@bsb/config-vault 0.0.1

package/lib/plugins/service-config-vault/store.js

@@ -0,0 +1,396 @@
+import { Pool } from 'pg';
+export class VaultStore {
+    pool;
+    constructor(databaseUrl) {
+        this.pool = new Pool({ connectionString: databaseUrl });
+    }
+    async close() {
+        await this.pool.end();
+    }
+    async init() {
+        await this.pool.query(`
+      create table if not exists vault_users (
+        id text primary key,
+        email text not null unique,
+        password_hash text not null,
+        totp_secret text not null,
+        passkey_required boolean not null default true,
+        created_at timestamptz not null,
+        updated_at timestamptz not null
+      );
+      create table if not exists vault_passkeys (
+        id text primary key,
+        user_id text not null references vault_users(id) on delete cascade,
+        credential_id text not null unique,
+        public_key jsonb not null,
+        sign_count integer not null default 0,
+        created_at timestamptz not null
+      );
+      create table if not exists vault_sessions (
+        id text primary key,
+        user_id text not null references vault_users(id) on delete cascade,
+        csrf_token text not null,
+        expires_at timestamptz not null
+      );
+      create table if not exists vault_applications (
+        id text primary key,
+        name text not null unique,
+        description text,
+        created_at timestamptz not null
+      );
+      create table if not exists vault_groups (
+        id text primary key,
+        application_id text not null references vault_applications(id) on delete cascade,
+        name text not null,
+        created_at timestamptz not null,
+        unique(application_id, name)
+      );
+      create table if not exists vault_profiles (
+        id text primary key,
+        group_id text not null references vault_groups(id) on delete cascade,
+        name text not null,
+        active_version_id text,
+        created_at timestamptz not null,
+        unique(group_id, name)
+      );
+      create table if not exists vault_plugin_catalog (
+        id text primary key,
+        org text not null,
+        name text not null,
+        plugin_id text not null,
+        package_name text,
+        version text not null,
+        kind text not null,
+        source text not null,
+        config_schema jsonb,
+        event_schema jsonb,
+        created_at timestamptz not null,
+        unique(plugin_id, version)
+      );
+      create table if not exists vault_config_drafts (
+        id text primary key,
+        profile_id text not null references vault_profiles(id) on delete cascade,
+        encrypted_payload text not null,
+        iv text not null,
+        auth_tag text not null,
+        key_version text not null,
+        updated_at timestamptz not null,
+        unique(profile_id)
+      );
+      create table if not exists vault_config_versions (
+        id text primary key,
+        profile_id text not null references vault_profiles(id) on delete cascade,
+        version integer not null,
+        encrypted_payload text not null,
+        iv text not null,
+        auth_tag text not null,
+        key_version text not null,
+        published_at timestamptz not null,
+        published_by text not null,
+        unique(profile_id, version)
+      );
+      create table if not exists vault_runtime_keys (
+        id text primary key,
+        name text not null,
+        secret_hash text not null,
+        application_id text not null references vault_applications(id) on delete cascade,
+        group_id text not null references vault_groups(id) on delete cascade,
+        profile_id text not null references vault_profiles(id) on delete cascade,
+        container_name text,
+        config_plugin_id text not null,
+        revoked_at timestamptz,
+        created_at timestamptz not null
+      );
+      create table if not exists vault_audit_log (
+        id text primary key,
+        actor text not null,
+        action text not null,
+        target text not null,
+        details jsonb not null,
+        created_at timestamptz not null
+      );
+    `);
+    }
+    async countAdmins() {
+        const result = await this.pool.query('select count(*)::text as count from vault_users');
+        return Number(result.rows[0]?.count ?? '0');
+    }
+    async createUser(user) {
+        await this.pool.query(`insert into vault_users (id, email, password_hash, totp_secret, passkey_required, created_at, updated_at)
+       values ($1, $2, $3, $4, $5, $6, $7)`, [user.id, user.email, user.passwordHash, user.totpSecret, user.passkeyRequired, user.createdAt, user.updatedAt]);
+    }
+    async getUserByEmail(email) {
+        const result = await this.pool.query('select * from vault_users where email = $1', [email]);
+        return result.rows[0] ? mapUser(result.rows[0]) : null;
+    }
+    async getUser(id) {
+        const result = await this.pool.query('select * from vault_users where id = $1', [id]);
+        return result.rows[0] ? mapUser(result.rows[0]) : null;
+    }
+    async createPasskey(passkey) {
+        await this.pool.query(`insert into vault_passkeys (id, user_id, credential_id, public_key, sign_count, created_at)
+       values ($1, $2, $3, $4, $5, $6)`, [passkey.id, passkey.userId, passkey.credentialId, passkey.publicKey, passkey.signCount, passkey.createdAt]);
+    }
+    async listPasskeys(userId) {
+        const result = await this.pool.query('select * from vault_passkeys where user_id = $1 order by created_at', [userId]);
+        return result.rows.map((row) => mapPasskey(row));
+    }
+    async createSession(session) {
+        await this.pool.query(`insert into vault_sessions (id, user_id, csrf_token, expires_at) values ($1, $2, $3, $4)`, [session.id, session.userId, session.csrfToken, session.expiresAt]);
+    }
+    async getSession(id) {
+        const result = await this.pool.query('select * from vault_sessions where id = $1 and expires_at > now()', [id]);
+        return result.rows[0] ? mapSession(result.rows[0]) : null;
+    }
+    async deleteSession(id) {
+        await this.pool.query('delete from vault_sessions where id = $1', [id]);
+    }
+    async createApplication(record) {
+        await this.pool.query('insert into vault_applications (id, name, description, created_at) values ($1, $2, $3, $4)', [record.id, record.name, record.description, record.createdAt]);
+    }
+    async listApplications() {
+        const result = await this.pool.query('select * from vault_applications order by name');
+        return result.rows.map((row) => mapApplication(row));
+    }
+    async createGroup(record) {
+        await this.pool.query('insert into vault_groups (id, application_id, name, created_at) values ($1, $2, $3, $4)', [record.id, record.applicationId, record.name, record.createdAt]);
+    }
+    async listGroups(applicationId) {
+        const result = await this.pool.query('select * from vault_groups where application_id = $1 order by name', [applicationId]);
+        return result.rows.map((row) => mapGroup(row));
+    }
+    async createProfile(record) {
+        await this.pool.query('insert into vault_profiles (id, group_id, name, active_version_id, created_at) values ($1, $2, $3, $4, $5)', [record.id, record.groupId, record.name, record.activeVersionId, record.createdAt]);
+    }
+    async getProfile(id) {
+        const result = await this.pool.query('select * from vault_profiles where id = $1', [id]);
+        return result.rows[0] ? mapProfile(result.rows[0]) : null;
+    }
+    async listProfiles(groupId) {
+        const result = await this.pool.query('select * from vault_profiles where group_id = $1 order by name', [groupId]);
+        return result.rows.map((row) => mapProfile(row));
+    }
+    async createPlugin(record) {
+        await this.pool.query(`insert into vault_plugin_catalog
+       (id, org, name, plugin_id, package_name, version, kind, source, config_schema, event_schema, created_at)
+       values ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11)`, [
+            record.id,
+            record.org,
+            record.name,
+            record.pluginId,
+            record.packageName,
+            record.version,
+            record.kind,
+            record.source,
+            record.configSchema,
+            record.eventSchema,
+            record.createdAt,
+        ]);
+    }
+    async listPlugins() {
+        const result = await this.pool.query('select * from vault_plugin_catalog order by org, name, version');
+        return result.rows.map((row) => mapPlugin(row));
+    }
+    async upsertDraft(record) {
+        await this.pool.query(`insert into vault_config_drafts (id, profile_id, encrypted_payload, iv, auth_tag, key_version, updated_at)
+       values ($1, $2, $3, $4, $5, $6, $7)
+       on conflict (profile_id) do update set
+         encrypted_payload = excluded.encrypted_payload,
+         iv = excluded.iv,
+         auth_tag = excluded.auth_tag,
+         key_version = excluded.key_version,
+         updated_at = excluded.updated_at`, [record.id, record.profileId, record.encryptedPayload, record.iv, record.authTag, record.keyVersion, record.updatedAt]);
+    }
+    async getDraft(profileId) {
+        const result = await this.pool.query('select * from vault_config_drafts where profile_id = $1', [profileId]);
+        return result.rows[0] ? mapDraft(result.rows[0]) : null;
+    }
+    async createVersion(record) {
+        await this.pool.query(`insert into vault_config_versions
+       (id, profile_id, version, encrypted_payload, iv, auth_tag, key_version, published_at, published_by)
+       values ($1, $2, $3, $4, $5, $6, $7, $8, $9)`, [
+            record.id,
+            record.profileId,
+            record.version,
+            record.encryptedPayload,
+            record.iv,
+            record.authTag,
+            record.keyVersion,
+            record.publishedAt,
+            record.publishedBy,
+        ]);
+        await this.pool.query('update vault_profiles set active_version_id = $1 where id = $2', [record.id, record.profileId]);
+    }
+    async nextVersion(profileId) {
+        const result = await this.pool.query('select (coalesce(max(version), 0) + 1)::text as next from vault_config_versions where profile_id = $1', [profileId]);
+        return Number(result.rows[0]?.next ?? '1');
+    }
+    async getVersion(id) {
+        const result = await this.pool.query('select * from vault_config_versions where id = $1', [id]);
+        return result.rows[0] ? mapVersion(result.rows[0]) : null;
+    }
+    async createRuntimeKey(record) {
+        await this.pool.query(`insert into vault_runtime_keys
+       (id, name, secret_hash, application_id, group_id, profile_id, container_name, config_plugin_id, revoked_at, created_at)
+       values ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10)`, [
+            record.id,
+            record.name,
+            record.secretHash,
+            record.applicationId,
+            record.groupId,
+            record.profileId,
+            record.containerName,
+            record.configPluginId,
+            record.revokedAt,
+            record.createdAt,
+        ]);
+    }
+    async getRuntimeKey(id) {
+        const result = await this.pool.query('select * from vault_runtime_keys where id = $1 and revoked_at is null', [id]);
+        return result.rows[0] ? mapRuntimeKey(result.rows[0]) : null;
+    }
+    async listRuntimeKeys(profileId) {
+        const result = profileId
+            ? await this.pool.query('select * from vault_runtime_keys where profile_id = $1 order by created_at desc', [profileId])
+            : await this.pool.query('select * from vault_runtime_keys order by created_at desc');
+        return result.rows.map((row) => mapRuntimeKey(row));
+    }
+    async revokeRuntimeKey(id) {
+        await this.pool.query('update vault_runtime_keys set revoked_at = now() where id = $1', [id]);
+    }
+    async resolveRuntimeBinding(keyId) {
+        const result = await this.pool.query(`select
+         rk.*,
+         row_to_json(a.*) as application,
+         row_to_json(g.*) as service_group,
+         row_to_json(p.*) as profile
+       from vault_runtime_keys rk
+       join vault_applications a on a.id = rk.application_id
+       join vault_groups g on g.id = rk.group_id
+       join vault_profiles p on p.id = rk.profile_id
+       where rk.id = $1 and rk.revoked_at is null`, [keyId]);
+        const row = result.rows[0];
+        if (!row)
+            return null;
+        return {
+            key: mapRuntimeKey(row),
+            application: mapApplication(row.application),
+            group: mapGroup(row.service_group),
+            profile: mapProfile(row.profile),
+        };
+    }
+    async audit(record) {
+        await this.pool.query('insert into vault_audit_log (id, actor, action, target, details, created_at) values ($1, $2, $3, $4, $5, $6)', [record.id, record.actor, record.action, record.target, record.details, record.createdAt]);
+    }
+}
+function iso(value) {
+    return value instanceof Date ? value.toISOString() : String(value);
+}
+function mapUser(row) {
+    return {
+        id: String(row.id),
+        email: String(row.email),
+        passwordHash: String(row.password_hash),
+        totpSecret: String(row.totp_secret),
+        passkeyRequired: Boolean(row.passkey_required),
+        createdAt: iso(row.created_at),
+        updatedAt: iso(row.updated_at),
+    };
+}
+function mapPasskey(row) {
+    return {
+        id: String(row.id),
+        userId: String(row.user_id),
+        credentialId: String(row.credential_id),
+        publicKey: row.public_key,
+        signCount: Number(row.sign_count),
+        createdAt: iso(row.created_at),
+    };
+}
+function mapSession(row) {
+    return {
+        id: String(row.id),
+        userId: String(row.user_id),
+        csrfToken: String(row.csrf_token),
+        expiresAt: iso(row.expires_at),
+    };
+}
+function mapApplication(row) {
+    return {
+        id: String(row.id),
+        name: String(row.name),
+        description: row.description === null ? null : String(row.description),
+        createdAt: iso(row.created_at),
+    };
+}
+function mapGroup(row) {
+    return {
+        id: String(row.id),
+        applicationId: String(row.application_id),
+        name: String(row.name),
+        createdAt: iso(row.created_at),
+    };
+}
+function mapProfile(row) {
+    return {
+        id: String(row.id),
+        groupId: String(row.group_id),
+        name: String(row.name),
+        activeVersionId: row.active_version_id === null ? null : String(row.active_version_id),
+        createdAt: iso(row.created_at),
+    };
+}
+function mapPlugin(row) {
+    return {
+        id: String(row.id),
+        org: String(row.org),
+        name: String(row.name),
+        pluginId: String(row.plugin_id),
+        packageName: row.package_name === null ? null : String(row.package_name),
+        version: String(row.version),
+        kind: row.kind,
+        source: row.source,
+        configSchema: row.config_schema === null ? null : row.config_schema,
+        eventSchema: row.event_schema === null ? null : row.event_schema,
+        createdAt: iso(row.created_at),
+    };
+}
+function mapDraft(row) {
+    return {
+        id: String(row.id),
+        profileId: String(row.profile_id),
+        encryptedPayload: String(row.encrypted_payload),
+        iv: String(row.iv),
+        authTag: String(row.auth_tag),
+        keyVersion: String(row.key_version),
+        updatedAt: iso(row.updated_at),
+    };
+}
+function mapVersion(row) {
+    return {
+        id: String(row.id),
+        profileId: String(row.profile_id),
+        version: Number(row.version),
+        encryptedPayload: String(row.encrypted_payload),
+        iv: String(row.iv),
+        authTag: String(row.auth_tag),
+        keyVersion: String(row.key_version),
+        publishedAt: iso(row.published_at),
+        publishedBy: String(row.published_by),
+    };
+}
+function mapRuntimeKey(row) {
+    return {
+        id: String(row.id),
+        name: String(row.name),
+        secretHash: String(row.secret_hash),
+        applicationId: String(row.application_id),
+        groupId: String(row.group_id),
+        profileId: String(row.profile_id),
+        containerName: row.container_name === null ? null : String(row.container_name),
+        configPluginId: String(row.config_plugin_id),
+        revokedAt: row.revoked_at === null ? null : iso(row.revoked_at),
+        createdAt: iso(row.created_at),
+    };
+}
+//# sourceMappingURL=store.js.map

package/lib/plugins/service-config-vault/store.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"store.js","sourceRoot":"","sources":["../../../src/plugins/service-config-vault/store.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,IAAI,CAAC;AAe1B,MAAM,OAAO,UAAU;IACJ,IAAI,CAAO;IAE5B,YAAY,WAAmB;QAC7B,IAAI,CAAC,IAAI,GAAG,IAAI,IAAI,CAAC,EAAE,gBAAgB,EAAE,WAAW,EAAE,CAAC,CAAC;IAC1D,CAAC;IAED,KAAK,CAAC,KAAK;QACT,MAAM,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;IACxB,CAAC;IAED,KAAK,CAAC,IAAI;QACR,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;KAqGrB,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,WAAW;QACf,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CAAoB,iDAAiD,CAAC,CAAC;QAC3G,OAAO,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,KAAK,IAAI,GAAG,CAAC,CAAC;IAC9C,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,IAAgB;QAC/B,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CACnB;2CACqC,EACrC,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,YAAY,EAAE,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,eAAe,EAAE,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,SAAS,CAAC,CAChH,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,KAAa;QAChC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,4CAA4C,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC;QAC5F,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAU,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAClE,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,EAAU;QACtB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,yCAAyC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;QACtF,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAU,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAClE,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,OAAsB;QACxC,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CACnB;uCACiC,EACjC,CAAC,OAAO,CAAC,EAAE,EAAE,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,YAAY,EAAE,OAAO,CAAC,SAAS,EAAE,OAAO,CAAC,SAAS,EAAE,OAAO,CAAC,SAAS,CAAC,CAC5G,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,MAAc;QAC/B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,qEAAqE,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC;QACtH,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,UAAU,CAAC,GAAY,CAAC,CAAC,CAAC;IAC5D,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,OAAsB;QACxC,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CACnB,0FAA0F,EAC1F,CAAC,OAAO,CAAC,EAAE,EAAE,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,SAAS,EAAE,OAAO,CAAC,SAAS,CAAC,CACnE,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,EAAU;QACzB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,mEAAmE,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;QAChH,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAU,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IACrE,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,EAAU;QAC5B,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,0CAA0C,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;IAC1E,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,MAAyB;QAC/C,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CACnB,4FAA4F,EAC5F,CAAC,MAAM,CAAC,EAAE,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,WAAW,EAAE,MAAM,CAAC,SAAS,CAAC,CAC/D,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,gBAAgB;QACpB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,gDAAgD,CAAC,CAAC;QACvF,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,cAAc,CAAC,GAAY,CAAC,CAAC,CAAC;IAChE,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,MAAmB;QACnC,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CACnB,yFAAyF,EACzF,CAAC,MAAM,CAAC,EAAE,EAAE,MAAM,CAAC,aAAa,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,SAAS,CAAC,CACjE,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,aAAqB;QACpC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,oEAAoE,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC;QAC5H,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,QAAQ,CAAC,GAAY,CAAC,CAAC,CAAC;IAC1D,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,MAAqB;QACvC,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CACnB,4GAA4G,EAC5G,CAAC,MAAM,CAAC,EAAE,EAAE,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,eAAe,EAAE,MAAM,CAAC,SAAS,CAAC,CACnF,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,EAAU;QACzB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,4CAA4C,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;QACzF,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAU,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IACrE,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,OAAe;QAChC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,gEAAgE,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC;QAClH,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,UAAU,CAAC,GAAY,CAAC,CAAC,CAAC;IAC5D,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,MAA2B;QAC5C,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CACnB;;6DAEuD,EACvD;YACE,MAAM,CAAC,EAAE;YACT,MAAM,CAAC,GAAG;YACV,MAAM,CAAC,IAAI;YACX,MAAM,CAAC,QAAQ;YACf,MAAM,CAAC,WAAW;YAClB,MAAM,CAAC,OAAO;YACd,MAAM,CAAC,IAAI;YACX,MAAM,CAAC,MAAM;YACb,MAAM,CAAC,YAAY;YACnB,MAAM,CAAC,WAAW;YAClB,MAAM,CAAC,SAAS;SACjB,CACF,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,WAAW;QACf,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,gEAAgE,CAAC,CAAC;QACvG,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,SAAS,CAAC,GAAY,CAAC,CAAC,CAAC;IAC3D,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,MAAyB;QACzC,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CACnB;;;;;;;0CAOoC,EACpC,CAAC,MAAM,CAAC,EAAE,EAAE,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,gBAAgB,EAAE,MAAM,CAAC,EAAE,EAAE,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,SAAS,CAAC,CACvH,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,SAAiB;QAC9B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,yDAAyD,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC;QAC7G,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAU,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IACnE,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,MAA2B;QAC7C,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CACnB;;mDAE6C,EAC7C;YACE,MAAM,CAAC,EAAE;YACT,MAAM,CAAC,SAAS;YAChB,MAAM,CAAC,OAAO;YACd,MAAM,CAAC,gBAAgB;YACvB,MAAM,CAAC,EAAE;YACT,MAAM,CAAC,OAAO;YACd,MAAM,CAAC,UAAU;YACjB,MAAM,CAAC,WAAW;YAClB,MAAM,CAAC,WAAW;SACnB,CACF,CAAC;QACF,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,gEAAgE,EAAE,CAAC,MAAM,CAAC,EAAE,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC;IACzH,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,SAAiB;QACjC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CAClC,uGAAuG,EACvG,CAAC,SAAS,CAAC,CACZ,CAAC;QACF,OAAO,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,IAAI,GAAG,CAAC,CAAC;IAC7C,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,EAAU;QACzB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,mDAAmD,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;QAChG,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAU,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IACrE,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,MAAwB;QAC7C,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CACnB;;wDAEkD,EAClD;YACE,MAAM,CAAC,EAAE;YACT,MAAM,CAAC,IAAI;YACX,MAAM,CAAC,UAAU;YACjB,MAAM,CAAC,aAAa;YACpB,MAAM,CAAC,OAAO;YACd,MAAM,CAAC,SAAS;YAChB,MAAM,CAAC,aAAa;YACpB,MAAM,CAAC,cAAc;YACrB,MAAM,CAAC,SAAS;YAChB,MAAM,CAAC,SAAS;SACjB,CACF,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,EAAU;QAC5B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,uEAAuE,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;QACpH,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAU,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IACxE,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,SAAkB;QACtC,MAAM,MAAM,GAAG,SAAS;YACtB,CAAC,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,iFAAiF,EAAE,CAAC,SAAS,CAAC,CAAC;YACvH,CAAC,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,2DAA2D,CAAC,CAAC;QACvF,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,aAAa,CAAC,GAAY,CAAC,CAAC,CAAC;IAC/D,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,EAAU;QAC/B,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,gEAAgE,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;IAChG,CAAC;IAED,KAAK,CAAC,qBAAqB,CAAC,KAAa;QAMvC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CAClC;;;;;;;;;kDAS4C,EAC5C,CAAC,KAAK,CAAC,CACR,CAAC;QACF,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAsB,CAAC;QAChD,IAAI,CAAC,GAAG;YAAE,OAAO,IAAI,CAAC;QACtB,OAAO;YACL,GAAG,EAAE,aAAa,CAAC,GAAG,CAAC;YACvB,WAAW,EAAE,cAAc,CAAC,GAAG,CAAC,WAAoB,CAAC;YACrD,KAAK,EAAE,QAAQ,CAAC,GAAG,CAAC,aAAsB,CAAC;YAC3C,OAAO,EAAE,UAAU,CAAC,GAAG,CAAC,OAAgB,CAAC;SAC1C,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,MAAmB;QAC7B,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CACnB,8GAA8G,EAC9G,CAAC,MAAM,CAAC,EAAE,EAAE,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,SAAS,CAAC,CAC1F,CAAC;IACJ,CAAC;CACF;AAID,SAAS,GAAG,CAAC,KAAc;IACzB,OAAO,KAAK,YAAY,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACrE,CAAC;AAED,SAAS,OAAO,CAAC,GAAU;IACzB,OAAO;QACL,EAAE,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;QAClB,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC;QACxB,YAAY,EAAE,MAAM,CAAC,GAAG,CAAC,aAAa,CAAC;QACvC,UAAU,EAAE,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC;QACnC,eAAe,EAAE,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC;QAC9C,SAAS,EAAE,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC;QAC9B,SAAS,EAAE,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC;KAC/B,CAAC;AACJ,CAAC;AAED,SAAS,UAAU,CAAC,GAAU;IAC5B,OAAO;QACL,EAAE,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;QAClB,MAAM,EAAE,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC;QAC3B,YAAY,EAAE,MAAM,CAAC,GAAG,CAAC,aAAa,CAAC;QACvC,SAAS,EAAE,GAAG,CAAC,UAAqC;QACpD,SAAS,EAAE,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC;QACjC,SAAS,EAAE,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC;KAC/B,CAAC;AACJ,CAAC;AAED,SAAS,UAAU,CAAC,GAAU;IAC5B,OAAO;QACL,EAAE,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;QAClB,MAAM,EAAE,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC;QAC3B,SAAS,EAAE,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC;QACjC,SAAS,EAAE,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC;KAC/B,CAAC;AACJ,CAAC;AAED,SAAS,cAAc,CAAC,GAAU;IAChC,OAAO;QACL,EAAE,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;QAClB,IAAI,EAAE,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC;QACtB,WAAW,EAAE,GAAG,CAAC,WAAW,KAAK,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC;QACtE,SAAS,EAAE,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC;KAC/B,CAAC;AACJ,CAAC;AAED,SAAS,QAAQ,CAAC,GAAU;IAC1B,OAAO;QACL,EAAE,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;QAClB,aAAa,EAAE,MAAM,CAAC,GAAG,CAAC,cAAc,CAAC;QACzC,IAAI,EAAE,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC;QACtB,SAAS,EAAE,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC;KAC/B,CAAC;AACJ,CAAC;AAED,SAAS,UAAU,CAAC,GAAU;IAC5B,OAAO;QACL,EAAE,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;QAClB,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC;QAC7B,IAAI,EAAE,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC;QACtB,eAAe,EAAE,GAAG,CAAC,iBAAiB,KAAK,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,iBAAiB,CAAC;QACtF,SAAS,EAAE,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC;KAC/B,CAAC;AACJ,CAAC;AAED,SAAS,SAAS,CAAC,GAAU;IAC3B,OAAO;QACL,EAAE,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;QAClB,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;QACpB,IAAI,EAAE,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC;QACtB,QAAQ,EAAE,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC;QAC/B,WAAW,EAAE,GAAG,CAAC,YAAY,KAAK,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC;QACxE,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC;QAC5B,IAAI,EAAE,GAAG,CAAC,IAAmC;QAC7C,MAAM,EAAE,GAAG,CAAC,MAAuC;QACnD,YAAY,EAAE,GAAG,CAAC,aAAa,KAAK,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,aAAwC;QAC9F,WAAW,EAAE,GAAG,CAAC,YAAY,KAAK,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,YAAuC;QAC3F,SAAS,EAAE,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC;KAC/B,CAAC;AACJ,CAAC;AAED,SAAS,QAAQ,CAAC,GAAU;IAC1B,OAAO;QACL,EAAE,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;QAClB,SAAS,EAAE,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC;QACjC,gBAAgB,EAAE,MAAM,CAAC,GAAG,CAAC,iBAAiB,CAAC;QAC/C,EAAE,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;QAClB,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC;QAC7B,UAAU,EAAE,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC;QACnC,SAAS,EAAE,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC;KAC/B,CAAC;AACJ,CAAC;AAED,SAAS,UAAU,CAAC,GAAU;IAC5B,OAAO;QACL,EAAE,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;QAClB,SAAS,EAAE,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC;QACjC,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC;QAC5B,gBAAgB,EAAE,MAAM,CAAC,GAAG,CAAC,iBAAiB,CAAC;QAC/C,EAAE,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;QAClB,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC;QAC7B,UAAU,EAAE,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC;QACnC,WAAW,EAAE,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC;QAClC,WAAW,EAAE,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC;KACtC,CAAC;AACJ,CAAC;AAED,SAAS,aAAa,CAAC,GAAU;IAC/B,OAAO;QACL,EAAE,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;QAClB,IAAI,EAAE,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC;QACtB,UAAU,EAAE,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC;QACnC,aAAa,EAAE,MAAM,CAAC,GAAG,CAAC,cAAc,CAAC;QACzC,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC;QAC7B,SAAS,EAAE,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC;QACjC,aAAa,EAAE,GAAG,CAAC,cAAc,KAAK,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,cAAc,CAAC;QAC9E,cAAc,EAAE,MAAM,CAAC,GAAG,CAAC,gBAAgB,CAAC;QAC5C,SAAS,EAAE,GAAG,CAAC,UAAU,KAAK,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC;QAC/D,SAAS,EAAE,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC;KAC/B,CAAC;AACJ,CAAC"}

package/lib/plugins/service-config-vault/types.d.ts

@@ -0,0 +1,127 @@
+export type PluginKind = 'service' | 'events' | 'observable' | 'config';
+export type PluginSource = 'registry' | 'manual' | 'upload';
+export interface RuntimeConfigDefinition {
+    observable?: Record<string, RuntimePluginDefinition>;
+    events?: Record<string, RuntimePluginDefinition>;
+    services?: Record<string, RuntimePluginDefinition>;
+}
+export interface RuntimePluginDefinition {
+    plugin: string;
+    package?: string;
+    version?: string;
+    enabled: boolean;
+    filter?: string[];
+    config?: Record<string, unknown>;
+}
+export type VaultRuntimeConfig = Record<string, RuntimeConfigDefinition>;
+export interface UserRecord {
+    id: string;
+    email: string;
+    passwordHash: string;
+    totpSecret: string;
+    passkeyRequired: boolean;
+    createdAt: string;
+    updatedAt: string;
+}
+export interface SessionRecord {
+    id: string;
+    userId: string;
+    csrfToken: string;
+    expiresAt: string;
+}
+export interface PasskeyRecord {
+    id: string;
+    userId: string;
+    credentialId: string;
+    publicKey: Record<string, unknown>;
+    signCount: number;
+    createdAt: string;
+}
+export interface ApplicationRecord {
+    id: string;
+    name: string;
+    description: string | null;
+    createdAt: string;
+}
+export interface GroupRecord {
+    id: string;
+    applicationId: string;
+    name: string;
+    createdAt: string;
+}
+export interface ProfileRecord {
+    id: string;
+    groupId: string;
+    name: string;
+    activeVersionId: string | null;
+    createdAt: string;
+}
+export interface PluginCatalogRecord {
+    id: string;
+    org: string;
+    name: string;
+    pluginId: string;
+    packageName: string | null;
+    version: string;
+    kind: PluginKind;
+    source: PluginSource;
+    configSchema: Record<string, unknown> | null;
+    eventSchema: Record<string, unknown> | null;
+    createdAt: string;
+}
+export interface ConfigDraftRecord {
+    id: string;
+    profileId: string;
+    encryptedPayload: string;
+    iv: string;
+    authTag: string;
+    keyVersion: string;
+    updatedAt: string;
+}
+export interface ConfigVersionRecord {
+    id: string;
+    profileId: string;
+    version: number;
+    encryptedPayload: string;
+    iv: string;
+    authTag: string;
+    keyVersion: string;
+    publishedAt: string;
+    publishedBy: string;
+}
+export interface RuntimeKeyRecord {
+    id: string;
+    name: string;
+    secretHash: string;
+    applicationId: string;
+    groupId: string;
+    profileId: string;
+    containerName: string | null;
+    configPluginId: string;
+    revokedAt: string | null;
+    createdAt: string;
+}
+export interface AuditRecord {
+    id: string;
+    actor: string;
+    action: string;
+    target: string;
+    details: Record<string, unknown>;
+    createdAt: string;
+}
+export interface ResolvedRuntimeConfig {
+    application: string;
+    group: string;
+    profile: string;
+    version: number;
+    config: VaultRuntimeConfig;
+}
+export interface FirstAdminInput {
+    setupCode: string;
+    email: string;
+    password: string;
+    totpCode: string;
+    passkeyName?: string;
+    passkeyCredential?: Record<string, unknown>;
+}
+//# sourceMappingURL=types.d.ts.map

package/lib/plugins/service-config-vault/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/plugins/service-config-vault/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,UAAU,GAAG,SAAS,GAAG,QAAQ,GAAG,YAAY,GAAG,QAAQ,CAAC;AACxE,MAAM,MAAM,YAAY,GAAG,UAAU,GAAG,QAAQ,GAAG,QAAQ,CAAC;AAE5D,MAAM,WAAW,uBAAuB;IACtC,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,uBAAuB,CAAC,CAAC;IACrD,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,uBAAuB,CAAC,CAAC;IACjD,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,uBAAuB,CAAC,CAAC;CACpD;AAED,MAAM,WAAW,uBAAuB;IACtC,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAClC;AAED,MAAM,MAAM,kBAAkB,GAAG,MAAM,CAAC,MAAM,EAAE,uBAAuB,CAAC,CAAC;AAEzE,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,eAAe,EAAE,OAAO,CAAC;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnC,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,iBAAiB;IAChC,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,WAAW;IAC1B,EAAE,EAAE,MAAM,CAAC;IACX,aAAa,EAAE,MAAM,CAAC;IACtB,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,eAAe,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,mBAAmB;IAClC,EAAE,EAAE,MAAM,CAAC;IACX,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,UAAU,CAAC;IACjB,MAAM,EAAE,YAAY,CAAC;IACrB,YAAY,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IAC7C,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IAC5C,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,iBAAiB;IAChC,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,gBAAgB,EAAE,MAAM,CAAC;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,mBAAmB;IAClC,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,gBAAgB,EAAE,MAAM,CAAC;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,gBAAgB;IAC/B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,EAAE,MAAM,CAAC;IACtB,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,WAAW;IAC1B,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACjC,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,qBAAqB;IACpC,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,kBAAkB,CAAC;CAC5B;AAED,MAAM,WAAW,eAAe;IAC9B,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,iBAAiB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAC7C"}

package/lib/plugins/service-config-vault/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/lib/plugins/service-config-vault/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/plugins/service-config-vault/types.ts"],"names":[],"mappings":""}

package/lib/plugins/service-config-vault/vault.d.ts

@@ -0,0 +1,52 @@
+import type { Observable } from '@bsb/base';
+import { type PasskeyVerifier } from './passkeys.js';
+import { VaultStore } from './store.js';
+import type { ApplicationRecord, FirstAdminInput, GroupRecord, PluginCatalogRecord, ProfileRecord, ResolvedRuntimeConfig, RuntimeKeyRecord, VaultRuntimeConfig } from './types.js';
+export interface VaultServiceOptions {
+    store: VaultStore;
+    masterKey: Buffer;
+    setupCode: string;
+    passkeys?: PasskeyVerifier;
+}
+export declare class VaultService {
+    private readonly store;
+    private readonly masterKey;
+    private readonly setupCode;
+    private readonly passkeys;
+    constructor(options: VaultServiceOptions);
+    setupRequired(): Promise<boolean>;
+    createFirstAdmin(input: FirstAdminInput): Promise<void>;
+    login(email: string, password: string, totpCode: string, passkeyCredential?: Record<string, unknown>): Promise<{
+        sessionId: string;
+        csrfToken: string;
+    }>;
+    logout(sessionId: string): Promise<void>;
+    requireSession(sessionId?: string): Promise<{
+        userId: string;
+        csrfToken: string;
+    }>;
+    createApplication(userId: string, name: string, description?: string): Promise<ApplicationRecord>;
+    createGroup(userId: string, applicationId: string, name: string): Promise<GroupRecord>;
+    createProfile(userId: string, groupId: string, name: string): Promise<ProfileRecord>;
+    createPlugin(userId: string, input: Omit<PluginCatalogRecord, 'id' | 'createdAt'>): Promise<PluginCatalogRecord>;
+    saveDraft(userId: string, profileId: string, config: VaultRuntimeConfig): Promise<void>;
+    publishDraft(userId: string, profileId: string): Promise<{
+        versionId: string;
+        version: number;
+    }>;
+    createRuntimeKey(userId: string, input: Pick<RuntimeKeyRecord, 'name' | 'applicationId' | 'groupId' | 'profileId' | 'containerName' | 'configPluginId'>): Promise<{
+        keyId: string;
+        secret: string;
+    }>;
+    resolveRuntimeConfig(keyId: string, secret: string, obs?: Observable): Promise<ResolvedRuntimeConfig>;
+    dashboard(): Promise<{
+        setupRequired: boolean;
+        applications: ApplicationRecord[];
+        plugins: PluginCatalogRecord[];
+        runtimeKeys: RuntimeKeyRecord[];
+    }>;
+    groups(applicationId: string): Promise<GroupRecord[]>;
+    profiles(groupId: string): Promise<ProfileRecord[]>;
+    private audit;
+}
+//# sourceMappingURL=vault.d.ts.map

package/lib/plugins/service-config-vault/vault.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"vault.d.ts","sourceRoot":"","sources":["../../../src/plugins/service-config-vault/vault.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAE5C,OAAO,EAAuB,KAAK,eAAe,EAAE,MAAM,eAAe,CAAC;AAC1E,OAAO,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AACxC,OAAO,KAAK,EACV,iBAAiB,EACjB,eAAe,EACf,WAAW,EACX,mBAAmB,EACnB,aAAa,EACb,qBAAqB,EACrB,gBAAgB,EAChB,kBAAkB,EACnB,MAAM,YAAY,CAAC;AAEpB,MAAM,WAAW,mBAAmB;IAClC,KAAK,EAAE,UAAU,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,eAAe,CAAC;CAC5B;AAED,qBAAa,YAAY;IACvB,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAa;IACnC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAS;IACnC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAS;IACnC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAkB;gBAE/B,OAAO,EAAE,mBAAmB;IAOlC,aAAa,IAAI,OAAO,CAAC,OAAO,CAAC;IAIjC,gBAAgB,CAAC,KAAK,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC;IA2CvD,KAAK,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,iBAAiB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC;QAAE,SAAS,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAE,CAAC;IA2BxJ,MAAM,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAIxC,cAAc,CAAC,SAAS,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAE,CAAC;IAOlF,iBAAiB,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,WAAW,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,CAAC;IAYjG,WAAW,CAAC,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC;IAYtF,aAAa,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC;IAapF,YAAY,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,CAAC,mBAAmB,EAAE,IAAI,GAAG,WAAW,CAAC,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAWhH,SAAS,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,kBAAkB,GAAG,OAAO,CAAC,IAAI,CAAC;IAWvF,YAAY,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,SAAS,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC;IAoBhG,gBAAgB,CACpB,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,IAAI,CAAC,gBAAgB,EAAE,MAAM,GAAG,eAAe,GAAG,SAAS,GAAG,WAAW,GAAG,eAAe,GAAG,gBAAgB,CAAC,GACrH,OAAO,CAAC;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC;IAmBvC,oBAAoB,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,CAAC,EAAE,UAAU,GAAG,OAAO,CAAC,qBAAqB,CAAC;IAwCrG,SAAS,IAAI,OAAO,CAAC;QACzB,aAAa,EAAE,OAAO,CAAC;QACvB,YAAY,EAAE,iBAAiB,EAAE,CAAC;QAClC,OAAO,EAAE,mBAAmB,EAAE,CAAC;QAC/B,WAAW,EAAE,gBAAgB,EAAE,CAAC;KACjC,CAAC;IASI,MAAM,CAAC,aAAa,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;IAIrD,QAAQ,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,EAAE,CAAC;YAI3C,KAAK;CAUpB"}