@zincapp/zn-vault-agent 1.3.0

package/dist/lib/validation.js

@@ -0,0 +1,257 @@
+// Path: src/lib/validation.ts
+// Configuration validation for zn-vault-agent
+import fs from 'node:fs';
+import path from 'node:path';
+import { configLogger as log } from './logger.js';
+/**
+ * Validate a URL format
+ */
+function isValidUrl(url) {
+    try {
+        const parsed = new URL(url);
+        return parsed.protocol === 'http:' || parsed.protocol === 'https:';
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Validate octal permission format (e.g., "0640", "0600")
+ */
+function isValidPermissions(mode) {
+    return /^0[0-7]{3}$/.test(mode);
+}
+/**
+ * Check if a directory exists or can be created
+ */
+function isValidOutputPath(filePath) {
+    const dir = path.dirname(filePath);
+    if (fs.existsSync(dir)) {
+        return { valid: true };
+    }
+    // Check if parent of parent exists (one level of mkdir is OK)
+    const parentDir = path.dirname(dir);
+    if (fs.existsSync(parentDir)) {
+        return { valid: true };
+    }
+    return {
+        valid: false,
+        reason: `Parent directory does not exist: ${parentDir}`,
+    };
+}
+/**
+ * Validate a certificate target configuration
+ */
+function validateTarget(target, index) {
+    const errors = [];
+    const warnings = [];
+    const prefix = `targets[${index}]`;
+    // Required fields
+    if (!target.certId || typeof target.certId !== 'string') {
+        errors.push({ field: `${prefix}.certId`, message: 'Certificate ID is required', value: target.certId });
+    }
+    if (!target.name || typeof target.name !== 'string') {
+        errors.push({ field: `${prefix}.name`, message: 'Target name is required', value: target.name });
+    }
+    // Outputs validation
+    if (!target.outputs || typeof target.outputs !== 'object') {
+        errors.push({ field: `${prefix}.outputs`, message: 'At least one output path is required' });
+    }
+    else {
+        const outputPaths = Object.entries(target.outputs).filter(([, v]) => v);
+        if (outputPaths.length === 0) {
+            errors.push({ field: `${prefix}.outputs`, message: 'At least one output path must be configured' });
+        }
+        for (const [key, outputPath] of outputPaths) {
+            if (typeof outputPath !== 'string')
+                continue;
+            // Check path is absolute
+            if (!path.isAbsolute(outputPath)) {
+                errors.push({
+                    field: `${prefix}.outputs.${key}`,
+                    message: 'Output path must be absolute',
+                    value: outputPath,
+                });
+            }
+            else {
+                // Check parent directory exists
+                const pathCheck = isValidOutputPath(outputPath);
+                if (!pathCheck.valid) {
+                    warnings.push({
+                        field: `${prefix}.outputs.${key}`,
+                        message: pathCheck.reason || 'Output directory may not exist',
+                        suggestion: `Ensure directory exists: mkdir -p ${path.dirname(outputPath)}`,
+                    });
+                }
+            }
+        }
+    }
+    // Mode validation
+    if (target.mode && !isValidPermissions(target.mode)) {
+        errors.push({
+            field: `${prefix}.mode`,
+            message: 'Invalid permission format. Use octal format like "0640" or "0600"',
+            value: target.mode,
+        });
+    }
+    // Owner validation (basic format check)
+    if (target.owner && !/^[a-z_][a-z0-9_-]*(:([a-z_][a-z0-9_-]*))?$/i.test(target.owner)) {
+        warnings.push({
+            field: `${prefix}.owner`,
+            message: 'Owner format may be invalid',
+            suggestion: 'Use format "user" or "user:group"',
+        });
+    }
+    // Reload command warning
+    if (target.reloadCmd) {
+        warnings.push({
+            field: `${prefix}.reloadCmd`,
+            message: 'Reload command will be executed with agent privileges',
+            suggestion: 'Ensure command is safe and necessary',
+        });
+    }
+    return { errors, warnings };
+}
+/**
+ * Validate the full agent configuration
+ */
+export function validateConfig(config) {
+    const errors = [];
+    const warnings = [];
+    // Vault URL
+    if (!config.vaultUrl) {
+        errors.push({ field: 'vaultUrl', message: 'Vault URL is required' });
+    }
+    else if (!isValidUrl(config.vaultUrl)) {
+        errors.push({ field: 'vaultUrl', message: 'Invalid URL format', value: config.vaultUrl });
+    }
+    else if (config.vaultUrl.startsWith('http://')) {
+        warnings.push({
+            field: 'vaultUrl',
+            message: 'Using HTTP instead of HTTPS',
+            suggestion: 'Use HTTPS for production deployments',
+        });
+    }
+    // Tenant ID
+    if (!config.tenantId) {
+        errors.push({ field: 'tenantId', message: 'Tenant ID is required' });
+    }
+    // Authentication
+    if (!config.auth) {
+        errors.push({ field: 'auth', message: 'Authentication configuration is required' });
+    }
+    else {
+        const hasApiKey = !!config.auth.apiKey || !!process.env.ZNVAULT_API_KEY;
+        const hasPassword = (!!config.auth.username && !!config.auth.password) ||
+            (!!config.auth.username && !!process.env.ZNVAULT_PASSWORD);
+        if (!hasApiKey && !hasPassword) {
+            errors.push({
+                field: 'auth',
+                message: 'Either API key or username/password is required',
+            });
+        }
+        // Warn if credentials in config file
+        if (config.auth.apiKey) {
+            warnings.push({
+                field: 'auth.apiKey',
+                message: 'API key stored in config file',
+                suggestion: 'Use ZNVAULT_API_KEY environment variable instead',
+            });
+        }
+        if (config.auth.password) {
+            warnings.push({
+                field: 'auth.password',
+                message: 'Password stored in config file',
+                suggestion: 'Use ZNVAULT_PASSWORD environment variable instead',
+            });
+        }
+    }
+    // Insecure mode warning
+    if (config.insecure) {
+        warnings.push({
+            field: 'insecure',
+            message: 'TLS verification is disabled',
+            suggestion: 'Enable TLS verification for production deployments',
+        });
+    }
+    // Targets
+    if (!config.targets || !Array.isArray(config.targets)) {
+        warnings.push({
+            field: 'targets',
+            message: 'No certificate targets configured',
+            suggestion: 'Add targets using: zn-vault-agent add <cert-id>',
+        });
+    }
+    else if (config.targets.length === 0) {
+        warnings.push({
+            field: 'targets',
+            message: 'No certificate targets configured',
+            suggestion: 'Add targets using: zn-vault-agent add <cert-id>',
+        });
+    }
+    else {
+        for (let i = 0; i < config.targets.length; i++) {
+            const targetValidation = validateTarget(config.targets[i], i);
+            errors.push(...targetValidation.errors);
+            warnings.push(...targetValidation.warnings);
+        }
+    }
+    // Poll interval
+    if (config.pollInterval !== undefined) {
+        if (typeof config.pollInterval !== 'number' || config.pollInterval < 60) {
+            warnings.push({
+                field: 'pollInterval',
+                message: 'Poll interval is less than 60 seconds',
+                suggestion: 'Consider using at least 300 seconds (5 minutes) to reduce load',
+            });
+        }
+    }
+    const result = {
+        valid: errors.length === 0,
+        errors,
+        warnings,
+    };
+    // Log validation results
+    if (errors.length > 0) {
+        log.error({ errors }, 'Configuration validation failed');
+    }
+    if (warnings.length > 0) {
+        log.warn({ warnings }, 'Configuration has warnings');
+    }
+    return result;
+}
+/**
+ * Format validation result for display
+ */
+export function formatValidationResult(result) {
+    const lines = [];
+    if (result.errors.length > 0) {
+        lines.push('Errors:');
+        for (const error of result.errors) {
+            lines.push(`  ✗ ${error.field}: ${error.message}`);
+            if (error.value !== undefined) {
+                lines.push(`    Value: ${JSON.stringify(error.value)}`);
+            }
+        }
+    }
+    if (result.warnings.length > 0) {
+        if (lines.length > 0)
+            lines.push('');
+        lines.push('Warnings:');
+        for (const warning of result.warnings) {
+            lines.push(`  ⚠ ${warning.field}: ${warning.message}`);
+            if (warning.suggestion) {
+                lines.push(`    Suggestion: ${warning.suggestion}`);
+            }
+        }
+    }
+    if (result.valid && result.warnings.length === 0) {
+        lines.push('✓ Configuration is valid');
+    }
+    else if (result.valid) {
+        lines.push('');
+        lines.push('✓ Configuration is valid (with warnings)');
+    }
+    return lines.join('\n');
+}
+//# sourceMappingURL=validation.js.map

package/dist/lib/validation.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"validation.js","sourceRoot":"","sources":["../../src/lib/validation.ts"],"names":[],"mappings":"AAAA,8BAA8B;AAC9B,8CAA8C;AAE9C,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,OAAO,EAAE,YAAY,IAAI,GAAG,EAAE,MAAM,aAAa,CAAC;AAoBlD;;GAEG;AACH,SAAS,UAAU,CAAC,GAAW;IAC7B,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAC5B,OAAO,MAAM,CAAC,QAAQ,KAAK,OAAO,IAAI,MAAM,CAAC,QAAQ,KAAK,QAAQ,CAAC;IACrE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,kBAAkB,CAAC,IAAY;IACtC,OAAO,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAClC,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CAAC,QAAgB;IACzC,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IAEnC,IAAI,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACvB,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IACzB,CAAC;IAED,8DAA8D;IAC9D,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACpC,IAAI,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAC7B,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IACzB,CAAC;IAED,OAAO;QACL,KAAK,EAAE,KAAK;QACZ,MAAM,EAAE,oCAAoC,SAAS,EAAE;KACxD,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CAAC,MAAkB,EAAE,KAAa;IACvD,MAAM,MAAM,GAAsB,EAAE,CAAC;IACrC,MAAM,QAAQ,GAAwB,EAAE,CAAC;IACzC,MAAM,MAAM,GAAG,WAAW,KAAK,GAAG,CAAC;IAEnC,kBAAkB;IAClB,IAAI,CAAC,MAAM,CAAC,MAAM,IAAI,OAAO,MAAM,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;QACxD,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,GAAG,MAAM,SAAS,EAAE,OAAO,EAAE,4BAA4B,EAAE,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;IAC1G,CAAC;IAED,IAAI,CAAC,MAAM,CAAC,IAAI,IAAI,OAAO,MAAM,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;QACpD,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,GAAG,MAAM,OAAO,EAAE,OAAO,EAAE,yBAAyB,EAAE,KAAK,EAAE,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;IACnG,CAAC;IAED,qBAAqB;IACrB,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,OAAO,MAAM,CAAC,OAAO,KAAK,QAAQ,EAAE,CAAC;QAC1D,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,GAAG,MAAM,UAAU,EAAE,OAAO,EAAE,sCAAsC,EAAE,CAAC,CAAC;IAC/F,CAAC;SAAM,CAAC;QACN,MAAM,WAAW,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC;QAExE,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC7B,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,GAAG,MAAM,UAAU,EAAE,OAAO,EAAE,6CAA6C,EAAE,CAAC,CAAC;QACtG,CAAC;QAED,KAAK,MAAM,CAAC,GAAG,EAAE,UAAU,CAAC,IAAI,WAAW,EAAE,CAAC;YAC5C,IAAI,OAAO,UAAU,KAAK,QAAQ;gBAAE,SAAS;YAE7C,yBAAyB;YACzB,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;gBACjC,MAAM,CAAC,IAAI,CAAC;oBACV,KAAK,EAAE,GAAG,MAAM,YAAY,GAAG,EAAE;oBACjC,OAAO,EAAE,8BAA8B;oBACvC,KAAK,EAAE,UAAU;iBAClB,CAAC,CAAC;YACL,CAAC;iBAAM,CAAC;gBACN,gCAAgC;gBAChC,MAAM,SAAS,GAAG,iBAAiB,CAAC,UAAU,CAAC,CAAC;gBAChD,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC;oBACrB,QAAQ,CAAC,IAAI,CAAC;wBACZ,KAAK,EAAE,GAAG,MAAM,YAAY,GAAG,EAAE;wBACjC,OAAO,EAAE,SAAS,CAAC,MAAM,IAAI,gCAAgC;wBAC7D,UAAU,EAAE,qCAAqC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE;qBAC5E,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,kBAAkB;IAClB,IAAI,MAAM,CAAC,IAAI,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;QACpD,MAAM,CAAC,IAAI,CAAC;YACV,KAAK,EAAE,GAAG,MAAM,OAAO;YACvB,OAAO,EAAE,mEAAmE;YAC5E,KAAK,EAAE,MAAM,CAAC,IAAI;SACnB,CAAC,CAAC;IACL,CAAC;IAED,wCAAwC;IACxC,IAAI,MAAM,CAAC,KAAK,IAAI,CAAC,6CAA6C,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;QACtF,QAAQ,CAAC,IAAI,CAAC;YACZ,KAAK,EAAE,GAAG,MAAM,QAAQ;YACxB,OAAO,EAAE,6BAA6B;YACtC,UAAU,EAAE,mCAAmC;SAChD,CAAC,CAAC;IACL,CAAC;IAED,yBAAyB;IACzB,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACrB,QAAQ,CAAC,IAAI,CAAC;YACZ,KAAK,EAAE,GAAG,MAAM,YAAY;YAC5B,OAAO,EAAE,uDAAuD;YAChE,UAAU,EAAE,sCAAsC;SACnD,CAAC,CAAC;IACL,CAAC;IAED,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC;AAC9B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc,CAAC,MAAmB;IAChD,MAAM,MAAM,GAAsB,EAAE,CAAC;IACrC,MAAM,QAAQ,GAAwB,EAAE,CAAC;IAEzC,YAAY;IACZ,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;QACrB,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,UAAU,EAAE,OAAO,EAAE,uBAAuB,EAAE,CAAC,CAAC;IACvE,CAAC;SAAM,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;QACxC,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,UAAU,EAAE,OAAO,EAAE,oBAAoB,EAAE,KAAK,EAAE,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;IAC5F,CAAC;SAAM,IAAI,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QACjD,QAAQ,CAAC,IAAI,CAAC;YACZ,KAAK,EAAE,UAAU;YACjB,OAAO,EAAE,6BAA6B;YACtC,UAAU,EAAE,sCAAsC;SACnD,CAAC,CAAC;IACL,CAAC;IAED,YAAY;IACZ,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;QACrB,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,UAAU,EAAE,OAAO,EAAE,uBAAuB,EAAE,CAAC,CAAC;IACvE,CAAC;IAED,iBAAiB;IACjB,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;QACjB,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,0CAA0C,EAAE,CAAC,CAAC;IACtF,CAAC;SAAM,CAAC;QACN,MAAM,SAAS,GAAG,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;QACxE,MAAM,WAAW,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,IAAI,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC;YACnD,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,IAAI,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;QAE9E,IAAI,CAAC,SAAS,IAAI,CAAC,WAAW,EAAE,CAAC;YAC/B,MAAM,CAAC,IAAI,CAAC;gBACV,KAAK,EAAE,MAAM;gBACb,OAAO,EAAE,iDAAiD;aAC3D,CAAC,CAAC;QACL,CAAC;QAED,qCAAqC;QACrC,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACvB,QAAQ,CAAC,IAAI,CAAC;gBACZ,KAAK,EAAE,aAAa;gBACpB,OAAO,EAAE,+BAA+B;gBACxC,UAAU,EAAE,kDAAkD;aAC/D,CAAC,CAAC;QACL,CAAC;QACD,IAAI,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACzB,QAAQ,CAAC,IAAI,CAAC;gBACZ,KAAK,EAAE,eAAe;gBACtB,OAAO,EAAE,gCAAgC;gBACzC,UAAU,EAAE,mDAAmD;aAChE,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,wBAAwB;IACxB,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACpB,QAAQ,CAAC,IAAI,CAAC;YACZ,KAAK,EAAE,UAAU;YACjB,OAAO,EAAE,8BAA8B;YACvC,UAAU,EAAE,oDAAoD;SACjE,CAAC,CAAC;IACL,CAAC;IAED,UAAU;IACV,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;QACtD,QAAQ,CAAC,IAAI,CAAC;YACZ,KAAK,EAAE,SAAS;YAChB,OAAO,EAAE,mCAAmC;YAC5C,UAAU,EAAE,iDAAiD;SAC9D,CAAC,CAAC;IACL,CAAC;SAAM,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvC,QAAQ,CAAC,IAAI,CAAC;YACZ,KAAK,EAAE,SAAS;YAChB,OAAO,EAAE,mCAAmC;YAC5C,UAAU,EAAE,iDAAiD;SAC9D,CAAC,CAAC;IACL,CAAC;SAAM,CAAC;QACN,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAC/C,MAAM,gBAAgB,GAAG,cAAc,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;YAC9D,MAAM,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAC,MAAM,CAAC,CAAC;YACxC,QAAQ,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAED,gBAAgB;IAChB,IAAI,MAAM,CAAC,YAAY,KAAK,SAAS,EAAE,CAAC;QACtC,IAAI,OAAO,MAAM,CAAC,YAAY,KAAK,QAAQ,IAAI,MAAM,CAAC,YAAY,GAAG,EAAE,EAAE,CAAC;YACxE,QAAQ,CAAC,IAAI,CAAC;gBACZ,KAAK,EAAE,cAAc;gBACrB,OAAO,EAAE,uCAAuC;gBAChD,UAAU,EAAE,gEAAgE;aAC7E,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,MAAM,MAAM,GAAG;QACb,KAAK,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC;QAC1B,MAAM;QACN,QAAQ;KACT,CAAC;IAEF,yBAAyB;IACzB,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,GAAG,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,EAAE,iCAAiC,CAAC,CAAC;IAC3D,CAAC;IACD,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,GAAG,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,EAAE,4BAA4B,CAAC,CAAC;IACvD,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,sBAAsB,CAAC,MAAwB;IAC7D,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,IAAI,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7B,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QACtB,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;YAClC,KAAK,CAAC,IAAI,CAAC,OAAO,KAAK,CAAC,KAAK,KAAK,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YACnD,IAAI,KAAK,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;gBAC9B,KAAK,CAAC,IAAI,CAAC,cAAc,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;YAC1D,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/B,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;YAAE,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACrC,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACxB,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YACtC,KAAK,CAAC,IAAI,CAAC,OAAO,OAAO,CAAC,KAAK,KAAK,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;YACvD,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;gBACvB,KAAK,CAAC,IAAI,CAAC,mBAAmB,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC;YACtD,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACjD,KAAK,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;IACzC,CAAC;SAAM,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;QACxB,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,CAAC,IAAI,CAAC,0CAA0C,CAAC,CAAC;IACzD,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}

package/dist/lib/websocket.d.ts

@@ -0,0 +1,74 @@
+export interface CertificateEvent {
+    event: 'certificate.rotated' | 'certificate.created' | 'certificate.deleted';
+    certificateId: string;
+    fingerprint: string;
+    version: number;
+    timestamp: string;
+}
+export interface SecretEvent {
+    event: 'secret.created' | 'secret.updated' | 'secret.rotated' | 'secret.deleted';
+    secretId: string;
+    alias: string;
+    version: number;
+    timestamp: string;
+    tenantId: string;
+}
+export interface AgentUpdateEvent {
+    event: 'update.available';
+    channel: 'stable' | 'beta' | 'staging';
+    version: string;
+    releaseNotes?: string;
+    timestamp: string;
+}
+/**
+ * Unified agent event (from /v1/ws/agent)
+ */
+export interface UnifiedAgentEvent {
+    type: 'pong' | 'event' | 'subscribed' | 'registered' | 'error';
+    topic?: 'certificates' | 'secrets' | 'updates';
+    data?: CertificateEvent | SecretEvent | AgentUpdateEvent;
+    subscriptions?: {
+        certificates: string[];
+        secrets: string[];
+        updates: string | null;
+    };
+    agentId?: string;
+    message?: string;
+    timestamp?: string;
+}
+/**
+ * Unified WebSocket client interface for /v1/ws/agent
+ */
+export interface UnifiedWebSocketClient {
+    connect(): void;
+    disconnect(): void;
+    isConnected(): boolean;
+    onCertificateEvent(handler: (event: CertificateEvent) => void): void;
+    onSecretEvent(handler: (event: SecretEvent) => void): void;
+    onUpdateEvent(handler: (event: AgentUpdateEvent) => void): void;
+    onConnect(handler: (agentId: string) => void): void;
+    onDisconnect(handler: (reason: string) => void): void;
+    onError(handler: (error: Error) => void): void;
+    updateSubscriptions(subs: {
+        certIds?: string[];
+        secretIds?: string[];
+        updateChannel?: string;
+    }): void;
+}
+/**
+ * Create unified WebSocket client for /v1/ws/agent
+ *
+ * This client connects to a single endpoint and subscribes to topics:
+ * - certificates: certificate rotation events
+ * - secrets: secret update events
+ * - updates: agent update availability events
+ */
+export declare function createUnifiedWebSocketClient(): UnifiedWebSocketClient;
+/**
+ * Start the agent daemon with unified WebSocket connection
+ */
+export declare function startDaemon(options?: {
+    verbose?: boolean;
+    healthPort?: number;
+}): Promise<void>;
+//# sourceMappingURL=websocket.d.ts.map

package/dist/lib/websocket.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"websocket.d.ts","sourceRoot":"","sources":["../../src/lib/websocket.ts"],"names":[],"mappings":"AAoBA,MAAM,WAAW,gBAAgB;IAC/B,KAAK,EAAE,qBAAqB,GAAG,qBAAqB,GAAG,qBAAqB,CAAC;IAC7E,aAAa,EAAE,MAAM,CAAC;IACtB,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,WAAW;IAC1B,KAAK,EAAE,gBAAgB,GAAG,gBAAgB,GAAG,gBAAgB,GAAG,gBAAgB,CAAC;IACjF,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,gBAAgB;IAC/B,KAAK,EAAE,kBAAkB,CAAC;IAC1B,OAAO,EAAE,QAAQ,GAAG,MAAM,GAAG,SAAS,CAAC;IACvC,OAAO,EAAE,MAAM,CAAC;IAChB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,MAAM,GAAG,OAAO,GAAG,YAAY,GAAG,YAAY,GAAG,OAAO,CAAC;IAC/D,KAAK,CAAC,EAAE,cAAc,GAAG,SAAS,GAAG,SAAS,CAAC;IAC/C,IAAI,CAAC,EAAE,gBAAgB,GAAG,WAAW,GAAG,gBAAgB,CAAC;IACzD,aAAa,CAAC,EAAE;QAAE,YAAY,EAAE,MAAM,EAAE,CAAC;QAAC,OAAO,EAAE,MAAM,EAAE,CAAC;QAAC,OAAO,EAAE,MAAM,GAAG,IAAI,CAAA;KAAE,CAAC;IACtF,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAMD;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,OAAO,IAAI,IAAI,CAAC;IAChB,UAAU,IAAI,IAAI,CAAC;IACnB,WAAW,IAAI,OAAO,CAAC;IACvB,kBAAkB,CAAC,OAAO,EAAE,CAAC,KAAK,EAAE,gBAAgB,KAAK,IAAI,GAAG,IAAI,CAAC;IACrE,aAAa,CAAC,OAAO,EAAE,CAAC,KAAK,EAAE,WAAW,KAAK,IAAI,GAAG,IAAI,CAAC;IAC3D,aAAa,CAAC,OAAO,EAAE,CAAC,KAAK,EAAE,gBAAgB,KAAK,IAAI,GAAG,IAAI,CAAC;IAChE,SAAS,CAAC,OAAO,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,IAAI,GAAG,IAAI,CAAC;IACpD,YAAY,CAAC,OAAO,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,IAAI,GAAG,IAAI,CAAC;IACtD,OAAO,CAAC,OAAO,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,GAAG,IAAI,CAAC;IAC/C,mBAAmB,CAAC,IAAI,EAAE;QAAE,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;QAAC,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;QAAC,aAAa,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,IAAI,CAAC;CACvG;AAED;;;;;;;GAOG;AACH,wBAAgB,4BAA4B,IAAI,sBAAsB,CAwQrE;AAED;;GAEG;AACH,wBAAsB,WAAW,CAAC,OAAO,GAAE;IACzC,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;CAChB,GAAG,OAAO,CAAC,IAAI,CAAC,CAiNrB"}