8c14562a2f
- registry/components/auth_service_account: TinyGo impl for Google Service Account (JWT-bearer → token exchange) and base structure for AWS SigV4. - .component-builds/auth_service_account: independent Worker at auth-service-account.arcrun.dev, extends wasi-shim with an http_request host function for the token exchange step. - Delete cypher-executor/src/lib/wasm-executor.ts (legacy, replaced by component-loader WASM HTTP runner path). - credential-injector.ts service_account branch now throws — all service_account recipes must route through auth-dispatcher. Per .agents/specs/arcrun/credential-primitives-wasm Phase 2. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
24 lines
575 B
TOML
24 lines
575 B
TOML
name = "arcrun-auth-service-account"
|
|
main = "src/index.ts"
|
|
compatibility_date = "2025-02-19"
|
|
compatibility_flags = ["nodejs_compat"]
|
|
|
|
[vars]
|
|
COMPONENT_ID = "auth_service_account"
|
|
|
|
[[routes]]
|
|
pattern = "auth-service-account.arcrun.dev/*"
|
|
zone_name = "arcrun.dev"
|
|
|
|
# 與 cypher-executor/wrangler.toml 同一組 KV namespace
|
|
[[kv_namespaces]]
|
|
binding = "CREDENTIALS_KV"
|
|
id = "e7f4320f88d343f187e35e3543dd74c9"
|
|
|
|
[[kv_namespaces]]
|
|
binding = "RECIPES"
|
|
id = "9cf9db905c6241f78503199e58b2ffe0"
|
|
|
|
# ENCRYPTION_KEY 透過 wrangler secret set 設定
|
|
# wrangler secret put ENCRYPTION_KEY
|