npm - @rusamer/envgod - Versions diffs - 0.0.1 - Mend

@rusamer/envgod 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

package/LICENSE +21 -0
package/README.md +99 -0
package/dist/index.d.mts +17 -0
package/dist/index.d.ts +17 -0
package/dist/index.js +137 -0
package/dist/index.js.map +1 -0
package/dist/index.mjs +133 -0
package/dist/index.mjs.map +1 -0
package/dist/next.d.mts +6 -0
package/dist/next.d.ts +6 -0
package/dist/next.js +138 -0
package/dist/next.js.map +1 -0
package/dist/next.mjs +136 -0
package/dist/next.mjs.map +1 -0
package/dist/types-BJpNm9Vm.d.mts +22 -0
package/dist/types-BJpNm9Vm.d.ts +22 -0
package/package.json +57 -0

package/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2024 EnvGod
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md ADDED Viewed

@@ -0,0 +1,99 @@
+# EnvGod SDK
+A secure, server-side Node.js and Next.js SDK for fetching environment bundles from the EnvGod Data Plane.
+## Features
+- **Secure by Default**: Throws if executed in a browser environment.
+- **In-Memory Only**: Never writes secrets to disk or logs them.
+- **Auto-Auth**: Exchanges `ENVGOD_API_KEY` for short-lived JWTs.
+- **Smart Caching**: Caches tokens and bundles in memory until expiry.
+- **Reliable**: Automatic retry on 401 (token expiry) and network resiliency.
+- **Next.js Ready**: Dedicated `envgod/next` entry point with `server-only` guards.
+## Installation
+```bash
+npm install @rusamer/envgod
+# or
+pnpm add @rusamer/envgod
+# or
+yarn add @rusamer/envgod
+```
+## Configuration
+The SDK automatically reads the following environment variables:
+| Variable | Description |
+|C...|...|
+| `ENVGOD_API_URL` | URL of the EnvGod Data Plane |
+| `ENVGOD_API_KEY` | Your project Service Key |
+| `ENVGOD_PROJECT` | Project ID |
+| `ENVGOD_ENV` | Environment Name (e.g., prod) |
+| `ENVGOD_SERVICE` | Service Name |
+## Usage
+### Node.js
+```typescript
+import { loadEnv } from '@rusamer/envgod';
+async function main() {
+  const env = await loadEnv();
+  console.log(process.env.MY_SECRET); // Accessed from process.env
+  console.log(env.MY_SECRET);         // Or from the returned object
+}
+main();
+```
+### Next.js (App Router / Server Actions)
+Use the Next.js specific helper to ensure server-side only execution.
+```typescript
+// src/lib/env.ts
+import { loadServerEnv } from '@rusamer/envgod/next';
+export async function getSecrets() {
+  return loadServerEnv();
+}
+```
+```typescript
+// src/app/page.tsx
+import { getSecrets } from '@/lib/env';
+export default async function Page() {
+  const env = await getSecrets();
+  return <div>Secret length: {env.API_KEY.length}</div>;
+}
+```
+## Security Notes
+1. **Server-Only**: This SDK is designed strictly for server environments. It explicitly checks for `window` and imports `server-only` in the Next.js entrypoint.
+2. **No Persistance**: Secrets are held in memory. Restarting the server will trigger a fresh fetch.
+3. **Logs**: The SDK does not log secret values.
+## For Maintainers
+### Build
+```bash
+pnpm build
+```
+### Test
+```bash
+pnpm test
+```
+### Publish
+1. `npm version patch`
+2. `npm publish`

package/dist/index.d.mts ADDED Viewed

@@ -0,0 +1,17 @@
+import { L as LoadEnvOptions, E as EnvGodConfig } from './types-BJpNm9Vm.mjs';
+export { A as AuthExchangeResponse, B as BundleResponse } from './types-BJpNm9Vm.mjs';
+/** @internal For testing only */
+declare function _resetState(): void;
+/**
+ * Validates and returns the configuration.
+ * Prioritizes options > process.env.
+ */
+declare function getEnvGodConfig(options?: LoadEnvOptions): EnvGodConfig;
+/**
+ * Main entry point to load environment variables.
+ * Uses Singleflight pattern to prevent concurrent network requests.
+ */
+declare function loadEnv(options?: LoadEnvOptions): Promise<Record<string, string>>;
+export { EnvGodConfig, LoadEnvOptions, _resetState, getEnvGodConfig, loadEnv };

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,17 @@
+import { L as LoadEnvOptions, E as EnvGodConfig } from './types-BJpNm9Vm.js';
+export { A as AuthExchangeResponse, B as BundleResponse } from './types-BJpNm9Vm.js';
+/** @internal For testing only */
+declare function _resetState(): void;
+/**
+ * Validates and returns the configuration.
+ * Prioritizes options > process.env.
+ */
+declare function getEnvGodConfig(options?: LoadEnvOptions): EnvGodConfig;
+/**
+ * Main entry point to load environment variables.
+ * Uses Singleflight pattern to prevent concurrent network requests.
+ */
+declare function loadEnv(options?: LoadEnvOptions): Promise<Record<string, string>>;
+export { EnvGodConfig, LoadEnvOptions, _resetState, getEnvGodConfig, loadEnv };

package/dist/index.js ADDED Viewed

@@ -0,0 +1,137 @@
+'use strict';
+// src/index.ts
+var state = {
+  token: null,
+  tokenExpiresAt: null,
+  bundle: null
+};
+var pendingLoadPromise = null;
+function _resetState() {
+  state.token = null;
+  state.tokenExpiresAt = null;
+  state.bundle = null;
+  pendingLoadPromise = null;
+}
+function getEnvGodConfig(options) {
+  const env = process.env;
+  const config = {
+    apiUrl: options?.config?.apiUrl ?? env.ENVGOD_API_URL,
+    apiKey: options?.config?.apiKey ?? env.ENVGOD_API_KEY,
+    project: options?.config?.project ?? env.ENVGOD_PROJECT,
+    env: options?.config?.env ?? env.ENVGOD_ENV,
+    service: options?.config?.service ?? env.ENVGOD_SERVICE
+  };
+  const missing = Object.entries(config).filter(([_, v]) => !v).map(([k]) => k);
+  if (missing.length > 0) {
+    throw new Error(`[EnvGod] Missing required configuration: ${missing.join(", ")}`);
+  }
+  return config;
+}
+function checkBrowser() {
+  if (typeof window !== "undefined") {
+    throw new Error("[EnvGod] Security Warning: SDK execution attempting in browser environment. This SDK is server-only.");
+  }
+}
+async function fetchWithTimeout(url, init) {
+  const { timeout = 5e3, ...rest } = init;
+  const controller = new AbortController();
+  const id = setTimeout(() => controller.abort(), timeout);
+  try {
+    const res = await fetch(url, { ...rest, signal: controller.signal });
+    return res;
+  } catch (err) {
+    if (err.name === "AbortError") {
+      throw new Error(`[EnvGod] Request timed out after ${timeout}ms`);
+    }
+    throw err;
+  } finally {
+    clearTimeout(id);
+  }
+}
+async function exchangeToken(config, timeout) {
+  const res = await fetchWithTimeout(`${config.apiUrl}/v1/auth/exchange`, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+      "Authorization": `Bearer ${config.apiKey}`
+    },
+    body: JSON.stringify({
+      project: config.project,
+      env: config.env,
+      service: config.service
+    }),
+    timeout
+  });
+  if (!res.ok) {
+    throw new Error(`[EnvGod] Auth exchange failed: ${res.status} ${res.statusText}`);
+  }
+  const data = await res.json();
+  state.token = data.token;
+  state.tokenExpiresAt = new Date(data.expiresAt).getTime();
+  return data.token;
+}
+async function fetchBundle(config, token, timeout) {
+  const res = await fetchWithTimeout(`${config.apiUrl}/v1/bundle`, {
+    method: "GET",
+    headers: {
+      "Authorization": `Bearer ${token}`
+    },
+    timeout
+  });
+  if (res.status === 401) {
+    throw new Error("401");
+  }
+  if (!res.ok) {
+    throw new Error(`[EnvGod] Fetch bundle failed: ${res.status} ${res.statusText}`);
+  }
+  const data = await res.json();
+  return data.values;
+}
+async function loadEnvInternal(options) {
+  checkBrowser();
+  const config = getEnvGodConfig(options);
+  const timeout = options?.timeout ?? 5e3;
+  const now = Date.now();
+  let token = state.token;
+  let tokenValid = token && state.tokenExpiresAt && state.tokenExpiresAt > now;
+  if (!tokenValid) {
+    token = await exchangeToken(config, timeout);
+  }
+  if (state.bundle && tokenValid) {
+    Object.assign(process.env, state.bundle);
+    return state.bundle;
+  }
+  try {
+    const values = await fetchBundle(config, token, timeout);
+    state.bundle = values;
+    Object.assign(process.env, values);
+    return values;
+  } catch (err) {
+    if (err.message === "401") {
+      state.token = null;
+      state.bundle = null;
+      const newToken = await exchangeToken(config, timeout);
+      const values = await fetchBundle(config, newToken, timeout);
+      state.bundle = values;
+      Object.assign(process.env, values);
+      return values;
+    }
+    throw err;
+  }
+}
+function loadEnv(options) {
+  if (pendingLoadPromise) {
+    return pendingLoadPromise;
+  }
+  pendingLoadPromise = loadEnvInternal(options).finally(() => {
+    pendingLoadPromise = null;
+  });
+  return pendingLoadPromise;
+}
+exports._resetState = _resetState;
+exports.getEnvGodConfig = getEnvGodConfig;
+exports.loadEnv = loadEnv;
+//# sourceMappingURL=index.js.map
+//# sourceMappingURL=index.js.map

package/dist/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/index.ts"],"names":[],"mappings":";;;AASA,IAAM,KAAA,GAAoB;AAAA,EACtB,KAAA,EAAO,IAAA;AAAA,EACP,cAAA,EAAgB,IAAA;AAAA,EAChB,MAAA,EAAQ;AACZ,CAAA;AAEA,IAAI,kBAAA,GAA6D,IAAA;AAG1D,SAAS,WAAA,GAAc;AAC1B,EAAA,KAAA,CAAM,KAAA,GAAQ,IAAA;AACd,EAAA,KAAA,CAAM,cAAA,GAAiB,IAAA;AACvB,EAAA,KAAA,CAAM,MAAA,GAAS,IAAA;AACf,EAAA,kBAAA,GAAqB,IAAA;AACzB;AAQO,SAAS,gBAAgB,OAAA,EAAwC;AACpE,EAAA,MAAM,MAAM,OAAA,CAAQ,GAAA;AACpB,EAAA,MAAM,MAAA,GAAS;AAAA,IACX,MAAA,EAAQ,OAAA,EAAS,MAAA,EAAQ,MAAA,IAAU,GAAA,CAAI,cAAA;AAAA,IACvC,MAAA,EAAQ,OAAA,EAAS,MAAA,EAAQ,MAAA,IAAU,GAAA,CAAI,cAAA;AAAA,IACvC,OAAA,EAAS,OAAA,EAAS,MAAA,EAAQ,OAAA,IAAW,GAAA,CAAI,cAAA;AAAA,IACzC,GAAA,EAAK,OAAA,EAAS,MAAA,EAAQ,GAAA,IAAO,GAAA,CAAI,UAAA;AAAA,IACjC,OAAA,EAAS,OAAA,EAAS,MAAA,EAAQ,OAAA,IAAW,GAAA,CAAI;AAAA,GAC7C;AAEA,EAAA,MAAM,UAAU,MAAA,CAAO,OAAA,CAAQ,MAAM,CAAA,CAChC,MAAA,CAAO,CAAC,CAAC,CAAA,EAAG,CAAC,CAAA,KAAM,CAAC,CAAC,CAAA,CACrB,GAAA,CAAI,CAAC,CAAC,CAAC,MAAM,CAAC,CAAA;AAEnB,EAAA,IAAI,OAAA,CAAQ,SAAS,CAAA,EAAG;AACpB,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,yCAAA,EAA4C,QAAQ,IAAA,CAAK,IAAI,CAAC,CAAA,CAAE,CAAA;AAAA,EACpF;AAEA,EAAA,OAAO,MAAA;AACX;AAKA,SAAS,YAAA,GAAe;AACpB,EAAA,IAAI,OAAO,WAAW,WAAA,EAAa;AAC/B,IAAA,MAAM,IAAI,MAAM,sGAAsG,CAAA;AAAA,EAC1H;AACJ;AAKA,eAAe,gBAAA,CAAiB,KAAa,IAAA,EAA0C;AACnF,EAAA,MAAM,EAAE,OAAA,GAAU,GAAA,EAAM,GAAG,MAAK,GAAI,IAAA;AACpC,EAAA,MAAM,UAAA,GAAa,IAAI,eAAA,EAAgB;AACvC,EAAA,MAAM,KAAK,UAAA,CAAW,MAAM,UAAA,CAAW,KAAA,IAAS,OAAO,CAAA;AAEvD,EAAA,IAAI;AACA,IAAA,MAAM,GAAA,GAAM,MAAM,KAAA,CAAM,GAAA,EAAK,EAAE,GAAG,IAAA,EAAM,MAAA,EAAQ,UAAA,CAAW,MAAA,EAAQ,CAAA;AACnE,IAAA,OAAO,GAAA;AAAA,EACX,SAAS,GAAA,EAAU;AACf,IAAA,IAAI,GAAA,CAAI,SAAS,YAAA,EAAc;AAC3B,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,iCAAA,EAAoC,OAAO,CAAA,EAAA,CAAI,CAAA;AAAA,IACnE;AACA,IAAA,MAAM,GAAA;AAAA,EACV,CAAA,SAAE;AACE,IAAA,YAAA,CAAa,EAAE,CAAA;AAAA,EACnB;AACJ;AAIA,eAAe,aAAA,CAAc,QAAsB,OAAA,EAAkC;AACjF,EAAA,MAAM,MAAM,MAAM,gBAAA,CAAiB,CAAA,EAAG,MAAA,CAAO,MAAM,CAAA,iBAAA,CAAA,EAAqB;AAAA,IACpE,MAAA,EAAQ,MAAA;AAAA,IACR,OAAA,EAAS;AAAA,MACL,cAAA,EAAgB,kBAAA;AAAA,MAChB,eAAA,EAAiB,CAAA,OAAA,EAAU,MAAA,CAAO,MAAM,CAAA;AAAA,KAC5C;AAAA,IACA,IAAA,EAAM,KAAK,SAAA,CAAU;AAAA,MACjB,SAAS,MAAA,CAAO,OAAA;AAAA,MAChB,KAAK,MAAA,CAAO,GAAA;AAAA,MACZ,SAAS,MAAA,CAAO;AAAA,KACnB,CAAA;AAAA,IACD;AAAA,GACH,CAAA;AAED,EAAA,IAAI,CAAC,IAAI,EAAA,EAAI;AACT,IAAA,MAAM,IAAI,MAAM,CAAA,+BAAA,EAAkC,GAAA,CAAI,MAAM,CAAA,CAAA,EAAI,GAAA,CAAI,UAAU,CAAA,CAAE,CAAA;AAAA,EACpF;AAEA,EAAA,MAAM,IAAA,GAAQ,MAAM,GAAA,CAAI,IAAA,EAAK;AAC7B,EAAA,KAAA,CAAM,QAAQ,IAAA,CAAK,KAAA;AACnB,EAAA,KAAA,CAAM,iBAAiB,IAAI,IAAA,CAAK,IAAA,CAAK,SAAS,EAAE,OAAA,EAAQ;AACxD,EAAA,OAAO,IAAA,CAAK,KAAA;AAChB;AAEA,eAAe,WAAA,CAAY,MAAA,EAAsB,KAAA,EAAe,OAAA,EAAkD;AAC9G,EAAA,MAAM,MAAM,MAAM,gBAAA,CAAiB,CAAA,EAAG,MAAA,CAAO,MAAM,CAAA,UAAA,CAAA,EAAc;AAAA,IAC7D,MAAA,EAAQ,KAAA;AAAA,IACR,OAAA,EAAS;AAAA,MACL,eAAA,EAAiB,UAAU,KAAK,CAAA;AAAA,KACpC;AAAA,IACA;AAAA,GACH,CAAA;AAED,EAAA,IAAI,GAAA,CAAI,WAAW,GAAA,EAAK;AACpB,IAAA,MAAM,IAAI,MAAM,KAAK,CAAA;AAAA,EACzB;AAEA,EAAA,IAAI,CAAC,IAAI,EAAA,EAAI;AACT,IAAA,MAAM,IAAI,MAAM,CAAA,8BAAA,EAAiC,GAAA,CAAI,MAAM,CAAA,CAAA,EAAI,GAAA,CAAI,UAAU,CAAA,CAAE,CAAA;AAAA,EACnF;AAEA,EAAA,MAAM,IAAA,GAAQ,MAAM,GAAA,CAAI,IAAA,EAAK;AAC7B,EAAA,OAAO,IAAA,CAAK,MAAA;AAChB;AAEA,eAAe,gBAAgB,OAAA,EAA2D;AACtF,EAAA,YAAA,EAAa;AACb,EAAA,MAAM,MAAA,GAAS,gBAAgB,OAAO,CAAA;AACtC,EAAA,MAAM,OAAA,GAAU,SAAS,OAAA,IAAW,GAAA;AACpC,EAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AAGrB,EAAA,IAAI,QAAQ,KAAA,CAAM,KAAA;AAClB,EAAA,IAAI,UAAA,GAAa,KAAA,IAAS,KAAA,CAAM,cAAA,IAAkB,MAAM,cAAA,GAAiB,GAAA;AAGzE,EAAA,IAAI,CAAC,UAAA,EAAY;AACb,IAAA,KAAA,GAAQ,MAAM,aAAA,CAAc,MAAA,EAAQ,OAAO,CAAA;AAAA,EAC/C;AAGA,EAAA,IAAI,KAAA,CAAM,UAAU,UAAA,EAAY;AAC5B,IAAA,MAAA,CAAO,MAAA,CAAO,OAAA,CAAQ,GAAA,EAAK,KAAA,CAAM,MAAM,CAAA;AACvC,IAAA,OAAO,KAAA,CAAM,MAAA;AAAA,EACjB;AAGA,EAAA,IAAI;AACA,IAAA,MAAM,MAAA,GAAS,MAAM,WAAA,CAAY,MAAA,EAAQ,OAAQ,OAAO,CAAA;AACxD,IAAA,KAAA,CAAM,MAAA,GAAS,MAAA;AACf,IAAA,MAAA,CAAO,MAAA,CAAO,OAAA,CAAQ,GAAA,EAAK,MAAM,CAAA;AACjC,IAAA,OAAO,MAAA;AAAA,EACX,SAAS,GAAA,EAAU;AACf,IAAA,IAAI,GAAA,CAAI,YAAY,KAAA,EAAO;AAEvB,MAAA,KAAA,CAAM,KAAA,GAAQ,IAAA;AACd,MAAA,KAAA,CAAM,MAAA,GAAS,IAAA;AAEf,MAAA,MAAM,QAAA,GAAW,MAAM,aAAA,CAAc,MAAA,EAAQ,OAAO,CAAA;AACpD,MAAA,MAAM,MAAA,GAAS,MAAM,WAAA,CAAY,MAAA,EAAQ,UAAU,OAAO,CAAA;AAC1D,MAAA,KAAA,CAAM,MAAA,GAAS,MAAA;AACf,MAAA,MAAA,CAAO,MAAA,CAAO,OAAA,CAAQ,GAAA,EAAK,MAAM,CAAA;AACjC,MAAA,OAAO,MAAA;AAAA,IACX;AACA,IAAA,MAAM,GAAA;AAAA,EACV;AACJ;AAMO,SAAS,QAAQ,OAAA,EAA2D;AAC/E,EAAA,IAAI,kBAAA,EAAoB;AACpB,IAAA,OAAO,kBAAA;AAAA,EACX;AAEA,EAAA,kBAAA,GAAqB,eAAA,CAAgB,OAAO,CAAA,CACvC,OAAA,CAAQ,MAAM;AACX,IAAA,kBAAA,GAAqB,IAAA;AAAA,EACzB,CAAC,CAAA;AAEL,EAAA,OAAO,kBAAA;AACX","file":"index.js","sourcesContent":["import type { EnvGodConfig, LoadEnvOptions, AuthExchangeResponse, BundleResponse } from './types.js';\r\n\r\n// --- State ---\r\ninterface CacheState {\r\n token: string | null;\r\n tokenExpiresAt: number | null; // Timestamp in ms\r\n bundle: Record<string, string> | null;\r\n}\r\n\r\nconst state: CacheState = {\r\n token: null,\r\n tokenExpiresAt: null,\r\n bundle: null,\r\n};\r\n\r\nlet pendingLoadPromise: Promise<Record<string, string>> | null = null;\r\n\r\n/** @internal For testing only */\r\nexport function _resetState() {\r\n state.token = null;\r\n state.tokenExpiresAt = null;\r\n state.bundle = null;\r\n pendingLoadPromise = null;\r\n}\r\n\r\n// --- Helpers ---\r\n\r\n/**\r\n * Validates and returns the configuration.\r\n * Prioritizes options > process.env.\r\n */\r\nexport function getEnvGodConfig(options?: LoadEnvOptions): EnvGodConfig {\r\n const env = process.env;\r\n const config = {\r\n apiUrl: options?.config?.apiUrl ?? env.ENVGOD_API_URL,\r\n apiKey: options?.config?.apiKey ?? env.ENVGOD_API_KEY,\r\n project: options?.config?.project ?? env.ENVGOD_PROJECT,\r\n env: options?.config?.env ?? env.ENVGOD_ENV,\r\n service: options?.config?.service ?? env.ENVGOD_SERVICE,\r\n };\r\n\r\n const missing = Object.entries(config)\r\n .filter(([_, v]) => !v)\r\n .map(([k]) => k);\r\n\r\n if (missing.length > 0) {\r\n throw new Error(`[EnvGod] Missing required configuration: ${missing.join(', ')}`);\r\n }\r\n\r\n return config as EnvGodConfig;\r\n}\r\n\r\n/**\r\n * Checks if the current environment is a browser.\r\n */\r\nfunction checkBrowser() {\r\n if (typeof window !== 'undefined') {\r\n throw new Error('[EnvGod] Security Warning: SDK execution attempting in browser environment. This SDK is server-only.');\r\n }\r\n}\r\n\r\n/**\r\n * Fetches with timeout.\r\n */\r\nasync function fetchWithTimeout(url: string, init: RequestInit & { timeout?: number }) {\r\n const { timeout = 5000, ...rest } = init;\r\n const controller = new AbortController();\r\n const id = setTimeout(() => controller.abort(), timeout);\r\n\r\n try {\r\n const res = await fetch(url, { ...rest, signal: controller.signal });\r\n return res;\r\n } catch (err: any) {\r\n if (err.name === 'AbortError') {\r\n throw new Error(`[EnvGod] Request timed out after ${timeout}ms`);\r\n }\r\n throw err;\r\n } finally {\r\n clearTimeout(id);\r\n }\r\n}\r\n\r\n// --- Core Logic ---\r\n\r\nasync function exchangeToken(config: EnvGodConfig, timeout: number): Promise<string> {\r\n const res = await fetchWithTimeout(`${config.apiUrl}/v1/auth/exchange`, {\r\n method: 'POST',\r\n headers: {\r\n 'Content-Type': 'application/json',\r\n 'Authorization': `Bearer ${config.apiKey}`,\r\n },\r\n body: JSON.stringify({\r\n project: config.project,\r\n env: config.env,\r\n service: config.service,\r\n }),\r\n timeout,\r\n });\r\n\r\n if (!res.ok) {\r\n throw new Error(`[EnvGod] Auth exchange failed: ${res.status} ${res.statusText}`);\r\n }\r\n\r\n const data = (await res.json()) as AuthExchangeResponse;\r\n state.token = data.token;\r\n state.tokenExpiresAt = new Date(data.expiresAt).getTime();\r\n return data.token;\r\n}\r\n\r\nasync function fetchBundle(config: EnvGodConfig, token: string, timeout: number): Promise<Record<string, string>> {\r\n const res = await fetchWithTimeout(`${config.apiUrl}/v1/bundle`, {\r\n method: 'GET',\r\n headers: {\r\n 'Authorization': `Bearer ${token}`,\r\n },\r\n timeout,\r\n });\r\n\r\n if (res.status === 401) {\r\n throw new Error('401'); // Signal to retry\r\n }\r\n\r\n if (!res.ok) {\r\n throw new Error(`[EnvGod] Fetch bundle failed: ${res.status} ${res.statusText}`);\r\n }\r\n\r\n const data = (await res.json()) as BundleResponse;\r\n return data.values;\r\n}\r\n\r\nasync function loadEnvInternal(options?: LoadEnvOptions): Promise<Record<string, string>> {\r\n checkBrowser();\r\n const config = getEnvGodConfig(options);\r\n const timeout = options?.timeout ?? 5000;\r\n const now = Date.now();\r\n\r\n // 1. Check if we have a valid token\r\n let token = state.token;\r\n let tokenValid = token && state.tokenExpiresAt && state.tokenExpiresAt > now;\r\n\r\n // 2. If token invalid, exchange\r\n if (!tokenValid) {\r\n token = await exchangeToken(config, timeout);\r\n }\r\n\r\n // 3. If we have a cached bundle and the token is still the same/valid, return it?\r\n if (state.bundle && tokenValid) {\r\n Object.assign(process.env, state.bundle);\r\n return state.bundle;\r\n }\r\n\r\n // 4. Fetch bundle with retry logic\r\n try {\r\n const values = await fetchBundle(config, token!, timeout);\r\n state.bundle = values;\r\n Object.assign(process.env, values);\r\n return values;\r\n } catch (err: any) {\r\n if (err.message === '401') {\r\n // Retry ONCE: Re-exchange and Re-fetch\r\n state.token = null;\r\n state.bundle = null;\r\n\r\n const newToken = await exchangeToken(config, timeout);\r\n const values = await fetchBundle(config, newToken, timeout);\r\n state.bundle = values;\r\n Object.assign(process.env, values);\r\n return values;\r\n }\r\n throw err;\r\n }\r\n}\r\n\r\n/**\r\n * Main entry point to load environment variables.\r\n * Uses Singleflight pattern to prevent concurrent network requests.\r\n */\r\nexport function loadEnv(options?: LoadEnvOptions): Promise<Record<string, string>> {\r\n if (pendingLoadPromise) {\r\n return pendingLoadPromise;\r\n }\r\n\r\n pendingLoadPromise = loadEnvInternal(options)\r\n .finally(() => {\r\n pendingLoadPromise = null;\r\n });\r\n\r\n return pendingLoadPromise;\r\n}\r\n\r\nexport * from './types.js';\r\n"]}

package/dist/index.mjs ADDED Viewed

@@ -0,0 +1,133 @@
+// src/index.ts
+var state = {
+  token: null,
+  tokenExpiresAt: null,
+  bundle: null
+};
+var pendingLoadPromise = null;
+function _resetState() {
+  state.token = null;
+  state.tokenExpiresAt = null;
+  state.bundle = null;
+  pendingLoadPromise = null;
+}
+function getEnvGodConfig(options) {
+  const env = process.env;
+  const config = {
+    apiUrl: options?.config?.apiUrl ?? env.ENVGOD_API_URL,
+    apiKey: options?.config?.apiKey ?? env.ENVGOD_API_KEY,
+    project: options?.config?.project ?? env.ENVGOD_PROJECT,
+    env: options?.config?.env ?? env.ENVGOD_ENV,
+    service: options?.config?.service ?? env.ENVGOD_SERVICE
+  };
+  const missing = Object.entries(config).filter(([_, v]) => !v).map(([k]) => k);
+  if (missing.length > 0) {
+    throw new Error(`[EnvGod] Missing required configuration: ${missing.join(", ")}`);
+  }
+  return config;
+}
+function checkBrowser() {
+  if (typeof window !== "undefined") {
+    throw new Error("[EnvGod] Security Warning: SDK execution attempting in browser environment. This SDK is server-only.");
+  }
+}
+async function fetchWithTimeout(url, init) {
+  const { timeout = 5e3, ...rest } = init;
+  const controller = new AbortController();
+  const id = setTimeout(() => controller.abort(), timeout);
+  try {
+    const res = await fetch(url, { ...rest, signal: controller.signal });
+    return res;
+  } catch (err) {
+    if (err.name === "AbortError") {
+      throw new Error(`[EnvGod] Request timed out after ${timeout}ms`);
+    }
+    throw err;
+  } finally {
+    clearTimeout(id);
+  }
+}
+async function exchangeToken(config, timeout) {
+  const res = await fetchWithTimeout(`${config.apiUrl}/v1/auth/exchange`, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+      "Authorization": `Bearer ${config.apiKey}`
+    },
+    body: JSON.stringify({
+      project: config.project,
+      env: config.env,
+      service: config.service
+    }),
+    timeout
+  });
+  if (!res.ok) {
+    throw new Error(`[EnvGod] Auth exchange failed: ${res.status} ${res.statusText}`);
+  }
+  const data = await res.json();
+  state.token = data.token;
+  state.tokenExpiresAt = new Date(data.expiresAt).getTime();
+  return data.token;
+}
+async function fetchBundle(config, token, timeout) {
+  const res = await fetchWithTimeout(`${config.apiUrl}/v1/bundle`, {
+    method: "GET",
+    headers: {
+      "Authorization": `Bearer ${token}`
+    },
+    timeout
+  });
+  if (res.status === 401) {
+    throw new Error("401");
+  }
+  if (!res.ok) {
+    throw new Error(`[EnvGod] Fetch bundle failed: ${res.status} ${res.statusText}`);
+  }
+  const data = await res.json();
+  return data.values;
+}
+async function loadEnvInternal(options) {
+  checkBrowser();
+  const config = getEnvGodConfig(options);
+  const timeout = options?.timeout ?? 5e3;
+  const now = Date.now();
+  let token = state.token;
+  let tokenValid = token && state.tokenExpiresAt && state.tokenExpiresAt > now;
+  if (!tokenValid) {
+    token = await exchangeToken(config, timeout);
+  }
+  if (state.bundle && tokenValid) {
+    Object.assign(process.env, state.bundle);
+    return state.bundle;
+  }
+  try {
+    const values = await fetchBundle(config, token, timeout);
+    state.bundle = values;
+    Object.assign(process.env, values);
+    return values;
+  } catch (err) {
+    if (err.message === "401") {
+      state.token = null;
+      state.bundle = null;
+      const newToken = await exchangeToken(config, timeout);
+      const values = await fetchBundle(config, newToken, timeout);
+      state.bundle = values;
+      Object.assign(process.env, values);
+      return values;
+    }
+    throw err;
+  }
+}
+function loadEnv(options) {
+  if (pendingLoadPromise) {
+    return pendingLoadPromise;
+  }
+  pendingLoadPromise = loadEnvInternal(options).finally(() => {
+    pendingLoadPromise = null;
+  });
+  return pendingLoadPromise;
+}
+export { _resetState, getEnvGodConfig, loadEnv };
+//# sourceMappingURL=index.mjs.map
+//# sourceMappingURL=index.mjs.map

package/dist/index.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/index.ts"],"names":[],"mappings":";AASA,IAAM,KAAA,GAAoB;AAAA,EACtB,KAAA,EAAO,IAAA;AAAA,EACP,cAAA,EAAgB,IAAA;AAAA,EAChB,MAAA,EAAQ;AACZ,CAAA;AAEA,IAAI,kBAAA,GAA6D,IAAA;AAG1D,SAAS,WAAA,GAAc;AAC1B,EAAA,KAAA,CAAM,KAAA,GAAQ,IAAA;AACd,EAAA,KAAA,CAAM,cAAA,GAAiB,IAAA;AACvB,EAAA,KAAA,CAAM,MAAA,GAAS,IAAA;AACf,EAAA,kBAAA,GAAqB,IAAA;AACzB;AAQO,SAAS,gBAAgB,OAAA,EAAwC;AACpE,EAAA,MAAM,MAAM,OAAA,CAAQ,GAAA;AACpB,EAAA,MAAM,MAAA,GAAS;AAAA,IACX,MAAA,EAAQ,OAAA,EAAS,MAAA,EAAQ,MAAA,IAAU,GAAA,CAAI,cAAA;AAAA,IACvC,MAAA,EAAQ,OAAA,EAAS,MAAA,EAAQ,MAAA,IAAU,GAAA,CAAI,cAAA;AAAA,IACvC,OAAA,EAAS,OAAA,EAAS,MAAA,EAAQ,OAAA,IAAW,GAAA,CAAI,cAAA;AAAA,IACzC,GAAA,EAAK,OAAA,EAAS,MAAA,EAAQ,GAAA,IAAO,GAAA,CAAI,UAAA;AAAA,IACjC,OAAA,EAAS,OAAA,EAAS,MAAA,EAAQ,OAAA,IAAW,GAAA,CAAI;AAAA,GAC7C;AAEA,EAAA,MAAM,UAAU,MAAA,CAAO,OAAA,CAAQ,MAAM,CAAA,CAChC,MAAA,CAAO,CAAC,CAAC,CAAA,EAAG,CAAC,CAAA,KAAM,CAAC,CAAC,CAAA,CACrB,GAAA,CAAI,CAAC,CAAC,CAAC,MAAM,CAAC,CAAA;AAEnB,EAAA,IAAI,OAAA,CAAQ,SAAS,CAAA,EAAG;AACpB,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,yCAAA,EAA4C,QAAQ,IAAA,CAAK,IAAI,CAAC,CAAA,CAAE,CAAA;AAAA,EACpF;AAEA,EAAA,OAAO,MAAA;AACX;AAKA,SAAS,YAAA,GAAe;AACpB,EAAA,IAAI,OAAO,WAAW,WAAA,EAAa;AAC/B,IAAA,MAAM,IAAI,MAAM,sGAAsG,CAAA;AAAA,EAC1H;AACJ;AAKA,eAAe,gBAAA,CAAiB,KAAa,IAAA,EAA0C;AACnF,EAAA,MAAM,EAAE,OAAA,GAAU,GAAA,EAAM,GAAG,MAAK,GAAI,IAAA;AACpC,EAAA,MAAM,UAAA,GAAa,IAAI,eAAA,EAAgB;AACvC,EAAA,MAAM,KAAK,UAAA,CAAW,MAAM,UAAA,CAAW,KAAA,IAAS,OAAO,CAAA;AAEvD,EAAA,IAAI;AACA,IAAA,MAAM,GAAA,GAAM,MAAM,KAAA,CAAM,GAAA,EAAK,EAAE,GAAG,IAAA,EAAM,MAAA,EAAQ,UAAA,CAAW,MAAA,EAAQ,CAAA;AACnE,IAAA,OAAO,GAAA;AAAA,EACX,SAAS,GAAA,EAAU;AACf,IAAA,IAAI,GAAA,CAAI,SAAS,YAAA,EAAc;AAC3B,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,iCAAA,EAAoC,OAAO,CAAA,EAAA,CAAI,CAAA;AAAA,IACnE;AACA,IAAA,MAAM,GAAA;AAAA,EACV,CAAA,SAAE;AACE,IAAA,YAAA,CAAa,EAAE,CAAA;AAAA,EACnB;AACJ;AAIA,eAAe,aAAA,CAAc,QAAsB,OAAA,EAAkC;AACjF,EAAA,MAAM,MAAM,MAAM,gBAAA,CAAiB,CAAA,EAAG,MAAA,CAAO,MAAM,CAAA,iBAAA,CAAA,EAAqB;AAAA,IACpE,MAAA,EAAQ,MAAA;AAAA,IACR,OAAA,EAAS;AAAA,MACL,cAAA,EAAgB,kBAAA;AAAA,MAChB,eAAA,EAAiB,CAAA,OAAA,EAAU,MAAA,CAAO,MAAM,CAAA;AAAA,KAC5C;AAAA,IACA,IAAA,EAAM,KAAK,SAAA,CAAU;AAAA,MACjB,SAAS,MAAA,CAAO,OAAA;AAAA,MAChB,KAAK,MAAA,CAAO,GAAA;AAAA,MACZ,SAAS,MAAA,CAAO;AAAA,KACnB,CAAA;AAAA,IACD;AAAA,GACH,CAAA;AAED,EAAA,IAAI,CAAC,IAAI,EAAA,EAAI;AACT,IAAA,MAAM,IAAI,MAAM,CAAA,+BAAA,EAAkC,GAAA,CAAI,MAAM,CAAA,CAAA,EAAI,GAAA,CAAI,UAAU,CAAA,CAAE,CAAA;AAAA,EACpF;AAEA,EAAA,MAAM,IAAA,GAAQ,MAAM,GAAA,CAAI,IAAA,EAAK;AAC7B,EAAA,KAAA,CAAM,QAAQ,IAAA,CAAK,KAAA;AACnB,EAAA,KAAA,CAAM,iBAAiB,IAAI,IAAA,CAAK,IAAA,CAAK,SAAS,EAAE,OAAA,EAAQ;AACxD,EAAA,OAAO,IAAA,CAAK,KAAA;AAChB;AAEA,eAAe,WAAA,CAAY,MAAA,EAAsB,KAAA,EAAe,OAAA,EAAkD;AAC9G,EAAA,MAAM,MAAM,MAAM,gBAAA,CAAiB,CAAA,EAAG,MAAA,CAAO,MAAM,CAAA,UAAA,CAAA,EAAc;AAAA,IAC7D,MAAA,EAAQ,KAAA;AAAA,IACR,OAAA,EAAS;AAAA,MACL,eAAA,EAAiB,UAAU,KAAK,CAAA;AAAA,KACpC;AAAA,IACA;AAAA,GACH,CAAA;AAED,EAAA,IAAI,GAAA,CAAI,WAAW,GAAA,EAAK;AACpB,IAAA,MAAM,IAAI,MAAM,KAAK,CAAA;AAAA,EACzB;AAEA,EAAA,IAAI,CAAC,IAAI,EAAA,EAAI;AACT,IAAA,MAAM,IAAI,MAAM,CAAA,8BAAA,EAAiC,GAAA,CAAI,MAAM,CAAA,CAAA,EAAI,GAAA,CAAI,UAAU,CAAA,CAAE,CAAA;AAAA,EACnF;AAEA,EAAA,MAAM,IAAA,GAAQ,MAAM,GAAA,CAAI,IAAA,EAAK;AAC7B,EAAA,OAAO,IAAA,CAAK,MAAA;AAChB;AAEA,eAAe,gBAAgB,OAAA,EAA2D;AACtF,EAAA,YAAA,EAAa;AACb,EAAA,MAAM,MAAA,GAAS,gBAAgB,OAAO,CAAA;AACtC,EAAA,MAAM,OAAA,GAAU,SAAS,OAAA,IAAW,GAAA;AACpC,EAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AAGrB,EAAA,IAAI,QAAQ,KAAA,CAAM,KAAA;AAClB,EAAA,IAAI,UAAA,GAAa,KAAA,IAAS,KAAA,CAAM,cAAA,IAAkB,MAAM,cAAA,GAAiB,GAAA;AAGzE,EAAA,IAAI,CAAC,UAAA,EAAY;AACb,IAAA,KAAA,GAAQ,MAAM,aAAA,CAAc,MAAA,EAAQ,OAAO,CAAA;AAAA,EAC/C;AAGA,EAAA,IAAI,KAAA,CAAM,UAAU,UAAA,EAAY;AAC5B,IAAA,MAAA,CAAO,MAAA,CAAO,OAAA,CAAQ,GAAA,EAAK,KAAA,CAAM,MAAM,CAAA;AACvC,IAAA,OAAO,KAAA,CAAM,MAAA;AAAA,EACjB;AAGA,EAAA,IAAI;AACA,IAAA,MAAM,MAAA,GAAS,MAAM,WAAA,CAAY,MAAA,EAAQ,OAAQ,OAAO,CAAA;AACxD,IAAA,KAAA,CAAM,MAAA,GAAS,MAAA;AACf,IAAA,MAAA,CAAO,MAAA,CAAO,OAAA,CAAQ,GAAA,EAAK,MAAM,CAAA;AACjC,IAAA,OAAO,MAAA;AAAA,EACX,SAAS,GAAA,EAAU;AACf,IAAA,IAAI,GAAA,CAAI,YAAY,KAAA,EAAO;AAEvB,MAAA,KAAA,CAAM,KAAA,GAAQ,IAAA;AACd,MAAA,KAAA,CAAM,MAAA,GAAS,IAAA;AAEf,MAAA,MAAM,QAAA,GAAW,MAAM,aAAA,CAAc,MAAA,EAAQ,OAAO,CAAA;AACpD,MAAA,MAAM,MAAA,GAAS,MAAM,WAAA,CAAY,MAAA,EAAQ,UAAU,OAAO,CAAA;AAC1D,MAAA,KAAA,CAAM,MAAA,GAAS,MAAA;AACf,MAAA,MAAA,CAAO,MAAA,CAAO,OAAA,CAAQ,GAAA,EAAK,MAAM,CAAA;AACjC,MAAA,OAAO,MAAA;AAAA,IACX;AACA,IAAA,MAAM,GAAA;AAAA,EACV;AACJ;AAMO,SAAS,QAAQ,OAAA,EAA2D;AAC/E,EAAA,IAAI,kBAAA,EAAoB;AACpB,IAAA,OAAO,kBAAA;AAAA,EACX;AAEA,EAAA,kBAAA,GAAqB,eAAA,CAAgB,OAAO,CAAA,CACvC,OAAA,CAAQ,MAAM;AACX,IAAA,kBAAA,GAAqB,IAAA;AAAA,EACzB,CAAC,CAAA;AAEL,EAAA,OAAO,kBAAA;AACX","file":"index.mjs","sourcesContent":["import type { EnvGodConfig, LoadEnvOptions, AuthExchangeResponse, BundleResponse } from './types.js';\r\n\r\n// --- State ---\r\ninterface CacheState {\r\n token: string | null;\r\n tokenExpiresAt: number | null; // Timestamp in ms\r\n bundle: Record<string, string> | null;\r\n}\r\n\r\nconst state: CacheState = {\r\n token: null,\r\n tokenExpiresAt: null,\r\n bundle: null,\r\n};\r\n\r\nlet pendingLoadPromise: Promise<Record<string, string>> | null = null;\r\n\r\n/** @internal For testing only */\r\nexport function _resetState() {\r\n state.token = null;\r\n state.tokenExpiresAt = null;\r\n state.bundle = null;\r\n pendingLoadPromise = null;\r\n}\r\n\r\n// --- Helpers ---\r\n\r\n/**\r\n * Validates and returns the configuration.\r\n * Prioritizes options > process.env.\r\n */\r\nexport function getEnvGodConfig(options?: LoadEnvOptions): EnvGodConfig {\r\n const env = process.env;\r\n const config = {\r\n apiUrl: options?.config?.apiUrl ?? env.ENVGOD_API_URL,\r\n apiKey: options?.config?.apiKey ?? env.ENVGOD_API_KEY,\r\n project: options?.config?.project ?? env.ENVGOD_PROJECT,\r\n env: options?.config?.env ?? env.ENVGOD_ENV,\r\n service: options?.config?.service ?? env.ENVGOD_SERVICE,\r\n };\r\n\r\n const missing = Object.entries(config)\r\n .filter(([_, v]) => !v)\r\n .map(([k]) => k);\r\n\r\n if (missing.length > 0) {\r\n throw new Error(`[EnvGod] Missing required configuration: ${missing.join(', ')}`);\r\n }\r\n\r\n return config as EnvGodConfig;\r\n}\r\n\r\n/**\r\n * Checks if the current environment is a browser.\r\n */\r\nfunction checkBrowser() {\r\n if (typeof window !== 'undefined') {\r\n throw new Error('[EnvGod] Security Warning: SDK execution attempting in browser environment. This SDK is server-only.');\r\n }\r\n}\r\n\r\n/**\r\n * Fetches with timeout.\r\n */\r\nasync function fetchWithTimeout(url: string, init: RequestInit & { timeout?: number }) {\r\n const { timeout = 5000, ...rest } = init;\r\n const controller = new AbortController();\r\n const id = setTimeout(() => controller.abort(), timeout);\r\n\r\n try {\r\n const res = await fetch(url, { ...rest, signal: controller.signal });\r\n return res;\r\n } catch (err: any) {\r\n if (err.name === 'AbortError') {\r\n throw new Error(`[EnvGod] Request timed out after ${timeout}ms`);\r\n }\r\n throw err;\r\n } finally {\r\n clearTimeout(id);\r\n }\r\n}\r\n\r\n// --- Core Logic ---\r\n\r\nasync function exchangeToken(config: EnvGodConfig, timeout: number): Promise<string> {\r\n const res = await fetchWithTimeout(`${config.apiUrl}/v1/auth/exchange`, {\r\n method: 'POST',\r\n headers: {\r\n 'Content-Type': 'application/json',\r\n 'Authorization': `Bearer ${config.apiKey}`,\r\n },\r\n body: JSON.stringify({\r\n project: config.project,\r\n env: config.env,\r\n service: config.service,\r\n }),\r\n timeout,\r\n });\r\n\r\n if (!res.ok) {\r\n throw new Error(`[EnvGod] Auth exchange failed: ${res.status} ${res.statusText}`);\r\n }\r\n\r\n const data = (await res.json()) as AuthExchangeResponse;\r\n state.token = data.token;\r\n state.tokenExpiresAt = new Date(data.expiresAt).getTime();\r\n return data.token;\r\n}\r\n\r\nasync function fetchBundle(config: EnvGodConfig, token: string, timeout: number): Promise<Record<string, string>> {\r\n const res = await fetchWithTimeout(`${config.apiUrl}/v1/bundle`, {\r\n method: 'GET',\r\n headers: {\r\n 'Authorization': `Bearer ${token}`,\r\n },\r\n timeout,\r\n });\r\n\r\n if (res.status === 401) {\r\n throw new Error('401'); // Signal to retry\r\n }\r\n\r\n if (!res.ok) {\r\n throw new Error(`[EnvGod] Fetch bundle failed: ${res.status} ${res.statusText}`);\r\n }\r\n\r\n const data = (await res.json()) as BundleResponse;\r\n return data.values;\r\n}\r\n\r\nasync function loadEnvInternal(options?: LoadEnvOptions): Promise<Record<string, string>> {\r\n checkBrowser();\r\n const config = getEnvGodConfig(options);\r\n const timeout = options?.timeout ?? 5000;\r\n const now = Date.now();\r\n\r\n // 1. Check if we have a valid token\r\n let token = state.token;\r\n let tokenValid = token && state.tokenExpiresAt && state.tokenExpiresAt > now;\r\n\r\n // 2. If token invalid, exchange\r\n if (!tokenValid) {\r\n token = await exchangeToken(config, timeout);\r\n }\r\n\r\n // 3. If we have a cached bundle and the token is still the same/valid, return it?\r\n if (state.bundle && tokenValid) {\r\n Object.assign(process.env, state.bundle);\r\n return state.bundle;\r\n }\r\n\r\n // 4. Fetch bundle with retry logic\r\n try {\r\n const values = await fetchBundle(config, token!, timeout);\r\n state.bundle = values;\r\n Object.assign(process.env, values);\r\n return values;\r\n } catch (err: any) {\r\n if (err.message === '401') {\r\n // Retry ONCE: Re-exchange and Re-fetch\r\n state.token = null;\r\n state.bundle = null;\r\n\r\n const newToken = await exchangeToken(config, timeout);\r\n const values = await fetchBundle(config, newToken, timeout);\r\n state.bundle = values;\r\n Object.assign(process.env, values);\r\n return values;\r\n }\r\n throw err;\r\n }\r\n}\r\n\r\n/**\r\n * Main entry point to load environment variables.\r\n * Uses Singleflight pattern to prevent concurrent network requests.\r\n */\r\nexport function loadEnv(options?: LoadEnvOptions): Promise<Record<string, string>> {\r\n if (pendingLoadPromise) {\r\n return pendingLoadPromise;\r\n }\r\n\r\n pendingLoadPromise = loadEnvInternal(options)\r\n .finally(() => {\r\n pendingLoadPromise = null;\r\n });\r\n\r\n return pendingLoadPromise;\r\n}\r\n\r\nexport * from './types.js';\r\n"]}

package/dist/next.d.mts ADDED Viewed

@@ -0,0 +1,6 @@
+import { L as LoadEnvOptions } from './types-BJpNm9Vm.mjs';
+export { A as AuthExchangeResponse, B as BundleResponse, E as EnvGodConfig } from './types-BJpNm9Vm.mjs';
+declare function loadServerEnv(options?: LoadEnvOptions): Promise<Record<string, string>>;
+export { LoadEnvOptions, loadServerEnv };

package/dist/next.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+import { L as LoadEnvOptions } from './types-BJpNm9Vm.js';
+export { A as AuthExchangeResponse, B as BundleResponse, E as EnvGodConfig } from './types-BJpNm9Vm.js';
+declare function loadServerEnv(options?: LoadEnvOptions): Promise<Record<string, string>>;
+export { LoadEnvOptions, loadServerEnv };

package/dist/next.js ADDED Viewed

@@ -0,0 +1,138 @@
+'use strict';
+require('server-only');
+// src/next.ts
+// src/index.ts
+var state = {
+  token: null,
+  tokenExpiresAt: null,
+  bundle: null
+};
+var pendingLoadPromise = null;
+function getEnvGodConfig(options) {
+  const env = process.env;
+  const config = {
+    apiUrl: options?.config?.apiUrl ?? env.ENVGOD_API_URL,
+    apiKey: options?.config?.apiKey ?? env.ENVGOD_API_KEY,
+    project: options?.config?.project ?? env.ENVGOD_PROJECT,
+    env: options?.config?.env ?? env.ENVGOD_ENV,
+    service: options?.config?.service ?? env.ENVGOD_SERVICE
+  };
+  const missing = Object.entries(config).filter(([_, v]) => !v).map(([k]) => k);
+  if (missing.length > 0) {
+    throw new Error(`[EnvGod] Missing required configuration: ${missing.join(", ")}`);
+  }
+  return config;
+}
+function checkBrowser() {
+  if (typeof window !== "undefined") {
+    throw new Error("[EnvGod] Security Warning: SDK execution attempting in browser environment. This SDK is server-only.");
+  }
+}
+async function fetchWithTimeout(url, init) {
+  const { timeout = 5e3, ...rest } = init;
+  const controller = new AbortController();
+  const id = setTimeout(() => controller.abort(), timeout);
+  try {
+    const res = await fetch(url, { ...rest, signal: controller.signal });
+    return res;
+  } catch (err) {
+    if (err.name === "AbortError") {
+      throw new Error(`[EnvGod] Request timed out after ${timeout}ms`);
+    }
+    throw err;
+  } finally {
+    clearTimeout(id);
+  }
+}
+async function exchangeToken(config, timeout) {
+  const res = await fetchWithTimeout(`${config.apiUrl}/v1/auth/exchange`, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+      "Authorization": `Bearer ${config.apiKey}`
+    },
+    body: JSON.stringify({
+      project: config.project,
+      env: config.env,
+      service: config.service
+    }),
+    timeout
+  });
+  if (!res.ok) {
+    throw new Error(`[EnvGod] Auth exchange failed: ${res.status} ${res.statusText}`);
+  }
+  const data = await res.json();
+  state.token = data.token;
+  state.tokenExpiresAt = new Date(data.expiresAt).getTime();
+  return data.token;
+}
+async function fetchBundle(config, token, timeout) {
+  const res = await fetchWithTimeout(`${config.apiUrl}/v1/bundle`, {
+    method: "GET",
+    headers: {
+      "Authorization": `Bearer ${token}`
+    },
+    timeout
+  });
+  if (res.status === 401) {
+    throw new Error("401");
+  }
+  if (!res.ok) {
+    throw new Error(`[EnvGod] Fetch bundle failed: ${res.status} ${res.statusText}`);
+  }
+  const data = await res.json();
+  return data.values;
+}
+async function loadEnvInternal(options) {
+  checkBrowser();
+  const config = getEnvGodConfig(options);
+  const timeout = options?.timeout ?? 5e3;
+  const now = Date.now();
+  let token = state.token;
+  let tokenValid = token && state.tokenExpiresAt && state.tokenExpiresAt > now;
+  if (!tokenValid) {
+    token = await exchangeToken(config, timeout);
+  }
+  if (state.bundle && tokenValid) {
+    Object.assign(process.env, state.bundle);
+    return state.bundle;
+  }
+  try {
+    const values = await fetchBundle(config, token, timeout);
+    state.bundle = values;
+    Object.assign(process.env, values);
+    return values;
+  } catch (err) {
+    if (err.message === "401") {
+      state.token = null;
+      state.bundle = null;
+      const newToken = await exchangeToken(config, timeout);
+      const values = await fetchBundle(config, newToken, timeout);
+      state.bundle = values;
+      Object.assign(process.env, values);
+      return values;
+    }
+    throw err;
+  }
+}
+function loadEnv(options) {
+  if (pendingLoadPromise) {
+    return pendingLoadPromise;
+  }
+  pendingLoadPromise = loadEnvInternal(options).finally(() => {
+    pendingLoadPromise = null;
+  });
+  return pendingLoadPromise;
+}
+// src/next.ts
+async function loadServerEnv(options) {
+  return loadEnv(options);
+}
+exports.loadServerEnv = loadServerEnv;
+//# sourceMappingURL=next.js.map
+//# sourceMappingURL=next.js.map

package/dist/next.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/index.ts","../src/next.ts"],"names":[],"mappings":";;;;;;;AASA,IAAM,KAAA,GAAoB;AAAA,EACtB,KAAA,EAAO,IAAA;AAAA,EACP,cAAA,EAAgB,IAAA;AAAA,EAChB,MAAA,EAAQ;AACZ,CAAA;AAEA,IAAI,kBAAA,GAA6D,IAAA;AAgB1D,SAAS,gBAAgB,OAAA,EAAwC;AACpE,EAAA,MAAM,MAAM,OAAA,CAAQ,GAAA;AACpB,EAAA,MAAM,MAAA,GAAS;AAAA,IACX,MAAA,EAAQ,OAAA,EAAS,MAAA,EAAQ,MAAA,IAAU,GAAA,CAAI,cAAA;AAAA,IACvC,MAAA,EAAQ,OAAA,EAAS,MAAA,EAAQ,MAAA,IAAU,GAAA,CAAI,cAAA;AAAA,IACvC,OAAA,EAAS,OAAA,EAAS,MAAA,EAAQ,OAAA,IAAW,GAAA,CAAI,cAAA;AAAA,IACzC,GAAA,EAAK,OAAA,EAAS,MAAA,EAAQ,GAAA,IAAO,GAAA,CAAI,UAAA;AAAA,IACjC,OAAA,EAAS,OAAA,EAAS,MAAA,EAAQ,OAAA,IAAW,GAAA,CAAI;AAAA,GAC7C;AAEA,EAAA,MAAM,UAAU,MAAA,CAAO,OAAA,CAAQ,MAAM,CAAA,CAChC,MAAA,CAAO,CAAC,CAAC,CAAA,EAAG,CAAC,CAAA,KAAM,CAAC,CAAC,CAAA,CACrB,GAAA,CAAI,CAAC,CAAC,CAAC,MAAM,CAAC,CAAA;AAEnB,EAAA,IAAI,OAAA,CAAQ,SAAS,CAAA,EAAG;AACpB,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,yCAAA,EAA4C,QAAQ,IAAA,CAAK,IAAI,CAAC,CAAA,CAAE,CAAA;AAAA,EACpF;AAEA,EAAA,OAAO,MAAA;AACX;AAKA,SAAS,YAAA,GAAe;AACpB,EAAA,IAAI,OAAO,WAAW,WAAA,EAAa;AAC/B,IAAA,MAAM,IAAI,MAAM,sGAAsG,CAAA;AAAA,EAC1H;AACJ;AAKA,eAAe,gBAAA,CAAiB,KAAa,IAAA,EAA0C;AACnF,EAAA,MAAM,EAAE,OAAA,GAAU,GAAA,EAAM,GAAG,MAAK,GAAI,IAAA;AACpC,EAAA,MAAM,UAAA,GAAa,IAAI,eAAA,EAAgB;AACvC,EAAA,MAAM,KAAK,UAAA,CAAW,MAAM,UAAA,CAAW,KAAA,IAAS,OAAO,CAAA;AAEvD,EAAA,IAAI;AACA,IAAA,MAAM,GAAA,GAAM,MAAM,KAAA,CAAM,GAAA,EAAK,EAAE,GAAG,IAAA,EAAM,MAAA,EAAQ,UAAA,CAAW,MAAA,EAAQ,CAAA;AACnE,IAAA,OAAO,GAAA;AAAA,EACX,SAAS,GAAA,EAAU;AACf,IAAA,IAAI,GAAA,CAAI,SAAS,YAAA,EAAc;AAC3B,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,iCAAA,EAAoC,OAAO,CAAA,EAAA,CAAI,CAAA;AAAA,IACnE;AACA,IAAA,MAAM,GAAA;AAAA,EACV,CAAA,SAAE;AACE,IAAA,YAAA,CAAa,EAAE,CAAA;AAAA,EACnB;AACJ;AAIA,eAAe,aAAA,CAAc,QAAsB,OAAA,EAAkC;AACjF,EAAA,MAAM,MAAM,MAAM,gBAAA,CAAiB,CAAA,EAAG,MAAA,CAAO,MAAM,CAAA,iBAAA,CAAA,EAAqB;AAAA,IACpE,MAAA,EAAQ,MAAA;AAAA,IACR,OAAA,EAAS;AAAA,MACL,cAAA,EAAgB,kBAAA;AAAA,MAChB,eAAA,EAAiB,CAAA,OAAA,EAAU,MAAA,CAAO,MAAM,CAAA;AAAA,KAC5C;AAAA,IACA,IAAA,EAAM,KAAK,SAAA,CAAU;AAAA,MACjB,SAAS,MAAA,CAAO,OAAA;AAAA,MAChB,KAAK,MAAA,CAAO,GAAA;AAAA,MACZ,SAAS,MAAA,CAAO;AAAA,KACnB,CAAA;AAAA,IACD;AAAA,GACH,CAAA;AAED,EAAA,IAAI,CAAC,IAAI,EAAA,EAAI;AACT,IAAA,MAAM,IAAI,MAAM,CAAA,+BAAA,EAAkC,GAAA,CAAI,MAAM,CAAA,CAAA,EAAI,GAAA,CAAI,UAAU,CAAA,CAAE,CAAA;AAAA,EACpF;AAEA,EAAA,MAAM,IAAA,GAAQ,MAAM,GAAA,CAAI,IAAA,EAAK;AAC7B,EAAA,KAAA,CAAM,QAAQ,IAAA,CAAK,KAAA;AACnB,EAAA,KAAA,CAAM,iBAAiB,IAAI,IAAA,CAAK,IAAA,CAAK,SAAS,EAAE,OAAA,EAAQ;AACxD,EAAA,OAAO,IAAA,CAAK,KAAA;AAChB;AAEA,eAAe,WAAA,CAAY,MAAA,EAAsB,KAAA,EAAe,OAAA,EAAkD;AAC9G,EAAA,MAAM,MAAM,MAAM,gBAAA,CAAiB,CAAA,EAAG,MAAA,CAAO,MAAM,CAAA,UAAA,CAAA,EAAc;AAAA,IAC7D,MAAA,EAAQ,KAAA;AAAA,IACR,OAAA,EAAS;AAAA,MACL,eAAA,EAAiB,UAAU,KAAK,CAAA;AAAA,KACpC;AAAA,IACA;AAAA,GACH,CAAA;AAED,EAAA,IAAI,GAAA,CAAI,WAAW,GAAA,EAAK;AACpB,IAAA,MAAM,IAAI,MAAM,KAAK,CAAA;AAAA,EACzB;AAEA,EAAA,IAAI,CAAC,IAAI,EAAA,EAAI;AACT,IAAA,MAAM,IAAI,MAAM,CAAA,8BAAA,EAAiC,GAAA,CAAI,MAAM,CAAA,CAAA,EAAI,GAAA,CAAI,UAAU,CAAA,CAAE,CAAA;AAAA,EACnF;AAEA,EAAA,MAAM,IAAA,GAAQ,MAAM,GAAA,CAAI,IAAA,EAAK;AAC7B,EAAA,OAAO,IAAA,CAAK,MAAA;AAChB;AAEA,eAAe,gBAAgB,OAAA,EAA2D;AACtF,EAAA,YAAA,EAAa;AACb,EAAA,MAAM,MAAA,GAAS,gBAAgB,OAAO,CAAA;AACtC,EAAA,MAAM,OAAA,GAAU,SAAS,OAAA,IAAW,GAAA;AACpC,EAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AAGrB,EAAA,IAAI,QAAQ,KAAA,CAAM,KAAA;AAClB,EAAA,IAAI,UAAA,GAAa,KAAA,IAAS,KAAA,CAAM,cAAA,IAAkB,MAAM,cAAA,GAAiB,GAAA;AAGzE,EAAA,IAAI,CAAC,UAAA,EAAY;AACb,IAAA,KAAA,GAAQ,MAAM,aAAA,CAAc,MAAA,EAAQ,OAAO,CAAA;AAAA,EAC/C;AAGA,EAAA,IAAI,KAAA,CAAM,UAAU,UAAA,EAAY;AAC5B,IAAA,MAAA,CAAO,MAAA,CAAO,OAAA,CAAQ,GAAA,EAAK,KAAA,CAAM,MAAM,CAAA;AACvC,IAAA,OAAO,KAAA,CAAM,MAAA;AAAA,EACjB;AAGA,EAAA,IAAI;AACA,IAAA,MAAM,MAAA,GAAS,MAAM,WAAA,CAAY,MAAA,EAAQ,OAAQ,OAAO,CAAA;AACxD,IAAA,KAAA,CAAM,MAAA,GAAS,MAAA;AACf,IAAA,MAAA,CAAO,MAAA,CAAO,OAAA,CAAQ,GAAA,EAAK,MAAM,CAAA;AACjC,IAAA,OAAO,MAAA;AAAA,EACX,SAAS,GAAA,EAAU;AACf,IAAA,IAAI,GAAA,CAAI,YAAY,KAAA,EAAO;AAEvB,MAAA,KAAA,CAAM,KAAA,GAAQ,IAAA;AACd,MAAA,KAAA,CAAM,MAAA,GAAS,IAAA;AAEf,MAAA,MAAM,QAAA,GAAW,MAAM,aAAA,CAAc,MAAA,EAAQ,OAAO,CAAA;AACpD,MAAA,MAAM,MAAA,GAAS,MAAM,WAAA,CAAY,MAAA,EAAQ,UAAU,OAAO,CAAA;AAC1D,MAAA,KAAA,CAAM,MAAA,GAAS,MAAA;AACf,MAAA,MAAA,CAAO,MAAA,CAAO,OAAA,CAAQ,GAAA,EAAK,MAAM,CAAA;AACjC,MAAA,OAAO,MAAA;AAAA,IACX;AACA,IAAA,MAAM,GAAA;AAAA,EACV;AACJ;AAMO,SAAS,QAAQ,OAAA,EAA2D;AAC/E,EAAA,IAAI,kBAAA,EAAoB;AACpB,IAAA,OAAO,kBAAA;AAAA,EACX;AAEA,EAAA,kBAAA,GAAqB,eAAA,CAAgB,OAAO,CAAA,CACvC,OAAA,CAAQ,MAAM;AACX,IAAA,kBAAA,GAAqB,IAAA;AAAA,EACzB,CAAC,CAAA;AAEL,EAAA,OAAO,kBAAA;AACX;;;ACzLA,eAAsB,cAAc,OAAA,EAA0B;AAC1D,EAAA,OAAO,QAAQ,OAAO,CAAA;AAC1B","file":"next.js","sourcesContent":["import type { EnvGodConfig, LoadEnvOptions, AuthExchangeResponse, BundleResponse } from './types.js';\r\n\r\n// --- State ---\r\ninterface CacheState {\r\n token: string | null;\r\n tokenExpiresAt: number | null; // Timestamp in ms\r\n bundle: Record<string, string> | null;\r\n}\r\n\r\nconst state: CacheState = {\r\n token: null,\r\n tokenExpiresAt: null,\r\n bundle: null,\r\n};\r\n\r\nlet pendingLoadPromise: Promise<Record<string, string>> | null = null;\r\n\r\n/** @internal For testing only */\r\nexport function _resetState() {\r\n state.token = null;\r\n state.tokenExpiresAt = null;\r\n state.bundle = null;\r\n pendingLoadPromise = null;\r\n}\r\n\r\n// --- Helpers ---\r\n\r\n/**\r\n * Validates and returns the configuration.\r\n * Prioritizes options > process.env.\r\n */\r\nexport function getEnvGodConfig(options?: LoadEnvOptions): EnvGodConfig {\r\n const env = process.env;\r\n const config = {\r\n apiUrl: options?.config?.apiUrl ?? env.ENVGOD_API_URL,\r\n apiKey: options?.config?.apiKey ?? env.ENVGOD_API_KEY,\r\n project: options?.config?.project ?? env.ENVGOD_PROJECT,\r\n env: options?.config?.env ?? env.ENVGOD_ENV,\r\n service: options?.config?.service ?? env.ENVGOD_SERVICE,\r\n };\r\n\r\n const missing = Object.entries(config)\r\n .filter(([_, v]) => !v)\r\n .map(([k]) => k);\r\n\r\n if (missing.length > 0) {\r\n throw new Error(`[EnvGod] Missing required configuration: ${missing.join(', ')}`);\r\n }\r\n\r\n return config as EnvGodConfig;\r\n}\r\n\r\n/**\r\n * Checks if the current environment is a browser.\r\n */\r\nfunction checkBrowser() {\r\n if (typeof window !== 'undefined') {\r\n throw new Error('[EnvGod] Security Warning: SDK execution attempting in browser environment. This SDK is server-only.');\r\n }\r\n}\r\n\r\n/**\r\n * Fetches with timeout.\r\n */\r\nasync function fetchWithTimeout(url: string, init: RequestInit & { timeout?: number }) {\r\n const { timeout = 5000, ...rest } = init;\r\n const controller = new AbortController();\r\n const id = setTimeout(() => controller.abort(), timeout);\r\n\r\n try {\r\n const res = await fetch(url, { ...rest, signal: controller.signal });\r\n return res;\r\n } catch (err: any) {\r\n if (err.name === 'AbortError') {\r\n throw new Error(`[EnvGod] Request timed out after ${timeout}ms`);\r\n }\r\n throw err;\r\n } finally {\r\n clearTimeout(id);\r\n }\r\n}\r\n\r\n// --- Core Logic ---\r\n\r\nasync function exchangeToken(config: EnvGodConfig, timeout: number): Promise<string> {\r\n const res = await fetchWithTimeout(`${config.apiUrl}/v1/auth/exchange`, {\r\n method: 'POST',\r\n headers: {\r\n 'Content-Type': 'application/json',\r\n 'Authorization': `Bearer ${config.apiKey}`,\r\n },\r\n body: JSON.stringify({\r\n project: config.project,\r\n env: config.env,\r\n service: config.service,\r\n }),\r\n timeout,\r\n });\r\n\r\n if (!res.ok) {\r\n throw new Error(`[EnvGod] Auth exchange failed: ${res.status} ${res.statusText}`);\r\n }\r\n\r\n const data = (await res.json()) as AuthExchangeResponse;\r\n state.token = data.token;\r\n state.tokenExpiresAt = new Date(data.expiresAt).getTime();\r\n return data.token;\r\n}\r\n\r\nasync function fetchBundle(config: EnvGodConfig, token: string, timeout: number): Promise<Record<string, string>> {\r\n const res = await fetchWithTimeout(`${config.apiUrl}/v1/bundle`, {\r\n method: 'GET',\r\n headers: {\r\n 'Authorization': `Bearer ${token}`,\r\n },\r\n timeout,\r\n });\r\n\r\n if (res.status === 401) {\r\n throw new Error('401'); // Signal to retry\r\n }\r\n\r\n if (!res.ok) {\r\n throw new Error(`[EnvGod] Fetch bundle failed: ${res.status} ${res.statusText}`);\r\n }\r\n\r\n const data = (await res.json()) as BundleResponse;\r\n return data.values;\r\n}\r\n\r\nasync function loadEnvInternal(options?: LoadEnvOptions): Promise<Record<string, string>> {\r\n checkBrowser();\r\n const config = getEnvGodConfig(options);\r\n const timeout = options?.timeout ?? 5000;\r\n const now = Date.now();\r\n\r\n // 1. Check if we have a valid token\r\n let token = state.token;\r\n let tokenValid = token && state.tokenExpiresAt && state.tokenExpiresAt > now;\r\n\r\n // 2. If token invalid, exchange\r\n if (!tokenValid) {\r\n token = await exchangeToken(config, timeout);\r\n }\r\n\r\n // 3. If we have a cached bundle and the token is still the same/valid, return it?\r\n if (state.bundle && tokenValid) {\r\n Object.assign(process.env, state.bundle);\r\n return state.bundle;\r\n }\r\n\r\n // 4. Fetch bundle with retry logic\r\n try {\r\n const values = await fetchBundle(config, token!, timeout);\r\n state.bundle = values;\r\n Object.assign(process.env, values);\r\n return values;\r\n } catch (err: any) {\r\n if (err.message === '401') {\r\n // Retry ONCE: Re-exchange and Re-fetch\r\n state.token = null;\r\n state.bundle = null;\r\n\r\n const newToken = await exchangeToken(config, timeout);\r\n const values = await fetchBundle(config, newToken, timeout);\r\n state.bundle = values;\r\n Object.assign(process.env, values);\r\n return values;\r\n }\r\n throw err;\r\n }\r\n}\r\n\r\n/**\r\n * Main entry point to load environment variables.\r\n * Uses Singleflight pattern to prevent concurrent network requests.\r\n */\r\nexport function loadEnv(options?: LoadEnvOptions): Promise<Record<string, string>> {\r\n if (pendingLoadPromise) {\r\n return pendingLoadPromise;\r\n }\r\n\r\n pendingLoadPromise = loadEnvInternal(options)\r\n .finally(() => {\r\n pendingLoadPromise = null;\r\n });\r\n\r\n return pendingLoadPromise;\r\n}\r\n\r\nexport * from './types.js';\r\n","import 'server-only';\r\nimport { loadEnv, type LoadEnvOptions } from './index.js';\r\n\r\nexport async function loadServerEnv(options?: LoadEnvOptions) {\r\n return loadEnv(options);\r\n}\r\n\r\nexport * from './types.js';\r\n"]}

package/dist/next.mjs ADDED Viewed

@@ -0,0 +1,136 @@
+import 'server-only';
+// src/next.ts
+// src/index.ts
+var state = {
+  token: null,
+  tokenExpiresAt: null,
+  bundle: null
+};
+var pendingLoadPromise = null;
+function getEnvGodConfig(options) {
+  const env = process.env;
+  const config = {
+    apiUrl: options?.config?.apiUrl ?? env.ENVGOD_API_URL,
+    apiKey: options?.config?.apiKey ?? env.ENVGOD_API_KEY,
+    project: options?.config?.project ?? env.ENVGOD_PROJECT,
+    env: options?.config?.env ?? env.ENVGOD_ENV,
+    service: options?.config?.service ?? env.ENVGOD_SERVICE
+  };
+  const missing = Object.entries(config).filter(([_, v]) => !v).map(([k]) => k);
+  if (missing.length > 0) {
+    throw new Error(`[EnvGod] Missing required configuration: ${missing.join(", ")}`);
+  }
+  return config;
+}
+function checkBrowser() {
+  if (typeof window !== "undefined") {
+    throw new Error("[EnvGod] Security Warning: SDK execution attempting in browser environment. This SDK is server-only.");
+  }
+}
+async function fetchWithTimeout(url, init) {
+  const { timeout = 5e3, ...rest } = init;
+  const controller = new AbortController();
+  const id = setTimeout(() => controller.abort(), timeout);
+  try {
+    const res = await fetch(url, { ...rest, signal: controller.signal });
+    return res;
+  } catch (err) {
+    if (err.name === "AbortError") {
+      throw new Error(`[EnvGod] Request timed out after ${timeout}ms`);
+    }
+    throw err;
+  } finally {
+    clearTimeout(id);
+  }
+}
+async function exchangeToken(config, timeout) {
+  const res = await fetchWithTimeout(`${config.apiUrl}/v1/auth/exchange`, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+      "Authorization": `Bearer ${config.apiKey}`
+    },
+    body: JSON.stringify({
+      project: config.project,
+      env: config.env,
+      service: config.service
+    }),
+    timeout
+  });
+  if (!res.ok) {
+    throw new Error(`[EnvGod] Auth exchange failed: ${res.status} ${res.statusText}`);
+  }
+  const data = await res.json();
+  state.token = data.token;
+  state.tokenExpiresAt = new Date(data.expiresAt).getTime();
+  return data.token;
+}
+async function fetchBundle(config, token, timeout) {
+  const res = await fetchWithTimeout(`${config.apiUrl}/v1/bundle`, {
+    method: "GET",
+    headers: {
+      "Authorization": `Bearer ${token}`
+    },
+    timeout
+  });
+  if (res.status === 401) {
+    throw new Error("401");
+  }
+  if (!res.ok) {
+    throw new Error(`[EnvGod] Fetch bundle failed: ${res.status} ${res.statusText}`);
+  }
+  const data = await res.json();
+  return data.values;
+}
+async function loadEnvInternal(options) {
+  checkBrowser();
+  const config = getEnvGodConfig(options);
+  const timeout = options?.timeout ?? 5e3;
+  const now = Date.now();
+  let token = state.token;
+  let tokenValid = token && state.tokenExpiresAt && state.tokenExpiresAt > now;
+  if (!tokenValid) {
+    token = await exchangeToken(config, timeout);
+  }
+  if (state.bundle && tokenValid) {
+    Object.assign(process.env, state.bundle);
+    return state.bundle;
+  }
+  try {
+    const values = await fetchBundle(config, token, timeout);
+    state.bundle = values;
+    Object.assign(process.env, values);
+    return values;
+  } catch (err) {
+    if (err.message === "401") {
+      state.token = null;
+      state.bundle = null;
+      const newToken = await exchangeToken(config, timeout);
+      const values = await fetchBundle(config, newToken, timeout);
+      state.bundle = values;
+      Object.assign(process.env, values);
+      return values;
+    }
+    throw err;
+  }
+}
+function loadEnv(options) {
+  if (pendingLoadPromise) {
+    return pendingLoadPromise;
+  }
+  pendingLoadPromise = loadEnvInternal(options).finally(() => {
+    pendingLoadPromise = null;
+  });
+  return pendingLoadPromise;
+}
+// src/next.ts
+async function loadServerEnv(options) {
+  return loadEnv(options);
+}
+export { loadServerEnv };
+//# sourceMappingURL=next.mjs.map
+//# sourceMappingURL=next.mjs.map

package/dist/next.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/index.ts","../src/next.ts"],"names":[],"mappings":";;;;;AASA,IAAM,KAAA,GAAoB;AAAA,EACtB,KAAA,EAAO,IAAA;AAAA,EACP,cAAA,EAAgB,IAAA;AAAA,EAChB,MAAA,EAAQ;AACZ,CAAA;AAEA,IAAI,kBAAA,GAA6D,IAAA;AAgB1D,SAAS,gBAAgB,OAAA,EAAwC;AACpE,EAAA,MAAM,MAAM,OAAA,CAAQ,GAAA;AACpB,EAAA,MAAM,MAAA,GAAS;AAAA,IACX,MAAA,EAAQ,OAAA,EAAS,MAAA,EAAQ,MAAA,IAAU,GAAA,CAAI,cAAA;AAAA,IACvC,MAAA,EAAQ,OAAA,EAAS,MAAA,EAAQ,MAAA,IAAU,GAAA,CAAI,cAAA;AAAA,IACvC,OAAA,EAAS,OAAA,EAAS,MAAA,EAAQ,OAAA,IAAW,GAAA,CAAI,cAAA;AAAA,IACzC,GAAA,EAAK,OAAA,EAAS,MAAA,EAAQ,GAAA,IAAO,GAAA,CAAI,UAAA;AAAA,IACjC,OAAA,EAAS,OAAA,EAAS,MAAA,EAAQ,OAAA,IAAW,GAAA,CAAI;AAAA,GAC7C;AAEA,EAAA,MAAM,UAAU,MAAA,CAAO,OAAA,CAAQ,MAAM,CAAA,CAChC,MAAA,CAAO,CAAC,CAAC,CAAA,EAAG,CAAC,CAAA,KAAM,CAAC,CAAC,CAAA,CACrB,GAAA,CAAI,CAAC,CAAC,CAAC,MAAM,CAAC,CAAA;AAEnB,EAAA,IAAI,OAAA,CAAQ,SAAS,CAAA,EAAG;AACpB,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,yCAAA,EAA4C,QAAQ,IAAA,CAAK,IAAI,CAAC,CAAA,CAAE,CAAA;AAAA,EACpF;AAEA,EAAA,OAAO,MAAA;AACX;AAKA,SAAS,YAAA,GAAe;AACpB,EAAA,IAAI,OAAO,WAAW,WAAA,EAAa;AAC/B,IAAA,MAAM,IAAI,MAAM,sGAAsG,CAAA;AAAA,EAC1H;AACJ;AAKA,eAAe,gBAAA,CAAiB,KAAa,IAAA,EAA0C;AACnF,EAAA,MAAM,EAAE,OAAA,GAAU,GAAA,EAAM,GAAG,MAAK,GAAI,IAAA;AACpC,EAAA,MAAM,UAAA,GAAa,IAAI,eAAA,EAAgB;AACvC,EAAA,MAAM,KAAK,UAAA,CAAW,MAAM,UAAA,CAAW,KAAA,IAAS,OAAO,CAAA;AAEvD,EAAA,IAAI;AACA,IAAA,MAAM,GAAA,GAAM,MAAM,KAAA,CAAM,GAAA,EAAK,EAAE,GAAG,IAAA,EAAM,MAAA,EAAQ,UAAA,CAAW,MAAA,EAAQ,CAAA;AACnE,IAAA,OAAO,GAAA;AAAA,EACX,SAAS,GAAA,EAAU;AACf,IAAA,IAAI,GAAA,CAAI,SAAS,YAAA,EAAc;AAC3B,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,iCAAA,EAAoC,OAAO,CAAA,EAAA,CAAI,CAAA;AAAA,IACnE;AACA,IAAA,MAAM,GAAA;AAAA,EACV,CAAA,SAAE;AACE,IAAA,YAAA,CAAa,EAAE,CAAA;AAAA,EACnB;AACJ;AAIA,eAAe,aAAA,CAAc,QAAsB,OAAA,EAAkC;AACjF,EAAA,MAAM,MAAM,MAAM,gBAAA,CAAiB,CAAA,EAAG,MAAA,CAAO,MAAM,CAAA,iBAAA,CAAA,EAAqB;AAAA,IACpE,MAAA,EAAQ,MAAA;AAAA,IACR,OAAA,EAAS;AAAA,MACL,cAAA,EAAgB,kBAAA;AAAA,MAChB,eAAA,EAAiB,CAAA,OAAA,EAAU,MAAA,CAAO,MAAM,CAAA;AAAA,KAC5C;AAAA,IACA,IAAA,EAAM,KAAK,SAAA,CAAU;AAAA,MACjB,SAAS,MAAA,CAAO,OAAA;AAAA,MAChB,KAAK,MAAA,CAAO,GAAA;AAAA,MACZ,SAAS,MAAA,CAAO;AAAA,KACnB,CAAA;AAAA,IACD;AAAA,GACH,CAAA;AAED,EAAA,IAAI,CAAC,IAAI,EAAA,EAAI;AACT,IAAA,MAAM,IAAI,MAAM,CAAA,+BAAA,EAAkC,GAAA,CAAI,MAAM,CAAA,CAAA,EAAI,GAAA,CAAI,UAAU,CAAA,CAAE,CAAA;AAAA,EACpF;AAEA,EAAA,MAAM,IAAA,GAAQ,MAAM,GAAA,CAAI,IAAA,EAAK;AAC7B,EAAA,KAAA,CAAM,QAAQ,IAAA,CAAK,KAAA;AACnB,EAAA,KAAA,CAAM,iBAAiB,IAAI,IAAA,CAAK,IAAA,CAAK,SAAS,EAAE,OAAA,EAAQ;AACxD,EAAA,OAAO,IAAA,CAAK,KAAA;AAChB;AAEA,eAAe,WAAA,CAAY,MAAA,EAAsB,KAAA,EAAe,OAAA,EAAkD;AAC9G,EAAA,MAAM,MAAM,MAAM,gBAAA,CAAiB,CAAA,EAAG,MAAA,CAAO,MAAM,CAAA,UAAA,CAAA,EAAc;AAAA,IAC7D,MAAA,EAAQ,KAAA;AAAA,IACR,OAAA,EAAS;AAAA,MACL,eAAA,EAAiB,UAAU,KAAK,CAAA;AAAA,KACpC;AAAA,IACA;AAAA,GACH,CAAA;AAED,EAAA,IAAI,GAAA,CAAI,WAAW,GAAA,EAAK;AACpB,IAAA,MAAM,IAAI,MAAM,KAAK,CAAA;AAAA,EACzB;AAEA,EAAA,IAAI,CAAC,IAAI,EAAA,EAAI;AACT,IAAA,MAAM,IAAI,MAAM,CAAA,8BAAA,EAAiC,GAAA,CAAI,MAAM,CAAA,CAAA,EAAI,GAAA,CAAI,UAAU,CAAA,CAAE,CAAA;AAAA,EACnF;AAEA,EAAA,MAAM,IAAA,GAAQ,MAAM,GAAA,CAAI,IAAA,EAAK;AAC7B,EAAA,OAAO,IAAA,CAAK,MAAA;AAChB;AAEA,eAAe,gBAAgB,OAAA,EAA2D;AACtF,EAAA,YAAA,EAAa;AACb,EAAA,MAAM,MAAA,GAAS,gBAAgB,OAAO,CAAA;AACtC,EAAA,MAAM,OAAA,GAAU,SAAS,OAAA,IAAW,GAAA;AACpC,EAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AAGrB,EAAA,IAAI,QAAQ,KAAA,CAAM,KAAA;AAClB,EAAA,IAAI,UAAA,GAAa,KAAA,IAAS,KAAA,CAAM,cAAA,IAAkB,MAAM,cAAA,GAAiB,GAAA;AAGzE,EAAA,IAAI,CAAC,UAAA,EAAY;AACb,IAAA,KAAA,GAAQ,MAAM,aAAA,CAAc,MAAA,EAAQ,OAAO,CAAA;AAAA,EAC/C;AAGA,EAAA,IAAI,KAAA,CAAM,UAAU,UAAA,EAAY;AAC5B,IAAA,MAAA,CAAO,MAAA,CAAO,OAAA,CAAQ,GAAA,EAAK,KAAA,CAAM,MAAM,CAAA;AACvC,IAAA,OAAO,KAAA,CAAM,MAAA;AAAA,EACjB;AAGA,EAAA,IAAI;AACA,IAAA,MAAM,MAAA,GAAS,MAAM,WAAA,CAAY,MAAA,EAAQ,OAAQ,OAAO,CAAA;AACxD,IAAA,KAAA,CAAM,MAAA,GAAS,MAAA;AACf,IAAA,MAAA,CAAO,MAAA,CAAO,OAAA,CAAQ,GAAA,EAAK,MAAM,CAAA;AACjC,IAAA,OAAO,MAAA;AAAA,EACX,SAAS,GAAA,EAAU;AACf,IAAA,IAAI,GAAA,CAAI,YAAY,KAAA,EAAO;AAEvB,MAAA,KAAA,CAAM,KAAA,GAAQ,IAAA;AACd,MAAA,KAAA,CAAM,MAAA,GAAS,IAAA;AAEf,MAAA,MAAM,QAAA,GAAW,MAAM,aAAA,CAAc,MAAA,EAAQ,OAAO,CAAA;AACpD,MAAA,MAAM,MAAA,GAAS,MAAM,WAAA,CAAY,MAAA,EAAQ,UAAU,OAAO,CAAA;AAC1D,MAAA,KAAA,CAAM,MAAA,GAAS,MAAA;AACf,MAAA,MAAA,CAAO,MAAA,CAAO,OAAA,CAAQ,GAAA,EAAK,MAAM,CAAA;AACjC,MAAA,OAAO,MAAA;AAAA,IACX;AACA,IAAA,MAAM,GAAA;AAAA,EACV;AACJ;AAMO,SAAS,QAAQ,OAAA,EAA2D;AAC/E,EAAA,IAAI,kBAAA,EAAoB;AACpB,IAAA,OAAO,kBAAA;AAAA,EACX;AAEA,EAAA,kBAAA,GAAqB,eAAA,CAAgB,OAAO,CAAA,CACvC,OAAA,CAAQ,MAAM;AACX,IAAA,kBAAA,GAAqB,IAAA;AAAA,EACzB,CAAC,CAAA;AAEL,EAAA,OAAO,kBAAA;AACX;;;ACzLA,eAAsB,cAAc,OAAA,EAA0B;AAC1D,EAAA,OAAO,QAAQ,OAAO,CAAA;AAC1B","file":"next.mjs","sourcesContent":["import type { EnvGodConfig, LoadEnvOptions, AuthExchangeResponse, BundleResponse } from './types.js';\r\n\r\n// --- State ---\r\ninterface CacheState {\r\n token: string | null;\r\n tokenExpiresAt: number | null; // Timestamp in ms\r\n bundle: Record<string, string> | null;\r\n}\r\n\r\nconst state: CacheState = {\r\n token: null,\r\n tokenExpiresAt: null,\r\n bundle: null,\r\n};\r\n\r\nlet pendingLoadPromise: Promise<Record<string, string>> | null = null;\r\n\r\n/** @internal For testing only */\r\nexport function _resetState() {\r\n state.token = null;\r\n state.tokenExpiresAt = null;\r\n state.bundle = null;\r\n pendingLoadPromise = null;\r\n}\r\n\r\n// --- Helpers ---\r\n\r\n/**\r\n * Validates and returns the configuration.\r\n * Prioritizes options > process.env.\r\n */\r\nexport function getEnvGodConfig(options?: LoadEnvOptions): EnvGodConfig {\r\n const env = process.env;\r\n const config = {\r\n apiUrl: options?.config?.apiUrl ?? env.ENVGOD_API_URL,\r\n apiKey: options?.config?.apiKey ?? env.ENVGOD_API_KEY,\r\n project: options?.config?.project ?? env.ENVGOD_PROJECT,\r\n env: options?.config?.env ?? env.ENVGOD_ENV,\r\n service: options?.config?.service ?? env.ENVGOD_SERVICE,\r\n };\r\n\r\n const missing = Object.entries(config)\r\n .filter(([_, v]) => !v)\r\n .map(([k]) => k);\r\n\r\n if (missing.length > 0) {\r\n throw new Error(`[EnvGod] Missing required configuration: ${missing.join(', ')}`);\r\n }\r\n\r\n return config as EnvGodConfig;\r\n}\r\n\r\n/**\r\n * Checks if the current environment is a browser.\r\n */\r\nfunction checkBrowser() {\r\n if (typeof window !== 'undefined') {\r\n throw new Error('[EnvGod] Security Warning: SDK execution attempting in browser environment. This SDK is server-only.');\r\n }\r\n}\r\n\r\n/**\r\n * Fetches with timeout.\r\n */\r\nasync function fetchWithTimeout(url: string, init: RequestInit & { timeout?: number }) {\r\n const { timeout = 5000, ...rest } = init;\r\n const controller = new AbortController();\r\n const id = setTimeout(() => controller.abort(), timeout);\r\n\r\n try {\r\n const res = await fetch(url, { ...rest, signal: controller.signal });\r\n return res;\r\n } catch (err: any) {\r\n if (err.name === 'AbortError') {\r\n throw new Error(`[EnvGod] Request timed out after ${timeout}ms`);\r\n }\r\n throw err;\r\n } finally {\r\n clearTimeout(id);\r\n }\r\n}\r\n\r\n// --- Core Logic ---\r\n\r\nasync function exchangeToken(config: EnvGodConfig, timeout: number): Promise<string> {\r\n const res = await fetchWithTimeout(`${config.apiUrl}/v1/auth/exchange`, {\r\n method: 'POST',\r\n headers: {\r\n 'Content-Type': 'application/json',\r\n 'Authorization': `Bearer ${config.apiKey}`,\r\n },\r\n body: JSON.stringify({\r\n project: config.project,\r\n env: config.env,\r\n service: config.service,\r\n }),\r\n timeout,\r\n });\r\n\r\n if (!res.ok) {\r\n throw new Error(`[EnvGod] Auth exchange failed: ${res.status} ${res.statusText}`);\r\n }\r\n\r\n const data = (await res.json()) as AuthExchangeResponse;\r\n state.token = data.token;\r\n state.tokenExpiresAt = new Date(data.expiresAt).getTime();\r\n return data.token;\r\n}\r\n\r\nasync function fetchBundle(config: EnvGodConfig, token: string, timeout: number): Promise<Record<string, string>> {\r\n const res = await fetchWithTimeout(`${config.apiUrl}/v1/bundle`, {\r\n method: 'GET',\r\n headers: {\r\n 'Authorization': `Bearer ${token}`,\r\n },\r\n timeout,\r\n });\r\n\r\n if (res.status === 401) {\r\n throw new Error('401'); // Signal to retry\r\n }\r\n\r\n if (!res.ok) {\r\n throw new Error(`[EnvGod] Fetch bundle failed: ${res.status} ${res.statusText}`);\r\n }\r\n\r\n const data = (await res.json()) as BundleResponse;\r\n return data.values;\r\n}\r\n\r\nasync function loadEnvInternal(options?: LoadEnvOptions): Promise<Record<string, string>> {\r\n checkBrowser();\r\n const config = getEnvGodConfig(options);\r\n const timeout = options?.timeout ?? 5000;\r\n const now = Date.now();\r\n\r\n // 1. Check if we have a valid token\r\n let token = state.token;\r\n let tokenValid = token && state.tokenExpiresAt && state.tokenExpiresAt > now;\r\n\r\n // 2. If token invalid, exchange\r\n if (!tokenValid) {\r\n token = await exchangeToken(config, timeout);\r\n }\r\n\r\n // 3. If we have a cached bundle and the token is still the same/valid, return it?\r\n if (state.bundle && tokenValid) {\r\n Object.assign(process.env, state.bundle);\r\n return state.bundle;\r\n }\r\n\r\n // 4. Fetch bundle with retry logic\r\n try {\r\n const values = await fetchBundle(config, token!, timeout);\r\n state.bundle = values;\r\n Object.assign(process.env, values);\r\n return values;\r\n } catch (err: any) {\r\n if (err.message === '401') {\r\n // Retry ONCE: Re-exchange and Re-fetch\r\n state.token = null;\r\n state.bundle = null;\r\n\r\n const newToken = await exchangeToken(config, timeout);\r\n const values = await fetchBundle(config, newToken, timeout);\r\n state.bundle = values;\r\n Object.assign(process.env, values);\r\n return values;\r\n }\r\n throw err;\r\n }\r\n}\r\n\r\n/**\r\n * Main entry point to load environment variables.\r\n * Uses Singleflight pattern to prevent concurrent network requests.\r\n */\r\nexport function loadEnv(options?: LoadEnvOptions): Promise<Record<string, string>> {\r\n if (pendingLoadPromise) {\r\n return pendingLoadPromise;\r\n }\r\n\r\n pendingLoadPromise = loadEnvInternal(options)\r\n .finally(() => {\r\n pendingLoadPromise = null;\r\n });\r\n\r\n return pendingLoadPromise;\r\n}\r\n\r\nexport * from './types.js';\r\n","import 'server-only';\r\nimport { loadEnv, type LoadEnvOptions } from './index.js';\r\n\r\nexport async function loadServerEnv(options?: LoadEnvOptions) {\r\n return loadEnv(options);\r\n}\r\n\r\nexport * from './types.js';\r\n"]}

package/dist/types-BJpNm9Vm.d.mts ADDED Viewed

@@ -0,0 +1,22 @@
+interface EnvGodConfig {
+    apiUrl: string;
+    apiKey: string;
+    project: string;
+    env: string;
+    service: string;
+}
+interface LoadEnvOptions {
+    /** Override default configuration */
+    config?: Partial<EnvGodConfig>;
+    /** Timeout in milliseconds (default: 5000) */
+    timeout?: number;
+}
+interface AuthExchangeResponse {
+    token: string;
+    expiresAt: string;
+}
+interface BundleResponse {
+    values: Record<string, string>;
+}
+export type { AuthExchangeResponse as A, BundleResponse as B, EnvGodConfig as E, LoadEnvOptions as L };

package/dist/types-BJpNm9Vm.d.ts ADDED Viewed

@@ -0,0 +1,22 @@
+interface EnvGodConfig {
+    apiUrl: string;
+    apiKey: string;
+    project: string;
+    env: string;
+    service: string;
+}
+interface LoadEnvOptions {
+    /** Override default configuration */
+    config?: Partial<EnvGodConfig>;
+    /** Timeout in milliseconds (default: 5000) */
+    timeout?: number;
+}
+interface AuthExchangeResponse {
+    token: string;
+    expiresAt: string;
+}
+interface BundleResponse {
+    values: Record<string, string>;
+}
+export type { AuthExchangeResponse as A, BundleResponse as B, EnvGodConfig as E, LoadEnvOptions as L };

package/package.json ADDED Viewed

@@ -0,0 +1,57 @@
+{
+  "name": "@rusamer/envgod",
+  "version": "0.0.1",
+  "description": "Secure Node.js/Next.js SDK for EnvGod",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/rubric-labs/envgod-sdk"
+  },
+  "main": "./dist/index.js",
+  "module": "./dist/index.mjs",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.mjs",
+      "require": "./dist/index.js"
+    },
+    "./next": {
+      "types": "./dist/next.d.ts",
+      "import": "./dist/next.mjs",
+      "require": "./dist/next.js"
+    }
+  },
+  "files": [
+    "dist",
+    "README.md",
+    "LICENSE"
+  ],
+  "engines": {
+    "node": ">=18"
+  },
+  "scripts": {
+    "build": "tsup",
+    "test": "vitest run",
+    "prepublishOnly": "npm run build"
+  },
+  "keywords": [
+    "env",
+    "secrets",
+    "nextjs",
+    "security",
+    "configuration"
+  ],
+  "author": "",
+  "license": "MIT",
+  "sideEffects": false,
+  "devDependencies": {
+    "@types/node": "^20.0.0",
+    "tsup": "^8.0.0",
+    "typescript": "^5.0.0",
+    "undici": "^6.0.0",
+    "vitest": "^1.0.0"
+  },
+  "dependencies": {
+    "server-only": "^0.0.1"
+  }
+}