@marktoflow/core 2.0.0-alpha.9 → 2.0.2

package/dist/secret-providers/providers/aws.d.ts

@@ -0,0 +1,32 @@
+/**
+ * AWS Secrets Manager Provider
+ *
+ * Supports IAM authentication and explicit credentials.
+ */
+import type { SecretProvider, Secret, AWSSecretsManagerConfig } from '../types.js';
+export declare class AWSSecretsManagerProvider implements SecretProvider {
+    private config;
+    private initialized;
+    constructor(config: AWSSecretsManagerConfig);
+    initialize(): Promise<void>;
+    /**
+     * Get a secret from AWS Secrets Manager
+     */
+    getSecret(secretName: string): Promise<Secret>;
+    /**
+     * Check if a secret exists
+     */
+    exists(secretName: string): Promise<boolean>;
+    /**
+     * List secrets (returns secret ARNs)
+     */
+    listSecrets(): Promise<string[]>;
+    /**
+     * Call AWS Secrets Manager API
+     *
+     * This is a simplified implementation. In production, use @aws-sdk/client-secrets-manager
+     */
+    private callAWSAPI;
+    destroy(): Promise<void>;
+}
+//# sourceMappingURL=aws.d.ts.map

package/dist/secret-providers/providers/aws.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"aws.d.ts","sourceRoot":"","sources":["../../../src/secret-providers/providers/aws.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,EAAE,uBAAuB,EAAE,MAAM,aAAa,CAAC;AAEnF,qBAAa,yBAA0B,YAAW,cAAc;IAC9D,OAAO,CAAC,MAAM,CAAoC;IAClD,OAAO,CAAC,WAAW,CAAS;gBAEhB,MAAM,EAAE,uBAAuB;IAUrC,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAejC;;OAEG;IACG,SAAS,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAuCpD;;OAEG;IACG,MAAM,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAYlD;;OAEG;IACG,WAAW,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;IActC;;;;OAIG;YACW,UAAU;IAelB,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;CAG/B"}

package/dist/secret-providers/providers/aws.js

@@ -0,0 +1,118 @@
+/**
+ * AWS Secrets Manager Provider
+ *
+ * Supports IAM authentication and explicit credentials.
+ */
+export class AWSSecretsManagerProvider {
+    config;
+    initialized = false;
+    constructor(config) {
+        this.config = {
+            region: config.region ?? process.env.AWS_REGION ?? 'us-east-1',
+            accessKeyId: config.accessKeyId ?? process.env.AWS_ACCESS_KEY_ID ?? '',
+            secretAccessKey: config.secretAccessKey ?? process.env.AWS_SECRET_ACCESS_KEY ?? '',
+            sessionToken: config.sessionToken ?? process.env.AWS_SESSION_TOKEN ?? '',
+            useIAMRole: config.useIAMRole ?? false,
+        };
+    }
+    async initialize() {
+        if (this.initialized)
+            return;
+        // If using IAM role, credentials will be fetched automatically by AWS SDK
+        if (!this.config.useIAMRole) {
+            if (!this.config.accessKeyId || !this.config.secretAccessKey) {
+                throw new Error('AWS Secrets Manager requires accessKeyId and secretAccessKey, or useIAMRole must be true');
+            }
+        }
+        this.initialized = true;
+    }
+    /**
+     * Get a secret from AWS Secrets Manager
+     */
+    async getSecret(secretName) {
+        if (!this.initialized) {
+            await this.initialize();
+        }
+        try {
+            // Use AWS SDK v3 style API call via fetch
+            const result = await this.callAWSAPI('GetSecretValue', { SecretId: secretName });
+            const secretString = String(result.SecretString || '');
+            let value;
+            // Try to parse as JSON
+            try {
+                value = JSON.parse(secretString);
+            }
+            catch {
+                value = secretString;
+            }
+            const metadata = {};
+            if (result.VersionId) {
+                metadata.version = String(result.VersionId);
+            }
+            if (result.CreatedDate && typeof result.CreatedDate === 'string') {
+                metadata.createdAt = new Date(result.CreatedDate);
+            }
+            return {
+                value,
+                metadata,
+            };
+        }
+        catch (error) {
+            if (error instanceof Error && error.message.includes('ResourceNotFoundException')) {
+                throw new Error(`Secret not found: ${secretName}`);
+            }
+            throw error;
+        }
+    }
+    /**
+     * Check if a secret exists
+     */
+    async exists(secretName) {
+        try {
+            await this.callAWSAPI('DescribeSecret', { SecretId: secretName });
+            return true;
+        }
+        catch (error) {
+            if (error instanceof Error && error.message.includes('ResourceNotFoundException')) {
+                return false;
+            }
+            throw error;
+        }
+    }
+    /**
+     * List secrets (returns secret ARNs)
+     */
+    async listSecrets() {
+        if (!this.initialized) {
+            await this.initialize();
+        }
+        try {
+            const result = await this.callAWSAPI('ListSecrets', {});
+            const secretList = result.SecretList;
+            return secretList?.map((s) => s.Name) || [];
+        }
+        catch (error) {
+            throw new Error(`Failed to list secrets: ${error instanceof Error ? error.message : 'Unknown error'}`);
+        }
+    }
+    /**
+     * Call AWS Secrets Manager API
+     *
+     * This is a simplified implementation. In production, use @aws-sdk/client-secrets-manager
+     */
+    async callAWSAPI(_action, _params) {
+        // This is a placeholder - real implementation would use AWS SDK
+        // For now, throw an error indicating AWS SDK is needed
+        throw new Error(`AWS Secrets Manager integration requires @aws-sdk/client-secrets-manager package. ` +
+            `Install it with: npm install @aws-sdk/client-secrets-manager`);
+        // Production implementation would use:
+        // import { SecretsManagerClient, GetSecretValueCommand } from '@aws-sdk/client-secrets-manager';
+        // const client = new SecretsManagerClient({ region: this.config.region, credentials: this.credentials });
+        // const command = new GetSecretValueCommand({ SecretId: secretName });
+        // const response = await client.send(command);
+    }
+    async destroy() {
+        this.initialized = false;
+    }
+}
+//# sourceMappingURL=aws.js.map

package/dist/secret-providers/providers/aws.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"aws.js","sourceRoot":"","sources":["../../../src/secret-providers/providers/aws.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,MAAM,OAAO,yBAAyB;IAC5B,MAAM,CAAoC;IAC1C,WAAW,GAAG,KAAK,CAAC;IAE5B,YAAY,MAA+B;QACzC,IAAI,CAAC,MAAM,GAAG;YACZ,MAAM,EAAE,MAAM,CAAC,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,WAAW;YAC9D,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,EAAE;YACtE,eAAe,EAAE,MAAM,CAAC,eAAe,IAAI,OAAO,CAAC,GAAG,CAAC,qBAAqB,IAAI,EAAE;YAClF,YAAY,EAAE,MAAM,CAAC,YAAY,IAAI,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,EAAE;YACxE,UAAU,EAAE,MAAM,CAAC,UAAU,IAAI,KAAK;SACvC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,UAAU;QACd,IAAI,IAAI,CAAC,WAAW;YAAE,OAAO;QAE7B,0EAA0E;QAC1E,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;YAC5B,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,eAAe,EAAE,CAAC;gBAC7D,MAAM,IAAI,KAAK,CACb,0FAA0F,CAC3F,CAAC;YACJ,CAAC;QACH,CAAC;QAED,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;IAC1B,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,SAAS,CAAC,UAAkB;QAChC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;QAC1B,CAAC;QAED,IAAI,CAAC;YACH,0CAA0C;YAC1C,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,gBAAgB,EAAE,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC,CAAC;YAEjF,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC,YAAY,IAAI,EAAE,CAAC,CAAC;YACvD,IAAI,KAAuC,CAAC;YAE5C,uBAAuB;YACvB,IAAI,CAAC;gBACH,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;YACnC,CAAC;YAAC,MAAM,CAAC;gBACP,KAAK,GAAG,YAAY,CAAC;YACvB,CAAC;YAED,MAAM,QAAQ,GAA2C,EAAE,CAAC;YAC5D,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;gBACrB,QAAQ,CAAC,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YAC9C,CAAC;YACD,IAAI,MAAM,CAAC,WAAW,IAAI,OAAO,MAAM,CAAC,WAAW,KAAK,QAAQ,EAAE,CAAC;gBACjE,QAAQ,CAAC,SAAS,GAAG,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;YACpD,CAAC;YAED,OAAO;gBACL,KAAK;gBACL,QAAQ;aACT,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,KAAK,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,2BAA2B,CAAC,EAAE,CAAC;gBAClF,MAAM,IAAI,KAAK,CAAC,qBAAqB,UAAU,EAAE,CAAC,CAAC;YACrD,CAAC;YACD,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,MAAM,CAAC,UAAkB;QAC7B,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,UAAU,CAAC,gBAAgB,EAAE,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC,CAAC;YAClE,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,KAAK,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,2BAA2B,CAAC,EAAE,CAAC;gBAClF,OAAO,KAAK,CAAC;YACf,CAAC;YACD,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW;QACf,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;QAC1B,CAAC;QAED,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;YACxD,MAAM,UAAU,GAAG,MAAM,CAAC,UAAiD,CAAC;YAC5E,OAAO,UAAU,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAC9C,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CAAC,2BAA2B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CAAC,CAAC;QACzG,CAAC;IACH,CAAC;IAED;;;;OAIG;IACK,KAAK,CAAC,UAAU,CAAC,OAAe,EAAE,OAAgC;QACxE,gEAAgE;QAChE,uDAAuD;QACvD,MAAM,IAAI,KAAK,CACb,oFAAoF;YAClF,8DAA8D,CACjE,CAAC;QAEF,uCAAuC;QACvC,iGAAiG;QACjG,0GAA0G;QAC1G,uEAAuE;QACvE,+CAA+C;IACjD,CAAC;IAED,KAAK,CAAC,OAAO;QACX,IAAI,CAAC,WAAW,GAAG,KAAK,CAAC;IAC3B,CAAC;CACF"}

package/dist/secret-providers/providers/azure.d.ts

@@ -0,0 +1,40 @@
+/**
+ * Azure Key Vault Secret Provider
+ *
+ * Supports service principal and managed identity authentication.
+ */
+import type { SecretProvider, Secret, AzureKeyVaultConfig } from '../types.js';
+export declare class AzureKeyVaultProvider implements SecretProvider {
+    private config;
+    private accessToken?;
+    private tokenExpiresAt?;
+    private initialized;
+    constructor(config: AzureKeyVaultConfig);
+    initialize(): Promise<void>;
+    /**
+     * Get or refresh access token
+     */
+    private refreshAccessToken;
+    /**
+     * Authenticate using service principal
+     */
+    private authenticateWithServicePrincipal;
+    /**
+     * Authenticate using managed identity
+     */
+    private authenticateWithManagedIdentity;
+    /**
+     * Get a secret from Azure Key Vault
+     */
+    getSecret(secretName: string): Promise<Secret>;
+    /**
+     * Check if a secret exists
+     */
+    exists(secretName: string): Promise<boolean>;
+    /**
+     * List secrets
+     */
+    listSecrets(): Promise<string[]>;
+    destroy(): Promise<void>;
+}
+//# sourceMappingURL=azure.d.ts.map

package/dist/secret-providers/providers/azure.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"azure.d.ts","sourceRoot":"","sources":["../../../src/secret-providers/providers/azure.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAE/E,qBAAa,qBAAsB,YAAW,cAAc;IAC1D,OAAO,CAAC,MAAM,CAAgC;IAC9C,OAAO,CAAC,WAAW,CAAC,CAAS;IAC7B,OAAO,CAAC,cAAc,CAAC,CAAO;IAC9B,OAAO,CAAC,WAAW,CAAS;gBAEhB,MAAM,EAAE,mBAAmB;IAUjC,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAkBjC;;OAEG;YACW,kBAAkB;IAahC;;OAEG;YACW,gCAAgC;IA0B9C;;OAEG;YACW,+BAA+B;IAc7C;;OAEG;IACG,SAAS,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAqDpD;;OAEG;IACG,MAAM,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAYlD;;OAEG;IACG,WAAW,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;IA2BhC,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;CAI/B"}

package/dist/secret-providers/providers/azure.js

@@ -0,0 +1,170 @@
+/**
+ * Azure Key Vault Secret Provider
+ *
+ * Supports service principal and managed identity authentication.
+ */
+export class AzureKeyVaultProvider {
+    config;
+    accessToken;
+    tokenExpiresAt;
+    initialized = false;
+    constructor(config) {
+        this.config = {
+            vaultUrl: config.vaultUrl,
+            tenantId: config.tenantId ?? '',
+            clientId: config.clientId ?? '',
+            clientSecret: config.clientSecret ?? '',
+            useManagedIdentity: config.useManagedIdentity ?? false,
+        };
+    }
+    async initialize() {
+        if (this.initialized)
+            return;
+        // Validate configuration
+        if (!this.config.useManagedIdentity) {
+            if (!this.config.tenantId || !this.config.clientId || !this.config.clientSecret) {
+                throw new Error('Azure Key Vault requires tenantId, clientId, and clientSecret, or useManagedIdentity must be true');
+            }
+        }
+        // Get initial access token
+        await this.refreshAccessToken();
+        this.initialized = true;
+    }
+    /**
+     * Get or refresh access token
+     */
+    async refreshAccessToken() {
+        // Check if token is still valid (with 5 min buffer)
+        if (this.accessToken && this.tokenExpiresAt && this.tokenExpiresAt > new Date(Date.now() + 300000)) {
+            return;
+        }
+        if (this.config.useManagedIdentity) {
+            await this.authenticateWithManagedIdentity();
+        }
+        else {
+            await this.authenticateWithServicePrincipal();
+        }
+    }
+    /**
+     * Authenticate using service principal
+     */
+    async authenticateWithServicePrincipal() {
+        const url = `https://login.microsoftonline.com/${this.config.tenantId}/oauth2/v2.0/token`;
+        const response = await fetch(url, {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/x-www-form-urlencoded',
+            },
+            body: new URLSearchParams({
+                client_id: this.config.clientId,
+                client_secret: this.config.clientSecret,
+                scope: 'https://vault.azure.net/.default',
+                grant_type: 'client_credentials',
+            }),
+        });
+        if (!response.ok) {
+            const error = await response.text();
+            throw new Error(`Azure authentication failed: ${response.status} ${error}`);
+        }
+        const data = (await response.json());
+        this.accessToken = data.access_token;
+        this.tokenExpiresAt = new Date(Date.now() + data.expires_in * 1000);
+    }
+    /**
+     * Authenticate using managed identity
+     */
+    async authenticateWithManagedIdentity() {
+        // This is a placeholder - real implementation would use Azure Instance Metadata Service
+        throw new Error('Azure Managed Identity authentication requires @azure/identity package. ' +
+            'Install it with: npm install @azure/identity @azure/keyvault-secrets');
+        // Production implementation would use:
+        // import { DefaultAzureCredential } from '@azure/identity';
+        // import { SecretClient } from '@azure/keyvault-secrets';
+        // const credential = new DefaultAzureCredential();
+        // const client = new SecretClient(this.config.vaultUrl, credential);
+    }
+    /**
+     * Get a secret from Azure Key Vault
+     */
+    async getSecret(secretName) {
+        if (!this.initialized) {
+            await this.initialize();
+        }
+        await this.refreshAccessToken();
+        // Clean secret name (Azure doesn't allow some characters)
+        const cleanName = secretName.replace(/[^a-zA-Z0-9-]/g, '-');
+        const url = `${this.config.vaultUrl}/secrets/${cleanName}?api-version=7.4`;
+        const response = await fetch(url, {
+            headers: {
+                Authorization: `Bearer ${this.accessToken}`,
+            },
+        });
+        if (!response.ok) {
+            if (response.status === 404) {
+                throw new Error(`Secret not found: ${secretName}`);
+            }
+            const error = await response.text();
+            throw new Error(`Failed to fetch secret from Azure Key Vault: ${response.status} ${error}`);
+        }
+        const data = (await response.json());
+        // Try to parse as JSON
+        let value;
+        try {
+            value = JSON.parse(data.value);
+        }
+        catch {
+            value = data.value;
+        }
+        return {
+            value,
+            metadata: {
+                createdAt: new Date(data.attributes.created * 1000),
+                updatedAt: new Date(data.attributes.updated * 1000),
+            },
+        };
+    }
+    /**
+     * Check if a secret exists
+     */
+    async exists(secretName) {
+        try {
+            await this.getSecret(secretName);
+            return true;
+        }
+        catch (error) {
+            if (error instanceof Error && error.message.includes('not found')) {
+                return false;
+            }
+            throw error;
+        }
+    }
+    /**
+     * List secrets
+     */
+    async listSecrets() {
+        if (!this.initialized) {
+            await this.initialize();
+        }
+        await this.refreshAccessToken();
+        const url = `${this.config.vaultUrl}/secrets?api-version=7.4`;
+        const response = await fetch(url, {
+            headers: {
+                Authorization: `Bearer ${this.accessToken}`,
+            },
+        });
+        if (!response.ok) {
+            const error = await response.text();
+            throw new Error(`Failed to list secrets from Azure Key Vault: ${response.status} ${error}`);
+        }
+        const data = (await response.json());
+        return data.value.map((secret) => {
+            const parts = secret.id.split('/');
+            return parts[parts.length - 1];
+        });
+    }
+    async destroy() {
+        this.accessToken = '';
+        this.initialized = false;
+    }
+}
+//# sourceMappingURL=azure.js.map

package/dist/secret-providers/providers/azure.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"azure.js","sourceRoot":"","sources":["../../../src/secret-providers/providers/azure.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,MAAM,OAAO,qBAAqB;IACxB,MAAM,CAAgC;IACtC,WAAW,CAAU;IACrB,cAAc,CAAQ;IACtB,WAAW,GAAG,KAAK,CAAC;IAE5B,YAAY,MAA2B;QACrC,IAAI,CAAC,MAAM,GAAG;YACZ,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,QAAQ,EAAE,MAAM,CAAC,QAAQ,IAAI,EAAE;YAC/B,QAAQ,EAAE,MAAM,CAAC,QAAQ,IAAI,EAAE;YAC/B,YAAY,EAAE,MAAM,CAAC,YAAY,IAAI,EAAE;YACvC,kBAAkB,EAAE,MAAM,CAAC,kBAAkB,IAAI,KAAK;SACvD,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,UAAU;QACd,IAAI,IAAI,CAAC,WAAW;YAAE,OAAO;QAE7B,yBAAyB;QACzB,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,kBAAkB,EAAE,CAAC;YACpC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;gBAChF,MAAM,IAAI,KAAK,CACb,mGAAmG,CACpG,CAAC;YACJ,CAAC;QACH,CAAC;QAED,2BAA2B;QAC3B,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAEhC,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;IAC1B,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,kBAAkB;QAC9B,oDAAoD;QACpD,IAAI,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,cAAc,IAAI,IAAI,CAAC,cAAc,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,EAAE,CAAC;YACnG,OAAO;QACT,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,CAAC,kBAAkB,EAAE,CAAC;YACnC,MAAM,IAAI,CAAC,+BAA+B,EAAE,CAAC;QAC/C,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,CAAC,gCAAgC,EAAE,CAAC;QAChD,CAAC;IACH,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,gCAAgC;QAC5C,MAAM,GAAG,GAAG,qCAAqC,IAAI,CAAC,MAAM,CAAC,QAAQ,oBAAoB,CAAC;QAE1F,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAChC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,mCAAmC;aACpD;YACD,IAAI,EAAE,IAAI,eAAe,CAAC;gBACxB,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,QAAS;gBAChC,aAAa,EAAE,IAAI,CAAC,MAAM,CAAC,YAAa;gBACxC,KAAK,EAAE,kCAAkC;gBACzC,UAAU,EAAE,oBAAoB;aACjC,CAAC;SACH,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACpC,MAAM,IAAI,KAAK,CAAC,gCAAgC,QAAQ,CAAC,MAAM,IAAI,KAAK,EAAE,CAAC,CAAC;QAC9E,CAAC;QAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAiD,CAAC;QACrF,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,YAAY,CAAC;QACrC,IAAI,CAAC,cAAc,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC;IACtE,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,+BAA+B;QAC3C,wFAAwF;QACxF,MAAM,IAAI,KAAK,CACb,0EAA0E;YACxE,sEAAsE,CACzE,CAAC;QAEF,uCAAuC;QACvC,4DAA4D;QAC5D,0DAA0D;QAC1D,mDAAmD;QACnD,qEAAqE;IACvE,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,SAAS,CAAC,UAAkB;QAChC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;QAC1B,CAAC;QAED,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAEhC,0DAA0D;QAC1D,MAAM,SAAS,GAAG,UAAU,CAAC,OAAO,CAAC,gBAAgB,EAAE,GAAG,CAAC,CAAC;QAE5D,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,YAAY,SAAS,kBAAkB,CAAC;QAE3E,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAChC,OAAO,EAAE;gBACP,aAAa,EAAE,UAAU,IAAI,CAAC,WAAW,EAAE;aAC5C;SACF,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBAC5B,MAAM,IAAI,KAAK,CAAC,qBAAqB,UAAU,EAAE,CAAC,CAAC;YACrD,CAAC;YACD,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACpC,MAAM,IAAI,KAAK,CAAC,gDAAgD,QAAQ,CAAC,MAAM,IAAI,KAAK,EAAE,CAAC,CAAC;QAC9F,CAAC;QAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAQlC,CAAC;QAEF,uBAAuB;QACvB,IAAI,KAAuC,CAAC;QAC5C,IAAI,CAAC;YACH,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACjC,CAAC;QAAC,MAAM,CAAC;YACP,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;QACrB,CAAC;QAED,OAAO;YACL,KAAK;YACL,QAAQ,EAAE;gBACR,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,GAAG,IAAI,CAAC;gBACnD,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,GAAG,IAAI,CAAC;aACpD;SACF,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,MAAM,CAAC,UAAkB;QAC7B,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;YACjC,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,KAAK,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;gBAClE,OAAO,KAAK,CAAC;YACf,CAAC;YACD,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW;QACf,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;QAC1B,CAAC;QAED,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAEhC,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,0BAA0B,CAAC;QAE9D,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAChC,OAAO,EAAE;gBACP,aAAa,EAAE,UAAU,IAAI,CAAC,WAAW,EAAE;aAC5C;SACF,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACpC,MAAM,IAAI,KAAK,CAAC,gDAAgD,QAAQ,CAAC,MAAM,IAAI,KAAK,EAAE,CAAC,CAAC;QAC9F,CAAC;QAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAqC,CAAC;QACzE,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE;YAC/B,MAAM,KAAK,GAAG,MAAM,CAAC,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACnC,OAAO,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QACjC,CAAC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,OAAO;QACX,IAAI,CAAC,WAAW,GAAG,EAAE,CAAC;QACtB,IAAI,CAAC,WAAW,GAAG,KAAK,CAAC;IAC3B,CAAC;CACF"}

package/dist/secret-providers/providers/env.d.ts

@@ -0,0 +1,26 @@
+/**
+ * Environment Variable Provider
+ *
+ * Simple provider that reads secrets from environment variables.
+ * Useful for local development and simple deployments.
+ */
+import type { SecretProvider, Secret } from '../types.js';
+export declare class EnvProvider implements SecretProvider {
+    private prefix;
+    constructor(prefix?: string);
+    initialize(): Promise<void>;
+    /**
+     * Get a secret from environment variables
+     * Path format: VAR_NAME or prefix_VAR_NAME if prefix is set
+     */
+    getSecret(path: string): Promise<Secret>;
+    /**
+     * Check if an environment variable exists
+     */
+    exists(path: string): Promise<boolean>;
+    /**
+     * List all environment variables with the prefix
+     */
+    listSecrets(): Promise<string[]>;
+}
+//# sourceMappingURL=env.d.ts.map

package/dist/secret-providers/providers/env.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"env.d.ts","sourceRoot":"","sources":["../../../src/secret-providers/providers/env.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAE1D,qBAAa,WAAY,YAAW,cAAc;IAChD,OAAO,CAAC,MAAM,CAAS;gBAEX,MAAM,GAAE,MAAW;IAIzB,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAIjC;;;OAGG;IACG,SAAS,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAqB9C;;OAEG;IACG,MAAM,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAK5C;;OAEG;IACG,WAAW,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;CAYvC"}

package/dist/secret-providers/providers/env.js

@@ -0,0 +1,59 @@
+/**
+ * Environment Variable Provider
+ *
+ * Simple provider that reads secrets from environment variables.
+ * Useful for local development and simple deployments.
+ */
+export class EnvProvider {
+    prefix;
+    constructor(prefix = '') {
+        this.prefix = prefix;
+    }
+    async initialize() {
+        // No initialization needed
+    }
+    /**
+     * Get a secret from environment variables
+     * Path format: VAR_NAME or prefix_VAR_NAME if prefix is set
+     */
+    async getSecret(path) {
+        const envVar = this.prefix ? `${this.prefix}_${path}` : path;
+        const value = process.env[envVar];
+        if (value === undefined) {
+            throw new Error(`Environment variable not found: ${envVar}`);
+        }
+        // Try to parse as JSON
+        let parsedValue = value;
+        try {
+            parsedValue = JSON.parse(value);
+        }
+        catch {
+            // Not JSON, use as string
+        }
+        return {
+            value: parsedValue,
+        };
+    }
+    /**
+     * Check if an environment variable exists
+     */
+    async exists(path) {
+        const envVar = this.prefix ? `${this.prefix}_${path}` : path;
+        return process.env[envVar] !== undefined;
+    }
+    /**
+     * List all environment variables with the prefix
+     */
+    async listSecrets() {
+        if (!this.prefix) {
+            // Return all env vars if no prefix
+            return Object.keys(process.env);
+        }
+        // Return only vars with the prefix
+        const prefixWithUnderscore = `${this.prefix}_`;
+        return Object.keys(process.env)
+            .filter((key) => key.startsWith(prefixWithUnderscore))
+            .map((key) => key.slice(prefixWithUnderscore.length));
+    }
+}
+//# sourceMappingURL=env.js.map

package/dist/secret-providers/providers/env.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"env.js","sourceRoot":"","sources":["../../../src/secret-providers/providers/env.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,MAAM,OAAO,WAAW;IACd,MAAM,CAAS;IAEvB,YAAY,SAAiB,EAAE;QAC7B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,KAAK,CAAC,UAAU;QACd,2BAA2B;IAC7B,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,SAAS,CAAC,IAAY;QAC1B,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,MAAM,IAAI,IAAI,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;QAC7D,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAElC,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CAAC,mCAAmC,MAAM,EAAE,CAAC,CAAC;QAC/D,CAAC;QAED,uBAAuB;QACvB,IAAI,WAAW,GAAqC,KAAK,CAAC;QAC1D,IAAI,CAAC;YACH,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAClC,CAAC;QAAC,MAAM,CAAC;YACP,0BAA0B;QAC5B,CAAC;QAED,OAAO;YACL,KAAK,EAAE,WAAW;SACnB,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,MAAM,CAAC,IAAY;QACvB,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,MAAM,IAAI,IAAI,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;QAC7D,OAAO,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,SAAS,CAAC;IAC3C,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW;QACf,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACjB,mCAAmC;YACnC,OAAO,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAClC,CAAC;QAED,mCAAmC;QACnC,MAAM,oBAAoB,GAAG,GAAG,IAAI,CAAC,MAAM,GAAG,CAAC;QAC/C,OAAO,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC;aAC5B,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,UAAU,CAAC,oBAAoB,CAAC,CAAC;aACrD,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC,CAAC;IAC1D,CAAC;CACF"}

package/dist/secret-providers/providers/vault.d.ts

@@ -0,0 +1,39 @@
+/**
+ * HashiCorp Vault Secret Provider
+ *
+ * Supports KV v1 and v2 engines with token and AppRole authentication.
+ */
+import type { SecretProvider, Secret, VaultConfig } from '../types.js';
+export declare class VaultProvider implements SecretProvider {
+    private config;
+    private token?;
+    private initialized;
+    constructor(config: VaultConfig);
+    initialize(): Promise<void>;
+    /**
+     * Authenticate using AppRole
+     */
+    private authenticateAppRole;
+    /**
+     * Get a secret from Vault
+     */
+    getSecret(path: string): Promise<Secret>;
+    /**
+     * Check if a secret exists
+     */
+    exists(path: string): Promise<boolean>;
+    /**
+     * List secrets at a path
+     */
+    listSecrets(path: string): Promise<string[]>;
+    /**
+     * Build URL for secret access
+     */
+    private buildSecretUrl;
+    /**
+     * Build URL for listing secrets
+     */
+    private buildListUrl;
+    destroy(): Promise<void>;
+}
+//# sourceMappingURL=vault.d.ts.map

package/dist/secret-providers/providers/vault.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"vault.d.ts","sourceRoot":"","sources":["../../../src/secret-providers/providers/vault.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAEvE,qBAAa,aAAc,YAAW,cAAc;IAClD,OAAO,CAAC,MAAM,CAAwB;IACtC,OAAO,CAAC,KAAK,CAAC,CAAS;IACvB,OAAO,CAAC,WAAW,CAAS;gBAEhB,MAAM,EAAE,WAAW;IAYzB,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAejC;;OAEG;YACW,mBAAmB;IA4BjC;;OAEG;IACG,SAAS,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAkD9C;;OAEG;IACG,MAAM,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAS5C;;OAEG;IACG,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IA+BlD;;OAEG;IACH,OAAO,CAAC,cAAc;IAYtB;;OAEG;IACH,OAAO,CAAC,YAAY;IAYd,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;CAI/B"}