npm - @nexus_js/security - Versions diffs - 0.9.1 → 0.9.3 - Mend

@nexus_js/security 0.9.1 → 0.9.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

package/dist/index.d.ts +1 -0
package/dist/index.d.ts.map +1 -1
package/dist/index.js +1 -0
package/dist/index.js.map +1 -1
package/dist/vault-import.d.ts +111 -0
package/dist/vault-import.d.ts.map +1 -0
package/dist/vault-import.js +180 -0
package/dist/vault-import.js.map +1 -0
package/dist/vault.d.ts +5 -0
package/dist/vault.d.ts.map +1 -1
package/dist/vault.js +8 -0
package/dist/vault.js.map +1 -1
package/package.json +8 -8
package/LICENSE +0 -21

package/dist/index.d.ts CHANGED Viewed

@@ -1,3 +1,4 @@
 export { NexusVault, nexusVault, getVaultSecretsMap, type VaultListener, } from './vault.js';
 export { SHIELD_MANIFEST_FILENAME, type ShieldManifestV1, parseShieldManifest, loadShieldManifestFromRoot, extractActionNamesFromActionsSource, collectActionNamesFromOutputDir, } from './shield.js';
+export { importToVault, autoImportEnv, type VaultImportOptions, } from './vault-import.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,UAAU,EACV,UAAU,EACV,kBAAkB,EAClB,KAAK,aAAa,GACnB,MAAM,YAAY,CAAC;AACpB,OAAO,EACL,wBAAwB,EACxB,KAAK,gBAAgB,EACrB,mBAAmB,EACnB,0BAA0B,EAC1B,mCAAmC,EACnC,+BAA+B,GAChC,MAAM,aAAa,CAAC"}
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,UAAU,EACV,UAAU,EACV,kBAAkB,EAClB,KAAK,aAAa,GACnB,MAAM,YAAY,CAAC;AACpB,OAAO,EACL,wBAAwB,EACxB,KAAK,gBAAgB,EACrB,mBAAmB,EACnB,0BAA0B,EAC1B,mCAAmC,EACnC,+BAA+B,GAChC,MAAM,aAAa,CAAC;AACrB,OAAO,EACL,aAAa,EACb,aAAa,EACb,KAAK,kBAAkB,GACxB,MAAM,mBAAmB,CAAC"}

package/dist/index.js CHANGED Viewed

@@ -1,3 +1,4 @@
 export { NexusVault, nexusVault, getVaultSecretsMap, } from './vault.js';
 export { SHIELD_MANIFEST_FILENAME, parseShieldManifest, loadShieldManifestFromRoot, extractActionNamesFromActionsSource, collectActionNamesFromOutputDir, } from './shield.js';
+export { importToVault, autoImportEnv, } from './vault-import.js';
 //# sourceMappingURL=index.js.map

package/dist/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,UAAU,EACV,UAAU,EACV,kBAAkB,GAEnB,MAAM,YAAY,CAAC;AACpB,OAAO,EACL,wBAAwB,EAExB,mBAAmB,EACnB,0BAA0B,EAC1B,mCAAmC,EACnC,+BAA+B,GAChC,MAAM,aAAa,CAAC"}
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,UAAU,EACV,UAAU,EACV,kBAAkB,GAEnB,MAAM,YAAY,CAAC;AACpB,OAAO,EACL,wBAAwB,EAExB,mBAAmB,EACnB,0BAA0B,EAC1B,mCAAmC,EACnC,+BAA+B,GAChC,MAAM,aAAa,CAAC;AACrB,OAAO,EACL,aAAa,EACb,aAAa,GAEd,MAAM,mBAAmB,CAAC"}

package/dist/vault-import.d.ts ADDED Viewed

@@ -0,0 +1,111 @@
+/**
+ * @nexus_js/security - Vault Import Utility
+ *
+ * Import secrets from .env files, JSON config, or external vaults (AWS Secrets Manager, etc.)
+ * into the Nexus Vault for unified secret management.
+ */
+export interface VaultImportOptions {
+    /**
+     * Source type: .env file, JSON config, or raw key-value object.
+     */
+    source: 'env-file' | 'json-file' | 'object' | 'aws-secrets' | 'gcp-secrets';
+    /**
+     * Path to the source file (for env-file or json-file).
+     */
+    filePath?: string;
+    /**
+     * Raw key-value object to import (for 'object' source).
+     */
+    secrets?: Record<string, string>;
+    /**
+     * Filter: only import keys matching this regex.
+     * @example /^DB_|^API_KEY/ imports DB_* and API_KEY*
+     */
+    filter?: RegExp;
+    /**
+     * Prefix to add to all imported keys.
+     * @example prefix: 'LEGACY_' imports DATABASE_URL as LEGACY_DATABASE_URL
+     */
+    prefix?: string;
+    /**
+     * Whether to overwrite existing keys in the Vault.
+     * @default false
+     */
+    overwrite?: boolean;
+    /**
+     * AWS Secrets Manager config (for aws-secrets source).
+     */
+    aws?: {
+        region: string;
+        secretName: string;
+    };
+    /**
+     * GCP Secret Manager config (for gcp-secrets source).
+     */
+    gcp?: {
+        projectId: string;
+        secretName: string;
+    };
+}
+/**
+ * Import secrets from various sources into the Nexus Vault.
+ *
+ * This is critical for legacy migration:
+ * - Read the old .env file
+ * - Import all secrets into the Vault
+ * - Enable hot-reload rotation for sensitive keys
+ * - The old backend can now be decommissioned
+ *
+ * @example
+ * ```ts
+ * // Import from .env file
+ * await importToVault({
+ *   source: 'env-file',
+ *   filePath: '.env.production',
+ *   filter: /^DB_|^API_KEY/,
+ *   prefix: 'LEGACY_',
+ * });
+ *
+ * // Now accessible via:
+ * nexusVault.get('LEGACY_DB_HOST');
+ * nexusVault.get('LEGACY_API_KEY_STRIPE');
+ *
+ * // Import from AWS Secrets Manager
+ * await importToVault({
+ *   source: 'aws-secrets',
+ *   aws: { region: 'us-east-1', secretName: 'prod/api' },
+ * });
+ * ```
+ */
+export declare function importToVault(opts: VaultImportOptions): Promise<{
+    imported: number;
+    skipped: number;
+    errors: Array<{
+        key: string;
+        error: string;
+    }>;
+}>;
+/**
+ * Auto-import from .env file if it exists in the project root.
+ * Call this in your server startup to seamlessly migrate legacy secrets.
+ *
+ * @example
+ * ```ts
+ * // server.ts
+ * import { autoImportEnv } from '@nexus_js/security';
+ *
+ * await autoImportEnv({ root: process.cwd(), prefix: 'LEGACY_' });
+ *
+ * // Now all .env keys are available with LEGACY_ prefix
+ * ```
+ */
+export declare function autoImportEnv(opts?: {
+    root?: string;
+    prefix?: string;
+    filter?: RegExp;
+    overwrite?: boolean;
+}): Promise<{
+    imported: number;
+    skipped: number;
+}>;
+//# sourceMappingURL=vault-import.d.ts.map

package/dist/vault-import.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"vault-import.d.ts","sourceRoot":"","sources":["../src/vault-import.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAOH,MAAM,WAAW,kBAAkB;IACjC;;OAEG;IACH,MAAM,EAAE,UAAU,GAAG,WAAW,GAAG,QAAQ,GAAG,aAAa,GAAG,aAAa,CAAC;IAE5E;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAEjC;;;OAGG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB;;;OAGG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB;;;OAGG;IACH,SAAS,CAAC,EAAE,OAAO,CAAC;IAEpB;;OAEG;IACH,GAAG,CAAC,EAAE;QACJ,MAAM,EAAE,MAAM,CAAC;QACf,UAAU,EAAE,MAAM,CAAC;KACpB,CAAC;IAEF;;OAEG;IACH,GAAG,CAAC,EAAE;QACJ,SAAS,EAAE,MAAM,CAAC;QAClB,UAAU,EAAE,MAAM,CAAC;KACpB,CAAC;CACH;AAgCD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AACH,wBAAsB,aAAa,CAAC,IAAI,EAAE,kBAAkB,GAAG,OAAO,CAAC;IACrE,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,KAAK,CAAC;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CAC/C,CAAC,CAqFD;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAsB,aAAa,CAAC,IAAI,CAAC,EAAE;IACzC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,OAAO,CAAC;CACrB,GAAG,OAAO,CAAC;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC,CAmBjD"}

package/dist/vault-import.js ADDED Viewed

@@ -0,0 +1,180 @@
+/**
+ * @nexus_js/security - Vault Import Utility
+ *
+ * Import secrets from .env files, JSON config, or external vaults (AWS Secrets Manager, etc.)
+ * into the Nexus Vault for unified secret management.
+ */
+import { nexusVault } from './vault.js';
+import { readFile } from 'node:fs/promises';
+import { existsSync } from 'node:fs';
+import { join } from 'node:path';
+/**
+ * Parse .env file content into key-value pairs.
+ * Supports basic syntax: KEY=value, ignores comments (#), handles quotes.
+ */
+function parseEnvFile(content) {
+    const result = {};
+    const lines = content.split('\n');
+    for (let line of lines) {
+        line = line.trim();
+        if (!line || line.startsWith('#'))
+            continue; // Skip empty or comment lines
+        const match = line.match(/^([A-Z_][A-Z0-9_]*)=(.*)$/i);
+        if (!match)
+            continue;
+        let [, key, value] = match;
+        if (!key || value === undefined)
+            continue;
+        // Remove quotes if present
+        value = value.trim();
+        if ((value.startsWith('"') && value.endsWith('"')) || (value.startsWith("'") && value.endsWith("'"))) {
+            value = value.slice(1, -1);
+        }
+        result[key] = value;
+    }
+    return result;
+}
+/**
+ * Import secrets from various sources into the Nexus Vault.
+ *
+ * This is critical for legacy migration:
+ * - Read the old .env file
+ * - Import all secrets into the Vault
+ * - Enable hot-reload rotation for sensitive keys
+ * - The old backend can now be decommissioned
+ *
+ * @example
+ * ```ts
+ * // Import from .env file
+ * await importToVault({
+ *   source: 'env-file',
+ *   filePath: '.env.production',
+ *   filter: /^DB_|^API_KEY/,
+ *   prefix: 'LEGACY_',
+ * });
+ *
+ * // Now accessible via:
+ * nexusVault.get('LEGACY_DB_HOST');
+ * nexusVault.get('LEGACY_API_KEY_STRIPE');
+ *
+ * // Import from AWS Secrets Manager
+ * await importToVault({
+ *   source: 'aws-secrets',
+ *   aws: { region: 'us-east-1', secretName: 'prod/api' },
+ * });
+ * ```
+ */
+export async function importToVault(opts) {
+    const { source, filePath, secrets: rawSecrets, filter, prefix, overwrite = false } = opts;
+    let secretsToImport = {};
+    // ── Step 1: Load secrets from source ──────────────────────────────────────
+    switch (source) {
+        case 'env-file': {
+            if (!filePath)
+                throw new Error('filePath required for env-file source');
+            if (!existsSync(filePath))
+                throw new Error(`File not found: ${filePath}`);
+            const content = await readFile(filePath, 'utf-8');
+            secretsToImport = parseEnvFile(content);
+            break;
+        }
+        case 'json-file': {
+            if (!filePath)
+                throw new Error('filePath required for json-file source');
+            if (!existsSync(filePath))
+                throw new Error(`File not found: ${filePath}`);
+            const content = await readFile(filePath, 'utf-8');
+            try {
+                secretsToImport = JSON.parse(content);
+            }
+            catch (err) {
+                throw new Error(`Invalid JSON in ${filePath}: ${err}`);
+            }
+            break;
+        }
+        case 'object': {
+            if (!rawSecrets)
+                throw new Error('secrets object required for object source');
+            secretsToImport = rawSecrets;
+            break;
+        }
+        case 'aws-secrets': {
+            if (!opts.aws)
+                throw new Error('aws config required for aws-secrets source');
+            // Placeholder: requires AWS SDK
+            throw new Error('aws-secrets source requires @aws-sdk/client-secrets-manager (not included in @nexus_js/security)');
+        }
+        case 'gcp-secrets': {
+            if (!opts.gcp)
+                throw new Error('gcp config required for gcp-secrets source');
+            // Placeholder: requires GCP SDK
+            throw new Error('gcp-secrets source requires @google-cloud/secret-manager (not included in @nexus_js/security)');
+        }
+        default:
+            throw new Error(`Unknown source type: ${source}`);
+    }
+    // ── Step 2: Filter and prefix keys ────────────────────────────────────────
+    const filteredSecrets = {};
+    for (const [key, value] of Object.entries(secretsToImport)) {
+        if (filter && !filter.test(key))
+            continue;
+        const finalKey = prefix ? `${prefix}${key}` : key;
+        filteredSecrets[finalKey] = value;
+    }
+    // ── Step 3: Import into Vault ─────────────────────────────────────────────
+    let imported = 0;
+    let skipped = 0;
+    const errors = [];
+    for (const [key, value] of Object.entries(filteredSecrets)) {
+        try {
+            const existing = nexusVault.get(key);
+            if (existing && !overwrite) {
+                skipped++;
+                continue;
+            }
+            nexusVault.set(key, value);
+            imported++;
+        }
+        catch (err) {
+            errors.push({
+                key,
+                error: err instanceof Error ? err.message : String(err),
+            });
+        }
+    }
+    return { imported, skipped, errors };
+}
+/**
+ * Auto-import from .env file if it exists in the project root.
+ * Call this in your server startup to seamlessly migrate legacy secrets.
+ *
+ * @example
+ * ```ts
+ * // server.ts
+ * import { autoImportEnv } from '@nexus_js/security';
+ *
+ * await autoImportEnv({ root: process.cwd(), prefix: 'LEGACY_' });
+ *
+ * // Now all .env keys are available with LEGACY_ prefix
+ * ```
+ */
+export async function autoImportEnv(opts) {
+    const root = opts?.root ?? process.cwd();
+    const envPath = join(root, '.env');
+    if (!existsSync(envPath)) {
+        return { imported: 0, skipped: 0 };
+    }
+    const importOpts = {
+        source: 'env-file',
+        filePath: envPath,
+    };
+    if (opts?.prefix !== undefined)
+        importOpts.prefix = opts.prefix;
+    if (opts?.filter !== undefined)
+        importOpts.filter = opts.filter;
+    if (opts?.overwrite !== undefined)
+        importOpts.overwrite = opts.overwrite;
+    const result = await importToVault(importOpts);
+    return { imported: result.imported, skipped: result.skipped };
+}
+//# sourceMappingURL=vault-import.js.map

package/dist/vault-import.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"vault-import.js","sourceRoot":"","sources":["../src/vault-import.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AACxC,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAqDjC;;;GAGG;AACH,SAAS,YAAY,CAAC,OAAe;IACnC,MAAM,MAAM,GAA2B,EAAE,CAAC;IAC1C,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,KAAK,IAAI,IAAI,IAAI,KAAK,EAAE,CAAC;QACvB,IAAI,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QACnB,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,SAAS,CAAC,8BAA8B;QAE3E,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,4BAA4B,CAAC,CAAC;QACvD,IAAI,CAAC,KAAK;YAAE,SAAS;QAErB,IAAI,CAAC,EAAE,GAAG,EAAE,KAAK,CAAC,GAAG,KAAK,CAAC;QAC3B,IAAI,CAAC,GAAG,IAAI,KAAK,KAAK,SAAS;YAAE,SAAS;QAE1C,2BAA2B;QAC3B,KAAK,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;QACrB,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;YACrG,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QAC7B,CAAC;QAED,MAAM,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;IACtB,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,IAAwB;IAK1D,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,GAAG,KAAK,EAAE,GAAG,IAAI,CAAC;IAE1F,IAAI,eAAe,GAA2B,EAAE,CAAC;IAEjD,6EAA6E;IAC7E,QAAQ,MAAM,EAAE,CAAC;QACf,KAAK,UAAU,CAAC,CAAC,CAAC;YAChB,IAAI,CAAC,QAAQ;gBAAE,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;YACxE,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC;gBAAE,MAAM,IAAI,KAAK,CAAC,mBAAmB,QAAQ,EAAE,CAAC,CAAC;YAC1E,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YAClD,eAAe,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC;YACxC,MAAM;QACR,CAAC;QAED,KAAK,WAAW,CAAC,CAAC,CAAC;YACjB,IAAI,CAAC,QAAQ;gBAAE,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;YACzE,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC;gBAAE,MAAM,IAAI,KAAK,CAAC,mBAAmB,QAAQ,EAAE,CAAC,CAAC;YAC1E,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YAClD,IAAI,CAAC;gBACH,eAAe,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAA2B,CAAC;YAClE,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,IAAI,KAAK,CAAC,mBAAmB,QAAQ,KAAK,GAAG,EAAE,CAAC,CAAC;YACzD,CAAC;YACD,MAAM;QACR,CAAC;QAED,KAAK,QAAQ,CAAC,CAAC,CAAC;YACd,IAAI,CAAC,UAAU;gBAAE,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;YAC9E,eAAe,GAAG,UAAU,CAAC;YAC7B,MAAM;QACR,CAAC;QAED,KAAK,aAAa,CAAC,CAAC,CAAC;YACnB,IAAI,CAAC,IAAI,CAAC,GAAG;gBAAE,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;YAC7E,gCAAgC;YAChC,MAAM,IAAI,KAAK,CACb,kGAAkG,CACnG,CAAC;QACJ,CAAC;QAED,KAAK,aAAa,CAAC,CAAC,CAAC;YACnB,IAAI,CAAC,IAAI,CAAC,GAAG;gBAAE,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;YAC7E,gCAAgC;YAChC,MAAM,IAAI,KAAK,CACb,+FAA+F,CAChG,CAAC;QACJ,CAAC;QAED;YACE,MAAM,IAAI,KAAK,CAAC,wBAAwB,MAAM,EAAE,CAAC,CAAC;IACtD,CAAC;IAED,6EAA6E;IAC7E,MAAM,eAAe,GAA2B,EAAE,CAAC;IACnD,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE,CAAC;QAC3D,IAAI,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;YAAE,SAAS;QAC1C,MAAM,QAAQ,GAAG,MAAM,CAAC,CAAC,CAAC,GAAG,MAAM,GAAG,GAAG,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC;QAClD,eAAe,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC;IACpC,CAAC;IAED,6EAA6E;IAC7E,IAAI,QAAQ,GAAG,CAAC,CAAC;IACjB,IAAI,OAAO,GAAG,CAAC,CAAC;IAChB,MAAM,MAAM,GAA0C,EAAE,CAAC;IAEzD,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE,CAAC;QAC3D,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YACrC,IAAI,QAAQ,IAAI,CAAC,SAAS,EAAE,CAAC;gBAC3B,OAAO,EAAE,CAAC;gBACV,SAAS;YACX,CAAC;YAED,UAAU,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;YAC3B,QAAQ,EAAE,CAAC;QACb,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,CAAC,IAAI,CAAC;gBACV,GAAG;gBACH,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;aACxD,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC;AACvC,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,IAKnC;IACC,MAAM,IAAI,GAAG,IAAI,EAAE,IAAI,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;IACzC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IAEnC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QACzB,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;IACrC,CAAC;IAED,MAAM,UAAU,GAAuB;QACrC,MAAM,EAAE,UAAU;QAClB,QAAQ,EAAE,OAAO;KAClB,CAAC;IACF,IAAI,IAAI,EAAE,MAAM,KAAK,SAAS;QAAE,UAAU,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;IAChE,IAAI,IAAI,EAAE,MAAM,KAAK,SAAS;QAAE,UAAU,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;IAChE,IAAI,IAAI,EAAE,SAAS,KAAK,SAAS;QAAE,UAAU,CAAC,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC;IAEzE,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,CAAC;IAE/C,OAAO,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,OAAO,EAAE,CAAC;AAChE,CAAC"}

package/dist/vault.d.ts CHANGED Viewed

@@ -12,6 +12,11 @@ export declare class NexusVault {
     seedFromProcessEnv(): void;
     get(key: string): string | undefined;
     has(key: string): boolean;
+    /**
+     * Set a single key-value pair.
+     * This method is used by the vault-import utility.
+     */
+    set(key: string, value: string): void;
     /**
      * Merge keys. Use empty string to remove a key from the vault (not from `process.env` on disk).
      */

package/dist/vault.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"vault.d.ts","sourceRoot":"","sources":["../src/vault.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC;AAIvC,qBAAa,UAAU;IACrB,OAAO,CAAC,QAAQ,CAAC,KAAK,CAA6B;IAEnD;;;OAGG;IACH,kBAAkB,IAAI,IAAI;IAM1B,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS;IAIpC,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO;IAIzB;;OAEG;IACH,KAAK,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,IAAI;IAQ5C;;;OAGG;IACH,UAAU,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,IAAI;IAUjD,wEAAwE;IACxE,QAAQ,IAAI,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC;IAIvC,SAAS,CAAC,EAAE,EAAE,aAAa,GAAG,MAAM,IAAI;IAOxC,OAAO,CAAC,MAAM;CASf;AAED,+DAA+D;AAC/D,eAAO,MAAM,UAAU,YAAmB,CAAC;AAE3C,wBAAgB,kBAAkB,IAAI,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,CAEhE"}
1	+ {"version":3,"file":"vault.d.ts","sourceRoot":"","sources":["../src/vault.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC;AAIvC,qBAAa,UAAU;IACrB,OAAO,CAAC,QAAQ,CAAC,KAAK,CAA6B;IAEnD;;;OAGG;IACH,kBAAkB,IAAI,IAAI;IAM1B,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS;IAIpC,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO;IAIzB;;;OAGG;IACH,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI;IAKrC;;OAEG;IACH,KAAK,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,IAAI;IAQ5C;;;OAGG;IACH,UAAU,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,IAAI;IAUjD,wEAAwE;IACxE,QAAQ,IAAI,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC;IAIvC,SAAS,CAAC,EAAE,EAAE,aAAa,GAAG,MAAM,IAAI;IAOxC,OAAO,CAAC,MAAM;CASf;AAED,+DAA+D;AAC/D,eAAO,MAAM,UAAU,YAAmB,CAAC;AAE3C,wBAAgB,kBAAkB,IAAI,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,CAEhE"}

package/dist/vault.js CHANGED Viewed

@@ -21,6 +21,14 @@ export class NexusVault {
     has(key) {
         return this.store.has(key);
     }
+    /**
+     * Set a single key-value pair.
+     * This method is used by the vault-import utility.
+     */
+    set(key, value) {
+        this.store.set(key, value);
+        this.notify();
+    }
     /**
      * Merge keys. Use empty string to remove a key from the vault (not from `process.env` on disk).
      */

package/dist/vault.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"vault.js","sourceRoot":"","sources":["../src/vault.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAIH,MAAM,cAAc,GAAG,IAAI,GAAG,EAAiB,CAAC;AAEhD,MAAM,OAAO,UAAU;IACJ,KAAK,GAAG,IAAI,GAAG,EAAkB,CAAC;IAEnD;;;OAGG;IACH,kBAAkB;QAChB,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YACjD,IAAI,OAAO,CAAC,KAAK,QAAQ;gBAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAClD,CAAC;IACH,CAAC;IAED,GAAG,CAAC,GAAW;QACb,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAC7B,CAAC;IAED,GAAG,CAAC,GAAW;QACb,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAC7B,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAA+B;QACnC,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;YAC7C,IAAI,CAAC,KAAK,EAAE;gBAAE,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;;gBAC9B,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAC5B,CAAC;QACD,IAAI,CAAC,MAAM,EAAE,CAAC;IAChB,CAAC;IAED;;;OAGG;IACH,UAAU,CAAC,OAA+B;QACxC,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;QACnB,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAC1B,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;YAC7C,IAAI,CAAC,KAAK,EAAE;gBAAE,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;;gBAC9B,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAC5B,CAAC;QACD,IAAI,CAAC,MAAM,EAAE,CAAC;IAChB,CAAC;IAED,wEAAwE;IACxE,QAAQ;QACN,OAAO,IAAI,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC7B,CAAC;IAED,SAAS,CAAC,EAAiB;QACzB,cAAc,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACvB,OAAO,GAAG,EAAE;YACV,cAAc,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAC5B,CAAC,CAAC;IACJ,CAAC;IAEO,MAAM;QACZ,KAAK,MAAM,EAAE,IAAI,cAAc,EAAE,CAAC;YAChC,IAAI,CAAC;gBACH,EAAE,EAAE,CAAC;YACP,CAAC;YAAC,MAAM,CAAC;gBACP,4BAA4B;YAC9B,CAAC;QACH,CAAC;IACH,CAAC;CACF;AAED,+DAA+D;AAC/D,MAAM,CAAC,MAAM,UAAU,GAAG,IAAI,UAAU,EAAE,CAAC;AAE3C,MAAM,UAAU,kBAAkB;IAChC,OAAO,UAAU,CAAC,QAAQ,EAAE,CAAC;AAC/B,CAAC"}
1	+ {"version":3,"file":"vault.js","sourceRoot":"","sources":["../src/vault.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAIH,MAAM,cAAc,GAAG,IAAI,GAAG,EAAiB,CAAC;AAEhD,MAAM,OAAO,UAAU;IACJ,KAAK,GAAG,IAAI,GAAG,EAAkB,CAAC;IAEnD;;;OAGG;IACH,kBAAkB;QAChB,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YACjD,IAAI,OAAO,CAAC,KAAK,QAAQ;gBAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAClD,CAAC;IACH,CAAC;IAED,GAAG,CAAC,GAAW;QACb,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAC7B,CAAC;IAED,GAAG,CAAC,GAAW;QACb,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAC7B,CAAC;IAED;;;OAGG;IACH,GAAG,CAAC,GAAW,EAAE,KAAa;QAC5B,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QAC3B,IAAI,CAAC,MAAM,EAAE,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAA+B;QACnC,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;YAC7C,IAAI,CAAC,KAAK,EAAE;gBAAE,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;;gBAC9B,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAC5B,CAAC;QACD,IAAI,CAAC,MAAM,EAAE,CAAC;IAChB,CAAC;IAED;;;OAGG;IACH,UAAU,CAAC,OAA+B;QACxC,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;QACnB,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAC1B,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;YAC7C,IAAI,CAAC,KAAK,EAAE;gBAAE,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;;gBAC9B,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAC5B,CAAC;QACD,IAAI,CAAC,MAAM,EAAE,CAAC;IAChB,CAAC;IAED,wEAAwE;IACxE,QAAQ;QACN,OAAO,IAAI,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC7B,CAAC;IAED,SAAS,CAAC,EAAiB;QACzB,cAAc,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACvB,OAAO,GAAG,EAAE;YACV,cAAc,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAC5B,CAAC,CAAC;IACJ,CAAC;IAEO,MAAM;QACZ,KAAK,MAAM,EAAE,IAAI,cAAc,EAAE,CAAC;YAChC,IAAI,CAAC;gBACH,EAAE,EAAE,CAAC;YACP,CAAC;YAAC,MAAM,CAAC;gBACP,4BAA4B;YAC9B,CAAC;QACH,CAAC;IACH,CAAC;CACF;AAED,+DAA+D;AAC/D,MAAM,CAAC,MAAM,UAAU,GAAG,IAAI,UAAU,EAAE,CAAC;AAE3C,MAAM,UAAU,kBAAkB;IAChC,OAAO,UAAU,CAAC,QAAQ,EAAE,CAAC;AAC/B,CAAC"}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@nexus_js/security",
-  "version": "0.9.1",
+  "version": "0.9.3",
   "description": "Nexus Hardened Core — Vault-lite (hot secrets) and Shield-lite (build manifest helpers)",
   "type": "module",
   "main": "./dist/index.js",
@@ -11,6 +11,12 @@
       "types": "./dist/index.d.ts"
     }
   },
+  "scripts": {
+    "build": "tsc -p tsconfig.json",
+    "dev": "tsc -p tsconfig.json --watch",
+    "test": "vitest run",
+    "clean": "rm -rf dist"
+  },
   "devDependencies": {
     "@types/node": "^22.0.0",
     "typescript": "^5.5.0",
@@ -29,11 +35,5 @@
   "funding": {
     "type": "individual",
     "url": "https://buymeacoffee.com/bierfor084"
-  },
-  "scripts": {
-    "build": "tsc -p tsconfig.json",
-    "dev": "tsc -p tsconfig.json --watch",
-    "test": "vitest run",
-    "clean": "rm -rf dist"
   }
-}
+}

package/LICENSE DELETED Viewed

@@ -1,21 +0,0 @@
-MIT License
-Copyright (c) 2026 Nexus Contributors
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.