@nexus_js/security 0.9.28 → 0.9.29

package/dist/index.d.ts

@@ -1,4 +1,3 @@
-export { NexusVault, nexusVault, getVaultSecretsMap, getGlobalVaultSecretsMap, getTenantVaultSecretsMap, getEncryptedVaultSecretsMap, type VaultListener, } from './vault.js';
+export { NexusVault, nexusVault, getVaultSecretsMap, type VaultListener, } from './vault.js';
 export { SHIELD_MANIFEST_FILENAME, type ShieldManifestV1, parseShieldManifest, loadShieldManifestFromRoot, extractActionNamesFromActionsSource, collectActionNamesFromOutputDir, } from './shield.js';
-export { importToVault, autoImportEnv, type VaultImportOptions, } from './vault-import.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,UAAU,EACV,UAAU,EACV,kBAAkB,EAClB,wBAAwB,EACxB,wBAAwB,EACxB,2BAA2B,EAC3B,KAAK,aAAa,GACnB,MAAM,YAAY,CAAC;AACpB,OAAO,EACL,wBAAwB,EACxB,KAAK,gBAAgB,EACrB,mBAAmB,EACnB,0BAA0B,EAC1B,mCAAmC,EACnC,+BAA+B,GAChC,MAAM,aAAa,CAAC;AACrB,OAAO,EACL,aAAa,EACb,aAAa,EACb,KAAK,kBAAkB,GACxB,MAAM,mBAAmB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,UAAU,EACV,UAAU,EACV,kBAAkB,EAClB,KAAK,aAAa,GACnB,MAAM,YAAY,CAAC;AACpB,OAAO,EACL,wBAAwB,EACxB,KAAK,gBAAgB,EACrB,mBAAmB,EACnB,0BAA0B,EAC1B,mCAAmC,EACnC,+BAA+B,GAChC,MAAM,aAAa,CAAC"}

package/dist/index.js

@@ -1,4 +1,3 @@
-export { NexusVault, nexusVault, getVaultSecretsMap, getGlobalVaultSecretsMap, getTenantVaultSecretsMap, getEncryptedVaultSecretsMap, } from './vault.js';
+export { NexusVault, nexusVault, getVaultSecretsMap, } from './vault.js';
 export { SHIELD_MANIFEST_FILENAME, parseShieldManifest, loadShieldManifestFromRoot, extractActionNamesFromActionsSource, collectActionNamesFromOutputDir, } from './shield.js';
-export { importToVault, autoImportEnv, } from './vault-import.js';
 //# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,UAAU,EACV,UAAU,EACV,kBAAkB,EAClB,wBAAwB,EACxB,wBAAwB,EACxB,2BAA2B,GAE5B,MAAM,YAAY,CAAC;AACpB,OAAO,EACL,wBAAwB,EAExB,mBAAmB,EACnB,0BAA0B,EAC1B,mCAAmC,EACnC,+BAA+B,GAChC,MAAM,aAAa,CAAC;AACrB,OAAO,EACL,aAAa,EACb,aAAa,GAEd,MAAM,mBAAmB,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,UAAU,EACV,UAAU,EACV,kBAAkB,GAEnB,MAAM,YAAY,CAAC;AACpB,OAAO,EACL,wBAAwB,EAExB,mBAAmB,EACnB,0BAA0B,EAC1B,mCAAmC,EACnC,+BAA+B,GAChC,MAAM,aAAa,CAAC"}

package/dist/vault.d.ts

@@ -12,11 +12,6 @@ export declare class NexusVault {
     seedFromProcessEnv(): void;
     get(key: string): string | undefined;
     has(key: string): boolean;
-    /**
-     * Set a single key-value pair.
-     * This method is used by the vault-import utility.
-     */
-    set(key: string, value: string): void;
     /**
      * Merge keys. Use empty string to remove a key from the vault (not from `process.env` on disk).
      */
@@ -34,7 +29,4 @@ export declare class NexusVault {
 /** Process-wide vault instance — use this from server code. */
 export declare const nexusVault: NexusVault;
 export declare function getVaultSecretsMap(): ReadonlyMap<string, string>;
-export declare function getGlobalVaultSecretsMap(mode?: 'strict' | 'fallback'): ReadonlyMap<string, string>;
-export declare function getTenantVaultSecretsMap(tenantId: string, mode?: 'strict' | 'fallback'): ReadonlyMap<string, string>;
-export declare function getEncryptedVaultSecretsMap(): ReadonlyMap<string, string>;
 //# sourceMappingURL=vault.d.ts.map

package/dist/vault.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"vault.d.ts","sourceRoot":"","sources":["../src/vault.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC;AAIvC,qBAAa,UAAU;IACrB,OAAO,CAAC,QAAQ,CAAC,KAAK,CAA6B;IAEnD;;;OAGG;IACH,kBAAkB,IAAI,IAAI;IAM1B,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS;IAIpC,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO;IAIzB;;;OAGG;IACH,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI;IAKrC;;OAEG;IACH,KAAK,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,IAAI;IAQ5C;;;OAGG;IACH,UAAU,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,IAAI;IAUjD,wEAAwE;IACxE,QAAQ,IAAI,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC;IAIvC,SAAS,CAAC,EAAE,EAAE,aAAa,GAAG,MAAM,IAAI;IAOxC,OAAO,CAAC,MAAM;CASf;AAED,+DAA+D;AAC/D,eAAO,MAAM,UAAU,YAAmB,CAAC;AAE3C,wBAAgB,kBAAkB,IAAI,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,CAEhE;AAED,wBAAgB,wBAAwB,CAAC,IAAI,GAAE,QAAQ,GAAG,UAAuB,GAAG,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,CAiB9G;AAED,wBAAgB,wBAAwB,CACtC,QAAQ,EAAE,MAAM,EAChB,IAAI,GAAE,QAAQ,GAAG,UAAqB,GACrC,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,CAgB7B;AAED,wBAAgB,2BAA2B,IAAI,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,CASzE"}
+{"version":3,"file":"vault.d.ts","sourceRoot":"","sources":["../src/vault.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC;AAIvC,qBAAa,UAAU;IACrB,OAAO,CAAC,QAAQ,CAAC,KAAK,CAA6B;IAEnD;;;OAGG;IACH,kBAAkB,IAAI,IAAI;IAM1B,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS;IAIpC,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO;IAIzB;;OAEG;IACH,KAAK,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,IAAI;IAQ5C;;;OAGG;IACH,UAAU,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,IAAI;IAUjD,wEAAwE;IACxE,QAAQ,IAAI,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC;IAIvC,SAAS,CAAC,EAAE,EAAE,aAAa,GAAG,MAAM,IAAI;IAOxC,OAAO,CAAC,MAAM;CASf;AAED,+DAA+D;AAC/D,eAAO,MAAM,UAAU,YAAmB,CAAC;AAE3C,wBAAgB,kBAAkB,IAAI,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,CAEhE"}

package/dist/vault.js

@@ -21,14 +21,6 @@ export class NexusVault {
     has(key) {
         return this.store.has(key);
     }
-    /**
-     * Set a single key-value pair.
-     * This method is used by the vault-import utility.
-     */
-    set(key, value) {
-        this.store.set(key, value);
-        this.notify();
-    }
     /**
      * Merge keys. Use empty string to remove a key from the vault (not from `process.env` on disk).
      */
@@ -80,56 +72,6 @@ export class NexusVault {
 /** Process-wide vault instance — use this from server code. */
 export const nexusVault = new NexusVault();
 export function getVaultSecretsMap() {
-    return getGlobalVaultSecretsMap('fallback');
-}
-export function getGlobalVaultSecretsMap(mode = 'fallback') {
-    const snap = nexusVault.snapshot();
-    const out = new Map();
-    for (const [k, v] of snap) {
-        if (k.startsWith('GLOBAL/')) {
-            out.set(k.slice('GLOBAL/'.length), v);
-        }
-    }
-    if (mode === 'fallback') {
-        for (const [k, v] of snap) {
-            if (k.startsWith('TENANT/'))
-                continue;
-            if (k.startsWith('GLOBAL/'))
-                continue;
-            if (k.startsWith('ENCRYPTED/'))
-                continue;
-            if (!out.has(k))
-                out.set(k, v);
-        }
-    }
-    return out;
-}
-export function getTenantVaultSecretsMap(tenantId, mode = 'strict') {
-    const snap = nexusVault.snapshot();
-    const prefix = `TENANT/${tenantId}/`;
-    const out = new Map();
-    for (const [k, v] of snap) {
-        if (k.startsWith(prefix)) {
-            out.set(k.slice(prefix.length), v);
-        }
-    }
-    if (mode === 'fallback') {
-        const global = getGlobalVaultSecretsMap('fallback');
-        for (const [k, v] of global) {
-            if (!out.has(k))
-                out.set(k, v);
-        }
-    }
-    return out;
-}
-export function getEncryptedVaultSecretsMap() {
-    const snap = nexusVault.snapshot();
-    const out = new Map();
-    for (const [k, v] of snap) {
-        if (k.startsWith('ENCRYPTED/')) {
-            out.set(k.slice('ENCRYPTED/'.length), v);
-        }
-    }
-    return out;
+    return nexusVault.snapshot();
 }
 //# sourceMappingURL=vault.js.map

package/dist/vault.js.map

@@ -1 +1 @@
-{"version":3,"file":"vault.js","sourceRoot":"","sources":["../src/vault.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAIH,MAAM,cAAc,GAAG,IAAI,GAAG,EAAiB,CAAC;AAEhD,MAAM,OAAO,UAAU;IACJ,KAAK,GAAG,IAAI,GAAG,EAAkB,CAAC;IAEnD;;;OAGG;IACH,kBAAkB;QAChB,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YACjD,IAAI,OAAO,CAAC,KAAK,QAAQ;gBAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAClD,CAAC;IACH,CAAC;IAED,GAAG,CAAC,GAAW;QACb,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAC7B,CAAC;IAED,GAAG,CAAC,GAAW;QACb,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAC7B,CAAC;IAED;;;OAGG;IACH,GAAG,CAAC,GAAW,EAAE,KAAa;QAC5B,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QAC3B,IAAI,CAAC,MAAM,EAAE,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAA+B;QACnC,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;YAC7C,IAAI,CAAC,KAAK,EAAE;gBAAE,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;;gBAC9B,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAC5B,CAAC;QACD,IAAI,CAAC,MAAM,EAAE,CAAC;IAChB,CAAC;IAED;;;OAGG;IACH,UAAU,CAAC,OAA+B;QACxC,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;QACnB,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAC1B,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;YAC7C,IAAI,CAAC,KAAK,EAAE;gBAAE,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;;gBAC9B,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAC5B,CAAC;QACD,IAAI,CAAC,MAAM,EAAE,CAAC;IAChB,CAAC;IAED,wEAAwE;IACxE,QAAQ;QACN,OAAO,IAAI,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC7B,CAAC;IAED,SAAS,CAAC,EAAiB;QACzB,cAAc,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACvB,OAAO,GAAG,EAAE;YACV,cAAc,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAC5B,CAAC,CAAC;IACJ,CAAC;IAEO,MAAM;QACZ,KAAK,MAAM,EAAE,IAAI,cAAc,EAAE,CAAC;YAChC,IAAI,CAAC;gBACH,EAAE,EAAE,CAAC;YACP,CAAC;YAAC,MAAM,CAAC;gBACP,4BAA4B;YAC9B,CAAC;QACH,CAAC;IACH,CAAC;CACF;AAED,+DAA+D;AAC/D,MAAM,CAAC,MAAM,UAAU,GAAG,IAAI,UAAU,EAAE,CAAC;AAE3C,MAAM,UAAU,kBAAkB;IAChC,OAAO,wBAAwB,CAAC,UAAU,CAAC,CAAC;AAC9C,CAAC;AAED,MAAM,UAAU,wBAAwB,CAAC,OAA8B,UAAU;IAC/E,MAAM,IAAI,GAAG,UAAU,CAAC,QAAQ,EAAE,CAAC;IACnC,MAAM,GAAG,GAAG,IAAI,GAAG,EAAkB,CAAC;IACtC,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC;QAC1B,IAAI,CAAC,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YAC5B,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;QACxC,CAAC;IACH,CAAC;IACD,IAAI,IAAI,KAAK,UAAU,EAAE,CAAC;QACxB,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC;YAC1B,IAAI,CAAC,CAAC,UAAU,CAAC,SAAS,CAAC;gBAAE,SAAS;YACtC,IAAI,CAAC,CAAC,UAAU,CAAC,SAAS,CAAC;gBAAE,SAAS;YACtC,IAAI,CAAC,CAAC,UAAU,CAAC,YAAY,CAAC;gBAAE,SAAS;YACzC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;gBAAE,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QACjC,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,MAAM,UAAU,wBAAwB,CACtC,QAAgB,EAChB,OAA8B,QAAQ;IAEtC,MAAM,IAAI,GAAG,UAAU,CAAC,QAAQ,EAAE,CAAC;IACnC,MAAM,MAAM,GAAG,UAAU,QAAQ,GAAG,CAAC;IACrC,MAAM,GAAG,GAAG,IAAI,GAAG,EAAkB,CAAC;IACtC,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC;QAC1B,IAAI,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;YACzB,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;QACrC,CAAC;IACH,CAAC;IACD,IAAI,IAAI,KAAK,UAAU,EAAE,CAAC;QACxB,MAAM,MAAM,GAAG,wBAAwB,CAAC,UAAU,CAAC,CAAC;QACpD,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,EAAE,CAAC;YAC5B,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;gBAAE,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QACjC,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,MAAM,UAAU,2BAA2B;IACzC,MAAM,IAAI,GAAG,UAAU,CAAC,QAAQ,EAAE,CAAC;IACnC,MAAM,GAAG,GAAG,IAAI,GAAG,EAAkB,CAAC;IACtC,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC;QAC1B,IAAI,CAAC,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;YAC/B,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,YAAY,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;QAC3C,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}
+{"version":3,"file":"vault.js","sourceRoot":"","sources":["../src/vault.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAIH,MAAM,cAAc,GAAG,IAAI,GAAG,EAAiB,CAAC;AAEhD,MAAM,OAAO,UAAU;IACJ,KAAK,GAAG,IAAI,GAAG,EAAkB,CAAC;IAEnD;;;OAGG;IACH,kBAAkB;QAChB,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YACjD,IAAI,OAAO,CAAC,KAAK,QAAQ;gBAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAClD,CAAC;IACH,CAAC;IAED,GAAG,CAAC,GAAW;QACb,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAC7B,CAAC;IAED,GAAG,CAAC,GAAW;QACb,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAC7B,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAA+B;QACnC,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;YAC7C,IAAI,CAAC,KAAK,EAAE;gBAAE,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;;gBAC9B,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAC5B,CAAC;QACD,IAAI,CAAC,MAAM,EAAE,CAAC;IAChB,CAAC;IAED;;;OAGG;IACH,UAAU,CAAC,OAA+B;QACxC,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;QACnB,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAC1B,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;YAC7C,IAAI,CAAC,KAAK,EAAE;gBAAE,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;;gBAC9B,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAC5B,CAAC;QACD,IAAI,CAAC,MAAM,EAAE,CAAC;IAChB,CAAC;IAED,wEAAwE;IACxE,QAAQ;QACN,OAAO,IAAI,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC7B,CAAC;IAED,SAAS,CAAC,EAAiB;QACzB,cAAc,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACvB,OAAO,GAAG,EAAE;YACV,cAAc,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAC5B,CAAC,CAAC;IACJ,CAAC;IAEO,MAAM;QACZ,KAAK,MAAM,EAAE,IAAI,cAAc,EAAE,CAAC;YAChC,IAAI,CAAC;gBACH,EAAE,EAAE,CAAC;YACP,CAAC;YAAC,MAAM,CAAC;gBACP,4BAA4B;YAC9B,CAAC;QACH,CAAC;IACH,CAAC;CACF;AAED,+DAA+D;AAC/D,MAAM,CAAC,MAAM,UAAU,GAAG,IAAI,UAAU,EAAE,CAAC;AAE3C,MAAM,UAAU,kBAAkB;IAChC,OAAO,UAAU,CAAC,QAAQ,EAAE,CAAC;AAC/B,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nexus_js/security",
-  "version": "0.9.28",
+  "version": "0.9.29",
   "description": "Nexus Hardened Core — Vault-lite (hot secrets) and Shield-lite (build manifest helpers)",
   "type": "module",
   "main": "./dist/index.js",
@@ -14,7 +14,7 @@
   "devDependencies": {
     "@types/node": "^22.0.0",
     "typescript": "^5.5.0",
-    "vitest": "^4.0.0"
+    "vitest": "^2.0.0"
   },
   "license": "MIT",
   "repository": {
@@ -26,14 +26,9 @@
     "dist",
     "README.md"
   ],
-  "funding": {
-    "type": "individual",
-    "url": "https://buymeacoffee.com/bierfor084"
-  },
   "scripts": {
     "build": "tsc -p tsconfig.json",
     "dev": "tsc -p tsconfig.json --watch",
-    "typecheck": "tsc --noEmit -p tsconfig.json",
     "test": "vitest run",
     "clean": "rm -rf dist"
   }

package/dist/vault-import.d.ts

@@ -1,111 +0,0 @@
-/**
- * @nexus_js/security - Vault Import Utility
- *
- * Import secrets from .env files, JSON config, or external vaults (AWS Secrets Manager, etc.)
- * into the Nexus Vault for unified secret management.
- */
-export interface VaultImportOptions {
-    /**
-     * Source type: .env file, JSON config, or raw key-value object.
-     */
-    source: 'env-file' | 'json-file' | 'object' | 'aws-secrets' | 'gcp-secrets';
-    /**
-     * Path to the source file (for env-file or json-file).
-     */
-    filePath?: string;
-    /**
-     * Raw key-value object to import (for 'object' source).
-     */
-    secrets?: Record<string, string>;
-    /**
-     * Filter: only import keys matching this regex.
-     * @example /^DB_|^API_KEY/ imports DB_* and API_KEY*
-     */
-    filter?: RegExp;
-    /**
-     * Prefix to add to all imported keys.
-     * @example prefix: 'LEGACY_' imports DATABASE_URL as LEGACY_DATABASE_URL
-     */
-    prefix?: string;
-    /**
-     * Whether to overwrite existing keys in the Vault.
-     * @default false
-     */
-    overwrite?: boolean;
-    /**
-     * AWS Secrets Manager config (for aws-secrets source).
-     */
-    aws?: {
-        region: string;
-        secretName: string;
-    };
-    /**
-     * GCP Secret Manager config (for gcp-secrets source).
-     */
-    gcp?: {
-        projectId: string;
-        secretName: string;
-    };
-}
-/**
- * Import secrets from various sources into the Nexus Vault.
- *
- * This is critical for legacy migration:
- * - Read the old .env file
- * - Import all secrets into the Vault
- * - Enable hot-reload rotation for sensitive keys
- * - The old backend can now be decommissioned
- *
- * @example
- * ```ts
- * // Import from .env file
- * await importToVault({
- *   source: 'env-file',
- *   filePath: '.env.production',
- *   filter: /^DB_|^API_KEY/,
- *   prefix: 'LEGACY_',
- * });
- *
- * // Now accessible via:
- * nexusVault.get('LEGACY_DB_HOST');
- * nexusVault.get('LEGACY_API_KEY_STRIPE');
- *
- * // Import from AWS Secrets Manager
- * await importToVault({
- *   source: 'aws-secrets',
- *   aws: { region: 'us-east-1', secretName: 'prod/api' },
- * });
- * ```
- */
-export declare function importToVault(opts: VaultImportOptions): Promise<{
-    imported: number;
-    skipped: number;
-    errors: Array<{
-        key: string;
-        error: string;
-    }>;
-}>;
-/**
- * Auto-import from .env file if it exists in the project root.
- * Call this in your server startup to seamlessly migrate legacy secrets.
- *
- * @example
- * ```ts
- * // server.ts
- * import { autoImportEnv } from '@nexus_js/security';
- *
- * await autoImportEnv({ root: process.cwd(), prefix: 'LEGACY_' });
- *
- * // Now all .env keys are available with LEGACY_ prefix
- * ```
- */
-export declare function autoImportEnv(opts?: {
-    root?: string;
-    prefix?: string;
-    filter?: RegExp;
-    overwrite?: boolean;
-}): Promise<{
-    imported: number;
-    skipped: number;
-}>;
-//# sourceMappingURL=vault-import.d.ts.map

package/dist/vault-import.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"vault-import.d.ts","sourceRoot":"","sources":["../src/vault-import.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAOH,MAAM,WAAW,kBAAkB;IACjC;;OAEG;IACH,MAAM,EAAE,UAAU,GAAG,WAAW,GAAG,QAAQ,GAAG,aAAa,GAAG,aAAa,CAAC;IAE5E;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAEjC;;;OAGG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB;;;OAGG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB;;;OAGG;IACH,SAAS,CAAC,EAAE,OAAO,CAAC;IAEpB;;OAEG;IACH,GAAG,CAAC,EAAE;QACJ,MAAM,EAAE,MAAM,CAAC;QACf,UAAU,EAAE,MAAM,CAAC;KACpB,CAAC;IAEF;;OAEG;IACH,GAAG,CAAC,EAAE;QACJ,SAAS,EAAE,MAAM,CAAC;QAClB,UAAU,EAAE,MAAM,CAAC;KACpB,CAAC;CACH;AAgCD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AACH,wBAAsB,aAAa,CAAC,IAAI,EAAE,kBAAkB,GAAG,OAAO,CAAC;IACrE,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,KAAK,CAAC;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CAC/C,CAAC,CAqFD;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAsB,aAAa,CAAC,IAAI,CAAC,EAAE;IACzC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,OAAO,CAAC;CACrB,GAAG,OAAO,CAAC;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC,CAmBjD"}

package/dist/vault-import.js

@@ -1,180 +0,0 @@
-/**
- * @nexus_js/security - Vault Import Utility
- *
- * Import secrets from .env files, JSON config, or external vaults (AWS Secrets Manager, etc.)
- * into the Nexus Vault for unified secret management.
- */
-import { nexusVault } from './vault.js';
-import { readFile } from 'node:fs/promises';
-import { existsSync } from 'node:fs';
-import { join } from 'node:path';
-/**
- * Parse .env file content into key-value pairs.
- * Supports basic syntax: KEY=value, ignores comments (#), handles quotes.
- */
-function parseEnvFile(content) {
-    const result = {};
-    const lines = content.split('\n');
-    for (let line of lines) {
-        line = line.trim();
-        if (!line || line.startsWith('#'))
-            continue; // Skip empty or comment lines
-        const match = line.match(/^([A-Z_][A-Z0-9_]*)=(.*)$/i);
-        if (!match)
-            continue;
-        let [, key, value] = match;
-        if (!key || value === undefined)
-            continue;
-        // Remove quotes if present
-        value = value.trim();
-        if ((value.startsWith('"') && value.endsWith('"')) || (value.startsWith("'") && value.endsWith("'"))) {
-            value = value.slice(1, -1);
-        }
-        result[key] = value;
-    }
-    return result;
-}
-/**
- * Import secrets from various sources into the Nexus Vault.
- *
- * This is critical for legacy migration:
- * - Read the old .env file
- * - Import all secrets into the Vault
- * - Enable hot-reload rotation for sensitive keys
- * - The old backend can now be decommissioned
- *
- * @example
- * ```ts
- * // Import from .env file
- * await importToVault({
- *   source: 'env-file',
- *   filePath: '.env.production',
- *   filter: /^DB_|^API_KEY/,
- *   prefix: 'LEGACY_',
- * });
- *
- * // Now accessible via:
- * nexusVault.get('LEGACY_DB_HOST');
- * nexusVault.get('LEGACY_API_KEY_STRIPE');
- *
- * // Import from AWS Secrets Manager
- * await importToVault({
- *   source: 'aws-secrets',
- *   aws: { region: 'us-east-1', secretName: 'prod/api' },
- * });
- * ```
- */
-export async function importToVault(opts) {
-    const { source, filePath, secrets: rawSecrets, filter, prefix, overwrite = false } = opts;
-    let secretsToImport = {};
-    // ── Step 1: Load secrets from source ──────────────────────────────────────
-    switch (source) {
-        case 'env-file': {
-            if (!filePath)
-                throw new Error('filePath required for env-file source');
-            if (!existsSync(filePath))
-                throw new Error(`File not found: ${filePath}`);
-            const content = await readFile(filePath, 'utf-8');
-            secretsToImport = parseEnvFile(content);
-            break;
-        }
-        case 'json-file': {
-            if (!filePath)
-                throw new Error('filePath required for json-file source');
-            if (!existsSync(filePath))
-                throw new Error(`File not found: ${filePath}`);
-            const content = await readFile(filePath, 'utf-8');
-            try {
-                secretsToImport = JSON.parse(content);
-            }
-            catch (err) {
-                throw new Error(`Invalid JSON in ${filePath}: ${err}`);
-            }
-            break;
-        }
-        case 'object': {
-            if (!rawSecrets)
-                throw new Error('secrets object required for object source');
-            secretsToImport = rawSecrets;
-            break;
-        }
-        case 'aws-secrets': {
-            if (!opts.aws)
-                throw new Error('aws config required for aws-secrets source');
-            // Placeholder: requires AWS SDK
-            throw new Error('aws-secrets source requires @aws-sdk/client-secrets-manager (not included in @nexus_js/security)');
-        }
-        case 'gcp-secrets': {
-            if (!opts.gcp)
-                throw new Error('gcp config required for gcp-secrets source');
-            // Placeholder: requires GCP SDK
-            throw new Error('gcp-secrets source requires @google-cloud/secret-manager (not included in @nexus_js/security)');
-        }
-        default:
-            throw new Error(`Unknown source type: ${source}`);
-    }
-    // ── Step 2: Filter and prefix keys ────────────────────────────────────────
-    const filteredSecrets = {};
-    for (const [key, value] of Object.entries(secretsToImport)) {
-        if (filter && !filter.test(key))
-            continue;
-        const finalKey = prefix ? `${prefix}${key}` : key;
-        filteredSecrets[finalKey] = value;
-    }
-    // ── Step 3: Import into Vault ─────────────────────────────────────────────
-    let imported = 0;
-    let skipped = 0;
-    const errors = [];
-    for (const [key, value] of Object.entries(filteredSecrets)) {
-        try {
-            const existing = nexusVault.get(key);
-            if (existing && !overwrite) {
-                skipped++;
-                continue;
-            }
-            nexusVault.set(key, value);
-            imported++;
-        }
-        catch (err) {
-            errors.push({
-                key,
-                error: err instanceof Error ? err.message : String(err),
-            });
-        }
-    }
-    return { imported, skipped, errors };
-}
-/**
- * Auto-import from .env file if it exists in the project root.
- * Call this in your server startup to seamlessly migrate legacy secrets.
- *
- * @example
- * ```ts
- * // server.ts
- * import { autoImportEnv } from '@nexus_js/security';
- *
- * await autoImportEnv({ root: process.cwd(), prefix: 'LEGACY_' });
- *
- * // Now all .env keys are available with LEGACY_ prefix
- * ```
- */
-export async function autoImportEnv(opts) {
-    const root = opts?.root ?? process.cwd();
-    const envPath = join(root, '.env');
-    if (!existsSync(envPath)) {
-        return { imported: 0, skipped: 0 };
-    }
-    const importOpts = {
-        source: 'env-file',
-        filePath: envPath,
-    };
-    if (opts?.prefix !== undefined)
-        importOpts.prefix = opts.prefix;
-    if (opts?.filter !== undefined)
-        importOpts.filter = opts.filter;
-    if (opts?.overwrite !== undefined)
-        importOpts.overwrite = opts.overwrite;
-    const result = await importToVault(importOpts);
-    return { imported: result.imported, skipped: result.skipped };
-}
-//# sourceMappingURL=vault-import.js.map

package/dist/vault-import.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"vault-import.js","sourceRoot":"","sources":["../src/vault-import.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AACxC,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAqDjC;;;GAGG;AACH,SAAS,YAAY,CAAC,OAAe;IACnC,MAAM,MAAM,GAA2B,EAAE,CAAC;IAC1C,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,KAAK,IAAI,IAAI,IAAI,KAAK,EAAE,CAAC;QACvB,IAAI,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QACnB,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,SAAS,CAAC,8BAA8B;QAE3E,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,4BAA4B,CAAC,CAAC;QACvD,IAAI,CAAC,KAAK;YAAE,SAAS;QAErB,IAAI,CAAC,EAAE,GAAG,EAAE,KAAK,CAAC,GAAG,KAAK,CAAC;QAC3B,IAAI,CAAC,GAAG,IAAI,KAAK,KAAK,SAAS;YAAE,SAAS;QAE1C,2BAA2B;QAC3B,KAAK,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;QACrB,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;YACrG,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QAC7B,CAAC;QAED,MAAM,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;IACtB,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,IAAwB;IAK1D,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,GAAG,KAAK,EAAE,GAAG,IAAI,CAAC;IAE1F,IAAI,eAAe,GAA2B,EAAE,CAAC;IAEjD,6EAA6E;IAC7E,QAAQ,MAAM,EAAE,CAAC;QACf,KAAK,UAAU,CAAC,CAAC,CAAC;YAChB,IAAI,CAAC,QAAQ;gBAAE,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;YACxE,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC;gBAAE,MAAM,IAAI,KAAK,CAAC,mBAAmB,QAAQ,EAAE,CAAC,CAAC;YAC1E,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YAClD,eAAe,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC;YACxC,MAAM;QACR,CAAC;QAED,KAAK,WAAW,CAAC,CAAC,CAAC;YACjB,IAAI,CAAC,QAAQ;gBAAE,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;YACzE,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC;gBAAE,MAAM,IAAI,KAAK,CAAC,mBAAmB,QAAQ,EAAE,CAAC,CAAC;YAC1E,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YAClD,IAAI,CAAC;gBACH,eAAe,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAA2B,CAAC;YAClE,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,IAAI,KAAK,CAAC,mBAAmB,QAAQ,KAAK,GAAG,EAAE,CAAC,CAAC;YACzD,CAAC;YACD,MAAM;QACR,CAAC;QAED,KAAK,QAAQ,CAAC,CAAC,CAAC;YACd,IAAI,CAAC,UAAU;gBAAE,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;YAC9E,eAAe,GAAG,UAAU,CAAC;YAC7B,MAAM;QACR,CAAC;QAED,KAAK,aAAa,CAAC,CAAC,CAAC;YACnB,IAAI,CAAC,IAAI,CAAC,GAAG;gBAAE,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;YAC7E,gCAAgC;YAChC,MAAM,IAAI,KAAK,CACb,kGAAkG,CACnG,CAAC;QACJ,CAAC;QAED,KAAK,aAAa,CAAC,CAAC,CAAC;YACnB,IAAI,CAAC,IAAI,CAAC,GAAG;gBAAE,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;YAC7E,gCAAgC;YAChC,MAAM,IAAI,KAAK,CACb,+FAA+F,CAChG,CAAC;QACJ,CAAC;QAED;YACE,MAAM,IAAI,KAAK,CAAC,wBAAwB,MAAM,EAAE,CAAC,CAAC;IACtD,CAAC;IAED,6EAA6E;IAC7E,MAAM,eAAe,GAA2B,EAAE,CAAC;IACnD,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE,CAAC;QAC3D,IAAI,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;YAAE,SAAS;QAC1C,MAAM,QAAQ,GAAG,MAAM,CAAC,CAAC,CAAC,GAAG,MAAM,GAAG,GAAG,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC;QAClD,eAAe,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC;IACpC,CAAC;IAED,6EAA6E;IAC7E,IAAI,QAAQ,GAAG,CAAC,CAAC;IACjB,IAAI,OAAO,GAAG,CAAC,CAAC;IAChB,MAAM,MAAM,GAA0C,EAAE,CAAC;IAEzD,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE,CAAC;QAC3D,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YACrC,IAAI,QAAQ,IAAI,CAAC,SAAS,EAAE,CAAC;gBAC3B,OAAO,EAAE,CAAC;gBACV,SAAS;YACX,CAAC;YAED,UAAU,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;YAC3B,QAAQ,EAAE,CAAC;QACb,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,CAAC,IAAI,CAAC;gBACV,GAAG;gBACH,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;aACxD,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC;AACvC,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,IAKnC;IACC,MAAM,IAAI,GAAG,IAAI,EAAE,IAAI,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;IACzC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IAEnC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QACzB,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;IACrC,CAAC;IAED,MAAM,UAAU,GAAuB;QACrC,MAAM,EAAE,UAAU;QAClB,QAAQ,EAAE,OAAO;KAClB,CAAC;IACF,IAAI,IAAI,EAAE,MAAM,KAAK,SAAS;QAAE,UAAU,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;IAChE,IAAI,IAAI,EAAE,MAAM,KAAK,SAAS;QAAE,UAAU,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;IAChE,IAAI,IAAI,EAAE,SAAS,KAAK,SAAS;QAAE,UAAU,CAAC,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC;IAEzE,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,CAAC;IAE/C,OAAO,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,OAAO,EAAE,CAAC;AAChE,CAAC"}