@suronai/sdk 0.1.19 → 0.1.21
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +36 -10
- package/index.d.ts +13 -4
- package/package.json +2 -2
package/README.md
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# @suronai/sdk
|
|
2
2
|
|
|
3
|
-
App SDK for Suron —
|
|
3
|
+
App SDK for Suron — drop-in replacement for `dotenv`. Every app boot is gated behind a Telegram approval before secrets are decrypted into `process.env`.
|
|
4
4
|
|
|
5
5
|
## Install
|
|
6
6
|
|
|
@@ -10,26 +10,50 @@ npm install @suronai/sdk
|
|
|
10
10
|
|
|
11
11
|
## Usage
|
|
12
12
|
|
|
13
|
-
|
|
13
|
+
Replace your `dotenv` bootstrap with two lines at the very top of your entry point, before any `process.env` access:
|
|
14
14
|
|
|
15
|
-
```
|
|
16
|
-
|
|
17
|
-
|
|
15
|
+
```js
|
|
16
|
+
// before
|
|
17
|
+
import { config } from 'dotenv'
|
|
18
|
+
config()
|
|
18
19
|
|
|
19
|
-
//
|
|
20
|
-
|
|
20
|
+
// after
|
|
21
|
+
import { config } from '@suronai/sdk'
|
|
22
|
+
await config()
|
|
21
23
|
```
|
|
22
24
|
|
|
25
|
+
That's it. `config()` handles all errors internally — denied boots and timeouts exit the process with a clear message. Any `process.env` access after `await config()` will have the decrypted secrets available.
|
|
26
|
+
|
|
23
27
|
## Requirements
|
|
24
28
|
|
|
25
|
-
- `SURON_API_URL` env var pointing to your Convex deployment (e.g. `https://happy-animal-123.convex.site`)
|
|
26
29
|
- `.suron.json` in the working directory (created by `suron init`)
|
|
27
30
|
- Encrypted `.env` in the working directory (created by `suron init`)
|
|
31
|
+
- No `SURON_API_URL` setup needed — the URL is stored in `.suron.json` automatically
|
|
32
|
+
|
|
33
|
+
## Advanced: `vault()`
|
|
34
|
+
|
|
35
|
+
If you want to handle errors yourself instead of letting Suron exit the process, use `vault()` directly:
|
|
36
|
+
|
|
37
|
+
```js
|
|
38
|
+
import { vault, SuronDeniedError, SuronTimeoutError, SuronConfigError, SuronAppNotFoundError } from '@suronai/sdk'
|
|
39
|
+
|
|
40
|
+
try {
|
|
41
|
+
await vault()
|
|
42
|
+
} catch (err) {
|
|
43
|
+
if (err instanceof SuronDeniedError) { console.error('[suron] Boot denied.'); process.exit(1) }
|
|
44
|
+
if (err instanceof SuronTimeoutError) { console.error('[suron] Approval timed out.'); process.exit(1) }
|
|
45
|
+
if (err instanceof SuronConfigError) { console.error('[suron]', err.message); process.exit(1) }
|
|
46
|
+
if (err instanceof SuronAppNotFoundError) { console.error('[suron]', err.message); process.exit(1) }
|
|
47
|
+
throw err
|
|
48
|
+
}
|
|
49
|
+
```
|
|
28
50
|
|
|
29
51
|
## Options
|
|
30
52
|
|
|
31
|
-
|
|
32
|
-
|
|
53
|
+
Both `config()` and `vault()` accept the same options:
|
|
54
|
+
|
|
55
|
+
```js
|
|
56
|
+
await config({
|
|
33
57
|
configPath: '/custom/path', // directory containing .suron.json, default: cwd
|
|
34
58
|
timeout: 300_000, // ms to wait for approval, default: 5 minutes
|
|
35
59
|
pollInterval: 3_000, // ms between /status polls, default: 3s
|
|
@@ -46,6 +70,8 @@ await vault({
|
|
|
46
70
|
| `SuronDeniedError` | You tapped Deny in Telegram |
|
|
47
71
|
| `SuronTimeoutError` | No approval received within timeout |
|
|
48
72
|
|
|
73
|
+
`config()` handles all of the above with `console.error + process.exit(1)`. Only `SuronRateLimitError` and unknown errors are re-thrown.
|
|
74
|
+
|
|
49
75
|
## Security
|
|
50
76
|
|
|
51
77
|
The SDK never reads `~/.suron`. It only reads `.suron.json` for the `app_id`, and it never handles the `MASTER_KEY` — that lives exclusively inside the Convex deployment.
|
package/index.d.ts
CHANGED
|
@@ -8,17 +8,26 @@ export interface VaultOptions {
|
|
|
8
8
|
}
|
|
9
9
|
|
|
10
10
|
/**
|
|
11
|
+
* Drop-in replacement for `dotenv`'s config().
|
|
12
|
+
*
|
|
11
13
|
* Waits for Telegram approval, then decrypts .env into process.env.
|
|
14
|
+
* Handles all known Suron errors with console.error + process.exit(1).
|
|
15
|
+
* Unknown errors are re-thrown.
|
|
16
|
+
*
|
|
17
|
+
* Usage:
|
|
18
|
+
* import { config } from '@suronai/sdk'
|
|
19
|
+
* await config()
|
|
20
|
+
*
|
|
12
21
|
* Must be awaited before any code that reads process.env.
|
|
13
22
|
*/
|
|
14
|
-
export function
|
|
23
|
+
export function config(options?: VaultOptions): Promise<void>;
|
|
15
24
|
|
|
16
25
|
/**
|
|
17
|
-
*
|
|
18
|
-
*
|
|
26
|
+
* Low-level vault. Waits for Telegram approval, then decrypts .env into process.env.
|
|
27
|
+
* Throws on all errors — use config() if you want automatic error handling.
|
|
19
28
|
* Must be awaited before any code that reads process.env.
|
|
20
29
|
*/
|
|
21
|
-
export function
|
|
30
|
+
export function vault(options?: VaultOptions): Promise<void>;
|
|
22
31
|
|
|
23
32
|
export class SuronError extends Error {}
|
|
24
33
|
export class SuronConfigError extends SuronError {}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@suronai/sdk",
|
|
3
|
-
"version": "0.1.
|
|
3
|
+
"version": "0.1.21",
|
|
4
4
|
"description": "App SDK for Suron — await vault() to load secrets",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "./src/index.js",
|
|
@@ -20,7 +20,7 @@
|
|
|
20
20
|
"lint": "node --check src/index.js src/vault.js src/errors.js src/poll.js src/decrypt.js"
|
|
21
21
|
},
|
|
22
22
|
"dependencies": {
|
|
23
|
-
"@dotenvx/dotenvx": "
|
|
23
|
+
"@dotenvx/dotenvx": "latest"
|
|
24
24
|
},
|
|
25
25
|
"engines": {
|
|
26
26
|
"node": ">=18.0.0"
|