@http-forge/core 0.3.3 → 0.4.1

package/dist/types/secret-resolver.d.ts

@@ -0,0 +1,106 @@
+/**
+ * Cloud Secret Resolver — Phase 3
+ *
+ * Defines the ISecretResolver abstraction and the per-provider configuration
+ * types used in http-forge.config.json under the `secrets` key.
+ *
+ * Token syntax resolved by this interface: {{secret:provider/path}}
+ *   e.g.  {{secret:aws/myapp/prod/db-password}}
+ *         {{secret:azure/https://myvault.vault.azure.net/secrets/apiKey}}
+ *         {{secret:vault/secret/data/myapp#password}}
+ *         {{secret:1password/MyVault/MyItem/password}}
+ *
+ * Credentials are NEVER stored in HTTP Forge config.
+ * Each provider uses its SDK's default credential chain:
+ *   - AWS   → SDK credential chain (env vars / ~/.aws / IAM role)
+ *   - Azure → DefaultAzureCredential (env / managed identity / CLI login)
+ *   - Vault → VAULT_TOKEN / VAULT_ADDR env vars
+ *   - 1Password → OP_SERVICE_ACCOUNT_TOKEN env var
+ */
+export interface ISecretResolver {
+    /**
+     * Resolve a secret by its provider-relative path.
+     * @param path  The path after the provider prefix, e.g. "myapp/prod/apiKey"
+     * @returns     The plaintext secret value, or undefined if not found
+     */
+    resolve(path: string): Promise<string | undefined>;
+    /**
+     * Human-readable provider name, e.g. "aws", "azure", "vault", "1password"
+     */
+    readonly providerName: string;
+}
+export interface AwsSecretsConfig {
+    provider: 'aws';
+    /** AWS region, e.g. "us-east-1". Falls back to AWS_DEFAULT_REGION env var. */
+    region?: string;
+}
+export interface AzureKeyVaultConfig {
+    provider: 'azure';
+    /**
+     * Key Vault URL, e.g. "https://myvault.vault.azure.net"
+     * The path portion of the token is used as the secret name.
+     */
+    vaultUrl: string;
+}
+export interface HashiCorpVaultConfig {
+    provider: 'vault';
+    /**
+     * Vault server address, e.g. "https://vault.example.com:8200"
+     * Falls back to VAULT_ADDR env var.
+     */
+    address?: string;
+    /** Mount path prefix, e.g. "secret". Defaults to "secret". */
+    mountPath?: string;
+    /**
+     * Vault namespace (Enterprise / HCP Vault), e.g. "admin" or "admin/team-a".
+     * Sent as the X-Vault-Namespace header. Falls back to VAULT_NAMESPACE env var.
+     */
+    namespace?: string;
+}
+export interface OnePasswordConfig {
+    provider: '1password';
+    /**
+     * Vault name to search, e.g. "MyVault".
+     * If omitted, the path is expected to include vault/item/field.
+     */
+    vault?: string;
+}
+export interface GcpSecretsConfig {
+    provider: 'gcp';
+    /**
+     * GCP project ID, e.g. "my-project-123".
+     * Falls back to GOOGLE_CLOUD_PROJECT / GCLOUD_PROJECT env vars.
+     */
+    projectId?: string;
+}
+export interface DopplerConfig {
+    provider: 'doppler';
+    /**
+     * Doppler service token. Falls back to DOPPLER_TOKEN env var.
+     * The project/config are baked into the service token itself.
+     */
+    serviceToken?: string;
+}
+export type SecretProviderConfig = AwsSecretsConfig | AzureKeyVaultConfig | HashiCorpVaultConfig | OnePasswordConfig | GcpSecretsConfig | DopplerConfig;
+/**
+ * Top-level `secrets` block in http-forge.config.json
+ */
+export interface SecretsConfig {
+    /**
+     * Named provider configs. Keys are provider aliases used in the token:
+     * {{secret:<alias>/<path>}}
+     *
+     * Example:
+     * ```json
+     * {
+     *   "secrets": {
+     *     "providers": {
+     *       "aws":    { "provider": "aws", "region": "us-east-1" },
+     *       "vault":  { "provider": "vault", "address": "https://vault.example.com" }
+     *     }
+     *   }
+     * }
+     * ```
+     */
+    providers: Record<string, SecretProviderConfig>;
+}

package/dist/types/types.d.ts

@@ -292,6 +292,8 @@ export interface TestAssertion {
     name: string;
     passed: boolean;
     message?: string;
+    /** True when the test was explicitly skipped via pm.test.skip(...) */
+    skipped?: boolean;
 }
 /**
  * Request overrides that can be applied at runtime
@@ -619,6 +621,10 @@ export interface ExecutionResult {
     modifiedCollectionVariables?: Record<string, string>;
     modifiedSessionVariables?: Record<string, string>;
     error?: string;
+    /** Folder path of the request within its collection (slash-separated; empty for root) */
+    folderPath?: string;
+    /** Name of the collection this request belongs to (for multi-collection suite reports) */
+    collectionName?: string;
     /** Postman-compatible: pm.execution.setNextRequest() value. null = stop runner. */
     nextRequest?: string | null;
     /** Postman-compatible: pm.visualizer.set(template, data) output */

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@http-forge/core",
-  "version": "0.3.3",
+  "version": "0.4.1",
   "description": "Headless HTTP testing engine with Postman collection support, dynamic variables, and script-based automation.",
   "main": "./dist/index.js",
   "module": "./dist/index.mjs",
@@ -59,6 +59,18 @@
     "uuid": "^14.0.0",
     "yaml": "^2.7.0"
   },
+  "peerDependencies": {
+    "@aws-sdk/client-secrets-manager": ">=3.0.0",
+    "@azure/keyvault-secrets": ">=4.0.0",
+    "@azure/identity": ">=3.0.0",
+    "node-vault": ">=0.9.0"
+  },
+  "peerDependenciesMeta": {
+    "@aws-sdk/client-secrets-manager": { "optional": true },
+    "@azure/keyvault-secrets": { "optional": true },
+    "@azure/identity": { "optional": true },
+    "node-vault": { "optional": true }
+  },
   "devDependencies": {
     "@types/lodash": "^4.14.202",
     "@types/node": "^20.10.0",