@vibesdotdev/infra-cloudflare 0.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +107 -0
- package/SPEC.md +166 -0
- package/dist/cloudflare.plugin.d.ts +73 -0
- package/dist/cloudflare.plugin.d.ts.map +1 -0
- package/dist/cloudflare.plugin.js +334 -0
- package/dist/cloudflare.plugin.js.map +1 -0
- package/dist/implementations/alerts.descriptor.d.ts +13 -0
- package/dist/implementations/alerts.descriptor.d.ts.map +1 -0
- package/dist/implementations/alerts.descriptor.js +30 -0
- package/dist/implementations/alerts.descriptor.js.map +1 -0
- package/dist/implementations/alerts.impl.d.ts +35 -0
- package/dist/implementations/alerts.impl.d.ts.map +1 -0
- package/dist/implementations/alerts.impl.js +283 -0
- package/dist/implementations/alerts.impl.js.map +1 -0
- package/dist/implementations/kv.impl.d.ts +29 -0
- package/dist/implementations/kv.impl.d.ts.map +1 -0
- package/dist/implementations/kv.impl.js +36 -0
- package/dist/implementations/kv.impl.js.map +1 -0
- package/dist/implementations/logs.descriptor.d.ts +15 -0
- package/dist/implementations/logs.descriptor.d.ts.map +1 -0
- package/dist/implementations/logs.descriptor.js +26 -0
- package/dist/implementations/logs.descriptor.js.map +1 -0
- package/dist/implementations/logs.impl.d.ts +108 -0
- package/dist/implementations/logs.impl.d.ts.map +1 -0
- package/dist/implementations/logs.impl.js +154 -0
- package/dist/implementations/logs.impl.js.map +1 -0
- package/dist/implementations/observability.descriptor.d.ts +9 -0
- package/dist/implementations/observability.descriptor.d.ts.map +1 -0
- package/dist/implementations/observability.descriptor.js +22 -0
- package/dist/implementations/observability.descriptor.js.map +1 -0
- package/dist/implementations/observability.impl.d.ts +35 -0
- package/dist/implementations/observability.impl.d.ts.map +1 -0
- package/dist/implementations/observability.impl.js +229 -0
- package/dist/implementations/observability.impl.js.map +1 -0
- package/dist/implementations/pages.impl.d.ts +98 -0
- package/dist/implementations/pages.impl.d.ts.map +1 -0
- package/dist/implementations/pages.impl.js +132 -0
- package/dist/implementations/pages.impl.js.map +1 -0
- package/dist/implementations/queues.impl.d.ts +29 -0
- package/dist/implementations/queues.impl.d.ts.map +1 -0
- package/dist/implementations/queues.impl.js +34 -0
- package/dist/implementations/queues.impl.js.map +1 -0
- package/dist/implementations/r2.impl.d.ts +31 -0
- package/dist/implementations/r2.impl.d.ts.map +1 -0
- package/dist/implementations/r2.impl.js +41 -0
- package/dist/implementations/r2.impl.js.map +1 -0
- package/dist/implementations/rum.descriptor.d.ts +13 -0
- package/dist/implementations/rum.descriptor.d.ts.map +1 -0
- package/dist/implementations/rum.descriptor.js +32 -0
- package/dist/implementations/rum.descriptor.js.map +1 -0
- package/dist/implementations/rum.impl.d.ts +34 -0
- package/dist/implementations/rum.impl.d.ts.map +1 -0
- package/dist/implementations/rum.impl.js +153 -0
- package/dist/implementations/rum.impl.js.map +1 -0
- package/dist/implementations/web-app.impl.d.ts +294 -0
- package/dist/implementations/web-app.impl.d.ts.map +1 -0
- package/dist/implementations/web-app.impl.js +208 -0
- package/dist/implementations/web-app.impl.js.map +1 -0
- package/dist/implementations/workers.impl.d.ts +157 -0
- package/dist/implementations/workers.impl.d.ts.map +1 -0
- package/dist/implementations/workers.impl.js +247 -0
- package/dist/implementations/workers.impl.js.map +1 -0
- package/dist/index.d.ts +17 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +12 -0
- package/dist/index.js.map +1 -0
- package/dist/pages.d.ts +9 -0
- package/dist/pages.d.ts.map +1 -0
- package/dist/pages.js +9 -0
- package/dist/pages.js.map +1 -0
- package/dist/regen.d.ts +58 -0
- package/dist/regen.d.ts.map +1 -0
- package/dist/regen.js +69 -0
- package/dist/regen.js.map +1 -0
- package/dist/secrets/cloudflare-api.descriptor.d.ts +18 -0
- package/dist/secrets/cloudflare-api.descriptor.d.ts.map +1 -0
- package/dist/secrets/cloudflare-api.descriptor.js +32 -0
- package/dist/secrets/cloudflare-api.descriptor.js.map +1 -0
- package/dist/secrets/cloudflare-api.impl.d.ts +30 -0
- package/dist/secrets/cloudflare-api.impl.d.ts.map +1 -0
- package/dist/secrets/cloudflare-api.impl.js +111 -0
- package/dist/secrets/cloudflare-api.impl.js.map +1 -0
- package/dist/secrets/cloudflare-secrets-store.descriptor.d.ts +10 -0
- package/dist/secrets/cloudflare-secrets-store.descriptor.d.ts.map +1 -0
- package/dist/secrets/cloudflare-secrets-store.descriptor.js +24 -0
- package/dist/secrets/cloudflare-secrets-store.descriptor.js.map +1 -0
- package/dist/secrets/cloudflare-secrets-store.impl.d.ts +27 -0
- package/dist/secrets/cloudflare-secrets-store.impl.d.ts.map +1 -0
- package/dist/secrets/cloudflare-secrets-store.impl.js +72 -0
- package/dist/secrets/cloudflare-secrets-store.impl.js.map +1 -0
- package/dist/secrets/index.d.ts +6 -0
- package/dist/secrets/index.d.ts.map +1 -0
- package/dist/secrets/index.js +6 -0
- package/dist/secrets/index.js.map +1 -0
- package/dist/secrets/resolve-cf-credentials.d.ts +18 -0
- package/dist/secrets/resolve-cf-credentials.d.ts.map +1 -0
- package/dist/secrets/resolve-cf-credentials.js +57 -0
- package/dist/secrets/resolve-cf-credentials.js.map +1 -0
- package/dist/web-app.d.ts +11 -0
- package/dist/web-app.d.ts.map +1 -0
- package/dist/web-app.js +11 -0
- package/dist/web-app.js.map +1 -0
- package/package.json +153 -0
- package/src/cloudflare.plugin.ts +477 -0
- package/src/implementations/alerts.descriptor.ts +33 -0
- package/src/implementations/alerts.impl.ts +332 -0
- package/src/implementations/kv.impl.ts +51 -0
- package/src/implementations/logs.descriptor.ts +29 -0
- package/src/implementations/logs.impl.ts +201 -0
- package/src/implementations/observability.descriptor.ts +25 -0
- package/src/implementations/observability.impl.ts +307 -0
- package/src/implementations/pages.impl.ts +189 -0
- package/src/implementations/queues.impl.ts +48 -0
- package/src/implementations/r2.impl.ts +58 -0
- package/src/implementations/rum.descriptor.ts +35 -0
- package/src/implementations/rum.impl.ts +192 -0
- package/src/implementations/web-app.impl.ts +494 -0
- package/src/implementations/workers.impl.ts +336 -0
- package/src/index.ts +60 -0
- package/src/pages.ts +18 -0
- package/src/regen.ts +87 -0
- package/src/secrets/cloudflare-api.descriptor.ts +35 -0
- package/src/secrets/cloudflare-api.impl.ts +131 -0
- package/src/secrets/cloudflare-secrets-store.descriptor.ts +27 -0
- package/src/secrets/cloudflare-secrets-store.impl.ts +87 -0
- package/src/secrets/index.ts +13 -0
- package/src/secrets/resolve-cf-credentials.ts +63 -0
- package/src/web-app.ts +32 -0
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Cloudflare API Backend Descriptor
|
|
3
|
+
*
|
|
4
|
+
* Pushes secrets to Cloudflare Pages/Workers via the REST API.
|
|
5
|
+
* Write-only: CF does not expose secret values after setting.
|
|
6
|
+
*/
|
|
7
|
+
/**
|
|
8
|
+
* Cloudflare API secrets backend descriptor.
|
|
9
|
+
*
|
|
10
|
+
* @remarks
|
|
11
|
+
* Project names can be provided via descriptor.config.cfProjectNames.
|
|
12
|
+
* If not provided, the implementation will attempt to derive them from
|
|
13
|
+
* runtime-resolved infra/web-app descriptors (requires runtime context).
|
|
14
|
+
*/
|
|
15
|
+
const descriptor = {
|
|
16
|
+
id: 'cloudflare-api',
|
|
17
|
+
kind: 'secrets/store',
|
|
18
|
+
name: 'Cloudflare API',
|
|
19
|
+
description: 'Push secrets to Cloudflare Pages and Workers via REST API',
|
|
20
|
+
tags: ['remote', 'cloudflare'],
|
|
21
|
+
enabled: true,
|
|
22
|
+
backend: 'cloudflare-api',
|
|
23
|
+
tiers: ['staging', 'production'],
|
|
24
|
+
priority: 20,
|
|
25
|
+
config: {
|
|
26
|
+
apiTokenEnvVar: 'CLOUDFLARE_API_TOKEN',
|
|
27
|
+
accountIdEnvVar: 'CLOUDFLARE_ACCOUNT_ID'
|
|
28
|
+
// cfProjectNames: optional string[] - omitted to allow runtime resolution
|
|
29
|
+
}
|
|
30
|
+
};
|
|
31
|
+
export default descriptor;
|
|
32
|
+
//# sourceMappingURL=cloudflare-api.descriptor.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cloudflare-api.descriptor.js","sourceRoot":"","sources":["../../src/secrets/cloudflare-api.descriptor.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH;;;;;;;GAOG;AACH,MAAM,UAAU,GAA2B;IAC1C,EAAE,EAAE,gBAAgB;IACpB,IAAI,EAAE,eAAe;IACrB,IAAI,EAAE,gBAAgB;IACtB,WAAW,EAAE,2DAA2D;IACxE,IAAI,EAAE,CAAC,QAAQ,EAAE,YAAY,CAAC;IAC9B,OAAO,EAAE,IAAI;IACb,OAAO,EAAE,gBAAgB;IACzB,KAAK,EAAE,CAAC,SAAS,EAAE,YAAY,CAAC;IAChC,QAAQ,EAAE,EAAE;IACZ,MAAM,EAAE;QACP,cAAc,EAAE,sBAAsB;QACtC,eAAe,EAAE,uBAAuB;QACxC,0EAA0E;KAC1E;CACD,CAAC;AAEF,eAAe,UAAU,CAAC"}
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Cloudflare API Backend Implementation
|
|
3
|
+
*
|
|
4
|
+
* Manages secrets across CF Pages projects and Workers scripts.
|
|
5
|
+
* Maps infra/web-app descriptors to CF project names for push operations.
|
|
6
|
+
*
|
|
7
|
+
* Note: CF secrets are write-only. get() and getAll() return empty results.
|
|
8
|
+
*/
|
|
9
|
+
import type { SecretsStoreDescriptor } from '@vibesdotdev/secrets/kinds/store.schema';
|
|
10
|
+
import type { SecretsStoreImplementation, SecretEntry } from '@vibesdotdev/secrets/kinds/store.interface';
|
|
11
|
+
/** Function type for resolving CF project names from descriptors */
|
|
12
|
+
type CFProjectNamesResolver = () => string[];
|
|
13
|
+
declare class CloudflareApiStore implements SecretsStoreImplementation {
|
|
14
|
+
readonly id = "cloudflare-api";
|
|
15
|
+
readonly descriptor: SecretsStoreDescriptor;
|
|
16
|
+
private readonly cfProjectNamesResolver?;
|
|
17
|
+
private connector;
|
|
18
|
+
constructor(desc: SecretsStoreDescriptor, projectNamesResolver?: CFProjectNamesResolver);
|
|
19
|
+
private getConnector;
|
|
20
|
+
list(_environment: string): Promise<SecretEntry[]>;
|
|
21
|
+
get(_environment: string, _key: string): Promise<string | undefined>;
|
|
22
|
+
set(environment: string, key: string, value: string): Promise<void>;
|
|
23
|
+
unset(_environment: string, _key: string): Promise<void>;
|
|
24
|
+
getAll(_environment: string): Promise<Record<string, string>>;
|
|
25
|
+
setAll(_environment: string, secrets: Record<string, string>): Promise<void>;
|
|
26
|
+
private getCFProjectNames;
|
|
27
|
+
}
|
|
28
|
+
export declare function createCloudflareApiStore(projectNamesResolver?: CFProjectNamesResolver): import("@vibesdotdev/runtime").RuntimeImplementationWrapper<CloudflareApiStore>;
|
|
29
|
+
export {};
|
|
30
|
+
//# sourceMappingURL=cloudflare-api.impl.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cloudflare-api.impl.d.ts","sourceRoot":"","sources":["../../src/secrets/cloudflare-api.impl.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,yCAAyC,CAAC;AACtF,OAAO,KAAK,EAAE,0BAA0B,EAAE,WAAW,EAAE,MAAM,4CAA4C,CAAC;AAK1G,oEAAoE;AACpE,KAAK,sBAAsB,GAAG,MAAM,MAAM,EAAE,CAAC;AAE7C,cAAM,kBAAmB,YAAW,0BAA0B;IAC7D,QAAQ,CAAC,EAAE,oBAAoB;IAC/B,QAAQ,CAAC,UAAU,EAAE,sBAAsB,CAAC;IAC5C,OAAO,CAAC,QAAQ,CAAC,sBAAsB,CAAC,CAAyB;IACjE,OAAO,CAAC,SAAS,CAAkD;gBAEvD,IAAI,EAAE,sBAAsB,EAAE,oBAAoB,CAAC,EAAE,sBAAsB;YAKzE,YAAY;IAmBpB,IAAI,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;IAuBlD,GAAG,CAAC,YAAY,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC;IAIpE,GAAG,CAAC,WAAW,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAInE,KAAK,CAAC,YAAY,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAIxD,MAAM,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAI7D,MAAM,CAAC,YAAY,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC;IAalF,OAAO,CAAC,iBAAiB;CAmBzB;AAED,wBAAgB,wBAAwB,CAAC,oBAAoB,CAAC,EAAE,sBAAsB,mFAQrF"}
|
|
@@ -0,0 +1,111 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Cloudflare API Backend Implementation
|
|
3
|
+
*
|
|
4
|
+
* Manages secrets across CF Pages projects and Workers scripts.
|
|
5
|
+
* Maps infra/web-app descriptors to CF project names for push operations.
|
|
6
|
+
*
|
|
7
|
+
* Note: CF secrets are write-only. get() and getAll() return empty results.
|
|
8
|
+
*/
|
|
9
|
+
import { createRuntimeImplementation } from '@vibesdotdev/runtime/factory/implementation';
|
|
10
|
+
import { CloudflareSecretsManagerConnector } from '@vibesdotdev/connector-cloudflare';
|
|
11
|
+
import descriptor from './cloudflare-api.descriptor';
|
|
12
|
+
import { resolveCfCredentialKeys } from './resolve-cf-credentials';
|
|
13
|
+
class CloudflareApiStore {
|
|
14
|
+
id = 'cloudflare-api';
|
|
15
|
+
descriptor;
|
|
16
|
+
cfProjectNamesResolver;
|
|
17
|
+
connector = null;
|
|
18
|
+
constructor(desc, projectNamesResolver) {
|
|
19
|
+
this.descriptor = desc;
|
|
20
|
+
this.cfProjectNamesResolver = projectNamesResolver;
|
|
21
|
+
}
|
|
22
|
+
async getConnector() {
|
|
23
|
+
if (this.connector)
|
|
24
|
+
return this.connector;
|
|
25
|
+
const tokenVar = this.descriptor.config?.apiTokenEnvVar ?? 'CLOUDFLARE_API_TOKEN';
|
|
26
|
+
const accountVar = this.descriptor.config?.accountIdEnvVar ?? 'CLOUDFLARE_ACCOUNT_ID';
|
|
27
|
+
const envReader = await resolveCfCredentialKeys([tokenVar, accountVar]);
|
|
28
|
+
this.connector = await CloudflareSecretsManagerConnector.create({
|
|
29
|
+
accountId: { source: 'env', key: accountVar },
|
|
30
|
+
apiToken: { source: 'env', key: tokenVar }
|
|
31
|
+
}, {
|
|
32
|
+
environment: 'production',
|
|
33
|
+
envReader
|
|
34
|
+
});
|
|
35
|
+
return this.connector;
|
|
36
|
+
}
|
|
37
|
+
async list(_environment) {
|
|
38
|
+
const connector = await this.getConnector();
|
|
39
|
+
const entries = [];
|
|
40
|
+
try {
|
|
41
|
+
const projectNames = this.getCFProjectNames();
|
|
42
|
+
for (const projectName of projectNames) {
|
|
43
|
+
try {
|
|
44
|
+
const names = await connector.list(projectName);
|
|
45
|
+
for (const key of names) {
|
|
46
|
+
entries.push({ key, hasValue: true, source: this.id });
|
|
47
|
+
}
|
|
48
|
+
}
|
|
49
|
+
catch {
|
|
50
|
+
// skip unreachable projects
|
|
51
|
+
}
|
|
52
|
+
}
|
|
53
|
+
}
|
|
54
|
+
catch (e) {
|
|
55
|
+
console.warn(`[cloudflare-api] Failed to list secrets: ${e}`);
|
|
56
|
+
}
|
|
57
|
+
return entries;
|
|
58
|
+
}
|
|
59
|
+
async get(_environment, _key) {
|
|
60
|
+
return undefined; // CF does not return secret values
|
|
61
|
+
}
|
|
62
|
+
async set(environment, key, value) {
|
|
63
|
+
await this.setAll(environment, { [key]: value });
|
|
64
|
+
}
|
|
65
|
+
async unset(_environment, _key) {
|
|
66
|
+
console.warn('[cloudflare-api] CF does not support deleting individual secrets. Re-push all secrets to update.');
|
|
67
|
+
}
|
|
68
|
+
async getAll(_environment) {
|
|
69
|
+
return {}; // CF does not return secret values
|
|
70
|
+
}
|
|
71
|
+
async setAll(_environment, secrets) {
|
|
72
|
+
const connector = await this.getConnector();
|
|
73
|
+
const projectNames = this.getCFProjectNames();
|
|
74
|
+
for (const projectName of projectNames) {
|
|
75
|
+
try {
|
|
76
|
+
await connector.set(secrets, projectName);
|
|
77
|
+
}
|
|
78
|
+
catch (e) {
|
|
79
|
+
console.warn(`[cloudflare-api] Failed to push to ${projectName}: ${e}`);
|
|
80
|
+
}
|
|
81
|
+
}
|
|
82
|
+
}
|
|
83
|
+
getCFProjectNames() {
|
|
84
|
+
// First priority: explicit project names from descriptor config
|
|
85
|
+
const explicitNames = this.descriptor.config?.cfProjectNames;
|
|
86
|
+
if (explicitNames && explicitNames.length > 0) {
|
|
87
|
+
return explicitNames;
|
|
88
|
+
}
|
|
89
|
+
// Second priority: runtime-resolved project names via injected resolver
|
|
90
|
+
if (this.cfProjectNamesResolver) {
|
|
91
|
+
try {
|
|
92
|
+
return this.cfProjectNamesResolver();
|
|
93
|
+
}
|
|
94
|
+
catch {
|
|
95
|
+
// Resolver failed, fall through to empty
|
|
96
|
+
}
|
|
97
|
+
}
|
|
98
|
+
// No project names available
|
|
99
|
+
return [];
|
|
100
|
+
}
|
|
101
|
+
}
|
|
102
|
+
export function createCloudflareApiStore(projectNamesResolver) {
|
|
103
|
+
const store = new CloudflareApiStore(descriptor, projectNamesResolver);
|
|
104
|
+
return createRuntimeImplementation({
|
|
105
|
+
id: 'cloudflare-api',
|
|
106
|
+
kind: 'secrets/store',
|
|
107
|
+
priority: 20,
|
|
108
|
+
implementation: store
|
|
109
|
+
});
|
|
110
|
+
}
|
|
111
|
+
//# sourceMappingURL=cloudflare-api.impl.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cloudflare-api.impl.js","sourceRoot":"","sources":["../../src/secrets/cloudflare-api.impl.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,2BAA2B,EAAE,MAAM,6CAA6C,CAAC;AAG1F,OAAO,EAAE,iCAAiC,EAAE,MAAM,mCAAmC,CAAC;AACtF,OAAO,UAAU,MAAM,6BAA6B,CAAC;AACrD,OAAO,EAAE,uBAAuB,EAAE,MAAM,0BAA0B,CAAC;AAKnE,MAAM,kBAAkB;IACd,EAAE,GAAG,gBAAgB,CAAC;IACtB,UAAU,CAAyB;IAC3B,sBAAsB,CAA0B;IACzD,SAAS,GAA6C,IAAI,CAAC;IAEnE,YAAY,IAA4B,EAAE,oBAA6C;QACtF,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;QACvB,IAAI,CAAC,sBAAsB,GAAG,oBAAoB,CAAC;IACpD,CAAC;IAEO,KAAK,CAAC,YAAY;QACzB,IAAI,IAAI,CAAC,SAAS;YAAE,OAAO,IAAI,CAAC,SAAS,CAAC;QAE1C,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,cAAc,IAAI,sBAAsB,CAAC;QAClF,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,eAAe,IAAI,uBAAuB,CAAC;QAEtF,MAAM,SAAS,GAAG,MAAM,uBAAuB,CAAC,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC,CAAC;QAExE,IAAI,CAAC,SAAS,GAAG,MAAM,iCAAiC,CAAC,MAAM,CAAC;YAC/D,SAAS,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,EAAE,UAAU,EAAE;YAC7C,QAAQ,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,EAAE,QAAQ,EAAE;SAC1C,EAAE;YACF,WAAW,EAAE,YAAY;YACzB,SAAS;SACT,CAAC,CAAC;QAEH,OAAO,IAAI,CAAC,SAAS,CAAC;IACvB,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,YAAoB;QAC9B,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;QAC5C,MAAM,OAAO,GAAkB,EAAE,CAAC;QAElC,IAAI,CAAC;YACJ,MAAM,YAAY,GAAG,IAAI,CAAC,iBAAiB,EAAE,CAAC;YAC9C,KAAK,MAAM,WAAW,IAAI,YAAY,EAAE,CAAC;gBACxC,IAAI,CAAC;oBACJ,MAAM,KAAK,GAAG,MAAM,SAAS,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;oBAChD,KAAK,MAAM,GAAG,IAAI,KAAK,EAAE,CAAC;wBACzB,OAAO,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC;oBACxD,CAAC;gBACF,CAAC;gBAAC,MAAM,CAAC;oBACR,4BAA4B;gBAC7B,CAAC;YACF,CAAC;QACF,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACZ,OAAO,CAAC,IAAI,CAAC,4CAA4C,CAAC,EAAE,CAAC,CAAC;QAC/D,CAAC;QAED,OAAO,OAAO,CAAC;IAChB,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,YAAoB,EAAE,IAAY;QAC3C,OAAO,SAAS,CAAC,CAAC,mCAAmC;IACtD,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,WAAmB,EAAE,GAAW,EAAE,KAAa;QACxD,MAAM,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,EAAE,CAAC,GAAG,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;IAClD,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,YAAoB,EAAE,IAAY;QAC7C,OAAO,CAAC,IAAI,CAAC,kGAAkG,CAAC,CAAC;IAClH,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,YAAoB;QAChC,OAAO,EAAE,CAAC,CAAC,mCAAmC;IAC/C,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,YAAoB,EAAE,OAA+B;QACjE,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;QAC5C,MAAM,YAAY,GAAG,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAE9C,KAAK,MAAM,WAAW,IAAI,YAAY,EAAE,CAAC;YACxC,IAAI,CAAC;gBACJ,MAAM,SAAS,CAAC,GAAG,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;YAC3C,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACZ,OAAO,CAAC,IAAI,CAAC,sCAAsC,WAAW,KAAK,CAAC,EAAE,CAAC,CAAC;YACzE,CAAC;QACF,CAAC;IACF,CAAC;IAEO,iBAAiB;QACxB,gEAAgE;QAChE,MAAM,aAAa,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,cAAsC,CAAC;QACrF,IAAI,aAAa,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC/C,OAAO,aAAa,CAAC;QACtB,CAAC;QAED,wEAAwE;QACxE,IAAI,IAAI,CAAC,sBAAsB,EAAE,CAAC;YACjC,IAAI,CAAC;gBACJ,OAAO,IAAI,CAAC,sBAAsB,EAAE,CAAC;YACtC,CAAC;YAAC,MAAM,CAAC;gBACR,yCAAyC;YAC1C,CAAC;QACF,CAAC;QAED,6BAA6B;QAC7B,OAAO,EAAE,CAAC;IACX,CAAC;CACD;AAED,MAAM,UAAU,wBAAwB,CAAC,oBAA6C;IACrF,MAAM,KAAK,GAAG,IAAI,kBAAkB,CAAC,UAAU,EAAE,oBAAoB,CAAC,CAAC;IACvE,OAAO,2BAA2B,CAAC;QAClC,EAAE,EAAE,gBAAgB;QACpB,IAAI,EAAE,eAAe;QACrB,QAAQ,EAAE,EAAE;QACZ,cAAc,EAAE,KAAK;KACrB,CAAC,CAAC;AACJ,CAAC"}
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Cloudflare Secrets Store Backend Descriptor
|
|
3
|
+
*
|
|
4
|
+
* Account-level secrets, bound to Workers via wrangler `secrets_store_secrets`.
|
|
5
|
+
* Distinct from `cloudflare-api`, which writes per-Worker / per-Pages secrets.
|
|
6
|
+
*/
|
|
7
|
+
import type { SecretsStoreDescriptor } from '@vibesdotdev/secrets/kinds/store.schema';
|
|
8
|
+
declare const descriptor: SecretsStoreDescriptor;
|
|
9
|
+
export default descriptor;
|
|
10
|
+
//# sourceMappingURL=cloudflare-secrets-store.descriptor.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cloudflare-secrets-store.descriptor.d.ts","sourceRoot":"","sources":["../../src/secrets/cloudflare-secrets-store.descriptor.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,yCAAyC,CAAC;AAEtF,QAAA,MAAM,UAAU,EAAE,sBAejB,CAAC;AAEF,eAAe,UAAU,CAAC"}
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Cloudflare Secrets Store Backend Descriptor
|
|
3
|
+
*
|
|
4
|
+
* Account-level secrets, bound to Workers via wrangler `secrets_store_secrets`.
|
|
5
|
+
* Distinct from `cloudflare-api`, which writes per-Worker / per-Pages secrets.
|
|
6
|
+
*/
|
|
7
|
+
const descriptor = {
|
|
8
|
+
id: 'cloudflare-secrets-store',
|
|
9
|
+
kind: 'secrets/store',
|
|
10
|
+
name: 'Cloudflare Secrets Store',
|
|
11
|
+
description: 'Account-level Cloudflare Secrets Store; bound to Workers via secrets_store_secrets',
|
|
12
|
+
tags: ['remote', 'cloudflare', 'shared'],
|
|
13
|
+
enabled: true,
|
|
14
|
+
backend: 'cloudflare-secrets-store',
|
|
15
|
+
tiers: ['staging', 'production'],
|
|
16
|
+
priority: 30,
|
|
17
|
+
config: {
|
|
18
|
+
apiTokenEnvVar: 'CLOUDFLARE_API_TOKEN',
|
|
19
|
+
accountIdEnvVar: 'CLOUDFLARE_ACCOUNT_ID',
|
|
20
|
+
storeIdEnvVar: 'CLOUDFLARE_SECRETS_STORE_ID'
|
|
21
|
+
}
|
|
22
|
+
};
|
|
23
|
+
export default descriptor;
|
|
24
|
+
//# sourceMappingURL=cloudflare-secrets-store.descriptor.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cloudflare-secrets-store.descriptor.js","sourceRoot":"","sources":["../../src/secrets/cloudflare-secrets-store.descriptor.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,MAAM,UAAU,GAA2B;IAC1C,EAAE,EAAE,0BAA0B;IAC9B,IAAI,EAAE,eAAe;IACrB,IAAI,EAAE,0BAA0B;IAChC,WAAW,EAAE,oFAAoF;IACjG,IAAI,EAAE,CAAC,QAAQ,EAAE,YAAY,EAAE,QAAQ,CAAC;IACxC,OAAO,EAAE,IAAI;IACb,OAAO,EAAE,0BAA0B;IACnC,KAAK,EAAE,CAAC,SAAS,EAAE,YAAY,CAAC;IAChC,QAAQ,EAAE,EAAE;IACZ,MAAM,EAAE;QACP,cAAc,EAAE,sBAAsB;QACtC,eAAe,EAAE,uBAAuB;QACxC,aAAa,EAAE,6BAA6B;KAC5C;CACD,CAAC;AAEF,eAAe,UAAU,CAAC"}
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Cloudflare Secrets Store Backend Implementation
|
|
3
|
+
*
|
|
4
|
+
* Manages secrets at the Cloudflare account level. Workers consume them via
|
|
5
|
+
* wrangler `secrets_store_secrets` bindings, generated by pages.impl.ts.
|
|
6
|
+
*
|
|
7
|
+
* Like the per-Worker secrets API, store secrets are write-only — get() / getAll()
|
|
8
|
+
* always return empty results. List() returns names only.
|
|
9
|
+
*/
|
|
10
|
+
import type { SecretsStoreDescriptor } from '@vibesdotdev/secrets/kinds/store.schema';
|
|
11
|
+
import type { SecretsStoreImplementation, SecretEntry } from '@vibesdotdev/secrets/kinds/store.interface';
|
|
12
|
+
declare class CloudflareSecretsStore implements SecretsStoreImplementation {
|
|
13
|
+
readonly id = "cloudflare-secrets-store";
|
|
14
|
+
readonly descriptor: SecretsStoreDescriptor;
|
|
15
|
+
private connector;
|
|
16
|
+
constructor(desc: SecretsStoreDescriptor);
|
|
17
|
+
private getConnector;
|
|
18
|
+
list(_environment: string): Promise<SecretEntry[]>;
|
|
19
|
+
get(_environment: string, _key: string): Promise<string | undefined>;
|
|
20
|
+
set(environment: string, key: string, value: string): Promise<void>;
|
|
21
|
+
unset(_environment: string, key: string): Promise<void>;
|
|
22
|
+
getAll(_environment: string): Promise<Record<string, string>>;
|
|
23
|
+
setAll(environment: string, secrets: Record<string, string>): Promise<void>;
|
|
24
|
+
}
|
|
25
|
+
export declare function createCloudflareSecretsStore(): import("@vibesdotdev/runtime").RuntimeImplementationWrapper<CloudflareSecretsStore>;
|
|
26
|
+
export {};
|
|
27
|
+
//# sourceMappingURL=cloudflare-secrets-store.impl.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cloudflare-secrets-store.impl.d.ts","sourceRoot":"","sources":["../../src/secrets/cloudflare-secrets-store.impl.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAIH,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,yCAAyC,CAAC;AACtF,OAAO,KAAK,EAAE,0BAA0B,EAAE,WAAW,EAAE,MAAM,4CAA4C,CAAC;AAK1G,cAAM,sBAAuB,YAAW,0BAA0B;IACjE,QAAQ,CAAC,EAAE,8BAA8B;IACzC,QAAQ,CAAC,UAAU,EAAE,sBAAsB,CAAC;IAC5C,OAAO,CAAC,SAAS,CAAkD;gBAEvD,IAAI,EAAE,sBAAsB;YAI1B,YAAY;IAqBpB,IAAI,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;IAMlD,GAAG,CAAC,YAAY,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC;IAIpE,GAAG,CAAC,WAAW,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAKnE,KAAK,CAAC,YAAY,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAKvD,MAAM,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAI7D,MAAM,CAAC,WAAW,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC;CAIjF;AAED,wBAAgB,4BAA4B,wFAQ3C"}
|
|
@@ -0,0 +1,72 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Cloudflare Secrets Store Backend Implementation
|
|
3
|
+
*
|
|
4
|
+
* Manages secrets at the Cloudflare account level. Workers consume them via
|
|
5
|
+
* wrangler `secrets_store_secrets` bindings, generated by pages.impl.ts.
|
|
6
|
+
*
|
|
7
|
+
* Like the per-Worker secrets API, store secrets are write-only — get() / getAll()
|
|
8
|
+
* always return empty results. List() returns names only.
|
|
9
|
+
*/
|
|
10
|
+
import { createRuntimeImplementation } from '@vibesdotdev/runtime/factory/implementation';
|
|
11
|
+
import { getVibesRuntime } from '@vibesdotdev/runtime';
|
|
12
|
+
import { CloudflareSecretsManagerConnector } from '@vibesdotdev/connector-cloudflare';
|
|
13
|
+
import descriptor from './cloudflare-secrets-store.descriptor';
|
|
14
|
+
import { resolveCfCredentialKeys } from './resolve-cf-credentials';
|
|
15
|
+
class CloudflareSecretsStore {
|
|
16
|
+
id = 'cloudflare-secrets-store';
|
|
17
|
+
descriptor;
|
|
18
|
+
connector = null;
|
|
19
|
+
constructor(desc) {
|
|
20
|
+
this.descriptor = desc;
|
|
21
|
+
}
|
|
22
|
+
async getConnector() {
|
|
23
|
+
if (this.connector)
|
|
24
|
+
return this.connector;
|
|
25
|
+
const tokenVar = this.descriptor.config?.apiTokenEnvVar ?? 'CLOUDFLARE_API_TOKEN';
|
|
26
|
+
const accountVar = this.descriptor.config?.accountIdEnvVar ?? 'CLOUDFLARE_ACCOUNT_ID';
|
|
27
|
+
const storeVar = this.descriptor.config?.storeIdEnvVar ?? 'CLOUDFLARE_SECRETS_STORE_ID';
|
|
28
|
+
const envReader = await resolveCfCredentialKeys([tokenVar, accountVar, storeVar]);
|
|
29
|
+
this.connector = await CloudflareSecretsManagerConnector.create({
|
|
30
|
+
accountId: { source: 'env', key: accountVar },
|
|
31
|
+
apiToken: { source: 'env', key: tokenVar },
|
|
32
|
+
storeId: { source: 'env', key: storeVar }
|
|
33
|
+
}, {
|
|
34
|
+
environment: 'production',
|
|
35
|
+
envReader
|
|
36
|
+
});
|
|
37
|
+
return this.connector;
|
|
38
|
+
}
|
|
39
|
+
async list(_environment) {
|
|
40
|
+
const connector = await this.getConnector();
|
|
41
|
+
const names = await connector.listStore();
|
|
42
|
+
return names.map((key) => ({ key, hasValue: true, source: this.id }));
|
|
43
|
+
}
|
|
44
|
+
async get(_environment, _key) {
|
|
45
|
+
return undefined;
|
|
46
|
+
}
|
|
47
|
+
async set(environment, key, value) {
|
|
48
|
+
const connector = await this.getConnector();
|
|
49
|
+
await connector.setStore({ [key]: value });
|
|
50
|
+
}
|
|
51
|
+
async unset(_environment, key) {
|
|
52
|
+
const connector = await this.getConnector();
|
|
53
|
+
await connector.unsetStore(key);
|
|
54
|
+
}
|
|
55
|
+
async getAll(_environment) {
|
|
56
|
+
return {};
|
|
57
|
+
}
|
|
58
|
+
async setAll(environment, secrets) {
|
|
59
|
+
const connector = await this.getConnector();
|
|
60
|
+
await connector.setStore(secrets);
|
|
61
|
+
}
|
|
62
|
+
}
|
|
63
|
+
export function createCloudflareSecretsStore() {
|
|
64
|
+
const store = new CloudflareSecretsStore(descriptor);
|
|
65
|
+
return createRuntimeImplementation({
|
|
66
|
+
id: 'cloudflare-secrets-store',
|
|
67
|
+
kind: 'secrets/store',
|
|
68
|
+
priority: 30,
|
|
69
|
+
implementation: store
|
|
70
|
+
});
|
|
71
|
+
}
|
|
72
|
+
//# sourceMappingURL=cloudflare-secrets-store.impl.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cloudflare-secrets-store.impl.js","sourceRoot":"","sources":["../../src/secrets/cloudflare-secrets-store.impl.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,2BAA2B,EAAE,MAAM,6CAA6C,CAAC;AAC1F,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAGvD,OAAO,EAAE,iCAAiC,EAAE,MAAM,mCAAmC,CAAC;AACtF,OAAO,UAAU,MAAM,uCAAuC,CAAC;AAC/D,OAAO,EAAE,uBAAuB,EAAE,MAAM,0BAA0B,CAAC;AAEnE,MAAM,sBAAsB;IAClB,EAAE,GAAG,0BAA0B,CAAC;IAChC,UAAU,CAAyB;IACpC,SAAS,GAA6C,IAAI,CAAC;IAEnE,YAAY,IAA4B;QACvC,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;IACxB,CAAC;IAEO,KAAK,CAAC,YAAY;QACzB,IAAI,IAAI,CAAC,SAAS;YAAE,OAAO,IAAI,CAAC,SAAS,CAAC;QAE1C,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,cAAc,IAAI,sBAAsB,CAAC;QAClF,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,eAAe,IAAI,uBAAuB,CAAC;QACtF,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,aAAa,IAAI,6BAA6B,CAAC;QAExF,MAAM,SAAS,GAAG,MAAM,uBAAuB,CAAC,CAAC,QAAQ,EAAE,UAAU,EAAE,QAAQ,CAAC,CAAC,CAAC;QAElF,IAAI,CAAC,SAAS,GAAG,MAAM,iCAAiC,CAAC,MAAM,CAAC;YAC/D,SAAS,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,EAAE,UAAU,EAAE;YAC7C,QAAQ,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,EAAE,QAAQ,EAAE;YAC1C,OAAO,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,EAAE,QAAQ,EAAE;SACzC,EAAE;YACF,WAAW,EAAE,YAAY;YACzB,SAAS;SACT,CAAC,CAAC;QAEH,OAAO,IAAI,CAAC,SAAS,CAAC;IACvB,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,YAAoB;QAC9B,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;QAC5C,MAAM,KAAK,GAAG,MAAM,SAAS,CAAC,SAAS,EAAE,CAAC;QAC1C,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;IACvE,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,YAAoB,EAAE,IAAY;QAC3C,OAAO,SAAS,CAAC;IAClB,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,WAAmB,EAAE,GAAW,EAAE,KAAa;QACxD,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;QAC5C,MAAM,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;IAC5C,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,YAAoB,EAAE,GAAW;QAC5C,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;QAC5C,MAAM,SAAS,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IACjC,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,YAAoB;QAChC,OAAO,EAAE,CAAC;IACX,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,WAAmB,EAAE,OAA+B;QAChE,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;QAC5C,MAAM,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IACnC,CAAC;CACD;AAED,MAAM,UAAU,4BAA4B;IAC3C,MAAM,KAAK,GAAG,IAAI,sBAAsB,CAAC,UAAU,CAAC,CAAC;IACrD,OAAO,2BAA2B,CAAC;QAClC,EAAE,EAAE,0BAA0B;QAC9B,IAAI,EAAE,eAAe;QACrB,QAAQ,EAAE,EAAE;QACZ,cAAc,EAAE,KAAK;KACrB,CAAC,CAAC;AACJ,CAAC"}
|
|
@@ -0,0 +1,6 @@
|
|
|
1
|
+
export { default as cloudflareApiDescriptor } from './cloudflare-api.descriptor';
|
|
2
|
+
export { createCloudflareApiStore } from './cloudflare-api.impl';
|
|
3
|
+
export { default as cloudflareSecretsStoreDescriptor } from './cloudflare-secrets-store.descriptor';
|
|
4
|
+
export { createCloudflareSecretsStore } from './cloudflare-secrets-store.impl';
|
|
5
|
+
export { type CFClientConfig, listPagesSecrets, setPagesSecrets, listWorkerSecrets, setWorkerSecrets } from '@vibesdotdev/connector-cloudflare/api';
|
|
6
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/secrets/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,IAAI,uBAAuB,EAAE,MAAM,6BAA6B,CAAC;AACjF,OAAO,EAAE,wBAAwB,EAAE,MAAM,uBAAuB,CAAC;AAEjE,OAAO,EAAE,OAAO,IAAI,gCAAgC,EAAE,MAAM,uCAAuC,CAAC;AACpG,OAAO,EAAE,4BAA4B,EAAE,MAAM,iCAAiC,CAAC;AAE/E,OAAO,EACN,KAAK,cAAc,EACnB,gBAAgB,EAChB,eAAe,EACf,iBAAiB,EACjB,gBAAgB,EAChB,MAAM,uCAAuC,CAAC"}
|
|
@@ -0,0 +1,6 @@
|
|
|
1
|
+
export { default as cloudflareApiDescriptor } from './cloudflare-api.descriptor.js';
|
|
2
|
+
export { createCloudflareApiStore } from './cloudflare-api.impl.js';
|
|
3
|
+
export { default as cloudflareSecretsStoreDescriptor } from './cloudflare-secrets-store.descriptor.js';
|
|
4
|
+
export { createCloudflareSecretsStore } from './cloudflare-secrets-store.impl.js';
|
|
5
|
+
export { listPagesSecrets, setPagesSecrets, listWorkerSecrets, setWorkerSecrets } from '@vibesdotdev/connector-cloudflare/api';
|
|
6
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/secrets/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,IAAI,uBAAuB,EAAE,MAAM,6BAA6B,CAAC;AACjF,OAAO,EAAE,wBAAwB,EAAE,MAAM,uBAAuB,CAAC;AAEjE,OAAO,EAAE,OAAO,IAAI,gCAAgC,EAAE,MAAM,uCAAuC,CAAC;AACpG,OAAO,EAAE,4BAA4B,EAAE,MAAM,iCAAiC,CAAC;AAE/E,OAAO,EAEN,gBAAgB,EAChB,eAAe,EACf,iBAAiB,EACjB,gBAAgB,EAChB,MAAM,uCAAuC,CAAC"}
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* CF credential resolver shared by the `cloudflare-api` and
|
|
3
|
+
* `cloudflare-secrets-store` backends.
|
|
4
|
+
*
|
|
5
|
+
* `CloudflareSecretsManagerConnector.create({ source: 'env', ... })` only
|
|
6
|
+
* reads `process.env` (or an `envReader` override) — it doesn't know how to
|
|
7
|
+
* peek at the runtime's secret backends. That's painful for the secrets CLI:
|
|
8
|
+
* a user who already ran `vibes secrets set CLOUDFLARE_API_TOKEN ...` still
|
|
9
|
+
* has to manually re-export the same values in their shell before
|
|
10
|
+
* `vibes secrets push --to cloudflare-secrets-store` will succeed.
|
|
11
|
+
*
|
|
12
|
+
* `resolveCfCredentialKeys` builds an `envReader` map that prefers
|
|
13
|
+
* `process.env` (so CI / explicit overrides still win) and falls back to
|
|
14
|
+
* the first available local-tier `secrets/store` backend. Pass the returned
|
|
15
|
+
* map to the connector via `opts.envReader`.
|
|
16
|
+
*/
|
|
17
|
+
export declare function resolveCfCredentialKeys(keys: string[], environment?: string): Promise<Record<string, string | undefined>>;
|
|
18
|
+
//# sourceMappingURL=resolve-cf-credentials.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"resolve-cf-credentials.d.ts","sourceRoot":"","sources":["../../src/secrets/resolve-cf-credentials.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAMH,wBAAsB,uBAAuB,CAC5C,IAAI,EAAE,MAAM,EAAE,EACd,WAAW,GAAE,MAAgB,GAC3B,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,CAAC,CAsC7C"}
|
|
@@ -0,0 +1,57 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* CF credential resolver shared by the `cloudflare-api` and
|
|
3
|
+
* `cloudflare-secrets-store` backends.
|
|
4
|
+
*
|
|
5
|
+
* `CloudflareSecretsManagerConnector.create({ source: 'env', ... })` only
|
|
6
|
+
* reads `process.env` (or an `envReader` override) — it doesn't know how to
|
|
7
|
+
* peek at the runtime's secret backends. That's painful for the secrets CLI:
|
|
8
|
+
* a user who already ran `vibes secrets set CLOUDFLARE_API_TOKEN ...` still
|
|
9
|
+
* has to manually re-export the same values in their shell before
|
|
10
|
+
* `vibes secrets push --to cloudflare-secrets-store` will succeed.
|
|
11
|
+
*
|
|
12
|
+
* `resolveCfCredentialKeys` builds an `envReader` map that prefers
|
|
13
|
+
* `process.env` (so CI / explicit overrides still win) and falls back to
|
|
14
|
+
* the first available local-tier `secrets/store` backend. Pass the returned
|
|
15
|
+
* map to the connector via `opts.envReader`.
|
|
16
|
+
*/
|
|
17
|
+
import { getVibesRuntime } from '@vibesdotdev/runtime';
|
|
18
|
+
const LOCAL_BACKEND_IDS = ['encrypted-local', 'env-file'];
|
|
19
|
+
export async function resolveCfCredentialKeys(keys, environment = 'local') {
|
|
20
|
+
const resolved = {};
|
|
21
|
+
const runtime = getVibesRuntime();
|
|
22
|
+
let localStore = null;
|
|
23
|
+
if (runtime.hasKind('secrets/store')) {
|
|
24
|
+
for (const id of LOCAL_BACKEND_IDS) {
|
|
25
|
+
try {
|
|
26
|
+
const impl = (await runtime
|
|
27
|
+
.query('secrets/store')
|
|
28
|
+
.withId(id)
|
|
29
|
+
.resolve());
|
|
30
|
+
if (impl && typeof impl.get === 'function') {
|
|
31
|
+
localStore = { get: impl.get.bind(impl) };
|
|
32
|
+
break;
|
|
33
|
+
}
|
|
34
|
+
}
|
|
35
|
+
catch {
|
|
36
|
+
// next candidate
|
|
37
|
+
}
|
|
38
|
+
}
|
|
39
|
+
}
|
|
40
|
+
for (const key of keys) {
|
|
41
|
+
const envValue = process.env[key];
|
|
42
|
+
if (envValue && envValue !== '') {
|
|
43
|
+
resolved[key] = envValue;
|
|
44
|
+
continue;
|
|
45
|
+
}
|
|
46
|
+
if (localStore) {
|
|
47
|
+
try {
|
|
48
|
+
resolved[key] = await localStore.get(environment, key);
|
|
49
|
+
}
|
|
50
|
+
catch {
|
|
51
|
+
resolved[key] = undefined;
|
|
52
|
+
}
|
|
53
|
+
}
|
|
54
|
+
}
|
|
55
|
+
return resolved;
|
|
56
|
+
}
|
|
57
|
+
//# sourceMappingURL=resolve-cf-credentials.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"resolve-cf-credentials.js","sourceRoot":"","sources":["../../src/secrets/resolve-cf-credentials.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAEvD,MAAM,iBAAiB,GAAG,CAAC,iBAAiB,EAAE,UAAU,CAAU,CAAC;AAEnE,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC5C,IAAc,EACd,cAAsB,OAAO;IAE7B,MAAM,QAAQ,GAAuC,EAAE,CAAC;IACxD,MAAM,OAAO,GAAG,eAAe,EAAE,CAAC;IAClC,IAAI,UAAU,GAA0E,IAAI,CAAC;IAE7F,IAAI,OAAO,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE,CAAC;QACtC,KAAK,MAAM,EAAE,IAAI,iBAAiB,EAAE,CAAC;YACpC,IAAI,CAAC;gBACJ,MAAM,IAAI,GAAG,CAAC,MAAM,OAAO;qBACzB,KAAK,CAAC,eAAe,CAAC;qBACtB,MAAM,CAAC,EAAE,CAAC;qBACV,OAAO,EAAE,CAAwE,CAAC;gBACpF,IAAI,IAAI,IAAI,OAAO,IAAI,CAAC,GAAG,KAAK,UAAU,EAAE,CAAC;oBAC5C,UAAU,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBAC1C,MAAM;gBACP,CAAC;YACF,CAAC;YAAC,MAAM,CAAC;gBACR,iBAAiB;YAClB,CAAC;QACF,CAAC;IACF,CAAC;IAED,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACxB,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAClC,IAAI,QAAQ,IAAI,QAAQ,KAAK,EAAE,EAAE,CAAC;YACjC,QAAQ,CAAC,GAAG,CAAC,GAAG,QAAQ,CAAC;YACzB,SAAS;QACV,CAAC;QACD,IAAI,UAAU,EAAE,CAAC;YAChB,IAAI,CAAC;gBACJ,QAAQ,CAAC,GAAG,CAAC,GAAG,MAAM,UAAU,CAAC,GAAG,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC;YACxD,CAAC;YAAC,MAAM,CAAC;gBACR,QAAQ,CAAC,GAAG,CAAC,GAAG,SAAS,CAAC;YAC3B,CAAC;QACF,CAAC;IACF,CAAC;IAED,OAAO,QAAQ,CAAC;AACjB,CAAC"}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Cloudflare Workers + Static Assets Web App Deployment Module
|
|
3
|
+
*
|
|
4
|
+
* Public entrypoint for the canonical Vibes deploy target: Cloudflare Workers
|
|
5
|
+
* with a Static Assets binding (the @sveltejs/adapter-cloudflare shape).
|
|
6
|
+
* Pages-targeting consumers should import from `./pages` instead.
|
|
7
|
+
*/
|
|
8
|
+
export { createCloudflareWebAppDeployment, generateCloudflareWebAppDescriptor, CloudflareWebAppDescriptorSchema, SHARED_BANDWIDTH_TELEMETRY_DATASET, type CloudflareWebAppDeployment, type CloudflareWebAppDescriptor, type CloudflareWebAppDescriptorInput, type WranglerWebAppConfig, type WranglerWebAppRoute, type WranglerWebAppAssets, type WranglerSecretsStoreBinding, type WranglerAnalyticsEngineBinding } from './implementations/web-app.impl';
|
|
9
|
+
export { renderWranglerJson } from './implementations/pages.impl';
|
|
10
|
+
export { WEB_APP_HEADER_LINES, isCloudflareWebAppDeployment, renderManagedWranglerJsonc, renderWranglerJsoncFromDefaultExport, type WranglerRenderResult } from './regen.ts';
|
|
11
|
+
//# sourceMappingURL=web-app.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"web-app.d.ts","sourceRoot":"","sources":["../src/web-app.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EACN,gCAAgC,EAChC,kCAAkC,EAClC,gCAAgC,EAChC,kCAAkC,EAClC,KAAK,0BAA0B,EAC/B,KAAK,0BAA0B,EAC/B,KAAK,+BAA+B,EACpC,KAAK,oBAAoB,EACzB,KAAK,mBAAmB,EACxB,KAAK,oBAAoB,EACzB,KAAK,2BAA2B,EAChC,KAAK,8BAA8B,EACnC,MAAM,gCAAgC,CAAC;AAExC,OAAO,EAAE,kBAAkB,EAAE,MAAM,8BAA8B,CAAC;AAElE,OAAO,EACN,oBAAoB,EACpB,4BAA4B,EAC5B,0BAA0B,EAC1B,oCAAoC,EACpC,KAAK,oBAAoB,EACzB,MAAM,YAAY,CAAC"}
|
package/dist/web-app.js
ADDED
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Cloudflare Workers + Static Assets Web App Deployment Module
|
|
3
|
+
*
|
|
4
|
+
* Public entrypoint for the canonical Vibes deploy target: Cloudflare Workers
|
|
5
|
+
* with a Static Assets binding (the @sveltejs/adapter-cloudflare shape).
|
|
6
|
+
* Pages-targeting consumers should import from `./pages` instead.
|
|
7
|
+
*/
|
|
8
|
+
export { createCloudflareWebAppDeployment, generateCloudflareWebAppDescriptor, CloudflareWebAppDescriptorSchema, SHARED_BANDWIDTH_TELEMETRY_DATASET } from './implementations/web-app.impl';
|
|
9
|
+
export { renderWranglerJson } from './implementations/pages.impl';
|
|
10
|
+
export { WEB_APP_HEADER_LINES, isCloudflareWebAppDeployment, renderManagedWranglerJsonc, renderWranglerJsoncFromDefaultExport } from "./regen.js";
|
|
11
|
+
//# sourceMappingURL=web-app.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"web-app.js","sourceRoot":"","sources":["../src/web-app.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EACN,gCAAgC,EAChC,kCAAkC,EAClC,gCAAgC,EAChC,kCAAkC,EASlC,MAAM,gCAAgC,CAAC;AAExC,OAAO,EAAE,kBAAkB,EAAE,MAAM,8BAA8B,CAAC;AAElE,OAAO,EACN,oBAAoB,EACpB,4BAA4B,EAC5B,0BAA0B,EAC1B,oCAAoC,EAEpC,MAAM,YAAY,CAAC"}
|