@contractspec/integration.runtime 1.57.0 → 1.58.0

package/dist/secrets/env-secret-provider.js

@@ -1,82 +1,159 @@
-import { SecretProviderError, parseSecretUri } from "./provider.js";
+// @bun
+// src/secrets/provider.ts
+import { Buffer as Buffer2 } from "buffer";
 
-//#region src/secrets/env-secret-provider.ts
-/**
-* Environment-variable backed secret provider. Read-only by design.
-* Allows overriding other secret providers by deriving environment variable
-* names from secret references (or by using explicit aliases).
-*/
-var EnvSecretProvider = class {
-	id = "env";
-	aliases;
-	constructor(options = {}) {
-		this.aliases = options.aliases ?? {};
-	}
-	canHandle(reference) {
-		const envKey = this.resolveEnvKey(reference);
-		return envKey !== void 0 && process.env[envKey] !== void 0;
-	}
-	async getSecret(reference) {
-		const envKey = this.resolveEnvKey(reference);
-		if (!envKey) throw new SecretProviderError({
-			message: `Unable to resolve environment variable for reference "${reference}".`,
-			provider: this.id,
-			reference,
-			code: "INVALID"
-		});
-		const value = process.env[envKey];
-		if (value === void 0) throw new SecretProviderError({
-			message: `Environment variable "${envKey}" not found for reference "${reference}".`,
-			provider: this.id,
-			reference,
-			code: "NOT_FOUND"
-		});
-		return {
-			data: Buffer.from(value, "utf-8"),
-			version: "current",
-			metadata: {
-				source: "env",
-				envKey
-			},
-			retrievedAt: /* @__PURE__ */ new Date()
-		};
-	}
-	async setSecret(reference, _payload) {
-		throw this.forbiddenError("setSecret", reference);
-	}
-	async rotateSecret(reference, _payload) {
-		throw this.forbiddenError("rotateSecret", reference);
-	}
-	async deleteSecret(reference) {
-		throw this.forbiddenError("deleteSecret", reference);
-	}
-	resolveEnvKey(reference) {
-		if (!reference) return;
-		if (this.aliases[reference]) return this.aliases[reference];
-		if (!reference.includes("://")) return reference;
-		try {
-			const parsed = parseSecretUri(reference);
-			if (parsed.provider === "env") return parsed.path;
-			if (parsed.extras?.env) return parsed.extras.env;
-			return this.deriveEnvKey(parsed.path);
-		} catch {
-			return reference;
-		}
-	}
-	deriveEnvKey(path) {
-		if (!path) return void 0;
-		return path.split(/[/:\-.]/).filter(Boolean).map((segment) => segment.replace(/[^a-zA-Z0-9]/g, "_").replace(/_{2,}/g, "_").toUpperCase()).join("_");
-	}
-	forbiddenError(operation, reference) {
-		return new SecretProviderError({
-			message: `EnvSecretProvider is read-only. "${operation}" is not allowed for ${reference}.`,
-			provider: this.id,
-			reference,
-			code: "FORBIDDEN"
-		});
-	}
-};
+class SecretProviderError extends Error {
+  provider;
+  reference;
+  code;
+  cause;
+  constructor(params) {
+    super(params.message);
+    this.name = "SecretProviderError";
+    this.provider = params.provider;
+    this.reference = params.reference;
+    this.code = params.code ?? "UNKNOWN";
+    this.cause = params.cause;
+  }
+}
+function parseSecretUri(reference) {
+  if (!reference) {
+    throw new SecretProviderError({
+      message: "Secret reference cannot be empty",
+      provider: "unknown",
+      reference,
+      code: "INVALID"
+    });
+  }
+  const [scheme, rest] = reference.split("://");
+  if (!scheme || !rest) {
+    throw new SecretProviderError({
+      message: `Invalid secret reference: ${reference}`,
+      provider: "unknown",
+      reference,
+      code: "INVALID"
+    });
+  }
+  const queryIndex = rest.indexOf("?");
+  if (queryIndex === -1) {
+    return {
+      provider: scheme,
+      path: rest
+    };
+  }
+  const path = rest.slice(0, queryIndex);
+  const query = rest.slice(queryIndex + 1);
+  const extras = Object.fromEntries(query.split("&").filter(Boolean).map((pair) => {
+    const [keyRaw, valueRaw] = pair.split("=");
+    const key = keyRaw ?? "";
+    const value = valueRaw ?? "";
+    return [decodeURIComponent(key), decodeURIComponent(value)];
+  }));
+  return {
+    provider: scheme,
+    path,
+    extras
+  };
+}
+function normalizeSecretPayload(payload) {
+  if (payload.data instanceof Uint8Array) {
+    return payload.data;
+  }
+  if (payload.encoding === "base64") {
+    return Buffer2.from(payload.data, "base64");
+  }
+  if (payload.encoding === "binary") {
+    return Buffer2.from(payload.data, "binary");
+  }
+  return Buffer2.from(payload.data, "utf-8");
+}
 
-//#endregion
-export { EnvSecretProvider };
-//# sourceMappingURL=env-secret-provider.js.map
+// src/secrets/env-secret-provider.ts
+class EnvSecretProvider {
+  id = "env";
+  aliases;
+  constructor(options = {}) {
+    this.aliases = options.aliases ?? {};
+  }
+  canHandle(reference) {
+    const envKey = this.resolveEnvKey(reference);
+    return envKey !== undefined && process.env[envKey] !== undefined;
+  }
+  async getSecret(reference) {
+    const envKey = this.resolveEnvKey(reference);
+    if (!envKey) {
+      throw new SecretProviderError({
+        message: `Unable to resolve environment variable for reference "${reference}".`,
+        provider: this.id,
+        reference,
+        code: "INVALID"
+      });
+    }
+    const value = process.env[envKey];
+    if (value === undefined) {
+      throw new SecretProviderError({
+        message: `Environment variable "${envKey}" not found for reference "${reference}".`,
+        provider: this.id,
+        reference,
+        code: "NOT_FOUND"
+      });
+    }
+    return {
+      data: Buffer.from(value, "utf-8"),
+      version: "current",
+      metadata: {
+        source: "env",
+        envKey
+      },
+      retrievedAt: new Date
+    };
+  }
+  async setSecret(reference, _payload) {
+    throw this.forbiddenError("setSecret", reference);
+  }
+  async rotateSecret(reference, _payload) {
+    throw this.forbiddenError("rotateSecret", reference);
+  }
+  async deleteSecret(reference) {
+    throw this.forbiddenError("deleteSecret", reference);
+  }
+  resolveEnvKey(reference) {
+    if (!reference) {
+      return;
+    }
+    if (this.aliases[reference]) {
+      return this.aliases[reference];
+    }
+    if (!reference.includes("://")) {
+      return reference;
+    }
+    try {
+      const parsed = parseSecretUri(reference);
+      if (parsed.provider === "env") {
+        return parsed.path;
+      }
+      if (parsed.extras?.env) {
+        return parsed.extras.env;
+      }
+      return this.deriveEnvKey(parsed.path);
+    } catch {
+      return reference;
+    }
+  }
+  deriveEnvKey(path) {
+    if (!path)
+      return;
+    return path.split(/[/:\-.]/).filter(Boolean).map((segment) => segment.replace(/[^a-zA-Z0-9]/g, "_").replace(/_{2,}/g, "_").toUpperCase()).join("_");
+  }
+  forbiddenError(operation, reference) {
+    return new SecretProviderError({
+      message: `EnvSecretProvider is read-only. "${operation}" is not allowed for ${reference}.`,
+      provider: this.id,
+      reference,
+      code: "FORBIDDEN"
+    });
+  }
+}
+export {
+  EnvSecretProvider
+};

package/dist/secrets/gcp-secret-manager.d.ts

@@ -1,33 +1,30 @@
-import { SecretProvider, SecretReference, SecretRotationResult, SecretValue, SecretWritePayload } from "./provider.js";
-import { SecretManagerServiceClient, protos } from "@google-cloud/secret-manager";
-import { CallOptions } from "google-gax";
-
-//#region src/secrets/gcp-secret-manager.d.ts
+import { protos, SecretManagerServiceClient } from '@google-cloud/secret-manager';
+import type { CallOptions } from 'google-gax';
+import type { SecretProvider, SecretReference, SecretRotationResult, SecretValue, SecretWritePayload } from './provider';
 type SecretManagerClient = SecretManagerServiceClient;
 interface GcpSecretManagerProviderOptions {
-  projectId?: string;
-  client?: SecretManagerClient;
-  clientOptions?: ConstructorParameters<typeof SecretManagerServiceClient>[0];
-  defaultReplication?: protos.google.cloud.secretmanager.v1.IReplication;
+    projectId?: string;
+    client?: SecretManagerClient;
+    clientOptions?: ConstructorParameters<typeof SecretManagerServiceClient>[0];
+    defaultReplication?: protos.google.cloud.secretmanager.v1.IReplication;
 }
-declare class GcpSecretManagerProvider implements SecretProvider {
-  readonly id = "gcp-secret-manager";
-  private readonly client;
-  private readonly explicitProjectId?;
-  private readonly replication;
-  constructor(options?: GcpSecretManagerProviderOptions);
-  canHandle(reference: SecretReference): boolean;
-  getSecret(reference: SecretReference, options?: {
-    version?: string;
-  }, callOptions?: CallOptions): Promise<SecretValue>;
-  setSecret(reference: SecretReference, payload: SecretWritePayload): Promise<SecretRotationResult>;
-  rotateSecret(reference: SecretReference, payload: SecretWritePayload): Promise<SecretRotationResult>;
-  deleteSecret(reference: SecretReference): Promise<void>;
-  private parseReference;
-  private buildNames;
-  private buildVersionName;
-  private ensureSecretExists;
+export declare class GcpSecretManagerProvider implements SecretProvider {
+    readonly id = "gcp-secret-manager";
+    private readonly client;
+    private readonly explicitProjectId?;
+    private readonly replication;
+    constructor(options?: GcpSecretManagerProviderOptions);
+    canHandle(reference: SecretReference): boolean;
+    getSecret(reference: SecretReference, options?: {
+        version?: string;
+    }, callOptions?: CallOptions): Promise<SecretValue>;
+    setSecret(reference: SecretReference, payload: SecretWritePayload): Promise<SecretRotationResult>;
+    rotateSecret(reference: SecretReference, payload: SecretWritePayload): Promise<SecretRotationResult>;
+    deleteSecret(reference: SecretReference): Promise<void>;
+    private parseReference;
+    private buildNames;
+    private buildVersionName;
+    private ensureSecretExists;
 }
-//#endregion
-export { GcpSecretManagerProvider };
+export {};
 //# sourceMappingURL=gcp-secret-manager.d.ts.map

package/dist/secrets/gcp-secret-manager.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"gcp-secret-manager.d.ts","names":[],"sources":["../../src/secrets/gcp-secret-manager.ts"],"mappings":";;;;;KAmBK,mBAAA,GAAsB,0BAAA;AAAA,UAEjB,+BAAA;EACR,SAAA;EACA,MAAA,GAAS,mBAAA;EACT,aAAA,GAAgB,qBAAA,QAA6B,0BAAA;EAC7C,kBAAA,GAAqB,MAAA,CAAO,MAAA,CAAO,KAAA,CAAM,aAAA,CAAc,EAAA,CAAG,YAAA;AAAA;AAAA,cAa/C,wBAAA,YAAoC,cAAA;EAAA,SACtC,EAAA;EAAA,iBACQ,MAAA;EAAA,iBACA,iBAAA;EAAA,iBACA,WAAA;cAEL,OAAA,GAAS,+BAAA;EAQrB,SAAA,CAAU,SAAA,EAAW,eAAA;EASf,SAAA,CACJ,SAAA,EAAW,eAAA,EACX,OAAA;IAAY,OAAA;EAAA,GACZ,WAAA,GAAc,WAAA,GACb,OAAA,CAAQ,WAAA;EAwCL,SAAA,CACJ,SAAA,EAAW,eAAA,EACX,OAAA,EAAS,kBAAA,GACR,OAAA,CAAQ,oBAAA;EAqCL,YAAA,CACJ,SAAA,EAAW,eAAA,EACX,OAAA,EAAS,kBAAA,GACR,OAAA,CAAQ,oBAAA;EAIL,YAAA,CAAa,SAAA,EAAW,eAAA,GAAkB,OAAA;EAAA,QAiBxC,cAAA;EAAA,QAkEA,UAAA;EAAA,QAuBA,gBAAA;EAAA,QASM,kBAAA;AAAA"}
+{"version":3,"file":"gcp-secret-manager.d.ts","sourceRoot":"","sources":["../../src/secrets/gcp-secret-manager.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,MAAM,EACN,0BAA0B,EAC3B,MAAM,8BAA8B,CAAC;AACtC,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAO9C,OAAO,KAAK,EACV,cAAc,EACd,eAAe,EACf,oBAAoB,EACpB,WAAW,EACX,kBAAkB,EACnB,MAAM,YAAY,CAAC;AAEpB,KAAK,mBAAmB,GAAG,0BAA0B,CAAC;AAEtD,UAAU,+BAA+B;IACvC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,mBAAmB,CAAC;IAC7B,aAAa,CAAC,EAAE,qBAAqB,CAAC,OAAO,0BAA0B,CAAC,CAAC,CAAC,CAAC,CAAC;IAC5E,kBAAkB,CAAC,EAAE,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,aAAa,CAAC,EAAE,CAAC,YAAY,CAAC;CACxE;AAYD,qBAAa,wBAAyB,YAAW,cAAc;IAC7D,QAAQ,CAAC,EAAE,wBAAwB;IACnC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAsB;IAC7C,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAS;IAC5C,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAoD;gBAEpE,OAAO,GAAE,+BAAoC;IAQzD,SAAS,CAAC,SAAS,EAAE,eAAe,GAAG,OAAO;IASxC,SAAS,CACb,SAAS,EAAE,eAAe,EAC1B,OAAO,CAAC,EAAE;QAAE,OAAO,CAAC,EAAE,MAAM,CAAA;KAAE,EAC9B,WAAW,CAAC,EAAE,WAAW,GACxB,OAAO,CAAC,WAAW,CAAC;IAwCjB,SAAS,CACb,SAAS,EAAE,eAAe,EAC1B,OAAO,EAAE,kBAAkB,GAC1B,OAAO,CAAC,oBAAoB,CAAC;IAqC1B,YAAY,CAChB,SAAS,EAAE,eAAe,EAC1B,OAAO,EAAE,kBAAkB,GAC1B,OAAO,CAAC,oBAAoB,CAAC;IAI1B,YAAY,CAAC,SAAS,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC;IAiB7D,OAAO,CAAC,cAAc;IAkEtB,OAAO,CAAC,UAAU;IAuBlB,OAAO,CAAC,gBAAgB;YASV,kBAAkB;CAyCjC"}