@replayio/app-building 1.13.0 → 1.15.0

package/dist/secrets.d.ts

@@ -3,6 +3,11 @@ export interface InfisicalConfig {
     projectId: string;
     environment: string;
 }
+/**
+ * Log in to Infisical using Universal Auth (Client ID + Client Secret).
+ * Returns a short-lived access token (default 30 day TTL).
+ */
+export declare function infisicalLogin(clientId: string, clientSecret: string): Promise<string>;
 /**
  * Fetch secrets from an Infisical folder path.
  * Returns a key-value record of secret names to values.
@@ -17,13 +22,9 @@ export declare function fetchGlobalSecrets(config: InfisicalConfig): Promise<Rec
  */
 export declare function fetchBranchSecrets(config: InfisicalConfig, branch: string): Promise<Record<string, string>>;
 /**
- * Resolve the full set of secrets to inject into a container:
- * global build secrets + Infisical config vars (so the container can fetch branch secrets).
- * Throws if any required secret from .env.example is missing.
- */
-export declare function resolveContainerSecrets(config: InfisicalConfig): Promise<Record<string, string>>;
-/**
- * Extract Infisical config from environment variables.
- * Throws if any required Infisical var is missing.
+ * Extract Infisical config from environment variables and log in.
+ * Reads INFISICAL_CLIENT_ID, INFISICAL_CLIENT_SECRET, INFISICAL_PROJECT_ID,
+ * and INFISICAL_ENVIRONMENT from the env vars.
+ * Throws if any required var is missing.
  */
-export declare function getInfisicalConfig(envVars: Record<string, string>): InfisicalConfig;
+export declare function getInfisicalConfig(envVars: Record<string, string>): Promise<InfisicalConfig>;

package/dist/secrets.js

@@ -1,16 +1,20 @@
-import { readFileSync } from "fs";
-import { resolve, dirname } from "path";
-import { fileURLToPath } from "url";
-const __dirname = dirname(fileURLToPath(import.meta.url));
 const INFISICAL_API_BASE = "https://app.infisical.com";
-/** Keys listed in src/package/.env.example that must be present in container secrets. */
-function getRequiredSecretKeys() {
-    const examplePath = resolve(__dirname, ".env.example");
-    return readFileSync(examplePath, "utf-8")
-        .split("\n")
-        .map((l) => l.split("#")[0].trim())
-        .filter((l) => l && l.includes("="))
-        .map((l) => l.split("=")[0].trim());
+/**
+ * Log in to Infisical using Universal Auth (Client ID + Client Secret).
+ * Returns a short-lived access token (default 30 day TTL).
+ */
+export async function infisicalLogin(clientId, clientSecret) {
+    const res = await fetch(`${INFISICAL_API_BASE}/api/v1/auth/universal-auth/login`, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ clientId, clientSecret }),
+    });
+    if (!res.ok) {
+        const body = await res.text().catch(() => "");
+        throw new Error(`Infisical login failed → ${res.status}: ${body}`);
+    }
+    const data = (await res.json());
+    return data.accessToken;
 }
 async function infisicalFetch(path, config) {
     const res = await fetch(`${INFISICAL_API_BASE}${path}`, {
@@ -56,40 +60,25 @@ export async function fetchBranchSecrets(config, branch) {
     return fetchInfisicalSecrets(config, `/branches/${branch}/`);
 }
 /**
- * Resolve the full set of secrets to inject into a container:
- * global build secrets + Infisical config vars (so the container can fetch branch secrets).
- * Throws if any required secret from .env.example is missing.
- */
-export async function resolveContainerSecrets(config) {
-    const globals = await fetchGlobalSecrets(config);
-    const secrets = {
-        ...globals,
-        INFISICAL_TOKEN: config.token,
-        INFISICAL_PROJECT_ID: config.projectId,
-        INFISICAL_ENVIRONMENT: config.environment,
-    };
-    const required = getRequiredSecretKeys();
-    const missing = required.filter((k) => !secrets[k]);
-    if (missing.length > 0) {
-        throw new Error(`Missing required secrets in Infisical /global/: ${missing.join(", ")}`);
-    }
-    return secrets;
-}
-/**
- * Extract Infisical config from environment variables.
- * Throws if any required Infisical var is missing.
+ * Extract Infisical config from environment variables and log in.
+ * Reads INFISICAL_CLIENT_ID, INFISICAL_CLIENT_SECRET, INFISICAL_PROJECT_ID,
+ * and INFISICAL_ENVIRONMENT from the env vars.
+ * Throws if any required var is missing.
  */
-export function getInfisicalConfig(envVars) {
-    const token = envVars.INFISICAL_TOKEN;
+export async function getInfisicalConfig(envVars) {
+    const clientId = envVars.INFISICAL_CLIENT_ID;
+    const clientSecret = envVars.INFISICAL_CLIENT_SECRET;
     const projectId = envVars.INFISICAL_PROJECT_ID;
     const environment = envVars.INFISICAL_ENVIRONMENT;
     const missing = [
-        !token && "INFISICAL_TOKEN",
+        !clientId && "INFISICAL_CLIENT_ID",
+        !clientSecret && "INFISICAL_CLIENT_SECRET",
         !projectId && "INFISICAL_PROJECT_ID",
         !environment && "INFISICAL_ENVIRONMENT",
     ].filter(Boolean);
     if (missing.length > 0) {
         throw new Error(`Missing Infisical config in .env: ${missing.join(", ")}`);
     }
-    return { token: token, projectId: projectId, environment: environment };
+    const token = await infisicalLogin(clientId, clientSecret);
+    return { token, projectId: projectId, environment: environment };
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@replayio/app-building",
-  "version": "1.13.0",
+  "version": "1.15.0",
   "description": "Library for managing agentic app-building containers",
   "type": "module",
   "exports": {