Lines 311-352javascript
312 if (keylogText !== null) {
313 const parsed = parseKeylogRaw(keylogText);
314 if (parsed.err) throw new Error('refusing to publish the key log: ' + parsed.err);
315 const chainErr = validateKeylogChain(doc, parsed.entries);
316 if (chainErr) throw new Error('refusing to publish the key log: ' + chainErr);
317 entries = parsed.entries;
319 return { doc, genHash: P.contentHash(doc), entries };
322export async function wranglerDeploy({ domain, genesisText, keylogText = null, execImpl = null, writeImpl = null }) {
323 const { genHash } = validatePublishInputs({ domain, genesisText, keylogText });
324 const files = buildWranglerProject({ domain, genesisText, keylogText });
325 const { mkdtempSync } = await import('node:fs');
326 const { tmpdir } = await import('node:os');
327 const { join } = await import('node:path');
328 const dir = mkdtempSync(join(tmpdir(), 'ust-cf-'));
329 const write = writeImpl ?? ((p, c) => writeFileSync(p, c));
330 for (const [name, content] of Object.entries(files)) write(join(dir, name), content);
331 const exec = execImpl ?? (async (cwd) => {
332 const { spawnSync } = await import('node:child_process');
333 const r = spawnSync('npx', ['wrangler', 'deploy'], { cwd, stdio: 'inherit' });
334 return r.status ?? 1;
HighRuntime Package Install
Package source invokes a package manager install command at runtime.
index.mjsView on unpkg · L332 336 const code = await exec(dir);
337 if (code !== 0) throw new Error('wrangler deploy failed (not logged in? run the MINIMAL-scope browser login and re-run):\n ' + WRANGLER_LOGIN_CMD + '\n (5 scopes — not wrangler\'s default 28; `wrangler logout` revokes the grant after the ceremony)');
338 return { genHash, script: `ust-genesis-${domain.replaceAll('.', '-')}`, route: `${domain}/.well-known/ust-genesis*`, dir };
341// DNS half (small-token): apex proxy check/flip + SSL advisory. Scope needed: Zone.DNS:Edit only — the SSL
342// read degrades to a note when the token cannot see zone settings (never blocks the smaller scope).
343export async function cfApexSteps({ domain, token, flipProxy = false, fetchImpl = fetch }) {
344 if (!token) throw new Error('apex steps need a CF token with Zone.DNS:Edit for ' + domain + ' — create one prefilled: ' + CF_DNS_TOKEN_URL);
345 const cf = (path, init) => fetchImpl('https://api.cloudflare.com/client/v4' + path, { ...init, headers: { Authorization: 'Bearer ' + token, ...(init?.headers) } }).then((r) => r.json());
346 const zone = (await cf(`/zones?name=${domain}`)).result?.[0];
347 if (!zone) throw new Error('CF zone not found / token cannot see ' + domain);
349 const recs = (await cf(`/zones/${zone.id}/dns_records?name=${domain}`)).result || [];
350 const apex = recs.filter((r) => ['A', 'AAAA', 'CNAME'].includes(r.type));
351 const proxied = apex.some((r) => r.proxied);