@elding/sdk 0.2.0 → 0.4.0

package/dist/api.js

@@ -2,25 +2,28 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.exchangeToken = exchangeToken;
 exports.fetchSecrets = fetchSecrets;
-const BASE_URL = process.env.ELDING_API_URL ?? "https://app.elding.io";
+const apiUrl_js_1 = require("./apiUrl.js");
+const BASE_URL = (0, apiUrl_js_1.resolveBaseUrl)();
+const REQUEST_TIMEOUT_MS = 15_000;
+const REFRESH_TOKEN = /^eld_rt_[a-f0-9]{64}$/i;
 async function exchangeToken(refreshToken) {
-    const res = await fetch(`${BASE_URL}/api/cli/auth/token`, {
+    if (!REFRESH_TOKEN.test(refreshToken))
+        throw new Error("[elding] Token local invalide.");
+    const body = await requestJson("/api/cli/auth/token", {
         method: "POST",
         headers: { "Content-Type": "application/json" },
         body: JSON.stringify({ refreshToken }),
     });
-    const body = (await res.json());
     if (!body.success || !body.accessToken)
-        throw new Error(body.error ?? "Échec d'authentification Elding");
+        throw new Error(safeError(body.error) || "Échec d'authentification Elding");
     return body.accessToken;
 }
 async function fetchSecrets(accessToken, setId) {
-    const res = await fetch(`${BASE_URL}/api/cli/secrets?setId=${encodeURIComponent(setId)}`, {
+    const body = await requestJson(`/api/cli/secrets?setId=${encodeURIComponent(setId)}`, {
         headers: { Authorization: `Bearer ${accessToken}` },
     });
-    const body = (await res.json());
     if (!body.success || !body.secrets || typeof body.secrets !== "object")
-        throw new Error(body.error ?? `Erreur ${res.status}`);
+        throw new Error(safeError(body.error) || "Réponse invalide");
     return sanitizeSecrets(body.secrets);
 }
 const DANGEROUS_KEYS = new Set(["__proto__", "constructor", "prototype"]);
@@ -30,9 +33,29 @@ function sanitizeSecrets(raw) {
     for (const [name, value] of Object.entries(raw)) {
         if (DANGEROUS_KEYS.has(name))
             continue;
+        if (name.length > 128)
+            continue;
         if (typeof value !== "string")
             continue;
         out[name] = value;
     }
     return out;
 }
+async function requestJson(path, init) {
+    const res = await fetch(`${BASE_URL}${path}`, {
+        ...init,
+        signal: AbortSignal.timeout(REQUEST_TIMEOUT_MS),
+    });
+    const body = (await res.json().catch(() => null));
+    if (!res.ok)
+        throw new Error(safeError(body?.error) || `Erreur ${res.status}`);
+    if (!body || typeof body !== "object")
+        throw new Error("[elding] Réponse invalide.");
+    return body;
+}
+function safeError(value) {
+    return String(value ?? "")
+        .replace(/[\u001b\u009b][[\]()#;?]*(?:(?:(?:[a-zA-Z\d]*(?:;[a-zA-Z\d]*)*)?\u0007)|(?:(?:\d{1,4}(?:;\d{0,4})*)?[\dA-PR-TZcf-nq-uy=><~]))/g, "")
+        .replace(/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]/g, "")
+        .slice(0, 300);
+}

package/dist/apiUrl.d.ts

@@ -0,0 +1 @@
+export declare function resolveBaseUrl(raw?: string | undefined): string;

package/dist/apiUrl.js

@@ -0,0 +1,44 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.resolveBaseUrl = resolveBaseUrl;
+const net_1 = __importDefault(require("net"));
+const DEFAULT_BASE_URL = "https://app.elding.io";
+function stripBrackets(hostname) {
+    return hostname.startsWith("[") && hostname.endsWith("]")
+        ? hostname.slice(1, -1)
+        : hostname;
+}
+function isLoopbackHost(hostname) {
+    const host = stripBrackets(hostname.toLowerCase().replace(/\.$/, ""));
+    if (host === "localhost")
+        return true;
+    if (net_1.default.isIPv4(host))
+        return host.startsWith("127.");
+    if (net_1.default.isIPv6(host))
+        return host === "::1" || host === "0:0:0:0:0:0:0:1";
+    return false;
+}
+function resolveBaseUrl(raw = process.env.ELDING_API_URL) {
+    const input = raw?.trim() || DEFAULT_BASE_URL;
+    let url;
+    try {
+        url = new URL(input);
+    }
+    catch {
+        throw new Error("[elding] ELDING_API_URL invalide.");
+    }
+    if (url.username || url.password) {
+        throw new Error("[elding] ELDING_API_URL ne doit pas contenir d'identifiants.");
+    }
+    if (url.pathname !== "/" || url.search || url.hash) {
+        throw new Error("[elding] ELDING_API_URL doit etre une origine seule.");
+    }
+    if (url.protocol === "https:")
+        return url.origin;
+    if (url.protocol === "http:" && isLoopbackHost(url.hostname))
+        return url.origin;
+    throw new Error("[elding] ELDING_API_URL doit utiliser HTTPS, sauf pour localhost en developpement.");
+}

package/dist/client.d.ts

@@ -11,4 +11,5 @@ export declare class EldingClient {
     secret(name: string): string;
     secretOrUndefined(name: string): string | undefined;
     all(): Record<string, string>;
+    allWithEnvFallback(): Record<string, string>;
 }

package/dist/client.js

@@ -22,7 +22,7 @@ class EldingClient {
         // 3. Fetch secrets
         const accessToken = await (0, api_js_1.exchangeToken)(refreshToken);
         const secrets = await (0, api_js_1.fetchSecrets)(accessToken, setId);
-        return new EldingClient(secrets, options.envFallback ?? true);
+        return new EldingClient(secrets, options.envFallback ?? false);
     }
     secret(name) {
         const value = this.secrets[name];
@@ -44,11 +44,15 @@ class EldingClient {
             return undefined;
         }
     }
-    // Returns all secrets as a plain object (e.g. to spread into a config)
+    // Returns only Elding vault secrets as a plain object.
     all() {
-        if (this.envFallback)
-            return { ...process.env, ...this.secrets };
         return { ...this.secrets };
     }
+    // Explicit escape hatch for legacy code that intentionally wants process.env fallback values.
+    allWithEnvFallback() {
+        if (!this.envFallback)
+            return this.all();
+        return { ...process.env, ...this.secrets };
+    }
 }
 exports.EldingClient = EldingClient;

package/dist/config.js

@@ -8,10 +8,14 @@ exports.readProjectConfig = readProjectConfig;
 const fs_1 = __importDefault(require("fs"));
 const os_1 = __importDefault(require("os"));
 const path_1 = __importDefault(require("path"));
+const REFRESH_TOKEN = /^eld_rt_[a-f0-9]{64}$/i;
 function readGlobalConfig() {
     try {
         const file = path_1.default.join(os_1.default.homedir(), ".elding", "config.json");
-        return JSON.parse(fs_1.default.readFileSync(file, "utf-8"));
+        const parsed = JSON.parse(fs_1.default.readFileSync(file, "utf-8"));
+        if (!parsed.refreshToken || !REFRESH_TOKEN.test(parsed.refreshToken))
+            return null;
+        return { refreshToken: parsed.refreshToken };
     }
     catch {
         return null;
@@ -19,9 +23,15 @@ function readGlobalConfig() {
 }
 function readProjectConfig() {
     try {
-        return JSON.parse(fs_1.default.readFileSync(".elding.json", "utf-8"));
+        const parsed = JSON.parse(fs_1.default.readFileSync(".elding.json", "utf-8"));
+        if (!isNonEmptyString(parsed.setId) || !isNonEmptyString(parsed.setName))
+            return null;
+        return { setId: parsed.setId, setName: parsed.setName };
     }
     catch {
         return null;
     }
 }
+function isNonEmptyString(value) {
+    return typeof value === "string" && value.trim().length > 0 && value.length <= 500;
+}

package/dist/configure.d.ts

@@ -0,0 +1,18 @@
+import { type ClientOptions } from "./client.js";
+export type ProviderConfig = {
+    apiKey: string;
+    baseURL?: string;
+    defaultHeaders?: Record<string, string>;
+};
+/**
+ * Config unifiée pour un provider : utilise le proxy si actif (clé jamais en mémoire),
+ * sinon récupère la vraie clé du vault (mode client). Le même code marche en dev
+ * (`elding proxy`) et en production (serverless), sans rien changer.
+ *
+ * @example
+ * import OpenAI from "openai";
+ * import { configure } from "@elding/sdk";
+ *
+ * const openai = new OpenAI(await configure("OPENAI_API_KEY", "https://api.openai.com"));
+ */
+export declare function configure(secretName: string, target: string, options?: ClientOptions): Promise<ProviderConfig>;

package/dist/configure.js

@@ -0,0 +1,36 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.configure = configure;
+const proxy_js_1 = require("./proxy.js");
+const client_js_1 = require("./client.js");
+const SECRET_NAME = /^[A-Z0-9_]+$/;
+// Client mis en cache : on ne fetch les secrets qu'une seule fois par process.
+let clientPromise = null;
+function getClient(options) {
+    if (!clientPromise)
+        clientPromise = client_js_1.EldingClient.create(options);
+    return clientPromise;
+}
+/**
+ * Config unifiée pour un provider : utilise le proxy si actif (clé jamais en mémoire),
+ * sinon récupère la vraie clé du vault (mode client). Le même code marche en dev
+ * (`elding proxy`) et en production (serverless), sans rien changer.
+ *
+ * @example
+ * import OpenAI from "openai";
+ * import { configure } from "@elding/sdk";
+ *
+ * const openai = new OpenAI(await configure("OPENAI_API_KEY", "https://api.openai.com"));
+ */
+async function configure(secretName, target, options = {}) {
+    if (!SECRET_NAME.test(secretName))
+        throw new Error("[elding] Nom de secret invalide (A-Z, 0-9, _).");
+    // Mode proxy (dev) : placeholder, la vraie clé n'entre jamais dans le process.
+    if ((0, proxy_js_1.isProxyActive)()) {
+        const { baseURL, headers } = (0, proxy_js_1.proxyConfig)(target);
+        return { apiKey: `{{${secretName}}}`, baseURL, defaultHeaders: headers };
+    }
+    // Mode client (prod / serverless) : la vraie clé est récupérée du vault.
+    const elding = await getClient(options);
+    return { apiKey: elding.secret(secretName) };
+}

package/dist/index.d.ts

@@ -2,6 +2,7 @@ import { EldingClient, type ClientOptions } from "./client.js";
 export { EldingClient };
 export type { ClientOptions };
 export { proxyConfig, isProxyActive, type ProxyConfig } from "./proxy.js";
+export { configure, type ProviderConfig } from "./configure.js";
 /**
  * Crée un client Elding et charge tous les secrets du set configuré.
  *

package/dist/index.js

@@ -1,12 +1,14 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.isProxyActive = exports.proxyConfig = exports.EldingClient = void 0;
+exports.configure = exports.isProxyActive = exports.proxyConfig = exports.EldingClient = void 0;
 exports.client = client;
 const client_js_1 = require("./client.js");
 Object.defineProperty(exports, "EldingClient", { enumerable: true, get: function () { return client_js_1.EldingClient; } });
 var proxy_js_1 = require("./proxy.js");
 Object.defineProperty(exports, "proxyConfig", { enumerable: true, get: function () { return proxy_js_1.proxyConfig; } });
 Object.defineProperty(exports, "isProxyActive", { enumerable: true, get: function () { return proxy_js_1.isProxyActive; } });
+var configure_js_1 = require("./configure.js");
+Object.defineProperty(exports, "configure", { enumerable: true, get: function () { return configure_js_1.configure; } });
 /**
  * Crée un client Elding et charge tous les secrets du set configuré.
  *

package/dist/proxy.js

@@ -2,6 +2,7 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.proxyConfig = proxyConfig;
 exports.isProxyActive = isProxyActive;
+const PROXY_TOKEN = /^[a-f0-9]{48}$/i;
 /**
  * Retourne la config à passer à un SDK provider pour router via le proxy Elding.
  * La vraie clé n'entre jamais dans votre process — utilisez le placeholder `{{NOM_SECRET}}`.
@@ -20,18 +21,47 @@ exports.isProxyActive = isProxyActive;
  * });
  */
 function proxyConfig(target) {
-    const url = process.env.ELDING_PROXY_URL;
+    const url = validateProxyUrl(process.env.ELDING_PROXY_URL);
     const token = process.env.ELDING_PROXY_TOKEN;
-    if (!url || !token)
+    if (!url || !token || !PROXY_TOKEN.test(token))
         throw new Error("[elding] Proxy non actif. Lancez via `elding proxy -- <cmd>`.");
+    const safeTarget = validateTarget(target);
     return {
         baseURL: url,
         headers: {
             "x-elding-token": token,
-            "x-elding-target": target,
+            "x-elding-target": safeTarget,
         },
     };
 }
 function isProxyActive() {
-    return !!process.env.ELDING_PROXY_URL && !!process.env.ELDING_PROXY_TOKEN;
+    try {
+        return !!validateProxyUrl(process.env.ELDING_PROXY_URL) && PROXY_TOKEN.test(process.env.ELDING_PROXY_TOKEN ?? "");
+    }
+    catch {
+        return false;
+    }
+}
+function validateProxyUrl(value) {
+    if (!value)
+        return null;
+    const url = new URL(value);
+    if (url.protocol !== "http:" ||
+        url.hostname !== "127.0.0.1" ||
+        url.username ||
+        url.password ||
+        url.pathname !== "/" ||
+        url.search ||
+        url.hash) {
+        throw new Error("[elding] ELDING_PROXY_URL invalide.");
+    }
+    return url.origin;
+}
+function validateTarget(value) {
+    const url = new URL(value);
+    if (url.protocol !== "https:" || url.username || url.password) {
+        throw new Error("[elding] La cible proxy doit etre une URL HTTPS sans identifiants.");
+    }
+    url.hash = "";
+    return url.origin;
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@elding/sdk",
-  "version": "0.2.0",
+  "version": "0.4.0",
   "description": "Elding SDK — accès aux secrets depuis le code, zéro .env",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
@@ -13,11 +13,12 @@
   "scripts": {
     "build": "tsc",
     "dev": "tsc --watch",
+    "test": "node --test test/*.test.mjs",
     "prepublishOnly": "npm run build"
   },
   "devDependencies": {
-    "@types/node": "^22.0.0",
-    "typescript": "^5.5.0"
+    "@types/node": "22.19.21",
+    "typescript": "5.9.3"
   },
   "engines": {
     "node": ">=18"