@contractspec/integration.runtime 1.57.0 → 1.59.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (39) hide show
  1. package/dist/health.d.ts +14 -18
  2. package/dist/health.d.ts.map +1 -1
  3. package/dist/health.js +71 -68
  4. package/dist/index.d.ts +4 -8
  5. package/dist/index.d.ts.map +1 -0
  6. package/dist/index.js +828 -9
  7. package/dist/node/health.js +72 -0
  8. package/dist/node/index.js +827 -0
  9. package/dist/node/runtime.js +208 -0
  10. package/dist/node/secrets/env-secret-provider.js +158 -0
  11. package/dist/node/secrets/gcp-secret-manager.js +346 -0
  12. package/dist/node/secrets/index.js +549 -0
  13. package/dist/node/secrets/manager.js +182 -0
  14. package/dist/node/secrets/provider.js +73 -0
  15. package/dist/runtime.d.ts +86 -90
  16. package/dist/runtime.d.ts.map +1 -1
  17. package/dist/runtime.js +204 -181
  18. package/dist/secrets/env-secret-provider.d.ts +20 -23
  19. package/dist/secrets/env-secret-provider.d.ts.map +1 -1
  20. package/dist/secrets/env-secret-provider.js +157 -80
  21. package/dist/secrets/gcp-secret-manager.d.ts +25 -28
  22. package/dist/secrets/gcp-secret-manager.d.ts.map +1 -1
  23. package/dist/secrets/gcp-secret-manager.js +339 -222
  24. package/dist/secrets/index.d.ts +5 -5
  25. package/dist/secrets/index.d.ts.map +1 -0
  26. package/dist/secrets/index.js +549 -5
  27. package/dist/secrets/manager.d.ts +32 -35
  28. package/dist/secrets/manager.d.ts.map +1 -1
  29. package/dist/secrets/manager.js +180 -101
  30. package/dist/secrets/provider.d.ts +42 -45
  31. package/dist/secrets/provider.d.ts.map +1 -1
  32. package/dist/secrets/provider.js +69 -54
  33. package/package.json +76 -30
  34. package/dist/health.js.map +0 -1
  35. package/dist/runtime.js.map +0 -1
  36. package/dist/secrets/env-secret-provider.js.map +0 -1
  37. package/dist/secrets/gcp-secret-manager.js.map +0 -1
  38. package/dist/secrets/manager.js.map +0 -1
  39. package/dist/secrets/provider.js.map +0 -1
package/dist/secrets/manager.js CHANGED
@@ -1,104 +1,183 @@
1
- import { SecretProviderError } from "./provider.js";
1
+ // @bun
2
+ // src/secrets/provider.ts
3
+ import { Buffer } from "buffer";
2
4
 
3
- //#region src/secrets/manager.ts
4
- /**
5
- * Composite secret provider that delegates to registered providers.
6
- * Providers are attempted in order of descending priority, respecting the
7
- * registration order for ties. This enables privileged overrides (e.g.
8
- * environment variables) while still supporting durable backends like GCP
9
- * Secret Manager.
10
- */
11
- var SecretProviderManager = class {
12
- id;
13
- providers = [];
14
- registrationCounter = 0;
15
- constructor(options = {}) {
16
- this.id = options.id ?? "secret-provider-manager";
17
- const initialProviders = options.providers ?? [];
18
- for (const entry of initialProviders) this.register(entry.provider, { priority: entry.priority });
19
- }
20
- register(provider, options = {}) {
21
- this.providers.push({
22
- provider,
23
- priority: options.priority ?? 0,
24
- order: this.registrationCounter++
25
- });
26
- this.providers.sort((a, b) => {
27
- if (a.priority !== b.priority) return b.priority - a.priority;
28
- return a.order - b.order;
29
- });
30
- return this;
31
- }
32
- canHandle(reference) {
33
- return this.providers.some(({ provider }) => safeCanHandle(provider, reference));
34
- }
35
- async getSecret(reference, options) {
36
- const errors = [];
37
- for (const { provider } of this.providers) {
38
- if (!safeCanHandle(provider, reference)) continue;
39
- try {
40
- return await provider.getSecret(reference, options);
41
- } catch (error) {
42
- if (error instanceof SecretProviderError) {
43
- errors.push(error);
44
- if (error.code !== "NOT_FOUND") break;
45
- continue;
46
- }
47
- throw error;
48
- }
49
- }
50
- throw this.composeError("getSecret", reference, errors, options?.version);
51
- }
52
- async setSecret(reference, payload) {
53
- return this.delegateToFirst("setSecret", reference, (provider) => provider.setSecret(reference, payload));
54
- }
55
- async rotateSecret(reference, payload) {
56
- return this.delegateToFirst("rotateSecret", reference, (provider) => provider.rotateSecret(reference, payload));
57
- }
58
- async deleteSecret(reference) {
59
- await this.delegateToFirst("deleteSecret", reference, (provider) => provider.deleteSecret(reference));
60
- }
61
- async delegateToFirst(operation, reference, invoker) {
62
- const errors = [];
63
- for (const { provider } of this.providers) {
64
- if (!safeCanHandle(provider, reference)) continue;
65
- try {
66
- return await invoker(provider);
67
- } catch (error) {
68
- if (error instanceof SecretProviderError) {
69
- errors.push(error);
70
- continue;
71
- }
72
- throw error;
73
- }
74
- }
75
- throw this.composeError(operation, reference, errors);
76
- }
77
- composeError(operation, reference, errors, version) {
78
- if (errors.length === 1) {
79
- const [singleError] = errors;
80
- if (singleError) return singleError;
81
- }
82
- const messageParts = [`No registered secret provider could ${operation}`, `reference "${reference}"`];
83
- if (version) messageParts.push(`(version: ${version})`);
84
- if (errors.length > 1) messageParts.push(`Attempts: ${errors.map((error) => `${error.provider}:${error.code}`).join(", ")}`);
85
- return new SecretProviderError({
86
- message: messageParts.join(" "),
87
- provider: this.id,
88
- reference,
89
- code: errors.length > 0 ? errors[errors.length - 1].code : "UNKNOWN",
90
- cause: errors
91
- });
92
- }
93
- };
94
- function safeCanHandle(provider, reference) {
95
- try {
96
- return provider.canHandle(reference);
97
- } catch {
98
- return false;
99
- }
5
+ class SecretProviderError extends Error {
6
+ provider;
7
+ reference;
8
+ code;
9
+ cause;
10
+ constructor(params) {
11
+ super(params.message);
12
+ this.name = "SecretProviderError";
13
+ this.provider = params.provider;
14
+ this.reference = params.reference;
15
+ this.code = params.code ?? "UNKNOWN";
16
+ this.cause = params.cause;
17
+ }
18
+ }
19
+ function parseSecretUri(reference) {
20
+ if (!reference) {
21
+ throw new SecretProviderError({
22
+ message: "Secret reference cannot be empty",
23
+ provider: "unknown",
24
+ reference,
25
+ code: "INVALID"
26
+ });
27
+ }
28
+ const [scheme, rest] = reference.split("://");
29
+ if (!scheme || !rest) {
30
+ throw new SecretProviderError({
31
+ message: `Invalid secret reference: ${reference}`,
32
+ provider: "unknown",
33
+ reference,
34
+ code: "INVALID"
35
+ });
36
+ }
37
+ const queryIndex = rest.indexOf("?");
38
+ if (queryIndex === -1) {
39
+ return {
40
+ provider: scheme,
41
+ path: rest
42
+ };
43
+ }
44
+ const path = rest.slice(0, queryIndex);
45
+ const query = rest.slice(queryIndex + 1);
46
+ const extras = Object.fromEntries(query.split("&").filter(Boolean).map((pair) => {
47
+ const [keyRaw, valueRaw] = pair.split("=");
48
+ const key = keyRaw ?? "";
49
+ const value = valueRaw ?? "";
50
+ return [decodeURIComponent(key), decodeURIComponent(value)];
51
+ }));
52
+ return {
53
+ provider: scheme,
54
+ path,
55
+ extras
56
+ };
57
+ }
58
+ function normalizeSecretPayload(payload) {
59
+ if (payload.data instanceof Uint8Array) {
60
+ return payload.data;
61
+ }
62
+ if (payload.encoding === "base64") {
63
+ return Buffer.from(payload.data, "base64");
64
+ }
65
+ if (payload.encoding === "binary") {
66
+ return Buffer.from(payload.data, "binary");
67
+ }
68
+ return Buffer.from(payload.data, "utf-8");
100
69
  }
101
70
 
102
- //#endregion
103
- export { SecretProviderManager };
104
- //# sourceMappingURL=manager.js.map
71
+ // src/secrets/manager.ts
72
+ class SecretProviderManager {
73
+ id;
74
+ providers = [];
75
+ registrationCounter = 0;
76
+ constructor(options = {}) {
77
+ this.id = options.id ?? "secret-provider-manager";
78
+ const initialProviders = options.providers ?? [];
79
+ for (const entry of initialProviders) {
80
+ this.register(entry.provider, { priority: entry.priority });
81
+ }
82
+ }
83
+ register(provider, options = {}) {
84
+ this.providers.push({
85
+ provider,
86
+ priority: options.priority ?? 0,
87
+ order: this.registrationCounter++
88
+ });
89
+ this.providers.sort((a, b) => {
90
+ if (a.priority !== b.priority) {
91
+ return b.priority - a.priority;
92
+ }
93
+ return a.order - b.order;
94
+ });
95
+ return this;
96
+ }
97
+ canHandle(reference) {
98
+ return this.providers.some(({ provider }) => safeCanHandle(provider, reference));
99
+ }
100
+ async getSecret(reference, options) {
101
+ const errors = [];
102
+ for (const { provider } of this.providers) {
103
+ if (!safeCanHandle(provider, reference)) {
104
+ continue;
105
+ }
106
+ try {
107
+ return await provider.getSecret(reference, options);
108
+ } catch (error) {
109
+ if (error instanceof SecretProviderError) {
110
+ errors.push(error);
111
+ if (error.code !== "NOT_FOUND") {
112
+ break;
113
+ }
114
+ continue;
115
+ }
116
+ throw error;
117
+ }
118
+ }
119
+ throw this.composeError("getSecret", reference, errors, options?.version);
120
+ }
121
+ async setSecret(reference, payload) {
122
+ return this.delegateToFirst("setSecret", reference, (provider) => provider.setSecret(reference, payload));
123
+ }
124
+ async rotateSecret(reference, payload) {
125
+ return this.delegateToFirst("rotateSecret", reference, (provider) => provider.rotateSecret(reference, payload));
126
+ }
127
+ async deleteSecret(reference) {
128
+ await this.delegateToFirst("deleteSecret", reference, (provider) => provider.deleteSecret(reference));
129
+ }
130
+ async delegateToFirst(operation, reference, invoker) {
131
+ const errors = [];
132
+ for (const { provider } of this.providers) {
133
+ if (!safeCanHandle(provider, reference)) {
134
+ continue;
135
+ }
136
+ try {
137
+ return await invoker(provider);
138
+ } catch (error) {
139
+ if (error instanceof SecretProviderError) {
140
+ errors.push(error);
141
+ continue;
142
+ }
143
+ throw error;
144
+ }
145
+ }
146
+ throw this.composeError(operation, reference, errors);
147
+ }
148
+ composeError(operation, reference, errors, version) {
149
+ if (errors.length === 1) {
150
+ const [singleError] = errors;
151
+ if (singleError) {
152
+ return singleError;
153
+ }
154
+ }
155
+ const messageParts = [
156
+ `No registered secret provider could ${operation}`,
157
+ `reference "${reference}"`
158
+ ];
159
+ if (version) {
160
+ messageParts.push(`(version: ${version})`);
161
+ }
162
+ if (errors.length > 1) {
163
+ messageParts.push(`Attempts: ${errors.map((error) => `${error.provider}:${error.code}`).join(", ")}`);
164
+ }
165
+ return new SecretProviderError({
166
+ message: messageParts.join(" "),
167
+ provider: this.id,
168
+ reference,
169
+ code: errors.length > 0 ? errors[errors.length - 1].code : "UNKNOWN",
170
+ cause: errors
171
+ });
172
+ }
173
+ }
174
+ function safeCanHandle(provider, reference) {
175
+ try {
176
+ return provider.canHandle(reference);
177
+ } catch {
178
+ return false;
179
+ }
180
+ }
181
+ export {
182
+ SecretProviderManager
183
+ };
package/dist/secrets/provider.d.ts CHANGED
@@ -1,53 +1,50 @@
1
- //#region src/secrets/provider.d.ts
2
- type SecretReference = string;
3
- interface SecretValue {
4
- data: Uint8Array;
5
- version?: string;
6
- metadata?: Record<string, string>;
7
- retrievedAt: Date;
1
+ export type SecretReference = string;
2
+ export interface SecretValue {
3
+ data: Uint8Array;
4
+ version?: string;
5
+ metadata?: Record<string, string>;
6
+ retrievedAt: Date;
8
7
  }
9
- interface SecretFetchOptions {
10
- version?: string;
8
+ export interface SecretFetchOptions {
9
+ version?: string;
11
10
  }
12
- type SecretPayloadEncoding = 'utf-8' | 'base64' | 'binary';
13
- interface SecretWritePayload {
14
- data: string | Uint8Array;
15
- encoding?: SecretPayloadEncoding;
16
- contentType?: string;
17
- labels?: Record<string, string>;
11
+ export type SecretPayloadEncoding = 'utf-8' | 'base64' | 'binary';
12
+ export interface SecretWritePayload {
13
+ data: string | Uint8Array;
14
+ encoding?: SecretPayloadEncoding;
15
+ contentType?: string;
16
+ labels?: Record<string, string>;
18
17
  }
19
- interface SecretRotationResult {
20
- reference: SecretReference;
21
- version: string;
22
- }
23
- interface SecretProvider {
24
- readonly id: string;
25
- canHandle(reference: SecretReference): boolean;
26
- getSecret(reference: SecretReference, options?: SecretFetchOptions): Promise<SecretValue>;
27
- setSecret(reference: SecretReference, payload: SecretWritePayload): Promise<SecretRotationResult>;
28
- rotateSecret(reference: SecretReference, payload: SecretWritePayload): Promise<SecretRotationResult>;
29
- deleteSecret(reference: SecretReference): Promise<void>;
18
+ export interface SecretRotationResult {
19
+ reference: SecretReference;
20
+ version: string;
30
21
  }
31
- interface ParsedSecretUri {
32
- provider: string;
33
- path: string;
34
- extras?: Record<string, string>;
22
+ export interface SecretProvider {
23
+ readonly id: string;
24
+ canHandle(reference: SecretReference): boolean;
25
+ getSecret(reference: SecretReference, options?: SecretFetchOptions): Promise<SecretValue>;
26
+ setSecret(reference: SecretReference, payload: SecretWritePayload): Promise<SecretRotationResult>;
27
+ rotateSecret(reference: SecretReference, payload: SecretWritePayload): Promise<SecretRotationResult>;
28
+ deleteSecret(reference: SecretReference): Promise<void>;
35
29
  }
36
- declare class SecretProviderError extends Error {
37
- readonly provider: string;
38
- readonly reference: SecretReference;
39
- readonly code: 'NOT_FOUND' | 'FORBIDDEN' | 'INVALID' | 'UNKNOWN';
40
- readonly cause?: unknown;
41
- constructor(params: {
42
- message: string;
30
+ export interface ParsedSecretUri {
43
31
  provider: string;
44
- reference: SecretReference;
45
- code?: SecretProviderError['code'];
46
- cause?: unknown;
47
- });
32
+ path: string;
33
+ extras?: Record<string, string>;
34
+ }
35
+ export declare class SecretProviderError extends Error {
36
+ readonly provider: string;
37
+ readonly reference: SecretReference;
38
+ readonly code: 'NOT_FOUND' | 'FORBIDDEN' | 'INVALID' | 'UNKNOWN';
39
+ readonly cause?: unknown;
40
+ constructor(params: {
41
+ message: string;
42
+ provider: string;
43
+ reference: SecretReference;
44
+ code?: SecretProviderError['code'];
45
+ cause?: unknown;
46
+ });
48
47
  }
49
- declare function parseSecretUri(reference: SecretReference): ParsedSecretUri;
50
- declare function normalizeSecretPayload(payload: SecretWritePayload): Uint8Array;
51
- //#endregion
52
- export { ParsedSecretUri, SecretFetchOptions, SecretPayloadEncoding, SecretProvider, SecretProviderError, SecretReference, SecretRotationResult, SecretValue, SecretWritePayload, normalizeSecretPayload, parseSecretUri };
48
+ export declare function parseSecretUri(reference: SecretReference): ParsedSecretUri;
49
+ export declare function normalizeSecretPayload(payload: SecretWritePayload): Uint8Array;
53
50
  //# sourceMappingURL=provider.d.ts.map
package/dist/secrets/provider.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"provider.d.ts","names":[],"sources":["../../src/secrets/provider.ts"],"mappings":";KAEY,eAAA;AAAA,UAEK,WAAA;EACf,IAAA,EAAM,UAAA;EACN,OAAA;EACA,QAAA,GAAW,MAAA;EACX,WAAA,EAAa,IAAA;AAAA;AAAA,UAGE,kBAAA;EACf,OAAA;AAAA;AAAA,KAGU,qBAAA;AAAA,UAEK,kBAAA;EACf,IAAA,WAAe,UAAA;EACf,QAAA,GAAW,qBAAA;EACX,WAAA;EACA,MAAA,GAAS,MAAA;AAAA;AAAA,UAGM,oBAAA;EACf,SAAA,EAAW,eAAA;EACX,OAAA;AAAA;AAAA,UAGe,cAAA;EAAA,SACN,EAAA;EACT,SAAA,CAAU,SAAA,EAAW,eAAA;EACrB,SAAA,CACE,SAAA,EAAW,eAAA,EACX,OAAA,GAAU,kBAAA,GACT,OAAA,CAAQ,WAAA;EACX,SAAA,CACE,SAAA,EAAW,eAAA,EACX,OAAA,EAAS,kBAAA,GACR,OAAA,CAAQ,oBAAA;EACX,YAAA,CACE,SAAA,EAAW,eAAA,EACX,OAAA,EAAS,kBAAA,GACR,OAAA,CAAQ,oBAAA;EACX,YAAA,CAAa,SAAA,EAAW,eAAA,GAAkB,OAAA;AAAA;AAAA,UAG3B,eAAA;EACf,QAAA;EACA,IAAA;EACA,MAAA,GAAS,MAAA;AAAA;AAAA,cAGE,mBAAA,SAA4B,KAAA;EAAA,SAC9B,QAAA;EAAA,SACA,SAAA,EAAW,eAAA;EAAA,SACX,IAAA;EAAA,SACA,KAAA;cAEG,MAAA;IACV,OAAA;IACA,QAAA;IACA,SAAA,EAAW,eAAA;IACX,IAAA,GAAO,mBAAA;IACP,KAAA;EAAA;AAAA;AAAA,iBAWY,cAAA,CAAe,SAAA,EAAW,eAAA,GAAkB,eAAA;AAAA,iBAiD5C,sBAAA,CACd,OAAA,EAAS,kBAAA,GACR,UAAA"}
1
+ {"version":3,"file":"provider.d.ts","sourceRoot":"","sources":["../../src/secrets/provider.ts"],"names":[],"mappings":"AAEA,MAAM,MAAM,eAAe,GAAG,MAAM,CAAC;AAErC,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,UAAU,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAClC,WAAW,EAAE,IAAI,CAAC;CACnB;AAED,MAAM,WAAW,kBAAkB;IACjC,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,MAAM,qBAAqB,GAAG,OAAO,GAAG,QAAQ,GAAG,QAAQ,CAAC;AAElE,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE,MAAM,GAAG,UAAU,CAAC;IAC1B,QAAQ,CAAC,EAAE,qBAAqB,CAAC;IACjC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACjC;AAED,MAAM,WAAW,oBAAoB;IACnC,SAAS,EAAE,eAAe,CAAC;IAC3B,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,cAAc;IAC7B,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,SAAS,EAAE,eAAe,GAAG,OAAO,CAAC;IAC/C,SAAS,CACP,SAAS,EAAE,eAAe,EAC1B,OAAO,CAAC,EAAE,kBAAkB,GAC3B,OAAO,CAAC,WAAW,CAAC,CAAC;IACxB,SAAS,CACP,SAAS,EAAE,eAAe,EAC1B,OAAO,EAAE,kBAAkB,GAC1B,OAAO,CAAC,oBAAoB,CAAC,CAAC;IACjC,YAAY,CACV,SAAS,EAAE,eAAe,EAC1B,OAAO,EAAE,kBAAkB,GAC1B,OAAO,CAAC,oBAAoB,CAAC,CAAC;IACjC,YAAY,CAAC,SAAS,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACzD;AAED,MAAM,WAAW,eAAe;IAC9B,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACjC;AAED,qBAAa,mBAAoB,SAAQ,KAAK;IAC5C,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,SAAS,EAAE,eAAe,CAAC;IACpC,QAAQ,CAAC,IAAI,EAAE,WAAW,GAAG,WAAW,GAAG,SAAS,GAAG,SAAS,CAAC;IACjE,QAAQ,CAAC,KAAK,CAAC,EAAE,OAAO,CAAC;gBAEb,MAAM,EAAE;QAClB,OAAO,EAAE,MAAM,CAAC;QAChB,QAAQ,EAAE,MAAM,CAAC;QACjB,SAAS,EAAE,eAAe,CAAC;QAC3B,IAAI,CAAC,EAAE,mBAAmB,CAAC,MAAM,CAAC,CAAC;QACnC,KAAK,CAAC,EAAE,OAAO,CAAC;KACjB;CAQF;AAED,wBAAgB,cAAc,CAAC,SAAS,EAAE,eAAe,GAAG,eAAe,CA+C1E;AAED,wBAAgB,sBAAsB,CACpC,OAAO,EAAE,kBAAkB,GAC1B,UAAU,CAcZ"}
package/dist/secrets/provider.js CHANGED
@@ -1,59 +1,74 @@
1
- import { Buffer } from "node:buffer";
1
+ // @bun
2
+ // src/secrets/provider.ts
3
+ import { Buffer } from "buffer";
2
4
 
3
- //#region src/secrets/provider.ts
4
- var SecretProviderError = class extends Error {
5
- provider;
6
- reference;
7
- code;
8
- cause;
9
- constructor(params) {
10
- super(params.message);
11
- this.name = "SecretProviderError";
12
- this.provider = params.provider;
13
- this.reference = params.reference;
14
- this.code = params.code ?? "UNKNOWN";
15
- this.cause = params.cause;
16
- }
17
- };
5
+ class SecretProviderError extends Error {
6
+ provider;
7
+ reference;
8
+ code;
9
+ cause;
10
+ constructor(params) {
11
+ super(params.message);
12
+ this.name = "SecretProviderError";
13
+ this.provider = params.provider;
14
+ this.reference = params.reference;
15
+ this.code = params.code ?? "UNKNOWN";
16
+ this.cause = params.cause;
17
+ }
18
+ }
18
19
  function parseSecretUri(reference) {
19
- if (!reference) throw new SecretProviderError({
20
- message: "Secret reference cannot be empty",
21
- provider: "unknown",
22
- reference,
23
- code: "INVALID"
24
- });
25
- const [scheme, rest] = reference.split("://");
26
- if (!scheme || !rest) throw new SecretProviderError({
27
- message: `Invalid secret reference: ${reference}`,
28
- provider: "unknown",
29
- reference,
30
- code: "INVALID"
31
- });
32
- const queryIndex = rest.indexOf("?");
33
- if (queryIndex === -1) return {
34
- provider: scheme,
35
- path: rest
36
- };
37
- const path = rest.slice(0, queryIndex);
38
- const query = rest.slice(queryIndex + 1);
39
- return {
40
- provider: scheme,
41
- path,
42
- extras: Object.fromEntries(query.split("&").filter(Boolean).map((pair) => {
43
- const [keyRaw, valueRaw] = pair.split("=");
44
- const key = keyRaw ?? "";
45
- const value = valueRaw ?? "";
46
- return [decodeURIComponent(key), decodeURIComponent(value)];
47
- }))
48
- };
20
+ if (!reference) {
21
+ throw new SecretProviderError({
22
+ message: "Secret reference cannot be empty",
23
+ provider: "unknown",
24
+ reference,
25
+ code: "INVALID"
26
+ });
27
+ }
28
+ const [scheme, rest] = reference.split("://");
29
+ if (!scheme || !rest) {
30
+ throw new SecretProviderError({
31
+ message: `Invalid secret reference: ${reference}`,
32
+ provider: "unknown",
33
+ reference,
34
+ code: "INVALID"
35
+ });
36
+ }
37
+ const queryIndex = rest.indexOf("?");
38
+ if (queryIndex === -1) {
39
+ return {
40
+ provider: scheme,
41
+ path: rest
42
+ };
43
+ }
44
+ const path = rest.slice(0, queryIndex);
45
+ const query = rest.slice(queryIndex + 1);
46
+ const extras = Object.fromEntries(query.split("&").filter(Boolean).map((pair) => {
47
+ const [keyRaw, valueRaw] = pair.split("=");
48
+ const key = keyRaw ?? "";
49
+ const value = valueRaw ?? "";
50
+ return [decodeURIComponent(key), decodeURIComponent(value)];
51
+ }));
52
+ return {
53
+ provider: scheme,
54
+ path,
55
+ extras
56
+ };
49
57
  }
50
58
  function normalizeSecretPayload(payload) {
51
- if (payload.data instanceof Uint8Array) return payload.data;
52
- if (payload.encoding === "base64") return Buffer.from(payload.data, "base64");
53
- if (payload.encoding === "binary") return Buffer.from(payload.data, "binary");
54
- return Buffer.from(payload.data, "utf-8");
59
+ if (payload.data instanceof Uint8Array) {
60
+ return payload.data;
61
+ }
62
+ if (payload.encoding === "base64") {
63
+ return Buffer.from(payload.data, "base64");
64
+ }
65
+ if (payload.encoding === "binary") {
66
+ return Buffer.from(payload.data, "binary");
67
+ }
68
+ return Buffer.from(payload.data, "utf-8");
55
69
  }
56
-
57
- //#endregion
58
- export { SecretProviderError, normalizeSecretPayload, parseSecretUri };
59
- //# sourceMappingURL=provider.js.map
70
+ export {
71
+ parseSecretUri,
72
+ normalizeSecretPayload,
73
+ SecretProviderError
74
+ };