@marktoflow/core 2.0.0-alpha.9 → 2.0.2

package/dist/secrets/providers/vault.js

@@ -0,0 +1,180 @@
+/**
+ * HashiCorp Vault Secret Provider
+ *
+ * Supports KV v1 and v2 engines with token and AppRole authentication.
+ */
+export class VaultProvider {
+    config;
+    token;
+    initialized = false;
+    constructor(config) {
+        this.config = {
+            address: config.address,
+            token: config.token ?? '',
+            namespace: config.namespace ?? '',
+            roleId: config.roleId ?? '',
+            secretId: config.secretId ?? '',
+            kvVersion: config.kvVersion ?? 2,
+            mountPath: config.mountPath ?? 'secret',
+        };
+    }
+    async initialize() {
+        if (this.initialized)
+            return;
+        // If using AppRole, authenticate to get token
+        if (this.config.roleId && this.config.secretId) {
+            await this.authenticateAppRole();
+        }
+        else if (!this.config.token) {
+            throw new Error('Vault provider requires either token or AppRole credentials');
+        }
+        else {
+            this.token = this.config.token;
+        }
+        this.initialized = true;
+    }
+    /**
+     * Authenticate using AppRole
+     */
+    async authenticateAppRole() {
+        const url = `${this.config.address}/v1/auth/approle/login`;
+        const headers = {
+            'Content-Type': 'application/json',
+        };
+        if (this.config.namespace) {
+            headers['X-Vault-Namespace'] = this.config.namespace;
+        }
+        const response = await fetch(url, {
+            method: 'POST',
+            headers,
+            body: JSON.stringify({
+                role_id: this.config.roleId,
+                secret_id: this.config.secretId,
+            }),
+        });
+        if (!response.ok) {
+            const error = await response.text();
+            throw new Error(`Vault AppRole authentication failed: ${response.status} ${error}`);
+        }
+        const data = (await response.json());
+        this.token = data.auth.client_token;
+    }
+    /**
+     * Get a secret from Vault
+     */
+    async getSecret(path) {
+        if (!this.initialized) {
+            await this.initialize();
+        }
+        const url = this.buildSecretUrl(path);
+        const headers = {
+            'X-Vault-Token': this.token,
+        };
+        if (this.config.namespace) {
+            headers['X-Vault-Namespace'] = this.config.namespace;
+        }
+        const response = await fetch(url, { headers });
+        if (!response.ok) {
+            if (response.status === 404) {
+                throw new Error(`Secret not found: ${path}`);
+            }
+            const error = await response.text();
+            throw new Error(`Failed to fetch secret from Vault: ${response.status} ${error}`);
+        }
+        const data = await response.json();
+        // Handle KV v1 vs v2 response format
+        if (this.config.kvVersion === 2) {
+            const secretData = data.data;
+            const metadata = {
+                version: String(secretData.metadata.version),
+            };
+            if (secretData.metadata.created_time) {
+                metadata.createdAt = new Date(secretData.metadata.created_time);
+            }
+            return {
+                value: secretData.data,
+                metadata,
+            };
+        }
+        else {
+            // KV v1
+            const secretData = data.data;
+            return {
+                value: secretData,
+            };
+        }
+    }
+    /**
+     * Check if a secret exists
+     */
+    async exists(path) {
+        try {
+            await this.getSecret(path);
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+    /**
+     * List secrets at a path
+     */
+    async listSecrets(path) {
+        if (!this.initialized) {
+            await this.initialize();
+        }
+        const url = this.buildListUrl(path);
+        const headers = {
+            'X-Vault-Token': this.token,
+        };
+        if (this.config.namespace) {
+            headers['X-Vault-Namespace'] = this.config.namespace;
+        }
+        const response = await fetch(url, {
+            method: 'LIST',
+            headers,
+        });
+        if (!response.ok) {
+            if (response.status === 404) {
+                return [];
+            }
+            const error = await response.text();
+            throw new Error(`Failed to list secrets from Vault: ${response.status} ${error}`);
+        }
+        const data = (await response.json());
+        return data.data.keys || [];
+    }
+    /**
+     * Build URL for secret access
+     */
+    buildSecretUrl(path) {
+        const cleanPath = path.startsWith('/') ? path.slice(1) : path;
+        if (this.config.kvVersion === 2) {
+            // KV v2: /v1/{mount}/data/{path}
+            return `${this.config.address}/v1/${this.config.mountPath}/data/${cleanPath}`;
+        }
+        else {
+            // KV v1: /v1/{mount}/{path}
+            return `${this.config.address}/v1/${this.config.mountPath}/${cleanPath}`;
+        }
+    }
+    /**
+     * Build URL for listing secrets
+     */
+    buildListUrl(path) {
+        const cleanPath = path.startsWith('/') ? path.slice(1) : path;
+        if (this.config.kvVersion === 2) {
+            // KV v2: /v1/{mount}/metadata/{path}
+            return `${this.config.address}/v1/${this.config.mountPath}/metadata/${cleanPath}`;
+        }
+        else {
+            // KV v1: /v1/{mount}/{path}
+            return `${this.config.address}/v1/${this.config.mountPath}/${cleanPath}`;
+        }
+    }
+    async destroy() {
+        this.token = '';
+        this.initialized = false;
+    }
+}
+//# sourceMappingURL=vault.js.map

package/dist/secrets/providers/vault.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"vault.js","sourceRoot":"","sources":["../../../src/secrets/providers/vault.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,MAAM,OAAO,aAAa;IAChB,MAAM,CAAwB;IAC9B,KAAK,CAAU;IACf,WAAW,GAAG,KAAK,CAAC;IAE5B,YAAY,MAAmB;QAC7B,IAAI,CAAC,MAAM,GAAG;YACZ,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,KAAK,EAAE,MAAM,CAAC,KAAK,IAAI,EAAE;YACzB,SAAS,EAAE,MAAM,CAAC,SAAS,IAAI,EAAE;YACjC,MAAM,EAAE,MAAM,CAAC,MAAM,IAAI,EAAE;YAC3B,QAAQ,EAAE,MAAM,CAAC,QAAQ,IAAI,EAAE;YAC/B,SAAS,EAAE,MAAM,CAAC,SAAS,IAAI,CAAC;YAChC,SAAS,EAAE,MAAM,CAAC,SAAS,IAAI,QAAQ;SACxC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,UAAU;QACd,IAAI,IAAI,CAAC,WAAW;YAAE,OAAO;QAE7B,8CAA8C;QAC9C,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,IAAI,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;YAC/C,MAAM,IAAI,CAAC,mBAAmB,EAAE,CAAC;QACnC,CAAC;aAAM,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YAC9B,MAAM,IAAI,KAAK,CAAC,6DAA6D,CAAC,CAAC;QACjF,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC;QACjC,CAAC;QAED,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;IAC1B,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,mBAAmB;QAC/B,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,wBAAwB,CAAC;QAC3D,MAAM,OAAO,GAA2B;YACtC,cAAc,EAAE,kBAAkB;SACnC,CAAC;QAEF,IAAI,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;YAC1B,OAAO,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC;QACvD,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAChC,MAAM,EAAE,MAAM;YACd,OAAO;YACP,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM;gBAC3B,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;aAChC,CAAC;SACH,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACpC,MAAM,IAAI,KAAK,CAAC,wCAAwC,QAAQ,CAAC,MAAM,IAAI,KAAK,EAAE,CAAC,CAAC;QACtF,CAAC;QAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAuC,CAAC;QAC3E,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC;IACtC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,SAAS,CAAC,IAAY;QAC1B,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;QAC1B,CAAC;QAED,MAAM,GAAG,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;QACtC,MAAM,OAAO,GAA2B;YACtC,eAAe,EAAE,IAAI,CAAC,KAAM;SAC7B,CAAC;QAEF,IAAI,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;YAC1B,OAAO,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC;QACvD,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC;QAE/C,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBAC5B,MAAM,IAAI,KAAK,CAAC,qBAAqB,IAAI,EAAE,CAAC,CAAC;YAC/C,CAAC;YACD,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACpC,MAAM,IAAI,KAAK,CAAC,sCAAsC,QAAQ,CAAC,MAAM,IAAI,KAAK,EAAE,CAAC,CAAC;QACpF,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAA6B,CAAC;QAE9D,qCAAqC;QACrC,IAAI,IAAI,CAAC,MAAM,CAAC,SAAS,KAAK,CAAC,EAAE,CAAC;YAChC,MAAM,UAAU,GAAG,IAAI,CAAC,IAA4E,CAAC;YACrG,MAAM,QAAQ,GAA0C;gBACtD,OAAO,EAAE,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC;aAC7C,CAAC;YAEF,IAAI,UAAU,CAAC,QAAQ,CAAC,YAAY,EAAE,CAAC;gBACrC,QAAQ,CAAC,SAAS,GAAG,IAAI,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,YAAsB,CAAC,CAAC;YAC5E,CAAC;YAED,OAAO;gBACL,KAAK,EAAE,UAAU,CAAC,IAAI;gBACtB,QAAQ;aACT,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,QAAQ;YACR,MAAM,UAAU,GAAG,IAAI,CAAC,IAA+B,CAAC;YACxD,OAAO;gBACL,KAAK,EAAE,UAAU;aAClB,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,MAAM,CAAC,IAAY;QACvB,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;YAC3B,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW,CAAC,IAAY;QAC5B,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;QAC1B,CAAC;QAED,MAAM,GAAG,GAAG,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;QACpC,MAAM,OAAO,GAA2B;YACtC,eAAe,EAAE,IAAI,CAAC,KAAM;SAC7B,CAAC;QAEF,IAAI,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;YAC1B,OAAO,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC;QACvD,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAChC,MAAM,EAAE,MAAM;YACd,OAAO;SACR,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBAC5B,OAAO,EAAE,CAAC;YACZ,CAAC;YACD,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACpC,MAAM,IAAI,KAAK,CAAC,sCAAsC,QAAQ,CAAC,MAAM,IAAI,KAAK,EAAE,CAAC,CAAC;QACpF,CAAC;QAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAiC,CAAC;QACrE,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,IAAI,EAAE,CAAC;IAC9B,CAAC;IAED;;OAEG;IACK,cAAc,CAAC,IAAY;QACjC,MAAM,SAAS,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAE9D,IAAI,IAAI,CAAC,MAAM,CAAC,SAAS,KAAK,CAAC,EAAE,CAAC;YAChC,iCAAiC;YACjC,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,OAAO,IAAI,CAAC,MAAM,CAAC,SAAS,SAAS,SAAS,EAAE,CAAC;QAChF,CAAC;aAAM,CAAC;YACN,4BAA4B;YAC5B,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,OAAO,IAAI,CAAC,MAAM,CAAC,SAAS,IAAI,SAAS,EAAE,CAAC;QAC3E,CAAC;IACH,CAAC;IAED;;OAEG;IACK,YAAY,CAAC,IAAY;QAC/B,MAAM,SAAS,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAE9D,IAAI,IAAI,CAAC,MAAM,CAAC,SAAS,KAAK,CAAC,EAAE,CAAC;YAChC,qCAAqC;YACrC,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,OAAO,IAAI,CAAC,MAAM,CAAC,SAAS,aAAa,SAAS,EAAE,CAAC;QACpF,CAAC;aAAM,CAAC;YACN,4BAA4B;YAC5B,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,OAAO,IAAI,CAAC,MAAM,CAAC,SAAS,IAAI,SAAS,EAAE,CAAC;QAC3E,CAAC;IACH,CAAC;IAED,KAAK,CAAC,OAAO;QACX,IAAI,CAAC,KAAK,GAAG,EAAE,CAAC;QAChB,IAAI,CAAC,WAAW,GAAG,KAAK,CAAC;IAC3B,CAAC;CACF"}

package/dist/secrets/secret-manager.d.ts

@@ -0,0 +1,72 @@
+/**
+ * Secret Manager
+ *
+ * Coordinates access to external secret managers with caching support.
+ */
+import type { SecretProvider, SecretManagerOptions, Secret, SecretReference } from './types.js';
+export declare class SecretNotFoundError extends Error {
+    constructor(message: string);
+}
+export declare class SecretProviderError extends Error {
+    constructor(message: string);
+}
+export declare class SecretManager {
+    private providers;
+    private cache;
+    private options;
+    constructor(options: SecretManagerOptions);
+    /**
+     * Register a secret provider
+     */
+    registerProvider(type: string, provider: SecretProvider): void;
+    /**
+     * Initialize all configured providers
+     */
+    initialize(): Promise<void>;
+    /**
+     * Get a secret from the appropriate provider
+     */
+    getSecret(reference: string): Promise<Secret>;
+    /**
+     * Parse a secret reference
+     * Formats:
+     *   ${secret:vault://path/to/secret}
+     *   ${secret:aws://secret-name}
+     *   ${secret:azure://secret-name}
+     *   ${secret:vault://path/to/secret#key}
+     */
+    parseReference(reference: string): SecretReference;
+    /**
+     * Extract a key from a JSON secret
+     */
+    private extractKey;
+    /**
+     * Get secret from cache if not expired
+     */
+    private getCached;
+    /**
+     * Cache a secret
+     */
+    private cacheSecret;
+    /**
+     * Clear cache
+     */
+    clearCache(): void;
+    /**
+     * Clear expired cache entries
+     */
+    clearExpiredCache(): void;
+    /**
+     * Check if a reference looks like a secret reference
+     */
+    static isSecretReference(value: string): boolean;
+    /**
+     * Replace secret references in a string
+     */
+    resolveSecrets(value: string): Promise<string>;
+    /**
+     * Clean up resources
+     */
+    destroy(): Promise<void>;
+}
+//# sourceMappingURL=secret-manager.d.ts.map

package/dist/secrets/secret-manager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"secret-manager.d.ts","sourceRoot":"","sources":["../../src/secrets/secret-manager.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EACV,cAAc,EACd,oBAAoB,EAEpB,MAAM,EACN,eAAe,EAChB,MAAM,YAAY,CAAC;AAEpB,qBAAa,mBAAoB,SAAQ,KAAK;gBAChC,OAAO,EAAE,MAAM;CAI5B;AAED,qBAAa,mBAAoB,SAAQ,KAAK;gBAChC,OAAO,EAAE,MAAM;CAI5B;AAED,qBAAa,aAAa;IACxB,OAAO,CAAC,SAAS,CAAqC;IACtD,OAAO,CAAC,KAAK,CAAmC;IAChD,OAAO,CAAC,OAAO,CAAiC;gBAEpC,OAAO,EAAE,oBAAoB;IASzC;;OAEG;IACH,gBAAgB,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,cAAc,GAAG,IAAI;IAI9D;;OAEG;IACG,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAYjC;;OAEG;IACG,SAAS,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IA0CnD;;;;;;;OAOG;IACH,cAAc,CAAC,SAAS,EAAE,MAAM,GAAG,eAAe;IAwBlD;;OAEG;IACH,OAAO,CAAC,UAAU;IAqBlB;;OAEG;IACH,OAAO,CAAC,SAAS;IAYjB;;OAEG;IACH,OAAO,CAAC,WAAW;IAYnB;;OAEG;IACH,UAAU,IAAI,IAAI;IAIlB;;OAEG;IACH,iBAAiB,IAAI,IAAI;IASzB;;OAEG;IACH,MAAM,CAAC,iBAAiB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO;IAIhD;;OAEG;IACG,cAAc,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IA2BpD;;OAEG;IACG,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;CAS/B"}

package/dist/secrets/secret-manager.js

@@ -0,0 +1,226 @@
+/**
+ * Secret Manager
+ *
+ * Coordinates access to external secret managers with caching support.
+ */
+export class SecretNotFoundError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = 'SecretNotFoundError';
+    }
+}
+export class SecretProviderError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = 'SecretProviderError';
+    }
+}
+export class SecretManager {
+    providers = new Map();
+    cache = new Map();
+    options;
+    constructor(options) {
+        this.options = {
+            providers: options.providers,
+            defaultCacheTTL: options.defaultCacheTTL ?? 300, // 5 minutes
+            referencePrefix: options.referencePrefix ?? 'secret:',
+            throwOnNotFound: options.throwOnNotFound ?? true,
+        };
+    }
+    /**
+     * Register a secret provider
+     */
+    registerProvider(type, provider) {
+        this.providers.set(type, provider);
+    }
+    /**
+     * Initialize all configured providers
+     */
+    async initialize() {
+        for (const [type, provider] of this.providers.entries()) {
+            try {
+                await provider.initialize();
+            }
+            catch (error) {
+                throw new SecretProviderError(`Failed to initialize ${type} provider: ${error instanceof Error ? error.message : 'Unknown error'}`);
+            }
+        }
+    }
+    /**
+     * Get a secret from the appropriate provider
+     */
+    async getSecret(reference) {
+        const parsed = this.parseReference(reference);
+        // Check cache first
+        if (this.options.providers.find((p) => p.cacheEnabled !== false)) {
+            const cached = this.getCached(reference);
+            if (cached) {
+                return cached;
+            }
+        }
+        // Get provider
+        const provider = this.providers.get(parsed.provider);
+        if (!provider) {
+            throw new SecretProviderError(`Provider '${parsed.provider}' not configured`);
+        }
+        // Fetch secret
+        try {
+            const secret = await provider.getSecret(parsed.path);
+            // Extract key if specified
+            if (parsed.key && typeof secret.value === 'object') {
+                const keyValue = this.extractKey(secret.value, parsed.key);
+                secret.value = keyValue;
+            }
+            // Cache the secret
+            this.cacheSecret(reference, secret);
+            return secret;
+        }
+        catch (error) {
+            if (this.options.throwOnNotFound) {
+                throw new SecretNotFoundError(`Secret not found: ${reference} - ${error instanceof Error ? error.message : 'Unknown error'}`);
+            }
+            // Return empty secret if not throwing
+            return { value: '' };
+        }
+    }
+    /**
+     * Parse a secret reference
+     * Formats:
+     *   ${secret:vault://path/to/secret}
+     *   ${secret:aws://secret-name}
+     *   ${secret:azure://secret-name}
+     *   ${secret:vault://path/to/secret#key}
+     */
+    parseReference(reference) {
+        // Remove ${secret: and } if present
+        let cleaned = reference.trim();
+        if (cleaned.startsWith('${')) {
+            cleaned = cleaned.slice(2, -1);
+        }
+        if (cleaned.startsWith(this.options.referencePrefix)) {
+            cleaned = cleaned.slice(this.options.referencePrefix.length);
+        }
+        // Parse provider://path#key format
+        const match = cleaned.match(/^([^:]+):\/\/([^#]+)(#(.+))?$/);
+        if (!match) {
+            throw new SecretProviderError(`Invalid secret reference format: ${reference}`);
+        }
+        return {
+            raw: reference,
+            provider: match[1],
+            path: match[2],
+            key: match[4],
+        };
+    }
+    /**
+     * Extract a key from a JSON secret
+     */
+    extractKey(value, key) {
+        const parts = key.split('.');
+        let current = value;
+        for (const part of parts) {
+            if (typeof current === 'object' && current !== null && part in current) {
+                current = current[part];
+            }
+            else {
+                throw new SecretNotFoundError(`Key '${key}' not found in secret`);
+            }
+        }
+        if (typeof current === 'string') {
+            return current;
+        }
+        if (typeof current === 'number' || typeof current === 'boolean') {
+            return String(current);
+        }
+        return JSON.stringify(current);
+    }
+    /**
+     * Get secret from cache if not expired
+     */
+    getCached(reference) {
+        const cached = this.cache.get(reference);
+        if (!cached)
+            return null;
+        if (cached.expiresAt < new Date()) {
+            this.cache.delete(reference);
+            return null;
+        }
+        return cached.value;
+    }
+    /**
+     * Cache a secret
+     */
+    cacheSecret(reference, secret) {
+        const now = new Date();
+        const ttl = this.options.defaultCacheTTL * 1000; // Convert to ms
+        const expiresAt = new Date(now.getTime() + ttl);
+        this.cache.set(reference, {
+            value: secret,
+            fetchedAt: now,
+            expiresAt,
+        });
+    }
+    /**
+     * Clear cache
+     */
+    clearCache() {
+        this.cache.clear();
+    }
+    /**
+     * Clear expired cache entries
+     */
+    clearExpiredCache() {
+        const now = new Date();
+        for (const [key, cached] of this.cache.entries()) {
+            if (cached.expiresAt < now) {
+                this.cache.delete(key);
+            }
+        }
+    }
+    /**
+     * Check if a reference looks like a secret reference
+     */
+    static isSecretReference(value) {
+        return value.includes('secret:') && value.includes('://');
+    }
+    /**
+     * Replace secret references in a string
+     */
+    async resolveSecrets(value) {
+        // Find all secret references
+        const regex = /\$\{secret:[^}]+\}/g;
+        const matches = value.match(regex);
+        if (!matches) {
+            return value;
+        }
+        let result = value;
+        for (const match of matches) {
+            try {
+                const secret = await this.getSecret(match);
+                const secretValue = typeof secret.value === 'string' ? secret.value : JSON.stringify(secret.value);
+                result = result.replace(match, secretValue);
+            }
+            catch (error) {
+                if (this.options.throwOnNotFound) {
+                    throw error;
+                }
+                // Replace with empty string if not throwing
+                result = result.replace(match, '');
+            }
+        }
+        return result;
+    }
+    /**
+     * Clean up resources
+     */
+    async destroy() {
+        for (const provider of this.providers.values()) {
+            if (provider.destroy) {
+                await provider.destroy();
+            }
+        }
+        this.providers.clear();
+        this.cache.clear();
+    }
+}
+//# sourceMappingURL=secret-manager.js.map

package/dist/secrets/secret-manager.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"secret-manager.js","sourceRoot":"","sources":["../../src/secrets/secret-manager.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAUH,MAAM,OAAO,mBAAoB,SAAQ,KAAK;IAC5C,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,qBAAqB,CAAC;IACpC,CAAC;CACF;AAED,MAAM,OAAO,mBAAoB,SAAQ,KAAK;IAC5C,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,qBAAqB,CAAC;IACpC,CAAC;CACF;AAED,MAAM,OAAO,aAAa;IAChB,SAAS,GAAG,IAAI,GAAG,EAA0B,CAAC;IAC9C,KAAK,GAAG,IAAI,GAAG,EAAwB,CAAC;IACxC,OAAO,CAAiC;IAEhD,YAAY,OAA6B;QACvC,IAAI,CAAC,OAAO,GAAG;YACb,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,eAAe,EAAE,OAAO,CAAC,eAAe,IAAI,GAAG,EAAE,YAAY;YAC7D,eAAe,EAAE,OAAO,CAAC,eAAe,IAAI,SAAS;YACrD,eAAe,EAAE,OAAO,CAAC,eAAe,IAAI,IAAI;SACjD,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,gBAAgB,CAAC,IAAY,EAAE,QAAwB;QACrD,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IACrC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAU;QACd,KAAK,MAAM,CAAC,IAAI,EAAE,QAAQ,CAAC,IAAI,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,EAAE,CAAC;YACxD,IAAI,CAAC;gBACH,MAAM,QAAQ,CAAC,UAAU,EAAE,CAAC;YAC9B,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,IAAI,mBAAmB,CAC3B,wBAAwB,IAAI,cAAc,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CACrG,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,SAAS,CAAC,SAAiB;QAC/B,MAAM,MAAM,GAAG,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC;QAE9C,oBAAoB;QACpB,IAAI,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,YAAY,KAAK,KAAK,CAAC,EAAE,CAAC;YACjE,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;YACzC,IAAI,MAAM,EAAE,CAAC;gBACX,OAAO,MAAM,CAAC;YAChB,CAAC;QACH,CAAC;QAED,eAAe;QACf,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QACrD,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,mBAAmB,CAAC,aAAa,MAAM,CAAC,QAAQ,kBAAkB,CAAC,CAAC;QAChF,CAAC;QAED,eAAe;QACf,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YAErD,2BAA2B;YAC3B,IAAI,MAAM,CAAC,GAAG,IAAI,OAAO,MAAM,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;gBACnD,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;gBAC3D,MAAM,CAAC,KAAK,GAAG,QAAQ,CAAC;YAC1B,CAAC;YAED,mBAAmB;YACnB,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;YAEpC,OAAO,MAAM,CAAC;QAChB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,IAAI,CAAC,OAAO,CAAC,eAAe,EAAE,CAAC;gBACjC,MAAM,IAAI,mBAAmB,CAC3B,qBAAqB,SAAS,MAAM,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CAC/F,CAAC;YACJ,CAAC;YACD,sCAAsC;YACtC,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;QACvB,CAAC;IACH,CAAC;IAED;;;;;;;OAOG;IACH,cAAc,CAAC,SAAiB;QAC9B,oCAAoC;QACpC,IAAI,OAAO,GAAG,SAAS,CAAC,IAAI,EAAE,CAAC;QAC/B,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YAC7B,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QACjC,CAAC;QACD,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE,CAAC;YACrD,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC;QAC/D,CAAC;QAED,mCAAmC;QACnC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,+BAA+B,CAAC,CAAC;QAC7D,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,mBAAmB,CAAC,oCAAoC,SAAS,EAAE,CAAC,CAAC;QACjF,CAAC;QAED,OAAO;YACL,GAAG,EAAE,SAAS;YACd,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC;YAClB,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC;YACd,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC;SACd,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,UAAU,CAAC,KAA8B,EAAE,GAAW;QAC5D,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC7B,IAAI,OAAO,GAAY,KAAK,CAAC;QAE7B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,OAAO,KAAK,IAAI,IAAI,IAAI,IAAI,OAAO,EAAE,CAAC;gBACvE,OAAO,GAAI,OAAmC,CAAC,IAAI,CAAC,CAAC;YACvD,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,mBAAmB,CAAC,QAAQ,GAAG,uBAAuB,CAAC,CAAC;YACpE,CAAC;QACH,CAAC;QAED,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;YAChC,OAAO,OAAO,CAAC;QACjB,CAAC;QACD,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,OAAO,OAAO,KAAK,SAAS,EAAE,CAAC;YAChE,OAAO,MAAM,CAAC,OAAO,CAAC,CAAC;QACzB,CAAC;QACD,OAAO,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;IACjC,CAAC;IAED;;OAEG;IACK,SAAS,CAAC,SAAiB;QACjC,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QACzC,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAC;QAEzB,IAAI,MAAM,CAAC,SAAS,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;YAClC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YAC7B,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,MAAM,CAAC,KAAK,CAAC;IACtB,CAAC;IAED;;OAEG;IACK,WAAW,CAAC,SAAiB,EAAE,MAAc;QACnD,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC,CAAC,gBAAgB;QACjE,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,GAAG,CAAC,CAAC;QAEhD,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,EAAE;YACxB,KAAK,EAAE,MAAM;YACb,SAAS,EAAE,GAAG;YACd,SAAS;SACV,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,UAAU;QACR,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;IACrB,CAAC;IAED;;OAEG;IACH,iBAAiB;QACf,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,KAAK,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,EAAE,CAAC;YACjD,IAAI,MAAM,CAAC,SAAS,GAAG,GAAG,EAAE,CAAC;gBAC3B,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACzB,CAAC;QACH,CAAC;IACH,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,iBAAiB,CAAC,KAAa;QACpC,OAAO,KAAK,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAC5D,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,cAAc,CAAC,KAAa;QAChC,6BAA6B;QAC7B,MAAM,KAAK,GAAG,qBAAqB,CAAC;QACpC,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAEnC,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,MAAM,GAAG,KAAK,CAAC;QACnB,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;gBAC3C,MAAM,WAAW,GAAG,OAAO,MAAM,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;gBACnG,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,WAAW,CAAC,CAAC;YAC9C,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,IAAI,IAAI,CAAC,OAAO,CAAC,eAAe,EAAE,CAAC;oBACjC,MAAM,KAAK,CAAC;gBACd,CAAC;gBACD,4CAA4C;gBAC5C,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;YACrC,CAAC;QACH,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAAO;QACX,KAAK,MAAM,QAAQ,IAAI,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,EAAE,CAAC;YAC/C,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC;gBACrB,MAAM,QAAQ,CAAC,OAAO,EAAE,CAAC;YAC3B,CAAC;QACH,CAAC;QACD,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC;QACvB,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;IACrB,CAAC;CACF"}

package/dist/secrets/types.d.ts

@@ -0,0 +1,105 @@
+/**
+ * External Secrets Management Types
+ *
+ * Provides integration with external secret managers like HashiCorp Vault,
+ * AWS Secrets Manager, Azure Key Vault, etc.
+ */
+export interface SecretMetadata {
+    version?: string;
+    createdAt?: Date;
+    updatedAt?: Date;
+    expiresAt?: Date;
+    tags?: Record<string, string>;
+}
+export interface Secret {
+    value: string | Record<string, unknown>;
+    metadata?: SecretMetadata;
+}
+export interface SecretProviderConfig {
+    type: 'vault' | 'aws' | 'azure' | 'gcp' | 'env';
+    cacheEnabled?: boolean;
+    cacheTTL?: number;
+    config?: Record<string, unknown>;
+}
+export interface VaultConfig {
+    address: string;
+    token?: string;
+    namespace?: string;
+    roleId?: string;
+    secretId?: string;
+    kvVersion?: 1 | 2;
+    mountPath?: string;
+}
+export interface AWSSecretsManagerConfig {
+    region?: string;
+    accessKeyId?: string;
+    secretAccessKey?: string;
+    sessionToken?: string;
+    useIAMRole?: boolean;
+}
+export interface AzureKeyVaultConfig {
+    vaultUrl: string;
+    tenantId?: string;
+    clientId?: string;
+    clientSecret?: string;
+    useManagedIdentity?: boolean;
+}
+export interface GCPSecretManagerConfig {
+    projectId: string;
+    credentials?: string | Record<string, unknown>;
+    useADC?: boolean;
+}
+/**
+ * Secret Provider Interface
+ *
+ * All secret managers must implement this interface
+ */
+export interface SecretProvider {
+    /**
+     * Get a secret by path/name
+     */
+    getSecret(path: string): Promise<Secret>;
+    /**
+     * Check if a secret exists
+     */
+    exists(path: string): Promise<boolean>;
+    /**
+     * List secrets at a path (optional)
+     */
+    listSecrets?(path: string): Promise<string[]>;
+    /**
+     * Initialize the provider
+     */
+    initialize(): Promise<void>;
+    /**
+     * Clean up resources
+     */
+    destroy?(): Promise<void>;
+}
+/**
+ * Secret Cache Entry
+ */
+export interface CachedSecret {
+    value: Secret;
+    fetchedAt: Date;
+    expiresAt: Date;
+}
+/**
+ * Secret Manager Options
+ */
+export interface SecretManagerOptions {
+    providers: SecretProviderConfig[];
+    defaultCacheTTL?: number;
+    referencePrefix?: string;
+    throwOnNotFound?: boolean;
+}
+/**
+ * Parse result for secret references
+ */
+export interface SecretReference {
+    raw: string;
+    provider: string;
+    path: string;
+    key?: string;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/secrets/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/secrets/types.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,MAAM,WAAW,cAAc;IAC7B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,IAAI,CAAC;IACjB,SAAS,CAAC,EAAE,IAAI,CAAC;IACjB,SAAS,CAAC,EAAE,IAAI,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC/B;AAED,MAAM,WAAW,MAAM;IACrB,KAAK,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACxC,QAAQ,CAAC,EAAE,cAAc,CAAC;CAC3B;AAED,MAAM,WAAW,oBAAoB;IAEnC,IAAI,EAAE,OAAO,GAAG,KAAK,GAAG,OAAO,GAAG,KAAK,GAAG,KAAK,CAAC;IAGhD,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAGlB,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAClC;AAED,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;IAGnB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAGlB,SAAS,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,uBAAuB;IACtC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,YAAY,CAAC,EAAE,MAAM,CAAC;IAGtB,UAAU,CAAC,EAAE,OAAO,CAAC;CACtB;AAED,MAAM,WAAW,mBAAmB;IAClC,QAAQ,EAAE,MAAM,CAAC;IAGjB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,YAAY,CAAC,EAAE,MAAM,CAAC;IAGtB,kBAAkB,CAAC,EAAE,OAAO,CAAC;CAC9B;AAED,MAAM,WAAW,sBAAsB;IACrC,SAAS,EAAE,MAAM,CAAC;IAGlB,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAG/C,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAED;;;;GAIG;AACH,MAAM,WAAW,cAAc;IAC7B;;OAEG;IACH,SAAS,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAEzC;;OAEG;IACH,MAAM,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAEvC;;OAEG;IACH,WAAW,CAAC,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;IAE9C;;OAEG;IACH,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IAE5B;;OAEG;IACH,OAAO,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;CAC3B;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,IAAI,CAAC;IAChB,SAAS,EAAE,IAAI,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,SAAS,EAAE,oBAAoB,EAAE,CAAC;IAGlC,eAAe,CAAC,EAAE,MAAM,CAAC;IAGzB,eAAe,CAAC,EAAE,MAAM,CAAC;IAGzB,eAAe,CAAC,EAAE,OAAO,CAAC;CAC3B;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,GAAG,EAAE,MAAM,CAAC;IACZ,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;CACd"}

package/dist/secrets/types.js

@@ -0,0 +1,8 @@
+/**
+ * External Secrets Management Types
+ *
+ * Provides integration with external secret managers like HashiCorp Vault,
+ * AWS Secrets Manager, Azure Key Vault, etc.
+ */
+export {};
+//# sourceMappingURL=types.js.map

package/dist/secrets/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/secrets/types.ts"],"names":[],"mappings":"AAAA;;;;;GAKG"}

package/dist/security.d.ts

@@ -137,6 +137,7 @@ export interface AuditStore {
 }
 export declare class InMemoryAuditStore implements AuditStore {
     private events;
+    private maxSize;
     save(event: AuditEvent): Promise<void>;
     query(filters: any): Promise<AuditEvent[]>;
 }

package/dist/security.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"security.d.ts","sourceRoot":"","sources":["../src/security.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAUH,oBAAY,UAAU;IAEpB,aAAa,kBAAkB;IAC/B,gBAAgB,qBAAqB;IACrC,eAAe,oBAAoB;IACnC,aAAa,kBAAkB;IAC/B,eAAe,oBAAoB;IAGnC,QAAQ,aAAa;IACrB,cAAc,mBAAmB;IAGjC,WAAW,gBAAgB;IAC3B,WAAW,gBAAgB;IAC3B,aAAa,kBAAkB;IAC/B,UAAU,eAAe;IAGzB,gBAAgB,qBAAqB;IACrC,gBAAgB,qBAAqB;IACrC,eAAe,oBAAoB;CACpC;AAED,MAAM,WAAW,IAAI;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,GAAG,CAAC,UAAU,CAAC,CAAC;IAC7B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;CACzB;AAED,MAAM,WAAW,IAAI;IACnB,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,QAAQ,EAAE,OAAO,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnC,SAAS,EAAE,IAAI,CAAC;IAChB,SAAS,EAAE,IAAI,CAAC;CACjB;AAED,eAAO,MAAM,gBAAgB,EAAE,MAAM,CAAC,MAAM,EAAE,IAAI,CA+CjD,CAAC;AAEF,qBAAa,WAAW;IACtB,OAAO,CAAC,KAAK,CAAgC;IAC7C,OAAO,CAAC,KAAK,CAAgC;gBAEjC,WAAW,CAAC,EAAE,IAAI,EAAE;IAahC,OAAO,CAAC,IAAI,EAAE,IAAI,GAAG,IAAI;IAIzB,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS;IAIvC,OAAO,CAAC,IAAI,EAAE,IAAI,GAAG,IAAI;IAIzB,OAAO,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS;IAIzC,kBAAkB,CAAC,MAAM,EAAE,MAAM,GAAG,GAAG,CAAC,UAAU,CAAC;IAiCnD,eAAe,CAAC,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,UAAU,GAAG,OAAO;CAIjE;AAMD,oBAAY,cAAc;IACxB,OAAO,YAAY;IACnB,QAAQ,aAAa;IACrB,QAAQ,aAAa;IACrB,OAAO,YAAY;IACnB,SAAS,cAAc;CACxB;AAED,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IACjC,MAAM,EAAE,cAAc,CAAC;IACvB,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,KAAK,CAAC;QAAE,UAAU,EAAE,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;QAAC,SAAS,EAAE,IAAI,CAAA;KAAE,CAAC,CAAC;IACxF,UAAU,EAAE,KAAK,CAAC;QAAE,UAAU,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;QAAC,SAAS,EAAE,IAAI,CAAA;KAAE,CAAC,CAAC;IACxF,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,SAAS,EAAE,IAAI,CAAC;IAChB,SAAS,CAAC,EAAE,IAAI,GAAG,SAAS,CAAC;IAC7B,UAAU,CAAC,EAAE,IAAI,GAAG,SAAS,CAAC;CAC/B;AAED,MAAM,WAAW,eAAe;IAC9B,mBAAmB,CAAC,OAAO,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC7D,kBAAkB,CAAC,OAAO,EAAE,eAAe,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAChF,kBAAkB,CAAC,OAAO,EAAE,eAAe,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACjF;AAED,qBAAa,eAAe;IAC1B,OAAO,CAAC,QAAQ,CAA2C;IAC3D,OAAO,CAAC,QAAQ,CAAyB;IACzC,OAAO,CAAC,IAAI,CAAC,CAA0B;gBAE3B,IAAI,CAAC,EAAE,WAAW,GAAG,SAAS;IAI1C,UAAU,CAAC,OAAO,EAAE,eAAe,GAAG,IAAI;IAIpC,aAAa,CAAC,MAAM,EAAE;QAC1B,WAAW,EAAE,MAAM,CAAC;QACpB,UAAU,EAAE,MAAM,CAAC;QACnB,KAAK,EAAE,MAAM,CAAC;QACd,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;QAC7B,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;KACpC,GAAG,OAAO,CAAC,eAAe,CAAC;IAoC5B,UAAU,CAAC,SAAS,EAAE,MAAM,GAAG,eAAe,GAAG,SAAS;IAQpD,OAAO,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC;IAmC1F,MAAM,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC;CA4B/F;AAMD,oBAAY,cAAc;IACxB,KAAK,eAAe;IACpB,iBAAiB,sBAAsB;IACvC,kBAAkB,uBAAuB;IACzC,eAAe,oBAAoB;IACnC,iBAAiB,+BAA+B;CACjD;AAED,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,cAAc,GAAG,MAAM,CAAC;IACnC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACjC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,IAAI,CAAC;IAChB,OAAO,EAAE,OAAO,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,UAAU;IACzB,IAAI,CAAC,KAAK,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACvC,KAAK,CAAC,OAAO,EAAE;QACb,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,SAAS,CAAC,EAAE,IAAI,CAAC;QACjB,OAAO,CAAC,EAAE,IAAI,CAAC;QACf,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,MAAM,CAAC,EAAE,MAAM,CAAC;KACjB,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC;CAC3B;AAED,qBAAa,kBAAmB,YAAW,UAAU;IACnD,OAAO,CAAC,MAAM,CAAoB;IAE5B,IAAI,CAAC,KAAK,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC;IAItC,KAAK,CAAC,OAAO,EAAE,GAAG,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC;CAOjD;AAED,qBAAa,gBAAiB,YAAW,UAAU;IACjD,OAAO,CAAC,EAAE,CAAoB;gBAElB,MAAM,GAAE,MAAqC;IASzD,OAAO,CAAC,IAAI;IAoBN,IAAI,CAAC,KAAK,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC;IAwBtC,KAAK,CAAC,OAAO,EAAE,GAAG,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC;CAgCjD;AAED,qBAAa,WAAW;IACtB,OAAO,CAAC,KAAK,CAAa;gBAEd,KAAK,CAAC,EAAE,UAAU;IAIxB,GAAG,CAAC,KAAK,EAAE,IAAI,CAAC,UAAU,EAAE,IAAI,GAAG,WAAW,CAAC,GAAG,OAAO,CAAC,MAAM,CAAC;CASxE"}
+{"version":3,"file":"security.d.ts","sourceRoot":"","sources":["../src/security.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAUH,oBAAY,UAAU;IAEpB,aAAa,kBAAkB;IAC/B,gBAAgB,qBAAqB;IACrC,eAAe,oBAAoB;IACnC,aAAa,kBAAkB;IAC/B,eAAe,oBAAoB;IAGnC,QAAQ,aAAa;IACrB,cAAc,mBAAmB;IAGjC,WAAW,gBAAgB;IAC3B,WAAW,gBAAgB;IAC3B,aAAa,kBAAkB;IAC/B,UAAU,eAAe;IAGzB,gBAAgB,qBAAqB;IACrC,gBAAgB,qBAAqB;IACrC,eAAe,oBAAoB;CACpC;AAED,MAAM,WAAW,IAAI;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,GAAG,CAAC,UAAU,CAAC,CAAC;IAC7B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;CACzB;AAED,MAAM,WAAW,IAAI;IACnB,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,QAAQ,EAAE,OAAO,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnC,SAAS,EAAE,IAAI,CAAC;IAChB,SAAS,EAAE,IAAI,CAAC;CACjB;AAED,eAAO,MAAM,gBAAgB,EAAE,MAAM,CAAC,MAAM,EAAE,IAAI,CA+CjD,CAAC;AAEF,qBAAa,WAAW;IACtB,OAAO,CAAC,KAAK,CAAgC;IAC7C,OAAO,CAAC,KAAK,CAAgC;gBAEjC,WAAW,CAAC,EAAE,IAAI,EAAE;IAahC,OAAO,CAAC,IAAI,EAAE,IAAI,GAAG,IAAI;IAIzB,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS;IAIvC,OAAO,CAAC,IAAI,EAAE,IAAI,GAAG,IAAI;IAIzB,OAAO,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS;IAIzC,kBAAkB,CAAC,MAAM,EAAE,MAAM,GAAG,GAAG,CAAC,UAAU,CAAC;IAiCnD,eAAe,CAAC,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,UAAU,GAAG,OAAO;CAIjE;AAMD,oBAAY,cAAc;IACxB,OAAO,YAAY;IACnB,QAAQ,aAAa;IACrB,QAAQ,aAAa;IACrB,OAAO,YAAY;IACnB,SAAS,cAAc;CACxB;AAED,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IACjC,MAAM,EAAE,cAAc,CAAC;IACvB,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,KAAK,CAAC;QAAE,UAAU,EAAE,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;QAAC,SAAS,EAAE,IAAI,CAAA;KAAE,CAAC,CAAC;IACxF,UAAU,EAAE,KAAK,CAAC;QAAE,UAAU,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;QAAC,SAAS,EAAE,IAAI,CAAA;KAAE,CAAC,CAAC;IACxF,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,SAAS,EAAE,IAAI,CAAC;IAChB,SAAS,CAAC,EAAE,IAAI,GAAG,SAAS,CAAC;IAC7B,UAAU,CAAC,EAAE,IAAI,GAAG,SAAS,CAAC;CAC/B;AAED,MAAM,WAAW,eAAe;IAC9B,mBAAmB,CAAC,OAAO,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC7D,kBAAkB,CAAC,OAAO,EAAE,eAAe,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAChF,kBAAkB,CAAC,OAAO,EAAE,eAAe,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACjF;AAED,qBAAa,eAAe;IAC1B,OAAO,CAAC,QAAQ,CAA2C;IAC3D,OAAO,CAAC,QAAQ,CAAyB;IACzC,OAAO,CAAC,IAAI,CAAC,CAA0B;gBAE3B,IAAI,CAAC,EAAE,WAAW,GAAG,SAAS;IAI1C,UAAU,CAAC,OAAO,EAAE,eAAe,GAAG,IAAI;IAIpC,aAAa,CAAC,MAAM,EAAE;QAC1B,WAAW,EAAE,MAAM,CAAC;QACpB,UAAU,EAAE,MAAM,CAAC;QACnB,KAAK,EAAE,MAAM,CAAC;QACd,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;QAC7B,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;KACpC,GAAG,OAAO,CAAC,eAAe,CAAC;IAoC5B,UAAU,CAAC,SAAS,EAAE,MAAM,GAAG,eAAe,GAAG,SAAS;IAQpD,OAAO,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC;IAmC1F,MAAM,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC;CA4B/F;AAMD,oBAAY,cAAc;IACxB,KAAK,eAAe;IACpB,iBAAiB,sBAAsB;IACvC,kBAAkB,uBAAuB;IACzC,eAAe,oBAAoB;IACnC,iBAAiB,+BAA+B;CACjD;AAED,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,cAAc,GAAG,MAAM,CAAC;IACnC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACjC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,IAAI,CAAC;IAChB,OAAO,EAAE,OAAO,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,UAAU;IACzB,IAAI,CAAC,KAAK,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACvC,KAAK,CAAC,OAAO,EAAE;QACb,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,SAAS,CAAC,EAAE,IAAI,CAAC;QACjB,OAAO,CAAC,EAAE,IAAI,CAAC;QACf,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,MAAM,CAAC,EAAE,MAAM,CAAC;KACjB,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC;CAC3B;AAED,qBAAa,kBAAmB,YAAW,UAAU;IACnD,OAAO,CAAC,MAAM,CAAoB;IAClC,OAAO,CAAC,OAAO,CAAS;IAElB,IAAI,CAAC,KAAK,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC;IAOtC,KAAK,CAAC,OAAO,EAAE,GAAG,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC;CAOjD;AAED,qBAAa,gBAAiB,YAAW,UAAU;IACjD,OAAO,CAAC,EAAE,CAAoB;gBAElB,MAAM,GAAE,MAAqC;IASzD,OAAO,CAAC,IAAI;IAoBN,IAAI,CAAC,KAAK,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC;IAwBtC,KAAK,CAAC,OAAO,EAAE,GAAG,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC;CAgCjD;AAED,qBAAa,WAAW;IACtB,OAAO,CAAC,KAAK,CAAa;gBAEd,KAAK,CAAC,EAAE,UAAU;IAIxB,GAAG,CAAC,KAAK,EAAE,IAAI,CAAC,UAAU,EAAE,IAAI,GAAG,WAAW,CAAC,GAAG,OAAO,CAAC,MAAM,CAAC;CASxE"}

package/dist/security.js

@@ -263,8 +263,12 @@ export var AuditEventType;
 })(AuditEventType || (AuditEventType = {}));
 export class InMemoryAuditStore {
     events = [];
+    maxSize = 10000;
     async save(event) {
         this.events.push(event);
+        if (this.events.length > this.maxSize) {
+            this.events = this.events.slice(-this.maxSize);
+        }
     }
     async query(filters) {
         return this.events.filter(e => {