npm - @geekmidas/cli - Versions diffs - 0.10.0 → 0.13.0 - Mend

@geekmidas/cli 0.10.0 → 0.13.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (146) hide show

package/README.md +525 -0
package/dist/bundler-B1qy9b-j.cjs +112 -0
package/dist/bundler-B1qy9b-j.cjs.map +1 -0
package/dist/bundler-DskIqW2t.mjs +111 -0
package/dist/bundler-DskIqW2t.mjs.map +1 -0
package/dist/{config-C9aXOHBe.cjs → config-AmInkU7k.cjs} +8 -8
package/dist/config-AmInkU7k.cjs.map +1 -0
package/dist/{config-BrkUalUh.mjs → config-DYULeEv8.mjs} +3 -3
package/dist/config-DYULeEv8.mjs.map +1 -0
package/dist/config.cjs +1 -1
package/dist/config.d.cts +1 -1
package/dist/config.d.mts +1 -1
package/dist/config.mjs +1 -1
package/dist/encryption-C8H-38Yy.mjs +42 -0
package/dist/encryption-C8H-38Yy.mjs.map +1 -0
package/dist/encryption-Dyf_r1h-.cjs +44 -0
package/dist/encryption-Dyf_r1h-.cjs.map +1 -0
package/dist/index.cjs +2123 -179
package/dist/index.cjs.map +1 -1
package/dist/index.mjs +2141 -192
package/dist/index.mjs.map +1 -1
package/dist/{openapi-CZLI4QTr.mjs → openapi-BfFlOBCG.mjs} +801 -38
package/dist/openapi-BfFlOBCG.mjs.map +1 -0
package/dist/{openapi-BeHLKcwP.cjs → openapi-Bt_1FDpT.cjs} +794 -31
package/dist/openapi-Bt_1FDpT.cjs.map +1 -0
package/dist/{openapi-react-query-o5iMi8tz.cjs → openapi-react-query-B-sNWHFU.cjs} +5 -5
package/dist/openapi-react-query-B-sNWHFU.cjs.map +1 -0
package/dist/{openapi-react-query-CcciaVu5.mjs → openapi-react-query-B6XTeGqS.mjs} +5 -5
package/dist/openapi-react-query-B6XTeGqS.mjs.map +1 -0
package/dist/openapi-react-query.cjs +1 -1
package/dist/openapi-react-query.d.cts.map +1 -1
package/dist/openapi-react-query.d.mts.map +1 -1
package/dist/openapi-react-query.mjs +1 -1
package/dist/openapi.cjs +2 -2
package/dist/openapi.d.cts +1 -1
package/dist/openapi.d.cts.map +1 -1
package/dist/openapi.d.mts +1 -1
package/dist/openapi.d.mts.map +1 -1
package/dist/openapi.mjs +2 -2
package/dist/storage-BOOpAF8N.cjs +5 -0
package/dist/storage-Bj1E26lU.cjs +187 -0
package/dist/storage-Bj1E26lU.cjs.map +1 -0
package/dist/storage-kSxTjkNb.mjs +133 -0
package/dist/storage-kSxTjkNb.mjs.map +1 -0
package/dist/storage-tgZSUnKl.mjs +3 -0
package/dist/{types-b-vwGpqc.d.cts → types-BR0M2v_c.d.mts} +100 -1
package/dist/types-BR0M2v_c.d.mts.map +1 -0
package/dist/{types-DXgiA1sF.d.mts → types-BhkZc-vm.d.cts} +100 -1
package/dist/types-BhkZc-vm.d.cts.map +1 -0
package/examples/cron-example.ts +27 -27
package/examples/env.ts +27 -27
package/examples/function-example.ts +31 -31
package/examples/gkm.config.json +20 -20
package/examples/gkm.config.ts +8 -8
package/examples/gkm.minimal.config.json +5 -5
package/examples/gkm.production.config.json +25 -25
package/examples/logger.ts +2 -2
package/package.json +6 -6
package/src/__tests__/EndpointGenerator.hooks.spec.ts +191 -191
package/src/__tests__/config.spec.ts +55 -55
package/src/__tests__/loadEnvFiles.spec.ts +93 -93
package/src/__tests__/normalizeHooksConfig.spec.ts +58 -58
package/src/__tests__/openapi-react-query.spec.ts +497 -497
package/src/__tests__/openapi.spec.ts +428 -428
package/src/__tests__/test-helpers.ts +76 -76
package/src/auth/__tests__/credentials.spec.ts +204 -0
package/src/auth/__tests__/index.spec.ts +168 -0
package/src/auth/credentials.ts +187 -0
package/src/auth/index.ts +226 -0
package/src/build/__tests__/bundler.spec.ts +444 -0
package/src/build/__tests__/index-new.spec.ts +474 -474
package/src/build/__tests__/manifests.spec.ts +333 -333
package/src/build/bundler.ts +210 -0
package/src/build/endpoint-analyzer.ts +236 -0
package/src/build/handler-templates.ts +1253 -0
package/src/build/index.ts +260 -179
package/src/build/manifests.ts +52 -52
package/src/build/providerResolver.ts +145 -145
package/src/build/types.ts +64 -43
package/src/config.ts +39 -39
package/src/deploy/__tests__/docker.spec.ts +111 -0
package/src/deploy/__tests__/dokploy.spec.ts +245 -0
package/src/deploy/__tests__/init.spec.ts +662 -0
package/src/deploy/docker.ts +128 -0
package/src/deploy/dokploy.ts +204 -0
package/src/deploy/index.ts +136 -0
package/src/deploy/init.ts +484 -0
package/src/deploy/types.ts +48 -0
package/src/dev/__tests__/index.spec.ts +266 -266
package/src/dev/index.ts +647 -601
package/src/docker/__tests__/compose.spec.ts +531 -0
package/src/docker/__tests__/templates.spec.ts +280 -0
package/src/docker/compose.ts +273 -0
package/src/docker/index.ts +230 -0
package/src/docker/templates.ts +446 -0
package/src/generators/CronGenerator.ts +72 -72
package/src/generators/EndpointGenerator.ts +699 -398
package/src/generators/FunctionGenerator.ts +84 -84
package/src/generators/Generator.ts +72 -72
package/src/generators/OpenApiTsGenerator.ts +577 -577
package/src/generators/SubscriberGenerator.ts +124 -124
package/src/generators/__tests__/CronGenerator.spec.ts +433 -433
package/src/generators/__tests__/EndpointGenerator.spec.ts +532 -382
package/src/generators/__tests__/FunctionGenerator.spec.ts +244 -244
package/src/generators/__tests__/SubscriberGenerator.spec.ts +397 -382
package/src/generators/index.ts +4 -4
package/src/index.ts +623 -201
package/src/init/__tests__/generators.spec.ts +334 -334
package/src/init/__tests__/init.spec.ts +332 -332
package/src/init/__tests__/utils.spec.ts +89 -89
package/src/init/generators/config.ts +175 -175
package/src/init/generators/docker.ts +41 -41
package/src/init/generators/env.ts +72 -72
package/src/init/generators/index.ts +1 -1
package/src/init/generators/models.ts +64 -64
package/src/init/generators/monorepo.ts +161 -161
package/src/init/generators/package.ts +71 -71
package/src/init/generators/source.ts +6 -6
package/src/init/index.ts +203 -208
package/src/init/templates/api.ts +115 -115
package/src/init/templates/index.ts +75 -75
package/src/init/templates/minimal.ts +98 -98
package/src/init/templates/serverless.ts +89 -89
package/src/init/templates/worker.ts +98 -98
package/src/init/utils.ts +54 -56
package/src/openapi-react-query.ts +194 -194
package/src/openapi.ts +63 -63
package/src/secrets/__tests__/encryption.spec.ts +226 -0
package/src/secrets/__tests__/generator.spec.ts +319 -0
package/src/secrets/__tests__/index.spec.ts +91 -0
package/src/secrets/__tests__/storage.spec.ts +611 -0
package/src/secrets/encryption.ts +91 -0
package/src/secrets/generator.ts +164 -0
package/src/secrets/index.ts +383 -0
package/src/secrets/storage.ts +192 -0
package/src/secrets/types.ts +53 -0
package/src/types.ts +295 -176
package/tsdown.config.ts +11 -8
package/dist/config-BrkUalUh.mjs.map +0 -1
package/dist/config-C9aXOHBe.cjs.map +0 -1
package/dist/openapi-BeHLKcwP.cjs.map +0 -1
package/dist/openapi-CZLI4QTr.mjs.map +0 -1
package/dist/openapi-react-query-CcciaVu5.mjs.map +0 -1
package/dist/openapi-react-query-o5iMi8tz.cjs.map +0 -1
package/dist/types-DXgiA1sF.d.mts.map +0 -1
package/dist/types-b-vwGpqc.d.cts.map +0 -1

package/dist/bundler-DskIqW2t.mjs ADDED Viewed

@@ -0,0 +1,111 @@
+import { existsSync } from "node:fs";
+import { join } from "node:path";
+import { mkdir, rename, writeFile } from "node:fs/promises";
+import { execSync } from "node:child_process";
+//#region src/build/bundler.ts
+/**
+* Collect all required environment variables from constructs.
+* Uses the SnifferEnvironmentParser to detect which env vars each service needs.
+*
+* @param constructs - Array of constructs to analyze
+* @returns Deduplicated array of required environment variable names
+*/
+async function collectRequiredEnvVars(constructs) {
+	const allEnvVars = /* @__PURE__ */ new Set();
+	for (const construct of constructs) {
+		const envVars = await construct.getEnvironment();
+		envVars.forEach((v) => allEnvVars.add(v));
+	}
+	return Array.from(allEnvVars).sort();
+}
+/**
+* Bundle the server application using tsdown
+*
+* @param options - Bundle configuration options
+* @returns Bundle result with output path and optional master key
+*/
+async function bundleServer(options) {
+	const { entryPoint, outputDir, minify, sourcemap, external, stage, constructs } = options;
+	await mkdir(outputDir, { recursive: true });
+	const args = [
+		"npx",
+		"tsdown",
+		entryPoint,
+		"--no-config",
+		"--out-dir",
+		outputDir,
+		"--format",
+		"esm",
+		"--platform",
+		"node",
+		"--target",
+		"node22",
+		"--clean"
+	];
+	if (minify) args.push("--minify");
+	if (sourcemap) args.push("--sourcemap");
+	for (const ext of external) args.push("--external", ext);
+	args.push("--external", "node:*");
+	let masterKey;
+	if (stage) {
+		const { readStageSecrets, toEmbeddableSecrets, validateEnvironmentVariables } = await import("./storage-tgZSUnKl.mjs");
+		const { encryptSecrets, generateDefineOptions } = await import("./encryption-C8H-38Yy.mjs");
+		const secrets = await readStageSecrets(stage);
+		if (!secrets) throw new Error(`No secrets found for stage "${stage}". Run "gkm secrets:init --stage ${stage}" first.`);
+		if (constructs && constructs.length > 0) {
+			console.log("  Analyzing environment variable requirements...");
+			const requiredVars = await collectRequiredEnvVars(constructs);
+			if (requiredVars.length > 0) {
+				const validation = validateEnvironmentVariables(requiredVars, secrets);
+				if (!validation.valid) {
+					const errorMessage = [
+						`Missing environment variables for stage "${stage}":`,
+						"",
+						...validation.missing.map((v) => `  ❌ ${v}`),
+						"",
+						"To fix this, either:",
+						`  1. Add the missing variables to .gkm/secrets/${stage}.json using:`,
+						`     gkm secrets:set <KEY> <VALUE> --stage ${stage}`,
+						"",
+						`  2. Or import from a JSON file:`,
+						`     gkm secrets:import secrets.json --stage ${stage}`,
+						"",
+						"Required variables:",
+						...validation.required.map((v) => validation.missing.includes(v) ? `  ❌ ${v}` : `  ✓ ${v}`)
+					].join("\n");
+					throw new Error(errorMessage);
+				}
+				console.log(`  ✓ All ${requiredVars.length} required environment variables found`);
+			}
+		}
+		const embeddable = toEmbeddableSecrets(secrets);
+		const encrypted = encryptSecrets(embeddable);
+		masterKey = encrypted.masterKey;
+		const defines = generateDefineOptions(encrypted);
+		for (const [key, value] of Object.entries(defines)) args.push("--define", `${key}=${value}`);
+		console.log(`  Secrets encrypted for stage "${stage}"`);
+	}
+	const mjsOutput = join(outputDir, "server.mjs");
+	try {
+		execSync(args.join(" "), {
+			cwd: process.cwd(),
+			stdio: "inherit"
+		});
+		const jsOutput = join(outputDir, "server.js");
+		if (existsSync(jsOutput)) await rename(jsOutput, mjsOutput);
+		const { readFile: readFile$1 } = await import("node:fs/promises");
+		const content = await readFile$1(mjsOutput, "utf-8");
+		if (!content.startsWith("#!")) await writeFile(mjsOutput, `#!/usr/bin/env node\n${content}`);
+	} catch (error) {
+		throw new Error(`Failed to bundle server: ${error instanceof Error ? error.message : "Unknown error"}`);
+	}
+	return {
+		outputPath: mjsOutput,
+		masterKey
+	};
+}
+//#endregion
+export { bundleServer };
+//# sourceMappingURL=bundler-DskIqW2t.mjs.map

package/dist/bundler-DskIqW2t.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"bundler-DskIqW2t.mjs","names":["constructs: Construct[]","options: BundleOptions","masterKey: string | undefined"],"sources":["../src/build/bundler.ts"],"sourcesContent":["import { execSync } from 'node:child_process';\nimport { existsSync } from 'node:fs';\nimport { mkdir, rename, writeFile } from 'node:fs/promises';\nimport { join } from 'node:path';\nimport type { Construct } from '@geekmidas/constructs';\n\nexport interface BundleOptions {\n\t/** Entry point file (e.g., .gkm/server/server.ts) */\n\tentryPoint: string;\n\t/** Output directory for bundled files */\n\toutputDir: string;\n\t/** Minify the output (default: true) */\n\tminify: boolean;\n\t/** Generate sourcemaps (default: false) */\n\tsourcemap: boolean;\n\t/** Packages to exclude from bundling */\n\texternal: string[];\n\t/** Stage for secrets injection (optional) */\n\tstage?: string;\n\t/** Constructs to validate environment variables for */\n\tconstructs?: Construct[];\n}\n\nexport interface BundleResult {\n\t/** Path to the bundled output */\n\toutputPath: string;\n\t/** Ephemeral master key for deployment (only if stage was provided) */\n\tmasterKey?: string;\n}\n\n/**\n * Collect all required environment variables from constructs.\n * Uses the SnifferEnvironmentParser to detect which env vars each service needs.\n *\n * @param constructs - Array of constructs to analyze\n * @returns Deduplicated array of required environment variable names\n */\nasync function collectRequiredEnvVars(\n\tconstructs: Construct[],\n): Promise<string[]> {\n\tconst allEnvVars = new Set<string>();\n\n\tfor (const construct of constructs) {\n\t\tconst envVars = await construct.getEnvironment();\n\t\tenvVars.forEach((v) => allEnvVars.add(v));\n\t}\n\n\treturn Array.from(allEnvVars).sort();\n}\n\n/**\n * Bundle the server application using tsdown\n *\n * @param options - Bundle configuration options\n * @returns Bundle result with output path and optional master key\n */\nexport async function bundleServer(\n\toptions: BundleOptions,\n): Promise<BundleResult> {\n\tconst {\n\t\tentryPoint,\n\t\toutputDir,\n\t\tminify,\n\t\tsourcemap,\n\t\texternal,\n\t\tstage,\n\t\tconstructs,\n\t} = options;\n\n\t// Ensure output directory exists\n\tawait mkdir(outputDir, { recursive: true });\n\n\t// Build command-line arguments for tsdown\n\tconst args = [\n\t\t'npx',\n\t\t'tsdown',\n\t\tentryPoint,\n\t\t'--no-config', // Don't use any config file from workspace\n\t\t'--out-dir',\n\t\toutputDir,\n\t\t'--format',\n\t\t'esm',\n\t\t'--platform',\n\t\t'node',\n\t\t'--target',\n\t\t'node22',\n\t\t'--clean',\n\t];\n\n\tif (minify) {\n\t\targs.push('--minify');\n\t}\n\n\tif (sourcemap) {\n\t\targs.push('--sourcemap');\n\t}\n\n\t// Add external packages\n\tfor (const ext of external) {\n\t\targs.push('--external', ext);\n\t}\n\n\t// Always exclude node: builtins\n\targs.push('--external', 'node:*');\n\n\t// Handle secrets injection if stage is provided\n\tlet masterKey: string | undefined;\n\n\tif (stage) {\n\t\tconst {\n\t\t\treadStageSecrets,\n\t\t\ttoEmbeddableSecrets,\n\t\t\tvalidateEnvironmentVariables,\n\t\t} = await import('../secrets/storage');\n\t\tconst { encryptSecrets, generateDefineOptions } = await import(\n\t\t\t'../secrets/encryption'\n\t\t);\n\n\t\tconst secrets = await readStageSecrets(stage);\n\n\t\tif (!secrets) {\n\t\t\tthrow new Error(\n\t\t\t\t`No secrets found for stage \"${stage}\". Run \"gkm secrets:init --stage ${stage}\" first.`,\n\t\t\t);\n\t\t}\n\n\t\t// Validate environment variables if constructs are provided\n\t\tif (constructs && constructs.length > 0) {\n\t\t\tconsole.log(' Analyzing environment variable requirements...');\n\t\t\tconst requiredVars = await collectRequiredEnvVars(constructs);\n\n\t\t\tif (requiredVars.length > 0) {\n\t\t\t\tconst validation = validateEnvironmentVariables(requiredVars, secrets);\n\n\t\t\t\tif (!validation.valid) {\n\t\t\t\t\tconst errorMessage = [\n\t\t\t\t\t\t`Missing environment variables for stage \"${stage}\":`,\n\t\t\t\t\t\t'',\n\t\t\t\t\t\t...validation.missing.map((v) => ` ❌ ${v}`),\n\t\t\t\t\t\t'',\n\t\t\t\t\t\t'To fix this, either:',\n\t\t\t\t\t\t` 1. Add the missing variables to .gkm/secrets/${stage}.json using:`,\n\t\t\t\t\t\t` gkm secrets:set <KEY> <VALUE> --stage ${stage}`,\n\t\t\t\t\t\t'',\n\t\t\t\t\t\t` 2. Or import from a JSON file:`,\n\t\t\t\t\t\t` gkm secrets:import secrets.json --stage ${stage}`,\n\t\t\t\t\t\t'',\n\t\t\t\t\t\t'Required variables:',\n\t\t\t\t\t\t...validation.required.map((v) =>\n\t\t\t\t\t\t\tvalidation.missing.includes(v) ? ` ❌ ${v}` : ` ✓ ${v}`,\n\t\t\t\t\t\t),\n\t\t\t\t\t].join('\\n');\n\n\t\t\t\t\tthrow new Error(errorMessage);\n\t\t\t\t}\n\n\t\t\t\tconsole.log(\n\t\t\t\t\t` ✓ All ${requiredVars.length} required environment variables found`,\n\t\t\t\t);\n\t\t\t}\n\t\t}\n\n\t\t// Convert to embeddable format and encrypt\n\t\tconst embeddable = toEmbeddableSecrets(secrets);\n\t\tconst encrypted = encryptSecrets(embeddable);\n\t\tmasterKey = encrypted.masterKey;\n\n\t\t// Add define options for build-time injection\n\t\tconst defines = generateDefineOptions(encrypted);\n\t\tfor (const [key, value] of Object.entries(defines)) {\n\t\t\targs.push('--define', `${key}=${value}`);\n\t\t}\n\n\t\tconsole.log(` Secrets encrypted for stage \"${stage}\"`);\n\t}\n\n\tconst mjsOutput = join(outputDir, 'server.mjs');\n\n\ttry {\n\t\t// Run tsdown with command-line arguments\n\t\texecSync(args.join(' '), {\n\t\t\tcwd: process.cwd(),\n\t\t\tstdio: 'inherit',\n\t\t});\n\n\t\t// Rename output to .mjs for explicit ESM\n\t\t// tsdown outputs as server.js for ESM format\n\t\tconst jsOutput = join(outputDir, 'server.js');\n\n\t\tif (existsSync(jsOutput)) {\n\t\t\tawait rename(jsOutput, mjsOutput);\n\t\t}\n\n\t\t// Add shebang to the bundled file\n\t\tconst { readFile } = await import('node:fs/promises');\n\t\tconst content = await readFile(mjsOutput, 'utf-8');\n\t\tif (!content.startsWith('#!')) {\n\t\t\tawait writeFile(mjsOutput, `#!/usr/bin/env node\\n${content}`);\n\t\t}\n\t} catch (error) {\n\t\tthrow new Error(\n\t\t\t`Failed to bundle server: ${error instanceof Error ? error.message : 'Unknown error'}`,\n\t\t);\n\t}\n\n\treturn {\n\t\toutputPath: mjsOutput,\n\t\tmasterKey,\n\t};\n}\n"],"mappings":";;;;;;;;;;;;;AAqCA,eAAe,uBACdA,YACoB;CACpB,MAAM,6BAAa,IAAI;AAEvB,MAAK,MAAM,aAAa,YAAY;EACnC,MAAM,UAAU,MAAM,UAAU,gBAAgB;AAChD,UAAQ,QAAQ,CAAC,MAAM,WAAW,IAAI,EAAE,CAAC;CACzC;AAED,QAAO,MAAM,KAAK,WAAW,CAAC,MAAM;AACpC;;;;;;;AAQD,eAAsB,aACrBC,SACwB;CACxB,MAAM,EACL,YACA,WACA,QACA,WACA,UACA,OACA,YACA,GAAG;AAGJ,OAAM,MAAM,WAAW,EAAE,WAAW,KAAM,EAAC;CAG3C,MAAM,OAAO;EACZ;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;CACA;AAED,KAAI,OACH,MAAK,KAAK,WAAW;AAGtB,KAAI,UACH,MAAK,KAAK,cAAc;AAIzB,MAAK,MAAM,OAAO,SACjB,MAAK,KAAK,cAAc,IAAI;AAI7B,MAAK,KAAK,cAAc,SAAS;CAGjC,IAAIC;AAEJ,KAAI,OAAO;EACV,MAAM,EACL,kBACA,qBACA,8BACA,GAAG,MAAM,OAAO;EACjB,MAAM,EAAE,gBAAgB,uBAAuB,GAAG,MAAM,OACvD;EAGD,MAAM,UAAU,MAAM,iBAAiB,MAAM;AAE7C,OAAK,QACJ,OAAM,IAAI,OACR,8BAA8B,MAAM,mCAAmC,MAAM;AAKhF,MAAI,cAAc,WAAW,SAAS,GAAG;AACxC,WAAQ,IAAI,mDAAmD;GAC/D,MAAM,eAAe,MAAM,uBAAuB,WAAW;AAE7D,OAAI,aAAa,SAAS,GAAG;IAC5B,MAAM,aAAa,6BAA6B,cAAc,QAAQ;AAEtE,SAAK,WAAW,OAAO;KACtB,MAAM,eAAe;OACnB,2CAA2C,MAAM;MAClD;MACA,GAAG,WAAW,QAAQ,IAAI,CAAC,OAAO,MAAM,EAAE,EAAE;MAC5C;MACA;OACC,iDAAiD,MAAM;OACvD,6CAA6C,MAAM;MACpD;OACC;OACA,+CAA+C,MAAM;MACtD;MACA;MACA,GAAG,WAAW,SAAS,IAAI,CAAC,MAC3B,WAAW,QAAQ,SAAS,EAAE,IAAI,MAAM,EAAE,KAAK,MAAM,EAAE,EACvD;KACD,EAAC,KAAK,KAAK;AAEZ,WAAM,IAAI,MAAM;IAChB;AAED,YAAQ,KACN,UAAU,aAAa,OAAO,uCAC/B;GACD;EACD;EAGD,MAAM,aAAa,oBAAoB,QAAQ;EAC/C,MAAM,YAAY,eAAe,WAAW;AAC5C,cAAY,UAAU;EAGtB,MAAM,UAAU,sBAAsB,UAAU;AAChD,OAAK,MAAM,CAAC,KAAK,MAAM,IAAI,OAAO,QAAQ,QAAQ,CACjD,MAAK,KAAK,aAAa,EAAE,IAAI,GAAG,MAAM,EAAE;AAGzC,UAAQ,KAAK,iCAAiC,MAAM,GAAG;CACvD;CAED,MAAM,YAAY,KAAK,WAAW,aAAa;AAE/C,KAAI;AAEH,WAAS,KAAK,KAAK,IAAI,EAAE;GACxB,KAAK,QAAQ,KAAK;GAClB,OAAO;EACP,EAAC;EAIF,MAAM,WAAW,KAAK,WAAW,YAAY;AAE7C,MAAI,WAAW,SAAS,CACvB,OAAM,OAAO,UAAU,UAAU;EAIlC,MAAM,EAAE,sBAAU,GAAG,MAAM,OAAO;EAClC,MAAM,UAAU,MAAM,WAAS,WAAW,QAAQ;AAClD,OAAK,QAAQ,WAAW,KAAK,CAC5B,OAAM,UAAU,YAAY,uBAAuB,QAAQ,EAAE;CAE9D,SAAQ,OAAO;AACf,QAAM,IAAI,OACR,2BAA2B,iBAAiB,QAAQ,MAAM,UAAU,gBAAgB;CAEtF;AAED,QAAO;EACN,YAAY;EACZ;CACA;AACD"}

package/dist/{config-C9aXOHBe.cjs → config-AmInkU7k.cjs} RENAMED Viewed

@@ -1,6 +1,6 @@
 const require_chunk = require('./chunk-CUT6urMc.cjs');
-const fs = require_chunk.__toESM(require("fs"));
-const path = require_chunk.__toESM(require("path"));
+const node_fs = require_chunk.__toESM(require("node:fs"));
+const node_path = require_chunk.__toESM(require("node:path"));
 //#region src/config.ts
 /**
@@ -42,11 +42,11 @@ function defineConfig(config) {
 */
 function parseModuleConfig(configString, defaultAlias) {
 	const parts = configString.split("#");
-	const path$1 = parts[0] ?? configString;
+	const path = parts[0] ?? configString;
 	const exportName = parts[1];
 	const importPattern = !exportName ? defaultAlias : exportName === defaultAlias ? `{ ${defaultAlias} }` : `{ ${exportName} as ${defaultAlias} }`;
 	return {
-		path: path$1,
+		path,
 		importPattern
 	};
 }
@@ -58,9 +58,9 @@ async function loadConfig(cwd = process.cwd()) {
 	];
 	let configPath = "";
 	for (const file of files) {
-		const path$1 = (0, path.join)(cwd, file);
-		if ((0, fs.existsSync)(path$1)) {
-			configPath = path$1;
+		const path = (0, node_path.join)(cwd, file);
+		if ((0, node_fs.existsSync)(path)) {
+			configPath = path;
 			break;
 		}
 	}
@@ -92,4 +92,4 @@ Object.defineProperty(exports, 'parseModuleConfig', {
     return parseModuleConfig;
   }
 });
-//# sourceMappingURL=config-C9aXOHBe.cjs.map
+//# sourceMappingURL=config-AmInkU7k.cjs.map

package/dist/config-AmInkU7k.cjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"config-AmInkU7k.cjs","names":["config: GkmConfig","configString: string","defaultAlias: string","cwd: string"],"sources":["../src/config.ts"],"sourcesContent":["import { existsSync } from 'node:fs';\nimport { join } from 'node:path';\nimport type { GkmConfig } from './types.ts';\n\nexport type { GkmConfig } from './types.ts';\n/**\n * Define GKM configuration with full TypeScript support.\n * This is an identity function that provides type safety and autocomplete.\n *\n * @example\n * ```ts\n * // gkm.config.ts\n * import { defineConfig } from '@geekmidas/cli/config';\n *\n * export default defineConfig({\n * routes: './src/endpoints/**\\/*.ts',\n * envParser: './src/config/env',\n * logger: './src/config/logger',\n * telescope: true,\n * });\n * ```\n */\nexport function defineConfig(config: GkmConfig): GkmConfig {\n\treturn config;\n}\n\nexport interface ParsedModuleConfig {\n\tpath: string;\n\timportPattern: string;\n}\n\n/**\n * Parse a module config string into path and import pattern.\n *\n * @param configString - Config string in format \"./path/to/module\" or \"./path/to/module#exportName\"\n * @param defaultAlias - The default alias name to use if no export name specified\n * @returns Object with path and import pattern\n *\n * @example\n * parseModuleConfig('./src/config/env', 'envParser')\n * // { path: './src/config/env', importPattern: 'envParser' }\n *\n * parseModuleConfig('./src/config/env#envParser', 'envParser')\n * // { path: './src/config/env', importPattern: '{ envParser }' }\n *\n * parseModuleConfig('./src/config/env#myEnv', 'envParser')\n * // { path: './src/config/env', importPattern: '{ myEnv as envParser }' }\n */\nexport function parseModuleConfig(\n\tconfigString: string,\n\tdefaultAlias: string,\n): ParsedModuleConfig {\n\tconst parts = configString.split('#');\n\tconst path = parts[0] ?? configString;\n\tconst exportName = parts[1];\n\tconst importPattern = !exportName\n\t\t? defaultAlias\n\t\t: exportName === defaultAlias\n\t\t\t? `{ ${defaultAlias} }`\n\t\t\t: `{ ${exportName} as ${defaultAlias} }`;\n\n\treturn { path, importPattern };\n}\n\nexport async function loadConfig(\n\tcwd: string = process.cwd(),\n): Promise<GkmConfig> {\n\tconst files = ['gkm.config.json', 'gkm.config.ts', 'gkm.config.js'];\n\tlet configPath = '';\n\n\tfor (const file of files) {\n\t\tconst path = join(cwd, file);\n\t\tif (existsSync(path)) {\n\t\t\tconfigPath = path;\n\t\t\tbreak;\n\t\t}\n\t}\n\n\tif (!configPath) {\n\t\tthrow new Error(\n\t\t\t'Configuration file not found. Please create gkm.config.json, gkm.config.ts, or gkm.config.js in the project root.',\n\t\t);\n\t}\n\n\ttry {\n\t\tconst config = await import(configPath);\n\t\treturn config.default;\n\t} catch (error) {\n\t\tthrow new Error(\n\t\t\t`Failed to load gkm.config.json: ${(error as Error).message}`,\n\t\t);\n\t}\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAsBA,SAAgB,aAAaA,QAA8B;AAC1D,QAAO;AACP;;;;;;;;;;;;;;;;;;AAwBD,SAAgB,kBACfC,cACAC,cACqB;CACrB,MAAM,QAAQ,aAAa,MAAM,IAAI;CACrC,MAAM,OAAO,MAAM,MAAM;CACzB,MAAM,aAAa,MAAM;CACzB,MAAM,iBAAiB,aACpB,eACA,eAAe,gBACb,IAAI,aAAa,OACjB,IAAI,WAAW,MAAM,aAAa;AAEvC,QAAO;EAAE;EAAM;CAAe;AAC9B;AAED,eAAsB,WACrBC,MAAc,QAAQ,KAAK,EACN;CACrB,MAAM,QAAQ;EAAC;EAAmB;EAAiB;CAAgB;CACnE,IAAI,aAAa;AAEjB,MAAK,MAAM,QAAQ,OAAO;EACzB,MAAM,OAAO,oBAAK,KAAK,KAAK;AAC5B,MAAI,wBAAW,KAAK,EAAE;AACrB,gBAAa;AACb;EACA;CACD;AAED,MAAK,WACJ,OAAM,IAAI,MACT;AAIF,KAAI;EACH,MAAM,SAAS,MAAM,OAAO;AAC5B,SAAO,OAAO;CACd,SAAQ,OAAO;AACf,QAAM,IAAI,OACR,kCAAmC,MAAgB,QAAQ;CAE7D;AACD"}

package/dist/{config-BrkUalUh.mjs → config-DYULeEv8.mjs} RENAMED Viewed

@@ -1,5 +1,5 @@
-import { existsSync } from "fs";
-import { join } from "path";
+import { existsSync } from "node:fs";
+import { join } from "node:path";
 //#region src/config.ts
 /**
@@ -74,4 +74,4 @@ async function loadConfig(cwd = process.cwd()) {
 //#endregion
 export { defineConfig, loadConfig, parseModuleConfig };
-//# sourceMappingURL=config-BrkUalUh.mjs.map
+//# sourceMappingURL=config-DYULeEv8.mjs.map

package/dist/config-DYULeEv8.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"config-DYULeEv8.mjs","names":["config: GkmConfig","configString: string","defaultAlias: string","cwd: string"],"sources":["../src/config.ts"],"sourcesContent":["import { existsSync } from 'node:fs';\nimport { join } from 'node:path';\nimport type { GkmConfig } from './types.ts';\n\nexport type { GkmConfig } from './types.ts';\n/**\n * Define GKM configuration with full TypeScript support.\n * This is an identity function that provides type safety and autocomplete.\n *\n * @example\n * ```ts\n * // gkm.config.ts\n * import { defineConfig } from '@geekmidas/cli/config';\n *\n * export default defineConfig({\n * routes: './src/endpoints/**\\/*.ts',\n * envParser: './src/config/env',\n * logger: './src/config/logger',\n * telescope: true,\n * });\n * ```\n */\nexport function defineConfig(config: GkmConfig): GkmConfig {\n\treturn config;\n}\n\nexport interface ParsedModuleConfig {\n\tpath: string;\n\timportPattern: string;\n}\n\n/**\n * Parse a module config string into path and import pattern.\n *\n * @param configString - Config string in format \"./path/to/module\" or \"./path/to/module#exportName\"\n * @param defaultAlias - The default alias name to use if no export name specified\n * @returns Object with path and import pattern\n *\n * @example\n * parseModuleConfig('./src/config/env', 'envParser')\n * // { path: './src/config/env', importPattern: 'envParser' }\n *\n * parseModuleConfig('./src/config/env#envParser', 'envParser')\n * // { path: './src/config/env', importPattern: '{ envParser }' }\n *\n * parseModuleConfig('./src/config/env#myEnv', 'envParser')\n * // { path: './src/config/env', importPattern: '{ myEnv as envParser }' }\n */\nexport function parseModuleConfig(\n\tconfigString: string,\n\tdefaultAlias: string,\n): ParsedModuleConfig {\n\tconst parts = configString.split('#');\n\tconst path = parts[0] ?? configString;\n\tconst exportName = parts[1];\n\tconst importPattern = !exportName\n\t\t? defaultAlias\n\t\t: exportName === defaultAlias\n\t\t\t? `{ ${defaultAlias} }`\n\t\t\t: `{ ${exportName} as ${defaultAlias} }`;\n\n\treturn { path, importPattern };\n}\n\nexport async function loadConfig(\n\tcwd: string = process.cwd(),\n): Promise<GkmConfig> {\n\tconst files = ['gkm.config.json', 'gkm.config.ts', 'gkm.config.js'];\n\tlet configPath = '';\n\n\tfor (const file of files) {\n\t\tconst path = join(cwd, file);\n\t\tif (existsSync(path)) {\n\t\t\tconfigPath = path;\n\t\t\tbreak;\n\t\t}\n\t}\n\n\tif (!configPath) {\n\t\tthrow new Error(\n\t\t\t'Configuration file not found. Please create gkm.config.json, gkm.config.ts, or gkm.config.js in the project root.',\n\t\t);\n\t}\n\n\ttry {\n\t\tconst config = await import(configPath);\n\t\treturn config.default;\n\t} catch (error) {\n\t\tthrow new Error(\n\t\t\t`Failed to load gkm.config.json: ${(error as Error).message}`,\n\t\t);\n\t}\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;AAsBA,SAAgB,aAAaA,QAA8B;AAC1D,QAAO;AACP;;;;;;;;;;;;;;;;;;AAwBD,SAAgB,kBACfC,cACAC,cACqB;CACrB,MAAM,QAAQ,aAAa,MAAM,IAAI;CACrC,MAAM,OAAO,MAAM,MAAM;CACzB,MAAM,aAAa,MAAM;CACzB,MAAM,iBAAiB,aACpB,eACA,eAAe,gBACb,IAAI,aAAa,OACjB,IAAI,WAAW,MAAM,aAAa;AAEvC,QAAO;EAAE;EAAM;CAAe;AAC9B;AAED,eAAsB,WACrBC,MAAc,QAAQ,KAAK,EACN;CACrB,MAAM,QAAQ;EAAC;EAAmB;EAAiB;CAAgB;CACnE,IAAI,aAAa;AAEjB,MAAK,MAAM,QAAQ,OAAO;EACzB,MAAM,OAAO,KAAK,KAAK,KAAK;AAC5B,MAAI,WAAW,KAAK,EAAE;AACrB,gBAAa;AACb;EACA;CACD;AAED,MAAK,WACJ,OAAM,IAAI,MACT;AAIF,KAAI;EACH,MAAM,SAAS,MAAM,OAAO;AAC5B,SAAO,OAAO;CACd,SAAQ,OAAO;AACf,QAAM,IAAI,OACR,kCAAmC,MAAgB,QAAQ;CAE7D;AACD"}

package/dist/config.cjs CHANGED Viewed

@@ -1,4 +1,4 @@
-const require_config = require('./config-C9aXOHBe.cjs');
+const require_config = require('./config-AmInkU7k.cjs');
 exports.defineConfig = require_config.defineConfig;
 exports.loadConfig = require_config.loadConfig;

package/dist/config.d.cts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { GkmConfig } from "./types-b-vwGpqc.cjs";
+import { GkmConfig } from "./types-BhkZc-vm.cjs";
 //#region src/config.d.ts

package/dist/config.d.mts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { GkmConfig } from "./types-DXgiA1sF.mjs";
+import { GkmConfig } from "./types-BR0M2v_c.mjs";
 //#region src/config.d.ts

package/dist/config.mjs CHANGED Viewed

@@ -1,3 +1,3 @@
-import { defineConfig, loadConfig, parseModuleConfig } from "./config-BrkUalUh.mjs";
+import { defineConfig, loadConfig, parseModuleConfig } from "./config-DYULeEv8.mjs";
 export { defineConfig, loadConfig, parseModuleConfig };

package/dist/encryption-C8H-38Yy.mjs ADDED Viewed

@@ -0,0 +1,42 @@
+import { createCipheriv, randomBytes } from "node:crypto";
+//#region src/secrets/encryption.ts
+/** AES-256-GCM configuration */
+const ALGORITHM = "aes-256-gcm";
+const KEY_LENGTH = 32;
+const IV_LENGTH = 12;
+/**
+* Encrypt secrets for embedding in a bundle.
+* Uses AES-256-GCM with a randomly generated ephemeral key.
+*
+* @param secrets - Key-value pairs to encrypt
+* @returns Encrypted payload with ephemeral master key
+*/
+function encryptSecrets(secrets) {
+	const masterKey = randomBytes(KEY_LENGTH);
+	const iv = randomBytes(IV_LENGTH);
+	const plaintext = JSON.stringify(secrets);
+	const cipher = createCipheriv(ALGORITHM, masterKey, iv);
+	const ciphertext = Buffer.concat([cipher.update(plaintext, "utf-8"), cipher.final()]);
+	const authTag = cipher.getAuthTag();
+	const combined = Buffer.concat([ciphertext, authTag]);
+	return {
+		encrypted: combined.toString("base64"),
+		iv: iv.toString("hex"),
+		masterKey: masterKey.toString("hex")
+	};
+}
+/**
+* Generate the define options for tsdown/esbuild.
+* These will be injected at build time.
+*/
+function generateDefineOptions(payload) {
+	return {
+		__GKM_ENCRYPTED_CREDENTIALS__: JSON.stringify(payload.encrypted),
+		__GKM_CREDENTIALS_IV__: JSON.stringify(payload.iv)
+	};
+}
+//#endregion
+export { encryptSecrets, generateDefineOptions };
+//# sourceMappingURL=encryption-C8H-38Yy.mjs.map

package/dist/encryption-C8H-38Yy.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"encryption-C8H-38Yy.mjs","names":["secrets: EmbeddableSecrets","payload: EncryptedPayload"],"sources":["../src/secrets/encryption.ts"],"sourcesContent":["import { createCipheriv, createDecipheriv, randomBytes } from 'node:crypto';\nimport type { EmbeddableSecrets, EncryptedPayload } from './types';\n\n/** AES-256-GCM configuration */\nconst ALGORITHM = 'aes-256-gcm';\nconst KEY_LENGTH = 32; // 256 bits\nconst IV_LENGTH = 12; // 96 bits for GCM\nconst AUTH_TAG_LENGTH = 16; // 128 bits\n\n/**\n * Encrypt secrets for embedding in a bundle.\n * Uses AES-256-GCM with a randomly generated ephemeral key.\n *\n * @param secrets - Key-value pairs to encrypt\n * @returns Encrypted payload with ephemeral master key\n */\nexport function encryptSecrets(secrets: EmbeddableSecrets): EncryptedPayload {\n\t// Generate ephemeral key and IV\n\tconst masterKey = randomBytes(KEY_LENGTH);\n\tconst iv = randomBytes(IV_LENGTH);\n\n\t// Serialize secrets to JSON\n\tconst plaintext = JSON.stringify(secrets);\n\n\t// Encrypt\n\tconst cipher = createCipheriv(ALGORITHM, masterKey, iv);\n\tconst ciphertext = Buffer.concat([\n\t\tcipher.update(plaintext, 'utf-8'),\n\t\tcipher.final(),\n\t]);\n\n\t// Get auth tag\n\tconst authTag = cipher.getAuthTag();\n\n\t// Combine ciphertext + auth tag\n\tconst combined = Buffer.concat([ciphertext, authTag]);\n\n\treturn {\n\t\tencrypted: combined.toString('base64'),\n\t\tiv: iv.toString('hex'),\n\t\tmasterKey: masterKey.toString('hex'),\n\t};\n}\n\n/**\n * Decrypt secrets from an encrypted payload.\n * Used at runtime to decrypt embedded credentials.\n *\n * @param encrypted - Base64 encoded ciphertext + auth tag\n * @param iv - Hex encoded IV\n * @param masterKey - Hex encoded master key\n * @returns Decrypted secrets\n */\nexport function decryptSecrets(\n\tencrypted: string,\n\tiv: string,\n\tmasterKey: string,\n): EmbeddableSecrets {\n\t// Decode inputs\n\tconst key = Buffer.from(masterKey, 'hex');\n\tconst ivBuffer = Buffer.from(iv, 'hex');\n\tconst combined = Buffer.from(encrypted, 'base64');\n\n\t// Split ciphertext and auth tag\n\tconst ciphertext = combined.subarray(0, -AUTH_TAG_LENGTH);\n\tconst authTag = combined.subarray(-AUTH_TAG_LENGTH);\n\n\t// Decrypt\n\tconst decipher = createDecipheriv(ALGORITHM, key, ivBuffer);\n\tdecipher.setAuthTag(authTag);\n\n\tconst plaintext = Buffer.concat([\n\t\tdecipher.update(ciphertext),\n\t\tdecipher.final(),\n\t]);\n\n\treturn JSON.parse(plaintext.toString('utf-8')) as EmbeddableSecrets;\n}\n\n/**\n * Generate the define options for tsdown/esbuild.\n * These will be injected at build time.\n */\nexport function generateDefineOptions(\n\tpayload: EncryptedPayload,\n): Record<string, string> {\n\treturn {\n\t\t__GKM_ENCRYPTED_CREDENTIALS__: JSON.stringify(payload.encrypted),\n\t\t__GKM_CREDENTIALS_IV__: JSON.stringify(payload.iv),\n\t};\n}\n"],"mappings":";;;;AAIA,MAAM,YAAY;AAClB,MAAM,aAAa;AACnB,MAAM,YAAY;;;;;;;;AAUlB,SAAgB,eAAeA,SAA8C;CAE5E,MAAM,YAAY,YAAY,WAAW;CACzC,MAAM,KAAK,YAAY,UAAU;CAGjC,MAAM,YAAY,KAAK,UAAU,QAAQ;CAGzC,MAAM,SAAS,eAAe,WAAW,WAAW,GAAG;CACvD,MAAM,aAAa,OAAO,OAAO,CAChC,OAAO,OAAO,WAAW,QAAQ,EACjC,OAAO,OAAO,AACd,EAAC;CAGF,MAAM,UAAU,OAAO,YAAY;CAGnC,MAAM,WAAW,OAAO,OAAO,CAAC,YAAY,OAAQ,EAAC;AAErD,QAAO;EACN,WAAW,SAAS,SAAS,SAAS;EACtC,IAAI,GAAG,SAAS,MAAM;EACtB,WAAW,UAAU,SAAS,MAAM;CACpC;AACD;;;;;AAyCD,SAAgB,sBACfC,SACyB;AACzB,QAAO;EACN,+BAA+B,KAAK,UAAU,QAAQ,UAAU;EAChE,wBAAwB,KAAK,UAAU,QAAQ,GAAG;CAClD;AACD"}

package/dist/encryption-Dyf_r1h-.cjs ADDED Viewed

@@ -0,0 +1,44 @@
+const require_chunk = require('./chunk-CUT6urMc.cjs');
+const node_crypto = require_chunk.__toESM(require("node:crypto"));
+//#region src/secrets/encryption.ts
+/** AES-256-GCM configuration */
+const ALGORITHM = "aes-256-gcm";
+const KEY_LENGTH = 32;
+const IV_LENGTH = 12;
+/**
+* Encrypt secrets for embedding in a bundle.
+* Uses AES-256-GCM with a randomly generated ephemeral key.
+*
+* @param secrets - Key-value pairs to encrypt
+* @returns Encrypted payload with ephemeral master key
+*/
+function encryptSecrets(secrets) {
+	const masterKey = (0, node_crypto.randomBytes)(KEY_LENGTH);
+	const iv = (0, node_crypto.randomBytes)(IV_LENGTH);
+	const plaintext = JSON.stringify(secrets);
+	const cipher = (0, node_crypto.createCipheriv)(ALGORITHM, masterKey, iv);
+	const ciphertext = Buffer.concat([cipher.update(plaintext, "utf-8"), cipher.final()]);
+	const authTag = cipher.getAuthTag();
+	const combined = Buffer.concat([ciphertext, authTag]);
+	return {
+		encrypted: combined.toString("base64"),
+		iv: iv.toString("hex"),
+		masterKey: masterKey.toString("hex")
+	};
+}
+/**
+* Generate the define options for tsdown/esbuild.
+* These will be injected at build time.
+*/
+function generateDefineOptions(payload) {
+	return {
+		__GKM_ENCRYPTED_CREDENTIALS__: JSON.stringify(payload.encrypted),
+		__GKM_CREDENTIALS_IV__: JSON.stringify(payload.iv)
+	};
+}
+//#endregion
+exports.encryptSecrets = encryptSecrets;
+exports.generateDefineOptions = generateDefineOptions;
+//# sourceMappingURL=encryption-Dyf_r1h-.cjs.map

package/dist/encryption-Dyf_r1h-.cjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"encryption-Dyf_r1h-.cjs","names":["secrets: EmbeddableSecrets","payload: EncryptedPayload"],"sources":["../src/secrets/encryption.ts"],"sourcesContent":["import { createCipheriv, createDecipheriv, randomBytes } from 'node:crypto';\nimport type { EmbeddableSecrets, EncryptedPayload } from './types';\n\n/** AES-256-GCM configuration */\nconst ALGORITHM = 'aes-256-gcm';\nconst KEY_LENGTH = 32; // 256 bits\nconst IV_LENGTH = 12; // 96 bits for GCM\nconst AUTH_TAG_LENGTH = 16; // 128 bits\n\n/**\n * Encrypt secrets for embedding in a bundle.\n * Uses AES-256-GCM with a randomly generated ephemeral key.\n *\n * @param secrets - Key-value pairs to encrypt\n * @returns Encrypted payload with ephemeral master key\n */\nexport function encryptSecrets(secrets: EmbeddableSecrets): EncryptedPayload {\n\t// Generate ephemeral key and IV\n\tconst masterKey = randomBytes(KEY_LENGTH);\n\tconst iv = randomBytes(IV_LENGTH);\n\n\t// Serialize secrets to JSON\n\tconst plaintext = JSON.stringify(secrets);\n\n\t// Encrypt\n\tconst cipher = createCipheriv(ALGORITHM, masterKey, iv);\n\tconst ciphertext = Buffer.concat([\n\t\tcipher.update(plaintext, 'utf-8'),\n\t\tcipher.final(),\n\t]);\n\n\t// Get auth tag\n\tconst authTag = cipher.getAuthTag();\n\n\t// Combine ciphertext + auth tag\n\tconst combined = Buffer.concat([ciphertext, authTag]);\n\n\treturn {\n\t\tencrypted: combined.toString('base64'),\n\t\tiv: iv.toString('hex'),\n\t\tmasterKey: masterKey.toString('hex'),\n\t};\n}\n\n/**\n * Decrypt secrets from an encrypted payload.\n * Used at runtime to decrypt embedded credentials.\n *\n * @param encrypted - Base64 encoded ciphertext + auth tag\n * @param iv - Hex encoded IV\n * @param masterKey - Hex encoded master key\n * @returns Decrypted secrets\n */\nexport function decryptSecrets(\n\tencrypted: string,\n\tiv: string,\n\tmasterKey: string,\n): EmbeddableSecrets {\n\t// Decode inputs\n\tconst key = Buffer.from(masterKey, 'hex');\n\tconst ivBuffer = Buffer.from(iv, 'hex');\n\tconst combined = Buffer.from(encrypted, 'base64');\n\n\t// Split ciphertext and auth tag\n\tconst ciphertext = combined.subarray(0, -AUTH_TAG_LENGTH);\n\tconst authTag = combined.subarray(-AUTH_TAG_LENGTH);\n\n\t// Decrypt\n\tconst decipher = createDecipheriv(ALGORITHM, key, ivBuffer);\n\tdecipher.setAuthTag(authTag);\n\n\tconst plaintext = Buffer.concat([\n\t\tdecipher.update(ciphertext),\n\t\tdecipher.final(),\n\t]);\n\n\treturn JSON.parse(plaintext.toString('utf-8')) as EmbeddableSecrets;\n}\n\n/**\n * Generate the define options for tsdown/esbuild.\n * These will be injected at build time.\n */\nexport function generateDefineOptions(\n\tpayload: EncryptedPayload,\n): Record<string, string> {\n\treturn {\n\t\t__GKM_ENCRYPTED_CREDENTIALS__: JSON.stringify(payload.encrypted),\n\t\t__GKM_CREDENTIALS_IV__: JSON.stringify(payload.iv),\n\t};\n}\n"],"mappings":";;;;;AAIA,MAAM,YAAY;AAClB,MAAM,aAAa;AACnB,MAAM,YAAY;;;;;;;;AAUlB,SAAgB,eAAeA,SAA8C;CAE5E,MAAM,YAAY,6BAAY,WAAW;CACzC,MAAM,KAAK,6BAAY,UAAU;CAGjC,MAAM,YAAY,KAAK,UAAU,QAAQ;CAGzC,MAAM,SAAS,gCAAe,WAAW,WAAW,GAAG;CACvD,MAAM,aAAa,OAAO,OAAO,CAChC,OAAO,OAAO,WAAW,QAAQ,EACjC,OAAO,OAAO,AACd,EAAC;CAGF,MAAM,UAAU,OAAO,YAAY;CAGnC,MAAM,WAAW,OAAO,OAAO,CAAC,YAAY,OAAQ,EAAC;AAErD,QAAO;EACN,WAAW,SAAS,SAAS,SAAS;EACtC,IAAI,GAAG,SAAS,MAAM;EACtB,WAAW,UAAU,SAAS,MAAM;CACpC;AACD;;;;;AAyCD,SAAgB,sBACfC,SACyB;AACzB,QAAO;EACN,+BAA+B,KAAK,UAAU,QAAQ,UAAU;EAChE,wBAAwB,KAAK,UAAU,QAAQ,GAAG;CAClD;AACD"}