@clef-sh/runtime 0.1.6-beta.32 → 0.1.11
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +65 -0
- package/dist/decrypt.d.ts.map +1 -1
- package/dist/decrypt.js +3 -1
- package/dist/decrypt.js.map +1 -1
- package/dist/index.d.ts +6 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +6 -1
- package/dist/index.js.map +1 -1
- package/dist/kms/aws.d.ts +1 -0
- package/dist/kms/aws.d.ts.map +1 -1
- package/dist/kms/aws.js +14 -0
- package/dist/kms/aws.js.map +1 -1
- package/dist/kms/types.d.ts +2 -0
- package/dist/kms/types.d.ts.map +1 -1
- package/dist/poller.d.ts +9 -0
- package/dist/poller.d.ts.map +1 -1
- package/dist/poller.js +37 -0
- package/dist/poller.js.map +1 -1
- package/dist/signature.d.ts +42 -0
- package/dist/signature.d.ts.map +1 -0
- package/dist/signature.js +91 -0
- package/dist/signature.js.map +1 -0
- package/package.json +1 -1
package/README.md
ADDED
|
@@ -0,0 +1,65 @@
|
|
|
1
|
+
# @clef-sh/runtime
|
|
2
|
+
|
|
3
|
+
Lightweight runtime secrets engine for [Clef](https://clef.sh). Fetches packed artifacts from VCS APIs, HTTP endpoints, or local files, decrypts with age (or KMS envelope encryption), and serves secrets from an in-memory cache.
|
|
4
|
+
|
|
5
|
+
Designed for production deployment with minimal dependencies. No SOPS binary, no git dependency, no plaintext on disk.
|
|
6
|
+
|
|
7
|
+
## Install
|
|
8
|
+
|
|
9
|
+
```bash
|
|
10
|
+
npm install @clef-sh/runtime
|
|
11
|
+
```
|
|
12
|
+
|
|
13
|
+
## Usage
|
|
14
|
+
|
|
15
|
+
```typescript
|
|
16
|
+
import { ClefRuntime } from "@clef-sh/runtime";
|
|
17
|
+
|
|
18
|
+
const runtime = new ClefRuntime({
|
|
19
|
+
source: "https://my-bucket.s3.amazonaws.com/clef/api-gateway/production.age.json",
|
|
20
|
+
// KMS envelope artifacts need no age key — the runtime calls kms:Decrypt
|
|
21
|
+
// For age-only artifacts:
|
|
22
|
+
// ageKey: "AGE-SECRET-KEY-1...",
|
|
23
|
+
});
|
|
24
|
+
|
|
25
|
+
await runtime.start();
|
|
26
|
+
runtime.startPolling();
|
|
27
|
+
|
|
28
|
+
// Read secrets
|
|
29
|
+
const dbUrl = runtime.get("DB_URL");
|
|
30
|
+
const all = runtime.getAll();
|
|
31
|
+
```
|
|
32
|
+
|
|
33
|
+
## Features
|
|
34
|
+
|
|
35
|
+
- **VCS providers**: GitHub, GitLab, Bitbucket — fetch artifacts directly from git repos
|
|
36
|
+
- **HTTP/file sources**: Fetch from S3, CDN, or local file paths
|
|
37
|
+
- **KMS envelope encryption**: AWS KMS, GCP Cloud KMS, Azure Key Vault — no static age key needed
|
|
38
|
+
- **Adaptive polling**: Refreshes at 80% of artifact TTL, content-hash short-circuit skips unnecessary decryption
|
|
39
|
+
- **Resilient caching**: In-memory primary cache with optional encrypted disk fallback
|
|
40
|
+
- **Revocation**: Detects `revokedAt` field and wipes cache immediately
|
|
41
|
+
|
|
42
|
+
## KMS Providers
|
|
43
|
+
|
|
44
|
+
KMS SDKs are optional dependencies — install only the one you need:
|
|
45
|
+
|
|
46
|
+
```bash
|
|
47
|
+
# AWS KMS
|
|
48
|
+
npm install @aws-sdk/client-kms
|
|
49
|
+
|
|
50
|
+
# GCP Cloud KMS
|
|
51
|
+
npm install @google-cloud/kms
|
|
52
|
+
|
|
53
|
+
# Azure Key Vault
|
|
54
|
+
npm install @azure/identity @azure/keyvault-keys
|
|
55
|
+
```
|
|
56
|
+
|
|
57
|
+
## Documentation
|
|
58
|
+
|
|
59
|
+
- [Runtime Agent guide](https://docs.clef.sh/guide/agent)
|
|
60
|
+
- [Dynamic Secrets guide](https://docs.clef.sh/guide/dynamic-secrets)
|
|
61
|
+
- [API reference](https://docs.clef.sh/api/)
|
|
62
|
+
|
|
63
|
+
## License
|
|
64
|
+
|
|
65
|
+
MIT
|
package/dist/decrypt.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"decrypt.d.ts","sourceRoot":"","sources":["../src/decrypt.ts"],"names":[],"mappings":"AAEA;;;;;GAKG;AACH,qBAAa,YAAY;IACvB;;;;;;OAMG;IACG,OAAO,CAAC,UAAU,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"decrypt.d.ts","sourceRoot":"","sources":["../src/decrypt.ts"],"names":[],"mappings":"AAEA;;;;;GAKG;AACH,qBAAa,YAAY;IACvB;;;;;;OAMG;IACG,OAAO,CAAC,UAAU,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAWtE;;;;;;OAMG;IACH,UAAU,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,MAAM,GAAG,MAAM;CAazD"}
|
package/dist/decrypt.js
CHANGED
|
@@ -54,7 +54,9 @@ class AgeDecryptor {
|
|
|
54
54
|
const { Decrypter } = await Promise.resolve(`${"age-encryption"}`).then(s => __importStar(require(s)));
|
|
55
55
|
const d = new Decrypter();
|
|
56
56
|
d.addIdentity(privateKey);
|
|
57
|
-
|
|
57
|
+
// Ciphertext is base64-encoded binary age format. Decode to bytes
|
|
58
|
+
// before passing to the age library.
|
|
59
|
+
return d.decrypt(Buffer.from(ciphertext, "base64"), "text");
|
|
58
60
|
}
|
|
59
61
|
/**
|
|
60
62
|
* Resolve the age private key from either an inline value or a file path.
|
package/dist/decrypt.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"decrypt.js","sourceRoot":"","sources":["../src/decrypt.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AAEzB;;;;;GAKG;AACH,MAAa,YAAY;IACvB;;;;;;OAMG;IACH,KAAK,CAAC,OAAO,CAAC,UAAkB,EAAE,UAAkB;QAClD,gHAAgH;QAChH,MAAM,EAAE,SAAS,EAAE,GAAG,yBAAa,gBAAuB,uCAAC,CAAC;QAC5D,MAAM,CAAC,GAAG,IAAI,SAAS,EAAE,CAAC;QAC1B,CAAC,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"decrypt.js","sourceRoot":"","sources":["../src/decrypt.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AAEzB;;;;;GAKG;AACH,MAAa,YAAY;IACvB;;;;;;OAMG;IACH,KAAK,CAAC,OAAO,CAAC,UAAkB,EAAE,UAAkB;QAClD,gHAAgH;QAChH,MAAM,EAAE,SAAS,EAAE,GAAG,yBAAa,gBAAuB,uCAAC,CAAC;QAC5D,MAAM,CAAC,GAAG,IAAI,SAAS,EAAE,CAAC;QAC1B,CAAC,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;QAE1B,kEAAkE;QAClE,qCAAqC;QACrC,OAAO,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,QAAQ,CAAC,EAAE,MAAM,CAAC,CAAC;IAC9D,CAAC;IAED;;;;;;OAMG;IACH,UAAU,CAAC,MAAe,EAAE,UAAmB;QAC7C,IAAI,MAAM;YAAE,OAAO,MAAM,CAAC,IAAI,EAAE,CAAC;QACjC,IAAI,UAAU,EAAE,CAAC;YACf,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;YAC5D,mEAAmE;YACnE,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,iBAAiB,CAAC,CAAC,CAAC;YACjF,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACvB,MAAM,IAAI,KAAK,CAAC,oCAAoC,UAAU,EAAE,CAAC,CAAC;YACpE,CAAC;YACD,OAAO,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACzB,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,8DAA8D,CAAC,CAAC;IAClF,CAAC;CACF;AAvCD,oCAuCC"}
|
package/dist/index.d.ts
CHANGED
|
@@ -17,6 +17,7 @@ export type { ArtifactSource, ArtifactFetchResult } from "./sources/types";
|
|
|
17
17
|
export { HttpArtifactSource } from "./sources/http";
|
|
18
18
|
export { FileArtifactSource } from "./sources/file";
|
|
19
19
|
export { VcsArtifactSource } from "./sources/vcs";
|
|
20
|
+
export { buildSigningPayload, verifySignature } from "./signature";
|
|
20
21
|
import { SecretsCache } from "./secrets-cache";
|
|
21
22
|
import { ArtifactPoller } from "./poller";
|
|
22
23
|
import { TelemetryEmitter } from "./telemetry";
|
|
@@ -54,6 +55,11 @@ export interface RuntimeConfig {
|
|
|
54
55
|
cacheTtl?: number;
|
|
55
56
|
/** Optional telemetry emitter for event reporting. */
|
|
56
57
|
telemetry?: TelemetryEmitter;
|
|
58
|
+
/**
|
|
59
|
+
* Public key for artifact signature verification (base64-encoded DER SPKI).
|
|
60
|
+
* When set, unsigned or mis-signed artifacts are hard-rejected before decryption.
|
|
61
|
+
*/
|
|
62
|
+
verifyKey?: string;
|
|
57
63
|
}
|
|
58
64
|
/**
|
|
59
65
|
* High-level runtime for fetching and caching secrets.
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AACzC,OAAO,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAC1C,YAAY,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;AAGhE,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC/C,YAAY,EACV,gBAAgB,EAChB,cAAc,EACd,iBAAiB,EACjB,iBAAiB,EACjB,sBAAsB,EACtB,oBAAoB,EACpB,oBAAoB,EACpB,gBAAgB,EAChB,iBAAiB,EACjB,oBAAoB,GACrB,MAAM,aAAa,CAAC;AAGrB,YAAY,EAAE,WAAW,EAAE,iBAAiB,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AACjF,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAC9C,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAC9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AACpD,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAGhD,YAAY,EAAE,WAAW,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,OAAO,CAAC;AACzE,OAAO,EAAE,cAAc,EAAE,MAAM,OAAO,CAAC;AACvC,OAAO,EAAE,iBAAiB,EAAE,MAAM,OAAO,CAAC;AAG1C,YAAY,EAAE,cAAc,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AAC3E,OAAO,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AACpD,OAAO,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AACpD,OAAO,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAC;AAGlD,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAG/C,OAAO,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAM1C,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAE/C;;;;;;GAMG;AACH,MAAM,WAAW,aAAa;IAC5B,8DAA8D;IAC9D,QAAQ,CAAC,EAAE,QAAQ,GAAG,QAAQ,GAAG,WAAW,CAAC;IAC7C,mDAAmD;IACnD,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,wDAAwD;IACxD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,gDAAgD;IAChD,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,iFAAiF;IACjF,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,mFAAmF;IACnF,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,yDAAyD;IACzD,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB,6EAA6E;IAC7E,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB,qDAAqD;IACrD,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,+BAA+B;IAC/B,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB,0FAA0F;IAC1F,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,2EAA2E;IAC3E,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,sDAAsD;IACtD,SAAS,CAAC,EAAE,gBAAgB,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AACzC,OAAO,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAC1C,YAAY,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;AAGhE,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC/C,YAAY,EACV,gBAAgB,EAChB,cAAc,EACd,iBAAiB,EACjB,iBAAiB,EACjB,sBAAsB,EACtB,oBAAoB,EACpB,oBAAoB,EACpB,gBAAgB,EAChB,iBAAiB,EACjB,oBAAoB,GACrB,MAAM,aAAa,CAAC;AAGrB,YAAY,EAAE,WAAW,EAAE,iBAAiB,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AACjF,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAC9C,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAC9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AACpD,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAGhD,YAAY,EAAE,WAAW,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,OAAO,CAAC;AACzE,OAAO,EAAE,cAAc,EAAE,MAAM,OAAO,CAAC;AACvC,OAAO,EAAE,iBAAiB,EAAE,MAAM,OAAO,CAAC;AAG1C,YAAY,EAAE,cAAc,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AAC3E,OAAO,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AACpD,OAAO,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AACpD,OAAO,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAC;AAGlD,OAAO,EAAE,mBAAmB,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAGnE,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAG/C,OAAO,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAM1C,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAE/C;;;;;;GAMG;AACH,MAAM,WAAW,aAAa;IAC5B,8DAA8D;IAC9D,QAAQ,CAAC,EAAE,QAAQ,GAAG,QAAQ,GAAG,WAAW,CAAC;IAC7C,mDAAmD;IACnD,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,wDAAwD;IACxD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,gDAAgD;IAChD,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,iFAAiF;IACjF,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,mFAAmF;IACnF,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,yDAAyD;IACzD,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB,6EAA6E;IAC7E,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB,qDAAqD;IACrD,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,+BAA+B;IAC/B,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB,0FAA0F;IAC1F,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,2EAA2E;IAC3E,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,sDAAsD;IACtD,SAAS,CAAC,EAAE,gBAAgB,CAAC;IAE7B;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;;;;;GAMG;AACH,qBAAa,WAAW;IACtB,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAsB;IAC5C,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAiB;IACxC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAgB;gBAE3B,MAAM,EAAE,aAAa;IAgCjC,iEAAiE;IAC3D,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAI5B,yFAAyF;IACzF,YAAY,IAAI,IAAI;IAIpB,+BAA+B;IAC/B,WAAW,IAAI,IAAI;IAInB,wCAAwC;IACxC,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS;IAIpC,wCAAwC;IACxC,MAAM,IAAI,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC;IAIhC,0DAA0D;IAC1D,GAAG,IAAI,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC;IAI7B,gCAAgC;IAChC,IAAI,IAAI,MAAM,EAAE;IAIhB,iCAAiC;IACjC,IAAI,QAAQ,IAAI,MAAM,CAErB;IAED,wCAAwC;IACxC,IAAI,KAAK,IAAI,OAAO,CAEnB;IAED,yDAAyD;IACzD,SAAS,IAAI,cAAc;IAI3B,wDAAwD;IACxD,QAAQ,IAAI,YAAY;IAIxB,OAAO,CAAC,aAAa;CA0CtB;AAED,2FAA2F;AAC3F,wBAAsB,IAAI,CAAC,MAAM,EAAE,aAAa,GAAG,OAAO,CAAC,WAAW,CAAC,CAItE"}
|
package/dist/index.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.ClefRuntime = exports.VcsArtifactSource = exports.FileArtifactSource = exports.HttpArtifactSource = exports.createKmsProvider = exports.AwsKmsProvider = exports.createVcsProvider = exports.BitbucketProvider = exports.GitLabProvider = exports.GitHubProvider = exports.TelemetryEmitter = exports.ArtifactPoller = exports.AgeDecryptor = exports.DiskCache = exports.SecretsCache = void 0;
|
|
3
|
+
exports.ClefRuntime = exports.verifySignature = exports.buildSigningPayload = exports.VcsArtifactSource = exports.FileArtifactSource = exports.HttpArtifactSource = exports.createKmsProvider = exports.AwsKmsProvider = exports.createVcsProvider = exports.BitbucketProvider = exports.GitLabProvider = exports.GitHubProvider = exports.TelemetryEmitter = exports.ArtifactPoller = exports.AgeDecryptor = exports.DiskCache = exports.SecretsCache = void 0;
|
|
4
4
|
exports.init = init;
|
|
5
5
|
// Core modules
|
|
6
6
|
var secrets_cache_1 = require("./secrets-cache");
|
|
@@ -32,6 +32,10 @@ var file_1 = require("./sources/file");
|
|
|
32
32
|
Object.defineProperty(exports, "FileArtifactSource", { enumerable: true, get: function () { return file_1.FileArtifactSource; } });
|
|
33
33
|
var vcs_1 = require("./sources/vcs");
|
|
34
34
|
Object.defineProperty(exports, "VcsArtifactSource", { enumerable: true, get: function () { return vcs_1.VcsArtifactSource; } });
|
|
35
|
+
// Signature verification
|
|
36
|
+
var signature_1 = require("./signature");
|
|
37
|
+
Object.defineProperty(exports, "buildSigningPayload", { enumerable: true, get: function () { return signature_1.buildSigningPayload; } });
|
|
38
|
+
Object.defineProperty(exports, "verifySignature", { enumerable: true, get: function () { return signature_1.verifySignature; } });
|
|
35
39
|
// High-level API
|
|
36
40
|
const secrets_cache_2 = require("./secrets-cache");
|
|
37
41
|
const disk_cache_2 = require("./disk-cache");
|
|
@@ -74,6 +78,7 @@ class ClefRuntime {
|
|
|
74
78
|
diskCache,
|
|
75
79
|
cacheTtl: config.cacheTtl,
|
|
76
80
|
telemetry: config.telemetry,
|
|
81
|
+
verifyKey: config.verifyKey,
|
|
77
82
|
});
|
|
78
83
|
}
|
|
79
84
|
/** Initial fetch + decrypt. Must be called before get/getAll. */
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;AAqPA,oBAIC;AAzPD,eAAe;AACf,iDAA+C;AAAtC,6GAAA,YAAY,OAAA;AACrB,2CAAyC;AAAhC,uGAAA,SAAS,OAAA;AAClB,qCAAyC;AAAhC,uGAAA,YAAY,OAAA;AACrB,mCAA0C;AAAjC,wGAAA,cAAc,OAAA;AAGvB,YAAY;AACZ,yCAA+C;AAAtC,6GAAA,gBAAgB,OAAA;AAgBzB,uCAA8C;AAArC,wGAAA,cAAc,OAAA;AACvB,uCAA8C;AAArC,wGAAA,cAAc,OAAA;AACvB,6CAAoD;AAA3C,8GAAA,iBAAiB,OAAA;AAC1B,qCAAgD;AAAvC,0GAAA,iBAAiB,OAAA;AAI1B,6BAAuC;AAA9B,qGAAA,cAAc,OAAA;AACvB,6BAA0C;AAAjC,wGAAA,iBAAiB,OAAA;AAI1B,uCAAoD;AAA3C,0GAAA,kBAAkB,OAAA;AAC3B,uCAAoD;AAA3C,0GAAA,kBAAkB,OAAA;AAC3B,qCAAkD;AAAzC,wGAAA,iBAAiB,OAAA;AAE1B,yBAAyB;AACzB,yCAAmE;AAA1D,gHAAA,mBAAmB,OAAA;AAAE,4GAAA,eAAe,OAAA;AAE7C,iBAAiB;AACjB,mDAA+C;AAC/C,6CAAyC;AACzC,uCAAyC;AACzC,qCAA0C;AAC1C,uCAAgD;AAChD,uCAAkD;AAClD,yCAAoD;AACpD,yCAAoD;AAkDpD;;;;;;GAMG;AACH,MAAa,WAAW;IACL,KAAK,GAAG,IAAI,4BAAY,EAAE,CAAC;IAC3B,MAAM,CAAiB;IACvB,MAAM,CAAgB;IAEvC,YAAY,MAAqB;QAC/B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QAErB,8DAA8D;QAC9D,IAAI,UAA8B,CAAC;QACnC,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,IAAI,sBAAY,EAAE,CAAC;YACrC,UAAU,GAAG,SAAS,CAAC,UAAU,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,UAAU,CAAC,CAAC;QACtE,CAAC;QAAC,MAAM,CAAC;YACP,0DAA0D;QAC5D,CAAC;QAED,MAAM,MAAM,GAAG,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;QAC1C,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS;YAChC,CAAC,CAAC,IAAI,sBAAS,CACX,MAAM,CAAC,SAAS,EAChB,MAAM,CAAC,QAAQ,IAAI,SAAS,EAC5B,MAAM,CAAC,WAAW,IAAI,SAAS,CAChC;YACH,CAAC,CAAC,SAAS,CAAC;QAEd,IAAI,CAAC,MAAM,GAAG,IAAI,uBAAc,CAAC;YAC/B,MAAM;YACN,UAAU;YACV,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,SAAS;YACT,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,SAAS,EAAE,MAAM,CAAC,SAAS;SAC5B,CAAC,CAAC;IACL,CAAC;IAED,iEAAiE;IACjE,KAAK,CAAC,KAAK;QACT,MAAM,IAAI,CAAC,MAAM,CAAC,eAAe,EAAE,CAAC;IACtC,CAAC;IAED,yFAAyF;IACzF,YAAY;QACV,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;IAC7B,CAAC;IAED,+BAA+B;IAC/B,WAAW;QACT,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;IACrB,CAAC;IAED,wCAAwC;IACxC,GAAG,CAAC,GAAW;QACb,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAC7B,CAAC;IAED,wCAAwC;IACxC,MAAM;QACJ,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC;IACnC,CAAC;IAED,0DAA0D;IAC1D,GAAG;QACD,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC;IACvB,CAAC;IAED,gCAAgC;IAChC,IAAI;QACF,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;IAC9B,CAAC;IAED,iCAAiC;IACjC,IAAI,QAAQ;QACV,OAAO,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE,IAAI,EAAE,CAAC;IACxC,CAAC;IAED,wCAAwC;IACxC,IAAI,KAAK;QACP,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;IAC9B,CAAC;IAED,yDAAyD;IACzD,SAAS;QACP,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAED,wDAAwD;IACxD,QAAQ;QACN,OAAO,IAAI,CAAC,KAAK,CAAC;IACpB,CAAC;IAEO,aAAa,CAAC,MAAqB;QACzC,aAAa;QACb,MAAM,SAAS,GAAG;YAChB,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,WAAW,EAAE,MAAM,CAAC,WAAW;SAChC,CAAC;QACF,MAAM,UAAU,GAAG,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACpE,MAAM,UAAU,GAAG,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;QAEnE,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACnD,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACtD,MAAM,IAAI,KAAK,CACb,yCAAyC,OAAO,2GAA2G,CAC5J,CAAC;QACJ,CAAC;QAED,IAAI,UAAU,CAAC,MAAM,KAAK,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,MAAM,EAAE,CAAC;YACxD,MAAM,QAAQ,GAAG,IAAA,yBAAiB,EAAC;gBACjC,QAAQ,EAAE,MAAM,CAAC,QAAS;gBAC1B,IAAI,EAAE,MAAM,CAAC,IAAK;gBAClB,KAAK,EAAE,MAAM,CAAC,KAAM;gBACpB,GAAG,EAAE,MAAM,CAAC,GAAG;gBACf,MAAM,EAAE,MAAM,CAAC,MAAM;aACtB,CAAC,CAAC;YACH,OAAO,IAAI,uBAAiB,CAAC,QAAQ,EAAE,MAAM,CAAC,QAAS,EAAE,MAAM,CAAC,WAAY,CAAC,CAAC;QAChF,CAAC;QAED,sBAAsB;QACtB,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;YAClB,IAAI,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;gBAChF,OAAO,IAAI,yBAAkB,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;YAC/C,CAAC;YACD,OAAO,IAAI,yBAAkB,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAC/C,CAAC;QAED,MAAM,IAAI,KAAK,CACb,wHAAwH,CACzH,CAAC;IACJ,CAAC;CACF;AAtID,kCAsIC;AAED,2FAA2F;AACpF,KAAK,UAAU,IAAI,CAAC,MAAqB;IAC9C,MAAM,OAAO,GAAG,IAAI,WAAW,CAAC,MAAM,CAAC,CAAC;IACxC,MAAM,OAAO,CAAC,KAAK,EAAE,CAAC;IACtB,OAAO,OAAO,CAAC;AACjB,CAAC"}
|
package/dist/kms/aws.d.ts
CHANGED
|
@@ -11,5 +11,6 @@ export declare class AwsKmsProvider implements KmsProvider {
|
|
|
11
11
|
private ensureClient;
|
|
12
12
|
wrap(keyId: string, plaintext: Buffer): Promise<KmsWrapResult>;
|
|
13
13
|
unwrap(keyId: string, wrappedKey: Buffer, algorithm: string): Promise<Buffer>;
|
|
14
|
+
sign(keyId: string, digest: Buffer): Promise<Buffer>;
|
|
14
15
|
}
|
|
15
16
|
//# sourceMappingURL=aws.d.ts.map
|
package/dist/kms/aws.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"aws.d.ts","sourceRoot":"","sources":["../../src/kms/aws.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAErD;;;GAGG;AACH,qBAAa,cAAe,YAAW,WAAW;IAEhD,OAAO,CAAC,MAAM,CAAM;IAEpB,OAAO,CAAC,GAAG,CAAM;IACjB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAS;gBAErB,MAAM,CAAC,EAAE,MAAM;YAIb,YAAY;IAYpB,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC;IAmB9D,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"aws.d.ts","sourceRoot":"","sources":["../../src/kms/aws.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAErD;;;GAGG;AACH,qBAAa,cAAe,YAAW,WAAW;IAEhD,OAAO,CAAC,MAAM,CAAM;IAEpB,OAAO,CAAC,GAAG,CAAM;IACjB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAS;gBAErB,MAAM,CAAC,EAAE,MAAM;YAIb,YAAY;IAYpB,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC;IAmB9D,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAgB7E,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;CAgB3D"}
|
package/dist/kms/aws.js
CHANGED
|
@@ -87,6 +87,20 @@ class AwsKmsProvider {
|
|
|
87
87
|
}
|
|
88
88
|
return Buffer.from(response.Plaintext);
|
|
89
89
|
}
|
|
90
|
+
async sign(keyId, digest) {
|
|
91
|
+
await this.ensureClient();
|
|
92
|
+
const command = new this.sdk.SignCommand({
|
|
93
|
+
KeyId: keyId,
|
|
94
|
+
Message: digest,
|
|
95
|
+
MessageType: "DIGEST",
|
|
96
|
+
SigningAlgorithm: "ECDSA_SHA_256",
|
|
97
|
+
});
|
|
98
|
+
const response = await this.client.send(command);
|
|
99
|
+
if (!response.Signature) {
|
|
100
|
+
throw new Error("AWS KMS Sign returned no signature.");
|
|
101
|
+
}
|
|
102
|
+
return Buffer.from(response.Signature);
|
|
103
|
+
}
|
|
90
104
|
}
|
|
91
105
|
exports.AwsKmsProvider = AwsKmsProvider;
|
|
92
106
|
//# sourceMappingURL=aws.js.map
|
package/dist/kms/aws.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"aws.js","sourceRoot":"","sources":["../../src/kms/aws.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEA;;;GAGG;AACH,MAAa,cAAc;IACzB,wFAAwF;IAChF,MAAM,CAAM;IACpB,wFAAwF;IAChF,GAAG,CAAM;IACA,MAAM,CAAU;IAEjC,YAAY,MAAe;QACzB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAEO,KAAK,CAAC,YAAY;QACxB,IAAI,IAAI,CAAC,MAAM;YAAE,OAAO;QACxB,IAAI,CAAC;YACH,IAAI,CAAC,GAAG,GAAG,wDAAa,qBAAqB,GAAC,CAAC;YAC/C,IAAI,CAAC,MAAM,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;QAChE,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,KAAK,CACb,wFAAwF,CACzF,CAAC;QACJ,CAAC;IACH,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,KAAa,EAAE,SAAiB;QACzC,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;QAC1B,MAAM,OAAO,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,cAAc,CAAC;YAC1C,KAAK,EAAE,KAAK;YACZ,SAAS,EAAE,SAAS;YACpB,mBAAmB,EAAE,mBAAmB;SACzC,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACjD,IAAI,CAAC,QAAQ,CAAC,cAAc,EAAE,CAAC;YAC7B,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;QAC7D,CAAC;QAED,OAAO;YACL,UAAU,EAAE,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC;YAChD,SAAS,EAAE,mBAAmB;SAC/B,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,KAAa,EAAE,UAAkB,EAAE,SAAiB;QAC/D,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;QAC1B,MAAM,OAAO,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,cAAc,CAAC;YAC1C,KAAK,EAAE,KAAK;YACZ,cAAc,EAAE,UAAU;YAC1B,mBAAmB,EAAE,SAAS;SAC/B,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACjD,IAAI,CAAC,QAAQ,CAAC,SAAS,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;QAC5D,CAAC;QAED,OAAO,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;IACzC,CAAC;CACF;
|
|
1
|
+
{"version":3,"file":"aws.js","sourceRoot":"","sources":["../../src/kms/aws.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEA;;;GAGG;AACH,MAAa,cAAc;IACzB,wFAAwF;IAChF,MAAM,CAAM;IACpB,wFAAwF;IAChF,GAAG,CAAM;IACA,MAAM,CAAU;IAEjC,YAAY,MAAe;QACzB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAEO,KAAK,CAAC,YAAY;QACxB,IAAI,IAAI,CAAC,MAAM;YAAE,OAAO;QACxB,IAAI,CAAC;YACH,IAAI,CAAC,GAAG,GAAG,wDAAa,qBAAqB,GAAC,CAAC;YAC/C,IAAI,CAAC,MAAM,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;QAChE,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,KAAK,CACb,wFAAwF,CACzF,CAAC;QACJ,CAAC;IACH,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,KAAa,EAAE,SAAiB;QACzC,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;QAC1B,MAAM,OAAO,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,cAAc,CAAC;YAC1C,KAAK,EAAE,KAAK;YACZ,SAAS,EAAE,SAAS;YACpB,mBAAmB,EAAE,mBAAmB;SACzC,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACjD,IAAI,CAAC,QAAQ,CAAC,cAAc,EAAE,CAAC;YAC7B,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;QAC7D,CAAC;QAED,OAAO;YACL,UAAU,EAAE,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC;YAChD,SAAS,EAAE,mBAAmB;SAC/B,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,KAAa,EAAE,UAAkB,EAAE,SAAiB;QAC/D,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;QAC1B,MAAM,OAAO,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,cAAc,CAAC;YAC1C,KAAK,EAAE,KAAK;YACZ,cAAc,EAAE,UAAU;YAC1B,mBAAmB,EAAE,SAAS;SAC/B,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACjD,IAAI,CAAC,QAAQ,CAAC,SAAS,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;QAC5D,CAAC;QAED,OAAO,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;IACzC,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,KAAa,EAAE,MAAc;QACtC,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;QAC1B,MAAM,OAAO,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC;YACvC,KAAK,EAAE,KAAK;YACZ,OAAO,EAAE,MAAM;YACf,WAAW,EAAE,QAAQ;YACrB,gBAAgB,EAAE,eAAe;SAClC,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACjD,IAAI,CAAC,QAAQ,CAAC,SAAS,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;QACzD,CAAC;QAED,OAAO,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;IACzC,CAAC;CACF;AA1ED,wCA0EC"}
|
package/dist/kms/types.d.ts
CHANGED
|
@@ -6,5 +6,7 @@ export interface KmsWrapResult {
|
|
|
6
6
|
export interface KmsProvider {
|
|
7
7
|
wrap(keyId: string, plaintext: Buffer): Promise<KmsWrapResult>;
|
|
8
8
|
unwrap(keyId: string, wrappedKey: Buffer, algorithm: string): Promise<Buffer>;
|
|
9
|
+
/** Sign a SHA-256 digest with an asymmetric KMS key (ECDSA_SHA_256). Optional. */
|
|
10
|
+
sign?(keyId: string, digest: Buffer): Promise<Buffer>;
|
|
9
11
|
}
|
|
10
12
|
//# sourceMappingURL=types.d.ts.map
|
package/dist/kms/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/kms/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,eAAe,GAAG,KAAK,GAAG,KAAK,GAAG,OAAO,CAAC;AAEtD,MAAM,WAAW,aAAa;IAC5B,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,WAAW;IAC1B,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC;IAC/D,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/kms/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,eAAe,GAAG,KAAK,GAAG,KAAK,GAAG,OAAO,CAAC;AAEtD,MAAM,WAAW,aAAa;IAC5B,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,WAAW;IAC1B,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC;IAC/D,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAC9E,kFAAkF;IAClF,IAAI,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;CACvD"}
|
package/dist/poller.d.ts
CHANGED
|
@@ -24,6 +24,10 @@ export interface ArtifactEnvelope {
|
|
|
24
24
|
expiresAt?: string;
|
|
25
25
|
/** ISO-8601 revocation timestamp. Present when the artifact has been revoked. */
|
|
26
26
|
revokedAt?: string;
|
|
27
|
+
/** Base64-encoded cryptographic signature over the canonical artifact payload. */
|
|
28
|
+
signature?: string;
|
|
29
|
+
/** Algorithm used to produce the signature (e.g. "Ed25519", "ECDSA_SHA256"). */
|
|
30
|
+
signatureAlgorithm?: string;
|
|
27
31
|
}
|
|
28
32
|
export interface PollerOptions {
|
|
29
33
|
/** Artifact source strategy. */
|
|
@@ -42,6 +46,11 @@ export interface PollerOptions {
|
|
|
42
46
|
cacheTtl?: number;
|
|
43
47
|
/** Optional telemetry emitter for event reporting. */
|
|
44
48
|
telemetry?: TelemetryEmitter;
|
|
49
|
+
/**
|
|
50
|
+
* Public key for artifact signature verification (base64-encoded DER SPKI).
|
|
51
|
+
* When set, artifacts without a valid signature are hard-rejected before decryption.
|
|
52
|
+
*/
|
|
53
|
+
verifyKey?: string;
|
|
45
54
|
}
|
|
46
55
|
export declare class ArtifactPoller {
|
|
47
56
|
private timer;
|
package/dist/poller.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"poller.d.ts","sourceRoot":"","sources":["../src/poller.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAE/C,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAEzC,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"poller.d.ts","sourceRoot":"","sources":["../src/poller.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAE/C,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAEzC,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAG/C,yEAAyE;AACzE,MAAM,WAAW,mBAAmB;IAClC,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,gDAAgD;AAChD,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,cAAc,EAAE,MAAM,CAAC;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,QAAQ,CAAC,EAAE,mBAAmB,CAAC;IAC/B,uEAAuE;IACvE,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,iFAAiF;IACjF,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,kFAAkF;IAClF,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,gFAAgF;IAChF,kBAAkB,CAAC,EAAE,MAAM,CAAC;CAC7B;AAED,MAAM,WAAW,aAAa;IAC5B,gCAAgC;IAChC,MAAM,EAAE,cAAc,CAAC;IACvB,mEAAmE;IACnE,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,8CAA8C;IAC9C,KAAK,EAAE,YAAY,CAAC;IACpB,wCAAwC;IACxC,SAAS,CAAC,EAAE,SAAS,CAAC;IACtB,+CAA+C;IAC/C,SAAS,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,IAAI,CAAC;IACvC,2CAA2C;IAC3C,OAAO,CAAC,EAAE,CAAC,GAAG,EAAE,KAAK,KAAK,IAAI,CAAC;IAC/B,wEAAwE;IACxE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,sDAAsD;IACtD,SAAS,CAAC,EAAE,gBAAgB,CAAC;IAC7B;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AASD,qBAAa,cAAc;IACzB,OAAO,CAAC,KAAK,CAA8C;IAC3D,OAAO,CAAC,eAAe,CAAuB;IAC9C,OAAO,CAAC,YAAY,CAAuB;IAC3C,OAAO,CAAC,aAAa,CAAuB;IAC5C,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAsB;IAChD,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAgB;IACxC,OAAO,CAAC,iBAAiB,CAAC,CAAmB;gBAEjC,OAAO,EAAE,aAAa;IAIlC,sFAAsF;IACtF,YAAY,CAAC,OAAO,EAAE,gBAAgB,GAAG,IAAI;IAI7C,OAAO,KAAK,SAAS,GAEpB;IAED,wDAAwD;IAClD,eAAe,IAAI,OAAO,CAAC,IAAI,CAAC;IAwFtC;;;;OAIG;YACW,uBAAuB;IA8IrC,qEAAqE;IAC/D,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAM5B,0DAA0D;IAC1D,YAAY,IAAI,IAAI;IAKpB,6BAA6B;IAC7B,IAAI,IAAI,IAAI;IAOZ,+CAA+C;IAC/C,SAAS,IAAI,OAAO;IAIpB,wDAAwD;IACxD,OAAO,CAAC,YAAY;IAapB,yFAAyF;IACzF,OAAO,CAAC,iBAAiB;IAkBzB,OAAO,CAAC,gBAAgB;CAsBzB"}
|
package/dist/poller.js
CHANGED
|
@@ -37,6 +37,7 @@ exports.ArtifactPoller = void 0;
|
|
|
37
37
|
const crypto = __importStar(require("crypto"));
|
|
38
38
|
const decrypt_1 = require("./decrypt");
|
|
39
39
|
const kms_1 = require("./kms");
|
|
40
|
+
const signature_1 = require("./signature");
|
|
40
41
|
/**
|
|
41
42
|
* Periodically fetches a published artifact, decrypts it, and swaps the
|
|
42
43
|
* secrets cache when a new revision is detected.
|
|
@@ -183,6 +184,40 @@ class ArtifactPoller {
|
|
|
183
184
|
});
|
|
184
185
|
throw err;
|
|
185
186
|
}
|
|
187
|
+
// Verify signature when a verify key is configured (hard reject)
|
|
188
|
+
if (this.options.verifyKey) {
|
|
189
|
+
if (!artifact.signature) {
|
|
190
|
+
const err = new Error("Artifact signature verification failed: artifact is unsigned but a verify key is configured. " +
|
|
191
|
+
"Only signed artifacts are accepted when signature verification is enabled.");
|
|
192
|
+
this.telemetry?.artifactInvalid({
|
|
193
|
+
reason: "signature_missing",
|
|
194
|
+
error: err.message,
|
|
195
|
+
});
|
|
196
|
+
throw err;
|
|
197
|
+
}
|
|
198
|
+
const payload = (0, signature_1.buildSigningPayload)(artifact);
|
|
199
|
+
let valid;
|
|
200
|
+
try {
|
|
201
|
+
valid = (0, signature_1.verifySignature)(payload, artifact.signature, this.options.verifyKey);
|
|
202
|
+
}
|
|
203
|
+
catch (sigErr) {
|
|
204
|
+
const err = new Error(`Artifact signature verification error: ${sigErr instanceof Error ? sigErr.message : String(sigErr)}`);
|
|
205
|
+
this.telemetry?.artifactInvalid({
|
|
206
|
+
reason: "signature_error",
|
|
207
|
+
error: err.message,
|
|
208
|
+
});
|
|
209
|
+
throw err;
|
|
210
|
+
}
|
|
211
|
+
if (!valid) {
|
|
212
|
+
const err = new Error("Artifact signature verification failed: signature does not match the verify key. " +
|
|
213
|
+
"The artifact may have been tampered with or signed by a different key.");
|
|
214
|
+
this.telemetry?.artifactInvalid({
|
|
215
|
+
reason: "signature_invalid",
|
|
216
|
+
error: err.message,
|
|
217
|
+
});
|
|
218
|
+
throw err;
|
|
219
|
+
}
|
|
220
|
+
}
|
|
186
221
|
// Resolve the age private key
|
|
187
222
|
let agePrivateKey;
|
|
188
223
|
if (artifact.envelope) {
|
|
@@ -324,6 +359,8 @@ function classifyValidationError(err) {
|
|
|
324
359
|
return "missing_fields";
|
|
325
360
|
if (msg.includes("incomplete envelope"))
|
|
326
361
|
return "incomplete_envelope";
|
|
362
|
+
if (msg.includes("signature"))
|
|
363
|
+
return "signature";
|
|
327
364
|
return "unknown";
|
|
328
365
|
}
|
|
329
366
|
//# sourceMappingURL=poller.js.map
|
package/dist/poller.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"poller.js","sourceRoot":"","sources":["../src/poller.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,+CAAiC;AAEjC,uCAAyC;AAGzC,+BAA0C;AA+C1C;;;GAGG;AACH,wEAAwE;AACxE,MAAM,WAAW,GAAG,KAAK,CAAC;AAE1B,MAAa,cAAc;IACjB,KAAK,GAAyC,IAAI,CAAC;IACnD,eAAe,GAAkB,IAAI,CAAC;IACtC,YAAY,GAAkB,IAAI,CAAC;IACnC,aAAa,GAAkB,IAAI,CAAC;IAC3B,SAAS,GAAG,IAAI,sBAAY,EAAE,CAAC;IAC/B,OAAO,CAAgB;IAChC,iBAAiB,CAAoB;IAE7C,YAAY,OAAsB;QAChC,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;IACzB,CAAC;IAED,sFAAsF;IACtF,YAAY,CAAC,OAAyB;QACpC,IAAI,CAAC,iBAAiB,GAAG,OAAO,CAAC;IACnC,CAAC;IAED,IAAY,SAAS;QACnB,OAAO,IAAI,CAAC,iBAAiB,IAAI,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC;IAC1D,CAAC;IAED,wDAAwD;IACxD,KAAK,CAAC,eAAe;QACnB,IAAI,GAAW,CAAC;QAChB,IAAI,WAA+B,CAAC;QAEpC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YACjD,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC;YACjB,WAAW,GAAG,MAAM,CAAC,WAAW,CAAC;YAEjC,8DAA8D;YAC9D,IAAI,WAAW,IAAI,WAAW,KAAK,IAAI,CAAC,eAAe;gBAAE,OAAO;YAEhE,0CAA0C;YAC1C,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,KAAK,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;QAClD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,SAAS,EAAE,WAAW,CAAC;gBAC1B,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;gBACvD,kBAAkB,EAAE,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,IAAI,EAAE;aACrD,CAAC,CAAC;YAEH,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC;YAClC,8BAA8B;YAC9B,IAAI,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;gBAC3B,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;gBAC7C,IAAI,MAAM,EAAE,CAAC;oBACX,uCAAuC;oBACvC,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;wBACtB,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,YAAY,EAAE,CAAC;wBACxD,IAAI,SAAS,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,IAAI,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,CAAC,GAAG,IAAI,GAAG,GAAG,EAAE,CAAC;4BAC3E,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;4BAC1B,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC;4BAC/B,IAAI,CAAC,SAAS,EAAE,YAAY,CAAC;gCAC3B,eAAe,EAAE,GAAG;gCACpB,eAAe,EAAE,IAAI;6BACtB,CAAC,CAAC;4BACH,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC;wBAC7E,CAAC;oBACH,CAAC;oBACD,GAAG,GAAG,MAAM,CAAC;oBACb,WAAW,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,YAAY,EAAE,CAAC;oBACpD,yCAAyC;oBACzC,IAAI,WAAW,IAAI,WAAW,KAAK,IAAI,CAAC,eAAe;wBAAE,OAAO;gBAClE,CAAC;qBAAM,CAAC;oBACN,8CAA8C;oBAC9C,IAAI,GAAG,KAAK,SAAS,IAAI,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC;wBAC3D,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;wBAC1B,IAAI,CAAC,SAAS,EAAE,YAAY,CAAC;4BAC3B,eAAe,EAAE,GAAG;4BACpB,eAAe,EAAE,KAAK;yBACvB,CAAC,CAAC;wBACH,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC;oBAC7E,CAAC;oBACD,MAAM,GAAG,CAAC;gBACZ,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,iDAAiD;gBACjD,IAAI,GAAG,KAAK,SAAS,IAAI,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC;oBAC3D,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;oBAC1B,IAAI,CAAC,SAAS,EAAE,YAAY,CAAC;wBAC3B,eAAe,EAAE,GAAG;wBACpB,eAAe,EAAE,KAAK;qBACvB,CAAC,CAAC;oBACH,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC;gBAC7E,CAAC;gBACD,MAAM,GAAG,CAAC;YACZ,CAAC;QACH,CAAC;QAED,mEAAmE;QACnE,yCAAyC;QACzC,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAA4B,CAAC;QAC1D,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;YACrB,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;YAC1B,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,KAAK,EAAE,CAAC;YAChC,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC;YACzB,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC;YAC5B,IAAI,CAAC,SAAS,EAAE,eAAe,CAAC;gBAC9B,SAAS,EAAE,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC;aACpC,CAAC,CAAC;YACH,MAAM,IAAI,KAAK,CACb,qBAAqB,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC,WAAW,OAAO,MAAM,CAAC,SAAS,EAAE,CACpF,CAAC;QACJ,CAAC;QAED,sEAAsE;QACtE,MAAM,IAAI,CAAC,uBAAuB,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;IACvD,CAAC;IAED;;;;OAIG;IACK,KAAK,CAAC,uBAAuB,CACnC,GAAW,EACX,WAA+B;QAE/B,IAAI,QAA0B,CAAC;QAC/B,IAAI,CAAC;YACH,QAAQ,GAAG,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC;QACxC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,SAAS,EAAE,eAAe,CAAC;gBAC9B,MAAM,EAAE,uBAAuB,CAAC,GAAG,CAAC;gBACpC,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;aACxD,CAAC,CAAC;YACH,MAAM,GAAG,CAAC;QACZ,CAAC;QAED,8BAA8B;QAC9B,IAAI,QAAQ,CAAC,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC;YAC9E,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;YAC1B,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,KAAK,EAAE,CAAC;YAChC,IAAI,CAAC,SAAS,EAAE,eAAe,CAAC,EAAE,SAAS,EAAE,QAAQ,CAAC,SAAS,EAAE,CAAC,CAAC;YACnE,MAAM,IAAI,KAAK,CAAC,uBAAuB,QAAQ,CAAC,SAAS,EAAE,CAAC,CAAC;QAC/D,CAAC;QAED,6BAA6B;QAC7B,IAAI,QAAQ,CAAC,QAAQ,KAAK,IAAI,CAAC,YAAY;YAAE,OAAO;QAEpD,mBAAmB;QACnB,MAAM,IAAI,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACnF,IAAI,IAAI,KAAK,QAAQ,CAAC,cAAc,EAAE,CAAC;YACrC,MAAM,GAAG,GAAG,IAAI,KAAK,CACnB,kDAAkD,QAAQ,CAAC,cAAc,SAAS,IAAI,EAAE,CACzF,CAAC;YACF,IAAI,CAAC,SAAS,EAAE,eAAe,CAAC;gBAC9B,MAAM,EAAE,WAAW;gBACnB,KAAK,EAAE,GAAG,CAAC,OAAO;aACnB,CAAC,CAAC;YACH,MAAM,GAAG,CAAC;QACZ,CAAC;QAED,8BAA8B;QAC9B,IAAI,aAAqB,CAAC;QAC1B,IAAI,QAAQ,CAAC,QAAQ,EAAE,CAAC;YACtB,yDAAyD;YACzD,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,IAAA,uBAAiB,EAAC,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;gBAC1D,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;gBACvE,MAAM,SAAS,GAAG,MAAM,GAAG,CAAC,MAAM,CAChC,QAAQ,CAAC,QAAQ,CAAC,KAAK,EACvB,UAAU,EACV,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAC5B,CAAC;gBACF,yEAAyE;gBACzE,mFAAmF;gBACnF,aAAa,GAAG,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;gBAC5C,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACpB,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,IAAI,CAAC,SAAS,EAAE,eAAe,CAAC;oBAC9B,MAAM,EAAE,YAAY;oBACpB,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;iBACxD,CAAC,CAAC;gBACH,MAAM,GAAG,CAAC;YACZ,CAAC;QACH,CAAC;aAAM,CAAC;YACN,4EAA4E;YAC5E,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,CAAC;gBAC7B,MAAM,IAAI,KAAK,CACb,8FAA8F,CAC/F,CAAC;YACJ,CAAC;YACD,aAAa,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC;QAC1C,CAAC;QAED,UAAU;QACV,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;YACnF,MAAM,MAAM,GAA2B,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;YAE7D,cAAc;YACd,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAClE,IAAI,CAAC,YAAY,GAAG,QAAQ,CAAC,QAAQ,CAAC;YACtC,IAAI,CAAC,eAAe,GAAG,WAAW,IAAI,IAAI,CAAC;YAC3C,IAAI,CAAC,aAAa,GAAG,QAAQ,CAAC,SAAS,IAAI,IAAI,CAAC;YAChD,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAC5C,IAAI,CAAC,SAAS,EAAE,iBAAiB,CAAC;gBAChC,QAAQ,EAAE,QAAQ,CAAC,QAAQ;gBAC3B,QAAQ,EAAE,QAAQ,CAAC,IAAI,CAAC,MAAM;gBAC9B,WAAW,EAAE,CAAC,CAAC,QAAQ,CAAC,QAAQ;aACjC,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,wDAAwD;YACxD,IAAI,GAAG,YAAY,KAAK,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,wBAAwB,CAAC,EAAE,CAAC;gBAC5E,IAAI,CAAC,SAAS,EAAE,eAAe,CAAC;oBAC9B,MAAM,EAAE,GAAG,YAAY,WAAW,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS;oBAChE,KAAK,EAAE,GAAG,CAAC,OAAO;iBACnB,CAAC,CAAC;YACL,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;IAED,qEAAqE;IACrE,KAAK,CAAC,KAAK;QACT,qDAAqD;QACrD,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC;QAC7B,IAAI,CAAC,YAAY,EAAE,CAAC;IACtB,CAAC;IAED,0DAA0D;IAC1D,YAAY;QACV,IAAI,IAAI,CAAC,KAAK;YAAE,OAAO;QACvB,IAAI,CAAC,YAAY,EAAE,CAAC;IACtB,CAAC;IAED,6BAA6B;IAC7B,IAAI;QACF,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACzB,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;QACpB,CAAC;IACH,CAAC;IAED,+CAA+C;IAC/C,SAAS;QACP,OAAO,IAAI,CAAC,KAAK,KAAK,IAAI,CAAC;IAC7B,CAAC;IAED,wDAAwD;IAChD,YAAY;QAClB,MAAM,OAAO,GAAG,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACzC,IAAI,CAAC,KAAK,GAAG,UAAU,CAAC,KAAK,IAAI,EAAE;YACjC,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;YAClB,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC;YAC/B,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YAC9E,CAAC;YACD,IAAI,CAAC,YAAY,EAAE,CAAC;QACtB,CAAC,EAAE,OAAO,CAAC,CAAC;IACd,CAAC;IAED,yFAAyF;IACjF,iBAAiB;QACvB,qEAAqE;QACrE,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YACvB,MAAM,WAAW,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YACxE,IAAI,WAAW,GAAG,CAAC,EAAE,CAAC;gBACpB,OAAO,IAAI,CAAC,GAAG,CAAC,WAAW,GAAG,GAAG,EAAE,WAAW,CAAC,CAAC;YAClD,CAAC;YACD,kDAAkD;YAClD,OAAO,WAAW,CAAC;QACrB,CAAC;QACD,oEAAoE;QACpE,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC;QAClC,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;YACtB,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,GAAG,EAAE,CAAC,GAAG,IAAI,EAAE,WAAW,CAAC,CAAC;QAClD,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,gBAAgB,CAAC,GAAW;QAClC,MAAM,QAAQ,GAAqB,IAAI,CAAC,KAAK,CAAC,GAAG,CAAqB,CAAC;QAEvE,IAAI,QAAQ,CAAC,OAAO,KAAK,CAAC,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CAAC,iCAAiC,QAAQ,CAAC,OAAO,EAAE,CAAC,CAAC;QACvE,CAAC;QACD,IAAI,CAAC,QAAQ,CAAC,UAAU,IAAI,CAAC,QAAQ,CAAC,QAAQ,IAAI,CAAC,QAAQ,CAAC,cAAc,EAAE,CAAC;YAC3E,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;QAChE,CAAC;QACD,IAAI,QAAQ,CAAC,QAAQ,EAAE,CAAC;YACtB,IACE,CAAC,QAAQ,CAAC,QAAQ,CAAC,QAAQ;gBAC3B,CAAC,QAAQ,CAAC,QAAQ,CAAC,KAAK;gBACxB,CAAC,QAAQ,CAAC,QAAQ,CAAC,UAAU;gBAC7B,CAAC,QAAQ,CAAC,QAAQ,CAAC,SAAS,EAC5B,CAAC;gBACD,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;YACnE,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF;AAzSD,wCAySC;AAED,wFAAwF;AACxF,SAAS,uBAAuB,CAAC,GAAY;IAC3C,IAAI,GAAG,YAAY,WAAW;QAAE,OAAO,YAAY,CAAC;IACpD,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC;IACpD,IAAI,GAAG,CAAC,QAAQ,CAAC,8BAA8B,CAAC;QAAE,OAAO,qBAAqB,CAAC;IAC/E,IAAI,GAAG,CAAC,QAAQ,CAAC,yBAAyB,CAAC;QAAE,OAAO,gBAAgB,CAAC;IACrE,IAAI,GAAG,CAAC,QAAQ,CAAC,qBAAqB,CAAC;QAAE,OAAO,qBAAqB,CAAC;IACtE,OAAO,SAAS,CAAC;AACnB,CAAC"}
|
|
1
|
+
{"version":3,"file":"poller.js","sourceRoot":"","sources":["../src/poller.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,+CAAiC;AAEjC,uCAAyC;AAGzC,+BAA0C;AAE1C,2CAAmE;AAuDnE;;;GAGG;AACH,wEAAwE;AACxE,MAAM,WAAW,GAAG,KAAK,CAAC;AAE1B,MAAa,cAAc;IACjB,KAAK,GAAyC,IAAI,CAAC;IACnD,eAAe,GAAkB,IAAI,CAAC;IACtC,YAAY,GAAkB,IAAI,CAAC;IACnC,aAAa,GAAkB,IAAI,CAAC;IAC3B,SAAS,GAAG,IAAI,sBAAY,EAAE,CAAC;IAC/B,OAAO,CAAgB;IAChC,iBAAiB,CAAoB;IAE7C,YAAY,OAAsB;QAChC,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;IACzB,CAAC;IAED,sFAAsF;IACtF,YAAY,CAAC,OAAyB;QACpC,IAAI,CAAC,iBAAiB,GAAG,OAAO,CAAC;IACnC,CAAC;IAED,IAAY,SAAS;QACnB,OAAO,IAAI,CAAC,iBAAiB,IAAI,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC;IAC1D,CAAC;IAED,wDAAwD;IACxD,KAAK,CAAC,eAAe;QACnB,IAAI,GAAW,CAAC;QAChB,IAAI,WAA+B,CAAC;QAEpC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YACjD,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC;YACjB,WAAW,GAAG,MAAM,CAAC,WAAW,CAAC;YAEjC,8DAA8D;YAC9D,IAAI,WAAW,IAAI,WAAW,KAAK,IAAI,CAAC,eAAe;gBAAE,OAAO;YAEhE,0CAA0C;YAC1C,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,KAAK,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;QAClD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,SAAS,EAAE,WAAW,CAAC;gBAC1B,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;gBACvD,kBAAkB,EAAE,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,IAAI,EAAE;aACrD,CAAC,CAAC;YAEH,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC;YAClC,8BAA8B;YAC9B,IAAI,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;gBAC3B,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;gBAC7C,IAAI,MAAM,EAAE,CAAC;oBACX,uCAAuC;oBACvC,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;wBACtB,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,YAAY,EAAE,CAAC;wBACxD,IAAI,SAAS,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,IAAI,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,CAAC,GAAG,IAAI,GAAG,GAAG,EAAE,CAAC;4BAC3E,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;4BAC1B,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC;4BAC/B,IAAI,CAAC,SAAS,EAAE,YAAY,CAAC;gCAC3B,eAAe,EAAE,GAAG;gCACpB,eAAe,EAAE,IAAI;6BACtB,CAAC,CAAC;4BACH,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC;wBAC7E,CAAC;oBACH,CAAC;oBACD,GAAG,GAAG,MAAM,CAAC;oBACb,WAAW,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,YAAY,EAAE,CAAC;oBACpD,yCAAyC;oBACzC,IAAI,WAAW,IAAI,WAAW,KAAK,IAAI,CAAC,eAAe;wBAAE,OAAO;gBAClE,CAAC;qBAAM,CAAC;oBACN,8CAA8C;oBAC9C,IAAI,GAAG,KAAK,SAAS,IAAI,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC;wBAC3D,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;wBAC1B,IAAI,CAAC,SAAS,EAAE,YAAY,CAAC;4BAC3B,eAAe,EAAE,GAAG;4BACpB,eAAe,EAAE,KAAK;yBACvB,CAAC,CAAC;wBACH,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC;oBAC7E,CAAC;oBACD,MAAM,GAAG,CAAC;gBACZ,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,iDAAiD;gBACjD,IAAI,GAAG,KAAK,SAAS,IAAI,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC;oBAC3D,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;oBAC1B,IAAI,CAAC,SAAS,EAAE,YAAY,CAAC;wBAC3B,eAAe,EAAE,GAAG;wBACpB,eAAe,EAAE,KAAK;qBACvB,CAAC,CAAC;oBACH,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC;gBAC7E,CAAC;gBACD,MAAM,GAAG,CAAC;YACZ,CAAC;QACH,CAAC;QAED,mEAAmE;QACnE,yCAAyC;QACzC,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAA4B,CAAC;QAC1D,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;YACrB,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;YAC1B,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,KAAK,EAAE,CAAC;YAChC,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC;YACzB,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC;YAC5B,IAAI,CAAC,SAAS,EAAE,eAAe,CAAC;gBAC9B,SAAS,EAAE,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC;aACpC,CAAC,CAAC;YACH,MAAM,IAAI,KAAK,CACb,qBAAqB,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC,WAAW,OAAO,MAAM,CAAC,SAAS,EAAE,CACpF,CAAC;QACJ,CAAC;QAED,sEAAsE;QACtE,MAAM,IAAI,CAAC,uBAAuB,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;IACvD,CAAC;IAED;;;;OAIG;IACK,KAAK,CAAC,uBAAuB,CACnC,GAAW,EACX,WAA+B;QAE/B,IAAI,QAA0B,CAAC;QAC/B,IAAI,CAAC;YACH,QAAQ,GAAG,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC;QACxC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,SAAS,EAAE,eAAe,CAAC;gBAC9B,MAAM,EAAE,uBAAuB,CAAC,GAAG,CAAC;gBACpC,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;aACxD,CAAC,CAAC;YACH,MAAM,GAAG,CAAC;QACZ,CAAC;QAED,8BAA8B;QAC9B,IAAI,QAAQ,CAAC,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC;YAC9E,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;YAC1B,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,KAAK,EAAE,CAAC;YAChC,IAAI,CAAC,SAAS,EAAE,eAAe,CAAC,EAAE,SAAS,EAAE,QAAQ,CAAC,SAAS,EAAE,CAAC,CAAC;YACnE,MAAM,IAAI,KAAK,CAAC,uBAAuB,QAAQ,CAAC,SAAS,EAAE,CAAC,CAAC;QAC/D,CAAC;QAED,6BAA6B;QAC7B,IAAI,QAAQ,CAAC,QAAQ,KAAK,IAAI,CAAC,YAAY;YAAE,OAAO;QAEpD,mBAAmB;QACnB,MAAM,IAAI,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACnF,IAAI,IAAI,KAAK,QAAQ,CAAC,cAAc,EAAE,CAAC;YACrC,MAAM,GAAG,GAAG,IAAI,KAAK,CACnB,kDAAkD,QAAQ,CAAC,cAAc,SAAS,IAAI,EAAE,CACzF,CAAC;YACF,IAAI,CAAC,SAAS,EAAE,eAAe,CAAC;gBAC9B,MAAM,EAAE,WAAW;gBACnB,KAAK,EAAE,GAAG,CAAC,OAAO;aACnB,CAAC,CAAC;YACH,MAAM,GAAG,CAAC;QACZ,CAAC;QAED,iEAAiE;QACjE,IAAI,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;YAC3B,IAAI,CAAC,QAAQ,CAAC,SAAS,EAAE,CAAC;gBACxB,MAAM,GAAG,GAAG,IAAI,KAAK,CACnB,+FAA+F;oBAC7F,4EAA4E,CAC/E,CAAC;gBACF,IAAI,CAAC,SAAS,EAAE,eAAe,CAAC;oBAC9B,MAAM,EAAE,mBAAmB;oBAC3B,KAAK,EAAE,GAAG,CAAC,OAAO;iBACnB,CAAC,CAAC;gBACH,MAAM,GAAG,CAAC;YACZ,CAAC;YAED,MAAM,OAAO,GAAG,IAAA,+BAAmB,EAAC,QAAQ,CAAC,CAAC;YAC9C,IAAI,KAAc,CAAC;YACnB,IAAI,CAAC;gBACH,KAAK,GAAG,IAAA,2BAAe,EAAC,OAAO,EAAE,QAAQ,CAAC,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YAC/E,CAAC;YAAC,OAAO,MAAM,EAAE,CAAC;gBAChB,MAAM,GAAG,GAAG,IAAI,KAAK,CACnB,0CAA0C,MAAM,YAAY,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CACtG,CAAC;gBACF,IAAI,CAAC,SAAS,EAAE,eAAe,CAAC;oBAC9B,MAAM,EAAE,iBAAiB;oBACzB,KAAK,EAAE,GAAG,CAAC,OAAO;iBACnB,CAAC,CAAC;gBACH,MAAM,GAAG,CAAC;YACZ,CAAC;YAED,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,MAAM,GAAG,GAAG,IAAI,KAAK,CACnB,mFAAmF;oBACjF,wEAAwE,CAC3E,CAAC;gBACF,IAAI,CAAC,SAAS,EAAE,eAAe,CAAC;oBAC9B,MAAM,EAAE,mBAAmB;oBAC3B,KAAK,EAAE,GAAG,CAAC,OAAO;iBACnB,CAAC,CAAC;gBACH,MAAM,GAAG,CAAC;YACZ,CAAC;QACH,CAAC;QAED,8BAA8B;QAC9B,IAAI,aAAqB,CAAC;QAC1B,IAAI,QAAQ,CAAC,QAAQ,EAAE,CAAC;YACtB,yDAAyD;YACzD,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,IAAA,uBAAiB,EAAC,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;gBAC1D,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;gBACvE,MAAM,SAAS,GAAG,MAAM,GAAG,CAAC,MAAM,CAChC,QAAQ,CAAC,QAAQ,CAAC,KAAK,EACvB,UAAU,EACV,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAC5B,CAAC;gBACF,yEAAyE;gBACzE,mFAAmF;gBACnF,aAAa,GAAG,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;gBAC5C,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACpB,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,IAAI,CAAC,SAAS,EAAE,eAAe,CAAC;oBAC9B,MAAM,EAAE,YAAY;oBACpB,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;iBACxD,CAAC,CAAC;gBACH,MAAM,GAAG,CAAC;YACZ,CAAC;QACH,CAAC;aAAM,CAAC;YACN,4EAA4E;YAC5E,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,CAAC;gBAC7B,MAAM,IAAI,KAAK,CACb,8FAA8F,CAC/F,CAAC;YACJ,CAAC;YACD,aAAa,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC;QAC1C,CAAC;QAED,UAAU;QACV,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;YACnF,MAAM,MAAM,GAA2B,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;YAE7D,cAAc;YACd,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAClE,IAAI,CAAC,YAAY,GAAG,QAAQ,CAAC,QAAQ,CAAC;YACtC,IAAI,CAAC,eAAe,GAAG,WAAW,IAAI,IAAI,CAAC;YAC3C,IAAI,CAAC,aAAa,GAAG,QAAQ,CAAC,SAAS,IAAI,IAAI,CAAC;YAChD,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAC5C,IAAI,CAAC,SAAS,EAAE,iBAAiB,CAAC;gBAChC,QAAQ,EAAE,QAAQ,CAAC,QAAQ;gBAC3B,QAAQ,EAAE,QAAQ,CAAC,IAAI,CAAC,MAAM;gBAC9B,WAAW,EAAE,CAAC,CAAC,QAAQ,CAAC,QAAQ;aACjC,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,wDAAwD;YACxD,IAAI,GAAG,YAAY,KAAK,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,wBAAwB,CAAC,EAAE,CAAC;gBAC5E,IAAI,CAAC,SAAS,EAAE,eAAe,CAAC;oBAC9B,MAAM,EAAE,GAAG,YAAY,WAAW,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS;oBAChE,KAAK,EAAE,GAAG,CAAC,OAAO;iBACnB,CAAC,CAAC;YACL,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;IAED,qEAAqE;IACrE,KAAK,CAAC,KAAK;QACT,qDAAqD;QACrD,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC;QAC7B,IAAI,CAAC,YAAY,EAAE,CAAC;IACtB,CAAC;IAED,0DAA0D;IAC1D,YAAY;QACV,IAAI,IAAI,CAAC,KAAK;YAAE,OAAO;QACvB,IAAI,CAAC,YAAY,EAAE,CAAC;IACtB,CAAC;IAED,6BAA6B;IAC7B,IAAI;QACF,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACzB,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;QACpB,CAAC;IACH,CAAC;IAED,+CAA+C;IAC/C,SAAS;QACP,OAAO,IAAI,CAAC,KAAK,KAAK,IAAI,CAAC;IAC7B,CAAC;IAED,wDAAwD;IAChD,YAAY;QAClB,MAAM,OAAO,GAAG,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACzC,IAAI,CAAC,KAAK,GAAG,UAAU,CAAC,KAAK,IAAI,EAAE;YACjC,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;YAClB,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC;YAC/B,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YAC9E,CAAC;YACD,IAAI,CAAC,YAAY,EAAE,CAAC;QACtB,CAAC,EAAE,OAAO,CAAC,CAAC;IACd,CAAC;IAED,yFAAyF;IACjF,iBAAiB;QACvB,qEAAqE;QACrE,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YACvB,MAAM,WAAW,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YACxE,IAAI,WAAW,GAAG,CAAC,EAAE,CAAC;gBACpB,OAAO,IAAI,CAAC,GAAG,CAAC,WAAW,GAAG,GAAG,EAAE,WAAW,CAAC,CAAC;YAClD,CAAC;YACD,kDAAkD;YAClD,OAAO,WAAW,CAAC;QACrB,CAAC;QACD,oEAAoE;QACpE,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC;QAClC,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;YACtB,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,GAAG,EAAE,CAAC,GAAG,IAAI,EAAE,WAAW,CAAC,CAAC;QAClD,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,gBAAgB,CAAC,GAAW;QAClC,MAAM,QAAQ,GAAqB,IAAI,CAAC,KAAK,CAAC,GAAG,CAAqB,CAAC;QAEvE,IAAI,QAAQ,CAAC,OAAO,KAAK,CAAC,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CAAC,iCAAiC,QAAQ,CAAC,OAAO,EAAE,CAAC,CAAC;QACvE,CAAC;QACD,IAAI,CAAC,QAAQ,CAAC,UAAU,IAAI,CAAC,QAAQ,CAAC,QAAQ,IAAI,CAAC,QAAQ,CAAC,cAAc,EAAE,CAAC;YAC3E,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;QAChE,CAAC;QACD,IAAI,QAAQ,CAAC,QAAQ,EAAE,CAAC;YACtB,IACE,CAAC,QAAQ,CAAC,QAAQ,CAAC,QAAQ;gBAC3B,CAAC,QAAQ,CAAC,QAAQ,CAAC,KAAK;gBACxB,CAAC,QAAQ,CAAC,QAAQ,CAAC,UAAU;gBAC7B,CAAC,QAAQ,CAAC,QAAQ,CAAC,SAAS,EAC5B,CAAC;gBACD,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;YACnE,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF;AAnVD,wCAmVC;AAED,wFAAwF;AACxF,SAAS,uBAAuB,CAAC,GAAY;IAC3C,IAAI,GAAG,YAAY,WAAW;QAAE,OAAO,YAAY,CAAC;IACpD,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC;IACpD,IAAI,GAAG,CAAC,QAAQ,CAAC,8BAA8B,CAAC;QAAE,OAAO,qBAAqB,CAAC;IAC/E,IAAI,GAAG,CAAC,QAAQ,CAAC,yBAAyB,CAAC;QAAE,OAAO,gBAAgB,CAAC;IACrE,IAAI,GAAG,CAAC,QAAQ,CAAC,qBAAqB,CAAC;QAAE,OAAO,qBAAqB,CAAC;IACtE,IAAI,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC;QAAE,OAAO,WAAW,CAAC;IAClD,OAAO,SAAS,CAAC;AACnB,CAAC"}
|
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Minimal artifact shape for signature payload construction.
|
|
3
|
+
* Mirrors the fields from ArtifactEnvelope that the signature covers.
|
|
4
|
+
*/
|
|
5
|
+
interface SignableArtifact {
|
|
6
|
+
version: number;
|
|
7
|
+
identity: string;
|
|
8
|
+
environment: string;
|
|
9
|
+
revision: string;
|
|
10
|
+
packedAt: string;
|
|
11
|
+
ciphertextHash: string;
|
|
12
|
+
keys: string[];
|
|
13
|
+
expiresAt?: string;
|
|
14
|
+
envelope?: {
|
|
15
|
+
provider: string;
|
|
16
|
+
keyId: string;
|
|
17
|
+
wrappedKey: string;
|
|
18
|
+
algorithm: string;
|
|
19
|
+
};
|
|
20
|
+
}
|
|
21
|
+
/**
|
|
22
|
+
* Build the canonical signing payload from an artifact.
|
|
23
|
+
*
|
|
24
|
+
* Must produce the same output as the core signer's buildSigningPayload
|
|
25
|
+
* to enable cross-package sign/verify. The format is a deterministic
|
|
26
|
+
* newline-separated string of all security-relevant fields.
|
|
27
|
+
*/
|
|
28
|
+
export declare function buildSigningPayload(artifact: SignableArtifact): Buffer;
|
|
29
|
+
/**
|
|
30
|
+
* Verify a signature against a public key.
|
|
31
|
+
*
|
|
32
|
+
* The algorithm is derived from the key's type (Ed25519 or EC), not from
|
|
33
|
+
* the artifact's claimed signatureAlgorithm field.
|
|
34
|
+
*
|
|
35
|
+
* @param payload - Canonical signing payload
|
|
36
|
+
* @param signatureBase64 - Base64-encoded signature to verify
|
|
37
|
+
* @param publicKeyBase64 - Base64-encoded DER SPKI public key
|
|
38
|
+
* @returns true if the signature is valid
|
|
39
|
+
*/
|
|
40
|
+
export declare function verifySignature(payload: Buffer, signatureBase64: string, publicKeyBase64: string): boolean;
|
|
41
|
+
export {};
|
|
42
|
+
//# sourceMappingURL=signature.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"signature.d.ts","sourceRoot":"","sources":["../src/signature.ts"],"names":[],"mappings":"AAEA;;;GAGG;AACH,UAAU,gBAAgB;IACxB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,cAAc,EAAE,MAAM,CAAC;IACvB,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE;QACT,QAAQ,EAAE,MAAM,CAAC;QACjB,KAAK,EAAE,MAAM,CAAC;QACd,UAAU,EAAE,MAAM,CAAC;QACnB,SAAS,EAAE,MAAM,CAAC;KACnB,CAAC;CACH;AAED;;;;;;GAMG;AACH,wBAAgB,mBAAmB,CAAC,QAAQ,EAAE,gBAAgB,GAAG,MAAM,CAiBtE;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,eAAe,CAC7B,OAAO,EAAE,MAAM,EACf,eAAe,EAAE,MAAM,EACvB,eAAe,EAAE,MAAM,GACtB,OAAO,CAgBT"}
|
|
@@ -0,0 +1,91 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
18
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
19
|
+
var ownKeys = function(o) {
|
|
20
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
21
|
+
var ar = [];
|
|
22
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
23
|
+
return ar;
|
|
24
|
+
};
|
|
25
|
+
return ownKeys(o);
|
|
26
|
+
};
|
|
27
|
+
return function (mod) {
|
|
28
|
+
if (mod && mod.__esModule) return mod;
|
|
29
|
+
var result = {};
|
|
30
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
31
|
+
__setModuleDefault(result, mod);
|
|
32
|
+
return result;
|
|
33
|
+
};
|
|
34
|
+
})();
|
|
35
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
36
|
+
exports.buildSigningPayload = buildSigningPayload;
|
|
37
|
+
exports.verifySignature = verifySignature;
|
|
38
|
+
const crypto = __importStar(require("crypto"));
|
|
39
|
+
/**
|
|
40
|
+
* Build the canonical signing payload from an artifact.
|
|
41
|
+
*
|
|
42
|
+
* Must produce the same output as the core signer's buildSigningPayload
|
|
43
|
+
* to enable cross-package sign/verify. The format is a deterministic
|
|
44
|
+
* newline-separated string of all security-relevant fields.
|
|
45
|
+
*/
|
|
46
|
+
function buildSigningPayload(artifact) {
|
|
47
|
+
const fields = [
|
|
48
|
+
"clef-sig-v1",
|
|
49
|
+
String(artifact.version),
|
|
50
|
+
artifact.identity,
|
|
51
|
+
artifact.environment,
|
|
52
|
+
artifact.revision,
|
|
53
|
+
artifact.packedAt,
|
|
54
|
+
artifact.ciphertextHash,
|
|
55
|
+
[...artifact.keys].sort().join(","),
|
|
56
|
+
artifact.expiresAt ?? "",
|
|
57
|
+
artifact.envelope?.provider ?? "",
|
|
58
|
+
artifact.envelope?.keyId ?? "",
|
|
59
|
+
artifact.envelope?.wrappedKey ?? "",
|
|
60
|
+
artifact.envelope?.algorithm ?? "",
|
|
61
|
+
];
|
|
62
|
+
return Buffer.from(fields.join("\n"), "utf-8");
|
|
63
|
+
}
|
|
64
|
+
/**
|
|
65
|
+
* Verify a signature against a public key.
|
|
66
|
+
*
|
|
67
|
+
* The algorithm is derived from the key's type (Ed25519 or EC), not from
|
|
68
|
+
* the artifact's claimed signatureAlgorithm field.
|
|
69
|
+
*
|
|
70
|
+
* @param payload - Canonical signing payload
|
|
71
|
+
* @param signatureBase64 - Base64-encoded signature to verify
|
|
72
|
+
* @param publicKeyBase64 - Base64-encoded DER SPKI public key
|
|
73
|
+
* @returns true if the signature is valid
|
|
74
|
+
*/
|
|
75
|
+
function verifySignature(payload, signatureBase64, publicKeyBase64) {
|
|
76
|
+
const keyObj = crypto.createPublicKey({
|
|
77
|
+
key: Buffer.from(publicKeyBase64, "base64"),
|
|
78
|
+
format: "der",
|
|
79
|
+
type: "spki",
|
|
80
|
+
});
|
|
81
|
+
const signature = Buffer.from(signatureBase64, "base64");
|
|
82
|
+
const keyType = keyObj.asymmetricKeyType;
|
|
83
|
+
if (keyType === "ed25519") {
|
|
84
|
+
return crypto.verify(null, payload, keyObj, signature);
|
|
85
|
+
}
|
|
86
|
+
if (keyType === "ec") {
|
|
87
|
+
return crypto.verify("sha256", payload, keyObj, signature);
|
|
88
|
+
}
|
|
89
|
+
throw new Error(`Unsupported key type for signature verification: ${keyType}`);
|
|
90
|
+
}
|
|
91
|
+
//# sourceMappingURL=signature.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"signature.js","sourceRoot":"","sources":["../src/signature.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA8BA,kDAiBC;AAaD,0CAoBC;AAhFD,+CAAiC;AAuBjC;;;;;;GAMG;AACH,SAAgB,mBAAmB,CAAC,QAA0B;IAC5D,MAAM,MAAM,GAAG;QACb,aAAa;QACb,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC;QACxB,QAAQ,CAAC,QAAQ;QACjB,QAAQ,CAAC,WAAW;QACpB,QAAQ,CAAC,QAAQ;QACjB,QAAQ,CAAC,QAAQ;QACjB,QAAQ,CAAC,cAAc;QACvB,CAAC,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC;QACnC,QAAQ,CAAC,SAAS,IAAI,EAAE;QACxB,QAAQ,CAAC,QAAQ,EAAE,QAAQ,IAAI,EAAE;QACjC,QAAQ,CAAC,QAAQ,EAAE,KAAK,IAAI,EAAE;QAC9B,QAAQ,CAAC,QAAQ,EAAE,UAAU,IAAI,EAAE;QACnC,QAAQ,CAAC,QAAQ,EAAE,SAAS,IAAI,EAAE;KACnC,CAAC;IACF,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,OAAO,CAAC,CAAC;AACjD,CAAC;AAED;;;;;;;;;;GAUG;AACH,SAAgB,eAAe,CAC7B,OAAe,EACf,eAAuB,EACvB,eAAuB;IAEvB,MAAM,MAAM,GAAG,MAAM,CAAC,eAAe,CAAC;QACpC,GAAG,EAAE,MAAM,CAAC,IAAI,CAAC,eAAe,EAAE,QAAQ,CAAC;QAC3C,MAAM,EAAE,KAAK;QACb,IAAI,EAAE,MAAM;KACb,CAAC,CAAC;IACH,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,eAAe,EAAE,QAAQ,CAAC,CAAC;IAEzD,MAAM,OAAO,GAAG,MAAM,CAAC,iBAAiB,CAAC;IACzC,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;QAC1B,OAAO,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;IACzD,CAAC;IACD,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;QACrB,OAAO,MAAM,CAAC,MAAM,CAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;IAC7D,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,oDAAoD,OAAO,EAAE,CAAC,CAAC;AACjF,CAAC"}
|