@caplets/core 0.25.0 → 0.26.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/caplet-source.js +26 -23
- package/dist/cli/auth.d.ts +1 -0
- package/dist/cli/commands.d.ts +6 -1
- package/dist/cli/doctor.d.ts +1 -0
- package/dist/cli/vault.d.ts +7 -0
- package/dist/cloud/client.d.ts +59 -0
- package/dist/code-mode/platform-runtime.generated.d.ts +1 -1
- package/dist/code-mode.js +6 -6
- package/dist/{completion-DrPr2vYw.js → completion-DaYL-XQN.js} +28 -12
- package/dist/config-runtime.js +2 -2
- package/dist/config.d.ts +39 -6
- package/dist/daemon/validation.d.ts +1 -0
- package/dist/engine.d.ts +6 -2
- package/dist/generated-tool-input-schema.js +1 -1
- package/dist/index.js +517 -58
- package/dist/native.js +1 -1
- package/dist/observed-output-shapes/pure.js +1 -1
- package/dist/{observed-output-shapes-D2k2-q8K.js → observed-output-shapes-DuP7mJQf.js} +1 -1
- package/dist/observed-output-shapes.js +1 -1
- package/dist/remote-control/types.d.ts +1 -1
- package/dist/{schemas-C0PNPwjS.js → schemas-BoqMu4MG.js} +11 -8
- package/dist/{service-DjwB8aiW.js → service-rvZ7z6FI.js} +790 -110
- package/dist/{validation-DgxCzt-A.js → validation-C4tYXw6G.js} +1 -1
- package/dist/vault/access.d.ts +5 -0
- package/dist/vault/crypto.d.ts +19 -0
- package/dist/vault/index.d.ts +40 -0
- package/dist/vault/keys.d.ts +15 -0
- package/dist/vault/store.d.ts +4 -0
- package/dist/vault/types.d.ts +68 -0
- package/package.json +1 -1
|
@@ -113,7 +113,7 @@ function errorResult(error, fallback) {
|
|
|
113
113
|
const SERVER_ID_PATTERN = /^[a-zA-Z0-9_-]{1,64}$/;
|
|
114
114
|
const HEADER_NAME_PATTERN = /^[!#$%&'*+\-.^_`|~0-9A-Za-z]+$/;
|
|
115
115
|
const HTTP_BASE_URL_PATTERN = /^(?![a-zA-Z][a-zA-Z0-9+.-]*:\/\/[^/?#]*@)[^?#]*$/;
|
|
116
|
-
const FORBIDDEN_HEADERS = new Set([
|
|
116
|
+
const FORBIDDEN_HEADERS = /* @__PURE__ */ new Set([
|
|
117
117
|
"accept",
|
|
118
118
|
"authorization",
|
|
119
119
|
"connection",
|
|
@@ -0,0 +1,5 @@
|
|
|
1
|
+
import type { VaultAccessGrant, VaultAccessGrantFilter, VaultAccessGrantInput, VaultConfigOrigin } from "./types";
|
|
2
|
+
export declare function normalizeVaultGrant(input: VaultAccessGrantInput): VaultAccessGrant;
|
|
3
|
+
export declare function upsertVaultGrant(grants: VaultAccessGrant[], input: VaultAccessGrantInput): VaultAccessGrant[];
|
|
4
|
+
export declare function filterVaultGrants(grants: VaultAccessGrant[], filter?: VaultAccessGrantFilter): VaultAccessGrant[];
|
|
5
|
+
export declare function sameOrigin(left: VaultConfigOrigin, right: VaultConfigOrigin): boolean;
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
import { Buffer } from "node:buffer";
|
|
2
|
+
export type VaultEncryptedRecord = {
|
|
3
|
+
version: 1;
|
|
4
|
+
algorithm: "aes-256-gcm";
|
|
5
|
+
nonce: string;
|
|
6
|
+
ciphertext: string;
|
|
7
|
+
authTag: string;
|
|
8
|
+
valueBytes: number;
|
|
9
|
+
createdAt: string;
|
|
10
|
+
updatedAt: string;
|
|
11
|
+
};
|
|
12
|
+
export declare function encryptVaultValue(input: {
|
|
13
|
+
plaintext: string;
|
|
14
|
+
key: Buffer;
|
|
15
|
+
now: Date;
|
|
16
|
+
existing?: VaultEncryptedRecord | undefined;
|
|
17
|
+
}): VaultEncryptedRecord;
|
|
18
|
+
export declare function decryptVaultValue(record: unknown, key: Buffer): string;
|
|
19
|
+
export declare function parseEncryptedRecord(record: unknown): VaultEncryptedRecord;
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
import { validateVaultKeyName } from "./keys";
|
|
2
|
+
import { VAULT_MAX_VALUE_BYTES, type VaultAccessGrant, type VaultAccessGrantFilter, type VaultAccessGrantInput, type VaultConfigOrigin, type VaultDeleteStatus, type VaultKeySourceStatus, type VaultResolvedGrant, type VaultValueStatus } from "./types";
|
|
3
|
+
export { VAULT_MAX_VALUE_BYTES, validateVaultKeyName, type VaultAccessGrant, type VaultAccessGrantFilter, type VaultAccessGrantInput, type VaultConfigOrigin, type VaultDeleteStatus, type VaultKeySourceStatus, type VaultResolvedGrant, type VaultValueStatus, };
|
|
4
|
+
type FileVaultStoreOptions = {
|
|
5
|
+
root?: string | undefined;
|
|
6
|
+
env?: Record<string, string | undefined> | undefined;
|
|
7
|
+
};
|
|
8
|
+
type SetOptions = {
|
|
9
|
+
force?: boolean | undefined;
|
|
10
|
+
now?: Date | undefined;
|
|
11
|
+
};
|
|
12
|
+
export declare class FileVaultStore {
|
|
13
|
+
readonly root: string;
|
|
14
|
+
readonly env: Record<string, string | undefined>;
|
|
15
|
+
readonly paths: {
|
|
16
|
+
keyFile: string;
|
|
17
|
+
valuesDir: string;
|
|
18
|
+
grantsFile: string;
|
|
19
|
+
};
|
|
20
|
+
constructor(options?: FileVaultStoreOptions);
|
|
21
|
+
valuePath(key: string): string;
|
|
22
|
+
set(key: string, value: string, options?: SetOptions): VaultValueStatus;
|
|
23
|
+
getStatus(key: string): VaultValueStatus;
|
|
24
|
+
listValues(): VaultValueStatus[];
|
|
25
|
+
resolveValue(key: string): string;
|
|
26
|
+
delete(key: string): VaultDeleteStatus;
|
|
27
|
+
keySourceStatus(): VaultKeySourceStatus;
|
|
28
|
+
grantAccess(input: VaultAccessGrantInput): VaultAccessGrant;
|
|
29
|
+
listAccess(filter?: VaultAccessGrantFilter): VaultAccessGrant[];
|
|
30
|
+
revokeAccess(filter: VaultAccessGrantFilter): VaultAccessGrant[];
|
|
31
|
+
resolveGrantedValue(input: {
|
|
32
|
+
referenceName: string;
|
|
33
|
+
capletId: string;
|
|
34
|
+
origin: VaultConfigOrigin;
|
|
35
|
+
}): VaultResolvedGrant;
|
|
36
|
+
private loadValueRecord;
|
|
37
|
+
private statusForRecord;
|
|
38
|
+
private loadAccessGrants;
|
|
39
|
+
private saveAccessGrants;
|
|
40
|
+
}
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
import { Buffer } from "node:buffer";
|
|
2
|
+
import type { VaultKeySourceStatus } from "./types";
|
|
3
|
+
export declare function validateVaultKeyName(name: string): string;
|
|
4
|
+
export declare function loadVaultKey(input: {
|
|
5
|
+
keyFile: string;
|
|
6
|
+
env?: Record<string, string | undefined> | undefined;
|
|
7
|
+
}): Buffer;
|
|
8
|
+
export declare function ensureVaultKey(input: {
|
|
9
|
+
keyFile: string;
|
|
10
|
+
env?: Record<string, string | undefined> | undefined;
|
|
11
|
+
}): Buffer;
|
|
12
|
+
export declare function vaultKeySourceStatus(input: {
|
|
13
|
+
keyFile: string;
|
|
14
|
+
env?: Record<string, string | undefined> | undefined;
|
|
15
|
+
}): VaultKeySourceStatus;
|
|
@@ -0,0 +1,4 @@
|
|
|
1
|
+
export declare function ensurePrivateDir(path: string): void;
|
|
2
|
+
export declare function writePrivateFileAtomic(path: string, contents: string): void;
|
|
3
|
+
export declare function readJsonFile<T>(path: string, fallback: T): T;
|
|
4
|
+
export declare function deleteFile(path: string): boolean;
|
|
@@ -0,0 +1,68 @@
|
|
|
1
|
+
import type { ConfigSourceKind } from "../config";
|
|
2
|
+
export declare const VAULT_MAX_VALUE_BYTES: number;
|
|
3
|
+
export type VaultConfigOrigin = {
|
|
4
|
+
kind: ConfigSourceKind;
|
|
5
|
+
path: string;
|
|
6
|
+
};
|
|
7
|
+
export type VaultKeySourceStatus = {
|
|
8
|
+
available: true;
|
|
9
|
+
source: "env";
|
|
10
|
+
keyFile?: undefined;
|
|
11
|
+
} | {
|
|
12
|
+
available: true;
|
|
13
|
+
source: "file";
|
|
14
|
+
keyFile: string;
|
|
15
|
+
} | {
|
|
16
|
+
available: false;
|
|
17
|
+
source: "env" | "file";
|
|
18
|
+
reason: "missing" | "invalid" | "unreadable" | "wrong-permissions" | "unsupported-version";
|
|
19
|
+
keyFile?: string | undefined;
|
|
20
|
+
};
|
|
21
|
+
export type VaultValueStatus = {
|
|
22
|
+
key: string;
|
|
23
|
+
present: boolean;
|
|
24
|
+
valueBytes?: number | undefined;
|
|
25
|
+
createdAt?: string | undefined;
|
|
26
|
+
updatedAt?: string | undefined;
|
|
27
|
+
};
|
|
28
|
+
export type VaultAccessGrant = {
|
|
29
|
+
storedKey: string;
|
|
30
|
+
referenceName: string;
|
|
31
|
+
capletId: string;
|
|
32
|
+
origin: VaultConfigOrigin;
|
|
33
|
+
createdAt: string;
|
|
34
|
+
updatedAt: string;
|
|
35
|
+
};
|
|
36
|
+
export type VaultAccessGrantInput = {
|
|
37
|
+
storedKey: string;
|
|
38
|
+
referenceName: string;
|
|
39
|
+
capletId: string;
|
|
40
|
+
origin: VaultConfigOrigin;
|
|
41
|
+
now?: Date | undefined;
|
|
42
|
+
};
|
|
43
|
+
export type VaultAccessGrantFilter = {
|
|
44
|
+
storedKey?: string | undefined;
|
|
45
|
+
referenceName?: string | undefined;
|
|
46
|
+
capletId?: string | undefined;
|
|
47
|
+
origin?: VaultConfigOrigin | undefined;
|
|
48
|
+
};
|
|
49
|
+
export type VaultResolvedGrant = {
|
|
50
|
+
storedKey: string;
|
|
51
|
+
value: string;
|
|
52
|
+
} | {
|
|
53
|
+
reason: "ungranted";
|
|
54
|
+
referenceName: string;
|
|
55
|
+
capletId: string;
|
|
56
|
+
origin: VaultConfigOrigin;
|
|
57
|
+
} | {
|
|
58
|
+
reason: "missing";
|
|
59
|
+
storedKey: string;
|
|
60
|
+
referenceName: string;
|
|
61
|
+
capletId: string;
|
|
62
|
+
origin: VaultConfigOrigin;
|
|
63
|
+
};
|
|
64
|
+
export type VaultDeleteStatus = {
|
|
65
|
+
key: string;
|
|
66
|
+
deleted: boolean;
|
|
67
|
+
grantsRetained: number;
|
|
68
|
+
};
|