@omnikit-ai/sdk 2.2.3 → 2.2.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/index.d.mts +19 -15
  2. package/dist/index.d.ts +19 -15
  3. package/dist/index.js +27 -18
  4. package/dist/index.js.map +1 -1
  5. package/dist/index.mjs +27 -18
  6. package/dist/index.mjs.map +1 -1
  7. package/package.json +1 -1
package/dist/index.d.mts CHANGED
@@ -1383,19 +1383,20 @@ interface OmnikitClient {
1383
1383
  /**
1384
1384
  * Get a secret value at runtime (for backend functions).
1385
1385
  *
1386
- * This method securely fetches secrets from the Omnikit API using the app's API key.
1387
- * Use this in Supabase Edge Functions instead of storing secrets in Supabase's
1388
- * environment variables to ensure proper isolation between apps.
1386
+ * This method securely fetches secrets from the Omnikit API at runtime.
1387
+ * Secrets are NOT injected into function code - they are fetched via API
1388
+ * to ensure they cannot be leaked through source code, logs, or backups.
1389
1389
  *
1390
1390
  * @example
1391
1391
  * ```typescript
1392
+ * const omnikit = createServerClient(req);
1392
1393
  * const stripeKey = await omnikit.getSecret('STRIPE_SECRET_KEY');
1393
1394
  * const stripe = new Stripe(stripeKey);
1394
1395
  * ```
1395
1396
  *
1396
1397
  * @param secretName - Name of the secret to retrieve
1397
1398
  * @returns The decrypted secret value
1398
- * @throws Error if the secret is not found or API key is invalid
1399
+ * @throws Error if the secret is not found or service token is invalid
1399
1400
  */
1400
1401
  getSecret(secretName: string): Promise<string>;
1401
1402
  }
@@ -2158,26 +2159,29 @@ declare class APIClient implements OmnikitClient {
2158
2159
  /**
2159
2160
  * Get a secret value at runtime (for backend functions).
2160
2161
  *
2161
- * This method securely fetches secrets from the Omnikit API using the app's API key.
2162
- * Use this in Supabase Edge Functions instead of storing secrets in Supabase's
2163
- * environment variables to ensure proper isolation between apps.
2162
+ * This method securely fetches secrets from the Omnikit API at runtime.
2163
+ * Secrets are NOT injected into function code - they are fetched via API
2164
+ * to ensure they cannot be leaked through source code, logs, or backups.
2164
2165
  *
2165
2166
  * @example
2166
2167
  * ```typescript
2167
2168
  * // In a backend function (Deno Edge Function)
2168
- * const omnikit = createClient({
2169
- * appId: __OMNIKIT_APP_ID__,
2170
- * serverUrl: __OMNIKIT_API_URL__,
2171
- * apiKey: __OMNIKIT_API_KEY__,
2172
- * });
2169
+ * import { createServerClient } from '@omnikit-ai/sdk';
2173
2170
  *
2174
- * const stripeKey = await omnikit.getSecret('STRIPE_SECRET_KEY');
2175
- * const stripe = new Stripe(stripeKey);
2171
+ * Deno.serve(async (req) => {
2172
+ * const omnikit = createServerClient(req);
2173
+ *
2174
+ * // Fetch secret at runtime - secure, never in source code
2175
+ * const stripeKey = await omnikit.getSecret('STRIPE_SECRET_KEY');
2176
+ * const stripe = new Stripe(stripeKey);
2177
+ *
2178
+ * // ... rest of function
2179
+ * });
2176
2180
  * ```
2177
2181
  *
2178
2182
  * @param secretName - Name of the secret to retrieve
2179
2183
  * @returns The decrypted secret value
2180
- * @throws Error if the secret is not found or API key is invalid
2184
+ * @throws Error if the secret is not found or service token is invalid
2181
2185
  */
2182
2186
  getSecret(secretName: string): Promise<string>;
2183
2187
  }
package/dist/index.d.ts CHANGED
@@ -1383,19 +1383,20 @@ interface OmnikitClient {
1383
1383
  /**
1384
1384
  * Get a secret value at runtime (for backend functions).
1385
1385
  *
1386
- * This method securely fetches secrets from the Omnikit API using the app's API key.
1387
- * Use this in Supabase Edge Functions instead of storing secrets in Supabase's
1388
- * environment variables to ensure proper isolation between apps.
1386
+ * This method securely fetches secrets from the Omnikit API at runtime.
1387
+ * Secrets are NOT injected into function code - they are fetched via API
1388
+ * to ensure they cannot be leaked through source code, logs, or backups.
1389
1389
  *
1390
1390
  * @example
1391
1391
  * ```typescript
1392
+ * const omnikit = createServerClient(req);
1392
1393
  * const stripeKey = await omnikit.getSecret('STRIPE_SECRET_KEY');
1393
1394
  * const stripe = new Stripe(stripeKey);
1394
1395
  * ```
1395
1396
  *
1396
1397
  * @param secretName - Name of the secret to retrieve
1397
1398
  * @returns The decrypted secret value
1398
- * @throws Error if the secret is not found or API key is invalid
1399
+ * @throws Error if the secret is not found or service token is invalid
1399
1400
  */
1400
1401
  getSecret(secretName: string): Promise<string>;
1401
1402
  }
@@ -2158,26 +2159,29 @@ declare class APIClient implements OmnikitClient {
2158
2159
  /**
2159
2160
  * Get a secret value at runtime (for backend functions).
2160
2161
  *
2161
- * This method securely fetches secrets from the Omnikit API using the app's API key.
2162
- * Use this in Supabase Edge Functions instead of storing secrets in Supabase's
2163
- * environment variables to ensure proper isolation between apps.
2162
+ * This method securely fetches secrets from the Omnikit API at runtime.
2163
+ * Secrets are NOT injected into function code - they are fetched via API
2164
+ * to ensure they cannot be leaked through source code, logs, or backups.
2164
2165
  *
2165
2166
  * @example
2166
2167
  * ```typescript
2167
2168
  * // In a backend function (Deno Edge Function)
2168
- * const omnikit = createClient({
2169
- * appId: __OMNIKIT_APP_ID__,
2170
- * serverUrl: __OMNIKIT_API_URL__,
2171
- * apiKey: __OMNIKIT_API_KEY__,
2172
- * });
2169
+ * import { createServerClient } from '@omnikit-ai/sdk';
2173
2170
  *
2174
- * const stripeKey = await omnikit.getSecret('STRIPE_SECRET_KEY');
2175
- * const stripe = new Stripe(stripeKey);
2171
+ * Deno.serve(async (req) => {
2172
+ * const omnikit = createServerClient(req);
2173
+ *
2174
+ * // Fetch secret at runtime - secure, never in source code
2175
+ * const stripeKey = await omnikit.getSecret('STRIPE_SECRET_KEY');
2176
+ * const stripe = new Stripe(stripeKey);
2177
+ *
2178
+ * // ... rest of function
2179
+ * });
2176
2180
  * ```
2177
2181
  *
2178
2182
  * @param secretName - Name of the secret to retrieve
2179
2183
  * @returns The decrypted secret value
2180
- * @throws Error if the secret is not found or API key is invalid
2184
+ * @throws Error if the secret is not found or service token is invalid
2181
2185
  */
2182
2186
  getSecret(secretName: string): Promise<string>;
2183
2187
  }
package/dist/index.js CHANGED
@@ -2689,43 +2689,52 @@ Example: await ${collectionName}.list({ limit: 100, sort: '-created_at' })`,
2689
2689
  /**
2690
2690
  * Get a secret value at runtime (for backend functions).
2691
2691
  *
2692
- * This method securely fetches secrets from the Omnikit API using the app's API key.
2693
- * Use this in Supabase Edge Functions instead of storing secrets in Supabase's
2694
- * environment variables to ensure proper isolation between apps.
2692
+ * This method securely fetches secrets from the Omnikit API at runtime.
2693
+ * Secrets are NOT injected into function code - they are fetched via API
2694
+ * to ensure they cannot be leaked through source code, logs, or backups.
2695
2695
  *
2696
2696
  * @example
2697
2697
  * ```typescript
2698
2698
  * // In a backend function (Deno Edge Function)
2699
- * const omnikit = createClient({
2700
- * appId: __OMNIKIT_APP_ID__,
2701
- * serverUrl: __OMNIKIT_API_URL__,
2702
- * apiKey: __OMNIKIT_API_KEY__,
2703
- * });
2699
+ * import { createServerClient } from '@omnikit-ai/sdk';
2700
+ *
2701
+ * Deno.serve(async (req) => {
2702
+ * const omnikit = createServerClient(req);
2703
+ *
2704
+ * // Fetch secret at runtime - secure, never in source code
2705
+ * const stripeKey = await omnikit.getSecret('STRIPE_SECRET_KEY');
2706
+ * const stripe = new Stripe(stripeKey);
2704
2707
  *
2705
- * const stripeKey = await omnikit.getSecret('STRIPE_SECRET_KEY');
2706
- * const stripe = new Stripe(stripeKey);
2708
+ * // ... rest of function
2709
+ * });
2707
2710
  * ```
2708
2711
  *
2709
2712
  * @param secretName - Name of the secret to retrieve
2710
2713
  * @returns The decrypted secret value
2711
- * @throws Error if the secret is not found or API key is invalid
2714
+ * @throws Error if the secret is not found or service token is invalid
2712
2715
  */
2713
2716
  async getSecret(secretName) {
2714
- if (!this._apiKey) {
2717
+ const authToken = this._serviceToken || this._apiKey;
2718
+ if (!authToken) {
2715
2719
  throw new OmnikitError(
2716
- "API key is required to fetch secrets. Provide apiKey in config.",
2720
+ "Service token required. Use createServerClient(req) in backend functions.",
2717
2721
  403,
2718
- "API_KEY_REQUIRED"
2722
+ "AUTH_REQUIRED"
2719
2723
  );
2720
2724
  }
2725
+ const headers = {
2726
+ "Content-Type": "application/json"
2727
+ };
2728
+ if (this._serviceToken) {
2729
+ headers["X-Service-Token"] = this._serviceToken;
2730
+ } else if (this._apiKey) {
2731
+ headers["X-API-Key"] = this._apiKey;
2732
+ }
2721
2733
  const response = await fetch(
2722
2734
  `${this.baseUrl}/apps/${this.appId}/secrets/${secretName}/value`,
2723
2735
  {
2724
2736
  method: "GET",
2725
- headers: {
2726
- "X-API-Key": this._apiKey,
2727
- "Content-Type": "application/json"
2728
- }
2737
+ headers
2729
2738
  }
2730
2739
  );
2731
2740
  if (!response.ok) {