Lines 330-371javascript
331 if (keylogText !== null) {
332 const parsed = parseKeylogRaw(keylogText);
333 if (parsed.err) throw new Error('refusing to publish the key log: ' + parsed.err);
334 const chainErr = validateKeylogChain(doc, parsed.entries);
335 if (chainErr) throw new Error('refusing to publish the key log: ' + chainErr);
336 entries = parsed.entries;
338 return { doc, genHash: P.contentHash(doc), entries };
341export async function wranglerDeploy({ domain, genesisText, keylogText = null, execImpl = null, writeImpl = null }) {
342 const { genHash } = validatePublishInputs({ domain, genesisText, keylogText });
343 const files = buildWranglerProject({ domain, genesisText, keylogText });
344 const { mkdtempSync } = await import('node:fs');
345 const { tmpdir } = await import('node:os');
346 const { join } = await import('node:path');
347 const dir = mkdtempSync(join(tmpdir(), 'ust-cf-'));
348 const write = writeImpl ?? ((p, c) => writeFileSync(p, c));
349 for (const [name, content] of Object.entries(files)) write(join(dir, name), content);
350 const exec = execImpl ?? (async (cwd) => {
351 const { spawnSync } = await import('node:child_process');
352 const r = spawnSync('npx', ['wrangler', 'deploy'], { cwd, stdio: 'inherit' });
353 return r.status ?? 1;
HighRuntime Package Install
Package source invokes a package manager install command at runtime.
index.mjsView on unpkg · L351 355 const code = await exec(dir);
356 if (code !== 0) throw new Error('wrangler deploy failed (not logged in? run the MINIMAL-scope browser login and re-run):\n ' + WRANGLER_LOGIN_CMD + '\n (5 scopes — not wrangler\'s default 28; `wrangler logout` revokes the grant after the ceremony)');
357 return { genHash, script: `ust-genesis-${domain.replaceAll('.', '-')}`, route: `${domain}/.well-known/ust-genesis*`, dir };
360// DNS half (small-token): apex proxy check/flip + SSL advisory. Scope needed: Zone.DNS:Edit only — the SSL
361// read degrades to a note when the token cannot see zone settings (never blocks the smaller scope).
362export async function cfApexSteps({ domain, token, flipProxy = false, fetchImpl = fetch }) {
363 if (!token) throw new Error('apex steps need a CF token with Zone.DNS:Edit for ' + domain + ' — create one prefilled: ' + CF_DNS_TOKEN_URL);
364 const cf = (path, init) => fetchImpl('https://api.cloudflare.com/client/v4' + path, { ...init, headers: { Authorization: 'Bearer ' + token, ...(init?.headers) } }).then((r) => r.json());
365 const zone = (await cf(`/zones?name=${domain}`)).result?.[0];
366 if (!zone) throw new Error('CF zone not found / token cannot see ' + domain);
368 const recs = (await cf(`/zones/${zone.id}/dns_records?name=${domain}`)).result || [];
369 const apex = recs.filter((r) => ['A', 'AAAA', 'CNAME'].includes(r.type));
370 const proxied = apex.some((r) => r.proxied);