@lucern/sdk 0.3.0-alpha.3 → 0.3.0-alpha.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +47 -0
- package/dist/adminClient.js +4 -3
- package/dist/adminClient.js.map +1 -1
- package/dist/answersClient.js +4 -3
- package/dist/answersClient.js.map +1 -1
- package/dist/audiencesClient.js +4 -3
- package/dist/audiencesClient.js.map +1 -1
- package/dist/auditClient.js +4 -3
- package/dist/auditClient.js.map +1 -1
- package/dist/authContext.js +4 -3
- package/dist/authContext.js.map +1 -1
- package/dist/beliefs/index.d.ts +3 -1
- package/dist/beliefs/index.js +333 -7
- package/dist/beliefs/index.js.map +1 -1
- package/dist/beliefsClient.js +4 -3
- package/dist/beliefsClient.js.map +1 -1
- package/dist/client.d.ts +2981 -40
- package/dist/client.js +333 -7
- package/dist/client.js.map +1 -1
- package/dist/contextClient.js +4 -3
- package/dist/contextClient.js.map +1 -1
- package/dist/contracts/api-enums.contract.d.ts +1 -1
- package/dist/contracts/api-enums.contract.js.map +1 -1
- package/dist/contracts/index.js.map +1 -1
- package/dist/contradictions/index.d.ts +3 -1
- package/dist/contradictions/index.js +333 -7
- package/dist/contradictions/index.js.map +1 -1
- package/dist/coreClient.js +4 -3
- package/dist/coreClient.js.map +1 -1
- package/dist/decisions/index.d.ts +3 -1
- package/dist/decisions/index.js +333 -7
- package/dist/decisions/index.js.map +1 -1
- package/dist/decisionsClient.js +4 -3
- package/dist/decisionsClient.js.map +1 -1
- package/dist/edges/index.d.ts +3 -1
- package/dist/edges/index.js +333 -7
- package/dist/edges/index.js.map +1 -1
- package/dist/embeddingsClient.js +4 -3
- package/dist/embeddingsClient.js.map +1 -1
- package/dist/eventingClient.js +4 -3
- package/dist/eventingClient.js.map +1 -1
- package/dist/eventsCore.js +4 -3
- package/dist/eventsCore.js.map +1 -1
- package/dist/evidence/index.d.ts +3 -1
- package/dist/evidence/index.js +333 -7
- package/dist/evidence/index.js.map +1 -1
- package/dist/evidenceClient.js +4 -3
- package/dist/evidenceClient.js.map +1 -1
- package/dist/functionSurface.d.ts +129 -0
- package/dist/functionSurface.js +1118 -0
- package/dist/functionSurface.js.map +1 -0
- package/dist/functionSurfaceClient.d.ts +8 -0
- package/dist/functionSurfaceClient.js +1118 -0
- package/dist/functionSurfaceClient.js.map +1 -0
- package/dist/gatewayFacades.d.ts +34 -1
- package/dist/gatewayFacades.js +4 -3
- package/dist/gatewayFacades.js.map +1 -1
- package/dist/graphAnalysisClient.d.ts +53 -1
- package/dist/graphAnalysisClient.js +31 -4
- package/dist/graphAnalysisClient.js.map +1 -1
- package/dist/graphClient.js +4 -3
- package/dist/graphClient.js.map +1 -1
- package/dist/graphIntel.d.ts +3 -0
- package/dist/graphIntel.js +3 -0
- package/dist/graphIntel.js.map +1 -0
- package/dist/graphIntelligence.d.ts +2 -0
- package/dist/graphIntelligence.js +47 -0
- package/dist/graphIntelligence.js.map +1 -0
- package/dist/graphRecommendationsClient.js +4 -3
- package/dist/graphRecommendationsClient.js.map +1 -1
- package/dist/graphStateClassifierClient.js +4 -3
- package/dist/graphStateClassifierClient.js.map +1 -1
- package/dist/harnessClient.js +4 -3
- package/dist/harnessClient.js.map +1 -1
- package/dist/identityClient.js +4 -3
- package/dist/identityClient.js.map +1 -1
- package/dist/index.d.ts +8 -3
- package/dist/index.js +670 -8
- package/dist/index.js.map +1 -1
- package/dist/infisicalRuntime.d.ts +42 -0
- package/dist/infisicalRuntime.js +291 -0
- package/dist/infisicalRuntime.js.map +1 -0
- package/dist/jobsClient.js +4 -3
- package/dist/jobsClient.js.map +1 -1
- package/dist/learningClient.js +4 -3
- package/dist/learningClient.js.map +1 -1
- package/dist/lenses/index.d.ts +28 -2
- package/dist/lenses/index.js +333 -7
- package/dist/lenses/index.js.map +1 -1
- package/dist/mcpClient.js +4 -3
- package/dist/mcpClient.js.map +1 -1
- package/dist/modelRuntimeClient.js +4 -3
- package/dist/modelRuntimeClient.js.map +1 -1
- package/dist/nodes/index.d.ts +21 -1
- package/dist/nodes/index.js +333 -7
- package/dist/nodes/index.js.map +1 -1
- package/dist/ontologies/index.d.ts +3 -1
- package/dist/ontologies/index.js +333 -7
- package/dist/ontologies/index.js.map +1 -1
- package/dist/ontologyClient.js +4 -3
- package/dist/ontologyClient.js.map +1 -1
- package/dist/ontologyLinksClient.js +4 -3
- package/dist/ontologyLinksClient.js.map +1 -1
- package/dist/orgGraphSearchClient.js +4 -3
- package/dist/orgGraphSearchClient.js.map +1 -1
- package/dist/packRuntime.d.ts +2 -1
- package/dist/packsClient.js +4 -3
- package/dist/packsClient.js.map +1 -1
- package/dist/policyClient.js +4 -3
- package/dist/policyClient.js.map +1 -1
- package/dist/questions/index.d.ts +3 -1
- package/dist/questions/index.js +333 -7
- package/dist/questions/index.js.map +1 -1
- package/dist/reportsClient.js +4 -3
- package/dist/reportsClient.js.map +1 -1
- package/dist/schemaClient.js +4 -3
- package/dist/schemaClient.js.map +1 -1
- package/dist/sourcesClient.js +4 -3
- package/dist/sourcesClient.js.map +1 -1
- package/dist/telemetryClient.js +4 -3
- package/dist/telemetryClient.js.map +1 -1
- package/dist/toolRegistryClient.js +4 -3
- package/dist/toolRegistryClient.js.map +1 -1
- package/dist/topics/index.d.ts +3 -1
- package/dist/topics/index.js +333 -7
- package/dist/topics/index.js.map +1 -1
- package/dist/topicsClient.js +4 -3
- package/dist/topicsClient.js.map +1 -1
- package/dist/workflowClient.d.ts +41 -7
- package/dist/workflowClient.js +4 -3
- package/dist/workflowClient.js.map +1 -1
- package/dist/worktrees/index.d.ts +29 -3
- package/dist/worktrees/index.js +333 -7
- package/dist/worktrees/index.js.map +1 -1
- package/package.json +12 -3
- package/dist/client-EiG9nJOY.d.ts +0 -2911
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
import { InfisicalRuntimeEnvironment, InfisicalRuntimeSurfaceId } from '@lucern/contracts';
|
|
2
|
+
|
|
3
|
+
type InfisicalRuntimeEnv = Record<string, string | undefined>;
|
|
4
|
+
type InfisicalRuntimeFetch = (input: string | URL, init?: RequestInit) => Promise<Response>;
|
|
5
|
+
type InfisicalRuntimeBootstrapConfig = {
|
|
6
|
+
apiUrl: string;
|
|
7
|
+
projectId: string;
|
|
8
|
+
clientId: string;
|
|
9
|
+
clientSecret: string;
|
|
10
|
+
environment: InfisicalRuntimeEnvironment;
|
|
11
|
+
organizationSlug?: string;
|
|
12
|
+
};
|
|
13
|
+
type InfisicalRuntimeHydrateOptions = {
|
|
14
|
+
surfaceId: InfisicalRuntimeSurfaceId;
|
|
15
|
+
env?: InfisicalRuntimeEnv;
|
|
16
|
+
fetchImpl?: InfisicalRuntimeFetch;
|
|
17
|
+
bootstrap?: Partial<InfisicalRuntimeBootstrapConfig>;
|
|
18
|
+
};
|
|
19
|
+
type InfisicalRuntimeHydrationResult = {
|
|
20
|
+
status: "disabled" | "hydrated";
|
|
21
|
+
surfaceId: InfisicalRuntimeSurfaceId;
|
|
22
|
+
environment?: InfisicalRuntimeEnvironment;
|
|
23
|
+
values: Record<string, string>;
|
|
24
|
+
sourcePaths: string[];
|
|
25
|
+
};
|
|
26
|
+
declare class InfisicalRuntimeError extends Error {
|
|
27
|
+
readonly code: string;
|
|
28
|
+
readonly status?: number;
|
|
29
|
+
constructor(args: {
|
|
30
|
+
code: string;
|
|
31
|
+
message: string;
|
|
32
|
+
status?: number;
|
|
33
|
+
});
|
|
34
|
+
}
|
|
35
|
+
declare function readInfisicalRuntimeBootstrap(env?: InfisicalRuntimeEnv, overrides?: Partial<InfisicalRuntimeBootstrapConfig>): InfisicalRuntimeBootstrapConfig | null;
|
|
36
|
+
declare function isInfisicalRuntimeDisabled(env?: InfisicalRuntimeEnv): boolean;
|
|
37
|
+
declare function hydrateInfisicalRuntimeEnv(options: InfisicalRuntimeHydrateOptions): Promise<InfisicalRuntimeHydrationResult>;
|
|
38
|
+
declare function applyInfisicalRuntimeEnv(result: Pick<InfisicalRuntimeHydrationResult, "values">, targetEnv: InfisicalRuntimeEnv, options?: {
|
|
39
|
+
overrideExisting?: boolean;
|
|
40
|
+
}): void;
|
|
41
|
+
|
|
42
|
+
export { type InfisicalRuntimeBootstrapConfig, type InfisicalRuntimeEnv, InfisicalRuntimeError, type InfisicalRuntimeFetch, type InfisicalRuntimeHydrateOptions, type InfisicalRuntimeHydrationResult, applyInfisicalRuntimeEnv, hydrateInfisicalRuntimeEnv, isInfisicalRuntimeDisabled, readInfisicalRuntimeBootstrap };
|
|
@@ -0,0 +1,291 @@
|
|
|
1
|
+
import { INFISICAL_RUNTIME_MANIFEST, INFISICAL_RUNTIME_DEFAULT_PROJECT_ID, INFISICAL_RUNTIME_DEFAULT_API_URL, findInfisicalRuntimeSurface, findInfisicalRuntimePath } from '@lucern/contracts';
|
|
2
|
+
|
|
3
|
+
// src/infisicalRuntime.ts
|
|
4
|
+
var InfisicalRuntimeError = class extends Error {
|
|
5
|
+
code;
|
|
6
|
+
status;
|
|
7
|
+
constructor(args) {
|
|
8
|
+
super(args.message);
|
|
9
|
+
this.name = "InfisicalRuntimeError";
|
|
10
|
+
this.code = args.code;
|
|
11
|
+
this.status = args.status;
|
|
12
|
+
}
|
|
13
|
+
};
|
|
14
|
+
function readInfisicalRuntimeBootstrap(env = {}, overrides = {}) {
|
|
15
|
+
if (isInfisicalRuntimeDisabled(env)) {
|
|
16
|
+
return null;
|
|
17
|
+
}
|
|
18
|
+
const bootstrapEnv = INFISICAL_RUNTIME_MANIFEST.bootstrapEnv;
|
|
19
|
+
const clientId = overrides.clientId ?? readFirst(env, bootstrapEnv.clientId);
|
|
20
|
+
const clientSecret = overrides.clientSecret ?? readFirst(env, bootstrapEnv.clientSecret);
|
|
21
|
+
const hasAuthSignal = Boolean(clientId || clientSecret);
|
|
22
|
+
if (!hasAuthSignal) {
|
|
23
|
+
return null;
|
|
24
|
+
}
|
|
25
|
+
if (!clientId || !clientSecret) {
|
|
26
|
+
throw new InfisicalRuntimeError({
|
|
27
|
+
code: "INFISICAL_BOOTSTRAP_INCOMPLETE",
|
|
28
|
+
message: "Infisical runtime bootstrap requires both INFISICAL_CLIENT_ID and INFISICAL_CLIENT_SECRET."
|
|
29
|
+
});
|
|
30
|
+
}
|
|
31
|
+
return {
|
|
32
|
+
apiUrl: overrides.apiUrl ?? readFirst(env, bootstrapEnv.apiUrl) ?? INFISICAL_RUNTIME_DEFAULT_API_URL,
|
|
33
|
+
projectId: overrides.projectId ?? readFirst(env, bootstrapEnv.projectId) ?? INFISICAL_RUNTIME_DEFAULT_PROJECT_ID,
|
|
34
|
+
clientId,
|
|
35
|
+
clientSecret,
|
|
36
|
+
environment: normalizeInfisicalEnvironment(
|
|
37
|
+
overrides.environment ?? readFirst(env, bootstrapEnv.environment)
|
|
38
|
+
),
|
|
39
|
+
organizationSlug: overrides.organizationSlug ?? readFirst(env, bootstrapEnv.organizationSlug)
|
|
40
|
+
};
|
|
41
|
+
}
|
|
42
|
+
function isInfisicalRuntimeDisabled(env = {}) {
|
|
43
|
+
return INFISICAL_RUNTIME_MANIFEST.bootstrapEnv.disabled.some(
|
|
44
|
+
(name) => isTruthyEnv(env[name])
|
|
45
|
+
);
|
|
46
|
+
}
|
|
47
|
+
async function hydrateInfisicalRuntimeEnv(options) {
|
|
48
|
+
const env = options.env ?? {};
|
|
49
|
+
const bootstrap = mergeBootstrap(
|
|
50
|
+
readInfisicalRuntimeBootstrap(env, options.bootstrap),
|
|
51
|
+
options.bootstrap
|
|
52
|
+
);
|
|
53
|
+
if (!bootstrap) {
|
|
54
|
+
return {
|
|
55
|
+
status: "disabled",
|
|
56
|
+
surfaceId: options.surfaceId,
|
|
57
|
+
values: {},
|
|
58
|
+
sourcePaths: []
|
|
59
|
+
};
|
|
60
|
+
}
|
|
61
|
+
const surface = findInfisicalRuntimeSurface(options.surfaceId);
|
|
62
|
+
if (!surface) {
|
|
63
|
+
throw new InfisicalRuntimeError({
|
|
64
|
+
code: "INFISICAL_UNKNOWN_SURFACE",
|
|
65
|
+
message: `Unknown Lucern Infisical runtime surface: ${options.surfaceId}.`
|
|
66
|
+
});
|
|
67
|
+
}
|
|
68
|
+
if (surface.delivery !== "runtime_fetch") {
|
|
69
|
+
throw new InfisicalRuntimeError({
|
|
70
|
+
code: "INFISICAL_UNSUPPORTED_SURFACE_DELIVERY",
|
|
71
|
+
message: `${surface.id} uses ${surface.delivery}; runtime fetch is only valid for runtime_fetch surfaces.`
|
|
72
|
+
});
|
|
73
|
+
}
|
|
74
|
+
const fetchImpl = options.fetchImpl ?? globalThis.fetch;
|
|
75
|
+
if (typeof fetchImpl !== "function") {
|
|
76
|
+
throw new InfisicalRuntimeError({
|
|
77
|
+
code: "INFISICAL_FETCH_UNAVAILABLE",
|
|
78
|
+
message: "No fetch implementation is available for Infisical runtime hydration."
|
|
79
|
+
});
|
|
80
|
+
}
|
|
81
|
+
const token = await loginWithUniversalAuth(bootstrap, fetchImpl);
|
|
82
|
+
const values = {};
|
|
83
|
+
const missingRequired = [];
|
|
84
|
+
const sourcePaths = [];
|
|
85
|
+
for (const pathId of surface.sourcePathIds) {
|
|
86
|
+
const path = findInfisicalRuntimePath(pathId);
|
|
87
|
+
if (!path) {
|
|
88
|
+
throw new InfisicalRuntimeError({
|
|
89
|
+
code: "INFISICAL_UNKNOWN_PATH",
|
|
90
|
+
message: `Unknown Lucern Infisical runtime path: ${pathId}.`
|
|
91
|
+
});
|
|
92
|
+
}
|
|
93
|
+
sourcePaths.push(path.secretPath);
|
|
94
|
+
for (const variable of path.variables) {
|
|
95
|
+
const runtimeVariable = variable;
|
|
96
|
+
const secretValue = await readVariableSecret({
|
|
97
|
+
bootstrap,
|
|
98
|
+
fetchImpl,
|
|
99
|
+
token,
|
|
100
|
+
secretPath: path.secretPath,
|
|
101
|
+
variable: runtimeVariable
|
|
102
|
+
});
|
|
103
|
+
if (!secretValue) {
|
|
104
|
+
if (runtimeVariable.required) {
|
|
105
|
+
missingRequired.push(runtimeVariable.name);
|
|
106
|
+
}
|
|
107
|
+
continue;
|
|
108
|
+
}
|
|
109
|
+
values[runtimeVariable.name] = secretValue.value;
|
|
110
|
+
for (const alias of runtimeVariable.aliases ?? []) {
|
|
111
|
+
values[alias] = secretValue.value;
|
|
112
|
+
}
|
|
113
|
+
}
|
|
114
|
+
}
|
|
115
|
+
if (missingRequired.length > 0) {
|
|
116
|
+
throw new InfisicalRuntimeError({
|
|
117
|
+
code: "INFISICAL_REQUIRED_SECRETS_MISSING",
|
|
118
|
+
message: `Missing required Infisical runtime secrets: ${missingRequired.join(", ")}.`
|
|
119
|
+
});
|
|
120
|
+
}
|
|
121
|
+
return {
|
|
122
|
+
status: "hydrated",
|
|
123
|
+
surfaceId: options.surfaceId,
|
|
124
|
+
environment: bootstrap.environment,
|
|
125
|
+
values,
|
|
126
|
+
sourcePaths
|
|
127
|
+
};
|
|
128
|
+
}
|
|
129
|
+
function applyInfisicalRuntimeEnv(result, targetEnv, options = {}) {
|
|
130
|
+
for (const [key, value] of Object.entries(result.values)) {
|
|
131
|
+
if (options.overrideExisting || !targetEnv[key]) {
|
|
132
|
+
targetEnv[key] = value;
|
|
133
|
+
}
|
|
134
|
+
}
|
|
135
|
+
}
|
|
136
|
+
function normalizeInfisicalEnvironment(value) {
|
|
137
|
+
if (value === "dev" || value === "staging" || value === "prod") {
|
|
138
|
+
return value;
|
|
139
|
+
}
|
|
140
|
+
if (value === "development") {
|
|
141
|
+
return "dev";
|
|
142
|
+
}
|
|
143
|
+
if (value === "production") {
|
|
144
|
+
return "prod";
|
|
145
|
+
}
|
|
146
|
+
return "prod";
|
|
147
|
+
}
|
|
148
|
+
function mergeBootstrap(base, overrides) {
|
|
149
|
+
if (!base) {
|
|
150
|
+
return null;
|
|
151
|
+
}
|
|
152
|
+
return {
|
|
153
|
+
...base,
|
|
154
|
+
...compact(overrides ?? {}),
|
|
155
|
+
apiUrl: trimTrailingSlash(overrides?.apiUrl ?? base.apiUrl)
|
|
156
|
+
};
|
|
157
|
+
}
|
|
158
|
+
async function loginWithUniversalAuth(bootstrap, fetchImpl) {
|
|
159
|
+
const response = await fetchImpl(
|
|
160
|
+
`${trimTrailingSlash(bootstrap.apiUrl)}/api/v1/auth/universal-auth/login`,
|
|
161
|
+
{
|
|
162
|
+
method: "POST",
|
|
163
|
+
headers: {
|
|
164
|
+
"Content-Type": "application/json"
|
|
165
|
+
},
|
|
166
|
+
body: JSON.stringify({
|
|
167
|
+
clientId: bootstrap.clientId,
|
|
168
|
+
clientSecret: bootstrap.clientSecret,
|
|
169
|
+
...bootstrap.organizationSlug ? { organizationSlug: bootstrap.organizationSlug } : {}
|
|
170
|
+
})
|
|
171
|
+
}
|
|
172
|
+
);
|
|
173
|
+
const body = await readJson(response);
|
|
174
|
+
if (!response.ok) {
|
|
175
|
+
throw new InfisicalRuntimeError({
|
|
176
|
+
code: "INFISICAL_UNIVERSAL_AUTH_FAILED",
|
|
177
|
+
status: response.status,
|
|
178
|
+
message: `Infisical Universal Auth failed with HTTP ${response.status}: ${messageFromBody(body)}`
|
|
179
|
+
});
|
|
180
|
+
}
|
|
181
|
+
const accessToken = readNestedString(body, ["accessToken"]);
|
|
182
|
+
if (!accessToken) {
|
|
183
|
+
throw new InfisicalRuntimeError({
|
|
184
|
+
code: "INFISICAL_UNIVERSAL_AUTH_INVALID_RESPONSE",
|
|
185
|
+
message: "Infisical Universal Auth response did not include accessToken."
|
|
186
|
+
});
|
|
187
|
+
}
|
|
188
|
+
return accessToken;
|
|
189
|
+
}
|
|
190
|
+
async function readVariableSecret(args) {
|
|
191
|
+
const names = [args.variable.name, ...args.variable.aliases ?? []];
|
|
192
|
+
for (const name of names) {
|
|
193
|
+
const value = await readSecretValue({
|
|
194
|
+
bootstrap: args.bootstrap,
|
|
195
|
+
fetchImpl: args.fetchImpl,
|
|
196
|
+
token: args.token,
|
|
197
|
+
secretPath: args.secretPath,
|
|
198
|
+
name,
|
|
199
|
+
optional: true
|
|
200
|
+
});
|
|
201
|
+
if (value) {
|
|
202
|
+
return { name, value };
|
|
203
|
+
}
|
|
204
|
+
}
|
|
205
|
+
return null;
|
|
206
|
+
}
|
|
207
|
+
async function readSecretValue(args) {
|
|
208
|
+
const params = new URLSearchParams({
|
|
209
|
+
projectId: args.bootstrap.projectId,
|
|
210
|
+
environment: args.bootstrap.environment,
|
|
211
|
+
secretPath: args.secretPath,
|
|
212
|
+
type: "shared",
|
|
213
|
+
viewSecretValue: "true",
|
|
214
|
+
expandSecretReferences: "true",
|
|
215
|
+
includeImports: "true"
|
|
216
|
+
});
|
|
217
|
+
const response = await args.fetchImpl(
|
|
218
|
+
`${trimTrailingSlash(args.bootstrap.apiUrl)}/api/v4/secrets/${encodeURIComponent(args.name)}?${params.toString()}`,
|
|
219
|
+
{
|
|
220
|
+
method: "GET",
|
|
221
|
+
headers: {
|
|
222
|
+
Authorization: `Bearer ${args.token}`
|
|
223
|
+
}
|
|
224
|
+
}
|
|
225
|
+
);
|
|
226
|
+
const body = await readJson(response);
|
|
227
|
+
if (response.status === 404 && args.optional) {
|
|
228
|
+
return null;
|
|
229
|
+
}
|
|
230
|
+
if (!response.ok) {
|
|
231
|
+
throw new InfisicalRuntimeError({
|
|
232
|
+
code: "INFISICAL_SECRET_READ_FAILED",
|
|
233
|
+
status: response.status,
|
|
234
|
+
message: `Infisical secret ${args.name} read failed with HTTP ${response.status}: ${messageFromBody(body)}`
|
|
235
|
+
});
|
|
236
|
+
}
|
|
237
|
+
return readNestedString(body, ["secret", "secretValue"]);
|
|
238
|
+
}
|
|
239
|
+
async function readJson(response) {
|
|
240
|
+
try {
|
|
241
|
+
return await response.json();
|
|
242
|
+
} catch {
|
|
243
|
+
return void 0;
|
|
244
|
+
}
|
|
245
|
+
}
|
|
246
|
+
function readNestedString(value, path) {
|
|
247
|
+
let current = value;
|
|
248
|
+
for (const key of path) {
|
|
249
|
+
if (!current || typeof current !== "object" || !(key in current)) {
|
|
250
|
+
return null;
|
|
251
|
+
}
|
|
252
|
+
current = current[key];
|
|
253
|
+
}
|
|
254
|
+
return typeof current === "string" && current.length > 0 ? current : null;
|
|
255
|
+
}
|
|
256
|
+
function messageFromBody(body) {
|
|
257
|
+
if (!body || typeof body !== "object") {
|
|
258
|
+
return "no response body";
|
|
259
|
+
}
|
|
260
|
+
const record = body;
|
|
261
|
+
for (const key of ["message", "error", "errorMessage"]) {
|
|
262
|
+
if (typeof record[key] === "string") {
|
|
263
|
+
return record[key];
|
|
264
|
+
}
|
|
265
|
+
}
|
|
266
|
+
return JSON.stringify(body);
|
|
267
|
+
}
|
|
268
|
+
function readFirst(env, names) {
|
|
269
|
+
for (const name of names) {
|
|
270
|
+
const value = env[name]?.trim();
|
|
271
|
+
if (value) {
|
|
272
|
+
return value;
|
|
273
|
+
}
|
|
274
|
+
}
|
|
275
|
+
return void 0;
|
|
276
|
+
}
|
|
277
|
+
function isTruthyEnv(value) {
|
|
278
|
+
return ["1", "true", "yes", "on"].includes(value?.toLowerCase() ?? "");
|
|
279
|
+
}
|
|
280
|
+
function trimTrailingSlash(value) {
|
|
281
|
+
return value.replace(/\/+$/u, "");
|
|
282
|
+
}
|
|
283
|
+
function compact(value) {
|
|
284
|
+
return Object.fromEntries(
|
|
285
|
+
Object.entries(value).filter(([, entry]) => entry !== void 0)
|
|
286
|
+
);
|
|
287
|
+
}
|
|
288
|
+
|
|
289
|
+
export { InfisicalRuntimeError, applyInfisicalRuntimeEnv, hydrateInfisicalRuntimeEnv, isInfisicalRuntimeDisabled, readInfisicalRuntimeBootstrap };
|
|
290
|
+
//# sourceMappingURL=infisicalRuntime.js.map
|
|
291
|
+
//# sourceMappingURL=infisicalRuntime.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../src/infisicalRuntime.ts"],"names":[],"mappings":";;;AA0CO,IAAM,qBAAA,GAAN,cAAoC,KAAA,CAAM;AAAA,EACtC,IAAA;AAAA,EACA,MAAA;AAAA,EAET,YAAY,IAAA,EAA0D;AACpE,IAAA,KAAA,CAAM,KAAK,OAAO,CAAA;AAClB,IAAA,IAAA,CAAK,IAAA,GAAO,uBAAA;AACZ,IAAA,IAAA,CAAK,OAAO,IAAA,CAAK,IAAA;AACjB,IAAA,IAAA,CAAK,SAAS,IAAA,CAAK,MAAA;AAAA,EACrB;AACF;AAEO,SAAS,8BACd,GAAA,GAA2B,EAAC,EAC5B,SAAA,GAAsD,EAAC,EACf;AACxC,EAAA,IAAI,0BAAA,CAA2B,GAAG,CAAA,EAAG;AACnC,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,MAAM,eAAe,0BAAA,CAA2B,YAAA;AAChD,EAAA,MAAM,WAAW,SAAA,CAAU,QAAA,IAAY,SAAA,CAAU,GAAA,EAAK,aAAa,QAAQ,CAAA;AAC3E,EAAA,MAAM,eACJ,SAAA,CAAU,YAAA,IAAgB,SAAA,CAAU,GAAA,EAAK,aAAa,YAAY,CAAA;AACpE,EAAA,MAAM,aAAA,GAAgB,OAAA,CAAQ,QAAA,IAAY,YAAY,CAAA;AAEtD,EAAA,IAAI,CAAC,aAAA,EAAe;AAClB,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,IAAI,CAAC,QAAA,IAAY,CAAC,YAAA,EAAc;AAC9B,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,IAAA,EAAM,gCAAA;AAAA,MACN,OAAA,EACE;AAAA,KACH,CAAA;AAAA,EACH;AAEA,EAAA,OAAO;AAAA,IACL,QACE,SAAA,CAAU,MAAA,IACV,UAAU,GAAA,EAAK,YAAA,CAAa,MAAM,CAAA,IAClC,iCAAA;AAAA,IACF,WACE,SAAA,CAAU,SAAA,IACV,UAAU,GAAA,EAAK,YAAA,CAAa,SAAS,CAAA,IACrC,oCAAA;AAAA,IACF,QAAA;AAAA,IACA,YAAA;AAAA,IACA,WAAA,EAAa,6BAAA;AAAA,MACX,SAAA,CAAU,WAAA,IAAe,SAAA,CAAU,GAAA,EAAK,aAAa,WAAW;AAAA,KAClE;AAAA,IACA,kBACE,SAAA,CAAU,gBAAA,IACV,SAAA,CAAU,GAAA,EAAK,aAAa,gBAAgB;AAAA,GAChD;AACF;AAEO,SAAS,0BAAA,CACd,GAAA,GAA2B,EAAC,EACnB;AACT,EAAA,OAAO,0BAAA,CAA2B,aAAa,QAAA,CAAS,IAAA;AAAA,IAAK,CAAC,IAAA,KAC5D,WAAA,CAAY,GAAA,CAAI,IAAI,CAAC;AAAA,GACvB;AACF;AAEA,eAAsB,2BACpB,OAAA,EAC0C;AAC1C,EAAA,MAAM,GAAA,GAAM,OAAA,CAAQ,GAAA,IAAO,EAAC;AAC5B,EAAA,MAAM,SAAA,GAAY,cAAA;AAAA,IAChB,6BAAA,CAA8B,GAAA,EAAK,OAAA,CAAQ,SAAS,CAAA;AAAA,IACpD,OAAA,CAAQ;AAAA,GACV;AACA,EAAA,IAAI,CAAC,SAAA,EAAW;AACd,IAAA,OAAO;AAAA,MACL,MAAA,EAAQ,UAAA;AAAA,MACR,WAAW,OAAA,CAAQ,SAAA;AAAA,MACnB,QAAQ,EAAC;AAAA,MACT,aAAa;AAAC,KAChB;AAAA,EACF;AAEA,EAAA,MAAM,OAAA,GAAU,2BAAA,CAA4B,OAAA,CAAQ,SAAS,CAAA;AAC7D,EAAA,IAAI,CAAC,OAAA,EAAS;AACZ,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,IAAA,EAAM,2BAAA;AAAA,MACN,OAAA,EAAS,CAAA,0CAAA,EAA6C,OAAA,CAAQ,SAAS,CAAA,CAAA;AAAA,KACxE,CAAA;AAAA,EACH;AACA,EAAA,IAAI,OAAA,CAAQ,aAAa,eAAA,EAAiB;AACxC,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,IAAA,EAAM,wCAAA;AAAA,MACN,SAAS,CAAA,EAAG,OAAA,CAAQ,EAAE,CAAA,MAAA,EAAS,QAAQ,QAAQ,CAAA,yDAAA;AAAA,KAChD,CAAA;AAAA,EACH;AAEA,EAAA,MAAM,SAAA,GAAY,OAAA,CAAQ,SAAA,IAAa,UAAA,CAAW,KAAA;AAClD,EAAA,IAAI,OAAO,cAAc,UAAA,EAAY;AACnC,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,IAAA,EAAM,6BAAA;AAAA,MACN,OAAA,EACE;AAAA,KACH,CAAA;AAAA,EACH;AAEA,EAAA,MAAM,KAAA,GAAQ,MAAM,sBAAA,CAAuB,SAAA,EAAW,SAAS,CAAA;AAC/D,EAAA,MAAM,SAAiC,EAAC;AACxC,EAAA,MAAM,kBAA4B,EAAC;AACnC,EAAA,MAAM,cAAwB,EAAC;AAE/B,EAAA,KAAA,MAAW,MAAA,IAAU,QAAQ,aAAA,EAAe;AAC1C,IAAA,MAAM,IAAA,GAAO,yBAAyB,MAAM,CAAA;AAC5C,IAAA,IAAI,CAAC,IAAA,EAAM;AACT,MAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,QAC9B,IAAA,EAAM,wBAAA;AAAA,QACN,OAAA,EAAS,0CAA0C,MAAM,CAAA,CAAA;AAAA,OAC1D,CAAA;AAAA,IACH;AACA,IAAA,WAAA,CAAY,IAAA,CAAK,KAAK,UAAU,CAAA;AAEhC,IAAA,KAAA,MAAW,QAAA,IAAY,KAAK,SAAA,EAAW;AACrC,MAAA,MAAM,eAAA,GAA4C,QAAA;AAClD,MAAA,MAAM,WAAA,GAAc,MAAM,kBAAA,CAAmB;AAAA,QAC3C,SAAA;AAAA,QACA,SAAA;AAAA,QACA,KAAA;AAAA,QACA,YAAY,IAAA,CAAK,UAAA;AAAA,QACjB,QAAA,EAAU;AAAA,OACX,CAAA;AAED,MAAA,IAAI,CAAC,WAAA,EAAa;AAChB,QAAA,IAAI,gBAAgB,QAAA,EAAU;AAC5B,UAAA,eAAA,CAAgB,IAAA,CAAK,gBAAgB,IAAI,CAAA;AAAA,QAC3C;AACA,QAAA;AAAA,MACF;AAEA,MAAA,MAAA,CAAO,eAAA,CAAgB,IAAI,CAAA,GAAI,WAAA,CAAY,KAAA;AAC3C,MAAA,KAAA,MAAW,KAAA,IAAS,eAAA,CAAgB,OAAA,IAAW,EAAC,EAAG;AACjD,QAAA,MAAA,CAAO,KAAK,IAAI,WAAA,CAAY,KAAA;AAAA,MAC9B;AAAA,IACF;AAAA,EACF;AAEA,EAAA,IAAI,eAAA,CAAgB,SAAS,CAAA,EAAG;AAC9B,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,IAAA,EAAM,oCAAA;AAAA,MACN,OAAA,EAAS,CAAA,4CAAA,EAA+C,eAAA,CAAgB,IAAA,CAAK,IAAI,CAAC,CAAA,CAAA;AAAA,KACnF,CAAA;AAAA,EACH;AAEA,EAAA,OAAO;AAAA,IACL,MAAA,EAAQ,UAAA;AAAA,IACR,WAAW,OAAA,CAAQ,SAAA;AAAA,IACnB,aAAa,SAAA,CAAU,WAAA;AAAA,IACvB,MAAA;AAAA,IACA;AAAA,GACF;AACF;AAEO,SAAS,wBAAA,CACd,MAAA,EACA,SAAA,EACA,OAAA,GAA0C,EAAC,EACrC;AACN,EAAA,KAAA,MAAW,CAAC,KAAK,KAAK,CAAA,IAAK,OAAO,OAAA,CAAQ,MAAA,CAAO,MAAM,CAAA,EAAG;AACxD,IAAA,IAAI,OAAA,CAAQ,gBAAA,IAAoB,CAAC,SAAA,CAAU,GAAG,CAAA,EAAG;AAC/C,MAAA,SAAA,CAAU,GAAG,CAAA,GAAI,KAAA;AAAA,IACnB;AAAA,EACF;AACF;AAEA,SAAS,8BACP,KAAA,EAC6B;AAC7B,EAAA,IAAI,KAAA,KAAU,KAAA,IAAS,KAAA,KAAU,SAAA,IAAa,UAAU,MAAA,EAAQ;AAC9D,IAAA,OAAO,KAAA;AAAA,EACT;AACA,EAAA,IAAI,UAAU,aAAA,EAAe;AAC3B,IAAA,OAAO,KAAA;AAAA,EACT;AACA,EAAA,IAAI,UAAU,YAAA,EAAc;AAC1B,IAAA,OAAO,MAAA;AAAA,EACT;AACA,EAAA,OAAO,MAAA;AACT;AAEA,SAAS,cAAA,CACP,MACA,SAAA,EACwC;AACxC,EAAA,IAAI,CAAC,IAAA,EAAM;AACT,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,OAAO;AAAA,IACL,GAAG,IAAA;AAAA,IACH,GAAG,OAAA,CAAQ,SAAA,IAAa,EAAE,CAAA;AAAA,IAC1B,MAAA,EAAQ,iBAAA,CAAkB,SAAA,EAAW,MAAA,IAAU,KAAK,MAAM;AAAA,GAC5D;AACF;AAEA,eAAe,sBAAA,CACb,WACA,SAAA,EACiB;AACjB,EAAA,MAAM,WAAW,MAAM,SAAA;AAAA,IACrB,CAAA,EAAG,iBAAA,CAAkB,SAAA,CAAU,MAAM,CAAC,CAAA,iCAAA,CAAA;AAAA,IACtC;AAAA,MACE,MAAA,EAAQ,MAAA;AAAA,MACR,OAAA,EAAS;AAAA,QACP,cAAA,EAAgB;AAAA,OAClB;AAAA,MACA,IAAA,EAAM,KAAK,SAAA,CAAU;AAAA,QACnB,UAAU,SAAA,CAAU,QAAA;AAAA,QACpB,cAAc,SAAA,CAAU,YAAA;AAAA,QACxB,GAAI,UAAU,gBAAA,GACV,EAAE,kBAAkB,SAAA,CAAU,gBAAA,KAC9B;AAAC,OACN;AAAA;AACH,GACF;AAEA,EAAA,MAAM,IAAA,GAAO,MAAM,QAAA,CAAS,QAAQ,CAAA;AACpC,EAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,IAAA,EAAM,iCAAA;AAAA,MACN,QAAQ,QAAA,CAAS,MAAA;AAAA,MACjB,SAAS,CAAA,0CAAA,EAA6C,QAAA,CAAS,MAAM,CAAA,EAAA,EAAK,eAAA,CAAgB,IAAI,CAAC,CAAA;AAAA,KAChG,CAAA;AAAA,EACH;AAEA,EAAA,MAAM,WAAA,GAAc,gBAAA,CAAiB,IAAA,EAAM,CAAC,aAAa,CAAC,CAAA;AAC1D,EAAA,IAAI,CAAC,WAAA,EAAa;AAChB,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,IAAA,EAAM,2CAAA;AAAA,MACN,OAAA,EAAS;AAAA,KACV,CAAA;AAAA,EACH;AACA,EAAA,OAAO,WAAA;AACT;AAEA,eAAe,mBAAmB,IAAA,EAMkB;AAClD,EAAA,MAAM,KAAA,GAAQ,CAAC,IAAA,CAAK,QAAA,CAAS,IAAA,EAAM,GAAI,IAAA,CAAK,QAAA,CAAS,OAAA,IAAW,EAAG,CAAA;AACnE,EAAA,KAAA,MAAW,QAAQ,KAAA,EAAO;AACxB,IAAA,MAAM,KAAA,GAAQ,MAAM,eAAA,CAAgB;AAAA,MAClC,WAAW,IAAA,CAAK,SAAA;AAAA,MAChB,WAAW,IAAA,CAAK,SAAA;AAAA,MAChB,OAAO,IAAA,CAAK,KAAA;AAAA,MACZ,YAAY,IAAA,CAAK,UAAA;AAAA,MACjB,IAAA;AAAA,MACA,QAAA,EAAU;AAAA,KACX,CAAA;AACD,IAAA,IAAI,KAAA,EAAO;AACT,MAAA,OAAO,EAAE,MAAM,KAAA,EAAM;AAAA,IACvB;AAAA,EACF;AACA,EAAA,OAAO,IAAA;AACT;AAEA,eAAe,gBAAgB,IAAA,EAOJ;AACzB,EAAA,MAAM,MAAA,GAAS,IAAI,eAAA,CAAgB;AAAA,IACjC,SAAA,EAAW,KAAK,SAAA,CAAU,SAAA;AAAA,IAC1B,WAAA,EAAa,KAAK,SAAA,CAAU,WAAA;AAAA,IAC5B,YAAY,IAAA,CAAK,UAAA;AAAA,IACjB,IAAA,EAAM,QAAA;AAAA,IACN,eAAA,EAAiB,MAAA;AAAA,IACjB,sBAAA,EAAwB,MAAA;AAAA,IACxB,cAAA,EAAgB;AAAA,GACjB,CAAA;AACD,EAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,SAAA;AAAA,IAC1B,CAAA,EAAG,iBAAA,CAAkB,IAAA,CAAK,SAAA,CAAU,MAAM,CAAC,CAAA,gBAAA,EAAmB,kBAAA,CAAmB,IAAA,CAAK,IAAI,CAAC,CAAA,CAAA,EAAI,MAAA,CAAO,UAAU,CAAA,CAAA;AAAA,IAChH;AAAA,MACE,MAAA,EAAQ,KAAA;AAAA,MACR,OAAA,EAAS;AAAA,QACP,aAAA,EAAe,CAAA,OAAA,EAAU,IAAA,CAAK,KAAK,CAAA;AAAA;AACrC;AACF,GACF;AAEA,EAAA,MAAM,IAAA,GAAO,MAAM,QAAA,CAAS,QAAQ,CAAA;AACpC,EAAA,IAAI,QAAA,CAAS,MAAA,KAAW,GAAA,IAAO,IAAA,CAAK,QAAA,EAAU;AAC5C,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,IAAA,EAAM,8BAAA;AAAA,MACN,QAAQ,QAAA,CAAS,MAAA;AAAA,MACjB,OAAA,EAAS,CAAA,iBAAA,EAAoB,IAAA,CAAK,IAAI,CAAA,uBAAA,EAA0B,SAAS,MAAM,CAAA,EAAA,EAAK,eAAA,CAAgB,IAAI,CAAC,CAAA;AAAA,KAC1G,CAAA;AAAA,EACH;AAEA,EAAA,OAAO,gBAAA,CAAiB,IAAA,EAAM,CAAC,QAAA,EAAU,aAAa,CAAC,CAAA;AACzD;AAEA,eAAe,SAAS,QAAA,EAAsC;AAC5D,EAAA,IAAI;AACF,IAAA,OAAO,MAAM,SAAS,IAAA,EAAK;AAAA,EAC7B,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,MAAA;AAAA,EACT;AACF;AAEA,SAAS,gBAAA,CAAiB,OAAgB,IAAA,EAAwC;AAChF,EAAA,IAAI,OAAA,GAAmB,KAAA;AACvB,EAAA,KAAA,MAAW,OAAO,IAAA,EAAM;AACtB,IAAA,IAAI,CAAC,OAAA,IAAW,OAAO,YAAY,QAAA,IAAY,EAAE,OAAO,OAAA,CAAA,EAAU;AAChE,MAAA,OAAO,IAAA;AAAA,IACT;AACA,IAAA,OAAA,GAAW,QAAoC,GAAG,CAAA;AAAA,EACpD;AACA,EAAA,OAAO,OAAO,OAAA,KAAY,QAAA,IAAY,OAAA,CAAQ,MAAA,GAAS,IAAI,OAAA,GAAU,IAAA;AACvE;AAEA,SAAS,gBAAgB,IAAA,EAAuB;AAC9C,EAAA,IAAI,CAAC,IAAA,IAAQ,OAAO,IAAA,KAAS,QAAA,EAAU;AACrC,IAAA,OAAO,kBAAA;AAAA,EACT;AACA,EAAA,MAAM,MAAA,GAAS,IAAA;AACf,EAAA,KAAA,MAAW,GAAA,IAAO,CAAC,SAAA,EAAW,OAAA,EAAS,cAAc,CAAA,EAAG;AACtD,IAAA,IAAI,OAAO,MAAA,CAAO,GAAG,CAAA,KAAM,QAAA,EAAU;AACnC,MAAA,OAAO,OAAO,GAAG,CAAA;AAAA,IACnB;AAAA,EACF;AACA,EAAA,OAAO,IAAA,CAAK,UAAU,IAAI,CAAA;AAC5B;AAEA,SAAS,SAAA,CACP,KACA,KAAA,EACoB;AACpB,EAAA,KAAA,MAAW,QAAQ,KAAA,EAAO;AACxB,IAAA,MAAM,KAAA,GAAQ,GAAA,CAAI,IAAI,CAAA,EAAG,IAAA,EAAK;AAC9B,IAAA,IAAI,KAAA,EAAO;AACT,MAAA,OAAO,KAAA;AAAA,IACT;AAAA,EACF;AACA,EAAA,OAAO,MAAA;AACT;AAEA,SAAS,YAAY,KAAA,EAAoC;AACvD,EAAA,OAAO,CAAC,GAAA,EAAK,MAAA,EAAQ,KAAA,EAAO,IAAI,EAAE,QAAA,CAAS,KAAA,EAAO,WAAA,EAAY,IAAK,EAAE,CAAA;AACvE;AAEA,SAAS,kBAAkB,KAAA,EAAuB;AAChD,EAAA,OAAO,KAAA,CAAM,OAAA,CAAQ,OAAA,EAAS,EAAE,CAAA;AAClC;AAEA,SAAS,QAA2C,KAAA,EAAsB;AACxE,EAAA,OAAO,MAAA,CAAO,WAAA;AAAA,IACZ,MAAA,CAAO,OAAA,CAAQ,KAAK,CAAA,CAAE,MAAA,CAAO,CAAC,GAAG,KAAK,CAAA,KAAM,KAAA,KAAU,MAAS;AAAA,GACjE;AACF","file":"infisicalRuntime.js","sourcesContent":["import {\n INFISICAL_RUNTIME_DEFAULT_API_URL,\n INFISICAL_RUNTIME_DEFAULT_PROJECT_ID,\n INFISICAL_RUNTIME_MANIFEST,\n findInfisicalRuntimePath,\n findInfisicalRuntimeSurface,\n type InfisicalRuntimeEnvironment,\n type InfisicalRuntimeSurfaceId,\n type InfisicalRuntimeVariable,\n} from \"@lucern/contracts\";\n\nexport type InfisicalRuntimeEnv = Record<string, string | undefined>;\n\nexport type InfisicalRuntimeFetch = (\n input: string | URL,\n init?: RequestInit\n) => Promise<Response>;\n\nexport type InfisicalRuntimeBootstrapConfig = {\n apiUrl: string;\n projectId: string;\n clientId: string;\n clientSecret: string;\n environment: InfisicalRuntimeEnvironment;\n organizationSlug?: string;\n};\n\nexport type InfisicalRuntimeHydrateOptions = {\n surfaceId: InfisicalRuntimeSurfaceId;\n env?: InfisicalRuntimeEnv;\n fetchImpl?: InfisicalRuntimeFetch;\n bootstrap?: Partial<InfisicalRuntimeBootstrapConfig>;\n};\n\nexport type InfisicalRuntimeHydrationResult = {\n status: \"disabled\" | \"hydrated\";\n surfaceId: InfisicalRuntimeSurfaceId;\n environment?: InfisicalRuntimeEnvironment;\n values: Record<string, string>;\n sourcePaths: string[];\n};\n\nexport class InfisicalRuntimeError extends Error {\n readonly code: string;\n readonly status?: number;\n\n constructor(args: { code: string; message: string; status?: number }) {\n super(args.message);\n this.name = \"InfisicalRuntimeError\";\n this.code = args.code;\n this.status = args.status;\n }\n}\n\nexport function readInfisicalRuntimeBootstrap(\n env: InfisicalRuntimeEnv = {},\n overrides: Partial<InfisicalRuntimeBootstrapConfig> = {}\n): InfisicalRuntimeBootstrapConfig | null {\n if (isInfisicalRuntimeDisabled(env)) {\n return null;\n }\n\n const bootstrapEnv = INFISICAL_RUNTIME_MANIFEST.bootstrapEnv;\n const clientId = overrides.clientId ?? readFirst(env, bootstrapEnv.clientId);\n const clientSecret =\n overrides.clientSecret ?? readFirst(env, bootstrapEnv.clientSecret);\n const hasAuthSignal = Boolean(clientId || clientSecret);\n\n if (!hasAuthSignal) {\n return null;\n }\n\n if (!clientId || !clientSecret) {\n throw new InfisicalRuntimeError({\n code: \"INFISICAL_BOOTSTRAP_INCOMPLETE\",\n message:\n \"Infisical runtime bootstrap requires both INFISICAL_CLIENT_ID and INFISICAL_CLIENT_SECRET.\",\n });\n }\n\n return {\n apiUrl:\n overrides.apiUrl ??\n readFirst(env, bootstrapEnv.apiUrl) ??\n INFISICAL_RUNTIME_DEFAULT_API_URL,\n projectId:\n overrides.projectId ??\n readFirst(env, bootstrapEnv.projectId) ??\n INFISICAL_RUNTIME_DEFAULT_PROJECT_ID,\n clientId,\n clientSecret,\n environment: normalizeInfisicalEnvironment(\n overrides.environment ?? readFirst(env, bootstrapEnv.environment)\n ),\n organizationSlug:\n overrides.organizationSlug ??\n readFirst(env, bootstrapEnv.organizationSlug),\n };\n}\n\nexport function isInfisicalRuntimeDisabled(\n env: InfisicalRuntimeEnv = {}\n): boolean {\n return INFISICAL_RUNTIME_MANIFEST.bootstrapEnv.disabled.some((name) =>\n isTruthyEnv(env[name])\n );\n}\n\nexport async function hydrateInfisicalRuntimeEnv(\n options: InfisicalRuntimeHydrateOptions\n): Promise<InfisicalRuntimeHydrationResult> {\n const env = options.env ?? {};\n const bootstrap = mergeBootstrap(\n readInfisicalRuntimeBootstrap(env, options.bootstrap),\n options.bootstrap\n );\n if (!bootstrap) {\n return {\n status: \"disabled\",\n surfaceId: options.surfaceId,\n values: {},\n sourcePaths: [],\n };\n }\n\n const surface = findInfisicalRuntimeSurface(options.surfaceId);\n if (!surface) {\n throw new InfisicalRuntimeError({\n code: \"INFISICAL_UNKNOWN_SURFACE\",\n message: `Unknown Lucern Infisical runtime surface: ${options.surfaceId}.`,\n });\n }\n if (surface.delivery !== \"runtime_fetch\") {\n throw new InfisicalRuntimeError({\n code: \"INFISICAL_UNSUPPORTED_SURFACE_DELIVERY\",\n message: `${surface.id} uses ${surface.delivery}; runtime fetch is only valid for runtime_fetch surfaces.`,\n });\n }\n\n const fetchImpl = options.fetchImpl ?? globalThis.fetch;\n if (typeof fetchImpl !== \"function\") {\n throw new InfisicalRuntimeError({\n code: \"INFISICAL_FETCH_UNAVAILABLE\",\n message:\n \"No fetch implementation is available for Infisical runtime hydration.\",\n });\n }\n\n const token = await loginWithUniversalAuth(bootstrap, fetchImpl);\n const values: Record<string, string> = {};\n const missingRequired: string[] = [];\n const sourcePaths: string[] = [];\n\n for (const pathId of surface.sourcePathIds) {\n const path = findInfisicalRuntimePath(pathId);\n if (!path) {\n throw new InfisicalRuntimeError({\n code: \"INFISICAL_UNKNOWN_PATH\",\n message: `Unknown Lucern Infisical runtime path: ${pathId}.`,\n });\n }\n sourcePaths.push(path.secretPath);\n\n for (const variable of path.variables) {\n const runtimeVariable: InfisicalRuntimeVariable = variable;\n const secretValue = await readVariableSecret({\n bootstrap,\n fetchImpl,\n token,\n secretPath: path.secretPath,\n variable: runtimeVariable,\n });\n\n if (!secretValue) {\n if (runtimeVariable.required) {\n missingRequired.push(runtimeVariable.name);\n }\n continue;\n }\n\n values[runtimeVariable.name] = secretValue.value;\n for (const alias of runtimeVariable.aliases ?? []) {\n values[alias] = secretValue.value;\n }\n }\n }\n\n if (missingRequired.length > 0) {\n throw new InfisicalRuntimeError({\n code: \"INFISICAL_REQUIRED_SECRETS_MISSING\",\n message: `Missing required Infisical runtime secrets: ${missingRequired.join(\", \")}.`,\n });\n }\n\n return {\n status: \"hydrated\",\n surfaceId: options.surfaceId,\n environment: bootstrap.environment,\n values,\n sourcePaths,\n };\n}\n\nexport function applyInfisicalRuntimeEnv(\n result: Pick<InfisicalRuntimeHydrationResult, \"values\">,\n targetEnv: InfisicalRuntimeEnv,\n options: { overrideExisting?: boolean } = {}\n): void {\n for (const [key, value] of Object.entries(result.values)) {\n if (options.overrideExisting || !targetEnv[key]) {\n targetEnv[key] = value;\n }\n }\n}\n\nfunction normalizeInfisicalEnvironment(\n value: string | undefined\n): InfisicalRuntimeEnvironment {\n if (value === \"dev\" || value === \"staging\" || value === \"prod\") {\n return value;\n }\n if (value === \"development\") {\n return \"dev\";\n }\n if (value === \"production\") {\n return \"prod\";\n }\n return \"prod\";\n}\n\nfunction mergeBootstrap(\n base: InfisicalRuntimeBootstrapConfig | null,\n overrides: Partial<InfisicalRuntimeBootstrapConfig> | undefined\n): InfisicalRuntimeBootstrapConfig | null {\n if (!base) {\n return null;\n }\n return {\n ...base,\n ...compact(overrides ?? {}),\n apiUrl: trimTrailingSlash(overrides?.apiUrl ?? base.apiUrl),\n };\n}\n\nasync function loginWithUniversalAuth(\n bootstrap: InfisicalRuntimeBootstrapConfig,\n fetchImpl: InfisicalRuntimeFetch\n): Promise<string> {\n const response = await fetchImpl(\n `${trimTrailingSlash(bootstrap.apiUrl)}/api/v1/auth/universal-auth/login`,\n {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\",\n },\n body: JSON.stringify({\n clientId: bootstrap.clientId,\n clientSecret: bootstrap.clientSecret,\n ...(bootstrap.organizationSlug\n ? { organizationSlug: bootstrap.organizationSlug }\n : {}),\n }),\n }\n );\n\n const body = await readJson(response);\n if (!response.ok) {\n throw new InfisicalRuntimeError({\n code: \"INFISICAL_UNIVERSAL_AUTH_FAILED\",\n status: response.status,\n message: `Infisical Universal Auth failed with HTTP ${response.status}: ${messageFromBody(body)}`,\n });\n }\n\n const accessToken = readNestedString(body, [\"accessToken\"]);\n if (!accessToken) {\n throw new InfisicalRuntimeError({\n code: \"INFISICAL_UNIVERSAL_AUTH_INVALID_RESPONSE\",\n message: \"Infisical Universal Auth response did not include accessToken.\",\n });\n }\n return accessToken;\n}\n\nasync function readVariableSecret(args: {\n bootstrap: InfisicalRuntimeBootstrapConfig;\n fetchImpl: InfisicalRuntimeFetch;\n token: string;\n secretPath: string;\n variable: InfisicalRuntimeVariable;\n}): Promise<{ name: string; value: string } | null> {\n const names = [args.variable.name, ...(args.variable.aliases ?? [])];\n for (const name of names) {\n const value = await readSecretValue({\n bootstrap: args.bootstrap,\n fetchImpl: args.fetchImpl,\n token: args.token,\n secretPath: args.secretPath,\n name,\n optional: true,\n });\n if (value) {\n return { name, value };\n }\n }\n return null;\n}\n\nasync function readSecretValue(args: {\n bootstrap: InfisicalRuntimeBootstrapConfig;\n fetchImpl: InfisicalRuntimeFetch;\n token: string;\n secretPath: string;\n name: string;\n optional: boolean;\n}): Promise<string | null> {\n const params = new URLSearchParams({\n projectId: args.bootstrap.projectId,\n environment: args.bootstrap.environment,\n secretPath: args.secretPath,\n type: \"shared\",\n viewSecretValue: \"true\",\n expandSecretReferences: \"true\",\n includeImports: \"true\",\n });\n const response = await args.fetchImpl(\n `${trimTrailingSlash(args.bootstrap.apiUrl)}/api/v4/secrets/${encodeURIComponent(args.name)}?${params.toString()}`,\n {\n method: \"GET\",\n headers: {\n Authorization: `Bearer ${args.token}`,\n },\n }\n );\n\n const body = await readJson(response);\n if (response.status === 404 && args.optional) {\n return null;\n }\n if (!response.ok) {\n throw new InfisicalRuntimeError({\n code: \"INFISICAL_SECRET_READ_FAILED\",\n status: response.status,\n message: `Infisical secret ${args.name} read failed with HTTP ${response.status}: ${messageFromBody(body)}`,\n });\n }\n\n return readNestedString(body, [\"secret\", \"secretValue\"]);\n}\n\nasync function readJson(response: Response): Promise<unknown> {\n try {\n return await response.json();\n } catch {\n return undefined;\n }\n}\n\nfunction readNestedString(value: unknown, path: readonly string[]): string | null {\n let current: unknown = value;\n for (const key of path) {\n if (!current || typeof current !== \"object\" || !(key in current)) {\n return null;\n }\n current = (current as Record<string, unknown>)[key];\n }\n return typeof current === \"string\" && current.length > 0 ? current : null;\n}\n\nfunction messageFromBody(body: unknown): string {\n if (!body || typeof body !== \"object\") {\n return \"no response body\";\n }\n const record = body as Record<string, unknown>;\n for (const key of [\"message\", \"error\", \"errorMessage\"]) {\n if (typeof record[key] === \"string\") {\n return record[key];\n }\n }\n return JSON.stringify(body);\n}\n\nfunction readFirst(\n env: InfisicalRuntimeEnv,\n names: readonly string[]\n): string | undefined {\n for (const name of names) {\n const value = env[name]?.trim();\n if (value) {\n return value;\n }\n }\n return undefined;\n}\n\nfunction isTruthyEnv(value: string | undefined): boolean {\n return [\"1\", \"true\", \"yes\", \"on\"].includes(value?.toLowerCase() ?? \"\");\n}\n\nfunction trimTrailingSlash(value: string): string {\n return value.replace(/\\/+$/u, \"\");\n}\n\nfunction compact<T extends Record<string, unknown>>(value: T): Partial<T> {\n return Object.fromEntries(\n Object.entries(value).filter(([, entry]) => entry !== undefined)\n ) as Partial<T>;\n}\n"]}
|
package/dist/jobsClient.js
CHANGED
|
@@ -82,14 +82,15 @@ function normalizeCanonicalLucernAuthContext(input) {
|
|
|
82
82
|
);
|
|
83
83
|
const roles = cleanStringList(input.roles);
|
|
84
84
|
const scopes = cleanStringList(input.scopes);
|
|
85
|
-
|
|
85
|
+
const principalType = requirePrincipalType(input.principalType);
|
|
86
|
+
const authMode = requireAuthMode(input.authMode);
|
|
87
|
+
const roleBasedInteractiveAuth = authMode === "interactive_user" && roles.length > 0;
|
|
88
|
+
if (roles.length === 0 || scopes.length === 0 && !roleBasedInteractiveAuth) {
|
|
86
89
|
throw new LucernSdkAuthContextError(
|
|
87
90
|
"membership_missing",
|
|
88
91
|
"Canonical Lucern SDK auth context requires non-empty roles and scopes."
|
|
89
92
|
);
|
|
90
93
|
}
|
|
91
|
-
const principalType = requirePrincipalType(input.principalType);
|
|
92
|
-
const authMode = requireAuthMode(input.authMode);
|
|
93
94
|
const subject = cleanString(input.permit?.subject) ?? principalId;
|
|
94
95
|
const tenant = cleanString(input.permit?.tenant) ?? tenantId;
|
|
95
96
|
const workspace = cleanString(input.permit?.workspace) ?? workspaceId;
|