@bonginkan/maria 4.2.0 → 4.2.2

package/dist/cli.cjs

@@ -18,6 +18,7 @@ var buffer = require('buffer');
 var net = require('net');
 var https = require('https');
 var zlib = require('zlib');
+var secretManager = require('@google-cloud/secret-manager');
 var readline = require('readline');
 var zod = require('zod');
 require('strip-ansi');
@@ -9181,6 +9182,201 @@ var init_base_provider = __esm({
   }
 });
 
+// src/services/intelligent-model-selector/SecretManagerIntegration.ts
+var SecretManagerIntegration_exports = {};
+__export(SecretManagerIntegration_exports, {
+  SecretManagerIntegration: () => SecretManagerIntegration
+});
+var SecretManagerIntegration;
+var init_SecretManagerIntegration = __esm({
+  "src/services/intelligent-model-selector/SecretManagerIntegration.ts"() {
+    SecretManagerIntegration = class {
+      // 1 hour
+      constructor(config2) {
+        this.config = config2;
+        this.client = new secretManager.SecretManagerServiceClient();
+      }
+      client;
+      cache = /* @__PURE__ */ new Map();
+      cacheExpiry = /* @__PURE__ */ new Map();
+      CACHE_TTL = 36e5;
+      /**
+       * Get API key from Secret Manager with caching
+       */
+      async getApiKey(provider) {
+        const secretName = this.getSecretName(provider);
+        if (!secretName) {
+          return void 0;
+        }
+        const cached = this.getCachedSecret(secretName);
+        if (cached) {
+          return cached;
+        }
+        try {
+          const name2 = `projects/${this.config.projectId}/secrets/${secretName}/versions/latest`;
+          const [version] = await this.client.accessSecretVersion({ name: name2 });
+          const payload = version.payload?.data;
+          if (!payload) {
+            console.error(`Secret ${secretName} has no payload`);
+            return void 0;
+          }
+          const secret = payload.toString();
+          this.cacheSecret(secretName, secret);
+          return secret;
+        } catch (error2) {
+          if (error2.code !== 5) {
+            console.error(`Failed to access secret ${secretName}:`, error2);
+          }
+          return this.getFallbackFromEnv(provider);
+        }
+      }
+      /**
+       * Get all API keys
+       */
+      async getAllApiKeys() {
+        const [googleApiKey, openaiApiKey, anthropicApiKey, groqApiKey] = await Promise.all([
+          this.getApiKey("google"),
+          this.getApiKey("openai"),
+          this.getApiKey("anthropic"),
+          this.getApiKey("groq")
+        ]);
+        return {
+          googleApiKey,
+          openaiApiKey,
+          anthropicApiKey,
+          groqApiKey
+        };
+      }
+      /**
+       * Verify that required secrets exist
+       */
+      async verifySecrets() {
+        const available = [];
+        const missing = [];
+        const providers = ["google", "openai", "anthropic", "groq"];
+        for (const provider of providers) {
+          const secretName = this.getSecretName(provider);
+          if (!secretName) continue;
+          try {
+            const name2 = `projects/${this.config.projectId}/secrets/${secretName}`;
+            await this.client.getSecret({ name: name2 });
+            available.push(provider);
+          } catch (error2) {
+            missing.push(provider);
+          }
+        }
+        return { available, missing };
+      }
+      /**
+       * Create or update a secret
+       */
+      async createOrUpdateSecret(provider, apiKey) {
+        const secretName = this.getSecretName(provider);
+        if (!secretName) {
+          return false;
+        }
+        const secretId = `projects/${this.config.projectId}/secrets/${secretName}`;
+        try {
+          let secretExists = false;
+          try {
+            await this.client.getSecret({ name: secretId });
+            secretExists = true;
+          } catch {
+            secretExists = false;
+          }
+          if (!secretExists) {
+            await this.client.createSecret({
+              parent: `projects/${this.config.projectId}`,
+              secretId: secretName,
+              secret: {
+                replication: {
+                  automatic: {}
+                },
+                labels: {
+                  service: "ims",
+                  provider
+                }
+              }
+            });
+          }
+          await this.client.addSecretVersion({
+            parent: secretId,
+            payload: {
+              data: Buffer.from(apiKey, "utf8")
+            }
+          });
+          this.cache.delete(secretName);
+          this.cacheExpiry.delete(secretName);
+          return true;
+        } catch (error2) {
+          console.error(`Failed to create/update secret ${secretName}:`, error2);
+          return false;
+        }
+      }
+      /**
+       * Get secret name for provider
+       */
+      getSecretName(provider) {
+        switch (provider) {
+          case "google":
+            return this.config.secrets.googleAI || "google-ai-api-key";
+          case "openai":
+            return this.config.secrets.openAI || "openai-api-key";
+          case "anthropic":
+            return this.config.secrets.anthropic || "anthropic-api-key";
+          case "groq":
+            return this.config.secrets.groq || "groq-api-key";
+          default:
+            return void 0;
+        }
+      }
+      /**
+       * Get cached secret if valid
+       */
+      getCachedSecret(secretName) {
+        const expiry = this.cacheExpiry.get(secretName);
+        if (!expiry || Date.now() > expiry) {
+          this.cache.delete(secretName);
+          this.cacheExpiry.delete(secretName);
+          return void 0;
+        }
+        return this.cache.get(secretName);
+      }
+      /**
+       * Cache a secret
+       */
+      cacheSecret(secretName, value) {
+        this.cache.set(secretName, value);
+        this.cacheExpiry.set(secretName, Date.now() + this.CACHE_TTL);
+      }
+      /**
+       * Get fallback from environment variable
+       */
+      getFallbackFromEnv(provider) {
+        switch (provider) {
+          case "google":
+            return process.env.GOOGLE_AI_API_KEY;
+          case "openai":
+            return process.env.OPENAI_API_KEY;
+          case "anthropic":
+            return process.env.ANTHROPIC_API_KEY;
+          case "groq":
+            return process.env.GROQ_API_KEY;
+          default:
+            return void 0;
+        }
+      }
+      /**
+       * Clear cache
+       */
+      clearCache() {
+        this.cache.clear();
+        this.cacheExpiry.clear();
+      }
+    };
+  }
+});
+
 // src/providers/groq-provider.ts
 var groq_provider_exports = {};
 __export(groq_provider_exports, {
@@ -9567,13 +9763,32 @@ var init_manager = __esm({
           })
         );
       }
-      /** Register adapters based on env keys (OpenAI is real, others placeholder but safe) */
+      /** Register adapters based on Secret Manager or env keys */
       async initializeProviders() {
-        const OPENAI_API_KEY = process.env.OPENAI_API_KEY;
-        const ANTHROPIC_API_KEY = process.env.ANTHROPIC_API_KEY;
-        const GOOGLE_API_KEY = process.env.GOOGLE_API_KEY || process.env.GOOGLE_AI_API_KEY;
-        const GROQ_API_KEY = process.env.GROQ_API_KEY;
+        let OPENAI_API_KEY = process.env.OPENAI_API_KEY;
+        let ANTHROPIC_API_KEY = process.env.ANTHROPIC_API_KEY;
+        let GOOGLE_API_KEY = process.env.GOOGLE_API_KEY || process.env.GOOGLE_AI_API_KEY;
+        let GROQ_API_KEY = process.env.GROQ_API_KEY;
         const GROK_API_KEY = process.env.GROK_API_KEY || process.env.XAI_API_KEY;
+        try {
+          const { SecretManagerIntegration: SecretManagerIntegration2 } = await Promise.resolve().then(() => (init_SecretManagerIntegration(), SecretManagerIntegration_exports));
+          const secretManager = new SecretManagerIntegration2({
+            projectId: process.env.GOOGLE_CLOUD_PROJECT || "maria-code-470602",
+            secrets: {
+              openAI: "openai-api-key",
+              anthropic: "anthropic-api-key",
+              googleAI: "google-ai-api-key",
+              groq: "groq-api-key"
+            }
+          });
+          const keys = await secretManager.getAllApiKeys();
+          OPENAI_API_KEY = keys.openaiApiKey || OPENAI_API_KEY;
+          ANTHROPIC_API_KEY = keys.anthropicApiKey || ANTHROPIC_API_KEY;
+          GOOGLE_API_KEY = keys.googleApiKey || GOOGLE_API_KEY;
+          GROQ_API_KEY = keys.groqApiKey || GROQ_API_KEY;
+        } catch (error2) {
+          console.debug("Secret Manager not available, using environment variables");
+        }
         if (OPENAI_API_KEY) this.register(new UnifiedOpenAIProvider(OPENAI_API_KEY));
         if (ANTHROPIC_API_KEY) this.register(new UnifiedAnthropicProvider(ANTHROPIC_API_KEY));
         if (GOOGLE_API_KEY) this.register(new UnifiedGoogleProvider(GOOGLE_API_KEY));
@@ -13533,7 +13748,7 @@ var init_bigquery_telemetry = __esm({
       httpEndpoint = null;
       config = {
         projectId: process.env.GOOGLE_CLOUD_PROJECT || "maria-code-470602",
-        datasetId: "cli",
+        datasetId: "maria_telemetry",
         tableName: "command_executions",
         batchSize: 100,
         flushIntervalMs: 3e4,
@@ -31977,7 +32192,7 @@ var init_package = __esm({
   "package.json"() {
     package_default = {
       name: "@bonginkan/maria",
-      version: "4.2.0",
+      version: "4.2.2",
       description: "\u{1F680} MARIA v4.2.0 - Enterprise AI Development Platform with 100% Command Availability. Features 74 production-ready commands with comprehensive fallback implementation, local LLM support, and zero external dependencies. Includes natural language coding, AI safety evaluation, intelligent evolution system, episodic memory with PII masking, and real-time monitoring dashboard. Built with TypeScript AST-powered code generation, OAuth2.0 + PKCE authentication, quantum-resistant cryptography, and enterprise-grade performance.",
       keywords: [
         "ai",