@suronai/sdk 0.1.11 → 0.1.15
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/src/decrypt.js +4 -0
- package/src/poll.js +7 -1
- package/src/vault.js +8 -4
package/package.json
CHANGED
package/src/decrypt.js
CHANGED
|
@@ -20,6 +20,10 @@ export function decryptEnv(privateKey, envDir = process.cwd()) {
|
|
|
20
20
|
const src = readFileSync(envPath, "utf-8");
|
|
21
21
|
const parsed = dotenvxParse(src, { privateKey });
|
|
22
22
|
for (const [key, value] of Object.entries(parsed)) {
|
|
23
|
+
// Skip dotenvx's own metadata keys — these are infrastructure, not app secrets.
|
|
24
|
+
// DOTENV_PUBLIC_KEY is stored in plaintext in the .env file by dotenvx and
|
|
25
|
+
// would otherwise pollute the app's runtime environment.
|
|
26
|
+
if (key.startsWith("DOTENV_PUBLIC_KEY") || key.startsWith("DOTENV_PRIVATE_KEY")) continue;
|
|
23
27
|
process.env[key] = value;
|
|
24
28
|
}
|
|
25
29
|
}
|
package/src/poll.js
CHANGED
|
@@ -32,7 +32,13 @@ export async function pollUntilApproved(
|
|
|
32
32
|
|
|
33
33
|
if (!res.ok) continue; // Transient error — keep polling
|
|
34
34
|
|
|
35
|
-
|
|
35
|
+
let status;
|
|
36
|
+
try {
|
|
37
|
+
({ status } = await res.json());
|
|
38
|
+
} catch {
|
|
39
|
+
// Malformed JSON — treat as transient and keep polling
|
|
40
|
+
continue;
|
|
41
|
+
}
|
|
36
42
|
|
|
37
43
|
if (status === "approved") return;
|
|
38
44
|
if (status === "denied") {
|
package/src/vault.js
CHANGED
|
@@ -33,9 +33,13 @@ function readSuronJson(dir) {
|
|
|
33
33
|
} catch {
|
|
34
34
|
throw new SuronConfigError(".suron.json is malformed JSON");
|
|
35
35
|
}
|
|
36
|
-
|
|
36
|
+
const app = typeof parsed.app === "string" ? parsed.app.trim() : "";
|
|
37
|
+
const id = typeof parsed.id === "string" ? parsed.id.trim() : "";
|
|
38
|
+
if (!app || !id) {
|
|
37
39
|
throw new SuronConfigError(".suron.json is missing 'app' or 'id' field");
|
|
38
40
|
}
|
|
41
|
+
parsed.app = app;
|
|
42
|
+
parsed.id = id;
|
|
39
43
|
return parsed;
|
|
40
44
|
}
|
|
41
45
|
|
|
@@ -109,14 +113,14 @@ export async function vault(options = {}) {
|
|
|
109
113
|
|
|
110
114
|
const requestId = await requestAccess(apiUrl, config.id);
|
|
111
115
|
|
|
112
|
-
process.stdout.write(
|
|
116
|
+
process.stdout.write(`\n △ Suron — waiting for Telegram approval\n │ App: ${config.app}\n │ Tap ✅ Approve in Telegram to continue.\n\n`);
|
|
113
117
|
|
|
114
118
|
await pollUntilApproved(apiUrl, requestId, timeout, pollInterval);
|
|
115
119
|
|
|
116
120
|
const privateKey = await fetchKey(apiUrl, requestId);
|
|
117
121
|
decryptEnv(privateKey, configPath);
|
|
118
122
|
// Note: JS strings are immutable — there is no way to scrub the value from
|
|
119
|
-
// heap memory. The reference is dropped here and will be GC
|
|
123
|
+
// heap memory. The reference is dropped here and will be GC’d normally.
|
|
120
124
|
|
|
121
|
-
process.stdout.write(`
|
|
125
|
+
process.stdout.write(` ✔ Suron — secrets loaded for “${config.app}”\n\n`);
|
|
122
126
|
}
|