feat: add ucanto aggregation api service

.env.tpl

@@ -0,0 +1,12 @@
+# These variables are only available in your SST code.
+
+# uncomment to try out deploying the api under a custom domain.
+# the value should match a hosted zone configured in route53 that your aws account has access to.
+# HOSTED_ZONE=spade-proxy.web3.storage
+
+# uncomment to set SENTRY_DSN
+# SENTRY_DSN = ''
+
+SPADE_PROXY_DID = ''
+
+UCAN_LOG_URL = ''

.github/workflows/test.yaml

@@ -15,14 +15,14 @@ jobs:
         uses: actions/checkout@v3
 
       - name: Install
-        uses: pnpm/[email protected].3
+        uses: pnpm/[email protected].4
         with:
-          version: 7
+          version: 8
 
       - name: Setup
         uses: actions/setup-node@v3
         with:
-          node-version: 16
+          node-version: 18
           registry-url: https://registry.npmjs.org/
           cache: 'pnpm'
 
@@ -39,14 +39,14 @@ jobs:
         uses: actions/checkout@v3
 
       - name: Install
-        uses: pnpm/[email protected].3
+        uses: pnpm/[email protected].4
         with:
-          version: 7
+          version: 8
 
       - name: Setup
         uses: actions/setup-node@v3
         with:
-          node-version: 16
+          node-version: 18
           registry-url: https://registry.npmjs.org/
           cache: 'pnpm'
 

.gitignore

@@ -12,6 +12,7 @@ node_modules
 # misc
 .DS_Store
 .vscode
+cdk.context.json
 
 # local env files
 .env*.local

README.md

@@ -2,27 +2,121 @@
 
 > A proxy API which will provide the UCAN server for receiving `aggregate/*` invocations and other resources for Spade to scrape - a way to retrieve the list of aggregates ready for a deal.
 
-## Commands
+## Getting Started
 
-### `npm run dev`
+The repo contains the infra deployment code and the api implementation.
 
-Starts the Live Lambda Development environment.
+To work on this codebase **you need**:
 
-### `npm run build`
+- Node.js >= 18 (prod env is node 18)
+- Install the deps with `pnpm i`
 
-Build your app and synthesize your stacks.
+You can then run the tests locally with `pnpm test`. 
 
-### `npm run deploy [stack]`
+To try out a change submit a PR and you'll get temporary infra rolled out for you automatically at `https://<pr#>.spade-proxy.web3.storage`.
 
-Deploy all your stacks to AWS. Or optionally deploy, a specific stack.
+[`sst`](https://sst.dev) is the framework we use to define what to deploy. Read the docs! https://sst.dev
 
-### `npm run remove [stack]`
+## Deployment 
 
-Remove all your stacks and all of their resources from AWS. Or optionally removes, a specific stack.
+Deployments are managed by [seed.run]. 
 
-## Documentation
+The `main` branch is deployed to https://staging.spade-proxy.web3.storage and staging builds are promoted to prod manually via the UI at https://console.seed.run
 
-Learn more about the SST.
+### Local dev
 
-- [Docs](https://docs.sst.dev/)
-- [sst](https://docs.sst.dev/packages/sst)
+You can use `sst` to create a custom dev deployment on aws, with a local dev console for debugging.
+
+To do that **you need**
+
+- An AWS account with the AWS CLI configured locally
+- Copy `.env.tpl` to `.env.local`
+
+Then run `npm start` to deploy dev services to your aws account and start dev console
+
+```console
+pnpm run start
+```
+
+See: https://docs.sst.dev for more info on how things get deployed.
+
+## Package Tests
+
+To run per-package tests, first install Docker Desktop (https://www.docker.com/) and ensure it is running.
+
+Next, ensure the `AWS_REGION`, `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` environment variables are set in your terminal. They do 
+not need to be set to real values - the following works in `bash`-like shells:
+
+```
+export AWS_REGION='us-west-2'; export AWS_ACCESS_KEY_ID='NOSUCH'; export AWS_SECRET_ACCESS_KEY='NOSUCH'
+```
+
+Finally, to run the tests for all packages, run:
+
+```
+pnpm test
+```
+
+Or to run the tests for a single package, run:
+
+```
+pnpm --filter <package-name> test
+```
+
+### Environment Variables
+
+Ensure the following variables are set in the env when deploying
+
+#### `HOSTED_ZONE`
+
+The root domain to deploy the API to. e.g `spade-proxy.web3.storage`. The value should match a hosted zone configured in route53 that your aws account has access to.
+
+#### `SPADE_PROXY_DID`
+
+[DID](https://www.w3.org/TR/did-core/) of the ucanto server. e.g. `did:web:spade.storage`. Optional: if omitted, a `did:key` will be derrived from `PRIVATE_KEY`
+
+### Secrets
+
+Set production secrets in aws SSM via [`sst secrets`](https://docs.sst.dev/config#sst-secrets). The region must be set to the one you deploy that stage to
+
+```sh
+# set `PRIVATE_KEY` for prod
+$ npx sst secrets set --region us-west-2 --stage prod PRIVATE_KEY "MgCblCY...="
+```
+
+To set a fallback value for `staging` or an ephmeral PR build use [`sst secrets set-fallback`](https://docs.sst.dev/config#fallback-values)
+
+```sh
+# set `PRIVATE_KEY` for any stage in us-east-2
+$ npx sst secrets set --fallback --region us-east-2 PRIVATE_KEY "MgCZG7...="
+```
+
+**note** The fallback value can only be inherited by stages deployed in the same AWS account and region.
+
+Confirm the secret value using [`sst secrets list`](https://docs.sst.dev/config#sst-secrets)
+
+```sh
+$ npx sst secrets list --region us-east-2
+PRIVATE_KEY MgCZG7...= (fallback)
+
+$ npx sst secrets list --region us-west-2 --stage prod
+PRIVATE_KEY M...=
+```
+
+#### `PRIVATE_KEY`
+
+The [`multibase`](https://github.com/multiformats/multibase) encoded ED25519 keypair used as the signing key for the upload-api.
+
+Generated by [@ucanto/principal `EdSigner`](https://github.com/web3-storage/ucanto) via [`ucan-key`](https://www.npmjs.com/package/ucan-key)
+
+_Example:_ `MgCZG7EvaA...1pX9as=`
+
+#### `UCAN_LOG_BASIC_AUTH`
+
+The HTTP Basic auth token for the UCAN Invocation entrypoint, where UCAN invocations can be stored and proxied to the UCAN Stream.
+
+_Example:_ `MgCZG7EvaA...1pX9as=`
+
+## License
+
+Dual-licensed under [MIT + Apache 2.0](LICENSE.md)