@lssm/integration.runtime 0.0.0-canary-20251217083314 → 1.41.1

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lssm/integration.runtime",
-  "version": "0.0.0-canary-20251217083314",
+  "version": "1.41.1",
   "type": "module",
   "main": "./dist/index.js",
   "module": "./dist/index.js",
@@ -23,26 +23,26 @@
     "test": "bun test"
   },
   "dependencies": {
-    "@lssm/lib.contracts": "0.0.0-canary-20251217083314",
-    "@lssm/lib.logger": "0.0.0-canary-20251217083314",
+    "@lssm/lib.contracts": "1.41.1",
+    "@lssm/lib.logger": "1.41.1",
     "@google-cloud/secret-manager": "^6.1.1",
     "google-gax": "^5.0.0"
   },
   "devDependencies": {
-    "@lssm/tool.tsdown": "0.0.0-canary-20251217083314",
-    "@lssm/tool.typescript": "0.0.0-canary-20251217083314",
+    "@lssm/tool.tsdown": "1.41.1",
+    "@lssm/tool.typescript": "1.41.1",
     "tsdown": "^0.17.4",
     "typescript": "^5.9.3"
   },
   "exports": {
-    ".": "./dist/index.js",
-    "./health": "./dist/health.js",
-    "./runtime": "./dist/runtime.js",
-    "./secrets": "./dist/secrets/index.js",
-    "./secrets/env-secret-provider": "./dist/secrets/env-secret-provider.js",
-    "./secrets/gcp-secret-manager": "./dist/secrets/gcp-secret-manager.js",
-    "./secrets/manager": "./dist/secrets/manager.js",
-    "./secrets/provider": "./dist/secrets/provider.js",
+    ".": "./src/index.ts",
+    "./health": "./src/health.ts",
+    "./runtime": "./src/runtime.ts",
+    "./secrets": "./src/secrets/index.ts",
+    "./secrets/env-secret-provider": "./src/secrets/env-secret-provider.ts",
+    "./secrets/gcp-secret-manager": "./src/secrets/gcp-secret-manager.ts",
+    "./secrets/manager": "./src/secrets/manager.ts",
+    "./secrets/provider": "./src/secrets/provider.ts",
     "./*": "./*"
   },
   "publishConfig": {

package/dist/health.d.ts

@@ -1,21 +0,0 @@
-import { IntegrationContext, IntegrationTelemetryEmitter } from "./runtime.js";
-import { IntegrationConnectionHealth } from "@lssm/lib.contracts/integrations/connection";
-
-//#region src/health.d.ts
-interface IntegrationHealthCheckResult extends IntegrationConnectionHealth {
-  metadata?: Record<string, string>;
-}
-type IntegrationHealthCheckExecutor = (context: IntegrationContext) => Promise<void>;
-interface IntegrationHealthServiceOptions {
-  telemetry?: IntegrationTelemetryEmitter;
-  now?: () => Date;
-}
-declare class IntegrationHealthService {
-  private readonly telemetry?;
-  private readonly nowFn;
-  constructor(options?: IntegrationHealthServiceOptions);
-  check(context: IntegrationContext, executor: IntegrationHealthCheckExecutor): Promise<IntegrationHealthCheckResult>;
-  private emitTelemetry;
-}
-//#endregion
-export { IntegrationHealthCheckExecutor, IntegrationHealthCheckResult, IntegrationHealthService, IntegrationHealthServiceOptions };

package/dist/health.js

@@ -1,69 +0,0 @@
-//#region src/health.ts
-var IntegrationHealthService = class {
-	telemetry;
-	nowFn;
-	constructor(options = {}) {
-		this.telemetry = options.telemetry;
-		this.nowFn = options.now ?? (() => /* @__PURE__ */ new Date());
-	}
-	async check(context, executor) {
-		const start = this.nowFn();
-		try {
-			await executor(context);
-			const end = this.nowFn();
-			const result = {
-				status: "connected",
-				checkedAt: end,
-				latencyMs: end.getTime() - start.getTime()
-			};
-			this.emitTelemetry(context, result, "success");
-			return result;
-		} catch (error) {
-			const end = this.nowFn();
-			const message = error instanceof Error ? error.message : "Unknown error";
-			const code = extractErrorCode(error);
-			const result = {
-				status: "error",
-				checkedAt: end,
-				latencyMs: end.getTime() - start.getTime(),
-				errorMessage: message,
-				errorCode: code
-			};
-			this.emitTelemetry(context, result, "error", code, message);
-			return result;
-		}
-	}
-	emitTelemetry(context, result, status, errorCode, errorMessage) {
-		if (!this.telemetry) return;
-		this.telemetry.record({
-			tenantId: context.tenantId,
-			appId: context.appId,
-			environment: context.environment,
-			slotId: context.slotId,
-			integrationKey: context.spec.meta.key,
-			integrationVersion: context.spec.meta.version,
-			connectionId: context.connection.meta.id,
-			status,
-			durationMs: result.latencyMs,
-			errorCode,
-			errorMessage,
-			occurredAt: result.checkedAt ?? this.nowFn(),
-			metadata: {
-				...context.trace ? {
-					blueprint: `${context.trace.blueprintName}.v${context.trace.blueprintVersion}`,
-					configVersion: context.trace.configVersion
-				} : {},
-				status: result.status
-			}
-		});
-	}
-};
-function extractErrorCode(error) {
-	if (!error || typeof error !== "object") return void 0;
-	const candidate = error;
-	if (candidate.code == null) return void 0;
-	return String(candidate.code);
-}
-
-//#endregion
-export { IntegrationHealthService };

package/dist/index.d.ts

@@ -1,8 +0,0 @@
-import { ParsedSecretUri, SecretFetchOptions, SecretPayloadEncoding, SecretProvider, SecretProviderError, SecretReference, SecretRotationResult, SecretValue, SecretWritePayload, normalizeSecretPayload, parseSecretUri } from "./secrets/provider.js";
-import { IntegrationCallContext, IntegrationCallError, IntegrationCallGuard, IntegrationCallGuardOptions, IntegrationCallResult, IntegrationContext, IntegrationInvocationStatus, IntegrationTelemetryEmitter, IntegrationTelemetryEvent, IntegrationTraceMetadata, connectionStatusLabel, ensureConnectionReady } from "./runtime.js";
-import { IntegrationHealthCheckExecutor, IntegrationHealthCheckResult, IntegrationHealthService, IntegrationHealthServiceOptions } from "./health.js";
-import { GcpSecretManagerProvider } from "./secrets/gcp-secret-manager.js";
-import { EnvSecretProvider } from "./secrets/env-secret-provider.js";
-import { SecretProviderManager, SecretProviderManagerOptions } from "./secrets/manager.js";
-import "./secrets/index.js";
-export { EnvSecretProvider, GcpSecretManagerProvider, IntegrationCallContext, IntegrationCallError, IntegrationCallGuard, IntegrationCallGuardOptions, IntegrationCallResult, IntegrationContext, IntegrationHealthCheckExecutor, IntegrationHealthCheckResult, IntegrationHealthService, IntegrationHealthServiceOptions, IntegrationInvocationStatus, IntegrationTelemetryEmitter, IntegrationTelemetryEvent, IntegrationTraceMetadata, ParsedSecretUri, SecretFetchOptions, SecretPayloadEncoding, SecretProvider, SecretProviderError, SecretProviderManager, SecretProviderManagerOptions, SecretReference, SecretRotationResult, SecretValue, SecretWritePayload, connectionStatusLabel, ensureConnectionReady, normalizeSecretPayload, parseSecretUri };

package/dist/index.js

@@ -1,9 +0,0 @@
-import { IntegrationHealthService } from "./health.js";
-import { IntegrationCallGuard, connectionStatusLabel, ensureConnectionReady } from "./runtime.js";
-import { SecretProviderError, normalizeSecretPayload, parseSecretUri } from "./secrets/provider.js";
-import { GcpSecretManagerProvider } from "./secrets/gcp-secret-manager.js";
-import { EnvSecretProvider } from "./secrets/env-secret-provider.js";
-import { SecretProviderManager } from "./secrets/manager.js";
-import "./secrets/index.js";
-
-export { EnvSecretProvider, GcpSecretManagerProvider, IntegrationCallGuard, IntegrationHealthService, SecretProviderError, SecretProviderManager, connectionStatusLabel, ensureConnectionReady, normalizeSecretPayload, parseSecretUri };

package/dist/runtime.d.ts

@@ -1,99 +0,0 @@
-import { SecretProvider } from "./secrets/provider.js";
-import { ConnectionStatus, IntegrationConnection } from "@lssm/lib.contracts/integrations/connection";
-import { ResolvedAppConfig, ResolvedIntegration } from "@lssm/lib.contracts/app-config/runtime";
-import { IntegrationSpec } from "@lssm/lib.contracts/integrations/spec";
-
-//#region src/runtime.d.ts
-interface IntegrationTraceMetadata {
-  blueprintName: string;
-  blueprintVersion: number;
-  configVersion: number;
-}
-interface IntegrationTelemetryEvent {
-  tenantId: string;
-  appId: string;
-  environment?: string;
-  slotId?: string;
-  integrationKey: string;
-  integrationVersion: number;
-  connectionId: string;
-  status: 'success' | 'error';
-  durationMs?: number;
-  errorCode?: string;
-  errorMessage?: string;
-  occurredAt: Date;
-  metadata?: Record<string, string | number | boolean>;
-}
-interface IntegrationTelemetryEmitter {
-  record(event: IntegrationTelemetryEvent): Promise<void> | void;
-}
-type IntegrationInvocationStatus = 'success' | 'error';
-interface IntegrationContext {
-  tenantId: string;
-  appId: string;
-  environment?: string;
-  slotId?: string;
-  spec: IntegrationSpec;
-  connection: IntegrationConnection;
-  secretProvider: SecretProvider;
-  secretReference: string;
-  trace: IntegrationTraceMetadata;
-  config?: Record<string, unknown>;
-}
-interface IntegrationCallContext {
-  tenantId: string;
-  appId: string;
-  environment?: string;
-  blueprintName: string;
-  blueprintVersion: number;
-  configVersion: number;
-  slotId: string;
-  operation: string;
-}
-interface IntegrationCallError {
-  code: string;
-  message: string;
-  retryable: boolean;
-  cause?: unknown;
-}
-interface IntegrationCallResult<T> {
-  success: boolean;
-  data?: T;
-  error?: IntegrationCallError;
-  metadata: {
-    latencyMs: number;
-    connectionId: string;
-    ownershipMode: IntegrationConnection['ownershipMode'];
-    attempts: number;
-  };
-}
-interface IntegrationCallGuardOptions {
-  telemetry?: IntegrationTelemetryEmitter;
-  maxAttempts?: number;
-  backoffMs?: number;
-  shouldRetry?: (error: unknown, attempt: number) => boolean;
-  sleep?: (ms: number) => Promise<void>;
-  now?: () => Date;
-}
-declare class IntegrationCallGuard {
-  private readonly secretProvider;
-  private readonly telemetry?;
-  private readonly maxAttempts;
-  private readonly backoffMs;
-  private readonly shouldRetry;
-  private readonly sleep;
-  private readonly now;
-  constructor(secretProvider: SecretProvider, options?: IntegrationCallGuardOptions);
-  executeWithGuards<T>(slotId: string, operation: string, _input: unknown, resolvedConfig: ResolvedAppConfig, executor: (connection: IntegrationConnection, secrets: Record<string, string>) => Promise<T>): Promise<IntegrationCallResult<T>>;
-  private findIntegration;
-  private fetchSecrets;
-  private parseSecret;
-  private emitTelemetry;
-  private failure;
-  private makeContext;
-  private errorCodeFor;
-}
-declare function ensureConnectionReady(integration: ResolvedIntegration): void;
-declare function connectionStatusLabel(status: ConnectionStatus): string;
-//#endregion
-export { IntegrationCallContext, IntegrationCallError, IntegrationCallGuard, IntegrationCallGuardOptions, IntegrationCallResult, IntegrationContext, IntegrationInvocationStatus, IntegrationTelemetryEmitter, IntegrationTelemetryEvent, IntegrationTraceMetadata, connectionStatusLabel, ensureConnectionReady };

package/dist/runtime.js

@@ -1,186 +0,0 @@
-import { performance } from "node:perf_hooks";
-
-//#region src/runtime.ts
-const DEFAULT_MAX_ATTEMPTS = 3;
-const DEFAULT_BACKOFF_MS = 250;
-var IntegrationCallGuard = class {
-	telemetry;
-	maxAttempts;
-	backoffMs;
-	shouldRetry;
-	sleep;
-	now;
-	constructor(secretProvider, options = {}) {
-		this.secretProvider = secretProvider;
-		this.telemetry = options.telemetry;
-		this.maxAttempts = Math.max(1, options.maxAttempts ?? DEFAULT_MAX_ATTEMPTS);
-		this.backoffMs = options.backoffMs ?? DEFAULT_BACKOFF_MS;
-		this.shouldRetry = options.shouldRetry ?? ((error) => typeof error === "object" && error !== null && "retryable" in error && Boolean(error.retryable));
-		this.sleep = options.sleep ?? ((ms) => ms <= 0 ? Promise.resolve() : new Promise((resolve) => setTimeout(resolve, ms)));
-		this.now = options.now ?? (() => /* @__PURE__ */ new Date());
-	}
-	async executeWithGuards(slotId, operation, _input, resolvedConfig, executor) {
-		const integration = this.findIntegration(slotId, resolvedConfig);
-		if (!integration) return this.failure({
-			tenantId: resolvedConfig.tenantId,
-			appId: resolvedConfig.appId,
-			environment: resolvedConfig.environment,
-			blueprintName: resolvedConfig.blueprintName,
-			blueprintVersion: resolvedConfig.blueprintVersion,
-			configVersion: resolvedConfig.configVersion,
-			slotId,
-			operation
-		}, void 0, {
-			code: "SLOT_NOT_BOUND",
-			message: `Integration slot "${slotId}" is not bound for tenant "${resolvedConfig.tenantId}".`,
-			retryable: false
-		}, 0);
-		const status = integration.connection.status;
-		if (status === "disconnected" || status === "error") return this.failure(this.makeContext(slotId, operation, resolvedConfig), integration, {
-			code: "CONNECTION_NOT_READY",
-			message: `Integration connection "${integration.connection.meta.label}" is in status "${status}".`,
-			retryable: false
-		}, 0);
-		const secrets = await this.fetchSecrets(integration.connection);
-		let attempt = 0;
-		const started = performance.now();
-		while (attempt < this.maxAttempts) {
-			attempt += 1;
-			try {
-				const data = await executor(integration.connection, secrets);
-				const duration = performance.now() - started;
-				this.emitTelemetry(this.makeContext(slotId, operation, resolvedConfig), integration, "success", duration);
-				return {
-					success: true,
-					data,
-					metadata: {
-						latencyMs: duration,
-						connectionId: integration.connection.meta.id,
-						ownershipMode: integration.connection.ownershipMode,
-						attempts: attempt
-					}
-				};
-			} catch (error) {
-				const duration = performance.now() - started;
-				this.emitTelemetry(this.makeContext(slotId, operation, resolvedConfig), integration, "error", duration, this.errorCodeFor(error), error instanceof Error ? error.message : String(error));
-				const retryable = this.shouldRetry(error, attempt);
-				if (!retryable || attempt >= this.maxAttempts) return {
-					success: false,
-					error: {
-						code: this.errorCodeFor(error),
-						message: error instanceof Error ? error.message : String(error),
-						retryable,
-						cause: error
-					},
-					metadata: {
-						latencyMs: duration,
-						connectionId: integration.connection.meta.id,
-						ownershipMode: integration.connection.ownershipMode,
-						attempts: attempt
-					}
-				};
-				await this.sleep(this.backoffMs);
-			}
-		}
-		return {
-			success: false,
-			error: {
-				code: "UNKNOWN_ERROR",
-				message: "Integration call failed after retries.",
-				retryable: false
-			},
-			metadata: {
-				latencyMs: performance.now() - started,
-				connectionId: integration.connection.meta.id,
-				ownershipMode: integration.connection.ownershipMode,
-				attempts: this.maxAttempts
-			}
-		};
-	}
-	findIntegration(slotId, config) {
-		return config.integrations.find((integration) => integration.slot.slotId === slotId);
-	}
-	async fetchSecrets(connection) {
-		if (!this.secretProvider.canHandle(connection.secretRef)) throw new Error(`Secret provider "${this.secretProvider.id}" cannot handle reference "${connection.secretRef}".`);
-		const secret = await this.secretProvider.getSecret(connection.secretRef);
-		return this.parseSecret(secret);
-	}
-	parseSecret(secret) {
-		const text = new TextDecoder().decode(secret.data);
-		try {
-			const parsed = JSON.parse(text);
-			if (parsed && typeof parsed === "object" && !Array.isArray(parsed)) {
-				const entries = Object.entries(parsed).filter(([, value]) => typeof value === "string" || typeof value === "number" || typeof value === "boolean");
-				return Object.fromEntries(entries.map(([key, value]) => [key, String(value)]));
-			}
-		} catch {}
-		return { secret: text };
-	}
-	emitTelemetry(context, integration, status, durationMs, errorCode, errorMessage) {
-		if (!this.telemetry || !integration) return;
-		this.telemetry.record({
-			tenantId: context.tenantId,
-			appId: context.appId,
-			environment: context.environment,
-			slotId: context.slotId,
-			integrationKey: integration.connection.meta.integrationKey,
-			integrationVersion: integration.connection.meta.integrationVersion,
-			connectionId: integration.connection.meta.id,
-			status,
-			durationMs,
-			errorCode,
-			errorMessage,
-			occurredAt: this.now(),
-			metadata: {
-				blueprint: `${context.blueprintName}.v${context.blueprintVersion}`,
-				configVersion: context.configVersion,
-				operation: context.operation
-			}
-		});
-	}
-	failure(context, integration, error, attempts) {
-		if (integration) this.emitTelemetry(context, integration, "error", 0, error.code, error.message);
-		return {
-			success: false,
-			error,
-			metadata: {
-				latencyMs: 0,
-				connectionId: integration?.connection.meta.id ?? "unknown",
-				ownershipMode: integration?.connection.ownershipMode ?? "managed",
-				attempts
-			}
-		};
-	}
-	makeContext(slotId, operation, config) {
-		return {
-			tenantId: config.tenantId,
-			appId: config.appId,
-			environment: config.environment,
-			blueprintName: config.blueprintName,
-			blueprintVersion: config.blueprintVersion,
-			configVersion: config.configVersion,
-			slotId,
-			operation
-		};
-	}
-	errorCodeFor(error) {
-		if (typeof error === "object" && error !== null && "code" in error && typeof error.code === "string") return error.code;
-		return "PROVIDER_ERROR";
-	}
-};
-function ensureConnectionReady(integration) {
-	const status = integration.connection.status;
-	if (status === "disconnected" || status === "error") throw new Error(`Integration connection "${integration.connection.meta.label}" is in status "${status}".`);
-}
-function connectionStatusLabel(status) {
-	switch (status) {
-		case "connected": return "connected";
-		case "disconnected": return "disconnected";
-		case "error": return "error";
-		case "unknown":
-		default: return "unknown";
-	}
-}
-
-//#endregion
-export { IntegrationCallGuard, connectionStatusLabel, ensureConnectionReady };

package/dist/secrets/env-secret-provider.d.ts

@@ -1,31 +0,0 @@
-import { SecretProvider, SecretReference, SecretRotationResult, SecretValue, SecretWritePayload } from "./provider.js";
-
-//#region src/secrets/env-secret-provider.d.ts
-interface EnvSecretProviderOptions {
-  /**
-   * Optional map to alias secret references to environment variable names.
-   * Useful when referencing secrets from other providers (e.g. gcp://...)
-   * while still allowing local overrides.
-   */
-  aliases?: Record<string, string>;
-}
-/**
- * Environment-variable backed secret provider. Read-only by design.
- * Allows overriding other secret providers by deriving environment variable
- * names from secret references (or by using explicit aliases).
- */
-declare class EnvSecretProvider implements SecretProvider {
-  readonly id = "env";
-  private readonly aliases;
-  constructor(options?: EnvSecretProviderOptions);
-  canHandle(reference: SecretReference): boolean;
-  getSecret(reference: SecretReference): Promise<SecretValue>;
-  setSecret(reference: SecretReference, _payload: SecretWritePayload): Promise<SecretRotationResult>;
-  rotateSecret(reference: SecretReference, _payload: SecretWritePayload): Promise<SecretRotationResult>;
-  deleteSecret(reference: SecretReference): Promise<void>;
-  private resolveEnvKey;
-  private deriveEnvKey;
-  private forbiddenError;
-}
-//#endregion
-export { EnvSecretProvider };

package/dist/secrets/env-secret-provider.js

@@ -1,81 +0,0 @@
-import { SecretProviderError, parseSecretUri } from "./provider.js";
-
-//#region src/secrets/env-secret-provider.ts
-/**
-* Environment-variable backed secret provider. Read-only by design.
-* Allows overriding other secret providers by deriving environment variable
-* names from secret references (or by using explicit aliases).
-*/
-var EnvSecretProvider = class {
-	id = "env";
-	aliases;
-	constructor(options = {}) {
-		this.aliases = options.aliases ?? {};
-	}
-	canHandle(reference) {
-		const envKey = this.resolveEnvKey(reference);
-		return envKey !== void 0 && process.env[envKey] !== void 0;
-	}
-	async getSecret(reference) {
-		const envKey = this.resolveEnvKey(reference);
-		if (!envKey) throw new SecretProviderError({
-			message: `Unable to resolve environment variable for reference "${reference}".`,
-			provider: this.id,
-			reference,
-			code: "INVALID"
-		});
-		const value = process.env[envKey];
-		if (value === void 0) throw new SecretProviderError({
-			message: `Environment variable "${envKey}" not found for reference "${reference}".`,
-			provider: this.id,
-			reference,
-			code: "NOT_FOUND"
-		});
-		return {
-			data: Buffer.from(value, "utf-8"),
-			version: "current",
-			metadata: {
-				source: "env",
-				envKey
-			},
-			retrievedAt: /* @__PURE__ */ new Date()
-		};
-	}
-	async setSecret(reference, _payload) {
-		throw this.forbiddenError("setSecret", reference);
-	}
-	async rotateSecret(reference, _payload) {
-		throw this.forbiddenError("rotateSecret", reference);
-	}
-	async deleteSecret(reference) {
-		throw this.forbiddenError("deleteSecret", reference);
-	}
-	resolveEnvKey(reference) {
-		if (!reference) return;
-		if (this.aliases[reference]) return this.aliases[reference];
-		if (!reference.includes("://")) return reference;
-		try {
-			const parsed = parseSecretUri(reference);
-			if (parsed.provider === "env") return parsed.path;
-			if (parsed.extras?.env) return parsed.extras.env;
-			return this.deriveEnvKey(parsed.path);
-		} catch {
-			return reference;
-		}
-	}
-	deriveEnvKey(path) {
-		if (!path) return void 0;
-		return path.split(/[\/:\-\.]/).filter(Boolean).map((segment) => segment.replace(/[^a-zA-Z0-9]/g, "_").replace(/_{2,}/g, "_").toUpperCase()).join("_");
-	}
-	forbiddenError(operation, reference) {
-		return new SecretProviderError({
-			message: `EnvSecretProvider is read-only. "${operation}" is not allowed for ${reference}.`,
-			provider: this.id,
-			reference,
-			code: "FORBIDDEN"
-		});
-	}
-};
-
-//#endregion
-export { EnvSecretProvider };

package/dist/secrets/gcp-secret-manager.d.ts

@@ -1,32 +0,0 @@
-import { SecretProvider, SecretReference, SecretRotationResult, SecretValue, SecretWritePayload } from "./provider.js";
-import { SecretManagerServiceClient, protos } from "@google-cloud/secret-manager";
-import { CallOptions } from "google-gax";
-
-//#region src/secrets/gcp-secret-manager.d.ts
-type SecretManagerClient = SecretManagerServiceClient;
-interface GcpSecretManagerProviderOptions {
-  projectId?: string;
-  client?: SecretManagerClient;
-  clientOptions?: ConstructorParameters<typeof SecretManagerServiceClient>[0];
-  defaultReplication?: protos.google.cloud.secretmanager.v1.IReplication;
-}
-declare class GcpSecretManagerProvider implements SecretProvider {
-  readonly id = "gcp-secret-manager";
-  private readonly client;
-  private readonly explicitProjectId?;
-  private readonly replication;
-  constructor(options?: GcpSecretManagerProviderOptions);
-  canHandle(reference: SecretReference): boolean;
-  getSecret(reference: SecretReference, options?: {
-    version?: string;
-  }, callOptions?: CallOptions): Promise<SecretValue>;
-  setSecret(reference: SecretReference, payload: SecretWritePayload): Promise<SecretRotationResult>;
-  rotateSecret(reference: SecretReference, payload: SecretWritePayload): Promise<SecretRotationResult>;
-  deleteSecret(reference: SecretReference): Promise<void>;
-  private parseReference;
-  private buildNames;
-  private buildVersionName;
-  private ensureSecretExists;
-}
-//#endregion
-export { GcpSecretManagerProvider };