npm - @smythos/sre - Versions diffs - 1.6.1 → 1.6.8 - Mend

@smythos/sre 1.6.1 → 1.6.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (234) hide show

package/CHANGELOG +111 -111
package/LICENSE +18 -18
package/README.md +135 -135
package/dist/index.js +2 -2
package/dist/index.js.map +1 -1
package/dist/types/subsystems/LLMManager/ModelsProvider.service/connectors/SmythModelsProvider.class.d.ts +39 -0
package/package.json +1 -1
package/src/Components/APICall/APICall.class.ts +161 -161
package/src/Components/APICall/AccessTokenManager.ts +166 -166
package/src/Components/APICall/ArrayBufferResponse.helper.ts +58 -58
package/src/Components/APICall/OAuth.helper.ts +447 -447
package/src/Components/APICall/mimeTypeCategories.ts +46 -46
package/src/Components/APICall/parseData.ts +167 -167
package/src/Components/APICall/parseHeaders.ts +41 -41
package/src/Components/APICall/parseProxy.ts +68 -68
package/src/Components/APICall/parseUrl.ts +91 -91
package/src/Components/APIEndpoint.class.ts +234 -234
package/src/Components/APIOutput.class.ts +58 -58
package/src/Components/AgentPlugin.class.ts +102 -102
package/src/Components/Async.class.ts +155 -155
package/src/Components/Await.class.ts +90 -90
package/src/Components/Classifier.class.ts +158 -158
package/src/Components/Component.class.ts +147 -147
package/src/Components/ComponentHost.class.ts +38 -38
package/src/Components/DataSourceCleaner.class.ts +92 -92
package/src/Components/DataSourceIndexer.class.ts +181 -181
package/src/Components/DataSourceLookup.class.ts +161 -161
package/src/Components/ECMASandbox.class.ts +72 -72
package/src/Components/FEncDec.class.ts +29 -29
package/src/Components/FHash.class.ts +33 -33
package/src/Components/FSign.class.ts +80 -80
package/src/Components/FSleep.class.ts +25 -25
package/src/Components/FTimestamp.class.ts +66 -66
package/src/Components/FileStore.class.ts +78 -78
package/src/Components/ForEach.class.ts +97 -97
package/src/Components/GPTPlugin.class.ts +70 -70
package/src/Components/GenAILLM.class.ts +586 -586
package/src/Components/HuggingFace.class.ts +313 -313
package/src/Components/Image/imageSettings.config.ts +70 -70
package/src/Components/ImageGenerator.class.ts +483 -483
package/src/Components/JSONFilter.class.ts +54 -54
package/src/Components/LLMAssistant.class.ts +213 -213
package/src/Components/LogicAND.class.ts +28 -28
package/src/Components/LogicAtLeast.class.ts +85 -85
package/src/Components/LogicAtMost.class.ts +86 -86
package/src/Components/LogicOR.class.ts +29 -29
package/src/Components/LogicXOR.class.ts +34 -34
package/src/Components/MCPClient.class.ts +137 -137
package/src/Components/MemoryDeleteKeyVal.class.ts +70 -70
package/src/Components/MemoryReadKeyVal.class.ts +67 -67
package/src/Components/MemoryWriteKeyVal.class.ts +62 -62
package/src/Components/MemoryWriteObject.class.ts +97 -97
package/src/Components/MultimodalLLM.class.ts +128 -128
package/src/Components/OpenAPI.class.ts +72 -72
package/src/Components/PromptGenerator.class.ts +122 -122
package/src/Components/ScrapflyWebScrape.class.ts +183 -183
package/src/Components/ServerlessCode.class.ts +123 -123
package/src/Components/TavilyWebSearch.class.ts +103 -103
package/src/Components/VisionLLM.class.ts +104 -104
package/src/Components/ZapierAction.class.ts +127 -127
package/src/Components/index.ts +97 -97
package/src/Core/AgentProcess.helper.ts +240 -240
package/src/Core/Connector.class.ts +123 -123
package/src/Core/ConnectorsService.ts +197 -197
package/src/Core/DummyConnector.ts +49 -49
package/src/Core/HookService.ts +105 -105
package/src/Core/SmythRuntime.class.ts +241 -241
package/src/Core/SystemEvents.ts +16 -16
package/src/Core/boot.ts +56 -56
package/src/config.ts +15 -15
package/src/constants.ts +126 -126
package/src/data/hugging-face.params.json +579 -579
package/src/helpers/AWSLambdaCode.helper.ts +624 -599
package/src/helpers/BinaryInput.helper.ts +331 -331
package/src/helpers/Conversation.helper.ts +1157 -1157
package/src/helpers/ECMASandbox.helper.ts +64 -64
package/src/helpers/JsonContent.helper.ts +97 -97
package/src/helpers/LocalCache.helper.ts +97 -97
package/src/helpers/Log.helper.ts +274 -274
package/src/helpers/OpenApiParser.helper.ts +150 -150
package/src/helpers/S3Cache.helper.ts +147 -147
package/src/helpers/SmythURI.helper.ts +5 -5
package/src/helpers/Sysconfig.helper.ts +95 -95
package/src/helpers/TemplateString.helper.ts +243 -243
package/src/helpers/TypeChecker.helper.ts +329 -329
package/src/index.ts +198 -198
package/src/index.ts.bak +198 -198
package/src/subsystems/AgentManager/Agent.class.ts +1114 -1114
package/src/subsystems/AgentManager/Agent.helper.ts +3 -3
package/src/subsystems/AgentManager/AgentData.service/AgentDataConnector.ts +230 -230
package/src/subsystems/AgentManager/AgentData.service/connectors/CLIAgentDataConnector.class.ts +66 -66
package/src/subsystems/AgentManager/AgentData.service/connectors/LocalAgentDataConnector.class.ts +145 -145
package/src/subsystems/AgentManager/AgentData.service/connectors/NullAgentData.class.ts +39 -39
package/src/subsystems/AgentManager/AgentData.service/index.ts +18 -18
package/src/subsystems/AgentManager/AgentLogger.class.ts +301 -301
package/src/subsystems/AgentManager/AgentRequest.class.ts +51 -51
package/src/subsystems/AgentManager/AgentRuntime.class.ts +557 -557
package/src/subsystems/AgentManager/AgentSSE.class.ts +101 -101
package/src/subsystems/AgentManager/AgentSettings.class.ts +52 -52
package/src/subsystems/AgentManager/Component.service/ComponentConnector.ts +32 -32
package/src/subsystems/AgentManager/Component.service/connectors/LocalComponentConnector.class.ts +60 -60
package/src/subsystems/AgentManager/Component.service/index.ts +11 -11
package/src/subsystems/AgentManager/EmbodimentSettings.class.ts +47 -47
package/src/subsystems/AgentManager/ForkedAgent.class.ts +154 -154
package/src/subsystems/AgentManager/OSResourceMonitor.ts +77 -77
package/src/subsystems/ComputeManager/Code.service/CodeConnector.ts +98 -98
package/src/subsystems/ComputeManager/Code.service/connectors/AWSLambdaCode.class.ts +171 -172
package/src/subsystems/ComputeManager/Code.service/connectors/ECMASandbox.class.ts +131 -131
package/src/subsystems/ComputeManager/Code.service/index.ts +13 -13
package/src/subsystems/IO/CLI.service/CLIConnector.ts +47 -47
package/src/subsystems/IO/CLI.service/index.ts +9 -9
package/src/subsystems/IO/Log.service/LogConnector.ts +32 -32
package/src/subsystems/IO/Log.service/connectors/ConsoleLog.class.ts +28 -28
package/src/subsystems/IO/Log.service/index.ts +13 -13
package/src/subsystems/IO/NKV.service/NKVConnector.ts +43 -43
package/src/subsystems/IO/NKV.service/connectors/NKVLocalStorage.class.ts +234 -234
package/src/subsystems/IO/NKV.service/connectors/NKVRAM.class.ts +204 -204
package/src/subsystems/IO/NKV.service/connectors/NKVRedis.class.ts +182 -182
package/src/subsystems/IO/NKV.service/index.ts +14 -14
package/src/subsystems/IO/Router.service/RouterConnector.ts +21 -21
package/src/subsystems/IO/Router.service/connectors/ExpressRouter.class.ts +48 -48
package/src/subsystems/IO/Router.service/connectors/NullRouter.class.ts +40 -40
package/src/subsystems/IO/Router.service/index.ts +11 -11
package/src/subsystems/IO/Storage.service/SmythFS.class.ts +488 -488
package/src/subsystems/IO/Storage.service/StorageConnector.ts +66 -66
package/src/subsystems/IO/Storage.service/connectors/LocalStorage.class.ts +327 -327
package/src/subsystems/IO/Storage.service/connectors/S3Storage.class.ts +482 -482
package/src/subsystems/IO/Storage.service/index.ts +13 -13
package/src/subsystems/IO/VectorDB.service/VectorDBConnector.ts +108 -108
package/src/subsystems/IO/VectorDB.service/connectors/MilvusVectorDB.class.ts +465 -465
package/src/subsystems/IO/VectorDB.service/connectors/PineconeVectorDB.class.ts +387 -387
package/src/subsystems/IO/VectorDB.service/connectors/RAMVecrtorDB.class.ts +408 -408
package/src/subsystems/IO/VectorDB.service/embed/BaseEmbedding.ts +107 -107
package/src/subsystems/IO/VectorDB.service/embed/GoogleEmbedding.ts +118 -118
package/src/subsystems/IO/VectorDB.service/embed/OpenAIEmbedding.ts +109 -109
package/src/subsystems/IO/VectorDB.service/embed/index.ts +26 -26
package/src/subsystems/IO/VectorDB.service/index.ts +14 -14
package/src/subsystems/LLMManager/LLM.helper.ts +251 -251
package/src/subsystems/LLMManager/LLM.inference.ts +345 -345
package/src/subsystems/LLMManager/LLM.service/LLMConnector.ts +492 -492
package/src/subsystems/LLMManager/LLM.service/LLMCredentials.helper.ts +171 -171
package/src/subsystems/LLMManager/LLM.service/connectors/Anthropic.class.ts +666 -666
package/src/subsystems/LLMManager/LLM.service/connectors/Bedrock.class.ts +407 -407
package/src/subsystems/LLMManager/LLM.service/connectors/Echo.class.ts +92 -92
package/src/subsystems/LLMManager/LLM.service/connectors/GoogleAI.class.ts +983 -983
package/src/subsystems/LLMManager/LLM.service/connectors/Groq.class.ts +319 -319
package/src/subsystems/LLMManager/LLM.service/connectors/Ollama.class.ts +361 -361
package/src/subsystems/LLMManager/LLM.service/connectors/Perplexity.class.ts +257 -257
package/src/subsystems/LLMManager/LLM.service/connectors/VertexAI.class.ts +430 -430
package/src/subsystems/LLMManager/LLM.service/connectors/openai/OpenAIConnector.class.ts +503 -503
package/src/subsystems/LLMManager/LLM.service/connectors/openai/apiInterfaces/ChatCompletionsApiInterface.ts +524 -524
package/src/subsystems/LLMManager/LLM.service/connectors/openai/apiInterfaces/OpenAIApiInterface.ts +100 -100
package/src/subsystems/LLMManager/LLM.service/connectors/openai/apiInterfaces/OpenAIApiInterfaceFactory.ts +81 -81
package/src/subsystems/LLMManager/LLM.service/connectors/openai/apiInterfaces/ResponsesApiInterface.ts +1145 -1145
package/src/subsystems/LLMManager/LLM.service/connectors/openai/apiInterfaces/constants.ts +13 -13
package/src/subsystems/LLMManager/LLM.service/connectors/openai/apiInterfaces/index.ts +4 -4
package/src/subsystems/LLMManager/LLM.service/connectors/openai/apiInterfaces/utils.ts +11 -11
package/src/subsystems/LLMManager/LLM.service/connectors/openai/types.ts +32 -32
package/src/subsystems/LLMManager/LLM.service/connectors/xAI.class.ts +478 -478
package/src/subsystems/LLMManager/LLM.service/index.ts +47 -47
package/src/subsystems/LLMManager/ModelsProvider.service/ModelsProviderConnector.ts +303 -303
package/src/subsystems/LLMManager/ModelsProvider.service/connectors/JSONModelsProvider.class.ts +271 -271
package/src/subsystems/LLMManager/ModelsProvider.service/index.ts +11 -11
package/src/subsystems/LLMManager/custom-models.ts +854 -854
package/src/subsystems/LLMManager/models.ts +2540 -2540
package/src/subsystems/LLMManager/paramMappings.ts +69 -69
package/src/subsystems/MemoryManager/Cache.service/CacheConnector.ts +86 -86
package/src/subsystems/MemoryManager/Cache.service/connectors/LocalStorageCache.class.ts +297 -297
package/src/subsystems/MemoryManager/Cache.service/connectors/RAMCache.class.ts +214 -214
package/src/subsystems/MemoryManager/Cache.service/connectors/RedisCache.class.ts +252 -252
package/src/subsystems/MemoryManager/Cache.service/connectors/S3Cache.class.ts +373 -373
package/src/subsystems/MemoryManager/Cache.service/index.ts +15 -15
package/src/subsystems/MemoryManager/LLMCache.ts +72 -72
package/src/subsystems/MemoryManager/LLMContext.ts +124 -124
package/src/subsystems/MemoryManager/LLMMemory.service/LLMMemoryConnector.ts +26 -26
package/src/subsystems/MemoryManager/RuntimeContext.ts +277 -277
package/src/subsystems/Security/AccessControl/ACL.class.ts +208 -208
package/src/subsystems/Security/AccessControl/AccessCandidate.class.ts +82 -82
package/src/subsystems/Security/AccessControl/AccessRequest.class.ts +52 -52
package/src/subsystems/Security/Account.service/AccountConnector.ts +44 -44
package/src/subsystems/Security/Account.service/connectors/DummyAccount.class.ts +130 -130
package/src/subsystems/Security/Account.service/connectors/JSONFileAccount.class.ts +170 -170
package/src/subsystems/Security/Account.service/connectors/MySQLAccount.class.ts +76 -76
package/src/subsystems/Security/Account.service/index.ts +14 -14
package/src/subsystems/Security/Credentials.helper.ts +62 -62
package/src/subsystems/Security/ManagedVault.service/ManagedVaultConnector.ts +38 -38
package/src/subsystems/Security/ManagedVault.service/connectors/NullManagedVault.class.ts +53 -53
package/src/subsystems/Security/ManagedVault.service/connectors/SecretManagerManagedVault.ts +154 -154
package/src/subsystems/Security/ManagedVault.service/index.ts +12 -12
package/src/subsystems/Security/SecureConnector.class.ts +110 -110
package/src/subsystems/Security/Vault.service/Vault.helper.ts +30 -30
package/src/subsystems/Security/Vault.service/VaultConnector.ts +29 -29
package/src/subsystems/Security/Vault.service/connectors/HashicorpVault.class.ts +46 -46
package/src/subsystems/Security/Vault.service/connectors/JSONFileVault.class.ts +221 -221
package/src/subsystems/Security/Vault.service/connectors/NullVault.class.ts +54 -54
package/src/subsystems/Security/Vault.service/connectors/SecretsManager.class.ts +140 -140
package/src/subsystems/Security/Vault.service/index.ts +12 -12
package/src/types/ACL.types.ts +104 -104
package/src/types/AWS.types.ts +10 -10
package/src/types/Agent.types.ts +61 -61
package/src/types/AgentLogger.types.ts +17 -17
package/src/types/Cache.types.ts +1 -1
package/src/types/Common.types.ts +2 -2
package/src/types/LLM.types.ts +520 -520
package/src/types/Redis.types.ts +8 -8
package/src/types/SRE.types.ts +64 -64
package/src/types/Security.types.ts +14 -14
package/src/types/Storage.types.ts +5 -5
package/src/types/VectorDB.types.ts +86 -86
package/src/utils/base64.utils.ts +275 -275
package/src/utils/cli.utils.ts +68 -68
package/src/utils/data.utils.ts +322 -322
package/src/utils/date-time.utils.ts +22 -22
package/src/utils/general.utils.ts +238 -238
package/src/utils/index.ts +12 -12
package/src/utils/lazy-client.ts +261 -261
package/src/utils/numbers.utils.ts +13 -13
package/src/utils/oauth.utils.ts +35 -35
package/src/utils/string.utils.ts +414 -414
package/src/utils/url.utils.ts +19 -19
package/src/utils/validation.utils.ts +74 -74
package/dist/bundle-analysis-lazy.html +0 -4949
package/dist/bundle-analysis.html +0 -4949
package/dist/types/Components/Triggers/GmailTrigger.class.d.ts +0 -13
package/dist/types/Components/Triggers/Trigger.class.d.ts +0 -3
package/dist/types/helpers/AIPerformanceAnalyzer.helper.d.ts +0 -45
package/dist/types/helpers/AIPerformanceCollector.helper.d.ts +0 -111
package/dist/types/subsystems/IO/Storage.service/connectors/AzureBlobStorage.class.d.ts +0 -211
package/dist/types/subsystems/IO/VectorDB.service/connectors/WeaviateVectorDB.class.d.ts +0 -187
package/dist/types/subsystems/PerformanceManager/Performance.service/PerformanceConnector.d.ts +0 -102
package/dist/types/subsystems/PerformanceManager/Performance.service/connectors/LocalPerformanceConnector.class.d.ts +0 -100
package/dist/types/subsystems/PerformanceManager/Performance.service/index.d.ts +0 -22
package/dist/types/types/Performance.types.d.ts +0 -468
package/dist/types/utils/package-manager.utils.d.ts +0 -26

package/src/subsystems/Security/Vault.service/connectors/JSONFileVault.class.ts CHANGED Viewed

@@ -1,221 +1,221 @@
-import { ConnectorService } from '@sre/Core/ConnectorsService';
-import { Logger } from '@sre/helpers/Log.helper';
-import { SmythRuntime } from '@sre/Core/SmythRuntime.class';
-import { AccessCandidate } from '@sre/Security/AccessControl/AccessCandidate.class';
-import { AccessRequest } from '@sre/Security/AccessControl/AccessRequest.class';
-import { ACL } from '@sre/Security/AccessControl/ACL.class';
-import { SecureConnector } from '@sre/Security/SecureConnector.class';
-import { IAccessCandidate, TAccessLevel, TAccessRole } from '@sre/types/ACL.types';
-import { EncryptionSettings } from '@sre/types/Security.types';
-import { IVaultRequest, VaultConnector } from '../VaultConnector';
-import os from 'os';
-import crypto from 'crypto';
-import fs from 'fs';
-import * as readlineSync from 'readline-sync';
-import path from 'path';
-import * as chokidar from 'chokidar';
-import { findSmythPath } from '../../../../helpers/Sysconfig.helper';
-const console = Logger('JSONFileVault');
-export type JSONFileVaultConfig = {
-    file?: string;
-    fileKey?: string;
-    shared?: string;
-};
-export class JSONFileVault extends VaultConnector {
-    public name: string = 'JSONFileVault';
-    private vaultData: any;
-    private index: any;
-    private shared: string;
-    private vaultFile: string;
-    private watcher: chokidar.FSWatcher | null = null;
-    constructor(protected _settings: JSONFileVaultConfig) {
-        super(_settings);
-        //if (!SmythRuntime.Instance) throw new Error('SRE not initialized');
-        this.shared = _settings.shared || ''; //if config.shared, all keys are accessible to all teams, and they are set under the 'shared' teamId
-        this.vaultFile = this.findVaultFile(_settings.file);
-        this.fetchVaultData(this.vaultFile, _settings);
-        this.initFileWatcher();
-    }
-    private findVaultFile(vaultFile) {
-        let _vaultFile = vaultFile;
-        if (fs.existsSync(_vaultFile)) {
-            return _vaultFile;
-        }
-        console.warn('Vault file not found in:', _vaultFile);
-        //try to find the .smyth directory and check if it contains a valid vault
-        _vaultFile = findSmythPath('.sre/vault.json', (dir, success, nextDir) => {
-            if (!success) {
-                console.warn('Vault file not found in:', nextDir);
-            }
-        });
-        if (fs.existsSync(_vaultFile)) {
-            console.warn('Using alternative vault file found in : ', _vaultFile);
-            return _vaultFile;
-        }
-        console.warn('!!! All attempts to find the vault file failed !!!');
-        console.warn('!!! Will continue without vault !!!');
-        console.warn('!!! Many features might not work !!!');
-        return null;
-    }
-    private getMasterKeyInteractive(): string {
-        //read master key using readline-sync (blocking)
-        process.stdout.write('\x1b[1;37m===[ Encrypted Vault Detected ]=================================\x1b[0m\n');
-        const masterKey = readlineSync.question('Enter master key: ', {
-            hideEchoBack: true,
-            mask: '*',
-        });
-        console.info('Master key entered');
-        return masterKey;
-    }
-    /**
-     * Resolves environment variable references in vault values.
-     * Supports syntax: $env(VARIABLE_NAME)
-     * @param value The value to process
-     * @returns The value with environment variables resolved
-     */
-    private resolveEnvironmentVariables(value: any): any {
-        if (typeof value !== 'string') {
-            return value;
-        }
-        // Match $env(VARIABLE_NAME) pattern
-        const envVarPattern = /\$env\(([^)]+)\)/g;
-        return value.replace(envVarPattern, (match, envVarName) => {
-            const envValue = process.env[envVarName];
-            if (envValue === undefined) {
-                console.warn(`Environment variable ${envVarName} not found, keeping original value: ${match}`);
-                return match;
-            }
-            return envValue;
-        });
-    }
-    @SecureConnector.AccessControl
-    protected async get(acRequest: AccessRequest, keyId: string) {
-        const accountConnector = ConnectorService.getAccountConnector();
-        const teamId = await accountConnector.getCandidateTeam(acRequest.candidate);
-        const rawValue = this.vaultData?.[teamId]?.[keyId] || this.vaultData?.[this.shared]?.[keyId];
-        // Resolve environment variables if the value contains $env() references
-        return this.resolveEnvironmentVariables(rawValue);
-    }
-    @SecureConnector.AccessControl
-    protected async exists(acRequest: AccessRequest, keyId: string) {
-        const accountConnector = ConnectorService.getAccountConnector();
-        const teamId = await accountConnector.getCandidateTeam(acRequest.candidate);
-        return !!(this.vaultData?.[teamId]?.[keyId] || this.vaultData?.[this.shared]?.[keyId]);
-    }
-    @SecureConnector.AccessControl
-    protected async listKeys(acRequest: AccessRequest) {
-        const accountConnector = ConnectorService.getAccountConnector();
-        const teamId = await accountConnector.getCandidateTeam(acRequest.candidate);
-        return Object.keys(this.vaultData?.[teamId] || this.vaultData?.[this.shared] || {});
-    }
-    public async getResourceACL(resourceId: string, candidate: IAccessCandidate) {
-        const accountConnector = ConnectorService.getAccountConnector();
-        const teamId = /*this.sharedVault ? 'shared' : */ await accountConnector.getCandidateTeam(candidate);
-        const acl = new ACL();
-        if (resourceId && typeof this.vaultData?.[teamId]?.[resourceId] !== 'string') {
-            if (this.shared && typeof this.vaultData?.[this.shared]?.[resourceId] === 'string') {
-                acl.addAccess(candidate.role, candidate.id, TAccessLevel.Read);
-            }
-            return acl;
-        }
-        acl.addAccess(TAccessRole.Team, teamId, TAccessLevel.Owner)
-            .addAccess(TAccessRole.Team, teamId, TAccessLevel.Read)
-            .addAccess(TAccessRole.Team, teamId, TAccessLevel.Write);
-        if (this.shared && typeof this.vaultData?.[this.shared]?.[resourceId] === 'string') {
-            acl.addAccess(candidate.role, candidate.id, TAccessLevel.Read);
-        }
-        return acl;
-    }
-    private fetchVaultData(vaultFile: string, _settings: JSONFileVaultConfig) {
-        if (fs.existsSync(vaultFile)) {
-            try {
-                if (_settings.fileKey && fs.existsSync(_settings.fileKey)) {
-                    try {
-                        const privateKey = fs.readFileSync(_settings.fileKey, 'utf8');
-                        const encryptedVault = fs.readFileSync(vaultFile, 'utf8').toString();
-                        const decryptedBuffer = crypto.privateDecrypt(
-                            {
-                                key: privateKey,
-                                padding: crypto.constants.RSA_PKCS1_OAEP_PADDING,
-                            },
-                            Buffer.from(encryptedVault, 'base64')
-                        );
-                        this.vaultData = JSON.parse(decryptedBuffer.toString('utf8'));
-                    } catch (error) {
-                        throw new Error('Failed to decrypt vault');
-                    }
-                } else {
-                    this.vaultData = JSON.parse(fs.readFileSync(vaultFile).toString());
-                }
-            } catch (e) {
-                console.error('Error parsing vault file:', e);
-                console.error('!!! Vault features might not work properly !!!');
-                this.vaultData = {};
-            }
-            if (this.vaultData?.encrypted && this.vaultData?.algorithm && this.vaultData?.data) {
-                //this is an encrypted vault we need to request the master key
-                this.setInteraction(this.getMasterKeyInteractive.bind(this));
-            }
-            for (let teamId in this.vaultData) {
-                for (let resourceId in this.vaultData[teamId]) {
-                    if (!this.index) this.index = {};
-                    if (!this.index[resourceId]) this.index[resourceId] = {};
-                    const value = this.vaultData[teamId][resourceId];
-                    this.index[resourceId][teamId] = value;
-                }
-            }
-        }
-    }
-    private initFileWatcher() {
-        this.watcher = chokidar.watch(this.vaultFile, {
-            persistent: false, // Don't keep the process running
-            ignoreInitial: true,
-        });
-        this.watcher.on('change', () => {
-            this.fetchVaultData(this.vaultFile, this._settings);
-        });
-    }
-    public async stop() {
-        super.stop();
-        if (this.watcher) {
-            this.watcher.close();
-            this.watcher = null;
-        }
-    }
-}
+import { ConnectorService } from '@sre/Core/ConnectorsService';
+import { Logger } from '@sre/helpers/Log.helper';
+import { SmythRuntime } from '@sre/Core/SmythRuntime.class';
+import { AccessCandidate } from '@sre/Security/AccessControl/AccessCandidate.class';
+import { AccessRequest } from '@sre/Security/AccessControl/AccessRequest.class';
+import { ACL } from '@sre/Security/AccessControl/ACL.class';
+import { SecureConnector } from '@sre/Security/SecureConnector.class';
+import { IAccessCandidate, TAccessLevel, TAccessRole } from '@sre/types/ACL.types';
+import { EncryptionSettings } from '@sre/types/Security.types';
+import { IVaultRequest, VaultConnector } from '../VaultConnector';
+import os from 'os';
+import crypto from 'crypto';
+import fs from 'fs';
+import * as readlineSync from 'readline-sync';
+import path from 'path';
+import * as chokidar from 'chokidar';
+import { findSmythPath } from '../../../../helpers/Sysconfig.helper';
+const console = Logger('JSONFileVault');
+export type JSONFileVaultConfig = {
+    file?: string;
+    fileKey?: string;
+    shared?: string;
+};
+export class JSONFileVault extends VaultConnector {
+    public name: string = 'JSONFileVault';
+    private vaultData: any;
+    private index: any;
+    private shared: string;
+    private vaultFile: string;
+    private watcher: chokidar.FSWatcher | null = null;
+    constructor(protected _settings: JSONFileVaultConfig) {
+        super(_settings);
+        //if (!SmythRuntime.Instance) throw new Error('SRE not initialized');
+        this.shared = _settings.shared || ''; //if config.shared, all keys are accessible to all teams, and they are set under the 'shared' teamId
+        this.vaultFile = this.findVaultFile(_settings.file);
+        this.fetchVaultData(this.vaultFile, _settings);
+        this.initFileWatcher();
+    }
+    private findVaultFile(vaultFile) {
+        let _vaultFile = vaultFile;
+        if (fs.existsSync(_vaultFile)) {
+            return _vaultFile;
+        }
+        console.warn('Vault file not found in:', _vaultFile);
+        //try to find the .smyth directory and check if it contains a valid vault
+        _vaultFile = findSmythPath('.sre/vault.json', (dir, success, nextDir) => {
+            if (!success) {
+                console.warn('Vault file not found in:', nextDir);
+            }
+        });
+        if (fs.existsSync(_vaultFile)) {
+            console.warn('Using alternative vault file found in : ', _vaultFile);
+            return _vaultFile;
+        }
+        console.warn('!!! All attempts to find the vault file failed !!!');
+        console.warn('!!! Will continue without vault !!!');
+        console.warn('!!! Many features might not work !!!');
+        return null;
+    }
+    private getMasterKeyInteractive(): string {
+        //read master key using readline-sync (blocking)
+        process.stdout.write('\x1b[1;37m===[ Encrypted Vault Detected ]=================================\x1b[0m\n');
+        const masterKey = readlineSync.question('Enter master key: ', {
+            hideEchoBack: true,
+            mask: '*',
+        });
+        console.info('Master key entered');
+        return masterKey;
+    }
+    /**
+     * Resolves environment variable references in vault values.
+     * Supports syntax: $env(VARIABLE_NAME)
+     * @param value The value to process
+     * @returns The value with environment variables resolved
+     */
+    private resolveEnvironmentVariables(value: any): any {
+        if (typeof value !== 'string') {
+            return value;
+        }
+        // Match $env(VARIABLE_NAME) pattern
+        const envVarPattern = /\$env\(([^)]+)\)/g;
+        return value.replace(envVarPattern, (match, envVarName) => {
+            const envValue = process.env[envVarName];
+            if (envValue === undefined) {
+                console.warn(`Environment variable ${envVarName} not found, keeping original value: ${match}`);
+                return match;
+            }
+            return envValue;
+        });
+    }
+    @SecureConnector.AccessControl
+    protected async get(acRequest: AccessRequest, keyId: string) {
+        const accountConnector = ConnectorService.getAccountConnector();
+        const teamId = await accountConnector.getCandidateTeam(acRequest.candidate);
+        const rawValue = this.vaultData?.[teamId]?.[keyId] || this.vaultData?.[this.shared]?.[keyId];
+        // Resolve environment variables if the value contains $env() references
+        return this.resolveEnvironmentVariables(rawValue);
+    }
+    @SecureConnector.AccessControl
+    protected async exists(acRequest: AccessRequest, keyId: string) {
+        const accountConnector = ConnectorService.getAccountConnector();
+        const teamId = await accountConnector.getCandidateTeam(acRequest.candidate);
+        return !!(this.vaultData?.[teamId]?.[keyId] || this.vaultData?.[this.shared]?.[keyId]);
+    }
+    @SecureConnector.AccessControl
+    protected async listKeys(acRequest: AccessRequest) {
+        const accountConnector = ConnectorService.getAccountConnector();
+        const teamId = await accountConnector.getCandidateTeam(acRequest.candidate);
+        return Object.keys(this.vaultData?.[teamId] || this.vaultData?.[this.shared] || {});
+    }
+    public async getResourceACL(resourceId: string, candidate: IAccessCandidate) {
+        const accountConnector = ConnectorService.getAccountConnector();
+        const teamId = /*this.sharedVault ? 'shared' : */ await accountConnector.getCandidateTeam(candidate);
+        const acl = new ACL();
+        if (resourceId && typeof this.vaultData?.[teamId]?.[resourceId] !== 'string') {
+            if (this.shared && typeof this.vaultData?.[this.shared]?.[resourceId] === 'string') {
+                acl.addAccess(candidate.role, candidate.id, TAccessLevel.Read);
+            }
+            return acl;
+        }
+        acl.addAccess(TAccessRole.Team, teamId, TAccessLevel.Owner)
+            .addAccess(TAccessRole.Team, teamId, TAccessLevel.Read)
+            .addAccess(TAccessRole.Team, teamId, TAccessLevel.Write);
+        if (this.shared && typeof this.vaultData?.[this.shared]?.[resourceId] === 'string') {
+            acl.addAccess(candidate.role, candidate.id, TAccessLevel.Read);
+        }
+        return acl;
+    }
+    private fetchVaultData(vaultFile: string, _settings: JSONFileVaultConfig) {
+        if (fs.existsSync(vaultFile)) {
+            try {
+                if (_settings.fileKey && fs.existsSync(_settings.fileKey)) {
+                    try {
+                        const privateKey = fs.readFileSync(_settings.fileKey, 'utf8');
+                        const encryptedVault = fs.readFileSync(vaultFile, 'utf8').toString();
+                        const decryptedBuffer = crypto.privateDecrypt(
+                            {
+                                key: privateKey,
+                                padding: crypto.constants.RSA_PKCS1_OAEP_PADDING,
+                            },
+                            Buffer.from(encryptedVault, 'base64')
+                        );
+                        this.vaultData = JSON.parse(decryptedBuffer.toString('utf8'));
+                    } catch (error) {
+                        throw new Error('Failed to decrypt vault');
+                    }
+                } else {
+                    this.vaultData = JSON.parse(fs.readFileSync(vaultFile).toString());
+                }
+            } catch (e) {
+                console.error('Error parsing vault file:', e);
+                console.error('!!! Vault features might not work properly !!!');
+                this.vaultData = {};
+            }
+            if (this.vaultData?.encrypted && this.vaultData?.algorithm && this.vaultData?.data) {
+                //this is an encrypted vault we need to request the master key
+                this.setInteraction(this.getMasterKeyInteractive.bind(this));
+            }
+            for (let teamId in this.vaultData) {
+                for (let resourceId in this.vaultData[teamId]) {
+                    if (!this.index) this.index = {};
+                    if (!this.index[resourceId]) this.index[resourceId] = {};
+                    const value = this.vaultData[teamId][resourceId];
+                    this.index[resourceId][teamId] = value;
+                }
+            }
+        }
+    }
+    private initFileWatcher() {
+        this.watcher = chokidar.watch(this.vaultFile, {
+            persistent: false, // Don't keep the process running
+            ignoreInitial: true,
+        });
+        this.watcher.on('change', () => {
+            this.fetchVaultData(this.vaultFile, this._settings);
+        });
+    }
+    public async stop() {
+        super.stop();
+        if (this.watcher) {
+            this.watcher.close();
+            this.watcher = null;
+        }
+    }
+}

package/src/subsystems/Security/Vault.service/connectors/NullVault.class.ts CHANGED Viewed

@@ -1,54 +1,54 @@
-import { ConnectorService } from '@sre/Core/ConnectorsService';
-import { Logger } from '@sre/helpers/Log.helper';
-import { SmythRuntime } from '@sre/Core/SmythRuntime.class';
-import { AccessCandidate } from '@sre/Security/AccessControl/AccessCandidate.class';
-import { AccessRequest } from '@sre/Security/AccessControl/AccessRequest.class';
-import { ACL } from '@sre/Security/AccessControl/ACL.class';
-import { SecureConnector } from '@sre/Security/SecureConnector.class';
-import { IAccessCandidate, TAccessLevel, TAccessRole } from '@sre/types/ACL.types';
-import { IVaultRequest, VaultConnector } from '../VaultConnector';
-import crypto from 'crypto';
-import fs from 'fs';
-import * as readlineSync from 'readline-sync';
-const console = Logger('NullVault');
-export class NullVault extends VaultConnector {
-    public name: string = 'NullVault';
-    private vaultData: any;
-    private index: any;
-    private sharedVault: boolean;
-    constructor(protected _settings: any) {
-        super(_settings);
-        console.warn('NullVault is used : Vault features will not be available');
-    }
-    @SecureConnector.AccessControl
-    protected async get(acRequest: AccessRequest, keyId: string) {
-        console.debug(`Ignored operation:NullVault.get: ${keyId}`);
-        return 'NULLKEY';
-    }
-    @SecureConnector.AccessControl
-    protected async exists(acRequest: AccessRequest, keyId: string) {
-        console.debug(`Ignored operation:NullVault.exists: ${keyId}`);
-        return false;
-    }
-    @SecureConnector.AccessControl
-    protected async listKeys(acRequest: AccessRequest) {
-        console.debug(`Ignored operation:NullVault.listKeys`);
-        return [];
-    }
-    public async getResourceACL(resourceId: string, candidate: IAccessCandidate) {
-        const acl = new ACL();
-        //give just read access by default
-        //Cannot write to null vault
-        acl.addAccess(candidate.role, candidate.id, TAccessLevel.Read);
-        return acl;
-    }
-}
+import { ConnectorService } from '@sre/Core/ConnectorsService';
+import { Logger } from '@sre/helpers/Log.helper';
+import { SmythRuntime } from '@sre/Core/SmythRuntime.class';
+import { AccessCandidate } from '@sre/Security/AccessControl/AccessCandidate.class';
+import { AccessRequest } from '@sre/Security/AccessControl/AccessRequest.class';
+import { ACL } from '@sre/Security/AccessControl/ACL.class';
+import { SecureConnector } from '@sre/Security/SecureConnector.class';
+import { IAccessCandidate, TAccessLevel, TAccessRole } from '@sre/types/ACL.types';
+import { IVaultRequest, VaultConnector } from '../VaultConnector';
+import crypto from 'crypto';
+import fs from 'fs';
+import * as readlineSync from 'readline-sync';
+const console = Logger('NullVault');
+export class NullVault extends VaultConnector {
+    public name: string = 'NullVault';
+    private vaultData: any;
+    private index: any;
+    private sharedVault: boolean;
+    constructor(protected _settings: any) {
+        super(_settings);
+        console.warn('NullVault is used : Vault features will not be available');
+    }
+    @SecureConnector.AccessControl
+    protected async get(acRequest: AccessRequest, keyId: string) {
+        console.debug(`Ignored operation:NullVault.get: ${keyId}`);
+        return 'NULLKEY';
+    }
+    @SecureConnector.AccessControl
+    protected async exists(acRequest: AccessRequest, keyId: string) {
+        console.debug(`Ignored operation:NullVault.exists: ${keyId}`);
+        return false;
+    }
+    @SecureConnector.AccessControl
+    protected async listKeys(acRequest: AccessRequest) {
+        console.debug(`Ignored operation:NullVault.listKeys`);
+        return [];
+    }
+    public async getResourceACL(resourceId: string, candidate: IAccessCandidate) {
+        const acl = new ACL();
+        //give just read access by default
+        //Cannot write to null vault
+        acl.addAccess(candidate.role, candidate.id, TAccessLevel.Read);
+        return acl;
+    }
+}