@glubean/cli 0.8.4 → 0.9.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +4 -2
- package/dist/commands/contracts.d.ts +10 -0
- package/dist/commands/contracts.d.ts.map +1 -1
- package/dist/commands/contracts.js +199 -60
- package/dist/commands/contracts.js.map +1 -1
- package/dist/commands/dry-run.d.ts +5 -0
- package/dist/commands/dry-run.d.ts.map +1 -1
- package/dist/commands/dry-run.js +1 -0
- package/dist/commands/dry-run.js.map +1 -1
- package/dist/commands/init.d.ts.map +1 -1
- package/dist/commands/init.js +22 -0
- package/dist/commands/init.js.map +1 -1
- package/dist/commands/load.d.ts.map +1 -1
- package/dist/commands/load.js +24 -4
- package/dist/commands/load.js.map +1 -1
- package/dist/commands/run.d.ts.map +1 -1
- package/dist/commands/run.js +115 -52
- package/dist/commands/run.js.map +1 -1
- package/dist/commands/sync.d.ts.map +1 -1
- package/dist/commands/sync.js +65 -19
- package/dist/commands/sync.js.map +1 -1
- package/dist/lib/active_env.d.ts +16 -1
- package/dist/lib/active_env.d.ts.map +1 -1
- package/dist/lib/active_env.js +46 -1
- package/dist/lib/active_env.js.map +1 -1
- package/dist/lib/auth.d.ts +7 -0
- package/dist/lib/auth.d.ts.map +1 -1
- package/dist/lib/auth.js +31 -8
- package/dist/lib/auth.js.map +1 -1
- package/dist/lib/config.d.ts +47 -0
- package/dist/lib/config.d.ts.map +1 -1
- package/dist/lib/config.js +139 -2
- package/dist/lib/config.js.map +1 -1
- package/dist/lib/upload.d.ts +0 -88
- package/dist/lib/upload.d.ts.map +1 -1
- package/dist/lib/upload.js +15 -3
- package/dist/lib/upload.js.map +1 -1
- package/dist/main.d.ts.map +1 -1
- package/dist/main.js +10 -4
- package/dist/main.js.map +1 -1
- package/package.json +7 -7
- package/templates/demo/gitignore.tpl +3 -0
- package/dist/lib/redact-metadata.d.ts +0 -47
- package/dist/lib/redact-metadata.d.ts.map +0 -1
- package/dist/lib/redact-metadata.js +0 -84
- package/dist/lib/redact-metadata.js.map +0 -1
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@glubean/cli",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.9.1",
|
|
4
4
|
"engines": {
|
|
5
5
|
"node": ">=22"
|
|
6
6
|
},
|
|
@@ -28,12 +28,12 @@
|
|
|
28
28
|
"@inquirer/prompts": "^7.0.0",
|
|
29
29
|
"archiver": "^7.0.0",
|
|
30
30
|
"dotenv": "^16.4.0",
|
|
31
|
-
"tsx": "^4.
|
|
31
|
+
"tsx": "^4.22.4",
|
|
32
32
|
"yaml": "^2.7.0",
|
|
33
|
-
"@glubean/sdk": "0.
|
|
34
|
-
"@glubean/scanner": "0.
|
|
35
|
-
"@glubean/runner": "0.
|
|
36
|
-
"@glubean/redaction": "0.
|
|
33
|
+
"@glubean/sdk": "0.9.1",
|
|
34
|
+
"@glubean/scanner": "0.9.1",
|
|
35
|
+
"@glubean/runner": "0.9.1",
|
|
36
|
+
"@glubean/redaction": "0.9.1"
|
|
37
37
|
},
|
|
38
38
|
"peerDependencies": {
|
|
39
39
|
"typescript": "^5.0.0"
|
|
@@ -47,7 +47,7 @@
|
|
|
47
47
|
"@types/node": "^22.0.0",
|
|
48
48
|
"@types/archiver": "^6.0.0",
|
|
49
49
|
"typescript": "^5.9.3",
|
|
50
|
-
"@glubean/graphql": "0.
|
|
50
|
+
"@glubean/graphql": "0.9.1"
|
|
51
51
|
},
|
|
52
52
|
"repository": {
|
|
53
53
|
"type": "git",
|
|
@@ -1,47 +0,0 @@
|
|
|
1
|
-
import type { RedactionConfig } from "@glubean/redaction";
|
|
2
|
-
import type { UploadResultPayload } from "./upload.js";
|
|
3
|
-
type UploadMetadata = NonNullable<UploadResultPayload["metadata"]>;
|
|
4
|
-
/**
|
|
5
|
-
* Deep-redact the FULL contract/workflow projection buckets of an upload
|
|
6
|
-
* metadata object before it leaves the machine.
|
|
7
|
-
*
|
|
8
|
-
* Only `contractsProjection` and `workflows` are redacted — they are free-form
|
|
9
|
-
* trees that can carry secrets at any path (examples, default headers, gRPC
|
|
10
|
-
* metadata, `extensions`/`meta` blobs, literal compare/switch values, assertion
|
|
11
|
-
* messages). Everything else is returned untouched; in particular
|
|
12
|
-
* `files[].hash` / `rootHash` MUST survive verbatim, since the `hexKeys`
|
|
13
|
-
* pattern would otherwise mangle their sha256 hex and corrupt the server's
|
|
14
|
-
* test registry + dedup.
|
|
15
|
-
*
|
|
16
|
-
* Returns a new object when redaction applies; the input is never mutated.
|
|
17
|
-
* When neither projection bucket is present the input is returned as-is.
|
|
18
|
-
* A generous `maxDepth` keeps nested JSON Schemas / recursive workflow branch
|
|
19
|
-
* trees from truncating to a `[REDACTED: too deep]` sentinel.
|
|
20
|
-
*
|
|
21
|
-
* rootHash consistency (codex 0.6 P2): `workflows` participate in `rootHash`
|
|
22
|
-
* (see metadata.ts `computeRootHash`), but `buildMetadata` hashed the
|
|
23
|
-
* UNREDACTED workflows. Redacting them here would leave a payload whose
|
|
24
|
-
* rootHash no longer matches its own `workflows`, so when workflows are
|
|
25
|
-
* present we recompute rootHash over the redacted projection — the uploaded
|
|
26
|
-
* payload stays self-consistent for any receiver that verifies it.
|
|
27
|
-
* (`contractsProjection` is NOT part of rootHash, so its redaction is moot.)
|
|
28
|
-
* This makes the function async.
|
|
29
|
-
*
|
|
30
|
-
* Redaction model (same engine as event redaction, config-driven):
|
|
31
|
-
* - Only SCALARS (string/number) are ever masked. A sensitive key over an
|
|
32
|
-
* object/array is RECURSED into, never replaced wholesale — so JSON-Schema
|
|
33
|
-
* nodes (`properties.password = { type: "string" }`) keep their shape.
|
|
34
|
-
* - A scalar is masked when its own key is sensitive (built-in baseline +
|
|
35
|
-
* scope keys + the project's `globalRules.sensitiveKeys`) OR its value
|
|
36
|
-
* matches a value pattern (jwt/bearer/email/…).
|
|
37
|
-
* - BOUNDARY: a secret nested under a sensitive key but keyed by a
|
|
38
|
-
* NON-sensitive inner name (e.g. `authorization: { value: "sk_live…" }`)
|
|
39
|
-
* is NOT auto-masked. That is by design — like events, such project-specific
|
|
40
|
-
* shapes are declared in the redaction config (`sensitiveKeys` /
|
|
41
|
-
* `customPatterns`), not hard-coded here. In practice nested secrets
|
|
42
|
-
* usually sit under a sensitive inner key (`token`/`password`/`secret`)
|
|
43
|
-
* and ARE caught.
|
|
44
|
-
*/
|
|
45
|
-
export declare function redactMetadataForUpload(metadata: UploadMetadata, redaction: Pick<RedactionConfig, "globalRules" | "replacementFormat">): Promise<UploadMetadata>;
|
|
46
|
-
export {};
|
|
47
|
-
//# sourceMappingURL=redact-metadata.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"redact-metadata.d.ts","sourceRoot":"","sources":["../../src/lib/redact-metadata.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAE1D,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAEvD,KAAK,cAAc,GAAG,WAAW,CAAC,mBAAmB,CAAC,UAAU,CAAC,CAAC,CAAC;AAanE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAwCG;AACH,wBAAsB,uBAAuB,CAC3C,QAAQ,EAAE,cAAc,EACxB,SAAS,EAAE,IAAI,CAAC,eAAe,EAAE,aAAa,GAAG,mBAAmB,CAAC,GACpE,OAAO,CAAC,cAAc,CAAC,CAsCzB"}
|
|
@@ -1,84 +0,0 @@
|
|
|
1
|
-
import { redactValue, BUILTIN_SCOPES } from "@glubean/redaction";
|
|
2
|
-
import { computeRootHash } from "../metadata.js";
|
|
3
|
-
/**
|
|
4
|
-
* Union of every sensitive key declared across the built-in event scopes
|
|
5
|
-
* (e.g. `authorization`, `cookie`, `set-cookie`, `x-api-key`). The metadata
|
|
6
|
-
* projection has no single event type to scope by, so we apply ALL of them
|
|
7
|
-
* (plus the built-in baseline, enabled inside `redactValue`) — ensuring the
|
|
8
|
-
* projection is redacted at least as strongly as the events it accompanies.
|
|
9
|
-
*/
|
|
10
|
-
const SCOPE_SENSITIVE_KEYS = [
|
|
11
|
-
...new Set(BUILTIN_SCOPES.flatMap((s) => s.rules?.sensitiveKeys ?? [])),
|
|
12
|
-
];
|
|
13
|
-
/**
|
|
14
|
-
* Deep-redact the FULL contract/workflow projection buckets of an upload
|
|
15
|
-
* metadata object before it leaves the machine.
|
|
16
|
-
*
|
|
17
|
-
* Only `contractsProjection` and `workflows` are redacted — they are free-form
|
|
18
|
-
* trees that can carry secrets at any path (examples, default headers, gRPC
|
|
19
|
-
* metadata, `extensions`/`meta` blobs, literal compare/switch values, assertion
|
|
20
|
-
* messages). Everything else is returned untouched; in particular
|
|
21
|
-
* `files[].hash` / `rootHash` MUST survive verbatim, since the `hexKeys`
|
|
22
|
-
* pattern would otherwise mangle their sha256 hex and corrupt the server's
|
|
23
|
-
* test registry + dedup.
|
|
24
|
-
*
|
|
25
|
-
* Returns a new object when redaction applies; the input is never mutated.
|
|
26
|
-
* When neither projection bucket is present the input is returned as-is.
|
|
27
|
-
* A generous `maxDepth` keeps nested JSON Schemas / recursive workflow branch
|
|
28
|
-
* trees from truncating to a `[REDACTED: too deep]` sentinel.
|
|
29
|
-
*
|
|
30
|
-
* rootHash consistency (codex 0.6 P2): `workflows` participate in `rootHash`
|
|
31
|
-
* (see metadata.ts `computeRootHash`), but `buildMetadata` hashed the
|
|
32
|
-
* UNREDACTED workflows. Redacting them here would leave a payload whose
|
|
33
|
-
* rootHash no longer matches its own `workflows`, so when workflows are
|
|
34
|
-
* present we recompute rootHash over the redacted projection — the uploaded
|
|
35
|
-
* payload stays self-consistent for any receiver that verifies it.
|
|
36
|
-
* (`contractsProjection` is NOT part of rootHash, so its redaction is moot.)
|
|
37
|
-
* This makes the function async.
|
|
38
|
-
*
|
|
39
|
-
* Redaction model (same engine as event redaction, config-driven):
|
|
40
|
-
* - Only SCALARS (string/number) are ever masked. A sensitive key over an
|
|
41
|
-
* object/array is RECURSED into, never replaced wholesale — so JSON-Schema
|
|
42
|
-
* nodes (`properties.password = { type: "string" }`) keep their shape.
|
|
43
|
-
* - A scalar is masked when its own key is sensitive (built-in baseline +
|
|
44
|
-
* scope keys + the project's `globalRules.sensitiveKeys`) OR its value
|
|
45
|
-
* matches a value pattern (jwt/bearer/email/…).
|
|
46
|
-
* - BOUNDARY: a secret nested under a sensitive key but keyed by a
|
|
47
|
-
* NON-sensitive inner name (e.g. `authorization: { value: "sk_live…" }`)
|
|
48
|
-
* is NOT auto-masked. That is by design — like events, such project-specific
|
|
49
|
-
* shapes are declared in the redaction config (`sensitiveKeys` /
|
|
50
|
-
* `customPatterns`), not hard-coded here. In practice nested secrets
|
|
51
|
-
* usually sit under a sensitive inner key (`token`/`password`/`secret`)
|
|
52
|
-
* and ARE caught.
|
|
53
|
-
*/
|
|
54
|
-
export async function redactMetadataForUpload(metadata, redaction) {
|
|
55
|
-
if (!metadata.contractsProjection && !metadata.workflows)
|
|
56
|
-
return metadata;
|
|
57
|
-
const redact = (v) => redactValue(v, {
|
|
58
|
-
globalRules: redaction.globalRules,
|
|
59
|
-
// Built-in baseline (password/token/authorization/…) is enabled by
|
|
60
|
-
// default inside redactValue; add the scope-declared keys on top so a
|
|
61
|
-
// default config (empty globalRules.sensitiveKeys) still masks
|
|
62
|
-
// key-based secrets the value patterns would miss.
|
|
63
|
-
sensitiveKeys: SCOPE_SENSITIVE_KEYS,
|
|
64
|
-
replacementFormat: redaction.replacementFormat,
|
|
65
|
-
maxDepth: 64,
|
|
66
|
-
});
|
|
67
|
-
const redactedWorkflows = metadata.workflows
|
|
68
|
-
? redact(metadata.workflows)
|
|
69
|
-
: undefined;
|
|
70
|
-
const result = {
|
|
71
|
-
...metadata,
|
|
72
|
-
...(metadata.contractsProjection
|
|
73
|
-
? { contractsProjection: redact(metadata.contractsProjection) }
|
|
74
|
-
: {}),
|
|
75
|
-
...(redactedWorkflows ? { workflows: redactedWorkflows } : {}),
|
|
76
|
-
};
|
|
77
|
-
// workflows are hashed into rootHash; recompute over the redacted projection
|
|
78
|
-
// so the uploaded payload is self-consistent (see the doc comment above).
|
|
79
|
-
if (redactedWorkflows && metadata.rootHash !== undefined) {
|
|
80
|
-
result.rootHash = await computeRootHash(result.files, result.contracts, redactedWorkflows);
|
|
81
|
-
}
|
|
82
|
-
return result;
|
|
83
|
-
}
|
|
84
|
-
//# sourceMappingURL=redact-metadata.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"redact-metadata.js","sourceRoot":"","sources":["../../src/lib/redact-metadata.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAEjE,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAKjD;;;;;;GAMG;AACH,MAAM,oBAAoB,GAAa;IACrC,GAAG,IAAI,GAAG,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,EAAE,aAAa,IAAI,EAAE,CAAC,CAAC;CACxE,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAwCG;AACH,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,QAAwB,EACxB,SAAqE;IAErE,IAAI,CAAC,QAAQ,CAAC,mBAAmB,IAAI,CAAC,QAAQ,CAAC,SAAS;QAAE,OAAO,QAAQ,CAAC;IAE1E,MAAM,MAAM,GAAG,CAAC,CAAU,EAAW,EAAE,CACrC,WAAW,CAAC,CAAC,EAAE;QACb,WAAW,EAAE,SAAS,CAAC,WAAW;QAClC,mEAAmE;QACnE,sEAAsE;QACtE,+DAA+D;QAC/D,mDAAmD;QACnD,aAAa,EAAE,oBAAoB;QACnC,iBAAiB,EAAE,SAAS,CAAC,iBAAiB;QAC9C,QAAQ,EAAE,EAAE;KACb,CAAC,CAAC;IAEL,MAAM,iBAAiB,GAAG,QAAQ,CAAC,SAAS;QAC1C,CAAC,CAAE,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAe;QAC3C,CAAC,CAAC,SAAS,CAAC;IAEd,MAAM,MAAM,GAAmB;QAC7B,GAAG,QAAQ;QACX,GAAG,CAAC,QAAQ,CAAC,mBAAmB;YAC9B,CAAC,CAAC,EAAE,mBAAmB,EAAE,MAAM,CAAC,QAAQ,CAAC,mBAAmB,CAAc,EAAE;YAC5E,CAAC,CAAC,EAAE,CAAC;QACP,GAAG,CAAC,iBAAiB,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,iBAAiB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC/D,CAAC;IAEF,6EAA6E;IAC7E,0EAA0E;IAC1E,IAAI,iBAAiB,IAAI,QAAQ,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;QACzD,MAAM,CAAC,QAAQ,GAAG,MAAM,eAAe,CACrC,MAAM,CAAC,KAA8C,EACrD,MAAM,CAAC,SAAS,EAChB,iBAAiB,CAClB,CAAC;IACJ,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC"}
|