npm - @griffin-app/griffin-executor - Versions diffs - 0.1.0 → 0.1.2 - Mend

@griffin-app/griffin-executor 0.1.0 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (40) hide show

package/dist/executor.d.ts.map +1 -1
package/dist/executor.js +55 -10
package/dist/executor.js.map +1 -1
package/dist/executor.test.js +83 -0
package/dist/executor.test.js.map +1 -1
package/dist/index.d.ts +1 -1
package/dist/index.d.ts.map +1 -1
package/dist/index.js +1 -1
package/dist/index.js.map +1 -1
package/dist/secrets/factory.d.ts +3 -99
package/dist/secrets/factory.d.ts.map +1 -1
package/dist/secrets/factory.js +3 -117
package/dist/secrets/factory.js.map +1 -1
package/dist/secrets/index.d.ts +5 -3
package/dist/secrets/index.d.ts.map +1 -1
package/dist/secrets/index.js +4 -2
package/dist/secrets/index.js.map +1 -1
package/dist/secrets/providers/aws.d.ts +10 -12
package/dist/secrets/providers/aws.d.ts.map +1 -1
package/dist/secrets/providers/aws.js +44 -58
package/dist/secrets/providers/aws.js.map +1 -1
package/dist/secrets/providers/index.d.ts +0 -2
package/dist/secrets/providers/index.d.ts.map +1 -1
package/dist/secrets/providers/index.js +0 -2
package/dist/secrets/providers/index.js.map +1 -1
package/dist/secrets/resolver.d.ts.map +1 -1
package/dist/secrets/resolver.js +1 -1
package/dist/secrets/resolver.js.map +1 -1
package/dist/secrets/secrets.test.js.map +1 -1
package/package.json +3 -3
package/src/executor.test.ts +90 -0
package/src/executor.ts +84 -12
package/src/index.ts +0 -8
package/src/secrets/factory.ts +5 -211
package/src/secrets/index.ts +3 -9
package/src/secrets/providers/index.ts +0 -10
package/src/secrets/resolver.ts +5 -1
package/src/secrets/secrets.test.ts +1 -0
package/tsconfig.tsbuildinfo +1 -0
package/src/secrets/providers/aws.ts +0 -178

package/src/secrets/providers/aws.ts DELETED Viewed

@@ -1,178 +0,0 @@
-/**
- * AWS Secrets Manager secret provider.
- *
- * Reads secrets from AWS Secrets Manager. Supports JSON secrets
- * with field extraction and version staging.
- *
- * Usage in DSL:
- *   secret("aws:my-secret")
- *   secret("aws:prod/api-keys", { field: "stripe" })
- *   secret("aws:my-secret", { version: "AWSPREVIOUS" })
- */
-import type { SecretProvider, SecretResolveOptions } from "../types.js";
-import { SecretResolutionError } from "../types.js";
-/**
- * Interface for AWS Secrets Manager client.
- * This allows dependency injection of the actual AWS SDK client.
- */
-export interface AwsSecretsManagerClient {
-  getSecretValue(params: { SecretId: string; VersionStage?: string }): Promise<{
-    SecretString?: string;
-    SecretBinary?: Uint8Array;
-  }>;
-}
-export interface AwsSecretsManagerProviderOptions {
-  /**
-   * AWS Secrets Manager client instance.
-   * Should be pre-configured with region and credentials.
-   */
-  client: AwsSecretsManagerClient;
-  /**
-   * Optional prefix for secret names.
-   * For example, if prefix is "myapp/", then secret("aws:api-key")
-   * will look for "myapp/api-key" in Secrets Manager.
-   */
-  prefix?: string;
-  /**
-   * Default version stage to use if not specified.
-   * Defaults to "AWSCURRENT".
-   */
-  defaultVersionStage?: string;
-}
-export class AwsSecretsManagerProvider implements SecretProvider {
-  readonly name = "aws";
-  private readonly client: AwsSecretsManagerClient;
-  private readonly prefix: string;
-  private readonly defaultVersionStage: string;
-  // Simple in-memory cache with TTL
-  private cache = new Map<string, { value: string; expires: number }>();
-  private readonly cacheTtlMs = 5 * 60 * 1000; // 5 minutes
-  constructor(options: AwsSecretsManagerProviderOptions) {
-    this.client = options.client;
-    this.prefix = options.prefix ?? "";
-    this.defaultVersionStage = options.defaultVersionStage ?? "AWSCURRENT";
-  }
-  async resolve(ref: string, options?: SecretResolveOptions): Promise<string> {
-    const secretId = this.prefix + ref;
-    const versionStage = options?.version ?? this.defaultVersionStage;
-    const cacheKey = `${secretId}:${versionStage}`;
-    // Check cache
-    const cached = this.cache.get(cacheKey);
-    if (cached && cached.expires > Date.now()) {
-      return this.extractField(cached.value, options?.field, ref);
-    }
-    try {
-      const response = await this.client.getSecretValue({
-        SecretId: secretId,
-        VersionStage: versionStage,
-      });
-      if (!response.SecretString) {
-        throw new SecretResolutionError(
-          `Secret "${secretId}" does not contain a string value (binary secrets are not supported)`,
-          { ref },
-        );
-      }
-      // Cache the raw value
-      this.cache.set(cacheKey, {
-        value: response.SecretString,
-        expires: Date.now() + this.cacheTtlMs,
-      });
-      return this.extractField(response.SecretString, options?.field, ref);
-    } catch (error) {
-      if (error instanceof SecretResolutionError) {
-        throw error;
-      }
-      // Handle common AWS errors
-      const awsError = error as { name?: string; message?: string };
-      let message = `Failed to retrieve secret "${secretId}"`;
-      if (awsError.name === "ResourceNotFoundException") {
-        message = `Secret "${secretId}" not found in AWS Secrets Manager`;
-      } else if (awsError.name === "AccessDeniedException") {
-        message = `Access denied to secret "${secretId}". Check IAM permissions.`;
-      } else if (awsError.message) {
-        message = `${message}: ${awsError.message}`;
-      }
-      throw new SecretResolutionError(message, {
-        ref,
-        cause: error,
-      });
-    }
-  }
-  /**
-   * Extract a field from a JSON secret string.
-   */
-  private extractField(
-    secretValue: string,
-    field: string | undefined,
-    ref: string,
-  ): string {
-    if (!field) {
-      return secretValue;
-    }
-    try {
-      const parsed = JSON.parse(secretValue);
-      if (typeof parsed !== "object" || parsed === null) {
-        throw new SecretResolutionError(
-          `Secret "${ref}" is not a JSON object, cannot extract field "${field}"`,
-          { ref },
-        );
-      }
-      const value = parsed[field];
-      if (value === undefined) {
-        throw new SecretResolutionError(
-          `Field "${field}" not found in secret "${ref}"`,
-          { ref },
-        );
-      }
-      // Convert to string if not already
-      return typeof value === "string" ? value : JSON.stringify(value);
-    } catch (error) {
-      if (error instanceof SecretResolutionError) {
-        throw error;
-      }
-      throw new SecretResolutionError(
-        `Failed to parse secret "${ref}" as JSON for field extraction: ${
-          error instanceof Error ? error.message : String(error)
-        }`,
-        { ref, cause: error },
-      );
-    }
-  }
-  async validate(): Promise<void> {
-    // Try a simple operation to verify credentials
-    // This is a no-op if the client is properly configured
-    // The actual validation happens on first secret access
-  }
-  /**
-   * Clear the cache. Useful for testing or forced refresh.
-   */
-  clearCache(): void {
-    this.cache.clear();
-  }
-}