npm - @workos/oagen-emitters - Versions diffs - 0.11.0 → 0.12.1 - Mend

@workos/oagen-emitters 0.11.0 → 0.12.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (38) hide show

package/.release-please-manifest.json +1 -1
package/CHANGELOG.md +19 -0
package/dist/index.d.mts +4 -1
package/dist/index.d.mts.map +1 -1
package/dist/index.mjs +2 -2
package/dist/{plugin-DW3cnedr.mjs → plugin-CmfzawTp.mjs} +2851 -524
package/dist/plugin-CmfzawTp.mjs.map +1 -0
package/dist/plugin.d.mts.map +1 -1
package/dist/plugin.mjs +1 -1
package/docs/sdk-architecture/rust.md +323 -0
package/package.json +9 -9
package/src/index.ts +1 -0
package/src/plugin.ts +2 -1
package/src/python/path-expression.ts +75 -26
package/src/python/resources.ts +0 -9
package/src/rust/client.ts +62 -0
package/src/rust/enums.ts +201 -0
package/src/rust/fixtures.ts +196 -0
package/src/rust/index.ts +95 -0
package/src/rust/manifest.ts +31 -0
package/src/rust/models.ts +165 -0
package/src/rust/naming.ts +131 -0
package/src/rust/resources.ts +1324 -0
package/src/rust/secret.ts +59 -0
package/src/rust/tests.ts +818 -0
package/src/rust/type-map.ts +225 -0
package/test/entrypoint.test.ts +1 -0
package/test/plugin.test.ts +2 -1
package/test/python/resources.test.ts +2 -2
package/test/rust/client.test.ts +62 -0
package/test/rust/enums.test.ts +117 -0
package/test/rust/fixtures.test.ts +227 -0
package/test/rust/manifest.test.ts +73 -0
package/test/rust/models.test.ts +177 -0
package/test/rust/resources.test.ts +748 -0
package/test/rust/tests.test.ts +504 -0
package/test/rust/type-map.test.ts +83 -0
package/dist/plugin-DW3cnedr.mjs.map +0 -1

package/src/rust/secret.ts ADDED Viewed

@@ -0,0 +1,59 @@
+/**
+ * Heuristics for spotting fields that hold secrets. The Rust emitter wraps
+ * such fields in `crate::SecretString` so their `Debug` representation does
+ * not accidentally leak the value.
+ *
+ * The list is intentionally conservative — only fields whose names strongly
+ * imply a credential or token are redacted. Generic names like `value` are
+ * skipped; the cost of a leaked secret is high enough that we'd rather miss
+ * the occasional secret than redact non-secret data and surprise users.
+ */
+const EXACT_NAMES = new Set<string>([
+  'password',
+  'new_password',
+  'old_password',
+  'password_hash',
+  'secret',
+  'client_secret',
+  'signing_secret',
+  'webhook_secret',
+  'token',
+  'access_token',
+  'refresh_token',
+  'id_token',
+  'session_token',
+  'authentication_token',
+  'pending_authentication_token',
+  'invitation_token',
+  'private_key',
+  'pem_private_key',
+  'data_key',
+  'encrypted_keys',
+  'encrypted_data_key',
+  'shared_secret',
+  'totp_secret',
+  'jwt',
+]);
+/** True when the field name strongly implies it holds a secret value. */
+export function isSensitiveFieldName(name: string): boolean {
+  const norm = name.toLowerCase().replace(/-/g, '_');
+  if (EXACT_NAMES.has(norm)) return true;
+  // Common suffix forms: `*_token`, `*_secret`, `*_password`, `*_api_key`.
+  if (/_password(_hash)?$/.test(norm)) return true;
+  if (norm.endsWith('_secret')) return true;
+  if (norm.endsWith('_token') && norm !== 'csrf_token' && norm !== 'request_token') return true;
+  return false;
+}
+/**
+ * If `rustType` is `String` or `Option<String>` and `fieldName` looks
+ * sensitive, return the redacted equivalent (`crate::SecretString` or
+ * `Option<crate::SecretString>`). Otherwise return `rustType` unchanged.
+ */
+export function applySecretRedaction(rustType: string, fieldName: string): string {
+  if (!isSensitiveFieldName(fieldName)) return rustType;
+  if (rustType === 'String') return 'crate::SecretString';
+  if (rustType === 'Option<String>') return 'Option<crate::SecretString>';
+  return rustType;
+}