@lucern/sdk 1.0.11 → 1.0.12
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +3 -0
- package/dist/.generated +2 -0
- package/dist/accessControl.d.ts +19 -26
- package/dist/accessControl.js +195 -1423
- package/dist/adminClient.d.ts +52 -59
- package/dist/adminClient.js +364 -1142
- package/dist/answersClient.d.ts +5 -14
- package/dist/answersClient.js +19 -737
- package/dist/audience/index.d.ts +18 -18
- package/dist/audience/index.js +87 -90
- package/dist/audiencesClient.d.ts +19 -27
- package/dist/audiencesClient.js +107 -868
- package/dist/auditClient.d.ts +8 -15
- package/dist/auditClient.js +18 -791
- package/dist/authContext.d.ts +11 -16
- package/dist/authContext.js +122 -154
- package/dist/authDeviceClient.d.ts +8 -17
- package/dist/authDeviceClient.js +113 -102
- package/dist/beliefs/index.d.ts +15 -67
- package/dist/beliefs/index.js +17 -10181
- package/dist/beliefs/lifecycle.d.ts +10 -11
- package/dist/beliefs/lifecycle.js +78 -80
- package/dist/beliefsClient.d.ts +26 -32
- package/dist/beliefsClient.js +250 -990
- package/dist/boundaryClientSurface.d.ts +11 -16
- package/dist/boundaryClientSurface.js +49 -68
- package/dist/client.d.ts +64 -112
- package/dist/client.js +232 -10155
- package/dist/clientAssemblyTypes.d.ts +3 -3
- package/dist/clientAssemblyTypes.js +1 -2
- package/dist/clientConfig.d.ts +45 -59
- package/dist/clientConfig.js +1 -2
- package/dist/clientEvidenceCompat.d.ts +7 -14
- package/dist/clientEvidenceCompat.js +50 -64
- package/dist/clientGraphNamespaces.d.ts +3 -5
- package/dist/clientGraphNamespaces.js +170 -245
- package/dist/clientHelpers.d.ts +20 -25
- package/dist/clientHelpers.js +104 -127
- package/dist/clientKnowledgeNamespaces.d.ts +6 -53
- package/dist/clientKnowledgeNamespaces.js +502 -506
- package/dist/clientLocalHelpers.d.ts +11 -56
- package/dist/clientLocalHelpers.js +503 -732
- package/dist/clientPlatformNamespaces.d.ts +5 -53
- package/dist/clientPlatformNamespaces.js +229 -323
- package/dist/clientRuntime.d.ts +5 -53
- package/dist/clientRuntime.js +26 -30
- package/dist/clientWorkflowNamespaces.d.ts +6 -15
- package/dist/clientWorkflowNamespaces.js +529 -596
- package/dist/contextClient.d.ts +9 -17
- package/dist/contextClient.js +92 -805
- package/dist/contextFacade.d.ts +11 -2
- package/dist/contextFacade.js +10 -81
- package/dist/contextPackCompiler.d.ts +10 -11
- package/dist/contextPackCompiler.js +494 -1040
- package/dist/contextPackPolicy.d.ts +14 -15
- package/dist/contextPackPolicy.js +227 -305
- package/dist/contextPackSchema.d.ts +3 -3
- package/dist/contextPackSchema.js +169 -176
- package/dist/contextTypes.d.ts +14 -15
- package/dist/contextTypes.js +1 -2
- package/dist/contracts/api-enums.contract.d.ts +29 -30
- package/dist/contracts/api-enums.contract.js +162 -88
- package/dist/contracts/auth-session.contract.d.ts +13 -14
- package/dist/contracts/auth-session.contract.js +55 -52
- package/dist/contracts/context-pack.contract.d.ts +54 -55
- package/dist/contracts/context-pack.contract.js +160 -88
- package/dist/contracts/contextPack.d.ts +2 -1
- package/dist/contracts/contextPack.js +1 -97
- package/dist/contracts/index.d.ts +11 -12
- package/dist/contracts/index.js +10 -854
- package/dist/contracts/lens-filter.contract.d.ts +9 -10
- package/dist/contracts/lens-filter.contract.js +82 -58
- package/dist/contracts/lens-workflow.contract.d.ts +21 -23
- package/dist/contracts/lens-workflow.contract.js +48 -117
- package/dist/contracts/lensFilter.d.ts +2 -1
- package/dist/contracts/lensFilter.js +1 -71
- package/dist/contracts/lensWorkflow.d.ts +2 -2
- package/dist/contracts/lensWorkflow.js +1 -123
- package/dist/contracts/mcpTools.d.ts +16 -18
- package/dist/contracts/mcpTools.js +89 -123
- package/dist/contracts/prompt.contract.d.ts +4 -5
- package/dist/contracts/prompt.contract.js +23 -10
- package/dist/contracts/prompt.d.ts +2 -1
- package/dist/contracts/prompt.js +1 -11
- package/dist/contracts/sdk-tools.contract.d.ts +2 -1
- package/dist/contracts/sdk-tools.contract.js +1 -2
- package/dist/contracts/sdkTools.d.ts +2 -1
- package/dist/contracts/sdkTools.js +1 -26
- package/dist/contracts/tool-contracts.d.ts +2 -1
- package/dist/contracts/tool-contracts.js +1 -2
- package/dist/contracts/workflow-runtime.contract.d.ts +45 -46
- package/dist/contracts/workflow-runtime.contract.js +241 -228
- package/dist/contracts/workflowRuntime.d.ts +2 -1
- package/dist/contracts/workflowRuntime.js +1 -244
- package/dist/contradictions/index.d.ts +8 -60
- package/dist/contradictions/index.js +11 -10175
- package/dist/control-plane.d.ts +17 -24
- package/dist/control-plane.js +124 -840
- package/dist/controlObjectOwnership.d.ts +19 -20
- package/dist/controlObjectOwnership.js +207 -201
- package/dist/coreClient.d.ts +23 -28
- package/dist/coreClient.js +567 -692
- package/dist/customTools.d.ts +17 -21
- package/dist/customTools.js +221 -221
- package/dist/decisions/index.d.ts +7 -58
- package/dist/decisions/index.js +14 -10177
- package/dist/decisionsClient.d.ts +25 -32
- package/dist/decisionsClient.js +113 -913
- package/dist/domainContext.d.ts +2 -1
- package/dist/domainContext.js +1 -2
- package/dist/edges/index.d.ts +21 -73
- package/dist/edges/index.js +12 -10176
- package/dist/embeddingsClient.d.ts +22 -30
- package/dist/embeddingsClient.js +73 -922
- package/dist/eventingClient.d.ts +23 -31
- package/dist/eventingClient.js +89 -918
- package/dist/events.d.ts +48 -49
- package/dist/events.js +257 -241
- package/dist/eventsCore.d.ts +20 -29
- package/dist/eventsCore.js +86 -830
- package/dist/evidence/index.d.ts +9 -60
- package/dist/evidence/index.js +13 -10176
- package/dist/evidenceClient.d.ts +13 -22
- package/dist/evidenceClient.js +34 -751
- package/dist/facade/context.d.ts +7 -8
- package/dist/facade/context.js +73 -72
- package/dist/functionSurface.d.ts +2 -156
- package/dist/functionSurface.js +1 -1460
- package/dist/functionSurfaceClient.d.ts +2 -9
- package/dist/functionSurfaceClient.js +1 -1460
- package/dist/gatewayFacades.d.ts +79 -296
- package/dist/gatewayFacades.factories.d.ts +209 -14
- package/dist/gatewayFacades.factories.js +561 -2227
- package/dist/gatewayFacades.js +284 -2627
- package/dist/generated/functionSurface.d.ts +149 -0
- package/dist/generated/functionSurface.js +749 -0
- package/dist/graphAnalysisClient.d.ts +41 -49
- package/dist/graphAnalysisClient.js +185 -974
- package/dist/graphClient.d.ts +53 -60
- package/dist/graphClient.js +219 -1090
- package/dist/graphIntel.d.ts +2 -4
- package/dist/graphIntel.js +1 -2
- package/dist/graphIntelligence.d.ts +4 -2
- package/dist/graphIntelligence.js +2 -46
- package/dist/graphRecommendationsClient.d.ts +15 -23
- package/dist/graphRecommendationsClient.js +70 -849
- package/dist/graphStateClassifierClient.d.ts +17 -25
- package/dist/graphStateClassifierClient.js +67 -908
- package/dist/harnessClient.d.ts +40 -47
- package/dist/harnessClient.js +198 -993
- package/dist/identityClient.d.ts +25 -33
- package/dist/identityClient.js +245 -1186
- package/dist/index.d.ts +73 -69
- package/dist/index.js +72 -13313
- package/dist/infisicalRuntime.d.ts +12 -14
- package/dist/infisicalRuntime.js +290 -297
- package/dist/jobsClient.d.ts +24 -32
- package/dist/jobsClient.js +101 -916
- package/dist/learningClient.d.ts +8 -16
- package/dist/learningClient.js +45 -809
- package/dist/lenses/index.d.ts +13 -65
- package/dist/lenses/index.js +11 -10175
- package/dist/mcpClient.d.ts +14 -23
- package/dist/mcpClient.js +115 -856
- package/dist/modelRuntimeClient.d.ts +18 -26
- package/dist/modelRuntimeClient.js +74 -894
- package/dist/nodes/index.d.ts +7 -58
- package/dist/nodes/index.js +14 -10177
- package/dist/ontologies/index.d.ts +21 -73
- package/dist/ontologies/index.js +14 -10178
- package/dist/ontologyClient.d.ts +23 -31
- package/dist/ontologyClient.js +138 -924
- package/dist/ontologyLinksClient.d.ts +16 -24
- package/dist/ontologyLinksClient.js +76 -886
- package/dist/opinion.d.ts +5 -6
- package/dist/opinion.js +21 -25
- package/dist/orgGraphSearchClient.d.ts +19 -27
- package/dist/orgGraphSearchClient.js +89 -857
- package/dist/packRuntime.d.ts +2 -2
- package/dist/packRuntime.js +1 -2
- package/dist/packsClient.d.ts +30 -37
- package/dist/packsClient.js +131 -906
- package/dist/policyClient.d.ts +21 -29
- package/dist/policyClient.js +267 -1026
- package/dist/proof-attestation.json +1 -1
- package/dist/questions/index.d.ts +9 -60
- package/dist/questions/index.js +15 -10178
- package/dist/realtime/index.d.ts +20 -16
- package/dist/realtime/index.js +30 -19
- package/dist/realtime/refs.d.ts +4 -6
- package/dist/realtime/refs.js +12 -7
- package/dist/realtime-refs.d.ts +1 -0
- package/dist/realtime-refs.js +1 -0
- package/dist/realtime.d.ts +1 -0
- package/dist/realtime.js +1 -0
- package/dist/reportsClient.d.ts +10 -19
- package/dist/reportsClient.js +48 -836
- package/dist/schemaClient.d.ts +16 -23
- package/dist/schemaClient.js +62 -832
- package/dist/sdkSurface.d.ts +18 -25
- package/dist/sdkSurface.js +135 -106
- package/dist/secrets.d.ts +2 -1
- package/dist/secrets.js +1 -2
- package/dist/sourcesClient.d.ts +11 -18
- package/dist/sourcesClient.js +18 -741
- package/dist/telemetryClient.d.ts +22 -30
- package/dist/telemetryClient.js +107 -931
- package/dist/toolRegistryClient.d.ts +27 -35
- package/dist/toolRegistryClient.js +116 -954
- package/dist/topics/index.d.ts +13 -64
- package/dist/topics/index.js +15 -10178
- package/dist/topicsClient.d.ts +19 -27
- package/dist/topicsClient.js +106 -894
- package/dist/types.d.ts +84 -87
- package/dist/types.js +1 -2
- package/dist/version.d.ts +2 -3
- package/dist/version.js +2 -5
- package/dist/workflowClient.d.ts +60 -65
- package/dist/workflowClient.js +343 -1219
- package/dist/worktrees/index.d.ts +16 -68
- package/dist/worktrees/index.js +14 -10178
- package/package.json +6 -6
- package/dist/accessControl.js.map +0 -1
- package/dist/adminClient.js.map +0 -1
- package/dist/answersClient.js.map +0 -1
- package/dist/audience/index.js.map +0 -1
- package/dist/audiencesClient.js.map +0 -1
- package/dist/auditClient.js.map +0 -1
- package/dist/authContext.js.map +0 -1
- package/dist/authDeviceClient.js.map +0 -1
- package/dist/beliefs/index.js.map +0 -1
- package/dist/beliefs/lifecycle.js.map +0 -1
- package/dist/beliefsClient.js.map +0 -1
- package/dist/boundaryClientSurface.js.map +0 -1
- package/dist/client.js.map +0 -1
- package/dist/clientAssemblyTypes.js.map +0 -1
- package/dist/clientConfig.js.map +0 -1
- package/dist/clientEvidenceCompat.js.map +0 -1
- package/dist/clientGraphNamespaces.js.map +0 -1
- package/dist/clientHelpers.js.map +0 -1
- package/dist/clientKnowledgeNamespaces.js.map +0 -1
- package/dist/clientLocalHelpers.js.map +0 -1
- package/dist/clientPlatformNamespaces.js.map +0 -1
- package/dist/clientRuntime.js.map +0 -1
- package/dist/clientWorkflowNamespaces.js.map +0 -1
- package/dist/contextClient.js.map +0 -1
- package/dist/contextFacade.js.map +0 -1
- package/dist/contextPackCompiler.js.map +0 -1
- package/dist/contextPackPolicy.js.map +0 -1
- package/dist/contextPackSchema.js.map +0 -1
- package/dist/contextTypes.js.map +0 -1
- package/dist/contracts/api-enums.contract.js.map +0 -1
- package/dist/contracts/auth-session.contract.js.map +0 -1
- package/dist/contracts/context-pack.contract.js.map +0 -1
- package/dist/contracts/contextPack.js.map +0 -1
- package/dist/contracts/index.js.map +0 -1
- package/dist/contracts/lens-filter.contract.js.map +0 -1
- package/dist/contracts/lens-workflow.contract.js.map +0 -1
- package/dist/contracts/lensFilter.js.map +0 -1
- package/dist/contracts/lensWorkflow.js.map +0 -1
- package/dist/contracts/mcpTools.js.map +0 -1
- package/dist/contracts/prompt.contract.js.map +0 -1
- package/dist/contracts/prompt.js.map +0 -1
- package/dist/contracts/sdk-tools.contract.js.map +0 -1
- package/dist/contracts/sdkTools.js.map +0 -1
- package/dist/contracts/tool-contracts.js.map +0 -1
- package/dist/contracts/workflow-runtime.contract.js.map +0 -1
- package/dist/contracts/workflowRuntime.js.map +0 -1
- package/dist/contradictions/index.js.map +0 -1
- package/dist/control-plane.js.map +0 -1
- package/dist/controlObjectOwnership.js.map +0 -1
- package/dist/coreClient.js.map +0 -1
- package/dist/customTools.js.map +0 -1
- package/dist/decisions/index.js.map +0 -1
- package/dist/decisionsClient.js.map +0 -1
- package/dist/domainContext.js.map +0 -1
- package/dist/edges/index.js.map +0 -1
- package/dist/embeddingsClient.js.map +0 -1
- package/dist/eventingClient.js.map +0 -1
- package/dist/events.js.map +0 -1
- package/dist/eventsCore.js.map +0 -1
- package/dist/evidence/index.js.map +0 -1
- package/dist/evidenceClient.js.map +0 -1
- package/dist/facade/context.js.map +0 -1
- package/dist/functionSurface.js.map +0 -1
- package/dist/functionSurfaceClient.js.map +0 -1
- package/dist/gatewayFacades.factories.js.map +0 -1
- package/dist/gatewayFacades.js.map +0 -1
- package/dist/graphAnalysisClient.js.map +0 -1
- package/dist/graphClient.js.map +0 -1
- package/dist/graphIntel.js.map +0 -1
- package/dist/graphIntelligence.js.map +0 -1
- package/dist/graphRecommendationsClient.js.map +0 -1
- package/dist/graphStateClassifierClient.js.map +0 -1
- package/dist/harnessClient.js.map +0 -1
- package/dist/identityClient.js.map +0 -1
- package/dist/index.js.map +0 -1
- package/dist/infisicalRuntime.js.map +0 -1
- package/dist/jobsClient.js.map +0 -1
- package/dist/learningClient.js.map +0 -1
- package/dist/lenses/index.js.map +0 -1
- package/dist/mcpClient.js.map +0 -1
- package/dist/modelRuntimeClient.js.map +0 -1
- package/dist/nodes/index.js.map +0 -1
- package/dist/ontologies/index.js.map +0 -1
- package/dist/ontologyClient.js.map +0 -1
- package/dist/ontologyLinksClient.js.map +0 -1
- package/dist/opinion.js.map +0 -1
- package/dist/orgGraphSearchClient.js.map +0 -1
- package/dist/packRuntime.js.map +0 -1
- package/dist/packsClient.js.map +0 -1
- package/dist/policyClient.js.map +0 -1
- package/dist/questions/index.js.map +0 -1
- package/dist/realtime/index.js.map +0 -1
- package/dist/realtime/refs.js.map +0 -1
- package/dist/reportsClient.js.map +0 -1
- package/dist/schemaClient.js.map +0 -1
- package/dist/sdk-tools.contract-B4c1Zr1o.d.ts +0 -22
- package/dist/sdkSurface.js.map +0 -1
- package/dist/secrets.js.map +0 -1
- package/dist/sourcesClient.js.map +0 -1
- package/dist/telemetryClient.js.map +0 -1
- package/dist/tool-contracts-BUiL9P6z.d.ts +0 -22
- package/dist/toolRegistryClient.js.map +0 -1
- package/dist/topics/index.js.map +0 -1
- package/dist/topicsClient.js.map +0 -1
- package/dist/types.js.map +0 -1
- package/dist/version.js.map +0 -1
- package/dist/workflowClient.js.map +0 -1
- package/dist/worktrees/index.js.map +0 -1
package/dist/infisicalRuntime.js
CHANGED
|
@@ -1,346 +1,339 @@
|
|
|
1
|
-
import {
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
this.status = args.status;
|
|
12
|
-
}
|
|
13
|
-
};
|
|
14
|
-
function readInfisicalRuntimeBootstrap(env = {}, overrides = {}) {
|
|
15
|
-
if (isInfisicalRuntimeDisabled(env)) {
|
|
16
|
-
return null;
|
|
17
|
-
}
|
|
18
|
-
const bootstrapEnv = INFISICAL_RUNTIME_MANIFEST.bootstrapEnv;
|
|
19
|
-
const clientId = overrides.clientId ?? readFirst(env, bootstrapEnv.clientId);
|
|
20
|
-
const clientSecret = overrides.clientSecret ?? readFirst(env, bootstrapEnv.clientSecret);
|
|
21
|
-
const hasAuthSignal = Boolean(clientId || clientSecret);
|
|
22
|
-
if (!hasAuthSignal) {
|
|
23
|
-
return null;
|
|
24
|
-
}
|
|
25
|
-
if (!clientId || !clientSecret) {
|
|
26
|
-
throw new InfisicalRuntimeError({
|
|
27
|
-
code: "INFISICAL_BOOTSTRAP_INCOMPLETE",
|
|
28
|
-
message: "Infisical runtime bootstrap requires both INFISICAL_CLIENT_ID and INFISICAL_CLIENT_SECRET."
|
|
29
|
-
});
|
|
30
|
-
}
|
|
31
|
-
return {
|
|
32
|
-
apiUrl: overrides.apiUrl ?? readFirst(env, bootstrapEnv.apiUrl) ?? INFISICAL_RUNTIME_DEFAULT_API_URL,
|
|
33
|
-
projectId: overrides.projectId ?? readFirst(env, bootstrapEnv.projectId) ?? INFISICAL_RUNTIME_DEFAULT_PROJECT_ID,
|
|
34
|
-
clientId,
|
|
35
|
-
clientSecret,
|
|
36
|
-
environment: normalizeInfisicalEnvironment(
|
|
37
|
-
overrides.environment ?? readFirst(env, bootstrapEnv.environment)
|
|
38
|
-
),
|
|
39
|
-
organizationSlug: overrides.organizationSlug ?? readFirst(env, bootstrapEnv.organizationSlug)
|
|
40
|
-
};
|
|
41
|
-
}
|
|
42
|
-
function isInfisicalRuntimeDisabled(env = {}) {
|
|
43
|
-
return INFISICAL_RUNTIME_MANIFEST.bootstrapEnv.disabled.some(
|
|
44
|
-
(name) => isTruthyEnv(env[name])
|
|
45
|
-
);
|
|
1
|
+
import { INFISICAL_RUNTIME_DEFAULT_API_URL, INFISICAL_RUNTIME_DEFAULT_PROJECT_ID, INFISICAL_RUNTIME_MANIFEST, findInfisicalRuntimePath, findInfisicalRuntimeSurface, GENERATED_INFISICAL_RUNTIME_ENV, } from "@lucern/contracts";
|
|
2
|
+
export class InfisicalRuntimeError extends Error {
|
|
3
|
+
code;
|
|
4
|
+
status;
|
|
5
|
+
constructor(args) {
|
|
6
|
+
super(args.message);
|
|
7
|
+
this.name = "InfisicalRuntimeError";
|
|
8
|
+
this.code = args.code;
|
|
9
|
+
this.status = args.status;
|
|
10
|
+
}
|
|
46
11
|
}
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
12
|
+
export function readInfisicalRuntimeBootstrap(env = {}, overrides = {}) {
|
|
13
|
+
if (isInfisicalRuntimeDisabled(env)) {
|
|
14
|
+
return null;
|
|
15
|
+
}
|
|
16
|
+
const bootstrapEnv = INFISICAL_RUNTIME_MANIFEST.bootstrapEnv;
|
|
17
|
+
const clientId = overrides.clientId ?? readFirst(env, bootstrapEnv.clientId);
|
|
18
|
+
const clientSecret = overrides.clientSecret ?? readFirst(env, bootstrapEnv.clientSecret);
|
|
19
|
+
const hasAuthSignal = Boolean(clientId || clientSecret);
|
|
20
|
+
if (!hasAuthSignal) {
|
|
21
|
+
return null;
|
|
22
|
+
}
|
|
23
|
+
if (!clientId || !clientSecret) {
|
|
24
|
+
throw new InfisicalRuntimeError({
|
|
25
|
+
code: "INFISICAL_BOOTSTRAP_INCOMPLETE",
|
|
26
|
+
message: "Infisical runtime bootstrap requires both INFISICAL_CLIENT_ID and INFISICAL_CLIENT_SECRET.",
|
|
27
|
+
});
|
|
28
|
+
}
|
|
62
29
|
return {
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
30
|
+
apiUrl: overrides.apiUrl ??
|
|
31
|
+
readFirst(env, bootstrapEnv.apiUrl) ??
|
|
32
|
+
INFISICAL_RUNTIME_DEFAULT_API_URL,
|
|
33
|
+
projectId: overrides.projectId ??
|
|
34
|
+
readFirst(env, bootstrapEnv.projectId) ??
|
|
35
|
+
INFISICAL_RUNTIME_DEFAULT_PROJECT_ID,
|
|
36
|
+
clientId,
|
|
37
|
+
clientSecret,
|
|
38
|
+
environment: normalizeInfisicalEnvironment(overrides.environment ?? readFirst(env, bootstrapEnv.environment)),
|
|
39
|
+
organizationSlug: overrides.organizationSlug ??
|
|
40
|
+
readFirst(env, bootstrapEnv.organizationSlug),
|
|
67
41
|
};
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
}
|
|
90
|
-
const token = await loginWithUniversalAuth(bootstrap, fetchImpl);
|
|
91
|
-
const values = {};
|
|
92
|
-
const missingRequired = [];
|
|
93
|
-
const sourcePaths = /* @__PURE__ */ new Set();
|
|
94
|
-
const variables = options.includeGeneratedSurfaceVariables ? generatedSurfaceVariables(options.surfaceId) : contractSurfaceVariables(surface.sourcePathIds);
|
|
95
|
-
for (const runtimeVariable of variables) {
|
|
96
|
-
sourcePaths.add(runtimeVariable.secretPath);
|
|
97
|
-
const secretValue = await readVariableSecret({
|
|
98
|
-
bootstrap,
|
|
99
|
-
fetchImpl,
|
|
100
|
-
token,
|
|
101
|
-
secretPath: runtimeVariable.secretPath,
|
|
102
|
-
variable: runtimeVariable
|
|
103
|
-
});
|
|
104
|
-
if (!secretValue) {
|
|
105
|
-
if (runtimeVariable.required) {
|
|
106
|
-
missingRequired.push(runtimeVariable.name);
|
|
107
|
-
}
|
|
108
|
-
continue;
|
|
42
|
+
}
|
|
43
|
+
export function isInfisicalRuntimeDisabled(env = {}) {
|
|
44
|
+
return INFISICAL_RUNTIME_MANIFEST.bootstrapEnv.disabled.some((name) => isTruthyEnv(env[name]));
|
|
45
|
+
}
|
|
46
|
+
export async function hydrateInfisicalRuntimeEnv(options) {
|
|
47
|
+
const env = options.env ?? {};
|
|
48
|
+
const baseBootstrap = readInfisicalRuntimeBootstrap(env, options.bootstrap);
|
|
49
|
+
const bootstrap = baseBootstrap
|
|
50
|
+
? {
|
|
51
|
+
...baseBootstrap,
|
|
52
|
+
...Object.fromEntries(Object.entries(options.bootstrap ?? {}).filter(([, value]) => value !== undefined)),
|
|
53
|
+
apiUrl: trimTrailingSlash(options.bootstrap?.apiUrl ?? baseBootstrap.apiUrl),
|
|
54
|
+
}
|
|
55
|
+
: null;
|
|
56
|
+
if (!bootstrap) {
|
|
57
|
+
return {
|
|
58
|
+
status: "disabled",
|
|
59
|
+
surfaceId: options.surfaceId,
|
|
60
|
+
values: {},
|
|
61
|
+
sourcePaths: [],
|
|
62
|
+
};
|
|
109
63
|
}
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
64
|
+
const surface = findInfisicalRuntimeSurface(options.surfaceId);
|
|
65
|
+
if (!surface) {
|
|
66
|
+
throw new InfisicalRuntimeError({
|
|
67
|
+
code: "INFISICAL_UNKNOWN_SURFACE",
|
|
68
|
+
message: `Unknown Lucern Infisical runtime surface: ${options.surfaceId}.`,
|
|
69
|
+
});
|
|
113
70
|
}
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
|
|
71
|
+
const fallbackDelivery = surface.fallback;
|
|
72
|
+
if (surface.delivery !== "runtime_fetch" &&
|
|
73
|
+
fallbackDelivery !== "runtime_fetch") {
|
|
74
|
+
throw new InfisicalRuntimeError({
|
|
75
|
+
code: "INFISICAL_UNSUPPORTED_SURFACE_DELIVERY",
|
|
76
|
+
message: `${surface.id} uses ${surface.delivery}; runtime fetch is only valid for runtime_fetch surfaces or surfaces with a runtime_fetch fallback.`,
|
|
77
|
+
});
|
|
78
|
+
}
|
|
79
|
+
const fetchImpl = options.fetchImpl ?? globalThis.fetch;
|
|
80
|
+
if (typeof fetchImpl !== "function") {
|
|
81
|
+
throw new InfisicalRuntimeError({
|
|
82
|
+
code: "INFISICAL_FETCH_UNAVAILABLE",
|
|
83
|
+
message: "No fetch implementation is available for Infisical runtime hydration.",
|
|
84
|
+
});
|
|
85
|
+
}
|
|
86
|
+
const token = await loginWithUniversalAuth(bootstrap, fetchImpl);
|
|
87
|
+
const values = {};
|
|
88
|
+
const missingRequired = [];
|
|
89
|
+
const sourcePaths = new Set();
|
|
90
|
+
const variables = options.includeGeneratedSurfaceVariables
|
|
91
|
+
? generatedSurfaceVariables(options.surfaceId)
|
|
92
|
+
: contractSurfaceVariables(surface.sourcePathIds);
|
|
93
|
+
for (const runtimeVariable of variables) {
|
|
94
|
+
sourcePaths.add(runtimeVariable.secretPath);
|
|
95
|
+
const secretValue = await readVariableSecret({
|
|
96
|
+
bootstrap,
|
|
97
|
+
fetchImpl,
|
|
98
|
+
token,
|
|
99
|
+
secretPath: runtimeVariable.secretPath,
|
|
100
|
+
variable: runtimeVariable,
|
|
101
|
+
});
|
|
102
|
+
if (!secretValue) {
|
|
103
|
+
if (runtimeVariable.required) {
|
|
104
|
+
missingRequired.push(runtimeVariable.name);
|
|
105
|
+
}
|
|
106
|
+
continue;
|
|
107
|
+
}
|
|
108
|
+
values[runtimeVariable.name] = secretValue.value;
|
|
109
|
+
for (const alias of runtimeVariable.aliases ?? []) {
|
|
110
|
+
values[alias] = secretValue.value;
|
|
111
|
+
}
|
|
112
|
+
}
|
|
113
|
+
if (missingRequired.length > 0) {
|
|
114
|
+
throw new InfisicalRuntimeError({
|
|
115
|
+
code: "INFISICAL_REQUIRED_SECRETS_MISSING",
|
|
116
|
+
message: `Missing required Infisical runtime secrets: ${missingRequired.join(", ")}.`,
|
|
117
|
+
});
|
|
118
|
+
}
|
|
119
|
+
return {
|
|
120
|
+
status: "hydrated",
|
|
121
|
+
surfaceId: options.surfaceId,
|
|
122
|
+
environment: bootstrap.environment,
|
|
123
|
+
values,
|
|
124
|
+
sourcePaths: [...sourcePaths],
|
|
125
|
+
};
|
|
128
126
|
}
|
|
129
|
-
function applyInfisicalRuntimeEnv(result, targetEnv, options = {}) {
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
127
|
+
export function applyInfisicalRuntimeEnv(result, targetEnv, options = {}) {
|
|
128
|
+
for (const [key, value] of Object.entries(result.values)) {
|
|
129
|
+
if (options.overrideExisting || !targetEnv[key]) {
|
|
130
|
+
targetEnv[key] = value;
|
|
131
|
+
}
|
|
133
132
|
}
|
|
134
|
-
}
|
|
135
133
|
}
|
|
136
134
|
function normalizeInfisicalEnvironment(value) {
|
|
137
|
-
|
|
138
|
-
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
|
|
135
|
+
if (value === "dev" || value === "staging" || value === "prod") {
|
|
136
|
+
return value;
|
|
137
|
+
}
|
|
138
|
+
if (value === "development") {
|
|
139
|
+
return "dev";
|
|
140
|
+
}
|
|
141
|
+
if (value === "production") {
|
|
142
|
+
return "prod";
|
|
143
|
+
}
|
|
144
144
|
return "prod";
|
|
145
|
-
}
|
|
146
|
-
return "prod";
|
|
147
145
|
}
|
|
148
146
|
async function loginWithUniversalAuth(bootstrap, fetchImpl) {
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
|
|
156
|
-
|
|
157
|
-
|
|
158
|
-
|
|
159
|
-
|
|
160
|
-
|
|
161
|
-
}
|
|
162
|
-
);
|
|
163
|
-
const body = await readJson(response);
|
|
164
|
-
if (!response.ok) {
|
|
165
|
-
throw new InfisicalRuntimeError({
|
|
166
|
-
code: "INFISICAL_UNIVERSAL_AUTH_FAILED",
|
|
167
|
-
status: response.status,
|
|
168
|
-
message: `Infisical Universal Auth failed with HTTP ${response.status}: ${messageFromBody(body)}`
|
|
147
|
+
const response = await fetchImpl(`${trimTrailingSlash(bootstrap.apiUrl)}/api/v1/auth/universal-auth/login`, {
|
|
148
|
+
method: "POST",
|
|
149
|
+
headers: {
|
|
150
|
+
"Content-Type": "application/json",
|
|
151
|
+
},
|
|
152
|
+
body: JSON.stringify({
|
|
153
|
+
clientId: bootstrap.clientId,
|
|
154
|
+
clientSecret: bootstrap.clientSecret,
|
|
155
|
+
...(bootstrap.organizationSlug
|
|
156
|
+
? { organizationSlug: bootstrap.organizationSlug }
|
|
157
|
+
: {}),
|
|
158
|
+
}),
|
|
169
159
|
});
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
|
|
173
|
-
|
|
174
|
-
|
|
175
|
-
|
|
176
|
-
|
|
177
|
-
|
|
178
|
-
|
|
160
|
+
const body = await readJson(response);
|
|
161
|
+
if (!response.ok) {
|
|
162
|
+
throw new InfisicalRuntimeError({
|
|
163
|
+
code: "INFISICAL_UNIVERSAL_AUTH_FAILED",
|
|
164
|
+
status: response.status,
|
|
165
|
+
message: `Infisical Universal Auth failed with HTTP ${response.status}: ${messageFromBody(body)}`,
|
|
166
|
+
});
|
|
167
|
+
}
|
|
168
|
+
const accessToken = readNestedString(body, ["accessToken"]);
|
|
169
|
+
if (!accessToken) {
|
|
170
|
+
throw new InfisicalRuntimeError({
|
|
171
|
+
code: "INFISICAL_UNIVERSAL_AUTH_INVALID_RESPONSE",
|
|
172
|
+
message: "Infisical Universal Auth response did not include accessToken.",
|
|
173
|
+
});
|
|
174
|
+
}
|
|
175
|
+
return accessToken;
|
|
179
176
|
}
|
|
180
177
|
async function readVariableSecret(args) {
|
|
181
|
-
|
|
182
|
-
|
|
183
|
-
|
|
184
|
-
|
|
185
|
-
|
|
186
|
-
|
|
187
|
-
|
|
188
|
-
|
|
189
|
-
|
|
190
|
-
|
|
191
|
-
|
|
192
|
-
|
|
178
|
+
const names = [args.variable.name, ...(args.variable.aliases ?? [])];
|
|
179
|
+
for (const name of names) {
|
|
180
|
+
const value = await readSecretValue({
|
|
181
|
+
bootstrap: args.bootstrap,
|
|
182
|
+
fetchImpl: args.fetchImpl,
|
|
183
|
+
token: args.token,
|
|
184
|
+
secretPath: args.secretPath,
|
|
185
|
+
name,
|
|
186
|
+
optional: true,
|
|
187
|
+
});
|
|
188
|
+
if (value) {
|
|
189
|
+
return { name, value };
|
|
190
|
+
}
|
|
193
191
|
}
|
|
194
|
-
|
|
195
|
-
return null;
|
|
192
|
+
return null;
|
|
196
193
|
}
|
|
197
194
|
function contractSurfaceVariables(sourcePathIds) {
|
|
198
|
-
|
|
199
|
-
|
|
200
|
-
|
|
201
|
-
|
|
202
|
-
|
|
203
|
-
|
|
204
|
-
|
|
205
|
-
|
|
206
|
-
|
|
207
|
-
|
|
208
|
-
|
|
209
|
-
|
|
210
|
-
|
|
195
|
+
return sourcePathIds.flatMap((pathId) => {
|
|
196
|
+
const path = findInfisicalRuntimePath(pathId);
|
|
197
|
+
if (!path) {
|
|
198
|
+
throw new InfisicalRuntimeError({
|
|
199
|
+
code: "INFISICAL_UNKNOWN_PATH",
|
|
200
|
+
message: `Unknown Lucern Infisical runtime path: ${pathId}.`,
|
|
201
|
+
});
|
|
202
|
+
}
|
|
203
|
+
return path.variables.map((variable) => ({
|
|
204
|
+
...variable,
|
|
205
|
+
secretPath: path.secretPath,
|
|
206
|
+
}));
|
|
207
|
+
});
|
|
211
208
|
}
|
|
212
209
|
function generatedSurfaceVariables(surfaceId) {
|
|
213
|
-
|
|
214
|
-
|
|
215
|
-
|
|
216
|
-
|
|
217
|
-
|
|
218
|
-
|
|
219
|
-
|
|
220
|
-
|
|
210
|
+
const surface = GENERATED_INFISICAL_RUNTIME_ENV.surfaces[surfaceId];
|
|
211
|
+
if (!surface) {
|
|
212
|
+
throw new InfisicalRuntimeError({
|
|
213
|
+
code: "INFISICAL_UNKNOWN_SURFACE",
|
|
214
|
+
message: `Unknown generated Lucern Infisical runtime surface: ${surfaceId}.`,
|
|
215
|
+
});
|
|
216
|
+
}
|
|
217
|
+
return surface.variables.map(generatedVariableToRuntimeVariable);
|
|
221
218
|
}
|
|
222
219
|
function generatedVariableToRuntimeVariable(variable) {
|
|
223
|
-
|
|
224
|
-
|
|
225
|
-
|
|
226
|
-
|
|
227
|
-
|
|
228
|
-
|
|
229
|
-
|
|
230
|
-
|
|
231
|
-
|
|
232
|
-
|
|
233
|
-
|
|
234
|
-
|
|
235
|
-
|
|
220
|
+
const aliases = new Set([
|
|
221
|
+
...variable.envNames.filter((name) => name !== variable.canonicalName),
|
|
222
|
+
...variable.aliases,
|
|
223
|
+
]);
|
|
224
|
+
return {
|
|
225
|
+
name: variable.canonicalName,
|
|
226
|
+
required: variable.required,
|
|
227
|
+
secret: variable.secret,
|
|
228
|
+
public: variable.public,
|
|
229
|
+
aliases: [...aliases],
|
|
230
|
+
description: variable.description,
|
|
231
|
+
secretPath: variable.sourcePath,
|
|
232
|
+
};
|
|
236
233
|
}
|
|
237
234
|
async function readSecretValue(args) {
|
|
238
|
-
|
|
239
|
-
|
|
240
|
-
|
|
241
|
-
|
|
242
|
-
|
|
243
|
-
|
|
244
|
-
|
|
245
|
-
|
|
246
|
-
|
|
247
|
-
|
|
248
|
-
|
|
249
|
-
|
|
250
|
-
|
|
251
|
-
|
|
252
|
-
Authorization: `Bearer ${args.token}`
|
|
253
|
-
}
|
|
254
|
-
}
|
|
255
|
-
);
|
|
256
|
-
const body = await readJson(response);
|
|
257
|
-
if (response.status === 404 && args.optional) {
|
|
258
|
-
return null;
|
|
259
|
-
}
|
|
260
|
-
if (!response.ok) {
|
|
261
|
-
throw new InfisicalRuntimeError({
|
|
262
|
-
code: "INFISICAL_SECRET_READ_FAILED",
|
|
263
|
-
status: response.status,
|
|
264
|
-
message: `Infisical secret ${args.name} read failed with HTTP ${response.status}: ${messageFromBody(body)}`
|
|
235
|
+
const params = new URLSearchParams({
|
|
236
|
+
projectId: args.bootstrap.projectId,
|
|
237
|
+
environment: args.bootstrap.environment,
|
|
238
|
+
secretPath: args.secretPath,
|
|
239
|
+
type: "shared",
|
|
240
|
+
viewSecretValue: "true",
|
|
241
|
+
expandSecretReferences: "true",
|
|
242
|
+
includeImports: "true",
|
|
243
|
+
});
|
|
244
|
+
const response = await args.fetchImpl(`${trimTrailingSlash(args.bootstrap.apiUrl)}/api/v4/secrets/${encodeURIComponent(args.name)}?${params.toString()}`, {
|
|
245
|
+
method: "GET",
|
|
246
|
+
headers: {
|
|
247
|
+
Authorization: `Bearer ${args.token}`,
|
|
248
|
+
},
|
|
265
249
|
});
|
|
266
|
-
|
|
267
|
-
|
|
250
|
+
const body = await readJson(response);
|
|
251
|
+
if (response.status === 404 && args.optional) {
|
|
252
|
+
return null;
|
|
253
|
+
}
|
|
254
|
+
if (!response.ok) {
|
|
255
|
+
throw new InfisicalRuntimeError({
|
|
256
|
+
code: "INFISICAL_SECRET_READ_FAILED",
|
|
257
|
+
status: response.status,
|
|
258
|
+
message: `Infisical secret ${args.name} read failed with HTTP ${response.status}: ${messageFromBody(body)}`,
|
|
259
|
+
});
|
|
260
|
+
}
|
|
261
|
+
return readNestedString(body, ["secret", "secretValue"]);
|
|
268
262
|
}
|
|
269
263
|
async function readJson(response) {
|
|
270
|
-
|
|
271
|
-
|
|
272
|
-
|
|
273
|
-
|
|
274
|
-
|
|
275
|
-
|
|
264
|
+
try {
|
|
265
|
+
return await response.json();
|
|
266
|
+
}
|
|
267
|
+
catch (error) {
|
|
268
|
+
debugInfisicalRuntimeFallback("response.json", error);
|
|
269
|
+
return undefined;
|
|
270
|
+
}
|
|
276
271
|
}
|
|
277
272
|
function isRecord(value) {
|
|
278
|
-
|
|
273
|
+
return value !== null && typeof value === "object" && !Array.isArray(value);
|
|
279
274
|
}
|
|
280
275
|
function readNestedString(value, path) {
|
|
281
|
-
|
|
282
|
-
|
|
283
|
-
|
|
284
|
-
|
|
276
|
+
let current = value;
|
|
277
|
+
for (const key of path) {
|
|
278
|
+
if (!isRecord(current) || !(key in current)) {
|
|
279
|
+
return null;
|
|
280
|
+
}
|
|
281
|
+
current = current[key];
|
|
285
282
|
}
|
|
286
|
-
current
|
|
287
|
-
}
|
|
288
|
-
return typeof current === "string" && current.length > 0 ? current : null;
|
|
283
|
+
return typeof current === "string" && current.length > 0 ? current : null;
|
|
289
284
|
}
|
|
290
285
|
function messageFromBody(body) {
|
|
291
|
-
|
|
292
|
-
|
|
293
|
-
}
|
|
294
|
-
for (const key of ["message", "error", "errorMessage"]) {
|
|
295
|
-
if (typeof body[key] === "string") {
|
|
296
|
-
return body[key];
|
|
286
|
+
if (!isRecord(body)) {
|
|
287
|
+
return "no response body";
|
|
297
288
|
}
|
|
298
|
-
|
|
299
|
-
|
|
289
|
+
for (const key of ["message", "error", "errorMessage"]) {
|
|
290
|
+
if (typeof body[key] === "string") {
|
|
291
|
+
return body[key];
|
|
292
|
+
}
|
|
293
|
+
}
|
|
294
|
+
return JSON.stringify(body);
|
|
300
295
|
}
|
|
301
296
|
function readFirst(env, names) {
|
|
302
|
-
|
|
303
|
-
|
|
304
|
-
|
|
305
|
-
|
|
297
|
+
for (const name of names) {
|
|
298
|
+
const value = env[name]?.trim();
|
|
299
|
+
if (value) {
|
|
300
|
+
return value;
|
|
301
|
+
}
|
|
306
302
|
}
|
|
307
|
-
|
|
308
|
-
return void 0;
|
|
303
|
+
return undefined;
|
|
309
304
|
}
|
|
310
305
|
function isTruthyEnv(value) {
|
|
311
|
-
|
|
306
|
+
return ["1", "true", "yes", "on"].includes(value?.toLowerCase() ?? "");
|
|
312
307
|
}
|
|
313
308
|
function trimTrailingSlash(value) {
|
|
314
|
-
|
|
309
|
+
return value.replace(/\/+$/u, "");
|
|
315
310
|
}
|
|
316
311
|
function debugInfisicalRuntimeFallback(message, error) {
|
|
317
|
-
|
|
318
|
-
|
|
319
|
-
|
|
320
|
-
|
|
321
|
-
|
|
322
|
-
|
|
323
|
-
|
|
312
|
+
const env = globalThis.process?.env;
|
|
313
|
+
if (env?.LUCERN_COMPAT_FALLBACK_DEBUG !== "1" &&
|
|
314
|
+
env?.LUCERN_INFISICAL_RUNTIME_DEBUG !== "1") {
|
|
315
|
+
return;
|
|
316
|
+
}
|
|
317
|
+
console.debug(`[infisical-runtime] ${message}`, {
|
|
318
|
+
error: formatInfisicalRuntimeError(error),
|
|
319
|
+
});
|
|
324
320
|
}
|
|
325
321
|
function formatInfisicalRuntimeError(error) {
|
|
326
|
-
|
|
327
|
-
|
|
328
|
-
|
|
329
|
-
|
|
330
|
-
|
|
331
|
-
|
|
332
|
-
|
|
333
|
-
|
|
334
|
-
|
|
335
|
-
|
|
336
|
-
|
|
337
|
-
|
|
338
|
-
|
|
322
|
+
if (error instanceof Error) {
|
|
323
|
+
return `${error.name}: ${error.message}`;
|
|
324
|
+
}
|
|
325
|
+
if (typeof error === "string") {
|
|
326
|
+
return error;
|
|
327
|
+
}
|
|
328
|
+
if (typeof error === "number" || typeof error === "boolean") {
|
|
329
|
+
return String(error);
|
|
330
|
+
}
|
|
331
|
+
if (error && typeof error === "object") {
|
|
332
|
+
const keys = Object.keys(error).slice(0, 5);
|
|
333
|
+
if (keys.length > 0) {
|
|
334
|
+
return `Unknown Infisical runtime error object with keys: ${keys.join(", ")}`;
|
|
335
|
+
}
|
|
339
336
|
}
|
|
340
|
-
|
|
341
|
-
return "Unknown Infisical runtime error shape";
|
|
337
|
+
return "Unknown Infisical runtime error shape";
|
|
342
338
|
}
|
|
343
|
-
|
|
344
|
-
export { InfisicalRuntimeError, applyInfisicalRuntimeEnv, hydrateInfisicalRuntimeEnv, isInfisicalRuntimeDisabled, readInfisicalRuntimeBootstrap };
|
|
345
|
-
//# sourceMappingURL=infisicalRuntime.js.map
|
|
346
339
|
//# sourceMappingURL=infisicalRuntime.js.map
|