heliosdb-proxy 1.3.1

HeliosProxy - Intelligent connection router and failover manager for HeliosDB and PostgreSQL
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153

//! `helios-plugin` — plugin registry CLI (Batch H, item 78).
//!
//! Distribution verbs for the WASM plugin platform: resolve a signed artefact
//! from a registry index, verify it, and drop it where the proxy's hot-reload
//! watcher picks it up — plus a scaffold for new plugins.
//!
//!   helios-plugin install <name> --registry <index.json> --dest <plugins-dir> \
//!       [--trust-root <dir>] [--version <v>]
//!   helios-plugin list    --registry <index.json>
//!   helios-plugin new     <name> [--dir <path>]

use std::path::PathBuf;
use std::process::ExitCode;

use clap::{Parser, Subcommand};
use heliosdb_proxy::plugin_registry;

#[derive(Parser)]
#[command(
    name = "helios-plugin",
    about = "HeliosProxy plugin registry + install"
)]
struct Cli {
    #[command(subcommand)]
    cmd: Cmd,
}

#[derive(Subcommand)]
enum Cmd {
    /// Install a plugin from a registry index into the plugins directory.
    Install {
        /// Plugin name as listed in the registry.
        name: String,
        /// Path to the registry index (JSON).
        #[arg(long)]
        registry: PathBuf,
        /// Destination plugins directory (where the proxy hot-reloads from).
        #[arg(long)]
        dest: PathBuf,
        /// Optional Ed25519 trust root (dir of `*.pub` keys). When set, the
        /// artefact must carry a signature and is verified against it.
        #[arg(long)]
        trust_root: Option<PathBuf>,
        /// Pin an exact version (default: first match in the index).
        #[arg(long)]
        version: Option<String>,
    },
    /// List the plugins a registry index offers.
    List {
        #[arg(long)]
        registry: PathBuf,
    },
    /// Verify a local plugin artefact (SHA-256, and signature against a trust
    /// root) without installing it — a pre-deploy / audit check.
    Verify {
        /// Path to the `.wasm` artefact.
        wasm: PathBuf,
        /// Ed25519 trust root (dir of `*.pub` keys). Omit to print only the
        /// SHA-256 digest.
        #[arg(long)]
        trust_root: Option<PathBuf>,
        /// Signature file (base64 Ed25519). Default: a `<name>.sig` sidecar.
        #[arg(long)]
        sig: Option<PathBuf>,
    },
    /// Scaffold a new plugin source skeleton.
    New {
        /// Plugin name.
        name: String,
        /// Parent directory to create `<name>/` in (default: current dir).
        #[arg(long, default_value = ".")]
        dir: PathBuf,
    },
}

fn main() -> ExitCode {
    let cli = Cli::parse();
    let result = match cli.cmd {
        Cmd::Install {
            name,
            registry,
            dest,
            trust_root,
            version,
        } => {
            match plugin_registry::install(
                &registry,
                &name,
                version.as_deref(),
                &dest,
                trust_root.as_deref(),
            ) {
                Ok(r) => {
                    println!(
                        "installed {} v{} -> {}",
                        r.name,
                        if r.version.is_empty() {
                            "?"
                        } else {
                            &r.version
                        },
                        r.wasm_path.display()
                    );
                    println!("  sha256: {}", r.sha256);
                    match r.signed_by {
                        Some(k) => println!("  signature: verified by '{k}'"),
                        None if trust_root.is_some() => unreachable!(),
                        None => println!("  signature: not checked (no trust root)"),
                    }
                    Ok(())
                }
                Err(e) => Err(e),
            }
        }
        Cmd::List { registry } => plugin_registry::load_index(&registry).map(|idx| {
            for e in &idx.plugins {
                let sig = if e.signature.is_some() {
                    "signed"
                } else {
                    "unsigned"
                };
                println!(
                    "{:<24} {:<10} {:<8} {}",
                    e.name, e.version, sig, e.description
                );
            }
        }),
        Cmd::Verify {
            wasm,
            trust_root,
            sig,
        } => plugin_registry::verify(&wasm, trust_root.as_deref(), sig.as_deref()).map(|r| {
            println!("{}", wasm.display());
            println!("  sha256: {}", r.sha256);
            match r.signed_by {
                Some(k) => println!("  signature: verified by '{k}'"),
                None if trust_root.is_some() => unreachable!(),
                None => println!("  signature: not checked (no trust root)"),
            }
        }),
        Cmd::New { name, dir } => plugin_registry::scaffold(&name, &dir).map(|root| {
            println!("scaffolded plugin at {}", root.display());
        }),
    };

    match result {
        Ok(()) => ExitCode::SUCCESS,
        Err(e) => {
            eprintln!("error: {e}");
            ExitCode::FAILURE
        }
    }
}