@marktoflow/core 2.0.1 → 2.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (36) hide show
  1. package/dist/engine.js +4 -4
  2. package/dist/engine.js.map +1 -1
  3. package/dist/file-operations.d.ts.map +1 -1
  4. package/dist/file-operations.js +34 -15
  5. package/dist/file-operations.js.map +1 -1
  6. package/dist/routing.js +2 -2
  7. package/dist/routing.js.map +1 -1
  8. package/dist/secrets/index.d.ts +12 -0
  9. package/dist/secrets/index.d.ts.map +1 -0
  10. package/dist/secrets/index.js +11 -0
  11. package/dist/secrets/index.js.map +1 -0
  12. package/dist/secrets/providers/aws.d.ts +32 -0
  13. package/dist/secrets/providers/aws.d.ts.map +1 -0
  14. package/dist/secrets/providers/aws.js +118 -0
  15. package/dist/secrets/providers/aws.js.map +1 -0
  16. package/dist/secrets/providers/azure.d.ts +40 -0
  17. package/dist/secrets/providers/azure.d.ts.map +1 -0
  18. package/dist/secrets/providers/azure.js +170 -0
  19. package/dist/secrets/providers/azure.js.map +1 -0
  20. package/dist/secrets/providers/env.d.ts +26 -0
  21. package/dist/secrets/providers/env.d.ts.map +1 -0
  22. package/dist/secrets/providers/env.js +59 -0
  23. package/dist/secrets/providers/env.js.map +1 -0
  24. package/dist/secrets/providers/vault.d.ts +39 -0
  25. package/dist/secrets/providers/vault.d.ts.map +1 -0
  26. package/dist/secrets/providers/vault.js +180 -0
  27. package/dist/secrets/providers/vault.js.map +1 -0
  28. package/dist/secrets/secret-manager.d.ts +72 -0
  29. package/dist/secrets/secret-manager.d.ts.map +1 -0
  30. package/dist/secrets/secret-manager.js +226 -0
  31. package/dist/secrets/secret-manager.js.map +1 -0
  32. package/dist/secrets/types.d.ts +105 -0
  33. package/dist/secrets/types.d.ts.map +1 -0
  34. package/dist/secrets/types.js +8 -0
  35. package/dist/secrets/types.js.map +1 -0
  36. package/package.json +3 -3
package/dist/secrets/providers/aws.d.ts ADDED
@@ -0,0 +1,32 @@
1
+ /**
2
+ * AWS Secrets Manager Provider
3
+ *
4
+ * Supports IAM authentication and explicit credentials.
5
+ */
6
+ import type { SecretProvider, Secret, AWSSecretsManagerConfig } from '../types.js';
7
+ export declare class AWSSecretsManagerProvider implements SecretProvider {
8
+ private config;
9
+ private initialized;
10
+ constructor(config: AWSSecretsManagerConfig);
11
+ initialize(): Promise<void>;
12
+ /**
13
+ * Get a secret from AWS Secrets Manager
14
+ */
15
+ getSecret(secretName: string): Promise<Secret>;
16
+ /**
17
+ * Check if a secret exists
18
+ */
19
+ exists(secretName: string): Promise<boolean>;
20
+ /**
21
+ * List secrets (returns secret ARNs)
22
+ */
23
+ listSecrets(): Promise<string[]>;
24
+ /**
25
+ * Call AWS Secrets Manager API
26
+ *
27
+ * This is a simplified implementation. In production, use @aws-sdk/client-secrets-manager
28
+ */
29
+ private callAWSAPI;
30
+ destroy(): Promise<void>;
31
+ }
32
+ //# sourceMappingURL=aws.d.ts.map
package/dist/secrets/providers/aws.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"aws.d.ts","sourceRoot":"","sources":["../../../src/secrets/providers/aws.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,EAAE,uBAAuB,EAAE,MAAM,aAAa,CAAC;AAEnF,qBAAa,yBAA0B,YAAW,cAAc;IAC9D,OAAO,CAAC,MAAM,CAAoC;IAClD,OAAO,CAAC,WAAW,CAAS;gBAEhB,MAAM,EAAE,uBAAuB;IAUrC,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAejC;;OAEG;IACG,SAAS,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAuCpD;;OAEG;IACG,MAAM,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAYlD;;OAEG;IACG,WAAW,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;IActC;;;;OAIG;YACW,UAAU;IAelB,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;CAG/B"}
package/dist/secrets/providers/aws.js ADDED
@@ -0,0 +1,118 @@
1
+ /**
2
+ * AWS Secrets Manager Provider
3
+ *
4
+ * Supports IAM authentication and explicit credentials.
5
+ */
6
+ export class AWSSecretsManagerProvider {
7
+ config;
8
+ initialized = false;
9
+ constructor(config) {
10
+ this.config = {
11
+ region: config.region ?? process.env.AWS_REGION ?? 'us-east-1',
12
+ accessKeyId: config.accessKeyId ?? process.env.AWS_ACCESS_KEY_ID ?? '',
13
+ secretAccessKey: config.secretAccessKey ?? process.env.AWS_SECRET_ACCESS_KEY ?? '',
14
+ sessionToken: config.sessionToken ?? process.env.AWS_SESSION_TOKEN ?? '',
15
+ useIAMRole: config.useIAMRole ?? false,
16
+ };
17
+ }
18
+ async initialize() {
19
+ if (this.initialized)
20
+ return;
21
+ // If using IAM role, credentials will be fetched automatically by AWS SDK
22
+ if (!this.config.useIAMRole) {
23
+ if (!this.config.accessKeyId || !this.config.secretAccessKey) {
24
+ throw new Error('AWS Secrets Manager requires accessKeyId and secretAccessKey, or useIAMRole must be true');
25
+ }
26
+ }
27
+ this.initialized = true;
28
+ }
29
+ /**
30
+ * Get a secret from AWS Secrets Manager
31
+ */
32
+ async getSecret(secretName) {
33
+ if (!this.initialized) {
34
+ await this.initialize();
35
+ }
36
+ try {
37
+ // Use AWS SDK v3 style API call via fetch
38
+ const result = await this.callAWSAPI('GetSecretValue', { SecretId: secretName });
39
+ const secretString = String(result.SecretString || '');
40
+ let value;
41
+ // Try to parse as JSON
42
+ try {
43
+ value = JSON.parse(secretString);
44
+ }
45
+ catch {
46
+ value = secretString;
47
+ }
48
+ const metadata = {};
49
+ if (result.VersionId) {
50
+ metadata.version = String(result.VersionId);
51
+ }
52
+ if (result.CreatedDate && typeof result.CreatedDate === 'string') {
53
+ metadata.createdAt = new Date(result.CreatedDate);
54
+ }
55
+ return {
56
+ value,
57
+ metadata,
58
+ };
59
+ }
60
+ catch (error) {
61
+ if (error instanceof Error && error.message.includes('ResourceNotFoundException')) {
62
+ throw new Error(`Secret not found: ${secretName}`);
63
+ }
64
+ throw error;
65
+ }
66
+ }
67
+ /**
68
+ * Check if a secret exists
69
+ */
70
+ async exists(secretName) {
71
+ try {
72
+ await this.callAWSAPI('DescribeSecret', { SecretId: secretName });
73
+ return true;
74
+ }
75
+ catch (error) {
76
+ if (error instanceof Error && error.message.includes('ResourceNotFoundException')) {
77
+ return false;
78
+ }
79
+ throw error;
80
+ }
81
+ }
82
+ /**
83
+ * List secrets (returns secret ARNs)
84
+ */
85
+ async listSecrets() {
86
+ if (!this.initialized) {
87
+ await this.initialize();
88
+ }
89
+ try {
90
+ const result = await this.callAWSAPI('ListSecrets', {});
91
+ const secretList = result.SecretList;
92
+ return secretList?.map((s) => s.Name) || [];
93
+ }
94
+ catch (error) {
95
+ throw new Error(`Failed to list secrets: ${error instanceof Error ? error.message : 'Unknown error'}`);
96
+ }
97
+ }
98
+ /**
99
+ * Call AWS Secrets Manager API
100
+ *
101
+ * This is a simplified implementation. In production, use @aws-sdk/client-secrets-manager
102
+ */
103
+ async callAWSAPI(_action, _params) {
104
+ // This is a placeholder - real implementation would use AWS SDK
105
+ // For now, throw an error indicating AWS SDK is needed
106
+ throw new Error(`AWS Secrets Manager integration requires @aws-sdk/client-secrets-manager package. ` +
107
+ `Install it with: npm install @aws-sdk/client-secrets-manager`);
108
+ // Production implementation would use:
109
+ // import { SecretsManagerClient, GetSecretValueCommand } from '@aws-sdk/client-secrets-manager';
110
+ // const client = new SecretsManagerClient({ region: this.config.region, credentials: this.credentials });
111
+ // const command = new GetSecretValueCommand({ SecretId: secretName });
112
+ // const response = await client.send(command);
113
+ }
114
+ async destroy() {
115
+ this.initialized = false;
116
+ }
117
+ }
118
+ //# sourceMappingURL=aws.js.map
package/dist/secrets/providers/aws.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"aws.js","sourceRoot":"","sources":["../../../src/secrets/providers/aws.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,MAAM,OAAO,yBAAyB;IAC5B,MAAM,CAAoC;IAC1C,WAAW,GAAG,KAAK,CAAC;IAE5B,YAAY,MAA+B;QACzC,IAAI,CAAC,MAAM,GAAG;YACZ,MAAM,EAAE,MAAM,CAAC,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,WAAW;YAC9D,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,EAAE;YACtE,eAAe,EAAE,MAAM,CAAC,eAAe,IAAI,OAAO,CAAC,GAAG,CAAC,qBAAqB,IAAI,EAAE;YAClF,YAAY,EAAE,MAAM,CAAC,YAAY,IAAI,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,EAAE;YACxE,UAAU,EAAE,MAAM,CAAC,UAAU,IAAI,KAAK;SACvC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,UAAU;QACd,IAAI,IAAI,CAAC,WAAW;YAAE,OAAO;QAE7B,0EAA0E;QAC1E,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;YAC5B,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,eAAe,EAAE,CAAC;gBAC7D,MAAM,IAAI,KAAK,CACb,0FAA0F,CAC3F,CAAC;YACJ,CAAC;QACH,CAAC;QAED,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;IAC1B,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,SAAS,CAAC,UAAkB;QAChC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;QAC1B,CAAC;QAED,IAAI,CAAC;YACH,0CAA0C;YAC1C,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,gBAAgB,EAAE,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC,CAAC;YAEjF,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC,YAAY,IAAI,EAAE,CAAC,CAAC;YACvD,IAAI,KAAuC,CAAC;YAE5C,uBAAuB;YACvB,IAAI,CAAC;gBACH,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;YACnC,CAAC;YAAC,MAAM,CAAC;gBACP,KAAK,GAAG,YAAY,CAAC;YACvB,CAAC;YAED,MAAM,QAAQ,GAA2C,EAAE,CAAC;YAC5D,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;gBACrB,QAAQ,CAAC,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YAC9C,CAAC;YACD,IAAI,MAAM,CAAC,WAAW,IAAI,OAAO,MAAM,CAAC,WAAW,KAAK,QAAQ,EAAE,CAAC;gBACjE,QAAQ,CAAC,SAAS,GAAG,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;YACpD,CAAC;YAED,OAAO;gBACL,KAAK;gBACL,QAAQ;aACT,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,KAAK,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,2BAA2B,CAAC,EAAE,CAAC;gBAClF,MAAM,IAAI,KAAK,CAAC,qBAAqB,UAAU,EAAE,CAAC,CAAC;YACrD,CAAC;YACD,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,MAAM,CAAC,UAAkB;QAC7B,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,UAAU,CAAC,gBAAgB,EAAE,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC,CAAC;YAClE,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,KAAK,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,2BAA2B,CAAC,EAAE,CAAC;gBAClF,OAAO,KAAK,CAAC;YACf,CAAC;YACD,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW;QACf,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;QAC1B,CAAC;QAED,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;YACxD,MAAM,UAAU,GAAG,MAAM,CAAC,UAAiD,CAAC;YAC5E,OAAO,UAAU,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAC9C,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CAAC,2BAA2B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CAAC,CAAC;QACzG,CAAC;IACH,CAAC;IAED;;;;OAIG;IACK,KAAK,CAAC,UAAU,CAAC,OAAe,EAAE,OAAgC;QACxE,gEAAgE;QAChE,uDAAuD;QACvD,MAAM,IAAI,KAAK,CACb,oFAAoF;YAClF,8DAA8D,CACjE,CAAC;QAEF,uCAAuC;QACvC,iGAAiG;QACjG,0GAA0G;QAC1G,uEAAuE;QACvE,+CAA+C;IACjD,CAAC;IAED,KAAK,CAAC,OAAO;QACX,IAAI,CAAC,WAAW,GAAG,KAAK,CAAC;IAC3B,CAAC;CACF"}
package/dist/secrets/providers/azure.d.ts ADDED
@@ -0,0 +1,40 @@
1
+ /**
2
+ * Azure Key Vault Secret Provider
3
+ *
4
+ * Supports service principal and managed identity authentication.
5
+ */
6
+ import type { SecretProvider, Secret, AzureKeyVaultConfig } from '../types.js';
7
+ export declare class AzureKeyVaultProvider implements SecretProvider {
8
+ private config;
9
+ private accessToken?;
10
+ private tokenExpiresAt?;
11
+ private initialized;
12
+ constructor(config: AzureKeyVaultConfig);
13
+ initialize(): Promise<void>;
14
+ /**
15
+ * Get or refresh access token
16
+ */
17
+ private refreshAccessToken;
18
+ /**
19
+ * Authenticate using service principal
20
+ */
21
+ private authenticateWithServicePrincipal;
22
+ /**
23
+ * Authenticate using managed identity
24
+ */
25
+ private authenticateWithManagedIdentity;
26
+ /**
27
+ * Get a secret from Azure Key Vault
28
+ */
29
+ getSecret(secretName: string): Promise<Secret>;
30
+ /**
31
+ * Check if a secret exists
32
+ */
33
+ exists(secretName: string): Promise<boolean>;
34
+ /**
35
+ * List secrets
36
+ */
37
+ listSecrets(): Promise<string[]>;
38
+ destroy(): Promise<void>;
39
+ }
40
+ //# sourceMappingURL=azure.d.ts.map
package/dist/secrets/providers/azure.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"azure.d.ts","sourceRoot":"","sources":["../../../src/secrets/providers/azure.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAE/E,qBAAa,qBAAsB,YAAW,cAAc;IAC1D,OAAO,CAAC,MAAM,CAAgC;IAC9C,OAAO,CAAC,WAAW,CAAC,CAAS;IAC7B,OAAO,CAAC,cAAc,CAAC,CAAO;IAC9B,OAAO,CAAC,WAAW,CAAS;gBAEhB,MAAM,EAAE,mBAAmB;IAUjC,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAkBjC;;OAEG;YACW,kBAAkB;IAahC;;OAEG;YACW,gCAAgC;IA0B9C;;OAEG;YACW,+BAA+B;IAc7C;;OAEG;IACG,SAAS,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAqDpD;;OAEG;IACG,MAAM,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAYlD;;OAEG;IACG,WAAW,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;IA2BhC,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;CAI/B"}
package/dist/secrets/providers/azure.js ADDED
@@ -0,0 +1,170 @@
1
+ /**
2
+ * Azure Key Vault Secret Provider
3
+ *
4
+ * Supports service principal and managed identity authentication.
5
+ */
6
+ export class AzureKeyVaultProvider {
7
+ config;
8
+ accessToken;
9
+ tokenExpiresAt;
10
+ initialized = false;
11
+ constructor(config) {
12
+ this.config = {
13
+ vaultUrl: config.vaultUrl,
14
+ tenantId: config.tenantId ?? '',
15
+ clientId: config.clientId ?? '',
16
+ clientSecret: config.clientSecret ?? '',
17
+ useManagedIdentity: config.useManagedIdentity ?? false,
18
+ };
19
+ }
20
+ async initialize() {
21
+ if (this.initialized)
22
+ return;
23
+ // Validate configuration
24
+ if (!this.config.useManagedIdentity) {
25
+ if (!this.config.tenantId || !this.config.clientId || !this.config.clientSecret) {
26
+ throw new Error('Azure Key Vault requires tenantId, clientId, and clientSecret, or useManagedIdentity must be true');
27
+ }
28
+ }
29
+ // Get initial access token
30
+ await this.refreshAccessToken();
31
+ this.initialized = true;
32
+ }
33
+ /**
34
+ * Get or refresh access token
35
+ */
36
+ async refreshAccessToken() {
37
+ // Check if token is still valid (with 5 min buffer)
38
+ if (this.accessToken && this.tokenExpiresAt && this.tokenExpiresAt > new Date(Date.now() + 300000)) {
39
+ return;
40
+ }
41
+ if (this.config.useManagedIdentity) {
42
+ await this.authenticateWithManagedIdentity();
43
+ }
44
+ else {
45
+ await this.authenticateWithServicePrincipal();
46
+ }
47
+ }
48
+ /**
49
+ * Authenticate using service principal
50
+ */
51
+ async authenticateWithServicePrincipal() {
52
+ const url = `https://login.microsoftonline.com/${this.config.tenantId}/oauth2/v2.0/token`;
53
+ const response = await fetch(url, {
54
+ method: 'POST',
55
+ headers: {
56
+ 'Content-Type': 'application/x-www-form-urlencoded',
57
+ },
58
+ body: new URLSearchParams({
59
+ client_id: this.config.clientId,
60
+ client_secret: this.config.clientSecret,
61
+ scope: 'https://vault.azure.net/.default',
62
+ grant_type: 'client_credentials',
63
+ }),
64
+ });
65
+ if (!response.ok) {
66
+ const error = await response.text();
67
+ throw new Error(`Azure authentication failed: ${response.status} ${error}`);
68
+ }
69
+ const data = (await response.json());
70
+ this.accessToken = data.access_token;
71
+ this.tokenExpiresAt = new Date(Date.now() + data.expires_in * 1000);
72
+ }
73
+ /**
74
+ * Authenticate using managed identity
75
+ */
76
+ async authenticateWithManagedIdentity() {
77
+ // This is a placeholder - real implementation would use Azure Instance Metadata Service
78
+ throw new Error('Azure Managed Identity authentication requires @azure/identity package. ' +
79
+ 'Install it with: npm install @azure/identity @azure/keyvault-secrets');
80
+ // Production implementation would use:
81
+ // import { DefaultAzureCredential } from '@azure/identity';
82
+ // import { SecretClient } from '@azure/keyvault-secrets';
83
+ // const credential = new DefaultAzureCredential();
84
+ // const client = new SecretClient(this.config.vaultUrl, credential);
85
+ }
86
+ /**
87
+ * Get a secret from Azure Key Vault
88
+ */
89
+ async getSecret(secretName) {
90
+ if (!this.initialized) {
91
+ await this.initialize();
92
+ }
93
+ await this.refreshAccessToken();
94
+ // Clean secret name (Azure doesn't allow some characters)
95
+ const cleanName = secretName.replace(/[^a-zA-Z0-9-]/g, '-');
96
+ const url = `${this.config.vaultUrl}/secrets/${cleanName}?api-version=7.4`;
97
+ const response = await fetch(url, {
98
+ headers: {
99
+ Authorization: `Bearer ${this.accessToken}`,
100
+ },
101
+ });
102
+ if (!response.ok) {
103
+ if (response.status === 404) {
104
+ throw new Error(`Secret not found: ${secretName}`);
105
+ }
106
+ const error = await response.text();
107
+ throw new Error(`Failed to fetch secret from Azure Key Vault: ${response.status} ${error}`);
108
+ }
109
+ const data = (await response.json());
110
+ // Try to parse as JSON
111
+ let value;
112
+ try {
113
+ value = JSON.parse(data.value);
114
+ }
115
+ catch {
116
+ value = data.value;
117
+ }
118
+ return {
119
+ value,
120
+ metadata: {
121
+ createdAt: new Date(data.attributes.created * 1000),
122
+ updatedAt: new Date(data.attributes.updated * 1000),
123
+ },
124
+ };
125
+ }
126
+ /**
127
+ * Check if a secret exists
128
+ */
129
+ async exists(secretName) {
130
+ try {
131
+ await this.getSecret(secretName);
132
+ return true;
133
+ }
134
+ catch (error) {
135
+ if (error instanceof Error && error.message.includes('not found')) {
136
+ return false;
137
+ }
138
+ throw error;
139
+ }
140
+ }
141
+ /**
142
+ * List secrets
143
+ */
144
+ async listSecrets() {
145
+ if (!this.initialized) {
146
+ await this.initialize();
147
+ }
148
+ await this.refreshAccessToken();
149
+ const url = `${this.config.vaultUrl}/secrets?api-version=7.4`;
150
+ const response = await fetch(url, {
151
+ headers: {
152
+ Authorization: `Bearer ${this.accessToken}`,
153
+ },
154
+ });
155
+ if (!response.ok) {
156
+ const error = await response.text();
157
+ throw new Error(`Failed to list secrets from Azure Key Vault: ${response.status} ${error}`);
158
+ }
159
+ const data = (await response.json());
160
+ return data.value.map((secret) => {
161
+ const parts = secret.id.split('/');
162
+ return parts[parts.length - 1];
163
+ });
164
+ }
165
+ async destroy() {
166
+ this.accessToken = '';
167
+ this.initialized = false;
168
+ }
169
+ }
170
+ //# sourceMappingURL=azure.js.map
package/dist/secrets/providers/azure.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"azure.js","sourceRoot":"","sources":["../../../src/secrets/providers/azure.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,MAAM,OAAO,qBAAqB;IACxB,MAAM,CAAgC;IACtC,WAAW,CAAU;IACrB,cAAc,CAAQ;IACtB,WAAW,GAAG,KAAK,CAAC;IAE5B,YAAY,MAA2B;QACrC,IAAI,CAAC,MAAM,GAAG;YACZ,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,QAAQ,EAAE,MAAM,CAAC,QAAQ,IAAI,EAAE;YAC/B,QAAQ,EAAE,MAAM,CAAC,QAAQ,IAAI,EAAE;YAC/B,YAAY,EAAE,MAAM,CAAC,YAAY,IAAI,EAAE;YACvC,kBAAkB,EAAE,MAAM,CAAC,kBAAkB,IAAI,KAAK;SACvD,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,UAAU;QACd,IAAI,IAAI,CAAC,WAAW;YAAE,OAAO;QAE7B,yBAAyB;QACzB,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,kBAAkB,EAAE,CAAC;YACpC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;gBAChF,MAAM,IAAI,KAAK,CACb,mGAAmG,CACpG,CAAC;YACJ,CAAC;QACH,CAAC;QAED,2BAA2B;QAC3B,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAEhC,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;IAC1B,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,kBAAkB;QAC9B,oDAAoD;QACpD,IAAI,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,cAAc,IAAI,IAAI,CAAC,cAAc,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,EAAE,CAAC;YACnG,OAAO;QACT,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,CAAC,kBAAkB,EAAE,CAAC;YACnC,MAAM,IAAI,CAAC,+BAA+B,EAAE,CAAC;QAC/C,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,CAAC,gCAAgC,EAAE,CAAC;QAChD,CAAC;IACH,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,gCAAgC;QAC5C,MAAM,GAAG,GAAG,qCAAqC,IAAI,CAAC,MAAM,CAAC,QAAQ,oBAAoB,CAAC;QAE1F,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAChC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,mCAAmC;aACpD;YACD,IAAI,EAAE,IAAI,eAAe,CAAC;gBACxB,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,QAAS;gBAChC,aAAa,EAAE,IAAI,CAAC,MAAM,CAAC,YAAa;gBACxC,KAAK,EAAE,kCAAkC;gBACzC,UAAU,EAAE,oBAAoB;aACjC,CAAC;SACH,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACpC,MAAM,IAAI,KAAK,CAAC,gCAAgC,QAAQ,CAAC,MAAM,IAAI,KAAK,EAAE,CAAC,CAAC;QAC9E,CAAC;QAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAiD,CAAC;QACrF,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,YAAY,CAAC;QACrC,IAAI,CAAC,cAAc,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC;IACtE,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,+BAA+B;QAC3C,wFAAwF;QACxF,MAAM,IAAI,KAAK,CACb,0EAA0E;YACxE,sEAAsE,CACzE,CAAC;QAEF,uCAAuC;QACvC,4DAA4D;QAC5D,0DAA0D;QAC1D,mDAAmD;QACnD,qEAAqE;IACvE,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,SAAS,CAAC,UAAkB;QAChC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;QAC1B,CAAC;QAED,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAEhC,0DAA0D;QAC1D,MAAM,SAAS,GAAG,UAAU,CAAC,OAAO,CAAC,gBAAgB,EAAE,GAAG,CAAC,CAAC;QAE5D,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,YAAY,SAAS,kBAAkB,CAAC;QAE3E,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAChC,OAAO,EAAE;gBACP,aAAa,EAAE,UAAU,IAAI,CAAC,WAAW,EAAE;aAC5C;SACF,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBAC5B,MAAM,IAAI,KAAK,CAAC,qBAAqB,UAAU,EAAE,CAAC,CAAC;YACrD,CAAC;YACD,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACpC,MAAM,IAAI,KAAK,CAAC,gDAAgD,QAAQ,CAAC,MAAM,IAAI,KAAK,EAAE,CAAC,CAAC;QAC9F,CAAC;QAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAQlC,CAAC;QAEF,uBAAuB;QACvB,IAAI,KAAuC,CAAC;QAC5C,IAAI,CAAC;YACH,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACjC,CAAC;QAAC,MAAM,CAAC;YACP,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;QACrB,CAAC;QAED,OAAO;YACL,KAAK;YACL,QAAQ,EAAE;gBACR,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,GAAG,IAAI,CAAC;gBACnD,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,GAAG,IAAI,CAAC;aACpD;SACF,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,MAAM,CAAC,UAAkB;QAC7B,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;YACjC,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,KAAK,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;gBAClE,OAAO,KAAK,CAAC;YACf,CAAC;YACD,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW;QACf,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;QAC1B,CAAC;QAED,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAEhC,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,0BAA0B,CAAC;QAE9D,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAChC,OAAO,EAAE;gBACP,aAAa,EAAE,UAAU,IAAI,CAAC,WAAW,EAAE;aAC5C;SACF,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACpC,MAAM,IAAI,KAAK,CAAC,gDAAgD,QAAQ,CAAC,MAAM,IAAI,KAAK,EAAE,CAAC,CAAC;QAC9F,CAAC;QAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAqC,CAAC;QACzE,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE;YAC/B,MAAM,KAAK,GAAG,MAAM,CAAC,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACnC,OAAO,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QACjC,CAAC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,OAAO;QACX,IAAI,CAAC,WAAW,GAAG,EAAE,CAAC;QACtB,IAAI,CAAC,WAAW,GAAG,KAAK,CAAC;IAC3B,CAAC;CACF"}
package/dist/secrets/providers/env.d.ts ADDED
@@ -0,0 +1,26 @@
1
+ /**
2
+ * Environment Variable Provider
3
+ *
4
+ * Simple provider that reads secrets from environment variables.
5
+ * Useful for local development and simple deployments.
6
+ */
7
+ import type { SecretProvider, Secret } from '../types.js';
8
+ export declare class EnvProvider implements SecretProvider {
9
+ private prefix;
10
+ constructor(prefix?: string);
11
+ initialize(): Promise<void>;
12
+ /**
13
+ * Get a secret from environment variables
14
+ * Path format: VAR_NAME or prefix_VAR_NAME if prefix is set
15
+ */
16
+ getSecret(path: string): Promise<Secret>;
17
+ /**
18
+ * Check if an environment variable exists
19
+ */
20
+ exists(path: string): Promise<boolean>;
21
+ /**
22
+ * List all environment variables with the prefix
23
+ */
24
+ listSecrets(): Promise<string[]>;
25
+ }
26
+ //# sourceMappingURL=env.d.ts.map
package/dist/secrets/providers/env.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"env.d.ts","sourceRoot":"","sources":["../../../src/secrets/providers/env.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAE1D,qBAAa,WAAY,YAAW,cAAc;IAChD,OAAO,CAAC,MAAM,CAAS;gBAEX,MAAM,GAAE,MAAW;IAIzB,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAIjC;;;OAGG;IACG,SAAS,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAqB9C;;OAEG;IACG,MAAM,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAK5C;;OAEG;IACG,WAAW,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;CAYvC"}
package/dist/secrets/providers/env.js ADDED
@@ -0,0 +1,59 @@
1
+ /**
2
+ * Environment Variable Provider
3
+ *
4
+ * Simple provider that reads secrets from environment variables.
5
+ * Useful for local development and simple deployments.
6
+ */
7
+ export class EnvProvider {
8
+ prefix;
9
+ constructor(prefix = '') {
10
+ this.prefix = prefix;
11
+ }
12
+ async initialize() {
13
+ // No initialization needed
14
+ }
15
+ /**
16
+ * Get a secret from environment variables
17
+ * Path format: VAR_NAME or prefix_VAR_NAME if prefix is set
18
+ */
19
+ async getSecret(path) {
20
+ const envVar = this.prefix ? `${this.prefix}_${path}` : path;
21
+ const value = process.env[envVar];
22
+ if (value === undefined) {
23
+ throw new Error(`Environment variable not found: ${envVar}`);
24
+ }
25
+ // Try to parse as JSON
26
+ let parsedValue = value;
27
+ try {
28
+ parsedValue = JSON.parse(value);
29
+ }
30
+ catch {
31
+ // Not JSON, use as string
32
+ }
33
+ return {
34
+ value: parsedValue,
35
+ };
36
+ }
37
+ /**
38
+ * Check if an environment variable exists
39
+ */
40
+ async exists(path) {
41
+ const envVar = this.prefix ? `${this.prefix}_${path}` : path;
42
+ return process.env[envVar] !== undefined;
43
+ }
44
+ /**
45
+ * List all environment variables with the prefix
46
+ */
47
+ async listSecrets() {
48
+ if (!this.prefix) {
49
+ // Return all env vars if no prefix
50
+ return Object.keys(process.env);
51
+ }
52
+ // Return only vars with the prefix
53
+ const prefixWithUnderscore = `${this.prefix}_`;
54
+ return Object.keys(process.env)
55
+ .filter((key) => key.startsWith(prefixWithUnderscore))
56
+ .map((key) => key.slice(prefixWithUnderscore.length));
57
+ }
58
+ }
59
+ //# sourceMappingURL=env.js.map
package/dist/secrets/providers/env.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"env.js","sourceRoot":"","sources":["../../../src/secrets/providers/env.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,MAAM,OAAO,WAAW;IACd,MAAM,CAAS;IAEvB,YAAY,SAAiB,EAAE;QAC7B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,KAAK,CAAC,UAAU;QACd,2BAA2B;IAC7B,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,SAAS,CAAC,IAAY;QAC1B,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,MAAM,IAAI,IAAI,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;QAC7D,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAElC,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CAAC,mCAAmC,MAAM,EAAE,CAAC,CAAC;QAC/D,CAAC;QAED,uBAAuB;QACvB,IAAI,WAAW,GAAqC,KAAK,CAAC;QAC1D,IAAI,CAAC;YACH,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAClC,CAAC;QAAC,MAAM,CAAC;YACP,0BAA0B;QAC5B,CAAC;QAED,OAAO;YACL,KAAK,EAAE,WAAW;SACnB,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,MAAM,CAAC,IAAY;QACvB,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,MAAM,IAAI,IAAI,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;QAC7D,OAAO,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,SAAS,CAAC;IAC3C,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW;QACf,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACjB,mCAAmC;YACnC,OAAO,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAClC,CAAC;QAED,mCAAmC;QACnC,MAAM,oBAAoB,GAAG,GAAG,IAAI,CAAC,MAAM,GAAG,CAAC;QAC/C,OAAO,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC;aAC5B,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,UAAU,CAAC,oBAAoB,CAAC,CAAC;aACrD,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC,CAAC;IAC1D,CAAC;CACF"}
package/dist/secrets/providers/vault.d.ts ADDED
@@ -0,0 +1,39 @@
1
+ /**
2
+ * HashiCorp Vault Secret Provider
3
+ *
4
+ * Supports KV v1 and v2 engines with token and AppRole authentication.
5
+ */
6
+ import type { SecretProvider, Secret, VaultConfig } from '../types.js';
7
+ export declare class VaultProvider implements SecretProvider {
8
+ private config;
9
+ private token?;
10
+ private initialized;
11
+ constructor(config: VaultConfig);
12
+ initialize(): Promise<void>;
13
+ /**
14
+ * Authenticate using AppRole
15
+ */
16
+ private authenticateAppRole;
17
+ /**
18
+ * Get a secret from Vault
19
+ */
20
+ getSecret(path: string): Promise<Secret>;
21
+ /**
22
+ * Check if a secret exists
23
+ */
24
+ exists(path: string): Promise<boolean>;
25
+ /**
26
+ * List secrets at a path
27
+ */
28
+ listSecrets(path: string): Promise<string[]>;
29
+ /**
30
+ * Build URL for secret access
31
+ */
32
+ private buildSecretUrl;
33
+ /**
34
+ * Build URL for listing secrets
35
+ */
36
+ private buildListUrl;
37
+ destroy(): Promise<void>;
38
+ }
39
+ //# sourceMappingURL=vault.d.ts.map
package/dist/secrets/providers/vault.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"vault.d.ts","sourceRoot":"","sources":["../../../src/secrets/providers/vault.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAEvE,qBAAa,aAAc,YAAW,cAAc;IAClD,OAAO,CAAC,MAAM,CAAwB;IACtC,OAAO,CAAC,KAAK,CAAC,CAAS;IACvB,OAAO,CAAC,WAAW,CAAS;gBAEhB,MAAM,EAAE,WAAW;IAYzB,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAejC;;OAEG;YACW,mBAAmB;IA4BjC;;OAEG;IACG,SAAS,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAkD9C;;OAEG;IACG,MAAM,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAS5C;;OAEG;IACG,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IA+BlD;;OAEG;IACH,OAAO,CAAC,cAAc;IAYtB;;OAEG;IACH,OAAO,CAAC,YAAY;IAYd,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;CAI/B"}