@bunbase-ae/js 2.10.1-next.252.6c5a17b → 2.10.1-next.253.19f24dd

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/package.json +1 -1
  2. package/src/admin.ts +17 -6
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@bunbase-ae/js",
3
- "version": "2.10.1-next.252.6c5a17b",
3
+ "version": "2.10.1-next.253.19f24dd",
4
4
  "type": "module",
5
5
  "description": "TypeScript/JavaScript SDK for BunBase",
6
6
  "license": "UNLICENSED",
package/src/admin.ts CHANGED
@@ -301,14 +301,25 @@ export interface ServerSettings {
301
301
  // storage tiers handled out-of-band (e.g. S3 versioning).
302
302
  backup_include_storage?: boolean;
303
303
  // Phase 2 (#350): when true, every backup also captures an AES-256-GCM
304
- // encrypted bundle of secret env vars under `backup_env_passphrase`.
305
- // Default false opt-in. Passphrase loss is unrecoverable for the env
306
- // restore path; DB+storage still restore without it.
304
+ // encrypted bundle of secret env vars. The passphrase used to encrypt the
305
+ // bundle is sourced from the `BACKUP_ENV_PASSPHRASE` environment variable
306
+ // on the BunBase host (see `backup_env_passphrase_source` below for the
307
+ // read-only set/unset indicator). Default false — opt-in. Passphrase loss
308
+ // is unrecoverable for the env restore path; DB+storage still restore
309
+ // without it.
307
310
  backup_include_env?: boolean;
308
- // Operator-provided passphrase for `backup_include_env`. Must be at least
309
- // 32 chars. Returned as the redacted sentinel ("********") on read once
310
- // #379 lands.
311
+ /**
312
+ * @deprecated Removed in #402. The env-bundle passphrase is sourced from
313
+ * the `BACKUP_ENV_PASSPHRASE` environment variable only — never from
314
+ * `_settings`, never via this API. Setting this field via the admin API
315
+ * is silently ignored. Use `backup_env_passphrase_source` to read whether
316
+ * the env var is set on the BunBase host.
317
+ */
311
318
  backup_env_passphrase?: string;
319
+ // Read-only indicator (#402). `"env_set"` means BACKUP_ENV_PASSPHRASE is
320
+ // present in the BunBase host's process environment; `"env_unset"` means
321
+ // it is missing — encrypted env-bundle capture will skip with a warn log.
322
+ backup_env_passphrase_source?: "env_set" | "env_unset";
312
323
  server_timezone?: string;
313
324
  server_locale?: string;
314
325
  access_log_level?: "info" | "warn" | "error";