@suronai/sdk 0.1.8 → 0.1.9

package/index.d.ts

@@ -0,0 +1,21 @@
+export interface VaultOptions {
+  /** Directory containing .suron.json. Default: process.cwd() */
+  configPath?: string;
+  /** Milliseconds to wait for Telegram approval. Default: 300000 (5 min) */
+  timeout?: number;
+  /** Milliseconds between status polls. Default: 3000 */
+  pollInterval?: number;
+}
+
+/**
+ * Waits for Telegram approval, then decrypts .env into process.env.
+ * Must be awaited before any code that reads process.env.
+ */
+export function vault(options?: VaultOptions): Promise<void>;
+
+export class SuronError extends Error {}
+export class SuronConfigError extends SuronError {}
+export class SuronAppNotFoundError extends SuronError {}
+export class SuronRateLimitError extends SuronError {}
+export class SuronDeniedError extends SuronError {}
+export class SuronTimeoutError extends SuronError {}

package/package.json

@@ -1,25 +1,27 @@
 {
   "name": "@suronai/sdk",
-  "version": "0.1.8",
+  "version": "0.1.9",
   "description": "App SDK for Suron — await vault() to load secrets",
-  "main": "dist/index.js",
-  "types": "dist/index.d.ts",
+  "type": "module",
+  "main": "./src/index.js",
+  "types": "./index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./index.d.ts",
+      "default": "./src/index.js"
+    }
+  },
   "files": [
-    "dist"
+    "src",
+    "index.d.ts"
   ],
   "scripts": {
-    "build": "node ../../node_modules/typescript/bin/tsc",
-    "dev": "node ../../node_modules/typescript/bin/tsc --watch",
-    "clean": "rimraf dist"
+    "build": "node --check src/index.js src/vault.js src/errors.js src/poll.js src/decrypt.js",
+    "lint": "node --check src/index.js src/vault.js src/errors.js src/poll.js src/decrypt.js"
   },
   "dependencies": {
     "@dotenvx/dotenvx": "^1.0.0"
   },
-  "devDependencies": {
-    "@types/node": "^20.0.0",
-    "rimraf": "^5.0.0",
-    "typescript": "^5.9.3"
-  },
   "engines": {
     "node": ">=18.0.0"
   }

package/src/decrypt.js

@@ -0,0 +1,21 @@
+import { config as dotenvxConfig } from "@dotenvx/dotenvx";
+
+/**
+ * Decrypts the encrypted .env into process.env using dotenvx.
+ * dotenvx reads DOTENV_PRIVATE_KEY from process.env, so we set it
+ * temporarily, call config(), then restore the previous value.
+ * @param {string} privateKey
+ */
+export function decryptEnv(privateKey) {
+  const prev = process.env.DOTENV_PRIVATE_KEY;
+  process.env.DOTENV_PRIVATE_KEY = privateKey;
+  try {
+    dotenvxConfig();
+  } finally {
+    if (prev === undefined) {
+      delete process.env.DOTENV_PRIVATE_KEY;
+    } else {
+      process.env.DOTENV_PRIVATE_KEY = prev;
+    }
+  }
+}

package/src/errors.js

@@ -0,0 +1,14 @@
+export class SuronError extends Error {
+  /** @param {string} message */
+  constructor(message) {
+    super(message);
+    this.name = this.constructor.name;
+    Object.setPrototypeOf(this, new.target.prototype);
+  }
+}
+
+export class SuronConfigError      extends SuronError {}
+export class SuronAppNotFoundError  extends SuronError {}
+export class SuronRateLimitError    extends SuronError {}
+export class SuronDeniedError       extends SuronError {}
+export class SuronTimeoutError      extends SuronError {}

package/src/index.js

@@ -0,0 +1,9 @@
+export { vault } from "./vault.js";
+export {
+  SuronError,
+  SuronConfigError,
+  SuronAppNotFoundError,
+  SuronRateLimitError,
+  SuronDeniedError,
+  SuronTimeoutError,
+} from "./errors.js";

package/src/poll.js

@@ -0,0 +1,52 @@
+import { SuronDeniedError, SuronTimeoutError } from "./errors.js";
+
+const DEFAULT_TIMEOUT_MS       = 300_000; // 5 minutes
+const DEFAULT_POLL_INTERVAL_MS = 3_000;   // 3 seconds
+
+/**
+ * Polls /status until the request is approved, denied, or times out.
+ * @param {string} apiUrl
+ * @param {string} requestId
+ * @param {number} [timeout]
+ * @param {number} [pollInterval]
+ * @returns {Promise<void>}
+ */
+export async function pollUntilApproved(
+  apiUrl,
+  requestId,
+  timeout      = DEFAULT_TIMEOUT_MS,
+  pollInterval = DEFAULT_POLL_INTERVAL_MS
+) {
+  const deadline = Date.now() + timeout;
+
+  while (Date.now() < deadline) {
+    await sleep(pollInterval);
+
+    let res;
+    try {
+      res = await fetch(`${apiUrl}/status?request_id=${encodeURIComponent(requestId)}`);
+    } catch {
+      // Network hiccup — keep polling
+      continue;
+    }
+
+    if (!res.ok) continue; // Transient error — keep polling
+
+    const { status } = await res.json();
+
+    if (status === "approved") return;
+    if (status === "denied") {
+      throw new SuronDeniedError("Boot denied — you tapped Deny in Telegram.");
+    }
+    // "pending" → keep polling
+  }
+
+  throw new SuronTimeoutError(
+    `No Telegram approval received within ${timeout / 1000}s.`
+  );
+}
+
+/** @param {number} ms @returns {Promise<void>} */
+function sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}

package/src/vault.js

@@ -0,0 +1,122 @@
+import { existsSync, readFileSync } from "fs";
+import { join } from "path";
+import { SuronConfigError, SuronAppNotFoundError, SuronRateLimitError } from "./errors.js";
+import { pollUntilApproved } from "./poll.js";
+import { decryptEnv } from "./decrypt.js";
+
+/**
+ * @typedef {Object} VaultOptions
+ * @property {string} [configPath]   - Dir containing .suron.json. Default: process.cwd()
+ * @property {number} [timeout]      - Ms to wait for Telegram approval. Default: 300000
+ * @property {number} [pollInterval] - Ms between status polls. Default: 3000
+ */
+
+/**
+ * Reads and validates .suron.json from the given directory.
+ * @param {string} dir
+ * @returns {{ app: string, id: string, api_url?: string }}
+ */
+function readSuronJson(dir) {
+  const path = join(dir, ".suron.json");
+  if (!existsSync(path)) {
+    throw new SuronConfigError(`.suron.json not found in ${dir}. Run: suron init`);
+  }
+  let raw;
+  try {
+    raw = readFileSync(path, "utf-8");
+  } catch (err) {
+    throw new SuronConfigError(`.suron.json could not be read: ${err}`);
+  }
+  let parsed;
+  try {
+    parsed = JSON.parse(raw);
+  } catch {
+    throw new SuronConfigError(".suron.json is malformed JSON");
+  }
+  if (!parsed.app || !parsed.id) {
+    throw new SuronConfigError(".suron.json is missing 'app' or 'id' field");
+  }
+  return parsed;
+}
+
+/**
+ * Sends a boot request and returns the request_id.
+ * @param {string} apiUrl
+ * @param {string} appId
+ * @returns {Promise<string>}
+ */
+async function requestAccess(apiUrl, appId) {
+  let res;
+  try {
+    res = await fetch(`${apiUrl}/request-access`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ app_id: appId }),
+    });
+  } catch (err) {
+    throw new Error(`Could not reach Suron API (${apiUrl}): ${err.message}`);
+  }
+
+  if (res.status === 404) throw new SuronAppNotFoundError("App not found in Suron. Run: suron init");
+  if (res.status === 429) throw new SuronRateLimitError("Rate limit exceeded — max 20 boot requests per app per hour.");
+  if (!res.ok) {
+    const text = await res.text().catch(() => "");
+    throw new Error(`Suron /request-access failed (${res.status}): ${text}`);
+  }
+
+  const { request_id } = await res.json();
+  return request_id;
+}
+
+/**
+ * Fetches the private key after approval. Single-use.
+ * @param {string} apiUrl
+ * @param {string} requestId
+ * @returns {Promise<string>}
+ */
+async function fetchKey(apiUrl, requestId) {
+  const res = await fetch(`${apiUrl}/fetch-key`, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({ request_id: requestId }),
+  });
+  if (!res.ok) {
+    const data = await res.json().catch(() => ({}));
+    throw new Error(`Suron /fetch-key failed (${res.status}): ${data.error ?? "unknown"}`);
+  }
+  const { private_key } = await res.json();
+  return private_key;
+}
+
+/**
+ * Waits for Telegram approval, then decrypts .env into process.env.
+ * Must be awaited before any code that reads process.env.
+ * @param {VaultOptions} [options]
+ * @returns {Promise<void>}
+ */
+export async function vault(options = {}) {
+  const {
+    configPath   = process.cwd(),
+    timeout      = 300_000,
+    pollInterval = 3_000,
+  } = options;
+
+  const config = readSuronJson(configPath);
+
+  const rawUrl = process.env.SURON_API_URL ?? config.api_url;
+  if (!rawUrl) throw new SuronConfigError("SURON_API_URL not set. Run: suron login");
+  const apiUrl = rawUrl.replace(/\/$/, "");
+
+  const requestId = await requestAccess(apiUrl, config.id);
+
+  process.stdout.write(`[suron] Waiting for Telegram approval for "${config.app}" ...\n`);
+
+  await pollUntilApproved(apiUrl, requestId, timeout, pollInterval);
+
+  const privateKey = await fetchKey(apiUrl, requestId);
+  decryptEnv(privateKey);
+  // Note: JS strings are immutable — there is no way to scrub the value from
+  // heap memory. The reference is dropped here and will be GC'd normally.
+
+  process.stdout.write(`[suron] Secrets loaded for "${config.app}"\n`);
+}

package/dist/decrypt.d.ts

@@ -1,2 +0,0 @@
-export declare function decryptEnv(privateKey: string): void;
-//# sourceMappingURL=decrypt.d.ts.map

package/dist/decrypt.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"decrypt.d.ts","sourceRoot":"","sources":["../src/decrypt.ts"],"names":[],"mappings":"AAEA,wBAAgB,UAAU,CAAC,UAAU,EAAE,MAAM,GAAG,IAAI,CAOnD"}

package/dist/decrypt.js

@@ -1,10 +0,0 @@
-"use strict";
-// Wraps dotenvx programmatic API to decrypt .env using the private key
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.decryptEnv = decryptEnv;
-function decryptEnv(privateKey) {
-    // eslint-disable-next-line @typescript-eslint/no-var-requires
-    const dotenvx = require("@dotenvx/dotenvx");
-    dotenvx.config({ DOTENV_PRIVATE_KEY: privateKey });
-}
-//# sourceMappingURL=decrypt.js.map

package/dist/decrypt.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"decrypt.js","sourceRoot":"","sources":["../src/decrypt.ts"],"names":[],"mappings":";AAAA,uEAAuE;;AAEvE,gCAOC;AAPD,SAAgB,UAAU,CAAC,UAAkB;IAC3C,8DAA8D;IAC9D,MAAM,OAAO,GAAG,OAAO,CAAC,kBAAkB,CAEzC,CAAC;IAEF,OAAO,CAAC,MAAM,CAAC,EAAE,kBAAkB,EAAE,UAAU,EAAE,CAAC,CAAC;AACrD,CAAC"}

package/dist/errors.d.ts

@@ -1,14 +0,0 @@
-export declare class SuronError extends Error {
-    constructor(message: string);
-}
-export declare class SuronConfigError extends SuronError {
-}
-export declare class SuronAppNotFoundError extends SuronError {
-}
-export declare class SuronRateLimitError extends SuronError {
-}
-export declare class SuronDeniedError extends SuronError {
-}
-export declare class SuronTimeoutError extends SuronError {
-}
-//# sourceMappingURL=errors.d.ts.map

package/dist/errors.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA,qBAAa,UAAW,SAAQ,KAAK;gBACvB,OAAO,EAAE,MAAM;CAK5B;AAED,qBAAa,gBAAiB,SAAQ,UAAU;CAAG;AACnD,qBAAa,qBAAsB,SAAQ,UAAU;CAAG;AACxD,qBAAa,mBAAoB,SAAQ,UAAU;CAAG;AACtD,qBAAa,gBAAiB,SAAQ,UAAU;CAAG;AACnD,qBAAa,iBAAkB,SAAQ,UAAU;CAAG"}

package/dist/errors.js

@@ -1,27 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.SuronTimeoutError = exports.SuronDeniedError = exports.SuronRateLimitError = exports.SuronAppNotFoundError = exports.SuronConfigError = exports.SuronError = void 0;
-class SuronError extends Error {
-    constructor(message) {
-        super(message);
-        this.name = this.constructor.name;
-        Object.setPrototypeOf(this, new.target.prototype);
-    }
-}
-exports.SuronError = SuronError;
-class SuronConfigError extends SuronError {
-}
-exports.SuronConfigError = SuronConfigError;
-class SuronAppNotFoundError extends SuronError {
-}
-exports.SuronAppNotFoundError = SuronAppNotFoundError;
-class SuronRateLimitError extends SuronError {
-}
-exports.SuronRateLimitError = SuronRateLimitError;
-class SuronDeniedError extends SuronError {
-}
-exports.SuronDeniedError = SuronDeniedError;
-class SuronTimeoutError extends SuronError {
-}
-exports.SuronTimeoutError = SuronTimeoutError;
-//# sourceMappingURL=errors.js.map

package/dist/errors.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"errors.js","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":";;;AAAA,MAAa,UAAW,SAAQ,KAAK;IACnC,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC;QAClC,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACpD,CAAC;CACF;AAND,gCAMC;AAED,MAAa,gBAAiB,SAAQ,UAAU;CAAG;AAAnD,4CAAmD;AACnD,MAAa,qBAAsB,SAAQ,UAAU;CAAG;AAAxD,sDAAwD;AACxD,MAAa,mBAAoB,SAAQ,UAAU;CAAG;AAAtD,kDAAsD;AACtD,MAAa,gBAAiB,SAAQ,UAAU;CAAG;AAAnD,4CAAmD;AACnD,MAAa,iBAAkB,SAAQ,UAAU;CAAG;AAApD,8CAAoD"}

package/dist/index.d.ts

@@ -1,4 +0,0 @@
-export { vault } from "./vault";
-export type { VaultOptions } from "./vault";
-export { SuronError, SuronConfigError, SuronAppNotFoundError, SuronRateLimitError, SuronDeniedError, SuronTimeoutError, } from "./errors";
-//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,SAAS,CAAC;AAChC,YAAY,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAC5C,OAAO,EACL,UAAU,EACV,gBAAgB,EAChB,qBAAqB,EACrB,mBAAmB,EACnB,gBAAgB,EAChB,iBAAiB,GAClB,MAAM,UAAU,CAAC"}

package/dist/index.js

@@ -1,13 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.SuronTimeoutError = exports.SuronDeniedError = exports.SuronRateLimitError = exports.SuronAppNotFoundError = exports.SuronConfigError = exports.SuronError = exports.vault = void 0;
-var vault_1 = require("./vault");
-Object.defineProperty(exports, "vault", { enumerable: true, get: function () { return vault_1.vault; } });
-var errors_1 = require("./errors");
-Object.defineProperty(exports, "SuronError", { enumerable: true, get: function () { return errors_1.SuronError; } });
-Object.defineProperty(exports, "SuronConfigError", { enumerable: true, get: function () { return errors_1.SuronConfigError; } });
-Object.defineProperty(exports, "SuronAppNotFoundError", { enumerable: true, get: function () { return errors_1.SuronAppNotFoundError; } });
-Object.defineProperty(exports, "SuronRateLimitError", { enumerable: true, get: function () { return errors_1.SuronRateLimitError; } });
-Object.defineProperty(exports, "SuronDeniedError", { enumerable: true, get: function () { return errors_1.SuronDeniedError; } });
-Object.defineProperty(exports, "SuronTimeoutError", { enumerable: true, get: function () { return errors_1.SuronTimeoutError; } });
-//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;AAAA,iCAAgC;AAAvB,8FAAA,KAAK,OAAA;AAEd,mCAOkB;AANhB,oGAAA,UAAU,OAAA;AACV,0GAAA,gBAAgB,OAAA;AAChB,+GAAA,qBAAqB,OAAA;AACrB,6GAAA,mBAAmB,OAAA;AACnB,0GAAA,gBAAgB,OAAA;AAChB,2GAAA,iBAAiB,OAAA"}

package/dist/poll.d.ts

@@ -1,2 +0,0 @@
-export declare function pollUntilApproved(apiUrl: string, request_id: string, timeout?: number, pollInterval?: number): Promise<void>;
-//# sourceMappingURL=poll.d.ts.map

package/dist/poll.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"poll.d.ts","sourceRoot":"","sources":["../src/poll.ts"],"names":[],"mappings":"AAKA,wBAAsB,iBAAiB,CACrC,MAAM,EAAE,MAAM,EACd,UAAU,EAAE,MAAM,EAClB,OAAO,SAAqB,EAC5B,YAAY,SAA2B,GACtC,OAAO,CAAC,IAAI,CAAC,CA2Bf"}

package/dist/poll.js

@@ -1,29 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.pollUntilApproved = pollUntilApproved;
-const errors_1 = require("./errors");
-const DEFAULT_TIMEOUT_MS = 300000; // 5 minutes
-const DEFAULT_POLL_INTERVAL_MS = 3000; // 3 seconds
-async function pollUntilApproved(apiUrl, request_id, timeout = DEFAULT_TIMEOUT_MS, pollInterval = DEFAULT_POLL_INTERVAL_MS) {
-    const deadline = Date.now() + timeout;
-    while (Date.now() < deadline) {
-        await sleep(pollInterval);
-        const res = await fetch(`${apiUrl}/status?request_id=${encodeURIComponent(request_id)}`);
-        if (!res.ok) {
-            // Transient error — keep polling
-            continue;
-        }
-        const data = (await res.json());
-        if (data.status === "approved")
-            return;
-        if (data.status === "denied") {
-            throw new errors_1.SuronDeniedError("Boot denied. You tapped Deny in Telegram.");
-        }
-        // status === "pending" — keep polling
-    }
-    throw new errors_1.SuronTimeoutError(`No Telegram approval received within ${timeout / 1000}s timeout.`);
-}
-function sleep(ms) {
-    return new Promise((resolve) => setTimeout(resolve, ms));
-}
-//# sourceMappingURL=poll.js.map

package/dist/poll.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"poll.js","sourceRoot":"","sources":["../src/poll.ts"],"names":[],"mappings":";;AAKA,8CAgCC;AArCD,qCAA+D;AAE/D,MAAM,kBAAkB,GAAG,MAAO,CAAC,CAAC,YAAY;AAChD,MAAM,wBAAwB,GAAG,IAAK,CAAC,CAAC,YAAY;AAE7C,KAAK,UAAU,iBAAiB,CACrC,MAAc,EACd,UAAkB,EAClB,OAAO,GAAG,kBAAkB,EAC5B,YAAY,GAAG,wBAAwB;IAEvC,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO,CAAC;IAEtC,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,EAAE,CAAC;QAC7B,MAAM,KAAK,CAAC,YAAY,CAAC,CAAC;QAE1B,MAAM,GAAG,GAAG,MAAM,KAAK,CACrB,GAAG,MAAM,sBAAsB,kBAAkB,CAAC,UAAU,CAAC,EAAE,CAChE,CAAC;QAEF,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,iCAAiC;YACjC,SAAS;QACX,CAAC;QAED,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAuB,CAAC;QAEtD,IAAI,IAAI,CAAC,MAAM,KAAK,UAAU;YAAE,OAAO;QACvC,IAAI,IAAI,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC7B,MAAM,IAAI,yBAAgB,CAAC,2CAA2C,CAAC,CAAC;QAC1E,CAAC;QACD,sCAAsC;IACxC,CAAC;IAED,MAAM,IAAI,0BAAiB,CACzB,wCAAwC,OAAO,GAAG,IAAI,YAAY,CACnE,CAAC;AACJ,CAAC;AAED,SAAS,KAAK,CAAC,EAAU;IACvB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC;AAC3D,CAAC"}

package/dist/vault.d.ts

@@ -1,7 +0,0 @@
-export interface VaultOptions {
-    configPath?: string;
-    timeout?: number;
-    pollInterval?: number;
-}
-export declare function vault(options?: VaultOptions): Promise<void>;
-//# sourceMappingURL=vault.d.ts.map

package/dist/vault.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"vault.d.ts","sourceRoot":"","sources":["../src/vault.ts"],"names":[],"mappings":"AAiBA,MAAM,WAAW,YAAY;IAC3B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AA0ED,wBAAsB,KAAK,CAAC,OAAO,GAAE,YAAiB,GAAG,OAAO,CAAC,IAAI,CAAC,CAiCrE"}

package/dist/vault.js

@@ -1,82 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.vault = vault;
-const fs_1 = require("fs");
-const path_1 = require("path");
-const errors_1 = require("./errors");
-const poll_1 = require("./poll");
-const decrypt_1 = require("./decrypt");
-function readSuronJson(dir) {
-    const path = (0, path_1.join)(dir, ".suron.json");
-    if (!(0, fs_1.existsSync)(path)) {
-        throw new errors_1.SuronConfigError(`.suron.json not found in ${dir}. Run: suron init`);
-    }
-    let raw;
-    try {
-        raw = (0, fs_1.readFileSync)(path, "utf-8");
-    }
-    catch (err) {
-        throw new errors_1.SuronConfigError(`.suron.json could not be read: ${err}`);
-    }
-    try {
-        const parsed = JSON.parse(raw);
-        if (!parsed.app || !parsed.id) {
-            throw new errors_1.SuronConfigError(".suron.json is missing 'app' or 'id' field");
-        }
-        return parsed;
-    }
-    catch (err) {
-        if (err instanceof errors_1.SuronConfigError)
-            throw err;
-        throw new errors_1.SuronConfigError(".suron.json is malformed JSON");
-    }
-}
-async function requestAccess(apiUrl, app_id) {
-    const res = await fetch(`${apiUrl}/request-access`, {
-        method: "POST",
-        headers: { "Content-Type": "application/json" },
-        body: JSON.stringify({ app_id }),
-    });
-    if (res.status === 404) {
-        throw new errors_1.SuronAppNotFoundError("App not found in Suron. Run: suron init");
-    }
-    if (res.status === 429) {
-        throw new errors_1.SuronRateLimitError("Rate limit exceeded. Max 20 boot requests per app per hour.");
-    }
-    if (!res.ok) {
-        const text = await res.text().catch(() => "");
-        throw new Error(`Suron /request-access failed (${res.status}): ${text}`);
-    }
-    const data = (await res.json());
-    return data.request_id;
-}
-async function fetchKey(apiUrl, request_id) {
-    const res = await fetch(`${apiUrl}/fetch-key`, {
-        method: "POST",
-        headers: { "Content-Type": "application/json" },
-        body: JSON.stringify({ request_id }),
-    });
-    if (!res.ok) {
-        const data = (await res.json().catch(() => ({})));
-        throw new Error(`Suron /fetch-key failed (${res.status}): ${data.error ?? "unknown"}`);
-    }
-    const data = (await res.json());
-    return data.private_key;
-}
-async function vault(options = {}) {
-    const { configPath = process.cwd(), timeout = 300000, pollInterval = 3000, } = options;
-    const config = readSuronJson(configPath);
-    const apiUrl = (process.env.SURON_API_URL ?? config.api_url)?.replace(/\/$/, "") ??
-        (() => {
-            throw new errors_1.SuronConfigError("SURON_API_URL not set and not found in .suron.json. Run: suron init");
-        })();
-    const request_id = await requestAccess(apiUrl, config.id);
-    process.stdout.write(`[suron] Waiting for Telegram approval for "${config.app}" ...\n`);
-    await (0, poll_1.pollUntilApproved)(apiUrl, request_id, timeout, pollInterval);
-    const private_key = await fetchKey(apiUrl, request_id);
-    (0, decrypt_1.decryptEnv)(private_key);
-    // Overwrite reference so GC can reclaim it
-    private_key = "";
-    process.stdout.write(`[suron] Secrets loaded for "${config.app}"\n`);
-}
-//# sourceMappingURL=vault.js.map

package/dist/vault.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"vault.js","sourceRoot":"","sources":["../src/vault.ts"],"names":[],"mappings":";;AA+FA,sBAiCC;AAhID,2BAA8C;AAC9C,+BAA4B;AAC5B,qCAIkB;AAClB,iCAA2C;AAC3C,uCAAuC;AAevC,SAAS,aAAa,CAAC,GAAW;IAChC,MAAM,IAAI,GAAG,IAAA,WAAI,EAAC,GAAG,EAAE,aAAa,CAAC,CAAC;IACtC,IAAI,CAAC,IAAA,eAAU,EAAC,IAAI,CAAC,EAAE,CAAC;QACtB,MAAM,IAAI,yBAAgB,CACxB,4BAA4B,GAAG,mBAAmB,CACnD,CAAC;IACJ,CAAC;IACD,IAAI,GAAW,CAAC;IAChB,IAAI,CAAC;QACH,GAAG,GAAG,IAAA,iBAAY,EAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IACpC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,yBAAgB,CAAC,kCAAkC,GAAG,EAAE,CAAC,CAAC;IACtE,CAAC;IACD,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAgB,CAAC;QAC9C,IAAI,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;YAC9B,MAAM,IAAI,yBAAgB,CAAC,4CAA4C,CAAC,CAAC;QAC3E,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,GAAG,YAAY,yBAAgB;YAAE,MAAM,GAAG,CAAC;QAC/C,MAAM,IAAI,yBAAgB,CAAC,+BAA+B,CAAC,CAAC;IAC9D,CAAC;AACH,CAAC;AAED,KAAK,UAAU,aAAa,CAC1B,MAAc,EACd,MAAc;IAEd,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,MAAM,iBAAiB,EAAE;QAClD,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;QAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;KACjC,CAAC,CAAC;IAEH,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;QACvB,MAAM,IAAI,8BAAqB,CAC7B,yCAAyC,CAC1C,CAAC;IACJ,CAAC;IACD,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;QACvB,MAAM,IAAI,4BAAmB,CAC3B,6DAA6D,CAC9D,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;QAC9C,MAAM,IAAI,KAAK,CAAC,iCAAiC,GAAG,CAAC,MAAM,MAAM,IAAI,EAAE,CAAC,CAAC;IAC3E,CAAC;IAED,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAA2B,CAAC;IAC1D,OAAO,IAAI,CAAC,UAAU,CAAC;AACzB,CAAC;AAED,KAAK,UAAU,QAAQ,CAAC,MAAc,EAAE,UAAkB;IACxD,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,MAAM,YAAY,EAAE;QAC7C,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;QAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,UAAU,EAAE,CAAC;KACrC,CAAC,CAAC;IAEH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAuB,CAAC;QACxE,MAAM,IAAI,KAAK,CACb,4BAA4B,GAAG,CAAC,MAAM,MAAM,IAAI,CAAC,KAAK,IAAI,SAAS,EAAE,CACtE,CAAC;IACJ,CAAC;IAED,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAA4B,CAAC;IAC3D,OAAO,IAAI,CAAC,WAAW,CAAC;AAC1B,CAAC;AAEM,KAAK,UAAU,KAAK,CAAC,UAAwB,EAAE;IACpD,MAAM,EACJ,UAAU,GAAG,OAAO,CAAC,GAAG,EAAE,EAC1B,OAAO,GAAG,MAAO,EACjB,YAAY,GAAG,IAAK,GACrB,GAAG,OAAO,CAAC;IAEZ,MAAM,MAAM,GAAG,aAAa,CAAC,UAAU,CAAC,CAAC;IAEzC,MAAM,MAAM,GACV,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,MAAM,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC;QACjE,CAAC,GAAG,EAAE;YACJ,MAAM,IAAI,yBAAgB,CACxB,qEAAqE,CACtE,CAAC;QACJ,CAAC,CAAC,EAAE,CAAC;IAEP,MAAM,UAAU,GAAG,MAAM,aAAa,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;IAE1D,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,8CAA8C,MAAM,CAAC,GAAG,SAAS,CAClE,CAAC;IAEF,MAAM,IAAA,wBAAiB,EAAC,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,YAAY,CAAC,CAAC;IAEnE,MAAM,WAAW,GAAG,MAAM,QAAQ,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;IAEvD,IAAA,oBAAU,EAAC,WAAW,CAAC,CAAC;IAExB,2CAA2C;IAC1C,WAAiC,GAAG,EAAE,CAAC;IAExC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,+BAA+B,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC;AACvE,CAAC"}