@fgv/ts-extras 5.1.0-10 → 5.1.0-12

package/dist/packlets/crypto-utils/keystore/keyStore.js

@@ -360,14 +360,21 @@ export class KeyStore {
         return succeed({ entry, replaced });
     }
     /**
-     * Imports an existing secret key.
+     * Imports raw 32-byte key material into the vault.
+     *
+     * Always validates that the key is exactly 32 bytes (AES-256). The optional
+     * `type` field is a classification label stored with the entry; it does not
+     * change the validation rules.  For importing UTF-8 API key strings (variable
+     * length), use {@link KeyStore.importApiKey} instead.
+     *
      * @param name - Unique name for the secret
-     * @param key - The 32-byte AES-256 key
-     * @param options - Optional description, whether to replace existing
+     * @param key - The 32-byte AES-256 key material
+     * @param options - Optional type classification, description, whether to replace existing
      * @returns Success with entry, Failure if locked, key invalid, or exists and !replace
      * @public
      */
     importSecret(name, key, options) {
+        var _a;
         if (!this._secrets) {
             return fail('Key store is locked');
         }
@@ -383,7 +390,7 @@ export class KeyStore {
         }
         const entry = {
             name,
-            type: 'encryption-key',
+            type: (_a = options === null || options === void 0 ? void 0 : options.type) !== null && _a !== void 0 ? _a : 'encryption-key',
             key: new Uint8Array(key), // Copy to prevent external modification
             description: options === null || options === void 0 ? void 0 : options.description,
             createdAt: getCurrentTimestamp()

package/dist/ts-extras.d.ts

@@ -1095,6 +1095,19 @@ declare interface IEncryptionResult {
     readonly encryptedData: Uint8Array;
 }
 
+/**
+ * Options for importing raw key material via {@link KeyStore.importSecret}.
+ * Extends {@link IImportSecretOptions} with a type classification.
+ * @public
+ */
+declare interface IImportKeyOptions extends IImportSecretOptions {
+    /**
+     * Secret type classification for the imported key material.
+     * @defaultValue 'encryption-key'
+     */
+    readonly type?: KeyStoreSecretType;
+}
+
 /**
  * Options for importing a secret.
  * @public
@@ -1500,6 +1513,7 @@ declare namespace KeyStore {
         IAddSecretResult,
         IAddSecretOptions,
         IImportSecretOptions,
+        IImportKeyOptions,
         IAddSecretFromPasswordOptions,
         DEFAULT_SECRET_ITERATIONS,
         IAddSecretFromPasswordResult
@@ -1644,14 +1658,20 @@ declare class KeyStore_2 implements IEncryptionProvider {
      */
     addSecret(name: string, options?: IAddSecretOptions): Promise<Result<IAddSecretResult>>;
     /**
-     * Imports an existing secret key.
+     * Imports raw 32-byte key material into the vault.
+     *
+     * Always validates that the key is exactly 32 bytes (AES-256). The optional
+     * `type` field is a classification label stored with the entry; it does not
+     * change the validation rules.  For importing UTF-8 API key strings (variable
+     * length), use {@link KeyStore.importApiKey} instead.
+     *
      * @param name - Unique name for the secret
-     * @param key - The 32-byte AES-256 key
-     * @param options - Optional description, whether to replace existing
+     * @param key - The 32-byte AES-256 key material
+     * @param options - Optional type classification, description, whether to replace existing
      * @returns Success with entry, Failure if locked, key invalid, or exists and !replace
      * @public
      */
-    importSecret(name: string, key: Uint8Array, options?: IImportSecretOptions): Result<IAddSecretResult>;
+    importSecret(name: string, key: Uint8Array, options?: IImportKeyOptions): Result<IAddSecretResult>;
     /**
      * Adds a secret derived from a password using PBKDF2.
      *

package/lib/packlets/crypto-utils/keystore/keyStore.d.ts

@@ -1,7 +1,7 @@
 import { JsonValue } from '@fgv/ts-json-base';
 import { Result } from '@fgv/ts-utils';
 import { ICryptoProvider, IEncryptedFile, IEncryptionConfig, IEncryptionProvider, SecretProvider } from '../model';
-import { IAddSecretFromPasswordOptions, IAddSecretFromPasswordResult, IAddSecretOptions, IAddSecretResult, IImportSecretOptions, IKeyStoreCreateParams, IKeyStoreFile, IKeyStoreOpenParams, IKeyStoreSecretEntry, KeyStoreLockState, KeyStoreSecretType } from './model';
+import { IAddSecretFromPasswordOptions, IAddSecretFromPasswordResult, IAddSecretOptions, IAddSecretResult, IImportKeyOptions, IImportSecretOptions, IKeyStoreCreateParams, IKeyStoreFile, IKeyStoreOpenParams, IKeyStoreSecretEntry, KeyStoreLockState, KeyStoreSecretType } from './model';
 /**
  * Password-protected key store for managing encryption secrets.
  *
@@ -140,14 +140,20 @@ export declare class KeyStore implements IEncryptionProvider {
      */
     addSecret(name: string, options?: IAddSecretOptions): Promise<Result<IAddSecretResult>>;
     /**
-     * Imports an existing secret key.
+     * Imports raw 32-byte key material into the vault.
+     *
+     * Always validates that the key is exactly 32 bytes (AES-256). The optional
+     * `type` field is a classification label stored with the entry; it does not
+     * change the validation rules.  For importing UTF-8 API key strings (variable
+     * length), use {@link KeyStore.importApiKey} instead.
+     *
      * @param name - Unique name for the secret
-     * @param key - The 32-byte AES-256 key
-     * @param options - Optional description, whether to replace existing
+     * @param key - The 32-byte AES-256 key material
+     * @param options - Optional type classification, description, whether to replace existing
      * @returns Success with entry, Failure if locked, key invalid, or exists and !replace
      * @public
      */
-    importSecret(name: string, key: Uint8Array, options?: IImportSecretOptions): Result<IAddSecretResult>;
+    importSecret(name: string, key: Uint8Array, options?: IImportKeyOptions): Result<IAddSecretResult>;
     /**
      * Adds a secret derived from a password using PBKDF2.
      *

package/lib/packlets/crypto-utils/keystore/keyStore.js

@@ -396,14 +396,21 @@ class KeyStore {
         return (0, ts_utils_1.succeed)({ entry, replaced });
     }
     /**
-     * Imports an existing secret key.
+     * Imports raw 32-byte key material into the vault.
+     *
+     * Always validates that the key is exactly 32 bytes (AES-256). The optional
+     * `type` field is a classification label stored with the entry; it does not
+     * change the validation rules.  For importing UTF-8 API key strings (variable
+     * length), use {@link KeyStore.importApiKey} instead.
+     *
      * @param name - Unique name for the secret
-     * @param key - The 32-byte AES-256 key
-     * @param options - Optional description, whether to replace existing
+     * @param key - The 32-byte AES-256 key material
+     * @param options - Optional type classification, description, whether to replace existing
      * @returns Success with entry, Failure if locked, key invalid, or exists and !replace
      * @public
      */
     importSecret(name, key, options) {
+        var _a;
         if (!this._secrets) {
             return (0, ts_utils_1.fail)('Key store is locked');
         }
@@ -419,7 +426,7 @@ class KeyStore {
         }
         const entry = {
             name,
-            type: 'encryption-key',
+            type: (_a = options === null || options === void 0 ? void 0 : options.type) !== null && _a !== void 0 ? _a : 'encryption-key',
             key: new Uint8Array(key), // Copy to prevent external modification
             description: options === null || options === void 0 ? void 0 : options.description,
             createdAt: getCurrentTimestamp()

package/lib/packlets/crypto-utils/keystore/model.d.ts

@@ -199,6 +199,18 @@ export interface IImportSecretOptions extends IAddSecretOptions {
      */
     readonly replace?: boolean;
 }
+/**
+ * Options for importing raw key material via {@link KeyStore.importSecret}.
+ * Extends {@link IImportSecretOptions} with a type classification.
+ * @public
+ */
+export interface IImportKeyOptions extends IImportSecretOptions {
+    /**
+     * Secret type classification for the imported key material.
+     * @defaultValue 'encryption-key'
+     */
+    readonly type?: KeyStoreSecretType;
+}
 /**
  * Options for adding a secret derived from a password.
  * @public

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@fgv/ts-extras",
-  "version": "5.1.0-10",
+  "version": "5.1.0-12",
   "description": "Assorted Typescript Utilities",
   "main": "lib/index.js",
   "types": "dist/ts-extras.d.ts",
@@ -86,10 +86,10 @@
     "@types/js-yaml": "~4.0.9",
     "typedoc": "~0.28.16",
     "typedoc-plugin-markdown": "~4.9.0",
-    "@fgv/heft-dual-rig": "5.1.0-10",
-    "@fgv/ts-utils-jest": "5.1.0-10",
-    "@fgv/typedoc-compact-theme": "5.1.0-10",
-    "@fgv/ts-utils": "5.1.0-10"
+    "@fgv/heft-dual-rig": "5.1.0-12",
+    "@fgv/ts-utils-jest": "5.1.0-12",
+    "@fgv/ts-utils": "5.1.0-12",
+    "@fgv/typedoc-compact-theme": "5.1.0-12"
   },
   "dependencies": {
     "luxon": "^3.7.2",
@@ -97,10 +97,10 @@
     "papaparse": "^5.4.1",
     "fflate": "~0.8.2",
     "js-yaml": "~4.1.1",
-    "@fgv/ts-json-base": "5.1.0-10"
+    "@fgv/ts-json-base": "5.1.0-12"
   },
   "peerDependencies": {
-    "@fgv/ts-utils": "5.1.0-10"
+    "@fgv/ts-utils": "5.1.0-12"
   },
   "repository": {
     "type": "git",