@lssm/integration.runtime 0.0.0-canary-20251219202229 → 0.0.0-canary-20251220002821

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/dist/secrets/env-secret-provider.d.ts.map +1 -1
  2. package/dist/secrets/env-secret-provider.js +1 -1
  3. package/dist/secrets/env-secret-provider.js.map +1 -1
  4. package/dist/secrets/manager.d.ts.map +1 -1
  5. package/dist/secrets/manager.js.map +1 -1
  6. package/package.json +13 -7
package/dist/secrets/env-secret-provider.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"env-secret-provider.d.ts","names":[],"sources":["../../src/secrets/env-secret-provider.ts"],"sourcesContent":[],"mappings":";;;UASU,wBAAA;;AAFU;AAgBpB;;;EAc6B,OAAA,CAAA,EAtBjB,MAsBiB,CAAA,MAAA,EAAA,MAAA,CAAA;;;;;;;AAwCd,cAtDF,iBAAA,YAA6B,cAsD3B,CAAA;EACD,SAAA,EAAA,GAAA,KAAA;EACD,iBAAA,OAAA;EAAR,WAAA,CAAA,OAAA,CAAA,EAnDkB,wBAmDlB;EAI2B,SAAA,CAAA,SAAA,EAnDT,eAmDS,CAAA,EAAA,OAAA;EAAkB,SAAA,CAAA,SAAA,EA9CrB,eA8CqB,CAAA,EA9CH,OA8CG,CA9CK,WA8CL,CAAA;EA5DR,SAAA,CAAA,SAAA,EA+C3B,eA/C2B,EAAA,QAAA,EAgD5B,kBAhD4B,CAAA,EAiDrC,OAjDqC,CAiD7B,oBAjD6B,CAAA;EAAc,YAAA,CAAA,SAAA,EAsDzC,eAtDyC,EAAA,QAAA,EAuD1C,kBAvD0C,CAAA,EAwDnD,OAxDmD,CAwD3C,oBAxD2C,CAAA;0BA4DxB,kBAAkB"}
1
+ {"version":3,"file":"env-secret-provider.d.ts","names":[],"sources":["../../src/secrets/env-secret-provider.ts"],"sourcesContent":[],"mappings":";;;UASU,wBAAA;;AAHU;AAiBpB;;;EAc6B,OAAA,CAAA,EAtBjB,MAsBiB,CAAA,MAAA,EAAA,MAAA,CAAA;;;;;;;AAwCd,cAtDF,iBAAA,YAA6B,cAsD3B,CAAA;EACD,SAAA,EAAA,GAAA,KAAA;EACD,iBAAA,OAAA;EAAR,WAAA,CAAA,OAAA,CAAA,EAnDkB,wBAmDlB;EAI2B,SAAA,CAAA,SAAA,EAnDT,eAmDS,CAAA,EAAA,OAAA;EAAkB,SAAA,CAAA,SAAA,EA9CrB,eA8CqB,CAAA,EA9CH,OA8CG,CA9CK,WA8CL,CAAA;EA5DR,SAAA,CAAA,SAAA,EA+C3B,eA/C2B,EAAA,QAAA,EAgD5B,kBAhD4B,CAAA,EAiDrC,OAjDqC,CAiD7B,oBAjD6B,CAAA;EAAc,YAAA,CAAA,SAAA,EAsDzC,eAtDyC,EAAA,QAAA,EAuD1C,kBAvD0C,CAAA,EAwDnD,OAxDmD,CAwD3C,oBAxD2C,CAAA;0BA4DxB,kBAAkB"}
package/dist/secrets/env-secret-provider.js CHANGED
@@ -65,7 +65,7 @@ var EnvSecretProvider = class {
65
65
  }
66
66
  deriveEnvKey(path) {
67
67
  if (!path) return void 0;
68
- return path.split(/[\/:\-\.]/).filter(Boolean).map((segment) => segment.replace(/[^a-zA-Z0-9]/g, "_").replace(/_{2,}/g, "_").toUpperCase()).join("_");
68
+ return path.split(/[/:\-.]/).filter(Boolean).map((segment) => segment.replace(/[^a-zA-Z0-9]/g, "_").replace(/_{2,}/g, "_").toUpperCase()).join("_");
69
69
  }
70
70
  forbiddenError(operation, reference) {
71
71
  return new SecretProviderError({
package/dist/secrets/env-secret-provider.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"env-secret-provider.js","names":[],"sources":["../../src/secrets/env-secret-provider.ts"],"sourcesContent":["import { parseSecretUri, SecretProviderError } from './provider';\nimport type {\n SecretProvider,\n SecretReference,\n SecretRotationResult,\n SecretValue,\n SecretWritePayload,\n} from './provider';\n\ninterface EnvSecretProviderOptions {\n /**\n * Optional map to alias secret references to environment variable names.\n * Useful when referencing secrets from other providers (e.g. gcp://...)\n * while still allowing local overrides.\n */\n aliases?: Record<string, string>;\n}\n\n/**\n * Environment-variable backed secret provider. Read-only by design.\n * Allows overriding other secret providers by deriving environment variable\n * names from secret references (or by using explicit aliases).\n */\nexport class EnvSecretProvider implements SecretProvider {\n readonly id = 'env';\n\n private readonly aliases: Record<string, string>;\n\n constructor(options: EnvSecretProviderOptions = {}) {\n this.aliases = options.aliases ?? {};\n }\n\n canHandle(reference: SecretReference): boolean {\n const envKey = this.resolveEnvKey(reference);\n return envKey !== undefined && process.env[envKey] !== undefined;\n }\n\n async getSecret(reference: SecretReference): Promise<SecretValue> {\n const envKey = this.resolveEnvKey(reference);\n if (!envKey) {\n throw new SecretProviderError({\n message: `Unable to resolve environment variable for reference \"${reference}\".`,\n provider: this.id,\n reference,\n code: 'INVALID',\n });\n }\n\n const value = process.env[envKey];\n if (value === undefined) {\n throw new SecretProviderError({\n message: `Environment variable \"${envKey}\" not found for reference \"${reference}\".`,\n provider: this.id,\n reference,\n code: 'NOT_FOUND',\n });\n }\n\n return {\n data: Buffer.from(value, 'utf-8'),\n version: 'current',\n metadata: {\n source: 'env',\n envKey,\n },\n retrievedAt: new Date(),\n };\n }\n\n async setSecret(\n reference: SecretReference,\n _payload: SecretWritePayload\n ): Promise<SecretRotationResult> {\n throw this.forbiddenError('setSecret', reference);\n }\n\n async rotateSecret(\n reference: SecretReference,\n _payload: SecretWritePayload\n ): Promise<SecretRotationResult> {\n throw this.forbiddenError('rotateSecret', reference);\n }\n\n async deleteSecret(reference: SecretReference): Promise<void> {\n throw this.forbiddenError('deleteSecret', reference);\n }\n\n private resolveEnvKey(reference: SecretReference): string | undefined {\n if (!reference) {\n return undefined;\n }\n\n if (this.aliases[reference]) {\n return this.aliases[reference];\n }\n\n if (!reference.includes('://')) {\n return reference;\n }\n\n try {\n const parsed = parseSecretUri(reference);\n if (parsed.provider === 'env') {\n return parsed.path;\n }\n\n if (parsed.extras?.env) {\n return parsed.extras.env;\n }\n\n return this.deriveEnvKey(parsed.path);\n } catch {\n return reference;\n }\n }\n\n private deriveEnvKey(path: string): string | undefined {\n if (!path) return undefined;\n return path\n .split(/[\\/:\\-\\.]/)\n .filter(Boolean)\n .map((segment) =>\n segment\n .replace(/[^a-zA-Z0-9]/g, '_')\n .replace(/_{2,}/g, '_')\n .toUpperCase()\n )\n .join('_');\n }\n\n private forbiddenError(\n operation: string,\n reference: SecretReference\n ): SecretProviderError {\n return new SecretProviderError({\n message: `EnvSecretProvider is read-only. \"${operation}\" is not allowed for ${reference}.`,\n provider: this.id,\n reference,\n code: 'FORBIDDEN',\n });\n }\n}\n"],"mappings":";;;;;;;;AAuBA,IAAa,oBAAb,MAAyD;CACvD,AAAS,KAAK;CAEd,AAAiB;CAEjB,YAAY,UAAoC,EAAE,EAAE;AAClD,OAAK,UAAU,QAAQ,WAAW,EAAE;;CAGtC,UAAU,WAAqC;EAC7C,MAAM,SAAS,KAAK,cAAc,UAAU;AAC5C,SAAO,WAAW,UAAa,QAAQ,IAAI,YAAY;;CAGzD,MAAM,UAAU,WAAkD;EAChE,MAAM,SAAS,KAAK,cAAc,UAAU;AAC5C,MAAI,CAAC,OACH,OAAM,IAAI,oBAAoB;GAC5B,SAAS,yDAAyD,UAAU;GAC5E,UAAU,KAAK;GACf;GACA,MAAM;GACP,CAAC;EAGJ,MAAM,QAAQ,QAAQ,IAAI;AAC1B,MAAI,UAAU,OACZ,OAAM,IAAI,oBAAoB;GAC5B,SAAS,yBAAyB,OAAO,6BAA6B,UAAU;GAChF,UAAU,KAAK;GACf;GACA,MAAM;GACP,CAAC;AAGJ,SAAO;GACL,MAAM,OAAO,KAAK,OAAO,QAAQ;GACjC,SAAS;GACT,UAAU;IACR,QAAQ;IACR;IACD;GACD,6BAAa,IAAI,MAAM;GACxB;;CAGH,MAAM,UACJ,WACA,UAC+B;AAC/B,QAAM,KAAK,eAAe,aAAa,UAAU;;CAGnD,MAAM,aACJ,WACA,UAC+B;AAC/B,QAAM,KAAK,eAAe,gBAAgB,UAAU;;CAGtD,MAAM,aAAa,WAA2C;AAC5D,QAAM,KAAK,eAAe,gBAAgB,UAAU;;CAGtD,AAAQ,cAAc,WAAgD;AACpE,MAAI,CAAC,UACH;AAGF,MAAI,KAAK,QAAQ,WACf,QAAO,KAAK,QAAQ;AAGtB,MAAI,CAAC,UAAU,SAAS,MAAM,CAC5B,QAAO;AAGT,MAAI;GACF,MAAM,SAAS,eAAe,UAAU;AACxC,OAAI,OAAO,aAAa,MACtB,QAAO,OAAO;AAGhB,OAAI,OAAO,QAAQ,IACjB,QAAO,OAAO,OAAO;AAGvB,UAAO,KAAK,aAAa,OAAO,KAAK;UAC/B;AACN,UAAO;;;CAIX,AAAQ,aAAa,MAAkC;AACrD,MAAI,CAAC,KAAM,QAAO;AAClB,SAAO,KACJ,MAAM,YAAY,CAClB,OAAO,QAAQ,CACf,KAAK,YACJ,QACG,QAAQ,iBAAiB,IAAI,CAC7B,QAAQ,UAAU,IAAI,CACtB,aAAa,CACjB,CACA,KAAK,IAAI;;CAGd,AAAQ,eACN,WACA,WACqB;AACrB,SAAO,IAAI,oBAAoB;GAC7B,SAAS,oCAAoC,UAAU,uBAAuB,UAAU;GACxF,UAAU,KAAK;GACf;GACA,MAAM;GACP,CAAC"}
1
+ {"version":3,"file":"env-secret-provider.js","names":[],"sources":["../../src/secrets/env-secret-provider.ts"],"sourcesContent":["import type {\n SecretProvider,\n SecretReference,\n SecretRotationResult,\n SecretValue,\n SecretWritePayload,\n} from './provider';\nimport { parseSecretUri, SecretProviderError } from './provider';\n\ninterface EnvSecretProviderOptions {\n /**\n * Optional map to alias secret references to environment variable names.\n * Useful when referencing secrets from other providers (e.g. gcp://...)\n * while still allowing local overrides.\n */\n aliases?: Record<string, string>;\n}\n\n/**\n * Environment-variable backed secret provider. Read-only by design.\n * Allows overriding other secret providers by deriving environment variable\n * names from secret references (or by using explicit aliases).\n */\nexport class EnvSecretProvider implements SecretProvider {\n readonly id = 'env';\n\n private readonly aliases: Record<string, string>;\n\n constructor(options: EnvSecretProviderOptions = {}) {\n this.aliases = options.aliases ?? {};\n }\n\n canHandle(reference: SecretReference): boolean {\n const envKey = this.resolveEnvKey(reference);\n return envKey !== undefined && process.env[envKey] !== undefined;\n }\n\n async getSecret(reference: SecretReference): Promise<SecretValue> {\n const envKey = this.resolveEnvKey(reference);\n if (!envKey) {\n throw new SecretProviderError({\n message: `Unable to resolve environment variable for reference \"${reference}\".`,\n provider: this.id,\n reference,\n code: 'INVALID',\n });\n }\n\n const value = process.env[envKey];\n if (value === undefined) {\n throw new SecretProviderError({\n message: `Environment variable \"${envKey}\" not found for reference \"${reference}\".`,\n provider: this.id,\n reference,\n code: 'NOT_FOUND',\n });\n }\n\n return {\n data: Buffer.from(value, 'utf-8'),\n version: 'current',\n metadata: {\n source: 'env',\n envKey,\n },\n retrievedAt: new Date(),\n };\n }\n\n async setSecret(\n reference: SecretReference,\n _payload: SecretWritePayload\n ): Promise<SecretRotationResult> {\n throw this.forbiddenError('setSecret', reference);\n }\n\n async rotateSecret(\n reference: SecretReference,\n _payload: SecretWritePayload\n ): Promise<SecretRotationResult> {\n throw this.forbiddenError('rotateSecret', reference);\n }\n\n async deleteSecret(reference: SecretReference): Promise<void> {\n throw this.forbiddenError('deleteSecret', reference);\n }\n\n private resolveEnvKey(reference: SecretReference): string | undefined {\n if (!reference) {\n return undefined;\n }\n\n if (this.aliases[reference]) {\n return this.aliases[reference];\n }\n\n if (!reference.includes('://')) {\n return reference;\n }\n\n try {\n const parsed = parseSecretUri(reference);\n if (parsed.provider === 'env') {\n return parsed.path;\n }\n\n if (parsed.extras?.env) {\n return parsed.extras.env;\n }\n\n return this.deriveEnvKey(parsed.path);\n } catch {\n return reference;\n }\n }\n\n private deriveEnvKey(path: string): string | undefined {\n if (!path) return undefined;\n return path\n .split(/[/:\\-.]/)\n .filter(Boolean)\n .map((segment) =>\n segment\n .replace(/[^a-zA-Z0-9]/g, '_')\n .replace(/_{2,}/g, '_')\n .toUpperCase()\n )\n .join('_');\n }\n\n private forbiddenError(\n operation: string,\n reference: SecretReference\n ): SecretProviderError {\n return new SecretProviderError({\n message: `EnvSecretProvider is read-only. \"${operation}\" is not allowed for ${reference}.`,\n provider: this.id,\n reference,\n code: 'FORBIDDEN',\n });\n }\n}\n"],"mappings":";;;;;;;;AAuBA,IAAa,oBAAb,MAAyD;CACvD,AAAS,KAAK;CAEd,AAAiB;CAEjB,YAAY,UAAoC,EAAE,EAAE;AAClD,OAAK,UAAU,QAAQ,WAAW,EAAE;;CAGtC,UAAU,WAAqC;EAC7C,MAAM,SAAS,KAAK,cAAc,UAAU;AAC5C,SAAO,WAAW,UAAa,QAAQ,IAAI,YAAY;;CAGzD,MAAM,UAAU,WAAkD;EAChE,MAAM,SAAS,KAAK,cAAc,UAAU;AAC5C,MAAI,CAAC,OACH,OAAM,IAAI,oBAAoB;GAC5B,SAAS,yDAAyD,UAAU;GAC5E,UAAU,KAAK;GACf;GACA,MAAM;GACP,CAAC;EAGJ,MAAM,QAAQ,QAAQ,IAAI;AAC1B,MAAI,UAAU,OACZ,OAAM,IAAI,oBAAoB;GAC5B,SAAS,yBAAyB,OAAO,6BAA6B,UAAU;GAChF,UAAU,KAAK;GACf;GACA,MAAM;GACP,CAAC;AAGJ,SAAO;GACL,MAAM,OAAO,KAAK,OAAO,QAAQ;GACjC,SAAS;GACT,UAAU;IACR,QAAQ;IACR;IACD;GACD,6BAAa,IAAI,MAAM;GACxB;;CAGH,MAAM,UACJ,WACA,UAC+B;AAC/B,QAAM,KAAK,eAAe,aAAa,UAAU;;CAGnD,MAAM,aACJ,WACA,UAC+B;AAC/B,QAAM,KAAK,eAAe,gBAAgB,UAAU;;CAGtD,MAAM,aAAa,WAA2C;AAC5D,QAAM,KAAK,eAAe,gBAAgB,UAAU;;CAGtD,AAAQ,cAAc,WAAgD;AACpE,MAAI,CAAC,UACH;AAGF,MAAI,KAAK,QAAQ,WACf,QAAO,KAAK,QAAQ;AAGtB,MAAI,CAAC,UAAU,SAAS,MAAM,CAC5B,QAAO;AAGT,MAAI;GACF,MAAM,SAAS,eAAe,UAAU;AACxC,OAAI,OAAO,aAAa,MACtB,QAAO,OAAO;AAGhB,OAAI,OAAO,QAAQ,IACjB,QAAO,OAAO,OAAO;AAGvB,UAAO,KAAK,aAAa,OAAO,KAAK;UAC/B;AACN,UAAO;;;CAIX,AAAQ,aAAa,MAAkC;AACrD,MAAI,CAAC,KAAM,QAAO;AAClB,SAAO,KACJ,MAAM,UAAU,CAChB,OAAO,QAAQ,CACf,KAAK,YACJ,QACG,QAAQ,iBAAiB,IAAI,CAC7B,QAAQ,UAAU,IAAI,CACtB,aAAa,CACjB,CACA,KAAK,IAAI;;CAGd,AAAQ,eACN,WACA,WACqB;AACrB,SAAO,IAAI,oBAAoB;GAC7B,SAAS,oCAAoC,UAAU,uBAAuB,UAAU;GACxF,UAAU,KAAK;GACf;GACA,MAAM;GACP,CAAC"}
package/dist/secrets/manager.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"manager.d.ts","names":[],"sources":["../../src/secrets/manager.ts"],"sourcesContent":[],"mappings":";;;UAeU,eAAA;;AARU;AAepB;EAmBa,QAAA,CAAA,EAAA,MAAA;;AAaQ,UAhCJ,4BAAA,CAgCI;EAAyB;;;EAuBhC,EAAA,CAAA,EAAA,MAAA;EACD;;;;EA2BA,SAAA,CAAA,EAAA;IAAR,QAAA,EA1EqB,cA0ErB;IAOU,QAAA,CAAA,EAAA,MAAA;EACF,CAAA,EAAA;;;;;;;AA0EZ;;cAlJY,qBAAA,YAAiC;;;;wBAKvB;qBAQF,0BAAyB;uBAevB;uBAOR,2BACD,qBACT,QAAQ;uBAyBE,0BACF,qBACR,QAAQ;0BAOE,0BACF,qBACR,QAAQ;0BAMmB,kBAAkB;;;;KA6E7C,kBAAA,GAAqB,WAAW"}
1
+ {"version":3,"file":"manager.d.ts","names":[],"sources":["../../src/secrets/manager.ts"],"sourcesContent":[],"mappings":";;;UAeU,eAAA;;AATU;AAgBpB;EAmBa,QAAA,CAAA,EAAA,MAAA;;AAaQ,UAhCJ,4BAAA,CAgCI;EAAyB;;;EAuBhC,EAAA,CAAA,EAAA,MAAA;EACD;;;;EA2BA,SAAA,CAAA,EAAA;IAAR,QAAA,EA1EqB,cA0ErB;IAOU,QAAA,CAAA,EAAA,MAAA;EACF,CAAA,EAAA;;;;;;;AA2EZ;;cAnJY,qBAAA,YAAiC;;;;wBAKvB;qBAQF,0BAAyB;uBAevB;uBAOR,2BACD,qBACT,QAAQ;uBAyBE,0BACF,qBACR,QAAQ;0BAOE,0BACF,qBACR,QAAQ;0BAMmB,kBAAkB;;;;KA8E7C,kBAAA,GAAqB,WAAW"}
package/dist/secrets/manager.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"manager.js","names":["errors: SecretProviderError[]"],"sources":["../../src/secrets/manager.ts"],"sourcesContent":["import { SecretProviderError } from './provider';\nimport type {\n SecretProvider,\n SecretReference,\n SecretRotationResult,\n SecretValue,\n SecretWritePayload,\n} from './provider';\n\ninterface ProviderRegistration {\n readonly provider: SecretProvider;\n readonly priority: number;\n readonly order: number;\n}\n\ninterface RegisterOptions {\n /**\n * Larger priority values are attempted first. Defaults to 0.\n */\n priority?: number;\n}\n\nexport interface SecretProviderManagerOptions {\n /**\n * Override manager identifier. Defaults to \"secret-provider-manager\".\n */\n id?: string;\n /**\n * Providers to pre-register. They are registered in array order with\n * descending priority (first entry wins ties).\n */\n providers?: { provider: SecretProvider; priority?: number }[];\n}\n\n/**\n * Composite secret provider that delegates to registered providers.\n * Providers are attempted in order of descending priority, respecting the\n * registration order for ties. This enables privileged overrides (e.g.\n * environment variables) while still supporting durable backends like GCP\n * Secret Manager.\n */\nexport class SecretProviderManager implements SecretProvider {\n readonly id: string;\n private readonly providers: ProviderRegistration[] = [];\n private registrationCounter = 0;\n\n constructor(options: SecretProviderManagerOptions = {}) {\n this.id = options.id ?? 'secret-provider-manager';\n const initialProviders = options.providers ?? [];\n for (const entry of initialProviders) {\n this.register(entry.provider, { priority: entry.priority });\n }\n }\n\n register(provider: SecretProvider, options: RegisterOptions = {}): this {\n this.providers.push({\n provider,\n priority: options.priority ?? 0,\n order: this.registrationCounter++,\n });\n this.providers.sort((a, b) => {\n if (a.priority !== b.priority) {\n return b.priority - a.priority;\n }\n return a.order - b.order;\n });\n return this;\n }\n\n canHandle(reference: SecretReference): boolean {\n return this.providers.some(({ provider }) =>\n safeCanHandle(provider, reference)\n );\n }\n\n async getSecret(\n reference: SecretReference,\n options?: SecretFetchOptions\n ): Promise<SecretValue> {\n const errors: SecretProviderError[] = [];\n\n for (const { provider } of this.providers) {\n if (!safeCanHandle(provider, reference)) {\n continue;\n }\n try {\n return await provider.getSecret(reference, options);\n } catch (error) {\n if (error instanceof SecretProviderError) {\n errors.push(error);\n if (error.code !== 'NOT_FOUND') {\n break;\n }\n continue;\n }\n throw error;\n }\n }\n\n throw this.composeError('getSecret', reference, errors, options?.version);\n }\n\n async setSecret(\n reference: SecretReference,\n payload: SecretWritePayload\n ): Promise<SecretRotationResult> {\n return this.delegateToFirst('setSecret', reference, (provider) =>\n provider.setSecret(reference, payload)\n );\n }\n\n async rotateSecret(\n reference: SecretReference,\n payload: SecretWritePayload\n ): Promise<SecretRotationResult> {\n return this.delegateToFirst('rotateSecret', reference, (provider) =>\n provider.rotateSecret(reference, payload)\n );\n }\n\n async deleteSecret(reference: SecretReference): Promise<void> {\n await this.delegateToFirst('deleteSecret', reference, (provider) =>\n provider.deleteSecret(reference)\n );\n }\n\n private async delegateToFirst<T>(\n operation: 'setSecret' | 'rotateSecret' | 'deleteSecret',\n reference: SecretReference,\n invoker: (provider: SecretProvider) => Promise<T>\n ): Promise<T> {\n const errors: SecretProviderError[] = [];\n\n for (const { provider } of this.providers) {\n if (!safeCanHandle(provider, reference)) {\n continue;\n }\n try {\n return await invoker(provider);\n } catch (error) {\n if (error instanceof SecretProviderError) {\n errors.push(error);\n continue;\n }\n throw error;\n }\n }\n\n throw this.composeError(operation, reference, errors);\n }\n\n private composeError(\n operation: string,\n reference: SecretReference,\n errors: SecretProviderError[],\n version?: string\n ): SecretProviderError {\n if (errors.length === 1) {\n const [singleError] = errors;\n if (singleError) {\n return singleError;\n }\n }\n\n const messageParts = [\n `No registered secret provider could ${operation}`,\n `reference \"${reference}\"`,\n ];\n if (version) {\n messageParts.push(`(version: ${version})`);\n }\n if (errors.length > 1) {\n messageParts.push(\n `Attempts: ${errors\n .map((error) => `${error.provider}:${error.code}`)\n .join(', ')}`\n );\n }\n\n return new SecretProviderError({\n message: messageParts.join(' '),\n provider: this.id,\n reference,\n code: errors.length > 0 ? errors[errors.length - 1]!.code : 'UNKNOWN',\n cause: errors,\n });\n }\n}\n\nfunction safeCanHandle(provider: SecretProvider, reference: SecretReference) {\n try {\n return provider.canHandle(reference);\n } catch {\n return false;\n }\n}\n\ntype SecretFetchOptions = Parameters<SecretProvider['getSecret']>[1];\n"],"mappings":";;;;;;;;;;AAyCA,IAAa,wBAAb,MAA6D;CAC3D,AAAS;CACT,AAAiB,YAAoC,EAAE;CACvD,AAAQ,sBAAsB;CAE9B,YAAY,UAAwC,EAAE,EAAE;AACtD,OAAK,KAAK,QAAQ,MAAM;EACxB,MAAM,mBAAmB,QAAQ,aAAa,EAAE;AAChD,OAAK,MAAM,SAAS,iBAClB,MAAK,SAAS,MAAM,UAAU,EAAE,UAAU,MAAM,UAAU,CAAC;;CAI/D,SAAS,UAA0B,UAA2B,EAAE,EAAQ;AACtE,OAAK,UAAU,KAAK;GAClB;GACA,UAAU,QAAQ,YAAY;GAC9B,OAAO,KAAK;GACb,CAAC;AACF,OAAK,UAAU,MAAM,GAAG,MAAM;AAC5B,OAAI,EAAE,aAAa,EAAE,SACnB,QAAO,EAAE,WAAW,EAAE;AAExB,UAAO,EAAE,QAAQ,EAAE;IACnB;AACF,SAAO;;CAGT,UAAU,WAAqC;AAC7C,SAAO,KAAK,UAAU,MAAM,EAAE,eAC5B,cAAc,UAAU,UAAU,CACnC;;CAGH,MAAM,UACJ,WACA,SACsB;EACtB,MAAMA,SAAgC,EAAE;AAExC,OAAK,MAAM,EAAE,cAAc,KAAK,WAAW;AACzC,OAAI,CAAC,cAAc,UAAU,UAAU,CACrC;AAEF,OAAI;AACF,WAAO,MAAM,SAAS,UAAU,WAAW,QAAQ;YAC5C,OAAO;AACd,QAAI,iBAAiB,qBAAqB;AACxC,YAAO,KAAK,MAAM;AAClB,SAAI,MAAM,SAAS,YACjB;AAEF;;AAEF,UAAM;;;AAIV,QAAM,KAAK,aAAa,aAAa,WAAW,QAAQ,SAAS,QAAQ;;CAG3E,MAAM,UACJ,WACA,SAC+B;AAC/B,SAAO,KAAK,gBAAgB,aAAa,YAAY,aACnD,SAAS,UAAU,WAAW,QAAQ,CACvC;;CAGH,MAAM,aACJ,WACA,SAC+B;AAC/B,SAAO,KAAK,gBAAgB,gBAAgB,YAAY,aACtD,SAAS,aAAa,WAAW,QAAQ,CAC1C;;CAGH,MAAM,aAAa,WAA2C;AAC5D,QAAM,KAAK,gBAAgB,gBAAgB,YAAY,aACrD,SAAS,aAAa,UAAU,CACjC;;CAGH,MAAc,gBACZ,WACA,WACA,SACY;EACZ,MAAMA,SAAgC,EAAE;AAExC,OAAK,MAAM,EAAE,cAAc,KAAK,WAAW;AACzC,OAAI,CAAC,cAAc,UAAU,UAAU,CACrC;AAEF,OAAI;AACF,WAAO,MAAM,QAAQ,SAAS;YACvB,OAAO;AACd,QAAI,iBAAiB,qBAAqB;AACxC,YAAO,KAAK,MAAM;AAClB;;AAEF,UAAM;;;AAIV,QAAM,KAAK,aAAa,WAAW,WAAW,OAAO;;CAGvD,AAAQ,aACN,WACA,WACA,QACA,SACqB;AACrB,MAAI,OAAO,WAAW,GAAG;GACvB,MAAM,CAAC,eAAe;AACtB,OAAI,YACF,QAAO;;EAIX,MAAM,eAAe,CACnB,uCAAuC,aACvC,cAAc,UAAU,GACzB;AACD,MAAI,QACF,cAAa,KAAK,aAAa,QAAQ,GAAG;AAE5C,MAAI,OAAO,SAAS,EAClB,cAAa,KACX,aAAa,OACV,KAAK,UAAU,GAAG,MAAM,SAAS,GAAG,MAAM,OAAO,CACjD,KAAK,KAAK,GACd;AAGH,SAAO,IAAI,oBAAoB;GAC7B,SAAS,aAAa,KAAK,IAAI;GAC/B,UAAU,KAAK;GACf;GACA,MAAM,OAAO,SAAS,IAAI,OAAO,OAAO,SAAS,GAAI,OAAO;GAC5D,OAAO;GACR,CAAC;;;AAIN,SAAS,cAAc,UAA0B,WAA4B;AAC3E,KAAI;AACF,SAAO,SAAS,UAAU,UAAU;SAC9B;AACN,SAAO"}
1
+ {"version":3,"file":"manager.js","names":["errors: SecretProviderError[]"],"sources":["../../src/secrets/manager.ts"],"sourcesContent":["import type {\n SecretProvider,\n SecretReference,\n SecretRotationResult,\n SecretValue,\n SecretWritePayload,\n} from './provider';\nimport { SecretProviderError } from './provider';\n\ninterface ProviderRegistration {\n readonly provider: SecretProvider;\n readonly priority: number;\n readonly order: number;\n}\n\ninterface RegisterOptions {\n /**\n * Larger priority values are attempted first. Defaults to 0.\n */\n priority?: number;\n}\n\nexport interface SecretProviderManagerOptions {\n /**\n * Override manager identifier. Defaults to \"secret-provider-manager\".\n */\n id?: string;\n /**\n * Providers to pre-register. They are registered in array order with\n * descending priority (first entry wins ties).\n */\n providers?: { provider: SecretProvider; priority?: number }[];\n}\n\n/**\n * Composite secret provider that delegates to registered providers.\n * Providers are attempted in order of descending priority, respecting the\n * registration order for ties. This enables privileged overrides (e.g.\n * environment variables) while still supporting durable backends like GCP\n * Secret Manager.\n */\nexport class SecretProviderManager implements SecretProvider {\n readonly id: string;\n private readonly providers: ProviderRegistration[] = [];\n private registrationCounter = 0;\n\n constructor(options: SecretProviderManagerOptions = {}) {\n this.id = options.id ?? 'secret-provider-manager';\n const initialProviders = options.providers ?? [];\n for (const entry of initialProviders) {\n this.register(entry.provider, { priority: entry.priority });\n }\n }\n\n register(provider: SecretProvider, options: RegisterOptions = {}): this {\n this.providers.push({\n provider,\n priority: options.priority ?? 0,\n order: this.registrationCounter++,\n });\n this.providers.sort((a, b) => {\n if (a.priority !== b.priority) {\n return b.priority - a.priority;\n }\n return a.order - b.order;\n });\n return this;\n }\n\n canHandle(reference: SecretReference): boolean {\n return this.providers.some(({ provider }) =>\n safeCanHandle(provider, reference)\n );\n }\n\n async getSecret(\n reference: SecretReference,\n options?: SecretFetchOptions\n ): Promise<SecretValue> {\n const errors: SecretProviderError[] = [];\n\n for (const { provider } of this.providers) {\n if (!safeCanHandle(provider, reference)) {\n continue;\n }\n try {\n return await provider.getSecret(reference, options);\n } catch (error) {\n if (error instanceof SecretProviderError) {\n errors.push(error);\n if (error.code !== 'NOT_FOUND') {\n break;\n }\n continue;\n }\n throw error;\n }\n }\n\n throw this.composeError('getSecret', reference, errors, options?.version);\n }\n\n async setSecret(\n reference: SecretReference,\n payload: SecretWritePayload\n ): Promise<SecretRotationResult> {\n return this.delegateToFirst('setSecret', reference, (provider) =>\n provider.setSecret(reference, payload)\n );\n }\n\n async rotateSecret(\n reference: SecretReference,\n payload: SecretWritePayload\n ): Promise<SecretRotationResult> {\n return this.delegateToFirst('rotateSecret', reference, (provider) =>\n provider.rotateSecret(reference, payload)\n );\n }\n\n async deleteSecret(reference: SecretReference): Promise<void> {\n await this.delegateToFirst('deleteSecret', reference, (provider) =>\n provider.deleteSecret(reference)\n );\n }\n\n private async delegateToFirst<T>(\n operation: 'setSecret' | 'rotateSecret' | 'deleteSecret',\n reference: SecretReference,\n invoker: (provider: SecretProvider) => Promise<T>\n ): Promise<T> {\n const errors: SecretProviderError[] = [];\n\n for (const { provider } of this.providers) {\n if (!safeCanHandle(provider, reference)) {\n continue;\n }\n try {\n return await invoker(provider);\n } catch (error) {\n if (error instanceof SecretProviderError) {\n errors.push(error);\n continue;\n }\n throw error;\n }\n }\n\n throw this.composeError(operation, reference, errors);\n }\n\n private composeError(\n operation: string,\n reference: SecretReference,\n errors: SecretProviderError[],\n version?: string\n ): SecretProviderError {\n if (errors.length === 1) {\n const [singleError] = errors;\n if (singleError) {\n return singleError;\n }\n }\n\n const messageParts = [\n `No registered secret provider could ${operation}`,\n `reference \"${reference}\"`,\n ];\n if (version) {\n messageParts.push(`(version: ${version})`);\n }\n if (errors.length > 1) {\n messageParts.push(\n `Attempts: ${errors\n .map((error) => `${error.provider}:${error.code}`)\n .join(', ')}`\n );\n }\n\n return new SecretProviderError({\n message: messageParts.join(' '),\n provider: this.id,\n reference,\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n code: errors.length > 0 ? errors[errors.length - 1]!.code : 'UNKNOWN',\n cause: errors,\n });\n }\n}\n\nfunction safeCanHandle(provider: SecretProvider, reference: SecretReference) {\n try {\n return provider.canHandle(reference);\n } catch {\n return false;\n }\n}\n\ntype SecretFetchOptions = Parameters<SecretProvider['getSecret']>[1];\n"],"mappings":";;;;;;;;;;AAyCA,IAAa,wBAAb,MAA6D;CAC3D,AAAS;CACT,AAAiB,YAAoC,EAAE;CACvD,AAAQ,sBAAsB;CAE9B,YAAY,UAAwC,EAAE,EAAE;AACtD,OAAK,KAAK,QAAQ,MAAM;EACxB,MAAM,mBAAmB,QAAQ,aAAa,EAAE;AAChD,OAAK,MAAM,SAAS,iBAClB,MAAK,SAAS,MAAM,UAAU,EAAE,UAAU,MAAM,UAAU,CAAC;;CAI/D,SAAS,UAA0B,UAA2B,EAAE,EAAQ;AACtE,OAAK,UAAU,KAAK;GAClB;GACA,UAAU,QAAQ,YAAY;GAC9B,OAAO,KAAK;GACb,CAAC;AACF,OAAK,UAAU,MAAM,GAAG,MAAM;AAC5B,OAAI,EAAE,aAAa,EAAE,SACnB,QAAO,EAAE,WAAW,EAAE;AAExB,UAAO,EAAE,QAAQ,EAAE;IACnB;AACF,SAAO;;CAGT,UAAU,WAAqC;AAC7C,SAAO,KAAK,UAAU,MAAM,EAAE,eAC5B,cAAc,UAAU,UAAU,CACnC;;CAGH,MAAM,UACJ,WACA,SACsB;EACtB,MAAMA,SAAgC,EAAE;AAExC,OAAK,MAAM,EAAE,cAAc,KAAK,WAAW;AACzC,OAAI,CAAC,cAAc,UAAU,UAAU,CACrC;AAEF,OAAI;AACF,WAAO,MAAM,SAAS,UAAU,WAAW,QAAQ;YAC5C,OAAO;AACd,QAAI,iBAAiB,qBAAqB;AACxC,YAAO,KAAK,MAAM;AAClB,SAAI,MAAM,SAAS,YACjB;AAEF;;AAEF,UAAM;;;AAIV,QAAM,KAAK,aAAa,aAAa,WAAW,QAAQ,SAAS,QAAQ;;CAG3E,MAAM,UACJ,WACA,SAC+B;AAC/B,SAAO,KAAK,gBAAgB,aAAa,YAAY,aACnD,SAAS,UAAU,WAAW,QAAQ,CACvC;;CAGH,MAAM,aACJ,WACA,SAC+B;AAC/B,SAAO,KAAK,gBAAgB,gBAAgB,YAAY,aACtD,SAAS,aAAa,WAAW,QAAQ,CAC1C;;CAGH,MAAM,aAAa,WAA2C;AAC5D,QAAM,KAAK,gBAAgB,gBAAgB,YAAY,aACrD,SAAS,aAAa,UAAU,CACjC;;CAGH,MAAc,gBACZ,WACA,WACA,SACY;EACZ,MAAMA,SAAgC,EAAE;AAExC,OAAK,MAAM,EAAE,cAAc,KAAK,WAAW;AACzC,OAAI,CAAC,cAAc,UAAU,UAAU,CACrC;AAEF,OAAI;AACF,WAAO,MAAM,QAAQ,SAAS;YACvB,OAAO;AACd,QAAI,iBAAiB,qBAAqB;AACxC,YAAO,KAAK,MAAM;AAClB;;AAEF,UAAM;;;AAIV,QAAM,KAAK,aAAa,WAAW,WAAW,OAAO;;CAGvD,AAAQ,aACN,WACA,WACA,QACA,SACqB;AACrB,MAAI,OAAO,WAAW,GAAG;GACvB,MAAM,CAAC,eAAe;AACtB,OAAI,YACF,QAAO;;EAIX,MAAM,eAAe,CACnB,uCAAuC,aACvC,cAAc,UAAU,GACzB;AACD,MAAI,QACF,cAAa,KAAK,aAAa,QAAQ,GAAG;AAE5C,MAAI,OAAO,SAAS,EAClB,cAAa,KACX,aAAa,OACV,KAAK,UAAU,GAAG,MAAM,SAAS,GAAG,MAAM,OAAO,CACjD,KAAK,KAAK,GACd;AAGH,SAAO,IAAI,oBAAoB;GAC7B,SAAS,aAAa,KAAK,IAAI;GAC/B,UAAU,KAAK;GACf;GAEA,MAAM,OAAO,SAAS,IAAI,OAAO,OAAO,SAAS,GAAI,OAAO;GAC5D,OAAO;GACR,CAAC;;;AAIN,SAAS,cAAc,UAA0B,WAA4B;AAC3E,KAAI;AACF,SAAO,SAAS,UAAU,UAAU;SAC9B;AACN,SAAO"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@lssm/integration.runtime",
3
- "version": "0.0.0-canary-20251219202229",
3
+ "version": "0.0.0-canary-20251220002821",
4
4
  "type": "module",
5
5
  "main": "./dist/index.js",
6
6
  "module": "./dist/index.js",
@@ -23,14 +23,14 @@
23
23
  "test": "bun test"
24
24
  },
25
25
  "dependencies": {
26
- "@lssm/lib.contracts": "0.0.0-canary-20251219202229",
27
- "@lssm/lib.logger": "0.0.0-canary-20251219202229",
26
+ "@lssm/lib.contracts": "0.0.0-canary-20251220002821",
27
+ "@lssm/lib.logger": "0.0.0-canary-20251220002821",
28
28
  "@google-cloud/secret-manager": "^6.1.1",
29
29
  "google-gax": "^5.0.0"
30
30
  },
31
31
  "devDependencies": {
32
- "@lssm/tool.tsdown": "0.0.0-canary-20251219202229",
33
- "@lssm/tool.typescript": "0.0.0-canary-20251219202229",
32
+ "@lssm/tool.tsdown": "0.0.0-canary-20251220002821",
33
+ "@lssm/tool.typescript": "0.0.0-canary-20251220002821",
34
34
  "tsdown": "^0.18.1",
35
35
  "typescript": "^5.9.3"
36
36
  },
@@ -57,7 +57,13 @@
57
57
  "./secrets/manager": "./dist/secrets/manager.js",
58
58
  "./secrets/provider": "./dist/secrets/provider.js",
59
59
  "./*": "./*"
60
- }
60
+ },
61
+ "registry": "https://registry.npmjs.org/"
61
62
  },
62
- "license": "MIT"
63
+ "license": "MIT",
64
+ "repository": {
65
+ "type": "git",
66
+ "url": "https://github.com/lssm-tech/contractspec.git",
67
+ "directory": "packages/integrations/runtime"
68
+ }
63
69
  }