@f5xc-salesdemos/pi-utils 19.46.1 → 19.48.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "type": "module",
3
3
  "name": "@f5xc-salesdemos/pi-utils",
4
- "version": "19.46.1",
4
+ "version": "19.48.0",
5
5
  "description": "Shared utilities for pi packages",
6
6
  "homepage": "https://github.com/f5xc-salesdemos/xcsh",
7
7
  "author": "Can Boluk",
@@ -39,7 +39,7 @@
39
39
  },
40
40
  "devDependencies": {
41
41
  "@types/bun": "^1.3",
42
- "@f5xc-salesdemos/pi-natives": "19.46.1"
42
+ "@f5xc-salesdemos/pi-natives": "19.48.0"
43
43
  },
44
44
  "engines": {
45
45
  "bun": ">=1.3.7"
package/src/index.ts CHANGED
@@ -39,6 +39,7 @@ export * from "./type-guards";
39
39
  export * from "./which";
40
40
  export * from "./xcsh-context-paths";
41
41
  export * from "./xcsh-context-resolver";
42
+ export * from "./xcsh-env-names";
42
43
 
43
44
  function isPlainObject(val: object): val is Record<string, unknown> {
44
45
  return Object.getPrototypeOf(val) === Object.prototype || Array.isArray(val);
@@ -0,0 +1,49 @@
1
+ /**
2
+ * Canonical F5 XC context environment-variable names and the secret-detection
3
+ * rule, shared by every host (the xcsh shell and the VS Code extension) so both
4
+ * agree on which keys are reserved, which are recognized auth credentials, and
5
+ * which values must be masked.
6
+ *
7
+ * This module is intentionally dependency-free (no Bun/Node APIs) so a CommonJS
8
+ * `require()` from the extension can load it without dragging in the Bun-only
9
+ * barrel. Names are typed `as const` so bracket access like
10
+ * `process.env[XCSH_API_URL]` type-checks correctly.
11
+ */
12
+
13
+ export const XCSH_API_URL = "XCSH_API_URL" as const;
14
+ export const XCSH_API_TOKEN = "XCSH_API_TOKEN" as const;
15
+ export const XCSH_NAMESPACE = "XCSH_NAMESPACE" as const;
16
+ export const XCSH_TENANT = "XCSH_TENANT" as const;
17
+ export const XCSH_USERNAME = "XCSH_USERNAME" as const;
18
+ export const XCSH_CONSOLE_PASSWORD = "XCSH_CONSOLE_PASSWORD" as const;
19
+ /** Active context profile name. Read-only metadata injected by ContextService. */
20
+ export const XCSH_CONTEXT_NAME = "XCSH_CONTEXT_NAME" as const;
21
+
22
+ /**
23
+ * Control env vars owned by the context itself (apiUrl/apiToken/defaultNamespace
24
+ * → XCSH_API_URL/XCSH_API_TOKEN/XCSH_NAMESPACE), derived (XCSH_TENANT), or
25
+ * injected at activation (XCSH_CONTEXT_NAME). A context's custom `env` map must
26
+ * never set these — they would be ignored or clobbered by the resolver.
27
+ */
28
+ export const RESERVED_ENV_KEYS: ReadonlySet<string> = new Set([
29
+ XCSH_NAMESPACE,
30
+ XCSH_API_URL,
31
+ XCSH_API_TOKEN,
32
+ XCSH_TENANT,
33
+ XCSH_CONTEXT_NAME,
34
+ ]);
35
+
36
+ /**
37
+ * Recognized web-console login credentials. Unlike RESERVED_ENV_KEYS these live
38
+ * in the context's generic `env` map (a user sets them like any other variable),
39
+ * but hosts surface them in a dedicated "Auth" section, in display order.
40
+ */
41
+ export const AUTH_ENV_KEYS: readonly string[] = [XCSH_USERNAME, XCSH_CONSOLE_PASSWORD];
42
+
43
+ /** Env var name patterns that indicate a secret value (mask in output, redact on export). */
44
+ export const SECRET_ENV_PATTERNS = /(?:KEY|SECRET|TOKEN|PASSWORD|PASS|AUTH|CREDENTIAL|PRIVATE|OAUTH)(?:_|$)/i;
45
+
46
+ /** True iff an env var NAME looks like it holds a secret (e.g. XCSH_CONSOLE_PASSWORD). */
47
+ export function isSensitiveEnvKey(key: string): boolean {
48
+ return SECRET_ENV_PATTERNS.test(key);
49
+ }