Documentation
¶
Overview ¶
Package cuetry parses, validates, and resolves CUE remote recipes for honey.
Index ¶
- Constants
- func BuildBackOff(r RecipeStepRetry) backoff.BackOff
- func BuildEnvMapForWhen(ctx context.Context, resolveSecrets bool, resolver SecretResolver, ...) (map[string]string, error)
- func BuildRecipeVarMap(capture *RecipeOutputCapture, env map[string]string) map[string]string
- func BuildSecretsMapForWhen(ctx context.Context, resolve bool, resolver SecretResolver, step RecipeStep, ...) (map[string]string, error)
- func CanonicalRecipeJSON(r Recipe) ([]byte, error)
- func CountRecipeStreamResults(recipe Recipe, records []hosts.Record) (int, error)
- func DeclaredSecretKeys(step RecipeStep, defaults *RecipeDefaults) map[string]struct{}
- func DefaultFacts() map[string]any
- func EffectiveEnv(step RecipeStep, defaults *RecipeDefaults) (map[string]string, error)
- func EffectiveEnvForRemoteHook(ctx context.Context, resolveSecrets bool, resolver SecretResolver, ...) (map[string]string, error)
- func EffectiveEnvForRun(ctx context.Context, resolveSecrets bool, resolver SecretResolver, ...) (map[string]string, error)
- func EffectiveEnvForRunEx(ctx context.Context, resolveSecrets bool, resolver SecretResolver, ...) (map[string]string, error)
- func EffectiveEnvForRunWithVarExpand(ctx context.Context, resolveSecrets bool, resolver SecretResolver, ...) (map[string]string, error)
- func EffectiveEnvHostOnly(r *hosts.Record) (map[string]string, error)
- func EffectiveHookWhere(hook *RecipeStepHook) string
- func EffectiveMaxParallel(step RecipeStep, defaults *RecipeDefaults) int
- func EffectiveRunAs(step RecipeStep, defaults *RecipeDefaults) string
- func EffectiveSSHPort(defaults *RecipeDefaults, step RecipeStep, r hosts.Record) int
- func EffectiveSSHPrivateKey(defaults *RecipeDefaults, step RecipeStep) string
- func EffectiveTunnelMode(t *RecipeStepTunnel) string
- func EnvForDockerInteractive(r *hosts.Record) ([]string, error)
- func EnvMapForDockerExec(env map[string]string) ([]string, error)
- func EvalJQ(jsonDoc, query string) (string, error)
- func EvalJQArray(jsonDoc, query string) ([]string, error)
- func EvalResultBoolExpr(expr string, ctx ResultExprContext) (bool, error)
- func EvalWhen(prog *WhenProgram, opts WhenEvalOpts) (bool, error)
- func ExpandPluginConfigJSON(config []byte, vars map[string]string, dryRun bool) ([]byte, error)
- func ExpandRecipeEnvValues(env map[string]string, vars map[string]string, strict bool) error
- func ExpandRecipeVars(s string, vars map[string]string, strict bool) (string, error)
- func ExpandRecipeVarsInData(data map[string]any, vars map[string]string, strict bool) error
- func ExpandStepHosts(host string, records []hosts.Record) ([]hosts.Record, error)
- func FormatGraphWavesText(r Recipe) (string, error)
- func GraphStepWaves(r Recipe) ([][]int, error)
- func HashRecipeJSON(r Recipe) (string, error)
- func KVTunnelEnabled(_ RecipeStep, _ *RecipeDefaults) bool
- func MatchLocalAIHostRecord() hosts.Record
- func MergeEnvFromInto(dst map[string]string, step RecipeStep, store *StepOutputStore, ...) error
- func MergeEnvFromIntoTemplateData(data map[string]any, step RecipeStep, store *StepOutputStore, ...) error
- func MergeResolvedSecretsInto(ctx context.Context, resolve bool, resolver SecretResolver, ...) error
- func OutputNamesReferencedByEnvFrom(r Recipe) map[string]struct{}
- func OutputTemplateFuncMap(capture *RecipeOutputCapture) template.FuncMap
- func OverlapEnvSecrets(env, secrets map[string]string) error
- func ParseEnvKeyValuePairs(pairs []string) (map[string]string, error)
- func PostgresExtractKVKey(baseKey, name string) (string, error)
- func PrepareTemplateData(data map[string]any, step RecipeStep, store *StepOutputStore, ...) error
- func RecipeHasKVTunnel(_ Recipe) bool
- func RecipeHasTemplateStep(r Recipe) bool
- func RecipeNeedsStepOutputCapture(r Recipe) bool
- func RecipeUsesKVInWhen(r Recipe) bool
- func RecipeUsesWhen(r Recipe) bool
- func RecordForSSHDial(defaults *RecipeDefaults, step RecipeStep, r hosts.Record) hosts.Record
- func RedactedSecretValueForDryRun(ref string) string
- func RenderLoopTemplate(opts RenderLoopTemplateOpts) ([]string, error)
- func RenderTemplate(opts RenderTemplateOpts) (string, error)
- func ResolveHostFromRecords(host string, records []hosts.Record) (hosts.Record, error)
- func ResolveLocalAgainstRecipe(recipeDir, local string) (string, error)
- func ResolvePostgresKVBaseKey(base string, perHost bool, hostName string) (string, error)
- func ResolveRecipeAISystemPrompt(ai *RecipeAI, configDefault string) string
- func SanitizeKVHostSuffix(hostName string) string
- func ScriptRunAfterUpload(remotePath, runAs string, env map[string]string) (string, error)
- func ShellExportPrefixForRemote(env map[string]string, inner string) (string, error)
- func ShouldRetryHostResult(success, skipped bool) bool
- func StepIDsReferencedByEnvFrom(r Recipe) map[string]struct{}
- func StepIDsReferencedByTunnelStep(r Recipe) map[string]struct{}
- func StepIDsReferencedByWhen(r Recipe) map[string]struct{}
- func StepKindLabel(k StepKind) string
- func StepOutputName(s RecipeStep) string
- func ValidateHostField(host string) error
- func ValidateJQQuery(query string) error
- func ValidateParsedRecipe(r Recipe, records []hosts.Record) error
- func ValidateRecipeEnvMap(m map[string]string) error
- func ValidateRecipeGraph(r Recipe) error
- func ValidateRecipeSecretsRefMap(m map[string]string) error
- func ValidateRecipeSecretsRefMapPrefixes(m map[string]string, allowedPrefixes []string) error
- func ValidateRemoteRecipe(cueBytes []byte) error
- func ValidateRetry(r RecipeStepRetry) error
- func ValidateRunAsUser(user string) error
- func ValidateStepRunAsForKind(kind StepKind, step RecipeStep) error
- func WithRecipeDir(ctx context.Context, absDir string) context.Context
- func WrapRemoteShell(runAs, innerCommand string) (string, error)
- type DockerBuild
- type DockerExec
- type DockerPull
- type DockerPush
- type DockerRun
- type DockerStop
- type EffectiveEnvForRunOpts
- type EnvFromRef
- type ExecutionMode
- type GraphPlanEdge
- type GraphPlanNode
- type HostStepResult
- type K8sApply
- type K8sCreateJob
- type K8sDelete
- type K8sExec
- type K8sGet
- type K8sRolloutRestart
- type K8sScale
- type K8sWait
- type KVReader
- type ParseOptions
- type Recipe
- type RecipeAI
- type RecipeAgentTransfer
- type RecipeAgentTransferCloud
- type RecipeCloudBackendRef
- type RecipeDefaults
- type RecipeFileTransfer
- type RecipeGraphPlan
- type RecipeLoop
- type RecipeNotify
- type RecipeNotifyHTTP
- type RecipeNotifyServices
- type RecipeNotifySlack
- type RecipeNotifyTelegram
- type RecipeOutputCapture
- type RecipePluginHook
- type RecipeStep
- type RecipeStepDocker
- type RecipeStepHook
- type RecipeStepHooks
- type RecipeStepK8s
- type RecipeStepOpensearch
- type RecipeStepPlugin
- type RecipeStepPostgres
- type RecipeStepRetry
- type RecipeStepTemplate
- type RecipeStepTunnel
- type RenderLoopTemplateOpts
- type RenderTemplateOpts
- type ResultExprContext
- type ResultExprProgram
- type SecretResolver
- type SecretResolverOptions
- type StepGraph
- type StepKind
- type StepOutputStore
- type StepResultStore
- func (s *StepResultStore) FirstStdout(stepID string) (string, bool)
- func (s *StepResultStore) Get(stepID, hostName string) (string, bool)
- func (s *StepResultStore) HostResult(stepID, hostName string) (HostStepResult, bool)
- func (s *StepResultStore) Record(stepID, hostName, stdout string)
- func (s *StepResultStore) RecordHost(stepID, hostName string, r HostStepResult)
- func (s *StepResultStore) StepsTemplateData() map[string]any
- func (s *StepResultStore) StepsViewAggregated() map[string]StepView
- func (s *StepResultStore) StepsViewForHost(hostName string) map[string]StepView
- type StepRunState
- type StepSummary
- type StepView
- type WhenEvalOpts
- type WhenProgram
Constants ¶
const DefaultRecipeAISystemPrompt = `` /* 731-byte string literal not displayed */
DefaultRecipeAISystemPrompt is used when neither recipe ai.system_prompt nor config defaults.ai_system_prompt is set.
const MatchAllSearchHosts = "*"
MatchAllSearchHosts is a recipe step host value meaning: run this step on every host in the current search result set that has a PrimaryIP (same filter as parallel SSH in the UI).
const MatchHostRegexPrefix = "re:"
MatchHostRegexPrefix starts a host value interpreted as a Go regexp (RE2) matched against each search row's Name. Example: re:^prod-kafka-.+$ Use (?i) inside the pattern for case-insensitive matching.
const MatchLocalAIHost = "_"
MatchLocalAIHost is the only valid host value for local steps (ai, template).
Variables ¶
This section is empty.
Functions ¶
func BuildBackOff ¶ added in v0.3.0
func BuildBackOff(r RecipeStepRetry) backoff.BackOff
BuildBackOff returns a backoff strategy for the given retry config.
func BuildEnvMapForWhen ¶ added in v0.3.0
func BuildEnvMapForWhen(ctx context.Context, resolveSecrets bool, resolver SecretResolver, step RecipeStep, defaults *RecipeDefaults, cliEnv map[string]string, host *hosts.Record) (map[string]string, error)
BuildEnvMapForWhen merges recipe defaults/step env, CLI overrides, and host env for CEL when.
func BuildRecipeVarMap ¶ added in v0.3.0
func BuildRecipeVarMap(capture *RecipeOutputCapture, env map[string]string) map[string]string
BuildRecipeVarMap merges capture names and env (later keys win).
func BuildSecretsMapForWhen ¶ added in v0.2.9
func BuildSecretsMapForWhen(ctx context.Context, resolve bool, resolver SecretResolver, step RecipeStep, defaults *RecipeDefaults) (map[string]string, error)
BuildSecretsMapForWhen merges defaults and step secret keys into a map for CEL (resolved or redacted).
func CanonicalRecipeJSON ¶ added in v0.2.8
CanonicalRecipeJSON returns deterministic JSON (sorted keys, no extra whitespace) for the given Recipe. Two Recipes that resolve to the same plan produce the same bytes here.
func CountRecipeStreamResults ¶ added in v0.2.8
CountRecipeStreamResults returns how many HostExecResult values a streaming recipe run would emit for the given host rows (one per expanded target per step, or one per agent_transfer step).
func DeclaredSecretKeys ¶ added in v0.2.9
func DeclaredSecretKeys(step RecipeStep, defaults *RecipeDefaults) map[string]struct{}
DeclaredSecretKeys returns union of secret keys from defaults and step.
func DefaultFacts ¶ added in v0.3.4
DefaultFacts returns the default fallback facts map with unknown values.
func EffectiveEnv ¶
func EffectiveEnv(step RecipeStep, defaults *RecipeDefaults) (map[string]string, error)
EffectiveEnv merges recipe.defaults.env with step.env (step wins on duplicate keys). Literal env only (no secrets).
func EffectiveEnvForRemoteHook ¶ added in v0.2.8
func EffectiveEnvForRemoteHook(ctx context.Context, resolveSecrets bool, resolver SecretResolver, step RecipeStep, defaults *RecipeDefaults, hook *RecipeStepHook, cliEnv map[string]string, r *hosts.Record) (map[string]string, error)
EffectiveEnvForRemoteHook merges defaults env/secrets, step env/secrets, hook env/secrets, then cliEnv, then host variables.
func EffectiveEnvForRun ¶
func EffectiveEnvForRun(ctx context.Context, resolveSecrets bool, resolver SecretResolver, step RecipeStep, defaults *RecipeDefaults, cliEnv map[string]string, r *hosts.Record) (map[string]string, error)
EffectiveEnvForRun merges defaults.env → resolved defaults.secrets → step.env → resolved step.secrets → cliEnv → host HONEY_HOST_*. When resolveSecrets is false (dry-run / plan), secret values are replaced with redacted placeholders and resolver may be nil.
func EffectiveEnvForRunEx ¶ added in v0.2.9
func EffectiveEnvForRunEx(ctx context.Context, resolveSecrets bool, resolver SecretResolver, step RecipeStep, defaults *RecipeDefaults, cliEnv map[string]string, r *hosts.Record, opts *EffectiveEnvForRunOpts) (map[string]string, error)
EffectiveEnvForRunEx merges env like EffectiveEnvForRun with env_from and HONEY_STEP_ID.
func EffectiveEnvForRunWithVarExpand ¶ added in v0.3.0
func EffectiveEnvForRunWithVarExpand(ctx context.Context, resolveSecrets bool, resolver SecretResolver, step RecipeStep, defaults *RecipeDefaults, cliEnv map[string]string, r *hosts.Record, strict bool) (map[string]string, error)
EffectiveEnvForRunWithVarExpand merges env then expands ${VAR} in values using merged map as vars.
func EffectiveEnvHostOnly ¶ added in v0.2.9
EffectiveEnvHostOnly returns only HONEY_HOST_* variables derived from r (no recipe env or secrets).
func EffectiveHookWhere ¶ added in v0.3.4
func EffectiveHookWhere(hook *RecipeStepHook) string
EffectiveHookWhere returns the hook execution location. Empty defaults to remote.
func EffectiveMaxParallel ¶ added in v0.2.9
func EffectiveMaxParallel(step RecipeStep, defaults *RecipeDefaults) int
EffectiveMaxParallel returns host-level parallelism for a step (SSH/SFTP batch). Step max_parallel overrides defaults; zero means caller should use its package default (32).
func EffectiveRunAs ¶
func EffectiveRunAs(step RecipeStep, defaults *RecipeDefaults) string
EffectiveRunAs returns step-level run_as, else recipe defaults.run_as, else "".
func EffectiveSSHPort ¶ added in v0.2.9
func EffectiveSSHPort(defaults *RecipeDefaults, step RecipeStep, r hosts.Record) int
EffectiveSSHPort returns the TCP port for SSH to r using recipe precedence: step.ssh_port, then defaults.ssh_port, then record meta.ssh_port, else 0 (use ~/.ssh/config / 22 only).
func EffectiveSSHPrivateKey ¶ added in v0.2.9
func EffectiveSSHPrivateKey(defaults *RecipeDefaults, step RecipeStep) string
EffectiveSSHPrivateKey returns the private key path for SSH using recipe precedence: step.ssh_private_key, then defaults.ssh_private_key, else "" (use ssh_config / env / ~/.ssh).
func EffectiveTunnelMode ¶ added in v0.3.0
func EffectiveTunnelMode(t *RecipeStepTunnel) string
EffectiveTunnelMode returns normalized tunnel mode (local, remote, dynamic, udp, tun).
func EnvForDockerInteractive ¶ added in v0.3.0
EnvForDockerInteractive returns a small env slice for docker exec TTY sessions. Full EffectiveEnvForRun includes every meta label and can exceed Engine limits or break shells.
func EnvMapForDockerExec ¶ added in v0.3.0
EnvMapForDockerExec formats env for Moby ExecCreateOptions.Env (KEY=value entries).
func EvalJQ ¶ added in v0.3.0
EvalJQ runs a jq query against a JSON document string. Scalar results are formatted as strings; arrays and objects are compact JSON.
func EvalJQArray ¶ added in v0.3.4
EvalJQArray runs a jq query against a JSON document string, returning a list of strings. If the result is a JSON array, it returns each element formatted as a string. If it's a single value, it returns a single-element list.
func EvalResultBoolExpr ¶ added in v0.3.4
func EvalResultBoolExpr(expr string, ctx ResultExprContext) (bool, error)
EvalResultBoolExpr compiles and evaluates a result override expression.
func EvalWhen ¶ added in v0.2.9
func EvalWhen(prog *WhenProgram, opts WhenEvalOpts) (bool, error)
EvalWhen evaluates a compiled when program; false means skip the host/step.
func ExpandPluginConfigJSON ¶ added in v0.3.0
ExpandPluginConfigJSON expands ${VAR} in string values of plugin config JSON.
func ExpandRecipeEnvValues ¶ added in v0.3.0
ExpandRecipeEnvValues expands ${VAR} in env map values (keys unchanged).
func ExpandRecipeVars ¶ added in v0.3.0
ExpandRecipeVars replaces ${NAME} in s using vars. When strict is true, unknown names return an error; otherwise they are left literal.
func ExpandRecipeVarsInData ¶ added in v0.3.0
ExpandRecipeVarsInData expands ${VAR} in string values of data (top-level and nested maps).
func ExpandStepHosts ¶
ExpandStepHosts returns the host records one step should run against. If host is MatchAllSearchHosts, returns all records with a non-empty PrimaryIP (preserving search order). If host starts with MatchHostRegexPrefix, returns every record with PrimaryIP whose Name matches the regexp. Otherwise returns a single-element slice from ResolveHostFromRecords (literal IP or exact name match).
func FormatGraphWavesText ¶ added in v0.2.9
FormatGraphWavesText returns a human-readable wave plan for graph recipes.
func GraphStepWaves ¶ added in v0.2.9
GraphStepWaves returns execution waves for a validated graph recipe.
func HashRecipeJSON ¶ added in v0.2.8
HashRecipeJSON returns "sha256:" + hex(sha256(CanonicalRecipeJSON(r))). Used to compare a recording's recipe to a disk recipe and decide "edited?".
func KVTunnelEnabled ¶ added in v0.2.8
func KVTunnelEnabled(_ RecipeStep, _ *RecipeDefaults) bool
KVTunnelEnabled reports whether the step should enable the KV HTTP API on the remote (HONEY_KV_URL, HONEY_KV_TOKEN). Always true; recipe kv_tunnel fields are deprecated no-ops.
func MatchLocalAIHostRecord ¶ added in v0.3.0
MatchLocalAIHostRecord is the synthetic host row for MatchLocalAIHost expansion.
func MergeEnvFromInto ¶ added in v0.2.9
func MergeEnvFromInto(dst map[string]string, step RecipeStep, store *StepOutputStore, capture *RecipeOutputCapture, kv KVReader, hostName string, dryRun bool) error
MergeEnvFromInto resolves env_from into dst (execute mode). Fails if a mapped value is missing.
func MergeEnvFromIntoTemplateData ¶ added in v0.3.0
func MergeEnvFromIntoTemplateData(data map[string]any, step RecipeStep, store *StepOutputStore, capture *RecipeOutputCapture, kv KVReader, hostName string, dryRun bool) error
MergeEnvFromIntoTemplateData overlays env_from-resolved keys onto template data (graph mode).
func MergeResolvedSecretsInto ¶ added in v0.2.9
func MergeResolvedSecretsInto(ctx context.Context, resolve bool, resolver SecretResolver, dst map[string]string, secrets map[string]string, label string) error
MergeResolvedSecretsInto validates secret refs and merges resolved values into dst (or redacted placeholders when resolve is false).
func OutputNamesReferencedByEnvFrom ¶ added in v0.3.0
OutputNamesReferencedByEnvFrom returns template.output names referenced via from_output.
func OutputTemplateFuncMap ¶ added in v0.3.4
func OutputTemplateFuncMap(capture *RecipeOutputCapture) template.FuncMap
OutputTemplateFuncMap returns template helpers for named recipe outputs.
func OverlapEnvSecrets ¶ added in v0.2.9
OverlapEnvSecrets returns an error if the same key appears in both env and secrets maps.
func ParseEnvKeyValuePairs ¶
ParseEnvKeyValuePairs parses repeated "KEY=value" strings (first '=' separates key from value). Empty entries are skipped. Later duplicates overwrite earlier ones.
func PostgresExtractKVKey ¶ added in v0.3.0
PostgresExtractKVKey returns the KV key for an extract variable name.
func PrepareTemplateData ¶ added in v0.3.0
func PrepareTemplateData(data map[string]any, step RecipeStep, store *StepOutputStore, capture *RecipeOutputCapture, kv KVReader, hostName string, extraEnv map[string]string, dryRun bool) error
PrepareTemplateData merges env_from and expands ${VAR} in data values (not the Go template body).
func RecipeHasKVTunnel ¶ added in v0.2.9
RecipeHasKVTunnel reports whether the recipe run uses stepkv (always true; kv_tunnel is always on).
func RecipeHasTemplateStep ¶ added in v0.3.0
RecipeHasTemplateStep reports whether any step uses template rendering.
func RecipeNeedsStepOutputCapture ¶ added in v0.2.9
RecipeNeedsStepOutputCapture reports whether any step may need stdout capture.
func RecipeUsesKVInWhen ¶ added in v0.2.9
RecipeUsesKVInWhen reports whether any when expression calls kv_get or kv_has.
func RecipeUsesWhen ¶ added in v0.2.9
RecipeUsesWhen reports whether any step has a when expression.
func RecordForSSHDial ¶ added in v0.2.9
func RecordForSSHDial(defaults *RecipeDefaults, step RecipeStep, r hosts.Record) hosts.Record
RecordForSSHDial returns r unchanged or a shallow copy with recipe SSH dial options (meta ssh_port, ssh_identity_file) so hostexec and SSHClientCacheKey see effective settings.
func RedactedSecretValueForDryRun ¶ added in v0.2.9
RedactedSecretValueForDryRun returns a safe placeholder for dry-run / plans (truncated ref, never resolved material).
func RenderLoopTemplate ¶ added in v0.3.4
func RenderLoopTemplate(opts RenderLoopTemplateOpts) ([]string, error)
RenderLoopTemplate renders a Sprig-backed template and decodes its JSON array output.
func RenderTemplate ¶ added in v0.3.0
func RenderTemplate(opts RenderTemplateOpts) (string, error)
RenderTemplate evaluates a Go text/template with slim-sprig.
func ResolveHostFromRecords ¶
ResolveHostFromRecords maps recipe "host" to a record with PrimaryIP. If host looks like an IP address, it returns a synthetic record (Name=host). Otherwise it matches Record.Name with case-insensitive equality; multiple matches are an error.
func ResolveLocalAgainstRecipe ¶
ResolveLocalAgainstRecipe returns an absolute local path: absolute paths are unchanged; relative paths are joined to recipeDir.
func ResolvePostgresKVBaseKey ¶ added in v0.3.0
ResolvePostgresKVBaseKey returns the kv_key with optional per-host suffix.
func ResolveRecipeAISystemPrompt ¶ added in v0.2.8
ResolveRecipeAISystemPrompt returns the system message for a recipe ai step. Precedence: non-empty ai.system_prompt in CUE, then config defaults.ai_system_prompt, then built-in default.
func SanitizeKVHostSuffix ¶ added in v0.3.0
SanitizeKVHostSuffix maps host names to a single stepkv key segment.
func ScriptRunAfterUpload ¶
ScriptRunAfterUpload builds the remote shell command to execute an uploaded file with POSIX sh (after SFTP). Optional run_as wraps the run like command steps. Optional env is applied as export assignments before `sh remotePath` (same as command steps). Scripts should be compatible with `sh` (or rely on a shebang if the kernel honors it when executed as argument to sh — use POSIX sh syntax for portability).
func ShellExportPrefixForRemote ¶
ShellExportPrefixForRemote prepends stable `export KEY='value'; ` assignments before inner (remote shell).
func ShouldRetryHostResult ¶ added in v0.3.0
ShouldRetryHostResult reports whether a host exec result should be retried.
func StepIDsReferencedByEnvFrom ¶ added in v0.2.9
StepIDsReferencedByEnvFrom returns step ids that should capture stdout (sources in env_from).
func StepIDsReferencedByTunnelStep ¶ added in v0.3.0
StepIDsReferencedByTunnelStep returns step ids referenced by plugin tunnel_step config.
func StepIDsReferencedByWhen ¶ added in v0.2.9
StepIDsReferencedByWhen returns step ids referenced as steps['id'] in when expressions.
func StepKindLabel ¶ added in v0.2.8
StepKindLabel returns a short stable name for defaults and logging.
func StepOutputName ¶ added in v0.3.4
func StepOutputName(s RecipeStep) string
StepOutputName returns the step-level or legacy nested capture name.
func ValidateHostField ¶
ValidateHostField checks host syntax (empty, regex compile). Call from ParseRemoteRecipe; ExpandStepHosts enforces match counts at runtime.
func ValidateJQQuery ¶ added in v0.3.0
ValidateJQQuery parses a jq query for static validation.
func ValidateParsedRecipe ¶ added in v0.2.8
ValidateParsedRecipe runs the same per-step validators that ParseRemoteRecipe applies after CUE decoding, but on an already-decoded Recipe value (e.g. constructed from JSON via RecipeFromJSON or supplied inline by an API caller). It does not re-parse CUE text, so callers that bypass the CUE compiler must invoke this to ensure the Recipe is well-formed before handing it to a runner.
func ValidateRecipeEnvMap ¶
ValidateRecipeEnvMap checks every key/value pair for safe use in POSIX export assignments.
func ValidateRecipeGraph ¶ added in v0.2.9
ValidateRecipeGraph checks graph/linear rules for ids, depends, ai, and kv_tunnel.
func ValidateRecipeSecretsRefMap ¶ added in v0.2.9
ValidateRecipeSecretsRefMap checks secret map keys and ref strings (refs are resolved at execute time).
func ValidateRecipeSecretsRefMapPrefixes ¶ added in v0.2.9
ValidateRecipeSecretsRefMapPrefixes allows secure:v1 refs and optional plugin-registered prefixes.
func ValidateRemoteRecipe ¶
ValidateRemoteRecipe checks that cueBytes is valid CUE and conforms to #Recipe.
func ValidateRetry ¶ added in v0.3.0
func ValidateRetry(r RecipeStepRetry) error
ValidateRetry returns an error for invalid retry configuration.
func ValidateRunAsUser ¶
ValidateRunAsUser restricts remote account names to a safe POSIX-like subset to avoid shell metacharacters in sudo -u.
func ValidateStepRunAsForKind ¶
func ValidateStepRunAsForKind(kind StepKind, step RecipeStep) error
ValidateStepRunAsForKind rejects per-step run_as on put/get (SFTP only). Script steps allow run_as for the execute phase; defaults.run_as applies there too.
func WithRecipeDir ¶ added in v0.2.9
WithRecipeDir attaches the absolute recipe directory to ctx (for age-file and similar).
func WrapRemoteShell ¶
WrapRemoteShell runs the inner command as SSH login user; if runAs is set, wraps with: sudo -n -u '<runAs>' -- sh -lc '<inner>' (non-interactive sudo).
Types ¶
type DockerBuild ¶ added in v0.3.4
type DockerBuild struct {
Context string `json:"context"`
Dockerfile string `json:"dockerfile,omitempty"`
Tags []string `json:"tags,omitempty"`
BuildArgs map[string]string `json:"build_args,omitempty"`
}
DockerBuild configures an image build operation.
type DockerExec ¶ added in v0.3.4
DockerExec configures executing a command inside a running container.
type DockerPull ¶ added in v0.3.4
type DockerPull struct {
Image string `json:"image"`
}
DockerPull configures pulling an image from a registry.
type DockerPush ¶ added in v0.3.4
type DockerPush struct {
Image string `json:"image"`
}
DockerPush configures pushing an image to a registry.
type DockerRun ¶ added in v0.3.4
type DockerRun struct {
Image string `json:"image"`
Name string `json:"name,omitempty"`
Command []string `json:"command,omitempty"`
Ports []string `json:"ports,omitempty"`
Volumes []string `json:"volumes,omitempty"`
Env map[string]string `json:"env,omitempty"`
Detach bool `json:"detach,omitempty"`
}
DockerRun configures running a command in a new container.
type DockerStop ¶ added in v0.3.4
type DockerStop struct {
Container string `json:"container"`
}
DockerStop configures stopping a running container.
type EffectiveEnvForRunOpts ¶ added in v0.2.9
type EffectiveEnvForRunOpts struct {
Recipe *Recipe
OutputStore *StepOutputStore
OutputCapture *RecipeOutputCapture
KV KVReader
DryRun bool
}
EffectiveEnvForRunOpts carries optional recipe-level context for env merge.
type EnvFromRef ¶ added in v0.2.9
type EnvFromRef struct {
Step string `json:"step,omitempty"`
FromOutput string `json:"from_output,omitempty"`
Map map[string]string `json:"map,omitempty"`
Extract map[string]string `json:"extract,omitempty"`
Kv map[string]string `json:"kv,omitempty"`
}
EnvFromRef maps an environment variable from a dependency step's captured output, jq extract, or KV.
type ExecutionMode ¶ added in v0.2.9
type ExecutionMode int
ExecutionMode is how recipe steps are ordered at run time.
const ( // ExecutionModeLinear runs steps in array order (default). ExecutionModeLinear ExecutionMode = iota // ExecutionModeGraph runs steps by id/depends DAG with parallel waves. ExecutionModeGraph )
func RecipeExecutionMode ¶ added in v0.2.9
func RecipeExecutionMode(r Recipe) (ExecutionMode, error)
RecipeExecutionMode returns linear (default) or graph from recipe.type.
type GraphPlanEdge ¶ added in v0.2.9
GraphPlanEdge is a depends edge between step ids.
type GraphPlanNode ¶ added in v0.2.9
type GraphPlanNode struct {
Index int `json:"index"`
ID string `json:"id"`
Kind string `json:"kind"`
Host string `json:"host"`
Wave int `json:"wave,omitempty"`
When string `json:"when,omitempty"`
Retry string `json:"retry,omitempty"`
Notify bool `json:"notify,omitempty"`
KVTunnel bool `json:"kv_tunnel,omitempty"`
Preview string `json:"preview,omitempty"`
}
GraphPlanNode is one step in a recipe graph plan (API / viewer).
type HostStepResult ¶ added in v0.2.9
HostStepResult is the per-host outcome of a completed or skipped step.
type K8sApply ¶ added in v0.3.4
type K8sApply struct {
Manifest string `json:"manifest"`
Force bool `json:"force,omitempty"`
ServerSide bool `json:"server_side,omitempty"`
}
K8sApply applies a YAML/JSON manifest via server-side apply.
type K8sCreateJob ¶ added in v0.3.4
type K8sCreateJob struct {
Name string `json:"name"`
Image string `json:"image"`
Command []string `json:"command,omitempty"`
Args []string `json:"args,omitempty"`
Env map[string]string `json:"env,omitempty"`
RestartPolicy string `json:"restart_policy,omitempty"`
Wait bool `json:"wait,omitempty"`
TTLSeconds int32 `json:"ttl_seconds,omitempty"`
}
K8sCreateJob creates a batch job and optionally waits for completion.
type K8sExec ¶ added in v0.3.4
type K8sExec struct {
Pod string `json:"pod"`
Container string `json:"container,omitempty"`
Command []string `json:"command"`
TTY bool `json:"tty,omitempty"`
}
K8sExec runs a command in an existing pod container via the exec subresource.
type K8sGet ¶ added in v0.3.4
type K8sGet struct {
Resource string `json:"resource"`
LabelSelector string `json:"label_selector,omitempty"`
Format string `json:"format,omitempty"`
}
K8sGet fetches a resource and writes JSON/YAML to stdout.
type K8sRolloutRestart ¶ added in v0.3.4
type K8sRolloutRestart struct {
Resource string `json:"resource"`
Wait bool `json:"wait,omitempty"`
}
K8sRolloutRestart triggers a rolling restart by patching the restart annotation.
type K8sScale ¶ added in v0.3.4
K8sScale sets replica count on a scalable resource (e.g. "deployment/app").
type K8sWait ¶ added in v0.3.4
type K8sWait struct {
Resource string `json:"resource"`
For string `json:"for"`
Timeout string `json:"timeout,omitempty"`
}
K8sWait polls a resource until a condition is met (e.g. "condition=available").
type ParseOptions ¶ added in v0.2.9
ParseOptions configures recipe parsing (optional WASM cue_transform chain).
type Recipe ¶
type Recipe struct {
Name string `json:"name"`
Type string `json:"type,omitempty"`
Defaults *RecipeDefaults `json:"defaults,omitempty"`
Steps []RecipeStep `json:"steps"`
Handlers []RecipeStep `json:"handlers,omitempty"`
}
Recipe is the decoded "recipe" block from a CUE document.
func ParseRemoteRecipe ¶
ParseRemoteRecipe validates cueBytes and decodes the recipe into Go values.
func ParseRemoteRecipeOpts ¶ added in v0.2.9
func ParseRemoteRecipeOpts(cueBytes []byte, records []hosts.Record, opts ParseOptions) (Recipe, error)
ParseRemoteRecipeOpts is like ParseRemoteRecipe with plugin transforms and prefix-aware secret validation.
func RecipeFromJSON ¶ added in v0.2.8
RecipeFromJSON deserializes a canonical (or near-canonical) JSON payload back into a Recipe value. Run cuetry.ValidateRemoteRecipe (or the equivalent per-step validators) after this to ensure the result is well-formed.
type RecipeAI ¶ added in v0.2.8
type RecipeAI struct {
Prompt string `json:"prompt"`
SystemPrompt string `json:"system_prompt,omitempty"`
Model string `json:"model,omitempty"`
MaxOutputTokens int `json:"max_output_tokens,omitempty"`
MaxInputChars int `json:"max_input_chars,omitempty"`
}
RecipeAI configures the terminal local LLM summarizer step (must be last in recipe; host must be "_").
type RecipeAgentTransfer ¶ added in v0.2.8
type RecipeAgentTransfer struct {
DestHost string `json:"dest_host"`
SourcePath string `json:"source_path"`
DestPath string `json:"dest_path"`
Cloud *RecipeAgentTransferCloud `json:"cloud"`
CloudBackendRef *RecipeCloudBackendRef `json:"cloud_backend_ref,omitempty"`
KeepObject bool `json:"keep_object,omitempty"`
MaxRetries int `json:"max_retries,omitempty"`
AgentRemoteDir string `json:"agent_remote_dir,omitempty"`
}
RecipeAgentTransfer is source host (top-level host) → cloud → destination (dest_host), same flow as the web UI.
type RecipeAgentTransferCloud ¶ added in v0.2.8
type RecipeAgentTransferCloud struct {
Provider string `json:"provider"`
Bucket string `json:"bucket"`
Prefix string `json:"prefix,omitempty"`
Object string `json:"object,omitempty"`
Region string `json:"region,omitempty"`
Endpoint string `json:"endpoint,omitempty"`
}
RecipeAgentTransferCloud is the staging object location (S3/GCS, etc.).
type RecipeCloudBackendRef ¶ added in v0.2.8
type RecipeCloudBackendRef struct {
Kind string `json:"kind"`
Name string `json:"name,omitempty"`
Index *int `json:"index,omitempty"`
}
RecipeCloudBackendRef selects a backend entry from honey YAML for signing hints (AWS profile, GCP project).
type RecipeDefaults ¶
type RecipeDefaults struct {
RunAs string `json:"run_as,omitempty"`
Env map[string]string `json:"env,omitempty"`
Secrets map[string]string `json:"secrets,omitempty"`
K8sDebugImage string `json:"k8s_debug_image,omitempty"`
KVTunnel *bool `json:"kv_tunnel,omitempty"`
MaxParallel int `json:"max_parallel,omitempty"`
SSHPort int `json:"ssh_port,omitempty"`
SSHPrivateKey string `json:"ssh_private_key,omitempty"`
Retry *RecipeStepRetry `json:"retry,omitempty"`
GatherFacts *bool `json:"gather_facts,omitempty"`
}
RecipeDefaults holds recipe-level defaults (optional fields).
type RecipeFileTransfer ¶
RecipeFileTransfer is a local ↔ remote path pair for SFTP put/get steps.
type RecipeGraphPlan ¶ added in v0.2.9
type RecipeGraphPlan struct {
Type string `json:"type"`
Waves [][]GraphPlanNode `json:"waves,omitempty"`
Nodes []GraphPlanNode `json:"nodes"`
Edges []GraphPlanEdge `json:"edges"`
Mermaid string `json:"mermaid,omitempty"`
}
RecipeGraphPlan is a structured DAG view of a graph recipe.
func BuildRecipeGraphPlan ¶ added in v0.2.9
func BuildRecipeGraphPlan(r Recipe) (*RecipeGraphPlan, error)
BuildRecipeGraphPlan builds a graph plan from a validated graph recipe.
type RecipeLoop ¶ added in v0.3.4
type RecipeLoop struct {
Step string `json:"step"`
Extract string `json:"extract"` // jq expression to extract a JSON array
}
RecipeLoop configures dynamic runtime fan-out based on a previous step's captured output.
type RecipeNotify ¶ added in v0.2.8
type RecipeNotify struct {
NotifySubject string `json:"notify_subject,omitempty"`
Message string `json:"message,omitempty"`
Services *RecipeNotifyServices `json:"services,omitempty"`
}
RecipeNotify is optional per-step notification (env receivers). A present `notify` object in CUE means enabled, even if empty.
type RecipeNotifyHTTP ¶ added in v0.2.8
type RecipeNotifyHTTP struct{}
RecipeNotifyHTTP marks HTTP default JSON POST URLs (HONEY_NOTIFY_HTTP_URL) as selected in notify.services.
type RecipeNotifyServices ¶ added in v0.2.8
type RecipeNotifyServices struct {
HTTP *RecipeNotifyHTTP `json:"http,omitempty"`
Slack *RecipeNotifySlack `json:"slack,omitempty"`
Telegram *RecipeNotifyTelegram `json:"telegram,omitempty"`
}
RecipeNotifyServices selects notifier backends when non-nil (allowlist). Omitted keys are off for this step.
type RecipeNotifySlack ¶ added in v0.2.8
type RecipeNotifySlack struct {
ChannelID string `json:"channel_id,omitempty"`
}
RecipeNotifySlack marks Slack incoming webhook (HONEY_NOTIFY_SLACK_WEBHOOK_URL); optional channel_id overrides payload channel.
type RecipeNotifyTelegram ¶ added in v0.2.8
type RecipeNotifyTelegram struct{}
RecipeNotifyTelegram marks Telegram (bot token + chat IDs from env).
type RecipeOutputCapture ¶ added in v0.3.0
type RecipeOutputCapture struct {
// contains filtered or unexported fields
}
RecipeOutputCapture holds rendered stdout keyed by template.output capture names.
func NewRecipeOutputCapture ¶ added in v0.3.0
func NewRecipeOutputCapture() *RecipeOutputCapture
NewRecipeOutputCapture creates an empty capture registry.
func (*RecipeOutputCapture) All ¶ added in v0.3.0
func (c *RecipeOutputCapture) All() map[string]string
All returns a copy of all capture name → stdout mappings.
func (*RecipeOutputCapture) Get ¶ added in v0.3.0
func (c *RecipeOutputCapture) Get(name string) (string, bool)
Get returns captured stdout for name.
func (*RecipeOutputCapture) Set ¶ added in v0.3.0
func (c *RecipeOutputCapture) Set(name, stdout string)
Set stores trimmed stdout for a capture name.
func (*RecipeOutputCapture) View ¶ added in v0.3.4
func (c *RecipeOutputCapture) View() map[string]any
View returns template/CEL-friendly named output metadata.
type RecipePluginHook ¶ added in v0.2.9
type RecipePluginHook struct {
ID string `json:"id"`
Action string `json:"action"`
Config json.RawMessage `json:"config,omitempty"`
}
RecipePluginHook configures a WASM plugin for a local hook (xor with command).
type RecipeStep ¶
type RecipeStep struct {
ID string `json:"id,omitempty"`
Depends []string `json:"depends,omitempty"`
Host string `json:"host"`
SSHPort int `json:"ssh_port,omitempty"`
SSHPrivateKey string `json:"ssh_private_key,omitempty"`
Command string `json:"command,omitempty"`
Render string `json:"render,omitempty"`
Put *RecipeFileTransfer `json:"put,omitempty"`
Get *RecipeFileTransfer `json:"get,omitempty"`
Script *RecipeFileTransfer `json:"script,omitempty"`
AgentTransfer *RecipeAgentTransfer `json:"agent_transfer,omitempty"`
AI *RecipeAI `json:"ai,omitempty"`
Template *RecipeStepTemplate `json:"template,omitempty"`
Plugin *RecipeStepPlugin `json:"plugin,omitempty"`
Tunnel *RecipeStepTunnel `json:"tunnel,omitempty"`
Docker *RecipeStepDocker `json:"docker,omitempty"`
K8s *RecipeStepK8s `json:"k8s,omitempty"`
Opensearch *RecipeStepOpensearch `json:"opensearch,omitempty"`
Postgres *RecipeStepPostgres `json:"postgres,omitempty"`
Notify *RecipeNotify `json:"notify,omitempty"`
Hooks *RecipeStepHooks `json:"hooks,omitempty"`
KVTunnel *bool `json:"kv_tunnel,omitempty"`
MaxParallel int `json:"max_parallel,omitempty"`
Serial int `json:"serial,omitempty"`
EnvFrom []EnvFromRef `json:"env_from,omitempty"`
RunAs string `json:"run_as,omitempty"`
Env map[string]string `json:"env,omitempty"`
Secrets map[string]string `json:"secrets,omitempty"`
When string `json:"when,omitempty"`
ChangedWhen string `json:"changed_when,omitempty"`
FailedWhen string `json:"failed_when,omitempty"`
Retry *RecipeStepRetry `json:"retry,omitempty"`
Timeout string `json:"timeout,omitempty"`
IgnoreErrors bool `json:"ignore_errors,omitempty"`
CheckCmd string `json:"check_cmd,omitempty"`
Output string `json:"output,omitempty"`
Loop string `json:"loop,omitempty"`
LoopFrom *RecipeLoop `json:"loop_from,omitempty"`
NotifyHandler []string `json:"notify_handler,omitempty"`
}
RecipeStep is one remote action: exactly one of command, put, get, script, agent_transfer, ai, template, plugin, or tunnel. Host selects targets: literal IP, exact name, "*", "re:…", or "_" for ai only (see resolve.go). For agent_transfer, host selects the source endpoint (must match exactly one row); agent_transfer.dest_host selects the destination.
func (RecipeStep) NotifyEnabled ¶ added in v0.2.8
func (s RecipeStep) NotifyEnabled() bool
NotifyEnabled reports whether the recipe author included a notify block (including notify: {}).
type RecipeStepDocker ¶ added in v0.3.4
type RecipeStepDocker struct {
Action string `json:"action"`
Output string `json:"output,omitempty"`
Build *DockerBuild `json:"build,omitempty"`
Push *DockerPush `json:"push,omitempty"`
Pull *DockerPull `json:"pull,omitempty"`
Run *DockerRun `json:"run,omitempty"`
Exec *DockerExec `json:"exec,omitempty"`
Stop *DockerStop `json:"stop,omitempty"`
}
RecipeStepDocker configures a Docker engine API step.
type RecipeStepHook ¶ added in v0.2.8
type RecipeStepHook struct {
Where string `json:"where"`
Command string `json:"command,omitempty"`
Plugin *RecipePluginHook `json:"plugin,omitempty"`
RunAs string `json:"run_as,omitempty"`
Env map[string]string `json:"env,omitempty"`
Secrets map[string]string `json:"secrets,omitempty"`
Notify *RecipeNotify `json:"notify,omitempty"`
}
RecipeStepHook runs once per target host after that host's main step result is known.
type RecipeStepHooks ¶ added in v0.2.8
type RecipeStepHooks struct {
OnSuccess *RecipeStepHook `json:"on_success,omitempty"`
OnFailure *RecipeStepHook `json:"on_failure,omitempty"`
}
RecipeStepHooks configures optional per-host hooks after the main step outcome (command/script only).
type RecipeStepK8s ¶ added in v0.3.4
type RecipeStepK8s struct {
Namespace string `json:"namespace,omitempty"`
Output string `json:"output,omitempty"`
Apply *K8sApply `json:"apply,omitempty"`
Delete *K8sDelete `json:"delete,omitempty"`
Scale *K8sScale `json:"scale,omitempty"`
RolloutRestart *K8sRolloutRestart `json:"rollout_restart,omitempty"`
Wait *K8sWait `json:"wait,omitempty"`
Get *K8sGet `json:"get,omitempty"`
Exec *K8sExec `json:"exec,omitempty"`
CreateJob *K8sCreateJob `json:"create_job,omitempty"`
}
RecipeStepK8s configures a Kubernetes API step. Exactly one action field (Apply/Delete/Scale/RolloutRestart/Wait/Get/Exec/CreateJob) must be set. Output, when non-empty, stores the action result in RecipeOutputCapture for downstream env_from.
type RecipeStepOpensearch ¶ added in v0.3.4
type RecipeStepOpensearch struct {
Addresses []string `json:"addresses,omitempty"`
Username string `json:"username,omitempty"`
Password string `json:"password,omitempty"`
APIKey string `json:"api_key,omitempty"`
Insecure bool `json:"insecure,omitempty"`
Index string `json:"index"`
Action string `json:"action"` // "get", "search", "index"
DocID string `json:"doc_id,omitempty"`
Body map[string]any `json:"body,omitempty"`
Output string `json:"output,omitempty"`
}
RecipeStepOpensearch configures an OpenSearch engine API step.
type RecipeStepPlugin ¶ added in v0.2.9
type RecipeStepPlugin struct {
ID string `json:"id"`
Action string `json:"action"`
Config json.RawMessage `json:"config,omitempty"`
}
RecipeStepPlugin configures a WASM custom_step plugin action.
type RecipeStepPostgres ¶ added in v0.3.4
type RecipeStepPostgres struct {
DSNSecret string `json:"dsn_secret"`
Action string `json:"action"` // "query", "exec", "migrate"
SQL string `json:"sql,omitempty"`
Params json.RawMessage `json:"params,omitempty"`
TimeoutMS int `json:"timeout_ms,omitempty"`
Readonly *bool `json:"readonly,omitempty"`
KVKey string `json:"kv_key,omitempty"`
KVKeyPerHost bool `json:"kv_key_per_host,omitempty"`
Extract map[string]string `json:"extract,omitempty"`
Host string `json:"host,omitempty"`
Port string `json:"port,omitempty"`
TunnelStep string `json:"tunnel_step,omitempty"`
MigrationsDir string `json:"migrations_dir,omitempty"`
Files []string `json:"files,omitempty"`
Output string `json:"output,omitempty"`
}
RecipeStepPostgres configures a PostgreSQL engine API step.
type RecipeStepRetry ¶ added in v0.3.0
type RecipeStepRetry struct {
Attempts int `json:"attempts,omitempty"`
DelayMS int `json:"delay_ms,omitempty"`
MaxDelayMS int `json:"max_delay_ms,omitempty"`
Backoff string `json:"backoff,omitempty"`
}
RecipeStepRetry configures per-step retry for remote actions.
func EffectiveRetry ¶ added in v0.3.0
func EffectiveRetry(step RecipeStep, defaults *RecipeDefaults) RecipeStepRetry
EffectiveRetry merges step and recipe defaults; applies defaults when a retry block is present.
func (RecipeStepRetry) Enabled ¶ added in v0.3.0
func (r RecipeStepRetry) Enabled() bool
Enabled reports whether step retry is active (more than one total attempt).
type RecipeStepTemplate ¶ added in v0.3.0
type RecipeStepTemplate struct {
Template string `json:"template"`
Data map[string]any `json:"data,omitempty"`
Output string `json:"output,omitempty"`
}
RecipeStepTemplate configures a local Go text/template render step (host must be "_").
type RecipeStepTunnel ¶ added in v0.3.0
type RecipeStepTunnel struct {
Mode string `json:"mode,omitempty"`
RemoteHost string `json:"remote_host,omitempty"`
RemotePort int `json:"remote_port,omitempty"`
LocalPort int `json:"local_port,omitempty"`
Bind string `json:"bind,omitempty"`
RemoteBind string `json:"remote_bind,omitempty"`
RemoteListen int `json:"remote_listen_port,omitempty"`
LocalHost string `json:"local_host,omitempty"`
LocalTarget int `json:"local_target_port,omitempty"`
UseSSHConfig bool `json:"use_ssh_config,omitempty"`
SSHConfigMatch string `json:"ssh_config_match,omitempty"`
SSHConfigEnv map[string]string `json:"ssh_config_env,omitempty"`
Protocol string `json:"protocol,omitempty"`
TunLocal int `json:"tun_local,omitempty"`
TunRemote int `json:"tun_remote,omitempty"`
RemoteSocat bool `json:"remote_socat,omitempty"`
}
RecipeStepTunnel configures an operator-side port forward for a recipe step.
type RenderLoopTemplateOpts ¶ added in v0.3.4
type RenderLoopTemplateOpts struct {
Template string
Store *StepResultStore
Capture *RecipeOutputCapture
}
RenderLoopTemplateOpts configures dynamic loop item rendering.
type RenderTemplateOpts ¶ added in v0.3.0
type RenderTemplateOpts struct {
Template string
Data map[string]any
KV KVReader
Funcs template.FuncMap
}
RenderTemplateOpts configures a template render.
type ResultExprContext ¶ added in v0.3.4
type ResultExprContext struct {
Stdout string
Stderr string
ExitCode int
Succeeded bool
Changed bool
Host map[string]any
Facts map[string]any
Steps map[string]StepView
Outputs map[string]any
Item string
}
ResultExprContext is the CEL-facing context for one step result.
type ResultExprProgram ¶ added in v0.3.4
type ResultExprProgram struct {
// contains filtered or unexported fields
}
ResultExprProgram is a compiled changed_when / failed_when expression.
func CompileResultBoolExpr ¶ added in v0.3.4
func CompileResultBoolExpr(expr string) (*ResultExprProgram, error)
CompileResultBoolExpr validates and compiles a result override expression.
func (*ResultExprProgram) Eval ¶ added in v0.3.4
func (p *ResultExprProgram) Eval(ctx ResultExprContext) (bool, error)
Eval evaluates a compiled result expression.
type SecretResolver ¶ added in v0.2.9
SecretResolver resolves recipe secret refs (secure:v1:…) to plaintext at execute time.
func NewSecretResolver ¶ added in v0.2.9
func NewSecretResolver(opts SecretResolverOptions) (SecretResolver, error)
NewSecretResolver builds the default resolver for recipe execution.
func NewSecretResolverWithPlugins ¶ added in v0.2.9
func NewSecretResolverWithPlugins(opts SecretResolverOptions, mgr *plugins.Manager) (SecretResolver, error)
NewSecretResolverWithPlugins appends WASM plugin secret backends when mgr is non-nil.
type SecretResolverOptions ¶ added in v0.2.9
type SecretResolverOptions struct {
SymmetricDataKey []byte
SecretsProvider string
EncryptedKey string
AgeIdentityFile string
}
SecretResolverOptions configures the default secret resolver.
func SecretResolverOptionsFromHoney ¶ added in v0.2.9
func SecretResolverOptionsFromHoney(cfg *config.File) SecretResolverOptions
SecretResolverOptionsFromHoney maps honey YAML defaults into resolver options.
type StepGraph ¶ added in v0.2.9
type StepGraph struct {
IDToIndex map[string]int
IndexToID []string
Depends [][]int // step index -> dependency indices
Children [][]int // reverse edges
TopoOrder []int
Waves [][]int
AIIndex int // >=0 when recipe has an ai step
}
StepGraph is a validated DAG over recipe steps (graph mode only).
func BuildStepGraph ¶ added in v0.2.9
func BuildStepGraph(steps []RecipeStep) (*StepGraph, error)
BuildStepGraph validates ids and depends, detects cycles, and computes topo order and waves.
func BuildStepGraphFromRecipe ¶ added in v0.2.9
BuildStepGraphFromRecipe builds the step graph when mode is graph.
func (*StepGraph) AncestorHistoryOrder ¶ added in v0.2.9
AncestorHistoryOrder returns succeeded step indices in topological order for ai transcript.
func (*StepGraph) MarkSkippedDescendants ¶ added in v0.2.9
func (sg *StepGraph) MarkSkippedDescendants(from int, state []StepRunState)
MarkSkippedDescendants marks all transitive children of from as skipped in state.
type StepKind ¶
type StepKind int
StepKind describes which action a recipe step performs.
const ( StepKindCommand StepKind = iota StepKindPut StepKindGet StepKindScript StepKindAgentTransfer StepKindAI StepKindTemplate StepKindPlugin StepKindTunnel StepKindK8s StepKindDocker StepKindOpensearch StepKindPostgres )
StepKind values correspond to exactly one populated field on RecipeStep.
func ClassifyStep ¶
func ClassifyStep(s RecipeStep) (StepKind, error)
ClassifyStep returns the step kind after validating exactly one action field.
type StepOutputStore ¶ added in v0.2.9
type StepOutputStore = StepResultStore
StepOutputStore is the historical name for StepResultStore.
type StepResultStore ¶ added in v0.2.9
type StepResultStore struct {
// contains filtered or unexported fields
}
StepResultStore holds per-step per-host results (stdout, success, skip, exit code).
func NewStepOutputStore ¶ added in v0.2.9
func NewStepOutputStore() *StepResultStore
NewStepOutputStore is an alias for backward compatibility with env_from capture.
func NewStepResultStore ¶ added in v0.2.9
func NewStepResultStore() *StepResultStore
NewStepResultStore creates an empty result store.
func (*StepResultStore) FirstStdout ¶ added in v0.3.0
func (s *StepResultStore) FirstStdout(stepID string) (string, bool)
FirstStdout returns the first non-empty stdout captured for stepID across any host.
func (*StepResultStore) Get ¶ added in v0.2.9
func (s *StepResultStore) Get(stepID, hostName string) (string, bool)
Get returns captured stdout for stepID and hostName.
func (*StepResultStore) HostResult ¶ added in v0.2.9
func (s *StepResultStore) HostResult(stepID, hostName string) (HostStepResult, bool)
HostResult returns the full result for stepID and hostName.
func (*StepResultStore) Record ¶ added in v0.2.9
func (s *StepResultStore) Record(stepID, hostName, stdout string)
Record stores trimmed stdout for a host after a successful capture step.
func (*StepResultStore) RecordHost ¶ added in v0.2.9
func (s *StepResultStore) RecordHost(stepID, hostName string, r HostStepResult)
RecordHost stores a full host result for a step id.
func (*StepResultStore) StepsTemplateData ¶ added in v0.3.4
func (s *StepResultStore) StepsTemplateData() map[string]any
StepsTemplateData builds a template-facing aggregate view of prior step results.
func (*StepResultStore) StepsViewAggregated ¶ added in v0.2.9
func (s *StepResultStore) StepsViewAggregated() map[string]StepView
StepsViewAggregated builds a per-step view across all hosts (any succeeded, first stdout).
func (*StepResultStore) StepsViewForHost ¶ added in v0.2.9
func (s *StepResultStore) StepsViewForHost(hostName string) map[string]StepView
StepsViewForHost builds the steps map for CEL for one host name.
type StepRunState ¶ added in v0.2.9
type StepRunState int
StepRunState is the scheduler state for one step in graph mode.
const ( // StepRunPending means dependencies are not yet satisfied. StepRunPending StepRunState = iota // StepRunReady means the step may be scheduled. StepRunReady // StepRunRunning means the step is executing. StepRunRunning // StepRunSucceeded means the step completed without fatal failure. StepRunSucceeded // StepRunFailed means the step failed or all hosts had transient SSH errors. StepRunFailed // StepRunSkipped means a dependency failed and this step was not run. StepRunSkipped )
type StepSummary ¶ added in v0.2.8
type StepSummary struct {
Index int `json:"index"`
ID string `json:"id,omitempty"`
Depends []string `json:"depends,omitempty"`
Wave int `json:"wave,omitempty"`
Kind string `json:"kind"`
Host string `json:"host"`
RunAs string `json:"run_as,omitempty"`
When string `json:"when,omitempty"`
Retry string `json:"retry,omitempty"`
Notify bool `json:"notify,omitempty"`
Preview string `json:"preview"`
}
StepSummary is a host-agnostic one-line summary of a recipe step. It backs the wizard's Plan view and any other UI that wants a per-step digest without resolving target hosts.
func RenderDryRunPlan ¶ added in v0.2.8
func RenderDryRunPlan(r Recipe) (string, []StepSummary, error)
RenderDryRunPlan returns a host-agnostic plan summary for r: one line per step plus a structured per-step list. It does not expand step.host against records, so callers can validate Recipe structure before any host resolution. The line format mirrors the per-target dry-run text in internal/ui — same "step N: kind=… host=… run_as=… preview=…" shape, minus per-host detail.
type WhenEvalOpts ¶ added in v0.2.9
type WhenEvalOpts struct {
RecipeName string
Execute bool
Host hosts.Record
Dest *hosts.Record
Steps map[string]StepView
Secrets map[string]string
Env map[string]string
KV KVReader
Facts map[string]any
}
WhenEvalOpts carries per-evaluation context for CEL when.
type WhenProgram ¶ added in v0.2.9
type WhenProgram struct {
// contains filtered or unexported fields
}
WhenProgram is a compiled CEL when expression.
func CompileWhen ¶ added in v0.2.9
func CompileWhen(expr string) (*WhenProgram, error)
CompileWhen validates and compiles a when expression.
Source Files
¶
- env_recipe.go
- jq.go
- kv_keys.go
- kv_tunnel.go
- loop_template.go
- output_capture.go
- parse_options.go
- paths.go
- recipe.go
- recipe_ai_prompt.go
- recipe_dir.go
- recipe_env_from.go
- recipe_graph.go
- recipe_graph_plan.go
- recipe_json.go
- recipe_max_parallel.go
- recipe_plan.go
- recipe_tunnel.go
- recipe_types.go
- recipe_var_expand.go
- recipe_when.go
- remote.go
- resolve.go
- result_expr.go
- secret_resolver.go
- ssh_port.go
- ssh_private_key.go
- step_action.go
- step_result.go
- step_retry.go
- template_render.go
Directories
¶
| Path | Synopsis |
|---|---|
|
Package secrets resolves CUE recipe secret refs.
|
Package secrets resolves CUE recipe secret refs. |
|
cloud
Package cloud resolves cloud and enterprise secret refs (Vault, AWS), analogous to
|
Package cloud resolves cloud and enterprise secret refs (Vault, AWS), analogous to |
|
env
Package env resolves env:NAME refs from the process environment (local analogue of cloud:/aws-sm:/aws-kms:/k8s:/age:/age-b64:/age-file:/keyring:/vault).
|
Package env resolves env:NAME refs from the process environment (local analogue of cloud:/aws-sm:/aws-kms:/k8s:/age:/age-b64:/age-file:/keyring:/vault). |
|
k8s
Package k8s resolves Kubernetes Secret data keys.
|
Package k8s resolves Kubernetes Secret data keys. |
|
passphrase
Package passphrase resolves age-encrypted material.
|
Package passphrase resolves age-encrypted material. |
|
ref
Package ref holds shared contracts for recipe secret backends (similar in role to how honey centralizes crypto provider contracts).
|
Package ref holds shared contracts for recipe secret backends (similar in role to how honey centralizes crypto provider contracts). |
|
service
Package service resolves keyring:// refs via the OS credential store (Zalando keyring), analogous to cloud:/aws-sm:/aws-kms:/k8s:/age:/age-b64:/age-file:/keyring:/vault.
|
Package service resolves keyring:// refs via the OS credential store (Zalando keyring), analogous to cloud:/aws-sm:/aws-kms:/k8s:/age:/age-b64:/age-file:/keyring:/vault. |
|
stack
Package stack implements symmetric secure:v1 encryption for recipe secrets.
|
Package stack implements symmetric secure:v1 encryption for recipe secrets. |
|
stackunwrap
Package stackunwrap unwraps stack data keys from secretsprovider URLs (KMS, keyring, age, etc.).
|
Package stackunwrap unwraps stack data keys from secretsprovider URLs (KMS, keyring, age, etc.). |