@clef-sh/runtime 0.1.11 → 0.1.12
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/artifact-decryptor.d.ts +47 -0
- package/dist/artifact-decryptor.d.ts.map +1 -0
- package/dist/artifact-decryptor.js +151 -0
- package/dist/artifact-decryptor.js.map +1 -0
- package/dist/disk-cache.d.ts +1 -0
- package/dist/disk-cache.d.ts.map +1 -1
- package/dist/disk-cache.js +5 -10
- package/dist/disk-cache.js.map +1 -1
- package/dist/encrypted-artifact-store.d.ts +27 -0
- package/dist/encrypted-artifact-store.d.ts.map +1 -0
- package/dist/encrypted-artifact-store.js +46 -0
- package/dist/encrypted-artifact-store.js.map +1 -0
- package/dist/index.d.ts +3 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +5 -1
- package/dist/index.js.map +1 -1
- package/dist/poller.d.ts +38 -6
- package/dist/poller.d.ts.map +1 -1
- package/dist/poller.js +115 -82
- package/dist/poller.js.map +1 -1
- package/dist/secrets-cache.d.ts +1 -1
- package/dist/secrets-cache.d.ts.map +1 -1
- package/dist/secrets-cache.js +13 -1
- package/dist/secrets-cache.js.map +1 -1
- package/dist/signature.d.ts +2 -0
- package/dist/signature.d.ts.map +1 -1
- package/dist/signature.js +3 -1
- package/dist/signature.js.map +1 -1
- package/dist/sources/http.d.ts.map +1 -1
- package/dist/sources/http.js +12 -2
- package/dist/sources/http.js.map +1 -1
- package/package.json +1 -1
|
@@ -0,0 +1,47 @@
|
|
|
1
|
+
import { TelemetryEmitter } from "./telemetry";
|
|
2
|
+
import type { ArtifactEnvelope } from "./poller";
|
|
3
|
+
/** Result of decrypting an artifact envelope. */
|
|
4
|
+
export interface DecryptedArtifact {
|
|
5
|
+
values: Record<string, string>;
|
|
6
|
+
keys: string[];
|
|
7
|
+
revision: string;
|
|
8
|
+
}
|
|
9
|
+
export interface ArtifactDecryptorOptions {
|
|
10
|
+
/** Age private key string. Optional for KMS envelope artifacts. */
|
|
11
|
+
privateKey?: string;
|
|
12
|
+
/** Optional telemetry emitter for decrypt error reporting. */
|
|
13
|
+
telemetry?: TelemetryEmitter;
|
|
14
|
+
}
|
|
15
|
+
/**
|
|
16
|
+
* Decrypts artifact envelopes into plaintext key-value pairs.
|
|
17
|
+
*
|
|
18
|
+
* Supports two paths:
|
|
19
|
+
* - **KMS envelope**: unwrap DEK via cloud KMS, then AES-256-GCM decrypt
|
|
20
|
+
* - **Age-only**: decrypt via the age private key
|
|
21
|
+
*
|
|
22
|
+
* The caller is responsible for validation (version, integrity, signature,
|
|
23
|
+
* expiry). This module handles only the cryptographic decryption and JSON
|
|
24
|
+
* parsing of the resulting plaintext.
|
|
25
|
+
*/
|
|
26
|
+
export declare class ArtifactDecryptor {
|
|
27
|
+
private readonly ageDecryptor;
|
|
28
|
+
private readonly privateKey?;
|
|
29
|
+
private telemetryOverride?;
|
|
30
|
+
private readonly initialTelemetry?;
|
|
31
|
+
constructor(options: ArtifactDecryptorOptions);
|
|
32
|
+
/** Set or replace the telemetry emitter. */
|
|
33
|
+
setTelemetry(emitter: TelemetryEmitter): void;
|
|
34
|
+
private get telemetry();
|
|
35
|
+
/**
|
|
36
|
+
* Decrypt an artifact envelope into plaintext key-value pairs.
|
|
37
|
+
*
|
|
38
|
+
* @throws On KMS unwrap failure, AES-GCM auth failure, age decrypt failure,
|
|
39
|
+
* missing private key (config error), or malformed plaintext JSON.
|
|
40
|
+
*/
|
|
41
|
+
decrypt(artifact: ArtifactEnvelope): Promise<DecryptedArtifact>;
|
|
42
|
+
/** KMS envelope: unwrap DEK via KMS, then AES-256-GCM decrypt. */
|
|
43
|
+
private decryptKmsEnvelope;
|
|
44
|
+
/** Age-only: decrypt with the static private key. */
|
|
45
|
+
private decryptAge;
|
|
46
|
+
}
|
|
47
|
+
//# sourceMappingURL=artifact-decryptor.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"artifact-decryptor.d.ts","sourceRoot":"","sources":["../src/artifact-decryptor.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC/C,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;AAEjD,iDAAiD;AACjD,MAAM,WAAW,iBAAiB;IAChC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC/B,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,wBAAwB;IACvC,mEAAmE;IACnE,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,8DAA8D;IAC9D,SAAS,CAAC,EAAE,gBAAgB,CAAC;CAC9B;AAED;;;;;;;;;;GAUG;AACH,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAsB;IACnD,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAS;IACrC,OAAO,CAAC,iBAAiB,CAAC,CAAmB;IAC7C,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAmB;gBAEzC,OAAO,EAAE,wBAAwB;IAK7C,4CAA4C;IAC5C,YAAY,CAAC,OAAO,EAAE,gBAAgB,GAAG,IAAI;IAI7C,OAAO,KAAK,SAAS,GAEpB;IAED;;;;;OAKG;IACG,OAAO,CAAC,QAAQ,EAAE,gBAAgB,GAAG,OAAO,CAAC,iBAAiB,CAAC;IAyBrE,kEAAkE;YACpD,kBAAkB;IAiChC,qDAAqD;YACvC,UAAU;CAkBzB"}
|
|
@@ -0,0 +1,151 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
18
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
19
|
+
var ownKeys = function(o) {
|
|
20
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
21
|
+
var ar = [];
|
|
22
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
23
|
+
return ar;
|
|
24
|
+
};
|
|
25
|
+
return ownKeys(o);
|
|
26
|
+
};
|
|
27
|
+
return function (mod) {
|
|
28
|
+
if (mod && mod.__esModule) return mod;
|
|
29
|
+
var result = {};
|
|
30
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
31
|
+
__setModuleDefault(result, mod);
|
|
32
|
+
return result;
|
|
33
|
+
};
|
|
34
|
+
})();
|
|
35
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
36
|
+
exports.ArtifactDecryptor = void 0;
|
|
37
|
+
const crypto = __importStar(require("crypto"));
|
|
38
|
+
const decrypt_1 = require("./decrypt");
|
|
39
|
+
const kms_1 = require("./kms");
|
|
40
|
+
/**
|
|
41
|
+
* Decrypts artifact envelopes into plaintext key-value pairs.
|
|
42
|
+
*
|
|
43
|
+
* Supports two paths:
|
|
44
|
+
* - **KMS envelope**: unwrap DEK via cloud KMS, then AES-256-GCM decrypt
|
|
45
|
+
* - **Age-only**: decrypt via the age private key
|
|
46
|
+
*
|
|
47
|
+
* The caller is responsible for validation (version, integrity, signature,
|
|
48
|
+
* expiry). This module handles only the cryptographic decryption and JSON
|
|
49
|
+
* parsing of the resulting plaintext.
|
|
50
|
+
*/
|
|
51
|
+
class ArtifactDecryptor {
|
|
52
|
+
ageDecryptor = new decrypt_1.AgeDecryptor();
|
|
53
|
+
privateKey;
|
|
54
|
+
telemetryOverride;
|
|
55
|
+
initialTelemetry;
|
|
56
|
+
constructor(options) {
|
|
57
|
+
this.privateKey = options.privateKey;
|
|
58
|
+
this.initialTelemetry = options.telemetry;
|
|
59
|
+
}
|
|
60
|
+
/** Set or replace the telemetry emitter. */
|
|
61
|
+
setTelemetry(emitter) {
|
|
62
|
+
this.telemetryOverride = emitter;
|
|
63
|
+
}
|
|
64
|
+
get telemetry() {
|
|
65
|
+
return this.telemetryOverride ?? this.initialTelemetry;
|
|
66
|
+
}
|
|
67
|
+
/**
|
|
68
|
+
* Decrypt an artifact envelope into plaintext key-value pairs.
|
|
69
|
+
*
|
|
70
|
+
* @throws On KMS unwrap failure, AES-GCM auth failure, age decrypt failure,
|
|
71
|
+
* missing private key (config error), or malformed plaintext JSON.
|
|
72
|
+
*/
|
|
73
|
+
async decrypt(artifact) {
|
|
74
|
+
let plaintext;
|
|
75
|
+
if (artifact.envelope) {
|
|
76
|
+
plaintext = await this.decryptKmsEnvelope(artifact);
|
|
77
|
+
}
|
|
78
|
+
else {
|
|
79
|
+
plaintext = await this.decryptAge(artifact);
|
|
80
|
+
}
|
|
81
|
+
let values;
|
|
82
|
+
try {
|
|
83
|
+
values = JSON.parse(plaintext);
|
|
84
|
+
}
|
|
85
|
+
catch (err) {
|
|
86
|
+
this.telemetry?.artifactInvalid({
|
|
87
|
+
reason: "payload_parse",
|
|
88
|
+
error: err instanceof Error ? err.message : String(err),
|
|
89
|
+
});
|
|
90
|
+
throw err;
|
|
91
|
+
}
|
|
92
|
+
finally {
|
|
93
|
+
plaintext = "";
|
|
94
|
+
}
|
|
95
|
+
return { values, keys: artifact.keys, revision: artifact.revision };
|
|
96
|
+
}
|
|
97
|
+
/** KMS envelope: unwrap DEK via KMS, then AES-256-GCM decrypt. */
|
|
98
|
+
async decryptKmsEnvelope(artifact) {
|
|
99
|
+
const envelope = artifact.envelope;
|
|
100
|
+
let dek;
|
|
101
|
+
try {
|
|
102
|
+
const kms = (0, kms_1.createKmsProvider)(envelope.provider);
|
|
103
|
+
const wrappedKey = Buffer.from(envelope.wrappedKey, "base64");
|
|
104
|
+
dek = await kms.unwrap(envelope.keyId, wrappedKey, envelope.algorithm);
|
|
105
|
+
}
|
|
106
|
+
catch (err) {
|
|
107
|
+
this.telemetry?.artifactInvalid({
|
|
108
|
+
reason: "kms_unwrap",
|
|
109
|
+
error: err instanceof Error ? err.message : String(err),
|
|
110
|
+
});
|
|
111
|
+
throw err;
|
|
112
|
+
}
|
|
113
|
+
try {
|
|
114
|
+
const iv = Buffer.from(envelope.iv, "base64");
|
|
115
|
+
const authTag = Buffer.from(envelope.authTag, "base64");
|
|
116
|
+
const ciphertextBuf = Buffer.from(artifact.ciphertext, "base64");
|
|
117
|
+
const decipher = crypto.createDecipheriv("aes-256-gcm", dek, iv);
|
|
118
|
+
decipher.setAuthTag(authTag);
|
|
119
|
+
return Buffer.concat([decipher.update(ciphertextBuf), decipher.final()]).toString("utf-8");
|
|
120
|
+
}
|
|
121
|
+
catch (err) {
|
|
122
|
+
this.telemetry?.artifactInvalid({
|
|
123
|
+
reason: "decrypt",
|
|
124
|
+
error: err instanceof Error ? err.message : String(err),
|
|
125
|
+
});
|
|
126
|
+
throw err;
|
|
127
|
+
}
|
|
128
|
+
finally {
|
|
129
|
+
dek.fill(0);
|
|
130
|
+
}
|
|
131
|
+
}
|
|
132
|
+
/** Age-only: decrypt with the static private key. */
|
|
133
|
+
async decryptAge(artifact) {
|
|
134
|
+
if (!this.privateKey) {
|
|
135
|
+
// Config error — NOT an artifact.invalid event
|
|
136
|
+
throw new Error("Artifact requires an age private key. Set CLEF_AGENT_AGE_KEY or use KMS envelope encryption.");
|
|
137
|
+
}
|
|
138
|
+
try {
|
|
139
|
+
return await this.ageDecryptor.decrypt(artifact.ciphertext, this.privateKey);
|
|
140
|
+
}
|
|
141
|
+
catch (err) {
|
|
142
|
+
this.telemetry?.artifactInvalid({
|
|
143
|
+
reason: err instanceof SyntaxError ? "payload_parse" : "decrypt",
|
|
144
|
+
error: err instanceof Error ? err.message : String(err),
|
|
145
|
+
});
|
|
146
|
+
throw err;
|
|
147
|
+
}
|
|
148
|
+
}
|
|
149
|
+
}
|
|
150
|
+
exports.ArtifactDecryptor = ArtifactDecryptor;
|
|
151
|
+
//# sourceMappingURL=artifact-decryptor.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"artifact-decryptor.js","sourceRoot":"","sources":["../src/artifact-decryptor.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,+CAAiC;AACjC,uCAAyC;AACzC,+BAA0C;AAkB1C;;;;;;;;;;GAUG;AACH,MAAa,iBAAiB;IACX,YAAY,GAAG,IAAI,sBAAY,EAAE,CAAC;IAClC,UAAU,CAAU;IAC7B,iBAAiB,CAAoB;IAC5B,gBAAgB,CAAoB;IAErD,YAAY,OAAiC;QAC3C,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;QACrC,IAAI,CAAC,gBAAgB,GAAG,OAAO,CAAC,SAAS,CAAC;IAC5C,CAAC;IAED,4CAA4C;IAC5C,YAAY,CAAC,OAAyB;QACpC,IAAI,CAAC,iBAAiB,GAAG,OAAO,CAAC;IACnC,CAAC;IAED,IAAY,SAAS;QACnB,OAAO,IAAI,CAAC,iBAAiB,IAAI,IAAI,CAAC,gBAAgB,CAAC;IACzD,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,OAAO,CAAC,QAA0B;QACtC,IAAI,SAAiB,CAAC;QAEtB,IAAI,QAAQ,CAAC,QAAQ,EAAE,CAAC;YACtB,SAAS,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC;QACtD,CAAC;aAAM,CAAC;YACN,SAAS,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;QAC9C,CAAC;QAED,IAAI,MAA8B,CAAC;QACnC,IAAI,CAAC;YACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QACjC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,SAAS,EAAE,eAAe,CAAC;gBAC9B,MAAM,EAAE,eAAe;gBACvB,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;aACxD,CAAC,CAAC;YACH,MAAM,GAAG,CAAC;QACZ,CAAC;gBAAS,CAAC;YACT,SAAS,GAAG,EAAE,CAAC;QACjB,CAAC;QAED,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,CAAC,IAAI,EAAE,QAAQ,EAAE,QAAQ,CAAC,QAAQ,EAAE,CAAC;IACtE,CAAC;IAED,kEAAkE;IAC1D,KAAK,CAAC,kBAAkB,CAAC,QAA0B;QACzD,MAAM,QAAQ,GAAG,QAAQ,CAAC,QAAS,CAAC;QACpC,IAAI,GAAW,CAAC;QAChB,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,IAAA,uBAAiB,EAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YACjD,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;YAC9D,GAAG,GAAG,MAAM,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,EAAE,UAAU,EAAE,QAAQ,CAAC,SAAS,CAAC,CAAC;QACzE,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,SAAS,EAAE,eAAe,CAAC;gBAC9B,MAAM,EAAE,YAAY;gBACpB,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;aACxD,CAAC,CAAC;YACH,MAAM,GAAG,CAAC;QACZ,CAAC;QAED,IAAI,CAAC;YACH,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAC;YAC9C,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;YACxD,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;YACjE,MAAM,QAAQ,GAAG,MAAM,CAAC,gBAAgB,CAAC,aAAa,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;YACjE,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;YAC7B,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,aAAa,CAAC,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QAC7F,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,SAAS,EAAE,eAAe,CAAC;gBAC9B,MAAM,EAAE,SAAS;gBACjB,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;aACxD,CAAC,CAAC;YACH,MAAM,GAAG,CAAC;QACZ,CAAC;gBAAS,CAAC;YACT,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACd,CAAC;IACH,CAAC;IAED,qDAAqD;IAC7C,KAAK,CAAC,UAAU,CAAC,QAA0B;QACjD,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;YACrB,+CAA+C;YAC/C,MAAM,IAAI,KAAK,CACb,8FAA8F,CAC/F,CAAC;QACJ,CAAC;QAED,IAAI,CAAC;YACH,OAAO,MAAM,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,QAAQ,CAAC,UAAU,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;QAC/E,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,SAAS,EAAE,eAAe,CAAC;gBAC9B,MAAM,EAAE,GAAG,YAAY,WAAW,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS;gBAChE,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;aACxD,CAAC,CAAC;YACH,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;CACF;AAxGD,8CAwGC"}
|
package/dist/disk-cache.d.ts
CHANGED
|
@@ -16,6 +16,7 @@ export declare class DiskCache {
|
|
|
16
16
|
getCachedSha(): string | undefined;
|
|
17
17
|
/** Get the fetchedAt timestamp from metadata, if available. */
|
|
18
18
|
getFetchedAt(): string | undefined;
|
|
19
|
+
private readMeta;
|
|
19
20
|
/** Remove cached artifact and metadata files. */
|
|
20
21
|
purge(): void;
|
|
21
22
|
}
|
package/dist/disk-cache.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"disk-cache.d.ts","sourceRoot":"","sources":["../src/disk-cache.ts"],"names":[],"mappings":"AAQA;;;;;GAKG;AACH,qBAAa,SAAS;IACpB,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAS;IACtC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAS;gBAEtB,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM;IAMpE,+EAA+E;IAC/E,KAAK,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,CAAC,EAAE,MAAM,GAAG,IAAI;IActC,sEAAsE;IACtE,IAAI,IAAI,MAAM,GAAG,IAAI;IAQrB,0DAA0D;IAC1D,YAAY,IAAI,MAAM,GAAG,SAAS;
|
|
1
|
+
{"version":3,"file":"disk-cache.d.ts","sourceRoot":"","sources":["../src/disk-cache.ts"],"names":[],"mappings":"AAQA;;;;;GAKG;AACH,qBAAa,SAAS;IACpB,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAS;IACtC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAS;gBAEtB,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM;IAMpE,+EAA+E;IAC/E,KAAK,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,CAAC,EAAE,MAAM,GAAG,IAAI;IActC,sEAAsE;IACtE,IAAI,IAAI,MAAM,GAAG,IAAI;IAQrB,0DAA0D;IAC1D,YAAY,IAAI,MAAM,GAAG,SAAS;IAIlC,+DAA+D;IAC/D,YAAY,IAAI,MAAM,GAAG,SAAS;IAIlC,OAAO,CAAC,QAAQ;IAShB,iDAAiD;IACjD,KAAK,IAAI,IAAI;CAYd"}
|
package/dist/disk-cache.js
CHANGED
|
@@ -73,21 +73,16 @@ class DiskCache {
|
|
|
73
73
|
}
|
|
74
74
|
/** Get the SHA from the cached metadata, if available. */
|
|
75
75
|
getCachedSha() {
|
|
76
|
-
|
|
77
|
-
const raw = fs.readFileSync(this.metaPath, "utf-8");
|
|
78
|
-
const meta = JSON.parse(raw);
|
|
79
|
-
return meta.sha;
|
|
80
|
-
}
|
|
81
|
-
catch {
|
|
82
|
-
return undefined;
|
|
83
|
-
}
|
|
76
|
+
return this.readMeta()?.sha;
|
|
84
77
|
}
|
|
85
78
|
/** Get the fetchedAt timestamp from metadata, if available. */
|
|
86
79
|
getFetchedAt() {
|
|
80
|
+
return this.readMeta()?.fetchedAt;
|
|
81
|
+
}
|
|
82
|
+
readMeta() {
|
|
87
83
|
try {
|
|
88
84
|
const raw = fs.readFileSync(this.metaPath, "utf-8");
|
|
89
|
-
|
|
90
|
-
return meta.fetchedAt;
|
|
85
|
+
return JSON.parse(raw);
|
|
91
86
|
}
|
|
92
87
|
catch {
|
|
93
88
|
return undefined;
|
package/dist/disk-cache.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"disk-cache.js","sourceRoot":"","sources":["../src/disk-cache.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AACzB,2CAA6B;AAO7B;;;;;GAKG;AACH,MAAa,SAAS;IACH,YAAY,CAAS;IACrB,QAAQ,CAAS;IAElC,YAAY,SAAiB,EAAE,QAAgB,EAAE,WAAmB;QAClE,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;QAC3C,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,WAAW,WAAW,CAAC,CAAC;QAC9D,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,WAAW,OAAO,CAAC,CAAC;IACxD,CAAC;IAED,+EAA+E;IAC/E,KAAK,CAAC,GAAW,EAAE,GAAY;QAC7B,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAC5C,EAAE,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAEvC,MAAM,WAAW,GAAG,GAAG,IAAI,CAAC,YAAY,QAAQ,OAAO,CAAC,GAAG,EAAE,CAAC;QAC9D,EAAE,CAAC,aAAa,CAAC,WAAW,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;QAC5C,EAAE,CAAC,UAAU,CAAC,WAAW,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;QAE9C,MAAM,IAAI,GAAkB,EAAE,GAAG,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC;QACzE,MAAM,OAAO,GAAG,GAAG,IAAI,CAAC,QAAQ,QAAQ,OAAO,CAAC,GAAG,EAAE,CAAC;QACtD,EAAE,CAAC,aAAa,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,OAAO,CAAC,CAAC;QACzD,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;IACxC,CAAC;IAED,sEAAsE;IACtE,IAAI;QACF,IAAI,CAAC;YACH,OAAO,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;QACrD,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,0DAA0D;IAC1D,YAAY;QACV,
|
|
1
|
+
{"version":3,"file":"disk-cache.js","sourceRoot":"","sources":["../src/disk-cache.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AACzB,2CAA6B;AAO7B;;;;;GAKG;AACH,MAAa,SAAS;IACH,YAAY,CAAS;IACrB,QAAQ,CAAS;IAElC,YAAY,SAAiB,EAAE,QAAgB,EAAE,WAAmB;QAClE,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;QAC3C,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,WAAW,WAAW,CAAC,CAAC;QAC9D,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,WAAW,OAAO,CAAC,CAAC;IACxD,CAAC;IAED,+EAA+E;IAC/E,KAAK,CAAC,GAAW,EAAE,GAAY;QAC7B,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAC5C,EAAE,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAEvC,MAAM,WAAW,GAAG,GAAG,IAAI,CAAC,YAAY,QAAQ,OAAO,CAAC,GAAG,EAAE,CAAC;QAC9D,EAAE,CAAC,aAAa,CAAC,WAAW,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;QAC5C,EAAE,CAAC,UAAU,CAAC,WAAW,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;QAE9C,MAAM,IAAI,GAAkB,EAAE,GAAG,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC;QACzE,MAAM,OAAO,GAAG,GAAG,IAAI,CAAC,QAAQ,QAAQ,OAAO,CAAC,GAAG,EAAE,CAAC;QACtD,EAAE,CAAC,aAAa,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,OAAO,CAAC,CAAC;QACzD,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;IACxC,CAAC;IAED,sEAAsE;IACtE,IAAI;QACF,IAAI,CAAC;YACH,OAAO,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;QACrD,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,0DAA0D;IAC1D,YAAY;QACV,OAAO,IAAI,CAAC,QAAQ,EAAE,EAAE,GAAG,CAAC;IAC9B,CAAC;IAED,+DAA+D;IAC/D,YAAY;QACV,OAAO,IAAI,CAAC,QAAQ,EAAE,EAAE,SAAS,CAAC;IACpC,CAAC;IAEO,QAAQ;QACd,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YACpD,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAkB,CAAC;QAC1C,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,SAAS,CAAC;QACnB,CAAC;IACH,CAAC;IAED,iDAAiD;IACjD,KAAK;QACH,IAAI,CAAC;YACH,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACnC,CAAC;QAAC,MAAM,CAAC;YACP,iBAAiB;QACnB,CAAC;QACD,IAAI,CAAC;YACH,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC/B,CAAC;QAAC,MAAM,CAAC;YACP,iBAAiB;QACnB,CAAC;IACH,CAAC;CACF;AAlED,8BAkEC"}
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
import type { ArtifactEnvelope } from "./poller";
|
|
2
|
+
/**
|
|
3
|
+
* Holds the latest validated-but-encrypted artifact envelope.
|
|
4
|
+
*
|
|
5
|
+
* In JIT mode (cacheTtl=0) the poller writes here after fetch+validate,
|
|
6
|
+
* and the HTTP server reads from here on each request to decrypt on demand.
|
|
7
|
+
* Key names and revision are readable without decryption (SOPS metadata).
|
|
8
|
+
*/
|
|
9
|
+
export declare class EncryptedArtifactStore {
|
|
10
|
+
private artifact;
|
|
11
|
+
private _storedAt;
|
|
12
|
+
/** Atomically replace the stored artifact. */
|
|
13
|
+
swap(artifact: ArtifactEnvelope): void;
|
|
14
|
+
/** Get the current encrypted artifact. Returns null if not yet loaded. */
|
|
15
|
+
get(): ArtifactEnvelope | null;
|
|
16
|
+
/** Whether an artifact has been stored. */
|
|
17
|
+
isReady(): boolean;
|
|
18
|
+
/** Epoch ms of last store, or null. */
|
|
19
|
+
getStoredAt(): number | null;
|
|
20
|
+
/** Get key names from the stored artifact metadata (no decryption needed). */
|
|
21
|
+
getKeys(): string[];
|
|
22
|
+
/** Get the revision from the stored artifact. */
|
|
23
|
+
getRevision(): string | null;
|
|
24
|
+
/** Clear the stored artifact (on revocation/expiry). */
|
|
25
|
+
wipe(): void;
|
|
26
|
+
}
|
|
27
|
+
//# sourceMappingURL=encrypted-artifact-store.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"encrypted-artifact-store.d.ts","sourceRoot":"","sources":["../src/encrypted-artifact-store.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;AAEjD;;;;;;GAMG;AACH,qBAAa,sBAAsB;IACjC,OAAO,CAAC,QAAQ,CAAiC;IACjD,OAAO,CAAC,SAAS,CAAuB;IAExC,8CAA8C;IAC9C,IAAI,CAAC,QAAQ,EAAE,gBAAgB,GAAG,IAAI;IAKtC,0EAA0E;IAC1E,GAAG,IAAI,gBAAgB,GAAG,IAAI;IAI9B,2CAA2C;IAC3C,OAAO,IAAI,OAAO;IAIlB,uCAAuC;IACvC,WAAW,IAAI,MAAM,GAAG,IAAI;IAI5B,8EAA8E;IAC9E,OAAO,IAAI,MAAM,EAAE;IAInB,iDAAiD;IACjD,WAAW,IAAI,MAAM,GAAG,IAAI;IAI5B,wDAAwD;IACxD,IAAI,IAAI,IAAI;CAIb"}
|
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.EncryptedArtifactStore = void 0;
|
|
4
|
+
/**
|
|
5
|
+
* Holds the latest validated-but-encrypted artifact envelope.
|
|
6
|
+
*
|
|
7
|
+
* In JIT mode (cacheTtl=0) the poller writes here after fetch+validate,
|
|
8
|
+
* and the HTTP server reads from here on each request to decrypt on demand.
|
|
9
|
+
* Key names and revision are readable without decryption (SOPS metadata).
|
|
10
|
+
*/
|
|
11
|
+
class EncryptedArtifactStore {
|
|
12
|
+
artifact = null;
|
|
13
|
+
_storedAt = null;
|
|
14
|
+
/** Atomically replace the stored artifact. */
|
|
15
|
+
swap(artifact) {
|
|
16
|
+
this.artifact = artifact;
|
|
17
|
+
this._storedAt = Date.now();
|
|
18
|
+
}
|
|
19
|
+
/** Get the current encrypted artifact. Returns null if not yet loaded. */
|
|
20
|
+
get() {
|
|
21
|
+
return this.artifact;
|
|
22
|
+
}
|
|
23
|
+
/** Whether an artifact has been stored. */
|
|
24
|
+
isReady() {
|
|
25
|
+
return this.artifact !== null;
|
|
26
|
+
}
|
|
27
|
+
/** Epoch ms of last store, or null. */
|
|
28
|
+
getStoredAt() {
|
|
29
|
+
return this._storedAt;
|
|
30
|
+
}
|
|
31
|
+
/** Get key names from the stored artifact metadata (no decryption needed). */
|
|
32
|
+
getKeys() {
|
|
33
|
+
return this.artifact ? [...this.artifact.keys] : [];
|
|
34
|
+
}
|
|
35
|
+
/** Get the revision from the stored artifact. */
|
|
36
|
+
getRevision() {
|
|
37
|
+
return this.artifact?.revision ?? null;
|
|
38
|
+
}
|
|
39
|
+
/** Clear the stored artifact (on revocation/expiry). */
|
|
40
|
+
wipe() {
|
|
41
|
+
this.artifact = null;
|
|
42
|
+
this._storedAt = null;
|
|
43
|
+
}
|
|
44
|
+
}
|
|
45
|
+
exports.EncryptedArtifactStore = EncryptedArtifactStore;
|
|
46
|
+
//# sourceMappingURL=encrypted-artifact-store.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"encrypted-artifact-store.js","sourceRoot":"","sources":["../src/encrypted-artifact-store.ts"],"names":[],"mappings":";;;AAEA;;;;;;GAMG;AACH,MAAa,sBAAsB;IACzB,QAAQ,GAA4B,IAAI,CAAC;IACzC,SAAS,GAAkB,IAAI,CAAC;IAExC,8CAA8C;IAC9C,IAAI,CAAC,QAA0B;QAC7B,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC9B,CAAC;IAED,0EAA0E;IAC1E,GAAG;QACD,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;IAED,2CAA2C;IAC3C,OAAO;QACL,OAAO,IAAI,CAAC,QAAQ,KAAK,IAAI,CAAC;IAChC,CAAC;IAED,uCAAuC;IACvC,WAAW;QACT,OAAO,IAAI,CAAC,SAAS,CAAC;IACxB,CAAC;IAED,8EAA8E;IAC9E,OAAO;QACL,OAAO,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IACtD,CAAC;IAED,iDAAiD;IACjD,WAAW;QACT,OAAO,IAAI,CAAC,QAAQ,EAAE,QAAQ,IAAI,IAAI,CAAC;IACzC,CAAC;IAED,wDAAwD;IACxD,IAAI;QACF,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC;QACrB,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC;IACxB,CAAC;CACF;AAxCD,wDAwCC"}
|
package/dist/index.d.ts
CHANGED
|
@@ -3,6 +3,9 @@ export { DiskCache } from "./disk-cache";
|
|
|
3
3
|
export { AgeDecryptor } from "./decrypt";
|
|
4
4
|
export { ArtifactPoller } from "./poller";
|
|
5
5
|
export type { PollerOptions, ArtifactEnvelope } from "./poller";
|
|
6
|
+
export { ArtifactDecryptor } from "./artifact-decryptor";
|
|
7
|
+
export type { DecryptedArtifact, ArtifactDecryptorOptions } from "./artifact-decryptor";
|
|
8
|
+
export { EncryptedArtifactStore } from "./encrypted-artifact-store";
|
|
6
9
|
export { TelemetryEmitter } from "./telemetry";
|
|
7
10
|
export type { TelemetryOptions, TelemetryEvent, AgentStartedEvent, AgentStoppedEvent, ArtifactRefreshedEvent, ArtifactRevokedEvent, ArtifactExpiredEvent, FetchFailedEvent, CacheExpiredEvent, ArtifactInvalidEvent, } from "./telemetry";
|
|
8
11
|
export type { VcsProvider, VcsProviderConfig, VcsFileResult } from "./vcs/types";
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AACzC,OAAO,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAC1C,YAAY,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AACzC,OAAO,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAC1C,YAAY,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;AAChE,OAAO,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AACzD,YAAY,EAAE,iBAAiB,EAAE,wBAAwB,EAAE,MAAM,sBAAsB,CAAC;AACxF,OAAO,EAAE,sBAAsB,EAAE,MAAM,4BAA4B,CAAC;AAGpE,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC/C,YAAY,EACV,gBAAgB,EAChB,cAAc,EACd,iBAAiB,EACjB,iBAAiB,EACjB,sBAAsB,EACtB,oBAAoB,EACpB,oBAAoB,EACpB,gBAAgB,EAChB,iBAAiB,EACjB,oBAAoB,GACrB,MAAM,aAAa,CAAC;AAGrB,YAAY,EAAE,WAAW,EAAE,iBAAiB,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AACjF,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAC9C,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAC9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AACpD,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAGhD,YAAY,EAAE,WAAW,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,OAAO,CAAC;AACzE,OAAO,EAAE,cAAc,EAAE,MAAM,OAAO,CAAC;AACvC,OAAO,EAAE,iBAAiB,EAAE,MAAM,OAAO,CAAC;AAG1C,YAAY,EAAE,cAAc,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AAC3E,OAAO,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AACpD,OAAO,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AACpD,OAAO,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAC;AAGlD,OAAO,EAAE,mBAAmB,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAGnE,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAG/C,OAAO,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAM1C,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAE/C;;;;;;GAMG;AACH,MAAM,WAAW,aAAa;IAC5B,8DAA8D;IAC9D,QAAQ,CAAC,EAAE,QAAQ,GAAG,QAAQ,GAAG,WAAW,CAAC;IAC7C,mDAAmD;IACnD,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,wDAAwD;IACxD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,gDAAgD;IAChD,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,iFAAiF;IACjF,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,mFAAmF;IACnF,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,yDAAyD;IACzD,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB,6EAA6E;IAC7E,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB,qDAAqD;IACrD,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,+BAA+B;IAC/B,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB,0FAA0F;IAC1F,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,2EAA2E;IAC3E,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,sDAAsD;IACtD,SAAS,CAAC,EAAE,gBAAgB,CAAC;IAE7B;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;;;;;GAMG;AACH,qBAAa,WAAW;IACtB,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAsB;IAC5C,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAiB;IACxC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAgB;gBAE3B,MAAM,EAAE,aAAa;IAgCjC,iEAAiE;IAC3D,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAI5B,yFAAyF;IACzF,YAAY,IAAI,IAAI;IAIpB,+BAA+B;IAC/B,WAAW,IAAI,IAAI;IAInB,wCAAwC;IACxC,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS;IAIpC,wCAAwC;IACxC,MAAM,IAAI,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC;IAIhC,0DAA0D;IAC1D,GAAG,IAAI,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC;IAI7B,gCAAgC;IAChC,IAAI,IAAI,MAAM,EAAE;IAIhB,iCAAiC;IACjC,IAAI,QAAQ,IAAI,MAAM,CAErB;IAED,wCAAwC;IACxC,IAAI,KAAK,IAAI,OAAO,CAEnB;IAED,yDAAyD;IACzD,SAAS,IAAI,cAAc;IAI3B,wDAAwD;IACxD,QAAQ,IAAI,YAAY;IAIxB,OAAO,CAAC,aAAa;CA0CtB;AAED,2FAA2F;AAC3F,wBAAsB,IAAI,CAAC,MAAM,EAAE,aAAa,GAAG,OAAO,CAAC,WAAW,CAAC,CAItE"}
|
package/dist/index.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.ClefRuntime = exports.verifySignature = exports.buildSigningPayload = exports.VcsArtifactSource = exports.FileArtifactSource = exports.HttpArtifactSource = exports.createKmsProvider = exports.AwsKmsProvider = exports.createVcsProvider = exports.BitbucketProvider = exports.GitLabProvider = exports.GitHubProvider = exports.TelemetryEmitter = exports.ArtifactPoller = exports.AgeDecryptor = exports.DiskCache = exports.SecretsCache = void 0;
|
|
3
|
+
exports.ClefRuntime = exports.verifySignature = exports.buildSigningPayload = exports.VcsArtifactSource = exports.FileArtifactSource = exports.HttpArtifactSource = exports.createKmsProvider = exports.AwsKmsProvider = exports.createVcsProvider = exports.BitbucketProvider = exports.GitLabProvider = exports.GitHubProvider = exports.TelemetryEmitter = exports.EncryptedArtifactStore = exports.ArtifactDecryptor = exports.ArtifactPoller = exports.AgeDecryptor = exports.DiskCache = exports.SecretsCache = void 0;
|
|
4
4
|
exports.init = init;
|
|
5
5
|
// Core modules
|
|
6
6
|
var secrets_cache_1 = require("./secrets-cache");
|
|
@@ -11,6 +11,10 @@ var decrypt_1 = require("./decrypt");
|
|
|
11
11
|
Object.defineProperty(exports, "AgeDecryptor", { enumerable: true, get: function () { return decrypt_1.AgeDecryptor; } });
|
|
12
12
|
var poller_1 = require("./poller");
|
|
13
13
|
Object.defineProperty(exports, "ArtifactPoller", { enumerable: true, get: function () { return poller_1.ArtifactPoller; } });
|
|
14
|
+
var artifact_decryptor_1 = require("./artifact-decryptor");
|
|
15
|
+
Object.defineProperty(exports, "ArtifactDecryptor", { enumerable: true, get: function () { return artifact_decryptor_1.ArtifactDecryptor; } });
|
|
16
|
+
var encrypted_artifact_store_1 = require("./encrypted-artifact-store");
|
|
17
|
+
Object.defineProperty(exports, "EncryptedArtifactStore", { enumerable: true, get: function () { return encrypted_artifact_store_1.EncryptedArtifactStore; } });
|
|
14
18
|
// Telemetry
|
|
15
19
|
var telemetry_1 = require("./telemetry");
|
|
16
20
|
Object.defineProperty(exports, "TelemetryEmitter", { enumerable: true, get: function () { return telemetry_1.TelemetryEmitter; } });
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;AAwPA,oBAIC;AA5PD,eAAe;AACf,iDAA+C;AAAtC,6GAAA,YAAY,OAAA;AACrB,2CAAyC;AAAhC,uGAAA,SAAS,OAAA;AAClB,qCAAyC;AAAhC,uGAAA,YAAY,OAAA;AACrB,mCAA0C;AAAjC,wGAAA,cAAc,OAAA;AAEvB,2DAAyD;AAAhD,uHAAA,iBAAiB,OAAA;AAE1B,uEAAoE;AAA3D,kIAAA,sBAAsB,OAAA;AAE/B,YAAY;AACZ,yCAA+C;AAAtC,6GAAA,gBAAgB,OAAA;AAgBzB,uCAA8C;AAArC,wGAAA,cAAc,OAAA;AACvB,uCAA8C;AAArC,wGAAA,cAAc,OAAA;AACvB,6CAAoD;AAA3C,8GAAA,iBAAiB,OAAA;AAC1B,qCAAgD;AAAvC,0GAAA,iBAAiB,OAAA;AAI1B,6BAAuC;AAA9B,qGAAA,cAAc,OAAA;AACvB,6BAA0C;AAAjC,wGAAA,iBAAiB,OAAA;AAI1B,uCAAoD;AAA3C,0GAAA,kBAAkB,OAAA;AAC3B,uCAAoD;AAA3C,0GAAA,kBAAkB,OAAA;AAC3B,qCAAkD;AAAzC,wGAAA,iBAAiB,OAAA;AAE1B,yBAAyB;AACzB,yCAAmE;AAA1D,gHAAA,mBAAmB,OAAA;AAAE,4GAAA,eAAe,OAAA;AAE7C,iBAAiB;AACjB,mDAA+C;AAC/C,6CAAyC;AACzC,uCAAyC;AACzC,qCAA0C;AAC1C,uCAAgD;AAChD,uCAAkD;AAClD,yCAAoD;AACpD,yCAAoD;AAkDpD;;;;;;GAMG;AACH,MAAa,WAAW;IACL,KAAK,GAAG,IAAI,4BAAY,EAAE,CAAC;IAC3B,MAAM,CAAiB;IACvB,MAAM,CAAgB;IAEvC,YAAY,MAAqB;QAC/B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QAErB,8DAA8D;QAC9D,IAAI,UAA8B,CAAC;QACnC,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,IAAI,sBAAY,EAAE,CAAC;YACrC,UAAU,GAAG,SAAS,CAAC,UAAU,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,UAAU,CAAC,CAAC;QACtE,CAAC;QAAC,MAAM,CAAC;YACP,0DAA0D;QAC5D,CAAC;QAED,MAAM,MAAM,GAAG,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;QAC1C,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS;YAChC,CAAC,CAAC,IAAI,sBAAS,CACX,MAAM,CAAC,SAAS,EAChB,MAAM,CAAC,QAAQ,IAAI,SAAS,EAC5B,MAAM,CAAC,WAAW,IAAI,SAAS,CAChC;YACH,CAAC,CAAC,SAAS,CAAC;QAEd,IAAI,CAAC,MAAM,GAAG,IAAI,uBAAc,CAAC;YAC/B,MAAM;YACN,UAAU;YACV,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,SAAS;YACT,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,SAAS,EAAE,MAAM,CAAC,SAAS;SAC5B,CAAC,CAAC;IACL,CAAC;IAED,iEAAiE;IACjE,KAAK,CAAC,KAAK;QACT,MAAM,IAAI,CAAC,MAAM,CAAC,eAAe,EAAE,CAAC;IACtC,CAAC;IAED,yFAAyF;IACzF,YAAY;QACV,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;IAC7B,CAAC;IAED,+BAA+B;IAC/B,WAAW;QACT,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;IACrB,CAAC;IAED,wCAAwC;IACxC,GAAG,CAAC,GAAW;QACb,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAC7B,CAAC;IAED,wCAAwC;IACxC,MAAM;QACJ,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC;IACnC,CAAC;IAED,0DAA0D;IAC1D,GAAG;QACD,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC;IACvB,CAAC;IAED,gCAAgC;IAChC,IAAI;QACF,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;IAC9B,CAAC;IAED,iCAAiC;IACjC,IAAI,QAAQ;QACV,OAAO,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE,IAAI,EAAE,CAAC;IACxC,CAAC;IAED,wCAAwC;IACxC,IAAI,KAAK;QACP,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;IAC9B,CAAC;IAED,yDAAyD;IACzD,SAAS;QACP,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAED,wDAAwD;IACxD,QAAQ;QACN,OAAO,IAAI,CAAC,KAAK,CAAC;IACpB,CAAC;IAEO,aAAa,CAAC,MAAqB;QACzC,aAAa;QACb,MAAM,SAAS,GAAG;YAChB,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,WAAW,EAAE,MAAM,CAAC,WAAW;SAChC,CAAC;QACF,MAAM,UAAU,GAAG,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACpE,MAAM,UAAU,GAAG,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;QAEnE,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACnD,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACtD,MAAM,IAAI,KAAK,CACb,yCAAyC,OAAO,2GAA2G,CAC5J,CAAC;QACJ,CAAC;QAED,IAAI,UAAU,CAAC,MAAM,KAAK,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,MAAM,EAAE,CAAC;YACxD,MAAM,QAAQ,GAAG,IAAA,yBAAiB,EAAC;gBACjC,QAAQ,EAAE,MAAM,CAAC,QAAS;gBAC1B,IAAI,EAAE,MAAM,CAAC,IAAK;gBAClB,KAAK,EAAE,MAAM,CAAC,KAAM;gBACpB,GAAG,EAAE,MAAM,CAAC,GAAG;gBACf,MAAM,EAAE,MAAM,CAAC,MAAM;aACtB,CAAC,CAAC;YACH,OAAO,IAAI,uBAAiB,CAAC,QAAQ,EAAE,MAAM,CAAC,QAAS,EAAE,MAAM,CAAC,WAAY,CAAC,CAAC;QAChF,CAAC;QAED,sBAAsB;QACtB,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;YAClB,IAAI,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;gBAChF,OAAO,IAAI,yBAAkB,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;YAC/C,CAAC;YACD,OAAO,IAAI,yBAAkB,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAC/C,CAAC;QAED,MAAM,IAAI,KAAK,CACb,wHAAwH,CACzH,CAAC;IACJ,CAAC;CACF;AAtID,kCAsIC;AAED,2FAA2F;AACpF,KAAK,UAAU,IAAI,CAAC,MAAqB;IAC9C,MAAM,OAAO,GAAG,IAAI,WAAW,CAAC,MAAM,CAAC,CAAC;IACxC,MAAM,OAAO,CAAC,KAAK,EAAE,CAAC;IACtB,OAAO,OAAO,CAAC;AACjB,CAAC"}
|
package/dist/poller.d.ts
CHANGED
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
import { SecretsCache } from "./secrets-cache";
|
|
2
2
|
import { ArtifactSource } from "./sources/types";
|
|
3
3
|
import { DiskCache } from "./disk-cache";
|
|
4
|
+
import { EncryptedArtifactStore } from "./encrypted-artifact-store";
|
|
5
|
+
import { ArtifactDecryptor } from "./artifact-decryptor";
|
|
4
6
|
import { TelemetryEmitter } from "./telemetry";
|
|
5
7
|
/** KMS envelope metadata for artifacts using KMS envelope encryption. */
|
|
6
8
|
export interface ArtifactKmsEnvelope {
|
|
@@ -8,6 +10,10 @@ export interface ArtifactKmsEnvelope {
|
|
|
8
10
|
keyId: string;
|
|
9
11
|
wrappedKey: string;
|
|
10
12
|
algorithm: string;
|
|
13
|
+
/** Base64-encoded 12-byte AES-GCM initialization vector. */
|
|
14
|
+
iv: string;
|
|
15
|
+
/** Base64-encoded 16-byte AES-GCM authentication tag. */
|
|
16
|
+
authTag: string;
|
|
11
17
|
}
|
|
12
18
|
/** Shape of a packed artifact JSON envelope. */
|
|
13
19
|
export interface ArtifactEnvelope {
|
|
@@ -42,7 +48,7 @@ export interface PollerOptions {
|
|
|
42
48
|
onRefresh?: (revision: string) => void;
|
|
43
49
|
/** Optional error callback for logging. */
|
|
44
50
|
onError?: (err: Error) => void;
|
|
45
|
-
/** Max seconds the cache may be served without a successful refresh. */
|
|
51
|
+
/** Max seconds the cache may be served without a successful refresh. 0 = JIT mode. */
|
|
46
52
|
cacheTtl?: number;
|
|
47
53
|
/** Optional telemetry emitter for event reporting. */
|
|
48
54
|
telemetry?: TelemetryEmitter;
|
|
@@ -51,6 +57,8 @@ export interface PollerOptions {
|
|
|
51
57
|
* When set, artifacts without a valid signature are hard-rejected before decryption.
|
|
52
58
|
*/
|
|
53
59
|
verifyKey?: string;
|
|
60
|
+
/** Encrypted artifact store for JIT mode. When set, enables fetch-only polling. */
|
|
61
|
+
encryptedStore?: EncryptedArtifactStore;
|
|
54
62
|
}
|
|
55
63
|
export declare class ArtifactPoller {
|
|
56
64
|
private timer;
|
|
@@ -59,17 +67,41 @@ export declare class ArtifactPoller {
|
|
|
59
67
|
private lastExpiresAt;
|
|
60
68
|
private readonly decryptor;
|
|
61
69
|
private readonly options;
|
|
70
|
+
private readonly jitMode;
|
|
62
71
|
private telemetryOverride?;
|
|
63
72
|
constructor(options: PollerOptions);
|
|
73
|
+
/** Get the decryptor instance (for JIT mode server wiring). */
|
|
74
|
+
getDecryptor(): ArtifactDecryptor;
|
|
64
75
|
/** Set or replace the telemetry emitter (e.g. after resolving token from secrets). */
|
|
65
76
|
setTelemetry(emitter: TelemetryEmitter): void;
|
|
66
77
|
private get telemetry();
|
|
67
|
-
/**
|
|
78
|
+
/**
|
|
79
|
+
* Fetch, validate, decrypt, and cache the artifact.
|
|
80
|
+
* Used in cached mode (cacheTtl > 0).
|
|
81
|
+
*/
|
|
68
82
|
fetchAndDecrypt(): Promise<void>;
|
|
69
83
|
/**
|
|
70
|
-
*
|
|
71
|
-
*
|
|
72
|
-
*
|
|
84
|
+
* Fetch and validate the artifact without decrypting.
|
|
85
|
+
* Stores the validated envelope in the encryptedStore for on-demand decryption.
|
|
86
|
+
* Used in JIT mode (cacheTtl = 0).
|
|
87
|
+
*/
|
|
88
|
+
fetchAndValidate(): Promise<void>;
|
|
89
|
+
/**
|
|
90
|
+
* Fetch the raw artifact from the source (with disk cache fallback),
|
|
91
|
+
* parse JSON, and check for revocation.
|
|
92
|
+
*
|
|
93
|
+
* Returns null when the content hash is unchanged (short-circuit).
|
|
94
|
+
*/
|
|
95
|
+
private fetchRaw;
|
|
96
|
+
/**
|
|
97
|
+
* Validate the artifact envelope: version, required fields, expiry,
|
|
98
|
+
* revision dedup, integrity hash, and signature.
|
|
99
|
+
* Emits `artifact.invalid` / `artifact.expired` telemetry on failure.
|
|
100
|
+
* Returns the validated artifact, or throws.
|
|
101
|
+
*/
|
|
102
|
+
private validateArtifact;
|
|
103
|
+
/**
|
|
104
|
+
* Validate then decrypt and cache. Used by fetchAndDecrypt (cached mode).
|
|
73
105
|
*/
|
|
74
106
|
private validateDecryptAndCache;
|
|
75
107
|
/** Start the polling loop. Performs an initial fetch immediately. */
|
|
@@ -84,6 +116,6 @@ export declare class ArtifactPoller {
|
|
|
84
116
|
private scheduleNext;
|
|
85
117
|
/** Compute ms until next poll: 80% of expiresAt remaining, or cacheTtl / 10 fallback. */
|
|
86
118
|
private computeNextPollMs;
|
|
87
|
-
private
|
|
119
|
+
private validateEnvelope;
|
|
88
120
|
}
|
|
89
121
|
//# sourceMappingURL=poller.d.ts.map
|
package/dist/poller.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"poller.d.ts","sourceRoot":"","sources":["../src/poller.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;
|
|
1
|
+
{"version":3,"file":"poller.d.ts","sourceRoot":"","sources":["../src/poller.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EAAE,sBAAsB,EAAE,MAAM,4BAA4B,CAAC;AACpE,OAAO,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AACzD,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAG/C,yEAAyE;AACzE,MAAM,WAAW,mBAAmB;IAClC,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,4DAA4D;IAC5D,EAAE,EAAE,MAAM,CAAC;IACX,yDAAyD;IACzD,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,gDAAgD;AAChD,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,cAAc,EAAE,MAAM,CAAC;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,QAAQ,CAAC,EAAE,mBAAmB,CAAC;IAC/B,uEAAuE;IACvE,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,iFAAiF;IACjF,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,kFAAkF;IAClF,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,gFAAgF;IAChF,kBAAkB,CAAC,EAAE,MAAM,CAAC;CAC7B;AAED,MAAM,WAAW,aAAa;IAC5B,gCAAgC;IAChC,MAAM,EAAE,cAAc,CAAC;IACvB,mEAAmE;IACnE,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,8CAA8C;IAC9C,KAAK,EAAE,YAAY,CAAC;IACpB,wCAAwC;IACxC,SAAS,CAAC,EAAE,SAAS,CAAC;IACtB,+CAA+C;IAC/C,SAAS,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,IAAI,CAAC;IACvC,2CAA2C;IAC3C,OAAO,CAAC,EAAE,CAAC,GAAG,EAAE,KAAK,KAAK,IAAI,CAAC;IAC/B,sFAAsF;IACtF,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,sDAAsD;IACtD,SAAS,CAAC,EAAE,gBAAgB,CAAC;IAC7B;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,mFAAmF;IACnF,cAAc,CAAC,EAAE,sBAAsB,CAAC;CACzC;AAaD,qBAAa,cAAc;IACzB,OAAO,CAAC,KAAK,CAA8C;IAC3D,OAAO,CAAC,eAAe,CAAuB;IAC9C,OAAO,CAAC,YAAY,CAAuB;IAC3C,OAAO,CAAC,aAAa,CAAuB;IAC5C,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAoB;IAC9C,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAgB;IACxC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAU;IAClC,OAAO,CAAC,iBAAiB,CAAC,CAAmB;gBAEjC,OAAO,EAAE,aAAa;IASlC,+DAA+D;IAC/D,YAAY,IAAI,iBAAiB;IAIjC,sFAAsF;IACtF,YAAY,CAAC,OAAO,EAAE,gBAAgB,GAAG,IAAI;IAK7C,OAAO,KAAK,SAAS,GAEpB;IAED;;;OAGG;IACG,eAAe,IAAI,OAAO,CAAC,IAAI,CAAC;IAMtC;;;;OAIG;IACG,gBAAgB,IAAI,OAAO,CAAC,IAAI,CAAC;IAkBvC;;;;;OAKG;YACW,QAAQ;IA2FtB;;;;;OAKG;IACH,OAAO,CAAC,gBAAgB;IAkFxB;;OAEG;YACW,uBAAuB;IAyBrC,qEAAqE;IAC/D,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAS5B,0DAA0D;IAC1D,YAAY,IAAI,IAAI;IAKpB,6BAA6B;IAC7B,IAAI,IAAI,IAAI;IAOZ,+CAA+C;IAC/C,SAAS,IAAI,OAAO;IAIpB,wDAAwD;IACxD,OAAO,CAAC,YAAY;IAiBpB,yFAAyF;IACzF,OAAO,CAAC,iBAAiB;IAoBzB,OAAO,CAAC,gBAAgB;CAsBzB"}
|
package/dist/poller.js
CHANGED
|
@@ -35,12 +35,15 @@ var __importStar = (this && this.__importStar) || (function () {
|
|
|
35
35
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
36
36
|
exports.ArtifactPoller = void 0;
|
|
37
37
|
const crypto = __importStar(require("crypto"));
|
|
38
|
-
const
|
|
39
|
-
const kms_1 = require("./kms");
|
|
38
|
+
const artifact_decryptor_1 = require("./artifact-decryptor");
|
|
40
39
|
const signature_1 = require("./signature");
|
|
41
40
|
/**
|
|
42
41
|
* Periodically fetches a published artifact, decrypts it, and swaps the
|
|
43
42
|
* secrets cache when a new revision is detected.
|
|
43
|
+
*
|
|
44
|
+
* In JIT mode (cacheTtl=0 with encryptedStore), the poller fetches and
|
|
45
|
+
* validates the artifact but does NOT decrypt. The encrypted artifact is
|
|
46
|
+
* stored for on-demand decryption by the request handler.
|
|
44
47
|
*/
|
|
45
48
|
/** Minimum poll interval in milliseconds (floor for all scheduling). */
|
|
46
49
|
const MIN_POLL_MS = 5_000;
|
|
@@ -49,21 +52,68 @@ class ArtifactPoller {
|
|
|
49
52
|
lastContentHash = null;
|
|
50
53
|
lastRevision = null;
|
|
51
54
|
lastExpiresAt = null;
|
|
52
|
-
decryptor
|
|
55
|
+
decryptor;
|
|
53
56
|
options;
|
|
57
|
+
jitMode;
|
|
54
58
|
telemetryOverride;
|
|
55
59
|
constructor(options) {
|
|
56
60
|
this.options = options;
|
|
61
|
+
this.jitMode = !!options.encryptedStore;
|
|
62
|
+
this.decryptor = new artifact_decryptor_1.ArtifactDecryptor({
|
|
63
|
+
privateKey: options.privateKey,
|
|
64
|
+
telemetry: options.telemetry,
|
|
65
|
+
});
|
|
66
|
+
}
|
|
67
|
+
/** Get the decryptor instance (for JIT mode server wiring). */
|
|
68
|
+
getDecryptor() {
|
|
69
|
+
return this.decryptor;
|
|
57
70
|
}
|
|
58
71
|
/** Set or replace the telemetry emitter (e.g. after resolving token from secrets). */
|
|
59
72
|
setTelemetry(emitter) {
|
|
60
73
|
this.telemetryOverride = emitter;
|
|
74
|
+
this.decryptor.setTelemetry(emitter);
|
|
61
75
|
}
|
|
62
76
|
get telemetry() {
|
|
63
77
|
return this.telemetryOverride ?? this.options.telemetry;
|
|
64
78
|
}
|
|
65
|
-
/**
|
|
79
|
+
/**
|
|
80
|
+
* Fetch, validate, decrypt, and cache the artifact.
|
|
81
|
+
* Used in cached mode (cacheTtl > 0).
|
|
82
|
+
*/
|
|
66
83
|
async fetchAndDecrypt() {
|
|
84
|
+
const result = await this.fetchRaw();
|
|
85
|
+
if (!result)
|
|
86
|
+
return; // short-circuited (unchanged hash)
|
|
87
|
+
await this.validateDecryptAndCache(result.artifact, result.contentHash);
|
|
88
|
+
}
|
|
89
|
+
/**
|
|
90
|
+
* Fetch and validate the artifact without decrypting.
|
|
91
|
+
* Stores the validated envelope in the encryptedStore for on-demand decryption.
|
|
92
|
+
* Used in JIT mode (cacheTtl = 0).
|
|
93
|
+
*/
|
|
94
|
+
async fetchAndValidate() {
|
|
95
|
+
const result = await this.fetchRaw();
|
|
96
|
+
if (!result)
|
|
97
|
+
return; // short-circuited (unchanged hash)
|
|
98
|
+
const artifact = this.validateArtifact(result.artifact);
|
|
99
|
+
this.options.encryptedStore.swap(artifact);
|
|
100
|
+
this.lastRevision = artifact.revision;
|
|
101
|
+
this.lastContentHash = result.contentHash ?? null;
|
|
102
|
+
this.lastExpiresAt = artifact.expiresAt ?? null;
|
|
103
|
+
this.options.onRefresh?.(artifact.revision);
|
|
104
|
+
this.telemetry?.artifactRefreshed({
|
|
105
|
+
revision: artifact.revision,
|
|
106
|
+
keyCount: artifact.keys.length,
|
|
107
|
+
kmsEnvelope: !!artifact.envelope,
|
|
108
|
+
});
|
|
109
|
+
}
|
|
110
|
+
/**
|
|
111
|
+
* Fetch the raw artifact from the source (with disk cache fallback),
|
|
112
|
+
* parse JSON, and check for revocation.
|
|
113
|
+
*
|
|
114
|
+
* Returns null when the content hash is unchanged (short-circuit).
|
|
115
|
+
*/
|
|
116
|
+
async fetchRaw() {
|
|
67
117
|
let raw;
|
|
68
118
|
let contentHash;
|
|
69
119
|
try {
|
|
@@ -72,7 +122,7 @@ class ArtifactPoller {
|
|
|
72
122
|
contentHash = result.contentHash;
|
|
73
123
|
// Content-hash short-circuit: skip parse+decrypt if unchanged
|
|
74
124
|
if (contentHash && contentHash === this.lastContentHash)
|
|
75
|
-
return;
|
|
125
|
+
return null;
|
|
76
126
|
// Write to disk cache on successful fetch
|
|
77
127
|
this.options.diskCache?.write(raw, contentHash);
|
|
78
128
|
}
|
|
@@ -86,8 +136,8 @@ class ArtifactPoller {
|
|
|
86
136
|
if (this.options.diskCache) {
|
|
87
137
|
const cached = this.options.diskCache.read();
|
|
88
138
|
if (cached) {
|
|
89
|
-
// Check if disk cache has also expired
|
|
90
|
-
if (ttl !== undefined) {
|
|
139
|
+
// Check if disk cache has also expired (skip TTL check in JIT mode)
|
|
140
|
+
if (ttl !== undefined && ttl > 0) {
|
|
91
141
|
const fetchedAt = this.options.diskCache.getFetchedAt();
|
|
92
142
|
if (fetchedAt && (Date.now() - new Date(fetchedAt).getTime()) / 1000 > ttl) {
|
|
93
143
|
this.options.cache.wipe();
|
|
@@ -103,11 +153,11 @@ class ArtifactPoller {
|
|
|
103
153
|
contentHash = this.options.diskCache.getCachedSha();
|
|
104
154
|
// If the cached hash matches, still skip
|
|
105
155
|
if (contentHash && contentHash === this.lastContentHash)
|
|
106
|
-
return;
|
|
156
|
+
return null;
|
|
107
157
|
}
|
|
108
158
|
else {
|
|
109
|
-
// No disk cache content — check in-memory TTL
|
|
110
|
-
if (ttl !== undefined && this.options.cache.isExpired(ttl)) {
|
|
159
|
+
// No disk cache content — check in-memory TTL (skip in JIT mode)
|
|
160
|
+
if (ttl !== undefined && ttl > 0 && this.options.cache.isExpired(ttl)) {
|
|
111
161
|
this.options.cache.wipe();
|
|
112
162
|
this.telemetry?.cacheExpired({
|
|
113
163
|
cacheTtlSeconds: ttl,
|
|
@@ -119,8 +169,8 @@ class ArtifactPoller {
|
|
|
119
169
|
}
|
|
120
170
|
}
|
|
121
171
|
else {
|
|
122
|
-
// No disk cache configured — check in-memory TTL
|
|
123
|
-
if (ttl !== undefined && this.options.cache.isExpired(ttl)) {
|
|
172
|
+
// No disk cache configured — check in-memory TTL (skip in JIT mode)
|
|
173
|
+
if (ttl !== undefined && ttl > 0 && this.options.cache.isExpired(ttl)) {
|
|
124
174
|
this.options.cache.wipe();
|
|
125
175
|
this.telemetry?.cacheExpired({
|
|
126
176
|
cacheTtlSeconds: ttl,
|
|
@@ -131,11 +181,11 @@ class ArtifactPoller {
|
|
|
131
181
|
throw err;
|
|
132
182
|
}
|
|
133
183
|
}
|
|
134
|
-
// Check for revocation before full validation — a revoked artifact
|
|
135
|
-
// won't have ciphertext/revision fields.
|
|
136
184
|
const parsed = JSON.parse(raw);
|
|
185
|
+
// Check for revocation before full validation
|
|
137
186
|
if (parsed.revokedAt) {
|
|
138
187
|
this.options.cache.wipe();
|
|
188
|
+
this.options.encryptedStore?.wipe();
|
|
139
189
|
this.options.diskCache?.purge();
|
|
140
190
|
this.lastRevision = null;
|
|
141
191
|
this.lastContentHash = null;
|
|
@@ -144,18 +194,18 @@ class ArtifactPoller {
|
|
|
144
194
|
});
|
|
145
195
|
throw new Error(`Artifact revoked: ${parsed.identity}/${parsed.environment} at ${parsed.revokedAt}`);
|
|
146
196
|
}
|
|
147
|
-
|
|
148
|
-
await this.validateDecryptAndCache(raw, contentHash);
|
|
197
|
+
return { artifact: parsed, contentHash };
|
|
149
198
|
}
|
|
150
199
|
/**
|
|
151
|
-
* Validate the artifact
|
|
152
|
-
*
|
|
153
|
-
*
|
|
200
|
+
* Validate the artifact envelope: version, required fields, expiry,
|
|
201
|
+
* revision dedup, integrity hash, and signature.
|
|
202
|
+
* Emits `artifact.invalid` / `artifact.expired` telemetry on failure.
|
|
203
|
+
* Returns the validated artifact, or throws.
|
|
154
204
|
*/
|
|
155
|
-
|
|
205
|
+
validateArtifact(parsed) {
|
|
156
206
|
let artifact;
|
|
157
207
|
try {
|
|
158
|
-
artifact = this.
|
|
208
|
+
artifact = this.validateEnvelope(parsed);
|
|
159
209
|
}
|
|
160
210
|
catch (err) {
|
|
161
211
|
this.telemetry?.artifactInvalid({
|
|
@@ -167,13 +217,14 @@ class ArtifactPoller {
|
|
|
167
217
|
// Check artifact-level expiry
|
|
168
218
|
if (artifact.expiresAt && Date.now() > new Date(artifact.expiresAt).getTime()) {
|
|
169
219
|
this.options.cache.wipe();
|
|
220
|
+
this.options.encryptedStore?.wipe();
|
|
170
221
|
this.options.diskCache?.purge();
|
|
171
222
|
this.telemetry?.artifactExpired({ expiresAt: artifact.expiresAt });
|
|
172
223
|
throw new Error(`Artifact expired at ${artifact.expiresAt}`);
|
|
173
224
|
}
|
|
174
225
|
// Skip if revision unchanged
|
|
175
226
|
if (artifact.revision === this.lastRevision)
|
|
176
|
-
return;
|
|
227
|
+
return artifact;
|
|
177
228
|
// Verify integrity
|
|
178
229
|
const hash = crypto.createHash("sha256").update(artifact.ciphertext).digest("hex");
|
|
179
230
|
if (hash !== artifact.ciphertextHash) {
|
|
@@ -218,65 +269,38 @@ class ArtifactPoller {
|
|
|
218
269
|
throw err;
|
|
219
270
|
}
|
|
220
271
|
}
|
|
221
|
-
|
|
222
|
-
|
|
223
|
-
|
|
224
|
-
|
|
225
|
-
|
|
226
|
-
|
|
227
|
-
|
|
228
|
-
|
|
229
|
-
|
|
230
|
-
|
|
231
|
-
|
|
232
|
-
|
|
233
|
-
|
|
234
|
-
|
|
235
|
-
|
|
236
|
-
|
|
237
|
-
|
|
238
|
-
|
|
239
|
-
|
|
240
|
-
|
|
241
|
-
|
|
242
|
-
|
|
243
|
-
|
|
244
|
-
if (!this.options.privateKey) {
|
|
245
|
-
throw new Error("Artifact requires an age private key. Set CLEF_AGENT_AGE_KEY or use KMS envelope encryption.");
|
|
246
|
-
}
|
|
247
|
-
agePrivateKey = this.options.privateKey;
|
|
248
|
-
}
|
|
249
|
-
// Decrypt
|
|
250
|
-
try {
|
|
251
|
-
const plaintext = await this.decryptor.decrypt(artifact.ciphertext, agePrivateKey);
|
|
252
|
-
const values = JSON.parse(plaintext);
|
|
253
|
-
// Atomic swap
|
|
254
|
-
this.options.cache.swap(values, artifact.keys, artifact.revision);
|
|
255
|
-
this.lastRevision = artifact.revision;
|
|
256
|
-
this.lastContentHash = contentHash ?? null;
|
|
257
|
-
this.lastExpiresAt = artifact.expiresAt ?? null;
|
|
258
|
-
this.options.onRefresh?.(artifact.revision);
|
|
259
|
-
this.telemetry?.artifactRefreshed({
|
|
260
|
-
revision: artifact.revision,
|
|
261
|
-
keyCount: artifact.keys.length,
|
|
262
|
-
kmsEnvelope: !!artifact.envelope,
|
|
263
|
-
});
|
|
264
|
-
}
|
|
265
|
-
catch (err) {
|
|
266
|
-
// Don't double-emit for errors already classified above
|
|
267
|
-
if (err instanceof Error && !err.message.includes("integrity check failed")) {
|
|
268
|
-
this.telemetry?.artifactInvalid({
|
|
269
|
-
reason: err instanceof SyntaxError ? "payload_parse" : "decrypt",
|
|
270
|
-
error: err.message,
|
|
271
|
-
});
|
|
272
|
-
}
|
|
273
|
-
throw err;
|
|
274
|
-
}
|
|
272
|
+
return artifact;
|
|
273
|
+
}
|
|
274
|
+
/**
|
|
275
|
+
* Validate then decrypt and cache. Used by fetchAndDecrypt (cached mode).
|
|
276
|
+
*/
|
|
277
|
+
async validateDecryptAndCache(parsed, contentHash) {
|
|
278
|
+
const artifact = this.validateArtifact(parsed);
|
|
279
|
+
// Skip if revision unchanged (validateArtifact returns but doesn't throw)
|
|
280
|
+
if (artifact.revision === this.lastRevision)
|
|
281
|
+
return;
|
|
282
|
+
// Delegate decryption to the ArtifactDecryptor
|
|
283
|
+
const { values } = await this.decryptor.decrypt(artifact);
|
|
284
|
+
// Atomic swap
|
|
285
|
+
this.options.cache.swap(values, artifact.keys, artifact.revision);
|
|
286
|
+
this.lastRevision = artifact.revision;
|
|
287
|
+
this.lastContentHash = contentHash ?? null;
|
|
288
|
+
this.lastExpiresAt = artifact.expiresAt ?? null;
|
|
289
|
+
this.options.onRefresh?.(artifact.revision);
|
|
290
|
+
this.telemetry?.artifactRefreshed({
|
|
291
|
+
revision: artifact.revision,
|
|
292
|
+
keyCount: artifact.keys.length,
|
|
293
|
+
kmsEnvelope: !!artifact.envelope,
|
|
294
|
+
});
|
|
275
295
|
}
|
|
276
296
|
/** Start the polling loop. Performs an initial fetch immediately. */
|
|
277
297
|
async start() {
|
|
278
|
-
|
|
279
|
-
|
|
298
|
+
if (this.jitMode) {
|
|
299
|
+
await this.fetchAndValidate();
|
|
300
|
+
}
|
|
301
|
+
else {
|
|
302
|
+
await this.fetchAndDecrypt();
|
|
303
|
+
}
|
|
280
304
|
this.scheduleNext();
|
|
281
305
|
}
|
|
282
306
|
/** Start only the polling schedule (no initial fetch). */
|
|
@@ -302,7 +326,12 @@ class ArtifactPoller {
|
|
|
302
326
|
this.timer = setTimeout(async () => {
|
|
303
327
|
this.timer = null;
|
|
304
328
|
try {
|
|
305
|
-
|
|
329
|
+
if (this.jitMode) {
|
|
330
|
+
await this.fetchAndValidate();
|
|
331
|
+
}
|
|
332
|
+
else {
|
|
333
|
+
await this.fetchAndDecrypt();
|
|
334
|
+
}
|
|
306
335
|
}
|
|
307
336
|
catch (err) {
|
|
308
337
|
this.options.onError?.(err instanceof Error ? err : new Error(String(err)));
|
|
@@ -321,6 +350,9 @@ class ArtifactPoller {
|
|
|
321
350
|
// Already expired — poll immediately (with floor)
|
|
322
351
|
return MIN_POLL_MS;
|
|
323
352
|
}
|
|
353
|
+
// JIT mode: 5s interval for fast recovery after rotate + re-enable IAM
|
|
354
|
+
if (this.jitMode)
|
|
355
|
+
return MIN_POLL_MS;
|
|
324
356
|
// Fallback: derive from cacheTtl (default 30s if no TTL configured)
|
|
325
357
|
const ttl = this.options.cacheTtl;
|
|
326
358
|
if (ttl !== undefined) {
|
|
@@ -328,8 +360,7 @@ class ArtifactPoller {
|
|
|
328
360
|
}
|
|
329
361
|
return 30_000;
|
|
330
362
|
}
|
|
331
|
-
|
|
332
|
-
const artifact = JSON.parse(raw);
|
|
363
|
+
validateEnvelope(artifact) {
|
|
333
364
|
if (artifact.version !== 1) {
|
|
334
365
|
throw new Error(`Unsupported artifact version: ${artifact.version}`);
|
|
335
366
|
}
|
|
@@ -340,7 +371,9 @@ class ArtifactPoller {
|
|
|
340
371
|
if (!artifact.envelope.provider ||
|
|
341
372
|
!artifact.envelope.keyId ||
|
|
342
373
|
!artifact.envelope.wrappedKey ||
|
|
343
|
-
!artifact.envelope.algorithm
|
|
374
|
+
!artifact.envelope.algorithm ||
|
|
375
|
+
!artifact.envelope.iv ||
|
|
376
|
+
!artifact.envelope.authTag) {
|
|
344
377
|
throw new Error("Invalid artifact: incomplete envelope fields.");
|
|
345
378
|
}
|
|
346
379
|
}
|
package/dist/poller.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"poller.js","sourceRoot":"","sources":["../src/poller.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,+CAAiC;AAEjC,uCAAyC;AAGzC,+BAA0C;AAE1C,2CAAmE;AAuDnE;;;GAGG;AACH,wEAAwE;AACxE,MAAM,WAAW,GAAG,KAAK,CAAC;AAE1B,MAAa,cAAc;IACjB,KAAK,GAAyC,IAAI,CAAC;IACnD,eAAe,GAAkB,IAAI,CAAC;IACtC,YAAY,GAAkB,IAAI,CAAC;IACnC,aAAa,GAAkB,IAAI,CAAC;IAC3B,SAAS,GAAG,IAAI,sBAAY,EAAE,CAAC;IAC/B,OAAO,CAAgB;IAChC,iBAAiB,CAAoB;IAE7C,YAAY,OAAsB;QAChC,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;IACzB,CAAC;IAED,sFAAsF;IACtF,YAAY,CAAC,OAAyB;QACpC,IAAI,CAAC,iBAAiB,GAAG,OAAO,CAAC;IACnC,CAAC;IAED,IAAY,SAAS;QACnB,OAAO,IAAI,CAAC,iBAAiB,IAAI,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC;IAC1D,CAAC;IAED,wDAAwD;IACxD,KAAK,CAAC,eAAe;QACnB,IAAI,GAAW,CAAC;QAChB,IAAI,WAA+B,CAAC;QAEpC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YACjD,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC;YACjB,WAAW,GAAG,MAAM,CAAC,WAAW,CAAC;YAEjC,8DAA8D;YAC9D,IAAI,WAAW,IAAI,WAAW,KAAK,IAAI,CAAC,eAAe;gBAAE,OAAO;YAEhE,0CAA0C;YAC1C,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,KAAK,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;QAClD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,SAAS,EAAE,WAAW,CAAC;gBAC1B,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;gBACvD,kBAAkB,EAAE,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,IAAI,EAAE;aACrD,CAAC,CAAC;YAEH,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC;YAClC,8BAA8B;YAC9B,IAAI,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;gBAC3B,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;gBAC7C,IAAI,MAAM,EAAE,CAAC;oBACX,uCAAuC;oBACvC,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;wBACtB,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,YAAY,EAAE,CAAC;wBACxD,IAAI,SAAS,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,IAAI,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,CAAC,GAAG,IAAI,GAAG,GAAG,EAAE,CAAC;4BAC3E,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;4BAC1B,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC;4BAC/B,IAAI,CAAC,SAAS,EAAE,YAAY,CAAC;gCAC3B,eAAe,EAAE,GAAG;gCACpB,eAAe,EAAE,IAAI;6BACtB,CAAC,CAAC;4BACH,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC;wBAC7E,CAAC;oBACH,CAAC;oBACD,GAAG,GAAG,MAAM,CAAC;oBACb,WAAW,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,YAAY,EAAE,CAAC;oBACpD,yCAAyC;oBACzC,IAAI,WAAW,IAAI,WAAW,KAAK,IAAI,CAAC,eAAe;wBAAE,OAAO;gBAClE,CAAC;qBAAM,CAAC;oBACN,8CAA8C;oBAC9C,IAAI,GAAG,KAAK,SAAS,IAAI,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC;wBAC3D,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;wBAC1B,IAAI,CAAC,SAAS,EAAE,YAAY,CAAC;4BAC3B,eAAe,EAAE,GAAG;4BACpB,eAAe,EAAE,KAAK;yBACvB,CAAC,CAAC;wBACH,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC;oBAC7E,CAAC;oBACD,MAAM,GAAG,CAAC;gBACZ,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,iDAAiD;gBACjD,IAAI,GAAG,KAAK,SAAS,IAAI,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC;oBAC3D,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;oBAC1B,IAAI,CAAC,SAAS,EAAE,YAAY,CAAC;wBAC3B,eAAe,EAAE,GAAG;wBACpB,eAAe,EAAE,KAAK;qBACvB,CAAC,CAAC;oBACH,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC;gBAC7E,CAAC;gBACD,MAAM,GAAG,CAAC;YACZ,CAAC;QACH,CAAC;QAED,mEAAmE;QACnE,yCAAyC;QACzC,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAA4B,CAAC;QAC1D,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;YACrB,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;YAC1B,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,KAAK,EAAE,CAAC;YAChC,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC;YACzB,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC;YAC5B,IAAI,CAAC,SAAS,EAAE,eAAe,CAAC;gBAC9B,SAAS,EAAE,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC;aACpC,CAAC,CAAC;YACH,MAAM,IAAI,KAAK,CACb,qBAAqB,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC,WAAW,OAAO,MAAM,CAAC,SAAS,EAAE,CACpF,CAAC;QACJ,CAAC;QAED,sEAAsE;QACtE,MAAM,IAAI,CAAC,uBAAuB,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;IACvD,CAAC;IAED;;;;OAIG;IACK,KAAK,CAAC,uBAAuB,CACnC,GAAW,EACX,WAA+B;QAE/B,IAAI,QAA0B,CAAC;QAC/B,IAAI,CAAC;YACH,QAAQ,GAAG,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC;QACxC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,SAAS,EAAE,eAAe,CAAC;gBAC9B,MAAM,EAAE,uBAAuB,CAAC,GAAG,CAAC;gBACpC,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;aACxD,CAAC,CAAC;YACH,MAAM,GAAG,CAAC;QACZ,CAAC;QAED,8BAA8B;QAC9B,IAAI,QAAQ,CAAC,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC;YAC9E,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;YAC1B,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,KAAK,EAAE,CAAC;YAChC,IAAI,CAAC,SAAS,EAAE,eAAe,CAAC,EAAE,SAAS,EAAE,QAAQ,CAAC,SAAS,EAAE,CAAC,CAAC;YACnE,MAAM,IAAI,KAAK,CAAC,uBAAuB,QAAQ,CAAC,SAAS,EAAE,CAAC,CAAC;QAC/D,CAAC;QAED,6BAA6B;QAC7B,IAAI,QAAQ,CAAC,QAAQ,KAAK,IAAI,CAAC,YAAY;YAAE,OAAO;QAEpD,mBAAmB;QACnB,MAAM,IAAI,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACnF,IAAI,IAAI,KAAK,QAAQ,CAAC,cAAc,EAAE,CAAC;YACrC,MAAM,GAAG,GAAG,IAAI,KAAK,CACnB,kDAAkD,QAAQ,CAAC,cAAc,SAAS,IAAI,EAAE,CACzF,CAAC;YACF,IAAI,CAAC,SAAS,EAAE,eAAe,CAAC;gBAC9B,MAAM,EAAE,WAAW;gBACnB,KAAK,EAAE,GAAG,CAAC,OAAO;aACnB,CAAC,CAAC;YACH,MAAM,GAAG,CAAC;QACZ,CAAC;QAED,iEAAiE;QACjE,IAAI,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;YAC3B,IAAI,CAAC,QAAQ,CAAC,SAAS,EAAE,CAAC;gBACxB,MAAM,GAAG,GAAG,IAAI,KAAK,CACnB,+FAA+F;oBAC7F,4EAA4E,CAC/E,CAAC;gBACF,IAAI,CAAC,SAAS,EAAE,eAAe,CAAC;oBAC9B,MAAM,EAAE,mBAAmB;oBAC3B,KAAK,EAAE,GAAG,CAAC,OAAO;iBACnB,CAAC,CAAC;gBACH,MAAM,GAAG,CAAC;YACZ,CAAC;YAED,MAAM,OAAO,GAAG,IAAA,+BAAmB,EAAC,QAAQ,CAAC,CAAC;YAC9C,IAAI,KAAc,CAAC;YACnB,IAAI,CAAC;gBACH,KAAK,GAAG,IAAA,2BAAe,EAAC,OAAO,EAAE,QAAQ,CAAC,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YAC/E,CAAC;YAAC,OAAO,MAAM,EAAE,CAAC;gBAChB,MAAM,GAAG,GAAG,IAAI,KAAK,CACnB,0CAA0C,MAAM,YAAY,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CACtG,CAAC;gBACF,IAAI,CAAC,SAAS,EAAE,eAAe,CAAC;oBAC9B,MAAM,EAAE,iBAAiB;oBACzB,KAAK,EAAE,GAAG,CAAC,OAAO;iBACnB,CAAC,CAAC;gBACH,MAAM,GAAG,CAAC;YACZ,CAAC;YAED,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,MAAM,GAAG,GAAG,IAAI,KAAK,CACnB,mFAAmF;oBACjF,wEAAwE,CAC3E,CAAC;gBACF,IAAI,CAAC,SAAS,EAAE,eAAe,CAAC;oBAC9B,MAAM,EAAE,mBAAmB;oBAC3B,KAAK,EAAE,GAAG,CAAC,OAAO;iBACnB,CAAC,CAAC;gBACH,MAAM,GAAG,CAAC;YACZ,CAAC;QACH,CAAC;QAED,8BAA8B;QAC9B,IAAI,aAAqB,CAAC;QAC1B,IAAI,QAAQ,CAAC,QAAQ,EAAE,CAAC;YACtB,yDAAyD;YACzD,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,IAAA,uBAAiB,EAAC,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;gBAC1D,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;gBACvE,MAAM,SAAS,GAAG,MAAM,GAAG,CAAC,MAAM,CAChC,QAAQ,CAAC,QAAQ,CAAC,KAAK,EACvB,UAAU,EACV,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAC5B,CAAC;gBACF,yEAAyE;gBACzE,mFAAmF;gBACnF,aAAa,GAAG,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;gBAC5C,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACpB,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,IAAI,CAAC,SAAS,EAAE,eAAe,CAAC;oBAC9B,MAAM,EAAE,YAAY;oBACpB,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;iBACxD,CAAC,CAAC;gBACH,MAAM,GAAG,CAAC;YACZ,CAAC;QACH,CAAC;aAAM,CAAC;YACN,4EAA4E;YAC5E,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,CAAC;gBAC7B,MAAM,IAAI,KAAK,CACb,8FAA8F,CAC/F,CAAC;YACJ,CAAC;YACD,aAAa,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC;QAC1C,CAAC;QAED,UAAU;QACV,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;YACnF,MAAM,MAAM,GAA2B,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;YAE7D,cAAc;YACd,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAClE,IAAI,CAAC,YAAY,GAAG,QAAQ,CAAC,QAAQ,CAAC;YACtC,IAAI,CAAC,eAAe,GAAG,WAAW,IAAI,IAAI,CAAC;YAC3C,IAAI,CAAC,aAAa,GAAG,QAAQ,CAAC,SAAS,IAAI,IAAI,CAAC;YAChD,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAC5C,IAAI,CAAC,SAAS,EAAE,iBAAiB,CAAC;gBAChC,QAAQ,EAAE,QAAQ,CAAC,QAAQ;gBAC3B,QAAQ,EAAE,QAAQ,CAAC,IAAI,CAAC,MAAM;gBAC9B,WAAW,EAAE,CAAC,CAAC,QAAQ,CAAC,QAAQ;aACjC,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,wDAAwD;YACxD,IAAI,GAAG,YAAY,KAAK,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,wBAAwB,CAAC,EAAE,CAAC;gBAC5E,IAAI,CAAC,SAAS,EAAE,eAAe,CAAC;oBAC9B,MAAM,EAAE,GAAG,YAAY,WAAW,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS;oBAChE,KAAK,EAAE,GAAG,CAAC,OAAO;iBACnB,CAAC,CAAC;YACL,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;IAED,qEAAqE;IACrE,KAAK,CAAC,KAAK;QACT,qDAAqD;QACrD,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC;QAC7B,IAAI,CAAC,YAAY,EAAE,CAAC;IACtB,CAAC;IAED,0DAA0D;IAC1D,YAAY;QACV,IAAI,IAAI,CAAC,KAAK;YAAE,OAAO;QACvB,IAAI,CAAC,YAAY,EAAE,CAAC;IACtB,CAAC;IAED,6BAA6B;IAC7B,IAAI;QACF,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACzB,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;QACpB,CAAC;IACH,CAAC;IAED,+CAA+C;IAC/C,SAAS;QACP,OAAO,IAAI,CAAC,KAAK,KAAK,IAAI,CAAC;IAC7B,CAAC;IAED,wDAAwD;IAChD,YAAY;QAClB,MAAM,OAAO,GAAG,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACzC,IAAI,CAAC,KAAK,GAAG,UAAU,CAAC,KAAK,IAAI,EAAE;YACjC,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;YAClB,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC;YAC/B,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YAC9E,CAAC;YACD,IAAI,CAAC,YAAY,EAAE,CAAC;QACtB,CAAC,EAAE,OAAO,CAAC,CAAC;IACd,CAAC;IAED,yFAAyF;IACjF,iBAAiB;QACvB,qEAAqE;QACrE,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YACvB,MAAM,WAAW,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YACxE,IAAI,WAAW,GAAG,CAAC,EAAE,CAAC;gBACpB,OAAO,IAAI,CAAC,GAAG,CAAC,WAAW,GAAG,GAAG,EAAE,WAAW,CAAC,CAAC;YAClD,CAAC;YACD,kDAAkD;YAClD,OAAO,WAAW,CAAC;QACrB,CAAC;QACD,oEAAoE;QACpE,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC;QAClC,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;YACtB,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,GAAG,EAAE,CAAC,GAAG,IAAI,EAAE,WAAW,CAAC,CAAC;QAClD,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,gBAAgB,CAAC,GAAW;QAClC,MAAM,QAAQ,GAAqB,IAAI,CAAC,KAAK,CAAC,GAAG,CAAqB,CAAC;QAEvE,IAAI,QAAQ,CAAC,OAAO,KAAK,CAAC,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CAAC,iCAAiC,QAAQ,CAAC,OAAO,EAAE,CAAC,CAAC;QACvE,CAAC;QACD,IAAI,CAAC,QAAQ,CAAC,UAAU,IAAI,CAAC,QAAQ,CAAC,QAAQ,IAAI,CAAC,QAAQ,CAAC,cAAc,EAAE,CAAC;YAC3E,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;QAChE,CAAC;QACD,IAAI,QAAQ,CAAC,QAAQ,EAAE,CAAC;YACtB,IACE,CAAC,QAAQ,CAAC,QAAQ,CAAC,QAAQ;gBAC3B,CAAC,QAAQ,CAAC,QAAQ,CAAC,KAAK;gBACxB,CAAC,QAAQ,CAAC,QAAQ,CAAC,UAAU;gBAC7B,CAAC,QAAQ,CAAC,QAAQ,CAAC,SAAS,EAC5B,CAAC;gBACD,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;YACnE,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF;AAnVD,wCAmVC;AAED,wFAAwF;AACxF,SAAS,uBAAuB,CAAC,GAAY;IAC3C,IAAI,GAAG,YAAY,WAAW;QAAE,OAAO,YAAY,CAAC;IACpD,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC;IACpD,IAAI,GAAG,CAAC,QAAQ,CAAC,8BAA8B,CAAC;QAAE,OAAO,qBAAqB,CAAC;IAC/E,IAAI,GAAG,CAAC,QAAQ,CAAC,yBAAyB,CAAC;QAAE,OAAO,gBAAgB,CAAC;IACrE,IAAI,GAAG,CAAC,QAAQ,CAAC,qBAAqB,CAAC;QAAE,OAAO,qBAAqB,CAAC;IACtE,IAAI,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC;QAAE,OAAO,WAAW,CAAC;IAClD,OAAO,SAAS,CAAC;AACnB,CAAC"}
|
|
1
|
+
{"version":3,"file":"poller.js","sourceRoot":"","sources":["../src/poller.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,+CAAiC;AAKjC,6DAAyD;AAEzD,2CAAmE;AA6DnE;;;;;;;GAOG;AACH,wEAAwE;AACxE,MAAM,WAAW,GAAG,KAAK,CAAC;AAE1B,MAAa,cAAc;IACjB,KAAK,GAAyC,IAAI,CAAC;IACnD,eAAe,GAAkB,IAAI,CAAC;IACtC,YAAY,GAAkB,IAAI,CAAC;IACnC,aAAa,GAAkB,IAAI,CAAC;IAC3B,SAAS,CAAoB;IAC7B,OAAO,CAAgB;IACvB,OAAO,CAAU;IAC1B,iBAAiB,CAAoB;IAE7C,YAAY,OAAsB;QAChC,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACvB,IAAI,CAAC,OAAO,GAAG,CAAC,CAAC,OAAO,CAAC,cAAc,CAAC;QACxC,IAAI,CAAC,SAAS,GAAG,IAAI,sCAAiB,CAAC;YACrC,UAAU,EAAE,OAAO,CAAC,UAAU;YAC9B,SAAS,EAAE,OAAO,CAAC,SAAS;SAC7B,CAAC,CAAC;IACL,CAAC;IAED,+DAA+D;IAC/D,YAAY;QACV,OAAO,IAAI,CAAC,SAAS,CAAC;IACxB,CAAC;IAED,sFAAsF;IACtF,YAAY,CAAC,OAAyB;QACpC,IAAI,CAAC,iBAAiB,GAAG,OAAO,CAAC;QACjC,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;IACvC,CAAC;IAED,IAAY,SAAS;QACnB,OAAO,IAAI,CAAC,iBAAiB,IAAI,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC;IAC1D,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,eAAe;QACnB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,QAAQ,EAAE,CAAC;QACrC,IAAI,CAAC,MAAM;YAAE,OAAO,CAAC,mCAAmC;QACxD,MAAM,IAAI,CAAC,uBAAuB,CAAC,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,WAAW,CAAC,CAAC;IAC1E,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,gBAAgB;QACpB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,QAAQ,EAAE,CAAC;QACrC,IAAI,CAAC,MAAM;YAAE,OAAO,CAAC,mCAAmC;QAExD,MAAM,QAAQ,GAAG,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAExD,IAAI,CAAC,OAAO,CAAC,cAAe,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC5C,IAAI,CAAC,YAAY,GAAG,QAAQ,CAAC,QAAQ,CAAC;QACtC,IAAI,CAAC,eAAe,GAAG,MAAM,CAAC,WAAW,IAAI,IAAI,CAAC;QAClD,IAAI,CAAC,aAAa,GAAG,QAAQ,CAAC,SAAS,IAAI,IAAI,CAAC;QAChD,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAC5C,IAAI,CAAC,SAAS,EAAE,iBAAiB,CAAC;YAChC,QAAQ,EAAE,QAAQ,CAAC,QAAQ;YAC3B,QAAQ,EAAE,QAAQ,CAAC,IAAI,CAAC,MAAM;YAC9B,WAAW,EAAE,CAAC,CAAC,QAAQ,CAAC,QAAQ;SACjC,CAAC,CAAC;IACL,CAAC;IAED;;;;;OAKG;IACK,KAAK,CAAC,QAAQ;QAIpB,IAAI,GAAW,CAAC;QAChB,IAAI,WAA+B,CAAC;QAEpC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YACjD,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC;YACjB,WAAW,GAAG,MAAM,CAAC,WAAW,CAAC;YAEjC,8DAA8D;YAC9D,IAAI,WAAW,IAAI,WAAW,KAAK,IAAI,CAAC,eAAe;gBAAE,OAAO,IAAI,CAAC;YAErE,0CAA0C;YAC1C,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,KAAK,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;QAClD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,SAAS,EAAE,WAAW,CAAC;gBAC1B,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;gBACvD,kBAAkB,EAAE,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,IAAI,EAAE;aACrD,CAAC,CAAC;YAEH,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC;YAClC,8BAA8B;YAC9B,IAAI,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;gBAC3B,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;gBAC7C,IAAI,MAAM,EAAE,CAAC;oBACX,oEAAoE;oBACpE,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,GAAG,CAAC,EAAE,CAAC;wBACjC,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,YAAY,EAAE,CAAC;wBACxD,IAAI,SAAS,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,IAAI,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,CAAC,GAAG,IAAI,GAAG,GAAG,EAAE,CAAC;4BAC3E,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;4BAC1B,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC;4BAC/B,IAAI,CAAC,SAAS,EAAE,YAAY,CAAC;gCAC3B,eAAe,EAAE,GAAG;gCACpB,eAAe,EAAE,IAAI;6BACtB,CAAC,CAAC;4BACH,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC;wBAC7E,CAAC;oBACH,CAAC;oBACD,GAAG,GAAG,MAAM,CAAC;oBACb,WAAW,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,YAAY,EAAE,CAAC;oBACpD,yCAAyC;oBACzC,IAAI,WAAW,IAAI,WAAW,KAAK,IAAI,CAAC,eAAe;wBAAE,OAAO,IAAI,CAAC;gBACvE,CAAC;qBAAM,CAAC;oBACN,iEAAiE;oBACjE,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,GAAG,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC;wBACtE,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;wBAC1B,IAAI,CAAC,SAAS,EAAE,YAAY,CAAC;4BAC3B,eAAe,EAAE,GAAG;4BACpB,eAAe,EAAE,KAAK;yBACvB,CAAC,CAAC;wBACH,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC;oBAC7E,CAAC;oBACD,MAAM,GAAG,CAAC;gBACZ,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,oEAAoE;gBACpE,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,GAAG,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC;oBACtE,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;oBAC1B,IAAI,CAAC,SAAS,EAAE,YAAY,CAAC;wBAC3B,eAAe,EAAE,GAAG;wBACpB,eAAe,EAAE,KAAK;qBACvB,CAAC,CAAC;oBACH,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC;gBAC7E,CAAC;gBACD,MAAM,GAAG,CAAC;YACZ,CAAC;QACH,CAAC;QAED,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAA4B,CAAC;QAE1D,8CAA8C;QAC9C,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;YACrB,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;YAC1B,IAAI,CAAC,OAAO,CAAC,cAAc,EAAE,IAAI,EAAE,CAAC;YACpC,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,KAAK,EAAE,CAAC;YAChC,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC;YACzB,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC;YAC5B,IAAI,CAAC,SAAS,EAAE,eAAe,CAAC;gBAC9B,SAAS,EAAE,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC;aACpC,CAAC,CAAC;YACH,MAAM,IAAI,KAAK,CACb,qBAAqB,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC,WAAW,OAAO,MAAM,CAAC,SAAS,EAAE,CACpF,CAAC;QACJ,CAAC;QAED,OAAO,EAAE,QAAQ,EAAE,MAAqC,EAAE,WAAW,EAAE,CAAC;IAC1E,CAAC;IAED;;;;;OAKG;IACK,gBAAgB,CAAC,MAAwB;QAC/C,IAAI,QAA0B,CAAC;QAC/B,IAAI,CAAC;YACH,QAAQ,GAAG,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;QAC3C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,SAAS,EAAE,eAAe,CAAC;gBAC9B,MAAM,EAAE,uBAAuB,CAAC,GAAG,CAAC;gBACpC,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;aACxD,CAAC,CAAC;YACH,MAAM,GAAG,CAAC;QACZ,CAAC;QAED,8BAA8B;QAC9B,IAAI,QAAQ,CAAC,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC;YAC9E,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;YAC1B,IAAI,CAAC,OAAO,CAAC,cAAc,EAAE,IAAI,EAAE,CAAC;YACpC,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,KAAK,EAAE,CAAC;YAChC,IAAI,CAAC,SAAS,EAAE,eAAe,CAAC,EAAE,SAAS,EAAE,QAAQ,CAAC,SAAS,EAAE,CAAC,CAAC;YACnE,MAAM,IAAI,KAAK,CAAC,uBAAuB,QAAQ,CAAC,SAAS,EAAE,CAAC,CAAC;QAC/D,CAAC;QAED,6BAA6B;QAC7B,IAAI,QAAQ,CAAC,QAAQ,KAAK,IAAI,CAAC,YAAY;YAAE,OAAO,QAAQ,CAAC;QAE7D,mBAAmB;QACnB,MAAM,IAAI,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACnF,IAAI,IAAI,KAAK,QAAQ,CAAC,cAAc,EAAE,CAAC;YACrC,MAAM,GAAG,GAAG,IAAI,KAAK,CACnB,kDAAkD,QAAQ,CAAC,cAAc,SAAS,IAAI,EAAE,CACzF,CAAC;YACF,IAAI,CAAC,SAAS,EAAE,eAAe,CAAC;gBAC9B,MAAM,EAAE,WAAW;gBACnB,KAAK,EAAE,GAAG,CAAC,OAAO;aACnB,CAAC,CAAC;YACH,MAAM,GAAG,CAAC;QACZ,CAAC;QAED,iEAAiE;QACjE,IAAI,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;YAC3B,IAAI,CAAC,QAAQ,CAAC,SAAS,EAAE,CAAC;gBACxB,MAAM,GAAG,GAAG,IAAI,KAAK,CACnB,+FAA+F;oBAC7F,4EAA4E,CAC/E,CAAC;gBACF,IAAI,CAAC,SAAS,EAAE,eAAe,CAAC;oBAC9B,MAAM,EAAE,mBAAmB;oBAC3B,KAAK,EAAE,GAAG,CAAC,OAAO;iBACnB,CAAC,CAAC;gBACH,MAAM,GAAG,CAAC;YACZ,CAAC;YAED,MAAM,OAAO,GAAG,IAAA,+BAAmB,EAAC,QAAQ,CAAC,CAAC;YAC9C,IAAI,KAAc,CAAC;YACnB,IAAI,CAAC;gBACH,KAAK,GAAG,IAAA,2BAAe,EAAC,OAAO,EAAE,QAAQ,CAAC,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YAC/E,CAAC;YAAC,OAAO,MAAM,EAAE,CAAC;gBAChB,MAAM,GAAG,GAAG,IAAI,KAAK,CACnB,0CAA0C,MAAM,YAAY,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CACtG,CAAC;gBACF,IAAI,CAAC,SAAS,EAAE,eAAe,CAAC;oBAC9B,MAAM,EAAE,iBAAiB;oBACzB,KAAK,EAAE,GAAG,CAAC,OAAO;iBACnB,CAAC,CAAC;gBACH,MAAM,GAAG,CAAC;YACZ,CAAC;YAED,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,MAAM,GAAG,GAAG,IAAI,KAAK,CACnB,mFAAmF;oBACjF,wEAAwE,CAC3E,CAAC;gBACF,IAAI,CAAC,SAAS,EAAE,eAAe,CAAC;oBAC9B,MAAM,EAAE,mBAAmB;oBAC3B,KAAK,EAAE,GAAG,CAAC,OAAO;iBACnB,CAAC,CAAC;gBACH,MAAM,GAAG,CAAC;YACZ,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,uBAAuB,CACnC,MAAwB,EACxB,WAA+B;QAE/B,MAAM,QAAQ,GAAG,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;QAE/C,0EAA0E;QAC1E,IAAI,QAAQ,CAAC,QAAQ,KAAK,IAAI,CAAC,YAAY;YAAE,OAAO;QAEpD,+CAA+C;QAC/C,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QAE1D,cAAc;QACd,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAClE,IAAI,CAAC,YAAY,GAAG,QAAQ,CAAC,QAAQ,CAAC;QACtC,IAAI,CAAC,eAAe,GAAG,WAAW,IAAI,IAAI,CAAC;QAC3C,IAAI,CAAC,aAAa,GAAG,QAAQ,CAAC,SAAS,IAAI,IAAI,CAAC;QAChD,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAC5C,IAAI,CAAC,SAAS,EAAE,iBAAiB,CAAC;YAChC,QAAQ,EAAE,QAAQ,CAAC,QAAQ;YAC3B,QAAQ,EAAE,QAAQ,CAAC,IAAI,CAAC,MAAM;YAC9B,WAAW,EAAE,CAAC,CAAC,QAAQ,CAAC,QAAQ;SACjC,CAAC,CAAC;IACL,CAAC;IAED,qEAAqE;IACrE,KAAK,CAAC,KAAK;QACT,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjB,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAChC,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC;QAC/B,CAAC;QACD,IAAI,CAAC,YAAY,EAAE,CAAC;IACtB,CAAC;IAED,0DAA0D;IAC1D,YAAY;QACV,IAAI,IAAI,CAAC,KAAK;YAAE,OAAO;QACvB,IAAI,CAAC,YAAY,EAAE,CAAC;IACtB,CAAC;IAED,6BAA6B;IAC7B,IAAI;QACF,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACzB,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;QACpB,CAAC;IACH,CAAC;IAED,+CAA+C;IAC/C,SAAS;QACP,OAAO,IAAI,CAAC,KAAK,KAAK,IAAI,CAAC;IAC7B,CAAC;IAED,wDAAwD;IAChD,YAAY;QAClB,MAAM,OAAO,GAAG,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACzC,IAAI,CAAC,KAAK,GAAG,UAAU,CAAC,KAAK,IAAI,EAAE;YACjC,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;YAClB,IAAI,CAAC;gBACH,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;oBACjB,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC;gBAChC,CAAC;qBAAM,CAAC;oBACN,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC;gBAC/B,CAAC;YACH,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YAC9E,CAAC;YACD,IAAI,CAAC,YAAY,EAAE,CAAC;QACtB,CAAC,EAAE,OAAO,CAAC,CAAC;IACd,CAAC;IAED,yFAAyF;IACjF,iBAAiB;QACvB,qEAAqE;QACrE,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YACvB,MAAM,WAAW,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YACxE,IAAI,WAAW,GAAG,CAAC,EAAE,CAAC;gBACpB,OAAO,IAAI,CAAC,GAAG,CAAC,WAAW,GAAG,GAAG,EAAE,WAAW,CAAC,CAAC;YAClD,CAAC;YACD,kDAAkD;YAClD,OAAO,WAAW,CAAC;QACrB,CAAC;QACD,uEAAuE;QACvE,IAAI,IAAI,CAAC,OAAO;YAAE,OAAO,WAAW,CAAC;QACrC,oEAAoE;QACpE,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC;QAClC,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;YACtB,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,GAAG,EAAE,CAAC,GAAG,IAAI,EAAE,WAAW,CAAC,CAAC;QAClD,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,gBAAgB,CAAC,QAA0B;QACjD,IAAI,QAAQ,CAAC,OAAO,KAAK,CAAC,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CAAC,iCAAiC,QAAQ,CAAC,OAAO,EAAE,CAAC,CAAC;QACvE,CAAC;QACD,IAAI,CAAC,QAAQ,CAAC,UAAU,IAAI,CAAC,QAAQ,CAAC,QAAQ,IAAI,CAAC,QAAQ,CAAC,cAAc,EAAE,CAAC;YAC3E,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;QAChE,CAAC;QACD,IAAI,QAAQ,CAAC,QAAQ,EAAE,CAAC;YACtB,IACE,CAAC,QAAQ,CAAC,QAAQ,CAAC,QAAQ;gBAC3B,CAAC,QAAQ,CAAC,QAAQ,CAAC,KAAK;gBACxB,CAAC,QAAQ,CAAC,QAAQ,CAAC,UAAU;gBAC7B,CAAC,QAAQ,CAAC,QAAQ,CAAC,SAAS;gBAC5B,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE;gBACrB,CAAC,QAAQ,CAAC,QAAQ,CAAC,OAAO,EAC1B,CAAC;gBACD,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;YACnE,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF;AAlXD,wCAkXC;AAED,wFAAwF;AACxF,SAAS,uBAAuB,CAAC,GAAY;IAC3C,IAAI,GAAG,YAAY,WAAW;QAAE,OAAO,YAAY,CAAC;IACpD,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC;IACpD,IAAI,GAAG,CAAC,QAAQ,CAAC,8BAA8B,CAAC;QAAE,OAAO,qBAAqB,CAAC;IAC/E,IAAI,GAAG,CAAC,QAAQ,CAAC,yBAAyB,CAAC;QAAE,OAAO,gBAAgB,CAAC;IACrE,IAAI,GAAG,CAAC,QAAQ,CAAC,qBAAqB,CAAC;QAAE,OAAO,qBAAqB,CAAC;IACtE,IAAI,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC;QAAE,OAAO,WAAW,CAAC;IAClD,OAAO,SAAS,CAAC;AACnB,CAAC"}
|
package/dist/secrets-cache.d.ts
CHANGED
|
@@ -5,7 +5,7 @@ export declare class SecretsCache {
|
|
|
5
5
|
swap(values: Record<string, string>, keys: string[], revision: string): void;
|
|
6
6
|
/** Whether the cache has exceeded the given TTL (seconds). */
|
|
7
7
|
isExpired(ttlSeconds: number): boolean;
|
|
8
|
-
/** Clear the cached snapshot. */
|
|
8
|
+
/** Clear the cached snapshot, zeroing values first (best-effort). */
|
|
9
9
|
wipe(): void;
|
|
10
10
|
/** Epoch ms when the cache was last swapped, or null if never loaded. */
|
|
11
11
|
getSwappedAt(): number | null;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"secrets-cache.d.ts","sourceRoot":"","sources":["../src/secrets-cache.ts"],"names":[],"mappings":"AAOA,0DAA0D;AAC1D,qBAAa,YAAY;IACvB,OAAO,CAAC,QAAQ,CAA8B;IAE9C,mEAAmE;IACnE,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,QAAQ,EAAE,MAAM,GAAG,IAAI;
|
|
1
|
+
{"version":3,"file":"secrets-cache.d.ts","sourceRoot":"","sources":["../src/secrets-cache.ts"],"names":[],"mappings":"AAOA,0DAA0D;AAC1D,qBAAa,YAAY;IACvB,OAAO,CAAC,QAAQ,CAA8B;IAE9C,mEAAmE;IACnE,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,QAAQ,EAAE,MAAM,GAAG,IAAI;IAW5E,8DAA8D;IAC9D,SAAS,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO;IAKtC,qEAAqE;IACrE,IAAI,IAAI,IAAI;IASZ,yEAAyE;IACzE,YAAY,IAAI,MAAM,GAAG,IAAI;IAI7B,wFAAwF;IACxF,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS;IAIpC,oEAAoE;IACpE,MAAM,IAAI,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,IAAI;IAMvC,kDAAkD;IAClD,OAAO,IAAI,MAAM,EAAE;IAKnB,gEAAgE;IAChE,WAAW,IAAI,MAAM,GAAG,IAAI;IAI5B,uDAAuD;IACvD,OAAO,IAAI,OAAO;CAGnB"}
|
package/dist/secrets-cache.js
CHANGED
|
@@ -6,6 +6,13 @@ class SecretsCache {
|
|
|
6
6
|
snapshot = null;
|
|
7
7
|
/** Replace the cached secrets in a single reference assignment. */
|
|
8
8
|
swap(values, keys, revision) {
|
|
9
|
+
// Zero old values before dropping the reference — defense-in-depth
|
|
10
|
+
// against plaintext lingering in the heap until GC.
|
|
11
|
+
if (this.snapshot) {
|
|
12
|
+
for (const k of Object.keys(this.snapshot.values)) {
|
|
13
|
+
this.snapshot.values[k] = "";
|
|
14
|
+
}
|
|
15
|
+
}
|
|
9
16
|
this.snapshot = { values: { ...values }, keys: [...keys], revision, swappedAt: Date.now() };
|
|
10
17
|
}
|
|
11
18
|
/** Whether the cache has exceeded the given TTL (seconds). */
|
|
@@ -14,8 +21,13 @@ class SecretsCache {
|
|
|
14
21
|
return false;
|
|
15
22
|
return (Date.now() - this.snapshot.swappedAt) / 1000 > ttlSeconds;
|
|
16
23
|
}
|
|
17
|
-
/** Clear the cached snapshot. */
|
|
24
|
+
/** Clear the cached snapshot, zeroing values first (best-effort). */
|
|
18
25
|
wipe() {
|
|
26
|
+
if (this.snapshot) {
|
|
27
|
+
for (const k of Object.keys(this.snapshot.values)) {
|
|
28
|
+
this.snapshot.values[k] = "";
|
|
29
|
+
}
|
|
30
|
+
}
|
|
19
31
|
this.snapshot = null;
|
|
20
32
|
}
|
|
21
33
|
/** Epoch ms when the cache was last swapped, or null if never loaded. */
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"secrets-cache.js","sourceRoot":"","sources":["../src/secrets-cache.ts"],"names":[],"mappings":";;;AAOA,0DAA0D;AAC1D,MAAa,YAAY;IACf,QAAQ,GAAyB,IAAI,CAAC;IAE9C,mEAAmE;IACnE,IAAI,CAAC,MAA8B,EAAE,IAAc,EAAE,QAAgB;QACnE,IAAI,CAAC,QAAQ,GAAG,EAAE,MAAM,EAAE,EAAE,GAAG,MAAM,EAAE,EAAE,IAAI,EAAE,CAAC,GAAG,IAAI,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;IAC9F,CAAC;IAED,8DAA8D;IAC9D,SAAS,CAAC,UAAkB;QAC1B,IAAI,CAAC,IAAI,CAAC,QAAQ;YAAE,OAAO,KAAK,CAAC;QACjC,OAAO,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,GAAG,IAAI,GAAG,UAAU,CAAC;IACpE,CAAC;IAED,
|
|
1
|
+
{"version":3,"file":"secrets-cache.js","sourceRoot":"","sources":["../src/secrets-cache.ts"],"names":[],"mappings":";;;AAOA,0DAA0D;AAC1D,MAAa,YAAY;IACf,QAAQ,GAAyB,IAAI,CAAC;IAE9C,mEAAmE;IACnE,IAAI,CAAC,MAA8B,EAAE,IAAc,EAAE,QAAgB;QACnE,mEAAmE;QACnE,oDAAoD;QACpD,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAClB,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;gBAClD,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC;YAC/B,CAAC;QACH,CAAC;QACD,IAAI,CAAC,QAAQ,GAAG,EAAE,MAAM,EAAE,EAAE,GAAG,MAAM,EAAE,EAAE,IAAI,EAAE,CAAC,GAAG,IAAI,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;IAC9F,CAAC;IAED,8DAA8D;IAC9D,SAAS,CAAC,UAAkB;QAC1B,IAAI,CAAC,IAAI,CAAC,QAAQ;YAAE,OAAO,KAAK,CAAC;QACjC,OAAO,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,GAAG,IAAI,GAAG,UAAU,CAAC;IACpE,CAAC;IAED,qEAAqE;IACrE,IAAI;QACF,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAClB,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;gBAClD,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC;YAC/B,CAAC;QACH,CAAC;QACD,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC;IACvB,CAAC;IAED,yEAAyE;IACzE,YAAY;QACV,OAAO,IAAI,CAAC,QAAQ,EAAE,SAAS,IAAI,IAAI,CAAC;IAC1C,CAAC;IAED,wFAAwF;IACxF,GAAG,CAAC,GAAW;QACb,OAAO,IAAI,CAAC,QAAQ,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;IACpC,CAAC;IAED,oEAAoE;IACpE,MAAM;QACJ,MAAM,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC;QACxB,IAAI,CAAC,CAAC;YAAE,OAAO,IAAI,CAAC;QACpB,OAAO,EAAE,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC;IACzB,CAAC;IAED,kDAAkD;IAClD,OAAO;QACL,MAAM,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC;QACxB,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAC9B,CAAC;IAED,gEAAgE;IAChE,WAAW;QACT,OAAO,IAAI,CAAC,QAAQ,EAAE,QAAQ,IAAI,IAAI,CAAC;IACzC,CAAC;IAED,uDAAuD;IACvD,OAAO;QACL,OAAO,IAAI,CAAC,QAAQ,KAAK,IAAI,CAAC;IAChC,CAAC;CACF;AA/DD,oCA+DC"}
|
package/dist/signature.d.ts
CHANGED
package/dist/signature.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"signature.d.ts","sourceRoot":"","sources":["../src/signature.ts"],"names":[],"mappings":"AAEA;;;GAGG;AACH,UAAU,gBAAgB;IACxB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,cAAc,EAAE,MAAM,CAAC;IACvB,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE;QACT,QAAQ,EAAE,MAAM,CAAC;QACjB,KAAK,EAAE,MAAM,CAAC;QACd,UAAU,EAAE,MAAM,CAAC;QACnB,SAAS,EAAE,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"signature.d.ts","sourceRoot":"","sources":["../src/signature.ts"],"names":[],"mappings":"AAEA;;;GAGG;AACH,UAAU,gBAAgB;IACxB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,cAAc,EAAE,MAAM,CAAC;IACvB,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE;QACT,QAAQ,EAAE,MAAM,CAAC;QACjB,KAAK,EAAE,MAAM,CAAC;QACd,UAAU,EAAE,MAAM,CAAC;QACnB,SAAS,EAAE,MAAM,CAAC;QAClB,EAAE,CAAC,EAAE,MAAM,CAAC;QACZ,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB,CAAC;CACH;AAED;;;;;;GAMG;AACH,wBAAgB,mBAAmB,CAAC,QAAQ,EAAE,gBAAgB,GAAG,MAAM,CAmBtE;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,eAAe,CAC7B,OAAO,EAAE,MAAM,EACf,eAAe,EAAE,MAAM,EACvB,eAAe,EAAE,MAAM,GACtB,OAAO,CAgBT"}
|
package/dist/signature.js
CHANGED
|
@@ -45,7 +45,7 @@ const crypto = __importStar(require("crypto"));
|
|
|
45
45
|
*/
|
|
46
46
|
function buildSigningPayload(artifact) {
|
|
47
47
|
const fields = [
|
|
48
|
-
"clef-sig-
|
|
48
|
+
"clef-sig-v2",
|
|
49
49
|
String(artifact.version),
|
|
50
50
|
artifact.identity,
|
|
51
51
|
artifact.environment,
|
|
@@ -58,6 +58,8 @@ function buildSigningPayload(artifact) {
|
|
|
58
58
|
artifact.envelope?.keyId ?? "",
|
|
59
59
|
artifact.envelope?.wrappedKey ?? "",
|
|
60
60
|
artifact.envelope?.algorithm ?? "",
|
|
61
|
+
artifact.envelope?.iv ?? "",
|
|
62
|
+
artifact.envelope?.authTag ?? "",
|
|
61
63
|
];
|
|
62
64
|
return Buffer.from(fields.join("\n"), "utf-8");
|
|
63
65
|
}
|
package/dist/signature.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"signature.js","sourceRoot":"","sources":["../src/signature.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
1
|
+
{"version":3,"file":"signature.js","sourceRoot":"","sources":["../src/signature.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAgCA,kDAmBC;AAaD,0CAoBC;AApFD,+CAAiC;AAyBjC;;;;;;GAMG;AACH,SAAgB,mBAAmB,CAAC,QAA0B;IAC5D,MAAM,MAAM,GAAG;QACb,aAAa;QACb,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC;QACxB,QAAQ,CAAC,QAAQ;QACjB,QAAQ,CAAC,WAAW;QACpB,QAAQ,CAAC,QAAQ;QACjB,QAAQ,CAAC,QAAQ;QACjB,QAAQ,CAAC,cAAc;QACvB,CAAC,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC;QACnC,QAAQ,CAAC,SAAS,IAAI,EAAE;QACxB,QAAQ,CAAC,QAAQ,EAAE,QAAQ,IAAI,EAAE;QACjC,QAAQ,CAAC,QAAQ,EAAE,KAAK,IAAI,EAAE;QAC9B,QAAQ,CAAC,QAAQ,EAAE,UAAU,IAAI,EAAE;QACnC,QAAQ,CAAC,QAAQ,EAAE,SAAS,IAAI,EAAE;QAClC,QAAQ,CAAC,QAAQ,EAAE,EAAE,IAAI,EAAE;QAC3B,QAAQ,CAAC,QAAQ,EAAE,OAAO,IAAI,EAAE;KACjC,CAAC;IACF,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,OAAO,CAAC,CAAC;AACjD,CAAC;AAED;;;;;;;;;;GAUG;AACH,SAAgB,eAAe,CAC7B,OAAe,EACf,eAAuB,EACvB,eAAuB;IAEvB,MAAM,MAAM,GAAG,MAAM,CAAC,eAAe,CAAC;QACpC,GAAG,EAAE,MAAM,CAAC,IAAI,CAAC,eAAe,EAAE,QAAQ,CAAC;QAC3C,MAAM,EAAE,KAAK;QACb,IAAI,EAAE,MAAM;KACb,CAAC,CAAC;IACH,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,eAAe,EAAE,QAAQ,CAAC,CAAC;IAEzD,MAAM,OAAO,GAAG,MAAM,CAAC,iBAAiB,CAAC;IACzC,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;QAC1B,OAAO,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;IACzD,CAAC;IACD,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;QACrB,OAAO,MAAM,CAAC,MAAM,CAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;IAC7D,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,oDAAoD,OAAO,EAAE,CAAC,CAAC;AACjF,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"http.d.ts","sourceRoot":"","sources":["../../src/sources/http.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,mBAAmB,EAAE,MAAM,SAAS,CAAC;AAE9D,+CAA+C;AAC/C,qBAAa,kBAAmB,YAAW,cAAc;IACvD,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAS;gBAEjB,GAAG,EAAE,MAAM;IAIjB,KAAK,IAAI,OAAO,CAAC,mBAAmB,CAAC;IAU3C,QAAQ,IAAI,MAAM;
|
|
1
|
+
{"version":3,"file":"http.d.ts","sourceRoot":"","sources":["../../src/sources/http.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,mBAAmB,EAAE,MAAM,SAAS,CAAC;AAE9D,+CAA+C;AAC/C,qBAAa,kBAAmB,YAAW,cAAc;IACvD,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAS;gBAEjB,GAAG,EAAE,MAAM;IAIjB,KAAK,IAAI,OAAO,CAAC,mBAAmB,CAAC;IAU3C,QAAQ,IAAI,MAAM;CAYnB"}
|
package/dist/sources/http.js
CHANGED
|
@@ -10,14 +10,24 @@ class HttpArtifactSource {
|
|
|
10
10
|
async fetch() {
|
|
11
11
|
const res = await fetch(this.url);
|
|
12
12
|
if (!res.ok) {
|
|
13
|
-
throw new Error(`Failed to fetch artifact from ${this.
|
|
13
|
+
throw new Error(`Failed to fetch artifact from ${this.describe()}: ${res.status}`);
|
|
14
14
|
}
|
|
15
15
|
const raw = await res.text();
|
|
16
16
|
const etag = res.headers.get("etag") ?? undefined;
|
|
17
17
|
return { raw, contentHash: etag };
|
|
18
18
|
}
|
|
19
19
|
describe() {
|
|
20
|
-
|
|
20
|
+
try {
|
|
21
|
+
const parsed = new URL(this.url);
|
|
22
|
+
if (parsed.username || parsed.password) {
|
|
23
|
+
parsed.username = "***";
|
|
24
|
+
parsed.password = "";
|
|
25
|
+
}
|
|
26
|
+
return `HTTP ${parsed.href}`;
|
|
27
|
+
}
|
|
28
|
+
catch {
|
|
29
|
+
return "HTTP <invalid-url>";
|
|
30
|
+
}
|
|
21
31
|
}
|
|
22
32
|
}
|
|
23
33
|
exports.HttpArtifactSource = HttpArtifactSource;
|
package/dist/sources/http.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"http.js","sourceRoot":"","sources":["../../src/sources/http.ts"],"names":[],"mappings":";;;AAEA,+CAA+C;AAC/C,MAAa,kBAAkB;IACZ,GAAG,CAAS;IAE7B,YAAY,GAAW;QACrB,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;IACjB,CAAC;IAED,KAAK,CAAC,KAAK;QACT,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAClC,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CAAC,iCAAiC,IAAI,CAAC,
|
|
1
|
+
{"version":3,"file":"http.js","sourceRoot":"","sources":["../../src/sources/http.ts"],"names":[],"mappings":";;;AAEA,+CAA+C;AAC/C,MAAa,kBAAkB;IACZ,GAAG,CAAS;IAE7B,YAAY,GAAW;QACrB,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;IACjB,CAAC;IAED,KAAK,CAAC,KAAK;QACT,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAClC,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CAAC,iCAAiC,IAAI,CAAC,QAAQ,EAAE,KAAK,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;QACrF,CAAC;QACD,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QAC7B,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,SAAS,CAAC;QAClD,OAAO,EAAE,GAAG,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC;IACpC,CAAC;IAED,QAAQ;QACN,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACjC,IAAI,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;gBACvC,MAAM,CAAC,QAAQ,GAAG,KAAK,CAAC;gBACxB,MAAM,CAAC,QAAQ,GAAG,EAAE,CAAC;YACvB,CAAC;YACD,OAAO,QAAQ,MAAM,CAAC,IAAI,EAAE,CAAC;QAC/B,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,oBAAoB,CAAC;QAC9B,CAAC;IACH,CAAC;CACF;AA7BD,gDA6BC"}
|