@kitsy/cnos 1.8.0 → 1.8.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/build/index.cjs +22 -6
- package/dist/build/index.d.cts +1 -1
- package/dist/build/index.d.ts +1 -1
- package/dist/build/index.js +8 -8
- package/dist/{chunk-UL63DFLS.js → chunk-4MQBH4AY.js} +1 -1
- package/dist/{chunk-2TL42I6M.js → chunk-5XOGTE42.js} +21 -5
- package/dist/{chunk-RYIARE4M.js → chunk-B5TV5O6O.js} +1 -1
- package/dist/{chunk-CW7SNVIQ.js → chunk-CP6K2DB3.js} +3 -3
- package/dist/{chunk-TT4NV56Z.js → chunk-DAFUP7EQ.js} +1 -1
- package/dist/{chunk-OA7FQGAG.js → chunk-DQGLBF6G.js} +1 -1
- package/dist/{chunk-5KIQCYFH.js → chunk-FWW7F52D.js} +1 -1
- package/dist/{chunk-ZD4YX6VC.js → chunk-J7VEEREE.js} +10 -10
- package/dist/{chunk-2DGT7N7E.js → chunk-KU73PJSQ.js} +1 -1
- package/dist/{chunk-GHGJFRDL.js → chunk-VTUOWV3S.js} +1 -1
- package/dist/configure/index.cjs +22 -6
- package/dist/configure/index.d.cts +3 -3
- package/dist/configure/index.d.ts +3 -3
- package/dist/configure/index.js +8 -8
- package/dist/{core-BJ8xewez.d.cts → core-CXgtC4VL.d.cts} +1 -1
- package/dist/{core-BJ8xewez.d.ts → core-CXgtC4VL.d.ts} +1 -1
- package/dist/{envNaming-rx71gpi0.d.cts → envNaming-BDtISWCK.d.cts} +1 -1
- package/dist/{envNaming-BRyiuPoI.d.ts → envNaming-CA6OluSg.d.ts} +1 -1
- package/dist/index.cjs +22 -6
- package/dist/index.d.cts +1 -1
- package/dist/index.d.ts +1 -1
- package/dist/index.js +10 -10
- package/dist/internal.cjs +12 -5
- package/dist/internal.d.cts +2 -2
- package/dist/internal.d.ts +2 -2
- package/dist/internal.js +2 -2
- package/dist/plugin/basic-schema.d.cts +1 -1
- package/dist/plugin/basic-schema.d.ts +1 -1
- package/dist/plugin/basic-schema.js +2 -2
- package/dist/plugin/cli-args.d.cts +1 -1
- package/dist/plugin/cli-args.d.ts +1 -1
- package/dist/plugin/cli-args.js +2 -2
- package/dist/plugin/dotenv.d.cts +2 -2
- package/dist/plugin/dotenv.d.ts +2 -2
- package/dist/plugin/dotenv.js +2 -2
- package/dist/plugin/env-export.d.cts +2 -2
- package/dist/plugin/env-export.d.ts +2 -2
- package/dist/plugin/env-export.js +2 -2
- package/dist/plugin/filesystem.d.cts +1 -1
- package/dist/plugin/filesystem.d.ts +1 -1
- package/dist/plugin/filesystem.js +2 -2
- package/dist/plugin/process-env.d.cts +2 -2
- package/dist/plugin/process-env.d.ts +2 -2
- package/dist/plugin/process-env.js +2 -2
- package/dist/runtime/index.cjs +22 -6
- package/dist/runtime/index.d.cts +1 -1
- package/dist/runtime/index.d.ts +1 -1
- package/dist/runtime/index.js +10 -10
- package/dist/{toPublicEnv-CCSgdvI9.d.ts → toPublicEnv-B_dZDXDv.d.ts} +1 -1
- package/dist/{toPublicEnv-ivRtLjcw.d.cts → toPublicEnv-C_MbUTdV.d.cts} +1 -1
- package/package.json +1 -1
package/dist/build/index.cjs
CHANGED
|
@@ -1517,7 +1517,7 @@ function normalizeVaultAuth(vaultName, provider, auth) {
|
|
|
1517
1517
|
...auth?.config ? { config: auth.config } : {}
|
|
1518
1518
|
};
|
|
1519
1519
|
}
|
|
1520
|
-
if (provider === "github-secrets") {
|
|
1520
|
+
if (provider === "github-secrets" || provider === "environment") {
|
|
1521
1521
|
return {
|
|
1522
1522
|
method: auth?.method ?? "environment",
|
|
1523
1523
|
...auth?.config ? { config: auth.config } : {}
|
|
@@ -2621,7 +2621,7 @@ function resolveConfiguredVaultPassphrase(definition, vault = "default", process
|
|
|
2621
2621
|
}
|
|
2622
2622
|
async function resolveVaultAccessKey(storeRoot, definition, vault = "default", processEnv = process.env) {
|
|
2623
2623
|
if (definition?.provider !== "local") {
|
|
2624
|
-
return definition?.provider === "github-secrets" ? {
|
|
2624
|
+
return definition?.provider === "github-secrets" || definition?.provider === "environment" ? {
|
|
2625
2625
|
method: definition.auth?.method ?? "environment",
|
|
2626
2626
|
...definition?.auth?.config ? { config: definition.auth.config } : {}
|
|
2627
2627
|
} : void 0;
|
|
@@ -2779,8 +2779,8 @@ var SecretCache = class {
|
|
|
2779
2779
|
}
|
|
2780
2780
|
};
|
|
2781
2781
|
|
|
2782
|
-
// ../core/src/secrets/providers/
|
|
2783
|
-
var
|
|
2782
|
+
// ../core/src/secrets/providers/environment.ts
|
|
2783
|
+
var EnvironmentSecretsVaultProvider = class {
|
|
2784
2784
|
constructor(vaultId, definition, processEnv = process.env) {
|
|
2785
2785
|
this.vaultId = vaultId;
|
|
2786
2786
|
this.definition = definition;
|
|
@@ -2834,6 +2834,10 @@ var GithubSecretsVaultProvider = class {
|
|
|
2834
2834
|
}
|
|
2835
2835
|
};
|
|
2836
2836
|
|
|
2837
|
+
// ../core/src/secrets/providers/github.ts
|
|
2838
|
+
var GithubSecretsVaultProvider = class extends EnvironmentSecretsVaultProvider {
|
|
2839
|
+
};
|
|
2840
|
+
|
|
2837
2841
|
// ../core/src/secrets/providers/local.ts
|
|
2838
2842
|
var LocalSecretVaultProvider = class _LocalSecretVaultProvider {
|
|
2839
2843
|
constructor(vaultId, definition, processEnv = process.env, storeRoot = resolveSecretStoreRoot(processEnv)) {
|
|
@@ -2929,6 +2933,9 @@ function createSecretVaultProvider(vaultId, definition, processEnv) {
|
|
|
2929
2933
|
if (definition.provider === "local") {
|
|
2930
2934
|
return new LocalSecretVaultProvider(vaultId, definition, processEnv);
|
|
2931
2935
|
}
|
|
2936
|
+
if (definition.provider === "environment") {
|
|
2937
|
+
return new EnvironmentSecretsVaultProvider(vaultId, definition, processEnv);
|
|
2938
|
+
}
|
|
2932
2939
|
if (definition.provider === "github-secrets") {
|
|
2933
2940
|
return new GithubSecretsVaultProvider(vaultId, definition, processEnv);
|
|
2934
2941
|
}
|
|
@@ -2984,7 +2991,7 @@ async function resolveVaultAuth(vaultId, definition, processEnv = process.env) {
|
|
|
2984
2991
|
...definition.auth?.config ? { config: definition.auth.config } : {}
|
|
2985
2992
|
};
|
|
2986
2993
|
}
|
|
2987
|
-
if (definition.provider === "github-secrets") {
|
|
2994
|
+
if (definition.provider === "github-secrets" || definition.provider === "environment") {
|
|
2988
2995
|
return {
|
|
2989
2996
|
method: definition.auth?.method ?? "environment",
|
|
2990
2997
|
...definition.auth?.config ? { config: definition.auth.config } : {}
|
|
@@ -3170,6 +3177,9 @@ function configHash(values) {
|
|
|
3170
3177
|
const serialized = JSON.stringify(stableSortObject(values));
|
|
3171
3178
|
return (0, import_node_crypto3.createHash)("sha256").update(serialized).digest("hex");
|
|
3172
3179
|
}
|
|
3180
|
+
function shouldProjectResolvedValue(sourceId) {
|
|
3181
|
+
return sourceId !== "process-env";
|
|
3182
|
+
}
|
|
3173
3183
|
function toServerProjection(graph, manifest, cnosVersion = "0.0.0-dev", helpers = {}) {
|
|
3174
3184
|
const values = {};
|
|
3175
3185
|
const derived = {};
|
|
@@ -3187,6 +3197,9 @@ function toServerProjection(graph, manifest, cnosVersion = "0.0.0-dev", helpers
|
|
|
3187
3197
|
continue;
|
|
3188
3198
|
}
|
|
3189
3199
|
if (entry.namespace === "value") {
|
|
3200
|
+
if (!shouldProjectResolvedValue(entry.winner.sourceId)) {
|
|
3201
|
+
continue;
|
|
3202
|
+
}
|
|
3190
3203
|
if (helpers.isRuntimeDependent?.(key)) {
|
|
3191
3204
|
const formula = helpers.toServerFormula?.(key);
|
|
3192
3205
|
if (formula) {
|
|
@@ -3203,6 +3216,9 @@ function toServerProjection(graph, manifest, cnosVersion = "0.0.0-dev", helpers
|
|
|
3203
3216
|
}
|
|
3204
3217
|
const namespaceDefinition = manifest.namespaces[entry.namespace];
|
|
3205
3218
|
if (namespaceDefinition && namespaceDefinition.kind === "data" && !namespaceDefinition.sensitive && entry.namespace !== "public") {
|
|
3219
|
+
if (!shouldProjectResolvedValue(entry.winner.sourceId)) {
|
|
3220
|
+
continue;
|
|
3221
|
+
}
|
|
3206
3222
|
if (helpers.isRuntimeDependent?.(key)) {
|
|
3207
3223
|
const formula = helpers.toServerFormula?.(key);
|
|
3208
3224
|
if (formula) {
|
|
@@ -3684,7 +3700,7 @@ function envVarToLogicalKey(envVar, config = {}) {
|
|
|
3684
3700
|
// package.json
|
|
3685
3701
|
var package_default = {
|
|
3686
3702
|
name: "@kitsy/cnos",
|
|
3687
|
-
version: "1.8.
|
|
3703
|
+
version: "1.8.2",
|
|
3688
3704
|
description: "Batteries-included CNOS runtime package wired with the official plugins.",
|
|
3689
3705
|
type: "module",
|
|
3690
3706
|
main: "./dist/index.cjs",
|
package/dist/build/index.d.cts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { C as CnosCreateOptions, S as ServerProjection } from '../core-
|
|
1
|
+
import { C as CnosCreateOptions, S as ServerProjection } from '../core-CXgtC4VL.cjs';
|
|
2
2
|
|
|
3
3
|
type BrowserDataMap = Record<string, unknown>;
|
|
4
4
|
type FrameworkEnvTarget = 'generic' | 'vite' | 'next' | 'webpack' | (string & {});
|
package/dist/build/index.d.ts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { C as CnosCreateOptions, S as ServerProjection } from '../core-
|
|
1
|
+
import { C as CnosCreateOptions, S as ServerProjection } from '../core-CXgtC4VL.js';
|
|
2
2
|
|
|
3
3
|
type BrowserDataMap = Record<string, unknown>;
|
|
4
4
|
type FrameworkEnvTarget = 'generic' | 'vite' | 'next' | 'webpack' | (string & {});
|
package/dist/build/index.js
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
import {
|
|
2
2
|
createCnos
|
|
3
|
-
} from "../chunk-
|
|
4
|
-
import "../chunk-
|
|
5
|
-
import "../chunk-
|
|
6
|
-
import "../chunk-
|
|
7
|
-
import "../chunk-
|
|
8
|
-
import "../chunk-
|
|
9
|
-
import "../chunk-
|
|
10
|
-
import "../chunk-
|
|
3
|
+
} from "../chunk-J7VEEREE.js";
|
|
4
|
+
import "../chunk-DQGLBF6G.js";
|
|
5
|
+
import "../chunk-B5TV5O6O.js";
|
|
6
|
+
import "../chunk-DAFUP7EQ.js";
|
|
7
|
+
import "../chunk-4MQBH4AY.js";
|
|
8
|
+
import "../chunk-FWW7F52D.js";
|
|
9
|
+
import "../chunk-KU73PJSQ.js";
|
|
10
|
+
import "../chunk-5XOGTE42.js";
|
|
11
11
|
|
|
12
12
|
// src/build/index.ts
|
|
13
13
|
async function resolveBrowserData(options = {}) {
|
|
@@ -1532,7 +1532,7 @@ function normalizeVaultAuth(vaultName, provider, auth) {
|
|
|
1532
1532
|
...auth?.config ? { config: auth.config } : {}
|
|
1533
1533
|
};
|
|
1534
1534
|
}
|
|
1535
|
-
if (provider === "github-secrets") {
|
|
1535
|
+
if (provider === "github-secrets" || provider === "environment") {
|
|
1536
1536
|
return {
|
|
1537
1537
|
method: auth?.method ?? "environment",
|
|
1538
1538
|
...auth?.config ? { config: auth.config } : {}
|
|
@@ -2019,7 +2019,7 @@ function resolveConfiguredVaultPassphrase(definition, vault = "default", process
|
|
|
2019
2019
|
}
|
|
2020
2020
|
async function resolveVaultAccessKey(storeRoot, definition, vault = "default", processEnv = process.env) {
|
|
2021
2021
|
if (definition?.provider !== "local") {
|
|
2022
|
-
return definition?.provider === "github-secrets" ? {
|
|
2022
|
+
return definition?.provider === "github-secrets" || definition?.provider === "environment" ? {
|
|
2023
2023
|
method: definition.auth?.method ?? "environment",
|
|
2024
2024
|
...definition?.auth?.config ? { config: definition.auth.config } : {}
|
|
2025
2025
|
} : void 0;
|
|
@@ -2134,8 +2134,8 @@ async function removeLocalVaultFiles(storeRoot, vault = "default") {
|
|
|
2134
2134
|
await rm2(path8.join(storeRoot, "vaults", vault), { recursive: true, force: true });
|
|
2135
2135
|
}
|
|
2136
2136
|
|
|
2137
|
-
// ../core/src/secrets/providers/
|
|
2138
|
-
var
|
|
2137
|
+
// ../core/src/secrets/providers/environment.ts
|
|
2138
|
+
var EnvironmentSecretsVaultProvider = class {
|
|
2139
2139
|
constructor(vaultId, definition, processEnv = process.env) {
|
|
2140
2140
|
this.vaultId = vaultId;
|
|
2141
2141
|
this.definition = definition;
|
|
@@ -2189,6 +2189,10 @@ var GithubSecretsVaultProvider = class {
|
|
|
2189
2189
|
}
|
|
2190
2190
|
};
|
|
2191
2191
|
|
|
2192
|
+
// ../core/src/secrets/providers/github.ts
|
|
2193
|
+
var GithubSecretsVaultProvider = class extends EnvironmentSecretsVaultProvider {
|
|
2194
|
+
};
|
|
2195
|
+
|
|
2192
2196
|
// ../core/src/secrets/auditLog.ts
|
|
2193
2197
|
import { appendFile, mkdir as mkdir5 } from "fs/promises";
|
|
2194
2198
|
import path9 from "path";
|
|
@@ -2301,6 +2305,9 @@ function createSecretVaultProvider(vaultId, definition, processEnv) {
|
|
|
2301
2305
|
if (definition.provider === "local") {
|
|
2302
2306
|
return new LocalSecretVaultProvider(vaultId, definition, processEnv);
|
|
2303
2307
|
}
|
|
2308
|
+
if (definition.provider === "environment") {
|
|
2309
|
+
return new EnvironmentSecretsVaultProvider(vaultId, definition, processEnv);
|
|
2310
|
+
}
|
|
2304
2311
|
if (definition.provider === "github-secrets") {
|
|
2305
2312
|
return new GithubSecretsVaultProvider(vaultId, definition, processEnv);
|
|
2306
2313
|
}
|
|
@@ -2356,7 +2363,7 @@ async function resolveVaultAuth(vaultId, definition, processEnv = process.env) {
|
|
|
2356
2363
|
...definition.auth?.config ? { config: definition.auth.config } : {}
|
|
2357
2364
|
};
|
|
2358
2365
|
}
|
|
2359
|
-
if (definition.provider === "github-secrets") {
|
|
2366
|
+
if (definition.provider === "github-secrets" || definition.provider === "environment") {
|
|
2360
2367
|
return {
|
|
2361
2368
|
method: definition.auth?.method ?? "environment",
|
|
2362
2369
|
...definition.auth?.config ? { config: definition.auth.config } : {}
|
|
@@ -3562,6 +3569,9 @@ function configHash(values) {
|
|
|
3562
3569
|
const serialized = JSON.stringify(stableSortObject(values));
|
|
3563
3570
|
return createHash2("sha256").update(serialized).digest("hex");
|
|
3564
3571
|
}
|
|
3572
|
+
function shouldProjectResolvedValue(sourceId) {
|
|
3573
|
+
return sourceId !== "process-env";
|
|
3574
|
+
}
|
|
3565
3575
|
function toServerProjection(graph, manifest, cnosVersion = "0.0.0-dev", helpers = {}) {
|
|
3566
3576
|
const values = {};
|
|
3567
3577
|
const derived = {};
|
|
@@ -3579,6 +3589,9 @@ function toServerProjection(graph, manifest, cnosVersion = "0.0.0-dev", helpers
|
|
|
3579
3589
|
continue;
|
|
3580
3590
|
}
|
|
3581
3591
|
if (entry.namespace === "value") {
|
|
3592
|
+
if (!shouldProjectResolvedValue(entry.winner.sourceId)) {
|
|
3593
|
+
continue;
|
|
3594
|
+
}
|
|
3582
3595
|
if (helpers.isRuntimeDependent?.(key)) {
|
|
3583
3596
|
const formula = helpers.toServerFormula?.(key);
|
|
3584
3597
|
if (formula) {
|
|
@@ -3595,6 +3608,9 @@ function toServerProjection(graph, manifest, cnosVersion = "0.0.0-dev", helpers
|
|
|
3595
3608
|
}
|
|
3596
3609
|
const namespaceDefinition = manifest.namespaces[entry.namespace];
|
|
3597
3610
|
if (namespaceDefinition && namespaceDefinition.kind === "data" && !namespaceDefinition.sensitive && entry.namespace !== "public") {
|
|
3611
|
+
if (!shouldProjectResolvedValue(entry.winner.sourceId)) {
|
|
3612
|
+
continue;
|
|
3613
|
+
}
|
|
3598
3614
|
if (helpers.isRuntimeDependent?.(key)) {
|
|
3599
3615
|
const formula = helpers.toServerFormula?.(key);
|
|
3600
3616
|
if (formula) {
|
|
@@ -3,7 +3,7 @@ import {
|
|
|
3
3
|
graphRequiresSecretHydration,
|
|
4
4
|
readRuntimeGraphFromEnv,
|
|
5
5
|
readServerProjectionFromEnv
|
|
6
|
-
} from "./chunk-
|
|
6
|
+
} from "./chunk-VTUOWV3S.js";
|
|
7
7
|
import {
|
|
8
8
|
createCnos,
|
|
9
9
|
getBootstrappedSecretHydrationRequired,
|
|
@@ -12,7 +12,7 @@ import {
|
|
|
12
12
|
setBootstrappedSecretHydrationRequired,
|
|
13
13
|
setSingletonReady,
|
|
14
14
|
setSingletonRuntime
|
|
15
|
-
} from "./chunk-
|
|
15
|
+
} from "./chunk-J7VEEREE.js";
|
|
16
16
|
import {
|
|
17
17
|
createDefaultRuntimeProviders,
|
|
18
18
|
createDerivedRuntimeSupport,
|
|
@@ -28,7 +28,7 @@ import {
|
|
|
28
28
|
toLogicalKey,
|
|
29
29
|
toNamespaceObject,
|
|
30
30
|
toPublicEnv
|
|
31
|
-
} from "./chunk-
|
|
31
|
+
} from "./chunk-5XOGTE42.js";
|
|
32
32
|
|
|
33
33
|
// src/runtime/index.ts
|
|
34
34
|
import { existsSync, readFileSync } from "fs";
|
|
@@ -1,27 +1,27 @@
|
|
|
1
|
+
import {
|
|
2
|
+
createDotenvPlugin
|
|
3
|
+
} from "./chunk-DQGLBF6G.js";
|
|
1
4
|
import {
|
|
2
5
|
createEnvExportPlugin,
|
|
3
6
|
createPublicEnvExportPlugin
|
|
4
|
-
} from "./chunk-
|
|
7
|
+
} from "./chunk-B5TV5O6O.js";
|
|
5
8
|
import {
|
|
6
9
|
createFilesystemSecretsPlugin,
|
|
7
10
|
createFilesystemValuesPlugin
|
|
8
|
-
} from "./chunk-
|
|
11
|
+
} from "./chunk-DAFUP7EQ.js";
|
|
9
12
|
import {
|
|
10
13
|
createProcessEnvPlugin
|
|
11
|
-
} from "./chunk-
|
|
14
|
+
} from "./chunk-4MQBH4AY.js";
|
|
12
15
|
import {
|
|
13
16
|
createBasicSchemaPlugin
|
|
14
|
-
} from "./chunk-
|
|
17
|
+
} from "./chunk-FWW7F52D.js";
|
|
15
18
|
import {
|
|
16
19
|
createCliArgsPlugin
|
|
17
|
-
} from "./chunk-
|
|
18
|
-
import {
|
|
19
|
-
createDotenvPlugin
|
|
20
|
-
} from "./chunk-OA7FQGAG.js";
|
|
20
|
+
} from "./chunk-KU73PJSQ.js";
|
|
21
21
|
import {
|
|
22
22
|
createCnos,
|
|
23
23
|
createProvenanceInspector
|
|
24
|
-
} from "./chunk-
|
|
24
|
+
} from "./chunk-5XOGTE42.js";
|
|
25
25
|
|
|
26
26
|
// src/defaultPlugins.ts
|
|
27
27
|
function defaultPlugins() {
|
|
@@ -68,7 +68,7 @@ function setBootstrappedSecretHydrationRequired(value) {
|
|
|
68
68
|
// package.json
|
|
69
69
|
var package_default = {
|
|
70
70
|
name: "@kitsy/cnos",
|
|
71
|
-
version: "1.8.
|
|
71
|
+
version: "1.8.2",
|
|
72
72
|
description: "Batteries-included CNOS runtime package wired with the official plugins.",
|
|
73
73
|
type: "module",
|
|
74
74
|
main: "./dist/index.cjs",
|
package/dist/configure/index.cjs
CHANGED
|
@@ -1519,7 +1519,7 @@ function normalizeVaultAuth(vaultName, provider, auth) {
|
|
|
1519
1519
|
...auth?.config ? { config: auth.config } : {}
|
|
1520
1520
|
};
|
|
1521
1521
|
}
|
|
1522
|
-
if (provider === "github-secrets") {
|
|
1522
|
+
if (provider === "github-secrets" || provider === "environment") {
|
|
1523
1523
|
return {
|
|
1524
1524
|
method: auth?.method ?? "environment",
|
|
1525
1525
|
...auth?.config ? { config: auth.config } : {}
|
|
@@ -2623,7 +2623,7 @@ function resolveConfiguredVaultPassphrase(definition, vault = "default", process
|
|
|
2623
2623
|
}
|
|
2624
2624
|
async function resolveVaultAccessKey(storeRoot, definition, vault = "default", processEnv = process.env) {
|
|
2625
2625
|
if (definition?.provider !== "local") {
|
|
2626
|
-
return definition?.provider === "github-secrets" ? {
|
|
2626
|
+
return definition?.provider === "github-secrets" || definition?.provider === "environment" ? {
|
|
2627
2627
|
method: definition.auth?.method ?? "environment",
|
|
2628
2628
|
...definition?.auth?.config ? { config: definition.auth.config } : {}
|
|
2629
2629
|
} : void 0;
|
|
@@ -2781,8 +2781,8 @@ var SecretCache = class {
|
|
|
2781
2781
|
}
|
|
2782
2782
|
};
|
|
2783
2783
|
|
|
2784
|
-
// ../core/src/secrets/providers/
|
|
2785
|
-
var
|
|
2784
|
+
// ../core/src/secrets/providers/environment.ts
|
|
2785
|
+
var EnvironmentSecretsVaultProvider = class {
|
|
2786
2786
|
constructor(vaultId, definition, processEnv = process.env) {
|
|
2787
2787
|
this.vaultId = vaultId;
|
|
2788
2788
|
this.definition = definition;
|
|
@@ -2836,6 +2836,10 @@ var GithubSecretsVaultProvider = class {
|
|
|
2836
2836
|
}
|
|
2837
2837
|
};
|
|
2838
2838
|
|
|
2839
|
+
// ../core/src/secrets/providers/github.ts
|
|
2840
|
+
var GithubSecretsVaultProvider = class extends EnvironmentSecretsVaultProvider {
|
|
2841
|
+
};
|
|
2842
|
+
|
|
2839
2843
|
// ../core/src/secrets/providers/local.ts
|
|
2840
2844
|
var LocalSecretVaultProvider = class _LocalSecretVaultProvider {
|
|
2841
2845
|
constructor(vaultId, definition, processEnv = process.env, storeRoot = resolveSecretStoreRoot(processEnv)) {
|
|
@@ -2931,6 +2935,9 @@ function createSecretVaultProvider(vaultId, definition, processEnv) {
|
|
|
2931
2935
|
if (definition.provider === "local") {
|
|
2932
2936
|
return new LocalSecretVaultProvider(vaultId, definition, processEnv);
|
|
2933
2937
|
}
|
|
2938
|
+
if (definition.provider === "environment") {
|
|
2939
|
+
return new EnvironmentSecretsVaultProvider(vaultId, definition, processEnv);
|
|
2940
|
+
}
|
|
2934
2941
|
if (definition.provider === "github-secrets") {
|
|
2935
2942
|
return new GithubSecretsVaultProvider(vaultId, definition, processEnv);
|
|
2936
2943
|
}
|
|
@@ -2986,7 +2993,7 @@ async function resolveVaultAuth(vaultId, definition, processEnv = process.env) {
|
|
|
2986
2993
|
...definition.auth?.config ? { config: definition.auth.config } : {}
|
|
2987
2994
|
};
|
|
2988
2995
|
}
|
|
2989
|
-
if (definition.provider === "github-secrets") {
|
|
2996
|
+
if (definition.provider === "github-secrets" || definition.provider === "environment") {
|
|
2990
2997
|
return {
|
|
2991
2998
|
method: definition.auth?.method ?? "environment",
|
|
2992
2999
|
...definition.auth?.config ? { config: definition.auth.config } : {}
|
|
@@ -3172,6 +3179,9 @@ function configHash(values) {
|
|
|
3172
3179
|
const serialized = JSON.stringify(stableSortObject(values));
|
|
3173
3180
|
return (0, import_node_crypto3.createHash)("sha256").update(serialized).digest("hex");
|
|
3174
3181
|
}
|
|
3182
|
+
function shouldProjectResolvedValue(sourceId) {
|
|
3183
|
+
return sourceId !== "process-env";
|
|
3184
|
+
}
|
|
3175
3185
|
function toServerProjection(graph, manifest, cnosVersion = "0.0.0-dev", helpers = {}) {
|
|
3176
3186
|
const values = {};
|
|
3177
3187
|
const derived = {};
|
|
@@ -3189,6 +3199,9 @@ function toServerProjection(graph, manifest, cnosVersion = "0.0.0-dev", helpers
|
|
|
3189
3199
|
continue;
|
|
3190
3200
|
}
|
|
3191
3201
|
if (entry.namespace === "value") {
|
|
3202
|
+
if (!shouldProjectResolvedValue(entry.winner.sourceId)) {
|
|
3203
|
+
continue;
|
|
3204
|
+
}
|
|
3192
3205
|
if (helpers.isRuntimeDependent?.(key)) {
|
|
3193
3206
|
const formula = helpers.toServerFormula?.(key);
|
|
3194
3207
|
if (formula) {
|
|
@@ -3205,6 +3218,9 @@ function toServerProjection(graph, manifest, cnosVersion = "0.0.0-dev", helpers
|
|
|
3205
3218
|
}
|
|
3206
3219
|
const namespaceDefinition = manifest.namespaces[entry.namespace];
|
|
3207
3220
|
if (namespaceDefinition && namespaceDefinition.kind === "data" && !namespaceDefinition.sensitive && entry.namespace !== "public") {
|
|
3221
|
+
if (!shouldProjectResolvedValue(entry.winner.sourceId)) {
|
|
3222
|
+
continue;
|
|
3223
|
+
}
|
|
3208
3224
|
if (helpers.isRuntimeDependent?.(key)) {
|
|
3209
3225
|
const formula = helpers.toServerFormula?.(key);
|
|
3210
3226
|
if (formula) {
|
|
@@ -3728,7 +3744,7 @@ function envVarToLogicalKey(envVar, config = {}) {
|
|
|
3728
3744
|
// package.json
|
|
3729
3745
|
var package_default = {
|
|
3730
3746
|
name: "@kitsy/cnos",
|
|
3731
|
-
version: "1.8.
|
|
3747
|
+
version: "1.8.2",
|
|
3732
3748
|
description: "Batteries-included CNOS runtime package wired with the official plugins.",
|
|
3733
3749
|
type: "module",
|
|
3734
3750
|
main: "./dist/index.cjs",
|
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
import { R as ResolvedGraph, D as DumpPlanOptions, d as DumpPlan, e as DumpOptions, f as DumpResult, C as CnosCreateOptions, g as CnosRuntime, h as CnosPlugin } from '../core-
|
|
2
|
-
export { a as ConfigEntry, i as DerivedFormula, j as DerivedValue, k as ExprNode, I as InspectResult, L as LoaderPlugin, b as LogicalKey, M as ManifestFile, N as NormalizedManifest, P as ParsedDerivation, l as RuntimeProvider, T as ToEnvOptions, c as ToPublicEnvOptions } from '../core-
|
|
3
|
-
export { t as toEnv, a as toPublicEnv } from '../toPublicEnv-
|
|
1
|
+
import { R as ResolvedGraph, D as DumpPlanOptions, d as DumpPlan, e as DumpOptions, f as DumpResult, C as CnosCreateOptions, g as CnosRuntime, h as CnosPlugin } from '../core-CXgtC4VL.cjs';
|
|
2
|
+
export { a as ConfigEntry, i as DerivedFormula, j as DerivedValue, k as ExprNode, I as InspectResult, L as LoaderPlugin, b as LogicalKey, M as ManifestFile, N as NormalizedManifest, P as ParsedDerivation, l as RuntimeProvider, T as ToEnvOptions, c as ToPublicEnvOptions } from '../core-CXgtC4VL.cjs';
|
|
3
|
+
export { t as toEnv, a as toPublicEnv } from '../toPublicEnv-C_MbUTdV.cjs';
|
|
4
4
|
|
|
5
5
|
declare function planDump(graph: ResolvedGraph, options?: DumpPlanOptions): DumpPlan;
|
|
6
6
|
declare function writeDump(graph: ResolvedGraph, options: DumpOptions): Promise<DumpResult>;
|
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
import { R as ResolvedGraph, D as DumpPlanOptions, d as DumpPlan, e as DumpOptions, f as DumpResult, C as CnosCreateOptions, g as CnosRuntime, h as CnosPlugin } from '../core-
|
|
2
|
-
export { a as ConfigEntry, i as DerivedFormula, j as DerivedValue, k as ExprNode, I as InspectResult, L as LoaderPlugin, b as LogicalKey, M as ManifestFile, N as NormalizedManifest, P as ParsedDerivation, l as RuntimeProvider, T as ToEnvOptions, c as ToPublicEnvOptions } from '../core-
|
|
3
|
-
export { t as toEnv, a as toPublicEnv } from '../toPublicEnv-
|
|
1
|
+
import { R as ResolvedGraph, D as DumpPlanOptions, d as DumpPlan, e as DumpOptions, f as DumpResult, C as CnosCreateOptions, g as CnosRuntime, h as CnosPlugin } from '../core-CXgtC4VL.js';
|
|
2
|
+
export { a as ConfigEntry, i as DerivedFormula, j as DerivedValue, k as ExprNode, I as InspectResult, L as LoaderPlugin, b as LogicalKey, M as ManifestFile, N as NormalizedManifest, P as ParsedDerivation, l as RuntimeProvider, T as ToEnvOptions, c as ToPublicEnvOptions } from '../core-CXgtC4VL.js';
|
|
3
|
+
export { t as toEnv, a as toPublicEnv } from '../toPublicEnv-B_dZDXDv.js';
|
|
4
4
|
|
|
5
5
|
declare function planDump(graph: ResolvedGraph, options?: DumpPlanOptions): DumpPlan;
|
|
6
6
|
declare function writeDump(graph: ResolvedGraph, options: DumpOptions): Promise<DumpResult>;
|
package/dist/configure/index.js
CHANGED
|
@@ -1,19 +1,19 @@
|
|
|
1
1
|
import {
|
|
2
2
|
createCnos,
|
|
3
3
|
defaultPlugins
|
|
4
|
-
} from "../chunk-
|
|
5
|
-
import "../chunk-
|
|
6
|
-
import "../chunk-
|
|
7
|
-
import "../chunk-
|
|
8
|
-
import "../chunk-
|
|
9
|
-
import "../chunk-
|
|
10
|
-
import "../chunk-
|
|
4
|
+
} from "../chunk-J7VEEREE.js";
|
|
5
|
+
import "../chunk-DQGLBF6G.js";
|
|
6
|
+
import "../chunk-B5TV5O6O.js";
|
|
7
|
+
import "../chunk-DAFUP7EQ.js";
|
|
8
|
+
import "../chunk-4MQBH4AY.js";
|
|
9
|
+
import "../chunk-FWW7F52D.js";
|
|
10
|
+
import "../chunk-KU73PJSQ.js";
|
|
11
11
|
import {
|
|
12
12
|
planDump,
|
|
13
13
|
toEnv,
|
|
14
14
|
toPublicEnv,
|
|
15
15
|
writeDump
|
|
16
|
-
} from "../chunk-
|
|
16
|
+
} from "../chunk-5XOGTE42.js";
|
|
17
17
|
export {
|
|
18
18
|
createCnos,
|
|
19
19
|
defaultPlugins,
|
|
@@ -46,7 +46,7 @@ interface WorkspaceContext {
|
|
|
46
46
|
type ResolutionArrayPolicy = 'replace' | 'append' | 'unique-append';
|
|
47
47
|
type NamespaceKind = 'data' | 'projection' | 'system';
|
|
48
48
|
type NamespaceProjectionSource = 'promote' | 'envMapping';
|
|
49
|
-
type VaultProviderName = 'local' | 'github-secrets' | (string & {});
|
|
49
|
+
type VaultProviderName = 'local' | 'environment' | 'github-secrets' | (string & {});
|
|
50
50
|
type VaultAuthMethod = 'passphrase' | 'environment' | 'token' | 'iam' | 'keychain';
|
|
51
51
|
interface RuntimeNamespaceDefinition {
|
|
52
52
|
description?: string;
|
|
@@ -46,7 +46,7 @@ interface WorkspaceContext {
|
|
|
46
46
|
type ResolutionArrayPolicy = 'replace' | 'append' | 'unique-append';
|
|
47
47
|
type NamespaceKind = 'data' | 'projection' | 'system';
|
|
48
48
|
type NamespaceProjectionSource = 'promote' | 'envMapping';
|
|
49
|
-
type VaultProviderName = 'local' | 'github-secrets' | (string & {});
|
|
49
|
+
type VaultProviderName = 'local' | 'environment' | 'github-secrets' | (string & {});
|
|
50
50
|
type VaultAuthMethod = 'passphrase' | 'environment' | 'token' | 'iam' | 'keychain';
|
|
51
51
|
interface RuntimeNamespaceDefinition {
|
|
52
52
|
description?: string;
|
package/dist/index.cjs
CHANGED
|
@@ -1519,7 +1519,7 @@ function normalizeVaultAuth(vaultName, provider, auth) {
|
|
|
1519
1519
|
...auth?.config ? { config: auth.config } : {}
|
|
1520
1520
|
};
|
|
1521
1521
|
}
|
|
1522
|
-
if (provider === "github-secrets") {
|
|
1522
|
+
if (provider === "github-secrets" || provider === "environment") {
|
|
1523
1523
|
return {
|
|
1524
1524
|
method: auth?.method ?? "environment",
|
|
1525
1525
|
...auth?.config ? { config: auth.config } : {}
|
|
@@ -2623,7 +2623,7 @@ function resolveConfiguredVaultPassphrase(definition, vault = "default", process
|
|
|
2623
2623
|
}
|
|
2624
2624
|
async function resolveVaultAccessKey(storeRoot, definition, vault = "default", processEnv = process.env) {
|
|
2625
2625
|
if (definition?.provider !== "local") {
|
|
2626
|
-
return definition?.provider === "github-secrets" ? {
|
|
2626
|
+
return definition?.provider === "github-secrets" || definition?.provider === "environment" ? {
|
|
2627
2627
|
method: definition.auth?.method ?? "environment",
|
|
2628
2628
|
...definition?.auth?.config ? { config: definition.auth.config } : {}
|
|
2629
2629
|
} : void 0;
|
|
@@ -2781,8 +2781,8 @@ var SecretCache = class {
|
|
|
2781
2781
|
}
|
|
2782
2782
|
};
|
|
2783
2783
|
|
|
2784
|
-
// ../core/src/secrets/providers/
|
|
2785
|
-
var
|
|
2784
|
+
// ../core/src/secrets/providers/environment.ts
|
|
2785
|
+
var EnvironmentSecretsVaultProvider = class {
|
|
2786
2786
|
constructor(vaultId, definition, processEnv = process.env) {
|
|
2787
2787
|
this.vaultId = vaultId;
|
|
2788
2788
|
this.definition = definition;
|
|
@@ -2836,6 +2836,10 @@ var GithubSecretsVaultProvider = class {
|
|
|
2836
2836
|
}
|
|
2837
2837
|
};
|
|
2838
2838
|
|
|
2839
|
+
// ../core/src/secrets/providers/github.ts
|
|
2840
|
+
var GithubSecretsVaultProvider = class extends EnvironmentSecretsVaultProvider {
|
|
2841
|
+
};
|
|
2842
|
+
|
|
2839
2843
|
// ../core/src/secrets/providers/local.ts
|
|
2840
2844
|
var LocalSecretVaultProvider = class _LocalSecretVaultProvider {
|
|
2841
2845
|
constructor(vaultId, definition, processEnv = process.env, storeRoot = resolveSecretStoreRoot(processEnv)) {
|
|
@@ -2931,6 +2935,9 @@ function createSecretVaultProvider(vaultId, definition, processEnv) {
|
|
|
2931
2935
|
if (definition.provider === "local") {
|
|
2932
2936
|
return new LocalSecretVaultProvider(vaultId, definition, processEnv);
|
|
2933
2937
|
}
|
|
2938
|
+
if (definition.provider === "environment") {
|
|
2939
|
+
return new EnvironmentSecretsVaultProvider(vaultId, definition, processEnv);
|
|
2940
|
+
}
|
|
2934
2941
|
if (definition.provider === "github-secrets") {
|
|
2935
2942
|
return new GithubSecretsVaultProvider(vaultId, definition, processEnv);
|
|
2936
2943
|
}
|
|
@@ -2986,7 +2993,7 @@ async function resolveVaultAuth(vaultId, definition, processEnv = process.env) {
|
|
|
2986
2993
|
...definition.auth?.config ? { config: definition.auth.config } : {}
|
|
2987
2994
|
};
|
|
2988
2995
|
}
|
|
2989
|
-
if (definition.provider === "github-secrets") {
|
|
2996
|
+
if (definition.provider === "github-secrets" || definition.provider === "environment") {
|
|
2990
2997
|
return {
|
|
2991
2998
|
method: definition.auth?.method ?? "environment",
|
|
2992
2999
|
...definition.auth?.config ? { config: definition.auth.config } : {}
|
|
@@ -3172,6 +3179,9 @@ function configHash(values) {
|
|
|
3172
3179
|
const serialized = JSON.stringify(stableSortObject(values));
|
|
3173
3180
|
return (0, import_node_crypto3.createHash)("sha256").update(serialized).digest("hex");
|
|
3174
3181
|
}
|
|
3182
|
+
function shouldProjectResolvedValue(sourceId) {
|
|
3183
|
+
return sourceId !== "process-env";
|
|
3184
|
+
}
|
|
3175
3185
|
function toServerProjection(graph, manifest, cnosVersion = "0.0.0-dev", helpers = {}) {
|
|
3176
3186
|
const values = {};
|
|
3177
3187
|
const derived = {};
|
|
@@ -3189,6 +3199,9 @@ function toServerProjection(graph, manifest, cnosVersion = "0.0.0-dev", helpers
|
|
|
3189
3199
|
continue;
|
|
3190
3200
|
}
|
|
3191
3201
|
if (entry.namespace === "value") {
|
|
3202
|
+
if (!shouldProjectResolvedValue(entry.winner.sourceId)) {
|
|
3203
|
+
continue;
|
|
3204
|
+
}
|
|
3192
3205
|
if (helpers.isRuntimeDependent?.(key)) {
|
|
3193
3206
|
const formula = helpers.toServerFormula?.(key);
|
|
3194
3207
|
if (formula) {
|
|
@@ -3205,6 +3218,9 @@ function toServerProjection(graph, manifest, cnosVersion = "0.0.0-dev", helpers
|
|
|
3205
3218
|
}
|
|
3206
3219
|
const namespaceDefinition = manifest.namespaces[entry.namespace];
|
|
3207
3220
|
if (namespaceDefinition && namespaceDefinition.kind === "data" && !namespaceDefinition.sensitive && entry.namespace !== "public") {
|
|
3221
|
+
if (!shouldProjectResolvedValue(entry.winner.sourceId)) {
|
|
3222
|
+
continue;
|
|
3223
|
+
}
|
|
3208
3224
|
if (helpers.isRuntimeDependent?.(key)) {
|
|
3209
3225
|
const formula = helpers.toServerFormula?.(key);
|
|
3210
3226
|
if (formula) {
|
|
@@ -3686,7 +3702,7 @@ function envVarToLogicalKey(envVar, config = {}) {
|
|
|
3686
3702
|
// package.json
|
|
3687
3703
|
var package_default = {
|
|
3688
3704
|
name: "@kitsy/cnos",
|
|
3689
|
-
version: "1.8.
|
|
3705
|
+
version: "1.8.2",
|
|
3690
3706
|
description: "Batteries-included CNOS runtime package wired with the official plugins.",
|
|
3691
3707
|
type: "module",
|
|
3692
3708
|
main: "./dist/index.cjs",
|
package/dist/index.d.cts
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
1
|
export { CnosSingleton, default as cnos, default } from './runtime/index.cjs';
|
|
2
|
-
export { h as CnosPlugin, g as CnosRuntime, a as ConfigEntry, i as DerivedFormula, j as DerivedValue, k as ExprNode, I as InspectResult, L as LoaderPlugin, b as LogicalKey, M as ManifestFile, N as NormalizedManifest, P as ParsedDerivation, l as RuntimeProvider } from './core-
|
|
2
|
+
export { h as CnosPlugin, g as CnosRuntime, a as ConfigEntry, i as DerivedFormula, j as DerivedValue, k as ExprNode, I as InspectResult, L as LoaderPlugin, b as LogicalKey, M as ManifestFile, N as NormalizedManifest, P as ParsedDerivation, l as RuntimeProvider } from './core-CXgtC4VL.cjs';
|
package/dist/index.d.ts
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
1
|
export { CnosSingleton, default as cnos, default } from './runtime/index.js';
|
|
2
|
-
export { h as CnosPlugin, g as CnosRuntime, a as ConfigEntry, i as DerivedFormula, j as DerivedValue, k as ExprNode, I as InspectResult, L as LoaderPlugin, b as LogicalKey, M as ManifestFile, N as NormalizedManifest, P as ParsedDerivation, l as RuntimeProvider } from './core-
|
|
2
|
+
export { h as CnosPlugin, g as CnosRuntime, a as ConfigEntry, i as DerivedFormula, j as DerivedValue, k as ExprNode, I as InspectResult, L as LoaderPlugin, b as LogicalKey, M as ManifestFile, N as NormalizedManifest, P as ParsedDerivation, l as RuntimeProvider } from './core-CXgtC4VL.js';
|
package/dist/index.js
CHANGED
|
@@ -1,15 +1,15 @@
|
|
|
1
1
|
import {
|
|
2
2
|
runtime_default
|
|
3
|
-
} from "./chunk-
|
|
4
|
-
import "./chunk-
|
|
5
|
-
import "./chunk-
|
|
6
|
-
import "./chunk-
|
|
7
|
-
import "./chunk-
|
|
8
|
-
import "./chunk-
|
|
9
|
-
import "./chunk-
|
|
10
|
-
import "./chunk-
|
|
11
|
-
import "./chunk-
|
|
12
|
-
import "./chunk-
|
|
3
|
+
} from "./chunk-CP6K2DB3.js";
|
|
4
|
+
import "./chunk-VTUOWV3S.js";
|
|
5
|
+
import "./chunk-J7VEEREE.js";
|
|
6
|
+
import "./chunk-DQGLBF6G.js";
|
|
7
|
+
import "./chunk-B5TV5O6O.js";
|
|
8
|
+
import "./chunk-DAFUP7EQ.js";
|
|
9
|
+
import "./chunk-4MQBH4AY.js";
|
|
10
|
+
import "./chunk-FWW7F52D.js";
|
|
11
|
+
import "./chunk-KU73PJSQ.js";
|
|
12
|
+
import "./chunk-5XOGTE42.js";
|
|
13
13
|
export {
|
|
14
14
|
runtime_default as cnos,
|
|
15
15
|
runtime_default as default
|
package/dist/internal.cjs
CHANGED
|
@@ -1210,7 +1210,7 @@ function normalizeVaultAuth(vaultName, provider, auth) {
|
|
|
1210
1210
|
...auth?.config ? { config: auth.config } : {}
|
|
1211
1211
|
};
|
|
1212
1212
|
}
|
|
1213
|
-
if (provider === "github-secrets") {
|
|
1213
|
+
if (provider === "github-secrets" || provider === "environment") {
|
|
1214
1214
|
return {
|
|
1215
1215
|
method: auth?.method ?? "environment",
|
|
1216
1216
|
...auth?.config ? { config: auth.config } : {}
|
|
@@ -1715,7 +1715,7 @@ function resolveConfiguredVaultPassphrase(definition, vault = "default", process
|
|
|
1715
1715
|
}
|
|
1716
1716
|
async function resolveVaultAccessKey(storeRoot, definition, vault = "default", processEnv = process.env) {
|
|
1717
1717
|
if (definition?.provider !== "local") {
|
|
1718
|
-
return definition?.provider === "github-secrets" ? {
|
|
1718
|
+
return definition?.provider === "github-secrets" || definition?.provider === "environment" ? {
|
|
1719
1719
|
method: definition.auth?.method ?? "environment",
|
|
1720
1720
|
...definition?.auth?.config ? { config: definition.auth.config } : {}
|
|
1721
1721
|
} : void 0;
|
|
@@ -1845,8 +1845,8 @@ async function appendAuditEvent(event, processEnv = process.env) {
|
|
|
1845
1845
|
);
|
|
1846
1846
|
}
|
|
1847
1847
|
|
|
1848
|
-
// ../core/src/secrets/providers/
|
|
1849
|
-
var
|
|
1848
|
+
// ../core/src/secrets/providers/environment.ts
|
|
1849
|
+
var EnvironmentSecretsVaultProvider = class {
|
|
1850
1850
|
constructor(vaultId, definition, processEnv = process.env) {
|
|
1851
1851
|
this.vaultId = vaultId;
|
|
1852
1852
|
this.definition = definition;
|
|
@@ -1900,6 +1900,10 @@ var GithubSecretsVaultProvider = class {
|
|
|
1900
1900
|
}
|
|
1901
1901
|
};
|
|
1902
1902
|
|
|
1903
|
+
// ../core/src/secrets/providers/github.ts
|
|
1904
|
+
var GithubSecretsVaultProvider = class extends EnvironmentSecretsVaultProvider {
|
|
1905
|
+
};
|
|
1906
|
+
|
|
1903
1907
|
// ../core/src/secrets/providers/local.ts
|
|
1904
1908
|
var LocalSecretVaultProvider = class _LocalSecretVaultProvider {
|
|
1905
1909
|
constructor(vaultId, definition, processEnv = process.env, storeRoot = resolveSecretStoreRoot(processEnv)) {
|
|
@@ -1995,6 +1999,9 @@ function createSecretVaultProvider(vaultId, definition, processEnv) {
|
|
|
1995
1999
|
if (definition.provider === "local") {
|
|
1996
2000
|
return new LocalSecretVaultProvider(vaultId, definition, processEnv);
|
|
1997
2001
|
}
|
|
2002
|
+
if (definition.provider === "environment") {
|
|
2003
|
+
return new EnvironmentSecretsVaultProvider(vaultId, definition, processEnv);
|
|
2004
|
+
}
|
|
1998
2005
|
if (definition.provider === "github-secrets") {
|
|
1999
2006
|
return new GithubSecretsVaultProvider(vaultId, definition, processEnv);
|
|
2000
2007
|
}
|
|
@@ -2050,7 +2057,7 @@ async function resolveVaultAuth(vaultId, definition, processEnv = process.env) {
|
|
|
2050
2057
|
...definition.auth?.config ? { config: definition.auth.config } : {}
|
|
2051
2058
|
};
|
|
2052
2059
|
}
|
|
2053
|
-
if (definition.provider === "github-secrets") {
|
|
2060
|
+
if (definition.provider === "github-secrets" || definition.provider === "environment") {
|
|
2054
2061
|
return {
|
|
2055
2062
|
method: definition.auth?.method ?? "environment",
|
|
2056
2063
|
...definition.auth?.config ? { config: definition.auth.config } : {}
|
package/dist/internal.d.cts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import { j as DerivedValue, P as ParsedDerivation, N as NormalizedManifest, n as LoadManifestOptions, o as LoadedManifest, b as LogicalKey, p as NamespaceDefinition, q as VaultDefinition, r as VaultAuthConfig, s as SecretVaultProvider, t as ResolvedRoot, m as NamespaceName, u as RootResolution, v as SecretReference, g as CnosRuntime, w as ValidationSummary, R as ResolvedGraph, S as ServerProjection } from './core-
|
|
2
|
-
export { l as RuntimeProvider, x as ValidationIssue, y as WorkspaceFile } from './core-
|
|
1
|
+
import { j as DerivedValue, P as ParsedDerivation, N as NormalizedManifest, n as LoadManifestOptions, o as LoadedManifest, b as LogicalKey, p as NamespaceDefinition, q as VaultDefinition, r as VaultAuthConfig, s as SecretVaultProvider, t as ResolvedRoot, m as NamespaceName, u as RootResolution, v as SecretReference, g as CnosRuntime, w as ValidationSummary, R as ResolvedGraph, S as ServerProjection } from './core-CXgtC4VL.cjs';
|
|
2
|
+
export { l as RuntimeProvider, x as ValidationIssue, y as WorkspaceFile } from './core-CXgtC4VL.cjs';
|
|
3
3
|
|
|
4
4
|
declare class CnosError extends Error {
|
|
5
5
|
constructor(message: string);
|
package/dist/internal.d.ts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import { j as DerivedValue, P as ParsedDerivation, N as NormalizedManifest, n as LoadManifestOptions, o as LoadedManifest, b as LogicalKey, p as NamespaceDefinition, q as VaultDefinition, r as VaultAuthConfig, s as SecretVaultProvider, t as ResolvedRoot, m as NamespaceName, u as RootResolution, v as SecretReference, g as CnosRuntime, w as ValidationSummary, R as ResolvedGraph, S as ServerProjection } from './core-
|
|
2
|
-
export { l as RuntimeProvider, x as ValidationIssue, y as WorkspaceFile } from './core-
|
|
1
|
+
import { j as DerivedValue, P as ParsedDerivation, N as NormalizedManifest, n as LoadManifestOptions, o as LoadedManifest, b as LogicalKey, p as NamespaceDefinition, q as VaultDefinition, r as VaultAuthConfig, s as SecretVaultProvider, t as ResolvedRoot, m as NamespaceName, u as RootResolution, v as SecretReference, g as CnosRuntime, w as ValidationSummary, R as ResolvedGraph, S as ServerProjection } from './core-CXgtC4VL.js';
|
|
2
|
+
export { l as RuntimeProvider, x as ValidationIssue, y as WorkspaceFile } from './core-CXgtC4VL.js';
|
|
3
3
|
|
|
4
4
|
declare class CnosError extends Error {
|
|
5
5
|
constructor(message: string);
|
package/dist/internal.js
CHANGED
|
@@ -11,7 +11,7 @@ import {
|
|
|
11
11
|
serializeRuntimeGraph,
|
|
12
12
|
serializeSecretPayload,
|
|
13
13
|
serializeServerProjection
|
|
14
|
-
} from "./chunk-
|
|
14
|
+
} from "./chunk-VTUOWV3S.js";
|
|
15
15
|
import {
|
|
16
16
|
CnosAuthenticationError,
|
|
17
17
|
CnosSecurityError,
|
|
@@ -64,7 +64,7 @@ import {
|
|
|
64
64
|
writeLocalSecret,
|
|
65
65
|
writeRemoteRootCacheMetadata,
|
|
66
66
|
writeVaultSessionKey
|
|
67
|
-
} from "./chunk-
|
|
67
|
+
} from "./chunk-5XOGTE42.js";
|
|
68
68
|
|
|
69
69
|
// src/codegen/generateTypes.ts
|
|
70
70
|
function toPascalCase(value) {
|
package/dist/plugin/cli-args.js
CHANGED
package/dist/plugin/dotenv.d.cts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import { L as LoaderPlugin, a as ConfigEntry } from '../core-
|
|
2
|
-
import { E as EnvMappingConfig } from '../envNaming-
|
|
1
|
+
import { L as LoaderPlugin, a as ConfigEntry } from '../core-CXgtC4VL.cjs';
|
|
2
|
+
import { E as EnvMappingConfig } from '../envNaming-BDtISWCK.cjs';
|
|
3
3
|
|
|
4
4
|
declare function parseDotenv(document: string): Record<string, string>;
|
|
5
5
|
declare function dotenvEntriesFromObject(values: Record<string, string>, mapping?: EnvMappingConfig, originFile?: string, workspaceId?: string): ConfigEntry[];
|
package/dist/plugin/dotenv.d.ts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import { L as LoaderPlugin, a as ConfigEntry } from '../core-
|
|
2
|
-
import { E as EnvMappingConfig } from '../envNaming-
|
|
1
|
+
import { L as LoaderPlugin, a as ConfigEntry } from '../core-CXgtC4VL.js';
|
|
2
|
+
import { E as EnvMappingConfig } from '../envNaming-CA6OluSg.js';
|
|
3
3
|
|
|
4
4
|
declare function parseDotenv(document: string): Record<string, string>;
|
|
5
5
|
declare function dotenvEntriesFromObject(values: Record<string, string>, mapping?: EnvMappingConfig, originFile?: string, workspaceId?: string): ConfigEntry[];
|
package/dist/plugin/dotenv.js
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import { E as ExporterPlugin } from '../core-
|
|
2
|
-
export { t as toEnv, a as toPublicEnv } from '../toPublicEnv-
|
|
1
|
+
import { E as ExporterPlugin } from '../core-CXgtC4VL.cjs';
|
|
2
|
+
export { t as toEnv, a as toPublicEnv } from '../toPublicEnv-C_MbUTdV.cjs';
|
|
3
3
|
|
|
4
4
|
declare function createEnvExportPlugin(): ExporterPlugin;
|
|
5
5
|
declare function createPublicEnvExportPlugin(): ExporterPlugin;
|
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import { E as ExporterPlugin } from '../core-
|
|
2
|
-
export { t as toEnv, a as toPublicEnv } from '../toPublicEnv-
|
|
1
|
+
import { E as ExporterPlugin } from '../core-CXgtC4VL.js';
|
|
2
|
+
export { t as toEnv, a as toPublicEnv } from '../toPublicEnv-B_dZDXDv.js';
|
|
3
3
|
|
|
4
4
|
declare function createEnvExportPlugin(): ExporterPlugin;
|
|
5
5
|
declare function createPublicEnvExportPlugin(): ExporterPlugin;
|
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
import {
|
|
2
2
|
createEnvExportPlugin,
|
|
3
3
|
createPublicEnvExportPlugin
|
|
4
|
-
} from "../chunk-
|
|
4
|
+
} from "../chunk-B5TV5O6O.js";
|
|
5
5
|
import {
|
|
6
6
|
toEnv,
|
|
7
7
|
toPublicEnv
|
|
8
|
-
} from "../chunk-
|
|
8
|
+
} from "../chunk-5XOGTE42.js";
|
|
9
9
|
export {
|
|
10
10
|
createEnvExportPlugin,
|
|
11
11
|
createPublicEnvExportPlugin,
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { L as LoaderPlugin, a as ConfigEntry, W as WorkspaceRoot, m as NamespaceName } from '../core-
|
|
1
|
+
import { L as LoaderPlugin, a as ConfigEntry, W as WorkspaceRoot, m as NamespaceName } from '../core-CXgtC4VL.cjs';
|
|
2
2
|
|
|
3
3
|
declare function filesystemSecretsReader(filePath: string, document: string, workspaceId?: string): ConfigEntry[];
|
|
4
4
|
declare function createFilesystemSecretsPlugin(): LoaderPlugin;
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { L as LoaderPlugin, a as ConfigEntry, W as WorkspaceRoot, m as NamespaceName } from '../core-
|
|
1
|
+
import { L as LoaderPlugin, a as ConfigEntry, W as WorkspaceRoot, m as NamespaceName } from '../core-CXgtC4VL.js';
|
|
2
2
|
|
|
3
3
|
declare function filesystemSecretsReader(filePath: string, document: string, workspaceId?: string): ConfigEntry[];
|
|
4
4
|
declare function createFilesystemSecretsPlugin(): LoaderPlugin;
|
|
@@ -5,8 +5,8 @@ import {
|
|
|
5
5
|
filesystemSecretsReader,
|
|
6
6
|
filesystemValuesReader,
|
|
7
7
|
yamlObjectToEntries
|
|
8
|
-
} from "../chunk-
|
|
9
|
-
import "../chunk-
|
|
8
|
+
} from "../chunk-DAFUP7EQ.js";
|
|
9
|
+
import "../chunk-5XOGTE42.js";
|
|
10
10
|
export {
|
|
11
11
|
collectFilesystemLayerFiles,
|
|
12
12
|
createFilesystemSecretsPlugin,
|
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import { L as LoaderPlugin, a as ConfigEntry } from '../core-
|
|
2
|
-
import { E as EnvMappingConfig } from '../envNaming-
|
|
1
|
+
import { L as LoaderPlugin, a as ConfigEntry } from '../core-CXgtC4VL.cjs';
|
|
2
|
+
import { E as EnvMappingConfig } from '../envNaming-BDtISWCK.cjs';
|
|
3
3
|
|
|
4
4
|
declare function processEnvEntriesFromObject(env: Record<string, string | undefined>, mapping?: EnvMappingConfig, workspaceId?: string): ConfigEntry[];
|
|
5
5
|
declare function processNamespaceEntriesFromContext(env: Record<string, string | undefined>, workspaceId?: string): ConfigEntry[];
|
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import { L as LoaderPlugin, a as ConfigEntry } from '../core-
|
|
2
|
-
import { E as EnvMappingConfig } from '../envNaming-
|
|
1
|
+
import { L as LoaderPlugin, a as ConfigEntry } from '../core-CXgtC4VL.js';
|
|
2
|
+
import { E as EnvMappingConfig } from '../envNaming-CA6OluSg.js';
|
|
3
3
|
|
|
4
4
|
declare function processEnvEntriesFromObject(env: Record<string, string | undefined>, mapping?: EnvMappingConfig, workspaceId?: string): ConfigEntry[];
|
|
5
5
|
declare function processNamespaceEntriesFromContext(env: Record<string, string | undefined>, workspaceId?: string): ConfigEntry[];
|
|
@@ -2,8 +2,8 @@ import {
|
|
|
2
2
|
createProcessEnvPlugin,
|
|
3
3
|
processEnvEntriesFromObject,
|
|
4
4
|
processNamespaceEntriesFromContext
|
|
5
|
-
} from "../chunk-
|
|
6
|
-
import "../chunk-
|
|
5
|
+
} from "../chunk-4MQBH4AY.js";
|
|
6
|
+
import "../chunk-5XOGTE42.js";
|
|
7
7
|
export {
|
|
8
8
|
createProcessEnvPlugin,
|
|
9
9
|
processEnvEntriesFromObject,
|
package/dist/runtime/index.cjs
CHANGED
|
@@ -1516,7 +1516,7 @@ function normalizeVaultAuth(vaultName, provider, auth) {
|
|
|
1516
1516
|
...auth?.config ? { config: auth.config } : {}
|
|
1517
1517
|
};
|
|
1518
1518
|
}
|
|
1519
|
-
if (provider === "github-secrets") {
|
|
1519
|
+
if (provider === "github-secrets" || provider === "environment") {
|
|
1520
1520
|
return {
|
|
1521
1521
|
method: auth?.method ?? "environment",
|
|
1522
1522
|
...auth?.config ? { config: auth.config } : {}
|
|
@@ -2620,7 +2620,7 @@ function resolveConfiguredVaultPassphrase(definition, vault = "default", process
|
|
|
2620
2620
|
}
|
|
2621
2621
|
async function resolveVaultAccessKey(storeRoot, definition, vault = "default", processEnv = process.env) {
|
|
2622
2622
|
if (definition?.provider !== "local") {
|
|
2623
|
-
return definition?.provider === "github-secrets" ? {
|
|
2623
|
+
return definition?.provider === "github-secrets" || definition?.provider === "environment" ? {
|
|
2624
2624
|
method: definition.auth?.method ?? "environment",
|
|
2625
2625
|
...definition?.auth?.config ? { config: definition.auth.config } : {}
|
|
2626
2626
|
} : void 0;
|
|
@@ -2778,8 +2778,8 @@ var SecretCache = class {
|
|
|
2778
2778
|
}
|
|
2779
2779
|
};
|
|
2780
2780
|
|
|
2781
|
-
// ../core/src/secrets/providers/
|
|
2782
|
-
var
|
|
2781
|
+
// ../core/src/secrets/providers/environment.ts
|
|
2782
|
+
var EnvironmentSecretsVaultProvider = class {
|
|
2783
2783
|
constructor(vaultId, definition, processEnv = process.env) {
|
|
2784
2784
|
this.vaultId = vaultId;
|
|
2785
2785
|
this.definition = definition;
|
|
@@ -2833,6 +2833,10 @@ var GithubSecretsVaultProvider = class {
|
|
|
2833
2833
|
}
|
|
2834
2834
|
};
|
|
2835
2835
|
|
|
2836
|
+
// ../core/src/secrets/providers/github.ts
|
|
2837
|
+
var GithubSecretsVaultProvider = class extends EnvironmentSecretsVaultProvider {
|
|
2838
|
+
};
|
|
2839
|
+
|
|
2836
2840
|
// ../core/src/secrets/providers/local.ts
|
|
2837
2841
|
var LocalSecretVaultProvider = class _LocalSecretVaultProvider {
|
|
2838
2842
|
constructor(vaultId, definition, processEnv = process.env, storeRoot = resolveSecretStoreRoot(processEnv)) {
|
|
@@ -2928,6 +2932,9 @@ function createSecretVaultProvider(vaultId, definition, processEnv) {
|
|
|
2928
2932
|
if (definition.provider === "local") {
|
|
2929
2933
|
return new LocalSecretVaultProvider(vaultId, definition, processEnv);
|
|
2930
2934
|
}
|
|
2935
|
+
if (definition.provider === "environment") {
|
|
2936
|
+
return new EnvironmentSecretsVaultProvider(vaultId, definition, processEnv);
|
|
2937
|
+
}
|
|
2931
2938
|
if (definition.provider === "github-secrets") {
|
|
2932
2939
|
return new GithubSecretsVaultProvider(vaultId, definition, processEnv);
|
|
2933
2940
|
}
|
|
@@ -2983,7 +2990,7 @@ async function resolveVaultAuth(vaultId, definition, processEnv = process.env) {
|
|
|
2983
2990
|
...definition.auth?.config ? { config: definition.auth.config } : {}
|
|
2984
2991
|
};
|
|
2985
2992
|
}
|
|
2986
|
-
if (definition.provider === "github-secrets") {
|
|
2993
|
+
if (definition.provider === "github-secrets" || definition.provider === "environment") {
|
|
2987
2994
|
return {
|
|
2988
2995
|
method: definition.auth?.method ?? "environment",
|
|
2989
2996
|
...definition.auth?.config ? { config: definition.auth.config } : {}
|
|
@@ -3169,6 +3176,9 @@ function configHash(values) {
|
|
|
3169
3176
|
const serialized = JSON.stringify(stableSortObject(values));
|
|
3170
3177
|
return (0, import_node_crypto3.createHash)("sha256").update(serialized).digest("hex");
|
|
3171
3178
|
}
|
|
3179
|
+
function shouldProjectResolvedValue(sourceId) {
|
|
3180
|
+
return sourceId !== "process-env";
|
|
3181
|
+
}
|
|
3172
3182
|
function toServerProjection(graph, manifest, cnosVersion = "0.0.0-dev", helpers = {}) {
|
|
3173
3183
|
const values = {};
|
|
3174
3184
|
const derived = {};
|
|
@@ -3186,6 +3196,9 @@ function toServerProjection(graph, manifest, cnosVersion = "0.0.0-dev", helpers
|
|
|
3186
3196
|
continue;
|
|
3187
3197
|
}
|
|
3188
3198
|
if (entry.namespace === "value") {
|
|
3199
|
+
if (!shouldProjectResolvedValue(entry.winner.sourceId)) {
|
|
3200
|
+
continue;
|
|
3201
|
+
}
|
|
3189
3202
|
if (helpers.isRuntimeDependent?.(key)) {
|
|
3190
3203
|
const formula = helpers.toServerFormula?.(key);
|
|
3191
3204
|
if (formula) {
|
|
@@ -3202,6 +3215,9 @@ function toServerProjection(graph, manifest, cnosVersion = "0.0.0-dev", helpers
|
|
|
3202
3215
|
}
|
|
3203
3216
|
const namespaceDefinition = manifest.namespaces[entry.namespace];
|
|
3204
3217
|
if (namespaceDefinition && namespaceDefinition.kind === "data" && !namespaceDefinition.sensitive && entry.namespace !== "public") {
|
|
3218
|
+
if (!shouldProjectResolvedValue(entry.winner.sourceId)) {
|
|
3219
|
+
continue;
|
|
3220
|
+
}
|
|
3205
3221
|
if (helpers.isRuntimeDependent?.(key)) {
|
|
3206
3222
|
const formula = helpers.toServerFormula?.(key);
|
|
3207
3223
|
if (formula) {
|
|
@@ -3683,7 +3699,7 @@ function envVarToLogicalKey(envVar, config = {}) {
|
|
|
3683
3699
|
// package.json
|
|
3684
3700
|
var package_default = {
|
|
3685
3701
|
name: "@kitsy/cnos",
|
|
3686
|
-
version: "1.8.
|
|
3702
|
+
version: "1.8.2",
|
|
3687
3703
|
description: "Batteries-included CNOS runtime package wired with the official plugins.",
|
|
3688
3704
|
type: "module",
|
|
3689
3705
|
main: "./dist/index.cjs",
|
package/dist/runtime/index.d.cts
CHANGED
package/dist/runtime/index.d.ts
CHANGED
package/dist/runtime/index.js
CHANGED
|
@@ -1,15 +1,15 @@
|
|
|
1
1
|
import {
|
|
2
2
|
runtime_default
|
|
3
|
-
} from "../chunk-
|
|
4
|
-
import "../chunk-
|
|
5
|
-
import "../chunk-
|
|
6
|
-
import "../chunk-
|
|
7
|
-
import "../chunk-
|
|
8
|
-
import "../chunk-
|
|
9
|
-
import "../chunk-
|
|
10
|
-
import "../chunk-
|
|
11
|
-
import "../chunk-
|
|
12
|
-
import "../chunk-
|
|
3
|
+
} from "../chunk-CP6K2DB3.js";
|
|
4
|
+
import "../chunk-VTUOWV3S.js";
|
|
5
|
+
import "../chunk-J7VEEREE.js";
|
|
6
|
+
import "../chunk-DQGLBF6G.js";
|
|
7
|
+
import "../chunk-B5TV5O6O.js";
|
|
8
|
+
import "../chunk-DAFUP7EQ.js";
|
|
9
|
+
import "../chunk-4MQBH4AY.js";
|
|
10
|
+
import "../chunk-FWW7F52D.js";
|
|
11
|
+
import "../chunk-KU73PJSQ.js";
|
|
12
|
+
import "../chunk-5XOGTE42.js";
|
|
13
13
|
export {
|
|
14
14
|
runtime_default as default
|
|
15
15
|
};
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { R as ResolvedGraph, N as NormalizedManifest, T as ToEnvOptions, c as ToPublicEnvOptions } from './core-
|
|
1
|
+
import { R as ResolvedGraph, N as NormalizedManifest, T as ToEnvOptions, c as ToPublicEnvOptions } from './core-CXgtC4VL.js';
|
|
2
2
|
|
|
3
3
|
declare function toEnv(graph: ResolvedGraph, manifest: NormalizedManifest, options?: ToEnvOptions, helpers?: {
|
|
4
4
|
read?: (key: string) => unknown;
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { R as ResolvedGraph, N as NormalizedManifest, T as ToEnvOptions, c as ToPublicEnvOptions } from './core-
|
|
1
|
+
import { R as ResolvedGraph, N as NormalizedManifest, T as ToEnvOptions, c as ToPublicEnvOptions } from './core-CXgtC4VL.cjs';
|
|
2
2
|
|
|
3
3
|
declare function toEnv(graph: ResolvedGraph, manifest: NormalizedManifest, options?: ToEnvOptions, helpers?: {
|
|
4
4
|
read?: (key: string) => unknown;
|