Lines 355-403javascript
355// for THIS domain, and a key log (when given) must verify entry-by-entry AND chain from this genesis —
356// all BEFORE any network write. Line-review P0-2/P0-3: nothing untrusted rides to a deploy unverified.
357export function validatePublishInputs({ domain, genesisText, keylogText = null }) {
358 const { verdict, doc } = verifyRaw(genesisText);
359 if (!P.isValid(verdict)) throw new Error('refusing to publish: the genesis does not VERIFY' + (verdict.error ? ` (${verdict.error})` : ''));
360 if (doc.state?.id?.class !== 'genesis') throw new Error(`refusing to publish: class:${doc.state?.id?.class ?? '?'} is not a genesis`);
361 if (doc.state?.id?.domain_shard !== domain) throw new Error(`refusing to publish: genesis domain_shard ${doc.state?.id?.domain_shard ?? '?'} ≠ ${domain}`);
363 if (keylogText !== null) {
364 const parsed = parseKeylogRaw(keylogText);
365 if (parsed.err) throw new Error('refusing to publish the key log: ' + parsed.err);
366 const chainErr = validateKeylogChain(doc, parsed.entries);
367 if (chainErr) throw new Error('refusing to publish the key log: ' + chainErr);
368 entries = parsed.entries;
370 return { doc, genHash: P.contentHash(doc), entries };
373export async function wranglerDeploy({ domain, genesisText, keylogText = null, witnessText = null, execImpl = null, writeImpl = null }) {
374 const { genHash } = validatePublishInputs({ domain, genesisText, keylogText });
375 const files = buildWranglerProject({ domain, genesisText, keylogText, witnessText });
376 const { mkdtempSync } = await import('node:fs');
377 const { tmpdir } = await import('node:os');
MediumDynamic Require
Package source references dynamic require/import behavior.
index.mjsView on unpkg · L375 378 const { join } = await import('node:path');
379 const dir = mkdtempSync(join(tmpdir(), 'ust-cf-'));
380 const write = writeImpl ?? ((p, c) => writeFileSync(p, c));
381 for (const [name, content] of Object.entries(files)) write(join(dir, name), content);
382 const exec = execImpl ?? (async (cwd) => {
383 const { spawnSync } = await import('node:child_process');
384 const r = spawnSync('npx', ['wrangler', 'deploy'], { cwd, stdio: 'inherit' });
385 return r.status ?? 1;
HighRuntime Package Install
Package source invokes a package manager install command at runtime.
index.mjsView on unpkg · L383 387 const code = await exec(dir);
388 if (code !== 0) throw new Error('wrangler deploy failed (not logged in? run the MINIMAL-scope browser login and re-run):\n ' + WRANGLER_LOGIN_CMD + '\n (5 scopes — not wrangler\'s default 28; `wrangler logout` revokes the grant after the ceremony)');
389 return { genHash, script: `ust-genesis-${domain.replaceAll('.', '-')}`, route: `${domain}/.well-known/ust-genesis*`, dir };
392// DNS half (small-token): apex proxy check/flip + SSL advisory. Scope needed: Zone.DNS:Edit only — the SSL
393// read degrades to a note when the token cannot see zone settings (never blocks the smaller scope).
394export async function cfApexSteps({ domain, token, flipProxy = false, fetchImpl = fetch }) {
395 if (!token) throw new Error('apex steps need a CF token with Zone.DNS:Edit for ' + domain + ' — create one prefilled: ' + CF_DNS_TOKEN_URL);
396 const cf = (path, init) => fetchImpl('https://api.cloudflare.com/client/v4' + path, { ...init, headers: { Authorization: 'Bearer ' + token, ...(init?.headers) } }).then((r) => r.json());
397 const zone = (await cf(`/zones?name=${domain}`)).result?.[0];
398 if (!zone) throw new Error('CF zone not found / token cannot see ' + domain);
400 const recs = (await cf(`/zones/${zone.id}/dns_records?name=${domain}`)).result || [];
401 const apex = recs.filter((r) => ['A', 'AAAA', 'CNAME'].includes(r.type));
402 const proxied = apex.some((r) => r.proxied);