@caplets/core 0.25.1 → 0.26.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/caplet-source.js +12 -12
- package/dist/cli/auth.d.ts +1 -0
- package/dist/cli/commands.d.ts +6 -1
- package/dist/cli/doctor.d.ts +1 -0
- package/dist/cli/vault.d.ts +7 -0
- package/dist/cloud/client.d.ts +59 -0
- package/dist/{completion-De4t5MtT.js → completion-DaYL-XQN.js} +23 -7
- package/dist/config.d.ts +39 -6
- package/dist/engine.d.ts +6 -2
- package/dist/index.js +436 -19
- package/dist/native.js +1 -1
- package/dist/remote-control/types.d.ts +1 -1
- package/dist/{service-Ut6dN9M8.js → service-rvZ7z6FI.js} +755 -75
- package/dist/vault/access.d.ts +5 -0
- package/dist/vault/crypto.d.ts +19 -0
- package/dist/vault/index.d.ts +40 -0
- package/dist/vault/keys.d.ts +15 -0
- package/dist/vault/store.d.ts +4 -0
- package/dist/vault/types.d.ts +68 -0
- package/package.json +1 -1
|
@@ -0,0 +1,5 @@
|
|
|
1
|
+
import type { VaultAccessGrant, VaultAccessGrantFilter, VaultAccessGrantInput, VaultConfigOrigin } from "./types";
|
|
2
|
+
export declare function normalizeVaultGrant(input: VaultAccessGrantInput): VaultAccessGrant;
|
|
3
|
+
export declare function upsertVaultGrant(grants: VaultAccessGrant[], input: VaultAccessGrantInput): VaultAccessGrant[];
|
|
4
|
+
export declare function filterVaultGrants(grants: VaultAccessGrant[], filter?: VaultAccessGrantFilter): VaultAccessGrant[];
|
|
5
|
+
export declare function sameOrigin(left: VaultConfigOrigin, right: VaultConfigOrigin): boolean;
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
import { Buffer } from "node:buffer";
|
|
2
|
+
export type VaultEncryptedRecord = {
|
|
3
|
+
version: 1;
|
|
4
|
+
algorithm: "aes-256-gcm";
|
|
5
|
+
nonce: string;
|
|
6
|
+
ciphertext: string;
|
|
7
|
+
authTag: string;
|
|
8
|
+
valueBytes: number;
|
|
9
|
+
createdAt: string;
|
|
10
|
+
updatedAt: string;
|
|
11
|
+
};
|
|
12
|
+
export declare function encryptVaultValue(input: {
|
|
13
|
+
plaintext: string;
|
|
14
|
+
key: Buffer;
|
|
15
|
+
now: Date;
|
|
16
|
+
existing?: VaultEncryptedRecord | undefined;
|
|
17
|
+
}): VaultEncryptedRecord;
|
|
18
|
+
export declare function decryptVaultValue(record: unknown, key: Buffer): string;
|
|
19
|
+
export declare function parseEncryptedRecord(record: unknown): VaultEncryptedRecord;
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
import { validateVaultKeyName } from "./keys";
|
|
2
|
+
import { VAULT_MAX_VALUE_BYTES, type VaultAccessGrant, type VaultAccessGrantFilter, type VaultAccessGrantInput, type VaultConfigOrigin, type VaultDeleteStatus, type VaultKeySourceStatus, type VaultResolvedGrant, type VaultValueStatus } from "./types";
|
|
3
|
+
export { VAULT_MAX_VALUE_BYTES, validateVaultKeyName, type VaultAccessGrant, type VaultAccessGrantFilter, type VaultAccessGrantInput, type VaultConfigOrigin, type VaultDeleteStatus, type VaultKeySourceStatus, type VaultResolvedGrant, type VaultValueStatus, };
|
|
4
|
+
type FileVaultStoreOptions = {
|
|
5
|
+
root?: string | undefined;
|
|
6
|
+
env?: Record<string, string | undefined> | undefined;
|
|
7
|
+
};
|
|
8
|
+
type SetOptions = {
|
|
9
|
+
force?: boolean | undefined;
|
|
10
|
+
now?: Date | undefined;
|
|
11
|
+
};
|
|
12
|
+
export declare class FileVaultStore {
|
|
13
|
+
readonly root: string;
|
|
14
|
+
readonly env: Record<string, string | undefined>;
|
|
15
|
+
readonly paths: {
|
|
16
|
+
keyFile: string;
|
|
17
|
+
valuesDir: string;
|
|
18
|
+
grantsFile: string;
|
|
19
|
+
};
|
|
20
|
+
constructor(options?: FileVaultStoreOptions);
|
|
21
|
+
valuePath(key: string): string;
|
|
22
|
+
set(key: string, value: string, options?: SetOptions): VaultValueStatus;
|
|
23
|
+
getStatus(key: string): VaultValueStatus;
|
|
24
|
+
listValues(): VaultValueStatus[];
|
|
25
|
+
resolveValue(key: string): string;
|
|
26
|
+
delete(key: string): VaultDeleteStatus;
|
|
27
|
+
keySourceStatus(): VaultKeySourceStatus;
|
|
28
|
+
grantAccess(input: VaultAccessGrantInput): VaultAccessGrant;
|
|
29
|
+
listAccess(filter?: VaultAccessGrantFilter): VaultAccessGrant[];
|
|
30
|
+
revokeAccess(filter: VaultAccessGrantFilter): VaultAccessGrant[];
|
|
31
|
+
resolveGrantedValue(input: {
|
|
32
|
+
referenceName: string;
|
|
33
|
+
capletId: string;
|
|
34
|
+
origin: VaultConfigOrigin;
|
|
35
|
+
}): VaultResolvedGrant;
|
|
36
|
+
private loadValueRecord;
|
|
37
|
+
private statusForRecord;
|
|
38
|
+
private loadAccessGrants;
|
|
39
|
+
private saveAccessGrants;
|
|
40
|
+
}
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
import { Buffer } from "node:buffer";
|
|
2
|
+
import type { VaultKeySourceStatus } from "./types";
|
|
3
|
+
export declare function validateVaultKeyName(name: string): string;
|
|
4
|
+
export declare function loadVaultKey(input: {
|
|
5
|
+
keyFile: string;
|
|
6
|
+
env?: Record<string, string | undefined> | undefined;
|
|
7
|
+
}): Buffer;
|
|
8
|
+
export declare function ensureVaultKey(input: {
|
|
9
|
+
keyFile: string;
|
|
10
|
+
env?: Record<string, string | undefined> | undefined;
|
|
11
|
+
}): Buffer;
|
|
12
|
+
export declare function vaultKeySourceStatus(input: {
|
|
13
|
+
keyFile: string;
|
|
14
|
+
env?: Record<string, string | undefined> | undefined;
|
|
15
|
+
}): VaultKeySourceStatus;
|
|
@@ -0,0 +1,4 @@
|
|
|
1
|
+
export declare function ensurePrivateDir(path: string): void;
|
|
2
|
+
export declare function writePrivateFileAtomic(path: string, contents: string): void;
|
|
3
|
+
export declare function readJsonFile<T>(path: string, fallback: T): T;
|
|
4
|
+
export declare function deleteFile(path: string): boolean;
|
|
@@ -0,0 +1,68 @@
|
|
|
1
|
+
import type { ConfigSourceKind } from "../config";
|
|
2
|
+
export declare const VAULT_MAX_VALUE_BYTES: number;
|
|
3
|
+
export type VaultConfigOrigin = {
|
|
4
|
+
kind: ConfigSourceKind;
|
|
5
|
+
path: string;
|
|
6
|
+
};
|
|
7
|
+
export type VaultKeySourceStatus = {
|
|
8
|
+
available: true;
|
|
9
|
+
source: "env";
|
|
10
|
+
keyFile?: undefined;
|
|
11
|
+
} | {
|
|
12
|
+
available: true;
|
|
13
|
+
source: "file";
|
|
14
|
+
keyFile: string;
|
|
15
|
+
} | {
|
|
16
|
+
available: false;
|
|
17
|
+
source: "env" | "file";
|
|
18
|
+
reason: "missing" | "invalid" | "unreadable" | "wrong-permissions" | "unsupported-version";
|
|
19
|
+
keyFile?: string | undefined;
|
|
20
|
+
};
|
|
21
|
+
export type VaultValueStatus = {
|
|
22
|
+
key: string;
|
|
23
|
+
present: boolean;
|
|
24
|
+
valueBytes?: number | undefined;
|
|
25
|
+
createdAt?: string | undefined;
|
|
26
|
+
updatedAt?: string | undefined;
|
|
27
|
+
};
|
|
28
|
+
export type VaultAccessGrant = {
|
|
29
|
+
storedKey: string;
|
|
30
|
+
referenceName: string;
|
|
31
|
+
capletId: string;
|
|
32
|
+
origin: VaultConfigOrigin;
|
|
33
|
+
createdAt: string;
|
|
34
|
+
updatedAt: string;
|
|
35
|
+
};
|
|
36
|
+
export type VaultAccessGrantInput = {
|
|
37
|
+
storedKey: string;
|
|
38
|
+
referenceName: string;
|
|
39
|
+
capletId: string;
|
|
40
|
+
origin: VaultConfigOrigin;
|
|
41
|
+
now?: Date | undefined;
|
|
42
|
+
};
|
|
43
|
+
export type VaultAccessGrantFilter = {
|
|
44
|
+
storedKey?: string | undefined;
|
|
45
|
+
referenceName?: string | undefined;
|
|
46
|
+
capletId?: string | undefined;
|
|
47
|
+
origin?: VaultConfigOrigin | undefined;
|
|
48
|
+
};
|
|
49
|
+
export type VaultResolvedGrant = {
|
|
50
|
+
storedKey: string;
|
|
51
|
+
value: string;
|
|
52
|
+
} | {
|
|
53
|
+
reason: "ungranted";
|
|
54
|
+
referenceName: string;
|
|
55
|
+
capletId: string;
|
|
56
|
+
origin: VaultConfigOrigin;
|
|
57
|
+
} | {
|
|
58
|
+
reason: "missing";
|
|
59
|
+
storedKey: string;
|
|
60
|
+
referenceName: string;
|
|
61
|
+
capletId: string;
|
|
62
|
+
origin: VaultConfigOrigin;
|
|
63
|
+
};
|
|
64
|
+
export type VaultDeleteStatus = {
|
|
65
|
+
key: string;
|
|
66
|
+
deleted: boolean;
|
|
67
|
+
grantsRetained: number;
|
|
68
|
+
};
|