@undefineds.co/xpod 0.3.15 → 0.3.17
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/config/local.json +5 -5
- package/config/xpod.json +24 -10
- package/dist/cli/commands/auth.d.ts +1 -0
- package/dist/cli/commands/auth.js +117 -37
- package/dist/cli/commands/auth.js.map +1 -1
- package/dist/cli/commands/login.js +16 -23
- package/dist/cli/commands/login.js.map +1 -1
- package/dist/cli/commands/logs.d.ts +2 -0
- package/dist/cli/commands/logs.js +20 -5
- package/dist/cli/commands/logs.js.map +1 -1
- package/dist/cli/commands/obj.d.ts +44 -0
- package/dist/cli/commands/obj.js +1059 -0
- package/dist/cli/commands/obj.js.map +1 -0
- package/dist/cli/commands/rdf.d.ts +14 -0
- package/dist/cli/commands/rdf.js +235 -0
- package/dist/cli/commands/rdf.js.map +1 -0
- package/dist/cli/commands/resource.d.ts +31 -0
- package/dist/cli/commands/resource.js +191 -0
- package/dist/cli/commands/resource.js.map +1 -0
- package/dist/cli/commands/secret.d.ts +36 -0
- package/dist/cli/commands/secret.js +285 -0
- package/dist/cli/commands/secret.js.map +1 -0
- package/dist/cli/commands/server.d.ts +11 -0
- package/dist/cli/commands/server.js +168 -0
- package/dist/cli/commands/server.js.map +1 -0
- package/dist/cli/commands/start.d.ts +1 -0
- package/dist/cli/commands/start.js +5 -0
- package/dist/cli/commands/start.js.map +1 -1
- package/dist/cli/commands/status.d.ts +1 -0
- package/dist/cli/commands/status.js +21 -6
- package/dist/cli/commands/status.js.map +1 -1
- package/dist/cli/commands/stop.d.ts +3 -0
- package/dist/cli/commands/stop.js +40 -6
- package/dist/cli/commands/stop.js.map +1 -1
- package/dist/cli/index.js +23 -8
- package/dist/cli/index.js.map +1 -1
- package/dist/cli/lib/auth-context.d.ts +24 -0
- package/dist/cli/lib/auth-context.js +70 -0
- package/dist/cli/lib/auth-context.js.map +1 -0
- package/dist/cli/lib/css-account.js +29 -2
- package/dist/cli/lib/css-account.js.map +1 -1
- package/dist/cli/lib/output.d.ts +23 -0
- package/dist/cli/lib/output.js +63 -0
- package/dist/cli/lib/output.js.map +1 -0
- package/dist/cli/lib/resource.d.ts +29 -0
- package/dist/cli/lib/resource.js +114 -0
- package/dist/cli/lib/resource.js.map +1 -0
- package/dist/identity/oidc/AutoDetectIdentityProviderHandler.d.ts +11 -10
- package/dist/identity/oidc/AutoDetectIdentityProviderHandler.js +13 -24
- package/dist/identity/oidc/AutoDetectIdentityProviderHandler.js.map +1 -1
- package/dist/identity/oidc/AutoDetectIdentityProviderHandler.jsonld +4 -4
- package/dist/identity/oidc/AutoDetectOidcHandler.d.ts +8 -4
- package/dist/identity/oidc/AutoDetectOidcHandler.js +10 -6
- package/dist/identity/oidc/AutoDetectOidcHandler.js.map +1 -1
- package/dist/identity/oidc/AutoDetectOidcHandler.jsonld +3 -3
- package/dist/runtime/bootstrap.js +7 -0
- package/dist/runtime/bootstrap.js.map +1 -1
- package/dist/runtime/css-process.js +7 -0
- package/dist/runtime/css-process.js.map +1 -1
- package/dist/storage/accessors/MixDataAccessor.js +3 -0
- package/dist/storage/accessors/MixDataAccessor.js.map +1 -1
- package/dist/storage/accessors/QuadstoreSparqlDataAccessor.js +6 -3
- package/dist/storage/accessors/QuadstoreSparqlDataAccessor.js.map +1 -1
- package/dist/storage/accessors/QuintStoreSparqlDataAccessor.js +12 -4
- package/dist/storage/accessors/QuintStoreSparqlDataAccessor.js.map +1 -1
- package/dist/storage/quint/SqliteQuintStore.d.ts +26 -1
- package/dist/storage/quint/SqliteQuintStore.js +551 -318
- package/dist/storage/quint/SqliteQuintStore.js.map +1 -1
- package/dist/storage/quint/SqliteQuintStore.jsonld +102 -2
- package/dist/storage/quint/schema.d.ts +76 -0
- package/dist/storage/quint/schema.js +13 -7
- package/dist/storage/quint/schema.js.map +1 -1
- package/dist/storage/sparql/ComunicaQuintEngine.js +16 -3
- package/dist/storage/sparql/ComunicaQuintEngine.js.map +1 -1
- package/package.json +1 -1
- package/dist/cli/commands/config.d.ts +0 -42
- package/dist/cli/commands/config.js +0 -289
- package/dist/cli/commands/config.js.map +0 -1
|
@@ -0,0 +1,191 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.listCommand = exports.deleteCommand = exports.patchCommand = exports.putCommand = exports.headCommand = exports.getCommand = void 0;
|
|
4
|
+
const fs_1 = require("fs");
|
|
5
|
+
const auth_context_1 = require("../lib/auth-context");
|
|
6
|
+
const output_1 = require("../lib/output");
|
|
7
|
+
const resource_1 = require("../lib/resource");
|
|
8
|
+
function resourceOptions(yargs) {
|
|
9
|
+
return yargs
|
|
10
|
+
.option('url', {
|
|
11
|
+
alias: 'u',
|
|
12
|
+
type: 'string',
|
|
13
|
+
description: 'Server base URL override',
|
|
14
|
+
})
|
|
15
|
+
.option('json', {
|
|
16
|
+
type: 'boolean',
|
|
17
|
+
default: false,
|
|
18
|
+
description: 'Output JSON envelope',
|
|
19
|
+
});
|
|
20
|
+
}
|
|
21
|
+
async function readCommand(argv, method) {
|
|
22
|
+
try {
|
|
23
|
+
const context = await (0, auth_context_1.requireAuthContext)(argv);
|
|
24
|
+
const target = (0, resource_1.resolveResourceTarget)(context, argv.path);
|
|
25
|
+
const headers = {};
|
|
26
|
+
if (argv.accept)
|
|
27
|
+
headers.Accept = argv.accept;
|
|
28
|
+
const response = await (0, resource_1.fetchResource)(context, target, { method, headers });
|
|
29
|
+
(0, resource_1.ensureOk)(response, response.status === 404 ? 'resource_not_found' : 'resource_read_failed', `Failed to ${method} ${argv.path}`);
|
|
30
|
+
const data = (0, resource_1.responseData)(target, response);
|
|
31
|
+
if (method === 'GET') {
|
|
32
|
+
const body = Buffer.from(await response.arrayBuffer());
|
|
33
|
+
if (argv.out) {
|
|
34
|
+
(0, fs_1.writeFileSync)(argv.out, body);
|
|
35
|
+
}
|
|
36
|
+
if (argv.json) {
|
|
37
|
+
(0, output_1.writeJsonResult)({
|
|
38
|
+
...data,
|
|
39
|
+
...(argv.out ? { out: argv.out } : { body: body.toString('utf-8') }),
|
|
40
|
+
});
|
|
41
|
+
return;
|
|
42
|
+
}
|
|
43
|
+
if (!argv.out) {
|
|
44
|
+
process.stdout.write(body);
|
|
45
|
+
}
|
|
46
|
+
return;
|
|
47
|
+
}
|
|
48
|
+
if (argv.json) {
|
|
49
|
+
(0, output_1.writeJsonResult)(data);
|
|
50
|
+
return;
|
|
51
|
+
}
|
|
52
|
+
for (const [key, value] of Object.entries(data.headers)) {
|
|
53
|
+
console.log(`${key}: ${value}`);
|
|
54
|
+
}
|
|
55
|
+
}
|
|
56
|
+
catch (error) {
|
|
57
|
+
(0, output_1.handleCliError)(error, argv.json);
|
|
58
|
+
}
|
|
59
|
+
}
|
|
60
|
+
async function writeCommand(argv, method) {
|
|
61
|
+
try {
|
|
62
|
+
const context = await (0, auth_context_1.requireAuthContext)(argv);
|
|
63
|
+
const target = (0, resource_1.resolveResourceTarget)(context, argv.path);
|
|
64
|
+
const file = (0, resource_1.readBodyFile)(argv.from);
|
|
65
|
+
const headers = {
|
|
66
|
+
'Content-Type': argv['content-type'] ?? file.contentType,
|
|
67
|
+
};
|
|
68
|
+
if (argv['if-match'])
|
|
69
|
+
headers['If-Match'] = argv['if-match'];
|
|
70
|
+
const response = await (0, resource_1.fetchResource)(context, target, {
|
|
71
|
+
method,
|
|
72
|
+
headers,
|
|
73
|
+
body: file.body,
|
|
74
|
+
});
|
|
75
|
+
(0, resource_1.ensureOk)(response, 'resource_write_failed', `Failed to ${method} ${argv.path}`);
|
|
76
|
+
const data = (0, resource_1.responseData)(target, response);
|
|
77
|
+
if (argv.json) {
|
|
78
|
+
(0, output_1.writeJsonResult)(data);
|
|
79
|
+
return;
|
|
80
|
+
}
|
|
81
|
+
console.log(`${method} ${data.resourceUrl} -> HTTP ${data.status}`);
|
|
82
|
+
}
|
|
83
|
+
catch (error) {
|
|
84
|
+
(0, output_1.handleCliError)(error, argv.json);
|
|
85
|
+
}
|
|
86
|
+
}
|
|
87
|
+
exports.getCommand = {
|
|
88
|
+
command: 'get <path>',
|
|
89
|
+
describe: 'Read a raw Pod resource',
|
|
90
|
+
builder: (yargs) => resourceOptions(yargs)
|
|
91
|
+
.positional('path', { type: 'string', demandOption: true, description: 'Pod-root relative path or absolute URL' })
|
|
92
|
+
.option('accept', { type: 'string', description: 'Accept header' })
|
|
93
|
+
.option('out', { type: 'string', description: 'Write response body to file' }),
|
|
94
|
+
handler: (argv) => readCommand(argv, 'GET'),
|
|
95
|
+
};
|
|
96
|
+
exports.headCommand = {
|
|
97
|
+
command: 'head <path>',
|
|
98
|
+
describe: 'Read raw Pod resource metadata',
|
|
99
|
+
builder: (yargs) => resourceOptions(yargs)
|
|
100
|
+
.positional('path', { type: 'string', demandOption: true, description: 'Pod-root relative path or absolute URL' })
|
|
101
|
+
.option('accept', { type: 'string', description: 'Accept header' }),
|
|
102
|
+
handler: (argv) => readCommand(argv, 'HEAD'),
|
|
103
|
+
};
|
|
104
|
+
exports.putCommand = {
|
|
105
|
+
command: 'put <path>',
|
|
106
|
+
describe: 'Write a raw Pod resource',
|
|
107
|
+
builder: (yargs) => resourceOptions(yargs)
|
|
108
|
+
.positional('path', { type: 'string', demandOption: true, description: 'Pod-root relative path or absolute URL' })
|
|
109
|
+
.option('from', { type: 'string', demandOption: true, description: 'Local file to upload' })
|
|
110
|
+
.option('content-type', { type: 'string', description: 'Content-Type header' })
|
|
111
|
+
.option('if-match', { type: 'string', description: 'If-Match header for stale-write protection' }),
|
|
112
|
+
handler: (argv) => writeCommand(argv, 'PUT'),
|
|
113
|
+
};
|
|
114
|
+
exports.patchCommand = {
|
|
115
|
+
command: 'patch <path>',
|
|
116
|
+
describe: 'Patch a raw Pod resource',
|
|
117
|
+
builder: (yargs) => resourceOptions(yargs)
|
|
118
|
+
.positional('path', { type: 'string', demandOption: true, description: 'Pod-root relative path or absolute URL' })
|
|
119
|
+
.option('from', { type: 'string', demandOption: true, description: 'Local patch/update file' })
|
|
120
|
+
.option('content-type', { type: 'string', description: 'Content-Type header' })
|
|
121
|
+
.option('if-match', { type: 'string', description: 'If-Match header for stale-write protection' }),
|
|
122
|
+
handler: (argv) => writeCommand(argv, 'PATCH'),
|
|
123
|
+
};
|
|
124
|
+
exports.deleteCommand = {
|
|
125
|
+
command: 'delete <path>',
|
|
126
|
+
describe: 'Delete a raw Pod resource',
|
|
127
|
+
builder: (yargs) => resourceOptions(yargs)
|
|
128
|
+
.positional('path', { type: 'string', demandOption: true, description: 'Pod-root relative path or absolute URL' })
|
|
129
|
+
.option('if-match', { type: 'string', description: 'If-Match header for stale-write protection' }),
|
|
130
|
+
handler: async (argv) => {
|
|
131
|
+
try {
|
|
132
|
+
const context = await (0, auth_context_1.requireAuthContext)(argv);
|
|
133
|
+
const target = (0, resource_1.resolveResourceTarget)(context, argv.path);
|
|
134
|
+
const headers = {};
|
|
135
|
+
if (argv['if-match'])
|
|
136
|
+
headers['If-Match'] = argv['if-match'];
|
|
137
|
+
const response = await (0, resource_1.fetchResource)(context, target, { method: 'DELETE', headers });
|
|
138
|
+
(0, resource_1.ensureOk)(response, response.status === 404 ? 'resource_not_found' : 'resource_delete_failed', `Failed to DELETE ${argv.path}`);
|
|
139
|
+
const data = (0, resource_1.responseData)(target, response);
|
|
140
|
+
if (argv.json) {
|
|
141
|
+
(0, output_1.writeJsonResult)(data);
|
|
142
|
+
return;
|
|
143
|
+
}
|
|
144
|
+
console.log(`DELETE ${data.resourceUrl} -> HTTP ${data.status}`);
|
|
145
|
+
}
|
|
146
|
+
catch (error) {
|
|
147
|
+
(0, output_1.handleCliError)(error, argv.json);
|
|
148
|
+
}
|
|
149
|
+
},
|
|
150
|
+
};
|
|
151
|
+
exports.listCommand = {
|
|
152
|
+
command: 'list <path>',
|
|
153
|
+
describe: 'List a raw Pod container resource',
|
|
154
|
+
builder: (yargs) => resourceOptions(yargs)
|
|
155
|
+
.positional('path', { type: 'string', demandOption: true, description: 'Pod-root relative container path or absolute URL' })
|
|
156
|
+
.option('depth', { type: 'number', default: 1, description: 'List depth. Only depth=1 is currently supported.' }),
|
|
157
|
+
handler: async (argv) => {
|
|
158
|
+
try {
|
|
159
|
+
if (argv.depth !== 1) {
|
|
160
|
+
throw new Error('Only --depth 1 is currently supported.');
|
|
161
|
+
}
|
|
162
|
+
const context = await (0, auth_context_1.requireAuthContext)(argv);
|
|
163
|
+
const target = (0, resource_1.resolveResourceTarget)(context, argv.path.endsWith('/') ? argv.path : `${argv.path}/`);
|
|
164
|
+
const response = await (0, resource_1.fetchResource)(context, target, {
|
|
165
|
+
method: 'GET',
|
|
166
|
+
headers: { Accept: 'text/turtle' },
|
|
167
|
+
});
|
|
168
|
+
(0, resource_1.ensureOk)(response, response.status === 404 ? 'resource_not_found' : 'container_list_failed', `Failed to list ${argv.path}`);
|
|
169
|
+
const turtle = await response.text();
|
|
170
|
+
const resources = (0, resource_1.parseContainedResources)(turtle, target.resourceUrl).map((url) => ({
|
|
171
|
+
url,
|
|
172
|
+
path: (0, resource_1.relativeToPodRoot)(url, context.podRoot),
|
|
173
|
+
}));
|
|
174
|
+
const data = {
|
|
175
|
+
...(0, resource_1.responseData)(target, response),
|
|
176
|
+
resources,
|
|
177
|
+
};
|
|
178
|
+
if (argv.json) {
|
|
179
|
+
(0, output_1.writeJsonResult)(data);
|
|
180
|
+
return;
|
|
181
|
+
}
|
|
182
|
+
for (const resource of resources) {
|
|
183
|
+
console.log(resource.path);
|
|
184
|
+
}
|
|
185
|
+
}
|
|
186
|
+
catch (error) {
|
|
187
|
+
(0, output_1.handleCliError)(error, argv.json);
|
|
188
|
+
}
|
|
189
|
+
},
|
|
190
|
+
};
|
|
191
|
+
//# sourceMappingURL=resource.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"resource.js","sourceRoot":"","sources":["../../../src/cli/commands/resource.ts"],"names":[],"mappings":";;;AACA,2BAAmC;AACnC,sDAAyD;AACzD,0CAAgE;AAChE,8CAQyB;AA8BzB,SAAS,eAAe,CAAI,KAAW;IACrC,OAAO,KAAK;SACT,MAAM,CAAC,KAAK,EAAE;QACb,KAAK,EAAE,GAAG;QACV,IAAI,EAAE,QAAQ;QACd,WAAW,EAAE,0BAA0B;KACxC,CAAC;SACD,MAAM,CAAC,MAAM,EAAE;QACd,IAAI,EAAE,SAAS;QACf,OAAO,EAAE,KAAK;QACd,WAAW,EAAE,sBAAsB;KACpC,CAAuB,CAAC;AAC7B,CAAC;AAED,KAAK,UAAU,WAAW,CAAC,IAAa,EAAE,MAAsB;IAC9D,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,IAAA,iCAAkB,EAAC,IAAI,CAAC,CAAC;QAC/C,MAAM,MAAM,GAAG,IAAA,gCAAqB,EAAC,OAAO,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;QACzD,MAAM,OAAO,GAA2B,EAAE,CAAC;QAC3C,IAAI,IAAI,CAAC,MAAM;YAAE,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;QAE9C,MAAM,QAAQ,GAAG,MAAM,IAAA,wBAAa,EAAC,OAAO,EAAE,MAAM,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,CAAC;QAC3E,IAAA,mBAAQ,EAAC,QAAQ,EAAE,QAAQ,CAAC,MAAM,KAAK,GAAG,CAAC,CAAC,CAAC,oBAAoB,CAAC,CAAC,CAAC,sBAAsB,EAAE,aAAa,MAAM,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;QAChI,MAAM,IAAI,GAAG,IAAA,uBAAY,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAE5C,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;YACrB,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,QAAQ,CAAC,WAAW,EAAE,CAAC,CAAC;YACvD,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;gBACb,IAAA,kBAAa,EAAC,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;YAChC,CAAC;YAED,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;gBACd,IAAA,wBAAe,EAAC;oBACd,GAAG,IAAI;oBACP,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;iBACrE,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YAED,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;gBACd,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAC7B,CAAC;YACD,OAAO;QACT,CAAC;QAED,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;YACd,IAAA,wBAAe,EAAC,IAAI,CAAC,CAAC;YACtB,OAAO;QACT,CAAC;QAED,KAAK,MAAM,CAAE,GAAG,EAAE,KAAK,CAAE,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC1D,OAAO,CAAC,GAAG,CAAC,GAAG,GAAG,KAAK,KAAK,EAAE,CAAC,CAAC;QAClC,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAA,uBAAc,EAAC,KAAK,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;IACnC,CAAC;AACH,CAAC;AAED,KAAK,UAAU,YAAY,CAAC,IAAe,EAAE,MAAuB;IAClE,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,IAAA,iCAAkB,EAAC,IAAI,CAAC,CAAC;QAC/C,MAAM,MAAM,GAAG,IAAA,gCAAqB,EAAC,OAAO,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;QACzD,MAAM,IAAI,GAAG,IAAA,uBAAY,EAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACrC,MAAM,OAAO,GAA2B;YACtC,cAAc,EAAE,IAAI,CAAC,cAAc,CAAC,IAAI,IAAI,CAAC,WAAW;SACzD,CAAC;QACF,IAAI,IAAI,CAAC,UAAU,CAAC;YAAE,OAAO,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC;QAE7D,MAAM,QAAQ,GAAG,MAAM,IAAA,wBAAa,EAAC,OAAO,EAAE,MAAM,EAAE;YACpD,MAAM;YACN,OAAO;YACP,IAAI,EAAE,IAAI,CAAC,IAAI;SAChB,CAAC,CAAC;QACH,IAAA,mBAAQ,EAAC,QAAQ,EAAE,uBAAuB,EAAE,aAAa,MAAM,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;QAChF,MAAM,IAAI,GAAG,IAAA,uBAAY,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAE5C,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;YACd,IAAA,wBAAe,EAAC,IAAI,CAAC,CAAC;YACtB,OAAO;QACT,CAAC;QACD,OAAO,CAAC,GAAG,CAAC,GAAG,MAAM,IAAI,IAAI,CAAC,WAAW,YAAY,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;IACtE,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAA,uBAAc,EAAC,KAAK,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;IACnC,CAAC;AACH,CAAC;AAEY,QAAA,UAAU,GAAmC;IACxD,OAAO,EAAE,YAAY;IACrB,QAAQ,EAAE,yBAAyB;IACnC,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE,CACjB,eAAe,CAAU,KAAK,CAAC;SAC5B,UAAU,CAAC,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,wCAAwC,EAAE,CAAC;SACjH,MAAM,CAAC,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,eAAe,EAAE,CAAC;SAClE,MAAM,CAAC,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,6BAA6B,EAAE,CAAC;IAClF,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,WAAW,CAAC,IAAI,EAAE,KAAK,CAAC;CAC5C,CAAC;AAEW,QAAA,WAAW,GAAmC;IACzD,OAAO,EAAE,aAAa;IACtB,QAAQ,EAAE,gCAAgC;IAC1C,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE,CACjB,eAAe,CAAU,KAAK,CAAC;SAC5B,UAAU,CAAC,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,wCAAwC,EAAE,CAAC;SACjH,MAAM,CAAC,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,eAAe,EAAE,CAAC;IACvE,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,WAAW,CAAC,IAAI,EAAE,MAAM,CAAC;CAC7C,CAAC;AAEW,QAAA,UAAU,GAAqC;IAC1D,OAAO,EAAE,YAAY;IACrB,QAAQ,EAAE,0BAA0B;IACpC,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE,CACjB,eAAe,CAAY,KAAK,CAAC;SAC9B,UAAU,CAAC,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,wCAAwC,EAAE,CAAC;SACjH,MAAM,CAAC,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,sBAAsB,EAAE,CAAC;SAC3F,MAAM,CAAC,cAAc,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,qBAAqB,EAAE,CAAC;SAC9E,MAAM,CAAC,UAAU,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,4CAA4C,EAAE,CAAC;IACtG,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,KAAK,CAAC;CAC7C,CAAC;AAEW,QAAA,YAAY,GAAqC;IAC5D,OAAO,EAAE,cAAc;IACvB,QAAQ,EAAE,0BAA0B;IACpC,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE,CACjB,eAAe,CAAY,KAAK,CAAC;SAC9B,UAAU,CAAC,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,wCAAwC,EAAE,CAAC;SACjH,MAAM,CAAC,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,yBAAyB,EAAE,CAAC;SAC9F,MAAM,CAAC,cAAc,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,qBAAqB,EAAE,CAAC;SAC9E,MAAM,CAAC,UAAU,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,4CAA4C,EAAE,CAAC;IACtG,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC;CAC/C,CAAC;AAEW,QAAA,aAAa,GAAsC;IAC9D,OAAO,EAAE,eAAe;IACxB,QAAQ,EAAE,2BAA2B;IACrC,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE,CACjB,eAAe,CAAa,KAAK,CAAC;SAC/B,UAAU,CAAC,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,wCAAwC,EAAE,CAAC;SACjH,MAAM,CAAC,UAAU,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,4CAA4C,EAAE,CAAC;IACtG,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;QACtB,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,IAAA,iCAAkB,EAAC,IAAI,CAAC,CAAC;YAC/C,MAAM,MAAM,GAAG,IAAA,gCAAqB,EAAC,OAAO,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;YACzD,MAAM,OAAO,GAA2B,EAAE,CAAC;YAC3C,IAAI,IAAI,CAAC,UAAU,CAAC;gBAAE,OAAO,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC;YAE7D,MAAM,QAAQ,GAAG,MAAM,IAAA,wBAAa,EAAC,OAAO,EAAE,MAAM,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;YACrF,IAAA,mBAAQ,EAAC,QAAQ,EAAE,QAAQ,CAAC,MAAM,KAAK,GAAG,CAAC,CAAC,CAAC,oBAAoB,CAAC,CAAC,CAAC,wBAAwB,EAAE,oBAAoB,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;YAC/H,MAAM,IAAI,GAAG,IAAA,uBAAY,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;YAC5C,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;gBACd,IAAA,wBAAe,EAAC,IAAI,CAAC,CAAC;gBACtB,OAAO;YACT,CAAC;YACD,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,CAAC,WAAW,YAAY,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;QACnE,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAA,uBAAc,EAAC,KAAK,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;QACnC,CAAC;IACH,CAAC;CACF,CAAC;AAEW,QAAA,WAAW,GAAoC;IAC1D,OAAO,EAAE,aAAa;IACtB,QAAQ,EAAE,mCAAmC;IAC7C,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE,CACjB,eAAe,CAAW,KAAK,CAAC;SAC7B,UAAU,CAAC,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,kDAAkD,EAAE,CAAC;SAC3H,MAAM,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,EAAE,WAAW,EAAE,kDAAkD,EAAE,CAAC;IACrH,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;QACtB,IAAI,CAAC;YACH,IAAI,IAAI,CAAC,KAAK,KAAK,CAAC,EAAE,CAAC;gBACrB,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;YAC5D,CAAC;YACD,MAAM,OAAO,GAAG,MAAM,IAAA,iCAAkB,EAAC,IAAI,CAAC,CAAC;YAC/C,MAAM,MAAM,GAAG,IAAA,gCAAqB,EAAC,OAAO,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,IAAI,GAAG,CAAC,CAAC;YACrG,MAAM,QAAQ,GAAG,MAAM,IAAA,wBAAa,EAAC,OAAO,EAAE,MAAM,EAAE;gBACpD,MAAM,EAAE,KAAK;gBACb,OAAO,EAAE,EAAE,MAAM,EAAE,aAAa,EAAE;aACnC,CAAC,CAAC;YACH,IAAA,mBAAQ,EAAC,QAAQ,EAAE,QAAQ,CAAC,MAAM,KAAK,GAAG,CAAC,CAAC,CAAC,oBAAoB,CAAC,CAAC,CAAC,uBAAuB,EAAE,kBAAkB,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;YAC5H,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACrC,MAAM,SAAS,GAAG,IAAA,kCAAuB,EAAC,MAAM,EAAE,MAAM,CAAC,WAAW,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;gBAClF,GAAG;gBACH,IAAI,EAAE,IAAA,4BAAiB,EAAC,GAAG,EAAE,OAAO,CAAC,OAAO,CAAC;aAC9C,CAAC,CAAC,CAAC;YACJ,MAAM,IAAI,GAAG;gBACX,GAAG,IAAA,uBAAY,EAAC,MAAM,EAAE,QAAQ,CAAC;gBACjC,SAAS;aACV,CAAC;YACF,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;gBACd,IAAA,wBAAe,EAAC,IAAI,CAAC,CAAC;gBACtB,OAAO;YACT,CAAC;YACD,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;gBACjC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YAC7B,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAA,uBAAc,EAAC,KAAK,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;QACnC,CAAC;IACH,CAAC;CACF,CAAC","sourcesContent":["import type { Argv, CommandModule } from 'yargs';\nimport { writeFileSync } from 'fs';\nimport { requireAuthContext } from '../lib/auth-context';\nimport { handleCliError, writeJsonResult } from '../lib/output';\nimport {\n ensureOk,\n fetchResource,\n parseContainedResources,\n readBodyFile,\n relativeToPodRoot,\n resolveResourceTarget,\n responseData,\n} from '../lib/resource';\n\ninterface ResourceArgs {\n url?: string;\n json: boolean;\n}\n\ninterface GetArgs extends ResourceArgs {\n path: string;\n accept?: string;\n out?: string;\n}\n\ninterface WriteArgs extends ResourceArgs {\n path: string;\n from: string;\n 'content-type'?: string;\n 'if-match'?: string;\n}\n\ninterface DeleteArgs extends ResourceArgs {\n path: string;\n 'if-match'?: string;\n}\n\ninterface ListArgs extends ResourceArgs {\n path: string;\n depth: number;\n}\n\nfunction resourceOptions<T>(yargs: Argv): Argv<T> {\n return yargs\n .option('url', {\n alias: 'u',\n type: 'string',\n description: 'Server base URL override',\n })\n .option('json', {\n type: 'boolean',\n default: false,\n description: 'Output JSON envelope',\n }) as unknown as Argv<T>;\n}\n\nasync function readCommand(argv: GetArgs, method: 'GET' | 'HEAD'): Promise<void> {\n try {\n const context = await requireAuthContext(argv);\n const target = resolveResourceTarget(context, argv.path);\n const headers: Record<string, string> = {};\n if (argv.accept) headers.Accept = argv.accept;\n\n const response = await fetchResource(context, target, { method, headers });\n ensureOk(response, response.status === 404 ? 'resource_not_found' : 'resource_read_failed', `Failed to ${method} ${argv.path}`);\n const data = responseData(target, response);\n\n if (method === 'GET') {\n const body = Buffer.from(await response.arrayBuffer());\n if (argv.out) {\n writeFileSync(argv.out, body);\n }\n\n if (argv.json) {\n writeJsonResult({\n ...data,\n ...(argv.out ? { out: argv.out } : { body: body.toString('utf-8') }),\n });\n return;\n }\n\n if (!argv.out) {\n process.stdout.write(body);\n }\n return;\n }\n\n if (argv.json) {\n writeJsonResult(data);\n return;\n }\n\n for (const [ key, value ] of Object.entries(data.headers)) {\n console.log(`${key}: ${value}`);\n }\n } catch (error) {\n handleCliError(error, argv.json);\n }\n}\n\nasync function writeCommand(argv: WriteArgs, method: 'PUT' | 'PATCH'): Promise<void> {\n try {\n const context = await requireAuthContext(argv);\n const target = resolveResourceTarget(context, argv.path);\n const file = readBodyFile(argv.from);\n const headers: Record<string, string> = {\n 'Content-Type': argv['content-type'] ?? file.contentType,\n };\n if (argv['if-match']) headers['If-Match'] = argv['if-match'];\n\n const response = await fetchResource(context, target, {\n method,\n headers,\n body: file.body,\n });\n ensureOk(response, 'resource_write_failed', `Failed to ${method} ${argv.path}`);\n const data = responseData(target, response);\n\n if (argv.json) {\n writeJsonResult(data);\n return;\n }\n console.log(`${method} ${data.resourceUrl} -> HTTP ${data.status}`);\n } catch (error) {\n handleCliError(error, argv.json);\n }\n}\n\nexport const getCommand: CommandModule<object, GetArgs> = {\n command: 'get <path>',\n describe: 'Read a raw Pod resource',\n builder: (yargs) =>\n resourceOptions<GetArgs>(yargs)\n .positional('path', { type: 'string', demandOption: true, description: 'Pod-root relative path or absolute URL' })\n .option('accept', { type: 'string', description: 'Accept header' })\n .option('out', { type: 'string', description: 'Write response body to file' }),\n handler: (argv) => readCommand(argv, 'GET'),\n};\n\nexport const headCommand: CommandModule<object, GetArgs> = {\n command: 'head <path>',\n describe: 'Read raw Pod resource metadata',\n builder: (yargs) =>\n resourceOptions<GetArgs>(yargs)\n .positional('path', { type: 'string', demandOption: true, description: 'Pod-root relative path or absolute URL' })\n .option('accept', { type: 'string', description: 'Accept header' }),\n handler: (argv) => readCommand(argv, 'HEAD'),\n};\n\nexport const putCommand: CommandModule<object, WriteArgs> = {\n command: 'put <path>',\n describe: 'Write a raw Pod resource',\n builder: (yargs) =>\n resourceOptions<WriteArgs>(yargs)\n .positional('path', { type: 'string', demandOption: true, description: 'Pod-root relative path or absolute URL' })\n .option('from', { type: 'string', demandOption: true, description: 'Local file to upload' })\n .option('content-type', { type: 'string', description: 'Content-Type header' })\n .option('if-match', { type: 'string', description: 'If-Match header for stale-write protection' }),\n handler: (argv) => writeCommand(argv, 'PUT'),\n};\n\nexport const patchCommand: CommandModule<object, WriteArgs> = {\n command: 'patch <path>',\n describe: 'Patch a raw Pod resource',\n builder: (yargs) =>\n resourceOptions<WriteArgs>(yargs)\n .positional('path', { type: 'string', demandOption: true, description: 'Pod-root relative path or absolute URL' })\n .option('from', { type: 'string', demandOption: true, description: 'Local patch/update file' })\n .option('content-type', { type: 'string', description: 'Content-Type header' })\n .option('if-match', { type: 'string', description: 'If-Match header for stale-write protection' }),\n handler: (argv) => writeCommand(argv, 'PATCH'),\n};\n\nexport const deleteCommand: CommandModule<object, DeleteArgs> = {\n command: 'delete <path>',\n describe: 'Delete a raw Pod resource',\n builder: (yargs) =>\n resourceOptions<DeleteArgs>(yargs)\n .positional('path', { type: 'string', demandOption: true, description: 'Pod-root relative path or absolute URL' })\n .option('if-match', { type: 'string', description: 'If-Match header for stale-write protection' }),\n handler: async (argv) => {\n try {\n const context = await requireAuthContext(argv);\n const target = resolveResourceTarget(context, argv.path);\n const headers: Record<string, string> = {};\n if (argv['if-match']) headers['If-Match'] = argv['if-match'];\n\n const response = await fetchResource(context, target, { method: 'DELETE', headers });\n ensureOk(response, response.status === 404 ? 'resource_not_found' : 'resource_delete_failed', `Failed to DELETE ${argv.path}`);\n const data = responseData(target, response);\n if (argv.json) {\n writeJsonResult(data);\n return;\n }\n console.log(`DELETE ${data.resourceUrl} -> HTTP ${data.status}`);\n } catch (error) {\n handleCliError(error, argv.json);\n }\n },\n};\n\nexport const listCommand: CommandModule<object, ListArgs> = {\n command: 'list <path>',\n describe: 'List a raw Pod container resource',\n builder: (yargs) =>\n resourceOptions<ListArgs>(yargs)\n .positional('path', { type: 'string', demandOption: true, description: 'Pod-root relative container path or absolute URL' })\n .option('depth', { type: 'number', default: 1, description: 'List depth. Only depth=1 is currently supported.' }),\n handler: async (argv) => {\n try {\n if (argv.depth !== 1) {\n throw new Error('Only --depth 1 is currently supported.');\n }\n const context = await requireAuthContext(argv);\n const target = resolveResourceTarget(context, argv.path.endsWith('/') ? argv.path : `${argv.path}/`);\n const response = await fetchResource(context, target, {\n method: 'GET',\n headers: { Accept: 'text/turtle' },\n });\n ensureOk(response, response.status === 404 ? 'resource_not_found' : 'container_list_failed', `Failed to list ${argv.path}`);\n const turtle = await response.text();\n const resources = parseContainedResources(turtle, target.resourceUrl).map((url) => ({\n url,\n path: relativeToPodRoot(url, context.podRoot),\n }));\n const data = {\n ...responseData(target, response),\n resources,\n };\n if (argv.json) {\n writeJsonResult(data);\n return;\n }\n for (const resource of resources) {\n console.log(resource.path);\n }\n } catch (error) {\n handleCliError(error, argv.json);\n }\n },\n};\n"]}
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
import type { CommandModule } from 'yargs';
|
|
2
|
+
interface SecretArgs {
|
|
3
|
+
url?: string;
|
|
4
|
+
json: boolean;
|
|
5
|
+
}
|
|
6
|
+
interface SecretSelectorArgs extends SecretArgs {
|
|
7
|
+
selector?: string;
|
|
8
|
+
kind?: string;
|
|
9
|
+
provider?: string;
|
|
10
|
+
service?: string;
|
|
11
|
+
}
|
|
12
|
+
interface ResolvedSecretSelector extends SecretArgs {
|
|
13
|
+
kind: string;
|
|
14
|
+
provider: string;
|
|
15
|
+
service?: string;
|
|
16
|
+
}
|
|
17
|
+
export declare function resolveSecretSelector(input: SecretSelectorArgs): ResolvedSecretSelector;
|
|
18
|
+
export interface SecretPlan {
|
|
19
|
+
schemaUri: string;
|
|
20
|
+
resourceKind: string;
|
|
21
|
+
service: string;
|
|
22
|
+
provider: string;
|
|
23
|
+
kind: string;
|
|
24
|
+
subject: string;
|
|
25
|
+
resourceUrl: string;
|
|
26
|
+
redacted: true;
|
|
27
|
+
}
|
|
28
|
+
export declare function buildSecretPlan(podRoot: string, input: ResolvedSecretSelector): SecretPlan;
|
|
29
|
+
export declare function buildSecretUpsertSparql(plan: SecretPlan, input: {
|
|
30
|
+
value?: string;
|
|
31
|
+
label?: string;
|
|
32
|
+
status?: string;
|
|
33
|
+
revoke?: boolean;
|
|
34
|
+
}): string;
|
|
35
|
+
export declare const secretCommand: CommandModule<object, SecretArgs>;
|
|
36
|
+
export {};
|
|
@@ -0,0 +1,285 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.secretCommand = void 0;
|
|
4
|
+
exports.resolveSecretSelector = resolveSecretSelector;
|
|
5
|
+
exports.buildSecretPlan = buildSecretPlan;
|
|
6
|
+
exports.buildSecretUpsertSparql = buildSecretUpsertSparql;
|
|
7
|
+
const models_1 = require("@undefineds.co/models");
|
|
8
|
+
const auth_context_1 = require("../lib/auth-context");
|
|
9
|
+
const output_1 = require("../lib/output");
|
|
10
|
+
const resource_1 = require("../lib/resource");
|
|
11
|
+
function secretOptions(yargs) {
|
|
12
|
+
return yargs
|
|
13
|
+
.option('url', {
|
|
14
|
+
alias: 'u',
|
|
15
|
+
type: 'string',
|
|
16
|
+
description: 'Server base URL override',
|
|
17
|
+
})
|
|
18
|
+
.option('json', {
|
|
19
|
+
type: 'boolean',
|
|
20
|
+
default: false,
|
|
21
|
+
description: 'Output JSON envelope',
|
|
22
|
+
});
|
|
23
|
+
}
|
|
24
|
+
function selectorOptions(yargs, demandFlags = true) {
|
|
25
|
+
return secretOptions(yargs)
|
|
26
|
+
.option('kind', { type: 'string', demandOption: demandFlags, description: 'Secret kind, for example api-key or tunnel-token' })
|
|
27
|
+
.option('provider', { type: 'string', demandOption: demandFlags, description: 'Provider identifier' })
|
|
28
|
+
.option('service', { type: 'string', default: 'ai', description: 'Service grouping' });
|
|
29
|
+
}
|
|
30
|
+
function resolveSecretSelector(input) {
|
|
31
|
+
let service = input.service ?? 'ai';
|
|
32
|
+
let provider = input.provider;
|
|
33
|
+
let kind = input.kind;
|
|
34
|
+
if (input.selector) {
|
|
35
|
+
const selector = input.selector.trim();
|
|
36
|
+
if (selector.startsWith('{')) {
|
|
37
|
+
const parsed = JSON.parse(selector);
|
|
38
|
+
if (!parsed || typeof parsed !== 'object' || Array.isArray(parsed)) {
|
|
39
|
+
throw new output_1.CliCommandError('invalid_selector', 'Secret selector JSON must be an object.', 2);
|
|
40
|
+
}
|
|
41
|
+
const record = parsed;
|
|
42
|
+
if (typeof record.service === 'string')
|
|
43
|
+
service = record.service;
|
|
44
|
+
if (typeof record.provider === 'string')
|
|
45
|
+
provider = record.provider;
|
|
46
|
+
if (typeof record.kind === 'string')
|
|
47
|
+
kind = record.kind;
|
|
48
|
+
}
|
|
49
|
+
else {
|
|
50
|
+
const parts = selector.split(/[/:]/u).map((part) => part.trim()).filter(Boolean);
|
|
51
|
+
if (parts.length === 3) {
|
|
52
|
+
[service, provider, kind] = parts;
|
|
53
|
+
}
|
|
54
|
+
else if (parts.length === 2) {
|
|
55
|
+
[provider, kind] = parts;
|
|
56
|
+
}
|
|
57
|
+
else {
|
|
58
|
+
throw new output_1.CliCommandError('invalid_selector', 'Secret selector must be provider/kind, service/provider/kind, or a JSON object.', 2);
|
|
59
|
+
}
|
|
60
|
+
}
|
|
61
|
+
}
|
|
62
|
+
if (!provider || !kind) {
|
|
63
|
+
throw new output_1.CliCommandError('selector_required', 'Secret provider and kind are required.', 2);
|
|
64
|
+
}
|
|
65
|
+
return {
|
|
66
|
+
url: input.url,
|
|
67
|
+
json: input.json,
|
|
68
|
+
service,
|
|
69
|
+
provider,
|
|
70
|
+
kind,
|
|
71
|
+
};
|
|
72
|
+
}
|
|
73
|
+
function escapeSparqlLiteral(value) {
|
|
74
|
+
return JSON.stringify(value);
|
|
75
|
+
}
|
|
76
|
+
function localId(input) {
|
|
77
|
+
return [input.service ?? 'ai', input.provider, input.kind]
|
|
78
|
+
.map((part) => part.trim())
|
|
79
|
+
.filter(Boolean)
|
|
80
|
+
.join('-')
|
|
81
|
+
.replace(/[^a-zA-Z0-9_.-]+/g, '-');
|
|
82
|
+
}
|
|
83
|
+
function buildSecretPlan(podRoot, input) {
|
|
84
|
+
const service = input.service ?? 'ai';
|
|
85
|
+
const storage = (0, models_1.createPodStorage)();
|
|
86
|
+
const validation = storage.validate({
|
|
87
|
+
schemaUri: models_1.credentialDescriptor.uri,
|
|
88
|
+
operation: 'upsert',
|
|
89
|
+
match: {
|
|
90
|
+
service,
|
|
91
|
+
providerId: input.provider,
|
|
92
|
+
secretType: input.kind,
|
|
93
|
+
},
|
|
94
|
+
set: {
|
|
95
|
+
status: 'active',
|
|
96
|
+
},
|
|
97
|
+
});
|
|
98
|
+
if (!validation.ok) {
|
|
99
|
+
throw new Error(validation.error.message);
|
|
100
|
+
}
|
|
101
|
+
const resourcePath = validation.plan.resourceUri.replace(/^\/+/, '');
|
|
102
|
+
const resourceUrl = new URL(resourcePath, podRoot).toString();
|
|
103
|
+
return {
|
|
104
|
+
schemaUri: models_1.credentialDescriptor.uri,
|
|
105
|
+
resourceKind: models_1.credentialDescriptor.resourceKind,
|
|
106
|
+
service,
|
|
107
|
+
provider: input.provider,
|
|
108
|
+
kind: input.kind,
|
|
109
|
+
subject: resourceUrl,
|
|
110
|
+
resourceUrl: resourceUrl.replace(/#.*$/u, ''),
|
|
111
|
+
redacted: true,
|
|
112
|
+
};
|
|
113
|
+
}
|
|
114
|
+
function buildSecretUpsertSparql(plan, input) {
|
|
115
|
+
const subject = `<${plan.subject}>`;
|
|
116
|
+
const fields = models_1.credentialDescriptor.fields;
|
|
117
|
+
const values = {
|
|
118
|
+
service: plan.service,
|
|
119
|
+
providerId: plan.provider,
|
|
120
|
+
secretType: plan.kind,
|
|
121
|
+
status: input.status ?? (input.revoke ? 'revoked' : 'active'),
|
|
122
|
+
};
|
|
123
|
+
if (input.label)
|
|
124
|
+
values.label = input.label;
|
|
125
|
+
if (input.value !== undefined && !input.revoke)
|
|
126
|
+
values.apiKey = input.value;
|
|
127
|
+
const deleteTriples = [
|
|
128
|
+
`${subject} <${fields.label.predicate}> ?oldLabel .`,
|
|
129
|
+
`${subject} <${fields.apiKey.predicate}> ?oldApiKey .`,
|
|
130
|
+
`${subject} <${fields.status.predicate}> ?oldStatus .`,
|
|
131
|
+
];
|
|
132
|
+
const optionals = [
|
|
133
|
+
`OPTIONAL { ${subject} <${fields.label.predicate}> ?oldLabel }`,
|
|
134
|
+
`OPTIONAL { ${subject} <${fields.apiKey.predicate}> ?oldApiKey }`,
|
|
135
|
+
`OPTIONAL { ${subject} <${fields.status.predicate}> ?oldStatus }`,
|
|
136
|
+
];
|
|
137
|
+
const insertTriples = [
|
|
138
|
+
`${subject} a <${models_1.credentialDescriptor.class}>`,
|
|
139
|
+
`${subject} <${fields.service.predicate}> ${escapeSparqlLiteral(values.service)}`,
|
|
140
|
+
`${subject} <${fields.providerId.predicate}> ${escapeSparqlLiteral(values.providerId)}`,
|
|
141
|
+
`${subject} <${fields.secretType.predicate}> ${escapeSparqlLiteral(values.secretType)}`,
|
|
142
|
+
`${subject} <${fields.status.predicate}> ${escapeSparqlLiteral(values.status)}`,
|
|
143
|
+
];
|
|
144
|
+
if (values.label) {
|
|
145
|
+
insertTriples.push(`${subject} <${fields.label.predicate}> ${escapeSparqlLiteral(values.label)}`);
|
|
146
|
+
}
|
|
147
|
+
if (values.apiKey !== undefined) {
|
|
148
|
+
insertTriples.push(`${subject} <${fields.apiKey.predicate}> ${escapeSparqlLiteral(values.apiKey)}`);
|
|
149
|
+
}
|
|
150
|
+
return `DELETE {\n ${deleteTriples.join('\n ')}\n}\nINSERT {\n ${insertTriples.join(' .\n ')} .\n}\nWHERE {\n ${optionals.join('\n ')}\n}`;
|
|
151
|
+
}
|
|
152
|
+
async function readSecretFromStdin() {
|
|
153
|
+
const chunks = [];
|
|
154
|
+
for await (const chunk of process.stdin) {
|
|
155
|
+
chunks.push(Buffer.isBuffer(chunk) ? chunk : Buffer.from(String(chunk)));
|
|
156
|
+
}
|
|
157
|
+
return Buffer.concat(chunks).toString('utf-8').replace(/\r?\n$/u, '');
|
|
158
|
+
}
|
|
159
|
+
function printSecretPlan(plan) {
|
|
160
|
+
console.log(`subject: ${plan.subject}`);
|
|
161
|
+
console.log(`resource: ${plan.resourceUrl}`);
|
|
162
|
+
console.log(`schema: ${plan.schemaUri}`);
|
|
163
|
+
console.log('value: [redacted]');
|
|
164
|
+
}
|
|
165
|
+
const planCommand = {
|
|
166
|
+
command: 'plan',
|
|
167
|
+
describe: 'Plan a descriptor-backed secret write',
|
|
168
|
+
builder: (yargs) => selectorOptions(yargs)
|
|
169
|
+
.option('label', { type: 'string', description: 'Secret label metadata' }),
|
|
170
|
+
handler: async (argv) => {
|
|
171
|
+
try {
|
|
172
|
+
const context = await (0, auth_context_1.requireAuthContext)(argv);
|
|
173
|
+
const plan = buildSecretPlan(context.podRoot, argv);
|
|
174
|
+
if (argv.json) {
|
|
175
|
+
(0, output_1.writeJsonResult)({ plan }, 'plan_ready');
|
|
176
|
+
return;
|
|
177
|
+
}
|
|
178
|
+
printSecretPlan(plan);
|
|
179
|
+
}
|
|
180
|
+
catch (error) {
|
|
181
|
+
(0, output_1.handleCliError)(error, argv.json);
|
|
182
|
+
}
|
|
183
|
+
},
|
|
184
|
+
};
|
|
185
|
+
const setCommand = {
|
|
186
|
+
command: 'set',
|
|
187
|
+
describe: 'Set a descriptor-backed secret from stdin',
|
|
188
|
+
builder: (yargs) => selectorOptions(yargs)
|
|
189
|
+
.option('from-stdin', { type: 'boolean', demandOption: true, description: 'Read secret value from stdin' })
|
|
190
|
+
.option('label', { type: 'string', description: 'Secret label metadata' }),
|
|
191
|
+
handler: async (argv) => {
|
|
192
|
+
try {
|
|
193
|
+
if (!argv['from-stdin']) {
|
|
194
|
+
throw new Error('Secret values must be provided with --from-stdin.');
|
|
195
|
+
}
|
|
196
|
+
const value = await readSecretFromStdin();
|
|
197
|
+
const context = await (0, auth_context_1.requireAuthContext)(argv);
|
|
198
|
+
const plan = buildSecretPlan(context.podRoot, argv);
|
|
199
|
+
const target = (0, resource_1.resolveResourceTarget)(context, plan.resourceUrl);
|
|
200
|
+
const sparql = buildSecretUpsertSparql(plan, { value, label: argv.label });
|
|
201
|
+
const response = await (0, resource_1.fetchResource)(context, target, {
|
|
202
|
+
method: 'PATCH',
|
|
203
|
+
headers: { 'Content-Type': 'application/sparql-update' },
|
|
204
|
+
body: sparql,
|
|
205
|
+
});
|
|
206
|
+
(0, resource_1.ensureOk)(response, 'secret_set_failed', `Failed to set secret ${plan.subject}`);
|
|
207
|
+
const data = { ...(0, resource_1.responseData)(target, response), plan };
|
|
208
|
+
if (argv.json) {
|
|
209
|
+
(0, output_1.writeJsonResult)(data);
|
|
210
|
+
return;
|
|
211
|
+
}
|
|
212
|
+
console.log(`Secret saved: ${plan.subject}`);
|
|
213
|
+
console.log('value: [redacted]');
|
|
214
|
+
}
|
|
215
|
+
catch (error) {
|
|
216
|
+
(0, output_1.handleCliError)(error, argv.json);
|
|
217
|
+
}
|
|
218
|
+
},
|
|
219
|
+
};
|
|
220
|
+
const metadataCommand = {
|
|
221
|
+
command: 'get-metadata [selector]',
|
|
222
|
+
describe: 'Show descriptor-backed secret metadata without revealing the value',
|
|
223
|
+
builder: (yargs) => selectorOptions(yargs.positional('selector', {
|
|
224
|
+
type: 'string',
|
|
225
|
+
description: 'provider/kind, service/provider/kind, or selector JSON',
|
|
226
|
+
}), false),
|
|
227
|
+
handler: async (argv) => {
|
|
228
|
+
try {
|
|
229
|
+
const context = await (0, auth_context_1.requireAuthContext)(argv);
|
|
230
|
+
const plan = buildSecretPlan(context.podRoot, resolveSecretSelector(argv));
|
|
231
|
+
if (argv.json) {
|
|
232
|
+
(0, output_1.writeJsonResult)({ ...plan, value: '[redacted]' });
|
|
233
|
+
return;
|
|
234
|
+
}
|
|
235
|
+
printSecretPlan(plan);
|
|
236
|
+
}
|
|
237
|
+
catch (error) {
|
|
238
|
+
(0, output_1.handleCliError)(error, argv.json);
|
|
239
|
+
}
|
|
240
|
+
},
|
|
241
|
+
};
|
|
242
|
+
const revokeCommand = {
|
|
243
|
+
command: 'revoke [selector]',
|
|
244
|
+
describe: 'Revoke a descriptor-backed secret without printing its value',
|
|
245
|
+
builder: (yargs) => selectorOptions(yargs.positional('selector', {
|
|
246
|
+
type: 'string',
|
|
247
|
+
description: 'provider/kind, service/provider/kind, or selector JSON',
|
|
248
|
+
}), false),
|
|
249
|
+
handler: async (argv) => {
|
|
250
|
+
try {
|
|
251
|
+
const context = await (0, auth_context_1.requireAuthContext)(argv);
|
|
252
|
+
const plan = buildSecretPlan(context.podRoot, resolveSecretSelector(argv));
|
|
253
|
+
const target = (0, resource_1.resolveResourceTarget)(context, plan.resourceUrl);
|
|
254
|
+
const sparql = buildSecretUpsertSparql(plan, { revoke: true });
|
|
255
|
+
const response = await (0, resource_1.fetchResource)(context, target, {
|
|
256
|
+
method: 'PATCH',
|
|
257
|
+
headers: { 'Content-Type': 'application/sparql-update' },
|
|
258
|
+
body: sparql,
|
|
259
|
+
});
|
|
260
|
+
(0, resource_1.ensureOk)(response, 'secret_revoke_failed', `Failed to revoke secret ${plan.subject}`);
|
|
261
|
+
const data = { ...(0, resource_1.responseData)(target, response), plan, status: 'revoked' };
|
|
262
|
+
if (argv.json) {
|
|
263
|
+
(0, output_1.writeJsonResult)(data);
|
|
264
|
+
return;
|
|
265
|
+
}
|
|
266
|
+
console.log(`Secret revoked: ${plan.subject}`);
|
|
267
|
+
console.log('value: [redacted]');
|
|
268
|
+
}
|
|
269
|
+
catch (error) {
|
|
270
|
+
(0, output_1.handleCliError)(error, argv.json);
|
|
271
|
+
}
|
|
272
|
+
},
|
|
273
|
+
};
|
|
274
|
+
exports.secretCommand = {
|
|
275
|
+
command: 'secret',
|
|
276
|
+
describe: 'Secret-safe descriptor-backed credential operations',
|
|
277
|
+
builder: (yargs) => yargs
|
|
278
|
+
.command(planCommand)
|
|
279
|
+
.command(setCommand)
|
|
280
|
+
.command(metadataCommand)
|
|
281
|
+
.command(revokeCommand)
|
|
282
|
+
.demandCommand(1, 'Please specify a secret subcommand'),
|
|
283
|
+
handler: () => { },
|
|
284
|
+
};
|
|
285
|
+
//# sourceMappingURL=secret.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"secret.js","sourceRoot":"","sources":["../../../src/cli/commands/secret.ts"],"names":[],"mappings":";;;AA0DA,sDAsCC;AAyBD,0CA+BC;AAED,0DA0CC;AAnMD,kDAA+E;AAC/E,sDAAyD;AACzD,0CAAiF;AACjF,8CAKyB;AA4BzB,SAAS,aAAa,CAAI,KAAW;IACnC,OAAO,KAAK;SACT,MAAM,CAAC,KAAK,EAAE;QACb,KAAK,EAAE,GAAG;QACV,IAAI,EAAE,QAAQ;QACd,WAAW,EAAE,0BAA0B;KACxC,CAAC;SACD,MAAM,CAAC,MAAM,EAAE;QACd,IAAI,EAAE,SAAS;QACf,OAAO,EAAE,KAAK;QACd,WAAW,EAAE,sBAAsB;KACpC,CAAuB,CAAC;AAC7B,CAAC;AAED,SAAS,eAAe,CAA+B,KAAW,EAAE,WAAW,GAAG,IAAI;IACpF,OAAO,aAAa,CAAI,KAAK,CAAC;SAC3B,MAAM,CAAC,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,YAAY,EAAE,WAAW,EAAE,WAAW,EAAE,kDAAkD,EAAE,CAAC;SAC9H,MAAM,CAAC,UAAU,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,YAAY,EAAE,WAAW,EAAE,WAAW,EAAE,qBAAqB,EAAE,CAAC;SACrG,MAAM,CAAC,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,kBAAkB,EAAE,CAAuB,CAAC;AACjH,CAAC;AAED,SAAgB,qBAAqB,CAAC,KAAyB;IAC7D,IAAI,OAAO,GAAG,KAAK,CAAC,OAAO,IAAI,IAAI,CAAC;IACpC,IAAI,QAAQ,GAAG,KAAK,CAAC,QAAQ,CAAC;IAC9B,IAAI,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC;IAEtB,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;QACnB,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;QACvC,IAAI,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YAC7B,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAY,CAAC;YAC/C,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;gBACnE,MAAM,IAAI,wBAAe,CAAC,kBAAkB,EAAE,yCAAyC,EAAE,CAAC,CAAC,CAAC;YAC9F,CAAC;YACD,MAAM,MAAM,GAAG,MAAiC,CAAC;YACjD,IAAI,OAAO,MAAM,CAAC,OAAO,KAAK,QAAQ;gBAAE,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;YACjE,IAAI,OAAO,MAAM,CAAC,QAAQ,KAAK,QAAQ;gBAAE,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;YACpE,IAAI,OAAO,MAAM,CAAC,IAAI,KAAK,QAAQ;gBAAE,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC;QAC1D,CAAC;aAAM,CAAC;YACN,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YACjF,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACvB,CAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,CAAE,GAAG,KAAK,CAAC;YACtC,CAAC;iBAAM,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC9B,CAAE,QAAQ,EAAE,IAAI,CAAE,GAAG,KAAK,CAAC;YAC7B,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,wBAAe,CAAC,kBAAkB,EAAE,iFAAiF,EAAE,CAAC,CAAC,CAAC;YACtI,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,CAAC,QAAQ,IAAI,CAAC,IAAI,EAAE,CAAC;QACvB,MAAM,IAAI,wBAAe,CAAC,mBAAmB,EAAE,wCAAwC,EAAE,CAAC,CAAC,CAAC;IAC9F,CAAC;IACD,OAAO;QACL,GAAG,EAAE,KAAK,CAAC,GAAG;QACd,IAAI,EAAE,KAAK,CAAC,IAAI;QAChB,OAAO;QACP,QAAQ;QACR,IAAI;KACL,CAAC;AACJ,CAAC;AAED,SAAS,mBAAmB,CAAC,KAAa;IACxC,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;AAC/B,CAAC;AAED,SAAS,OAAO,CAAC,KAA6B;IAC5C,OAAO,CAAE,KAAK,CAAC,OAAO,IAAI,IAAI,EAAE,KAAK,CAAC,QAAQ,EAAE,KAAK,CAAC,IAAI,CAAE;SACzD,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;SAC1B,MAAM,CAAC,OAAO,CAAC;SACf,IAAI,CAAC,GAAG,CAAC;SACT,OAAO,CAAC,mBAAmB,EAAE,GAAG,CAAC,CAAC;AACvC,CAAC;AAaD,SAAgB,eAAe,CAAC,OAAe,EAAE,KAA6B;IAC5E,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,IAAI,IAAI,CAAC;IACtC,MAAM,OAAO,GAAG,IAAA,yBAAgB,GAAE,CAAC;IACnC,MAAM,UAAU,GAAG,OAAO,CAAC,QAAQ,CAAC;QAClC,SAAS,EAAE,6BAAoB,CAAC,GAAG;QACnC,SAAS,EAAE,QAAQ;QACnB,KAAK,EAAE;YACL,OAAO;YACP,UAAU,EAAE,KAAK,CAAC,QAAQ;YAC1B,UAAU,EAAE,KAAK,CAAC,IAAI;SACvB;QACD,GAAG,EAAE;YACH,MAAM,EAAE,QAAQ;SACjB;KACF,CAAC,CAAC;IACH,IAAI,CAAC,UAAU,CAAC,EAAE,EAAE,CAAC;QACnB,MAAM,IAAI,KAAK,CAAC,UAAU,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAC5C,CAAC;IAED,MAAM,YAAY,GAAG,UAAU,CAAC,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IACrE,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAC;IAC9D,OAAO;QACL,SAAS,EAAE,6BAAoB,CAAC,GAAG;QACnC,YAAY,EAAE,6BAAoB,CAAC,YAAY;QAC/C,OAAO;QACP,QAAQ,EAAE,KAAK,CAAC,QAAQ;QACxB,IAAI,EAAE,KAAK,CAAC,IAAI;QAChB,OAAO,EAAE,WAAW;QACpB,WAAW,EAAE,WAAW,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC;QAC7C,QAAQ,EAAE,IAAI;KACf,CAAC;AACJ,CAAC;AAED,SAAgB,uBAAuB,CAAC,IAAgB,EAAE,KAKzD;IACC,MAAM,OAAO,GAAG,IAAI,IAAI,CAAC,OAAO,GAAG,CAAC;IACpC,MAAM,MAAM,GAAG,6BAAoB,CAAC,MAAM,CAAC;IAC3C,MAAM,MAAM,GAA2B;QACrC,OAAO,EAAE,IAAI,CAAC,OAAO;QACrB,UAAU,EAAE,IAAI,CAAC,QAAQ;QACzB,UAAU,EAAE,IAAI,CAAC,IAAI;QACrB,MAAM,EAAE,KAAK,CAAC,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC;KAC9D,CAAC;IACF,IAAI,KAAK,CAAC,KAAK;QAAE,MAAM,CAAC,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC;IAC5C,IAAI,KAAK,CAAC,KAAK,KAAK,SAAS,IAAI,CAAC,KAAK,CAAC,MAAM;QAAE,MAAM,CAAC,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC;IAE5E,MAAM,aAAa,GAAG;QACpB,GAAG,OAAO,KAAK,MAAM,CAAC,KAAK,CAAC,SAAS,eAAe;QACpD,GAAG,OAAO,KAAK,MAAM,CAAC,MAAM,CAAC,SAAS,gBAAgB;QACtD,GAAG,OAAO,KAAK,MAAM,CAAC,MAAM,CAAC,SAAS,gBAAgB;KACvD,CAAC;IACF,MAAM,SAAS,GAAG;QAChB,cAAc,OAAO,KAAK,MAAM,CAAC,KAAK,CAAC,SAAS,eAAe;QAC/D,cAAc,OAAO,KAAK,MAAM,CAAC,MAAM,CAAC,SAAS,gBAAgB;QACjE,cAAc,OAAO,KAAK,MAAM,CAAC,MAAM,CAAC,SAAS,gBAAgB;KAClE,CAAC;IACF,MAAM,aAAa,GAAG;QACpB,GAAG,OAAO,OAAO,6BAAoB,CAAC,KAAK,GAAG;QAC9C,GAAG,OAAO,KAAK,MAAM,CAAC,OAAO,CAAC,SAAS,KAAK,mBAAmB,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE;QACjF,GAAG,OAAO,KAAK,MAAM,CAAC,UAAU,CAAC,SAAS,KAAK,mBAAmB,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE;QACvF,GAAG,OAAO,KAAK,MAAM,CAAC,UAAU,CAAC,SAAS,KAAK,mBAAmB,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE;QACvF,GAAG,OAAO,KAAK,MAAM,CAAC,MAAM,CAAC,SAAS,KAAK,mBAAmB,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE;KAChF,CAAC;IACF,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,aAAa,CAAC,IAAI,CAAC,GAAG,OAAO,KAAK,MAAM,CAAC,KAAK,CAAC,SAAS,KAAK,mBAAmB,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IACpG,CAAC;IACD,IAAI,MAAM,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;QAChC,aAAa,CAAC,IAAI,CAAC,GAAG,OAAO,KAAK,MAAM,CAAC,MAAM,CAAC,SAAS,KAAK,mBAAmB,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IACtG,CAAC;IAED,OAAO,eAAe,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,oBAAoB,aAAa,CAAC,IAAI,CAAC,QAAQ,CAAC,qBAAqB,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC;AACnJ,CAAC;AAED,KAAK,UAAU,mBAAmB;IAChC,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,IAAI,KAAK,EAAE,MAAM,KAAK,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;QACxC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAC3E,CAAC;IACD,OAAO,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;AACxE,CAAC;AAED,SAAS,eAAe,CAAC,IAAgB;IACvC,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;IACxC,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;IAC7C,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC;IACzC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;AACnC,CAAC;AAED,MAAM,WAAW,GAA0C;IACzD,OAAO,EAAE,MAAM;IACf,QAAQ,EAAE,uCAAuC;IACjD,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE,CACjB,eAAe,CAAiB,KAAK,CAAC;SACnC,MAAM,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,uBAAuB,EAAE,CAAC;IAC9E,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;QACtB,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,IAAA,iCAAkB,EAAC,IAAI,CAAC,CAAC;YAC/C,MAAM,IAAI,GAAG,eAAe,CAAC,OAAO,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;YACpD,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;gBACd,IAAA,wBAAe,EAAC,EAAE,IAAI,EAAE,EAAE,YAAY,CAAC,CAAC;gBACxC,OAAO;YACT,CAAC;YACD,eAAe,CAAC,IAAI,CAAC,CAAC;QACxB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAA,uBAAc,EAAC,KAAK,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;QACnC,CAAC;IACH,CAAC;CACF,CAAC;AAEF,MAAM,UAAU,GAAyC;IACvD,OAAO,EAAE,KAAK;IACd,QAAQ,EAAE,2CAA2C;IACrD,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE,CACjB,eAAe,CAAgB,KAAK,CAAC;SAClC,MAAM,CAAC,YAAY,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,8BAA8B,EAAE,CAAC;SAC1G,MAAM,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,uBAAuB,EAAE,CAAC;IAC9E,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;QACtB,IAAI,CAAC;YACH,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC;gBACxB,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;YACvE,CAAC;YACD,MAAM,KAAK,GAAG,MAAM,mBAAmB,EAAE,CAAC;YAC1C,MAAM,OAAO,GAAG,MAAM,IAAA,iCAAkB,EAAC,IAAI,CAAC,CAAC;YAC/C,MAAM,IAAI,GAAG,eAAe,CAAC,OAAO,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;YACpD,MAAM,MAAM,GAAG,IAAA,gCAAqB,EAAC,OAAO,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;YAChE,MAAM,MAAM,GAAG,uBAAuB,CAAC,IAAI,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;YAC3E,MAAM,QAAQ,GAAG,MAAM,IAAA,wBAAa,EAAC,OAAO,EAAE,MAAM,EAAE;gBACpD,MAAM,EAAE,OAAO;gBACf,OAAO,EAAE,EAAE,cAAc,EAAE,2BAA2B,EAAE;gBACxD,IAAI,EAAE,MAAM;aACb,CAAC,CAAC;YACH,IAAA,mBAAQ,EAAC,QAAQ,EAAE,mBAAmB,EAAE,wBAAwB,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;YAChF,MAAM,IAAI,GAAG,EAAE,GAAG,IAAA,uBAAY,EAAC,MAAM,EAAE,QAAQ,CAAC,EAAE,IAAI,EAAE,CAAC;YACzD,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;gBACd,IAAA,wBAAe,EAAC,IAAI,CAAC,CAAC;gBACtB,OAAO;YACT,CAAC;YACD,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;YAC7C,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;QACnC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAA,uBAAc,EAAC,KAAK,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;QACnC,CAAC;IACH,CAAC;CACF,CAAC;AAEF,MAAM,eAAe,GAA8C;IACjE,OAAO,EAAE,yBAAyB;IAClC,QAAQ,EAAE,oEAAoE;IAC9E,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE,CACjB,eAAe,CAAqB,KAAK,CAAC,UAAU,CAAC,UAAU,EAAE;QAC/D,IAAI,EAAE,QAAQ;QACd,WAAW,EAAE,wDAAwD;KACtE,CAAC,EAAE,KAAK,CAAC;IACZ,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;QACtB,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,IAAA,iCAAkB,EAAC,IAAI,CAAC,CAAC;YAC/C,MAAM,IAAI,GAAG,eAAe,CAAC,OAAO,CAAC,OAAO,EAAE,qBAAqB,CAAC,IAAI,CAAC,CAAC,CAAC;YAC3E,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;gBACd,IAAA,wBAAe,EAAC,EAAE,GAAG,IAAI,EAAE,KAAK,EAAE,YAAY,EAAE,CAAC,CAAC;gBAClD,OAAO;YACT,CAAC;YACD,eAAe,CAAC,IAAI,CAAC,CAAC;QACxB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAA,uBAAc,EAAC,KAAK,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;QACnC,CAAC;IACH,CAAC;CACF,CAAC;AAEF,MAAM,aAAa,GAA8C;IAC/D,OAAO,EAAE,mBAAmB;IAC5B,QAAQ,EAAE,8DAA8D;IACxE,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE,CACjB,eAAe,CAAqB,KAAK,CAAC,UAAU,CAAC,UAAU,EAAE;QAC/D,IAAI,EAAE,QAAQ;QACd,WAAW,EAAE,wDAAwD;KACtE,CAAC,EAAE,KAAK,CAAC;IACZ,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;QACtB,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,IAAA,iCAAkB,EAAC,IAAI,CAAC,CAAC;YAC/C,MAAM,IAAI,GAAG,eAAe,CAAC,OAAO,CAAC,OAAO,EAAE,qBAAqB,CAAC,IAAI,CAAC,CAAC,CAAC;YAC3E,MAAM,MAAM,GAAG,IAAA,gCAAqB,EAAC,OAAO,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;YAChE,MAAM,MAAM,GAAG,uBAAuB,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;YAC/D,MAAM,QAAQ,GAAG,MAAM,IAAA,wBAAa,EAAC,OAAO,EAAE,MAAM,EAAE;gBACpD,MAAM,EAAE,OAAO;gBACf,OAAO,EAAE,EAAE,cAAc,EAAE,2BAA2B,EAAE;gBACxD,IAAI,EAAE,MAAM;aACb,CAAC,CAAC;YACH,IAAA,mBAAQ,EAAC,QAAQ,EAAE,sBAAsB,EAAE,2BAA2B,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;YACtF,MAAM,IAAI,GAAG,EAAE,GAAG,IAAA,uBAAY,EAAC,MAAM,EAAE,QAAQ,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;YAC5E,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;gBACd,IAAA,wBAAe,EAAC,IAAI,CAAC,CAAC;gBACtB,OAAO;YACT,CAAC;YACD,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;YAC/C,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;QACnC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAA,uBAAc,EAAC,KAAK,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;QACnC,CAAC;IACH,CAAC;CACF,CAAC;AAEW,QAAA,aAAa,GAAsC;IAC9D,OAAO,EAAE,QAAQ;IACjB,QAAQ,EAAE,qDAAqD;IAC/D,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE,CAChB,KAAK;SACH,OAAO,CAAC,WAAW,CAAC;SACpB,OAAO,CAAC,UAAU,CAAC;SACnB,OAAO,CAAC,eAAe,CAAC;SACxB,OAAO,CAAC,aAAa,CAAC;SACtB,aAAa,CAAC,CAAC,EAAE,oCAAoC,CAAiC;IAC3F,OAAO,EAAE,GAAG,EAAE,GAAE,CAAC;CAClB,CAAC","sourcesContent":["import type { Argv, CommandModule } from 'yargs';\nimport { createPodStorage, credentialDescriptor } from '@undefineds.co/models';\nimport { requireAuthContext } from '../lib/auth-context';\nimport { CliCommandError, handleCliError, writeJsonResult } from '../lib/output';\nimport {\n ensureOk,\n fetchResource,\n resolveResourceTarget,\n responseData,\n} from '../lib/resource';\n\ninterface SecretArgs {\n url?: string;\n json: boolean;\n}\n\ninterface SecretSelectorArgs extends SecretArgs {\n selector?: string;\n kind?: string;\n provider?: string;\n service?: string;\n}\n\ninterface ResolvedSecretSelector extends SecretArgs {\n kind: string;\n provider: string;\n service?: string;\n}\n\ninterface SecretPlanArgs extends ResolvedSecretSelector {\n label?: string;\n}\n\ninterface SecretSetArgs extends SecretPlanArgs {\n 'from-stdin': boolean;\n}\n\nfunction secretOptions<T>(yargs: Argv): Argv<T> {\n return yargs\n .option('url', {\n alias: 'u',\n type: 'string',\n description: 'Server base URL override',\n })\n .option('json', {\n type: 'boolean',\n default: false,\n description: 'Output JSON envelope',\n }) as unknown as Argv<T>;\n}\n\nfunction selectorOptions<T extends SecretSelectorArgs>(yargs: Argv, demandFlags = true): Argv<T> {\n return secretOptions<T>(yargs)\n .option('kind', { type: 'string', demandOption: demandFlags, description: 'Secret kind, for example api-key or tunnel-token' })\n .option('provider', { type: 'string', demandOption: demandFlags, description: 'Provider identifier' })\n .option('service', { type: 'string', default: 'ai', description: 'Service grouping' }) as unknown as Argv<T>;\n}\n\nexport function resolveSecretSelector(input: SecretSelectorArgs): ResolvedSecretSelector {\n let service = input.service ?? 'ai';\n let provider = input.provider;\n let kind = input.kind;\n\n if (input.selector) {\n const selector = input.selector.trim();\n if (selector.startsWith('{')) {\n const parsed = JSON.parse(selector) as unknown;\n if (!parsed || typeof parsed !== 'object' || Array.isArray(parsed)) {\n throw new CliCommandError('invalid_selector', 'Secret selector JSON must be an object.', 2);\n }\n const record = parsed as Record<string, unknown>;\n if (typeof record.service === 'string') service = record.service;\n if (typeof record.provider === 'string') provider = record.provider;\n if (typeof record.kind === 'string') kind = record.kind;\n } else {\n const parts = selector.split(/[/:]/u).map((part) => part.trim()).filter(Boolean);\n if (parts.length === 3) {\n [ service, provider, kind ] = parts;\n } else if (parts.length === 2) {\n [ provider, kind ] = parts;\n } else {\n throw new CliCommandError('invalid_selector', 'Secret selector must be provider/kind, service/provider/kind, or a JSON object.', 2);\n }\n }\n }\n\n if (!provider || !kind) {\n throw new CliCommandError('selector_required', 'Secret provider and kind are required.', 2);\n }\n return {\n url: input.url,\n json: input.json,\n service,\n provider,\n kind,\n };\n}\n\nfunction escapeSparqlLiteral(value: string): string {\n return JSON.stringify(value);\n}\n\nfunction localId(input: ResolvedSecretSelector): string {\n return [ input.service ?? 'ai', input.provider, input.kind ]\n .map((part) => part.trim())\n .filter(Boolean)\n .join('-')\n .replace(/[^a-zA-Z0-9_.-]+/g, '-');\n}\n\nexport interface SecretPlan {\n schemaUri: string;\n resourceKind: string;\n service: string;\n provider: string;\n kind: string;\n subject: string;\n resourceUrl: string;\n redacted: true;\n}\n\nexport function buildSecretPlan(podRoot: string, input: ResolvedSecretSelector): SecretPlan {\n const service = input.service ?? 'ai';\n const storage = createPodStorage();\n const validation = storage.validate({\n schemaUri: credentialDescriptor.uri,\n operation: 'upsert',\n match: {\n service,\n providerId: input.provider,\n secretType: input.kind,\n },\n set: {\n status: 'active',\n },\n });\n if (!validation.ok) {\n throw new Error(validation.error.message);\n }\n\n const resourcePath = validation.plan.resourceUri.replace(/^\\/+/, '');\n const resourceUrl = new URL(resourcePath, podRoot).toString();\n return {\n schemaUri: credentialDescriptor.uri,\n resourceKind: credentialDescriptor.resourceKind,\n service,\n provider: input.provider,\n kind: input.kind,\n subject: resourceUrl,\n resourceUrl: resourceUrl.replace(/#.*$/u, ''),\n redacted: true,\n };\n}\n\nexport function buildSecretUpsertSparql(plan: SecretPlan, input: {\n value?: string;\n label?: string;\n status?: string;\n revoke?: boolean;\n}): string {\n const subject = `<${plan.subject}>`;\n const fields = credentialDescriptor.fields;\n const values: Record<string, string> = {\n service: plan.service,\n providerId: plan.provider,\n secretType: plan.kind,\n status: input.status ?? (input.revoke ? 'revoked' : 'active'),\n };\n if (input.label) values.label = input.label;\n if (input.value !== undefined && !input.revoke) values.apiKey = input.value;\n\n const deleteTriples = [\n `${subject} <${fields.label.predicate}> ?oldLabel .`,\n `${subject} <${fields.apiKey.predicate}> ?oldApiKey .`,\n `${subject} <${fields.status.predicate}> ?oldStatus .`,\n ];\n const optionals = [\n `OPTIONAL { ${subject} <${fields.label.predicate}> ?oldLabel }`,\n `OPTIONAL { ${subject} <${fields.apiKey.predicate}> ?oldApiKey }`,\n `OPTIONAL { ${subject} <${fields.status.predicate}> ?oldStatus }`,\n ];\n const insertTriples = [\n `${subject} a <${credentialDescriptor.class}>`,\n `${subject} <${fields.service.predicate}> ${escapeSparqlLiteral(values.service)}`,\n `${subject} <${fields.providerId.predicate}> ${escapeSparqlLiteral(values.providerId)}`,\n `${subject} <${fields.secretType.predicate}> ${escapeSparqlLiteral(values.secretType)}`,\n `${subject} <${fields.status.predicate}> ${escapeSparqlLiteral(values.status)}`,\n ];\n if (values.label) {\n insertTriples.push(`${subject} <${fields.label.predicate}> ${escapeSparqlLiteral(values.label)}`);\n }\n if (values.apiKey !== undefined) {\n insertTriples.push(`${subject} <${fields.apiKey.predicate}> ${escapeSparqlLiteral(values.apiKey)}`);\n }\n\n return `DELETE {\\n ${deleteTriples.join('\\n ')}\\n}\\nINSERT {\\n ${insertTriples.join(' .\\n ')} .\\n}\\nWHERE {\\n ${optionals.join('\\n ')}\\n}`;\n}\n\nasync function readSecretFromStdin(): Promise<string> {\n const chunks: Buffer[] = [];\n for await (const chunk of process.stdin) {\n chunks.push(Buffer.isBuffer(chunk) ? chunk : Buffer.from(String(chunk)));\n }\n return Buffer.concat(chunks).toString('utf-8').replace(/\\r?\\n$/u, '');\n}\n\nfunction printSecretPlan(plan: SecretPlan): void {\n console.log(`subject: ${plan.subject}`);\n console.log(`resource: ${plan.resourceUrl}`);\n console.log(`schema: ${plan.schemaUri}`);\n console.log('value: [redacted]');\n}\n\nconst planCommand: CommandModule<object, SecretPlanArgs> = {\n command: 'plan',\n describe: 'Plan a descriptor-backed secret write',\n builder: (yargs) =>\n selectorOptions<SecretPlanArgs>(yargs)\n .option('label', { type: 'string', description: 'Secret label metadata' }),\n handler: async (argv) => {\n try {\n const context = await requireAuthContext(argv);\n const plan = buildSecretPlan(context.podRoot, argv);\n if (argv.json) {\n writeJsonResult({ plan }, 'plan_ready');\n return;\n }\n printSecretPlan(plan);\n } catch (error) {\n handleCliError(error, argv.json);\n }\n },\n};\n\nconst setCommand: CommandModule<object, SecretSetArgs> = {\n command: 'set',\n describe: 'Set a descriptor-backed secret from stdin',\n builder: (yargs) =>\n selectorOptions<SecretSetArgs>(yargs)\n .option('from-stdin', { type: 'boolean', demandOption: true, description: 'Read secret value from stdin' })\n .option('label', { type: 'string', description: 'Secret label metadata' }),\n handler: async (argv) => {\n try {\n if (!argv['from-stdin']) {\n throw new Error('Secret values must be provided with --from-stdin.');\n }\n const value = await readSecretFromStdin();\n const context = await requireAuthContext(argv);\n const plan = buildSecretPlan(context.podRoot, argv);\n const target = resolveResourceTarget(context, plan.resourceUrl);\n const sparql = buildSecretUpsertSparql(plan, { value, label: argv.label });\n const response = await fetchResource(context, target, {\n method: 'PATCH',\n headers: { 'Content-Type': 'application/sparql-update' },\n body: sparql,\n });\n ensureOk(response, 'secret_set_failed', `Failed to set secret ${plan.subject}`);\n const data = { ...responseData(target, response), plan };\n if (argv.json) {\n writeJsonResult(data);\n return;\n }\n console.log(`Secret saved: ${plan.subject}`);\n console.log('value: [redacted]');\n } catch (error) {\n handleCliError(error, argv.json);\n }\n },\n};\n\nconst metadataCommand: CommandModule<object, SecretSelectorArgs> = {\n command: 'get-metadata [selector]',\n describe: 'Show descriptor-backed secret metadata without revealing the value',\n builder: (yargs) =>\n selectorOptions<SecretSelectorArgs>(yargs.positional('selector', {\n type: 'string',\n description: 'provider/kind, service/provider/kind, or selector JSON',\n }), false),\n handler: async (argv) => {\n try {\n const context = await requireAuthContext(argv);\n const plan = buildSecretPlan(context.podRoot, resolveSecretSelector(argv));\n if (argv.json) {\n writeJsonResult({ ...plan, value: '[redacted]' });\n return;\n }\n printSecretPlan(plan);\n } catch (error) {\n handleCliError(error, argv.json);\n }\n },\n};\n\nconst revokeCommand: CommandModule<object, SecretSelectorArgs> = {\n command: 'revoke [selector]',\n describe: 'Revoke a descriptor-backed secret without printing its value',\n builder: (yargs) =>\n selectorOptions<SecretSelectorArgs>(yargs.positional('selector', {\n type: 'string',\n description: 'provider/kind, service/provider/kind, or selector JSON',\n }), false),\n handler: async (argv) => {\n try {\n const context = await requireAuthContext(argv);\n const plan = buildSecretPlan(context.podRoot, resolveSecretSelector(argv));\n const target = resolveResourceTarget(context, plan.resourceUrl);\n const sparql = buildSecretUpsertSparql(plan, { revoke: true });\n const response = await fetchResource(context, target, {\n method: 'PATCH',\n headers: { 'Content-Type': 'application/sparql-update' },\n body: sparql,\n });\n ensureOk(response, 'secret_revoke_failed', `Failed to revoke secret ${plan.subject}`);\n const data = { ...responseData(target, response), plan, status: 'revoked' };\n if (argv.json) {\n writeJsonResult(data);\n return;\n }\n console.log(`Secret revoked: ${plan.subject}`);\n console.log('value: [redacted]');\n } catch (error) {\n handleCliError(error, argv.json);\n }\n },\n};\n\nexport const secretCommand: CommandModule<object, SecretArgs> = {\n command: 'secret',\n describe: 'Secret-safe descriptor-backed credential operations',\n builder: (yargs) =>\n (yargs\n .command(planCommand)\n .command(setCommand)\n .command(metadataCommand)\n .command(revokeCommand)\n .demandCommand(1, 'Please specify a secret subcommand') as unknown as Argv<SecretArgs>),\n handler: () => {},\n};\n"]}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
import type { CommandModule } from 'yargs';
|
|
2
|
+
interface ServerArgs {
|
|
3
|
+
json?: boolean;
|
|
4
|
+
}
|
|
5
|
+
interface ConfigArgs extends ServerArgs {
|
|
6
|
+
key?: string;
|
|
7
|
+
value?: string;
|
|
8
|
+
}
|
|
9
|
+
export declare const serverConfigCommand: CommandModule<object, ConfigArgs>;
|
|
10
|
+
export declare const serverCommand: CommandModule<object, ServerArgs>;
|
|
11
|
+
export {};
|