@true-and-useful/janee 0.8.3 → 0.8.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +82 -2
- package/dist/cli/commands/add.d.ts +5 -0
- package/dist/cli/commands/add.d.ts.map +1 -1
- package/dist/cli/commands/add.js +91 -5
- package/dist/cli/commands/add.js.map +1 -1
- package/dist/cli/commands/serve-mcp.d.ts.map +1 -1
- package/dist/cli/commands/serve-mcp.js +41 -1
- package/dist/cli/commands/serve-mcp.js.map +1 -1
- package/dist/cli/commands/status.d.ts +4 -0
- package/dist/cli/commands/status.d.ts.map +1 -0
- package/dist/cli/commands/status.js +127 -0
- package/dist/cli/commands/status.js.map +1 -0
- package/dist/cli/config-yaml.d.ts +18 -0
- package/dist/cli/config-yaml.d.ts.map +1 -1
- package/dist/cli/config-yaml.js +28 -1
- package/dist/cli/config-yaml.js.map +1 -1
- package/dist/cli/index.js +11 -0
- package/dist/cli/index.js.map +1 -1
- package/dist/core/agent-scope.d.ts +81 -0
- package/dist/core/agent-scope.d.ts.map +1 -0
- package/dist/core/agent-scope.js +146 -0
- package/dist/core/agent-scope.js.map +1 -0
- package/dist/core/exec.d.ts +86 -0
- package/dist/core/exec.d.ts.map +1 -0
- package/dist/core/exec.js +149 -0
- package/dist/core/exec.js.map +1 -0
- package/dist/core/health.d.ts +27 -0
- package/dist/core/health.d.ts.map +1 -0
- package/dist/core/health.js +73 -0
- package/dist/core/health.js.map +1 -0
- package/dist/core/mcp-server.d.ts +13 -0
- package/dist/core/mcp-server.d.ts.map +1 -1
- package/dist/core/mcp-server.js +299 -11
- package/dist/core/mcp-server.js.map +1 -1
- package/dist/core/sessions.d.ts.map +1 -1
- package/dist/core/sessions.js +11 -1
- package/dist/core/sessions.js.map +1 -1
- package/dist/providers/env.d.ts +27 -0
- package/dist/providers/env.d.ts.map +1 -0
- package/dist/providers/env.js +64 -0
- package/dist/providers/env.js.map +1 -0
- package/dist/providers/filesystem.d.ts +34 -0
- package/dist/providers/filesystem.d.ts.map +1 -0
- package/dist/providers/filesystem.js +143 -0
- package/dist/providers/filesystem.js.map +1 -0
- package/dist/providers/index.d.ts +25 -0
- package/dist/providers/index.d.ts.map +1 -0
- package/dist/providers/index.js +39 -0
- package/dist/providers/index.js.map +1 -0
- package/dist/providers/registry.d.ts +40 -0
- package/dist/providers/registry.d.ts.map +1 -0
- package/dist/providers/registry.js +113 -0
- package/dist/providers/registry.js.map +1 -0
- package/dist/providers/types.d.ts +137 -0
- package/dist/providers/types.d.ts.map +1 -0
- package/dist/providers/types.js +135 -0
- package/dist/providers/types.js.map +1 -0
- package/package.json +1 -1
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Filesystem Secrets Provider
|
|
3
|
+
*
|
|
4
|
+
* Wraps Janee's existing AES-256-GCM encrypted local storage.
|
|
5
|
+
* This is the default provider -- backward compatible with existing configs.
|
|
6
|
+
*/
|
|
7
|
+
import { SecretsProvider, HealthCheckResult, ProviderConfig } from './types';
|
|
8
|
+
export declare class FilesystemProvider implements SecretsProvider {
|
|
9
|
+
readonly name: string;
|
|
10
|
+
readonly type = "filesystem";
|
|
11
|
+
private secretsDir;
|
|
12
|
+
private masterKey;
|
|
13
|
+
private initialized;
|
|
14
|
+
constructor(config: ProviderConfig);
|
|
15
|
+
initialize(): Promise<void>;
|
|
16
|
+
getSecret(secretPath: string): Promise<string | null>;
|
|
17
|
+
setSecret(secretPath: string, value: string): Promise<void>;
|
|
18
|
+
deleteSecret(secretPath: string): Promise<void>;
|
|
19
|
+
listSecrets(prefix?: string): Promise<string[]>;
|
|
20
|
+
dispose(): Promise<void>;
|
|
21
|
+
healthCheck(): Promise<HealthCheckResult>;
|
|
22
|
+
private ensureInitialized;
|
|
23
|
+
/**
|
|
24
|
+
* Securely resolve a secret path to a filesystem path.
|
|
25
|
+
*
|
|
26
|
+
* Security: Uses path.resolve + prefix check to guarantee the resolved
|
|
27
|
+
* path is contained within secretsDir. Rejects absolute paths and
|
|
28
|
+
* traversal attempts via validateSecretPath() and a post-resolution
|
|
29
|
+
* containment check.
|
|
30
|
+
*/
|
|
31
|
+
private resolvePath;
|
|
32
|
+
private walkDir;
|
|
33
|
+
}
|
|
34
|
+
//# sourceMappingURL=filesystem.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"filesystem.d.ts","sourceRoot":"","sources":["../../src/providers/filesystem.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,OAAO,EAAE,eAAe,EAAE,iBAAiB,EAAE,cAAc,EAAoD,MAAM,SAAS,CAAC;AAU/H,qBAAa,kBAAmB,YAAW,eAAe;IACxD,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,gBAAgB;IAE7B,OAAO,CAAC,UAAU,CAAS;IAC3B,OAAO,CAAC,SAAS,CAAS;IAC1B,OAAO,CAAC,WAAW,CAAS;gBAEhB,MAAM,EAAE,cAAc;IAoB5B,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAQ3B,SAAS,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAqBrD,SAAS,CAAC,UAAU,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAc3D,YAAY,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAU/C,WAAW,CAAC,MAAM,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAgB/C,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAIxB,WAAW,IAAI,OAAO,CAAC,iBAAiB,CAAC;IAqB/C,OAAO,CAAC,iBAAiB;IAUzB;;;;;;;OAOG;IACH,OAAO,CAAC,WAAW;IAuBnB,OAAO,CAAC,OAAO;CAchB"}
|
|
@@ -0,0 +1,143 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Filesystem Secrets Provider
|
|
4
|
+
*
|
|
5
|
+
* Wraps Janee's existing AES-256-GCM encrypted local storage.
|
|
6
|
+
* This is the default provider -- backward compatible with existing configs.
|
|
7
|
+
*/
|
|
8
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
9
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
10
|
+
};
|
|
11
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
+
exports.FilesystemProvider = void 0;
|
|
13
|
+
const fs_1 = __importDefault(require("fs"));
|
|
14
|
+
const path_1 = __importDefault(require("path"));
|
|
15
|
+
const types_1 = require("./types");
|
|
16
|
+
const crypto_1 = require("../core/crypto");
|
|
17
|
+
class FilesystemProvider {
|
|
18
|
+
name;
|
|
19
|
+
type = 'filesystem';
|
|
20
|
+
secretsDir;
|
|
21
|
+
masterKey;
|
|
22
|
+
initialized = false;
|
|
23
|
+
constructor(config) {
|
|
24
|
+
this.name = config.name;
|
|
25
|
+
const fsConfig = config.config;
|
|
26
|
+
if (!fsConfig.masterKey) {
|
|
27
|
+
throw new types_1.SecretError(types_1.SecretErrorCode.CONFIG_ERROR, `FilesystemProvider "${config.name}": masterKey is required`, { provider: config.name });
|
|
28
|
+
}
|
|
29
|
+
this.masterKey = fsConfig.masterKey;
|
|
30
|
+
this.secretsDir = path_1.default.resolve(fsConfig.path || path_1.default.join(process.env.HOME || process.env.USERPROFILE || '/tmp', '.janee', 'credentials'));
|
|
31
|
+
}
|
|
32
|
+
async initialize() {
|
|
33
|
+
// Ensure directory exists
|
|
34
|
+
if (!fs_1.default.existsSync(this.secretsDir)) {
|
|
35
|
+
fs_1.default.mkdirSync(this.secretsDir, { recursive: true, mode: 0o700 });
|
|
36
|
+
}
|
|
37
|
+
this.initialized = true;
|
|
38
|
+
}
|
|
39
|
+
async getSecret(secretPath) {
|
|
40
|
+
this.ensureInitialized();
|
|
41
|
+
const filePath = this.resolvePath(secretPath);
|
|
42
|
+
if (!fs_1.default.existsSync(filePath)) {
|
|
43
|
+
return null;
|
|
44
|
+
}
|
|
45
|
+
try {
|
|
46
|
+
const encrypted = fs_1.default.readFileSync(filePath, 'utf8').trim();
|
|
47
|
+
return (0, crypto_1.decryptSecret)(encrypted, this.masterKey);
|
|
48
|
+
}
|
|
49
|
+
catch (err) {
|
|
50
|
+
throw new types_1.SecretError(types_1.SecretErrorCode.CRYPTO_ERROR, `FilesystemProvider "${this.name}": failed to decrypt "${secretPath}": ${err.message}`, { provider: this.name, secretPath, cause: err });
|
|
51
|
+
}
|
|
52
|
+
}
|
|
53
|
+
async setSecret(secretPath, value) {
|
|
54
|
+
this.ensureInitialized();
|
|
55
|
+
const filePath = this.resolvePath(secretPath);
|
|
56
|
+
const dir = path_1.default.dirname(filePath);
|
|
57
|
+
if (!fs_1.default.existsSync(dir)) {
|
|
58
|
+
fs_1.default.mkdirSync(dir, { recursive: true, mode: 0o700 });
|
|
59
|
+
}
|
|
60
|
+
const encrypted = (0, crypto_1.encryptSecret)(value, this.masterKey);
|
|
61
|
+
fs_1.default.writeFileSync(filePath, encrypted, { mode: 0o600 });
|
|
62
|
+
}
|
|
63
|
+
async deleteSecret(secretPath) {
|
|
64
|
+
this.ensureInitialized();
|
|
65
|
+
const filePath = this.resolvePath(secretPath);
|
|
66
|
+
if (fs_1.default.existsSync(filePath)) {
|
|
67
|
+
fs_1.default.unlinkSync(filePath);
|
|
68
|
+
}
|
|
69
|
+
}
|
|
70
|
+
async listSecrets(prefix) {
|
|
71
|
+
this.ensureInitialized();
|
|
72
|
+
const searchDir = prefix
|
|
73
|
+
? path_1.default.join(this.secretsDir, prefix)
|
|
74
|
+
: this.secretsDir;
|
|
75
|
+
if (!fs_1.default.existsSync(searchDir)) {
|
|
76
|
+
return [];
|
|
77
|
+
}
|
|
78
|
+
return this.walkDir(searchDir).map(filePath => path_1.default.relative(this.secretsDir, filePath));
|
|
79
|
+
}
|
|
80
|
+
async dispose() {
|
|
81
|
+
this.initialized = false;
|
|
82
|
+
}
|
|
83
|
+
async healthCheck() {
|
|
84
|
+
const start = Date.now();
|
|
85
|
+
try {
|
|
86
|
+
// Check directory exists and is writable
|
|
87
|
+
if (!fs_1.default.existsSync(this.secretsDir)) {
|
|
88
|
+
return { healthy: false, error: `Directory not found: ${this.secretsDir}` };
|
|
89
|
+
}
|
|
90
|
+
fs_1.default.accessSync(this.secretsDir, fs_1.default.constants.R_OK | fs_1.default.constants.W_OK);
|
|
91
|
+
return { healthy: true, latencyMs: Date.now() - start };
|
|
92
|
+
}
|
|
93
|
+
catch (err) {
|
|
94
|
+
return {
|
|
95
|
+
healthy: false,
|
|
96
|
+
error: `Cannot access ${this.secretsDir}: ${err.message}`,
|
|
97
|
+
latencyMs: Date.now() - start
|
|
98
|
+
};
|
|
99
|
+
}
|
|
100
|
+
}
|
|
101
|
+
ensureInitialized() {
|
|
102
|
+
if (!this.initialized) {
|
|
103
|
+
throw new types_1.SecretError(types_1.SecretErrorCode.NOT_INITIALIZED, `FilesystemProvider "${this.name}": not initialized. Call initialize() first.`, { provider: this.name });
|
|
104
|
+
}
|
|
105
|
+
}
|
|
106
|
+
/**
|
|
107
|
+
* Securely resolve a secret path to a filesystem path.
|
|
108
|
+
*
|
|
109
|
+
* Security: Uses path.resolve + prefix check to guarantee the resolved
|
|
110
|
+
* path is contained within secretsDir. Rejects absolute paths and
|
|
111
|
+
* traversal attempts via validateSecretPath() and a post-resolution
|
|
112
|
+
* containment check.
|
|
113
|
+
*/
|
|
114
|
+
resolvePath(secretPath) {
|
|
115
|
+
// Validate path structure (rejects .., absolute paths, etc.)
|
|
116
|
+
(0, types_1.validateSecretPath)(secretPath);
|
|
117
|
+
// Resolve to absolute path
|
|
118
|
+
const resolved = path_1.default.resolve(this.secretsDir, secretPath);
|
|
119
|
+
// Containment check: resolved path MUST be inside secretsDir
|
|
120
|
+
const secretsDirWithSep = this.secretsDir.endsWith(path_1.default.sep)
|
|
121
|
+
? this.secretsDir
|
|
122
|
+
: this.secretsDir + path_1.default.sep;
|
|
123
|
+
if (!resolved.startsWith(secretsDirWithSep) && resolved !== this.secretsDir) {
|
|
124
|
+
throw new types_1.SecretError(types_1.SecretErrorCode.INVALID_PATH, `Path "${secretPath}" resolves outside secrets directory`, { provider: this.name, secretPath });
|
|
125
|
+
}
|
|
126
|
+
return resolved;
|
|
127
|
+
}
|
|
128
|
+
walkDir(dir) {
|
|
129
|
+
const results = [];
|
|
130
|
+
for (const entry of fs_1.default.readdirSync(dir, { withFileTypes: true })) {
|
|
131
|
+
const fullPath = path_1.default.join(dir, entry.name);
|
|
132
|
+
if (entry.isDirectory()) {
|
|
133
|
+
results.push(...this.walkDir(fullPath));
|
|
134
|
+
}
|
|
135
|
+
else if (entry.isFile()) {
|
|
136
|
+
results.push(fullPath);
|
|
137
|
+
}
|
|
138
|
+
}
|
|
139
|
+
return results;
|
|
140
|
+
}
|
|
141
|
+
}
|
|
142
|
+
exports.FilesystemProvider = FilesystemProvider;
|
|
143
|
+
//# sourceMappingURL=filesystem.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"filesystem.js","sourceRoot":"","sources":["../../src/providers/filesystem.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;;;;AAEH,4CAAoB;AACpB,gDAAwB;AACxB,mCAA+H;AAC/H,2CAA8D;AAS9D,MAAa,kBAAkB;IACpB,IAAI,CAAS;IACb,IAAI,GAAG,YAAY,CAAC;IAErB,UAAU,CAAS;IACnB,SAAS,CAAS;IAClB,WAAW,GAAG,KAAK,CAAC;IAE5B,YAAY,MAAsB;QAChC,IAAI,CAAC,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC;QACxB,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAqC,CAAC;QAE9D,IAAI,CAAC,QAAQ,CAAC,SAAS,EAAE,CAAC;YACxB,MAAM,IAAI,mBAAW,CACnB,uBAAe,CAAC,YAAY,EAC5B,uBAAuB,MAAM,CAAC,IAAI,0BAA0B,EAC5D,EAAE,QAAQ,EAAE,MAAM,CAAC,IAAI,EAAE,CAC1B,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,SAAS,GAAG,QAAQ,CAAC,SAAS,CAAC;QACpC,IAAI,CAAC,UAAU,GAAG,cAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,IAAI,cAAI,CAAC,IAAI,CACvD,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,MAAM,EACrD,QAAQ,EACR,aAAa,CACd,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,UAAU;QACd,0BAA0B;QAC1B,IAAI,CAAC,YAAE,CAAC,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;YACpC,YAAE,CAAC,SAAS,CAAC,IAAI,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QAClE,CAAC;QACD,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;IAC1B,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,UAAkB;QAChC,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAEzB,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;QAE9C,IAAI,CAAC,YAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC7B,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,YAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC;YAC3D,OAAO,IAAA,sBAAa,EAAC,SAAS,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;QAClD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,mBAAW,CACnB,uBAAe,CAAC,YAAY,EAC5B,uBAAuB,IAAI,CAAC,IAAI,yBAAyB,UAAU,MAAO,GAAa,CAAC,OAAO,EAAE,EACjG,EAAE,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,GAAY,EAAE,CACzD,CAAC;QACJ,CAAC;IACH,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,UAAkB,EAAE,KAAa;QAC/C,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAEzB,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;QAC9C,MAAM,GAAG,GAAG,cAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QAEnC,IAAI,CAAC,YAAE,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YACxB,YAAE,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QACtD,CAAC;QAED,MAAM,SAAS,GAAG,IAAA,sBAAa,EAAC,KAAK,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;QACvD,YAAE,CAAC,aAAa,CAAC,QAAQ,EAAE,SAAS,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACzD,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,UAAkB;QACnC,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAEzB,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;QAE9C,IAAI,YAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC5B,YAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;QAC1B,CAAC;IACH,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,MAAe;QAC/B,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAEzB,MAAM,SAAS,GAAG,MAAM;YACtB,CAAC,CAAC,cAAI,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,MAAM,CAAC;YACpC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC;QAEpB,IAAI,CAAC,YAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YAC9B,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,OAAO,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,GAAG,CAChC,QAAQ,CAAC,EAAE,CAAC,cAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,UAAU,EAAE,QAAQ,CAAC,CACrD,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,OAAO;QACX,IAAI,CAAC,WAAW,GAAG,KAAK,CAAC;IAC3B,CAAC;IAED,KAAK,CAAC,WAAW;QACf,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAEzB,IAAI,CAAC;YACH,yCAAyC;YACzC,IAAI,CAAC,YAAE,CAAC,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;gBACpC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,wBAAwB,IAAI,CAAC,UAAU,EAAE,EAAE,CAAC;YAC9E,CAAC;YAED,YAAE,CAAC,UAAU,CAAC,IAAI,CAAC,UAAU,EAAE,YAAE,CAAC,SAAS,CAAC,IAAI,GAAG,YAAE,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;YAEtE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,EAAE,CAAC;QAC1D,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,iBAAiB,IAAI,CAAC,UAAU,KAAM,GAAa,CAAC,OAAO,EAAE;gBACpE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;aAC9B,CAAC;QACJ,CAAC;IACH,CAAC;IAEO,iBAAiB;QACvB,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,MAAM,IAAI,mBAAW,CACnB,uBAAe,CAAC,eAAe,EAC/B,uBAAuB,IAAI,CAAC,IAAI,8CAA8C,EAC9E,EAAE,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,CACxB,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;;;;;;OAOG;IACK,WAAW,CAAC,UAAkB;QACpC,6DAA6D;QAC7D,IAAA,0BAAkB,EAAC,UAAU,CAAC,CAAC;QAE/B,2BAA2B;QAC3B,MAAM,QAAQ,GAAG,cAAI,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QAE3D,6DAA6D;QAC7D,MAAM,iBAAiB,GAAG,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,cAAI,CAAC,GAAG,CAAC;YAC1D,CAAC,CAAC,IAAI,CAAC,UAAU;YACjB,CAAC,CAAC,IAAI,CAAC,UAAU,GAAG,cAAI,CAAC,GAAG,CAAC;QAE/B,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,iBAAiB,CAAC,IAAI,QAAQ,KAAK,IAAI,CAAC,UAAU,EAAE,CAAC;YAC5E,MAAM,IAAI,mBAAW,CACnB,uBAAe,CAAC,YAAY,EAC5B,SAAS,UAAU,sCAAsC,EACzD,EAAE,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,UAAU,EAAE,CACpC,CAAC;QACJ,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAEO,OAAO,CAAC,GAAW;QACzB,MAAM,OAAO,GAAa,EAAE,CAAC;QAE7B,KAAK,MAAM,KAAK,IAAI,YAAE,CAAC,WAAW,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;YACjE,MAAM,QAAQ,GAAG,cAAI,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;YAC5C,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;gBACxB,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC;YAC1C,CAAC;iBAAM,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;gBAC1B,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACzB,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;CACF;AAjLD,gDAiLC"}
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Janee Secrets Provider System
|
|
3
|
+
*
|
|
4
|
+
* Plugin architecture for multiple secrets backends.
|
|
5
|
+
* See RFC 0005: docs/rfcs/0005-plugin-architecture.md
|
|
6
|
+
*
|
|
7
|
+
* Built-in providers:
|
|
8
|
+
* - filesystem: AES-256-GCM encrypted local storage (default)
|
|
9
|
+
* - env: Environment variables
|
|
10
|
+
*
|
|
11
|
+
* Usage:
|
|
12
|
+
* import { createProvider, resolveSecret } from './providers';
|
|
13
|
+
*
|
|
14
|
+
* await createProvider({ name: 'local', type: 'filesystem', config: { masterKey: '...' } });
|
|
15
|
+
* await createProvider({ name: 'ci', type: 'env', config: { prefix: 'JANEE_' } });
|
|
16
|
+
*
|
|
17
|
+
* const key = await resolveSecret('local://stripe/api-key');
|
|
18
|
+
* const token = await resolveSecret('ci://GITHUB_TOKEN');
|
|
19
|
+
*/
|
|
20
|
+
export { createProvider, getProvider, resolveSecret, healthCheckAll, disposeAll, registerProviderType, parseProviderURI, } from './registry';
|
|
21
|
+
export type { SecretsProvider, ProviderConfig, ProviderFactory, HealthCheckResult, } from './types';
|
|
22
|
+
export { SecretError, SecretErrorCode, validateSecretPath, } from './types';
|
|
23
|
+
export { FilesystemProvider } from './filesystem';
|
|
24
|
+
export { EnvProvider } from './env';
|
|
25
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/providers/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,EACL,cAAc,EACd,WAAW,EACX,aAAa,EACb,cAAc,EACd,UAAU,EACV,oBAAoB,EACpB,gBAAgB,GACjB,MAAM,YAAY,CAAC;AAEpB,YAAY,EACV,eAAe,EACf,cAAc,EACd,eAAe,EACf,iBAAiB,GAClB,MAAM,SAAS,CAAC;AAEjB,OAAO,EACL,WAAW,EACX,eAAe,EACf,kBAAkB,GACnB,MAAM,SAAS,CAAC;AAEjB,OAAO,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AAClD,OAAO,EAAE,WAAW,EAAE,MAAM,OAAO,CAAC"}
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Janee Secrets Provider System
|
|
4
|
+
*
|
|
5
|
+
* Plugin architecture for multiple secrets backends.
|
|
6
|
+
* See RFC 0005: docs/rfcs/0005-plugin-architecture.md
|
|
7
|
+
*
|
|
8
|
+
* Built-in providers:
|
|
9
|
+
* - filesystem: AES-256-GCM encrypted local storage (default)
|
|
10
|
+
* - env: Environment variables
|
|
11
|
+
*
|
|
12
|
+
* Usage:
|
|
13
|
+
* import { createProvider, resolveSecret } from './providers';
|
|
14
|
+
*
|
|
15
|
+
* await createProvider({ name: 'local', type: 'filesystem', config: { masterKey: '...' } });
|
|
16
|
+
* await createProvider({ name: 'ci', type: 'env', config: { prefix: 'JANEE_' } });
|
|
17
|
+
*
|
|
18
|
+
* const key = await resolveSecret('local://stripe/api-key');
|
|
19
|
+
* const token = await resolveSecret('ci://GITHUB_TOKEN');
|
|
20
|
+
*/
|
|
21
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
22
|
+
exports.EnvProvider = exports.FilesystemProvider = exports.validateSecretPath = exports.SecretErrorCode = exports.SecretError = exports.parseProviderURI = exports.registerProviderType = exports.disposeAll = exports.healthCheckAll = exports.resolveSecret = exports.getProvider = exports.createProvider = void 0;
|
|
23
|
+
var registry_1 = require("./registry");
|
|
24
|
+
Object.defineProperty(exports, "createProvider", { enumerable: true, get: function () { return registry_1.createProvider; } });
|
|
25
|
+
Object.defineProperty(exports, "getProvider", { enumerable: true, get: function () { return registry_1.getProvider; } });
|
|
26
|
+
Object.defineProperty(exports, "resolveSecret", { enumerable: true, get: function () { return registry_1.resolveSecret; } });
|
|
27
|
+
Object.defineProperty(exports, "healthCheckAll", { enumerable: true, get: function () { return registry_1.healthCheckAll; } });
|
|
28
|
+
Object.defineProperty(exports, "disposeAll", { enumerable: true, get: function () { return registry_1.disposeAll; } });
|
|
29
|
+
Object.defineProperty(exports, "registerProviderType", { enumerable: true, get: function () { return registry_1.registerProviderType; } });
|
|
30
|
+
Object.defineProperty(exports, "parseProviderURI", { enumerable: true, get: function () { return registry_1.parseProviderURI; } });
|
|
31
|
+
var types_1 = require("./types");
|
|
32
|
+
Object.defineProperty(exports, "SecretError", { enumerable: true, get: function () { return types_1.SecretError; } });
|
|
33
|
+
Object.defineProperty(exports, "SecretErrorCode", { enumerable: true, get: function () { return types_1.SecretErrorCode; } });
|
|
34
|
+
Object.defineProperty(exports, "validateSecretPath", { enumerable: true, get: function () { return types_1.validateSecretPath; } });
|
|
35
|
+
var filesystem_1 = require("./filesystem");
|
|
36
|
+
Object.defineProperty(exports, "FilesystemProvider", { enumerable: true, get: function () { return filesystem_1.FilesystemProvider; } });
|
|
37
|
+
var env_1 = require("./env");
|
|
38
|
+
Object.defineProperty(exports, "EnvProvider", { enumerable: true, get: function () { return env_1.EnvProvider; } });
|
|
39
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/providers/index.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;GAkBG;;;AAEH,uCAQoB;AAPlB,0GAAA,cAAc,OAAA;AACd,uGAAA,WAAW,OAAA;AACX,yGAAA,aAAa,OAAA;AACb,0GAAA,cAAc,OAAA;AACd,sGAAA,UAAU,OAAA;AACV,gHAAA,oBAAoB,OAAA;AACpB,4GAAA,gBAAgB,OAAA;AAUlB,iCAIiB;AAHf,oGAAA,WAAW,OAAA;AACX,wGAAA,eAAe,OAAA;AACf,2GAAA,kBAAkB,OAAA;AAGpB,2CAAkD;AAAzC,gHAAA,kBAAkB,OAAA;AAC3B,6BAAoC;AAA3B,kGAAA,WAAW,OAAA"}
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Provider Registry
|
|
3
|
+
*
|
|
4
|
+
* Central registry for secrets provider factories.
|
|
5
|
+
* Resolves provider URIs and manages provider lifecycle.
|
|
6
|
+
*/
|
|
7
|
+
import { SecretsProvider, ProviderConfig, ProviderFactory } from './types';
|
|
8
|
+
/**
|
|
9
|
+
* Register a built-in provider factory.
|
|
10
|
+
*/
|
|
11
|
+
export declare function registerProviderType(type: string, factory: ProviderFactory): void;
|
|
12
|
+
/**
|
|
13
|
+
* Create and register a provider instance from config.
|
|
14
|
+
*/
|
|
15
|
+
export declare function createProvider(config: ProviderConfig): Promise<SecretsProvider>;
|
|
16
|
+
/**
|
|
17
|
+
* Get a registered provider instance by name.
|
|
18
|
+
*/
|
|
19
|
+
export declare function getProvider(name: string): SecretsProvider | undefined;
|
|
20
|
+
/**
|
|
21
|
+
* Resolve a secret value from a URI like "vault://path/to/secret"
|
|
22
|
+
* or a plain path (uses the default provider).
|
|
23
|
+
*
|
|
24
|
+
* @param uri - Provider URI or plain secret path
|
|
25
|
+
* @param defaultProvider - Provider name to use when no scheme is specified
|
|
26
|
+
*/
|
|
27
|
+
export declare function resolveSecret(uri: string, defaultProvider?: string): Promise<string | null>;
|
|
28
|
+
/**
|
|
29
|
+
* Run health checks on all registered providers.
|
|
30
|
+
*/
|
|
31
|
+
export declare function healthCheckAll(): Promise<Map<string, {
|
|
32
|
+
healthy: boolean;
|
|
33
|
+
error?: string;
|
|
34
|
+
}>>;
|
|
35
|
+
/**
|
|
36
|
+
* Dispose all provider instances and clear registries.
|
|
37
|
+
*/
|
|
38
|
+
export declare function disposeAll(): Promise<void>;
|
|
39
|
+
export { parseProviderURI } from './types';
|
|
40
|
+
//# sourceMappingURL=registry.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"registry.d.ts","sourceRoot":"","sources":["../../src/providers/registry.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,eAAe,EAAE,cAAc,EAAE,eAAe,EAAkD,MAAM,SAAS,CAAC;AAc3H;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,eAAe,GAAG,IAAI,CAQjF;AAED;;GAEG;AACH,wBAAsB,cAAc,CAAC,MAAM,EAAE,cAAc,GAAG,OAAO,CAAC,eAAe,CAAC,CAerF;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,eAAe,GAAG,SAAS,CAErE;AAED;;;;;;GAMG;AACH,wBAAsB,aAAa,CACjC,GAAG,EAAE,MAAM,EACX,eAAe,GAAE,MAAgB,GAChC,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAexB;AAED;;GAEG;AACH,wBAAsB,cAAc,IAAI,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAAC,CAYjG;AAED;;GAEG;AACH,wBAAsB,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC,CAoBhD;AAGD,OAAO,EAAE,gBAAgB,EAAE,MAAM,SAAS,CAAC"}
|
|
@@ -0,0 +1,113 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Provider Registry
|
|
4
|
+
*
|
|
5
|
+
* Central registry for secrets provider factories.
|
|
6
|
+
* Resolves provider URIs and manages provider lifecycle.
|
|
7
|
+
*/
|
|
8
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
9
|
+
exports.parseProviderURI = void 0;
|
|
10
|
+
exports.registerProviderType = registerProviderType;
|
|
11
|
+
exports.createProvider = createProvider;
|
|
12
|
+
exports.getProvider = getProvider;
|
|
13
|
+
exports.resolveSecret = resolveSecret;
|
|
14
|
+
exports.healthCheckAll = healthCheckAll;
|
|
15
|
+
exports.disposeAll = disposeAll;
|
|
16
|
+
const types_1 = require("./types");
|
|
17
|
+
const filesystem_1 = require("./filesystem");
|
|
18
|
+
const env_1 = require("./env");
|
|
19
|
+
/**
|
|
20
|
+
* Registry of provider factories by type name.
|
|
21
|
+
*/
|
|
22
|
+
const factories = new Map();
|
|
23
|
+
/**
|
|
24
|
+
* Active provider instances by name.
|
|
25
|
+
*/
|
|
26
|
+
const instances = new Map();
|
|
27
|
+
/**
|
|
28
|
+
* Register a built-in provider factory.
|
|
29
|
+
*/
|
|
30
|
+
function registerProviderType(type, factory) {
|
|
31
|
+
if (factories.has(type)) {
|
|
32
|
+
throw new types_1.SecretError(types_1.SecretErrorCode.CONFIG_ERROR, `Provider type "${type}" is already registered`);
|
|
33
|
+
}
|
|
34
|
+
factories.set(type, factory);
|
|
35
|
+
}
|
|
36
|
+
/**
|
|
37
|
+
* Create and register a provider instance from config.
|
|
38
|
+
*/
|
|
39
|
+
async function createProvider(config) {
|
|
40
|
+
const factory = factories.get(config.type);
|
|
41
|
+
if (!factory) {
|
|
42
|
+
const available = Array.from(factories.keys()).join(', ');
|
|
43
|
+
throw new types_1.SecretError(types_1.SecretErrorCode.CONFIG_ERROR, `Unknown provider type "${config.type}". Available types: ${available}`, { provider: config.name });
|
|
44
|
+
}
|
|
45
|
+
const provider = factory(config);
|
|
46
|
+
await provider.initialize();
|
|
47
|
+
instances.set(config.name, provider);
|
|
48
|
+
return provider;
|
|
49
|
+
}
|
|
50
|
+
/**
|
|
51
|
+
* Get a registered provider instance by name.
|
|
52
|
+
*/
|
|
53
|
+
function getProvider(name) {
|
|
54
|
+
return instances.get(name);
|
|
55
|
+
}
|
|
56
|
+
/**
|
|
57
|
+
* Resolve a secret value from a URI like "vault://path/to/secret"
|
|
58
|
+
* or a plain path (uses the default provider).
|
|
59
|
+
*
|
|
60
|
+
* @param uri - Provider URI or plain secret path
|
|
61
|
+
* @param defaultProvider - Provider name to use when no scheme is specified
|
|
62
|
+
*/
|
|
63
|
+
async function resolveSecret(uri, defaultProvider = 'local') {
|
|
64
|
+
const { provider: providerName, path } = (0, types_1.parseProviderURI)(uri);
|
|
65
|
+
const name = providerName || defaultProvider;
|
|
66
|
+
const provider = instances.get(name);
|
|
67
|
+
if (!provider) {
|
|
68
|
+
const available = Array.from(instances.keys()).join(', ');
|
|
69
|
+
throw new types_1.SecretError(types_1.SecretErrorCode.CONFIG_ERROR, `Provider "${name}" not found. Registered providers: ${available}`, { provider: name, secretPath: path });
|
|
70
|
+
}
|
|
71
|
+
return provider.getSecret(path);
|
|
72
|
+
}
|
|
73
|
+
/**
|
|
74
|
+
* Run health checks on all registered providers.
|
|
75
|
+
*/
|
|
76
|
+
async function healthCheckAll() {
|
|
77
|
+
const results = new Map();
|
|
78
|
+
for (const [name, provider] of instances) {
|
|
79
|
+
try {
|
|
80
|
+
results.set(name, await provider.healthCheck());
|
|
81
|
+
}
|
|
82
|
+
catch (err) {
|
|
83
|
+
results.set(name, { healthy: false, error: err.message });
|
|
84
|
+
}
|
|
85
|
+
}
|
|
86
|
+
return results;
|
|
87
|
+
}
|
|
88
|
+
/**
|
|
89
|
+
* Dispose all provider instances and clear registries.
|
|
90
|
+
*/
|
|
91
|
+
async function disposeAll() {
|
|
92
|
+
const errors = [];
|
|
93
|
+
for (const [name, provider] of instances) {
|
|
94
|
+
try {
|
|
95
|
+
await provider.dispose();
|
|
96
|
+
}
|
|
97
|
+
catch (err) {
|
|
98
|
+
errors.push(err);
|
|
99
|
+
}
|
|
100
|
+
}
|
|
101
|
+
instances.clear();
|
|
102
|
+
factories.clear();
|
|
103
|
+
if (errors.length > 0) {
|
|
104
|
+
throw new types_1.SecretError(types_1.SecretErrorCode.INTERNAL, `Failed to dispose ${errors.length} provider(s): ${errors.map(e => e.message).join('; ')}`);
|
|
105
|
+
}
|
|
106
|
+
}
|
|
107
|
+
// Re-export parseProviderURI from types
|
|
108
|
+
var types_2 = require("./types");
|
|
109
|
+
Object.defineProperty(exports, "parseProviderURI", { enumerable: true, get: function () { return types_2.parseProviderURI; } });
|
|
110
|
+
// Register built-in provider types
|
|
111
|
+
registerProviderType('filesystem', (config) => new filesystem_1.FilesystemProvider(config));
|
|
112
|
+
registerProviderType('env', (config) => new env_1.EnvProvider(config));
|
|
113
|
+
//# sourceMappingURL=registry.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"registry.js","sourceRoot":"","sources":["../../src/providers/registry.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;AAmBH,oDAQC;AAKD,wCAeC;AAKD,kCAEC;AASD,sCAkBC;AAKD,wCAYC;AAKD,gCAoBC;AAzHD,mCAA2H;AAC3H,6CAAkD;AAClD,+BAAoC;AAEpC;;GAEG;AACH,MAAM,SAAS,GAAG,IAAI,GAAG,EAA2B,CAAC;AAErD;;GAEG;AACH,MAAM,SAAS,GAAG,IAAI,GAAG,EAA2B,CAAC;AAErD;;GAEG;AACH,SAAgB,oBAAoB,CAAC,IAAY,EAAE,OAAwB;IACzE,IAAI,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;QACxB,MAAM,IAAI,mBAAW,CACnB,uBAAe,CAAC,YAAY,EAC5B,kBAAkB,IAAI,yBAAyB,CAChD,CAAC;IACJ,CAAC;IACD,SAAS,CAAC,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;AAC/B,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,cAAc,CAAC,MAAsB;IACzD,MAAM,OAAO,GAAG,SAAS,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IAC3C,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1D,MAAM,IAAI,mBAAW,CACnB,uBAAe,CAAC,YAAY,EAC5B,0BAA0B,MAAM,CAAC,IAAI,uBAAuB,SAAS,EAAE,EACvE,EAAE,QAAQ,EAAE,MAAM,CAAC,IAAI,EAAE,CAC1B,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IACjC,MAAM,QAAQ,CAAC,UAAU,EAAE,CAAC;IAC5B,SAAS,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IACrC,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,SAAgB,WAAW,CAAC,IAAY;IACtC,OAAO,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;AAC7B,CAAC;AAED;;;;;;GAMG;AACI,KAAK,UAAU,aAAa,CACjC,GAAW,EACX,kBAA0B,OAAO;IAEjC,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE,IAAI,EAAE,GAAG,IAAA,wBAAgB,EAAC,GAAG,CAAC,CAAC;IAC/D,MAAM,IAAI,GAAG,YAAY,IAAI,eAAe,CAAC;IAE7C,MAAM,QAAQ,GAAG,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACrC,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1D,MAAM,IAAI,mBAAW,CACnB,uBAAe,CAAC,YAAY,EAC5B,aAAa,IAAI,sCAAsC,SAAS,EAAE,EAClE,EAAE,QAAQ,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,CACrC,CAAC;IACJ,CAAC;IAED,OAAO,QAAQ,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;AAClC,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,cAAc;IAClC,MAAM,OAAO,GAAG,IAAI,GAAG,EAAgD,CAAC;IAExE,KAAK,MAAM,CAAC,IAAI,EAAE,QAAQ,CAAC,IAAI,SAAS,EAAE,CAAC;QACzC,IAAI,CAAC;YACH,OAAO,CAAC,GAAG,CAAC,IAAI,EAAE,MAAM,QAAQ,CAAC,WAAW,EAAE,CAAC,CAAC;QAClD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAG,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;QACvE,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,UAAU;IAC9B,MAAM,MAAM,GAAY,EAAE,CAAC;IAE3B,KAAK,MAAM,CAAC,IAAI,EAAE,QAAQ,CAAC,IAAI,SAAS,EAAE,CAAC;QACzC,IAAI,CAAC;YACH,MAAM,QAAQ,CAAC,OAAO,EAAE,CAAC;QAC3B,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,CAAC,IAAI,CAAC,GAAY,CAAC,CAAC;QAC5B,CAAC;IACH,CAAC;IAED,SAAS,CAAC,KAAK,EAAE,CAAC;IAClB,SAAS,CAAC,KAAK,EAAE,CAAC;IAElB,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,MAAM,IAAI,mBAAW,CACnB,uBAAe,CAAC,QAAQ,EACxB,qBAAqB,MAAM,CAAC,MAAM,iBAAiB,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAC3F,CAAC;IACJ,CAAC;AACH,CAAC;AAED,wCAAwC;AACxC,iCAA2C;AAAlC,yGAAA,gBAAgB,OAAA;AAEzB,mCAAmC;AACnC,oBAAoB,CAAC,YAAY,EAAE,CAAC,MAAM,EAAE,EAAE,CAAC,IAAI,+BAAkB,CAAC,MAAM,CAAC,CAAC,CAAC;AAC/E,oBAAoB,CAAC,KAAK,EAAE,CAAC,MAAM,EAAE,EAAE,CAAC,IAAI,iBAAW,CAAC,MAAM,CAAC,CAAC,CAAC"}
|
|
@@ -0,0 +1,137 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Secrets Provider Plugin Interface
|
|
3
|
+
*
|
|
4
|
+
* Defines the contract all secrets providers must implement.
|
|
5
|
+
* See RFC 0005 for full design: docs/rfcs/0005-plugin-architecture.md
|
|
6
|
+
*/
|
|
7
|
+
/**
|
|
8
|
+
* Error codes for categorizing secrets operation failures.
|
|
9
|
+
* Enables callers to handle errors programmatically without message matching.
|
|
10
|
+
*/
|
|
11
|
+
export declare enum SecretErrorCode {
|
|
12
|
+
/** Provider is not initialized (call initialize() first) */
|
|
13
|
+
NOT_INITIALIZED = "NOT_INITIALIZED",
|
|
14
|
+
/** Secret was not found (normal -- not an error for most callers) */
|
|
15
|
+
NOT_FOUND = "NOT_FOUND",
|
|
16
|
+
/** Authentication failure (bad credentials, expired token) */
|
|
17
|
+
AUTH_FAILED = "AUTH_FAILED",
|
|
18
|
+
/** Permission denied (authenticated but not authorized) */
|
|
19
|
+
ACCESS_DENIED = "ACCESS_DENIED",
|
|
20
|
+
/** Provider unreachable (network error, timeout) */
|
|
21
|
+
PROVIDER_UNAVAILABLE = "PROVIDER_UNAVAILABLE",
|
|
22
|
+
/** Secret path is invalid (traversal attempt, bad characters) */
|
|
23
|
+
INVALID_PATH = "INVALID_PATH",
|
|
24
|
+
/** URI format is invalid */
|
|
25
|
+
INVALID_URI = "INVALID_URI",
|
|
26
|
+
/** Encryption/decryption failure */
|
|
27
|
+
CRYPTO_ERROR = "CRYPTO_ERROR",
|
|
28
|
+
/** Provider-specific configuration error */
|
|
29
|
+
CONFIG_ERROR = "CONFIG_ERROR",
|
|
30
|
+
/** Generic internal error */
|
|
31
|
+
INTERNAL = "INTERNAL"
|
|
32
|
+
}
|
|
33
|
+
/**
|
|
34
|
+
* Typed error for secrets operations.
|
|
35
|
+
* Enables programmatic error handling without message parsing.
|
|
36
|
+
*/
|
|
37
|
+
export declare class SecretError extends Error {
|
|
38
|
+
readonly code: SecretErrorCode;
|
|
39
|
+
readonly provider?: string;
|
|
40
|
+
readonly secretPath?: string;
|
|
41
|
+
constructor(code: SecretErrorCode, message: string, options?: {
|
|
42
|
+
provider?: string;
|
|
43
|
+
secretPath?: string;
|
|
44
|
+
cause?: Error;
|
|
45
|
+
});
|
|
46
|
+
}
|
|
47
|
+
/**
|
|
48
|
+
* Core interface that all secrets providers must implement.
|
|
49
|
+
*/
|
|
50
|
+
export interface SecretsProvider {
|
|
51
|
+
/** Human-readable provider name (e.g., "my-vault") */
|
|
52
|
+
readonly name: string;
|
|
53
|
+
/** Provider type identifier (e.g., "hashicorp-vault", "aws-secrets-manager") */
|
|
54
|
+
readonly type: string;
|
|
55
|
+
/**
|
|
56
|
+
* Initialize the provider (connect, authenticate, validate config).
|
|
57
|
+
* Called once before any secret operations.
|
|
58
|
+
* @throws SecretError if provider cannot be initialized
|
|
59
|
+
*/
|
|
60
|
+
initialize(): Promise<void>;
|
|
61
|
+
/**
|
|
62
|
+
* Retrieve a secret by path.
|
|
63
|
+
* @param path - Provider-specific path (e.g., "mcp/agents/stripe/api-key")
|
|
64
|
+
* @returns The secret value, or null if not found
|
|
65
|
+
* @throws SecretError on connection/auth errors (NOT on missing secrets)
|
|
66
|
+
*/
|
|
67
|
+
getSecret(path: string): Promise<string | null>;
|
|
68
|
+
/**
|
|
69
|
+
* Store a secret. Optional -- not all providers support writes.
|
|
70
|
+
* @param path - Provider-specific path
|
|
71
|
+
* @param value - Secret value to store
|
|
72
|
+
*/
|
|
73
|
+
setSecret?(path: string, value: string): Promise<void>;
|
|
74
|
+
/**
|
|
75
|
+
* Delete a secret. Optional.
|
|
76
|
+
*/
|
|
77
|
+
deleteSecret?(path: string): Promise<void>;
|
|
78
|
+
/**
|
|
79
|
+
* List available secret paths. Optional -- useful for CLI tooling.
|
|
80
|
+
*/
|
|
81
|
+
listSecrets?(prefix?: string): Promise<string[]>;
|
|
82
|
+
/**
|
|
83
|
+
* Clean up resources (close connections, etc.).
|
|
84
|
+
*/
|
|
85
|
+
dispose(): Promise<void>;
|
|
86
|
+
/**
|
|
87
|
+
* Health check -- is the provider accessible and authenticated?
|
|
88
|
+
*/
|
|
89
|
+
healthCheck(): Promise<HealthCheckResult>;
|
|
90
|
+
}
|
|
91
|
+
export interface HealthCheckResult {
|
|
92
|
+
healthy: boolean;
|
|
93
|
+
error?: string;
|
|
94
|
+
/** Optional latency in milliseconds */
|
|
95
|
+
latencyMs?: number;
|
|
96
|
+
}
|
|
97
|
+
/**
|
|
98
|
+
* Configuration for a provider instance.
|
|
99
|
+
* The `config` field is provider-type-specific.
|
|
100
|
+
*/
|
|
101
|
+
export interface ProviderConfig {
|
|
102
|
+
/** Instance name (referenced in service configs) */
|
|
103
|
+
name: string;
|
|
104
|
+
/** Provider type (determines which class to instantiate) */
|
|
105
|
+
type: string;
|
|
106
|
+
/** Type-specific configuration */
|
|
107
|
+
config: Record<string, unknown>;
|
|
108
|
+
}
|
|
109
|
+
/**
|
|
110
|
+
* Factory function type for creating provider instances.
|
|
111
|
+
*/
|
|
112
|
+
export type ProviderFactory = (config: ProviderConfig) => SecretsProvider;
|
|
113
|
+
/**
|
|
114
|
+
* Parse a provider URI like "vault://mcp/stripe/api-key"
|
|
115
|
+
* Returns { provider: "vault", path: "mcp/stripe/api-key" }
|
|
116
|
+
* If no scheme, returns { provider: null, path: original }
|
|
117
|
+
*
|
|
118
|
+
* Enforces:
|
|
119
|
+
* - Provider names normalized to lowercase, 1-64 chars
|
|
120
|
+
* - Percent-decoding of path components
|
|
121
|
+
* - Rejection of ".." path segments (traversal prevention)
|
|
122
|
+
* - Max path length of 1024 characters
|
|
123
|
+
*
|
|
124
|
+
* @throws SecretError with INVALID_URI code on validation failure
|
|
125
|
+
*/
|
|
126
|
+
export declare function parseProviderURI(uri: string): {
|
|
127
|
+
provider: string | null;
|
|
128
|
+
path: string;
|
|
129
|
+
};
|
|
130
|
+
/**
|
|
131
|
+
* Validate a secret path for safety.
|
|
132
|
+
* Rejects traversal attempts, overly long paths, and empty paths.
|
|
133
|
+
*
|
|
134
|
+
* @throws SecretError with INVALID_PATH code on validation failure
|
|
135
|
+
*/
|
|
136
|
+
export declare function validateSecretPath(secretPath: string): void;
|
|
137
|
+
//# sourceMappingURL=types.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/providers/types.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH;;;GAGG;AACH,oBAAY,eAAe;IACzB,4DAA4D;IAC5D,eAAe,oBAAoB;IACnC,qEAAqE;IACrE,SAAS,cAAc;IACvB,8DAA8D;IAC9D,WAAW,gBAAgB;IAC3B,2DAA2D;IAC3D,aAAa,kBAAkB;IAC/B,oDAAoD;IACpD,oBAAoB,yBAAyB;IAC7C,iEAAiE;IACjE,YAAY,iBAAiB;IAC7B,4BAA4B;IAC5B,WAAW,gBAAgB;IAC3B,oCAAoC;IACpC,YAAY,iBAAiB;IAC7B,4CAA4C;IAC5C,YAAY,iBAAiB;IAC7B,6BAA6B;IAC7B,QAAQ,aAAa;CACtB;AAED;;;GAGG;AACH,qBAAa,WAAY,SAAQ,KAAK;IACpC,QAAQ,CAAC,IAAI,EAAE,eAAe,CAAC;IAC/B,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC;gBAG3B,IAAI,EAAE,eAAe,EACrB,OAAO,EAAE,MAAM,EACf,OAAO,CAAC,EAAE;QAAE,QAAQ,CAAC,EAAE,MAAM,CAAC;QAAC,UAAU,CAAC,EAAE,MAAM,CAAC;QAAC,KAAK,CAAC,EAAE,KAAK,CAAA;KAAE;CAQtE;AAID;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,sDAAsD;IACtD,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IAEtB,gFAAgF;IAChF,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IAEtB;;;;OAIG;IACH,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IAE5B;;;;;OAKG;IACH,SAAS,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAEhD;;;;OAIG;IACH,SAAS,CAAC,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEvD;;OAEG;IACH,YAAY,CAAC,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE3C;;OAEG;IACH,WAAW,CAAC,CAAC,MAAM,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;IAEjD;;OAEG;IACH,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IAEzB;;OAEG;IACH,WAAW,IAAI,OAAO,CAAC,iBAAiB,CAAC,CAAC;CAC3C;AAED,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,uCAAuC;IACvC,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;;GAGG;AACH,MAAM,WAAW,cAAc;IAC7B,oDAAoD;IACpD,IAAI,EAAE,MAAM,CAAC;IACb,4DAA4D;IAC5D,IAAI,EAAE,MAAM,CAAC;IACb,kCAAkC;IAClC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACjC;AAED;;GAEG;AACH,MAAM,MAAM,eAAe,GAAG,CAAC,MAAM,EAAE,cAAc,KAAK,eAAe,CAAC;AAW1E;;;;;;;;;;;;GAYG;AACH,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,MAAM,GAAG;IAAE,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,CAgDvF;AAED;;;;;GAKG;AACH,wBAAgB,kBAAkB,CAAC,UAAU,EAAE,MAAM,GAAG,IAAI,CA8B3D"}
|