npm - @clef-sh/runtime - Versions diffs - 0.1.6-beta.32 - Mend

@clef-sh/runtime 0.1.6-beta.32

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (85) hide show

package/dist/decrypt.d.ts +25 -0
package/dist/decrypt.d.ts.map +1 -0
package/dist/decrypt.js +82 -0
package/dist/decrypt.js.map +1 -0
package/dist/disk-cache.d.ts +22 -0
package/dist/disk-cache.d.ts.map +1 -0
package/dist/disk-cache.js +113 -0
package/dist/disk-cache.js.map +1 -0
package/dist/index.d.ts +96 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +165 -0
package/dist/index.js.map +1 -0
package/dist/kms/aws.d.ts +15 -0
package/dist/kms/aws.d.ts.map +1 -0
package/dist/kms/aws.js +92 -0
package/dist/kms/aws.js.map +1 -0
package/dist/kms/azure.d.ts +16 -0
package/dist/kms/azure.d.ts.map +1 -0
package/dist/kms/azure.js +85 -0
package/dist/kms/azure.js.map +1 -0
package/dist/kms/gcp.d.ts +17 -0
package/dist/kms/gcp.d.ts.map +1 -0
package/dist/kms/gcp.js +87 -0
package/dist/kms/gcp.js.map +1 -0
package/dist/kms/index.d.ts +12 -0
package/dist/kms/index.d.ts.map +1 -0
package/dist/kms/index.js +29 -0
package/dist/kms/index.js.map +1 -0
package/dist/kms/types.d.ts +10 -0
package/dist/kms/types.d.ts.map +1 -0
package/dist/kms/types.js +3 -0
package/dist/kms/types.js.map +1 -0
package/dist/poller.d.ts +80 -0
package/dist/poller.d.ts.map +1 -0
package/dist/poller.js +329 -0
package/dist/poller.js.map +1 -0
package/dist/secrets-cache.d.ts +23 -0
package/dist/secrets-cache.d.ts.map +1 -0
package/dist/secrets-cache.js +51 -0
package/dist/secrets-cache.js.map +1 -0
package/dist/sources/file.d.ts +9 -0
package/dist/sources/file.d.ts.map +1 -0
package/dist/sources/file.js +53 -0
package/dist/sources/file.js.map +1 -0
package/dist/sources/http.d.ts +9 -0
package/dist/sources/http.d.ts.map +1 -0
package/dist/sources/http.js +24 -0
package/dist/sources/http.js.map +1 -0
package/dist/sources/index.d.ts +5 -0
package/dist/sources/index.d.ts.map +1 -0
package/dist/sources/index.js +10 -0
package/dist/sources/index.js.map +1 -0
package/dist/sources/types.d.ts +15 -0
package/dist/sources/types.d.ts.map +1 -0
package/dist/sources/types.js +3 -0
package/dist/sources/types.js.map +1 -0
package/dist/sources/vcs.d.ts +13 -0
package/dist/sources/vcs.d.ts.map +1 -0
package/dist/sources/vcs.js +25 -0
package/dist/sources/vcs.js.map +1 -0
package/dist/telemetry.d.ts +129 -0
package/dist/telemetry.d.ts.map +1 -0
package/dist/telemetry.js +192 -0
package/dist/telemetry.js.map +1 -0
package/dist/vcs/bitbucket.d.ts +11 -0
package/dist/vcs/bitbucket.d.ts.map +1 -0
package/dist/vcs/bitbucket.js +43 -0
package/dist/vcs/bitbucket.js.map +1 -0
package/dist/vcs/github.d.ts +11 -0
package/dist/vcs/github.d.ts.map +1 -0
package/dist/vcs/github.js +35 -0
package/dist/vcs/github.js.map +1 -0
package/dist/vcs/gitlab.d.ts +11 -0
package/dist/vcs/gitlab.d.ts.map +1 -0
package/dist/vcs/gitlab.js +36 -0
package/dist/vcs/gitlab.js.map +1 -0
package/dist/vcs/index.d.ts +8 -0
package/dist/vcs/index.d.ts.map +1 -0
package/dist/vcs/index.js +27 -0
package/dist/vcs/index.js.map +1 -0
package/dist/vcs/types.d.ts +29 -0
package/dist/vcs/types.d.ts.map +1 -0
package/dist/vcs/types.js +3 -0
package/dist/vcs/types.js.map +1 -0
package/package.json +41 -0

package/dist/kms/azure.d.ts ADDED Viewed

@@ -0,0 +1,16 @@
+import { KmsProvider, KmsWrapResult } from "./types";
+/**
+ * Azure Key Vault provider for envelope encryption.
+ * Dynamically imports `@azure/keyvault-keys` and `@azure/identity` — both are optional dependencies.
+ *
+ * The keyId is the full Azure Key Vault key URL:
+ *   https://{vault-name}.vault.azure.net/keys/{key-name}/{version?}
+ */
+export declare class AzureKmsProvider implements KmsProvider {
+    private credential;
+    private keysModule;
+    private ensureLoaded;
+    wrap(keyId: string, plaintext: Buffer): Promise<KmsWrapResult>;
+    unwrap(keyId: string, wrappedKey: Buffer, algorithm: string): Promise<Buffer>;
+}
+//# sourceMappingURL=azure.d.ts.map

package/dist/kms/azure.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"azure.d.ts","sourceRoot":"","sources":["../../src/kms/azure.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAErD;;;;;;GAMG;AACH,qBAAa,gBAAiB,YAAW,WAAW;IAElD,OAAO,CAAC,UAAU,CAAM;IAExB,OAAO,CAAC,UAAU,CAAM;YAEV,YAAY;IAcpB,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC;IAe9D,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;CAWpF"}

package/dist/kms/azure.js ADDED Viewed

@@ -0,0 +1,85 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AzureKmsProvider = void 0;
+/**
+ * Azure Key Vault provider for envelope encryption.
+ * Dynamically imports `@azure/keyvault-keys` and `@azure/identity` — both are optional dependencies.
+ *
+ * The keyId is the full Azure Key Vault key URL:
+ *   https://{vault-name}.vault.azure.net/keys/{key-name}/{version?}
+ */
+class AzureKmsProvider {
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any -- lazy-loaded SDK credential
+    credential;
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any -- lazy-loaded SDK module
+    keysModule;
+    async ensureLoaded() {
+        if (this.credential)
+            return;
+        try {
+            const identity = await Promise.resolve().then(() => __importStar(require("@azure/identity")));
+            this.keysModule = await Promise.resolve().then(() => __importStar(require("@azure/keyvault-keys")));
+            this.credential = new identity.DefaultAzureCredential();
+        }
+        catch {
+            throw new Error("Azure Key Vault requires @azure/identity and @azure/keyvault-keys. " +
+                "Install them with: npm install @azure/identity @azure/keyvault-keys");
+        }
+    }
+    async wrap(keyId, plaintext) {
+        await this.ensureLoaded();
+        const client = new this.keysModule.CryptographyClient(keyId, this.credential);
+        const result = await client.wrapKey("RSA-OAEP-256", plaintext);
+        if (!result.result) {
+            throw new Error("Azure Key Vault wrapKey returned no result.");
+        }
+        return {
+            wrappedKey: Buffer.from(result.result),
+            algorithm: "RSA-OAEP-256",
+        };
+    }
+    async unwrap(keyId, wrappedKey, algorithm) {
+        await this.ensureLoaded();
+        const client = new this.keysModule.CryptographyClient(keyId, this.credential);
+        const result = await client.unwrapKey(algorithm, wrappedKey);
+        if (!result.result) {
+            throw new Error("Azure Key Vault unwrapKey returned no result.");
+        }
+        return Buffer.from(result.result);
+    }
+}
+exports.AzureKmsProvider = AzureKmsProvider;
+//# sourceMappingURL=azure.js.map

package/dist/kms/azure.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"azure.js","sourceRoot":"","sources":["../../src/kms/azure.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEA;;;;;;GAMG;AACH,MAAa,gBAAgB;IAC3B,4FAA4F;IACpF,UAAU,CAAM;IACxB,wFAAwF;IAChF,UAAU,CAAM;IAEhB,KAAK,CAAC,YAAY;QACxB,IAAI,IAAI,CAAC,UAAU;YAAE,OAAO;QAC5B,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,wDAAa,iBAAiB,GAAC,CAAC;YACjD,IAAI,CAAC,UAAU,GAAG,wDAAa,sBAAsB,GAAC,CAAC;YACvD,IAAI,CAAC,UAAU,GAAG,IAAI,QAAQ,CAAC,sBAAsB,EAAE,CAAC;QAC1D,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,KAAK,CACb,qEAAqE;gBACnE,qEAAqE,CACxE,CAAC;QACJ,CAAC;IACH,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,KAAa,EAAE,SAAiB;QACzC,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;QAC1B,MAAM,MAAM,GAAG,IAAI,IAAI,CAAC,UAAU,CAAC,kBAAkB,CAAC,KAAK,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;QAC9E,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,cAAc,EAAE,SAAS,CAAC,CAAC;QAE/D,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;YACnB,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;QACjE,CAAC;QAED,OAAO;YACL,UAAU,EAAE,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC;YACtC,SAAS,EAAE,cAAc;SAC1B,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,KAAa,EAAE,UAAkB,EAAE,SAAiB;QAC/D,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;QAC1B,MAAM,MAAM,GAAG,IAAI,IAAI,CAAC,UAAU,CAAC,kBAAkB,CAAC,KAAK,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;QAC9E,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,SAAS,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;QAE7D,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;YACnB,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;QACnE,CAAC;QAED,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IACpC,CAAC;CACF;AA9CD,4CA8CC"}

package/dist/kms/gcp.d.ts ADDED Viewed

@@ -0,0 +1,17 @@
+import { KmsProvider, KmsWrapResult } from "./types";
+/**
+ * GCP Cloud KMS provider for envelope encryption.
+ * Dynamically imports `@google-cloud/kms` — the SDK is an optional dependency.
+ *
+ * The keyId is the full GCP KMS resource name:
+ *   projects/{project}/locations/{location}/keyRings/{keyRing}/cryptoKeys/{key}
+ *
+ * Uses Application Default Credentials for authentication.
+ */
+export declare class GcpKmsProvider implements KmsProvider {
+    private client;
+    private ensureClient;
+    wrap(keyId: string, plaintext: Buffer): Promise<KmsWrapResult>;
+    unwrap(keyId: string, wrappedKey: Buffer, _algorithm: string): Promise<Buffer>;
+}
+//# sourceMappingURL=gcp.d.ts.map

package/dist/kms/gcp.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"gcp.d.ts","sourceRoot":"","sources":["../../src/kms/gcp.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAErD;;;;;;;;GAQG;AACH,qBAAa,cAAe,YAAW,WAAW;IAEhD,OAAO,CAAC,MAAM,CAAM;YAEN,YAAY;IAYpB,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC;IAkB9D,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;CAcrF"}

package/dist/kms/gcp.js ADDED Viewed

@@ -0,0 +1,87 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.GcpKmsProvider = void 0;
+/**
+ * GCP Cloud KMS provider for envelope encryption.
+ * Dynamically imports `@google-cloud/kms` — the SDK is an optional dependency.
+ *
+ * The keyId is the full GCP KMS resource name:
+ *   projects/{project}/locations/{location}/keyRings/{keyRing}/cryptoKeys/{key}
+ *
+ * Uses Application Default Credentials for authentication.
+ */
+class GcpKmsProvider {
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any -- lazy-loaded SDK client
+    client;
+    async ensureClient() {
+        if (this.client)
+            return;
+        try {
+            const kms = await Promise.resolve().then(() => __importStar(require("@google-cloud/kms")));
+            this.client = new kms.KeyManagementServiceClient();
+        }
+        catch {
+            throw new Error("GCP KMS requires @google-cloud/kms. Install it with: npm install @google-cloud/kms");
+        }
+    }
+    async wrap(keyId, plaintext) {
+        await this.ensureClient();
+        const [response] = await this.client.encrypt({
+            name: keyId,
+            plaintext,
+        });
+        if (!response.ciphertext) {
+            throw new Error("GCP KMS encrypt returned no ciphertext.");
+        }
+        return {
+            wrappedKey: Buffer.from(response.ciphertext),
+            algorithm: "GOOGLE_SYMMETRIC_ENCRYPTION",
+        };
+    }
+    async unwrap(keyId, wrappedKey, _algorithm) {
+        await this.ensureClient();
+        const [response] = await this.client.decrypt({
+            name: keyId,
+            ciphertext: wrappedKey,
+        });
+        if (!response.plaintext) {
+            throw new Error("GCP KMS decrypt returned no plaintext.");
+        }
+        return Buffer.from(response.plaintext);
+    }
+}
+exports.GcpKmsProvider = GcpKmsProvider;
+//# sourceMappingURL=gcp.js.map

package/dist/kms/gcp.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"gcp.js","sourceRoot":"","sources":["../../src/kms/gcp.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEA;;;;;;;;GAQG;AACH,MAAa,cAAc;IACzB,wFAAwF;IAChF,MAAM,CAAM;IAEZ,KAAK,CAAC,YAAY;QACxB,IAAI,IAAI,CAAC,MAAM;YAAE,OAAO;QACxB,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,wDAAa,mBAAmB,GAAC,CAAC;YAC9C,IAAI,CAAC,MAAM,GAAG,IAAI,GAAG,CAAC,0BAA0B,EAAE,CAAC;QACrD,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,KAAK,CACb,oFAAoF,CACrF,CAAC;QACJ,CAAC;IACH,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,KAAa,EAAE,SAAiB;QACzC,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;QAE1B,MAAM,CAAC,QAAQ,CAAC,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC;YAC3C,IAAI,EAAE,KAAK;YACX,SAAS;SACV,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,UAAU,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;QAC7D,CAAC;QAED,OAAO;YACL,UAAU,EAAE,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC;YAC5C,SAAS,EAAE,6BAA6B;SACzC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,KAAa,EAAE,UAAkB,EAAE,UAAkB;QAChE,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;QAE1B,MAAM,CAAC,QAAQ,CAAC,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC;YAC3C,IAAI,EAAE,KAAK;YACX,UAAU,EAAE,UAAU;SACvB,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,SAAS,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;QAC5D,CAAC;QAED,OAAO,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;IACzC,CAAC;CACF;AAhDD,wCAgDC"}

package/dist/kms/index.d.ts ADDED Viewed

@@ -0,0 +1,12 @@
+import { KmsProvider } from "./types";
+export type { KmsProvider, KmsWrapResult, KmsProviderType } from "./types";
+export { AwsKmsProvider } from "./aws";
+export { GcpKmsProvider } from "./gcp";
+export { AzureKmsProvider } from "./azure";
+/**
+ * Factory: create a KMS provider by name.
+ */
+export declare function createKmsProvider(provider: string, options?: {
+    region?: string;
+}): KmsProvider;
+//# sourceMappingURL=index.d.ts.map

package/dist/kms/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/kms/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAKtC,YAAY,EAAE,WAAW,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AAC3E,OAAO,EAAE,cAAc,EAAE,MAAM,OAAO,CAAC;AACvC,OAAO,EAAE,cAAc,EAAE,MAAM,OAAO,CAAC;AACvC,OAAO,EAAE,gBAAgB,EAAE,MAAM,SAAS,CAAC;AAE3C;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE;IAAE,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,WAAW,CAW9F"}

package/dist/kms/index.js ADDED Viewed

@@ -0,0 +1,29 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AzureKmsProvider = exports.GcpKmsProvider = exports.AwsKmsProvider = void 0;
+exports.createKmsProvider = createKmsProvider;
+const aws_1 = require("./aws");
+const gcp_1 = require("./gcp");
+const azure_1 = require("./azure");
+var aws_2 = require("./aws");
+Object.defineProperty(exports, "AwsKmsProvider", { enumerable: true, get: function () { return aws_2.AwsKmsProvider; } });
+var gcp_2 = require("./gcp");
+Object.defineProperty(exports, "GcpKmsProvider", { enumerable: true, get: function () { return gcp_2.GcpKmsProvider; } });
+var azure_2 = require("./azure");
+Object.defineProperty(exports, "AzureKmsProvider", { enumerable: true, get: function () { return azure_2.AzureKmsProvider; } });
+/**
+ * Factory: create a KMS provider by name.
+ */
+function createKmsProvider(provider, options) {
+    switch (provider) {
+        case "aws":
+            return new aws_1.AwsKmsProvider(options?.region);
+        case "gcp":
+            return new gcp_1.GcpKmsProvider();
+        case "azure":
+            return new azure_1.AzureKmsProvider();
+        default:
+            throw new Error(`Unknown KMS provider: ${provider}`);
+    }
+}
+//# sourceMappingURL=index.js.map

package/dist/kms/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/kms/index.ts"],"names":[],"mappings":";;;AAaA,8CAWC;AAvBD,+BAAuC;AACvC,+BAAuC;AACvC,mCAA2C;AAG3C,6BAAuC;AAA9B,qGAAA,cAAc,OAAA;AACvB,6BAAuC;AAA9B,qGAAA,cAAc,OAAA;AACvB,iCAA2C;AAAlC,yGAAA,gBAAgB,OAAA;AAEzB;;GAEG;AACH,SAAgB,iBAAiB,CAAC,QAAgB,EAAE,OAA6B;IAC/E,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,KAAK;YACR,OAAO,IAAI,oBAAc,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAC7C,KAAK,KAAK;YACR,OAAO,IAAI,oBAAc,EAAE,CAAC;QAC9B,KAAK,OAAO;YACV,OAAO,IAAI,wBAAgB,EAAE,CAAC;QAChC;YACE,MAAM,IAAI,KAAK,CAAC,yBAAyB,QAAQ,EAAE,CAAC,CAAC;IACzD,CAAC;AACH,CAAC"}

package/dist/kms/types.d.ts ADDED Viewed

@@ -0,0 +1,10 @@
+export type KmsProviderType = "aws" | "gcp" | "azure";
+export interface KmsWrapResult {
+    wrappedKey: Buffer;
+    algorithm: string;
+}
+export interface KmsProvider {
+    wrap(keyId: string, plaintext: Buffer): Promise<KmsWrapResult>;
+    unwrap(keyId: string, wrappedKey: Buffer, algorithm: string): Promise<Buffer>;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/kms/types.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/kms/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,eAAe,GAAG,KAAK,GAAG,KAAK,GAAG,OAAO,CAAC;AAEtD,MAAM,WAAW,aAAa;IAC5B,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,WAAW;IAC1B,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC;IAC/D,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;CAC/E"}

package/dist/kms/types.js ADDED Viewed

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=types.js.map

package/dist/kms/types.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/kms/types.ts"],"names":[],"mappings":""}

package/dist/poller.d.ts ADDED Viewed

@@ -0,0 +1,80 @@
+import { SecretsCache } from "./secrets-cache";
+import { ArtifactSource } from "./sources/types";
+import { DiskCache } from "./disk-cache";
+import { TelemetryEmitter } from "./telemetry";
+/** KMS envelope metadata for artifacts using KMS envelope encryption. */
+export interface ArtifactKmsEnvelope {
+    provider: string;
+    keyId: string;
+    wrappedKey: string;
+    algorithm: string;
+}
+/** Shape of a packed artifact JSON envelope. */
+export interface ArtifactEnvelope {
+    version: number;
+    identity: string;
+    environment: string;
+    packedAt: string;
+    revision: string;
+    ciphertextHash: string;
+    ciphertext: string;
+    keys: string[];
+    envelope?: ArtifactKmsEnvelope;
+    /** ISO-8601 expiry timestamp. Artifact is rejected after this time. */
+    expiresAt?: string;
+    /** ISO-8601 revocation timestamp. Present when the artifact has been revoked. */
+    revokedAt?: string;
+}
+export interface PollerOptions {
+    /** Artifact source strategy. */
+    source: ArtifactSource;
+    /** Age private key string. Optional for KMS envelope artifacts. */
+    privateKey?: string;
+    /** Secrets cache to swap on new revisions. */
+    cache: SecretsCache;
+    /** Optional disk cache for fallback. */
+    diskCache?: DiskCache;
+    /** Optional callback on successful refresh. */
+    onRefresh?: (revision: string) => void;
+    /** Optional error callback for logging. */
+    onError?: (err: Error) => void;
+    /** Max seconds the cache may be served without a successful refresh. */
+    cacheTtl?: number;
+    /** Optional telemetry emitter for event reporting. */
+    telemetry?: TelemetryEmitter;
+}
+export declare class ArtifactPoller {
+    private timer;
+    private lastContentHash;
+    private lastRevision;
+    private lastExpiresAt;
+    private readonly decryptor;
+    private readonly options;
+    private telemetryOverride?;
+    constructor(options: PollerOptions);
+    /** Set or replace the telemetry emitter (e.g. after resolving token from secrets). */
+    setTelemetry(emitter: TelemetryEmitter): void;
+    private get telemetry();
+    /** Fetch, validate, decrypt, and cache the artifact. */
+    fetchAndDecrypt(): Promise<void>;
+    /**
+     * Validate the artifact, decrypt it, and swap the cache.
+     * Emits `artifact.invalid` on any validation or decryption failure,
+     * and `artifact.expired` / `artifact.refreshed` on their respective paths.
+     */
+    private validateDecryptAndCache;
+    /** Start the polling loop. Performs an initial fetch immediately. */
+    start(): Promise<void>;
+    /** Start only the polling schedule (no initial fetch). */
+    startPolling(): void;
+    /** Stop the polling loop. */
+    stop(): void;
+    /** Whether the poller is currently running. */
+    isRunning(): boolean;
+    /** Compute the next poll delay and schedule a fetch. */
+    private scheduleNext;
+    /** Compute ms until next poll: 80% of expiresAt remaining, or cacheTtl / 10 fallback. */
+    private computeNextPollMs;
+    private parseAndValidate;
+}
+//# sourceMappingURL=poller.d.ts.map

package/dist/poller.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"poller.d.ts","sourceRoot":"","sources":["../src/poller.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAE/C,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAEzC,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAE/C,yEAAyE;AACzE,MAAM,WAAW,mBAAmB;IAClC,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,gDAAgD;AAChD,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,cAAc,EAAE,MAAM,CAAC;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,QAAQ,CAAC,EAAE,mBAAmB,CAAC;IAC/B,uEAAuE;IACvE,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,iFAAiF;IACjF,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,aAAa;IAC5B,gCAAgC;IAChC,MAAM,EAAE,cAAc,CAAC;IACvB,mEAAmE;IACnE,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,8CAA8C;IAC9C,KAAK,EAAE,YAAY,CAAC;IACpB,wCAAwC;IACxC,SAAS,CAAC,EAAE,SAAS,CAAC;IACtB,+CAA+C;IAC/C,SAAS,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,IAAI,CAAC;IACvC,2CAA2C;IAC3C,OAAO,CAAC,EAAE,CAAC,GAAG,EAAE,KAAK,KAAK,IAAI,CAAC;IAC/B,wEAAwE;IACxE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,sDAAsD;IACtD,SAAS,CAAC,EAAE,gBAAgB,CAAC;CAC9B;AASD,qBAAa,cAAc;IACzB,OAAO,CAAC,KAAK,CAA8C;IAC3D,OAAO,CAAC,eAAe,CAAuB;IAC9C,OAAO,CAAC,YAAY,CAAuB;IAC3C,OAAO,CAAC,aAAa,CAAuB;IAC5C,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAsB;IAChD,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAgB;IACxC,OAAO,CAAC,iBAAiB,CAAC,CAAmB;gBAEjC,OAAO,EAAE,aAAa;IAIlC,sFAAsF;IACtF,YAAY,CAAC,OAAO,EAAE,gBAAgB,GAAG,IAAI;IAI7C,OAAO,KAAK,SAAS,GAEpB;IAED,wDAAwD;IAClD,eAAe,IAAI,OAAO,CAAC,IAAI,CAAC;IAwFtC;;;;OAIG;YACW,uBAAuB;IAoGrC,qEAAqE;IAC/D,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAM5B,0DAA0D;IAC1D,YAAY,IAAI,IAAI;IAKpB,6BAA6B;IAC7B,IAAI,IAAI,IAAI;IAOZ,+CAA+C;IAC/C,SAAS,IAAI,OAAO;IAIpB,wDAAwD;IACxD,OAAO,CAAC,YAAY;IAapB,yFAAyF;IACzF,OAAO,CAAC,iBAAiB;IAkBzB,OAAO,CAAC,gBAAgB;CAsBzB"}