@runcore-sh/runcore 0.1.7 → 0.1.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/access/manifest.d.ts +59 -0
- package/dist/access/manifest.d.ts.map +1 -0
- package/dist/access/manifest.js +251 -0
- package/dist/access/manifest.js.map +1 -0
- package/dist/activity/log.d.ts +1 -1
- package/dist/activity/log.d.ts.map +1 -1
- package/dist/agents/autonomous.d.ts.map +1 -1
- package/dist/agents/autonomous.js +38 -0
- package/dist/agents/autonomous.js.map +1 -1
- package/dist/agents/governance.d.ts +70 -0
- package/dist/agents/governance.d.ts.map +1 -0
- package/dist/agents/governance.js +220 -0
- package/dist/agents/governance.js.map +1 -0
- package/dist/agents/governed-spawn.d.ts +83 -0
- package/dist/agents/governed-spawn.d.ts.map +1 -0
- package/dist/agents/governed-spawn.js +186 -0
- package/dist/agents/governed-spawn.js.map +1 -0
- package/dist/agents/heartbeat.d.ts +91 -0
- package/dist/agents/heartbeat.d.ts.map +1 -0
- package/dist/agents/heartbeat.js +323 -0
- package/dist/agents/heartbeat.js.map +1 -0
- package/dist/agents/index.d.ts +4 -1
- package/dist/agents/index.d.ts.map +1 -1
- package/dist/agents/index.js +6 -1
- package/dist/agents/index.js.map +1 -1
- package/dist/agents/spawn-policy.d.ts +45 -0
- package/dist/agents/spawn-policy.d.ts.map +1 -0
- package/dist/agents/spawn-policy.js +202 -0
- package/dist/agents/spawn-policy.js.map +1 -0
- package/dist/alert.d.ts +16 -0
- package/dist/alert.d.ts.map +1 -0
- package/dist/alert.js +70 -0
- package/dist/alert.js.map +1 -0
- package/dist/cli.js +35 -27
- package/dist/cli.js.map +1 -1
- package/dist/credentials/store.d.ts +1 -1
- package/dist/credentials/store.d.ts.map +1 -1
- package/dist/credentials/store.js +14 -3
- package/dist/credentials/store.js.map +1 -1
- package/dist/crystallizer.d.ts +56 -0
- package/dist/crystallizer.d.ts.map +1 -0
- package/dist/crystallizer.js +159 -0
- package/dist/crystallizer.js.map +1 -0
- package/dist/distiller.d.ts +48 -0
- package/dist/distiller.d.ts.map +1 -0
- package/dist/distiller.js +140 -0
- package/dist/distiller.js.map +1 -0
- package/dist/google/auth.d.ts +2 -0
- package/dist/google/auth.d.ts.map +1 -1
- package/dist/google/auth.js +2 -0
- package/dist/google/auth.js.map +1 -1
- package/dist/integrations/gate.d.ts +40 -0
- package/dist/integrations/gate.d.ts.map +1 -0
- package/dist/integrations/gate.js +100 -0
- package/dist/integrations/gate.js.map +1 -0
- package/dist/lib/audit.d.ts +43 -0
- package/dist/lib/audit.d.ts.map +1 -0
- package/dist/lib/audit.js +120 -0
- package/dist/lib/audit.js.map +1 -0
- package/dist/lib/brain-io.d.ts.map +1 -1
- package/dist/lib/brain-io.js +52 -0
- package/dist/lib/brain-io.js.map +1 -1
- package/dist/lib/dpapi.d.ts +14 -0
- package/dist/lib/dpapi.d.ts.map +1 -0
- package/dist/lib/dpapi.js +104 -0
- package/dist/lib/dpapi.js.map +1 -0
- package/dist/lib/glob-match.d.ts +22 -0
- package/dist/lib/glob-match.d.ts.map +1 -0
- package/dist/lib/glob-match.js +64 -0
- package/dist/lib/glob-match.js.map +1 -0
- package/dist/lib/locked.d.ts +40 -0
- package/dist/lib/locked.d.ts.map +1 -0
- package/dist/lib/locked.js +130 -0
- package/dist/lib/locked.js.map +1 -0
- package/dist/llm/complete.d.ts.map +1 -1
- package/dist/llm/complete.js +5 -2
- package/dist/llm/complete.js.map +1 -1
- package/dist/llm/fetch-guard.d.ts +16 -0
- package/dist/llm/fetch-guard.d.ts.map +1 -0
- package/dist/llm/fetch-guard.js +61 -0
- package/dist/llm/fetch-guard.js.map +1 -0
- package/dist/llm/guard.d.ts +40 -0
- package/dist/llm/guard.d.ts.map +1 -0
- package/dist/llm/guard.js +88 -0
- package/dist/llm/guard.js.map +1 -0
- package/dist/llm/membrane.d.ts +46 -0
- package/dist/llm/membrane.d.ts.map +1 -0
- package/dist/llm/membrane.js +123 -0
- package/dist/llm/membrane.js.map +1 -0
- package/dist/llm/providers/index.d.ts +5 -1
- package/dist/llm/providers/index.d.ts.map +1 -1
- package/dist/llm/providers/index.js +8 -1
- package/dist/llm/providers/index.js.map +1 -1
- package/dist/llm/redact.d.ts +39 -0
- package/dist/llm/redact.d.ts.map +1 -0
- package/dist/llm/redact.js +155 -0
- package/dist/llm/redact.js.map +1 -0
- package/dist/llm/sensitive-registry.d.ts +33 -0
- package/dist/llm/sensitive-registry.d.ts.map +1 -0
- package/dist/llm/sensitive-registry.js +106 -0
- package/dist/llm/sensitive-registry.js.map +1 -0
- package/dist/mcp-server.d.ts +11 -0
- package/dist/mcp-server.d.ts.map +1 -0
- package/dist/mcp-server.js +520 -0
- package/dist/mcp-server.js.map +1 -0
- package/dist/mdns.d.ts +17 -0
- package/dist/mdns.d.ts.map +1 -0
- package/dist/mdns.js +110 -0
- package/dist/mdns.js.map +1 -0
- package/dist/nerve/push.d.ts +26 -0
- package/dist/nerve/push.d.ts.map +1 -0
- package/dist/nerve/push.js +170 -0
- package/dist/nerve/push.js.map +1 -0
- package/dist/nerve/state.d.ts +35 -0
- package/dist/nerve/state.d.ts.map +1 -0
- package/dist/nerve/state.js +257 -0
- package/dist/nerve/state.js.map +1 -0
- package/dist/resend/inbox.d.ts +23 -0
- package/dist/resend/inbox.d.ts.map +1 -0
- package/dist/resend/inbox.js +198 -0
- package/dist/resend/inbox.js.map +1 -0
- package/dist/resend/webhooks.d.ts +30 -0
- package/dist/resend/webhooks.d.ts.map +1 -0
- package/dist/resend/webhooks.js +244 -0
- package/dist/resend/webhooks.js.map +1 -0
- package/dist/server.d.ts +2 -0
- package/dist/server.d.ts.map +1 -1
- package/dist/server.js +585 -16
- package/dist/server.js.map +1 -1
- package/dist/settings.d.ts +14 -1
- package/dist/settings.d.ts.map +1 -1
- package/dist/settings.js +35 -1
- package/dist/settings.js.map +1 -1
- package/dist/updater.d.ts +32 -0
- package/dist/updater.d.ts.map +1 -0
- package/dist/updater.js +145 -0
- package/dist/updater.js.map +1 -0
- package/dist/vault/policy.d.ts +42 -0
- package/dist/vault/policy.d.ts.map +1 -0
- package/dist/vault/policy.js +159 -0
- package/dist/vault/policy.js.map +1 -0
- package/dist/vault/store.d.ts +6 -0
- package/dist/vault/store.d.ts.map +1 -1
- package/dist/vault/store.js +15 -5
- package/dist/vault/store.js.map +1 -1
- package/dist/vault/transfer.d.ts +33 -0
- package/dist/vault/transfer.d.ts.map +1 -0
- package/dist/vault/transfer.js +187 -0
- package/dist/vault/transfer.js.map +1 -0
- package/dist/voucher.d.ts +39 -0
- package/dist/voucher.d.ts.map +1 -0
- package/dist/voucher.js +105 -0
- package/dist/voucher.js.map +1 -0
- package/dist/webhooks/handlers.d.ts +10 -0
- package/dist/webhooks/handlers.d.ts.map +1 -1
- package/dist/webhooks/handlers.js +53 -0
- package/dist/webhooks/handlers.js.map +1 -1
- package/dist/webhooks/index.d.ts +2 -2
- package/dist/webhooks/index.d.ts.map +1 -1
- package/dist/webhooks/index.js +2 -2
- package/dist/webhooks/index.js.map +1 -1
- package/dist/webhooks/verify.d.ts +8 -0
- package/dist/webhooks/verify.d.ts.map +1 -1
- package/dist/webhooks/verify.js +56 -0
- package/dist/webhooks/verify.js.map +1 -1
- package/package.json +8 -2
- package/public/board.html +8 -3
- package/public/browser.html +8 -3
- package/public/library.html +8 -3
- package/public/observatory.html +8 -3
- package/public/ops.html +8 -3
- package/public/registry.html +627 -0
- package/public/roadmap.html +975 -0
package/dist/vault/store.js
CHANGED
|
@@ -6,6 +6,7 @@
|
|
|
6
6
|
import { readFile, writeFile, mkdir } from "node:fs/promises";
|
|
7
7
|
import { join } from "node:path";
|
|
8
8
|
import { encrypt, decrypt } from "../auth/crypto.js";
|
|
9
|
+
import { shouldHydrateKey } from "../integrations/gate.js";
|
|
9
10
|
const VAULT_DIR = join(process.cwd(), "brain", "vault");
|
|
10
11
|
const VAULT_FILE = join(VAULT_DIR, "keys.json");
|
|
11
12
|
// In-memory cache — populated by loadVault, read by list/hydrate
|
|
@@ -53,8 +54,10 @@ async function saveVault(key) {
|
|
|
53
54
|
export async function setVaultKey(name, value, key, label) {
|
|
54
55
|
vaultCache[name] = { value, label };
|
|
55
56
|
await saveVault(key);
|
|
56
|
-
// Keep process.env in sync
|
|
57
|
-
|
|
57
|
+
// Keep process.env in sync — but respect the integration gate
|
|
58
|
+
if (shouldHydrateKey(name)) {
|
|
59
|
+
process.env[name] = value;
|
|
60
|
+
}
|
|
58
61
|
}
|
|
59
62
|
/**
|
|
60
63
|
* Remove a key from the vault. Persists immediately.
|
|
@@ -100,12 +103,19 @@ export function getDashReadableVault() {
|
|
|
100
103
|
.map(([name, entry]) => ({ name, value: entry.value, label: entry.label }));
|
|
101
104
|
}
|
|
102
105
|
/**
|
|
103
|
-
* Push
|
|
106
|
+
* Push vault values into process.env, filtered by the integration gate.
|
|
107
|
+
* Disabled integrations have their secrets actively removed from process.env.
|
|
104
108
|
* Called after loadVault so consumer modules (LLM, search) pick them up.
|
|
105
109
|
*/
|
|
106
|
-
function hydrateEnv() {
|
|
110
|
+
export function hydrateEnv() {
|
|
107
111
|
for (const [name, entry] of Object.entries(vaultCache)) {
|
|
108
|
-
|
|
112
|
+
if (shouldHydrateKey(name)) {
|
|
113
|
+
process.env[name] = entry.value;
|
|
114
|
+
}
|
|
115
|
+
else {
|
|
116
|
+
// Actively remove blocked keys — they may have been set by a prior hydration
|
|
117
|
+
delete process.env[name];
|
|
118
|
+
}
|
|
109
119
|
}
|
|
110
120
|
}
|
|
111
121
|
//# sourceMappingURL=store.js.map
|
package/dist/vault/store.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"store.js","sourceRoot":"","sources":["../../src/vault/store.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAC;AAC9D,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAyB,MAAM,mBAAmB,CAAC;
|
|
1
|
+
{"version":3,"file":"store.js","sourceRoot":"","sources":["../../src/vault/store.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAC;AAC9D,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAyB,MAAM,mBAAmB,CAAC;AAC5E,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAE3D,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;AACxD,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC;AAgBhD,iEAAiE;AACjE,IAAI,UAAU,GAAc,EAAE,CAAC;AAE/B;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,GAAW;IACzC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QAChD,MAAM,IAAI,GAAkB,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC5C,MAAM,OAAO,GAAqB;YAChC,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,EAAE,EAAE,IAAI,CAAC,EAAE;YACX,OAAO,EAAE,IAAI,CAAC,OAAO;SACtB,CAAC;QACF,MAAM,SAAS,GAAG,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;QACxC,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAc,CAAC;IAClD,CAAC;IAAC,MAAM,CAAC;QACP,oDAAoD;QACpD,UAAU,GAAG,EAAE,CAAC;IAClB,CAAC;IACD,UAAU,EAAE,CAAC;AACf,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,SAAS,CAAC,GAAW;IAClC,MAAM,KAAK,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC5C,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;IAC7C,MAAM,OAAO,GAAG,OAAO,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;IACxC,MAAM,IAAI,GAAkB;QAC1B,CAAC,EAAE,CAAC;QACJ,UAAU,EAAE,OAAO,CAAC,UAAU;QAC9B,EAAE,EAAE,OAAO,CAAC,EAAE;QACd,OAAO,EAAE,OAAO,CAAC,OAAO;KACzB,CAAC;IACF,MAAM,SAAS,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,OAAO,CAAC,CAAC;AAC7D,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,IAAY,EACZ,KAAa,EACb,GAAW,EACX,KAAc;IAEd,UAAU,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC;IACpC,MAAM,SAAS,CAAC,GAAG,CAAC,CAAC;IACrB,8DAA8D;IAC9D,IAAI,gBAAgB,CAAC,IAAI,CAAC,EAAE,CAAC;QAC3B,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC;IAC5B,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,IAAY,EAAE,GAAW;IAC5D,OAAO,UAAU,CAAC,IAAI,CAAC,CAAC;IACxB,MAAM,SAAS,CAAC,GAAG,CAAC,CAAC;IACrB,kEAAkE;IAClE,OAAO,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;AAC3B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa;IAC3B,OAAO,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC;QACxD,IAAI;QACJ,KAAK,EAAE,KAAK,CAAC,KAAK;KACnB,CAAC,CAAC,CAAC;AACN,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe;IAC7B,OAAO,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC;QACxD,IAAI;QACJ,KAAK,EAAE,KAAK,CAAC,KAAK;QAClB,KAAK,EAAE,KAAK,CAAC,KAAK;KACnB,CAAC,CAAC,CAAC;AACN,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,CAAC,WAAW,EAAE,mBAAmB,CAAC,CAAC,CAAC;AAEjE,MAAM,UAAU,oBAAoB;IAClC,OAAO,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC;SAC9B,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;SACrG,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;AAChF,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,UAAU;IACxB,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;QACvD,IAAI,gBAAgB,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3B,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC;QAClC,CAAC;aAAM,CAAC;YACN,6EAA6E;YAC7E,OAAO,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC3B,CAAC;IACH,CAAC;AACH,CAAC"}
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Vault portable export/import.
|
|
3
|
+
*
|
|
4
|
+
* DPAPI ties session keys to the Windows user profile, making vault secrets
|
|
5
|
+
* non-portable. This module provides passphrase-based export/import so
|
|
6
|
+
* secrets can move across machines and operating systems.
|
|
7
|
+
*
|
|
8
|
+
* Export format: self-describing JSON envelope (.vault) with AES-256-GCM
|
|
9
|
+
* encrypted payload, key derived via PBKDF2 from a case-sensitive passphrase.
|
|
10
|
+
*/
|
|
11
|
+
export interface ExportStats {
|
|
12
|
+
vaultKeys: number;
|
|
13
|
+
credentials: number;
|
|
14
|
+
personalFields: number;
|
|
15
|
+
}
|
|
16
|
+
export interface ExportResult {
|
|
17
|
+
filePath: string;
|
|
18
|
+
stats: ExportStats;
|
|
19
|
+
}
|
|
20
|
+
export interface ImportResult {
|
|
21
|
+
stats: ExportStats & {
|
|
22
|
+
skipped: number;
|
|
23
|
+
};
|
|
24
|
+
}
|
|
25
|
+
export interface VerifyResult {
|
|
26
|
+
message: string;
|
|
27
|
+
stats: ExportStats;
|
|
28
|
+
}
|
|
29
|
+
export type ConflictStrategy = "overwrite" | "skip" | "rename";
|
|
30
|
+
export declare function exportVault(passphrase: string, outputDir?: string): Promise<ExportResult>;
|
|
31
|
+
export declare function verifyExport(filePath: string, passphrase: string): Promise<VerifyResult>;
|
|
32
|
+
export declare function importVault(filePath: string, passphrase: string, strategy: ConflictStrategy | undefined, sessionKey: Buffer): Promise<ImportResult>;
|
|
33
|
+
//# sourceMappingURL=transfer.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"transfer.d.ts","sourceRoot":"","sources":["../../src/vault/transfer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAkDH,MAAM,WAAW,WAAW;IAC1B,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,YAAY;IAC3B,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,WAAW,CAAC;CACpB;AAED,MAAM,WAAW,YAAY;IAC3B,KAAK,EAAE,WAAW,GAAG;QAAE,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC;CAC1C;AAED,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,WAAW,CAAC;CACpB;AAED,MAAM,MAAM,gBAAgB,GAAG,WAAW,GAAG,MAAM,GAAG,QAAQ,CAAC;AAsD/D,wBAAsB,WAAW,CAC/B,UAAU,EAAE,MAAM,EAClB,SAAS,CAAC,EAAE,MAAM,GACjB,OAAO,CAAC,YAAY,CAAC,CA+CvB;AAID,wBAAsB,YAAY,CAChC,QAAQ,EAAE,MAAM,EAChB,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,YAAY,CAAC,CAUvB;AAID,wBAAsB,WAAW,CAC/B,QAAQ,EAAE,MAAM,EAChB,UAAU,EAAE,MAAM,EAClB,QAAQ,EAAE,gBAAgB,YAAS,EACnC,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,YAAY,CAAC,CAqCvB"}
|
|
@@ -0,0 +1,187 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Vault portable export/import.
|
|
3
|
+
*
|
|
4
|
+
* DPAPI ties session keys to the Windows user profile, making vault secrets
|
|
5
|
+
* non-portable. This module provides passphrase-based export/import so
|
|
6
|
+
* secrets can move across machines and operating systems.
|
|
7
|
+
*
|
|
8
|
+
* Export format: self-describing JSON envelope (.vault) with AES-256-GCM
|
|
9
|
+
* encrypted payload, key derived via PBKDF2 from a case-sensitive passphrase.
|
|
10
|
+
*/
|
|
11
|
+
import { pbkdf2Sync, randomBytes, createHash } from "node:crypto";
|
|
12
|
+
import { writeFile, readFile, mkdir } from "node:fs/promises";
|
|
13
|
+
import { join } from "node:path";
|
|
14
|
+
import { encrypt, decrypt } from "../auth/crypto.js";
|
|
15
|
+
import { getVaultEntries, setVaultKey } from "./store.js";
|
|
16
|
+
import { readBrainLines, appendBrainLine } from "../lib/brain-io.js";
|
|
17
|
+
import { getEncryptionKey } from "../lib/key-store.js";
|
|
18
|
+
import { getInstanceName } from "../instance.js";
|
|
19
|
+
// ── Constants ────────────────────────────────────────────────────────────────
|
|
20
|
+
const VAULT_DIR = join(process.cwd(), "brain", "vault");
|
|
21
|
+
const CRED_FILE = join(process.cwd(), "brain", "vault", "credentials.enc.jsonl");
|
|
22
|
+
const PERSONAL_FILE = join(process.cwd(), "brain", "vault", "personal.enc.jsonl");
|
|
23
|
+
const FORMAT = "core-vault-export";
|
|
24
|
+
const VERSION = 1;
|
|
25
|
+
const ITERATIONS = 600_000;
|
|
26
|
+
const KEY_LENGTH = 32;
|
|
27
|
+
const SALT_LENGTH = 16;
|
|
28
|
+
// ── Key derivation (case-sensitive, unlike safe word) ────────────────────────
|
|
29
|
+
function deriveExportKey(passphrase, salt) {
|
|
30
|
+
return pbkdf2Sync(passphrase, salt, ITERATIONS, KEY_LENGTH, "sha256");
|
|
31
|
+
}
|
|
32
|
+
function hashKey(key) {
|
|
33
|
+
return createHash("sha256").update(key).digest("hex");
|
|
34
|
+
}
|
|
35
|
+
// ── Helpers ──────────────────────────────────────────────────────────────────
|
|
36
|
+
/** Read JSONL entries, skipping schema headers. */
|
|
37
|
+
async function readJsonlEntries(filePath) {
|
|
38
|
+
const lines = await readBrainLines(filePath);
|
|
39
|
+
const entries = [];
|
|
40
|
+
for (const line of lines) {
|
|
41
|
+
try {
|
|
42
|
+
const obj = JSON.parse(line);
|
|
43
|
+
if (obj._schema)
|
|
44
|
+
continue;
|
|
45
|
+
entries.push(obj);
|
|
46
|
+
}
|
|
47
|
+
catch {
|
|
48
|
+
// skip malformed
|
|
49
|
+
}
|
|
50
|
+
}
|
|
51
|
+
return entries;
|
|
52
|
+
}
|
|
53
|
+
/** Deduplicate credentials by id (last occurrence wins), filter active only. */
|
|
54
|
+
function deduplicateCredentials(creds) {
|
|
55
|
+
const map = new Map();
|
|
56
|
+
for (const c of creds) {
|
|
57
|
+
if (c.id)
|
|
58
|
+
map.set(c.id, c);
|
|
59
|
+
}
|
|
60
|
+
return Array.from(map.values()).filter((c) => c.status !== "archived");
|
|
61
|
+
}
|
|
62
|
+
/** Deduplicate personal fields by field name (last wins), filter active. */
|
|
63
|
+
function deduplicatePersonal(entries) {
|
|
64
|
+
const map = new Map();
|
|
65
|
+
for (const e of entries) {
|
|
66
|
+
if (e.status === "archived") {
|
|
67
|
+
map.delete(e.field);
|
|
68
|
+
}
|
|
69
|
+
else {
|
|
70
|
+
map.set(e.field, e);
|
|
71
|
+
}
|
|
72
|
+
}
|
|
73
|
+
return Array.from(map.values());
|
|
74
|
+
}
|
|
75
|
+
// ── Export ────────────────────────────────────────────────────────────────────
|
|
76
|
+
export async function exportVault(passphrase, outputDir) {
|
|
77
|
+
const sessionKey = getEncryptionKey();
|
|
78
|
+
if (!sessionKey)
|
|
79
|
+
throw new Error("Not authenticated — session key not set");
|
|
80
|
+
// Collect secrets
|
|
81
|
+
const vaultKeys = getVaultEntries();
|
|
82
|
+
const rawCredentials = await readJsonlEntries(CRED_FILE);
|
|
83
|
+
const credentials = deduplicateCredentials(rawCredentials);
|
|
84
|
+
const rawPersonal = await readJsonlEntries(PERSONAL_FILE);
|
|
85
|
+
const personalFields = deduplicatePersonal(rawPersonal);
|
|
86
|
+
const payload = { vaultKeys, credentials, personalFields };
|
|
87
|
+
// Derive export key (case-sensitive)
|
|
88
|
+
const salt = randomBytes(SALT_LENGTH);
|
|
89
|
+
const exportKey = deriveExportKey(passphrase, salt);
|
|
90
|
+
const keyHash = hashKey(exportKey);
|
|
91
|
+
// Encrypt
|
|
92
|
+
const encrypted = encrypt(JSON.stringify(payload), exportKey);
|
|
93
|
+
const envelope = {
|
|
94
|
+
format: FORMAT,
|
|
95
|
+
version: VERSION,
|
|
96
|
+
exportedAt: new Date().toISOString(),
|
|
97
|
+
sourceInstance: getInstanceName(),
|
|
98
|
+
salt: salt.toString("hex"),
|
|
99
|
+
iterations: ITERATIONS,
|
|
100
|
+
keyHash,
|
|
101
|
+
payload: encrypted,
|
|
102
|
+
};
|
|
103
|
+
// Write file
|
|
104
|
+
const dir = outputDir ?? VAULT_DIR;
|
|
105
|
+
await mkdir(dir, { recursive: true });
|
|
106
|
+
const timestamp = new Date().toISOString().replace(/[:.]/g, "-");
|
|
107
|
+
const filePath = join(dir, `export-${timestamp}.vault`);
|
|
108
|
+
await writeFile(filePath, JSON.stringify(envelope, null, 2), "utf-8");
|
|
109
|
+
return {
|
|
110
|
+
filePath,
|
|
111
|
+
stats: {
|
|
112
|
+
vaultKeys: vaultKeys.length,
|
|
113
|
+
credentials: credentials.length,
|
|
114
|
+
personalFields: personalFields.length,
|
|
115
|
+
},
|
|
116
|
+
};
|
|
117
|
+
}
|
|
118
|
+
// ── Verify ───────────────────────────────────────────────────────────────────
|
|
119
|
+
export async function verifyExport(filePath, passphrase) {
|
|
120
|
+
const payload = await decryptEnvelope(filePath, passphrase);
|
|
121
|
+
return {
|
|
122
|
+
message: "Export verified successfully",
|
|
123
|
+
stats: {
|
|
124
|
+
vaultKeys: payload.vaultKeys.length,
|
|
125
|
+
credentials: payload.credentials.length,
|
|
126
|
+
personalFields: payload.personalFields.length,
|
|
127
|
+
},
|
|
128
|
+
};
|
|
129
|
+
}
|
|
130
|
+
// ── Import ───────────────────────────────────────────────────────────────────
|
|
131
|
+
export async function importVault(filePath, passphrase, strategy = "skip", sessionKey) {
|
|
132
|
+
const payload = await decryptEnvelope(filePath, passphrase);
|
|
133
|
+
let skipped = 0;
|
|
134
|
+
// Import vault keys
|
|
135
|
+
const existingKeys = new Set(getVaultEntries().map((e) => e.name));
|
|
136
|
+
for (const entry of payload.vaultKeys) {
|
|
137
|
+
if (existingKeys.has(entry.name)) {
|
|
138
|
+
if (strategy === "skip") {
|
|
139
|
+
skipped++;
|
|
140
|
+
continue;
|
|
141
|
+
}
|
|
142
|
+
if (strategy === "rename") {
|
|
143
|
+
const renamed = `${entry.name}_imported`;
|
|
144
|
+
await setVaultKey(renamed, entry.value, sessionKey, entry.label);
|
|
145
|
+
continue;
|
|
146
|
+
}
|
|
147
|
+
// overwrite — fall through
|
|
148
|
+
}
|
|
149
|
+
await setVaultKey(entry.name, entry.value, sessionKey, entry.label);
|
|
150
|
+
}
|
|
151
|
+
// Import credentials (append-only JSONL)
|
|
152
|
+
for (const cred of payload.credentials) {
|
|
153
|
+
await appendBrainLine(CRED_FILE, JSON.stringify(cred));
|
|
154
|
+
}
|
|
155
|
+
// Import personal fields (append-only JSONL)
|
|
156
|
+
for (const field of payload.personalFields) {
|
|
157
|
+
await appendBrainLine(PERSONAL_FILE, JSON.stringify(field));
|
|
158
|
+
}
|
|
159
|
+
return {
|
|
160
|
+
stats: {
|
|
161
|
+
vaultKeys: payload.vaultKeys.length,
|
|
162
|
+
credentials: payload.credentials.length,
|
|
163
|
+
personalFields: payload.personalFields.length,
|
|
164
|
+
skipped,
|
|
165
|
+
},
|
|
166
|
+
};
|
|
167
|
+
}
|
|
168
|
+
// ── Shared decrypt ───────────────────────────────────────────────────────────
|
|
169
|
+
async function decryptEnvelope(filePath, passphrase) {
|
|
170
|
+
const raw = await readFile(filePath, "utf-8");
|
|
171
|
+
const envelope = JSON.parse(raw);
|
|
172
|
+
if (envelope.format !== FORMAT) {
|
|
173
|
+
throw new Error(`Unknown export format: ${envelope.format}`);
|
|
174
|
+
}
|
|
175
|
+
if (envelope.version !== VERSION) {
|
|
176
|
+
throw new Error(`Unsupported export version: ${envelope.version}`);
|
|
177
|
+
}
|
|
178
|
+
const salt = Buffer.from(envelope.salt, "hex");
|
|
179
|
+
const exportKey = deriveExportKey(passphrase, salt);
|
|
180
|
+
// Fast wrong-passphrase detection
|
|
181
|
+
if (hashKey(exportKey) !== envelope.keyHash) {
|
|
182
|
+
throw new Error("Wrong passphrase");
|
|
183
|
+
}
|
|
184
|
+
const plaintext = decrypt(envelope.payload, exportKey);
|
|
185
|
+
return JSON.parse(plaintext);
|
|
186
|
+
}
|
|
187
|
+
//# sourceMappingURL=transfer.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"transfer.js","sourceRoot":"","sources":["../../src/vault/transfer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAClE,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAC;AAC9D,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAyB,MAAM,mBAAmB,CAAC;AAC5E,OAAO,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAC1D,OAAO,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACrE,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AACvD,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAIjD,gFAAgF;AAEhF,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;AACxD,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,OAAO,EAAE,OAAO,EAAE,uBAAuB,CAAC,CAAC;AACjF,MAAM,aAAa,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,OAAO,EAAE,OAAO,EAAE,oBAAoB,CAAC,CAAC;AAElF,MAAM,MAAM,GAAG,mBAAmB,CAAC;AACnC,MAAM,OAAO,GAAG,CAAC,CAAC;AAClB,MAAM,UAAU,GAAG,OAAO,CAAC;AAC3B,MAAM,UAAU,GAAG,EAAE,CAAC;AACtB,MAAM,WAAW,GAAG,EAAE,CAAC;AAiDvB,gFAAgF;AAEhF,SAAS,eAAe,CAAC,UAAkB,EAAE,IAAY;IACvD,OAAO,UAAU,CAAC,UAAU,EAAE,IAAI,EAAE,UAAU,EAAE,UAAU,EAAE,QAAQ,CAAC,CAAC;AACxE,CAAC;AAED,SAAS,OAAO,CAAC,GAAW;IAC1B,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACxD,CAAC;AAED,gFAAgF;AAEhF,mDAAmD;AACnD,KAAK,UAAU,gBAAgB,CAAI,QAAgB;IACjD,MAAM,KAAK,GAAG,MAAM,cAAc,CAAC,QAAQ,CAAC,CAAC;IAC7C,MAAM,OAAO,GAAQ,EAAE,CAAC;IACxB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAC7B,IAAI,GAAG,CAAC,OAAO;gBAAE,SAAS;YAC1B,OAAO,CAAC,IAAI,CAAC,GAAQ,CAAC,CAAC;QACzB,CAAC;QAAC,MAAM,CAAC;YACP,iBAAiB;QACnB,CAAC;IACH,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,gFAAgF;AAChF,SAAS,sBAAsB,CAAC,KAAmB;IACjD,MAAM,GAAG,GAAG,IAAI,GAAG,EAAsB,CAAC;IAC1C,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;QACtB,IAAI,CAAC,CAAC,EAAE;YAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;IAC7B,CAAC;IACD,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,UAAU,CAAC,CAAC;AACzE,CAAC;AAED,4EAA4E;AAC5E,SAAS,mBAAmB,CAAC,OAAqB;IAChD,MAAM,GAAG,GAAG,IAAI,GAAG,EAAsB,CAAC;IAC1C,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,IAAI,CAAC,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;YAC5B,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;QACtB,CAAC;aAAM,CAAC;YACN,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QACtB,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;AAClC,CAAC;AAED,iFAAiF;AAEjF,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,UAAkB,EAClB,SAAkB;IAElB,MAAM,UAAU,GAAG,gBAAgB,EAAE,CAAC;IACtC,IAAI,CAAC,UAAU;QAAE,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;IAE5E,kBAAkB;IAClB,MAAM,SAAS,GAAG,eAAe,EAAE,CAAC;IACpC,MAAM,cAAc,GAAG,MAAM,gBAAgB,CAAa,SAAS,CAAC,CAAC;IACrE,MAAM,WAAW,GAAG,sBAAsB,CAAC,cAAc,CAAC,CAAC;IAC3D,MAAM,WAAW,GAAG,MAAM,gBAAgB,CAAa,aAAa,CAAC,CAAC;IACtE,MAAM,cAAc,GAAG,mBAAmB,CAAC,WAAW,CAAC,CAAC;IAExD,MAAM,OAAO,GAAuB,EAAE,SAAS,EAAE,WAAW,EAAE,cAAc,EAAE,CAAC;IAE/E,qCAAqC;IACrC,MAAM,IAAI,GAAG,WAAW,CAAC,WAAW,CAAC,CAAC;IACtC,MAAM,SAAS,GAAG,eAAe,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;IACpD,MAAM,OAAO,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;IAEnC,UAAU;IACV,MAAM,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,SAAS,CAAC,CAAC;IAE9D,MAAM,QAAQ,GAAwB;QACpC,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,OAAO;QAChB,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACpC,cAAc,EAAE,eAAe,EAAE;QACjC,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC;QAC1B,UAAU,EAAE,UAAU;QACtB,OAAO;QACP,OAAO,EAAE,SAAS;KACnB,CAAC;IAEF,aAAa;IACb,MAAM,GAAG,GAAG,SAAS,IAAI,SAAS,CAAC;IACnC,MAAM,KAAK,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACtC,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IACjE,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,UAAU,SAAS,QAAQ,CAAC,CAAC;IACxD,MAAM,SAAS,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;IAEtE,OAAO;QACL,QAAQ;QACR,KAAK,EAAE;YACL,SAAS,EAAE,SAAS,CAAC,MAAM;YAC3B,WAAW,EAAE,WAAW,CAAC,MAAM;YAC/B,cAAc,EAAE,cAAc,CAAC,MAAM;SACtC;KACF,CAAC;AACJ,CAAC;AAED,gFAAgF;AAEhF,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,QAAgB,EAChB,UAAkB;IAElB,MAAM,OAAO,GAAG,MAAM,eAAe,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;IAC5D,OAAO;QACL,OAAO,EAAE,8BAA8B;QACvC,KAAK,EAAE;YACL,SAAS,EAAE,OAAO,CAAC,SAAS,CAAC,MAAM;YACnC,WAAW,EAAE,OAAO,CAAC,WAAW,CAAC,MAAM;YACvC,cAAc,EAAE,OAAO,CAAC,cAAc,CAAC,MAAM;SAC9C;KACF,CAAC;AACJ,CAAC;AAED,gFAAgF;AAEhF,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,QAAgB,EAChB,UAAkB,EAClB,WAA6B,MAAM,EACnC,UAAkB;IAElB,MAAM,OAAO,GAAG,MAAM,eAAe,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;IAC5D,IAAI,OAAO,GAAG,CAAC,CAAC;IAEhB,oBAAoB;IACpB,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,eAAe,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IACnE,KAAK,MAAM,KAAK,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;QACtC,IAAI,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YACjC,IAAI,QAAQ,KAAK,MAAM,EAAE,CAAC;gBAAC,OAAO,EAAE,CAAC;gBAAC,SAAS;YAAC,CAAC;YACjD,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;gBAC1B,MAAM,OAAO,GAAG,GAAG,KAAK,CAAC,IAAI,WAAW,CAAC;gBACzC,MAAM,WAAW,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,EAAE,UAAU,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;gBACjE,SAAS;YACX,CAAC;YACD,2BAA2B;QAC7B,CAAC;QACD,MAAM,WAAW,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,KAAK,EAAE,UAAU,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;IACtE,CAAC;IAED,yCAAyC;IACzC,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;QACvC,MAAM,eAAe,CAAC,SAAS,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;IACzD,CAAC;IAED,6CAA6C;IAC7C,KAAK,MAAM,KAAK,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;QAC3C,MAAM,eAAe,CAAC,aAAa,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC;IAC9D,CAAC;IAED,OAAO;QACL,KAAK,EAAE;YACL,SAAS,EAAE,OAAO,CAAC,SAAS,CAAC,MAAM;YACnC,WAAW,EAAE,OAAO,CAAC,WAAW,CAAC,MAAM;YACvC,cAAc,EAAE,OAAO,CAAC,cAAc,CAAC,MAAM;YAC7C,OAAO;SACR;KACF,CAAC;AACJ,CAAC;AAED,gFAAgF;AAEhF,KAAK,UAAU,eAAe,CAC5B,QAAgB,EAChB,UAAkB;IAElB,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAC9C,MAAM,QAAQ,GAAwB,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAEtD,IAAI,QAAQ,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;QAC/B,MAAM,IAAI,KAAK,CAAC,0BAA0B,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;IAC/D,CAAC;IACD,IAAI,QAAQ,CAAC,OAAO,KAAK,OAAO,EAAE,CAAC;QACjC,MAAM,IAAI,KAAK,CAAC,+BAA+B,QAAQ,CAAC,OAAO,EAAE,CAAC,CAAC;IACrE,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IAC/C,MAAM,SAAS,GAAG,eAAe,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;IAEpD,kCAAkC;IAClC,IAAI,OAAO,CAAC,SAAS,CAAC,KAAK,QAAQ,CAAC,OAAO,EAAE,CAAC;QAC5C,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;IACtC,CAAC;IAED,MAAM,SAAS,GAAG,OAAO,CAAC,QAAQ,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;IACvD,OAAO,IAAI,CAAC,KAAK,CAAC,SAAS,CAAuB,CAAC;AACrD,CAAC"}
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Decoder Ring — brain-to-brain voucher system.
|
|
3
|
+
* Short-lived tokens the human carries between brains as proof of intent.
|
|
4
|
+
* Vouchers live in procedural memory (append-only JSONL).
|
|
5
|
+
*/
|
|
6
|
+
import type { LongTermMemoryStore } from "./memory/long-term.js";
|
|
7
|
+
export interface VoucherResult {
|
|
8
|
+
valid: boolean;
|
|
9
|
+
scope?: string;
|
|
10
|
+
}
|
|
11
|
+
/**
|
|
12
|
+
* Issue a voucher: generate a token, store it in procedural memory.
|
|
13
|
+
* @returns The token string for the human to carry.
|
|
14
|
+
*/
|
|
15
|
+
export declare function issueVoucher(ltm: LongTermMemoryStore, scope?: string, ttlMinutes?: number): Promise<string>;
|
|
16
|
+
/**
|
|
17
|
+
* Check a voucher: scan procedural memory for the token.
|
|
18
|
+
* Returns valid only if the token exists, is active, hasn't expired,
|
|
19
|
+
* and no later entry has archived/revoked it.
|
|
20
|
+
*/
|
|
21
|
+
export declare function checkVoucher(ltm: LongTermMemoryStore, token: string): Promise<VoucherResult>;
|
|
22
|
+
/**
|
|
23
|
+
* Revoke a voucher: append an archived entry for the token.
|
|
24
|
+
*/
|
|
25
|
+
export declare function revokeVoucher(ltm: LongTermMemoryStore, token: string): Promise<boolean>;
|
|
26
|
+
type AlertFn = (subject: string, body: string) => Promise<unknown>;
|
|
27
|
+
/**
|
|
28
|
+
* Register an alert function to be called on failed voucher checks.
|
|
29
|
+
* Keeps voucher.ts decoupled from the alert system — caller wires the dependency.
|
|
30
|
+
*/
|
|
31
|
+
export declare function setVoucherAlertFn(fn: AlertFn): void;
|
|
32
|
+
/**
|
|
33
|
+
* Check a voucher with alerting on failure.
|
|
34
|
+
* Wraps checkVoucher() — if the token is invalid/expired, fires an alert.
|
|
35
|
+
* Use this at trust boundaries (MCP tools, mesh auth) instead of raw checkVoucher().
|
|
36
|
+
*/
|
|
37
|
+
export declare function checkVoucherWithAlert(ltm: LongTermMemoryStore, token: string, context?: string): Promise<VoucherResult>;
|
|
38
|
+
export {};
|
|
39
|
+
//# sourceMappingURL=voucher.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"voucher.d.ts","sourceRoot":"","sources":["../src/voucher.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AAKjE,MAAM,WAAW,aAAa;IAC5B,KAAK,EAAE,OAAO,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAMD;;;GAGG;AACH,wBAAsB,YAAY,CAChC,GAAG,EAAE,mBAAmB,EACxB,KAAK,CAAC,EAAE,MAAM,EACd,UAAU,GAAE,MAAW,GACtB,OAAO,CAAC,MAAM,CAAC,CAiBjB;AAED;;;;GAIG;AACH,wBAAsB,YAAY,CAChC,GAAG,EAAE,mBAAmB,EACxB,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,aAAa,CAAC,CA2BxB;AAED;;GAEG;AACH,wBAAsB,aAAa,CACjC,GAAG,EAAE,mBAAmB,EACxB,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,OAAO,CAAC,CAelB;AAID,KAAK,OAAO,GAAG,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;AAGnE;;;GAGG;AACH,wBAAgB,iBAAiB,CAAC,EAAE,EAAE,OAAO,GAAG,IAAI,CAEnD;AAED;;;;GAIG;AACH,wBAAsB,qBAAqB,CACzC,GAAG,EAAE,mBAAmB,EACxB,KAAK,EAAE,MAAM,EACb,OAAO,CAAC,EAAE,MAAM,GACf,OAAO,CAAC,aAAa,CAAC,CAmBxB"}
|
package/dist/voucher.js
ADDED
|
@@ -0,0 +1,105 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Decoder Ring — brain-to-brain voucher system.
|
|
3
|
+
* Short-lived tokens the human carries between brains as proof of intent.
|
|
4
|
+
* Vouchers live in procedural memory (append-only JSONL).
|
|
5
|
+
*/
|
|
6
|
+
import { randomBytes } from "node:crypto";
|
|
7
|
+
import { createLogger } from "./utils/logger.js";
|
|
8
|
+
const log = createLogger("voucher");
|
|
9
|
+
function generateToken() {
|
|
10
|
+
return `vch_${randomBytes(4).toString("hex")}`;
|
|
11
|
+
}
|
|
12
|
+
/**
|
|
13
|
+
* Issue a voucher: generate a token, store it in procedural memory.
|
|
14
|
+
* @returns The token string for the human to carry.
|
|
15
|
+
*/
|
|
16
|
+
export async function issueVoucher(ltm, scope, ttlMinutes = 30) {
|
|
17
|
+
const token = generateToken();
|
|
18
|
+
const expires = new Date(Date.now() + ttlMinutes * 60_000).toISOString();
|
|
19
|
+
await ltm.add({
|
|
20
|
+
type: "procedural",
|
|
21
|
+
content: `Voucher ${token} issued`,
|
|
22
|
+
meta: {
|
|
23
|
+
voucher: true,
|
|
24
|
+
token,
|
|
25
|
+
...(scope ? { scope } : {}),
|
|
26
|
+
status: "active",
|
|
27
|
+
expires,
|
|
28
|
+
},
|
|
29
|
+
});
|
|
30
|
+
return token;
|
|
31
|
+
}
|
|
32
|
+
/**
|
|
33
|
+
* Check a voucher: scan procedural memory for the token.
|
|
34
|
+
* Returns valid only if the token exists, is active, hasn't expired,
|
|
35
|
+
* and no later entry has archived/revoked it.
|
|
36
|
+
*/
|
|
37
|
+
export async function checkVoucher(ltm, token) {
|
|
38
|
+
// Get all entries for this token (both active and archived)
|
|
39
|
+
const entries = await ltm.search({
|
|
40
|
+
type: "procedural",
|
|
41
|
+
meta: { voucher: true, token },
|
|
42
|
+
});
|
|
43
|
+
if (entries.length === 0)
|
|
44
|
+
return { valid: false };
|
|
45
|
+
// Sort newest-first — the latest status wins
|
|
46
|
+
const sorted = entries.sort((a, b) => new Date(b.createdAt).getTime() - new Date(a.createdAt).getTime());
|
|
47
|
+
const latest = sorted[0];
|
|
48
|
+
const meta = latest.meta;
|
|
49
|
+
if (!meta || meta.status !== "active")
|
|
50
|
+
return { valid: false };
|
|
51
|
+
// Check expiry
|
|
52
|
+
if (meta.expires && new Date(meta.expires) < new Date()) {
|
|
53
|
+
return { valid: false };
|
|
54
|
+
}
|
|
55
|
+
return {
|
|
56
|
+
valid: true,
|
|
57
|
+
scope: meta.scope,
|
|
58
|
+
};
|
|
59
|
+
}
|
|
60
|
+
/**
|
|
61
|
+
* Revoke a voucher: append an archived entry for the token.
|
|
62
|
+
*/
|
|
63
|
+
export async function revokeVoucher(ltm, token) {
|
|
64
|
+
const check = await checkVoucher(ltm, token);
|
|
65
|
+
if (!check.valid)
|
|
66
|
+
return false;
|
|
67
|
+
await ltm.add({
|
|
68
|
+
type: "procedural",
|
|
69
|
+
content: `Voucher ${token} revoked`,
|
|
70
|
+
meta: {
|
|
71
|
+
voucher: true,
|
|
72
|
+
token,
|
|
73
|
+
status: "archived",
|
|
74
|
+
},
|
|
75
|
+
});
|
|
76
|
+
return true;
|
|
77
|
+
}
|
|
78
|
+
let _alertFn = null;
|
|
79
|
+
/**
|
|
80
|
+
* Register an alert function to be called on failed voucher checks.
|
|
81
|
+
* Keeps voucher.ts decoupled from the alert system — caller wires the dependency.
|
|
82
|
+
*/
|
|
83
|
+
export function setVoucherAlertFn(fn) {
|
|
84
|
+
_alertFn = fn;
|
|
85
|
+
}
|
|
86
|
+
/**
|
|
87
|
+
* Check a voucher with alerting on failure.
|
|
88
|
+
* Wraps checkVoucher() — if the token is invalid/expired, fires an alert.
|
|
89
|
+
* Use this at trust boundaries (MCP tools, mesh auth) instead of raw checkVoucher().
|
|
90
|
+
*/
|
|
91
|
+
export async function checkVoucherWithAlert(ltm, token, context) {
|
|
92
|
+
const result = await checkVoucher(ltm, token);
|
|
93
|
+
if (!result.valid) {
|
|
94
|
+
const masked = token.length > 8 ? token.slice(0, 8) + "..." : token;
|
|
95
|
+
const where = context ? ` (${context})` : "";
|
|
96
|
+
log.warn("Voucher check failed", { token: masked, context });
|
|
97
|
+
if (_alertFn) {
|
|
98
|
+
_alertFn(`Voucher check failed${where}`, `Someone tried token "${masked}"${where} at ${new Date().toISOString()}. The voucher was invalid or expired.`).catch((err) => {
|
|
99
|
+
log.debug("Alert dispatch failed", { error: err instanceof Error ? err.message : String(err) });
|
|
100
|
+
});
|
|
101
|
+
}
|
|
102
|
+
}
|
|
103
|
+
return result;
|
|
104
|
+
}
|
|
105
|
+
//# sourceMappingURL=voucher.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"voucher.js","sourceRoot":"","sources":["../src/voucher.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAE1C,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAEjD,MAAM,GAAG,GAAG,YAAY,CAAC,SAAS,CAAC,CAAC;AAOpC,SAAS,aAAa;IACpB,OAAO,OAAO,WAAW,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;AACjD,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,GAAwB,EACxB,KAAc,EACd,aAAqB,EAAE;IAEvB,MAAM,KAAK,GAAG,aAAa,EAAE,CAAC;IAC9B,MAAM,OAAO,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,UAAU,GAAG,MAAM,CAAC,CAAC,WAAW,EAAE,CAAC;IAEzE,MAAM,GAAG,CAAC,GAAG,CAAC;QACZ,IAAI,EAAE,YAAY;QAClB,OAAO,EAAE,WAAW,KAAK,SAAS;QAClC,IAAI,EAAE;YACJ,OAAO,EAAE,IAAI;YACb,KAAK;YACL,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC3B,MAAM,EAAE,QAAQ;YAChB,OAAO;SACR;KACF,CAAC,CAAC;IAEH,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,GAAwB,EACxB,KAAa;IAEb,4DAA4D;IAC5D,MAAM,OAAO,GAAG,MAAM,GAAG,CAAC,MAAM,CAAC;QAC/B,IAAI,EAAE,YAAY;QAClB,IAAI,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE;KAC/B,CAAC,CAAC;IAEH,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC;IAElD,6CAA6C;IAC7C,MAAM,MAAM,GAAG,OAAO,CAAC,IAAI,CACzB,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,GAAG,IAAI,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,CAC5E,CAAC;IACF,MAAM,MAAM,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;IACzB,MAAM,IAAI,GAAG,MAAM,CAAC,IAA6D,CAAC;IAElF,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,MAAM,KAAK,QAAQ;QAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC;IAE/D,eAAe;IACf,IAAI,IAAI,CAAC,OAAO,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,OAAiB,CAAC,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;QAClE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC;IAC1B,CAAC;IAED,OAAO;QACL,KAAK,EAAE,IAAI;QACX,KAAK,EAAE,IAAI,CAAC,KAA2B;KACxC,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,GAAwB,EACxB,KAAa;IAEb,MAAM,KAAK,GAAG,MAAM,YAAY,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IAC7C,IAAI,CAAC,KAAK,CAAC,KAAK;QAAE,OAAO,KAAK,CAAC;IAE/B,MAAM,GAAG,CAAC,GAAG,CAAC;QACZ,IAAI,EAAE,YAAY;QAClB,OAAO,EAAE,WAAW,KAAK,UAAU;QACnC,IAAI,EAAE;YACJ,OAAO,EAAE,IAAI;YACb,KAAK;YACL,MAAM,EAAE,UAAU;SACnB;KACF,CAAC,CAAC;IAEH,OAAO,IAAI,CAAC;AACd,CAAC;AAKD,IAAI,QAAQ,GAAmB,IAAI,CAAC;AAEpC;;;GAGG;AACH,MAAM,UAAU,iBAAiB,CAAC,EAAW;IAC3C,QAAQ,GAAG,EAAE,CAAC;AAChB,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,GAAwB,EACxB,KAAa,EACb,OAAgB;IAEhB,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IAE9C,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;QAClB,MAAM,MAAM,GAAG,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC;QACpE,MAAM,KAAK,GAAG,OAAO,CAAC,CAAC,CAAC,KAAK,OAAO,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;QAC7C,GAAG,CAAC,IAAI,CAAC,sBAAsB,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,CAAC;QAE7D,IAAI,QAAQ,EAAE,CAAC;YACb,QAAQ,CACN,uBAAuB,KAAK,EAAE,EAC9B,wBAAwB,MAAM,IAAI,KAAK,OAAO,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,uCAAuC,CAC9G,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;gBACd,GAAG,CAAC,KAAK,CAAC,uBAAuB,EAAE,EAAE,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAClG,CAAC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC"}
|
|
@@ -83,6 +83,16 @@ export declare function registerTwilioStyleProvider(opts: {
|
|
|
83
83
|
name: string;
|
|
84
84
|
process: (payload: unknown, ctx?: Record<string, unknown>) => Promise<WebhookResult>;
|
|
85
85
|
}): WebhookProvider;
|
|
86
|
+
/**
|
|
87
|
+
* Create a provider that uses Svix-style signature verification (without registering).
|
|
88
|
+
* Used by Resend and other Svix-powered webhook services.
|
|
89
|
+
* HMAC-SHA256 of "{svix-id}.{svix-timestamp}.{rawBody}" with base64-decoded secret.
|
|
90
|
+
*/
|
|
91
|
+
export declare function createSvixStyleProvider(opts: {
|
|
92
|
+
name: string;
|
|
93
|
+
process: (payload: unknown, ctx?: Record<string, unknown>) => Promise<WebhookResult>;
|
|
94
|
+
maxAgeSeconds?: number;
|
|
95
|
+
}): WebhookProvider;
|
|
86
96
|
export { withRetryHandler } from "./retry.js";
|
|
87
97
|
/**
|
|
88
98
|
* Log a webhook event and delegate to a handler.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"handlers.d.ts","sourceRoot":"","sources":["../../src/webhooks/handlers.ts"],"names":[],"mappings":"AAAA;;;;GAIG;
|
|
1
|
+
{"version":3,"file":"handlers.d.ts","sourceRoot":"","sources":["../../src/webhooks/handlers.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,OAAO,KAAK,EACV,aAAa,EACb,eAAe,EAEf,YAAY,EAEb,MAAM,YAAY,CAAC;AAapB,YAAY,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAI/C;;;GAGG;AACH,wBAAgB,WAAW,CACzB,MAAM,EAAE,MAAM,EACd,EAAE,EAAE,CACF,OAAO,EAAE,OAAO,EAChB,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAC1B,OAAO,CAAC,aAAa,CAAC,GAC1B,CACD,OAAO,EAAE,OAAO,EAChB,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAC1B,OAAO,CAAC,aAAa,CAAC,CAa1B;AAID,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAIhD;;;;GAIG;AACH,wBAAgB,2BAA2B,CAAC,IAAI,EAAE;IAChD,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,CACP,OAAO,EAAE,OAAO,EAChB,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAC1B,OAAO,CAAC,aAAa,CAAC,CAAC;IAC5B,4GAA4G;IAC5G,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB,GAAG,eAAe,CAYlB;AAED;;;;GAIG;AACH,wBAAgB,6BAA6B,CAAC,IAAI,EAAE;IAClD,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,CACP,OAAO,EAAE,OAAO,EAChB,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAC1B,OAAO,CAAC,aAAa,CAAC,CAAC;IAC5B,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB,GAAG,eAAe,CAIlB;AAED;;GAEG;AACH,wBAAgB,8BAA8B,CAAC,IAAI,EAAE;IACnD,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,CACP,OAAO,EAAE,OAAO,EAChB,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAC1B,OAAO,CAAC,aAAa,CAAC,CAAC;IAC5B,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB,GAAG,eAAe,CAYlB;AAED;;;GAGG;AACH,wBAAgB,gCAAgC,CAAC,IAAI,EAAE;IACrD,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,CACP,OAAO,EAAE,OAAO,EAChB,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAC1B,OAAO,CAAC,aAAa,CAAC,CAAC;IAC5B,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB,GAAG,eAAe,CAIlB;AAED;;;GAGG;AACH,wBAAgB,wBAAwB,CAAC,IAAI,EAAE;IAC7C,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,CACP,OAAO,EAAE,OAAO,EAChB,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAC1B,OAAO,CAAC,aAAa,CAAC,CAAC;IAC5B,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,GAAG,eAAe,CAclB;AAED;;;GAGG;AACH,wBAAgB,0BAA0B,CAAC,IAAI,EAAE;IAC/C,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,CACP,OAAO,EAAE,OAAO,EAChB,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAC1B,OAAO,CAAC,aAAa,CAAC,CAAC;IAC5B,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,GAAG,eAAe,CAIlB;AAED;;;GAGG;AACH,wBAAgB,yBAAyB,CAAC,IAAI,EAAE;IAC9C,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,CACP,OAAO,EAAE,OAAO,EAChB,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAC1B,OAAO,CAAC,aAAa,CAAC,CAAC;CAC7B,GAAG,eAAe,CAgBlB;AAED;;;GAGG;AACH,wBAAgB,2BAA2B,CAAC,IAAI,EAAE;IAChD,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,CACP,OAAO,EAAE,OAAO,EAChB,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAC1B,OAAO,CAAC,aAAa,CAAC,CAAC;CAC7B,GAAG,eAAe,CAIlB;AAED;;;;GAIG;AACH,wBAAgB,uBAAuB,CAAC,IAAI,EAAE;IAC5C,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,CACP,OAAO,EAAE,OAAO,EAChB,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAC1B,OAAO,CAAC,aAAa,CAAC,CAAC;IAC5B,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,GAAG,eAAe,CAgDlB;AAID,OAAO,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAI9C;;;GAGG;AACH,wBAAgB,WAAW,CACzB,MAAM,EAAE,MAAM,EACd,EAAE,EAAE,CACF,OAAO,EAAE,OAAO,EAChB,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAC1B,OAAO,CAAC,aAAa,CAAC,GAC1B,CACD,OAAO,EAAE,OAAO,EAChB,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAC1B,OAAO,CAAC,aAAa,CAAC,CAkB1B;AAID;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,CAAC,EAChC,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,CAAC,EACV,IAAI,CAAC,EAAE;IACL,aAAa,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC,KAAK,MAAM,CAAC;IACjC,WAAW,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC,KAAK,MAAM,CAAC;CAChC,GACA,YAAY,CAAC,CAAC,CAAC,CAKjB"}
|
|
@@ -3,6 +3,7 @@
|
|
|
3
3
|
* Provides safe-execution wrappers, logging, provider factory helpers,
|
|
4
4
|
* and reusable building blocks for processing webhook events.
|
|
5
5
|
*/
|
|
6
|
+
import * as crypto from "node:crypto";
|
|
6
7
|
import { logActivity } from "../activity/log.js";
|
|
7
8
|
import { registerProvider } from "./registry.js";
|
|
8
9
|
import { hmacSha256Hex, hmacSha256Base64, hmacSha1Base64, timingSafeCompare, isTimestampFresh, } from "./verify.js";
|
|
@@ -141,6 +142,58 @@ export function registerTwilioStyleProvider(opts) {
|
|
|
141
142
|
registerProvider(provider);
|
|
142
143
|
return provider;
|
|
143
144
|
}
|
|
145
|
+
/**
|
|
146
|
+
* Create a provider that uses Svix-style signature verification (without registering).
|
|
147
|
+
* Used by Resend and other Svix-powered webhook services.
|
|
148
|
+
* HMAC-SHA256 of "{svix-id}.{svix-timestamp}.{rawBody}" with base64-decoded secret.
|
|
149
|
+
*/
|
|
150
|
+
export function createSvixStyleProvider(opts) {
|
|
151
|
+
return {
|
|
152
|
+
name: opts.name,
|
|
153
|
+
verify(ctx) {
|
|
154
|
+
const svixId = ctx.headers?.["svix-id"] ?? "";
|
|
155
|
+
const svixTimestamp = ctx.headers?.["svix-timestamp"] ?? "";
|
|
156
|
+
const svixSignature = ctx.signature; // svix-signature header value
|
|
157
|
+
if (!svixId || !svixTimestamp || !svixSignature)
|
|
158
|
+
return false;
|
|
159
|
+
// Check timestamp freshness
|
|
160
|
+
const ts = parseInt(svixTimestamp, 10);
|
|
161
|
+
if (!isTimestampFresh(ts, opts.maxAgeSeconds ?? 300))
|
|
162
|
+
return false;
|
|
163
|
+
// Decode secret: strip "whsec_" prefix if present, then base64-decode
|
|
164
|
+
let secretKey;
|
|
165
|
+
try {
|
|
166
|
+
const rawSecret = ctx.secret.startsWith("whsec_")
|
|
167
|
+
? ctx.secret.slice(6)
|
|
168
|
+
: ctx.secret;
|
|
169
|
+
secretKey = Buffer.from(rawSecret, "base64");
|
|
170
|
+
}
|
|
171
|
+
catch {
|
|
172
|
+
return false;
|
|
173
|
+
}
|
|
174
|
+
// Compute expected signature
|
|
175
|
+
const signPayload = `${svixId}.${svixTimestamp}.${ctx.rawBody}`;
|
|
176
|
+
const computed = crypto
|
|
177
|
+
.createHmac("sha256", secretKey)
|
|
178
|
+
.update(signPayload)
|
|
179
|
+
.digest("base64");
|
|
180
|
+
// Compare against each space-separated signature group ("v1,<base64>")
|
|
181
|
+
const sigGroups = svixSignature.split(" ");
|
|
182
|
+
for (const group of sigGroups) {
|
|
183
|
+
const commaIdx = group.indexOf(",");
|
|
184
|
+
if (commaIdx === -1)
|
|
185
|
+
continue;
|
|
186
|
+
const version = group.slice(0, commaIdx);
|
|
187
|
+
const candidate = group.slice(commaIdx + 1);
|
|
188
|
+
if (version === "v1" && timingSafeCompare(candidate, computed)) {
|
|
189
|
+
return true;
|
|
190
|
+
}
|
|
191
|
+
}
|
|
192
|
+
return false;
|
|
193
|
+
},
|
|
194
|
+
process: opts.process,
|
|
195
|
+
};
|
|
196
|
+
}
|
|
144
197
|
// ── Re-export from retry.ts for backward compatibility ───────────────────────
|
|
145
198
|
export { withRetryHandler } from "./retry.js";
|
|
146
199
|
// ── Logging helper ───────────────────────────────────────────────────────────
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"handlers.js","sourceRoot":"","sources":["../../src/webhooks/handlers.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAQjD,OAAO,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AACjD,OAAO,EACL,aAAa,EACb,gBAAgB,EAChB,cAAc,EACd,iBAAiB,EACjB,gBAAgB,GACjB,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAMjD,gFAAgF;AAEhF;;;GAGG;AACH,MAAM,UAAU,WAAW,CACzB,MAAc,EACd,EAG2B;IAK3B,OAAO,KAAK,EAAE,OAAO,EAAE,GAAG,EAAE,EAAE;QAC5B,IAAI,CAAC;YACH,OAAO,MAAM,EAAE,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;QAChC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAC7D,WAAW,CAAC;gBACV,MAAM,EAAE,QAAQ;gBAChB,OAAO,EAAE,0BAA0B,MAAM,MAAM,GAAG,EAAE;aACrD,CAAC,CAAC;YACH,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,kBAAkB,GAAG,EAAE,EAAE,CAAC;QAC9D,CAAC;IACH,CAAC,CAAC;AACJ,CAAC;AAED,gFAAgF;AAEhF,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAEhD,gFAAgF;AAEhF;;;;GAIG;AACH,MAAM,UAAU,2BAA2B,CAAC,IAQ3C;IACC,OAAO;QACL,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,MAAM,CAAC,GAAkB;YACvB,MAAM,GAAG,GAAG,IAAI,CAAC,WAAW;gBAC1B,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC;gBACvC,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC;YAClB,MAAM,QAAQ,GAAG,aAAa,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;YACxD,OAAO,iBAAiB,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;QAC1C,CAAC;QACD,OAAO,EAAE,IAAI,CAAC,OAAO;KACtB,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,6BAA6B,CAAC,IAO7C;IACC,MAAM,QAAQ,GAAG,2BAA2B,CAAC,IAAI,CAAC,CAAC;IACnD,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IAC3B,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,8BAA8B,CAAC,IAO9C;IACC,OAAO;QACL,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,MAAM,CAAC,GAAkB;YACvB,MAAM,GAAG,GAAG,IAAI,CAAC,WAAW;gBAC1B,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC;gBACvC,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC;YAClB,MAAM,QAAQ,GAAG,gBAAgB,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;YAC3D,OAAO,iBAAiB,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;QAC1C,CAAC;QACD,OAAO,EAAE,IAAI,CAAC,OAAO;KACtB,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,gCAAgC,CAAC,IAOhD;IACC,MAAM,QAAQ,GAAG,8BAA8B,CAAC,IAAI,CAAC,CAAC;IACtD,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IAC3B,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,wBAAwB,CAAC,IAOxC;IACC,OAAO;QACL,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,MAAM,CAAC,GAAkB;YACvB,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC;YACnD,MAAM,EAAE,GAAG,QAAQ,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;YACnC,IAAI,CAAC,gBAAgB,CAAC,EAAE,EAAE,IAAI,CAAC,aAAa,IAAI,GAAG,CAAC;gBAAE,OAAO,KAAK,CAAC;YAEnE,MAAM,UAAU,GAAG,MAAM,SAAS,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC;YACpD,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,UAAU,EAAE,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;YAC/D,OAAO,iBAAiB,CAAC,GAAG,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;QACpD,CAAC;QACD,OAAO,EAAE,IAAI,CAAC,OAAO;KACtB,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,0BAA0B,CAAC,IAO1C;IACC,MAAM,QAAQ,GAAG,wBAAwB,CAAC,IAAI,CAAC,CAAC;IAChD,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IAC3B,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,yBAAyB,CAAC,IAMzC;IACC,OAAO;QACL,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,MAAM,CAAC,GAAkB;YACvB,IAAI,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM;gBAAE,OAAO,KAAK,CAAC;YAE1C,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC;YAClD,IAAI,IAAI,GAAG,GAAG,CAAC,GAAG,CAAC;YACnB,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;gBAC7B,IAAI,IAAI,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAChC,CAAC;YACD,MAAM,QAAQ,GAAG,cAAc,CAAC,IAAI,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;YAClD,OAAO,iBAAiB,CAAC,GAAG,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;QACpD,CAAC;QACD,OAAO,EAAE,IAAI,CAAC,OAAO;KACtB,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,2BAA2B,CAAC,IAM3C;IACC,MAAM,QAAQ,GAAG,yBAAyB,CAAC,IAAI,CAAC,CAAC;IACjD,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IAC3B,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,gFAAgF;AAEhF,OAAO,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAE9C,gFAAgF;AAEhF;;;GAGG;AACH,MAAM,UAAU,WAAW,CACzB,MAAc,EACd,EAG2B;IAK3B,OAAO,KAAK,EAAE,OAAO,EAAE,GAAG,EAAE,EAAE;QAC5B,WAAW,CAAC;YACV,MAAM,EAAE,QAAQ;YAChB,OAAO,EAAE,qBAAqB,MAAM,EAAE;SACvC,CAAC,CAAC;QAEH,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;QAEtC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,WAAW,CAAC;gBACV,MAAM,EAAE,QAAQ;gBAChB,OAAO,EAAE,wBAAwB,MAAM,MAAM,MAAM,CAAC,OAAO,EAAE;aAC9D,CAAC,CAAC;QACL,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC,CAAC;AACJ,CAAC;AAED,gFAAgF;AAEhF;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAC9B,MAAc,EACd,OAAU,EACV,IAGC;IAED,OAAO,kBAAkB,CAAC,MAAM,EAAE,OAAO,EAAE;QACzC,SAAS,EAAE,IAAI,EAAE,aAAa,EAAE,CAAC,OAAO,CAAC;QACzC,UAAU,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC,OAAO,CAAC;KACzC,CAAC,CAAC;AACL,CAAC"}
|
|
1
|
+
{"version":3,"file":"handlers.js","sourceRoot":"","sources":["../../src/webhooks/handlers.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,MAAM,MAAM,aAAa,CAAC;AACtC,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAQjD,OAAO,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AACjD,OAAO,EACL,aAAa,EACb,gBAAgB,EAChB,cAAc,EACd,iBAAiB,EACjB,gBAAgB,GACjB,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAMjD,gFAAgF;AAEhF;;;GAGG;AACH,MAAM,UAAU,WAAW,CACzB,MAAc,EACd,EAG2B;IAK3B,OAAO,KAAK,EAAE,OAAO,EAAE,GAAG,EAAE,EAAE;QAC5B,IAAI,CAAC;YACH,OAAO,MAAM,EAAE,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;QAChC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAC7D,WAAW,CAAC;gBACV,MAAM,EAAE,QAAQ;gBAChB,OAAO,EAAE,0BAA0B,MAAM,MAAM,GAAG,EAAE;aACrD,CAAC,CAAC;YACH,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,kBAAkB,GAAG,EAAE,EAAE,CAAC;QAC9D,CAAC;IACH,CAAC,CAAC;AACJ,CAAC;AAED,gFAAgF;AAEhF,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAEhD,gFAAgF;AAEhF;;;;GAIG;AACH,MAAM,UAAU,2BAA2B,CAAC,IAQ3C;IACC,OAAO;QACL,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,MAAM,CAAC,GAAkB;YACvB,MAAM,GAAG,GAAG,IAAI,CAAC,WAAW;gBAC1B,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC;gBACvC,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC;YAClB,MAAM,QAAQ,GAAG,aAAa,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;YACxD,OAAO,iBAAiB,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;QAC1C,CAAC;QACD,OAAO,EAAE,IAAI,CAAC,OAAO;KACtB,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,6BAA6B,CAAC,IAO7C;IACC,MAAM,QAAQ,GAAG,2BAA2B,CAAC,IAAI,CAAC,CAAC;IACnD,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IAC3B,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,8BAA8B,CAAC,IAO9C;IACC,OAAO;QACL,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,MAAM,CAAC,GAAkB;YACvB,MAAM,GAAG,GAAG,IAAI,CAAC,WAAW;gBAC1B,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC;gBACvC,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC;YAClB,MAAM,QAAQ,GAAG,gBAAgB,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;YAC3D,OAAO,iBAAiB,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;QAC1C,CAAC;QACD,OAAO,EAAE,IAAI,CAAC,OAAO;KACtB,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,gCAAgC,CAAC,IAOhD;IACC,MAAM,QAAQ,GAAG,8BAA8B,CAAC,IAAI,CAAC,CAAC;IACtD,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IAC3B,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,wBAAwB,CAAC,IAOxC;IACC,OAAO;QACL,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,MAAM,CAAC,GAAkB;YACvB,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC;YACnD,MAAM,EAAE,GAAG,QAAQ,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;YACnC,IAAI,CAAC,gBAAgB,CAAC,EAAE,EAAE,IAAI,CAAC,aAAa,IAAI,GAAG,CAAC;gBAAE,OAAO,KAAK,CAAC;YAEnE,MAAM,UAAU,GAAG,MAAM,SAAS,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC;YACpD,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,UAAU,EAAE,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;YAC/D,OAAO,iBAAiB,CAAC,GAAG,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;QACpD,CAAC;QACD,OAAO,EAAE,IAAI,CAAC,OAAO;KACtB,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,0BAA0B,CAAC,IAO1C;IACC,MAAM,QAAQ,GAAG,wBAAwB,CAAC,IAAI,CAAC,CAAC;IAChD,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IAC3B,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,yBAAyB,CAAC,IAMzC;IACC,OAAO;QACL,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,MAAM,CAAC,GAAkB;YACvB,IAAI,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM;gBAAE,OAAO,KAAK,CAAC;YAE1C,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC;YAClD,IAAI,IAAI,GAAG,GAAG,CAAC,GAAG,CAAC;YACnB,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;gBAC7B,IAAI,IAAI,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAChC,CAAC;YACD,MAAM,QAAQ,GAAG,cAAc,CAAC,IAAI,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;YAClD,OAAO,iBAAiB,CAAC,GAAG,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;QACpD,CAAC;QACD,OAAO,EAAE,IAAI,CAAC,OAAO;KACtB,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,2BAA2B,CAAC,IAM3C;IACC,MAAM,QAAQ,GAAG,yBAAyB,CAAC,IAAI,CAAC,CAAC;IACjD,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IAC3B,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,uBAAuB,CAAC,IAOvC;IACC,OAAO;QACL,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,MAAM,CAAC,GAAkB;YACvB,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;YAC9C,MAAM,aAAa,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC,gBAAgB,CAAC,IAAI,EAAE,CAAC;YAC5D,MAAM,aAAa,GAAG,GAAG,CAAC,SAAS,CAAC,CAAC,8BAA8B;YAEnE,IAAI,CAAC,MAAM,IAAI,CAAC,aAAa,IAAI,CAAC,aAAa;gBAAE,OAAO,KAAK,CAAC;YAE9D,4BAA4B;YAC5B,MAAM,EAAE,GAAG,QAAQ,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;YACvC,IAAI,CAAC,gBAAgB,CAAC,EAAE,EAAE,IAAI,CAAC,aAAa,IAAI,GAAG,CAAC;gBAAE,OAAO,KAAK,CAAC;YAEnE,sEAAsE;YACtE,IAAI,SAAiB,CAAC;YACtB,IAAI,CAAC;gBACH,MAAM,SAAS,GAAG,GAAG,CAAC,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC;oBAC/C,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;oBACrB,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC;gBACf,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;YAC/C,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,KAAK,CAAC;YACf,CAAC;YAED,6BAA6B;YAC7B,MAAM,WAAW,GAAG,GAAG,MAAM,IAAI,aAAa,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC;YAChE,MAAM,QAAQ,GAAG,MAAM;iBACpB,UAAU,CAAC,QAAQ,EAAE,SAAS,CAAC;iBAC/B,MAAM,CAAC,WAAW,CAAC;iBACnB,MAAM,CAAC,QAAQ,CAAC,CAAC;YAEpB,uEAAuE;YACvE,MAAM,SAAS,GAAG,aAAa,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAC3C,KAAK,MAAM,KAAK,IAAI,SAAS,EAAE,CAAC;gBAC9B,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;gBACpC,IAAI,QAAQ,KAAK,CAAC,CAAC;oBAAE,SAAS;gBAC9B,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;gBACzC,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC;gBAC5C,IAAI,OAAO,KAAK,IAAI,IAAI,iBAAiB,CAAC,SAAS,EAAE,QAAQ,CAAC,EAAE,CAAC;oBAC/D,OAAO,IAAI,CAAC;gBACd,CAAC;YACH,CAAC;YAED,OAAO,KAAK,CAAC;QACf,CAAC;QACD,OAAO,EAAE,IAAI,CAAC,OAAO;KACtB,CAAC;AACJ,CAAC;AAED,gFAAgF;AAEhF,OAAO,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAE9C,gFAAgF;AAEhF;;;GAGG;AACH,MAAM,UAAU,WAAW,CACzB,MAAc,EACd,EAG2B;IAK3B,OAAO,KAAK,EAAE,OAAO,EAAE,GAAG,EAAE,EAAE;QAC5B,WAAW,CAAC;YACV,MAAM,EAAE,QAAQ;YAChB,OAAO,EAAE,qBAAqB,MAAM,EAAE;SACvC,CAAC,CAAC;QAEH,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;QAEtC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,WAAW,CAAC;gBACV,MAAM,EAAE,QAAQ;gBAChB,OAAO,EAAE,wBAAwB,MAAM,MAAM,MAAM,CAAC,OAAO,EAAE;aAC9D,CAAC,CAAC;QACL,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC,CAAC;AACJ,CAAC;AAED,gFAAgF;AAEhF;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAC9B,MAAc,EACd,OAAU,EACV,IAGC;IAED,OAAO,kBAAkB,CAAC,MAAM,EAAE,OAAO,EAAE;QACzC,SAAS,EAAE,IAAI,EAAE,aAAa,EAAE,CAAC,OAAO,CAAC;QACzC,UAAU,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC,OAAO,CAAC;KACzC,CAAC,CAAC;AACL,CAAC"}
|
package/dist/webhooks/index.d.ts
CHANGED
|
@@ -12,12 +12,12 @@
|
|
|
12
12
|
*/
|
|
13
13
|
export type { WebhookResult, VerifyContext, WebhookRetryOpts, WebhookProvider, WebhookEvent, WebhookRequestContext, WebhookMiddleware, ProviderStats, ProviderHealth, ProviderHealthSummary, DeduplicationOpts, EventHandler, SignatureAlgorithm, WebhookProviderConfig, WebhookSystemConfig, } from "./types.js";
|
|
14
14
|
export { registerProvider, registerProviders, getProvider, listProviders, removeProvider, recordSuccess, recordFailure, getProviderStats, getAllProviderStats, resetProviderStats, getProviderHealth, getAllProviderHealth, } from "./registry.js";
|
|
15
|
-
export { hmacSha256Hex, hmacSha256Base64, hmacSha1Base64, timingSafeCompare, isTimestampFresh, verifyHmacSha256Hex, verifyHmacSha256Base64, verifySlackV0, verifyTwilio, } from "./verify.js";
|
|
15
|
+
export { hmacSha256Hex, hmacSha256Base64, hmacSha1Base64, timingSafeCompare, isTimestampFresh, verifyHmacSha256Hex, verifyHmacSha256Base64, verifySlackV0, verifySvix, verifyTwilio, } from "./verify.js";
|
|
16
16
|
export { routeWebhook, routeWebhookRequest, composeMiddleware, validateRequest, deduplicateRequests, rateLimitRequests, createWebhookEvent, createEventRouter, normalizeToEvent, } from "./router.js";
|
|
17
17
|
export { withWebhookRetry, classifyError, createWebhookError, DeadLetterQueue, withRetryHandler, } from "./retry.js";
|
|
18
18
|
export type { WebhookErrorKind, WebhookError, DeadLetterEntry } from "./retry.js";
|
|
19
19
|
export { getConfig, setConfig, getProviderConfig, setProviderConfig, setProviderConfigs, removeProviderConfig, listConfiguredProviders, resolveSecret, getProviderSecret, getProviderRetryOpts, isProviderEnabled, validateProviderConfig, validateConfig, loadConfigFromFile, saveConfigToFile, } from "./config.js";
|
|
20
|
-
export { safeHandler, createHmacSha256HexProvider, createHmacSha256Base64Provider, createSlackStyleProvider, createTwilioStyleProvider, registerHmacSha256HexProvider, registerHmacSha256Base64Provider, registerSlackStyleProvider, registerTwilioStyleProvider, withLogging, } from "./handlers.js";
|
|
20
|
+
export { safeHandler, createHmacSha256HexProvider, createHmacSha256Base64Provider, createSlackStyleProvider, createTwilioStyleProvider, createSvixStyleProvider, registerHmacSha256HexProvider, registerHmacSha256Base64Provider, registerSlackStyleProvider, registerTwilioStyleProvider, withLogging, } from "./handlers.js";
|
|
21
21
|
export { WebhookHandler } from "./handler.js";
|
|
22
22
|
export type { WebhookHandlerConfig } from "./handler.js";
|
|
23
23
|
export { mountWebhookAdmin, createWebhookRoute, verifyWebhookRequest, processVerifiedWebhook, getDeadLetterQueue, } from "./mount.js";
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/webhooks/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAIH,YAAY,EACV,aAAa,EACb,aAAa,EACb,gBAAgB,EAChB,eAAe,EACf,YAAY,EACZ,qBAAqB,EACrB,iBAAiB,EACjB,aAAa,EACb,cAAc,EACd,qBAAqB,EACrB,iBAAiB,EACjB,YAAY,EACZ,kBAAkB,EAClB,qBAAqB,EACrB,mBAAmB,GACpB,MAAM,YAAY,CAAC;AAIpB,OAAO,EACL,gBAAgB,EAChB,iBAAiB,EACjB,WAAW,EACX,aAAa,EACb,cAAc,EACd,aAAa,EACb,aAAa,EACb,gBAAgB,EAChB,mBAAmB,EACnB,kBAAkB,EAClB,iBAAiB,EACjB,oBAAoB,GACrB,MAAM,eAAe,CAAC;AAIvB,OAAO,EACL,aAAa,EACb,gBAAgB,EAChB,cAAc,EACd,iBAAiB,EACjB,gBAAgB,EAChB,mBAAmB,EACnB,sBAAsB,EACtB,aAAa,EACb,YAAY,GACb,MAAM,aAAa,CAAC;AAIrB,OAAO,EACL,YAAY,EACZ,mBAAmB,EACnB,iBAAiB,EACjB,eAAe,EACf,mBAAmB,EACnB,iBAAiB,EACjB,kBAAkB,EAClB,iBAAiB,EACjB,gBAAgB,GACjB,MAAM,aAAa,CAAC;AAIrB,OAAO,EACL,gBAAgB,EAChB,aAAa,EACb,kBAAkB,EAClB,eAAe,EACf,gBAAgB,GACjB,MAAM,YAAY,CAAC;AAEpB,YAAY,EAAE,gBAAgB,EAAE,YAAY,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAIlF,OAAO,EACL,SAAS,EACT,SAAS,EACT,iBAAiB,EACjB,iBAAiB,EACjB,kBAAkB,EAClB,oBAAoB,EACpB,uBAAuB,EACvB,aAAa,EACb,iBAAiB,EACjB,oBAAoB,EACpB,iBAAiB,EACjB,sBAAsB,EACtB,cAAc,EACd,kBAAkB,EAClB,gBAAgB,GACjB,MAAM,aAAa,CAAC;AAIrB,OAAO,EACL,WAAW,EACX,2BAA2B,EAC3B,8BAA8B,EAC9B,wBAAwB,EACxB,yBAAyB,EACzB,6BAA6B,EAC7B,gCAAgC,EAChC,0BAA0B,EAC1B,2BAA2B,EAC3B,WAAW,GACZ,MAAM,eAAe,CAAC;AAIvB,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAC9C,YAAY,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AAIzD,OAAO,EACL,iBAAiB,EACjB,kBAAkB,EAClB,oBAAoB,EACpB,sBAAsB,EACtB,kBAAkB,GACnB,MAAM,YAAY,CAAC;AAEpB,YAAY,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAInD,OAAO,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAC;AAClD,YAAY,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAIpD,OAAO,EACL,eAAe,EACf,eAAe,EACf,eAAe,EACf,kBAAkB,EAClB,aAAa,EACb,kBAAkB,EAClB,kBAAkB,GACnB,MAAM,gBAAgB,CAAC;AAExB,YAAY,EACV,oBAAoB,EACpB,cAAc,EACd,eAAe,GAChB,MAAM,gBAAgB,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/webhooks/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAIH,YAAY,EACV,aAAa,EACb,aAAa,EACb,gBAAgB,EAChB,eAAe,EACf,YAAY,EACZ,qBAAqB,EACrB,iBAAiB,EACjB,aAAa,EACb,cAAc,EACd,qBAAqB,EACrB,iBAAiB,EACjB,YAAY,EACZ,kBAAkB,EAClB,qBAAqB,EACrB,mBAAmB,GACpB,MAAM,YAAY,CAAC;AAIpB,OAAO,EACL,gBAAgB,EAChB,iBAAiB,EACjB,WAAW,EACX,aAAa,EACb,cAAc,EACd,aAAa,EACb,aAAa,EACb,gBAAgB,EAChB,mBAAmB,EACnB,kBAAkB,EAClB,iBAAiB,EACjB,oBAAoB,GACrB,MAAM,eAAe,CAAC;AAIvB,OAAO,EACL,aAAa,EACb,gBAAgB,EAChB,cAAc,EACd,iBAAiB,EACjB,gBAAgB,EAChB,mBAAmB,EACnB,sBAAsB,EACtB,aAAa,EACb,UAAU,EACV,YAAY,GACb,MAAM,aAAa,CAAC;AAIrB,OAAO,EACL,YAAY,EACZ,mBAAmB,EACnB,iBAAiB,EACjB,eAAe,EACf,mBAAmB,EACnB,iBAAiB,EACjB,kBAAkB,EAClB,iBAAiB,EACjB,gBAAgB,GACjB,MAAM,aAAa,CAAC;AAIrB,OAAO,EACL,gBAAgB,EAChB,aAAa,EACb,kBAAkB,EAClB,eAAe,EACf,gBAAgB,GACjB,MAAM,YAAY,CAAC;AAEpB,YAAY,EAAE,gBAAgB,EAAE,YAAY,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAIlF,OAAO,EACL,SAAS,EACT,SAAS,EACT,iBAAiB,EACjB,iBAAiB,EACjB,kBAAkB,EAClB,oBAAoB,EACpB,uBAAuB,EACvB,aAAa,EACb,iBAAiB,EACjB,oBAAoB,EACpB,iBAAiB,EACjB,sBAAsB,EACtB,cAAc,EACd,kBAAkB,EAClB,gBAAgB,GACjB,MAAM,aAAa,CAAC;AAIrB,OAAO,EACL,WAAW,EACX,2BAA2B,EAC3B,8BAA8B,EAC9B,wBAAwB,EACxB,yBAAyB,EACzB,uBAAuB,EACvB,6BAA6B,EAC7B,gCAAgC,EAChC,0BAA0B,EAC1B,2BAA2B,EAC3B,WAAW,GACZ,MAAM,eAAe,CAAC;AAIvB,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAC9C,YAAY,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AAIzD,OAAO,EACL,iBAAiB,EACjB,kBAAkB,EAClB,oBAAoB,EACpB,sBAAsB,EACtB,kBAAkB,GACnB,MAAM,YAAY,CAAC;AAEpB,YAAY,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAInD,OAAO,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAC;AAClD,YAAY,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAIpD,OAAO,EACL,eAAe,EACf,eAAe,EACf,eAAe,EACf,kBAAkB,EAClB,aAAa,EACb,kBAAkB,EAClB,kBAAkB,GACnB,MAAM,gBAAgB,CAAC;AAExB,YAAY,EACV,oBAAoB,EACpB,cAAc,EACd,eAAe,GAChB,MAAM,gBAAgB,CAAC"}
|
package/dist/webhooks/index.js
CHANGED
|
@@ -13,7 +13,7 @@
|
|
|
13
13
|
// ── Registry ─────────────────────────────────────────────────────────────────
|
|
14
14
|
export { registerProvider, registerProviders, getProvider, listProviders, removeProvider, recordSuccess, recordFailure, getProviderStats, getAllProviderStats, resetProviderStats, getProviderHealth, getAllProviderHealth, } from "./registry.js";
|
|
15
15
|
// ── Signature verification ───────────────────────────────────────────────────
|
|
16
|
-
export { hmacSha256Hex, hmacSha256Base64, hmacSha1Base64, timingSafeCompare, isTimestampFresh, verifyHmacSha256Hex, verifyHmacSha256Base64, verifySlackV0, verifyTwilio, } from "./verify.js";
|
|
16
|
+
export { hmacSha256Hex, hmacSha256Base64, hmacSha1Base64, timingSafeCompare, isTimestampFresh, verifyHmacSha256Hex, verifyHmacSha256Base64, verifySlackV0, verifySvix, verifyTwilio, } from "./verify.js";
|
|
17
17
|
// ── Routing & dispatching ────────────────────────────────────────────────────
|
|
18
18
|
export { routeWebhook, routeWebhookRequest, composeMiddleware, validateRequest, deduplicateRequests, rateLimitRequests, createWebhookEvent, createEventRouter, normalizeToEvent, } from "./router.js";
|
|
19
19
|
// ── Retry & error handling ───────────────────────────────────────────────────
|
|
@@ -21,7 +21,7 @@ export { withWebhookRetry, classifyError, createWebhookError, DeadLetterQueue, w
|
|
|
21
21
|
// ── Configuration management ─────────────────────────────────────────────────
|
|
22
22
|
export { getConfig, setConfig, getProviderConfig, setProviderConfig, setProviderConfigs, removeProviderConfig, listConfiguredProviders, resolveSecret, getProviderSecret, getProviderRetryOpts, isProviderEnabled, validateProviderConfig, validateConfig, loadConfigFromFile, saveConfigToFile, } from "./config.js";
|
|
23
23
|
// ── Handler utilities ────────────────────────────────────────────────────────
|
|
24
|
-
export { safeHandler, createHmacSha256HexProvider, createHmacSha256Base64Provider, createSlackStyleProvider, createTwilioStyleProvider, registerHmacSha256HexProvider, registerHmacSha256Base64Provider, registerSlackStyleProvider, registerTwilioStyleProvider, withLogging, } from "./handlers.js";
|
|
24
|
+
export { safeHandler, createHmacSha256HexProvider, createHmacSha256Base64Provider, createSlackStyleProvider, createTwilioStyleProvider, createSvixStyleProvider, registerHmacSha256HexProvider, registerHmacSha256Base64Provider, registerSlackStyleProvider, registerTwilioStyleProvider, withLogging, } from "./handlers.js";
|
|
25
25
|
// ── Base class ──────────────────────────────────────────────────────────────
|
|
26
26
|
export { WebhookHandler } from "./handler.js";
|
|
27
27
|
// ── Route mounting & admin ──────────────────────────────────────────────────
|