@kitsy/cnos 1.2.0 → 1.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +3 -3
- package/dist/build/index.cjs +1003 -121
- package/dist/build/index.d.cts +1 -1
- package/dist/build/index.d.ts +1 -1
- package/dist/build/index.js +22 -10
- package/dist/{chunk-APCTXRUN.js → chunk-APIU4GTB.js} +1012 -195
- package/dist/chunk-EQSKV3DP.js +105 -0
- package/dist/{chunk-MLQGYCO7.js → chunk-FWJC4Y2D.js} +1 -1
- package/dist/{chunk-RD5WMHPM.js → chunk-HMM76UYZ.js} +1 -1
- package/dist/{chunk-EIN55XXA.js → chunk-J4K4JUJL.js} +1 -1
- package/dist/{chunk-SO5XREEU.js → chunk-JSBVYK2T.js} +32 -11
- package/dist/chunk-LJD4SM32.js +189 -0
- package/dist/{chunk-SXTMTACL.js → chunk-T6Y57KTT.js} +20 -31
- package/dist/chunk-WCHX2QFY.js +115 -0
- package/dist/{chunk-ZA74BO47.js → chunk-ZTPSFXWP.js} +1 -1
- package/dist/configure/index.cjs +3021 -0
- package/dist/configure/index.d.cts +12 -0
- package/dist/configure/index.d.ts +12 -0
- package/dist/configure/index.js +24 -0
- package/dist/{envNaming-CcsqAel3.d.ts → envNaming-Dvm_LP2D.d.ts} +1 -1
- package/dist/{envNaming-BTJpH93W.d.cts → envNaming-S4B-dHUx.d.cts} +1 -1
- package/dist/index.cjs +1243 -186
- package/dist/index.d.cts +2 -13
- package/dist/index.d.ts +2 -13
- package/dist/index.js +13 -25
- package/dist/internal.cjs +1525 -81
- package/dist/internal.d.cts +171 -14
- package/dist/internal.d.ts +171 -14
- package/dist/internal.js +652 -5
- package/dist/plugin/basic-schema.cjs +29 -2
- package/dist/plugin/basic-schema.d.cts +1 -1
- package/dist/plugin/basic-schema.d.ts +1 -1
- package/dist/plugin/basic-schema.js +2 -2
- package/dist/plugin/cli-args.cjs +29 -2
- package/dist/plugin/cli-args.d.cts +1 -1
- package/dist/plugin/cli-args.d.ts +1 -1
- package/dist/plugin/cli-args.js +2 -2
- package/dist/plugin/dotenv.cjs +36 -9
- package/dist/plugin/dotenv.d.cts +2 -2
- package/dist/plugin/dotenv.d.ts +2 -2
- package/dist/plugin/dotenv.js +2 -2
- package/dist/plugin/env-export.cjs +31 -2
- package/dist/plugin/env-export.d.cts +2 -2
- package/dist/plugin/env-export.d.ts +2 -2
- package/dist/plugin/env-export.js +2 -2
- package/dist/plugin/filesystem.cjs +65 -91
- package/dist/plugin/filesystem.d.cts +1 -1
- package/dist/plugin/filesystem.d.ts +1 -1
- package/dist/plugin/filesystem.js +2 -2
- package/dist/plugin/process-env.cjs +105 -11
- package/dist/plugin/process-env.d.cts +4 -3
- package/dist/plugin/process-env.d.ts +4 -3
- package/dist/plugin/process-env.js +6 -4
- package/dist/{plugin-DkOIT5uI.d.cts → plugin-B4xwySxw.d.cts} +15 -2
- package/dist/{plugin-DkOIT5uI.d.ts → plugin-B4xwySxw.d.ts} +15 -2
- package/dist/runtime/index.cjs +1057 -136
- package/dist/runtime/index.d.cts +1 -1
- package/dist/runtime/index.d.ts +1 -1
- package/dist/runtime/index.js +11 -186
- package/dist/{toPublicEnv-C9clvXLo.d.ts → toPublicEnv-CvhGAfsB.d.ts} +1 -1
- package/dist/{toPublicEnv-DvFeV3qG.d.cts → toPublicEnv-ggmphZFs.d.cts} +1 -1
- package/package.json +11 -1
- package/dist/chunk-JUHPBAEH.js +0 -20
- package/dist/chunk-PQ4KSV76.js +0 -50
- package/dist/chunk-WHUGFPE4.js +0 -49
|
@@ -34,6 +34,21 @@ __export(basic_schema_exports, {
|
|
|
34
34
|
});
|
|
35
35
|
module.exports = __toCommonJS(basic_schema_exports);
|
|
36
36
|
|
|
37
|
+
// ../core/src/keychain/linux.ts
|
|
38
|
+
var import_node_child_process = require("child_process");
|
|
39
|
+
var import_node_util = require("util");
|
|
40
|
+
var execFileAsync = (0, import_node_util.promisify)(import_node_child_process.execFile);
|
|
41
|
+
|
|
42
|
+
// ../core/src/keychain/macos.ts
|
|
43
|
+
var import_node_child_process2 = require("child_process");
|
|
44
|
+
var import_node_util2 = require("util");
|
|
45
|
+
var execFileAsync2 = (0, import_node_util2.promisify)(import_node_child_process2.execFile);
|
|
46
|
+
|
|
47
|
+
// ../core/src/keychain/windows.ts
|
|
48
|
+
var import_node_child_process3 = require("child_process");
|
|
49
|
+
var import_node_util3 = require("util");
|
|
50
|
+
var execFileAsync3 = (0, import_node_util3.promisify)(import_node_child_process3.execFile);
|
|
51
|
+
|
|
37
52
|
// ../core/src/manifest/loadManifest.ts
|
|
38
53
|
var import_promises2 = require("fs/promises");
|
|
39
54
|
var import_node_path2 = __toESM(require("path"), 1);
|
|
@@ -205,14 +220,26 @@ function applySchemaRules(graph, schema) {
|
|
|
205
220
|
};
|
|
206
221
|
}
|
|
207
222
|
|
|
223
|
+
// ../core/src/secrets/auditLog.ts
|
|
224
|
+
var import_promises8 = require("fs/promises");
|
|
225
|
+
var import_node_path8 = __toESM(require("path"), 1);
|
|
226
|
+
|
|
208
227
|
// ../core/src/utils/secretStore.ts
|
|
209
228
|
var import_node_crypto = require("crypto");
|
|
229
|
+
var import_promises7 = require("fs/promises");
|
|
230
|
+
var import_node_path7 = __toESM(require("path"), 1);
|
|
231
|
+
|
|
232
|
+
// ../core/src/secrets/sessionStore.ts
|
|
210
233
|
var import_promises6 = require("fs/promises");
|
|
211
234
|
var import_node_path6 = __toESM(require("path"), 1);
|
|
212
235
|
|
|
236
|
+
// ../core/src/secrets/prompt.ts
|
|
237
|
+
var import_node_readline = __toESM(require("readline"), 1);
|
|
238
|
+
var import_node_stream = require("stream");
|
|
239
|
+
|
|
213
240
|
// ../core/src/runtime/dump.ts
|
|
214
|
-
var
|
|
215
|
-
var
|
|
241
|
+
var import_promises9 = require("fs/promises");
|
|
242
|
+
var import_node_path9 = __toESM(require("path"), 1);
|
|
216
243
|
|
|
217
244
|
// ../../plugins/basic-schema/src/index.ts
|
|
218
245
|
function createBasicSchemaPlugin() {
|
package/dist/plugin/cli-args.cjs
CHANGED
|
@@ -36,6 +36,21 @@ __export(cli_args_exports, {
|
|
|
36
36
|
});
|
|
37
37
|
module.exports = __toCommonJS(cli_args_exports);
|
|
38
38
|
|
|
39
|
+
// ../core/src/keychain/linux.ts
|
|
40
|
+
var import_node_child_process = require("child_process");
|
|
41
|
+
var import_node_util = require("util");
|
|
42
|
+
var execFileAsync = (0, import_node_util.promisify)(import_node_child_process.execFile);
|
|
43
|
+
|
|
44
|
+
// ../core/src/keychain/macos.ts
|
|
45
|
+
var import_node_child_process2 = require("child_process");
|
|
46
|
+
var import_node_util2 = require("util");
|
|
47
|
+
var execFileAsync2 = (0, import_node_util2.promisify)(import_node_child_process2.execFile);
|
|
48
|
+
|
|
49
|
+
// ../core/src/keychain/windows.ts
|
|
50
|
+
var import_node_child_process3 = require("child_process");
|
|
51
|
+
var import_node_util3 = require("util");
|
|
52
|
+
var execFileAsync3 = (0, import_node_util3.promisify)(import_node_child_process3.execFile);
|
|
53
|
+
|
|
39
54
|
// ../core/src/manifest/loadManifest.ts
|
|
40
55
|
var import_promises2 = require("fs/promises");
|
|
41
56
|
var import_node_path2 = __toESM(require("path"), 1);
|
|
@@ -63,14 +78,26 @@ var import_node_path4 = __toESM(require("path"), 1);
|
|
|
63
78
|
var import_promises5 = require("fs/promises");
|
|
64
79
|
var import_node_path5 = __toESM(require("path"), 1);
|
|
65
80
|
|
|
81
|
+
// ../core/src/secrets/auditLog.ts
|
|
82
|
+
var import_promises8 = require("fs/promises");
|
|
83
|
+
var import_node_path8 = __toESM(require("path"), 1);
|
|
84
|
+
|
|
66
85
|
// ../core/src/utils/secretStore.ts
|
|
67
86
|
var import_node_crypto = require("crypto");
|
|
87
|
+
var import_promises7 = require("fs/promises");
|
|
88
|
+
var import_node_path7 = __toESM(require("path"), 1);
|
|
89
|
+
|
|
90
|
+
// ../core/src/secrets/sessionStore.ts
|
|
68
91
|
var import_promises6 = require("fs/promises");
|
|
69
92
|
var import_node_path6 = __toESM(require("path"), 1);
|
|
70
93
|
|
|
94
|
+
// ../core/src/secrets/prompt.ts
|
|
95
|
+
var import_node_readline = __toESM(require("readline"), 1);
|
|
96
|
+
var import_node_stream = require("stream");
|
|
97
|
+
|
|
71
98
|
// ../core/src/runtime/dump.ts
|
|
72
|
-
var
|
|
73
|
-
var
|
|
99
|
+
var import_promises9 = require("fs/promises");
|
|
100
|
+
var import_node_path9 = __toESM(require("path"), 1);
|
|
74
101
|
|
|
75
102
|
// ../../plugins/cli-args/src/index.ts
|
|
76
103
|
var CLI_ARGS_PLUGIN_ID = "@kitsy/cnos/plugins/cli-args";
|
package/dist/plugin/cli-args.js
CHANGED
package/dist/plugin/dotenv.cjs
CHANGED
|
@@ -37,8 +37,23 @@ __export(dotenv_exports, {
|
|
|
37
37
|
module.exports = __toCommonJS(dotenv_exports);
|
|
38
38
|
|
|
39
39
|
// ../../plugins/dotenv/src/index.ts
|
|
40
|
-
var
|
|
41
|
-
var
|
|
40
|
+
var import_promises10 = require("fs/promises");
|
|
41
|
+
var import_node_path10 = __toESM(require("path"), 1);
|
|
42
|
+
|
|
43
|
+
// ../core/src/keychain/linux.ts
|
|
44
|
+
var import_node_child_process = require("child_process");
|
|
45
|
+
var import_node_util = require("util");
|
|
46
|
+
var execFileAsync = (0, import_node_util.promisify)(import_node_child_process.execFile);
|
|
47
|
+
|
|
48
|
+
// ../core/src/keychain/macos.ts
|
|
49
|
+
var import_node_child_process2 = require("child_process");
|
|
50
|
+
var import_node_util2 = require("util");
|
|
51
|
+
var execFileAsync2 = (0, import_node_util2.promisify)(import_node_child_process2.execFile);
|
|
52
|
+
|
|
53
|
+
// ../core/src/keychain/windows.ts
|
|
54
|
+
var import_node_child_process3 = require("child_process");
|
|
55
|
+
var import_node_util3 = require("util");
|
|
56
|
+
var execFileAsync3 = (0, import_node_util3.promisify)(import_node_child_process3.execFile);
|
|
42
57
|
|
|
43
58
|
// ../core/src/manifest/loadManifest.ts
|
|
44
59
|
var import_promises2 = require("fs/promises");
|
|
@@ -89,14 +104,26 @@ var import_node_path4 = __toESM(require("path"), 1);
|
|
|
89
104
|
var import_promises5 = require("fs/promises");
|
|
90
105
|
var import_node_path5 = __toESM(require("path"), 1);
|
|
91
106
|
|
|
107
|
+
// ../core/src/secrets/auditLog.ts
|
|
108
|
+
var import_promises8 = require("fs/promises");
|
|
109
|
+
var import_node_path8 = __toESM(require("path"), 1);
|
|
110
|
+
|
|
92
111
|
// ../core/src/utils/secretStore.ts
|
|
93
112
|
var import_node_crypto = require("crypto");
|
|
113
|
+
var import_promises7 = require("fs/promises");
|
|
114
|
+
var import_node_path7 = __toESM(require("path"), 1);
|
|
115
|
+
|
|
116
|
+
// ../core/src/secrets/sessionStore.ts
|
|
94
117
|
var import_promises6 = require("fs/promises");
|
|
95
118
|
var import_node_path6 = __toESM(require("path"), 1);
|
|
96
119
|
|
|
120
|
+
// ../core/src/secrets/prompt.ts
|
|
121
|
+
var import_node_readline = __toESM(require("readline"), 1);
|
|
122
|
+
var import_node_stream = require("stream");
|
|
123
|
+
|
|
97
124
|
// ../core/src/runtime/dump.ts
|
|
98
|
-
var
|
|
99
|
-
var
|
|
125
|
+
var import_promises9 = require("fs/promises");
|
|
126
|
+
var import_node_path9 = __toESM(require("path"), 1);
|
|
100
127
|
|
|
101
128
|
// ../core/src/utils/envNaming.ts
|
|
102
129
|
function normalizeMappingConfig(config = {}) {
|
|
@@ -105,8 +132,8 @@ function normalizeMappingConfig(config = {}) {
|
|
|
105
132
|
explicit: config.explicit ?? {}
|
|
106
133
|
};
|
|
107
134
|
}
|
|
108
|
-
function fromScreamingSnake(
|
|
109
|
-
return
|
|
135
|
+
function fromScreamingSnake(path11) {
|
|
136
|
+
return path11.split("_").map((segment) => segment.trim().toLowerCase()).filter(Boolean).join(".");
|
|
110
137
|
}
|
|
111
138
|
function envVarToLogicalKey(envVar, config = {}) {
|
|
112
139
|
const normalized = normalizeMappingConfig(config);
|
|
@@ -187,7 +214,7 @@ function dotenvEntriesFromObject(values, mapping = {}, originFile, workspaceId =
|
|
|
187
214
|
}
|
|
188
215
|
async function readIfPresent(filePath) {
|
|
189
216
|
try {
|
|
190
|
-
return await (0,
|
|
217
|
+
return await (0, import_promises10.readFile)(filePath, "utf8");
|
|
191
218
|
} catch {
|
|
192
219
|
return void 0;
|
|
193
220
|
}
|
|
@@ -206,7 +233,7 @@ function createDotenvPlugin() {
|
|
|
206
233
|
workspace: workspaceRoot.workspaceId
|
|
207
234
|
});
|
|
208
235
|
for (const fileName of fileNames) {
|
|
209
|
-
const absolutePath =
|
|
236
|
+
const absolutePath = import_node_path10.default.join(envRoot, fileName);
|
|
210
237
|
const document = await readIfPresent(absolutePath);
|
|
211
238
|
if (!document) {
|
|
212
239
|
continue;
|
|
@@ -215,7 +242,7 @@ function createDotenvPlugin() {
|
|
|
215
242
|
...dotenvEntriesFromObject(
|
|
216
243
|
parseDotenv(document),
|
|
217
244
|
config.envMapping,
|
|
218
|
-
toPortablePath(
|
|
245
|
+
toPortablePath(import_node_path10.default.relative(import_node_path10.default.dirname(context.manifestRoot), absolutePath)),
|
|
219
246
|
workspaceRoot.workspaceId
|
|
220
247
|
)
|
|
221
248
|
);
|
package/dist/plugin/dotenv.d.cts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import { L as LoaderPlugin,
|
|
2
|
-
import { E as EnvMappingConfig } from '../envNaming-
|
|
1
|
+
import { L as LoaderPlugin, a as ConfigEntry } from '../plugin-B4xwySxw.cjs';
|
|
2
|
+
import { E as EnvMappingConfig } from '../envNaming-S4B-dHUx.cjs';
|
|
3
3
|
|
|
4
4
|
declare function parseDotenv(document: string): Record<string, string>;
|
|
5
5
|
declare function dotenvEntriesFromObject(values: Record<string, string>, mapping?: EnvMappingConfig, originFile?: string, workspaceId?: string): ConfigEntry[];
|
package/dist/plugin/dotenv.d.ts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import { L as LoaderPlugin,
|
|
2
|
-
import { E as EnvMappingConfig } from '../envNaming-
|
|
1
|
+
import { L as LoaderPlugin, a as ConfigEntry } from '../plugin-B4xwySxw.js';
|
|
2
|
+
import { E as EnvMappingConfig } from '../envNaming-Dvm_LP2D.js';
|
|
3
3
|
|
|
4
4
|
declare function parseDotenv(document: string): Record<string, string>;
|
|
5
5
|
declare function dotenvEntriesFromObject(values: Record<string, string>, mapping?: EnvMappingConfig, originFile?: string, workspaceId?: string): ConfigEntry[];
|
package/dist/plugin/dotenv.js
CHANGED
|
@@ -52,6 +52,21 @@ var CnosManifestError = class extends CnosError {
|
|
|
52
52
|
manifestPath;
|
|
53
53
|
};
|
|
54
54
|
|
|
55
|
+
// ../core/src/keychain/linux.ts
|
|
56
|
+
var import_node_child_process = require("child_process");
|
|
57
|
+
var import_node_util = require("util");
|
|
58
|
+
var execFileAsync = (0, import_node_util.promisify)(import_node_child_process.execFile);
|
|
59
|
+
|
|
60
|
+
// ../core/src/keychain/macos.ts
|
|
61
|
+
var import_node_child_process2 = require("child_process");
|
|
62
|
+
var import_node_util2 = require("util");
|
|
63
|
+
var execFileAsync2 = (0, import_node_util2.promisify)(import_node_child_process2.execFile);
|
|
64
|
+
|
|
65
|
+
// ../core/src/keychain/windows.ts
|
|
66
|
+
var import_node_child_process3 = require("child_process");
|
|
67
|
+
var import_node_util3 = require("util");
|
|
68
|
+
var execFileAsync3 = (0, import_node_util3.promisify)(import_node_child_process3.execFile);
|
|
69
|
+
|
|
55
70
|
// ../core/src/manifest/loadManifest.ts
|
|
56
71
|
var import_promises2 = require("fs/promises");
|
|
57
72
|
var import_node_path2 = __toESM(require("path"), 1);
|
|
@@ -96,10 +111,20 @@ function getNamespaceDefinition(manifest, namespaceOrKey) {
|
|
|
96
111
|
var import_promises5 = require("fs/promises");
|
|
97
112
|
var import_node_path5 = __toESM(require("path"), 1);
|
|
98
113
|
|
|
114
|
+
// ../core/src/secrets/auditLog.ts
|
|
115
|
+
var import_promises8 = require("fs/promises");
|
|
116
|
+
var import_node_path8 = __toESM(require("path"), 1);
|
|
117
|
+
|
|
99
118
|
// ../core/src/utils/secretStore.ts
|
|
100
119
|
var import_node_crypto = require("crypto");
|
|
120
|
+
var import_promises7 = require("fs/promises");
|
|
121
|
+
var import_node_path7 = __toESM(require("path"), 1);
|
|
122
|
+
|
|
123
|
+
// ../core/src/secrets/sessionStore.ts
|
|
101
124
|
var import_promises6 = require("fs/promises");
|
|
102
125
|
var import_node_path6 = __toESM(require("path"), 1);
|
|
126
|
+
|
|
127
|
+
// ../core/src/utils/secretStore.ts
|
|
103
128
|
function isObject(value) {
|
|
104
129
|
return Boolean(value) && typeof value === "object" && !Array.isArray(value);
|
|
105
130
|
}
|
|
@@ -107,6 +132,10 @@ function isSecretReference(value) {
|
|
|
107
132
|
return isObject(value) && typeof value.provider === "string" && value.provider.trim().length > 0 && typeof value.ref === "string" && value.ref.trim().length > 0 && (value.vault === void 0 && true || typeof value.vault === "string" && value.vault.trim().length > 0) && Object.keys(value).every((key) => ["provider", "ref", "vault"].includes(key));
|
|
108
133
|
}
|
|
109
134
|
|
|
135
|
+
// ../core/src/secrets/prompt.ts
|
|
136
|
+
var import_node_readline = __toESM(require("readline"), 1);
|
|
137
|
+
var import_node_stream = require("stream");
|
|
138
|
+
|
|
110
139
|
// ../core/src/runtime/toEnv.ts
|
|
111
140
|
function normalizeEnvValue(value) {
|
|
112
141
|
if (value === void 0 || value === null) {
|
|
@@ -188,8 +217,8 @@ function toPublicEnv(graph, manifest, options = {}) {
|
|
|
188
217
|
}
|
|
189
218
|
|
|
190
219
|
// ../core/src/runtime/dump.ts
|
|
191
|
-
var
|
|
192
|
-
var
|
|
220
|
+
var import_promises9 = require("fs/promises");
|
|
221
|
+
var import_node_path9 = __toESM(require("path"), 1);
|
|
193
222
|
|
|
194
223
|
// ../../plugins/env-export/src/index.ts
|
|
195
224
|
function createEnvExportPlugin() {
|
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import { E as ExporterPlugin } from '../plugin-
|
|
2
|
-
export { t as toEnv, a as toPublicEnv } from '../toPublicEnv-
|
|
1
|
+
import { E as ExporterPlugin } from '../plugin-B4xwySxw.cjs';
|
|
2
|
+
export { t as toEnv, a as toPublicEnv } from '../toPublicEnv-ggmphZFs.cjs';
|
|
3
3
|
|
|
4
4
|
declare function createEnvExportPlugin(): ExporterPlugin;
|
|
5
5
|
declare function createPublicEnvExportPlugin(): ExporterPlugin;
|
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import { E as ExporterPlugin } from '../plugin-
|
|
2
|
-
export { t as toEnv, a as toPublicEnv } from '../toPublicEnv-
|
|
1
|
+
import { E as ExporterPlugin } from '../plugin-B4xwySxw.js';
|
|
2
|
+
export { t as toEnv, a as toPublicEnv } from '../toPublicEnv-CvhGAfsB.js';
|
|
3
3
|
|
|
4
4
|
declare function createEnvExportPlugin(): ExporterPlugin;
|
|
5
5
|
declare function createPublicEnvExportPlugin(): ExporterPlugin;
|
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
import {
|
|
2
2
|
createEnvExportPlugin,
|
|
3
3
|
createPublicEnvExportPlugin
|
|
4
|
-
} from "../chunk-
|
|
4
|
+
} from "../chunk-J4K4JUJL.js";
|
|
5
5
|
import {
|
|
6
6
|
toEnv,
|
|
7
7
|
toPublicEnv
|
|
8
|
-
} from "../chunk-
|
|
8
|
+
} from "../chunk-APIU4GTB.js";
|
|
9
9
|
export {
|
|
10
10
|
createEnvExportPlugin,
|
|
11
11
|
createPublicEnvExportPlugin,
|
|
@@ -40,11 +40,11 @@ __export(filesystem_exports, {
|
|
|
40
40
|
module.exports = __toCommonJS(filesystem_exports);
|
|
41
41
|
|
|
42
42
|
// ../../plugins/filesystem/src/filesystemSecretsReader.ts
|
|
43
|
-
var
|
|
43
|
+
var import_promises11 = require("fs/promises");
|
|
44
44
|
|
|
45
45
|
// ../../plugins/filesystem/src/helpers.ts
|
|
46
|
-
var
|
|
47
|
-
var
|
|
46
|
+
var import_promises10 = require("fs/promises");
|
|
47
|
+
var import_node_path10 = __toESM(require("path"), 1);
|
|
48
48
|
|
|
49
49
|
// ../core/src/errors.ts
|
|
50
50
|
var CnosError = class extends Error {
|
|
@@ -61,6 +61,21 @@ var CnosManifestError = class extends CnosError {
|
|
|
61
61
|
manifestPath;
|
|
62
62
|
};
|
|
63
63
|
|
|
64
|
+
// ../core/src/keychain/linux.ts
|
|
65
|
+
var import_node_child_process = require("child_process");
|
|
66
|
+
var import_node_util = require("util");
|
|
67
|
+
var execFileAsync = (0, import_node_util.promisify)(import_node_child_process.execFile);
|
|
68
|
+
|
|
69
|
+
// ../core/src/keychain/macos.ts
|
|
70
|
+
var import_node_child_process2 = require("child_process");
|
|
71
|
+
var import_node_util2 = require("util");
|
|
72
|
+
var execFileAsync2 = (0, import_node_util2.promisify)(import_node_child_process2.execFile);
|
|
73
|
+
|
|
74
|
+
// ../core/src/keychain/windows.ts
|
|
75
|
+
var import_node_child_process3 = require("child_process");
|
|
76
|
+
var import_node_util3 = require("util");
|
|
77
|
+
var execFileAsync3 = (0, import_node_util3.promisify)(import_node_child_process3.execFile);
|
|
78
|
+
|
|
64
79
|
// ../core/src/manifest/loadManifest.ts
|
|
65
80
|
var import_promises2 = require("fs/promises");
|
|
66
81
|
var import_node_path2 = __toESM(require("path"), 1);
|
|
@@ -69,15 +84,6 @@ var import_node_path2 = __toESM(require("path"), 1);
|
|
|
69
84
|
var import_promises = require("fs/promises");
|
|
70
85
|
var import_node_os = __toESM(require("os"), 1);
|
|
71
86
|
var import_node_path = __toESM(require("path"), 1);
|
|
72
|
-
function expandHomePath(targetPath) {
|
|
73
|
-
if (targetPath === "~") {
|
|
74
|
-
return import_node_os.default.homedir();
|
|
75
|
-
}
|
|
76
|
-
if (targetPath.startsWith("~/") || targetPath.startsWith("~\\")) {
|
|
77
|
-
return import_node_path.default.join(import_node_os.default.homedir(), targetPath.slice(2));
|
|
78
|
-
}
|
|
79
|
-
return targetPath;
|
|
80
|
-
}
|
|
81
87
|
function toPortablePath(targetPath) {
|
|
82
88
|
return targetPath.replace(/\\/g, "/");
|
|
83
89
|
}
|
|
@@ -100,81 +106,57 @@ var import_node_path4 = __toESM(require("path"), 1);
|
|
|
100
106
|
var import_promises5 = require("fs/promises");
|
|
101
107
|
var import_node_path5 = __toESM(require("path"), 1);
|
|
102
108
|
|
|
109
|
+
// ../core/src/secrets/auditLog.ts
|
|
110
|
+
var import_promises8 = require("fs/promises");
|
|
111
|
+
var import_node_path8 = __toESM(require("path"), 1);
|
|
112
|
+
|
|
103
113
|
// ../core/src/utils/secretStore.ts
|
|
104
114
|
var import_node_crypto = require("crypto");
|
|
115
|
+
var import_promises7 = require("fs/promises");
|
|
116
|
+
var import_node_path7 = __toESM(require("path"), 1);
|
|
117
|
+
|
|
118
|
+
// ../core/src/secrets/sessionStore.ts
|
|
105
119
|
var import_promises6 = require("fs/promises");
|
|
106
120
|
var import_node_path6 = __toESM(require("path"), 1);
|
|
121
|
+
|
|
122
|
+
// ../core/src/utils/secretStore.ts
|
|
107
123
|
function isObject(value) {
|
|
108
124
|
return Boolean(value) && typeof value === "object" && !Array.isArray(value);
|
|
109
125
|
}
|
|
110
126
|
function isSecretReference(value) {
|
|
111
127
|
return isObject(value) && typeof value.provider === "string" && value.provider.trim().length > 0 && typeof value.ref === "string" && value.ref.trim().length > 0 && (value.vault === void 0 && true || typeof value.vault === "string" && value.vault.trim().length > 0) && Object.keys(value).every((key) => ["provider", "ref", "vault"].includes(key));
|
|
112
128
|
}
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
return import_node_path6.default.join(storeRoot, "vaults", vault, "store", ...ref.split("/")).concat(".json");
|
|
118
|
-
}
|
|
119
|
-
function deriveKey(passphrase, salt) {
|
|
120
|
-
return (0, import_node_crypto.scryptSync)(passphrase, salt, 32);
|
|
121
|
-
}
|
|
122
|
-
function resolveSecretPassphrase(vault = "default", processEnv = process.env) {
|
|
123
|
-
const vaultToken = vault.replace(/[^A-Za-z0-9]+/g, "_").replace(/^_+|_+$/g, "").toUpperCase();
|
|
124
|
-
return processEnv[`CNOS_SECRET_PASSPHRASE_${vaultToken}`] ?? processEnv.CNOS_SECRET_PASSPHRASE;
|
|
125
|
-
}
|
|
126
|
-
function decryptDocument(document, passphrase) {
|
|
127
|
-
const salt = Buffer.from(document.salt, "base64");
|
|
128
|
-
const iv = Buffer.from(document.iv, "base64");
|
|
129
|
-
const tag = Buffer.from(document.tag, "base64");
|
|
130
|
-
const ciphertext = Buffer.from(document.ciphertext, "base64");
|
|
131
|
-
const key = deriveKey(passphrase, salt);
|
|
132
|
-
const decipher = (0, import_node_crypto.createDecipheriv)("aes-256-gcm", key, iv);
|
|
133
|
-
decipher.setAuthTag(tag);
|
|
134
|
-
const plaintext = Buffer.concat([decipher.update(ciphertext), decipher.final()]);
|
|
135
|
-
return plaintext.toString("utf8");
|
|
136
|
-
}
|
|
137
|
-
async function readLocalSecret(storeRoot, ref, passphrase, vault = "default") {
|
|
138
|
-
if (!passphrase) {
|
|
139
|
-
throw new CnosManifestError(
|
|
140
|
-
`Missing CNOS secret passphrase for local secret ref "${ref}". Set CNOS_SECRET_PASSPHRASE or pass processEnv explicitly.`
|
|
141
|
-
);
|
|
142
|
-
}
|
|
143
|
-
const filePath = resolveSecretStoreFile(storeRoot, ref, vault);
|
|
144
|
-
const source = await (0, import_promises6.readFile)(filePath, "utf8");
|
|
145
|
-
const document = JSON.parse(source);
|
|
146
|
-
if (document.version !== 1 || document.algorithm !== "aes-256-gcm" || typeof document.salt !== "string" || typeof document.iv !== "string" || typeof document.tag !== "string" || typeof document.ciphertext !== "string") {
|
|
147
|
-
throw new CnosManifestError("Invalid local secret document", filePath);
|
|
148
|
-
}
|
|
149
|
-
return decryptDocument(document, passphrase);
|
|
150
|
-
}
|
|
129
|
+
|
|
130
|
+
// ../core/src/secrets/prompt.ts
|
|
131
|
+
var import_node_readline = __toESM(require("readline"), 1);
|
|
132
|
+
var import_node_stream = require("stream");
|
|
151
133
|
|
|
152
134
|
// ../core/src/runtime/dump.ts
|
|
153
|
-
var
|
|
154
|
-
var
|
|
135
|
+
var import_promises9 = require("fs/promises");
|
|
136
|
+
var import_node_path9 = __toESM(require("path"), 1);
|
|
155
137
|
|
|
156
138
|
// ../../plugins/filesystem/src/helpers.ts
|
|
157
139
|
var YAML_EXTENSIONS = /* @__PURE__ */ new Set([".yml", ".yaml"]);
|
|
158
140
|
var FILESYSTEM_PLUGIN_ID = "@kitsy/cnos/plugins/filesystem";
|
|
159
141
|
async function existsDirectory(targetPath) {
|
|
160
142
|
try {
|
|
161
|
-
const
|
|
162
|
-
void
|
|
143
|
+
const stat2 = await (0, import_promises10.readdir)(targetPath);
|
|
144
|
+
void stat2;
|
|
163
145
|
return true;
|
|
164
146
|
} catch {
|
|
165
147
|
return false;
|
|
166
148
|
}
|
|
167
149
|
}
|
|
168
150
|
async function collectYamlFiles(root) {
|
|
169
|
-
const entries = await (0,
|
|
151
|
+
const entries = await (0, import_promises10.readdir)(root, { withFileTypes: true });
|
|
170
152
|
const results = [];
|
|
171
153
|
for (const entry of entries.sort((left, right) => left.name.localeCompare(right.name))) {
|
|
172
|
-
const absolutePath =
|
|
154
|
+
const absolutePath = import_node_path10.default.join(root, entry.name);
|
|
173
155
|
if (entry.isDirectory()) {
|
|
174
156
|
results.push(...await collectYamlFiles(absolutePath));
|
|
175
157
|
continue;
|
|
176
158
|
}
|
|
177
|
-
if (entry.isFile() && YAML_EXTENSIONS.has(
|
|
159
|
+
if (entry.isFile() && YAML_EXTENSIONS.has(import_node_path10.default.extname(entry.name).toLowerCase())) {
|
|
178
160
|
results.push(absolutePath);
|
|
179
161
|
}
|
|
180
162
|
}
|
|
@@ -182,16 +164,16 @@ async function collectYamlFiles(root) {
|
|
|
182
164
|
}
|
|
183
165
|
async function collectFilesystemLayerFiles(manifestRoot, workspaceRoots, sourceRoot, activeLayers) {
|
|
184
166
|
const files = [];
|
|
185
|
-
const repoRoot =
|
|
167
|
+
const repoRoot = import_node_path10.default.dirname(manifestRoot);
|
|
186
168
|
for (const workspaceRoot of workspaceRoots) {
|
|
187
|
-
const resolvedRoot =
|
|
169
|
+
const resolvedRoot = import_node_path10.default.resolve(workspaceRoot.path, sourceRoot);
|
|
188
170
|
for (const layer of activeLayers) {
|
|
189
|
-
const layerRoot =
|
|
171
|
+
const layerRoot = import_node_path10.default.join(resolvedRoot, layer);
|
|
190
172
|
if (!await existsDirectory(layerRoot)) {
|
|
191
173
|
continue;
|
|
192
174
|
}
|
|
193
175
|
for (const absolutePath of await collectYamlFiles(layerRoot)) {
|
|
194
|
-
const relativePath =
|
|
176
|
+
const relativePath = import_node_path10.default.relative(repoRoot, absolutePath);
|
|
195
177
|
files.push({
|
|
196
178
|
absolutePath,
|
|
197
179
|
relativePath: toPortablePath(relativePath.startsWith("..") ? absolutePath : relativePath),
|
|
@@ -241,31 +223,6 @@ function yamlObjectToEntries(document, filePath, namespace, sourceId, workspaceI
|
|
|
241
223
|
}
|
|
242
224
|
}));
|
|
243
225
|
}
|
|
244
|
-
async function resolveSecretValue(value, processEnv) {
|
|
245
|
-
if (!isSecretReference(value)) {
|
|
246
|
-
return value;
|
|
247
|
-
}
|
|
248
|
-
if (value.provider === "local") {
|
|
249
|
-
const passphrase = resolveSecretPassphrase(value.vault, processEnv);
|
|
250
|
-
if (!passphrase) {
|
|
251
|
-
return value;
|
|
252
|
-
}
|
|
253
|
-
return readLocalSecret(
|
|
254
|
-
resolveSecretStoreRoot(processEnv),
|
|
255
|
-
value.ref,
|
|
256
|
-
passphrase,
|
|
257
|
-
value.vault
|
|
258
|
-
);
|
|
259
|
-
}
|
|
260
|
-
if (value.provider === "env" || value.provider === "github-secrets") {
|
|
261
|
-
const resolved = processEnv?.[value.ref];
|
|
262
|
-
if (resolved === void 0) {
|
|
263
|
-
return value;
|
|
264
|
-
}
|
|
265
|
-
return resolved;
|
|
266
|
-
}
|
|
267
|
-
return value;
|
|
268
|
-
}
|
|
269
226
|
function toSecretReferenceMetadata(value) {
|
|
270
227
|
if (!isSecretReference(value)) {
|
|
271
228
|
return void 0;
|
|
@@ -293,14 +250,12 @@ function createFilesystemSecretsPlugin() {
|
|
|
293
250
|
);
|
|
294
251
|
const entries = [];
|
|
295
252
|
for (const file of files) {
|
|
296
|
-
const document = await (0,
|
|
253
|
+
const document = await (0, import_promises11.readFile)(file.absolutePath, "utf8");
|
|
297
254
|
const fileEntries = filesystemSecretsReader(file.relativePath, document, file.workspaceId);
|
|
298
255
|
for (const entry of fileEntries) {
|
|
299
256
|
const metadata = toSecretReferenceMetadata(entry.value);
|
|
300
|
-
const resolvedValue = await resolveSecretValue(entry.value, context.processEnv);
|
|
301
257
|
entries.push({
|
|
302
258
|
...entry,
|
|
303
|
-
value: resolvedValue,
|
|
304
259
|
...metadata ? { metadata } : {}
|
|
305
260
|
});
|
|
306
261
|
}
|
|
@@ -311,7 +266,7 @@ function createFilesystemSecretsPlugin() {
|
|
|
311
266
|
}
|
|
312
267
|
|
|
313
268
|
// ../../plugins/filesystem/src/filesystemValuesReader.ts
|
|
314
|
-
var
|
|
269
|
+
var import_promises12 = require("fs/promises");
|
|
315
270
|
function filesystemValuesReader(filePath, document, workspaceId = "default") {
|
|
316
271
|
return yamlObjectToEntries(document, filePath, "value", "filesystem-values", workspaceId);
|
|
317
272
|
}
|
|
@@ -327,11 +282,30 @@ function createFilesystemValuesPlugin() {
|
|
|
327
282
|
sourceRoot,
|
|
328
283
|
context.profileActivation.values
|
|
329
284
|
);
|
|
285
|
+
const customNamespaces = Object.entries(context.manifest.namespaces).filter(
|
|
286
|
+
([namespace, definition]) => namespace !== "value" && namespace !== "secret" && definition.kind === "data" && !definition.sensitive
|
|
287
|
+
).map(([namespace]) => namespace);
|
|
330
288
|
const entries = [];
|
|
331
289
|
for (const file of files) {
|
|
332
|
-
const document = await (0,
|
|
290
|
+
const document = await (0, import_promises12.readFile)(file.absolutePath, "utf8");
|
|
333
291
|
entries.push(...filesystemValuesReader(file.relativePath, document, file.workspaceId));
|
|
334
292
|
}
|
|
293
|
+
for (const namespace of customNamespaces) {
|
|
294
|
+
const layers = [
|
|
295
|
+
namespace,
|
|
296
|
+
...context.profileChain.filter((profile) => profile !== "base").map((profile) => `profiles/${profile}/${namespace}`)
|
|
297
|
+
];
|
|
298
|
+
const namespaceFiles = await collectFilesystemLayerFiles(
|
|
299
|
+
context.manifestRoot,
|
|
300
|
+
context.workspace.workspaceRoots,
|
|
301
|
+
sourceRoot,
|
|
302
|
+
layers
|
|
303
|
+
);
|
|
304
|
+
for (const file of namespaceFiles) {
|
|
305
|
+
const document = await (0, import_promises12.readFile)(file.absolutePath, "utf8");
|
|
306
|
+
entries.push(...yamlObjectToEntries(document, file.relativePath, namespace, "filesystem-values", file.workspaceId));
|
|
307
|
+
}
|
|
308
|
+
}
|
|
335
309
|
return entries;
|
|
336
310
|
}
|
|
337
311
|
};
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { L as LoaderPlugin,
|
|
1
|
+
import { L as LoaderPlugin, a as ConfigEntry, W as WorkspaceRoot, i as NamespaceName } from '../plugin-B4xwySxw.cjs';
|
|
2
2
|
|
|
3
3
|
declare function filesystemSecretsReader(filePath: string, document: string, workspaceId?: string): ConfigEntry[];
|
|
4
4
|
declare function createFilesystemSecretsPlugin(): LoaderPlugin;
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { L as LoaderPlugin,
|
|
1
|
+
import { L as LoaderPlugin, a as ConfigEntry, W as WorkspaceRoot, i as NamespaceName } from '../plugin-B4xwySxw.js';
|
|
2
2
|
|
|
3
3
|
declare function filesystemSecretsReader(filePath: string, document: string, workspaceId?: string): ConfigEntry[];
|
|
4
4
|
declare function createFilesystemSecretsPlugin(): LoaderPlugin;
|