': resolution: {integrity: sha512-IchNf6dN4tHoMFIn/7OE8LWZ19Y6q/67Bmf6vnGREv8RSbBVb9LPJxEcnwrcwX6ixSvaiGoomAUvu4YSxXrVgw==} engines: {node: '>=12'} - '@earendil-works/pi-agent-core@0.75.5': - resolution: {integrity: sha512-LHygOgsW2pgXKb3IkXkOAeZPovHr9VF+EixgXVsDNuB4jmhEOXgshy/zksZ7slkUAx10OQ9W1Ed/2jsnhd1NqA==} + '@earendil-works/pi-agent-core@0.78.0': + resolution: {integrity: sha512-xhWd59Qzd8yO88gYQw2S4dEQstJJEiUtxRP01//YzVJ61jCtUASMfcyAmYhgGYR4Onp7GmwEAbBBGOiV6Iwk9g==} engines: {node: '>=22.19.0'} - '@earendil-works/pi-ai@0.75.5': - resolution: {integrity: sha512-zf1F5kXk1pqZeFShXOqq9ibUk8QdtRoLCDPAjO+hj44e3EUs9/GFO2qnhTC5+JA2uwVCx+WCNe1PiCjlBYWm5w==} + '@earendil-works/pi-ai@0.78.0': + resolution: {integrity: sha512-q0hUrvT6ngT6cgBX0oIbzfQfmzztgdkZobP8OTL+sCOOBlnG6+1YRt8g7zO9CC/4NdeYEqa7uGqWdQhH0fjCLA==} engines: {node: '>=22.19.0'} hasBin: true - '@earendil-works/pi-coding-agent@0.75.5': - resolution: {integrity: sha512-O3CCQDYy28D4uwtP6zZkdEwzHN6X22v49Sb0+SZTC7x37V/YfmogrWPiaFoWeoc2hmdKhSATI7ZAK5bQbJG5NA==} + '@earendil-works/pi-coding-agent@0.78.0': + resolution: {integrity: sha512-gXt6pD3BoSG0yLwfLqb6844vz6qAO87PvNrv+YSDYKP3QliTjcwIld9v4ihmDcmBjO13QwKswubq/lYCvn4bkg==} engines: {node: '>=22.19.0'} hasBin: true - '@earendil-works/pi-tui@0.75.5': - resolution: {integrity: sha512-LkXUM1/49pvzzeI39Y5wjBMlgafcCf67HCLhB9Z7yuXHy4XgT+VqxWcZVW5hBdhQsHZd0znjJotfGH1BzxMfiA==} + '@earendil-works/pi-tui@0.78.0': + resolution: {integrity: sha512-3a705FnsVVUhAyceShNB3kS2rpxcxLcx+hqB0u6MMMpHwQGbW+m++MqA6r7eOzq/8FLx5e3vDh38h/SVTk2qzw==} engines: {node: '>=22.19.0'} '@emmetio/abbreviation@2.3.3': @@ -1538,72 +1546,72 @@ packages: '@manypkg/get-packages@1.1.3': resolution: {integrity: sha512-fo+QhuU3qE/2TQMQmbVMqaQ6EWbMhi4ABWP+O4AM1NqPBuy0OrApV5LO6BrrgnhtAHS2NH6RrVk9OL181tTi8A==} - '@mariozechner/clipboard-darwin-arm64@0.3.6': - resolution: {integrity: sha512-HjaisYCAbHi/1+N1yDAQHc8ZXGffufIUT5NSOSVR3f3AuMDusxTtnbK8tZ7JFDkShua1oNGZoNwQHsc8MPtE0Q==} + '@mariozechner/clipboard-darwin-arm64@0.3.9': + resolution: {integrity: sha512-BfgV7vCEWZwJwZJw03r6bP5+tf0iI/ANuQYCxi9RNn7FrWB3yzGuMKCrNLRl6V761vXRdL8+OqZ0wd4TqlsNOQ==} engines: {node: '>= 10'} cpu: [arm64] os: [darwin] - '@mariozechner/clipboard-darwin-universal@0.3.6': - resolution: {integrity: sha512-8BWtPjOtJOJoykml3w0fx0zRrfWP31mXrJwfoA7xzNprkZw1uolCNfgmjDiVBseoKjp16EGITz7bN+61qn8dWA==} + '@mariozechner/clipboard-darwin-universal@0.3.9': + resolution: {integrity: sha512-BGGR4iA9Z2shAjI65eI5xtyb3LYNlDW9X3gxKxDbqtbnREohsrqznov6zpKoIrsRWpzlYVEdKphS7ksJ0/ndSQ==} engines: {node: '>= 10'} os: [darwin] - '@mariozechner/clipboard-darwin-x64@0.3.6': - resolution: {integrity: sha512-p9syiZD1kU4I+1ya7f7g+zD1GiUvR8fdlRlNmgsZNWlyjtc8rlV2EjTLd/35x1LsdBq020GVvtzp0ZmPgBI09Q==} + '@mariozechner/clipboard-darwin-x64@0.3.9': + resolution: {integrity: sha512-4kURmCbS6nt8uYhtmWpUcJWyPHfmAr5dTpXD1nO3pIfa+TSQ9DbrGOYCKH+aEFW47XhQ4Vp8ZTszie+wfFvDKg==} engines: {node: '>= 10'} cpu: [x64] os: [darwin] - '@mariozechner/clipboard-linux-arm64-gnu@0.3.6': - resolution: {integrity: sha512-5JFf5rGofrm+V29HNF+wLthXphHdQpMbKDUYJ5tML6/Z5DLlLOV/9Ak4kDPtYyZ+Dzf+kAusE0VsFg4+tfP1IA==} + '@mariozechner/clipboard-linux-arm64-gnu@0.3.9': + resolution: {integrity: sha512-g59OkUGP2DDfCOIKypHeYgv2M55u/cKvXa5dSxFbEJ34XvIQMdcVmpKCkGUro3ZgefXiGVdwguvTMQGpHWzIXw==} engines: {node: '>= 10'} cpu: [arm64] os: [linux] libc: [glibc] - '@mariozechner/clipboard-linux-arm64-musl@0.3.6': - resolution: {integrity: sha512-JlVjxxw0GbGC0djXYWRIqyteO3J1KZ/QG3udlEFaOD5TLOM1FnmXXAPDQBqr+aBVr720ef9K00dirYnJ0LDCtw==} + '@mariozechner/clipboard-linux-arm64-musl@0.3.9': + resolution: {integrity: sha512-AGuJdgKsmJdm4Pych7kv3sqe591ERRaAHW3xjLooiFzn8J+PxUyof++7YZrB5Y5tpnTO+K18Og3taj2NpluCRQ==} engines: {node: '>= 10'} cpu: [arm64] os: [linux] libc: [musl] - '@mariozechner/clipboard-linux-riscv64-gnu@0.3.6': - resolution: {integrity: sha512-4t8BUi5zZ+L77otFQVnVSlaTyAX4TVk9EqQm4syMrEQp96trFEHEwwNHcNEBGzYv5+K7mxay50TthYkz47OWzQ==} + '@mariozechner/clipboard-linux-riscv64-gnu@0.3.9': + resolution: {integrity: sha512-DXBEAiuMpk7dhS1a9NzNxVAFi1vaKoPu7rQNgY8LIDLGrK3lnIp3nT10DUum+PKVJoJppIP+NAA8IZe4DMNDPw==} engines: {node: '>= 10'} cpu: [riscv64] os: [linux] libc: [glibc] - '@mariozechner/clipboard-linux-x64-gnu@0.3.6': - resolution: {integrity: sha512-trtPwcNLW37irwQCJLtCxLw757jjJZk3TSnY/MU9bhtWtA3K9b/eLW0e4RGhUXDoFRds9opNWWaUDuFLa8dm0w==} + '@mariozechner/clipboard-linux-x64-gnu@0.3.9': + resolution: {integrity: sha512-WORrMLd6EpElEME7JRKfSaY34nW1P5LbdgK5YNCS1ncG2LqmITsSMEJ8nh2mpvxb3TxqbOOKgY7k9eMJYlW9Mw==} engines: {node: '>= 10'} cpu: [x64] os: [linux] libc: [glibc] - '@mariozechner/clipboard-linux-x64-musl@0.3.6': - resolution: {integrity: sha512-WfnzIvOCCWQiN0MmltCEo6cLceUDbYe+I7xyFZjaps5A+2Op/M2CY7Rey+C4ucQhrvmpoHmTSFgY9ODWk7snoA==} + '@mariozechner/clipboard-linux-x64-musl@0.3.9': + resolution: {integrity: sha512-/DHn+1DrfL6oRaPPWXaOKvonFFrni666fxd+zFqiQEfvBH0tsHVWjq9iqBk0oDp0qaPA72lIMy5BptxISBEhZQ==} engines: {node: '>= 10'} cpu: [x64] os: [linux] libc: [musl] - '@mariozechner/clipboard-win32-arm64-msvc@0.3.6': - resolution: {integrity: sha512-+8+1aHYsBPUjmW3otmWlg+Hijt0iJvoBBs5e0mxFeUd4gDaKMB8Bn6x7c6KVtscg7E5j5NFXnwQqNSIAO4p8zQ==} + '@mariozechner/clipboard-win32-arm64-msvc@0.3.9': + resolution: {integrity: sha512-O5FHD3ErkMwMhNzAfu3ggy0ug4z7btZuoQgwwxlzPrwV2bxlD6WDpqBY4NCgICAgZdDKdp+loUEKVAVt8aYnhQ==} engines: {node: '>= 10'} cpu: [arm64] os: [win32] - '@mariozechner/clipboard-win32-x64-msvc@0.3.6': - resolution: {integrity: sha512-S4xfPmERC8ZkiLHe3vekZCjdDwNEETCuvCgQK2kP6/TnvmUkq1y2Pk+DjM4t8uh9KMX9bH4zs5ePcKa8GTXmfg==} + '@mariozechner/clipboard-win32-x64-msvc@0.3.9': + resolution: {integrity: sha512-ihQC3EufqEY81vhXBgVBtK4prL+wc62zJsSvxrgz7K1hsdt6OObz6v9p3Rn1OG3GJksTTKMJF0u/guMISHPhSA==} engines: {node: '>= 10'} cpu: [x64] os: [win32] - '@mariozechner/clipboard@0.3.6': - resolution: {integrity: sha512-MXdtr+6+ntlIVHdrZYuZNQydu6o8yZswFJ2Ln81j2O/Y9B/LDHvEaIm95xWNPkjGTWriSOeLnQJRFs6dYb60bg==} + '@mariozechner/clipboard@0.3.9': + resolution: {integrity: sha512-ABnA53mdfkGZwOFUdZNv2S0CWGO/EIuPj8Vv9xmBFmSYg/qFc7ihO6q5FcQjvoE67kZpWkEc4AhD6B/os04yuA==} engines: {node: '>= 10'} '@mistralai/mistralai@2.2.1': @@ -1655,9 +1663,6 @@ packages: '@emnapi/core': ^1.7.1 '@emnapi/runtime': ^1.7.1 - '@nodable/entities@2.1.0': - resolution: {integrity: sha512-nyT7T3nbMyBI/lvr6L5TyWbFJAI9FTgVRakNoBqCD+PmID8DzFrrNdLLtHMwMszOtqZa8PAOV24ZqDnQrhQINA==} - '@nodable/entities@2.1.1': resolution: {integrity: sha512-Pig3HxDIoMgjdEH8OCf/dkcTmLFjJRjWuq8jSnklu284/TKOPibSRERmOykiwmyXTtv61mP+44f3GMx0tLAyjg==} @@ -1731,12 +1736,12 @@ packages: '@octokit/types@14.1.0': resolution: {integrity: sha512-1y6DgTy8Jomcpu33N+p5w58l6xyt55Ar2I91RPiIA0xCJBXyUAhXCcmZaDWSANiha7R9a6qJJ2CRomGPZ6f46g==} - '@opencode-ai/plugin@1.15.10': - resolution: {integrity: sha512-V2p7CvpBtKWB+FID7Dl1y0Ci02zUT40A9b2RD9R9BOiuD8ZcKhHWov+irN0xVJA0Eg6OhEBfA0lPKRn1FNKPlw==} + '@opencode-ai/plugin@1.15.13': + resolution: {integrity: sha512-NFwZGhmxIPijtfz9swPJXDmhOpq4UWP8WjEE7GEMr7FwtJrK/hv6v36nFimed5+OKk+pQCrTJn/vhRW7Io72IA==} peerDependencies: - '@opentui/core': '>=0.2.15' - '@opentui/keymap': '>=0.2.15' - '@opentui/solid': '>=0.2.15' + '@opentui/core': '>=0.2.16' + '@opentui/keymap': '>=0.2.16' + '@opentui/solid': '>=0.2.16' peerDependenciesMeta: '@opentui/core': optional: true @@ -1745,8 +1750,8 @@ packages: '@opentui/solid': optional: true - '@opencode-ai/sdk@1.15.10': - resolution: {integrity: sha512-CUhpmMGGOqzvPnNNjjWmEIodAfP6Qnuki2ChIUKWYF7UImZ4zUcMZnzO5BtUxu/Ni1P8qzWxDioXs+7aIZQEhA==} + '@opencode-ai/sdk@1.15.13': + resolution: {integrity: sha512-4TwojIoQ8EG6/mVBuUVYZXiFcwNmiiytEnjnvyuvSJjGwFIlw2YIBFxtSVC3FbwwbwHT63teh1RHiQUUC4U5xw==} '@oslojs/encoding@1.1.0': resolution: {integrity: sha512-70wQhgYmndg4GCPxPPxPGevRKqTIJ2Nh4OkiMWmDAVYsTQ+Ta7Sq+rPevXyXGdzr30/qZBnyOalCszoMxlyldQ==} @@ -1754,246 +1759,246 @@ packages: '@oxc-project/types@0.133.0': resolution: {integrity: sha512-KzkdCd6Uxqnf6l3HOw1xfatAlUURA0g14cvBYFyJ5SaNOQbOUvBr9PKArcPcrNIeRsBdgcUzOGrhKveVpvOIGA==} - '@oxfmt/binding-android-arm-eabi@0.52.0': - resolution: {integrity: sha512-17EMSJnQ9g+upVHrAUYDMfH5lvRKQ9Nvg8WtEoH72oDr1VpWz+7/o3tD97U1EToen2YAQ/68JmtDYkQUi20dfQ==} + '@oxfmt/binding-android-arm-eabi@0.53.0': + resolution: {integrity: sha512-XfVM8AmIovBTKXCt14Op5wbfcoM8418nttd+nhMgM3RAVaJg1MtJc73FyWfUt0oxLyBGVwfniNVUsbV/b3VmPg==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [arm] os: [android] - '@oxfmt/binding-android-arm64@0.52.0': - resolution: {integrity: sha512-A2G1IdwGEW2lLJkIxcvuirRH1CzSl/e0NX11zTlW1gvxJThfwbI/BEoaKrTNpm7M2FchvIf6guvIQU7d5iz+OQ==} + '@oxfmt/binding-android-arm64@0.53.0': + resolution: {integrity: sha512-btHDfXckwdf9zgyAVznfZkf+GVyB0I1m1hlvaOMRx2xoyz3hphfPX97s89J3wfCN8QBETLtk4lQUaeOkrMuQOg==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [arm64] os: [android] - '@oxfmt/binding-darwin-arm64@0.52.0': - resolution: {integrity: sha512-f9+bLvOYxy7NttCLFTvQ7afmqDOWY4wIP9xdvfj5trQ1qj6f2UFAGwZESlfsMjvJNTyRpXfIlOanCI9FOvoeQA==} + '@oxfmt/binding-darwin-arm64@0.53.0': + resolution: {integrity: sha512-k2RjMcSTkHjoOlsVGbL35JVzXL+oQco3GHPl/5kjebVF4oHNfE24In8F5isqBh9LBJucycWHKDXdGrCchdWcHQ==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [arm64] os: [darwin] - '@oxfmt/binding-darwin-x64@0.52.0': - resolution: {integrity: sha512-YSTB9sJ5nnQd/Q0ddHkgof0ZCHPAnWZT1IW2SJ8omz7CP7KluJhO1fNHrpqdxCtpztJwSs4hY1uAee35wKxxaw==} + '@oxfmt/binding-darwin-x64@0.53.0': + resolution: {integrity: sha512-65jIBE2H1l5SSs16fmv6/7b6sAx/WpvnsgDhVWK9qSjNFDUro7MPQ6q5UhpY7kl46yltfR046iAnxy/Bzqbiew==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [x64] os: [darwin] - '@oxfmt/binding-freebsd-x64@0.52.0': - resolution: {integrity: sha512-NIrRNTTPCs4UbmVs0bxLSCDlLCtIRMJIXklNKaXa5Oj2/K1UIMBvgE8+uPVo01Io3N9HF0+GAX+aAHjUgZS7vA==} + '@oxfmt/binding-freebsd-x64@0.53.0': + resolution: {integrity: sha512-oYe1gkz7U49PCYrS9147d2fJZj8mDI4Di6AvlsU5fu9p+Tq8S7qqOMSZjUiVTLX8bXuSA9Lk/tIxuegVjkNYRA==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [x64] os: [freebsd] - '@oxfmt/binding-linux-arm-gnueabihf@0.52.0': - resolution: {integrity: sha512-JXUCde8mn3GpgQouz2PXUokgy/uT1QrRJBL2s983VWcSQp62wTFYiNXgTKdeo1Jgbr0IgUnKKvzIk/YBlj/nVQ==} + '@oxfmt/binding-linux-arm-gnueabihf@0.53.0': + resolution: {integrity: sha512-ailB2vLzGi629tymdAb2VYJyEHref7oqGxP+tRBrtRBxQrb6NV55JMT7xtGZ8uTeG2+Y9zojqW4LhJYxQnz9Pg==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [arm] os: [linux] - '@oxfmt/binding-linux-arm-musleabihf@0.52.0': - resolution: {integrity: sha512-psbUXaRZ+V8DaXz10Qf7LSHtdtdKAmC8fxXgeU608jjzrmWK4quamZMOpl6sf+dikoFHA85uE93Q0BqxrCdQrQ==} + '@oxfmt/binding-linux-arm-musleabihf@0.53.0': + resolution: {integrity: sha512-abh4mWBvOvD966sobqF7r103y2yYx7Rb4WGHLOS4+5igGqLbbPxS9aK5+45D6iUY7dWMsk3Muz9a8gUtufvqJA==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [arm] os: [linux] - '@oxfmt/binding-linux-arm64-gnu@0.52.0': - resolution: {integrity: sha512-Jw7MgWUU9lcLCcy82updISP3EthTlfvAwR6gWNxPzqly7+fLvOi2gHQE9xXQjpqaVLm/8P+gOzlv9ODuoVlaaw==} + '@oxfmt/binding-linux-arm64-gnu@0.53.0': + resolution: {integrity: sha512-z73PvuhJ8qA+cDbaiqbtopHglA91U4+y5wn2sTJJrnpB957d5P33FEuyP3DQIFd7ofljmDmfVT4G0CVGHZaJWg==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [arm64] os: [linux] libc: [glibc] - '@oxfmt/binding-linux-arm64-musl@0.52.0': - resolution: {integrity: sha512-wZg6bLjDvh2KibyI3QFUYo8GTXneIFsd0JvehtvJiUmQ8WRPERgxd/VM4ctWb86U5FT1FkqgS8/wZKVB+AZScg==} + '@oxfmt/binding-linux-arm64-musl@0.53.0': + resolution: {integrity: sha512-I6bhOTroqc3ThrwZ89l2k3ivKuELhdPLbAcJhRNyjWvlgwb0vjRgEnVL1XLx5Jud04/ypNRZBykAWrSk6l/D+g==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [arm64] os: [linux] libc: [musl] - '@oxfmt/binding-linux-ppc64-gnu@0.52.0': - resolution: {integrity: sha512-IngE8uxhNvxcMrLjZNDo9xNLY7rEK33AKnaMd2B46he1e/mz2CfcW6If/U1wUjdRZddm1QzQaciqZkuMkdh1FA==} + '@oxfmt/binding-linux-ppc64-gnu@0.53.0': + resolution: {integrity: sha512-w0p3JzB/PkkQjXALMJMqP9YfP3yq4w6zGsu5kezQmUnxRkN3b/Theg2l/nDgBsOcczxS3gL6Gam5XNAVrO6QJQ==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [ppc64] os: [linux] libc: [glibc] - '@oxfmt/binding-linux-riscv64-gnu@0.52.0': - resolution: {integrity: sha512-H3+DdFMv/efN3Efmhsv18jDrpiWWqKG7wsfAlQBqAt6z/E2Bx+TwEj2Nowe51CPOWB8/mFBC2dAMSgVFLvvowA==} + '@oxfmt/binding-linux-riscv64-gnu@0.53.0': + resolution: {integrity: sha512-mzBhF6k1Yq1K/dqDmVe/AAafnlJfEpx7yfUiksyeWXJk5iSzZqBSxcsa02zIytYgQFRZ7h6WPZfwHg/DoOE1Kw==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [riscv64] os: [linux] libc: [glibc] - '@oxfmt/binding-linux-riscv64-musl@0.52.0': - resolution: {integrity: sha512-zji+1kb7lJKohSDjzC1IsS+K/cKRs1hdVf0ZH0VbdbiakmtLvN9twBoXo/k8VdjFax7kfo+DyPxS7vv52br1aw==} + '@oxfmt/binding-linux-riscv64-musl@0.53.0': + resolution: {integrity: sha512-AlFCpnRQhogQFzZXWbO6xB6/Udy745L+eQNmDPGg7G/OeWsYmJc4jZYfUN5pQg0reOPWSED2mOQqKZOJM1U8cA==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [riscv64] os: [linux] libc: [musl] - '@oxfmt/binding-linux-s390x-gnu@0.52.0': - resolution: {integrity: sha512-hcLBYedpCy7ToUvvBidWk7+11Yhg1oAZ4+6hKPic/mQI6NaqXJSXMps5nFlwUuX2ewhtLZZDPg63TI042qGKBg==} + '@oxfmt/binding-linux-s390x-gnu@0.53.0': + resolution: {integrity: sha512-XD4ulY4f1DWbuuZXAqxhVn+gdPmrhnmojWtFN78ctVoupmS845fGhsUrk1HZXKQI+iymbaiz9vAjPsghHNQ7Ag==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [s390x] os: [linux] libc: [glibc] - '@oxfmt/binding-linux-x64-gnu@0.52.0': - resolution: {integrity: sha512-IDO2loXK2OtTOhSPchU9MW25mWL2QCDGdJbjN8MXKZVS80qXe5gMTwQWu/gMJ3juoBHbkuUZNB2N1LHzNT7DoA==} + '@oxfmt/binding-linux-x64-gnu@0.53.0': + resolution: {integrity: sha512-xg8KWX0QnxmYWRe60CgHYWXI0ZOtBbqTsXvWiWrcl2XUHJ3fht2QerOk2iWvylzX3zNT2GpvBRxGoR4d3sxPRQ==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [x64] os: [linux] libc: [glibc] - '@oxfmt/binding-linux-x64-musl@0.52.0': - resolution: {integrity: sha512-mAV2Hjn0SatJ+KoAzKUC3eJhdJ8wv+3m1KyuS0dTsbF0c5weq+QrCt/DRZZM+uj/XiKzCDEUKYsBF30e2qkcyw==} + '@oxfmt/binding-linux-x64-musl@0.53.0': + resolution: {integrity: sha512-MWExpYBGvl+pIvVB/gj/CcWlN2al8AizT7rUbtaYaWNoQkhWARM6W3qpgoCr72CYSN9PborzPmM5MIRe2BrNdA==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [x64] os: [linux] libc: [musl] - '@oxfmt/binding-openharmony-arm64@0.52.0': - resolution: {integrity: sha512-vd4npaUIwChxp7XzkqmepBWTT9YMcSe/NBApVGPC30/lLyOVaV3dvma1SKo03t8O73BPRAG7EyJzGlN5cJM5hQ==} + '@oxfmt/binding-openharmony-arm64@0.53.0': + resolution: {integrity: sha512-u4sajgO4nxgmJIgc/y2AqPhkdbOkQH8WugXpA1+pW0ESQhvGZ1oGq61Q4xMbJHJU1hFgtO18QNrcFYDPYH0gwQ==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [arm64] os: [openharmony] - '@oxfmt/binding-win32-arm64-msvc@0.52.0': - resolution: {integrity: sha512-k2sz6gWQdMfh5HPpIS+Bw/0UEV/kaK2xuqJRrWL233sEHx9WLlsmvlPFM4HUNThkYbSN0U0vPW7LVKZWDS8hPQ==} + '@oxfmt/binding-win32-arm64-msvc@0.53.0': + resolution: {integrity: sha512-Yq9sOZoIOJ5xPjO0qOyHJS4CiPuTkB2en9auxZz7Ar2p5RaC7BzLyVVmAA7zz9/L9YnjjY1DwNxN+ivKXimN/A==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [arm64] os: [win32] - '@oxfmt/binding-win32-ia32-msvc@0.52.0': - resolution: {integrity: sha512-rhke69GTcArodLHpjMTfNnvjTEBryDeZcUCKK/VjXDMtfTULl6QRh0ymX5/hbCUv2WjYm9h/QbW++q2vE15gWQ==} + '@oxfmt/binding-win32-ia32-msvc@0.53.0': + resolution: {integrity: sha512-es1fVNZEkBqEcQtBpn19SYFgZF7FawlkCjkT/iImfEAus4gun8fBwB1E9hpV5LcR9B0DBNvRIXhW8BQk3JaE+Q==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [ia32] os: [win32] - '@oxfmt/binding-win32-x64-msvc@0.52.0': - resolution: {integrity: sha512-q5xL7oeXkZdEtNZWBdvehJcmt+GRu9l2bK40yJs1jJXlqq+r0Hygb1rTjq+FM2o/2xyt4cufH6KRplHp3Jjsvw==} + '@oxfmt/binding-win32-x64-msvc@0.53.0': + resolution: {integrity: sha512-QFmJs2bEu9AO4O6qsmEaZNGi6dFq8N+rT8EHAAnZIq/B9SeJDUbc4DzVxQ48MfDsL7D3sCZzo37zuTuspcURgg==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [x64] os: [win32] - '@oxlint/binding-android-arm-eabi@1.67.0': - resolution: {integrity: sha512-VrSi571rDv1N8HaEDM+DEX8nmT0y9jJo8tzzW13vsOWTx59xQczCIJx68n2zWOXRT5YKZsOZXp4qkHN/10x4mw==} + '@oxlint/binding-android-arm-eabi@1.68.0': + resolution: {integrity: sha512-wEdsIspexXLLMCPAEOcCuFLMt6aE3AzTuA/nQKLPRnoJ+EQTturmGheDkhHuuVHx0GbutjQ3JKmEn+Gz6Ag28Q==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [arm] os: [android] - '@oxlint/binding-android-arm64@1.67.0': - resolution: {integrity: sha512-l6+NdYxMoRohix5r5bbigW16LPicceCwGcQ6LKKuE1kUdjgFfQolJjrJsQYPFetIs78Gxj/G/f5TEGoTCwj9nQ==} + '@oxlint/binding-android-arm64@1.68.0': + resolution: {integrity: sha512-6aZRNNXQTsYtgaus8HTb9nuCcsrQTlKXGnktwvwW0n/SooRWNxNb3925grDkC63aEYZuCIyOVLV16IdYIoC2aQ==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [arm64] os: [android] - '@oxlint/binding-darwin-arm64@1.67.0': - resolution: {integrity: sha512-jOzXxS1AxFxhImLIRbtGIMrEwaXcgMw3gR57WB1cRk8ai+vpr6726kxXqVvlNsrXtJ/FrmOm8RxlC0m8SW24Qg==} + '@oxlint/binding-darwin-arm64@1.68.0': + resolution: {integrity: sha512-lVTbsE3kO4bLpZELgjRZuAJc8kP98wb83yMXWH8gaPaFZ+cM2IDeZto4ByoUAYj0Mxv2rvw+A1ssZequSepVSg==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [arm64] os: [darwin] - '@oxlint/binding-darwin-x64@1.67.0': - resolution: {integrity: sha512-3DFAVY94OqjIZHXIPz37yGRSWwOFTAqChQ64/M69GYLawzP0KiwdhDNfqdKKYT0bTR/DNxmMnQsj3ns+8+X/Lg==} + '@oxlint/binding-darwin-x64@1.68.0': + resolution: {integrity: sha512-nCmw2XrmQskjBUh/sfP5yKs93V68LijQgjd1cuuZ/q4SCARngLYs60/qqyzuMsg8QQ9KArDI98hxs/RDGE4KRQ==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [x64] os: [darwin] - '@oxlint/binding-freebsd-x64@1.67.0': - resolution: {integrity: sha512-e4dDKZuLu8TR9DEBssWSDahlPgZBwojTTHZUvnjBRJfJJbpxYCjfjKfi0Z1+CSLMiJBwI2yCDtRM1XJQaARjmg==} + '@oxlint/binding-freebsd-x64@1.68.0': + resolution: {integrity: sha512-TI4ovQJliYE9V6e06cEv+qEI9uj7Ao65fmif4er4HD+aouyYyh0P31q2jh3KtqsOHHcQqv2PZ61TjJFLpBDGWQ==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [x64] os: [freebsd] - '@oxlint/binding-linux-arm-gnueabihf@1.67.0': - resolution: {integrity: sha512-BKytFdcQzbITV3xlnzDUDTEDtbUMCCiC4EaNTDZ4FyT8gdNvBC4gfiLucXp/sQl0XU3p7syTlorUWVVVBZab2g==} + '@oxlint/binding-linux-arm-gnueabihf@1.68.0': + resolution: {integrity: sha512-LcNnEi9g71Cmry5ZpLbKT+oVv+/zYG3hYVAbBBB5X85nOQZSk8l92CnDkxJMcxUg0NCnMCOFZuaVDlMyv4tYJw==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [arm] os: [linux] - '@oxlint/binding-linux-arm-musleabihf@1.67.0': - resolution: {integrity: sha512-XYAv0esBDX7BpTzRDjVX2Vdj+zndd8ll2dFQiaeQ6zTZr7A8GRDTN7fH3FP3jU+O0vCDx85oH/EtG7BzPgAXuw==} + '@oxlint/binding-linux-arm-musleabihf@1.68.0': + resolution: {integrity: sha512-OovHahL3FX4UaK+hgSf11llUx2vszqjSdQQ61Ck9InOEI/ptZoC4XSQJurITqItVvd53JSlmkLMeaNjM1PoQew==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [arm] os: [linux] - '@oxlint/binding-linux-arm64-gnu@1.67.0': - resolution: {integrity: sha512-zizRMjA0i6u/2B0evgda04iycu+MoNuf1pBy6Eh+1CjC5wMEG7qN5zdDKTCvFc0KSYSDM9QTG3gjZHirgtQuKg==} + '@oxlint/binding-linux-arm64-gnu@1.68.0': + resolution: {integrity: sha512-YbzTglnHLzzi9zv5or8Ztz5fykAoZE8W9iM42/bOrF4HBSB6rJTqdLQWuoP76EHQw9DuKl76K1QmFlG29sPJXQ==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [arm64] os: [linux] libc: [glibc] - '@oxlint/binding-linux-arm64-musl@1.67.0': - resolution: {integrity: sha512-zB/Tf6sUjmmvvbva9Gj3JTJ8rJ9t4I8/U0o6vSRtd0DRIsIuyegBwJAzhSUFQHdMijIRJkW0exs/yBhpw2S20w==} + '@oxlint/binding-linux-arm64-musl@1.68.0': + resolution: {integrity: sha512-qVKtCZNic+OoNnOr/hCQAu22HSQzflI7Fsq/Blzkw02SnLuv163k3kfmrVpZjSBlUHgsRKj6WgQiw30d3SX02Q==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [arm64] os: [linux] libc: [musl] - '@oxlint/binding-linux-ppc64-gnu@1.67.0': - resolution: {integrity: sha512-kgU40Gt74CK0TCsF51KZymkIwN9U0BajKsMijB52zPqOeZU9NAHkA/NSQkZDHEaCakx42DxhXkODiAqf2b4Gug==} + '@oxlint/binding-linux-ppc64-gnu@1.68.0': + resolution: {integrity: sha512-zExyZ8ZOUuAyQ0y9jpTcyjKUz62YY9JhKPyVxzvjTpXzZ3ujdqiVwfPWDdnA1SsIOrxdtxHn7KErDHLWskFjXg==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [ppc64] os: [linux] libc: [glibc] - '@oxlint/binding-linux-riscv64-gnu@1.67.0': - resolution: {integrity: sha512-tOYhkk/iaG9aD3FvGpBFd1Lrw0x0RaVoJBxjUkfNzS50rC5NS5BteNCwgr8A2zCdADrIIoze6D7u6U5Ic++/iQ==} + '@oxlint/binding-linux-riscv64-gnu@1.68.0': + resolution: {integrity: sha512-6C4MPuwewyDavA7sxM14wzgRi5GGL68HPIxRCdVyS75U4MDbpFVYzKO9WNR6KLKTMPq2pcz3THwo1sK2uiqngw==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [riscv64] os: [linux] libc: [glibc] - '@oxlint/binding-linux-riscv64-musl@1.67.0': - resolution: {integrity: sha512-sEtywrPb+0b+tHYl1SDCrw903fiC4eyKoNqzP3v+f2JT3Xcv4NEYG+P8rj+eEnX7IWhqV/xj8/JmcmVj21CXaA==} + '@oxlint/binding-linux-riscv64-musl@1.68.0': + resolution: {integrity: sha512-bnZooVeHAcvA+dH0EDLgx+7HY/DRi6e0hFszg3P+OBatuUjV6EvfIyNIzWOusmqAVh4L6r21GGTZtiKE4iqM4Q==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [riscv64] os: [linux] libc: [musl] - '@oxlint/binding-linux-s390x-gnu@1.67.0': - resolution: {integrity: sha512-BvR8Moa0zCLxroOx4vZaZN9nUfwAUpSTwjZdxZyKy4bv3PrzrXrxKR/ZQ0L9wNSvlPhnMJeZfa3q5w6ZCTuN6Q==} + '@oxlint/binding-linux-s390x-gnu@1.68.0': + resolution: {integrity: sha512-dIqnZnJSmHCMOUpUcWQOiV14o3DDPVx1DSsMaSzvdhNjC1tB1iEPZbdiMSCIEYbkgbsYznHXWqFdKL8WUB3F8g==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [s390x] os: [linux] libc: [glibc] - '@oxlint/binding-linux-x64-gnu@1.67.0': - resolution: {integrity: sha512-mm2cxM6fksOpq6l0uFws8BUGKAR4dNa/cZCn37Npq7PFbhD5HDJqWfnoIvTaeRKMy5XdS2tO0MA0qbHDrnXAAA==} + '@oxlint/binding-linux-x64-gnu@1.68.0': + resolution: {integrity: sha512-zc9lEnfV/HreDTY6gdMlZe+irkwHSxQ4/B1pS9GyK7RVaA5LxhoZY/w6/o2vIwLLEYiXQ5ujGxOM1ZazeFAAIA==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [x64] os: [linux] libc: [glibc] - '@oxlint/binding-linux-x64-musl@1.67.0': - resolution: {integrity: sha512-WmbMuLapKyDlobMkXAaAL0Y+Uczh4LETfIfQsUpbId4Ip8Ai82/jqeYTOoUCkuuhBFapgqP253+d83tLKOksJg==} + '@oxlint/binding-linux-x64-musl@1.68.0': + resolution: {integrity: sha512-Dl5QEX0TCo/40Cdh1o1JdPS//+YiWqjC+Hrrya5OQmStZZr4svAFtdlqcpCrU9yq2Mo3vRVyO9B3h0dzD8s36Q==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [x64] os: [linux] libc: [musl] - '@oxlint/binding-openharmony-arm64@1.67.0': - resolution: {integrity: sha512-9g/PqxYJelzzTAOR5Y+RiRqdeydhEuXv2KxNeFcAKQ7UsvnWSY1OP4MsuPMbTO2Pf70tz7mFhl1j13H3fyh+8g==} + '@oxlint/binding-openharmony-arm64@1.68.0': + resolution: {integrity: sha512-/qy6dOvi4S3/LeXq0l5BT5pRKPYA7oj3uKwJOAZOr5HRLL+HK6jdBynvWuXIA2wwfE01RzNYmbBdM7vwYx00sA==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [arm64] os: [openharmony] - '@oxlint/binding-win32-arm64-msvc@1.67.0': - resolution: {integrity: sha512-2VhwE6Gatb0vJGnN0TBuQMbKCOiZlSQ/zJvVWYLK4a9d4iDiJOen/yVQkGpmsJ90MuH66fzi0kEKI0jRQMDxGA==} + '@oxlint/binding-win32-arm64-msvc@1.68.0': + resolution: {integrity: sha512-fHNtVqPHSYE7UFDSLVFUjxQjnSVXxseNJmRW+XuP4pXXDwePdPda43NL7/BBCFTxHjycOc44JNDaOPtFDNui9A==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [arm64] os: [win32] - '@oxlint/binding-win32-ia32-msvc@1.67.0': - resolution: {integrity: sha512-EQ3VExXfeM1InbE5+JjufhZZTWy+kHUwgt3yZR7gQ47Je/mE0WspQPan0OJznh493L5anM210YNJtH1PXjTSFg==} + '@oxlint/binding-win32-ia32-msvc@1.68.0': + resolution: {integrity: sha512-NnKXr4Wgo4nps3erhrE0f8shBvBPZMHg72nDsvX0JyrRvsNiP3f1JNvbCKh+A6VFvpF7ZoJxu904P3cKMhvZnA==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [ia32] os: [win32] - '@oxlint/binding-win32-x64-msvc@1.67.0': - resolution: {integrity: sha512-bw24y+/1MHS4QDkons3YyHkPT9uCMoLHHgQhb+mb8NOjTYwub1CZ+K9Ngr8aO5DMrDrkqHwTzlTwFP2vS8Y/ZQ==} + '@oxlint/binding-win32-x64-msvc@1.68.0': + resolution: {integrity: sha512-zg5pA+84AlU6XHJ3ruiRxziO71QTrz8nLsk6u01JGS5+tL9/bnlakFiklFrcy4R1/V7ktWtaNitN3JZWmKnf6g==} engines: {node: ^20.19.0 || >=22.12.0} cpu: [x64] os: [win32] @@ -2139,8 +2144,8 @@ packages: '@rolldown/pluginutils@1.0.1': resolution: {integrity: sha512-2j9bGt5Jh8hj+vPtgzPtl72j0yRxHAyumoo6TNfAjsLB04UtpSvPbPcDcBMxz7n+9CYB0c1GxQFxYRg2jimqGw==} - '@rollup/pluginutils@5.3.0': - resolution: {integrity: sha512-5EdhGZtnu3V88ces7s53hhfK5KSASnJZv8Lulpc04cWO3REESroJXg73DFsOmgbU2BhwV0E20bu2IDZb3VKW4Q==} + '@rollup/pluginutils@5.4.0': + resolution: {integrity: sha512-MfPp06CjRLfXQ3wY0R8vJDYBy/MvVcc9OulEfR0B8Iv9ko+GCNaRZ+EpJYFl27LhKsZK0o420sYCRHCjfCgeUg==} engines: {node: '>=14.0.0'} peerDependencies: rollup: ^1.20.0||^2.0.0||^3.0.0||^4.0.0 @@ -2148,173 +2153,173 @@ packages: rollup: optional: true - '@rollup/rollup-android-arm-eabi@4.60.4': - resolution: {integrity: sha512-F5QXMSiFebS9hKZj02XhWLLnRpJ3B3AROP0tWbFBSj+6kCbg5m9j5JoHKd4mmSVy5mS/IMQloYgYxCuJC0fxEQ==} + '@rollup/rollup-android-arm-eabi@4.61.0': + resolution: {integrity: sha512-dnxczajOqt0gesZlN5pGQ1s1imQVrsmCw5G2Ci4oM+0WvNz3pyRnlWrT7McoZIb8VlFwCawdmbWRmxRn7HI+VQ==} cpu: [arm] os: [android] - '@rollup/rollup-android-arm64@4.60.4': - resolution: {integrity: sha512-GxxTKApUpzRhof7poWvCJHRF51C67u1R7D6DiluBE8wKU1u5GWE8t+v81JvJYtbawoBFX1hLv5Ei4eVjkWokaw==} + '@rollup/rollup-android-arm64@4.61.0': + resolution: {integrity: sha512-Bp3JpGP00Vu3f238ivRrjf7z3xSzVPXqCmaJYA9t2c+c8vKYvOzmXF7LkkeUalTEGd6cZcSWe+PFIP3Vy48fRg==} cpu: [arm64] os: [android] - '@rollup/rollup-darwin-arm64@4.60.4': - resolution: {integrity: sha512-tua0TaJxMOB1R0V0RS1jFZ/RpURFDJIOR2A6jWwQeawuFyS4gBW+rntLRaQd0EQ4bd6Vp44Z2rXW+YYDBsj6IA==} + '@rollup/rollup-darwin-arm64@4.61.0': + resolution: {integrity: sha512-zaYIpr670mUmmZ1tVzUFplbQbG7h3Gugx3L5FoqhsC2m/YnLlR1a7zVLmXNPy+iY1tFPEbNG+HHBXZGyId0G5w==} cpu: [arm64] os: [darwin] - '@rollup/rollup-darwin-x64@4.60.4': - resolution: {integrity: sha512-CSKq7MsP+5PFIcydhAiR1K0UhEI1A2jWXVKHPCBZ151yOutENwvnPocgVHkivu2kviURtCEB6zUQw0vs8RrhMg==} + '@rollup/rollup-darwin-x64@4.61.0': + resolution: {integrity: sha512-+P49fvkv2dSoeevUW+lgZ/I2JHSsJCK1Lyjj7Cu6E4UHG4tS9XIefzIjo5qhgELjAclnen1rLzK2PMKJdo+Dyg==} cpu: [x64] os: [darwin] - '@rollup/rollup-freebsd-arm64@4.60.4': - resolution: {integrity: sha512-+O8OkVdyvXMtJEciu2wS/pzm1IxntEEQx3z5TAVy4l32G0etZn+RsA48ARRrFm6Ri8fvqPQfgrvNxSjKAbnd3g==} + '@rollup/rollup-freebsd-arm64@4.61.0': + resolution: {integrity: sha512-l3FAAOyKJXH2ea6KNFN+MMgC/rnE94YGLXs2ehYqDcCoHt1DpvgWX75BhUJxN38XojP7Ul+4H8PRn7EdyqSDrw==} cpu: [arm64] os: [freebsd] - '@rollup/rollup-freebsd-x64@4.60.4': - resolution: {integrity: sha512-Iw3oMskH3AfNuhU0MSN7vNbdi4me/NiYo2azqPz/Le16zHSa+3RRmliCMWWQmh4lcndccU40xcJuTYJZxNo/lw==} + '@rollup/rollup-freebsd-x64@4.61.0': + resolution: {integrity: sha512-VokPN3TSctKj65cyCNPaUh4vMFA8awxOot/0sp+4J7ZlNRKQEhXhawqPwajoi8H5ZFt61i0ugZJuTKXBjGJ17Q==} cpu: [x64] os: [freebsd] - '@rollup/rollup-linux-arm-gnueabihf@4.60.4': - resolution: {integrity: sha512-EIPRXTVQpHyF8WOo219AD2yEltPehLTcTMz2fn6JsatLYSzQf00hj3rulF+yauOlF9/FtM2WpkT/hJh/KJFGhA==} + '@rollup/rollup-linux-arm-gnueabihf@4.61.0': + resolution: {integrity: sha512-DxH0P3wxm+Yzs/p3zrk9dw1rURu8p0Nv5+MRK/L7OtnLNg5rLZraSBFZ8iUXOd9f2BlhJyEpIZUH/emjq4UJ4g==} cpu: [arm] os: [linux] libc: [glibc] - '@rollup/rollup-linux-arm-musleabihf@4.60.4': - resolution: {integrity: sha512-J3Yh9PzzF1Ovah2At+lHiGQdsYgArxBbXv/zHfSyaiFQEqvNv7DcW98pCrmdjCZBrqBiKrKKe2V+aaSGWuBe/w==} + '@rollup/rollup-linux-arm-musleabihf@4.61.0': + resolution: {integrity: sha512-T6ZvMNe84kAz6TBWHC7hGAoEtzP1LWYw/AqayGWEF6uISt3Abk/st06LqRD9THd7Xz3NxzurUpzAuEAUbZf+nw==} cpu: [arm] os: [linux] libc: [musl] - '@rollup/rollup-linux-arm64-gnu@4.60.4': - resolution: {integrity: sha512-BFDEZMYfUvLn37ONE1yMBojPxnMlTFsdyNoqncT0qFq1mAfllL+ATMMJd8TeuVMiX84s1KbcxcZbXInmcO2mRg==} + '@rollup/rollup-linux-arm64-gnu@4.61.0': + resolution: {integrity: sha512-q/4hzvQkDs8b4jIBab1pnLiiM0ayTZsN2amBFPDzuyZxjEd4wDwx0UJFYM3cOZzSf5Kw8fnWSprJzIBMkcR44Q==} cpu: [arm64] os: [linux] libc: [glibc] - '@rollup/rollup-linux-arm64-musl@4.60.4': - resolution: {integrity: sha512-pc9EYOSlOgdQ2uPl1o9PF6/kLSgaUosia7gOuS8mB69IxJvlclko1MECXysjs5ryez1/5zjYqx3+xYU0TU6R1A==} + '@rollup/rollup-linux-arm64-musl@4.61.0': + resolution: {integrity: sha512-vvYWX3akdEAY6km+9wAqFDnk6pQsbJKVnj7xawcvs/+fdlYBGp+U+Qq/lLfpIxYIZvZLHMAKD9HLdacSx/r3dw==} cpu: [arm64] os: [linux] libc: [musl] - '@rollup/rollup-linux-loong64-gnu@4.60.4': - resolution: {integrity: sha512-NxnomyxYerDh5n4iLrNa+sH+Z+U4BMEE46V2PgQ/hoB909i8gV1M5wPojWg9fk1jWpO3IQnOs20K4wyZuFLEFQ==} + '@rollup/rollup-linux-loong64-gnu@4.61.0': + resolution: {integrity: sha512-DePa5cqOxDP/Zp0VOXpeWaGew5iIv5DXp9NYbzkX5PFQyWVX9184WCTh3hvr/7lhXo8ZVlbFLkz8+o/q1dU6gA==} cpu: [loong64] os: [linux] libc: [glibc] - '@rollup/rollup-linux-loong64-musl@4.60.4': - resolution: {integrity: sha512-nbJnQ8a3z1mtmrwImCYhc6BGpThAyYVRQxw9uKSKG4wR6aAYno9sVjJ0zaZcW9BPJX1GbrDPf+SvdWjgTuDmnw==} + '@rollup/rollup-linux-loong64-musl@4.61.0': + resolution: {integrity: sha512-LV8aWMB8UChglMCEzs7RkN0GsH29RJaLLqwm9fCIjlqwxQTiWAqNcc7wjBkH31hV0PU/yVxGYvrYsgfea2qw6g==} cpu: [loong64] os: [linux] libc: [musl] - '@rollup/rollup-linux-ppc64-gnu@4.60.4': - resolution: {integrity: sha512-2EU6acNrQLd8tYvo/LXW535wupT3m6fo7HKo6lr7ktQoItxTyOL1ZCR/GfGCuXl2vR+zmfI6eRXkSemafv+iVg==} + '@rollup/rollup-linux-ppc64-gnu@4.61.0': + resolution: {integrity: sha512-QoNSnwQtaeNu5grdBbsL0tt1uyl5EnS8DA8Mr3nluMXbhdQNyhN+G4tBax7VCdxLKj8YJ0/4OO9Ho84jMnJtKA==} cpu: [ppc64] os: [linux] libc: [glibc] - '@rollup/rollup-linux-ppc64-musl@4.60.4': - resolution: {integrity: sha512-WeBtoMuaMxiiIrO2IYP3xs6GMWkJP2C0EoT8beTLkUPmzV1i/UcOSVw1d5r9KBODtHKilG5yFxsGRnBbK3wJ4A==} + '@rollup/rollup-linux-ppc64-musl@4.61.0': + resolution: {integrity: sha512-/zZp5MKapIIApE8trN8qLGNSiRN9TUoaUZ1cmVu4XnVdd5LQLOXTtyi+vtfUbNnT3iyjzpPqYeKXmvJ+gJGYWw==} cpu: [ppc64] os: [linux] libc: [musl] - '@rollup/rollup-linux-riscv64-gnu@4.60.4': - resolution: {integrity: sha512-FJHFfqpKUI3A10WrWKiFbBZ7yVbGT4q4B5o1qKFFojqpaYoh9LrQgqWCmmcxQzVSXYtyB5bzkXrYzlHTs21MYA==} + '@rollup/rollup-linux-riscv64-gnu@4.61.0': + resolution: {integrity: sha512-RbrzcD3aJ1k3UbtMRRBNwojdVVyXjuVAFTfn/xPa6EEl6GE9Sm/akPgFTb9aAC9pMKGJ6CtWxaGrqWcabH+ySg==} cpu: [riscv64] os: [linux] libc: [glibc] - '@rollup/rollup-linux-riscv64-musl@4.60.4': - resolution: {integrity: sha512-mcEl6CUT5IAUmQf1m9FYSmVqCJlpQ8r8eyftFUHG8i9OhY7BkBXSUdnLH5DOf0wCOjcP9v/QO93zpmF1SptCCw==} + '@rollup/rollup-linux-riscv64-musl@4.61.0': + resolution: {integrity: sha512-ZF+onDsBso8PJf1XaG9lB+O9RnBpKGnY6OrzC4CSHrtC1jb6jWLTKK4bRqdoCXHd22gyr2hiYmEAm8Wns/BOCw==} cpu: [riscv64] os: [linux] libc: [musl] - '@rollup/rollup-linux-s390x-gnu@4.60.4': - resolution: {integrity: sha512-ynt3JxVd2w2buzoKDWIyiV1pJW93xlQic1THVLXilz429oijRpSHivZAgp65KBu+cMcgf1eVVjdnTLvPxgCuoQ==} + '@rollup/rollup-linux-s390x-gnu@4.61.0': + resolution: {integrity: sha512-Atk0aSIk5Zx2Wuh9dgRQgLP0Koc8hOeYpbWryMXyk8G8/HmPkwPPkMqIIDhrXHHYqfUzSJA/I7IWSBv8xSmRBA==} cpu: [s390x] os: [linux] libc: [glibc] - '@rollup/rollup-linux-x64-gnu@4.60.4': - resolution: {integrity: sha512-Boiz5+MsaROEWDf+GGEwF8VMHGhlUoQMtIPjOgA5fv4osupqTVnJteQNKJwUcnUog2G55jYXH7KZFFiJe0TEzQ==} + '@rollup/rollup-linux-x64-gnu@4.61.0': + resolution: {integrity: sha512-0uMOcf3eZ5K+K4cYHkdxShFMPlPXCOdfDFEFn9dNYAEEd2cVvmOfH7zFgRVoDgmtQ1m9k5q7qfrHzyMAubKYUA==} cpu: [x64] os: [linux] libc: [glibc] - '@rollup/rollup-linux-x64-musl@4.60.4': - resolution: {integrity: sha512-+qfSY27qIrFfI/Hom04KYFw3GKZSGU4lXus51wsb5EuySfFlWRwjkKWoE9emgRw/ukoT4Udsj4W/+xxG8VbPKg==} + '@rollup/rollup-linux-x64-musl@4.61.0': + resolution: {integrity: sha512-mvFtE4A/t/7hRJ7X8Ozmu8FsIkAUat2nzl12pgU337BRmq87AQUJztwHz2Zv5/tjo9/C95E66CK03SI/ToEDJw==} cpu: [x64] os: [linux] libc: [musl] - '@rollup/rollup-openbsd-x64@4.60.4': - resolution: {integrity: sha512-VpTfOPHgVXEBeeR8hZ2O0F3aSso+JDWqTWmTmzcQKted54IAdUVbxE+j/MVxUsKa8L20HJhv3vUezVPoquqWjA==} + '@rollup/rollup-openbsd-x64@4.61.0': + resolution: {integrity: sha512-z9b9+aTxvt8n2rNltMPvyaUfB8NJ+CVyOrGK/MdIKHx7B+lXmZpm/XbRsU7Rpf3fRqJ2uS6mBJiJveCtq8LHDg==} cpu: [x64] os: [openbsd] - '@rollup/rollup-openharmony-arm64@4.60.4': - resolution: {integrity: sha512-IPOsh5aRYuLv/nkU51X10Bf75Bsf6+gZdx1X+QP5QM6lIJFHHqbHLG0uJn/hWthzo13UAc2umiUorqZy3axoZg==} + '@rollup/rollup-openharmony-arm64@4.61.0': + resolution: {integrity: sha512-jXaXFqKMehsOc+g8R6oo33RRC6w07G9jDBxAE5eAKX7mOcCbZloYIPNhfG9Wl+P9O9IWHFO4OJgPi1Ml2qkt7w==} cpu: [arm64] os: [openharmony] - '@rollup/rollup-win32-arm64-msvc@4.60.4': - resolution: {integrity: sha512-4QzE9E81OohJ/HKzHhsqU+zcYYojVOXlFMs1DdyMT6qXl/niOH7AVElmmEdUNHHS/oRkc++d5k6Vy85zFs0DEw==} + '@rollup/rollup-win32-arm64-msvc@4.61.0': + resolution: {integrity: sha512-OXNWVFocS2IA4+QplhTZZ2a+8hPZR7T8KuozsNmJKK8y7cp83StHvGksfHzPG3wczWTczyWHVQuqeiTUbjiyBg==} cpu: [arm64] os: [win32] - '@rollup/rollup-win32-ia32-msvc@4.60.4': - resolution: {integrity: sha512-zTPgT1YuHHcd+Tmx7h8aml0FWFVelV5N54oHow9SLj+GfoDy/huQ+UV396N/C7KpMDMiPspRktzM1/0r1usYEA==} + '@rollup/rollup-win32-ia32-msvc@4.61.0': + resolution: {integrity: sha512-AlAbNtBO637LxSldqV43z0FfXoGfl2TW1DgAg/bs7aQswFbDewz2SJm3BUhiGfbOVtW571xbc9p+REdxhyN/Eg==} cpu: [ia32] os: [win32] - '@rollup/rollup-win32-x64-gnu@4.60.4': - resolution: {integrity: sha512-DRS4G7mi9lJxqEDezIkKCaUIKCrLUUDCUaCsTPCi/rtqaC6D/jjwslMQyiDU50Ka0JKpeXeRBFBAXwArY52vBw==} + '@rollup/rollup-win32-x64-gnu@4.61.0': + resolution: {integrity: sha512-QRSrQXyJ1M4tjNXdR0/G/IgV6lzfQQJYBjlWIEYkY2Xs86DRl/iEpQ4blMDjJxSl7n19eDKKXMg0AmuBVYy8pQ==} cpu: [x64] os: [win32] - '@rollup/rollup-win32-x64-msvc@4.60.4': - resolution: {integrity: sha512-QVTUovf40zgTqlFVrKA1uXMVvU2QWEFWfAH8Wdc48IxLvrJMQVMBRjuQyUpzZCDkakImib9eVazbWlC6ksWtJw==} + '@rollup/rollup-win32-x64-msvc@4.61.0': + resolution: {integrity: sha512-tkuFxhvKO/HlGd0VsINF6vHSYH8AF8W0TcNxKDK6JZmrehngFj78pToc8iemtnvwilDjs2G/qSzYFhe9U8q+fw==} cpu: [x64] os: [win32] '@sec-ant/readable-stream@0.4.1': resolution: {integrity: sha512-831qok9r2t8AlxLko40y2ebgSDhenenCatLVeW/uBtnHPyhHOvG0C7TvfgecV+wHzIm5KUICgzmVpWS+IMEAeg==} - '@shikijs/core@4.1.0': - resolution: {integrity: sha512-jLJtSJeuFffqX6/inRE1zqU5aFv2hrszvYgq3OjbAgFRZiWv7abKMDdQzYxuSDfmUPQozZvI/kuy6VMTvnvqTQ==} + '@shikijs/core@4.2.0': + resolution: {integrity: sha512-Hc87Ab1Ld/vEbZRCbwx344I5v+4RU8CVToUTRkqXL1+TjbuOp9U5Xa0M23V4GEWHxVn+yO5otb+HkQVm3ptWQQ==} engines: {node: '>=20'} - '@shikijs/engine-javascript@4.1.0': - resolution: {integrity: sha512-YquhawCUgaBfhsS72e2Y/dI59gCBNPHu3fEO/tvLaXrTssxZrY5ddjtNLTwndrMgPo8b3IscE+xoICDzpTmlFQ==} + '@shikijs/engine-javascript@4.2.0': + resolution: {integrity: sha512-fjETeq1k5ffyXqRgS6+3hpvqseLalp1kjNfRbXpUgWR8FpZ1CmQfiNHovc5lncYjt/Vg5JK/WJEmLahjwMa0og==} engines: {node: '>=20'} - '@shikijs/engine-oniguruma@4.1.0': - resolution: {integrity: sha512-axLpjVs45YBvvINa+dJF+NPW+KtFkNXsFr4SDw2BMj9GdeMnGxVB9PQb2xXlJYovslt/nz6giedAyOANkfc7hg==} + '@shikijs/engine-oniguruma@4.2.0': + resolution: {integrity: sha512-hTorK1dffPkpbMUk6Z+828PgRo7d07HbnizoP0hNPFjhxMHctj0Px/qoHeGMYafc6ju+u9iMldN4JbVzNQM++g==} engines: {node: '>=20'} - '@shikijs/langs@4.1.0': - resolution: {integrity: sha512-nwOMruEkbgdZfQ/b8CgpNBVOpvG1k0N5tbmgiFeqsan401+x3ILqlzZJowSla4Agmq4hG2Uf2wh5jLTEhR8VSg==} + '@shikijs/langs@4.2.0': + resolution: {integrity: sha512-bwrVRlJ0wUhZxAbVdvBbv2TTC9yLsh4C/IO5Ofz0T8MQntgDvyVnkbjw9vi50r1kx7RCIJdnJnjZAwmAsXFLZQ==} engines: {node: '>=20'} - '@shikijs/primitive@4.1.0': - resolution: {integrity: sha512-zx2/2Uwj2q9X3KSyYREEhXO23xBw5WUhP4orK2lE4r+t9JGITmEe0JH+wPmJhqHpOT2bRRs6lAL945+LDvOAGw==} + '@shikijs/primitive@4.2.0': + resolution: {integrity: sha512-NOq+DtUkVBJtZMVXL5A0vI0Xk8nvDYaXetFHSJFlOqjDZIVhIPRYFdGkSoElDqNuegikcc3A76SNUa8dTqtAYA==} engines: {node: '>=20'} - '@shikijs/themes@4.1.0': - resolution: {integrity: sha512-emCcTnUM7yO2wltYbaxm+yLvcCI4+h8XBKc4KmJ7EZUXoSGjcCHifkI//R4OFit9ewpg7H2/9tjOuXrT2v/Knw==} + '@shikijs/themes@4.2.0': + resolution: {integrity: sha512-RX8IHYeLv8Cu2W6ruc3RxUqWn0IYCqSrMBzi/uRGAmfyDNOnNO5BF/Px7o97n4XTpmFTo5GbRaazuOWj+2ak2w==} engines: {node: '>=20'} - '@shikijs/types@4.1.0': - resolution: {integrity: sha512-3EQWX54fMpniOrDblzAhiwiJwpiTMW6+B9DWyUd9ska483tbayFYuw47UxwuPknI31bKnySfVQ/QW+jFL4rFdA==} + '@shikijs/types@4.2.0': + resolution: {integrity: sha512-VT/MKtlpOhEPZloSH3Pb9WCZEBDoQVMa9jedp5UAwmJOar1DVc9DRODAxmYPW9M93IK4ryuqRejFfmlvlVDemw==} engines: {node: '>=20'} '@shikijs/vscode-textmate@10.0.2': @@ -2331,62 +2336,66 @@ packages: resolution: {integrity: sha512-tlqY9xq5ukxTUZBmoOp+m61cqwQD5pHJtFY3Mn8CA8ps6yghLH/Hw8UPdqg4OLmFW3IFlcXnQNmo/dh8HzXYIQ==} engines: {node: '>=18'} - '@smithy/core@3.24.4': - resolution: {integrity: sha512-3UNRKEyQyAgVgM0LGlerCLm+ChZWZ1GPfde+jBEW6bm6bSBGU1p0EbblaUV3unbhwvidjLA5Zs3sOs7mnZwvAw==} - engines: {node: '>=18.0.0'} - '@smithy/core@3.24.5': resolution: {integrity: sha512-Kt8phUg45M15EjhYAbZ+fFikYneijLu9Liugz8ZsYz2i8j0hzGv27LWKpEHYRfvj+LyCOSijpcR/2i8RouV+cA==} engines: {node: '>=18.0.0'} - '@smithy/credential-provider-imds@4.3.4': - resolution: {integrity: sha512-vKW0MEFRU4Y3MkVZUkpJm+g9qyPGLCXhc0YLggUdSdBB4g7IaSSsCE75P9rBXyWHrXY1UYSQUl8/DwsTR7QciA==} + '@smithy/core@3.24.6': + resolution: {integrity: sha512-wBXDRup6UU97VKyaiRo8AssnfStPtG0oAAfpq/bC0a1YYau8pM86YB4kM6ccoVi1mS8l/UHbn9oDM+7uozr/ug==} engines: {node: '>=18.0.0'} - '@smithy/credential-provider-imds@4.3.5': - resolution: {integrity: sha512-yiF8xHpdkaTfzLVqFzsP6WvNghEK+qZzLYWFD13L2SsFhbXwBGlxdocKF95qjr7s5lE5NRage+EJFK4mAsx88Q==} + '@smithy/credential-provider-imds@4.3.6': + resolution: {integrity: sha512-tHhdiWZfG1ZIh2YcRfPJmY2gHcBmqbAzqm3ER4TIDFYsSEqTD5tICT7cgQ/kI8LRakxp12myOYyK68XPn7MnHw==} engines: {node: '>=18.0.0'} - '@smithy/fetch-http-handler@5.4.4': - resolution: {integrity: sha512-qM7AUKI4G6d7lNgaZD3lA1tWSolh5r6gcixfTZAPstVURfjIbvreVTPz+994M0yC3HbX4YYhDRgr31Xy3XwWOQ==} + '@smithy/credential-provider-imds@4.3.7': + resolution: {integrity: sha512-xj8gq/bjFABAh6qWPSDCYcY3kzQIm4b561C+YnHH4zGq8rOgzQ3Shk+JGlpUxSd41UGiO6FkLdUCtNX1FAeHgg==} engines: {node: '>=18.0.0'} '@smithy/fetch-http-handler@5.4.5': resolution: {integrity: sha512-SK3VMeH0fibgdTg2QeB+O4p7Yy/2E5HBOHJeC58FshkDdeuX8lOgO7PfjYfLyPLP1ch55j91cQqKBzDS0mRjSQ==} engines: {node: '>=18.0.0'} + '@smithy/fetch-http-handler@5.4.6': + resolution: {integrity: sha512-FEwEYJ1jlBKdhe9TPzfghEi1bP55ZeEImlDkEa62bBBYzUcnB6RUCyuiS2mqKt6ZVjUbBgcNhzfIctH+Hevx9g==} + engines: {node: '>=18.0.0'} + '@smithy/is-array-buffer@2.2.0': resolution: {integrity: sha512-GGP3O9QFD24uGeAXYUjwSTXARoqpZykHadOmA8G5vfJPK0/DC67qa//0qvqrJzL1xc8WQWX7/yc7fwudjPHPhA==} engines: {node: '>=14.0.0'} - '@smithy/node-config-provider@4.4.5': - resolution: {integrity: sha512-c2G9QJ4xVZLwAkAf+WQESSSCkKbtt33ytje1klGvTcBn6cKuqV28E+62wbRPHwuTikkB3LQ7CBnNrayCoJur5A==} + '@smithy/node-config-provider@4.4.6': + resolution: {integrity: sha512-M+gG6eQ0y073mSmNB+erRXJvwpsqsN72ol2w6vcd8FEKeG7pqYK0JvzfVqONkPj2ElBB2pg+cU13I850b//Wag==} engines: {node: '>=18.0.0'} '@smithy/node-http-handler@4.7.3': resolution: {integrity: sha512-/jPhevcTFPMVl6KNjbaI47iOg1zxC7IsnX4PQDGVZKMFceOXtB8IEYaB7a9VvkP/3oC60WzTeKocvSI7vLT0vA==} engines: {node: '>=18.0.0'} - '@smithy/node-http-handler@4.7.4': - resolution: {integrity: sha512-HIeF+1vrDGzPkkv39Hj2vlHSXHY3p958jd/8ZnePIY6+ZOsQX8coyEUKO5yQu4r0bQIVsbpotVIrXXwyycMStQ==} - engines: {node: '>=18.0.0'} - '@smithy/node-http-handler@4.7.5': resolution: {integrity: sha512-3dA9TQ+ybRSZ/m0wnbZhiBy4Dezjgq1Ib/ZZrYTpJDBgpoLLU/SDzZc/g0x0MNAdOJe1wPcM+x2PBRmoOur+Sw==} engines: {node: '>=18.0.0'} - '@smithy/signature-v4@5.4.4': - resolution: {integrity: sha512-e5UtkMvsatzBfbeBZjEOt0k0Z3BEsjTFL/n6fdO5vtBLe67tdy0dX7xw2DU7uZ3acwoHyeCqpU2Fzb7pxwHb6Q==} + '@smithy/node-http-handler@4.7.6': + resolution: {integrity: sha512-3fya8i7GrJilQouk4cZJKdy5k8MWQBpjfXrRNaXDedH8r779tr0jcxyH3+yoTmsluc2+vF4S343yFbnvu8ExDQ==} engines: {node: '>=18.0.0'} '@smithy/signature-v4@5.4.5': resolution: {integrity: sha512-QBJKWGqIknH0dc9LWpfH1mkdokAx6iXYN3UcQ3eY6uIEyScuoQAhfl94ge7ozUy9WgFUdE8xsvwBjaYBbWmPNA==} engines: {node: '>=18.0.0'} + '@smithy/signature-v4@5.4.6': + resolution: {integrity: sha512-Ojg4B6oIDlIr1R86xCDJt1zJWnYa0VINmqdjfe9qxWjdRivHalZ3iSlQgVqYbW0MdpFOC5XfHEWsnbmdnpIILQ==} + engines: {node: '>=18.0.0'} + '@smithy/types@4.14.2': resolution: {integrity: sha512-P+otAxbV4CqBybp7EkcJCrig63yE2E7PuNVOmilVMRcx/O+QDzGULTrKsq4DV13gSfak9ObPrWaHl/9bL5YcWw==} engines: {node: '>=18.0.0'} + '@smithy/types@4.14.3': + resolution: {integrity: sha512-YupL0ZWmFtJexUN2cHzkvvF/b9pKrtAIfT1o7/oY/Ppu8IYeZ+lDPM5vZdQJaSeA132dJCqojjGC9NhXeF71VQ==} + engines: {node: '>=18.0.0'} + '@smithy/util-buffer-from@2.2.0': resolution: {integrity: sha512-IJdWBbTcMQ6DA0gdNhh/BwrLkDR+ADW5Kr1aZmd4k3DIF6ezMV4R2NIAmT08wQJ3yUK82thHWmC/TnK/wpMMIA==} engines: {node: '>=14.0.0'} @@ -2537,9 +2546,6 @@ packages: '@types/deep-eql@4.0.2': resolution: {integrity: sha512-c9h9dVVMigMPc4bwTvC5dxqtqJZwQPePsWjPlpSOnojbor6pGqdk541lfA7AqFQr5pB1BRdq0juY9db81BwyFw==} - '@types/estree@1.0.8': - resolution: {integrity: sha512-dWHzHa2WqEXI/O1E9OjrocMTKJl2mSrEolh1Iomrv6U+JuNwaHXsXx9bLu5gG7BUWFIN0skIQJQ/L1rIex4X6w==} - '@types/estree@1.0.9': resolution: {integrity: sha512-GhdPgy1el4/ImP05X05Uw4cw2/M93BCUmnEvWZNStlCzEKME4Fkk+YpoA5OiHNQmoS7Cafb8Xa3Pya8m1Qrzeg==} @@ -2570,61 +2576,61 @@ packages: '@types/unist@3.0.3': resolution: {integrity: sha512-ko/gIFJRv177XgZsZcBwnqJN5x/Gien8qNOn0D5bQU/zAzVf9Zt3BlcUiLqhV9y4ARk0GbT3tnUiPNgnTXzc/Q==} - '@typescript/native-preview-darwin-arm64@7.0.0-dev.20260527.2': - resolution: {integrity: sha512-3LqSu4DlxkEfeC/Z/29QMCJn5jjkDtXI7LYuxfmjdmAatS6umDKqm8J17fnP/7fyrZUMBTIYRwSDpChGV3G1ew==} + '@typescript/native-preview-darwin-arm64@7.0.0-dev.20260603.1': + resolution: {integrity: sha512-BvaaQAHWaHA0nl26DsWTsXsKkCHqUTm7f5FMuNDyCU83Hvo7zHx0vpSTrzL+1KEWeWLUVVGA7U224dk+3yIosQ==} engines: {node: '>=16.20.0'} cpu: [arm64] os: [darwin] - '@typescript/native-preview-darwin-x64@7.0.0-dev.20260527.2': - resolution: {integrity: sha512-H4+sxE9qaBbLF83wMdWE0FsgfK0Pom+/O+/oxqyGzhVkDJlNt3vfpgQZMit48/Gm44AacGfBggJ9Dhbi3aeSFw==} + '@typescript/native-preview-darwin-x64@7.0.0-dev.20260603.1': + resolution: {integrity: sha512-a2JJezvJAqWXgTAD1tKdWs7iA/4s3EakLcCYx4rg3ptEbBF6ADWv7A9ySHxT/+CQWYCD0DYIb9du1JUWL85fRw==} engines: {node: '>=16.20.0'} cpu: [x64] os: [darwin] - '@typescript/native-preview-linux-arm64@7.0.0-dev.20260527.2': - resolution: {integrity: sha512-BGUDMjC2Z3TTdZRkGGwhBLelkP5UYgO2rbep8aF4dS3fu7T5lFPPrnfS6EgqJgie+cF5Fsev7xEq8wWyBDM+lg==} + '@typescript/native-preview-linux-arm64@7.0.0-dev.20260603.1': + resolution: {integrity: sha512-MQ0JcRucLdcR6MT14wlrGNz9HaxJrFF8Axmo0IN6e5gSou2UrKKUvvAH1i8zU5Gm7jl8CWCLzzX/qGCi1TsinA==} engines: {node: '>=16.20.0'} cpu: [arm64] os: [linux] - '@typescript/native-preview-linux-arm@7.0.0-dev.20260527.2': - resolution: {integrity: sha512-6I9Cv9ozwfS9zB9vRQDPIYseLX3artEO9jl3yVgLj4ishwlSF4cWAbIsjl5IztPaEgHv8coej/6tX1D0uaBzXg==} + '@typescript/native-preview-linux-arm@7.0.0-dev.20260603.1': + resolution: {integrity: sha512-GLsTfJQiGfTN+r1ezlxMcTd5MNYRB/tADD6Y1j1jfLjZsFYSVkNfCnDQA/jwUG6GddBBF+0Um7tBUP16emej9w==} engines: {node: '>=16.20.0'} cpu: [arm] os: [linux] - '@typescript/native-preview-linux-x64@7.0.0-dev.20260527.2': - resolution: {integrity: sha512-vpazOu+ozlxBo8U57YJMzsOPuxAV8H7fu36KJ8ea8At/D8pdGmOAy5TuB+9OBQV9JDe0OXJMy2kmbhOpmkTAmA==} + '@typescript/native-preview-linux-x64@7.0.0-dev.20260603.1': + resolution: {integrity: sha512-u6gvCiVGSDagdR2+GI5VJLPxJbGevATJgjZ2QFLKBLWI3re7liTGlPAuaINNDq/r0m9rUPj2rEn0zwqtcLK0nQ==} engines: {node: '>=16.20.0'} cpu: [x64] os: [linux] - '@typescript/native-preview-win32-arm64@7.0.0-dev.20260527.2': - resolution: {integrity: sha512-DBFnFE3V6AITkPO1K1VxXf3yEZKjU2FwtXlNwRqhzDu0rrL2SsJHOSrBDX+OacTxQFzZMxFcpiuhV8jHZALPEg==} + '@typescript/native-preview-win32-arm64@7.0.0-dev.20260603.1': + resolution: {integrity: sha512-slxm6HBYs+jk0GpIBC2o03uY5qHgW7wIH+OTjK8JHbd2sUCgYV7P7bfZHUVZYi/cJZcVrnDW6MxXx734TuFn+w==} engines: {node: '>=16.20.0'} cpu: [arm64] os: [win32] - '@typescript/native-preview-win32-x64@7.0.0-dev.20260527.2': - resolution: {integrity: sha512-1tBlErMvQgcMqqYwsx4tytupcjCJcOUXD3vBn1Wb/kAvus1FzWQAFE0fcKBvLfcqLQfTiiEwKKEtbLjGmakqqg==} + '@typescript/native-preview-win32-x64@7.0.0-dev.20260603.1': + resolution: {integrity: sha512-G7SDZJn2Z9+c1qsAFzI/JL0OsRjJ18diQ39ycWKmJikilZZeL7iS7j933bemWY4ODaLTfxhMRKPMHf9292gpDA==} engines: {node: '>=16.20.0'} cpu: [x64] os: [win32] - '@typescript/native-preview@7.0.0-dev.20260527.2': - resolution: {integrity: sha512-piqkDwikVeizCFqA1lcwI5F4wOAtBdxuliWe77ApBNRyBPPvfCJB+u/HYi9/8t5nd0sWvFs6/qt/AzJ1CCoykQ==} + '@typescript/native-preview@7.0.0-dev.20260603.1': + resolution: {integrity: sha512-CO519Ccw5rji4JIG0DGVMR5owraCeQhm94jM53eRhMdlzz0nAJcAZ63Y6m1u3dUwqGssqlYxh4CcwTFPxTpMYw==} engines: {node: '>=16.20.0'} hasBin: true '@ungap/structured-clone@1.3.1': resolution: {integrity: sha512-mUFwbeTqrVgDQxFveS+df2yfap6iuP20NAKAsBt5jDEoOTDew+zwLAOilHCeQJOVSvmgCX4ogqIrA0mnyr08yQ==} - '@vitest/expect@4.1.7': - resolution: {integrity: sha512-1R+tw0ortHEbZDGMymm+pN7/AFQ/RkFFdtd7EN+VBpynKmLbP8A3rpEXdshBJ7+8hQ9zBJh/i1s0yKNtxAnU7w==} + '@vitest/expect@4.1.8': + resolution: {integrity: sha512-h3nDO677RDLEGlBxyQ5CW8RlMThSKSRLUePLOx09gNIWRL40edgA1GCZSZgf1W55MFAG6/Sw14KeaAnqv0NKdQ==} - '@vitest/mocker@4.1.7': - resolution: {integrity: sha512-vY7nuamKgfvpA1Koa3oYIw/k7D6kZnpGyNMZW8loow2bsBYla1TFdqTaXncWdRn4pgwNs+90RhnXhJScDwQeJA==} + '@vitest/mocker@4.1.8': + resolution: {integrity: sha512-LEiN/xe4OSIbKe9HQIp5OC24agGD9J5CnmMgsLohVVoOPWL9a2sBoR6VBx43jQZb7Kr1l4RCuyCJzcAa0+dojw==} peerDependencies: msw: ^2.4.9 vite: ^6.0.0 || ^7.0.0 || ^8.0.0 @@ -2634,20 +2640,20 @@ packages: vite: optional: true - '@vitest/pretty-format@4.1.7': - resolution: {integrity: sha512-umgCarTOYQWIaDMvGDRZij+6b9oVeLIyJzfN+AS88e0ZOU3QTgNNSTtjQOpcvWr3np1N0j4WgZj+sb3oYBDscw==} + '@vitest/pretty-format@4.1.8': + resolution: {integrity: sha512-9GasEBxpZ1VYIpqHf/0+YGg121uSNwCKOJqIrTwWP/TB7DmFCiaBpNl3aPZzoLWfWkuqhbH8vJIVobZkvdo2cA==} - '@vitest/runner@4.1.7': - resolution: {integrity: sha512-BapjmAQ2aI78WdMEfeUWivnfVzB+VPGwWRQcJE0OUq7qEeEcBsCSf+0T5iREBNE5nBb4wA5Ya0W6IA+sghdEFw==} + '@vitest/runner@4.1.8': + resolution: {integrity: sha512-EmVxeBAfMJvycdjd6Hm+RbFBbA9fKvo0Kx37hNpBYoYeavH3RNsBXWDooR1mgD52dCrxIIuP7UotpfiwOikvcg==} - '@vitest/snapshot@4.1.7': - resolution: {integrity: sha512-ZacLzja+TmJeZ1h14xW2FB/WpeimUD3haBXQPyJqxvo8jQTmfeA8zv58mtjN2C7EHXZDYVcVYdYmAxjkWVvKCw==} + '@vitest/snapshot@4.1.8': + resolution: {integrity: sha512-acfZboRmAIf05DEKcBQy33VXojFJjtUdLyo7oOmV9kebb2xdU01UknNiPuPZoJZQyO7DF0gZdTGTpeAzET9QPQ==} - '@vitest/spy@4.1.7': - resolution: {integrity: sha512-kbkI5LMWakyuTIvs6fUJ5qdIVb1XVKsYJAT4OJ938cHMROYMSfmoQdZy0aaAnjbbc8F61vkoTqz/Az+/HiIu5Q==} + '@vitest/spy@4.1.8': + resolution: {integrity: sha512-6EevtBp6OZOPF7bmz36HrGMeP3txgVSrgebWxHOafDXGkhIzfXK14f8KF6MuFfgXXUeHxmpD3BQxkV00/3s5mA==} - '@vitest/utils@4.1.7': - resolution: {integrity: sha512-T532WBu791cBxJlCl6SO+J14l81DQx6uQHm1bQbmCDY7nqlEIgkza/UFnSBNaUtSf41unldDFjdOBYEQC4b5Hw==} + '@vitest/utils@4.1.8': + resolution: {integrity: sha512-uOJamYALNhfJ6iolExyQM40yIQwDqYnkKtQ5VCiSe17E33H0aQ/u+1GlRuz4LZBk6Mm3sg90G9hEbmEt37C1Zg==} '@volar/kit@2.4.28': resolution: {integrity: sha512-cKX4vK9dtZvDRaAzeoUdaAJEew6IdxHNCRrdp5Kvcl6zZOqb6jTOfk3kXkIkG3T7oTFXguEMt5+9ptyqYR84Pg==} @@ -2702,8 +2708,8 @@ packages: ajv@8.20.0: resolution: {integrity: sha512-Thbli+OlOj+iMPYFBVBfJ3OmCAnaSyNn4M1vz9T6Gka5Jt9ba/HIR56joy65tY6kx/FCF5VXNB819Y7/GUrBGA==} - alchemy@0.93.9: - resolution: {integrity: sha512-suneExNJ0sziKP7xBLesOBFx/E6esousqKiIroKIML+4IQ6S8H0nhrt9i9j0fEZA0Z+BFE+H8qNG2mGzqIDtXg==} + alchemy@0.93.10: + resolution: {integrity: sha512-Ypl31Jpd8YpGnZfsnir2K344uFJLXhqKIM1zEDMiEucmSyckcZQ1Q3lpkz8ZDmOajDvPUOJ38VqtvlNC/1x6OQ==} hasBin: true peerDependencies: '@astrojs/cloudflare': ^12.6.4 @@ -2808,8 +2814,8 @@ packages: resolution: {integrity: sha512-Izi8RQcffqCeNVgFigKli1ssklIbpHnCYc6AknXGYoB6grJqyeby7jv12JUQgmTAnIDnbck1uxksT4dzN3PWBA==} engines: {node: '>=12'} - astro@6.4.2: - resolution: {integrity: sha512-8H89CH2dKL5SCU99OCqdU9BGjmPkSJqaPurywj5XMo7eMFGUFD3vsNhdEKnEh4mK4LgGje3/QDTTSIIGst0G0Q==} + astro@6.4.3: + resolution: {integrity: sha512-heArIk8zLcxuoj1WgBH2zGdAD8zKSU1mEcBvS6hYMEHRPlbtvB+4Y8ri9Z27hzeryvGaFgrH32zjghEfV2y07g==} engines: {node: '>=22.12.0', npm: '>=9.6.5', pnpm: '>=7.1.0'} hasBin: true @@ -3553,8 +3559,8 @@ packages: graceful-fs@4.2.11: resolution: {integrity: sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ==} - graphql@16.14.0: - resolution: {integrity: sha512-BBvQ/406p+4CZbTpCbVPSxfzrZrbnuWSP1ELYgyS6B+hNeKzgrdB4JczCa5VZUBQrDa9hUngm0KnexY6pJRN5Q==} + graphql@16.14.1: + resolution: {integrity: sha512-cQOsSMS/IrDz82PVyRDvf/Q1F/bRbBVjJlh+xYOkI1qw2bWRvWGiWc+m2O0d6l4Bt1fyY+8kzJ8JFWGJqNeDBg==} engines: {node: ^12.22.0 || ^14.16.0 || ^16.0.0 || >=17.0.0} h3@1.15.11: @@ -3771,8 +3777,8 @@ packages: resolution: {integrity: sha512-PMSmkqxr106Xa156c2M265Z+FTrPl+oxd/rgOQy2tijQeK5TxQ43psO1ZCwhVOSdnn+RzkzlRz/eY4BgJBYVpg==} hasBin: true - js-yaml@4.1.1: - resolution: {integrity: sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==} + js-yaml@4.2.0: + resolution: {integrity: sha512-ePWsvanv0DWuDRsW8dnt+R4jQ31SCRCQ7hhNcPXZPsoBZiemuZNYGf7adZdqX2D86j6rvKp3RpCxVTSb8WQlOw==} hasBin: true json-bigint@1.0.0: @@ -3896,8 +3902,8 @@ packages: resolution: {integrity: sha512-NXYBzinNrblfraPGyrbPoD19C1h9lfI/1mzgWYvXUTe414Gz/X1FD2XBZSZM7rRTrMA8JL3OtAaGifrIKhQ5yQ==} engines: {node: '>= 12.0.0'} - lint-staged@17.0.5: - resolution: {integrity: sha512-d12yC+/e8RhBjZtaxZn71FyrgU/P5e+uAPifhCLwdosQZP/zamSdKRWDC30ocVIbzDKiFG1McHc/LUgB92GIPw==} + lint-staged@17.0.7: + resolution: {integrity: sha512-JrSobt+tW3rH8IOMi8tDZd3foorM5yPEkLD/V2NxobgHrFfHWGee4MOLVuZeScgxftEwbHrPHIFA/ZL+nUJeuA==} engines: {node: '>=22.22.1'} hasBin: true @@ -3929,10 +3935,6 @@ packages: lru-cache@10.4.3: resolution: {integrity: sha512-JNAzZcXrCt42VGLuYz0zfAzDfAvJWW6AfYlDBQyDV5DClI2m5sAmK+OIO7s59XfsRsWHp02jAJrRadPRGTt6SQ==} - lru-cache@11.5.0: - resolution: {integrity: sha512-5YgH9UJd7wVb9hIouI2adWpgqrrICkt070Dnj8EUY1+B4B2P9eRLPAkAAo6NICA7CEhOIeBHl46u9zSNpNu7zA==} - engines: {node: 20 || >=22} - lru-cache@11.5.1: resolution: {integrity: sha512-RPimw/7aMdv2oqRrxKwvZXcPfwBrn/JZ2xYcY9Hus/6LaS3VOAKVWKWgNLCFSiOm1ESXinjsDlidVU7JlnCN2A==} engines: {node: 20 || >=22} @@ -4117,8 +4119,8 @@ packages: engines: {node: '>=18.0.0'} hasBin: true - miniflare@4.20260526.0: - resolution: {integrity: sha512-JYQ7jPZZWoaaj9jWHb8Ucp6Cu2SbDVqIsAJhumqdzzLkkfq0pYkDeino/sZfW1ixJWPjv/C44zjm9gVJC2izCA==} + miniflare@4.20260601.0: + resolution: {integrity: sha512-56TFiulSEQu43cYxdXgCiA3U3i+Ls0NoXwJXd6DmpNsx8yl/1Il2T3DQ4CMXjR6yfE7CSvC5MuXaqcSAMREjgw==} engines: {node: '>=22.0.0'} hasBin: true @@ -4264,8 +4266,8 @@ packages: outdent@0.5.0: resolution: {integrity: sha512-/jHxFIzoMXdqPzTaCpFzAAWhpkSjZPF4Vsn6jAfNpmbH/ymsmd7Qc6VE9BGn0L6YMj6uwpQLxCECpus4ukKS9Q==} - oxfmt@0.52.0: - resolution: {integrity: sha512-nJlYM35F64zTDMecCNhoHNkf+D/eHv7xcjj9XDSj+bFAVtN93m7v8DQMdHd6nDG6Akf/kEYYHmDUBs2Dz27Sug==} + oxfmt@0.53.0: + resolution: {integrity: sha512-9cB5glS3Ip6NMuZ+6NYTao9FCWkDhRtPYCtR3QBu/NxHoFbgzzTvi41N4jxz/GqGfuLKspui1qb/LlSu2IbMcw==} engines: {node: ^20.19.0 || >=22.12.0} hasBin: true peerDependencies: @@ -4277,8 +4279,8 @@ packages: vite-plus: optional: true - oxlint@1.67.0: - resolution: {integrity: sha512-blwwaHPdoH8piQ5/z0KHeoHFR7FZgl12WluKJfu4qFLPkZl6mK04PkLE45Fw1NxfBRSlh40Gu7MkxHUw++ociQ==} + oxlint@1.68.0: + resolution: {integrity: sha512-dXcbq+xsmLrMy6T8d0euf3IYUfLmjHIE11pOxiUSi5LHkFZaYPv568R6sEjcavVpUxoaQe66UBuK4HEi74NxpA==} engines: {node: ^20.19.0 || >=22.12.0} hasBin: true peerDependencies: @@ -4449,11 +4451,11 @@ packages: proper-lockfile@4.1.2: resolution: {integrity: sha512-TjNPblN4BwAWMXU8s9AEz4JmQxnD1NNL7bNOY/AKUzyamc379FWASUhc/K1pL2noVb+XmZKLL68cjzLsiOAMaA==} - property-information@7.1.0: - resolution: {integrity: sha512-TwEZ+X+yCJmYfL7TPUOcvBZ4QfoT5YenQiJuX//0th53DE6w0xxLEtfK3iyryQFddXuvkIk51EEgrJQ0WJkOmQ==} + property-information@7.2.0: + resolution: {integrity: sha512-IAtzIB6sUiWaJYrX9smp3V46pBGbBeLFRGdh25kg1334VcBlD8HzhPeNIWQH9zhGmo2itIe25EHt9dQP7G5hmg==} - protobufjs@7.6.1: - resolution: {integrity: sha512-4K0myLaWL5EteuSAro91EGFgcfVgxb64Jx+7oDAY6GOkXD4M69yuSEljNcInGVCA5sOPxmZ/EqDLj2x0Q0+Ygg==} + protobufjs@7.6.2: + resolution: {integrity: sha512-N9EiLovGEQOJSPF26Ij7qUGvahfEnq0eeYZ02aigIedkmz1qZSwjnP9SBITHJuF/6MYbIW4HDN8zdYjsjqJKXQ==} engines: {node: '>=12.0.0'} proxy-addr@2.0.7: @@ -4593,31 +4595,11 @@ packages: engines: {node: ^20.19.0 || >=22.12.0} hasBin: true - rollup@4.60.4: - resolution: {integrity: sha512-WHeFSbZYsPu3+bLoNRUuAO+wavNlocOPf3wSHTP7hcFKVnJeWsYlCDbr3mTS14FCizf9ccIxXA8sGL8zKeQN3g==} + rollup@4.61.0: + resolution: {integrity: sha512-T9mWdbWfQtp0B5lv/HX+wrhYsmXRlcWnXXmJbXqKJhlRaoS6KMhq0gpyzW4UJfclcxrEdLnTgjT2NjruLONu0g==} engines: {node: '>=18.0.0', npm: '>=8.0.0'} hasBin: true - rosie-skills-darwin-arm64@0.6.4: - resolution: {integrity: sha512-rn1s5hqFKcxeiDEWWoFa1hdGPshR8TkwHLzy/cBavb9XJNAaUxbe3oQ78W9sQkRHAgRyzJYyk9tw68Qrdnizgg==} - cpu: [arm64] - os: [darwin] - - rosie-skills-freebsd-x64@0.6.4: - resolution: {integrity: sha512-SxCRduPBMtfjkQ+q56Yw9OLA3PyaqoALzt7kER7IDKuUVfM2O/1w8sa5xhTDiCvWkZJixnH5d5Ya6KT+/Mwcng==} - cpu: [x64] - os: [freebsd] - - rosie-skills-linux-x64@0.6.4: - resolution: {integrity: sha512-D9Y9mfu7goB0s0X59uU3hcFeUTef3VbpCIDwFMzyvJrAq3XhRACWBDMHQsHlyWdHxTXPX/ILyW65RXyrJlgqng==} - cpu: [x64] - os: [linux] - - rosie-skills@0.6.4: - resolution: {integrity: sha512-ojfhSiQRdZ2QyWbmKAHOSAUbaLYrTc5zIH7mS1jKoP8KCFSQddwVhMyFqldckTeybTfW3zNcsZzyOTzGTN1SBA==} - engines: {node: '>=18'} - hasBin: true - router@2.2.0: resolution: {integrity: sha512-nLTrUKm2UyiL7rlhapu/Zl45FwNgkZGaCpZbIHajDYgwlJCOzLSk+cIPAnsEqV955GjILJnKbdQC1nVPz+gAYQ==} engines: {node: '>= 18'} @@ -4679,8 +4661,8 @@ packages: resolution: {integrity: sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==} engines: {node: '>=8'} - shiki@4.1.0: - resolution: {integrity: sha512-l/ABZPUR5v70jI10EzqfMS/I96vjSGv2y0ihUV+WYFzv0EfvW4s54m0Lg8wCrrL+2IkwBzFTuxkZjPf8b2NX9Q==} + shiki@4.2.0: + resolution: {integrity: sha512-hjNax6o/ylDy9lefQEaSDtzaT3iVNtZ3WmpQnbuQNoG4xvnSKf2kSKbihZVO4JRG1TTMejs7CmNRYlWgAL66pQ==} engines: {node: '>=20'} side-channel-list@1.0.1: @@ -4829,16 +4811,16 @@ packages: tinybench@2.9.0: resolution: {integrity: sha512-0+DUvqWMValLmha6lr4kD8iAMK1HzV0/aKnCtWb9v9641TnP/MFb7Pc2bxoxQjTXAErryXVgUOfv2YqNllqGeg==} - tinyclip@0.1.13: - resolution: {integrity: sha512-8OqlXQ35euK9+e7L68u8UwcODxkHoIkjbGsgXuARKNyQ5G6xt8nw1YPeMbxMLgCPFkToU+UEK5j05t2t8edKpQ==} + tinyclip@0.1.14: + resolution: {integrity: sha512-F1oWdz8tjT17qe1d5JgDK6z03WGOhYYAN0lK3/D/fzNiy93xswLLEw7pk+3g05onhAy6Bsc6PLNUGhdgVjemMQ==} engines: {node: ^16.14.0 || >= 17.3.0} - tinyexec@1.2.3: - resolution: {integrity: sha512-g62dB+w1/OEFnPvmX0yd/HnetYITOL+1nJW7kitOycOeAvmbWC/nu0fwmmQ/kupNojqExzyC/T++pST/jRJ2mQ==} + tinyexec@1.2.4: + resolution: {integrity: sha512-SHf/r48b7vOrjve9PxJo3MN5v5yuyjHvdUcrQffT3WXMUfnGmHDVbC4k3sHJaJTgZCwpUplIaAo5ANtMyp3YHg==} engines: {node: '>=18'} - tinyglobby@0.2.16: - resolution: {integrity: sha512-pn99VhoACYR8nFHhxqix+uvsbXineAasWm5ojXoN8xEwK5Kd3/TrhNn1wByuD52UxWRLy8pu+kRMniEi6Eq9Zg==} + tinyglobby@0.2.17: + resolution: {integrity: sha512-wXR/dYpcqKmfWpEdZjiKJOwCNFndD0DMnrW/cYjVGttEkBfVgcLFHoNrlj47mjOVic9yyNu65alsgF4NQyTa2g==} engines: {node: '>=12.0.0'} tinypool@2.1.0: @@ -4873,8 +4855,8 @@ packages: tslib@2.8.1: resolution: {integrity: sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w==} - tsx@4.22.3: - resolution: {integrity: sha512-mdoNxBC/cSQObGGVQ5Bpn5i+yv7j68gk3Nfm3wFjcJg3Z0Mix9jzAFfP12prmm5eVGmDKtp0yyArrs0Q+8gZHg==} + tsx@4.22.4: + resolution: {integrity: sha512-X8EX+XV4QR5xCsrgxaED954zTDfY8KqlDtskKEL0cHhyS/P8b4IFOvGDQpsC9Q1XnLq915wEfwwY/zzskCtmhg==} engines: {node: '>=18.0.0'} hasBin: true @@ -5059,8 +5041,8 @@ packages: vfile@6.0.3: resolution: {integrity: sha512-KzIbH/9tXat2u30jf+smMwFCsno4wHVdNmzFyL+T/L3UGqqk6JKfVqOFOZEpZSHADH1k40ab6NUIXZq422ov3Q==} - vite@7.3.3: - resolution: {integrity: sha512-/4XH147Ui7OGTjg3HbdWe5arnZQSbfuRzdr9Ec7TQi5I7R+ir0Rlc9GIvD4v0XZurELqA035KVXJXpR61xhiTA==} + vite@7.3.5: + resolution: {integrity: sha512-KuOaNhcnGFN2zIPGA7wRmzF+lJA1sea7rHq17aiJ++9lzY1WWG6Jpwqwe1KNbRVPIqHmr8GLYx7jbrQcN/7/ww==} engines: {node: ^20.19.0 || >=22.12.0} hasBin: true peerDependencies: @@ -5099,6 +5081,49 @@ packages: yaml: optional: true + vite@8.0.16: + resolution: {integrity: sha512-h9bXPmJichP5fLmVQo3PyaGSDE2n3aPuomeAlVRm0JLmt4rY6zmPKd59HYI4LNW8oTK7tlTsuC7l/m7awx9Jcw==} + engines: {node: ^20.19.0 || >=22.12.0} + hasBin: true + peerDependencies: + '@types/node': ^20.19.0 || >=22.12.0 + '@vitejs/devtools': ^0.1.18 + esbuild: ^0.27.0 || ^0.28.0 + jiti: '>=1.21.0' + less: ^4.0.0 + sass: ^1.70.0 + sass-embedded: ^1.70.0 + stylus: '>=0.54.8' + sugarss: ^5.0.0 + terser: ^5.16.0 + tsx: ^4.8.1 + yaml: ^2.4.2 + peerDependenciesMeta: + '@types/node': + optional: true + '@vitejs/devtools': + optional: true + esbuild: + optional: true + jiti: + optional: true + less: + optional: true + sass: + optional: true + sass-embedded: + optional: true + stylus: + optional: true + sugarss: + optional: true + terser: + optional: true + tsx: + optional: true + yaml: + optional: true + vitefu@1.1.3: resolution: {integrity: sha512-ub4okH7Z5KLjb6hDyjqrGXqWtWvoYdU3IGm/NorpgHncKoLTCfRIbvlhBm7r0YstIaQRYlp4yEbFqDcKSzXSSg==} peerDependencies: @@ -5107,20 +5132,20 @@ packages: vite: optional: true - vitest@4.1.7: - resolution: {integrity: sha512-flYyaFd2CgoCoU+0UKt3pxksgC+S02iTDN0n3LtqaMeXsI9SBcdNujc2k0DeFLzUn/0k538yNjOSdwgCqcrwJA==} + vitest@4.1.8: + resolution: {integrity: sha512-flY6ScbCIt9HThs+C5HS7jvGOB560DJtk/Z15IQROTA6zEy49Nh8T/dofWTQL+n3vswqn87sbJNiuqw1SDp5Ig==} engines: {node: ^20.0.0 || ^22.0.0 || >=24.0.0} hasBin: true peerDependencies: '@edge-runtime/vm': '*' '@opentelemetry/api': ^1.9.0 '@types/node': ^20.0.0 || ^22.0.0 || >=24.0.0 - '@vitest/browser-playwright': 4.1.7 - '@vitest/browser-preview': 4.1.7 - '@vitest/browser-webdriverio': 4.1.7 - '@vitest/coverage-istanbul': 4.1.7 - '@vitest/coverage-v8': 4.1.7 - '@vitest/ui': 4.1.7 + '@vitest/browser-playwright': 4.1.8 + '@vitest/browser-preview': 4.1.8 + '@vitest/browser-webdriverio': 4.1.8 + '@vitest/coverage-istanbul': 4.1.8 + '@vitest/coverage-v8': 4.1.8 + '@vitest/ui': 4.1.8 happy-dom: '*' jsdom: '*' vite: ^6.0.0 || ^7.0.0 || ^8.0.0 @@ -5230,6 +5255,9 @@ packages: vscode-languageserver-types@3.17.5: resolution: {integrity: sha512-Ld1VelNuX9pdF39h2Hgaeb5hEZM2Z3jUrrMgWQAu82jMtZp7p3vJT3BzToKtZI7NgQssZje5o0zryOrhQvzQAg==} + vscode-languageserver-types@3.18.0: + resolution: {integrity: sha512-8TsGPNMIMiiBdkORgRSvLjuiEIiAFtO+KssmYWxQ+uSVvlf7RjK8YKCOjPzZ+YA04jXEV7+7LvkSmHkhpNS99g==} + vscode-languageserver@9.0.1: resolution: {integrity: sha512-woByF3PDpkHFUreUa7Hos7+pUWdeWMXRd26+ZX2A8cFx6v/JPTtd4/uN0/jB6XQHYaOlHbio03NTHCqrgG5n7g==} hasBin: true @@ -5266,17 +5294,17 @@ packages: engines: {node: '>=16'} hasBin: true - workerd@1.20260526.1: - resolution: {integrity: sha512-IHzymht98p10JH1zzwdCpbViAqw97HrwKl7+KfZeASFMsYSrIsAULWdPn0LRC5FTUzBpamLNyKCCKxbgXHgRHQ==} + workerd@1.20260601.1: + resolution: {integrity: sha512-Bg4+HF3B8TW0urAv8chiz25HSQ/aJxMBjgheUzu/nB1NQa+CaKGrUPv+Z3bf0np/WxLHYW1kcseVEtzZVPbX4g==} engines: {node: '>=16'} hasBin: true - wrangler@4.95.0: - resolution: {integrity: sha512-vgXzFVSCdUbeCadgVXvu8fK5tzNm8T9W+7lriyGWZMx0B1+CAdr4d8JTlZszHfgjypRAHmAxb49etZGIRD9pgg==} + wrangler@4.97.0: + resolution: {integrity: sha512-jzW/aNvjerV+4TmwbvwGY6lpcuBk7EFUTonMDNfci45wSmMTj2/OJN+83cc/CeepKdb+6ZjGJw9NRjmcQoxqRg==} engines: {node: '>=22.0.0'} hasBin: true peerDependencies: - '@cloudflare/workers-types': ^4.20260526.1 + '@cloudflare/workers-types': ^4.20260601.1 peerDependenciesMeta: '@cloudflare/workers-types': optional: true @@ -5416,7 +5444,7 @@ snapshots: '@apidevtools/json-schema-ref-parser@14.0.1': dependencies: '@types/json-schema': 7.0.15 - js-yaml: 4.1.1 + js-yaml: 4.2.0 '@apidevtools/openapi-schemas@2.1.0': {} @@ -5451,10 +5479,10 @@ snapshots: dependencies: '@types/hast': 3.0.4 '@types/mdast': 4.0.4 - js-yaml: 4.1.1 + js-yaml: 4.2.0 picomatch: 4.0.4 retext-smartypants: 6.2.0 - shiki: 4.1.0 + shiki: 4.2.0 smol-toml: 1.6.1 unified: 11.0.5 @@ -5468,7 +5496,7 @@ snapshots: '@volar/language-server': 2.4.28 '@volar/language-service': 2.4.28 muggle-string: 0.4.1 - tinyglobby: 0.2.16 + tinyglobby: 0.2.17 volar-service-css: 0.0.70(@volar/language-service@2.4.28) volar-service-emmet: 0.0.70(@volar/language-service@2.4.28) volar-service-html: 0.0.70(@volar/language-service@2.4.28) @@ -5525,7 +5553,7 @@ snapshots: '@aws-crypto/crc32@5.2.0': dependencies: '@aws-crypto/util': 5.2.0 - '@aws-sdk/types': 3.973.9 + '@aws-sdk/types': 3.973.10 tslib: 2.8.1 '@aws-crypto/sha256-browser@5.2.0': @@ -5533,7 +5561,7 @@ snapshots: '@aws-crypto/sha256-js': 5.2.0 '@aws-crypto/supports-web-crypto': 5.2.0 '@aws-crypto/util': 5.2.0 - '@aws-sdk/types': 3.973.9 + '@aws-sdk/types': 3.973.10 '@aws-sdk/util-locate-window': 3.965.5 '@smithy/util-utf8': 2.3.0 tslib: 2.8.1 @@ -5541,7 +5569,7 @@ snapshots: '@aws-crypto/sha256-js@5.2.0': dependencies: '@aws-crypto/util': 5.2.0 - '@aws-sdk/types': 3.973.9 + '@aws-sdk/types': 3.973.10 tslib: 2.8.1 '@aws-crypto/supports-web-crypto@5.2.0': @@ -5550,7 +5578,7 @@ snapshots: '@aws-crypto/util@5.2.0': dependencies: - '@aws-sdk/types': 3.973.9 + '@aws-sdk/types': 3.973.10 '@smithy/util-utf8': 2.3.0 tslib: 2.8.1 @@ -5558,41 +5586,30 @@ snapshots: dependencies: '@aws-crypto/sha256-browser': 5.2.0 '@aws-crypto/sha256-js': 5.2.0 - '@aws-sdk/core': 3.974.13 - '@aws-sdk/credential-provider-node': 3.972.44 - '@aws-sdk/eventstream-handler-node': 3.972.17 - '@aws-sdk/middleware-eventstream': 3.972.13 - '@aws-sdk/middleware-websocket': 3.972.21 + '@aws-sdk/core': 3.974.15 + '@aws-sdk/credential-provider-node': 3.972.47 + '@aws-sdk/eventstream-handler-node': 3.972.18 + '@aws-sdk/middleware-eventstream': 3.972.14 + '@aws-sdk/middleware-websocket': 3.972.23 '@aws-sdk/token-providers': 3.1048.0 '@aws-sdk/types': 3.973.9 - '@smithy/core': 3.24.4 - '@smithy/fetch-http-handler': 5.4.4 + '@smithy/core': 3.24.5 + '@smithy/fetch-http-handler': 5.4.5 '@smithy/node-http-handler': 4.7.3 '@smithy/types': 4.14.2 tslib: 2.8.1 - '@aws-sdk/client-cognito-identity@3.1056.0': + '@aws-sdk/client-cognito-identity@3.1060.0': dependencies: '@aws-crypto/sha256-browser': 5.2.0 '@aws-crypto/sha256-js': 5.2.0 - '@aws-sdk/core': 3.974.15 - '@aws-sdk/credential-provider-node': 3.972.46 - '@aws-sdk/types': 3.973.9 - '@smithy/core': 3.24.5 - '@smithy/fetch-http-handler': 5.4.5 - '@smithy/node-http-handler': 4.7.5 - '@smithy/types': 4.14.2 - tslib: 2.8.1 - - '@aws-sdk/core@3.974.13': - dependencies: - '@aws-sdk/types': 3.973.9 - '@aws-sdk/xml-builder': 3.972.25 - '@aws/lambda-invoke-store': 0.2.4 - '@smithy/core': 3.24.4 - '@smithy/signature-v4': 5.4.4 - '@smithy/types': 4.14.2 - bowser: 2.14.1 + '@aws-sdk/core': 3.974.17 + '@aws-sdk/credential-provider-node': 3.972.50 + '@aws-sdk/types': 3.973.10 + '@smithy/core': 3.24.6 + '@smithy/fetch-http-handler': 5.4.6 + '@smithy/node-http-handler': 4.7.6 + '@smithy/types': 4.14.3 tslib: 2.8.1 '@aws-sdk/core@3.974.15': @@ -5606,20 +5623,23 @@ snapshots: bowser: 2.14.1 tslib: 2.8.1 - '@aws-sdk/credential-provider-cognito-identity@3.972.38': + '@aws-sdk/core@3.974.17': dependencies: - '@aws-sdk/nested-clients': 3.997.13 - '@aws-sdk/types': 3.973.9 - '@smithy/core': 3.24.5 - '@smithy/types': 4.14.2 + '@aws-sdk/types': 3.973.10 + '@aws-sdk/xml-builder': 3.972.27 + '@aws/lambda-invoke-store': 0.2.4 + '@smithy/core': 3.24.6 + '@smithy/signature-v4': 5.4.6 + '@smithy/types': 4.14.3 + bowser: 2.14.1 tslib: 2.8.1 - '@aws-sdk/credential-provider-env@3.972.39': + '@aws-sdk/credential-provider-cognito-identity@3.972.40': dependencies: - '@aws-sdk/core': 3.974.13 - '@aws-sdk/types': 3.973.9 - '@smithy/core': 3.24.4 - '@smithy/types': 4.14.2 + '@aws-sdk/nested-clients': 3.997.15 + '@aws-sdk/types': 3.973.10 + '@smithy/core': 3.24.6 + '@smithy/types': 4.14.3 tslib: 2.8.1 '@aws-sdk/credential-provider-env@3.972.41': @@ -5630,14 +5650,12 @@ snapshots: '@smithy/types': 4.14.2 tslib: 2.8.1 - '@aws-sdk/credential-provider-http@3.972.41': + '@aws-sdk/credential-provider-env@3.972.43': dependencies: - '@aws-sdk/core': 3.974.13 - '@aws-sdk/types': 3.973.9 - '@smithy/core': 3.24.4 - '@smithy/fetch-http-handler': 5.4.4 - '@smithy/node-http-handler': 4.7.4 - '@smithy/types': 4.14.2 + '@aws-sdk/core': 3.974.17 + '@aws-sdk/types': 3.973.10 + '@smithy/core': 3.24.6 + '@smithy/types': 4.14.3 tslib: 2.8.1 '@aws-sdk/credential-provider-http@3.972.43': @@ -5650,23 +5668,17 @@ snapshots: '@smithy/types': 4.14.2 tslib: 2.8.1 - '@aws-sdk/credential-provider-ini@3.972.43': + '@aws-sdk/credential-provider-http@3.972.45': dependencies: - '@aws-sdk/core': 3.974.13 - '@aws-sdk/credential-provider-env': 3.972.39 - '@aws-sdk/credential-provider-http': 3.972.41 - '@aws-sdk/credential-provider-login': 3.972.43 - '@aws-sdk/credential-provider-process': 3.972.39 - '@aws-sdk/credential-provider-sso': 3.972.43 - '@aws-sdk/credential-provider-web-identity': 3.972.43 - '@aws-sdk/nested-clients': 3.997.11 - '@aws-sdk/types': 3.973.9 - '@smithy/core': 3.24.4 - '@smithy/credential-provider-imds': 4.3.4 - '@smithy/types': 4.14.2 + '@aws-sdk/core': 3.974.17 + '@aws-sdk/types': 3.973.10 + '@smithy/core': 3.24.6 + '@smithy/fetch-http-handler': 5.4.6 + '@smithy/node-http-handler': 4.7.6 + '@smithy/types': 4.14.3 tslib: 2.8.1 - '@aws-sdk/credential-provider-ini@3.972.45': + '@aws-sdk/credential-provider-ini@3.972.46': dependencies: '@aws-sdk/core': 3.974.15 '@aws-sdk/credential-provider-env': 3.972.41 @@ -5678,17 +5690,24 @@ snapshots: '@aws-sdk/nested-clients': 3.997.13 '@aws-sdk/types': 3.973.9 '@smithy/core': 3.24.5 - '@smithy/credential-provider-imds': 4.3.5 + '@smithy/credential-provider-imds': 4.3.6 '@smithy/types': 4.14.2 tslib: 2.8.1 - '@aws-sdk/credential-provider-login@3.972.43': - dependencies: - '@aws-sdk/core': 3.974.13 - '@aws-sdk/nested-clients': 3.997.11 - '@aws-sdk/types': 3.973.9 - '@smithy/core': 3.24.4 - '@smithy/types': 4.14.2 + '@aws-sdk/credential-provider-ini@3.972.48': + dependencies: + '@aws-sdk/core': 3.974.17 + '@aws-sdk/credential-provider-env': 3.972.43 + '@aws-sdk/credential-provider-http': 3.972.45 + '@aws-sdk/credential-provider-login': 3.972.47 + '@aws-sdk/credential-provider-process': 3.972.43 + '@aws-sdk/credential-provider-sso': 3.972.47 + '@aws-sdk/credential-provider-web-identity': 3.972.47 + '@aws-sdk/nested-clients': 3.997.15 + '@aws-sdk/types': 3.973.10 + '@smithy/core': 3.24.6 + '@smithy/credential-provider-imds': 4.3.7 + '@smithy/types': 4.14.3 tslib: 2.8.1 '@aws-sdk/credential-provider-login@3.972.45': @@ -5700,40 +5719,41 @@ snapshots: '@smithy/types': 4.14.2 tslib: 2.8.1 - '@aws-sdk/credential-provider-node@3.972.44': + '@aws-sdk/credential-provider-login@3.972.47': dependencies: - '@aws-sdk/credential-provider-env': 3.972.39 - '@aws-sdk/credential-provider-http': 3.972.41 - '@aws-sdk/credential-provider-ini': 3.972.43 - '@aws-sdk/credential-provider-process': 3.972.39 - '@aws-sdk/credential-provider-sso': 3.972.43 - '@aws-sdk/credential-provider-web-identity': 3.972.43 - '@aws-sdk/types': 3.973.9 - '@smithy/core': 3.24.4 - '@smithy/credential-provider-imds': 4.3.4 - '@smithy/types': 4.14.2 + '@aws-sdk/core': 3.974.17 + '@aws-sdk/nested-clients': 3.997.15 + '@aws-sdk/types': 3.973.10 + '@smithy/core': 3.24.6 + '@smithy/types': 4.14.3 tslib: 2.8.1 - '@aws-sdk/credential-provider-node@3.972.46': + '@aws-sdk/credential-provider-node@3.972.47': dependencies: '@aws-sdk/credential-provider-env': 3.972.41 '@aws-sdk/credential-provider-http': 3.972.43 - '@aws-sdk/credential-provider-ini': 3.972.45 + '@aws-sdk/credential-provider-ini': 3.972.46 '@aws-sdk/credential-provider-process': 3.972.41 '@aws-sdk/credential-provider-sso': 3.972.45 '@aws-sdk/credential-provider-web-identity': 3.972.45 '@aws-sdk/types': 3.973.9 '@smithy/core': 3.24.5 - '@smithy/credential-provider-imds': 4.3.5 + '@smithy/credential-provider-imds': 4.3.6 '@smithy/types': 4.14.2 tslib: 2.8.1 - '@aws-sdk/credential-provider-process@3.972.39': - dependencies: - '@aws-sdk/core': 3.974.13 - '@aws-sdk/types': 3.973.9 - '@smithy/core': 3.24.4 - '@smithy/types': 4.14.2 + '@aws-sdk/credential-provider-node@3.972.50': + dependencies: + '@aws-sdk/credential-provider-env': 3.972.43 + '@aws-sdk/credential-provider-http': 3.972.45 + '@aws-sdk/credential-provider-ini': 3.972.48 + '@aws-sdk/credential-provider-process': 3.972.43 + '@aws-sdk/credential-provider-sso': 3.972.47 + '@aws-sdk/credential-provider-web-identity': 3.972.47 + '@aws-sdk/types': 3.973.10 + '@smithy/core': 3.24.6 + '@smithy/credential-provider-imds': 4.3.7 + '@smithy/types': 4.14.3 tslib: 2.8.1 '@aws-sdk/credential-provider-process@3.972.41': @@ -5744,14 +5764,12 @@ snapshots: '@smithy/types': 4.14.2 tslib: 2.8.1 - '@aws-sdk/credential-provider-sso@3.972.43': + '@aws-sdk/credential-provider-process@3.972.43': dependencies: - '@aws-sdk/core': 3.974.13 - '@aws-sdk/nested-clients': 3.997.11 - '@aws-sdk/token-providers': 3.1052.0 - '@aws-sdk/types': 3.973.9 - '@smithy/core': 3.24.4 - '@smithy/types': 4.14.2 + '@aws-sdk/core': 3.974.17 + '@aws-sdk/types': 3.973.10 + '@smithy/core': 3.24.6 + '@smithy/types': 4.14.3 tslib: 2.8.1 '@aws-sdk/credential-provider-sso@3.972.45': @@ -5764,13 +5782,14 @@ snapshots: '@smithy/types': 4.14.2 tslib: 2.8.1 - '@aws-sdk/credential-provider-web-identity@3.972.43': + '@aws-sdk/credential-provider-sso@3.972.47': dependencies: - '@aws-sdk/core': 3.974.13 - '@aws-sdk/nested-clients': 3.997.11 - '@aws-sdk/types': 3.973.9 - '@smithy/core': 3.24.4 - '@smithy/types': 4.14.2 + '@aws-sdk/core': 3.974.17 + '@aws-sdk/nested-clients': 3.997.15 + '@aws-sdk/token-providers': 3.1060.0 + '@aws-sdk/types': 3.973.10 + '@smithy/core': 3.24.6 + '@smithy/types': 4.14.3 tslib: 2.8.1 '@aws-sdk/credential-provider-web-identity@3.972.45': @@ -5782,60 +5801,56 @@ snapshots: '@smithy/types': 4.14.2 tslib: 2.8.1 - '@aws-sdk/credential-providers@3.1056.0': + '@aws-sdk/credential-provider-web-identity@3.972.47': dependencies: - '@aws-sdk/client-cognito-identity': 3.1056.0 - '@aws-sdk/core': 3.974.15 - '@aws-sdk/credential-provider-cognito-identity': 3.972.38 - '@aws-sdk/credential-provider-env': 3.972.41 - '@aws-sdk/credential-provider-http': 3.972.43 - '@aws-sdk/credential-provider-ini': 3.972.45 - '@aws-sdk/credential-provider-login': 3.972.45 - '@aws-sdk/credential-provider-node': 3.972.46 - '@aws-sdk/credential-provider-process': 3.972.41 - '@aws-sdk/credential-provider-sso': 3.972.45 - '@aws-sdk/credential-provider-web-identity': 3.972.45 - '@aws-sdk/nested-clients': 3.997.13 - '@aws-sdk/types': 3.973.9 - '@smithy/core': 3.24.5 - '@smithy/credential-provider-imds': 4.3.5 - '@smithy/types': 4.14.2 + '@aws-sdk/core': 3.974.17 + '@aws-sdk/nested-clients': 3.997.15 + '@aws-sdk/types': 3.973.10 + '@smithy/core': 3.24.6 + '@smithy/types': 4.14.3 tslib: 2.8.1 - '@aws-sdk/eventstream-handler-node@3.972.17': - dependencies: - '@aws-sdk/types': 3.973.9 - '@smithy/core': 3.24.4 - '@smithy/types': 4.14.2 + '@aws-sdk/credential-providers@3.1060.0': + dependencies: + '@aws-sdk/client-cognito-identity': 3.1060.0 + '@aws-sdk/core': 3.974.17 + '@aws-sdk/credential-provider-cognito-identity': 3.972.40 + '@aws-sdk/credential-provider-env': 3.972.43 + '@aws-sdk/credential-provider-http': 3.972.45 + '@aws-sdk/credential-provider-ini': 3.972.48 + '@aws-sdk/credential-provider-login': 3.972.47 + '@aws-sdk/credential-provider-node': 3.972.50 + '@aws-sdk/credential-provider-process': 3.972.43 + '@aws-sdk/credential-provider-sso': 3.972.47 + '@aws-sdk/credential-provider-web-identity': 3.972.47 + '@aws-sdk/nested-clients': 3.997.15 + '@aws-sdk/types': 3.973.10 + '@smithy/core': 3.24.6 + '@smithy/credential-provider-imds': 4.3.7 + '@smithy/types': 4.14.3 tslib: 2.8.1 - '@aws-sdk/middleware-eventstream@3.972.13': + '@aws-sdk/eventstream-handler-node@3.972.18': dependencies: '@aws-sdk/types': 3.973.9 - '@smithy/core': 3.24.4 + '@smithy/core': 3.24.5 '@smithy/types': 4.14.2 tslib: 2.8.1 - '@aws-sdk/middleware-websocket@3.972.21': + '@aws-sdk/middleware-eventstream@3.972.14': dependencies: - '@aws-sdk/core': 3.974.13 '@aws-sdk/types': 3.973.9 - '@smithy/core': 3.24.4 - '@smithy/fetch-http-handler': 5.4.4 - '@smithy/signature-v4': 5.4.4 + '@smithy/core': 3.24.5 '@smithy/types': 4.14.2 tslib: 2.8.1 - '@aws-sdk/nested-clients@3.997.11': + '@aws-sdk/middleware-websocket@3.972.23': dependencies: - '@aws-crypto/sha256-browser': 5.2.0 - '@aws-crypto/sha256-js': 5.2.0 - '@aws-sdk/core': 3.974.13 - '@aws-sdk/signature-v4-multi-region': 3.996.28 + '@aws-sdk/core': 3.974.15 '@aws-sdk/types': 3.973.9 - '@smithy/core': 3.24.4 - '@smithy/fetch-http-handler': 5.4.4 - '@smithy/node-http-handler': 4.7.4 + '@smithy/core': 3.24.5 + '@smithy/fetch-http-handler': 5.4.5 + '@smithy/signature-v4': 5.4.5 '@smithy/types': 4.14.2 tslib: 2.8.1 @@ -5852,12 +5867,17 @@ snapshots: '@smithy/types': 4.14.2 tslib: 2.8.1 - '@aws-sdk/signature-v4-multi-region@3.996.28': + '@aws-sdk/nested-clients@3.997.15': dependencies: - '@aws-sdk/types': 3.973.9 - '@smithy/core': 3.24.4 - '@smithy/signature-v4': 5.4.4 - '@smithy/types': 4.14.2 + '@aws-crypto/sha256-browser': 5.2.0 + '@aws-crypto/sha256-js': 5.2.0 + '@aws-sdk/core': 3.974.17 + '@aws-sdk/signature-v4-multi-region': 3.996.31 + '@aws-sdk/types': 3.973.10 + '@smithy/core': 3.24.6 + '@smithy/fetch-http-handler': 5.4.6 + '@smithy/node-http-handler': 4.7.6 + '@smithy/types': 4.14.3 tslib: 2.8.1 '@aws-sdk/signature-v4-multi-region@3.996.30': @@ -5867,21 +5887,19 @@ snapshots: '@smithy/types': 4.14.2 tslib: 2.8.1 - '@aws-sdk/token-providers@3.1048.0': + '@aws-sdk/signature-v4-multi-region@3.996.31': dependencies: - '@aws-sdk/core': 3.974.13 - '@aws-sdk/nested-clients': 3.997.11 - '@aws-sdk/types': 3.973.9 - '@smithy/core': 3.24.4 - '@smithy/types': 4.14.2 + '@aws-sdk/types': 3.973.10 + '@smithy/signature-v4': 5.4.6 + '@smithy/types': 4.14.3 tslib: 2.8.1 - '@aws-sdk/token-providers@3.1052.0': + '@aws-sdk/token-providers@3.1048.0': dependencies: - '@aws-sdk/core': 3.974.13 - '@aws-sdk/nested-clients': 3.997.11 + '@aws-sdk/core': 3.974.15 + '@aws-sdk/nested-clients': 3.997.13 '@aws-sdk/types': 3.973.9 - '@smithy/core': 3.24.4 + '@smithy/core': 3.24.5 '@smithy/types': 4.14.2 tslib: 2.8.1 @@ -5894,6 +5912,20 @@ snapshots: '@smithy/types': 4.14.2 tslib: 2.8.1 + '@aws-sdk/token-providers@3.1060.0': + dependencies: + '@aws-sdk/core': 3.974.17 + '@aws-sdk/nested-clients': 3.997.15 + '@aws-sdk/types': 3.973.10 + '@smithy/core': 3.24.6 + '@smithy/types': 4.14.3 + tslib: 2.8.1 + + '@aws-sdk/types@3.973.10': + dependencies: + '@smithy/types': 4.14.3 + tslib: 2.8.1 + '@aws-sdk/types@3.973.9': dependencies: '@smithy/types': 4.14.2 @@ -5903,16 +5935,15 @@ snapshots: dependencies: tslib: 2.8.1 - '@aws-sdk/xml-builder@3.972.25': + '@aws-sdk/xml-builder@3.972.26': dependencies: - '@nodable/entities': 2.1.0 '@smithy/types': 4.14.2 fast-xml-parser: 5.7.3 tslib: 2.8.1 - '@aws-sdk/xml-builder@3.972.26': + '@aws-sdk/xml-builder@3.972.27': dependencies: - '@smithy/types': 4.14.2 + '@smithy/types': 4.14.3 fast-xml-parser: 5.7.3 tslib: 2.8.1 @@ -6045,7 +6076,7 @@ snapshots: '@changesets/parse@0.4.3': dependencies: '@changesets/types': 6.1.0 - js-yaml: 4.1.1 + js-yaml: 4.2.0 '@changesets/pre@2.0.2': dependencies: @@ -6080,71 +6111,71 @@ snapshots: human-id: 4.1.3 prettier: 2.8.8 - '@clack/core@1.3.1': + '@clack/core@1.4.0': dependencies: fast-wrap-ansi: 0.2.2 sisteransi: 1.0.5 - '@clack/prompts@1.4.0': + '@clack/prompts@1.5.0': dependencies: - '@clack/core': 1.3.1 + '@clack/core': 1.4.0 fast-string-width: 3.0.2 fast-wrap-ansi: 0.2.2 sisteransi: 1.0.5 '@cloudflare/kv-asset-handler@0.5.0': {} - '@cloudflare/unenv-preset@2.16.1(unenv@2.0.0-rc.24)(workerd@1.20260526.1)': + '@cloudflare/unenv-preset@2.16.1(unenv@2.0.0-rc.24)(workerd@1.20260601.1)': dependencies: unenv: 2.0.0-rc.24 optionalDependencies: - workerd: 1.20260526.1 + workerd: 1.20260601.1 - '@cloudflare/unenv-preset@2.7.7(unenv@2.0.0-rc.21)(workerd@1.20260526.1)': + '@cloudflare/unenv-preset@2.7.7(unenv@2.0.0-rc.21)(workerd@1.20260601.1)': dependencies: unenv: 2.0.0-rc.21 optionalDependencies: - workerd: 1.20260526.1 + workerd: 1.20260601.1 '@cloudflare/workerd-darwin-64@1.20260424.1': optional: true - '@cloudflare/workerd-darwin-64@1.20260526.1': + '@cloudflare/workerd-darwin-64@1.20260601.1': optional: true '@cloudflare/workerd-darwin-arm64@1.20260424.1': optional: true - '@cloudflare/workerd-darwin-arm64@1.20260526.1': + '@cloudflare/workerd-darwin-arm64@1.20260601.1': optional: true '@cloudflare/workerd-linux-64@1.20260424.1': optional: true - '@cloudflare/workerd-linux-64@1.20260526.1': + '@cloudflare/workerd-linux-64@1.20260601.1': optional: true '@cloudflare/workerd-linux-arm64@1.20260424.1': optional: true - '@cloudflare/workerd-linux-arm64@1.20260526.1': + '@cloudflare/workerd-linux-arm64@1.20260601.1': optional: true '@cloudflare/workerd-windows-64@1.20260424.1': optional: true - '@cloudflare/workerd-windows-64@1.20260526.1': + '@cloudflare/workerd-windows-64@1.20260601.1': optional: true - '@cloudflare/workers-types@4.20260529.1': {} + '@cloudflare/workers-types@4.20260603.1': {} '@cspotcode/source-map-support@0.8.1': dependencies: '@jridgewell/trace-mapping': 0.3.9 - '@earendil-works/pi-agent-core@0.75.5(@modelcontextprotocol/sdk@1.29.0(zod@4.4.3))(ws@8.21.0)(zod@4.4.3)': + '@earendil-works/pi-agent-core@0.78.0(@modelcontextprotocol/sdk@1.29.0(zod@4.4.3))(ws@8.21.0)(zod@4.4.3)': dependencies: - '@earendil-works/pi-ai': 0.75.5(@modelcontextprotocol/sdk@1.29.0(zod@4.4.3))(ws@8.21.0)(zod@4.4.3) + '@earendil-works/pi-ai': 0.78.0(@modelcontextprotocol/sdk@1.29.0(zod@4.4.3))(ws@8.21.0)(zod@4.4.3) ignore: 7.0.5 typebox: 1.1.38 yaml: 2.9.0 @@ -6156,7 +6187,7 @@ snapshots: - ws - zod - '@earendil-works/pi-ai@0.75.5(@modelcontextprotocol/sdk@1.29.0(zod@4.4.3))(ws@8.21.0)(zod@4.4.3)': + '@earendil-works/pi-ai@0.78.0(@modelcontextprotocol/sdk@1.29.0(zod@4.4.3))(ws@8.21.0)(zod@4.4.3)': dependencies: '@anthropic-ai/sdk': 0.91.1(zod@4.4.3) '@aws-sdk/client-bedrock-runtime': 3.1048.0 @@ -6176,11 +6207,11 @@ snapshots: - ws - zod - '@earendil-works/pi-coding-agent@0.75.5(@modelcontextprotocol/sdk@1.29.0(zod@4.4.3))(ws@8.21.0)(zod@4.4.3)': + '@earendil-works/pi-coding-agent@0.78.0(@modelcontextprotocol/sdk@1.29.0(zod@4.4.3))(ws@8.21.0)(zod@4.4.3)': dependencies: - '@earendil-works/pi-agent-core': 0.75.5(@modelcontextprotocol/sdk@1.29.0(zod@4.4.3))(ws@8.21.0)(zod@4.4.3) - '@earendil-works/pi-ai': 0.75.5(@modelcontextprotocol/sdk@1.29.0(zod@4.4.3))(ws@8.21.0)(zod@4.4.3) - '@earendil-works/pi-tui': 0.75.5 + '@earendil-works/pi-agent-core': 0.78.0(@modelcontextprotocol/sdk@1.29.0(zod@4.4.3))(ws@8.21.0)(zod@4.4.3) + '@earendil-works/pi-ai': 0.78.0(@modelcontextprotocol/sdk@1.29.0(zod@4.4.3))(ws@8.21.0)(zod@4.4.3) + '@earendil-works/pi-tui': 0.78.0 '@silvia-odwyer/photon-node': 0.3.4 chalk: 5.6.2 cross-spawn: 7.0.6 @@ -6196,7 +6227,7 @@ snapshots: undici: 8.3.0 yaml: 2.9.0 optionalDependencies: - '@mariozechner/clipboard': 0.3.6 + '@mariozechner/clipboard': 0.3.9 transitivePeerDependencies: - '@modelcontextprotocol/sdk' - bufferutil @@ -6205,7 +6236,7 @@ snapshots: - ws - zod - '@earendil-works/pi-tui@0.75.5': + '@earendil-works/pi-tui@0.78.0': dependencies: get-east-asian-width: 1.6.0 marked: 15.0.12 @@ -6565,7 +6596,7 @@ snapshots: dependencies: google-auth-library: 10.6.2 p-retry: 4.6.2 - protobufjs: 7.6.1 + protobufjs: 7.6.2 ws: 8.21.0 optionalDependencies: '@modelcontextprotocol/sdk': 1.29.0(zod@4.4.3) @@ -6746,48 +6777,48 @@ snapshots: globby: 11.1.0 read-yaml-file: 1.1.0 - '@mariozechner/clipboard-darwin-arm64@0.3.6': + '@mariozechner/clipboard-darwin-arm64@0.3.9': optional: true - '@mariozechner/clipboard-darwin-universal@0.3.6': + '@mariozechner/clipboard-darwin-universal@0.3.9': optional: true - '@mariozechner/clipboard-darwin-x64@0.3.6': + '@mariozechner/clipboard-darwin-x64@0.3.9': optional: true - '@mariozechner/clipboard-linux-arm64-gnu@0.3.6': + '@mariozechner/clipboard-linux-arm64-gnu@0.3.9': optional: true - '@mariozechner/clipboard-linux-arm64-musl@0.3.6': + '@mariozechner/clipboard-linux-arm64-musl@0.3.9': optional: true - '@mariozechner/clipboard-linux-riscv64-gnu@0.3.6': + '@mariozechner/clipboard-linux-riscv64-gnu@0.3.9': optional: true - '@mariozechner/clipboard-linux-x64-gnu@0.3.6': + '@mariozechner/clipboard-linux-x64-gnu@0.3.9': optional: true - '@mariozechner/clipboard-linux-x64-musl@0.3.6': + '@mariozechner/clipboard-linux-x64-musl@0.3.9': optional: true - '@mariozechner/clipboard-win32-arm64-msvc@0.3.6': + '@mariozechner/clipboard-win32-arm64-msvc@0.3.9': optional: true - '@mariozechner/clipboard-win32-x64-msvc@0.3.6': + '@mariozechner/clipboard-win32-x64-msvc@0.3.9': optional: true - '@mariozechner/clipboard@0.3.6': + '@mariozechner/clipboard@0.3.9': optionalDependencies: - '@mariozechner/clipboard-darwin-arm64': 0.3.6 - '@mariozechner/clipboard-darwin-universal': 0.3.6 - '@mariozechner/clipboard-darwin-x64': 0.3.6 - '@mariozechner/clipboard-linux-arm64-gnu': 0.3.6 - '@mariozechner/clipboard-linux-arm64-musl': 0.3.6 - '@mariozechner/clipboard-linux-riscv64-gnu': 0.3.6 - '@mariozechner/clipboard-linux-x64-gnu': 0.3.6 - '@mariozechner/clipboard-linux-x64-musl': 0.3.6 - '@mariozechner/clipboard-win32-arm64-msvc': 0.3.6 - '@mariozechner/clipboard-win32-x64-msvc': 0.3.6 + '@mariozechner/clipboard-darwin-arm64': 0.3.9 + '@mariozechner/clipboard-darwin-universal': 0.3.9 + '@mariozechner/clipboard-darwin-x64': 0.3.9 + '@mariozechner/clipboard-linux-arm64-gnu': 0.3.9 + '@mariozechner/clipboard-linux-arm64-musl': 0.3.9 + '@mariozechner/clipboard-linux-riscv64-gnu': 0.3.9 + '@mariozechner/clipboard-linux-x64-gnu': 0.3.9 + '@mariozechner/clipboard-linux-x64-musl': 0.3.9 + '@mariozechner/clipboard-win32-arm64-msvc': 0.3.9 + '@mariozechner/clipboard-win32-x64-msvc': 0.3.9 optional: true '@mistralai/mistralai@2.2.1': @@ -6846,8 +6877,6 @@ snapshots: '@tybys/wasm-util': 0.10.2 optional: true - '@nodable/entities@2.1.0': {} - '@nodable/entities@2.1.1': {} '@nodelib/fs.scandir@2.1.5': @@ -6930,13 +6959,13 @@ snapshots: dependencies: '@octokit/openapi-types': 25.1.0 - '@opencode-ai/plugin@1.15.10': + '@opencode-ai/plugin@1.15.13': dependencies: - '@opencode-ai/sdk': 1.15.10 + '@opencode-ai/sdk': 1.15.13 effect: 4.0.0-beta.66 zod: 4.1.8 - '@opencode-ai/sdk@1.15.10': + '@opencode-ai/sdk@1.15.13': dependencies: cross-spawn: 7.0.6 @@ -6944,118 +6973,118 @@ snapshots: '@oxc-project/types@0.133.0': {} - '@oxfmt/binding-android-arm-eabi@0.52.0': + '@oxfmt/binding-android-arm-eabi@0.53.0': optional: true - '@oxfmt/binding-android-arm64@0.52.0': + '@oxfmt/binding-android-arm64@0.53.0': optional: true - '@oxfmt/binding-darwin-arm64@0.52.0': + '@oxfmt/binding-darwin-arm64@0.53.0': optional: true - '@oxfmt/binding-darwin-x64@0.52.0': + '@oxfmt/binding-darwin-x64@0.53.0': optional: true - '@oxfmt/binding-freebsd-x64@0.52.0': + '@oxfmt/binding-freebsd-x64@0.53.0': optional: true - '@oxfmt/binding-linux-arm-gnueabihf@0.52.0': + '@oxfmt/binding-linux-arm-gnueabihf@0.53.0': optional: true - '@oxfmt/binding-linux-arm-musleabihf@0.52.0': + '@oxfmt/binding-linux-arm-musleabihf@0.53.0': optional: true - '@oxfmt/binding-linux-arm64-gnu@0.52.0': + '@oxfmt/binding-linux-arm64-gnu@0.53.0': optional: true - '@oxfmt/binding-linux-arm64-musl@0.52.0': + '@oxfmt/binding-linux-arm64-musl@0.53.0': optional: true - '@oxfmt/binding-linux-ppc64-gnu@0.52.0': + '@oxfmt/binding-linux-ppc64-gnu@0.53.0': optional: true - '@oxfmt/binding-linux-riscv64-gnu@0.52.0': + '@oxfmt/binding-linux-riscv64-gnu@0.53.0': optional: true - '@oxfmt/binding-linux-riscv64-musl@0.52.0': + '@oxfmt/binding-linux-riscv64-musl@0.53.0': optional: true - '@oxfmt/binding-linux-s390x-gnu@0.52.0': + '@oxfmt/binding-linux-s390x-gnu@0.53.0': optional: true - '@oxfmt/binding-linux-x64-gnu@0.52.0': + '@oxfmt/binding-linux-x64-gnu@0.53.0': optional: true - '@oxfmt/binding-linux-x64-musl@0.52.0': + '@oxfmt/binding-linux-x64-musl@0.53.0': optional: true - '@oxfmt/binding-openharmony-arm64@0.52.0': + '@oxfmt/binding-openharmony-arm64@0.53.0': optional: true - '@oxfmt/binding-win32-arm64-msvc@0.52.0': + '@oxfmt/binding-win32-arm64-msvc@0.53.0': optional: true - '@oxfmt/binding-win32-ia32-msvc@0.52.0': + '@oxfmt/binding-win32-ia32-msvc@0.53.0': optional: true - '@oxfmt/binding-win32-x64-msvc@0.52.0': + '@oxfmt/binding-win32-x64-msvc@0.53.0': optional: true - '@oxlint/binding-android-arm-eabi@1.67.0': + '@oxlint/binding-android-arm-eabi@1.68.0': optional: true - '@oxlint/binding-android-arm64@1.67.0': + '@oxlint/binding-android-arm64@1.68.0': optional: true - '@oxlint/binding-darwin-arm64@1.67.0': + '@oxlint/binding-darwin-arm64@1.68.0': optional: true - '@oxlint/binding-darwin-x64@1.67.0': + '@oxlint/binding-darwin-x64@1.68.0': optional: true - '@oxlint/binding-freebsd-x64@1.67.0': + '@oxlint/binding-freebsd-x64@1.68.0': optional: true - '@oxlint/binding-linux-arm-gnueabihf@1.67.0': + '@oxlint/binding-linux-arm-gnueabihf@1.68.0': optional: true - '@oxlint/binding-linux-arm-musleabihf@1.67.0': + '@oxlint/binding-linux-arm-musleabihf@1.68.0': optional: true - '@oxlint/binding-linux-arm64-gnu@1.67.0': + '@oxlint/binding-linux-arm64-gnu@1.68.0': optional: true - '@oxlint/binding-linux-arm64-musl@1.67.0': + '@oxlint/binding-linux-arm64-musl@1.68.0': optional: true - '@oxlint/binding-linux-ppc64-gnu@1.67.0': + '@oxlint/binding-linux-ppc64-gnu@1.68.0': optional: true - '@oxlint/binding-linux-riscv64-gnu@1.67.0': + '@oxlint/binding-linux-riscv64-gnu@1.68.0': optional: true - '@oxlint/binding-linux-riscv64-musl@1.67.0': + '@oxlint/binding-linux-riscv64-musl@1.68.0': optional: true - '@oxlint/binding-linux-s390x-gnu@1.67.0': + '@oxlint/binding-linux-s390x-gnu@1.68.0': optional: true - '@oxlint/binding-linux-x64-gnu@1.67.0': + '@oxlint/binding-linux-x64-gnu@1.68.0': optional: true - '@oxlint/binding-linux-x64-musl@1.67.0': + '@oxlint/binding-linux-x64-musl@1.68.0': optional: true - '@oxlint/binding-openharmony-arm64@1.67.0': + '@oxlint/binding-openharmony-arm64@1.68.0': optional: true - '@oxlint/binding-win32-arm64-msvc@1.67.0': + '@oxlint/binding-win32-arm64-msvc@1.68.0': optional: true - '@oxlint/binding-win32-ia32-msvc@1.67.0': + '@oxlint/binding-win32-ia32-msvc@1.68.0': optional: true - '@oxlint/binding-win32-x64-msvc@1.67.0': + '@oxlint/binding-win32-x64-msvc@1.68.0': optional: true '@pkgjs/parseargs@0.11.0': @@ -7146,125 +7175,125 @@ snapshots: '@rolldown/pluginutils@1.0.1': {} - '@rollup/pluginutils@5.3.0(rollup@4.60.4)': + '@rollup/pluginutils@5.4.0(rollup@4.61.0)': dependencies: '@types/estree': 1.0.9 estree-walker: 2.0.2 picomatch: 4.0.4 optionalDependencies: - rollup: 4.60.4 + rollup: 4.61.0 - '@rollup/rollup-android-arm-eabi@4.60.4': + '@rollup/rollup-android-arm-eabi@4.61.0': optional: true - '@rollup/rollup-android-arm64@4.60.4': + '@rollup/rollup-android-arm64@4.61.0': optional: true - '@rollup/rollup-darwin-arm64@4.60.4': + '@rollup/rollup-darwin-arm64@4.61.0': optional: true - '@rollup/rollup-darwin-x64@4.60.4': + '@rollup/rollup-darwin-x64@4.61.0': optional: true - '@rollup/rollup-freebsd-arm64@4.60.4': + '@rollup/rollup-freebsd-arm64@4.61.0': optional: true - '@rollup/rollup-freebsd-x64@4.60.4': + '@rollup/rollup-freebsd-x64@4.61.0': optional: true - '@rollup/rollup-linux-arm-gnueabihf@4.60.4': + '@rollup/rollup-linux-arm-gnueabihf@4.61.0': optional: true - '@rollup/rollup-linux-arm-musleabihf@4.60.4': + '@rollup/rollup-linux-arm-musleabihf@4.61.0': optional: true - '@rollup/rollup-linux-arm64-gnu@4.60.4': + '@rollup/rollup-linux-arm64-gnu@4.61.0': optional: true - '@rollup/rollup-linux-arm64-musl@4.60.4': + '@rollup/rollup-linux-arm64-musl@4.61.0': optional: true - '@rollup/rollup-linux-loong64-gnu@4.60.4': + '@rollup/rollup-linux-loong64-gnu@4.61.0': optional: true - '@rollup/rollup-linux-loong64-musl@4.60.4': + '@rollup/rollup-linux-loong64-musl@4.61.0': optional: true - '@rollup/rollup-linux-ppc64-gnu@4.60.4': + '@rollup/rollup-linux-ppc64-gnu@4.61.0': optional: true - '@rollup/rollup-linux-ppc64-musl@4.60.4': + '@rollup/rollup-linux-ppc64-musl@4.61.0': optional: true - '@rollup/rollup-linux-riscv64-gnu@4.60.4': + '@rollup/rollup-linux-riscv64-gnu@4.61.0': optional: true - '@rollup/rollup-linux-riscv64-musl@4.60.4': + '@rollup/rollup-linux-riscv64-musl@4.61.0': optional: true - '@rollup/rollup-linux-s390x-gnu@4.60.4': + '@rollup/rollup-linux-s390x-gnu@4.61.0': optional: true - '@rollup/rollup-linux-x64-gnu@4.60.4': + '@rollup/rollup-linux-x64-gnu@4.61.0': optional: true - '@rollup/rollup-linux-x64-musl@4.60.4': + '@rollup/rollup-linux-x64-musl@4.61.0': optional: true - '@rollup/rollup-openbsd-x64@4.60.4': + '@rollup/rollup-openbsd-x64@4.61.0': optional: true - '@rollup/rollup-openharmony-arm64@4.60.4': + '@rollup/rollup-openharmony-arm64@4.61.0': optional: true - '@rollup/rollup-win32-arm64-msvc@4.60.4': + '@rollup/rollup-win32-arm64-msvc@4.61.0': optional: true - '@rollup/rollup-win32-ia32-msvc@4.60.4': + '@rollup/rollup-win32-ia32-msvc@4.61.0': optional: true - '@rollup/rollup-win32-x64-gnu@4.60.4': + '@rollup/rollup-win32-x64-gnu@4.61.0': optional: true - '@rollup/rollup-win32-x64-msvc@4.60.4': + '@rollup/rollup-win32-x64-msvc@4.61.0': optional: true '@sec-ant/readable-stream@0.4.1': {} - '@shikijs/core@4.1.0': + '@shikijs/core@4.2.0': dependencies: - '@shikijs/primitive': 4.1.0 - '@shikijs/types': 4.1.0 + '@shikijs/primitive': 4.2.0 + '@shikijs/types': 4.2.0 '@shikijs/vscode-textmate': 10.0.2 '@types/hast': 3.0.4 hast-util-to-html: 9.0.5 - '@shikijs/engine-javascript@4.1.0': + '@shikijs/engine-javascript@4.2.0': dependencies: - '@shikijs/types': 4.1.0 + '@shikijs/types': 4.2.0 '@shikijs/vscode-textmate': 10.0.2 oniguruma-to-es: 4.3.6 - '@shikijs/engine-oniguruma@4.1.0': + '@shikijs/engine-oniguruma@4.2.0': dependencies: - '@shikijs/types': 4.1.0 + '@shikijs/types': 4.2.0 '@shikijs/vscode-textmate': 10.0.2 - '@shikijs/langs@4.1.0': + '@shikijs/langs@4.2.0': dependencies: - '@shikijs/types': 4.1.0 + '@shikijs/types': 4.2.0 - '@shikijs/primitive@4.1.0': + '@shikijs/primitive@4.2.0': dependencies: - '@shikijs/types': 4.1.0 + '@shikijs/types': 4.2.0 '@shikijs/vscode-textmate': 10.0.2 '@types/hast': 3.0.4 - '@shikijs/themes@4.1.0': + '@shikijs/themes@4.2.0': dependencies: - '@shikijs/types': 4.1.0 + '@shikijs/types': 4.2.0 - '@shikijs/types@4.1.0': + '@shikijs/types@4.2.0': dependencies: '@shikijs/vscode-textmate': 10.0.2 '@types/hast': 3.0.4 @@ -7277,34 +7306,28 @@ snapshots: '@sindresorhus/merge-streams@4.0.0': {} - '@smithy/core@3.24.4': - dependencies: - '@aws-crypto/crc32': 5.2.0 - '@smithy/types': 4.14.2 - tslib: 2.8.1 - '@smithy/core@3.24.5': dependencies: '@aws-crypto/crc32': 5.2.0 '@smithy/types': 4.14.2 tslib: 2.8.1 - '@smithy/credential-provider-imds@4.3.4': + '@smithy/core@3.24.6': dependencies: - '@smithy/core': 3.24.4 - '@smithy/types': 4.14.2 + '@aws-crypto/crc32': 5.2.0 + '@smithy/types': 4.14.3 tslib: 2.8.1 - '@smithy/credential-provider-imds@4.3.5': + '@smithy/credential-provider-imds@4.3.6': dependencies: '@smithy/core': 3.24.5 '@smithy/types': 4.14.2 tslib: 2.8.1 - '@smithy/fetch-http-handler@5.4.4': + '@smithy/credential-provider-imds@4.3.7': dependencies: - '@smithy/core': 3.24.4 - '@smithy/types': 4.14.2 + '@smithy/core': 3.24.6 + '@smithy/types': 4.14.3 tslib: 2.8.1 '@smithy/fetch-http-handler@5.4.5': @@ -7313,24 +7336,24 @@ snapshots: '@smithy/types': 4.14.2 tslib: 2.8.1 - '@smithy/is-array-buffer@2.2.0': + '@smithy/fetch-http-handler@5.4.6': dependencies: + '@smithy/core': 3.24.6 + '@smithy/types': 4.14.3 tslib: 2.8.1 - '@smithy/node-config-provider@4.4.5': + '@smithy/is-array-buffer@2.2.0': dependencies: - '@smithy/core': 3.24.5 tslib: 2.8.1 - '@smithy/node-http-handler@4.7.3': + '@smithy/node-config-provider@4.4.6': dependencies: - '@smithy/core': 3.24.4 - '@smithy/types': 4.14.2 + '@smithy/core': 3.24.6 tslib: 2.8.1 - '@smithy/node-http-handler@4.7.4': + '@smithy/node-http-handler@4.7.3': dependencies: - '@smithy/core': 3.24.4 + '@smithy/core': 3.24.5 '@smithy/types': 4.14.2 tslib: 2.8.1 @@ -7340,10 +7363,10 @@ snapshots: '@smithy/types': 4.14.2 tslib: 2.8.1 - '@smithy/signature-v4@5.4.4': + '@smithy/node-http-handler@4.7.6': dependencies: - '@smithy/core': 3.24.4 - '@smithy/types': 4.14.2 + '@smithy/core': 3.24.6 + '@smithy/types': 4.14.3 tslib: 2.8.1 '@smithy/signature-v4@5.4.5': @@ -7352,10 +7375,20 @@ snapshots: '@smithy/types': 4.14.2 tslib: 2.8.1 + '@smithy/signature-v4@5.4.6': + dependencies: + '@smithy/core': 3.24.6 + '@smithy/types': 4.14.3 + tslib: 2.8.1 + '@smithy/types@4.14.2': dependencies: tslib: 2.8.1 + '@smithy/types@4.14.3': + dependencies: + tslib: 2.8.1 + '@smithy/util-buffer-from@2.2.0': dependencies: '@smithy/is-array-buffer': 2.2.0 @@ -7431,12 +7464,12 @@ snapshots: '@tailwindcss/oxide-win32-arm64-msvc': 4.3.0 '@tailwindcss/oxide-win32-x64-msvc': 4.3.0 - '@tailwindcss/vite@4.3.0(vite@7.3.3(@types/node@25.9.1)(jiti@2.7.0)(lightningcss@1.32.0)(tsx@4.22.3)(yaml@2.9.0))': + '@tailwindcss/vite@4.3.0(vite@7.3.5(@types/node@25.9.1)(jiti@2.7.0)(lightningcss@1.32.0)(tsx@4.22.4)(yaml@2.9.0))': dependencies: '@tailwindcss/node': 4.3.0 '@tailwindcss/oxide': 4.3.0 tailwindcss: 4.3.0 - vite: 7.3.3(@types/node@25.9.1)(jiti@2.7.0)(lightningcss@1.32.0)(tsx@4.22.3)(yaml@2.9.0) + vite: 7.3.5(@types/node@25.9.1)(jiti@2.7.0)(lightningcss@1.32.0)(tsx@4.22.4)(yaml@2.9.0) '@turbo/darwin-64@2.9.16': optional: true @@ -7472,8 +7505,6 @@ snapshots: '@types/deep-eql@4.0.2': {} - '@types/estree@1.0.8': {} - '@types/estree@1.0.9': {} '@types/hast@3.0.4': @@ -7502,77 +7533,77 @@ snapshots: '@types/unist@3.0.3': {} - '@typescript/native-preview-darwin-arm64@7.0.0-dev.20260527.2': + '@typescript/native-preview-darwin-arm64@7.0.0-dev.20260603.1': optional: true - '@typescript/native-preview-darwin-x64@7.0.0-dev.20260527.2': + '@typescript/native-preview-darwin-x64@7.0.0-dev.20260603.1': optional: true - '@typescript/native-preview-linux-arm64@7.0.0-dev.20260527.2': + '@typescript/native-preview-linux-arm64@7.0.0-dev.20260603.1': optional: true - '@typescript/native-preview-linux-arm@7.0.0-dev.20260527.2': + '@typescript/native-preview-linux-arm@7.0.0-dev.20260603.1': optional: true - '@typescript/native-preview-linux-x64@7.0.0-dev.20260527.2': + '@typescript/native-preview-linux-x64@7.0.0-dev.20260603.1': optional: true - '@typescript/native-preview-win32-arm64@7.0.0-dev.20260527.2': + '@typescript/native-preview-win32-arm64@7.0.0-dev.20260603.1': optional: true - '@typescript/native-preview-win32-x64@7.0.0-dev.20260527.2': + '@typescript/native-preview-win32-x64@7.0.0-dev.20260603.1': optional: true - '@typescript/native-preview@7.0.0-dev.20260527.2': + '@typescript/native-preview@7.0.0-dev.20260603.1': optionalDependencies: - '@typescript/native-preview-darwin-arm64': 7.0.0-dev.20260527.2 - '@typescript/native-preview-darwin-x64': 7.0.0-dev.20260527.2 - '@typescript/native-preview-linux-arm': 7.0.0-dev.20260527.2 - '@typescript/native-preview-linux-arm64': 7.0.0-dev.20260527.2 - '@typescript/native-preview-linux-x64': 7.0.0-dev.20260527.2 - '@typescript/native-preview-win32-arm64': 7.0.0-dev.20260527.2 - '@typescript/native-preview-win32-x64': 7.0.0-dev.20260527.2 + '@typescript/native-preview-darwin-arm64': 7.0.0-dev.20260603.1 + '@typescript/native-preview-darwin-x64': 7.0.0-dev.20260603.1 + '@typescript/native-preview-linux-arm': 7.0.0-dev.20260603.1 + '@typescript/native-preview-linux-arm64': 7.0.0-dev.20260603.1 + '@typescript/native-preview-linux-x64': 7.0.0-dev.20260603.1 + '@typescript/native-preview-win32-arm64': 7.0.0-dev.20260603.1 + '@typescript/native-preview-win32-x64': 7.0.0-dev.20260603.1 '@ungap/structured-clone@1.3.1': {} - '@vitest/expect@4.1.7': + '@vitest/expect@4.1.8': dependencies: '@standard-schema/spec': 1.1.0 '@types/chai': 5.2.3 - '@vitest/spy': 4.1.7 - '@vitest/utils': 4.1.7 + '@vitest/spy': 4.1.8 + '@vitest/utils': 4.1.8 chai: 6.2.2 tinyrainbow: 3.1.0 - '@vitest/mocker@4.1.7(vite@7.3.3(@types/node@25.9.1)(jiti@2.7.0)(lightningcss@1.32.0)(tsx@4.22.3)(yaml@2.9.0))': + '@vitest/mocker@4.1.8(vite@8.0.16(@types/node@25.9.1)(esbuild@0.28.0)(jiti@2.7.0)(tsx@4.22.4)(yaml@2.9.0))': dependencies: - '@vitest/spy': 4.1.7 + '@vitest/spy': 4.1.8 estree-walker: 3.0.3 magic-string: 0.30.21 optionalDependencies: - vite: 7.3.3(@types/node@25.9.1)(jiti@2.7.0)(lightningcss@1.32.0)(tsx@4.22.3)(yaml@2.9.0) + vite: 8.0.16(@types/node@25.9.1)(esbuild@0.28.0)(jiti@2.7.0)(tsx@4.22.4)(yaml@2.9.0) - '@vitest/pretty-format@4.1.7': + '@vitest/pretty-format@4.1.8': dependencies: tinyrainbow: 3.1.0 - '@vitest/runner@4.1.7': + '@vitest/runner@4.1.8': dependencies: - '@vitest/utils': 4.1.7 + '@vitest/utils': 4.1.8 pathe: 2.0.3 - '@vitest/snapshot@4.1.7': + '@vitest/snapshot@4.1.8': dependencies: - '@vitest/pretty-format': 4.1.7 - '@vitest/utils': 4.1.7 + '@vitest/pretty-format': 4.1.8 + '@vitest/utils': 4.1.8 magic-string: 0.30.21 pathe: 2.0.3 - '@vitest/spy@4.1.7': {} + '@vitest/spy@4.1.8': {} - '@vitest/utils@4.1.7': + '@vitest/utils@4.1.8': dependencies: - '@vitest/pretty-format': 4.1.7 + '@vitest/pretty-format': 4.1.8 convert-source-map: 2.0.0 tinyrainbow: 3.1.0 @@ -7621,7 +7652,7 @@ snapshots: emmet: 2.4.11 jsonc-parser: 2.3.1 vscode-languageserver-textdocument: 1.0.12 - vscode-languageserver-types: 3.17.5 + vscode-languageserver-types: 3.18.0 vscode-uri: 3.1.0 '@vscode/l10n@0.0.18': {} @@ -7648,17 +7679,17 @@ snapshots: json-schema-traverse: 1.0.0 require-from-string: 2.0.2 - alchemy@0.93.9(vite@7.3.3(@types/node@25.9.1)(jiti@2.7.0)(lightningcss@1.32.0)(tsx@4.22.3)(yaml@2.9.0))(workerd@1.20260526.1): + alchemy@0.93.10(vite@8.0.16(@types/node@25.9.1)(esbuild@0.28.0)(jiti@2.7.0)(tsx@4.22.4)(yaml@2.9.0))(workerd@1.20260601.1): dependencies: - '@aws-sdk/credential-providers': 3.1056.0 - '@cloudflare/unenv-preset': 2.7.7(unenv@2.0.0-rc.21)(workerd@1.20260526.1) - '@cloudflare/workers-types': 4.20260529.1 + '@aws-sdk/credential-providers': 3.1060.0 + '@cloudflare/unenv-preset': 2.7.7(unenv@2.0.0-rc.21)(workerd@1.20260601.1) + '@cloudflare/workers-types': 4.20260603.1 '@iarna/toml': 2.2.5 '@octokit/rest': 21.1.1 - '@smithy/node-config-provider': 4.4.5 - '@smithy/types': 4.14.2 + '@smithy/node-config-provider': 4.4.6 + '@smithy/types': 4.14.3 aws4fetch: 1.0.20 - drizzle-orm: 0.45.2(@cloudflare/workers-types@4.20260529.1) + drizzle-orm: 0.45.2(@cloudflare/workers-types@4.20260603.1) env-paths: 3.0.0 esbuild: 0.25.12 execa: 9.6.1 @@ -7677,11 +7708,11 @@ snapshots: proper-lockfile: 4.1.2 signal-exit: 4.1.0 unenv: 2.0.0-rc.21 - wrangler: 4.95.0(@cloudflare/workers-types@4.20260529.1) + wrangler: 4.97.0(@cloudflare/workers-types@4.20260603.1) ws: 8.21.0 yaml: 2.9.0 optionalDependencies: - vite: 7.3.3(@types/node@25.9.1)(jiti@2.7.0)(lightningcss@1.32.0)(tsx@4.22.3)(yaml@2.9.0) + vite: 8.0.16(@types/node@25.9.1)(esbuild@0.28.0)(jiti@2.7.0)(tsx@4.22.4)(yaml@2.9.0) transitivePeerDependencies: - '@aws-sdk/client-rds-data' - '@electric-sql/pglite' @@ -7749,16 +7780,16 @@ snapshots: assertion-error@2.0.1: {} - astro@6.4.2(@types/node@25.9.1)(aws4fetch@1.0.20)(jiti@2.7.0)(lightningcss@1.32.0)(rollup@4.60.4)(tsx@4.22.3)(yaml@2.9.0): + astro@6.4.3(@types/node@25.9.1)(aws4fetch@1.0.20)(jiti@2.7.0)(lightningcss@1.32.0)(rollup@4.61.0)(tsx@4.22.4)(yaml@2.9.0): dependencies: '@astrojs/compiler': 4.0.0 '@astrojs/internal-helpers': 0.10.0 '@astrojs/markdown-remark': 7.2.0 '@astrojs/telemetry': 3.3.2 '@capsizecss/unpack': 4.0.0 - '@clack/prompts': 1.4.0 + '@clack/prompts': 1.5.0 '@oslojs/encoding': 1.1.0 - '@rollup/pluginutils': 5.3.0(rollup@4.60.4) + '@rollup/pluginutils': 5.4.0(rollup@4.61.0) aria-query: 5.3.2 axobject-query: 4.1.0 ci-info: 4.4.0 @@ -7776,7 +7807,7 @@ snapshots: github-slugger: 2.0.0 html-escaper: 3.0.3 http-cache-semantics: 4.2.0 - js-yaml: 4.1.1 + js-yaml: 4.2.0 jsonc-parser: 3.3.1 magic-string: 0.30.21 magicast: 0.5.3 @@ -7790,19 +7821,19 @@ snapshots: picomatch: 4.0.4 rehype: 13.0.2 semver: 7.8.1 - shiki: 4.1.0 + shiki: 4.2.0 smol-toml: 1.6.1 svgo: 4.0.1 - tinyclip: 0.1.13 - tinyexec: 1.2.3 - tinyglobby: 0.2.16 + tinyclip: 0.1.14 + tinyexec: 1.2.4 + tinyglobby: 0.2.17 ultrahtml: 1.6.0 unifont: 0.7.4 unist-util-visit: 5.1.0 unstorage: 1.17.5(aws4fetch@1.0.20) vfile: 6.0.3 - vite: 7.3.3(@types/node@25.9.1)(jiti@2.7.0)(lightningcss@1.32.0)(tsx@4.22.3)(yaml@2.9.0) - vitefu: 1.1.3(vite@7.3.3(@types/node@25.9.1)(jiti@2.7.0)(lightningcss@1.32.0)(tsx@4.22.3)(yaml@2.9.0)) + vite: 7.3.5(@types/node@25.9.1)(jiti@2.7.0)(lightningcss@1.32.0)(tsx@4.22.4)(yaml@2.9.0) + vitefu: 1.1.3(vite@7.3.5(@types/node@25.9.1)(jiti@2.7.0)(lightningcss@1.32.0)(tsx@4.22.4)(yaml@2.9.0)) xxhash-wasm: 1.1.0 yargs-parser: 22.0.0 zod: 4.4.3 @@ -8094,9 +8125,9 @@ snapshots: domelementtype: 2.3.0 domhandler: 5.0.3 - drizzle-orm@0.45.2(@cloudflare/workers-types@4.20260529.1): + drizzle-orm@0.45.2(@cloudflare/workers-types@4.20260603.1): optionalDependencies: - '@cloudflare/workers-types': 4.20260529.1 + '@cloudflare/workers-types': 4.20260603.1 dset@3.1.4: {} @@ -8600,7 +8631,7 @@ snapshots: graceful-fs@4.2.11: {} - graphql@16.14.0: {} + graphql@16.14.1: {} h3@1.15.11: dependencies: @@ -8637,7 +8668,7 @@ snapshots: '@types/unist': 3.0.3 devlop: 1.1.0 hastscript: 9.0.1 - property-information: 7.1.0 + property-information: 7.2.0 vfile: 6.0.3 vfile-location: 5.0.3 web-namespaces: 2.0.1 @@ -8675,7 +8706,7 @@ snapshots: hast-util-whitespace: 3.0.0 html-void-elements: 3.0.0 mdast-util-to-hast: 13.2.1 - property-information: 7.1.0 + property-information: 7.2.0 space-separated-tokens: 2.0.2 stringify-entities: 4.0.4 zwitch: 2.0.4 @@ -8685,7 +8716,7 @@ snapshots: '@types/hast': 3.0.4 comma-separated-tokens: 2.0.3 devlop: 1.1.0 - property-information: 7.1.0 + property-information: 7.2.0 space-separated-tokens: 2.0.2 web-namespaces: 2.0.1 zwitch: 2.0.4 @@ -8706,7 +8737,7 @@ snapshots: '@types/hast': 3.0.4 comma-separated-tokens: 2.0.3 hast-util-parse-selector: 4.0.0 - property-information: 7.1.0 + property-information: 7.2.0 space-separated-tokens: 2.0.2 highlight.js@10.7.3: {} @@ -8721,7 +8752,7 @@ snapshots: hosted-git-info@9.0.3: dependencies: - lru-cache: 11.5.0 + lru-cache: 11.5.1 html-escaper@3.0.3: {} @@ -8836,7 +8867,7 @@ snapshots: argparse: 1.0.10 esprima: 4.0.1 - js-yaml@4.1.1: + js-yaml@4.2.0: dependencies: argparse: 2.0.1 @@ -8942,12 +8973,12 @@ snapshots: lightningcss-win32-arm64-msvc: 1.32.0 lightningcss-win32-x64-msvc: 1.32.0 - lint-staged@17.0.5: + lint-staged@17.0.7: dependencies: listr2: 10.2.1 picomatch: 4.0.4 string-argv: 0.3.2 - tinyexec: 1.2.3 + tinyexec: 1.2.4 optionalDependencies: yaml: 2.9.0 @@ -8981,8 +9012,6 @@ snapshots: lru-cache@10.4.3: {} - lru-cache@11.5.0: {} - lru-cache@11.5.1: {} magic-string@0.30.21: @@ -9347,12 +9376,12 @@ snapshots: - bufferutil - utf-8-validate - miniflare@4.20260526.0: + miniflare@4.20260601.0: dependencies: '@cspotcode/source-map-support': 0.8.1 sharp: 0.34.5 undici: 7.24.8 - workerd: 1.20260526.1 + workerd: 1.20260601.1 ws: 8.20.1 youch: 4.1.0-beta.10 transitivePeerDependencies: @@ -9403,7 +9432,7 @@ snapshots: neverthrow@8.2.0: optionalDependencies: - '@rollup/rollup-linux-x64-gnu': 4.60.4 + '@rollup/rollup-linux-x64-gnu': 4.61.0 nlcst-to-string@4.0.0: dependencies: @@ -9487,51 +9516,51 @@ snapshots: outdent@0.5.0: {} - oxfmt@0.52.0: + oxfmt@0.53.0: dependencies: tinypool: 2.1.0 optionalDependencies: - '@oxfmt/binding-android-arm-eabi': 0.52.0 - '@oxfmt/binding-android-arm64': 0.52.0 - '@oxfmt/binding-darwin-arm64': 0.52.0 - '@oxfmt/binding-darwin-x64': 0.52.0 - '@oxfmt/binding-freebsd-x64': 0.52.0 - '@oxfmt/binding-linux-arm-gnueabihf': 0.52.0 - '@oxfmt/binding-linux-arm-musleabihf': 0.52.0 - '@oxfmt/binding-linux-arm64-gnu': 0.52.0 - '@oxfmt/binding-linux-arm64-musl': 0.52.0 - '@oxfmt/binding-linux-ppc64-gnu': 0.52.0 - '@oxfmt/binding-linux-riscv64-gnu': 0.52.0 - '@oxfmt/binding-linux-riscv64-musl': 0.52.0 - '@oxfmt/binding-linux-s390x-gnu': 0.52.0 - '@oxfmt/binding-linux-x64-gnu': 0.52.0 - '@oxfmt/binding-linux-x64-musl': 0.52.0 - '@oxfmt/binding-openharmony-arm64': 0.52.0 - '@oxfmt/binding-win32-arm64-msvc': 0.52.0 - '@oxfmt/binding-win32-ia32-msvc': 0.52.0 - '@oxfmt/binding-win32-x64-msvc': 0.52.0 - - oxlint@1.67.0: + '@oxfmt/binding-android-arm-eabi': 0.53.0 + '@oxfmt/binding-android-arm64': 0.53.0 + '@oxfmt/binding-darwin-arm64': 0.53.0 + '@oxfmt/binding-darwin-x64': 0.53.0 + '@oxfmt/binding-freebsd-x64': 0.53.0 + '@oxfmt/binding-linux-arm-gnueabihf': 0.53.0 + '@oxfmt/binding-linux-arm-musleabihf': 0.53.0 + '@oxfmt/binding-linux-arm64-gnu': 0.53.0 + '@oxfmt/binding-linux-arm64-musl': 0.53.0 + '@oxfmt/binding-linux-ppc64-gnu': 0.53.0 + '@oxfmt/binding-linux-riscv64-gnu': 0.53.0 + '@oxfmt/binding-linux-riscv64-musl': 0.53.0 + '@oxfmt/binding-linux-s390x-gnu': 0.53.0 + '@oxfmt/binding-linux-x64-gnu': 0.53.0 + '@oxfmt/binding-linux-x64-musl': 0.53.0 + '@oxfmt/binding-openharmony-arm64': 0.53.0 + '@oxfmt/binding-win32-arm64-msvc': 0.53.0 + '@oxfmt/binding-win32-ia32-msvc': 0.53.0 + '@oxfmt/binding-win32-x64-msvc': 0.53.0 + + oxlint@1.68.0: optionalDependencies: - '@oxlint/binding-android-arm-eabi': 1.67.0 - '@oxlint/binding-android-arm64': 1.67.0 - '@oxlint/binding-darwin-arm64': 1.67.0 - '@oxlint/binding-darwin-x64': 1.67.0 - '@oxlint/binding-freebsd-x64': 1.67.0 - '@oxlint/binding-linux-arm-gnueabihf': 1.67.0 - '@oxlint/binding-linux-arm-musleabihf': 1.67.0 - '@oxlint/binding-linux-arm64-gnu': 1.67.0 - '@oxlint/binding-linux-arm64-musl': 1.67.0 - '@oxlint/binding-linux-ppc64-gnu': 1.67.0 - '@oxlint/binding-linux-riscv64-gnu': 1.67.0 - '@oxlint/binding-linux-riscv64-musl': 1.67.0 - '@oxlint/binding-linux-s390x-gnu': 1.67.0 - '@oxlint/binding-linux-x64-gnu': 1.67.0 - '@oxlint/binding-linux-x64-musl': 1.67.0 - '@oxlint/binding-openharmony-arm64': 1.67.0 - '@oxlint/binding-win32-arm64-msvc': 1.67.0 - '@oxlint/binding-win32-ia32-msvc': 1.67.0 - '@oxlint/binding-win32-x64-msvc': 1.67.0 + '@oxlint/binding-android-arm-eabi': 1.68.0 + '@oxlint/binding-android-arm64': 1.68.0 + '@oxlint/binding-darwin-arm64': 1.68.0 + '@oxlint/binding-darwin-x64': 1.68.0 + '@oxlint/binding-freebsd-x64': 1.68.0 + '@oxlint/binding-linux-arm-gnueabihf': 1.68.0 + '@oxlint/binding-linux-arm-musleabihf': 1.68.0 + '@oxlint/binding-linux-arm64-gnu': 1.68.0 + '@oxlint/binding-linux-arm64-musl': 1.68.0 + '@oxlint/binding-linux-ppc64-gnu': 1.68.0 + '@oxlint/binding-linux-riscv64-gnu': 1.68.0 + '@oxlint/binding-linux-riscv64-musl': 1.68.0 + '@oxlint/binding-linux-s390x-gnu': 1.68.0 + '@oxlint/binding-linux-x64-gnu': 1.68.0 + '@oxlint/binding-linux-x64-musl': 1.68.0 + '@oxlint/binding-openharmony-arm64': 1.68.0 + '@oxlint/binding-win32-arm64-msvc': 1.68.0 + '@oxlint/binding-win32-ia32-msvc': 1.68.0 + '@oxlint/binding-win32-x64-msvc': 1.68.0 p-filter@2.1.0: dependencies: @@ -9611,7 +9640,7 @@ snapshots: path-scurry@2.0.2: dependencies: - lru-cache: 11.5.0 + lru-cache: 11.5.1 minipass: 7.1.3 path-to-regexp@6.3.0: {} @@ -9664,9 +9693,9 @@ snapshots: retry: 0.12.0 signal-exit: 3.0.7 - property-information@7.1.0: {} + property-information@7.2.0: {} - protobufjs@7.6.1: + protobufjs@7.6.2: dependencies: '@protobufjs/aspromise': 1.1.2 '@protobufjs/base64': 1.1.2 @@ -9875,52 +9904,37 @@ snapshots: '@rolldown/binding-win32-arm64-msvc': 1.0.3 '@rolldown/binding-win32-x64-msvc': 1.0.3 - rollup@4.60.4: + rollup@4.61.0: dependencies: - '@types/estree': 1.0.8 + '@types/estree': 1.0.9 optionalDependencies: - '@rollup/rollup-android-arm-eabi': 4.60.4 - '@rollup/rollup-android-arm64': 4.60.4 - '@rollup/rollup-darwin-arm64': 4.60.4 - '@rollup/rollup-darwin-x64': 4.60.4 - '@rollup/rollup-freebsd-arm64': 4.60.4 - '@rollup/rollup-freebsd-x64': 4.60.4 - '@rollup/rollup-linux-arm-gnueabihf': 4.60.4 - '@rollup/rollup-linux-arm-musleabihf': 4.60.4 - '@rollup/rollup-linux-arm64-gnu': 4.60.4 - '@rollup/rollup-linux-arm64-musl': 4.60.4 - '@rollup/rollup-linux-loong64-gnu': 4.60.4 - '@rollup/rollup-linux-loong64-musl': 4.60.4 - '@rollup/rollup-linux-ppc64-gnu': 4.60.4 - '@rollup/rollup-linux-ppc64-musl': 4.60.4 - '@rollup/rollup-linux-riscv64-gnu': 4.60.4 - '@rollup/rollup-linux-riscv64-musl': 4.60.4 - '@rollup/rollup-linux-s390x-gnu': 4.60.4 - '@rollup/rollup-linux-x64-gnu': 4.60.4 - '@rollup/rollup-linux-x64-musl': 4.60.4 - '@rollup/rollup-openbsd-x64': 4.60.4 - '@rollup/rollup-openharmony-arm64': 4.60.4 - '@rollup/rollup-win32-arm64-msvc': 4.60.4 - '@rollup/rollup-win32-ia32-msvc': 4.60.4 - '@rollup/rollup-win32-x64-gnu': 4.60.4 - '@rollup/rollup-win32-x64-msvc': 4.60.4 + '@rollup/rollup-android-arm-eabi': 4.61.0 + '@rollup/rollup-android-arm64': 4.61.0 + '@rollup/rollup-darwin-arm64': 4.61.0 + '@rollup/rollup-darwin-x64': 4.61.0 + '@rollup/rollup-freebsd-arm64': 4.61.0 + '@rollup/rollup-freebsd-x64': 4.61.0 + '@rollup/rollup-linux-arm-gnueabihf': 4.61.0 + '@rollup/rollup-linux-arm-musleabihf': 4.61.0 + '@rollup/rollup-linux-arm64-gnu': 4.61.0 + '@rollup/rollup-linux-arm64-musl': 4.61.0 + '@rollup/rollup-linux-loong64-gnu': 4.61.0 + '@rollup/rollup-linux-loong64-musl': 4.61.0 + '@rollup/rollup-linux-ppc64-gnu': 4.61.0 + '@rollup/rollup-linux-ppc64-musl': 4.61.0 + '@rollup/rollup-linux-riscv64-gnu': 4.61.0 + '@rollup/rollup-linux-riscv64-musl': 4.61.0 + '@rollup/rollup-linux-s390x-gnu': 4.61.0 + '@rollup/rollup-linux-x64-gnu': 4.61.0 + '@rollup/rollup-linux-x64-musl': 4.61.0 + '@rollup/rollup-openbsd-x64': 4.61.0 + '@rollup/rollup-openharmony-arm64': 4.61.0 + '@rollup/rollup-win32-arm64-msvc': 4.61.0 + '@rollup/rollup-win32-ia32-msvc': 4.61.0 + '@rollup/rollup-win32-x64-gnu': 4.61.0 + '@rollup/rollup-win32-x64-msvc': 4.61.0 fsevents: 2.3.3 - rosie-skills-darwin-arm64@0.6.4: - optional: true - - rosie-skills-freebsd-x64@0.6.4: - optional: true - - rosie-skills-linux-x64@0.6.4: - optional: true - - rosie-skills@0.6.4: - optionalDependencies: - rosie-skills-darwin-arm64: 0.6.4 - rosie-skills-freebsd-x64: 0.6.4 - rosie-skills-linux-x64: 0.6.4 - router@2.2.0: dependencies: debug: 4.4.3 @@ -10019,14 +10033,14 @@ snapshots: shebang-regex@3.0.0: {} - shiki@4.1.0: + shiki@4.2.0: dependencies: - '@shikijs/core': 4.1.0 - '@shikijs/engine-javascript': 4.1.0 - '@shikijs/engine-oniguruma': 4.1.0 - '@shikijs/langs': 4.1.0 - '@shikijs/themes': 4.1.0 - '@shikijs/types': 4.1.0 + '@shikijs/core': 4.2.0 + '@shikijs/engine-javascript': 4.2.0 + '@shikijs/engine-oniguruma': 4.2.0 + '@shikijs/langs': 4.2.0 + '@shikijs/themes': 4.2.0 + '@shikijs/types': 4.2.0 '@shikijs/vscode-textmate': 10.0.2 '@types/hast': 3.0.4 @@ -10175,11 +10189,11 @@ snapshots: tinybench@2.9.0: {} - tinyclip@0.1.13: {} + tinyclip@0.1.14: {} - tinyexec@1.2.3: {} + tinyexec@1.2.4: {} - tinyglobby@0.2.16: + tinyglobby@0.2.17: dependencies: fdir: 6.5.0(picomatch@4.0.4) picomatch: 4.0.4 @@ -10204,7 +10218,7 @@ snapshots: tslib@2.8.1: {} - tsx@4.22.3: + tsx@4.22.4: dependencies: esbuild: 0.28.0 optionalDependencies: @@ -10364,35 +10378,50 @@ snapshots: '@types/unist': 3.0.3 vfile-message: 4.0.3 - vite@7.3.3(@types/node@25.9.1)(jiti@2.7.0)(lightningcss@1.32.0)(tsx@4.22.3)(yaml@2.9.0): + vite@7.3.5(@types/node@25.9.1)(jiti@2.7.0)(lightningcss@1.32.0)(tsx@4.22.4)(yaml@2.9.0): dependencies: esbuild: 0.27.7 fdir: 6.5.0(picomatch@4.0.4) picomatch: 4.0.4 postcss: 8.5.15 - rollup: 4.60.4 - tinyglobby: 0.2.16 + rollup: 4.61.0 + tinyglobby: 0.2.17 optionalDependencies: '@types/node': 25.9.1 fsevents: 2.3.3 jiti: 2.7.0 lightningcss: 1.32.0 - tsx: 4.22.3 + tsx: 4.22.4 yaml: 2.9.0 - vitefu@1.1.3(vite@7.3.3(@types/node@25.9.1)(jiti@2.7.0)(lightningcss@1.32.0)(tsx@4.22.3)(yaml@2.9.0)): + vite@8.0.16(@types/node@25.9.1)(esbuild@0.28.0)(jiti@2.7.0)(tsx@4.22.4)(yaml@2.9.0): + dependencies: + lightningcss: 1.32.0 + picomatch: 4.0.4 + postcss: 8.5.15 + rolldown: 1.0.3 + tinyglobby: 0.2.17 optionalDependencies: - vite: 7.3.3(@types/node@25.9.1)(jiti@2.7.0)(lightningcss@1.32.0)(tsx@4.22.3)(yaml@2.9.0) + '@types/node': 25.9.1 + esbuild: 0.28.0 + fsevents: 2.3.3 + jiti: 2.7.0 + tsx: 4.22.4 + yaml: 2.9.0 - vitest@4.1.7(@types/node@25.9.1)(vite@7.3.3(@types/node@25.9.1)(jiti@2.7.0)(lightningcss@1.32.0)(tsx@4.22.3)(yaml@2.9.0)): + vitefu@1.1.3(vite@7.3.5(@types/node@25.9.1)(jiti@2.7.0)(lightningcss@1.32.0)(tsx@4.22.4)(yaml@2.9.0)): + optionalDependencies: + vite: 7.3.5(@types/node@25.9.1)(jiti@2.7.0)(lightningcss@1.32.0)(tsx@4.22.4)(yaml@2.9.0) + + vitest@4.1.8(@types/node@25.9.1)(vite@8.0.16(@types/node@25.9.1)(esbuild@0.28.0)(jiti@2.7.0)(tsx@4.22.4)(yaml@2.9.0)): dependencies: - '@vitest/expect': 4.1.7 - '@vitest/mocker': 4.1.7(vite@7.3.3(@types/node@25.9.1)(jiti@2.7.0)(lightningcss@1.32.0)(tsx@4.22.3)(yaml@2.9.0)) - '@vitest/pretty-format': 4.1.7 - '@vitest/runner': 4.1.7 - '@vitest/snapshot': 4.1.7 - '@vitest/spy': 4.1.7 - '@vitest/utils': 4.1.7 + '@vitest/expect': 4.1.8 + '@vitest/mocker': 4.1.8(vite@8.0.16(@types/node@25.9.1)(esbuild@0.28.0)(jiti@2.7.0)(tsx@4.22.4)(yaml@2.9.0)) + '@vitest/pretty-format': 4.1.8 + '@vitest/runner': 4.1.8 + '@vitest/snapshot': 4.1.8 + '@vitest/spy': 4.1.8 + '@vitest/utils': 4.1.8 es-module-lexer: 2.1.0 expect-type: 1.3.0 magic-string: 0.30.21 @@ -10401,10 +10430,10 @@ snapshots: picomatch: 4.0.4 std-env: 4.1.0 tinybench: 2.9.0 - tinyexec: 1.2.3 - tinyglobby: 0.2.16 + tinyexec: 1.2.4 + tinyglobby: 0.2.17 tinyrainbow: 3.1.0 - vite: 7.3.3(@types/node@25.9.1)(jiti@2.7.0)(lightningcss@1.32.0)(tsx@4.22.3)(yaml@2.9.0) + vite: 8.0.16(@types/node@25.9.1)(esbuild@0.28.0)(jiti@2.7.0)(tsx@4.22.4)(yaml@2.9.0) why-is-node-running: 2.3.0 optionalDependencies: '@types/node': 25.9.1 @@ -10478,14 +10507,14 @@ snapshots: dependencies: '@vscode/l10n': 0.0.18 vscode-languageserver-textdocument: 1.0.12 - vscode-languageserver-types: 3.17.5 + vscode-languageserver-types: 3.18.0 vscode-uri: 3.1.0 vscode-json-languageservice@4.1.8: dependencies: jsonc-parser: 3.3.1 vscode-languageserver-textdocument: 1.0.12 - vscode-languageserver-types: 3.17.5 + vscode-languageserver-types: 3.18.0 vscode-nls: 5.2.0 vscode-uri: 3.1.0 @@ -10500,6 +10529,8 @@ snapshots: vscode-languageserver-types@3.17.5: {} + vscode-languageserver-types@3.18.0: {} + vscode-languageserver@9.0.1: dependencies: vscode-languageserver-protocol: 3.17.5 @@ -10531,27 +10562,26 @@ snapshots: '@cloudflare/workerd-linux-arm64': 1.20260424.1 '@cloudflare/workerd-windows-64': 1.20260424.1 - workerd@1.20260526.1: + workerd@1.20260601.1: optionalDependencies: - '@cloudflare/workerd-darwin-64': 1.20260526.1 - '@cloudflare/workerd-darwin-arm64': 1.20260526.1 - '@cloudflare/workerd-linux-64': 1.20260526.1 - '@cloudflare/workerd-linux-arm64': 1.20260526.1 - '@cloudflare/workerd-windows-64': 1.20260526.1 + '@cloudflare/workerd-darwin-64': 1.20260601.1 + '@cloudflare/workerd-darwin-arm64': 1.20260601.1 + '@cloudflare/workerd-linux-64': 1.20260601.1 + '@cloudflare/workerd-linux-arm64': 1.20260601.1 + '@cloudflare/workerd-windows-64': 1.20260601.1 - wrangler@4.95.0(@cloudflare/workers-types@4.20260529.1): + wrangler@4.97.0(@cloudflare/workers-types@4.20260603.1): dependencies: '@cloudflare/kv-asset-handler': 0.5.0 - '@cloudflare/unenv-preset': 2.16.1(unenv@2.0.0-rc.24)(workerd@1.20260526.1) + '@cloudflare/unenv-preset': 2.16.1(unenv@2.0.0-rc.24)(workerd@1.20260601.1) blake3-wasm: 2.1.5 esbuild: 0.27.3 - miniflare: 4.20260526.0 + miniflare: 4.20260601.0 path-to-regexp: 6.3.0 - rosie-skills: 0.6.4 unenv: 2.0.0-rc.24 - workerd: 1.20260526.1 + workerd: 1.20260601.1 optionalDependencies: - '@cloudflare/workers-types': 4.20260529.1 + '@cloudflare/workers-types': 4.20260603.1 fsevents: 2.3.3 transitivePeerDependencies: - bufferutil @@ -10609,7 +10639,7 @@ snapshots: vscode-json-languageservice: 4.1.8 vscode-languageserver: 9.0.1 vscode-languageserver-textdocument: 1.0.12 - vscode-languageserver-types: 3.17.5 + vscode-languageserver-types: 3.18.0 vscode-uri: 3.1.0 yaml: 2.7.1 diff --git a/schemas/caplet.schema.json b/schemas/caplet.schema.json index 6d75922..a8f8b41 100644 --- a/schemas/caplet.schema.json +++ b/schemas/caplet.schema.json @@ -29,6 +29,153 @@ "maxLength": 80 } }, + "setup": { + "type": "object", + "properties": { + "commands": { + "type": "array", + "items": { + "type": "object", + "properties": { + "label": { + "type": "string", + "minLength": 1, + "description": "Human-readable setup or verification step label." + }, + "command": { + "type": "string", + "minLength": 1, + "description": "Executable command to spawn without a shell." + }, + "args": { + "description": "Arguments passed to the command.", + "type": "array", + "items": { + "type": "string" + } + }, + "env": { + "description": "Additional environment variables.", + "type": "object", + "propertyNames": { + "type": "string" + }, + "additionalProperties": { + "type": "string" + } + }, + "cwd": { + "description": "Working directory for this command.", + "type": "string", + "minLength": 1 + }, + "timeoutMs": { + "type": "integer", + "exclusiveMinimum": 0, + "maximum": 9007199254740991 + }, + "maxOutputBytes": { + "type": "integer", + "exclusiveMinimum": 0, + "maximum": 9007199254740991 + } + }, + "required": ["label", "command"], + "additionalProperties": false + } + }, + "verify": { + "type": "array", + "items": { + "type": "object", + "properties": { + "label": { + "type": "string", + "minLength": 1, + "description": "Human-readable setup or verification step label." + }, + "command": { + "type": "string", + "minLength": 1, + "description": "Executable command to spawn without a shell." + }, + "args": { + "description": "Arguments passed to the command.", + "type": "array", + "items": { + "type": "string" + } + }, + "env": { + "description": "Additional environment variables.", + "type": "object", + "propertyNames": { + "type": "string" + }, + "additionalProperties": { + "type": "string" + } + }, + "cwd": { + "description": "Working directory for this command.", + "type": "string", + "minLength": 1 + }, + "timeoutMs": { + "type": "integer", + "exclusiveMinimum": 0, + "maximum": 9007199254740991 + }, + "maxOutputBytes": { + "type": "integer", + "exclusiveMinimum": 0, + "maximum": 9007199254740991 + } + }, + "required": ["label", "command"], + "additionalProperties": false + } + } + }, + "additionalProperties": false, + "description": "Optional explicit setup and verification metadata for this Caplet." + }, + "projectBinding": { + "type": "object", + "properties": { + "required": { + "type": "boolean", + "const": true + } + }, + "required": ["required"], + "additionalProperties": false, + "description": "Project Binding requirements for Caplets that need an attached project." + }, + "runtime": { + "type": "object", + "properties": { + "features": { + "type": "array", + "items": { + "type": "string", + "enum": ["docker", "browser"] + } + }, + "resources": { + "type": "object", + "properties": { + "class": { + "type": "string", + "enum": ["standard", "large", "heavy"] + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false, + "description": "Runtime feature and resource requirements for hosted execution." + }, "mcpServer": { "type": "object", "properties": { @@ -258,6 +405,42 @@ "disabled": { "description": "When true, omit this Caplet from discovery and do not start its MCP server.", "type": "boolean" + }, + "projectBinding": { + "type": "object", + "properties": { + "required": { + "type": "boolean", + "const": true + } + }, + "required": ["required"], + "additionalProperties": false, + "description": "Project Binding requirements for Caplets that need an attached project." + }, + "runtime": { + "type": "object", + "properties": { + "features": { + "type": "array", + "items": { + "type": "string", + "enum": ["docker", "browser"] + } + }, + "resources": { + "type": "object", + "properties": { + "class": { + "type": "string", + "enum": ["standard", "large", "heavy"] + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false, + "description": "Runtime feature and resource requirements for hosted execution." } }, "additionalProperties": false, @@ -464,6 +647,42 @@ "disabled": { "description": "When true, omit this Caplet from discovery.", "type": "boolean" + }, + "projectBinding": { + "type": "object", + "properties": { + "required": { + "type": "boolean", + "const": true + } + }, + "required": ["required"], + "additionalProperties": false, + "description": "Project Binding requirements for Caplets that need an attached project." + }, + "runtime": { + "type": "object", + "properties": { + "features": { + "type": "array", + "items": { + "type": "string", + "enum": ["docker", "browser"] + } + }, + "resources": { + "type": "object", + "properties": { + "class": { + "type": "string", + "enum": ["standard", "large", "heavy"] + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false, + "description": "Runtime feature and resource requirements for hosted execution." } }, "required": ["auth"], @@ -716,6 +935,42 @@ "disabled": { "description": "When true, omit this Caplet from discovery.", "type": "boolean" + }, + "projectBinding": { + "type": "object", + "properties": { + "required": { + "type": "boolean", + "const": true + } + }, + "required": ["required"], + "additionalProperties": false, + "description": "Project Binding requirements for Caplets that need an attached project." + }, + "runtime": { + "type": "object", + "properties": { + "features": { + "type": "array", + "items": { + "type": "string", + "enum": ["docker", "browser"] + } + }, + "resources": { + "type": "object", + "properties": { + "class": { + "type": "string", + "enum": ["standard", "large", "heavy"] + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false, + "description": "Runtime feature and resource requirements for hosted execution." } }, "required": ["endpointUrl", "auth"], @@ -998,6 +1253,42 @@ "disabled": { "description": "When true, omit this Caplet from discovery.", "type": "boolean" + }, + "projectBinding": { + "type": "object", + "properties": { + "required": { + "type": "boolean", + "const": true + } + }, + "required": ["required"], + "additionalProperties": false, + "description": "Project Binding requirements for Caplets that need an attached project." + }, + "runtime": { + "type": "object", + "properties": { + "features": { + "type": "array", + "items": { + "type": "string", + "enum": ["docker", "browser"] + } + }, + "resources": { + "type": "object", + "properties": { + "class": { + "type": "string", + "enum": ["standard", "large", "heavy"] + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false, + "description": "Runtime feature and resource requirements for hosted execution." } }, "required": ["baseUrl", "auth", "actions"], @@ -1137,6 +1428,42 @@ "disabled": { "description": "When true, omit this Caplet from discovery.", "type": "boolean" + }, + "projectBinding": { + "type": "object", + "properties": { + "required": { + "type": "boolean", + "const": true + } + }, + "required": ["required"], + "additionalProperties": false, + "description": "Project Binding requirements for Caplets that need an attached project." + }, + "runtime": { + "type": "object", + "properties": { + "features": { + "type": "array", + "items": { + "type": "string", + "enum": ["docker", "browser"] + } + }, + "resources": { + "type": "object", + "properties": { + "class": { + "type": "string", + "enum": ["standard", "large", "heavy"] + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false, + "description": "Runtime feature and resource requirements for hosted execution." } }, "required": ["actions"], @@ -1174,6 +1501,42 @@ "disabled": { "description": "When true, omit this Caplet from discovery.", "type": "boolean" + }, + "projectBinding": { + "type": "object", + "properties": { + "required": { + "type": "boolean", + "const": true + } + }, + "required": ["required"], + "additionalProperties": false, + "description": "Project Binding requirements for Caplets that need an attached project." + }, + "runtime": { + "type": "object", + "properties": { + "features": { + "type": "array", + "items": { + "type": "string", + "enum": ["docker", "browser"] + } + }, + "resources": { + "type": "object", + "properties": { + "class": { + "type": "string", + "enum": ["standard", "large", "heavy"] + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false, + "description": "Runtime feature and resource requirements for hosted execution." } }, "additionalProperties": false, diff --git a/schemas/caplets-config.schema.json b/schemas/caplets-config.schema.json index 645b252..399c2aa 100644 --- a/schemas/caplets-config.schema.json +++ b/schemas/caplets-config.schema.json @@ -301,6 +301,156 @@ "maxLength": 80 } }, + "setup": { + "type": "object", + "properties": { + "commands": { + "type": "array", + "items": { + "type": "object", + "properties": { + "label": { + "type": "string", + "minLength": 1, + "description": "Human-readable setup or verification step label." + }, + "command": { + "type": "string", + "minLength": 1, + "description": "Executable command to spawn without a shell." + }, + "args": { + "description": "Arguments passed to the command.", + "type": "array", + "items": { + "type": "string" + } + }, + "env": { + "description": "Additional environment variables.", + "type": "object", + "propertyNames": { + "type": "string" + }, + "additionalProperties": { + "type": "string" + } + }, + "cwd": { + "description": "Working directory for this command.", + "type": "string", + "minLength": 1 + }, + "timeoutMs": { + "type": "integer", + "exclusiveMinimum": 0, + "maximum": 9007199254740991 + }, + "maxOutputBytes": { + "type": "integer", + "exclusiveMinimum": 0, + "maximum": 9007199254740991 + } + }, + "required": ["label", "command"], + "additionalProperties": false + } + }, + "verify": { + "type": "array", + "items": { + "type": "object", + "properties": { + "label": { + "type": "string", + "minLength": 1, + "description": "Human-readable setup or verification step label." + }, + "command": { + "type": "string", + "minLength": 1, + "description": "Executable command to spawn without a shell." + }, + "args": { + "description": "Arguments passed to the command.", + "type": "array", + "items": { + "type": "string" + } + }, + "env": { + "description": "Additional environment variables.", + "type": "object", + "propertyNames": { + "type": "string" + }, + "additionalProperties": { + "type": "string" + } + }, + "cwd": { + "description": "Working directory for this command.", + "type": "string", + "minLength": 1 + }, + "timeoutMs": { + "type": "integer", + "exclusiveMinimum": 0, + "maximum": 9007199254740991 + }, + "maxOutputBytes": { + "type": "integer", + "exclusiveMinimum": 0, + "maximum": 9007199254740991 + } + }, + "required": ["label", "command"], + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "projectBinding": { + "type": "object", + "properties": { + "required": { + "type": "boolean", + "const": true, + "description": "Requires Project Binding before this Caplet can run." + } + }, + "required": ["required"], + "additionalProperties": false, + "description": "Project Binding requirements for Caplets that need an attached project." + }, + "runtime": { + "type": "object", + "properties": { + "features": { + "type": "array", + "items": { + "type": "string", + "enum": ["docker", "browser"] + }, + "description": "Runtime features required by this Caplet." + }, + "resources": { + "description": "Hosted sandbox resource requirements.", + "type": "object", + "properties": { + "class": { + "description": "Requested hosted sandbox resource class.", + "type": "string", + "enum": ["standard", "large", "heavy"] + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false, + "description": "Runtime feature and resource requirements for hosted execution." + }, "startupTimeoutMs": { "default": 10000, "description": "Timeout in milliseconds for starting or checking a downstream server.", @@ -544,6 +694,156 @@ "maxLength": 80 } }, + "setup": { + "type": "object", + "properties": { + "commands": { + "type": "array", + "items": { + "type": "object", + "properties": { + "label": { + "type": "string", + "minLength": 1, + "description": "Human-readable setup or verification step label." + }, + "command": { + "type": "string", + "minLength": 1, + "description": "Executable command to spawn without a shell." + }, + "args": { + "description": "Arguments passed to the command.", + "type": "array", + "items": { + "type": "string" + } + }, + "env": { + "description": "Additional environment variables.", + "type": "object", + "propertyNames": { + "type": "string" + }, + "additionalProperties": { + "type": "string" + } + }, + "cwd": { + "description": "Working directory for this command.", + "type": "string", + "minLength": 1 + }, + "timeoutMs": { + "type": "integer", + "exclusiveMinimum": 0, + "maximum": 9007199254740991 + }, + "maxOutputBytes": { + "type": "integer", + "exclusiveMinimum": 0, + "maximum": 9007199254740991 + } + }, + "required": ["label", "command"], + "additionalProperties": false + } + }, + "verify": { + "type": "array", + "items": { + "type": "object", + "properties": { + "label": { + "type": "string", + "minLength": 1, + "description": "Human-readable setup or verification step label." + }, + "command": { + "type": "string", + "minLength": 1, + "description": "Executable command to spawn without a shell." + }, + "args": { + "description": "Arguments passed to the command.", + "type": "array", + "items": { + "type": "string" + } + }, + "env": { + "description": "Additional environment variables.", + "type": "object", + "propertyNames": { + "type": "string" + }, + "additionalProperties": { + "type": "string" + } + }, + "cwd": { + "description": "Working directory for this command.", + "type": "string", + "minLength": 1 + }, + "timeoutMs": { + "type": "integer", + "exclusiveMinimum": 0, + "maximum": 9007199254740991 + }, + "maxOutputBytes": { + "type": "integer", + "exclusiveMinimum": 0, + "maximum": 9007199254740991 + } + }, + "required": ["label", "command"], + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "projectBinding": { + "type": "object", + "properties": { + "required": { + "type": "boolean", + "const": true, + "description": "Requires Project Binding before this Caplet can run." + } + }, + "required": ["required"], + "additionalProperties": false, + "description": "Project Binding requirements for Caplets that need an attached project." + }, + "runtime": { + "type": "object", + "properties": { + "features": { + "type": "array", + "items": { + "type": "string", + "enum": ["docker", "browser"] + }, + "description": "Runtime features required by this Caplet." + }, + "resources": { + "description": "Hosted sandbox resource requirements.", + "type": "object", + "properties": { + "class": { + "description": "Requested hosted sandbox resource class.", + "type": "string", + "enum": ["standard", "large", "heavy"] + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false, + "description": "Runtime feature and resource requirements for hosted execution." + }, "requestTimeoutMs": { "default": 60000, "description": "Timeout in milliseconds for OpenAPI HTTP requests.", @@ -819,6 +1119,156 @@ "maxLength": 80 } }, + "setup": { + "type": "object", + "properties": { + "commands": { + "type": "array", + "items": { + "type": "object", + "properties": { + "label": { + "type": "string", + "minLength": 1, + "description": "Human-readable setup or verification step label." + }, + "command": { + "type": "string", + "minLength": 1, + "description": "Executable command to spawn without a shell." + }, + "args": { + "description": "Arguments passed to the command.", + "type": "array", + "items": { + "type": "string" + } + }, + "env": { + "description": "Additional environment variables.", + "type": "object", + "propertyNames": { + "type": "string" + }, + "additionalProperties": { + "type": "string" + } + }, + "cwd": { + "description": "Working directory for this command.", + "type": "string", + "minLength": 1 + }, + "timeoutMs": { + "type": "integer", + "exclusiveMinimum": 0, + "maximum": 9007199254740991 + }, + "maxOutputBytes": { + "type": "integer", + "exclusiveMinimum": 0, + "maximum": 9007199254740991 + } + }, + "required": ["label", "command"], + "additionalProperties": false + } + }, + "verify": { + "type": "array", + "items": { + "type": "object", + "properties": { + "label": { + "type": "string", + "minLength": 1, + "description": "Human-readable setup or verification step label." + }, + "command": { + "type": "string", + "minLength": 1, + "description": "Executable command to spawn without a shell." + }, + "args": { + "description": "Arguments passed to the command.", + "type": "array", + "items": { + "type": "string" + } + }, + "env": { + "description": "Additional environment variables.", + "type": "object", + "propertyNames": { + "type": "string" + }, + "additionalProperties": { + "type": "string" + } + }, + "cwd": { + "description": "Working directory for this command.", + "type": "string", + "minLength": 1 + }, + "timeoutMs": { + "type": "integer", + "exclusiveMinimum": 0, + "maximum": 9007199254740991 + }, + "maxOutputBytes": { + "type": "integer", + "exclusiveMinimum": 0, + "maximum": 9007199254740991 + } + }, + "required": ["label", "command"], + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "projectBinding": { + "type": "object", + "properties": { + "required": { + "type": "boolean", + "const": true, + "description": "Requires Project Binding before this Caplet can run." + } + }, + "required": ["required"], + "additionalProperties": false, + "description": "Project Binding requirements for Caplets that need an attached project." + }, + "runtime": { + "type": "object", + "properties": { + "features": { + "type": "array", + "items": { + "type": "string", + "enum": ["docker", "browser"] + }, + "description": "Runtime features required by this Caplet." + }, + "resources": { + "description": "Hosted sandbox resource requirements.", + "type": "object", + "properties": { + "class": { + "description": "Requested hosted sandbox resource class.", + "type": "string", + "enum": ["standard", "large", "heavy"] + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false, + "description": "Runtime feature and resource requirements for hosted execution." + }, "requestTimeoutMs": { "default": 60000, "description": "Timeout in milliseconds for GraphQL HTTP requests.", @@ -1144,6 +1594,156 @@ "maxLength": 80 } }, + "setup": { + "type": "object", + "properties": { + "commands": { + "type": "array", + "items": { + "type": "object", + "properties": { + "label": { + "type": "string", + "minLength": 1, + "description": "Human-readable setup or verification step label." + }, + "command": { + "type": "string", + "minLength": 1, + "description": "Executable command to spawn without a shell." + }, + "args": { + "description": "Arguments passed to the command.", + "type": "array", + "items": { + "type": "string" + } + }, + "env": { + "description": "Additional environment variables.", + "type": "object", + "propertyNames": { + "type": "string" + }, + "additionalProperties": { + "type": "string" + } + }, + "cwd": { + "description": "Working directory for this command.", + "type": "string", + "minLength": 1 + }, + "timeoutMs": { + "type": "integer", + "exclusiveMinimum": 0, + "maximum": 9007199254740991 + }, + "maxOutputBytes": { + "type": "integer", + "exclusiveMinimum": 0, + "maximum": 9007199254740991 + } + }, + "required": ["label", "command"], + "additionalProperties": false + } + }, + "verify": { + "type": "array", + "items": { + "type": "object", + "properties": { + "label": { + "type": "string", + "minLength": 1, + "description": "Human-readable setup or verification step label." + }, + "command": { + "type": "string", + "minLength": 1, + "description": "Executable command to spawn without a shell." + }, + "args": { + "description": "Arguments passed to the command.", + "type": "array", + "items": { + "type": "string" + } + }, + "env": { + "description": "Additional environment variables.", + "type": "object", + "propertyNames": { + "type": "string" + }, + "additionalProperties": { + "type": "string" + } + }, + "cwd": { + "description": "Working directory for this command.", + "type": "string", + "minLength": 1 + }, + "timeoutMs": { + "type": "integer", + "exclusiveMinimum": 0, + "maximum": 9007199254740991 + }, + "maxOutputBytes": { + "type": "integer", + "exclusiveMinimum": 0, + "maximum": 9007199254740991 + } + }, + "required": ["label", "command"], + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "projectBinding": { + "type": "object", + "properties": { + "required": { + "type": "boolean", + "const": true, + "description": "Requires Project Binding before this Caplet can run." + } + }, + "required": ["required"], + "additionalProperties": false, + "description": "Project Binding requirements for Caplets that need an attached project." + }, + "runtime": { + "type": "object", + "properties": { + "features": { + "type": "array", + "items": { + "type": "string", + "enum": ["docker", "browser"] + }, + "description": "Runtime features required by this Caplet." + }, + "resources": { + "description": "Hosted sandbox resource requirements.", + "type": "object", + "properties": { + "class": { + "description": "Requested hosted sandbox resource class.", + "type": "string", + "enum": ["standard", "large", "heavy"] + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false, + "description": "Runtime feature and resource requirements for hosted execution." + }, "requestTimeoutMs": { "default": 60000, "description": "Timeout in milliseconds for HTTP action requests.", @@ -1318,6 +1918,156 @@ "maxLength": 80 } }, + "setup": { + "type": "object", + "properties": { + "commands": { + "type": "array", + "items": { + "type": "object", + "properties": { + "label": { + "type": "string", + "minLength": 1, + "description": "Human-readable setup or verification step label." + }, + "command": { + "type": "string", + "minLength": 1, + "description": "Executable command to spawn without a shell." + }, + "args": { + "description": "Arguments passed to the command.", + "type": "array", + "items": { + "type": "string" + } + }, + "env": { + "description": "Additional environment variables.", + "type": "object", + "propertyNames": { + "type": "string" + }, + "additionalProperties": { + "type": "string" + } + }, + "cwd": { + "description": "Working directory for this command.", + "type": "string", + "minLength": 1 + }, + "timeoutMs": { + "type": "integer", + "exclusiveMinimum": 0, + "maximum": 9007199254740991 + }, + "maxOutputBytes": { + "type": "integer", + "exclusiveMinimum": 0, + "maximum": 9007199254740991 + } + }, + "required": ["label", "command"], + "additionalProperties": false + } + }, + "verify": { + "type": "array", + "items": { + "type": "object", + "properties": { + "label": { + "type": "string", + "minLength": 1, + "description": "Human-readable setup or verification step label." + }, + "command": { + "type": "string", + "minLength": 1, + "description": "Executable command to spawn without a shell." + }, + "args": { + "description": "Arguments passed to the command.", + "type": "array", + "items": { + "type": "string" + } + }, + "env": { + "description": "Additional environment variables.", + "type": "object", + "propertyNames": { + "type": "string" + }, + "additionalProperties": { + "type": "string" + } + }, + "cwd": { + "description": "Working directory for this command.", + "type": "string", + "minLength": 1 + }, + "timeoutMs": { + "type": "integer", + "exclusiveMinimum": 0, + "maximum": 9007199254740991 + }, + "maxOutputBytes": { + "type": "integer", + "exclusiveMinimum": 0, + "maximum": 9007199254740991 + } + }, + "required": ["label", "command"], + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "projectBinding": { + "type": "object", + "properties": { + "required": { + "type": "boolean", + "const": true, + "description": "Requires Project Binding before this Caplet can run." + } + }, + "required": ["required"], + "additionalProperties": false, + "description": "Project Binding requirements for Caplets that need an attached project." + }, + "runtime": { + "type": "object", + "properties": { + "features": { + "type": "array", + "items": { + "type": "string", + "enum": ["docker", "browser"] + }, + "description": "Runtime features required by this Caplet." + }, + "resources": { + "description": "Hosted sandbox resource requirements.", + "type": "object", + "properties": { + "class": { + "description": "Requested hosted sandbox resource class.", + "type": "string", + "enum": ["standard", "large", "heavy"] + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false, + "description": "Runtime feature and resource requirements for hosted execution." + }, "timeoutMs": { "default": 60000, "description": "Default timeout in milliseconds for CLI actions.", @@ -1402,6 +2152,156 @@ "maxLength": 80 } }, + "setup": { + "type": "object", + "properties": { + "commands": { + "type": "array", + "items": { + "type": "object", + "properties": { + "label": { + "type": "string", + "minLength": 1, + "description": "Human-readable setup or verification step label." + }, + "command": { + "type": "string", + "minLength": 1, + "description": "Executable command to spawn without a shell." + }, + "args": { + "description": "Arguments passed to the command.", + "type": "array", + "items": { + "type": "string" + } + }, + "env": { + "description": "Additional environment variables.", + "type": "object", + "propertyNames": { + "type": "string" + }, + "additionalProperties": { + "type": "string" + } + }, + "cwd": { + "description": "Working directory for this command.", + "type": "string", + "minLength": 1 + }, + "timeoutMs": { + "type": "integer", + "exclusiveMinimum": 0, + "maximum": 9007199254740991 + }, + "maxOutputBytes": { + "type": "integer", + "exclusiveMinimum": 0, + "maximum": 9007199254740991 + } + }, + "required": ["label", "command"], + "additionalProperties": false + } + }, + "verify": { + "type": "array", + "items": { + "type": "object", + "properties": { + "label": { + "type": "string", + "minLength": 1, + "description": "Human-readable setup or verification step label." + }, + "command": { + "type": "string", + "minLength": 1, + "description": "Executable command to spawn without a shell." + }, + "args": { + "description": "Arguments passed to the command.", + "type": "array", + "items": { + "type": "string" + } + }, + "env": { + "description": "Additional environment variables.", + "type": "object", + "propertyNames": { + "type": "string" + }, + "additionalProperties": { + "type": "string" + } + }, + "cwd": { + "description": "Working directory for this command.", + "type": "string", + "minLength": 1 + }, + "timeoutMs": { + "type": "integer", + "exclusiveMinimum": 0, + "maximum": 9007199254740991 + }, + "maxOutputBytes": { + "type": "integer", + "exclusiveMinimum": 0, + "maximum": 9007199254740991 + } + }, + "required": ["label", "command"], + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "projectBinding": { + "type": "object", + "properties": { + "required": { + "type": "boolean", + "const": true, + "description": "Requires Project Binding before this Caplet can run." + } + }, + "required": ["required"], + "additionalProperties": false, + "description": "Project Binding requirements for Caplets that need an attached project." + }, + "runtime": { + "type": "object", + "properties": { + "features": { + "type": "array", + "items": { + "type": "string", + "enum": ["docker", "browser"] + }, + "description": "Runtime features required by this Caplet." + }, + "resources": { + "description": "Hosted sandbox resource requirements.", + "type": "object", + "properties": { + "class": { + "description": "Requested hosted sandbox resource class.", + "type": "string", + "enum": ["standard", "large", "heavy"] + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false, + "description": "Runtime feature and resource requirements for hosted execution." + }, "disabled": { "default": false, "description": "When true, omit this Caplet set.", diff --git a/scripts/alchemy-runner.test.ts b/scripts/alchemy-runner.test.ts deleted file mode 100644 index f7227b6..0000000 --- a/scripts/alchemy-runner.test.ts +++ /dev/null @@ -1,14 +0,0 @@ -import { expect, test } from "vitest"; -import { fileURLToPath } from "node:url"; - -import { buildNodeOptions } from "./alchemy-runner"; - -const shimPath = fileURLToPath(new URL("./alchemy-fetch-compat.ts", import.meta.url)); - -test("Alchemy runner injects fetch shim through NODE_OPTIONS for child processes", () => { - expect(buildNodeOptions(undefined)).toBe(`--import=${shimPath}`); -}); - -test("Alchemy runner preserves existing NODE_OPTIONS after the fetch shim", () => { - expect(buildNodeOptions("--trace-warnings")).toBe(`--import=${shimPath} --trace-warnings`); -}); diff --git a/scripts/dev.ts b/scripts/dev.ts index bd8d979..76816a0 100644 --- a/scripts/dev.ts +++ b/scripts/dev.ts @@ -3,6 +3,8 @@ import { watch } from "rolldown"; import cliConfig from "../packages/cli/rolldown.config"; import coreConfig from "../packages/core/rolldown.config"; +const coreNodeConfig = Array.isArray(coreConfig) ? coreConfig[0]! : coreConfig; + let child: ChildProcess | null = null; let starting = false; @@ -31,10 +33,10 @@ function startServer() { const watcher = watch([ { - ...coreConfig, + ...coreNodeConfig, input: "./packages/core/src/index.ts", output: { - ...coreConfig.output, + ...coreNodeConfig.output, dir: "./packages/core/dist", }, }, diff --git a/scripts/mutagen-probe.test.ts b/scripts/mutagen-probe.test.ts new file mode 100644 index 0000000..ffec24a --- /dev/null +++ b/scripts/mutagen-probe.test.ts @@ -0,0 +1,23 @@ +import { describe, expect, it } from "vitest"; +import { mutagenBuildIsAllowed, parseMutagenVersionOutput } from "./mutagen-probe"; + +describe("mutagen probe", () => { + it("parses version output with license metadata", () => { + const output = ["Mutagen version 0.18.1", "Build type: release", "License profile: mit"].join( + "\n", + ); + + expect(parseMutagenVersionOutput(output)).toEqual({ + version: "0.18.1", + licenseProfile: "mit", + }); + }); + + it("rejects SSPL builds for bundled hosted product use", () => { + expect(mutagenBuildIsAllowed({ version: "0.18.1", licenseProfile: "sspl" })).toBe(false); + }); + + it("accepts MIT-only builds", () => { + expect(mutagenBuildIsAllowed({ version: "0.18.1", licenseProfile: "mit" })).toBe(true); + }); +}); diff --git a/scripts/mutagen-probe.ts b/scripts/mutagen-probe.ts new file mode 100644 index 0000000..012dd51 --- /dev/null +++ b/scripts/mutagen-probe.ts @@ -0,0 +1,19 @@ +export type MutagenBuildInfo = { + version: string; + licenseProfile: "mit" | "sspl" | "unknown"; +}; + +export function parseMutagenVersionOutput(output: string): MutagenBuildInfo { + const version = output.match(/Mutagen version\s+([^\s]+)/u)?.[1] ?? "unknown"; + const normalized = output.toLowerCase(); + const licenseProfile = normalized.includes("license profile: mit") + ? "mit" + : normalized.includes("license profile: sspl") + ? "sspl" + : "unknown"; + return { version, licenseProfile }; +} + +export function mutagenBuildIsAllowed(info: MutagenBuildInfo): boolean { + return info.licenseProfile === "mit"; +} diff --git a/scripts/sync-plugin-versions.ts b/scripts/sync-plugin-versions.ts deleted file mode 100644 index 9a282ac..0000000 --- a/scripts/sync-plugin-versions.ts +++ /dev/null @@ -1,26 +0,0 @@ -import { readFile, writeFile } from "node:fs/promises"; - -async function readJson(filePath: string) { - try { - return JSON.parse(await readFile(filePath, "utf8")); - } catch (error) { - throw new Error(`Could not parse JSON at ${filePath}`, { cause: error }); - } -} - -const cliPackage = await readJson("packages/cli/package.json"); - -for (const manifestPath of [ - "plugins/caplets/.codex-plugin/plugin.json", - "plugins/caplets/.claude-plugin/plugin.json", -]) { - const manifest = await readJson(manifestPath); - - if (typeof manifest.version !== "string") { - throw new Error(`Could not find version field in ${manifestPath}`); - } - - manifest.version = cliPackage.version; - - await writeFile(manifestPath, `${JSON.stringify(manifest, null, 2)}\n`); -} diff --git a/tsconfig.json b/tsconfig.json index 0dbf657..1748f7a 100644 --- a/tsconfig.json +++ b/tsconfig.json @@ -1,4 +1,7 @@ { "extends": "./packages/core/tsconfig.json", + "compilerOptions": { + "allowImportingTsExtensions": true + }, "exclude": ["node_modules", ".turbo", "dist", "apps", "packages", "tools"] } diff --git a/vitest.config.ts b/vitest.config.ts index 7ae22ff..7021603 100644 --- a/vitest.config.ts +++ b/vitest.config.ts @@ -5,8 +5,8 @@ export default defineConfig({ projects: [ { test: { - name: "scripts", - include: ["scripts/**/*.test.ts"], + name: "root", + include: ["infra/**/*.test.ts", "scripts/**/*.test.ts"], }, }, "apps/*",