Arcrun

Leo/Arcrun

Fork 0

Commit Graph

Author	SHA1	Message	Date
Leo	6a3219e51b	feat(components): move 6 API components to independent WASM Workers Deploys gmail, telegram, line_notify, google_sheets, http_request, cron as independent Cloudflare Workers at {name-kebab}.arcrun.dev. Each wraps the TinyGo WASM from registry/components/{name}/main.go via wasi-shim cross-import (Method A). component-loader no longer carries BUILTIN_API_RECIPES — those hardcoded gmail.googleapis.com / api.telegram.org / sheets / line-notify endpoints all lived in TS, violating "all business logic in WASM". Resolution chain now routes the 6 canonical IDs straight to their {name}.arcrun.dev Worker URLs via WASM_HTTP_RUNNER_IDS. Per .agents/specs/arcrun/credential-primitives-wasm Phase 3. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-04-20 17:36:06 +08:00
Leo	8c14562a2f	feat(auth): auth_service_account WASM primitive + remove TS JWT signer - registry/components/auth_service_account: TinyGo impl for Google Service Account (JWT-bearer → token exchange) and base structure for AWS SigV4. - .component-builds/auth_service_account: independent Worker at auth-service-account.arcrun.dev, extends wasi-shim with an http_request host function for the token exchange step. - Delete cypher-executor/src/lib/wasm-executor.ts (legacy, replaced by component-loader WASM HTTP runner path). - credential-injector.ts service_account branch now throws — all service_account recipes must route through auth-dispatcher. Per .agents/specs/arcrun/credential-primitives-wasm Phase 2. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-04-20 17:34:42 +08:00
Leo	18f04448ce	feat(auth): auth_static_key WASM primitive + host functions - wasi-shim gains kv_get / crypto_decrypt / crypto_sign_rs256 host functions with strict boundary (ENCRYPTION_KEY never exits Worker). - registry/components/auth_static_key: TinyGo impl for API-key / Bearer / Basic Auth recipes (80% of supported services). - .component-builds/auth_static_key: independent Worker at auth-static-key.arcrun.dev, imports wasi-shim cross-directory. - cypher-executor/auth-dispatcher routes static_key recipes to the new Worker instead of credential-injector TS. Replaces TS credential injection per .agents/specs/arcrun/credential-primitives-wasm Phase 1. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-04-20 16:54:18 +08:00

Author

SHA1

Message

Date

Leo

6a3219e51b

feat(components): move 6 API components to independent WASM Workers

Deploys gmail, telegram, line_notify, google_sheets, http_request, cron
as independent Cloudflare Workers at {name-kebab}.arcrun.dev. Each
wraps the TinyGo WASM from registry/components/{name}/main.go via
wasi-shim cross-import (Method A).

component-loader no longer carries BUILTIN_API_RECIPES — those
hardcoded gmail.googleapis.com / api.telegram.org / sheets / line-notify
endpoints all lived in TS, violating "all business logic in WASM".
Resolution chain now routes the 6 canonical IDs straight to their
{name}.arcrun.dev Worker URLs via WASM_HTTP_RUNNER_IDS.

Per .agents/specs/arcrun/credential-primitives-wasm Phase 3.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-04-20 17:36:06 +08:00

Leo

8c14562a2f

feat(auth): auth_service_account WASM primitive + remove TS JWT signer

- registry/components/auth_service_account: TinyGo impl for Google
  Service Account (JWT-bearer → token exchange) and base structure
  for AWS SigV4.
- .component-builds/auth_service_account: independent Worker at
  auth-service-account.arcrun.dev, extends wasi-shim with an
  http_request host function for the token exchange step.
- Delete cypher-executor/src/lib/wasm-executor.ts (legacy, replaced
  by component-loader WASM HTTP runner path).
- credential-injector.ts service_account branch now throws — all
  service_account recipes must route through auth-dispatcher.

Per .agents/specs/arcrun/credential-primitives-wasm Phase 2.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-04-20 17:34:42 +08:00

Leo

18f04448ce

feat(auth): auth_static_key WASM primitive + host functions

- wasi-shim gains kv_get / crypto_decrypt / crypto_sign_rs256 host
  functions with strict boundary (ENCRYPTION_KEY never exits Worker).
- registry/components/auth_static_key: TinyGo impl for API-key /
  Bearer / Basic Auth recipes (80% of supported services).
- .component-builds/auth_static_key: independent Worker at
  auth-static-key.arcrun.dev, imports wasi-shim cross-directory.
- cypher-executor/auth-dispatcher routes static_key recipes to the
  new Worker instead of credential-injector TS.

Replaces TS credential injection per
.agents/specs/arcrun/credential-primitives-wasm Phase 1.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-04-20 16:54:18 +08:00

3 Commits