uncle6me-web
d2048e26a7
壓測階段 11:self-hosted 帳號 cypher 用 fetch(workers.dev) 打同帳號 auth worker 被 CF 子請求限制回 1042,service account token 換不到 → 表單寫不進 Google Sheets。token/解密鏈本身正常(直打 auth worker 回真 ya29)。 架構演化(richblack 2026-06-06 拍板):用戶產生的是 recipe(KV 資料,不 deploy), primitive 是平台固定基礎設施、用戶不新增 → 解除「auth primitive 禁 service binding」 舊禁令。service binding 是 CF 內部 RPC,繞開同 zone 522 + 同帳號 workers.dev 1042。 - wrangler.toml:加 SVC_AUTH_STATIC_KEY/SERVICE_ACCOUNT/OAUTH2(已部署者;mtls 未部署留註解) - auth-dispatcher.ts:binding 優先 svc.fetch(),無 binding fallback fetch(workers.dev) - types.ts:4 個 optional SVC_AUTH_* - deploy.ts 無需改:stripOfficialOnlyBindings 不碰 services,tier1 auth 先於 tier2 cypher - 已驗證 self-hosted(leo21c)13 邏輯零件 binding 實綁成功,auth binding 走同路 規範同步:rule 02 / 03 / CLAUDE.md / pre-bash-guard 例外。SDD: Phase 7。tsc exit 0。 Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
135 lines
3.8 KiB
TOML
135 lines
3.8 KiB
TOML
name = "arcrun-cypher-executor"
|
||
main = "src/index.ts"
|
||
compatibility_date = "2025-02-19"
|
||
workers_dev = true
|
||
compatibility_flags = ["nodejs_compat"]
|
||
|
||
[[kv_namespaces]]
|
||
binding = "EXEC_CONTEXT"
|
||
id = "616967a852eb450a8c01731f71ac8edd"
|
||
|
||
[[kv_namespaces]]
|
||
binding = "WEBHOOKS"
|
||
id = "4d23ccd418414a729bd533ba8e3b341f"
|
||
|
||
[[kv_namespaces]]
|
||
binding = "CREDENTIALS_KV"
|
||
id = "e7f4320f88d343f187e35e3543dd74c9"
|
||
|
||
[[kv_namespaces]]
|
||
binding = "ANALYTICS_KV"
|
||
id = "a43b7997c8e54a34886c2995a853c720"
|
||
|
||
[[kv_namespaces]]
|
||
binding = "RECIPES"
|
||
id = "9cf9db905c6241f78503199e58b2ffe0"
|
||
|
||
[[kv_namespaces]]
|
||
binding = "USERS_KV"
|
||
id = "25bef01d079148919578894434d58c4d"
|
||
|
||
[[kv_namespaces]]
|
||
binding = "SESSIONS_KV"
|
||
id = "455d0505c7534883a4d4985ab8295857"
|
||
|
||
# 2026-06-04:移除 WASM_BUCKET R2 binding。R2 wasm 路徑早已 dead(平台零件 = 獨立 Worker,
|
||
# 不從 R2 動態讀),保留只會誤導且 R2 需綁信用卡,與 open source 零費用核心衝突。
|
||
# SDD: .agents/specs/component-registry-canon/tasks.md Phase 1.5(registry 已於 2026-05-07 移除,此為 cypher-executor 補清)
|
||
|
||
[ai]
|
||
binding = "AI"
|
||
|
||
[[services]]
|
||
binding = "SVC_IF_CONTROL"
|
||
service = "arcrun-if-control"
|
||
|
||
[[services]]
|
||
binding = "SVC_SWITCH"
|
||
service = "arcrun-switch"
|
||
|
||
[[services]]
|
||
binding = "SVC_FOREACH_CONTROL"
|
||
service = "arcrun-foreach-control"
|
||
|
||
[[services]]
|
||
binding = "SVC_FILTER"
|
||
service = "arcrun-filter"
|
||
|
||
[[services]]
|
||
binding = "SVC_MERGE"
|
||
service = "arcrun-merge"
|
||
|
||
[[services]]
|
||
binding = "SVC_TRY_CATCH"
|
||
service = "arcrun-try-catch"
|
||
|
||
[[services]]
|
||
binding = "SVC_WAIT"
|
||
service = "arcrun-wait"
|
||
|
||
[[services]]
|
||
binding = "SVC_SET"
|
||
service = "arcrun-set"
|
||
|
||
[[services]]
|
||
binding = "SVC_ARRAY_OPS"
|
||
service = "arcrun-array-ops"
|
||
|
||
[[services]]
|
||
binding = "SVC_STRING_OPS"
|
||
service = "arcrun-string-ops"
|
||
|
||
[[services]]
|
||
binding = "SVC_NUMBER_OPS"
|
||
service = "arcrun-number-ops"
|
||
|
||
[[services]]
|
||
binding = "SVC_DATE_OPS"
|
||
service = "arcrun-date-ops"
|
||
|
||
[[services]]
|
||
binding = "SVC_VALIDATE_JSON"
|
||
service = "arcrun-validate-json"
|
||
|
||
# Auth primitive service bindings(credential-primitives-wasm Phase 7,2026-06-06)
|
||
# 為何:auth-dispatcher 原用 fetch(workers.dev) 打同帳號 auth worker,self-hosted 帳號踩 CF 1042
|
||
# (壓測階段 11)。service binding 是 CF 內部 RPC,繞開同 zone 522 + 同帳號 1042。
|
||
# 範圍:只綁「已部署」的 auth worker。auth_mtls 尚未部署(.component-builds 無、官方 404),
|
||
# 綁不存在的 worker 會讓 deploy 報 "referenced Worker not found"(見上 ai_transform 教訓),
|
||
# 故 mtls 待它部署後再加。auth-dispatcher 對無 binding 的 primitive 自動 fallback fetch。
|
||
[[services]]
|
||
binding = "SVC_AUTH_STATIC_KEY"
|
||
service = "arcrun-auth-static-key"
|
||
|
||
[[services]]
|
||
binding = "SVC_AUTH_SERVICE_ACCOUNT"
|
||
service = "arcrun-auth-service-account"
|
||
|
||
[[services]]
|
||
binding = "SVC_AUTH_OAUTH2"
|
||
service = "arcrun-auth-oauth2"
|
||
|
||
# ai_transform_compile / ai_transform_run 已於 Phase 2(2026-05-29)刪除
|
||
# (Arcrun 是 AI 呼叫的工具,工作流不該內嵌 AI 節點)。對應 worker 已 wrangler delete,
|
||
# service binding 一併移除(否則 deploy 報 referenced Worker not found)。
|
||
|
||
[vars]
|
||
ENVIRONMENT = "production"
|
||
# MULTI_TENANT = "true"
|
||
# ENCRYPTION_KEY 透過 wrangler secret set 設定
|
||
|
||
# Component worker subdomain(workers.dev 帳號 subdomain)
|
||
# cypher-executor fetch component worker 一律走 arcrun-{name}.{WORKER_SUBDOMAIN}.workers.dev
|
||
# 避開同 zone (*.arcrun.dev) 自循環死鎖,見 arcrun.md P0 #9(2026-05-13)
|
||
# Self-hosted fork:改成自己的 CF 帳號 subdomain(Workers & Pages → 你的帳號 → subdomain settings)
|
||
WORKER_SUBDOMAIN = "uncle6-me"
|
||
|
||
[[routes]]
|
||
pattern = "cypher.arcrun.dev/*"
|
||
zone_name = "arcrun.dev"
|
||
|
||
# Cron triggers — 每分鐘 tick,scheduled handler 掃 WEBHOOKS KV 找註冊 cron_expr 的 workflow
|
||
# 對應 arcrun.md 三-A P1 #3 / src/scheduled.ts
|
||
[triggers]
|
||
crons = ["* * * * *"]
|