@tomako/runtime-node
v0.1.0
Published
Secretless signed-pull metric endpoint runtime for Tomako
Readme
@tomako/runtime-node (0.1.0 development package)
Secretless, read-only runtime for Tomako SIGNED_PULL_SNAPSHOT. This package is not published yet.
import contract from "./.tomako/connection.json" with { type: "json" };
import { createTomakoMetricEndpoint } from "@tomako/runtime-node";
export const POST = createTomakoMetricEndpoint({
contract,
measure: async ({ signal, window, metric }) => ({
kind: "COUNT",
value: await countQualifiedSubjects({ signal, window, metric }),
asOf: new Date().toISOString(),
}),
});P0 supports one metric only: UNIQUE_COUNT, represented by a non-negative integer COUNT. SUM, RATIO, row data, and extra fields are rejected.
The app stores no Tomako secret. The runtime verifies the server-signed immutable contract, exact allowed HTTPS endpoint, restricted RFC 9421 HTTP Message Signatures profile, RFC 9530 Content-Digest, audience, contract ID, goal digest, timestamp, expiry, key ID, and nonce before running measure. Contract fingerprints use a constrained RFC 8785 JCS/I-JSON profile.
runTomakoMetricLocalCheck validates only local aggregate code. It can produce CODE_READY, never RUNTIME_TEST_PASSED. The latter requires Tomako's backend to send a signed request to the deployed public endpoint.
Release blocker: src/trust.mjs intentionally has an empty trusted contract-signing key registry. The real production Ed25519 root public key must be built into the published package; unknown keys fail closed.
