@lssm/lib.contracts 1.7.4 → 1.9.0

package/dist/integrations/runtime.js.map

@@ -1 +1 @@
-{"version":3,"file":"runtime.js","names":["secretProvider: SecretProvider"],"sources":["../../src/integrations/runtime.ts"],"sourcesContent":["import { performance } from 'node:perf_hooks';\nimport type { ResolvedAppConfig, ResolvedIntegration } from '../app-config/runtime';\nimport type { ConnectionStatus, IntegrationConnection } from './connection';\nimport type { IntegrationSpec } from './spec';\nimport type { SecretProvider, SecretValue } from './secrets/provider';\n\nexport interface IntegrationTraceMetadata {\n  blueprintName: string;\n  blueprintVersion: number;\n  configVersion: number;\n}\n\nexport interface IntegrationTelemetryEvent {\n  tenantId: string;\n  appId: string;\n  environment?: string;\n  slotId?: string;\n  integrationKey: string;\n  integrationVersion: number;\n  connectionId: string;\n  status: 'success' | 'error';\n  durationMs?: number;\n  errorCode?: string;\n  errorMessage?: string;\n  occurredAt: Date;\n  metadata?: Record<string, string | number | boolean>;\n}\n\nexport interface IntegrationTelemetryEmitter {\n  record(event: IntegrationTelemetryEvent): Promise<void> | void;\n}\n\nexport type IntegrationInvocationStatus = 'success' | 'error';\n\nexport interface IntegrationContext {\n  tenantId: string;\n  appId: string;\n  environment?: string;\n  slotId?: string;\n  spec: IntegrationSpec;\n  connection: IntegrationConnection;\n  secretProvider: SecretProvider;\n  secretReference: string;\n  trace: IntegrationTraceMetadata;\n  config?: Record<string, unknown>;\n}\n\nexport interface IntegrationCallContext {\n  tenantId: string;\n  appId: string;\n  environment?: string;\n  blueprintName: string;\n  blueprintVersion: number;\n  configVersion: number;\n  slotId: string;\n  operation: string;\n}\n\nexport interface IntegrationCallError {\n  code: string;\n  message: string;\n  retryable: boolean;\n  cause?: unknown;\n}\n\nexport interface IntegrationCallResult<T> {\n  success: boolean;\n  data?: T;\n  error?: IntegrationCallError;\n  metadata: {\n    latencyMs: number;\n    connectionId: string;\n    ownershipMode: IntegrationConnection['ownershipMode'];\n    attempts: number;\n  };\n}\n\nexport interface IntegrationCallGuardOptions {\n  telemetry?: IntegrationTelemetryEmitter;\n  maxAttempts?: number;\n  backoffMs?: number;\n  shouldRetry?: (error: unknown, attempt: number) => boolean;\n  sleep?: (ms: number) => Promise<void>;\n  now?: () => Date;\n}\n\nconst DEFAULT_MAX_ATTEMPTS = 3;\nconst DEFAULT_BACKOFF_MS = 250;\n\nexport class IntegrationCallGuard {\n  private readonly telemetry?: IntegrationTelemetryEmitter;\n  private readonly maxAttempts: number;\n  private readonly backoffMs: number;\n  private readonly shouldRetry: (error: unknown, attempt: number) => boolean;\n  private readonly sleep: (ms: number) => Promise<void>;\n  private readonly now: () => Date;\n\n  constructor(\n    private readonly secretProvider: SecretProvider,\n    options: IntegrationCallGuardOptions = {}\n  ) {\n    this.telemetry = options.telemetry;\n    this.maxAttempts = Math.max(\n      1,\n      options.maxAttempts ?? DEFAULT_MAX_ATTEMPTS\n    );\n    this.backoffMs = options.backoffMs ?? DEFAULT_BACKOFF_MS;\n    this.shouldRetry =\n      options.shouldRetry ??\n      ((error: unknown) =>\n        typeof error === 'object' &&\n        error !== null &&\n        'retryable' in error &&\n        Boolean((error as { retryable?: unknown }).retryable));\n    this.sleep =\n      options.sleep ??\n      ((ms: number) =>\n        ms <= 0\n          ? Promise.resolve()\n          : new Promise((resolve) => setTimeout(resolve, ms)));\n    this.now = options.now ?? (() => new Date());\n  }\n\n  async executeWithGuards<T>(\n    slotId: string,\n    operation: string,\n    input: unknown,\n    resolvedConfig: ResolvedAppConfig,\n    executor: (\n      connection: IntegrationConnection,\n      secrets: Record<string, string>\n    ) => Promise<T>\n  ): Promise<IntegrationCallResult<T>> {\n    const integration = this.findIntegration(slotId, resolvedConfig);\n    if (!integration) {\n      return this.failure(\n        {\n          tenantId: resolvedConfig.tenantId,\n          appId: resolvedConfig.appId,\n          environment: resolvedConfig.environment,\n          blueprintName: resolvedConfig.blueprintName,\n          blueprintVersion: resolvedConfig.blueprintVersion,\n          configVersion: resolvedConfig.configVersion,\n          slotId,\n          operation,\n        },\n        undefined,\n        {\n          code: 'SLOT_NOT_BOUND',\n          message: `Integration slot \"${slotId}\" is not bound for tenant \"${resolvedConfig.tenantId}\".`,\n          retryable: false,\n        },\n        0\n      );\n    }\n\n    const status = integration.connection.status;\n    if (status === 'disconnected' || status === 'error') {\n      return this.failure(\n        this.makeContext(slotId, operation, resolvedConfig),\n        integration,\n        {\n          code: 'CONNECTION_NOT_READY',\n          message: `Integration connection \"${integration.connection.meta.label}\" is in status \"${status}\".`,\n          retryable: false,\n        },\n        0\n      );\n    }\n\n    const secrets = await this.fetchSecrets(integration.connection);\n\n    let attempt = 0;\n    const started = performance.now();\n    while (attempt < this.maxAttempts) {\n      attempt += 1;\n      try {\n        const data = await executor(integration.connection, secrets);\n        const duration = performance.now() - started;\n        this.emitTelemetry(\n          this.makeContext(slotId, operation, resolvedConfig),\n          integration,\n          'success',\n          duration\n        );\n        return {\n          success: true,\n          data,\n          metadata: {\n            latencyMs: duration,\n            connectionId: integration.connection.meta.id,\n            ownershipMode: integration.connection.ownershipMode,\n            attempts: attempt,\n          },\n        };\n      } catch (error) {\n        const duration = performance.now() - started;\n        this.emitTelemetry(\n          this.makeContext(slotId, operation, resolvedConfig),\n          integration,\n          'error',\n          duration,\n          this.errorCodeFor(error),\n          error instanceof Error ? error.message : String(error)\n        );\n        const retryable = this.shouldRetry(error, attempt);\n        if (!retryable || attempt >= this.maxAttempts) {\n          return {\n            success: false,\n            error: {\n              code: this.errorCodeFor(error),\n              message:\n                error instanceof Error ? error.message : String(error),\n              retryable,\n              cause: error,\n            },\n            metadata: {\n              latencyMs: duration,\n              connectionId: integration.connection.meta.id,\n              ownershipMode: integration.connection.ownershipMode,\n              attempts: attempt,\n            },\n          };\n        }\n        await this.sleep(this.backoffMs);\n      }\n    }\n\n    // Should never reach here due to loop logic.\n    return {\n      success: false,\n      error: {\n        code: 'UNKNOWN_ERROR',\n        message: 'Integration call failed after retries.',\n        retryable: false,\n      },\n      metadata: {\n        latencyMs: performance.now() - started,\n        connectionId: integration.connection.meta.id,\n        ownershipMode: integration.connection.ownershipMode,\n        attempts: this.maxAttempts,\n      },\n    };\n  }\n\n  private findIntegration(\n    slotId: string,\n    config: ResolvedAppConfig\n  ): ResolvedIntegration | undefined {\n    return config.integrations.find(\n      (integration) => integration.slot.slotId === slotId\n    );\n  }\n\n  private async fetchSecrets(\n    connection: IntegrationConnection\n  ): Promise<Record<string, string>> {\n    if (!this.secretProvider.canHandle(connection.secretRef)) {\n      throw new Error(\n        `Secret provider \"${this.secretProvider.id}\" cannot handle reference \"${connection.secretRef}\".`\n      );\n    }\n    const secret = await this.secretProvider.getSecret(connection.secretRef);\n    return this.parseSecret(secret);\n  }\n\n  private parseSecret(secret: SecretValue): Record<string, string> {\n    const text = new TextDecoder().decode(secret.data);\n    try {\n      const parsed = JSON.parse(text);\n      if (\n        parsed &&\n        typeof parsed === 'object' &&\n        !Array.isArray(parsed)\n      ) {\n        const entries = Object.entries(parsed).filter(\n          ([, value]) =>\n            typeof value === 'string' ||\n            typeof value === 'number' ||\n            typeof value === 'boolean'\n        );\n        return Object.fromEntries(\n          entries.map(([key, value]) => [key, String(value)])\n        );\n      }\n    } catch {\n      // Fall through to raw secret.\n    }\n    return { secret: text };\n  }\n\n  private emitTelemetry(\n    context: IntegrationCallContext,\n    integration: ResolvedIntegration | undefined,\n    status: 'success' | 'error',\n    durationMs: number,\n    errorCode?: string,\n    errorMessage?: string\n  ) {\n    if (!this.telemetry || !integration) return;\n    this.telemetry.record({\n      tenantId: context.tenantId,\n      appId: context.appId,\n      environment: context.environment,\n      slotId: context.slotId,\n      integrationKey: integration.connection.meta.integrationKey,\n      integrationVersion: integration.connection.meta.integrationVersion,\n      connectionId: integration.connection.meta.id,\n      status,\n      durationMs,\n      errorCode,\n      errorMessage,\n      occurredAt: this.now(),\n      metadata: {\n        blueprint: `${context.blueprintName}.v${context.blueprintVersion}`,\n        configVersion: context.configVersion,\n        operation: context.operation,\n      },\n    });\n  }\n\n  private failure<T>(\n    context: IntegrationCallContext,\n    integration: ResolvedIntegration | undefined,\n    error: IntegrationCallError,\n    attempts: number\n  ): IntegrationCallResult<T> {\n    if (integration) {\n      this.emitTelemetry(\n        context,\n        integration,\n        'error',\n        0,\n        error.code,\n        error.message\n      );\n    }\n    return {\n      success: false,\n      error,\n      metadata: {\n        latencyMs: 0,\n        connectionId: integration?.connection.meta.id ?? 'unknown',\n        ownershipMode:\n          integration?.connection.ownershipMode ?? 'managed',\n        attempts,\n      },\n    };\n  }\n\n  private makeContext(\n    slotId: string,\n    operation: string,\n    config: ResolvedAppConfig\n  ): IntegrationCallContext {\n    return {\n      tenantId: config.tenantId,\n      appId: config.appId,\n      environment: config.environment,\n      blueprintName: config.blueprintName,\n      blueprintVersion: config.blueprintVersion,\n      configVersion: config.configVersion,\n      slotId,\n      operation,\n    };\n  }\n\n  private errorCodeFor(error: unknown): string {\n    if (\n      typeof error === 'object' &&\n      error !== null &&\n      'code' in error &&\n      typeof (error as { code?: unknown }).code === 'string'\n    ) {\n      return (error as { code: string }).code;\n    }\n    return 'PROVIDER_ERROR';\n  }\n}\n\nexport function ensureConnectionReady(\n  integration: ResolvedIntegration\n): void {\n  const status = integration.connection.status;\n  if (status === 'disconnected' || status === 'error') {\n    throw new Error(\n      `Integration connection \"${integration.connection.meta.label}\" is in status \"${status}\".`\n    );\n  }\n}\n\nexport function connectionStatusLabel(status: ConnectionStatus): string {\n  switch (status) {\n    case 'connected':\n      return 'connected';\n    case 'disconnected':\n      return 'disconnected';\n    case 'error':\n      return 'error';\n    case 'unknown':\n    default:\n      return 'unknown';\n  }\n}\n"],"mappings":"8CAyFA,IAAa,EAAb,KAAkC,CAChC,UACA,YACA,UACA,YACA,MACA,IAEA,YACE,EACA,EAAuC,EAAE,CACzC,CAFiB,KAAA,eAAA,EAGjB,KAAK,UAAY,EAAQ,UACzB,KAAK,YAAc,KAAK,IACtB,EACA,EAAQ,aAAe,EACxB,CACD,KAAK,UAAY,EAAQ,WAAa,IACtC,KAAK,YACH,EAAQ,cACN,GACA,OAAO,GAAU,YACjB,GACA,cAAe,GACf,EAAS,EAAkC,WAC/C,KAAK,MACH,EAAQ,QACN,GACA,GAAM,EACF,QAAQ,SAAS,CACjB,IAAI,QAAS,GAAY,WAAW,EAAS,EAAG,CAAC,EACzD,KAAK,IAAM,EAAQ,UAAc,IAAI,MAGvC,MAAM,kBACJ,EACA,EACA,EACA,EACA,EAImC,CACnC,IAAM,EAAc,KAAK,gBAAgB,EAAQ,EAAe,CAChE,GAAI,CAAC,EACH,OAAO,KAAK,QACV,CACE,SAAU,EAAe,SACzB,MAAO,EAAe,MACtB,YAAa,EAAe,YAC5B,cAAe,EAAe,cAC9B,iBAAkB,EAAe,iBACjC,cAAe,EAAe,cAC9B,SACA,YACD,CACD,IAAA,GACA,CACE,KAAM,iBACN,QAAS,qBAAqB,EAAO,6BAA6B,EAAe,SAAS,IAC1F,UAAW,GACZ,CACD,EACD,CAGH,IAAM,EAAS,EAAY,WAAW,OACtC,GAAI,IAAW,gBAAkB,IAAW,QAC1C,OAAO,KAAK,QACV,KAAK,YAAY,EAAQ,EAAW,EAAe,CACnD,EACA,CACE,KAAM,uBACN,QAAS,2BAA2B,EAAY,WAAW,KAAK,MAAM,kBAAkB,EAAO,IAC/F,UAAW,GACZ,CACD,EACD,CAGH,IAAM,EAAU,MAAM,KAAK,aAAa,EAAY,WAAW,CAE3D,EAAU,EACR,EAAU,EAAY,KAAK,CACjC,KAAO,EAAU,KAAK,aAAa,CACjC,GAAW,EACX,GAAI,CACF,IAAM,EAAO,MAAM,EAAS,EAAY,WAAY,EAAQ,CACtD,EAAW,EAAY,KAAK,CAAG,EAOrC,OANA,KAAK,cACH,KAAK,YAAY,EAAQ,EAAW,EAAe,CACnD,EACA,UACA,EACD,CACM,CACL,QAAS,GACT,OACA,SAAU,CACR,UAAW,EACX,aAAc,EAAY,WAAW,KAAK,GAC1C,cAAe,EAAY,WAAW,cACtC,SAAU,EACX,CACF,OACM,EAAO,CACd,IAAM,EAAW,EAAY,KAAK,CAAG,EACrC,KAAK,cACH,KAAK,YAAY,EAAQ,EAAW,EAAe,CACnD,EACA,QACA,EACA,KAAK,aAAa,EAAM,CACxB,aAAiB,MAAQ,EAAM,QAAU,OAAO,EAAM,CACvD,CACD,IAAM,EAAY,KAAK,YAAY,EAAO,EAAQ,CAClD,GAAI,CAAC,GAAa,GAAW,KAAK,YAChC,MAAO,CACL,QAAS,GACT,MAAO,CACL,KAAM,KAAK,aAAa,EAAM,CAC9B,QACE,aAAiB,MAAQ,EAAM,QAAU,OAAO,EAAM,CACxD,YACA,MAAO,EACR,CACD,SAAU,CACR,UAAW,EACX,aAAc,EAAY,WAAW,KAAK,GAC1C,cAAe,EAAY,WAAW,cACtC,SAAU,EACX,CACF,CAEH,MAAM,KAAK,MAAM,KAAK,UAAU,EAKpC,MAAO,CACL,QAAS,GACT,MAAO,CACL,KAAM,gBACN,QAAS,yCACT,UAAW,GACZ,CACD,SAAU,CACR,UAAW,EAAY,KAAK,CAAG,EAC/B,aAAc,EAAY,WAAW,KAAK,GAC1C,cAAe,EAAY,WAAW,cACtC,SAAU,KAAK,YAChB,CACF,CAGH,gBACE,EACA,EACiC,CACjC,OAAO,EAAO,aAAa,KACxB,GAAgB,EAAY,KAAK,SAAW,EAC9C,CAGH,MAAc,aACZ,EACiC,CACjC,GAAI,CAAC,KAAK,eAAe,UAAU,EAAW,UAAU,CACtD,MAAU,MACR,oBAAoB,KAAK,eAAe,GAAG,6BAA6B,EAAW,UAAU,IAC9F,CAEH,IAAM,EAAS,MAAM,KAAK,eAAe,UAAU,EAAW,UAAU,CACxE,OAAO,KAAK,YAAY,EAAO,CAGjC,YAAoB,EAA6C,CAC/D,IAAM,EAAO,IAAI,aAAa,CAAC,OAAO,EAAO,KAAK,CAClD,GAAI,CACF,IAAM,EAAS,KAAK,MAAM,EAAK,CAC/B,GACE,GACA,OAAO,GAAW,UAClB,CAAC,MAAM,QAAQ,EAAO,CACtB,CACA,IAAM,EAAU,OAAO,QAAQ,EAAO,CAAC,QACpC,EAAG,KACF,OAAO,GAAU,UACjB,OAAO,GAAU,UACjB,OAAO,GAAU,UACpB,CACD,OAAO,OAAO,YACZ,EAAQ,KAAK,CAAC,EAAK,KAAW,CAAC,EAAK,OAAO,EAAM,CAAC,CAAC,CACpD,OAEG,EAGR,MAAO,CAAE,OAAQ,EAAM,CAGzB,cACE,EACA,EACA,EACA,EACA,EACA,EACA,CACI,CAAC,KAAK,WAAa,CAAC,GACxB,KAAK,UAAU,OAAO,CACpB,SAAU,EAAQ,SAClB,MAAO,EAAQ,MACf,YAAa,EAAQ,YACrB,OAAQ,EAAQ,OAChB,eAAgB,EAAY,WAAW,KAAK,eAC5C,mBAAoB,EAAY,WAAW,KAAK,mBAChD,aAAc,EAAY,WAAW,KAAK,GAC1C,SACA,aACA,YACA,eACA,WAAY,KAAK,KAAK,CACtB,SAAU,CACR,UAAW,GAAG,EAAQ,cAAc,IAAI,EAAQ,mBAChD,cAAe,EAAQ,cACvB,UAAW,EAAQ,UACpB,CACF,CAAC,CAGJ,QACE,EACA,EACA,EACA,EAC0B,CAW1B,OAVI,GACF,KAAK,cACH,EACA,EACA,QACA,EACA,EAAM,KACN,EAAM,QACP,CAEI,CACL,QAAS,GACT,QACA,SAAU,CACR,UAAW,EACX,aAAc,GAAa,WAAW,KAAK,IAAM,UACjD,cACE,GAAa,WAAW,eAAiB,UAC3C,WACD,CACF,CAGH,YACE,EACA,EACA,EACwB,CACxB,MAAO,CACL,SAAU,EAAO,SACjB,MAAO,EAAO,MACd,YAAa,EAAO,YACpB,cAAe,EAAO,cACtB,iBAAkB,EAAO,iBACzB,cAAe,EAAO,cACtB,SACA,YACD,CAGH,aAAqB,EAAwB,CAS3C,OAPE,OAAO,GAAU,UACjB,GACA,SAAU,GACV,OAAQ,EAA6B,MAAS,SAEtC,EAA2B,KAE9B,mBAIX,SAAgB,EACd,EACM,CACN,IAAM,EAAS,EAAY,WAAW,OACtC,GAAI,IAAW,gBAAkB,IAAW,QAC1C,MAAU,MACR,2BAA2B,EAAY,WAAW,KAAK,MAAM,kBAAkB,EAAO,IACvF,CAIL,SAAgB,EAAsB,EAAkC,CACtE,OAAQ,EAAR,CACE,IAAK,YACH,MAAO,YACT,IAAK,eACH,MAAO,eACT,IAAK,QACH,MAAO,QACT,IAAK,UACL,QACE,MAAO"}
+{"version":3,"file":"runtime.js","names":["secretProvider: SecretProvider"],"sources":["../../src/integrations/runtime.ts"],"sourcesContent":["import { performance } from 'node:perf_hooks';\nimport type {\n  ResolvedAppConfig,\n  ResolvedIntegration,\n} from '../app-config/runtime';\nimport type { ConnectionStatus, IntegrationConnection } from './connection';\nimport type { IntegrationSpec } from './spec';\nimport type { SecretProvider, SecretValue } from './secrets/provider';\n\nexport interface IntegrationTraceMetadata {\n  blueprintName: string;\n  blueprintVersion: number;\n  configVersion: number;\n}\n\nexport interface IntegrationTelemetryEvent {\n  tenantId: string;\n  appId: string;\n  environment?: string;\n  slotId?: string;\n  integrationKey: string;\n  integrationVersion: number;\n  connectionId: string;\n  status: 'success' | 'error';\n  durationMs?: number;\n  errorCode?: string;\n  errorMessage?: string;\n  occurredAt: Date;\n  metadata?: Record<string, string | number | boolean>;\n}\n\nexport interface IntegrationTelemetryEmitter {\n  record(event: IntegrationTelemetryEvent): Promise<void> | void;\n}\n\nexport type IntegrationInvocationStatus = 'success' | 'error';\n\nexport interface IntegrationContext {\n  tenantId: string;\n  appId: string;\n  environment?: string;\n  slotId?: string;\n  spec: IntegrationSpec;\n  connection: IntegrationConnection;\n  secretProvider: SecretProvider;\n  secretReference: string;\n  trace: IntegrationTraceMetadata;\n  config?: Record<string, unknown>;\n}\n\nexport interface IntegrationCallContext {\n  tenantId: string;\n  appId: string;\n  environment?: string;\n  blueprintName: string;\n  blueprintVersion: number;\n  configVersion: number;\n  slotId: string;\n  operation: string;\n}\n\nexport interface IntegrationCallError {\n  code: string;\n  message: string;\n  retryable: boolean;\n  cause?: unknown;\n}\n\nexport interface IntegrationCallResult<T> {\n  success: boolean;\n  data?: T;\n  error?: IntegrationCallError;\n  metadata: {\n    latencyMs: number;\n    connectionId: string;\n    ownershipMode: IntegrationConnection['ownershipMode'];\n    attempts: number;\n  };\n}\n\nexport interface IntegrationCallGuardOptions {\n  telemetry?: IntegrationTelemetryEmitter;\n  maxAttempts?: number;\n  backoffMs?: number;\n  shouldRetry?: (error: unknown, attempt: number) => boolean;\n  sleep?: (ms: number) => Promise<void>;\n  now?: () => Date;\n}\n\nconst DEFAULT_MAX_ATTEMPTS = 3;\nconst DEFAULT_BACKOFF_MS = 250;\n\nexport class IntegrationCallGuard {\n  private readonly telemetry?: IntegrationTelemetryEmitter;\n  private readonly maxAttempts: number;\n  private readonly backoffMs: number;\n  private readonly shouldRetry: (error: unknown, attempt: number) => boolean;\n  private readonly sleep: (ms: number) => Promise<void>;\n  private readonly now: () => Date;\n\n  constructor(\n    private readonly secretProvider: SecretProvider,\n    options: IntegrationCallGuardOptions = {}\n  ) {\n    this.telemetry = options.telemetry;\n    this.maxAttempts = Math.max(1, options.maxAttempts ?? DEFAULT_MAX_ATTEMPTS);\n    this.backoffMs = options.backoffMs ?? DEFAULT_BACKOFF_MS;\n    this.shouldRetry =\n      options.shouldRetry ??\n      ((error: unknown) =>\n        typeof error === 'object' &&\n        error !== null &&\n        'retryable' in error &&\n        Boolean((error as { retryable?: unknown }).retryable));\n    this.sleep =\n      options.sleep ??\n      ((ms: number) =>\n        ms <= 0\n          ? Promise.resolve()\n          : new Promise((resolve) => setTimeout(resolve, ms)));\n    this.now = options.now ?? (() => new Date());\n  }\n\n  async executeWithGuards<T>(\n    slotId: string,\n    operation: string,\n    input: unknown,\n    resolvedConfig: ResolvedAppConfig,\n    executor: (\n      connection: IntegrationConnection,\n      secrets: Record<string, string>\n    ) => Promise<T>\n  ): Promise<IntegrationCallResult<T>> {\n    const integration = this.findIntegration(slotId, resolvedConfig);\n    if (!integration) {\n      return this.failure(\n        {\n          tenantId: resolvedConfig.tenantId,\n          appId: resolvedConfig.appId,\n          environment: resolvedConfig.environment,\n          blueprintName: resolvedConfig.blueprintName,\n          blueprintVersion: resolvedConfig.blueprintVersion,\n          configVersion: resolvedConfig.configVersion,\n          slotId,\n          operation,\n        },\n        undefined,\n        {\n          code: 'SLOT_NOT_BOUND',\n          message: `Integration slot \"${slotId}\" is not bound for tenant \"${resolvedConfig.tenantId}\".`,\n          retryable: false,\n        },\n        0\n      );\n    }\n\n    const status = integration.connection.status;\n    if (status === 'disconnected' || status === 'error') {\n      return this.failure(\n        this.makeContext(slotId, operation, resolvedConfig),\n        integration,\n        {\n          code: 'CONNECTION_NOT_READY',\n          message: `Integration connection \"${integration.connection.meta.label}\" is in status \"${status}\".`,\n          retryable: false,\n        },\n        0\n      );\n    }\n\n    const secrets = await this.fetchSecrets(integration.connection);\n\n    let attempt = 0;\n    const started = performance.now();\n    while (attempt < this.maxAttempts) {\n      attempt += 1;\n      try {\n        const data = await executor(integration.connection, secrets);\n        const duration = performance.now() - started;\n        this.emitTelemetry(\n          this.makeContext(slotId, operation, resolvedConfig),\n          integration,\n          'success',\n          duration\n        );\n        return {\n          success: true,\n          data,\n          metadata: {\n            latencyMs: duration,\n            connectionId: integration.connection.meta.id,\n            ownershipMode: integration.connection.ownershipMode,\n            attempts: attempt,\n          },\n        };\n      } catch (error) {\n        const duration = performance.now() - started;\n        this.emitTelemetry(\n          this.makeContext(slotId, operation, resolvedConfig),\n          integration,\n          'error',\n          duration,\n          this.errorCodeFor(error),\n          error instanceof Error ? error.message : String(error)\n        );\n        const retryable = this.shouldRetry(error, attempt);\n        if (!retryable || attempt >= this.maxAttempts) {\n          return {\n            success: false,\n            error: {\n              code: this.errorCodeFor(error),\n              message: error instanceof Error ? error.message : String(error),\n              retryable,\n              cause: error,\n            },\n            metadata: {\n              latencyMs: duration,\n              connectionId: integration.connection.meta.id,\n              ownershipMode: integration.connection.ownershipMode,\n              attempts: attempt,\n            },\n          };\n        }\n        await this.sleep(this.backoffMs);\n      }\n    }\n\n    // Should never reach here due to loop logic.\n    return {\n      success: false,\n      error: {\n        code: 'UNKNOWN_ERROR',\n        message: 'Integration call failed after retries.',\n        retryable: false,\n      },\n      metadata: {\n        latencyMs: performance.now() - started,\n        connectionId: integration.connection.meta.id,\n        ownershipMode: integration.connection.ownershipMode,\n        attempts: this.maxAttempts,\n      },\n    };\n  }\n\n  private findIntegration(\n    slotId: string,\n    config: ResolvedAppConfig\n  ): ResolvedIntegration | undefined {\n    return config.integrations.find(\n      (integration) => integration.slot.slotId === slotId\n    );\n  }\n\n  private async fetchSecrets(\n    connection: IntegrationConnection\n  ): Promise<Record<string, string>> {\n    if (!this.secretProvider.canHandle(connection.secretRef)) {\n      throw new Error(\n        `Secret provider \"${this.secretProvider.id}\" cannot handle reference \"${connection.secretRef}\".`\n      );\n    }\n    const secret = await this.secretProvider.getSecret(connection.secretRef);\n    return this.parseSecret(secret);\n  }\n\n  private parseSecret(secret: SecretValue): Record<string, string> {\n    const text = new TextDecoder().decode(secret.data);\n    try {\n      const parsed = JSON.parse(text);\n      if (parsed && typeof parsed === 'object' && !Array.isArray(parsed)) {\n        const entries = Object.entries(parsed).filter(\n          ([, value]) =>\n            typeof value === 'string' ||\n            typeof value === 'number' ||\n            typeof value === 'boolean'\n        );\n        return Object.fromEntries(\n          entries.map(([key, value]) => [key, String(value)])\n        );\n      }\n    } catch {\n      // Fall through to raw secret.\n    }\n    return { secret: text };\n  }\n\n  private emitTelemetry(\n    context: IntegrationCallContext,\n    integration: ResolvedIntegration | undefined,\n    status: 'success' | 'error',\n    durationMs: number,\n    errorCode?: string,\n    errorMessage?: string\n  ) {\n    if (!this.telemetry || !integration) return;\n    this.telemetry.record({\n      tenantId: context.tenantId,\n      appId: context.appId,\n      environment: context.environment,\n      slotId: context.slotId,\n      integrationKey: integration.connection.meta.integrationKey,\n      integrationVersion: integration.connection.meta.integrationVersion,\n      connectionId: integration.connection.meta.id,\n      status,\n      durationMs,\n      errorCode,\n      errorMessage,\n      occurredAt: this.now(),\n      metadata: {\n        blueprint: `${context.blueprintName}.v${context.blueprintVersion}`,\n        configVersion: context.configVersion,\n        operation: context.operation,\n      },\n    });\n  }\n\n  private failure<T>(\n    context: IntegrationCallContext,\n    integration: ResolvedIntegration | undefined,\n    error: IntegrationCallError,\n    attempts: number\n  ): IntegrationCallResult<T> {\n    if (integration) {\n      this.emitTelemetry(\n        context,\n        integration,\n        'error',\n        0,\n        error.code,\n        error.message\n      );\n    }\n    return {\n      success: false,\n      error,\n      metadata: {\n        latencyMs: 0,\n        connectionId: integration?.connection.meta.id ?? 'unknown',\n        ownershipMode: integration?.connection.ownershipMode ?? 'managed',\n        attempts,\n      },\n    };\n  }\n\n  private makeContext(\n    slotId: string,\n    operation: string,\n    config: ResolvedAppConfig\n  ): IntegrationCallContext {\n    return {\n      tenantId: config.tenantId,\n      appId: config.appId,\n      environment: config.environment,\n      blueprintName: config.blueprintName,\n      blueprintVersion: config.blueprintVersion,\n      configVersion: config.configVersion,\n      slotId,\n      operation,\n    };\n  }\n\n  private errorCodeFor(error: unknown): string {\n    if (\n      typeof error === 'object' &&\n      error !== null &&\n      'code' in error &&\n      typeof (error as { code?: unknown }).code === 'string'\n    ) {\n      return (error as { code: string }).code;\n    }\n    return 'PROVIDER_ERROR';\n  }\n}\n\nexport function ensureConnectionReady(integration: ResolvedIntegration): void {\n  const status = integration.connection.status;\n  if (status === 'disconnected' || status === 'error') {\n    throw new Error(\n      `Integration connection \"${integration.connection.meta.label}\" is in status \"${status}\".`\n    );\n  }\n}\n\nexport function connectionStatusLabel(status: ConnectionStatus): string {\n  switch (status) {\n    case 'connected':\n      return 'connected';\n    case 'disconnected':\n      return 'disconnected';\n    case 'error':\n      return 'error';\n    case 'unknown':\n    default:\n      return 'unknown';\n  }\n}\n"],"mappings":"8CA4FA,IAAa,EAAb,KAAkC,CAChC,UACA,YACA,UACA,YACA,MACA,IAEA,YACE,EACA,EAAuC,EAAE,CACzC,CAFiB,KAAA,eAAA,EAGjB,KAAK,UAAY,EAAQ,UACzB,KAAK,YAAc,KAAK,IAAI,EAAG,EAAQ,aAAe,EAAqB,CAC3E,KAAK,UAAY,EAAQ,WAAa,IACtC,KAAK,YACH,EAAQ,cACN,GACA,OAAO,GAAU,YACjB,GACA,cAAe,GACf,EAAS,EAAkC,WAC/C,KAAK,MACH,EAAQ,QACN,GACA,GAAM,EACF,QAAQ,SAAS,CACjB,IAAI,QAAS,GAAY,WAAW,EAAS,EAAG,CAAC,EACzD,KAAK,IAAM,EAAQ,UAAc,IAAI,MAGvC,MAAM,kBACJ,EACA,EACA,EACA,EACA,EAImC,CACnC,IAAM,EAAc,KAAK,gBAAgB,EAAQ,EAAe,CAChE,GAAI,CAAC,EACH,OAAO,KAAK,QACV,CACE,SAAU,EAAe,SACzB,MAAO,EAAe,MACtB,YAAa,EAAe,YAC5B,cAAe,EAAe,cAC9B,iBAAkB,EAAe,iBACjC,cAAe,EAAe,cAC9B,SACA,YACD,CACD,IAAA,GACA,CACE,KAAM,iBACN,QAAS,qBAAqB,EAAO,6BAA6B,EAAe,SAAS,IAC1F,UAAW,GACZ,CACD,EACD,CAGH,IAAM,EAAS,EAAY,WAAW,OACtC,GAAI,IAAW,gBAAkB,IAAW,QAC1C,OAAO,KAAK,QACV,KAAK,YAAY,EAAQ,EAAW,EAAe,CACnD,EACA,CACE,KAAM,uBACN,QAAS,2BAA2B,EAAY,WAAW,KAAK,MAAM,kBAAkB,EAAO,IAC/F,UAAW,GACZ,CACD,EACD,CAGH,IAAM,EAAU,MAAM,KAAK,aAAa,EAAY,WAAW,CAE3D,EAAU,EACR,EAAU,EAAY,KAAK,CACjC,KAAO,EAAU,KAAK,aAAa,CACjC,GAAW,EACX,GAAI,CACF,IAAM,EAAO,MAAM,EAAS,EAAY,WAAY,EAAQ,CACtD,EAAW,EAAY,KAAK,CAAG,EAOrC,OANA,KAAK,cACH,KAAK,YAAY,EAAQ,EAAW,EAAe,CACnD,EACA,UACA,EACD,CACM,CACL,QAAS,GACT,OACA,SAAU,CACR,UAAW,EACX,aAAc,EAAY,WAAW,KAAK,GAC1C,cAAe,EAAY,WAAW,cACtC,SAAU,EACX,CACF,OACM,EAAO,CACd,IAAM,EAAW,EAAY,KAAK,CAAG,EACrC,KAAK,cACH,KAAK,YAAY,EAAQ,EAAW,EAAe,CACnD,EACA,QACA,EACA,KAAK,aAAa,EAAM,CACxB,aAAiB,MAAQ,EAAM,QAAU,OAAO,EAAM,CACvD,CACD,IAAM,EAAY,KAAK,YAAY,EAAO,EAAQ,CAClD,GAAI,CAAC,GAAa,GAAW,KAAK,YAChC,MAAO,CACL,QAAS,GACT,MAAO,CACL,KAAM,KAAK,aAAa,EAAM,CAC9B,QAAS,aAAiB,MAAQ,EAAM,QAAU,OAAO,EAAM,CAC/D,YACA,MAAO,EACR,CACD,SAAU,CACR,UAAW,EACX,aAAc,EAAY,WAAW,KAAK,GAC1C,cAAe,EAAY,WAAW,cACtC,SAAU,EACX,CACF,CAEH,MAAM,KAAK,MAAM,KAAK,UAAU,EAKpC,MAAO,CACL,QAAS,GACT,MAAO,CACL,KAAM,gBACN,QAAS,yCACT,UAAW,GACZ,CACD,SAAU,CACR,UAAW,EAAY,KAAK,CAAG,EAC/B,aAAc,EAAY,WAAW,KAAK,GAC1C,cAAe,EAAY,WAAW,cACtC,SAAU,KAAK,YAChB,CACF,CAGH,gBACE,EACA,EACiC,CACjC,OAAO,EAAO,aAAa,KACxB,GAAgB,EAAY,KAAK,SAAW,EAC9C,CAGH,MAAc,aACZ,EACiC,CACjC,GAAI,CAAC,KAAK,eAAe,UAAU,EAAW,UAAU,CACtD,MAAU,MACR,oBAAoB,KAAK,eAAe,GAAG,6BAA6B,EAAW,UAAU,IAC9F,CAEH,IAAM,EAAS,MAAM,KAAK,eAAe,UAAU,EAAW,UAAU,CACxE,OAAO,KAAK,YAAY,EAAO,CAGjC,YAAoB,EAA6C,CAC/D,IAAM,EAAO,IAAI,aAAa,CAAC,OAAO,EAAO,KAAK,CAClD,GAAI,CACF,IAAM,EAAS,KAAK,MAAM,EAAK,CAC/B,GAAI,GAAU,OAAO,GAAW,UAAY,CAAC,MAAM,QAAQ,EAAO,CAAE,CAClE,IAAM,EAAU,OAAO,QAAQ,EAAO,CAAC,QACpC,EAAG,KACF,OAAO,GAAU,UACjB,OAAO,GAAU,UACjB,OAAO,GAAU,UACpB,CACD,OAAO,OAAO,YACZ,EAAQ,KAAK,CAAC,EAAK,KAAW,CAAC,EAAK,OAAO,EAAM,CAAC,CAAC,CACpD,OAEG,EAGR,MAAO,CAAE,OAAQ,EAAM,CAGzB,cACE,EACA,EACA,EACA,EACA,EACA,EACA,CACI,CAAC,KAAK,WAAa,CAAC,GACxB,KAAK,UAAU,OAAO,CACpB,SAAU,EAAQ,SAClB,MAAO,EAAQ,MACf,YAAa,EAAQ,YACrB,OAAQ,EAAQ,OAChB,eAAgB,EAAY,WAAW,KAAK,eAC5C,mBAAoB,EAAY,WAAW,KAAK,mBAChD,aAAc,EAAY,WAAW,KAAK,GAC1C,SACA,aACA,YACA,eACA,WAAY,KAAK,KAAK,CACtB,SAAU,CACR,UAAW,GAAG,EAAQ,cAAc,IAAI,EAAQ,mBAChD,cAAe,EAAQ,cACvB,UAAW,EAAQ,UACpB,CACF,CAAC,CAGJ,QACE,EACA,EACA,EACA,EAC0B,CAW1B,OAVI,GACF,KAAK,cACH,EACA,EACA,QACA,EACA,EAAM,KACN,EAAM,QACP,CAEI,CACL,QAAS,GACT,QACA,SAAU,CACR,UAAW,EACX,aAAc,GAAa,WAAW,KAAK,IAAM,UACjD,cAAe,GAAa,WAAW,eAAiB,UACxD,WACD,CACF,CAGH,YACE,EACA,EACA,EACwB,CACxB,MAAO,CACL,SAAU,EAAO,SACjB,MAAO,EAAO,MACd,YAAa,EAAO,YACpB,cAAe,EAAO,cACtB,iBAAkB,EAAO,iBACzB,cAAe,EAAO,cACtB,SACA,YACD,CAGH,aAAqB,EAAwB,CAS3C,OAPE,OAAO,GAAU,UACjB,GACA,SAAU,GACV,OAAQ,EAA6B,MAAS,SAEtC,EAA2B,KAE9B,mBAIX,SAAgB,EAAsB,EAAwC,CAC5E,IAAM,EAAS,EAAY,WAAW,OACtC,GAAI,IAAW,gBAAkB,IAAW,QAC1C,MAAU,MACR,2BAA2B,EAAY,WAAW,KAAK,MAAM,kBAAkB,EAAO,IACvF,CAIL,SAAgB,EAAsB,EAAkC,CACtE,OAAQ,EAAR,CACE,IAAK,YACH,MAAO,YACT,IAAK,eACH,MAAO,eACT,IAAK,QACH,MAAO,QACT,IAAK,UACL,QACE,MAAO"}

package/dist/integrations/secrets/env-secret-provider.js.map

@@ -1 +1 @@
-{"version":3,"file":"env-secret-provider.js","names":[],"sources":["../../../src/integrations/secrets/env-secret-provider.ts"],"sourcesContent":["import { parseSecretUri, SecretProviderError } from './provider';\nimport type {\n  SecretProvider,\n  SecretReference,\n  SecretRotationResult,\n  SecretValue,\n  SecretWritePayload,\n} from './provider';\n\ninterface EnvSecretProviderOptions {\n  /**\n   * Optional map to alias secret references to environment variable names.\n   * Useful when referencing secrets from other providers (e.g. gcp://...)\n   * while still allowing local overrides.\n   */\n  aliases?: Record<string, string>;\n}\n\n/**\n * Environment-variable backed secret provider. Read-only by design.\n * Allows overriding other secret providers by deriving environment variable\n * names from secret references (or by using explicit aliases).\n */\nexport class EnvSecretProvider implements SecretProvider {\n  readonly id = 'env';\n\n  private readonly aliases: Record<string, string>;\n\n  constructor(options: EnvSecretProviderOptions = {}) {\n    this.aliases = options.aliases ?? {};\n  }\n\n  canHandle(reference: SecretReference): boolean {\n    const envKey = this.resolveEnvKey(reference);\n    return envKey !== undefined && process.env[envKey] !== undefined;\n  }\n\n  async getSecret(reference: SecretReference): Promise<SecretValue> {\n    const envKey = this.resolveEnvKey(reference);\n    if (!envKey) {\n      throw new SecretProviderError({\n        message: `Unable to resolve environment variable for reference \"${reference}\".`,\n        provider: this.id,\n        reference,\n        code: 'INVALID',\n      });\n    }\n\n    const value = process.env[envKey];\n    if (value === undefined) {\n      throw new SecretProviderError({\n        message: `Environment variable \"${envKey}\" not found for reference \"${reference}\".`,\n        provider: this.id,\n        reference,\n        code: 'NOT_FOUND',\n      });\n    }\n\n    return {\n      data: Buffer.from(value, 'utf-8'),\n      version: 'current',\n      metadata: {\n        source: 'env',\n        envKey,\n      },\n      retrievedAt: new Date(),\n    };\n  }\n\n  async setSecret(\n    reference: SecretReference,\n    _payload: SecretWritePayload\n  ): Promise<SecretRotationResult> {\n    throw this.forbiddenError('setSecret', reference);\n  }\n\n  async rotateSecret(\n    reference: SecretReference,\n    _payload: SecretWritePayload\n  ): Promise<SecretRotationResult> {\n    throw this.forbiddenError('rotateSecret', reference);\n  }\n\n  async deleteSecret(reference: SecretReference): Promise<void> {\n    throw this.forbiddenError('deleteSecret', reference);\n  }\n\n  private resolveEnvKey(reference: SecretReference): string | undefined {\n    if (!reference) {\n      return undefined;\n    }\n\n    if (this.aliases[reference]) {\n      return this.aliases[reference];\n    }\n\n    if (!reference.includes('://')) {\n      return reference;\n    }\n\n    try {\n      const parsed = parseSecretUri(reference);\n      if (parsed.provider === 'env') {\n        return parsed.path;\n      }\n\n      if (parsed.extras?.env) {\n        return parsed.extras.env;\n      }\n\n      return this.deriveEnvKey(parsed.path);\n    } catch {\n      return reference;\n    }\n  }\n\n  private deriveEnvKey(path: string): string | undefined {\n    if (!path) return undefined;\n    return path\n      .split(/[\\/:\\-\\.]/)\n      .filter(Boolean)\n      .map((segment) =>\n        segment\n          .replace(/[^a-zA-Z0-9]/g, '_')\n          .replace(/_{2,}/g, '_')\n          .toUpperCase()\n      )\n      .join('_');\n  }\n\n  private forbiddenError(\n    operation: string,\n    reference: SecretReference\n  ): SecretProviderError {\n    return new SecretProviderError({\n      message: `EnvSecretProvider is read-only. \"${operation}\" is not allowed for ${reference}.`,\n      provider: this.id,\n      reference,\n      code: 'FORBIDDEN',\n    });\n  }\n}\n\n\n"],"mappings":"wEAuBA,IAAa,EAAb,KAAyD,CACvD,GAAc,MAEd,QAEA,YAAY,EAAoC,EAAE,CAAE,CAClD,KAAK,QAAU,EAAQ,SAAW,EAAE,CAGtC,UAAU,EAAqC,CAC7C,IAAM,EAAS,KAAK,cAAc,EAAU,CAC5C,OAAO,IAAW,IAAA,IAAa,QAAQ,IAAI,KAAY,IAAA,GAGzD,MAAM,UAAU,EAAkD,CAChE,IAAM,EAAS,KAAK,cAAc,EAAU,CAC5C,GAAI,CAAC,EACH,MAAM,IAAI,EAAoB,CAC5B,QAAS,yDAAyD,EAAU,IAC5E,SAAU,KAAK,GACf,YACA,KAAM,UACP,CAAC,CAGJ,IAAM,EAAQ,QAAQ,IAAI,GAC1B,GAAI,IAAU,IAAA,GACZ,MAAM,IAAI,EAAoB,CAC5B,QAAS,yBAAyB,EAAO,6BAA6B,EAAU,IAChF,SAAU,KAAK,GACf,YACA,KAAM,YACP,CAAC,CAGJ,MAAO,CACL,KAAM,OAAO,KAAK,EAAO,QAAQ,CACjC,QAAS,UACT,SAAU,CACR,OAAQ,MACR,SACD,CACD,YAAa,IAAI,KAClB,CAGH,MAAM,UACJ,EACA,EAC+B,CAC/B,MAAM,KAAK,eAAe,YAAa,EAAU,CAGnD,MAAM,aACJ,EACA,EAC+B,CAC/B,MAAM,KAAK,eAAe,eAAgB,EAAU,CAGtD,MAAM,aAAa,EAA2C,CAC5D,MAAM,KAAK,eAAe,eAAgB,EAAU,CAGtD,cAAsB,EAAgD,CAC/D,KAIL,IAAI,KAAK,QAAQ,GACf,OAAO,KAAK,QAAQ,GAGtB,GAAI,CAAC,EAAU,SAAS,MAAM,CAC5B,OAAO,EAGT,GAAI,CACF,IAAM,EAAS,EAAe,EAAU,CASxC,OARI,EAAO,WAAa,MACf,EAAO,KAGZ,EAAO,QAAQ,IACV,EAAO,OAAO,IAGhB,KAAK,aAAa,EAAO,KAAK,MAC/B,CACN,OAAO,IAIX,aAAqB,EAAkC,CAChD,KACL,OAAO,EACJ,MAAM,YAAY,CAClB,OAAO,QAAQ,CACf,IAAK,GACJ,EACG,QAAQ,gBAAiB,IAAI,CAC7B,QAAQ,SAAU,IAAI,CACtB,aAAa,CACjB,CACA,KAAK,IAAI,CAGd,eACE,EACA,EACqB,CACrB,OAAO,IAAI,EAAoB,CAC7B,QAAS,oCAAoC,EAAU,uBAAuB,EAAU,GACxF,SAAU,KAAK,GACf,YACA,KAAM,YACP,CAAC"}
+{"version":3,"file":"env-secret-provider.js","names":[],"sources":["../../../src/integrations/secrets/env-secret-provider.ts"],"sourcesContent":["import { parseSecretUri, SecretProviderError } from './provider';\nimport type {\n  SecretProvider,\n  SecretReference,\n  SecretRotationResult,\n  SecretValue,\n  SecretWritePayload,\n} from './provider';\n\ninterface EnvSecretProviderOptions {\n  /**\n   * Optional map to alias secret references to environment variable names.\n   * Useful when referencing secrets from other providers (e.g. gcp://...)\n   * while still allowing local overrides.\n   */\n  aliases?: Record<string, string>;\n}\n\n/**\n * Environment-variable backed secret provider. Read-only by design.\n * Allows overriding other secret providers by deriving environment variable\n * names from secret references (or by using explicit aliases).\n */\nexport class EnvSecretProvider implements SecretProvider {\n  readonly id = 'env';\n\n  private readonly aliases: Record<string, string>;\n\n  constructor(options: EnvSecretProviderOptions = {}) {\n    this.aliases = options.aliases ?? {};\n  }\n\n  canHandle(reference: SecretReference): boolean {\n    const envKey = this.resolveEnvKey(reference);\n    return envKey !== undefined && process.env[envKey] !== undefined;\n  }\n\n  async getSecret(reference: SecretReference): Promise<SecretValue> {\n    const envKey = this.resolveEnvKey(reference);\n    if (!envKey) {\n      throw new SecretProviderError({\n        message: `Unable to resolve environment variable for reference \"${reference}\".`,\n        provider: this.id,\n        reference,\n        code: 'INVALID',\n      });\n    }\n\n    const value = process.env[envKey];\n    if (value === undefined) {\n      throw new SecretProviderError({\n        message: `Environment variable \"${envKey}\" not found for reference \"${reference}\".`,\n        provider: this.id,\n        reference,\n        code: 'NOT_FOUND',\n      });\n    }\n\n    return {\n      data: Buffer.from(value, 'utf-8'),\n      version: 'current',\n      metadata: {\n        source: 'env',\n        envKey,\n      },\n      retrievedAt: new Date(),\n    };\n  }\n\n  async setSecret(\n    reference: SecretReference,\n    _payload: SecretWritePayload\n  ): Promise<SecretRotationResult> {\n    throw this.forbiddenError('setSecret', reference);\n  }\n\n  async rotateSecret(\n    reference: SecretReference,\n    _payload: SecretWritePayload\n  ): Promise<SecretRotationResult> {\n    throw this.forbiddenError('rotateSecret', reference);\n  }\n\n  async deleteSecret(reference: SecretReference): Promise<void> {\n    throw this.forbiddenError('deleteSecret', reference);\n  }\n\n  private resolveEnvKey(reference: SecretReference): string | undefined {\n    if (!reference) {\n      return undefined;\n    }\n\n    if (this.aliases[reference]) {\n      return this.aliases[reference];\n    }\n\n    if (!reference.includes('://')) {\n      return reference;\n    }\n\n    try {\n      const parsed = parseSecretUri(reference);\n      if (parsed.provider === 'env') {\n        return parsed.path;\n      }\n\n      if (parsed.extras?.env) {\n        return parsed.extras.env;\n      }\n\n      return this.deriveEnvKey(parsed.path);\n    } catch {\n      return reference;\n    }\n  }\n\n  private deriveEnvKey(path: string): string | undefined {\n    if (!path) return undefined;\n    return path\n      .split(/[\\/:\\-\\.]/)\n      .filter(Boolean)\n      .map((segment) =>\n        segment\n          .replace(/[^a-zA-Z0-9]/g, '_')\n          .replace(/_{2,}/g, '_')\n          .toUpperCase()\n      )\n      .join('_');\n  }\n\n  private forbiddenError(\n    operation: string,\n    reference: SecretReference\n  ): SecretProviderError {\n    return new SecretProviderError({\n      message: `EnvSecretProvider is read-only. \"${operation}\" is not allowed for ${reference}.`,\n      provider: this.id,\n      reference,\n      code: 'FORBIDDEN',\n    });\n  }\n}\n"],"mappings":"wEAuBA,IAAa,EAAb,KAAyD,CACvD,GAAc,MAEd,QAEA,YAAY,EAAoC,EAAE,CAAE,CAClD,KAAK,QAAU,EAAQ,SAAW,EAAE,CAGtC,UAAU,EAAqC,CAC7C,IAAM,EAAS,KAAK,cAAc,EAAU,CAC5C,OAAO,IAAW,IAAA,IAAa,QAAQ,IAAI,KAAY,IAAA,GAGzD,MAAM,UAAU,EAAkD,CAChE,IAAM,EAAS,KAAK,cAAc,EAAU,CAC5C,GAAI,CAAC,EACH,MAAM,IAAI,EAAoB,CAC5B,QAAS,yDAAyD,EAAU,IAC5E,SAAU,KAAK,GACf,YACA,KAAM,UACP,CAAC,CAGJ,IAAM,EAAQ,QAAQ,IAAI,GAC1B,GAAI,IAAU,IAAA,GACZ,MAAM,IAAI,EAAoB,CAC5B,QAAS,yBAAyB,EAAO,6BAA6B,EAAU,IAChF,SAAU,KAAK,GACf,YACA,KAAM,YACP,CAAC,CAGJ,MAAO,CACL,KAAM,OAAO,KAAK,EAAO,QAAQ,CACjC,QAAS,UACT,SAAU,CACR,OAAQ,MACR,SACD,CACD,YAAa,IAAI,KAClB,CAGH,MAAM,UACJ,EACA,EAC+B,CAC/B,MAAM,KAAK,eAAe,YAAa,EAAU,CAGnD,MAAM,aACJ,EACA,EAC+B,CAC/B,MAAM,KAAK,eAAe,eAAgB,EAAU,CAGtD,MAAM,aAAa,EAA2C,CAC5D,MAAM,KAAK,eAAe,eAAgB,EAAU,CAGtD,cAAsB,EAAgD,CAC/D,KAIL,IAAI,KAAK,QAAQ,GACf,OAAO,KAAK,QAAQ,GAGtB,GAAI,CAAC,EAAU,SAAS,MAAM,CAC5B,OAAO,EAGT,GAAI,CACF,IAAM,EAAS,EAAe,EAAU,CASxC,OARI,EAAO,WAAa,MACf,EAAO,KAGZ,EAAO,QAAQ,IACV,EAAO,OAAO,IAGhB,KAAK,aAAa,EAAO,KAAK,MAC/B,CACN,OAAO,IAIX,aAAqB,EAAkC,CAChD,KACL,OAAO,EACJ,MAAM,YAAY,CAClB,OAAO,QAAQ,CACf,IAAK,GACJ,EACG,QAAQ,gBAAiB,IAAI,CAC7B,QAAQ,SAAU,IAAI,CACtB,aAAa,CACjB,CACA,KAAK,IAAI,CAGd,eACE,EACA,EACqB,CACrB,OAAO,IAAI,EAAoB,CAC7B,QAAS,oCAAoC,EAAU,uBAAuB,EAAU,GACxF,SAAU,KAAK,GACf,YACA,KAAM,YACP,CAAC"}

package/dist/integrations/secrets/gcp-secret-manager.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"gcp-secret-manager.d.ts","names":[],"sources":["../../../src/integrations/secrets/gcp-secret-manager.ts"],"sourcesContent":[],"mappings":";;;;;KAYK,mBAAA,GAAsB;UAEjB,+BAAA;EAFL,SAAA,CAAA,EAAA,MAAA;EAEK,MAAA,CAAA,EAEC,mBAFD;EAEC,aAAA,CAAA,EACO,qBADP,CAAA,OACoC,0BADpC,CAAA,CAAA,CAAA,CAAA;EACoC,kBAAA,CAAA,EACxB,MAAA,CAAO,MAAA,CAAO,KAAA,CAAM,aAAA,CAAc,EAAA,CAAG,YADb;;AACxB,cAaV,wBAAA,YAAoC,cAbW,CAAA;EAAY,SAAA,EAAA,GAAA,oBAAA;EAa3D,iBAAA,MAAA;EAMU,iBAAA,iBAAA;EAQA,iBAAA,WAAA;EAUR,WAAA,CAAA,OAAA,CAAA,EAlBQ,+BAkBR;EAEG,SAAA,CAAA,SAAA,EAZK,eAYL,CAAA,EAAA,OAAA;EACL,SAAA,CAAA,SAAA,EAHE,eAGF,EAAA,OAyCE,CAzCF,EAAA;IAAR,OAAA,CAAA,EAAA,MAAA;EAyCU,CAAA,EAAA,WAAA,CAAA,EA1CG,WA0CH,CAAA,EAzCV,OAyCU,CAzCF,WAyCE,CAAA;EACF,SAAA,CAAA,SAAA,EADE,eACF,EAAA,OAAA,EAAA,kBAAA,CAAA,EACR,OADQ,CACA,oBADA,CAAA;EACA,YAAA,CAAA,SAAA,EAsCE,eAtCF,EAAA,OAAA,EAuCA,kBAvCA,CAAA,EAwCR,OAxCQ,CAwCA,oBAxCA,CAAA;EAAR,YAAA,CAAA,SAAA,EA4C2B,eA5C3B,CAAA,EA4C6C,OA5C7C,CAAA,IAAA,CAAA;EAsCU,QAAA,cAAA;EACF,QAAA,UAAA;EACA,QAAA,gBAAA;EAAR,QAAA,kBAAA"}
+{"version":3,"file":"gcp-secret-manager.d.ts","names":[],"sources":["../../../src/integrations/secrets/gcp-secret-manager.ts"],"sourcesContent":[],"mappings":";;;;;KAmBK,mBAAA,GAAsB;UAEjB,+BAAA;EAFL,SAAA,CAAA,EAAA,MAAA;EAEK,MAAA,CAAA,EAEC,mBAFD;EAEC,aAAA,CAAA,EACO,qBADP,CAAA,OACoC,0BADpC,CAAA,CAAA,CAAA,CAAA;EACoC,kBAAA,CAAA,EACxB,MAAA,CAAO,MAAA,CAAO,KAAA,CAAM,aAAA,CAAc,EAAA,CAAG,YADb;;AACxB,cAaV,wBAAA,YAAoC,cAbW,CAAA;EAAY,SAAA,EAAA,GAAA,oBAAA;EAa3D,iBAAA,MAAA;EAMU,iBAAA,iBAAA;EAQA,iBAAA,WAAA;EAUR,WAAA,CAAA,OAAA,CAAA,EAlBQ,+BAkBR;EAEG,SAAA,CAAA,SAAA,EAZK,eAYL,CAAA,EAAA,OAAA;EACL,SAAA,CAAA,SAAA,EAHE,eAGF,EAAA,OAyCE,CAzCF,EAAA;IAAR,OAAA,CAAA,EAAA,MAAA;EAyCU,CAAA,EAAA,WAAA,CAAA,EA1CG,WA0CH,CAAA,EAzCV,OAyCU,CAzCF,WAyCE,CAAA;EACF,SAAA,CAAA,SAAA,EADE,eACF,EAAA,OAAA,EAAA,kBAAA,CAAA,EACR,OADQ,CACA,oBADA,CAAA;EACA,YAAA,CAAA,SAAA,EAsCE,eAtCF,EAAA,OAAA,EAuCA,kBAvCA,CAAA,EAwCR,OAxCQ,CAwCA,oBAxCA,CAAA;EAAR,YAAA,CAAA,SAAA,EA4C2B,eA5C3B,CAAA,EA4C6C,OA5C7C,CAAA,IAAA,CAAA;EAsCU,QAAA,cAAA;EACF,QAAA,UAAA;EACA,QAAA,gBAAA;EAAR,QAAA,kBAAA"}

package/dist/integrations/secrets/gcp-secret-manager.js.map

@@ -1 +1 @@
-{"version":3,"file":"gcp-secret-manager.js","names":["DEFAULT_REPLICATION: protos.google.cloud.secretmanager.v1.IReplication"],"sources":["../../../src/integrations/secrets/gcp-secret-manager.ts"],"sourcesContent":["import { protos, SecretManagerServiceClient } from '@google-cloud/secret-manager';\nimport type { CallOptions } from 'google-gax';\n\nimport { normalizeSecretPayload, parseSecretUri, SecretProviderError } from './provider';\nimport type {\n  SecretProvider,\n  SecretReference,\n  SecretRotationResult,\n  SecretValue,\n  SecretWritePayload,\n} from './provider';\n\ntype SecretManagerClient = SecretManagerServiceClient;\n\ninterface GcpSecretManagerProviderOptions {\n  projectId?: string;\n  client?: SecretManagerClient;\n  clientOptions?: ConstructorParameters<typeof SecretManagerServiceClient>[0];\n  defaultReplication?: protos.google.cloud.secretmanager.v1.IReplication;\n}\n\ninterface GcpSecretLocation {\n  projectId: string;\n  secretId: string;\n  version?: string;\n}\n\nconst DEFAULT_REPLICATION: protos.google.cloud.secretmanager.v1.IReplication = {\n  automatic: {},\n};\n\nexport class GcpSecretManagerProvider implements SecretProvider {\n  readonly id = 'gcp-secret-manager';\n  private readonly client: SecretManagerClient;\n  private readonly explicitProjectId?: string;\n  private readonly replication: protos.google.cloud.secretmanager.v1.IReplication;\n\n  constructor(options: GcpSecretManagerProviderOptions = {}) {\n    this.client =\n      options.client ??\n      new SecretManagerServiceClient(options.clientOptions ?? {});\n    this.explicitProjectId = options.projectId;\n    this.replication = options.defaultReplication ?? DEFAULT_REPLICATION;\n  }\n\n  canHandle(reference: SecretReference): boolean {\n    try {\n      const parsed = parseSecretUri(reference);\n      return parsed.provider === 'gcp';\n    } catch {\n      return false;\n    }\n  }\n\n  async getSecret(\n    reference: SecretReference,\n    options?: { version?: string },\n    callOptions?: CallOptions\n  ): Promise<SecretValue> {\n    const location = this.parseReference(reference);\n    const secretVersionName = this.buildVersionName(location, options?.version);\n    try {\n      const response = await this.client.accessSecretVersion(\n        {\n          name: secretVersionName,\n        },\n        callOptions ?? {}\n      );\n      const [result] = response;\n      const payload = result.payload;\n      if (!payload?.data) {\n        throw new SecretProviderError({\n          message: `Secret payload empty for ${secretVersionName}`,\n          provider: this.id,\n          reference,\n          code: 'UNKNOWN',\n        });\n      }\n\n      const version = extractVersionFromName(result.name ?? secretVersionName);\n      return {\n        data: payload.data as Uint8Array,\n        version,\n        metadata: payload.dataCrc32c\n          ? { crc32c: payload.dataCrc32c.toString() }\n          : undefined,\n        retrievedAt: new Date(),\n      };\n    } catch (error) {\n      throw toSecretProviderError({\n        error,\n        provider: this.id,\n        reference,\n        operation: 'access',\n      });\n    }\n  }\n\n  async setSecret(\n    reference: SecretReference,\n    payload: SecretWritePayload\n  ): Promise<SecretRotationResult> {\n    const location = this.parseReference(reference);\n    const { secretName } = this.buildNames(location);\n    const data = normalizeSecretPayload(payload);\n    await this.ensureSecretExists(location, payload);\n\n    try {\n      const response = await this.client.addSecretVersion({\n        parent: secretName,\n        payload: {\n          data,\n        },\n      });\n      if (!response) {\n        throw new SecretProviderError({\n          message: `No version returned when adding secret version for ${secretName}`,\n          provider: this.id,\n          reference,\n          code: 'UNKNOWN',\n        });\n      }\n      const [version] = response;\n      const versionName = version?.name ?? `${secretName}/versions/latest`;\n      return {\n        reference: `gcp://${versionName}`,\n        version: extractVersionFromName(versionName) ?? 'latest',\n      };\n    } catch (error) {\n      throw toSecretProviderError({\n        error,\n        provider: this.id,\n        reference,\n        operation: 'addSecretVersion',\n      });\n    }\n  }\n\n  async rotateSecret(\n    reference: SecretReference,\n    payload: SecretWritePayload\n  ): Promise<SecretRotationResult> {\n    return this.setSecret(reference, payload);\n  }\n\n  async deleteSecret(reference: SecretReference): Promise<void> {\n    const location = this.parseReference(reference);\n    const { secretName } = this.buildNames(location);\n    try {\n      await this.client.deleteSecret({\n        name: secretName,\n      });\n    } catch (error) {\n      throw toSecretProviderError({\n        error,\n        provider: this.id,\n        reference,\n        operation: 'delete',\n      });\n    }\n  }\n\n  private parseReference(reference: SecretReference): GcpSecretLocation {\n    const parsed = parseSecretUri(reference);\n    if (parsed.provider !== 'gcp') {\n      throw new SecretProviderError({\n        message: `Unsupported secret provider: ${parsed.provider}`,\n        provider: this.id,\n        reference,\n        code: 'INVALID',\n      });\n    }\n\n    const segments = parsed.path.split('/').filter(Boolean);\n    if (segments.length < 4 || segments[0] !== 'projects') {\n      throw new SecretProviderError({\n        message: `Expected secret reference format gcp://projects/{project}/secrets/{secret}[(/versions/{version})] but received \"${parsed.path}\"`,\n        provider: this.id,\n        reference,\n        code: 'INVALID',\n      });\n    }\n\n    const projectIdCandidate = segments[1] ?? this.explicitProjectId;\n    if (!projectIdCandidate) {\n      throw new SecretProviderError({\n        message: `Unable to resolve project or secret from reference \"${parsed.path}\"`,\n        provider: this.id,\n        reference,\n        code: 'INVALID',\n      });\n    }\n\n    const indexOfSecrets = segments.indexOf('secrets');\n    if (indexOfSecrets === -1 || indexOfSecrets + 1 >= segments.length) {\n      throw new SecretProviderError({\n        message: `Unable to resolve project or secret from reference \"${parsed.path}\"`,\n        provider: this.id,\n        reference,\n        code: 'INVALID',\n      });\n    }\n\n    const resolvedProjectId = projectIdCandidate;\n    const secretIdCandidate = segments[indexOfSecrets + 1];\n    if (!secretIdCandidate) {\n      throw new SecretProviderError({\n        message: `Unable to resolve secret ID from reference \"${parsed.path}\"`,\n        provider: this.id,\n        reference,\n        code: 'INVALID',\n      });\n    }\n    const secretId = secretIdCandidate;\n    const indexOfVersions = segments.indexOf('versions');\n    const version =\n      parsed.extras?.version ??\n      (indexOfVersions !== -1 && indexOfVersions + 1 < segments.length\n        ? segments[indexOfVersions + 1]\n        : undefined);\n\n    return {\n      projectId: resolvedProjectId,\n      secretId,\n      version,\n    };\n  }\n\n  private buildNames(location: GcpSecretLocation): {\n    secretName: string;\n    projectParent: string;\n  } {\n    const projectId = location.projectId ?? this.explicitProjectId;\n    if (!projectId) {\n      throw new SecretProviderError({\n        message: 'Project ID must be provided either in reference or provider configuration',\n        provider: this.id,\n        reference: `gcp://projects//secrets/${location.secretId}`,\n        code: 'INVALID',\n      });\n    }\n\n    const projectParent = `projects/${projectId}`;\n    const secretName = `${projectParent}/secrets/${location.secretId}`;\n    return {\n      projectParent,\n      secretName,\n    };\n  }\n\n  private buildVersionName(\n    location: GcpSecretLocation,\n    explicitVersion?: string\n  ): string {\n    const { secretName } = this.buildNames(location);\n    const version = explicitVersion ?? location.version ?? 'latest';\n    return `${secretName}/versions/${version}`;\n  }\n\n  private async ensureSecretExists(\n    location: GcpSecretLocation,\n    payload: SecretWritePayload\n  ): Promise<void> {\n    const { secretName, projectParent } = this.buildNames(location);\n    try {\n      await this.client.getSecret({ name: secretName });\n    } catch (error) {\n      const providerError = toSecretProviderError({\n        error,\n        provider: this.id,\n        reference: `gcp://${secretName}`,\n        operation: 'getSecret',\n        suppressThrow: true,\n      });\n      if (!providerError || providerError.code !== 'NOT_FOUND') {\n        if (providerError) {\n          throw providerError;\n        }\n        throw error;\n      }\n      try {\n        await this.client.createSecret({\n          parent: projectParent,\n          secretId: location.secretId,\n          secret: {\n            replication: this.replication,\n            labels: payload.labels,\n          },\n        });\n      } catch (creationError) {\n        const creationProviderError = toSecretProviderError({\n          error: creationError,\n          provider: this.id,\n          reference: `gcp://${secretName}`,\n          operation: 'createSecret',\n        });\n        throw creationProviderError;\n      }\n    }\n  }\n}\n\nfunction extractVersionFromName(name: string): string | undefined {\n  const segments = name.split('/').filter(Boolean);\n  const index = segments.indexOf('versions');\n  if (index === -1 || index + 1 >= segments.length) {\n    return undefined;\n  }\n  return segments[index + 1];\n}\n\nfunction toSecretProviderError(params: {\n  error: unknown;\n  provider: string;\n  reference: SecretReference;\n  operation: string;\n  suppressThrow?: boolean;\n}): SecretProviderError {\n  const { error, provider, reference, operation, suppressThrow } = params;\n  if (error instanceof SecretProviderError) {\n    return error;\n  }\n\n  const code = deriveErrorCode(error);\n  const message =\n    error instanceof Error ? error.message : `Unknown error during ${operation}`;\n\n  const providerError = new SecretProviderError({\n    message,\n    provider,\n    reference,\n    code,\n    cause: error,\n  });\n\n  if (suppressThrow) {\n    return providerError;\n  }\n\n  throw providerError;\n}\n\nfunction deriveErrorCode(error: unknown): SecretProviderError['code'] {\n  if (typeof error !== 'object' || error === null) {\n    return 'UNKNOWN';\n  }\n\n  const errorAny = error as { code?: number | string };\n  const code = errorAny.code;\n  if (code === 5 || code === 'NOT_FOUND') return 'NOT_FOUND';\n  if (code === 6 || code === 'ALREADY_EXISTS') return 'INVALID';\n  if (code === 7 || code === 'PERMISSION_DENIED' || code === 403) {\n    return 'FORBIDDEN';\n  }\n  if (code === 3 || code === 'INVALID_ARGUMENT') return 'INVALID';\n  return 'UNKNOWN';\n}\n\n\n"],"mappings":"0LA2BA,MAAMA,EAAyE,CAC7E,UAAW,EAAE,CACd,CAED,IAAa,EAAb,KAAgE,CAC9D,GAAc,qBACd,OACA,kBACA,YAEA,YAAY,EAA2C,EAAE,CAAE,CACzD,KAAK,OACH,EAAQ,QACR,IAAI,EAA2B,EAAQ,eAAiB,EAAE,CAAC,CAC7D,KAAK,kBAAoB,EAAQ,UACjC,KAAK,YAAc,EAAQ,oBAAsB,EAGnD,UAAU,EAAqC,CAC7C,GAAI,CAEF,OADe,EAAe,EAAU,CAC1B,WAAa,WACrB,CACN,MAAO,IAIX,MAAM,UACJ,EACA,EACA,EACsB,CACtB,IAAM,EAAW,KAAK,eAAe,EAAU,CACzC,EAAoB,KAAK,iBAAiB,EAAU,GAAS,QAAQ,CAC3E,GAAI,CAOF,GAAM,CAAC,GANU,MAAM,KAAK,OAAO,oBACjC,CACE,KAAM,EACP,CACD,GAAe,EAAE,CAClB,CAEK,EAAU,EAAO,QACvB,GAAI,CAAC,GAAS,KACZ,MAAM,IAAI,EAAoB,CAC5B,QAAS,4BAA4B,IACrC,SAAU,KAAK,GACf,YACA,KAAM,UACP,CAAC,CAGJ,IAAM,EAAU,EAAuB,EAAO,MAAQ,EAAkB,CACxE,MAAO,CACL,KAAM,EAAQ,KACd,UACA,SAAU,EAAQ,WACd,CAAE,OAAQ,EAAQ,WAAW,UAAU,CAAE,CACzC,IAAA,GACJ,YAAa,IAAI,KAClB,OACM,EAAO,CACd,MAAM,EAAsB,CAC1B,QACA,SAAU,KAAK,GACf,YACA,UAAW,SACZ,CAAC,EAIN,MAAM,UACJ,EACA,EAC+B,CAC/B,IAAM,EAAW,KAAK,eAAe,EAAU,CACzC,CAAE,cAAe,KAAK,WAAW,EAAS,CAC1C,EAAO,EAAuB,EAAQ,CAC5C,MAAM,KAAK,mBAAmB,EAAU,EAAQ,CAEhD,GAAI,CACF,IAAM,EAAW,MAAM,KAAK,OAAO,iBAAiB,CAClD,OAAQ,EACR,QAAS,CACP,OACD,CACF,CAAC,CACF,GAAI,CAAC,EACH,MAAM,IAAI,EAAoB,CAC5B,QAAS,sDAAsD,IAC/D,SAAU,KAAK,GACf,YACA,KAAM,UACP,CAAC,CAEJ,GAAM,CAAC,GAAW,EACZ,EAAc,GAAS,MAAQ,GAAG,EAAW,kBACnD,MAAO,CACL,UAAW,SAAS,IACpB,QAAS,EAAuB,EAAY,EAAI,SACjD,OACM,EAAO,CACd,MAAM,EAAsB,CAC1B,QACA,SAAU,KAAK,GACf,YACA,UAAW,mBACZ,CAAC,EAIN,MAAM,aACJ,EACA,EAC+B,CAC/B,OAAO,KAAK,UAAU,EAAW,EAAQ,CAG3C,MAAM,aAAa,EAA2C,CAC5D,IAAM,EAAW,KAAK,eAAe,EAAU,CACzC,CAAE,cAAe,KAAK,WAAW,EAAS,CAChD,GAAI,CACF,MAAM,KAAK,OAAO,aAAa,CAC7B,KAAM,EACP,CAAC,OACK,EAAO,CACd,MAAM,EAAsB,CAC1B,QACA,SAAU,KAAK,GACf,YACA,UAAW,SACZ,CAAC,EAIN,eAAuB,EAA+C,CACpE,IAAM,EAAS,EAAe,EAAU,CACxC,GAAI,EAAO,WAAa,MACtB,MAAM,IAAI,EAAoB,CAC5B,QAAS,gCAAgC,EAAO,WAChD,SAAU,KAAK,GACf,YACA,KAAM,UACP,CAAC,CAGJ,IAAM,EAAW,EAAO,KAAK,MAAM,IAAI,CAAC,OAAO,QAAQ,CACvD,GAAI,EAAS,OAAS,GAAK,EAAS,KAAO,WACzC,MAAM,IAAI,EAAoB,CAC5B,QAAS,mHAAmH,EAAO,KAAK,GACxI,SAAU,KAAK,GACf,YACA,KAAM,UACP,CAAC,CAGJ,IAAM,EAAqB,EAAS,IAAM,KAAK,kBAC/C,GAAI,CAAC,EACH,MAAM,IAAI,EAAoB,CAC5B,QAAS,uDAAuD,EAAO,KAAK,GAC5E,SAAU,KAAK,GACf,YACA,KAAM,UACP,CAAC,CAGJ,IAAM,EAAiB,EAAS,QAAQ,UAAU,CAClD,GAAI,IAAmB,IAAM,EAAiB,GAAK,EAAS,OAC1D,MAAM,IAAI,EAAoB,CAC5B,QAAS,uDAAuD,EAAO,KAAK,GAC5E,SAAU,KAAK,GACf,YACA,KAAM,UACP,CAAC,CAGJ,IAAM,EAAoB,EACpB,EAAoB,EAAS,EAAiB,GACpD,GAAI,CAAC,EACH,MAAM,IAAI,EAAoB,CAC5B,QAAS,+CAA+C,EAAO,KAAK,GACpE,SAAU,KAAK,GACf,YACA,KAAM,UACP,CAAC,CAEJ,IAAM,EAAW,EACX,EAAkB,EAAS,QAAQ,WAAW,CAOpD,MAAO,CACL,UAAW,EACX,WACA,QARA,EAAO,QAAQ,UACd,IAAoB,IAAM,EAAkB,EAAI,EAAS,OACtD,EAAS,EAAkB,GAC3B,IAAA,IAML,CAGH,WAAmB,EAGjB,CACA,IAAM,EAAY,EAAS,WAAa,KAAK,kBAC7C,GAAI,CAAC,EACH,MAAM,IAAI,EAAoB,CAC5B,QAAS,4EACT,SAAU,KAAK,GACf,UAAW,2BAA2B,EAAS,WAC/C,KAAM,UACP,CAAC,CAGJ,IAAM,EAAgB,YAAY,IAElC,MAAO,CACL,gBACA,WAHiB,GAAG,EAAc,WAAW,EAAS,WAIvD,CAGH,iBACE,EACA,EACQ,CACR,GAAM,CAAE,cAAe,KAAK,WAAW,EAAS,CAEhD,MAAO,GAAG,EAAW,YADL,GAAmB,EAAS,SAAW,WAIzD,MAAc,mBACZ,EACA,EACe,CACf,GAAM,CAAE,aAAY,iBAAkB,KAAK,WAAW,EAAS,CAC/D,GAAI,CACF,MAAM,KAAK,OAAO,UAAU,CAAE,KAAM,EAAY,CAAC,OAC1C,EAAO,CACd,IAAM,EAAgB,EAAsB,CAC1C,QACA,SAAU,KAAK,GACf,UAAW,SAAS,IACpB,UAAW,YACX,cAAe,GAChB,CAAC,CACF,GAAI,CAAC,GAAiB,EAAc,OAAS,YAI3C,MAHI,GAGE,EAER,GAAI,CACF,MAAM,KAAK,OAAO,aAAa,CAC7B,OAAQ,EACR,SAAU,EAAS,SACnB,OAAQ,CACN,YAAa,KAAK,YAClB,OAAQ,EAAQ,OACjB,CACF,CAAC,OACK,EAAe,CAOtB,MAN8B,EAAsB,CAClD,MAAO,EACP,SAAU,KAAK,GACf,UAAW,SAAS,IACpB,UAAW,eACZ,CAAC,KAOV,SAAS,EAAuB,EAAkC,CAChE,IAAM,EAAW,EAAK,MAAM,IAAI,CAAC,OAAO,QAAQ,CAC1C,EAAQ,EAAS,QAAQ,WAAW,CACtC,SAAU,IAAM,EAAQ,GAAK,EAAS,QAG1C,OAAO,EAAS,EAAQ,GAG1B,SAAS,EAAsB,EAMP,CACtB,GAAM,CAAE,QAAO,WAAU,YAAW,YAAW,iBAAkB,EACjE,GAAI,aAAiB,EACnB,OAAO,EAGT,IAAM,EAAO,EAAgB,EAAM,CAI7B,EAAgB,IAAI,EAAoB,CAC5C,QAHA,aAAiB,MAAQ,EAAM,QAAU,wBAAwB,IAIjE,WACA,YACA,OACA,MAAO,EACR,CAAC,CAEF,GAAI,EACF,OAAO,EAGT,MAAM,EAGR,SAAS,EAAgB,EAA6C,CACpE,GAAI,OAAO,GAAU,WAAY,EAC/B,MAAO,UAIT,IAAM,EADW,EACK,KAOtB,OANI,IAAS,GAAK,IAAS,YAAoB,YAC3C,IAAS,GAAK,IAAS,iBAAyB,UAChD,IAAS,GAAK,IAAS,qBAAuB,IAAS,IAClD,YAEL,IAAS,GAAK,IAAS,mBAA2B,UAC/C"}
+{"version":3,"file":"gcp-secret-manager.js","names":["DEFAULT_REPLICATION: protos.google.cloud.secretmanager.v1.IReplication"],"sources":["../../../src/integrations/secrets/gcp-secret-manager.ts"],"sourcesContent":["import {\n  protos,\n  SecretManagerServiceClient,\n} from '@google-cloud/secret-manager';\nimport type { CallOptions } from 'google-gax';\n\nimport {\n  normalizeSecretPayload,\n  parseSecretUri,\n  SecretProviderError,\n} from './provider';\nimport type {\n  SecretProvider,\n  SecretReference,\n  SecretRotationResult,\n  SecretValue,\n  SecretWritePayload,\n} from './provider';\n\ntype SecretManagerClient = SecretManagerServiceClient;\n\ninterface GcpSecretManagerProviderOptions {\n  projectId?: string;\n  client?: SecretManagerClient;\n  clientOptions?: ConstructorParameters<typeof SecretManagerServiceClient>[0];\n  defaultReplication?: protos.google.cloud.secretmanager.v1.IReplication;\n}\n\ninterface GcpSecretLocation {\n  projectId: string;\n  secretId: string;\n  version?: string;\n}\n\nconst DEFAULT_REPLICATION: protos.google.cloud.secretmanager.v1.IReplication = {\n  automatic: {},\n};\n\nexport class GcpSecretManagerProvider implements SecretProvider {\n  readonly id = 'gcp-secret-manager';\n  private readonly client: SecretManagerClient;\n  private readonly explicitProjectId?: string;\n  private readonly replication: protos.google.cloud.secretmanager.v1.IReplication;\n\n  constructor(options: GcpSecretManagerProviderOptions = {}) {\n    this.client =\n      options.client ??\n      new SecretManagerServiceClient(options.clientOptions ?? {});\n    this.explicitProjectId = options.projectId;\n    this.replication = options.defaultReplication ?? DEFAULT_REPLICATION;\n  }\n\n  canHandle(reference: SecretReference): boolean {\n    try {\n      const parsed = parseSecretUri(reference);\n      return parsed.provider === 'gcp';\n    } catch {\n      return false;\n    }\n  }\n\n  async getSecret(\n    reference: SecretReference,\n    options?: { version?: string },\n    callOptions?: CallOptions\n  ): Promise<SecretValue> {\n    const location = this.parseReference(reference);\n    const secretVersionName = this.buildVersionName(location, options?.version);\n    try {\n      const response = await this.client.accessSecretVersion(\n        {\n          name: secretVersionName,\n        },\n        callOptions ?? {}\n      );\n      const [result] = response;\n      const payload = result.payload;\n      if (!payload?.data) {\n        throw new SecretProviderError({\n          message: `Secret payload empty for ${secretVersionName}`,\n          provider: this.id,\n          reference,\n          code: 'UNKNOWN',\n        });\n      }\n\n      const version = extractVersionFromName(result.name ?? secretVersionName);\n      return {\n        data: payload.data as Uint8Array,\n        version,\n        metadata: payload.dataCrc32c\n          ? { crc32c: payload.dataCrc32c.toString() }\n          : undefined,\n        retrievedAt: new Date(),\n      };\n    } catch (error) {\n      throw toSecretProviderError({\n        error,\n        provider: this.id,\n        reference,\n        operation: 'access',\n      });\n    }\n  }\n\n  async setSecret(\n    reference: SecretReference,\n    payload: SecretWritePayload\n  ): Promise<SecretRotationResult> {\n    const location = this.parseReference(reference);\n    const { secretName } = this.buildNames(location);\n    const data = normalizeSecretPayload(payload);\n    await this.ensureSecretExists(location, payload);\n\n    try {\n      const response = await this.client.addSecretVersion({\n        parent: secretName,\n        payload: {\n          data,\n        },\n      });\n      if (!response) {\n        throw new SecretProviderError({\n          message: `No version returned when adding secret version for ${secretName}`,\n          provider: this.id,\n          reference,\n          code: 'UNKNOWN',\n        });\n      }\n      const [version] = response;\n      const versionName = version?.name ?? `${secretName}/versions/latest`;\n      return {\n        reference: `gcp://${versionName}`,\n        version: extractVersionFromName(versionName) ?? 'latest',\n      };\n    } catch (error) {\n      throw toSecretProviderError({\n        error,\n        provider: this.id,\n        reference,\n        operation: 'addSecretVersion',\n      });\n    }\n  }\n\n  async rotateSecret(\n    reference: SecretReference,\n    payload: SecretWritePayload\n  ): Promise<SecretRotationResult> {\n    return this.setSecret(reference, payload);\n  }\n\n  async deleteSecret(reference: SecretReference): Promise<void> {\n    const location = this.parseReference(reference);\n    const { secretName } = this.buildNames(location);\n    try {\n      await this.client.deleteSecret({\n        name: secretName,\n      });\n    } catch (error) {\n      throw toSecretProviderError({\n        error,\n        provider: this.id,\n        reference,\n        operation: 'delete',\n      });\n    }\n  }\n\n  private parseReference(reference: SecretReference): GcpSecretLocation {\n    const parsed = parseSecretUri(reference);\n    if (parsed.provider !== 'gcp') {\n      throw new SecretProviderError({\n        message: `Unsupported secret provider: ${parsed.provider}`,\n        provider: this.id,\n        reference,\n        code: 'INVALID',\n      });\n    }\n\n    const segments = parsed.path.split('/').filter(Boolean);\n    if (segments.length < 4 || segments[0] !== 'projects') {\n      throw new SecretProviderError({\n        message: `Expected secret reference format gcp://projects/{project}/secrets/{secret}[(/versions/{version})] but received \"${parsed.path}\"`,\n        provider: this.id,\n        reference,\n        code: 'INVALID',\n      });\n    }\n\n    const projectIdCandidate = segments[1] ?? this.explicitProjectId;\n    if (!projectIdCandidate) {\n      throw new SecretProviderError({\n        message: `Unable to resolve project or secret from reference \"${parsed.path}\"`,\n        provider: this.id,\n        reference,\n        code: 'INVALID',\n      });\n    }\n\n    const indexOfSecrets = segments.indexOf('secrets');\n    if (indexOfSecrets === -1 || indexOfSecrets + 1 >= segments.length) {\n      throw new SecretProviderError({\n        message: `Unable to resolve project or secret from reference \"${parsed.path}\"`,\n        provider: this.id,\n        reference,\n        code: 'INVALID',\n      });\n    }\n\n    const resolvedProjectId = projectIdCandidate;\n    const secretIdCandidate = segments[indexOfSecrets + 1];\n    if (!secretIdCandidate) {\n      throw new SecretProviderError({\n        message: `Unable to resolve secret ID from reference \"${parsed.path}\"`,\n        provider: this.id,\n        reference,\n        code: 'INVALID',\n      });\n    }\n    const secretId = secretIdCandidate;\n    const indexOfVersions = segments.indexOf('versions');\n    const version =\n      parsed.extras?.version ??\n      (indexOfVersions !== -1 && indexOfVersions + 1 < segments.length\n        ? segments[indexOfVersions + 1]\n        : undefined);\n\n    return {\n      projectId: resolvedProjectId,\n      secretId,\n      version,\n    };\n  }\n\n  private buildNames(location: GcpSecretLocation): {\n    secretName: string;\n    projectParent: string;\n  } {\n    const projectId = location.projectId ?? this.explicitProjectId;\n    if (!projectId) {\n      throw new SecretProviderError({\n        message:\n          'Project ID must be provided either in reference or provider configuration',\n        provider: this.id,\n        reference: `gcp://projects//secrets/${location.secretId}`,\n        code: 'INVALID',\n      });\n    }\n\n    const projectParent = `projects/${projectId}`;\n    const secretName = `${projectParent}/secrets/${location.secretId}`;\n    return {\n      projectParent,\n      secretName,\n    };\n  }\n\n  private buildVersionName(\n    location: GcpSecretLocation,\n    explicitVersion?: string\n  ): string {\n    const { secretName } = this.buildNames(location);\n    const version = explicitVersion ?? location.version ?? 'latest';\n    return `${secretName}/versions/${version}`;\n  }\n\n  private async ensureSecretExists(\n    location: GcpSecretLocation,\n    payload: SecretWritePayload\n  ): Promise<void> {\n    const { secretName, projectParent } = this.buildNames(location);\n    try {\n      await this.client.getSecret({ name: secretName });\n    } catch (error) {\n      const providerError = toSecretProviderError({\n        error,\n        provider: this.id,\n        reference: `gcp://${secretName}`,\n        operation: 'getSecret',\n        suppressThrow: true,\n      });\n      if (!providerError || providerError.code !== 'NOT_FOUND') {\n        if (providerError) {\n          throw providerError;\n        }\n        throw error;\n      }\n      try {\n        await this.client.createSecret({\n          parent: projectParent,\n          secretId: location.secretId,\n          secret: {\n            replication: this.replication,\n            labels: payload.labels,\n          },\n        });\n      } catch (creationError) {\n        const creationProviderError = toSecretProviderError({\n          error: creationError,\n          provider: this.id,\n          reference: `gcp://${secretName}`,\n          operation: 'createSecret',\n        });\n        throw creationProviderError;\n      }\n    }\n  }\n}\n\nfunction extractVersionFromName(name: string): string | undefined {\n  const segments = name.split('/').filter(Boolean);\n  const index = segments.indexOf('versions');\n  if (index === -1 || index + 1 >= segments.length) {\n    return undefined;\n  }\n  return segments[index + 1];\n}\n\nfunction toSecretProviderError(params: {\n  error: unknown;\n  provider: string;\n  reference: SecretReference;\n  operation: string;\n  suppressThrow?: boolean;\n}): SecretProviderError {\n  const { error, provider, reference, operation, suppressThrow } = params;\n  if (error instanceof SecretProviderError) {\n    return error;\n  }\n\n  const code = deriveErrorCode(error);\n  const message =\n    error instanceof Error\n      ? error.message\n      : `Unknown error during ${operation}`;\n\n  const providerError = new SecretProviderError({\n    message,\n    provider,\n    reference,\n    code,\n    cause: error,\n  });\n\n  if (suppressThrow) {\n    return providerError;\n  }\n\n  throw providerError;\n}\n\nfunction deriveErrorCode(error: unknown): SecretProviderError['code'] {\n  if (typeof error !== 'object' || error === null) {\n    return 'UNKNOWN';\n  }\n\n  const errorAny = error as { code?: number | string };\n  const code = errorAny.code;\n  if (code === 5 || code === 'NOT_FOUND') return 'NOT_FOUND';\n  if (code === 6 || code === 'ALREADY_EXISTS') return 'INVALID';\n  if (code === 7 || code === 'PERMISSION_DENIED' || code === 403) {\n    return 'FORBIDDEN';\n  }\n  if (code === 3 || code === 'INVALID_ARGUMENT') return 'INVALID';\n  return 'UNKNOWN';\n}\n"],"mappings":"0LAkCA,MAAMA,EAAyE,CAC7E,UAAW,EAAE,CACd,CAED,IAAa,EAAb,KAAgE,CAC9D,GAAc,qBACd,OACA,kBACA,YAEA,YAAY,EAA2C,EAAE,CAAE,CACzD,KAAK,OACH,EAAQ,QACR,IAAI,EAA2B,EAAQ,eAAiB,EAAE,CAAC,CAC7D,KAAK,kBAAoB,EAAQ,UACjC,KAAK,YAAc,EAAQ,oBAAsB,EAGnD,UAAU,EAAqC,CAC7C,GAAI,CAEF,OADe,EAAe,EAAU,CAC1B,WAAa,WACrB,CACN,MAAO,IAIX,MAAM,UACJ,EACA,EACA,EACsB,CACtB,IAAM,EAAW,KAAK,eAAe,EAAU,CACzC,EAAoB,KAAK,iBAAiB,EAAU,GAAS,QAAQ,CAC3E,GAAI,CAOF,GAAM,CAAC,GANU,MAAM,KAAK,OAAO,oBACjC,CACE,KAAM,EACP,CACD,GAAe,EAAE,CAClB,CAEK,EAAU,EAAO,QACvB,GAAI,CAAC,GAAS,KACZ,MAAM,IAAI,EAAoB,CAC5B,QAAS,4BAA4B,IACrC,SAAU,KAAK,GACf,YACA,KAAM,UACP,CAAC,CAGJ,IAAM,EAAU,EAAuB,EAAO,MAAQ,EAAkB,CACxE,MAAO,CACL,KAAM,EAAQ,KACd,UACA,SAAU,EAAQ,WACd,CAAE,OAAQ,EAAQ,WAAW,UAAU,CAAE,CACzC,IAAA,GACJ,YAAa,IAAI,KAClB,OACM,EAAO,CACd,MAAM,EAAsB,CAC1B,QACA,SAAU,KAAK,GACf,YACA,UAAW,SACZ,CAAC,EAIN,MAAM,UACJ,EACA,EAC+B,CAC/B,IAAM,EAAW,KAAK,eAAe,EAAU,CACzC,CAAE,cAAe,KAAK,WAAW,EAAS,CAC1C,EAAO,EAAuB,EAAQ,CAC5C,MAAM,KAAK,mBAAmB,EAAU,EAAQ,CAEhD,GAAI,CACF,IAAM,EAAW,MAAM,KAAK,OAAO,iBAAiB,CAClD,OAAQ,EACR,QAAS,CACP,OACD,CACF,CAAC,CACF,GAAI,CAAC,EACH,MAAM,IAAI,EAAoB,CAC5B,QAAS,sDAAsD,IAC/D,SAAU,KAAK,GACf,YACA,KAAM,UACP,CAAC,CAEJ,GAAM,CAAC,GAAW,EACZ,EAAc,GAAS,MAAQ,GAAG,EAAW,kBACnD,MAAO,CACL,UAAW,SAAS,IACpB,QAAS,EAAuB,EAAY,EAAI,SACjD,OACM,EAAO,CACd,MAAM,EAAsB,CAC1B,QACA,SAAU,KAAK,GACf,YACA,UAAW,mBACZ,CAAC,EAIN,MAAM,aACJ,EACA,EAC+B,CAC/B,OAAO,KAAK,UAAU,EAAW,EAAQ,CAG3C,MAAM,aAAa,EAA2C,CAC5D,IAAM,EAAW,KAAK,eAAe,EAAU,CACzC,CAAE,cAAe,KAAK,WAAW,EAAS,CAChD,GAAI,CACF,MAAM,KAAK,OAAO,aAAa,CAC7B,KAAM,EACP,CAAC,OACK,EAAO,CACd,MAAM,EAAsB,CAC1B,QACA,SAAU,KAAK,GACf,YACA,UAAW,SACZ,CAAC,EAIN,eAAuB,EAA+C,CACpE,IAAM,EAAS,EAAe,EAAU,CACxC,GAAI,EAAO,WAAa,MACtB,MAAM,IAAI,EAAoB,CAC5B,QAAS,gCAAgC,EAAO,WAChD,SAAU,KAAK,GACf,YACA,KAAM,UACP,CAAC,CAGJ,IAAM,EAAW,EAAO,KAAK,MAAM,IAAI,CAAC,OAAO,QAAQ,CACvD,GAAI,EAAS,OAAS,GAAK,EAAS,KAAO,WACzC,MAAM,IAAI,EAAoB,CAC5B,QAAS,mHAAmH,EAAO,KAAK,GACxI,SAAU,KAAK,GACf,YACA,KAAM,UACP,CAAC,CAGJ,IAAM,EAAqB,EAAS,IAAM,KAAK,kBAC/C,GAAI,CAAC,EACH,MAAM,IAAI,EAAoB,CAC5B,QAAS,uDAAuD,EAAO,KAAK,GAC5E,SAAU,KAAK,GACf,YACA,KAAM,UACP,CAAC,CAGJ,IAAM,EAAiB,EAAS,QAAQ,UAAU,CAClD,GAAI,IAAmB,IAAM,EAAiB,GAAK,EAAS,OAC1D,MAAM,IAAI,EAAoB,CAC5B,QAAS,uDAAuD,EAAO,KAAK,GAC5E,SAAU,KAAK,GACf,YACA,KAAM,UACP,CAAC,CAGJ,IAAM,EAAoB,EACpB,EAAoB,EAAS,EAAiB,GACpD,GAAI,CAAC,EACH,MAAM,IAAI,EAAoB,CAC5B,QAAS,+CAA+C,EAAO,KAAK,GACpE,SAAU,KAAK,GACf,YACA,KAAM,UACP,CAAC,CAEJ,IAAM,EAAW,EACX,EAAkB,EAAS,QAAQ,WAAW,CAOpD,MAAO,CACL,UAAW,EACX,WACA,QARA,EAAO,QAAQ,UACd,IAAoB,IAAM,EAAkB,EAAI,EAAS,OACtD,EAAS,EAAkB,GAC3B,IAAA,IAML,CAGH,WAAmB,EAGjB,CACA,IAAM,EAAY,EAAS,WAAa,KAAK,kBAC7C,GAAI,CAAC,EACH,MAAM,IAAI,EAAoB,CAC5B,QACE,4EACF,SAAU,KAAK,GACf,UAAW,2BAA2B,EAAS,WAC/C,KAAM,UACP,CAAC,CAGJ,IAAM,EAAgB,YAAY,IAElC,MAAO,CACL,gBACA,WAHiB,GAAG,EAAc,WAAW,EAAS,WAIvD,CAGH,iBACE,EACA,EACQ,CACR,GAAM,CAAE,cAAe,KAAK,WAAW,EAAS,CAEhD,MAAO,GAAG,EAAW,YADL,GAAmB,EAAS,SAAW,WAIzD,MAAc,mBACZ,EACA,EACe,CACf,GAAM,CAAE,aAAY,iBAAkB,KAAK,WAAW,EAAS,CAC/D,GAAI,CACF,MAAM,KAAK,OAAO,UAAU,CAAE,KAAM,EAAY,CAAC,OAC1C,EAAO,CACd,IAAM,EAAgB,EAAsB,CAC1C,QACA,SAAU,KAAK,GACf,UAAW,SAAS,IACpB,UAAW,YACX,cAAe,GAChB,CAAC,CACF,GAAI,CAAC,GAAiB,EAAc,OAAS,YAI3C,MAHI,GAGE,EAER,GAAI,CACF,MAAM,KAAK,OAAO,aAAa,CAC7B,OAAQ,EACR,SAAU,EAAS,SACnB,OAAQ,CACN,YAAa,KAAK,YAClB,OAAQ,EAAQ,OACjB,CACF,CAAC,OACK,EAAe,CAOtB,MAN8B,EAAsB,CAClD,MAAO,EACP,SAAU,KAAK,GACf,UAAW,SAAS,IACpB,UAAW,eACZ,CAAC,KAOV,SAAS,EAAuB,EAAkC,CAChE,IAAM,EAAW,EAAK,MAAM,IAAI,CAAC,OAAO,QAAQ,CAC1C,EAAQ,EAAS,QAAQ,WAAW,CACtC,SAAU,IAAM,EAAQ,GAAK,EAAS,QAG1C,OAAO,EAAS,EAAQ,GAG1B,SAAS,EAAsB,EAMP,CACtB,GAAM,CAAE,QAAO,WAAU,YAAW,YAAW,iBAAkB,EACjE,GAAI,aAAiB,EACnB,OAAO,EAGT,IAAM,EAAO,EAAgB,EAAM,CAM7B,EAAgB,IAAI,EAAoB,CAC5C,QALA,aAAiB,MACb,EAAM,QACN,wBAAwB,IAI5B,WACA,YACA,OACA,MAAO,EACR,CAAC,CAEF,GAAI,EACF,OAAO,EAGT,MAAM,EAGR,SAAS,EAAgB,EAA6C,CACpE,GAAI,OAAO,GAAU,WAAY,EAC/B,MAAO,UAIT,IAAM,EADW,EACK,KAOtB,OANI,IAAS,GAAK,IAAS,YAAoB,YAC3C,IAAS,GAAK,IAAS,iBAAyB,UAChD,IAAS,GAAK,IAAS,qBAAuB,IAAS,IAClD,YAEL,IAAS,GAAK,IAAS,mBAA2B,UAC/C"}

package/dist/integrations/secrets/manager.d.ts

@@ -16,10 +16,10 @@ interface SecretProviderManagerOptions {
    * Providers to pre-register. They are registered in array order with
    * descending priority (first entry wins ties).
    */
-  providers?: Array<{
+  providers?: {
     provider: SecretProvider;
     priority?: number;
-  }>;
+  }[];
 }
 /**
  * Composite secret provider that delegates to registered providers.

package/dist/integrations/secrets/manager.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"manager.d.ts","names":[],"sources":["../../../src/integrations/secrets/manager.ts"],"sourcesContent":[],"mappings":";;;UAeU,eAAA;;AARU;AAepB;EAmBa,QAAA,CAAA,EAAA,MAAA;;AAaQ,UAhCJ,4BAAA,CAgCI;EAAyB;;;EAuBhC,EAAA,CAAA,EAAA,MAAA;EACD;;;;EAgCA,SAAA,CAAA,EA/EC,KA+ED,CAAA;IAAR,QAAA,EA/E2B,cA+E3B;IAOU,QAAA,CAAA,EAAA,MAAA;EACF,CAAA,CAAA;;;;;;;AA0EZ;;cAvJY,qBAAA,YAAiC;;;;wBAKvB;qBAQF,0BAAyB;uBAevB;uBAOR,2BACD,qBACT,QAAQ;uBA8BE,0BACF,qBACR,QAAQ;0BAOE,0BACF,qBACR,QAAQ;0BAMmB,kBAAkB;;;;KAgF7C,kBAAA,GAAqB,WAAW"}
+{"version":3,"file":"manager.d.ts","names":[],"sources":["../../../src/integrations/secrets/manager.ts"],"sourcesContent":[],"mappings":";;;UAeU,eAAA;;AARU;AAepB;EAmBa,QAAA,CAAA,EAAA,MAAA;;AAaQ,UAhCJ,4BAAA,CAgCI;EAAyB;;;EAuBhC,EAAA,CAAA,EAAA,MAAA;EACD;;;;EA2BA,SAAA,CAAA,EAAA;IAAR,QAAA,EA1EqB,cA0ErB;IAOU,QAAA,CAAA,EAAA,MAAA;EACF,CAAA,EAAA;;;;;;;AA0EZ;;cAlJY,qBAAA,YAAiC;;;;wBAKvB;qBAQF,0BAAyB;uBAevB;uBAOR,2BACD,qBACT,QAAQ;uBAyBE,0BACF,qBACR,QAAQ;0BAOE,0BACF,qBACR,QAAQ;0BAMmB,kBAAkB;;;;KAgF7C,kBAAA,GAAqB,WAAW"}

package/dist/integrations/secrets/manager.js.map

@@ -1 +1 @@
-{"version":3,"file":"manager.js","names":["errors: SecretProviderError[]"],"sources":["../../../src/integrations/secrets/manager.ts"],"sourcesContent":["import { SecretProviderError } from './provider';\nimport type {\n  SecretProvider,\n  SecretReference,\n  SecretRotationResult,\n  SecretValue,\n  SecretWritePayload,\n} from './provider';\n\ninterface ProviderRegistration {\n  readonly provider: SecretProvider;\n  readonly priority: number;\n  readonly order: number;\n}\n\ninterface RegisterOptions {\n  /**\n   * Larger priority values are attempted first. Defaults to 0.\n   */\n  priority?: number;\n}\n\nexport interface SecretProviderManagerOptions {\n  /**\n   * Override manager identifier. Defaults to \"secret-provider-manager\".\n   */\n  id?: string;\n  /**\n   * Providers to pre-register. They are registered in array order with\n   * descending priority (first entry wins ties).\n   */\n  providers?: Array<{ provider: SecretProvider; priority?: number }>;\n}\n\n/**\n * Composite secret provider that delegates to registered providers.\n * Providers are attempted in order of descending priority, respecting the\n * registration order for ties. This enables privileged overrides (e.g.\n * environment variables) while still supporting durable backends like GCP\n * Secret Manager.\n */\nexport class SecretProviderManager implements SecretProvider {\n  readonly id: string;\n  private readonly providers: ProviderRegistration[] = [];\n  private registrationCounter = 0;\n\n  constructor(options: SecretProviderManagerOptions = {}) {\n    this.id = options.id ?? 'secret-provider-manager';\n    const initialProviders = options.providers ?? [];\n    for (const entry of initialProviders) {\n      this.register(entry.provider, { priority: entry.priority });\n    }\n  }\n\n  register(provider: SecretProvider, options: RegisterOptions = {}): this {\n    this.providers.push({\n      provider,\n      priority: options.priority ?? 0,\n      order: this.registrationCounter++,\n    });\n    this.providers.sort((a, b) => {\n      if (a.priority !== b.priority) {\n        return b.priority - a.priority;\n      }\n      return a.order - b.order;\n    });\n    return this;\n  }\n\n  canHandle(reference: SecretReference): boolean {\n    return this.providers.some(({ provider }) =>\n      safeCanHandle(provider, reference)\n    );\n  }\n\n  async getSecret(\n    reference: SecretReference,\n    options?: SecretFetchOptions\n  ): Promise<SecretValue> {\n    const errors: SecretProviderError[] = [];\n\n    for (const { provider } of this.providers) {\n      if (!safeCanHandle(provider, reference)) {\n        continue;\n      }\n      try {\n        return await provider.getSecret(reference, options);\n      } catch (error) {\n        if (error instanceof SecretProviderError) {\n          errors.push(error);\n          if (error.code !== 'NOT_FOUND') {\n            break;\n          }\n          continue;\n        }\n        throw error;\n      }\n    }\n\n    throw this.composeError(\n      'getSecret',\n      reference,\n      errors,\n      options?.version\n    );\n  }\n\n  async setSecret(\n    reference: SecretReference,\n    payload: SecretWritePayload\n  ): Promise<SecretRotationResult> {\n    return this.delegateToFirst('setSecret', reference, (provider) =>\n      provider.setSecret(reference, payload)\n    );\n  }\n\n  async rotateSecret(\n    reference: SecretReference,\n    payload: SecretWritePayload\n  ): Promise<SecretRotationResult> {\n    return this.delegateToFirst('rotateSecret', reference, (provider) =>\n      provider.rotateSecret(reference, payload)\n    );\n  }\n\n  async deleteSecret(reference: SecretReference): Promise<void> {\n    await this.delegateToFirst('deleteSecret', reference, (provider) =>\n      provider.deleteSecret(reference)\n    );\n  }\n\n  private async delegateToFirst<T>(\n    operation: 'setSecret' | 'rotateSecret' | 'deleteSecret',\n    reference: SecretReference,\n    invoker: (provider: SecretProvider) => Promise<T>\n  ): Promise<T> {\n    const errors: SecretProviderError[] = [];\n\n    for (const { provider } of this.providers) {\n      if (!safeCanHandle(provider, reference)) {\n        continue;\n      }\n      try {\n        return await invoker(provider);\n      } catch (error) {\n        if (error instanceof SecretProviderError) {\n          errors.push(error);\n          continue;\n        }\n        throw error;\n      }\n    }\n\n    throw this.composeError(operation, reference, errors);\n  }\n\n  private composeError(\n    operation: string,\n    reference: SecretReference,\n    errors: SecretProviderError[],\n    version?: string\n  ): SecretProviderError {\n    if (errors.length === 1) {\n      const [singleError] = errors;\n      if (singleError) {\n        return singleError;\n      }\n    }\n\n    const messageParts = [\n      `No registered secret provider could ${operation}`,\n      `reference \"${reference}\"`,\n    ];\n    if (version) {\n      messageParts.push(`(version: ${version})`);\n    }\n    if (errors.length > 1) {\n      messageParts.push(\n        `Attempts: ${errors\n          .map((error) => `${error.provider}:${error.code}`)\n          .join(', ')}`\n      );\n    }\n\n    return new SecretProviderError({\n      message: messageParts.join(' '),\n      provider: this.id,\n      reference,\n      code: errors.length > 0 ? errors[errors.length - 1]!.code : 'UNKNOWN',\n      cause: errors,\n    });\n  }\n}\n\nfunction safeCanHandle(\n  provider: SecretProvider,\n  reference: SecretReference\n): boolean {\n  try {\n    return provider.canHandle(reference);\n  } catch {\n    return false;\n  }\n}\n\ntype SecretFetchOptions = Parameters<SecretProvider['getSecret']>[1];\n\n\n"],"mappings":"oDAyCA,IAAa,EAAb,KAA6D,CAC3D,GACA,UAAqD,EAAE,CACvD,oBAA8B,EAE9B,YAAY,EAAwC,EAAE,CAAE,CACtD,KAAK,GAAK,EAAQ,IAAM,0BACxB,IAAM,EAAmB,EAAQ,WAAa,EAAE,CAChD,IAAK,IAAM,KAAS,EAClB,KAAK,SAAS,EAAM,SAAU,CAAE,SAAU,EAAM,SAAU,CAAC,CAI/D,SAAS,EAA0B,EAA2B,EAAE,CAAQ,CAYtE,OAXA,KAAK,UAAU,KAAK,CAClB,WACA,SAAU,EAAQ,UAAY,EAC9B,MAAO,KAAK,sBACb,CAAC,CACF,KAAK,UAAU,MAAM,EAAG,IAClB,EAAE,WAAa,EAAE,SAGd,EAAE,MAAQ,EAAE,MAFV,EAAE,SAAW,EAAE,SAGxB,CACK,KAGT,UAAU,EAAqC,CAC7C,OAAO,KAAK,UAAU,MAAM,CAAE,cAC5B,EAAc,EAAU,EAAU,CACnC,CAGH,MAAM,UACJ,EACA,EACsB,CACtB,IAAMA,EAAgC,EAAE,CAExC,IAAK,GAAM,CAAE,cAAc,KAAK,UACzB,KAAc,EAAU,EAAU,CAGvC,GAAI,CACF,OAAO,MAAM,EAAS,UAAU,EAAW,EAAQ,OAC5C,EAAO,CACd,GAAI,aAAiB,EAAqB,CAExC,GADA,EAAO,KAAK,EAAM,CACd,EAAM,OAAS,YACjB,MAEF,SAEF,MAAM,EAIV,MAAM,KAAK,aACT,YACA,EACA,EACA,GAAS,QACV,CAGH,MAAM,UACJ,EACA,EAC+B,CAC/B,OAAO,KAAK,gBAAgB,YAAa,EAAY,GACnD,EAAS,UAAU,EAAW,EAAQ,CACvC,CAGH,MAAM,aACJ,EACA,EAC+B,CAC/B,OAAO,KAAK,gBAAgB,eAAgB,EAAY,GACtD,EAAS,aAAa,EAAW,EAAQ,CAC1C,CAGH,MAAM,aAAa,EAA2C,CAC5D,MAAM,KAAK,gBAAgB,eAAgB,EAAY,GACrD,EAAS,aAAa,EAAU,CACjC,CAGH,MAAc,gBACZ,EACA,EACA,EACY,CACZ,IAAMA,EAAgC,EAAE,CAExC,IAAK,GAAM,CAAE,cAAc,KAAK,UACzB,KAAc,EAAU,EAAU,CAGvC,GAAI,CACF,OAAO,MAAM,EAAQ,EAAS,OACvB,EAAO,CACd,GAAI,aAAiB,EAAqB,CACxC,EAAO,KAAK,EAAM,CAClB,SAEF,MAAM,EAIV,MAAM,KAAK,aAAa,EAAW,EAAW,EAAO,CAGvD,aACE,EACA,EACA,EACA,EACqB,CACrB,GAAI,EAAO,SAAW,EAAG,CACvB,GAAM,CAAC,GAAe,EACtB,GAAI,EACF,OAAO,EAIX,IAAM,EAAe,CACnB,uCAAuC,IACvC,cAAc,EAAU,GACzB,CAYD,OAXI,GACF,EAAa,KAAK,aAAa,EAAQ,GAAG,CAExC,EAAO,OAAS,GAClB,EAAa,KACX,aAAa,EACV,IAAK,GAAU,GAAG,EAAM,SAAS,GAAG,EAAM,OAAO,CACjD,KAAK,KAAK,GACd,CAGI,IAAI,EAAoB,CAC7B,QAAS,EAAa,KAAK,IAAI,CAC/B,SAAU,KAAK,GACf,YACA,KAAM,EAAO,OAAS,EAAI,EAAO,EAAO,OAAS,GAAI,KAAO,UAC5D,MAAO,EACR,CAAC,GAIN,SAAS,EACP,EACA,EACS,CACT,GAAI,CACF,OAAO,EAAS,UAAU,EAAU,MAC9B,CACN,MAAO"}
+{"version":3,"file":"manager.js","names":["errors: SecretProviderError[]"],"sources":["../../../src/integrations/secrets/manager.ts"],"sourcesContent":["import { SecretProviderError } from './provider';\nimport type {\n  SecretProvider,\n  SecretReference,\n  SecretRotationResult,\n  SecretValue,\n  SecretWritePayload,\n} from './provider';\n\ninterface ProviderRegistration {\n  readonly provider: SecretProvider;\n  readonly priority: number;\n  readonly order: number;\n}\n\ninterface RegisterOptions {\n  /**\n   * Larger priority values are attempted first. Defaults to 0.\n   */\n  priority?: number;\n}\n\nexport interface SecretProviderManagerOptions {\n  /**\n   * Override manager identifier. Defaults to \"secret-provider-manager\".\n   */\n  id?: string;\n  /**\n   * Providers to pre-register. They are registered in array order with\n   * descending priority (first entry wins ties).\n   */\n  providers?: { provider: SecretProvider; priority?: number }[];\n}\n\n/**\n * Composite secret provider that delegates to registered providers.\n * Providers are attempted in order of descending priority, respecting the\n * registration order for ties. This enables privileged overrides (e.g.\n * environment variables) while still supporting durable backends like GCP\n * Secret Manager.\n */\nexport class SecretProviderManager implements SecretProvider {\n  readonly id: string;\n  private readonly providers: ProviderRegistration[] = [];\n  private registrationCounter = 0;\n\n  constructor(options: SecretProviderManagerOptions = {}) {\n    this.id = options.id ?? 'secret-provider-manager';\n    const initialProviders = options.providers ?? [];\n    for (const entry of initialProviders) {\n      this.register(entry.provider, { priority: entry.priority });\n    }\n  }\n\n  register(provider: SecretProvider, options: RegisterOptions = {}): this {\n    this.providers.push({\n      provider,\n      priority: options.priority ?? 0,\n      order: this.registrationCounter++,\n    });\n    this.providers.sort((a, b) => {\n      if (a.priority !== b.priority) {\n        return b.priority - a.priority;\n      }\n      return a.order - b.order;\n    });\n    return this;\n  }\n\n  canHandle(reference: SecretReference): boolean {\n    return this.providers.some(({ provider }) =>\n      safeCanHandle(provider, reference)\n    );\n  }\n\n  async getSecret(\n    reference: SecretReference,\n    options?: SecretFetchOptions\n  ): Promise<SecretValue> {\n    const errors: SecretProviderError[] = [];\n\n    for (const { provider } of this.providers) {\n      if (!safeCanHandle(provider, reference)) {\n        continue;\n      }\n      try {\n        return await provider.getSecret(reference, options);\n      } catch (error) {\n        if (error instanceof SecretProviderError) {\n          errors.push(error);\n          if (error.code !== 'NOT_FOUND') {\n            break;\n          }\n          continue;\n        }\n        throw error;\n      }\n    }\n\n    throw this.composeError('getSecret', reference, errors, options?.version);\n  }\n\n  async setSecret(\n    reference: SecretReference,\n    payload: SecretWritePayload\n  ): Promise<SecretRotationResult> {\n    return this.delegateToFirst('setSecret', reference, (provider) =>\n      provider.setSecret(reference, payload)\n    );\n  }\n\n  async rotateSecret(\n    reference: SecretReference,\n    payload: SecretWritePayload\n  ): Promise<SecretRotationResult> {\n    return this.delegateToFirst('rotateSecret', reference, (provider) =>\n      provider.rotateSecret(reference, payload)\n    );\n  }\n\n  async deleteSecret(reference: SecretReference): Promise<void> {\n    await this.delegateToFirst('deleteSecret', reference, (provider) =>\n      provider.deleteSecret(reference)\n    );\n  }\n\n  private async delegateToFirst<T>(\n    operation: 'setSecret' | 'rotateSecret' | 'deleteSecret',\n    reference: SecretReference,\n    invoker: (provider: SecretProvider) => Promise<T>\n  ): Promise<T> {\n    const errors: SecretProviderError[] = [];\n\n    for (const { provider } of this.providers) {\n      if (!safeCanHandle(provider, reference)) {\n        continue;\n      }\n      try {\n        return await invoker(provider);\n      } catch (error) {\n        if (error instanceof SecretProviderError) {\n          errors.push(error);\n          continue;\n        }\n        throw error;\n      }\n    }\n\n    throw this.composeError(operation, reference, errors);\n  }\n\n  private composeError(\n    operation: string,\n    reference: SecretReference,\n    errors: SecretProviderError[],\n    version?: string\n  ): SecretProviderError {\n    if (errors.length === 1) {\n      const [singleError] = errors;\n      if (singleError) {\n        return singleError;\n      }\n    }\n\n    const messageParts = [\n      `No registered secret provider could ${operation}`,\n      `reference \"${reference}\"`,\n    ];\n    if (version) {\n      messageParts.push(`(version: ${version})`);\n    }\n    if (errors.length > 1) {\n      messageParts.push(\n        `Attempts: ${errors\n          .map((error) => `${error.provider}:${error.code}`)\n          .join(', ')}`\n      );\n    }\n\n    return new SecretProviderError({\n      message: messageParts.join(' '),\n      provider: this.id,\n      reference,\n      code: errors.length > 0 ? errors[errors.length - 1]!.code : 'UNKNOWN',\n      cause: errors,\n    });\n  }\n}\n\nfunction safeCanHandle(\n  provider: SecretProvider,\n  reference: SecretReference\n): boolean {\n  try {\n    return provider.canHandle(reference);\n  } catch {\n    return false;\n  }\n}\n\ntype SecretFetchOptions = Parameters<SecretProvider['getSecret']>[1];\n"],"mappings":"oDAyCA,IAAa,EAAb,KAA6D,CAC3D,GACA,UAAqD,EAAE,CACvD,oBAA8B,EAE9B,YAAY,EAAwC,EAAE,CAAE,CACtD,KAAK,GAAK,EAAQ,IAAM,0BACxB,IAAM,EAAmB,EAAQ,WAAa,EAAE,CAChD,IAAK,IAAM,KAAS,EAClB,KAAK,SAAS,EAAM,SAAU,CAAE,SAAU,EAAM,SAAU,CAAC,CAI/D,SAAS,EAA0B,EAA2B,EAAE,CAAQ,CAYtE,OAXA,KAAK,UAAU,KAAK,CAClB,WACA,SAAU,EAAQ,UAAY,EAC9B,MAAO,KAAK,sBACb,CAAC,CACF,KAAK,UAAU,MAAM,EAAG,IAClB,EAAE,WAAa,EAAE,SAGd,EAAE,MAAQ,EAAE,MAFV,EAAE,SAAW,EAAE,SAGxB,CACK,KAGT,UAAU,EAAqC,CAC7C,OAAO,KAAK,UAAU,MAAM,CAAE,cAC5B,EAAc,EAAU,EAAU,CACnC,CAGH,MAAM,UACJ,EACA,EACsB,CACtB,IAAMA,EAAgC,EAAE,CAExC,IAAK,GAAM,CAAE,cAAc,KAAK,UACzB,KAAc,EAAU,EAAU,CAGvC,GAAI,CACF,OAAO,MAAM,EAAS,UAAU,EAAW,EAAQ,OAC5C,EAAO,CACd,GAAI,aAAiB,EAAqB,CAExC,GADA,EAAO,KAAK,EAAM,CACd,EAAM,OAAS,YACjB,MAEF,SAEF,MAAM,EAIV,MAAM,KAAK,aAAa,YAAa,EAAW,EAAQ,GAAS,QAAQ,CAG3E,MAAM,UACJ,EACA,EAC+B,CAC/B,OAAO,KAAK,gBAAgB,YAAa,EAAY,GACnD,EAAS,UAAU,EAAW,EAAQ,CACvC,CAGH,MAAM,aACJ,EACA,EAC+B,CAC/B,OAAO,KAAK,gBAAgB,eAAgB,EAAY,GACtD,EAAS,aAAa,EAAW,EAAQ,CAC1C,CAGH,MAAM,aAAa,EAA2C,CAC5D,MAAM,KAAK,gBAAgB,eAAgB,EAAY,GACrD,EAAS,aAAa,EAAU,CACjC,CAGH,MAAc,gBACZ,EACA,EACA,EACY,CACZ,IAAMA,EAAgC,EAAE,CAExC,IAAK,GAAM,CAAE,cAAc,KAAK,UACzB,KAAc,EAAU,EAAU,CAGvC,GAAI,CACF,OAAO,MAAM,EAAQ,EAAS,OACvB,EAAO,CACd,GAAI,aAAiB,EAAqB,CACxC,EAAO,KAAK,EAAM,CAClB,SAEF,MAAM,EAIV,MAAM,KAAK,aAAa,EAAW,EAAW,EAAO,CAGvD,aACE,EACA,EACA,EACA,EACqB,CACrB,GAAI,EAAO,SAAW,EAAG,CACvB,GAAM,CAAC,GAAe,EACtB,GAAI,EACF,OAAO,EAIX,IAAM,EAAe,CACnB,uCAAuC,IACvC,cAAc,EAAU,GACzB,CAYD,OAXI,GACF,EAAa,KAAK,aAAa,EAAQ,GAAG,CAExC,EAAO,OAAS,GAClB,EAAa,KACX,aAAa,EACV,IAAK,GAAU,GAAG,EAAM,SAAS,GAAG,EAAM,OAAO,CACjD,KAAK,KAAK,GACd,CAGI,IAAI,EAAoB,CAC7B,QAAS,EAAa,KAAK,IAAI,CAC/B,SAAU,KAAK,GACf,YACA,KAAM,EAAO,OAAS,EAAI,EAAO,EAAO,OAAS,GAAI,KAAO,UAC5D,MAAO,EACR,CAAC,GAIN,SAAS,EACP,EACA,EACS,CACT,GAAI,CACF,OAAO,EAAS,UAAU,EAAU,MAC9B,CACN,MAAO"}

package/dist/integrations/secrets/provider.js.map

@@ -1 +1 @@
-{"version":3,"file":"provider.js","names":[],"sources":["../../../src/integrations/secrets/provider.ts"],"sourcesContent":["import { Buffer } from 'node:buffer';\n\nexport type SecretReference = string;\n\nexport interface SecretValue {\n  data: Uint8Array;\n  version?: string;\n  metadata?: Record<string, string>;\n  retrievedAt: Date;\n}\n\nexport interface SecretFetchOptions {\n  version?: string;\n}\n\nexport type SecretPayloadEncoding = 'utf-8' | 'base64' | 'binary';\n\nexport interface SecretWritePayload {\n  data: string | Uint8Array;\n  encoding?: SecretPayloadEncoding;\n  contentType?: string;\n  labels?: Record<string, string>;\n}\n\nexport interface SecretRotationResult {\n  reference: SecretReference;\n  version: string;\n}\n\nexport interface SecretProvider {\n  readonly id: string;\n  canHandle(reference: SecretReference): boolean;\n  getSecret(\n    reference: SecretReference,\n    options?: SecretFetchOptions\n  ): Promise<SecretValue>;\n  setSecret(\n    reference: SecretReference,\n    payload: SecretWritePayload\n  ): Promise<SecretRotationResult>;\n  rotateSecret(\n    reference: SecretReference,\n    payload: SecretWritePayload\n  ): Promise<SecretRotationResult>;\n  deleteSecret(reference: SecretReference): Promise<void>;\n}\n\nexport interface ParsedSecretUri {\n  provider: string;\n  path: string;\n  extras?: Record<string, string>;\n}\n\nexport class SecretProviderError extends Error {\n  readonly provider: string;\n  readonly reference: SecretReference;\n  readonly code: 'NOT_FOUND' | 'FORBIDDEN' | 'INVALID' | 'UNKNOWN';\n  readonly cause?: unknown;\n\n  constructor(params: {\n    message: string;\n    provider: string;\n    reference: SecretReference;\n    code?: SecretProviderError['code'];\n    cause?: unknown;\n  }) {\n    super(params.message);\n    this.name = 'SecretProviderError';\n    this.provider = params.provider;\n    this.reference = params.reference;\n    this.code = params.code ?? 'UNKNOWN';\n    this.cause = params.cause;\n  }\n}\n\nexport function parseSecretUri(reference: SecretReference): ParsedSecretUri {\n  if (!reference) {\n    throw new SecretProviderError({\n      message: 'Secret reference cannot be empty',\n      provider: 'unknown',\n      reference,\n      code: 'INVALID',\n    });\n  }\n\n  const [scheme, rest] = reference.split('://');\n  if (!scheme || !rest) {\n    throw new SecretProviderError({\n      message: `Invalid secret reference: ${reference}`,\n      provider: 'unknown',\n      reference,\n      code: 'INVALID',\n    });\n  }\n\n  const queryIndex = rest.indexOf('?');\n  if (queryIndex === -1) {\n    return {\n      provider: scheme,\n      path: rest,\n    };\n  }\n\n  const path = rest.slice(0, queryIndex);\n  const query = rest.slice(queryIndex + 1);\n  const extras = Object.fromEntries(\n    query\n      .split('&')\n      .filter(Boolean)\n      .map((pair) => {\n        const [keyRaw, valueRaw] = pair.split('=');\n        const key = keyRaw ?? '';\n        const value = valueRaw ?? '';\n        return [decodeURIComponent(key), decodeURIComponent(value)];\n      })\n  );\n\n  return {\n    provider: scheme,\n    path,\n    extras,\n  };\n}\n\nexport function normalizeSecretPayload(\n  payload: SecretWritePayload\n): Uint8Array {\n  if (payload.data instanceof Uint8Array) {\n    return payload.data;\n  }\n\n  if (payload.encoding === 'base64') {\n    return Buffer.from(payload.data, 'base64');\n  }\n\n  if (payload.encoding === 'binary') {\n    return Buffer.from(payload.data, 'binary');\n  }\n\n  return Buffer.from(payload.data, 'utf-8');\n}\n\n\n"],"mappings":"qCAqDA,IAAa,EAAb,cAAyC,KAAM,CAC7C,SACA,UACA,KACA,MAEA,YAAY,EAMT,CACD,MAAM,EAAO,QAAQ,CACrB,KAAK,KAAO,sBACZ,KAAK,SAAW,EAAO,SACvB,KAAK,UAAY,EAAO,UACxB,KAAK,KAAO,EAAO,MAAQ,UAC3B,KAAK,MAAQ,EAAO,QAIxB,SAAgB,EAAe,EAA6C,CAC1E,GAAI,CAAC,EACH,MAAM,IAAI,EAAoB,CAC5B,QAAS,mCACT,SAAU,UACV,YACA,KAAM,UACP,CAAC,CAGJ,GAAM,CAAC,EAAQ,GAAQ,EAAU,MAAM,MAAM,CAC7C,GAAI,CAAC,GAAU,CAAC,EACd,MAAM,IAAI,EAAoB,CAC5B,QAAS,6BAA6B,IACtC,SAAU,UACV,YACA,KAAM,UACP,CAAC,CAGJ,IAAM,EAAa,EAAK,QAAQ,IAAI,CACpC,GAAI,IAAe,GACjB,MAAO,CACL,SAAU,EACV,KAAM,EACP,CAGH,IAAM,EAAO,EAAK,MAAM,EAAG,EAAW,CAChC,EAAQ,EAAK,MAAM,EAAa,EAAE,CAaxC,MAAO,CACL,SAAU,EACV,OACA,OAfa,OAAO,YACpB,EACG,MAAM,IAAI,CACV,OAAO,QAAQ,CACf,IAAK,GAAS,CACb,GAAM,CAAC,EAAQ,GAAY,EAAK,MAAM,IAAI,CACpC,EAAM,GAAU,GAChB,EAAQ,GAAY,GAC1B,MAAO,CAAC,mBAAmB,EAAI,CAAE,mBAAmB,EAAM,CAAC,EAC3D,CACL,CAMA,CAGH,SAAgB,EACd,EACY,CAaZ,OAZI,EAAQ,gBAAgB,WACnB,EAAQ,KAGb,EAAQ,WAAa,SAChB,EAAO,KAAK,EAAQ,KAAM,SAAS,CAGxC,EAAQ,WAAa,SAChB,EAAO,KAAK,EAAQ,KAAM,SAAS,CAGrC,EAAO,KAAK,EAAQ,KAAM,QAAQ"}
+{"version":3,"file":"provider.js","names":[],"sources":["../../../src/integrations/secrets/provider.ts"],"sourcesContent":["import { Buffer } from 'node:buffer';\n\nexport type SecretReference = string;\n\nexport interface SecretValue {\n  data: Uint8Array;\n  version?: string;\n  metadata?: Record<string, string>;\n  retrievedAt: Date;\n}\n\nexport interface SecretFetchOptions {\n  version?: string;\n}\n\nexport type SecretPayloadEncoding = 'utf-8' | 'base64' | 'binary';\n\nexport interface SecretWritePayload {\n  data: string | Uint8Array;\n  encoding?: SecretPayloadEncoding;\n  contentType?: string;\n  labels?: Record<string, string>;\n}\n\nexport interface SecretRotationResult {\n  reference: SecretReference;\n  version: string;\n}\n\nexport interface SecretProvider {\n  readonly id: string;\n  canHandle(reference: SecretReference): boolean;\n  getSecret(\n    reference: SecretReference,\n    options?: SecretFetchOptions\n  ): Promise<SecretValue>;\n  setSecret(\n    reference: SecretReference,\n    payload: SecretWritePayload\n  ): Promise<SecretRotationResult>;\n  rotateSecret(\n    reference: SecretReference,\n    payload: SecretWritePayload\n  ): Promise<SecretRotationResult>;\n  deleteSecret(reference: SecretReference): Promise<void>;\n}\n\nexport interface ParsedSecretUri {\n  provider: string;\n  path: string;\n  extras?: Record<string, string>;\n}\n\nexport class SecretProviderError extends Error {\n  readonly provider: string;\n  readonly reference: SecretReference;\n  readonly code: 'NOT_FOUND' | 'FORBIDDEN' | 'INVALID' | 'UNKNOWN';\n  readonly cause?: unknown;\n\n  constructor(params: {\n    message: string;\n    provider: string;\n    reference: SecretReference;\n    code?: SecretProviderError['code'];\n    cause?: unknown;\n  }) {\n    super(params.message);\n    this.name = 'SecretProviderError';\n    this.provider = params.provider;\n    this.reference = params.reference;\n    this.code = params.code ?? 'UNKNOWN';\n    this.cause = params.cause;\n  }\n}\n\nexport function parseSecretUri(reference: SecretReference): ParsedSecretUri {\n  if (!reference) {\n    throw new SecretProviderError({\n      message: 'Secret reference cannot be empty',\n      provider: 'unknown',\n      reference,\n      code: 'INVALID',\n    });\n  }\n\n  const [scheme, rest] = reference.split('://');\n  if (!scheme || !rest) {\n    throw new SecretProviderError({\n      message: `Invalid secret reference: ${reference}`,\n      provider: 'unknown',\n      reference,\n      code: 'INVALID',\n    });\n  }\n\n  const queryIndex = rest.indexOf('?');\n  if (queryIndex === -1) {\n    return {\n      provider: scheme,\n      path: rest,\n    };\n  }\n\n  const path = rest.slice(0, queryIndex);\n  const query = rest.slice(queryIndex + 1);\n  const extras = Object.fromEntries(\n    query\n      .split('&')\n      .filter(Boolean)\n      .map((pair) => {\n        const [keyRaw, valueRaw] = pair.split('=');\n        const key = keyRaw ?? '';\n        const value = valueRaw ?? '';\n        return [decodeURIComponent(key), decodeURIComponent(value)];\n      })\n  );\n\n  return {\n    provider: scheme,\n    path,\n    extras,\n  };\n}\n\nexport function normalizeSecretPayload(\n  payload: SecretWritePayload\n): Uint8Array {\n  if (payload.data instanceof Uint8Array) {\n    return payload.data;\n  }\n\n  if (payload.encoding === 'base64') {\n    return Buffer.from(payload.data, 'base64');\n  }\n\n  if (payload.encoding === 'binary') {\n    return Buffer.from(payload.data, 'binary');\n  }\n\n  return Buffer.from(payload.data, 'utf-8');\n}\n"],"mappings":"qCAqDA,IAAa,EAAb,cAAyC,KAAM,CAC7C,SACA,UACA,KACA,MAEA,YAAY,EAMT,CACD,MAAM,EAAO,QAAQ,CACrB,KAAK,KAAO,sBACZ,KAAK,SAAW,EAAO,SACvB,KAAK,UAAY,EAAO,UACxB,KAAK,KAAO,EAAO,MAAQ,UAC3B,KAAK,MAAQ,EAAO,QAIxB,SAAgB,EAAe,EAA6C,CAC1E,GAAI,CAAC,EACH,MAAM,IAAI,EAAoB,CAC5B,QAAS,mCACT,SAAU,UACV,YACA,KAAM,UACP,CAAC,CAGJ,GAAM,CAAC,EAAQ,GAAQ,EAAU,MAAM,MAAM,CAC7C,GAAI,CAAC,GAAU,CAAC,EACd,MAAM,IAAI,EAAoB,CAC5B,QAAS,6BAA6B,IACtC,SAAU,UACV,YACA,KAAM,UACP,CAAC,CAGJ,IAAM,EAAa,EAAK,QAAQ,IAAI,CACpC,GAAI,IAAe,GACjB,MAAO,CACL,SAAU,EACV,KAAM,EACP,CAGH,IAAM,EAAO,EAAK,MAAM,EAAG,EAAW,CAChC,EAAQ,EAAK,MAAM,EAAa,EAAE,CAaxC,MAAO,CACL,SAAU,EACV,OACA,OAfa,OAAO,YACpB,EACG,MAAM,IAAI,CACV,OAAO,QAAQ,CACf,IAAK,GAAS,CACb,GAAM,CAAC,EAAQ,GAAY,EAAK,MAAM,IAAI,CACpC,EAAM,GAAU,GAChB,EAAQ,GAAY,GAC1B,MAAO,CAAC,mBAAmB,EAAI,CAAE,mBAAmB,EAAM,CAAC,EAC3D,CACL,CAMA,CAGH,SAAgB,EACd,EACY,CAaZ,OAZI,EAAQ,gBAAgB,WACnB,EAAQ,KAGb,EAAQ,WAAa,SAChB,EAAO,KAAK,EAAQ,KAAM,SAAS,CAGxC,EAAQ,WAAa,SAChB,EAAO,KAAK,EAAQ,KAAM,SAAS,CAGrC,EAAO,KAAK,EAAQ,KAAM,QAAQ"}

package/dist/integrations/spec.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"spec.d.ts","names":[],"sources":["../../src/integrations/spec.ts"],"sourcesContent":[],"mappings":";;;;KAMY,mBAAA;KAgBA,wBAAA;AAhBA,UAkBK,eAAA,SAAwB,aAlBV,CAAA;EAgBnB;EAEK,GAAA,EAAA,MAAA;EASA;EAOA,OAAA,EAAA,MAAA;EAOA,QAAA,EAlBL,mBAkB4B;EAOvB,WAAA,EAAA,MAAA;AAOjB;AAOiB,UAnCA,4BAAA,CAmCe;EACxB;EAEU,QAAA,EApCN,aAoCM,EAAA;EAEF;EAEA,QAAA,CAAA,EAtCH,qBAsCG,EAAA;;AAIA,UAvCC,uBAAA,CAuCD;EAMH;EAGC,MAAA,EAAA,OAAA;EAAoB;EAMrB,OAAA,CAAA,EAlDD,MAkDC,CAAA,MAAA,EAAA,OAAuB,CAAA;;AAY1B,UA3DO,uBAAA,CA2DP;EAI4B;EAgBZ,MAAA,EAAA,OAAA;EAAsB;EAAe,OAAA,CAAA,EA3EnD,MA2EmD,CAAA,MAAA,EAAA,MAAA,CAAA;AAK/D;UA7EiB,oBAAA;;;;;;UAOA,sBAAA;;;;;;UAOA,eAAA;QACT;;kBAEU;;gBAEF;;gBAEA;;gBAEA;;gBAEA;;;;;;;;;aAMH;;;cAGC;;cAMD,uBAAA;;iBAGI;UASP;sCAI4B;0BAgBZ,sBAAsB;;iBAKhC,sBAAA,OAA6B"}
+{"version":3,"file":"spec.d.ts","names":[],"sources":["../../src/integrations/spec.ts"],"sourcesContent":[],"mappings":";;;;KAGY,mBAAA;KAgBA,wBAAA;AAhBA,UAkBK,eAAA,SAAwB,aAlBV,CAAA;EAgBnB;EAEK,GAAA,EAAA,MAAA;EASA;EAOA,OAAA,EAAA,MAAA;EAOA,QAAA,EAlBL,mBAkB4B;EAOvB,WAAA,EAAA,MAAA;AAOjB;AAOiB,UAnCA,4BAAA,CAmCe;EACxB;EAEU,QAAA,EApCN,aAoCM,EAAA;EAEF;EAEA,QAAA,CAAA,EAtCH,qBAsCG,EAAA;;AAIA,UAvCC,uBAAA,CAuCD;EAMH;EAGC,MAAA,EAAA,OAAA;EAAoB;EAMrB,OAAA,CAAA,EAlDD,MAkDC,CAAA,MAAA,EAAA,OAAuB,CAAA;;AAY1B,UA3DO,uBAAA,CA2DP;EAI4B;EAgBZ,MAAA,EAAA,OAAA;EAAsB;EAAe,OAAA,CAAA,EA3EnD,MA2EmD,CAAA,MAAA,EAAA,MAAA,CAAA;AAK/D;UA7EiB,oBAAA;;;;;;UAOA,sBAAA;;;;;;UAOA,eAAA;QACT;;kBAEU;;gBAEF;;gBAEA;;gBAEA;;gBAEA;;;;;;;;;aAMH;;;cAGC;;cAMD,uBAAA;;iBAGI;UASP;sCAI4B;0BAgBZ,sBAAsB;;iBAKhC,sBAAA,OAA6B"}

package/dist/integrations/spec.js.map

@@ -1 +1 @@
-{"version":3,"file":"spec.js","names":["latest: IntegrationSpec | undefined"],"sources":["../../src/integrations/spec.ts"],"sourcesContent":["import type { OwnerShipMeta } from '../ownership';\nimport type {\n  CapabilityRef,\n  CapabilityRequirement,\n} from '../capabilities';\n\nexport type IntegrationCategory =\n  | 'payments'\n  | 'email'\n  | 'calendar'\n  | 'sms'\n  | 'ai-llm'\n  | 'ai-voice'\n  | 'speech-to-text'\n  | 'vector-db'\n  | 'storage'\n  | 'accounting'\n  | 'crm'\n  | 'helpdesk'\n  | 'open-banking'\n  | 'custom';\n\nexport type IntegrationOwnershipMode = 'managed' | 'byok';\n\nexport interface IntegrationMeta extends OwnerShipMeta {\n  /** Stable provider slug (e.g., \"stripe\", \"openai\"). */\n  key: string;\n  /** Provider version (increment on breaking API changes). */\n  version: number;\n  category: IntegrationCategory;\n  displayName: string;\n}\n\nexport interface IntegrationCapabilityMapping {\n  /** Which CapabilitySpec this integration provides. */\n  provides: CapabilityRef[];\n  /** Optional: which capabilities it requires (e.g., storage for caching). */\n  requires?: CapabilityRequirement[];\n}\n\nexport interface IntegrationConfigSchema {\n  /** JSON Schema or SchemaModel defining required config fields. */\n  schema: unknown;\n  /** Example configuration (for docs/UI). */\n  example?: Record<string, unknown>;\n}\n\nexport interface IntegrationSecretSchema {\n  /** JSON Schema or SchemaModel describing secret fields. */\n  schema: unknown;\n  /** Redacted example for documentation/UI. */\n  example?: Record<string, string>;\n}\n\nexport interface IntegrationByokSetup {\n  /** Human-readable instructions for tenants configuring BYOK accounts. */\n  setupInstructions?: string;\n  /** Required scopes/permissions for BYOK accounts. */\n  requiredScopes?: string[];\n}\n\nexport interface IntegrationHealthCheck {\n  /** Endpoint or method to validate connection health. */\n  method?: 'ping' | 'list' | 'custom';\n  /** Timeout in ms for health check. */\n  timeoutMs?: number;\n}\n\nexport interface IntegrationSpec {\n  meta: IntegrationMeta;\n  /** Supported ownership modes for this provider. */\n  supportedModes: IntegrationOwnershipMode[];\n  /** Which capabilities this integration provides/requires. */\n  capabilities: IntegrationCapabilityMapping;\n  /** Configuration schema (API keys, endpoints, etc.). */\n  configSchema: IntegrationConfigSchema;\n  /** Secret schema (API/key material stored via secretRef). */\n  secretSchema: IntegrationSecretSchema;\n  /** Optional health check configuration. */\n  healthCheck?: IntegrationHealthCheck;\n  /** Documentation URL. */\n  docsUrl?: string;\n  /** Rate limits or usage constraints. */\n  constraints?: {\n    rateLimit?: { rpm?: number; rph?: number };\n    quotas?: Record<string, number>;\n  };\n  /** Provider-specific metadata for BYOK setup flows. */\n  byokSetup?: IntegrationByokSetup;\n}\n\nconst integrationKey = (meta: Pick<IntegrationMeta, 'key' | 'version'>) =>\n  `${meta.key}.v${meta.version}`;\n\nexport class IntegrationSpecRegistry {\n  private readonly items = new Map<string, IntegrationSpec>();\n\n  register(spec: IntegrationSpec): this {\n    const key = integrationKey(spec.meta);\n    if (this.items.has(key)) {\n      throw new Error(`Duplicate IntegrationSpec ${key}`);\n    }\n    this.items.set(key, spec);\n    return this;\n  }\n\n  list(): IntegrationSpec[] {\n    return [...this.items.values()];\n  }\n\n  get(key: string, version?: number): IntegrationSpec | undefined {\n    if (version != null) {\n      return this.items.get(integrationKey({ key, version }));\n    }\n    let latest: IntegrationSpec | undefined;\n    let maxVersion = -Infinity;\n    for (const spec of this.items.values()) {\n      if (spec.meta.key !== key) continue;\n      if (spec.meta.version > maxVersion) {\n        maxVersion = spec.meta.version;\n        latest = spec;\n      }\n    }\n    return latest;\n  }\n\n  getByCategory(category: IntegrationCategory): IntegrationSpec[] {\n    return this.list().filter((spec) => spec.meta.category === category);\n  }\n}\n\nexport function makeIntegrationSpecKey(meta: IntegrationMeta) {\n  return integrationKey(meta);\n}\n\n"],"mappings":"AA2FA,MAAM,EAAkB,GACtB,GAAG,EAAK,IAAI,IAAI,EAAK,UAEvB,IAAa,EAAb,KAAqC,CACnC,MAAyB,IAAI,IAE7B,SAAS,EAA6B,CACpC,IAAM,EAAM,EAAe,EAAK,KAAK,CACrC,GAAI,KAAK,MAAM,IAAI,EAAI,CACrB,MAAU,MAAM,6BAA6B,IAAM,CAGrD,OADA,KAAK,MAAM,IAAI,EAAK,EAAK,CAClB,KAGT,MAA0B,CACxB,MAAO,CAAC,GAAG,KAAK,MAAM,QAAQ,CAAC,CAGjC,IAAI,EAAa,EAA+C,CAC9D,GAAI,GAAW,KACb,OAAO,KAAK,MAAM,IAAI,EAAe,CAAE,MAAK,UAAS,CAAC,CAAC,CAEzD,IAAIA,EACA,EAAa,KACjB,IAAK,IAAM,KAAQ,KAAK,MAAM,QAAQ,CAChC,EAAK,KAAK,MAAQ,GAClB,EAAK,KAAK,QAAU,IACtB,EAAa,EAAK,KAAK,QACvB,EAAS,GAGb,OAAO,EAGT,cAAc,EAAkD,CAC9D,OAAO,KAAK,MAAM,CAAC,OAAQ,GAAS,EAAK,KAAK,WAAa,EAAS,GAIxE,SAAgB,EAAuB,EAAuB,CAC5D,OAAO,EAAe,EAAK"}
+{"version":3,"file":"spec.js","names":["latest: IntegrationSpec | undefined"],"sources":["../../src/integrations/spec.ts"],"sourcesContent":["import type { OwnerShipMeta } from '../ownership';\nimport type { CapabilityRef, CapabilityRequirement } from '../capabilities';\n\nexport type IntegrationCategory =\n  | 'payments'\n  | 'email'\n  | 'calendar'\n  | 'sms'\n  | 'ai-llm'\n  | 'ai-voice'\n  | 'speech-to-text'\n  | 'vector-db'\n  | 'storage'\n  | 'accounting'\n  | 'crm'\n  | 'helpdesk'\n  | 'open-banking'\n  | 'custom';\n\nexport type IntegrationOwnershipMode = 'managed' | 'byok';\n\nexport interface IntegrationMeta extends OwnerShipMeta {\n  /** Stable provider slug (e.g., \"stripe\", \"openai\"). */\n  key: string;\n  /** Provider version (increment on breaking API changes). */\n  version: number;\n  category: IntegrationCategory;\n  displayName: string;\n}\n\nexport interface IntegrationCapabilityMapping {\n  /** Which CapabilitySpec this integration provides. */\n  provides: CapabilityRef[];\n  /** Optional: which capabilities it requires (e.g., storage for caching). */\n  requires?: CapabilityRequirement[];\n}\n\nexport interface IntegrationConfigSchema {\n  /** JSON Schema or SchemaModel defining required config fields. */\n  schema: unknown;\n  /** Example configuration (for docs/UI). */\n  example?: Record<string, unknown>;\n}\n\nexport interface IntegrationSecretSchema {\n  /** JSON Schema or SchemaModel describing secret fields. */\n  schema: unknown;\n  /** Redacted example for documentation/UI. */\n  example?: Record<string, string>;\n}\n\nexport interface IntegrationByokSetup {\n  /** Human-readable instructions for tenants configuring BYOK accounts. */\n  setupInstructions?: string;\n  /** Required scopes/permissions for BYOK accounts. */\n  requiredScopes?: string[];\n}\n\nexport interface IntegrationHealthCheck {\n  /** Endpoint or method to validate connection health. */\n  method?: 'ping' | 'list' | 'custom';\n  /** Timeout in ms for health check. */\n  timeoutMs?: number;\n}\n\nexport interface IntegrationSpec {\n  meta: IntegrationMeta;\n  /** Supported ownership modes for this provider. */\n  supportedModes: IntegrationOwnershipMode[];\n  /** Which capabilities this integration provides/requires. */\n  capabilities: IntegrationCapabilityMapping;\n  /** Configuration schema (API keys, endpoints, etc.). */\n  configSchema: IntegrationConfigSchema;\n  /** Secret schema (API/key material stored via secretRef). */\n  secretSchema: IntegrationSecretSchema;\n  /** Optional health check configuration. */\n  healthCheck?: IntegrationHealthCheck;\n  /** Documentation URL. */\n  docsUrl?: string;\n  /** Rate limits or usage constraints. */\n  constraints?: {\n    rateLimit?: { rpm?: number; rph?: number };\n    quotas?: Record<string, number>;\n  };\n  /** Provider-specific metadata for BYOK setup flows. */\n  byokSetup?: IntegrationByokSetup;\n}\n\nconst integrationKey = (meta: Pick<IntegrationMeta, 'key' | 'version'>) =>\n  `${meta.key}.v${meta.version}`;\n\nexport class IntegrationSpecRegistry {\n  private readonly items = new Map<string, IntegrationSpec>();\n\n  register(spec: IntegrationSpec): this {\n    const key = integrationKey(spec.meta);\n    if (this.items.has(key)) {\n      throw new Error(`Duplicate IntegrationSpec ${key}`);\n    }\n    this.items.set(key, spec);\n    return this;\n  }\n\n  list(): IntegrationSpec[] {\n    return [...this.items.values()];\n  }\n\n  get(key: string, version?: number): IntegrationSpec | undefined {\n    if (version != null) {\n      return this.items.get(integrationKey({ key, version }));\n    }\n    let latest: IntegrationSpec | undefined;\n    let maxVersion = -Infinity;\n    for (const spec of this.items.values()) {\n      if (spec.meta.key !== key) continue;\n      if (spec.meta.version > maxVersion) {\n        maxVersion = spec.meta.version;\n        latest = spec;\n      }\n    }\n    return latest;\n  }\n\n  getByCategory(category: IntegrationCategory): IntegrationSpec[] {\n    return this.list().filter((spec) => spec.meta.category === category);\n  }\n}\n\nexport function makeIntegrationSpecKey(meta: IntegrationMeta) {\n  return integrationKey(meta);\n}\n"],"mappings":"AAwFA,MAAM,EAAkB,GACtB,GAAG,EAAK,IAAI,IAAI,EAAK,UAEvB,IAAa,EAAb,KAAqC,CACnC,MAAyB,IAAI,IAE7B,SAAS,EAA6B,CACpC,IAAM,EAAM,EAAe,EAAK,KAAK,CACrC,GAAI,KAAK,MAAM,IAAI,EAAI,CACrB,MAAU,MAAM,6BAA6B,IAAM,CAGrD,OADA,KAAK,MAAM,IAAI,EAAK,EAAK,CAClB,KAGT,MAA0B,CACxB,MAAO,CAAC,GAAG,KAAK,MAAM,QAAQ,CAAC,CAGjC,IAAI,EAAa,EAA+C,CAC9D,GAAI,GAAW,KACb,OAAO,KAAK,MAAM,IAAI,EAAe,CAAE,MAAK,UAAS,CAAC,CAAC,CAEzD,IAAIA,EACA,EAAa,KACjB,IAAK,IAAM,KAAQ,KAAK,MAAM,QAAQ,CAChC,EAAK,KAAK,MAAQ,GAClB,EAAK,KAAK,QAAU,IACtB,EAAa,EAAK,KAAK,QACvB,EAAS,GAGb,OAAO,EAGT,cAAc,EAAkD,CAC9D,OAAO,KAAK,MAAM,CAAC,OAAQ,GAAS,EAAK,KAAK,WAAa,EAAS,GAIxE,SAAgB,EAAuB,EAAuB,CAC5D,OAAO,EAAe,EAAK"}

package/dist/jobs/gcp-cloud-tasks.js.map

@@ -1 +1 @@
-{"version":3,"file":"gcp-cloud-tasks.js","names":["options: GcpCloudTasksQueueOptions"],"sources":["../../src/jobs/gcp-cloud-tasks.ts"],"sourcesContent":["import { randomUUID } from 'node:crypto';\n\nimport type { EnqueueOptions, Job, JobHandler, JobQueue } from './queue';\n\ninterface CloudTasksClientLike {\n  createTask(request: {\n    parent: string;\n    task: {\n      httpRequest: {\n        httpMethod: number | string;\n        url: string;\n        body: Buffer;\n        headers?: Record<string, string>;\n        oidcToken?: { serviceAccountEmail: string };\n      };\n      scheduleTime?: { seconds: number };\n    };\n  }): Promise<unknown>;\n}\n\nexport interface GcpCloudTasksQueueOptions {\n  client: CloudTasksClientLike;\n  projectId: string;\n  location: string;\n  queue: string;\n  resolveUrl(jobType: string): string;\n  serviceAccountEmail?: string;\n}\n\nexport class GcpCloudTasksQueue implements JobQueue {\n  private readonly handlers = new Map<string, JobHandler>();\n\n  constructor(private readonly options: GcpCloudTasksQueueOptions) {}\n\n  async enqueue<TPayload>(\n    jobType: string,\n    payload: TPayload,\n    options: EnqueueOptions = {}\n  ): Promise<Job<TPayload>> {\n    const enqueueTime =\n      options.delaySeconds != null\n        ? { seconds: Math.floor(Date.now() / 1000) + options.delaySeconds }\n        : undefined;\n    const body = Buffer.from(\n      JSON.stringify({\n        id: randomUUID(),\n        type: jobType,\n        payload,\n      }),\n      'utf-8'\n    );\n    await this.options.client.createTask({\n      parent: `projects/${this.options.projectId}/locations/${this.options.location}/queues/${this.options.queue}`,\n      task: {\n        httpRequest: {\n          httpMethod: 'POST',\n          url: this.options.resolveUrl(jobType),\n          body,\n          headers: { 'Content-Type': 'application/json' },\n          oidcToken: this.options.serviceAccountEmail\n            ? { serviceAccountEmail: this.options.serviceAccountEmail }\n            : undefined,\n        },\n        scheduleTime: enqueueTime,\n      },\n    });\n\n    return {\n      id: randomUUID(),\n      type: jobType,\n      payload,\n      status: 'pending',\n      attempts: 0,\n      createdAt: new Date(),\n      updatedAt: new Date(),\n    };\n  }\n\n  register<TPayload>(jobType: string, handler: JobHandler<TPayload>): void {\n    this.handlers.set(jobType, handler as JobHandler);\n  }\n\n  start(): void {\n    // Execution is handled by Cloud Tasks via HTTP callbacks.\n  }\n\n  async stop(): Promise<void> {\n    this.handlers.clear();\n  }\n}\n\n\n"],"mappings":"yCA6BA,IAAa,EAAb,KAAoD,CAClD,SAA4B,IAAI,IAEhC,YAAY,EAAqD,CAApC,KAAA,QAAA,EAE7B,MAAM,QACJ,EACA,EACA,EAA0B,EAAE,CACJ,CACxB,IAAM,EACJ,EAAQ,cAAgB,KAEpB,IAAA,GADA,CAAE,QAAS,KAAK,MAAM,KAAK,KAAK,CAAG,IAAK,CAAG,EAAQ,aAAc,CAEjE,EAAO,OAAO,KAClB,KAAK,UAAU,CACb,GAAI,GAAY,CAChB,KAAM,EACN,UACD,CAAC,CACF,QACD,CAiBD,OAhBA,MAAM,KAAK,QAAQ,OAAO,WAAW,CACnC,OAAQ,YAAY,KAAK,QAAQ,UAAU,aAAa,KAAK,QAAQ,SAAS,UAAU,KAAK,QAAQ,QACrG,KAAM,CACJ,YAAa,CACX,WAAY,OACZ,IAAK,KAAK,QAAQ,WAAW,EAAQ,CACrC,OACA,QAAS,CAAE,eAAgB,mBAAoB,CAC/C,UAAW,KAAK,QAAQ,oBACpB,CAAE,oBAAqB,KAAK,QAAQ,oBAAqB,CACzD,IAAA,GACL,CACD,aAAc,EACf,CACF,CAAC,CAEK,CACL,GAAI,GAAY,CAChB,KAAM,EACN,UACA,OAAQ,UACR,SAAU,EACV,UAAW,IAAI,KACf,UAAW,IAAI,KAChB,CAGH,SAAmB,EAAiB,EAAqC,CACvE,KAAK,SAAS,IAAI,EAAS,EAAsB,CAGnD,OAAc,EAId,MAAM,MAAsB,CAC1B,KAAK,SAAS,OAAO"}
+{"version":3,"file":"gcp-cloud-tasks.js","names":["options: GcpCloudTasksQueueOptions"],"sources":["../../src/jobs/gcp-cloud-tasks.ts"],"sourcesContent":["import { randomUUID } from 'node:crypto';\n\nimport type { EnqueueOptions, Job, JobHandler, JobQueue } from './queue';\n\ninterface CloudTasksClientLike {\n  createTask(request: {\n    parent: string;\n    task: {\n      httpRequest: {\n        httpMethod: number | string;\n        url: string;\n        body: Buffer;\n        headers?: Record<string, string>;\n        oidcToken?: { serviceAccountEmail: string };\n      };\n      scheduleTime?: { seconds: number };\n    };\n  }): Promise<unknown>;\n}\n\nexport interface GcpCloudTasksQueueOptions {\n  client: CloudTasksClientLike;\n  projectId: string;\n  location: string;\n  queue: string;\n  resolveUrl(jobType: string): string;\n  serviceAccountEmail?: string;\n}\n\nexport class GcpCloudTasksQueue implements JobQueue {\n  private readonly handlers = new Map<string, JobHandler>();\n\n  constructor(private readonly options: GcpCloudTasksQueueOptions) {}\n\n  async enqueue<TPayload>(\n    jobType: string,\n    payload: TPayload,\n    options: EnqueueOptions = {}\n  ): Promise<Job<TPayload>> {\n    const enqueueTime =\n      options.delaySeconds != null\n        ? { seconds: Math.floor(Date.now() / 1000) + options.delaySeconds }\n        : undefined;\n    const body = Buffer.from(\n      JSON.stringify({\n        id: randomUUID(),\n        type: jobType,\n        payload,\n      }),\n      'utf-8'\n    );\n    await this.options.client.createTask({\n      parent: `projects/${this.options.projectId}/locations/${this.options.location}/queues/${this.options.queue}`,\n      task: {\n        httpRequest: {\n          httpMethod: 'POST',\n          url: this.options.resolveUrl(jobType),\n          body,\n          headers: { 'Content-Type': 'application/json' },\n          oidcToken: this.options.serviceAccountEmail\n            ? { serviceAccountEmail: this.options.serviceAccountEmail }\n            : undefined,\n        },\n        scheduleTime: enqueueTime,\n      },\n    });\n\n    return {\n      id: randomUUID(),\n      type: jobType,\n      payload,\n      status: 'pending',\n      attempts: 0,\n      createdAt: new Date(),\n      updatedAt: new Date(),\n    };\n  }\n\n  register<TPayload>(jobType: string, handler: JobHandler<TPayload>): void {\n    this.handlers.set(jobType, handler as JobHandler);\n  }\n\n  start(): void {\n    // Execution is handled by Cloud Tasks via HTTP callbacks.\n  }\n\n  async stop(): Promise<void> {\n    this.handlers.clear();\n  }\n}\n"],"mappings":"yCA6BA,IAAa,EAAb,KAAoD,CAClD,SAA4B,IAAI,IAEhC,YAAY,EAAqD,CAApC,KAAA,QAAA,EAE7B,MAAM,QACJ,EACA,EACA,EAA0B,EAAE,CACJ,CACxB,IAAM,EACJ,EAAQ,cAAgB,KAEpB,IAAA,GADA,CAAE,QAAS,KAAK,MAAM,KAAK,KAAK,CAAG,IAAK,CAAG,EAAQ,aAAc,CAEjE,EAAO,OAAO,KAClB,KAAK,UAAU,CACb,GAAI,GAAY,CAChB,KAAM,EACN,UACD,CAAC,CACF,QACD,CAiBD,OAhBA,MAAM,KAAK,QAAQ,OAAO,WAAW,CACnC,OAAQ,YAAY,KAAK,QAAQ,UAAU,aAAa,KAAK,QAAQ,SAAS,UAAU,KAAK,QAAQ,QACrG,KAAM,CACJ,YAAa,CACX,WAAY,OACZ,IAAK,KAAK,QAAQ,WAAW,EAAQ,CACrC,OACA,QAAS,CAAE,eAAgB,mBAAoB,CAC/C,UAAW,KAAK,QAAQ,oBACpB,CAAE,oBAAqB,KAAK,QAAQ,oBAAqB,CACzD,IAAA,GACL,CACD,aAAc,EACf,CACF,CAAC,CAEK,CACL,GAAI,GAAY,CAChB,KAAM,EACN,UACA,OAAQ,UACR,SAAU,EACV,UAAW,IAAI,KACf,UAAW,IAAI,KAChB,CAGH,SAAmB,EAAiB,EAAqC,CACvE,KAAK,SAAS,IAAI,EAAS,EAAsB,CAGnD,OAAc,EAId,MAAM,MAAsB,CAC1B,KAAK,SAAS,OAAO"}

package/dist/jobs/gcp-pubsub.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"gcp-pubsub.d.ts","names":[],"sources":["../../src/jobs/gcp-pubsub.ts"],"sourcesContent":[],"mappings":";;;UAIU,gBAAA;;IAAA,cAAA,CAAgB,OAAA,EAAA;MAMT,IAAA,EAJmB,MAInB;IAKJ,CAAA,CAAA,EATkC,OASlC,CAAA,MAAe,CAAA;EAGY,CAAA;;AAK1B,UAbG,qBAAA,CAaH;EACG,MAAA,EAbP,gBAaO;EAAJ,SAAA,EAAA,MAAA;;AAyB6C,cAlC7C,cAAA,YAA0B,QAkCmB,CAAA;EAAX,iBAAA,OAAA;EAQ/B,iBAAA,QAAA;EA1CuB,WAAA,CAAA,OAAA,EAGC,qBAHD;EAAQ,OAAA,CAAA,QAAA,CAAA,CAAA,OAAA,EAAA,MAAA,EAAA,OAAA,EAOlC,QAPkC,EAAA,QAAA,CAAA,EAQjC,cARiC,CAAA,EAS1C,OAT0C,CASlC,GATkC,CAS9B,QAT8B,CAAA,CAAA;+CAkCA,WAAW;;UAQ1C"}
+{"version":3,"file":"gcp-pubsub.d.ts","names":[],"sources":["../../src/jobs/gcp-pubsub.ts"],"sourcesContent":[],"mappings":";;;UAIU,gBAAA;;IAAA,cAAA,CAAgB,OAAA,EAAA;MAMT,IAAA,EAJmB,MAInB;IAKJ,CAAA,CAAA,EATkC,OASlC,CAAA,MAAe,CAAA;EAGY,CAAA;;AAK1B,UAbG,qBAAA,CAaH;EACG,MAAA,EAbP,gBAaO;EAAJ,SAAA,EAAA,MAAA;;AAuB6C,cAhC7C,cAAA,YAA0B,QAgCmB,CAAA;EAAX,iBAAA,OAAA;EAQ/B,iBAAA,QAAA;EAxCuB,WAAA,CAAA,OAAA,EAGC,qBAHD;EAAQ,OAAA,CAAA,QAAA,CAAA,CAAA,OAAA,EAAA,MAAA,EAAA,OAAA,EAOlC,QAPkC,EAAA,QAAA,CAAA,EAQjC,cARiC,CAAA,EAS1C,OAT0C,CASlC,GATkC,CAS9B,QAT8B,CAAA,CAAA;+CAgCA,WAAW;;UAQ1C"}

package/dist/jobs/gcp-pubsub.js.map

@@ -1 +1 @@
-{"version":3,"file":"gcp-pubsub.js","names":["options: GcpPubSubQueueOptions"],"sources":["../../src/jobs/gcp-pubsub.ts"],"sourcesContent":["import { randomUUID } from 'node:crypto';\n\nimport type { EnqueueOptions, Job, JobHandler, JobQueue } from './queue';\n\ninterface PubSubClientLike {\n  topic(name: string): {\n    publishMessage(message: { data: Buffer }): Promise<string>;\n  };\n}\n\nexport interface GcpPubSubQueueOptions {\n  client: PubSubClientLike;\n  topicName: string;\n}\n\nexport class GcpPubSubQueue implements JobQueue {\n  private readonly handlers = new Map<string, JobHandler>();\n\n  constructor(private readonly options: GcpPubSubQueueOptions) {}\n\n  async enqueue<TPayload>(\n    jobType: string,\n    payload: TPayload,\n    _options: EnqueueOptions = {}\n  ): Promise<Job<TPayload>> {\n    await this.options.client\n      .topic(this.options.topicName)\n      .publishMessage({\n        data: Buffer.from(\n          JSON.stringify({\n            id: randomUUID(),\n            type: jobType,\n            payload,\n          }),\n          'utf-8'\n        ),\n      });\n\n    return {\n      id: randomUUID(),\n      type: jobType,\n      payload,\n      status: 'pending',\n      attempts: 0,\n      createdAt: new Date(),\n      updatedAt: new Date(),\n    };\n  }\n\n  register<TPayload>(jobType: string, handler: JobHandler<TPayload>): void {\n    this.handlers.set(jobType, handler as JobHandler);\n  }\n\n  start(): void {\n    // Message consumption handled externally via Pub/Sub subscription.\n  }\n\n  async stop(): Promise<void> {\n    this.handlers.clear();\n  }\n}\n\n\n"],"mappings":"yCAeA,IAAa,EAAb,KAAgD,CAC9C,SAA4B,IAAI,IAEhC,YAAY,EAAiD,CAAhC,KAAA,QAAA,EAE7B,MAAM,QACJ,EACA,EACA,EAA2B,EAAE,CACL,CAcxB,OAbA,MAAM,KAAK,QAAQ,OAChB,MAAM,KAAK,QAAQ,UAAU,CAC7B,eAAe,CACd,KAAM,OAAO,KACX,KAAK,UAAU,CACb,GAAI,GAAY,CAChB,KAAM,EACN,UACD,CAAC,CACF,QACD,CACF,CAAC,CAEG,CACL,GAAI,GAAY,CAChB,KAAM,EACN,UACA,OAAQ,UACR,SAAU,EACV,UAAW,IAAI,KACf,UAAW,IAAI,KAChB,CAGH,SAAmB,EAAiB,EAAqC,CACvE,KAAK,SAAS,IAAI,EAAS,EAAsB,CAGnD,OAAc,EAId,MAAM,MAAsB,CAC1B,KAAK,SAAS,OAAO"}
+{"version":3,"file":"gcp-pubsub.js","names":["options: GcpPubSubQueueOptions"],"sources":["../../src/jobs/gcp-pubsub.ts"],"sourcesContent":["import { randomUUID } from 'node:crypto';\n\nimport type { EnqueueOptions, Job, JobHandler, JobQueue } from './queue';\n\ninterface PubSubClientLike {\n  topic(name: string): {\n    publishMessage(message: { data: Buffer }): Promise<string>;\n  };\n}\n\nexport interface GcpPubSubQueueOptions {\n  client: PubSubClientLike;\n  topicName: string;\n}\n\nexport class GcpPubSubQueue implements JobQueue {\n  private readonly handlers = new Map<string, JobHandler>();\n\n  constructor(private readonly options: GcpPubSubQueueOptions) {}\n\n  async enqueue<TPayload>(\n    jobType: string,\n    payload: TPayload,\n    _options: EnqueueOptions = {}\n  ): Promise<Job<TPayload>> {\n    await this.options.client.topic(this.options.topicName).publishMessage({\n      data: Buffer.from(\n        JSON.stringify({\n          id: randomUUID(),\n          type: jobType,\n          payload,\n        }),\n        'utf-8'\n      ),\n    });\n\n    return {\n      id: randomUUID(),\n      type: jobType,\n      payload,\n      status: 'pending',\n      attempts: 0,\n      createdAt: new Date(),\n      updatedAt: new Date(),\n    };\n  }\n\n  register<TPayload>(jobType: string, handler: JobHandler<TPayload>): void {\n    this.handlers.set(jobType, handler as JobHandler);\n  }\n\n  start(): void {\n    // Message consumption handled externally via Pub/Sub subscription.\n  }\n\n  async stop(): Promise<void> {\n    this.handlers.clear();\n  }\n}\n"],"mappings":"yCAeA,IAAa,EAAb,KAAgD,CAC9C,SAA4B,IAAI,IAEhC,YAAY,EAAiD,CAAhC,KAAA,QAAA,EAE7B,MAAM,QACJ,EACA,EACA,EAA2B,EAAE,CACL,CAYxB,OAXA,MAAM,KAAK,QAAQ,OAAO,MAAM,KAAK,QAAQ,UAAU,CAAC,eAAe,CACrE,KAAM,OAAO,KACX,KAAK,UAAU,CACb,GAAI,GAAY,CAChB,KAAM,EACN,UACD,CAAC,CACF,QACD,CACF,CAAC,CAEK,CACL,GAAI,GAAY,CAChB,KAAM,EACN,UACA,OAAQ,UACR,SAAU,EACV,UAAW,IAAI,KACf,UAAW,IAAI,KAChB,CAGH,SAAmB,EAAiB,EAAqC,CACvE,KAAK,SAAS,IAAI,EAAS,EAAsB,CAGnD,OAAc,EAId,MAAM,MAAsB,CAC1B,KAAK,SAAS,OAAO"}

package/dist/jobs/handlers/gmail-sync-handler.js.map

@@ -1 +1 @@
-{"version":3,"file":"gmail-sync-handler.js","names":[],"sources":["../../../src/jobs/handlers/gmail-sync-handler.ts"],"sourcesContent":["import type { JobHandler } from '../queue';\nimport type { GmailIngestionAdapter } from '../../knowledge/ingestion/gmail-adapter';\nimport type { EmailThreadListQuery } from '../../integrations/providers/email';\n\nexport interface GmailSyncJobPayload extends EmailThreadListQuery {}\n\nexport function createGmailSyncHandler(\n  adapter: GmailIngestionAdapter\n): JobHandler<GmailSyncJobPayload> {\n  return async (job) => {\n    await adapter.syncThreads(job.payload);\n  };\n}\n\n\n"],"mappings":"AAMA,SAAgB,EACd,EACiC,CACjC,OAAO,KAAO,IAAQ,CACpB,MAAM,EAAQ,YAAY,EAAI,QAAQ"}
+{"version":3,"file":"gmail-sync-handler.js","names":[],"sources":["../../../src/jobs/handlers/gmail-sync-handler.ts"],"sourcesContent":["import type { JobHandler } from '../queue';\nimport type { GmailIngestionAdapter } from '../../knowledge/ingestion/gmail-adapter';\nimport type { EmailThreadListQuery } from '../../integrations/providers/email';\n\nexport interface GmailSyncJobPayload extends EmailThreadListQuery {}\n\nexport function createGmailSyncHandler(\n  adapter: GmailIngestionAdapter\n): JobHandler<GmailSyncJobPayload> {\n  return async (job) => {\n    await adapter.syncThreads(job.payload);\n  };\n}\n"],"mappings":"AAMA,SAAgB,EACd,EACiC,CACjC,OAAO,KAAO,IAAQ,CACpB,MAAM,EAAQ,YAAY,EAAI,QAAQ"}

package/dist/jobs/handlers/storage-document-handler.js.map

@@ -1 +1 @@
-{"version":3,"file":"storage-document-handler.js","names":[],"sources":["../../../src/jobs/handlers/storage-document-handler.ts"],"sourcesContent":["import type { ObjectStorageProvider } from '../../integrations/providers/storage';\nimport type { StorageIngestionAdapter } from '../../knowledge/ingestion/storage-adapter';\nimport type { JobHandler } from '../queue';\n\nexport interface StorageDocumentJobPayload {\n  bucket: string;\n  key: string;\n}\n\nexport function createStorageDocumentHandler(\n  storage: ObjectStorageProvider,\n  adapter: StorageIngestionAdapter\n): JobHandler<StorageDocumentJobPayload> {\n  return async (job) => {\n    const object = await storage.getObject({\n      bucket: job.payload.bucket,\n      key: job.payload.key,\n    });\n    if (!object) {\n      throw new Error(\n        `Object ${job.payload.bucket}/${job.payload.key} not found`\n      );\n    }\n    await adapter.ingestObject(object);\n  };\n}\n\n\n"],"mappings":"AASA,SAAgB,EACd,EACA,EACuC,CACvC,OAAO,KAAO,IAAQ,CACpB,IAAM,EAAS,MAAM,EAAQ,UAAU,CACrC,OAAQ,EAAI,QAAQ,OACpB,IAAK,EAAI,QAAQ,IAClB,CAAC,CACF,GAAI,CAAC,EACH,MAAU,MACR,UAAU,EAAI,QAAQ,OAAO,GAAG,EAAI,QAAQ,IAAI,YACjD,CAEH,MAAM,EAAQ,aAAa,EAAO"}
+{"version":3,"file":"storage-document-handler.js","names":[],"sources":["../../../src/jobs/handlers/storage-document-handler.ts"],"sourcesContent":["import type { ObjectStorageProvider } from '../../integrations/providers/storage';\nimport type { StorageIngestionAdapter } from '../../knowledge/ingestion/storage-adapter';\nimport type { JobHandler } from '../queue';\n\nexport interface StorageDocumentJobPayload {\n  bucket: string;\n  key: string;\n}\n\nexport function createStorageDocumentHandler(\n  storage: ObjectStorageProvider,\n  adapter: StorageIngestionAdapter\n): JobHandler<StorageDocumentJobPayload> {\n  return async (job) => {\n    const object = await storage.getObject({\n      bucket: job.payload.bucket,\n      key: job.payload.key,\n    });\n    if (!object) {\n      throw new Error(\n        `Object ${job.payload.bucket}/${job.payload.key} not found`\n      );\n    }\n    await adapter.ingestObject(object);\n  };\n}\n"],"mappings":"AASA,SAAgB,EACd,EACA,EACuC,CACvC,OAAO,KAAO,IAAQ,CACpB,IAAM,EAAS,MAAM,EAAQ,UAAU,CACrC,OAAQ,EAAI,QAAQ,OACpB,IAAK,EAAI,QAAQ,IAClB,CAAC,CACF,GAAI,CAAC,EACH,MAAU,MACR,UAAU,EAAI,QAAQ,OAAO,GAAG,EAAI,QAAQ,IAAI,YACjD,CAEH,MAAM,EAAQ,aAAa,EAAO"}

package/dist/jobs/memory-queue.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"memory-queue.d.ts","names":[],"sources":["../../src/jobs/memory-queue.ts"],"sourcesContent":[],"mappings":";;;cASa,cAAA,YAA0B;;EAA1B,iBAAe,IAAA;EAUf,iBAAA,QAAA;EACA,QAAA,KAAA;EACI,QAAA,UAAA;EAAJ,WAAA,CAAA,cAAA,CAAA,EAAA,MAAA;EAAR,OAAA,CAAA,QAAA,CAAA,CAAA,OAAA,EAAA,MAAA,EAAA,OAAA,EAFQ,QAER,EAAA,OAAA,CAAA,EADQ,cACR,CAAA,EAAA,OAAA,CAAQ,GAAR,CAAY,QAAZ,CAAA,CAAA;EAiBqD,QAAA,CAAA,QAAA,CAAA,CAAA,OAAA,EAAA,MAAA,EAAA,OAAA,EAAX,UAAW,CAAA,QAAA,CAAA,CAAA,EAAA,IAAA;EAAX,KAAA,CAAA,CAAA,EAAA,IAAA;EAW/B,IAAA,CAAA,CAAA,EAAA,OAAA,CAAA,IAAA,CAAA;EAxCuB,QAAA,WAAA"}
+{"version":3,"file":"memory-queue.d.ts","names":[],"sources":["../../src/jobs/memory-queue.ts"],"sourcesContent":[],"mappings":";;;cAIa,cAAA,YAA0B;;EAA1B,iBAAe,IAAA;EAUf,iBAAA,QAAA;EACA,QAAA,KAAA;EACI,QAAA,UAAA;EAAJ,WAAA,CAAA,cAAA,CAAA,EAAA,MAAA;EAAR,OAAA,CAAA,QAAA,CAAA,CAAA,OAAA,EAAA,MAAA,EAAA,OAAA,EAFQ,QAER,EAAA,OAAA,CAAA,EADQ,cACR,CAAA,EAAA,OAAA,CAAQ,GAAR,CAAY,QAAZ,CAAA,CAAA;EAiBqD,QAAA,CAAA,QAAA,CAAA,CAAA,OAAA,EAAA,MAAA,EAAA,OAAA,EAAX,UAAW,CAAA,QAAA,CAAA,CAAA,EAAA,IAAA;EAAX,KAAA,CAAA,CAAA,EAAA,IAAA;EAW/B,IAAA,CAAA,CAAA,EAAA,OAAA,CAAA,IAAA,CAAA;EAxCuB,QAAA,WAAA"}

package/dist/jobs/memory-queue.js.map

@@ -1 +1 @@
-{"version":3,"file":"memory-queue.js","names":["job: Job<TPayload>"],"sources":["../../src/jobs/memory-queue.ts"],"sourcesContent":["import { randomUUID } from 'node:crypto';\n\nimport type {\n  EnqueueOptions,\n  Job,\n  JobHandler,\n  JobQueue,\n} from './queue';\n\nexport class MemoryJobQueue implements JobQueue {\n  private readonly jobs: Job[] = [];\n  private readonly handlers = new Map<string, JobHandler>();\n  private timer?: NodeJS.Timeout;\n  private processing = false;\n\n  constructor(private readonly pollIntervalMs = 200) {}\n\n  async enqueue<TPayload>(\n    jobType: string,\n    payload: TPayload,\n    options: EnqueueOptions = {}\n  ): Promise<Job<TPayload>> {\n    const job: Job<TPayload> = {\n      id: randomUUID(),\n      type: jobType,\n      payload,\n      status: 'pending',\n      attempts: 0,\n      createdAt: new Date(),\n      updatedAt: new Date(),\n    };\n    if (options.delaySeconds) {\n      job.updatedAt = new Date(Date.now() + options.delaySeconds * 1000);\n    }\n    this.jobs.push(job);\n    return job;\n  }\n\n  register<TPayload>(jobType: string, handler: JobHandler<TPayload>): void {\n    this.handlers.set(jobType, handler as JobHandler);\n  }\n\n  start(): void {\n    if (this.timer) return;\n    this.timer = setInterval(() => {\n      void this.processNext();\n    }, this.pollIntervalMs);\n  }\n\n  async stop(): Promise<void> {\n    if (this.timer) {\n      clearInterval(this.timer);\n      this.timer = undefined;\n    }\n    while (this.processing) {\n      await new Promise((resolve) => setTimeout(resolve, 10));\n    }\n  }\n\n  private async processNext() {\n    if (this.processing) return;\n    const job = this.jobs.find((j) => j.status === 'pending' && j.updatedAt <= new Date());\n    if (!job) return;\n    const handler = this.handlers.get(job.type);\n    if (!handler) return;\n\n    this.processing = true;\n    job.status = 'running';\n    job.updatedAt = new Date();\n    job.attempts += 1;\n\n    try {\n      await handler(job);\n      job.status = 'completed';\n      job.updatedAt = new Date();\n    } catch (error) {\n      job.status = 'failed';\n      job.lastError =\n        error instanceof Error ? error.message : 'Unknown job error';\n      job.updatedAt = new Date();\n    } finally {\n      this.processing = false;\n    }\n  }\n}\n\n\n"],"mappings":"yCASA,IAAa,EAAb,KAAgD,CAC9C,KAA+B,EAAE,CACjC,SAA4B,IAAI,IAChC,MACA,WAAqB,GAErB,YAAY,EAAkC,IAAK,CAAtB,KAAA,eAAA,EAE7B,MAAM,QACJ,EACA,EACA,EAA0B,EAAE,CACJ,CACxB,IAAMA,EAAqB,CACzB,GAAI,GAAY,CAChB,KAAM,EACN,UACA,OAAQ,UACR,SAAU,EACV,UAAW,IAAI,KACf,UAAW,IAAI,KAChB,CAKD,OAJI,EAAQ,eACV,EAAI,UAAY,IAAI,KAAK,KAAK,KAAK,CAAG,EAAQ,aAAe,IAAK,EAEpE,KAAK,KAAK,KAAK,EAAI,CACZ,EAGT,SAAmB,EAAiB,EAAqC,CACvE,KAAK,SAAS,IAAI,EAAS,EAAsB,CAGnD,OAAc,CACR,AACJ,KAAK,QAAQ,gBAAkB,CACxB,KAAK,aAAa,EACtB,KAAK,eAAe,CAGzB,MAAM,MAAsB,CAK1B,IAJA,AAEE,KAAK,SADL,cAAc,KAAK,MAAM,CACZ,IAAA,IAER,KAAK,YACV,MAAM,IAAI,QAAS,GAAY,WAAW,EAAS,GAAG,CAAC,CAI3D,MAAc,aAAc,CAC1B,GAAI,KAAK,WAAY,OACrB,IAAM,EAAM,KAAK,KAAK,KAAM,GAAM,EAAE,SAAW,WAAa,EAAE,WAAa,IAAI,KAAO,CACtF,GAAI,CAAC,EAAK,OACV,IAAM,EAAU,KAAK,SAAS,IAAI,EAAI,KAAK,CACtC,KAKL,CAHA,KAAK,WAAa,GAClB,EAAI,OAAS,UACb,EAAI,UAAY,IAAI,KACpB,EAAI,UAAY,EAEhB,GAAI,CACF,MAAM,EAAQ,EAAI,CAClB,EAAI,OAAS,YACb,EAAI,UAAY,IAAI,WACb,EAAO,CACd,EAAI,OAAS,SACb,EAAI,UACF,aAAiB,MAAQ,EAAM,QAAU,oBAC3C,EAAI,UAAY,IAAI,YACZ,CACR,KAAK,WAAa"}
+{"version":3,"file":"memory-queue.js","names":["job: Job<TPayload>"],"sources":["../../src/jobs/memory-queue.ts"],"sourcesContent":["import { randomUUID } from 'node:crypto';\n\nimport type { EnqueueOptions, Job, JobHandler, JobQueue } from './queue';\n\nexport class MemoryJobQueue implements JobQueue {\n  private readonly jobs: Job[] = [];\n  private readonly handlers = new Map<string, JobHandler>();\n  private timer?: NodeJS.Timeout;\n  private processing = false;\n\n  constructor(private readonly pollIntervalMs = 200) {}\n\n  async enqueue<TPayload>(\n    jobType: string,\n    payload: TPayload,\n    options: EnqueueOptions = {}\n  ): Promise<Job<TPayload>> {\n    const job: Job<TPayload> = {\n      id: randomUUID(),\n      type: jobType,\n      payload,\n      status: 'pending',\n      attempts: 0,\n      createdAt: new Date(),\n      updatedAt: new Date(),\n    };\n    if (options.delaySeconds) {\n      job.updatedAt = new Date(Date.now() + options.delaySeconds * 1000);\n    }\n    this.jobs.push(job);\n    return job;\n  }\n\n  register<TPayload>(jobType: string, handler: JobHandler<TPayload>): void {\n    this.handlers.set(jobType, handler as JobHandler);\n  }\n\n  start(): void {\n    if (this.timer) return;\n    this.timer = setInterval(() => {\n      void this.processNext();\n    }, this.pollIntervalMs);\n  }\n\n  async stop(): Promise<void> {\n    if (this.timer) {\n      clearInterval(this.timer);\n      this.timer = undefined;\n    }\n    while (this.processing) {\n      await new Promise((resolve) => setTimeout(resolve, 10));\n    }\n  }\n\n  private async processNext() {\n    if (this.processing) return;\n    const job = this.jobs.find(\n      (j) => j.status === 'pending' && j.updatedAt <= new Date()\n    );\n    if (!job) return;\n    const handler = this.handlers.get(job.type);\n    if (!handler) return;\n\n    this.processing = true;\n    job.status = 'running';\n    job.updatedAt = new Date();\n    job.attempts += 1;\n\n    try {\n      await handler(job);\n      job.status = 'completed';\n      job.updatedAt = new Date();\n    } catch (error) {\n      job.status = 'failed';\n      job.lastError =\n        error instanceof Error ? error.message : 'Unknown job error';\n      job.updatedAt = new Date();\n    } finally {\n      this.processing = false;\n    }\n  }\n}\n"],"mappings":"yCAIA,IAAa,EAAb,KAAgD,CAC9C,KAA+B,EAAE,CACjC,SAA4B,IAAI,IAChC,MACA,WAAqB,GAErB,YAAY,EAAkC,IAAK,CAAtB,KAAA,eAAA,EAE7B,MAAM,QACJ,EACA,EACA,EAA0B,EAAE,CACJ,CACxB,IAAMA,EAAqB,CACzB,GAAI,GAAY,CAChB,KAAM,EACN,UACA,OAAQ,UACR,SAAU,EACV,UAAW,IAAI,KACf,UAAW,IAAI,KAChB,CAKD,OAJI,EAAQ,eACV,EAAI,UAAY,IAAI,KAAK,KAAK,KAAK,CAAG,EAAQ,aAAe,IAAK,EAEpE,KAAK,KAAK,KAAK,EAAI,CACZ,EAGT,SAAmB,EAAiB,EAAqC,CACvE,KAAK,SAAS,IAAI,EAAS,EAAsB,CAGnD,OAAc,CACR,AACJ,KAAK,QAAQ,gBAAkB,CACxB,KAAK,aAAa,EACtB,KAAK,eAAe,CAGzB,MAAM,MAAsB,CAK1B,IAJA,AAEE,KAAK,SADL,cAAc,KAAK,MAAM,CACZ,IAAA,IAER,KAAK,YACV,MAAM,IAAI,QAAS,GAAY,WAAW,EAAS,GAAG,CAAC,CAI3D,MAAc,aAAc,CAC1B,GAAI,KAAK,WAAY,OACrB,IAAM,EAAM,KAAK,KAAK,KACnB,GAAM,EAAE,SAAW,WAAa,EAAE,WAAa,IAAI,KACrD,CACD,GAAI,CAAC,EAAK,OACV,IAAM,EAAU,KAAK,SAAS,IAAI,EAAI,KAAK,CACtC,KAKL,CAHA,KAAK,WAAa,GAClB,EAAI,OAAS,UACb,EAAI,UAAY,IAAI,KACpB,EAAI,UAAY,EAEhB,GAAI,CACF,MAAM,EAAQ,EAAI,CAClB,EAAI,OAAS,YACb,EAAI,UAAY,IAAI,WACb,EAAO,CACd,EAAI,OAAS,SACb,EAAI,UACF,aAAiB,MAAQ,EAAM,QAAU,oBAC3C,EAAI,UAAY,IAAI,YACZ,CACR,KAAK,WAAa"}

package/dist/jobs/queue.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"queue.d.ts","names":[],"sources":["../../src/jobs/queue.ts"],"sourcesContent":[],"mappings":";KAAY,SAAA;AAAA,UAMK,GANI,CAAA,WAAA,OAAA,CAAA,CAAA;EAMJ,EAAA,EAAA,MAAG;EAGT,IAAA,EAAA,MAAA;EACD,OAAA,EADC,QACD;EAEG,MAAA,EAFH,SAEG;EACA,QAAA,EAAA,MAAA;EAAI,SAAA,EADJ,IACI;EAIA,SAAA,EAJJ,IAII;EAML,SAAA,CAAA,EAAA,MAAU;;AACf,UAPU,cAAA,CAOV;EACF,YAAA,CAAA,EAAA,MAAA;EAAO,SAAA,CAAA,EAAA,MAAA;EAEK,WAAQ,CAAA,EAAA,MAAA;;AAIX,KARF,UAQE,CAAA,WAAA,OAAA,CAAA,GAAA,CAAA,GAAA,EAPP,GAOO,CAPH,QAOG,CAAA,EAAA,GANT,OAMS,CAAA,IAAA,CAAA;AACG,UALA,QAAA,CAKA;EAAJ,OAAA,CAAA,QAAA,CAAA,CAAA,OAAA,EAAA,MAAA,EAAA,OAAA,EAFA,QAEA,EAAA,OAAA,CAAA,EADC,cACD,CAAA,EAAR,OAAQ,CAAA,GAAA,CAAI,QAAJ,CAAA,CAAA;EAAR,QAAA,CAAA,QAAA,CAAA,CAAA,OAAA,EAAA,MAAA,EAAA,OAAA,EAC0C,UAD1C,CACqD,QADrD,CAAA,CAAA,EAAA,IAAA;EACqD,KAAA,EAAA,EAAA,IAAA;EAAX,IAAA,EAAA,EAErC,OAFqC,CAAA,IAAA,CAAA"}
+{"version":3,"file":"queue.d.ts","names":[],"sources":["../../src/jobs/queue.ts"],"sourcesContent":[],"mappings":";KAAY,SAAA;AAAA,UAEK,GAFI,CAAA,WAAA,OAAA,CAAA,CAAA;EAEJ,EAAA,EAAA,MAAG;EAGT,IAAA,EAAA,MAAA;EACD,OAAA,EADC,QACD;EAEG,MAAA,EAFH,SAEG;EACA,QAAA,EAAA,MAAA;EAAI,SAAA,EADJ,IACI;EAIA,SAAA,EAJJ,IAII;EAML,SAAA,CAAA,EAAA,MAAU;;AACf,UAPU,cAAA,CAOV;EACF,YAAA,CAAA,EAAA,MAAA;EAAO,SAAA,CAAA,EAAA,MAAA;EAEK,WAAQ,CAAA,EAAA,MAAA;;AAIX,KARF,UAQE,CAAA,WAAA,OAAA,CAAA,GAAA,CAAA,GAAA,EAPP,GAOO,CAPH,QAOG,CAAA,EAAA,GANT,OAMS,CAAA,IAAA,CAAA;AACG,UALA,QAAA,CAKA;EAAJ,OAAA,CAAA,QAAA,CAAA,CAAA,OAAA,EAAA,MAAA,EAAA,OAAA,EAFA,QAEA,EAAA,OAAA,CAAA,EADC,cACD,CAAA,EAAR,OAAQ,CAAA,GAAA,CAAI,QAAJ,CAAA,CAAA;EAAR,QAAA,CAAA,QAAA,CAAA,CAAA,OAAA,EAAA,MAAA,EAAA,OAAA,EAC0C,UAD1C,CACqD,QADrD,CAAA,CAAA,EAAA,IAAA;EACqD,KAAA,EAAA,EAAA,IAAA;EAAX,IAAA,EAAA,EAErC,OAFqC,CAAA,IAAA,CAAA"}