@zincapp/zn-vault-agent 1.3.0

package/dist/services/api-key-renewal.js

@@ -0,0 +1,204 @@
+// Path: src/services/api-key-renewal.ts
+// Automatic API key renewal before expiry
+import https from 'node:https';
+import http from 'node:http';
+import { loadConfig, updateApiKey } from '../lib/config.js';
+import { createLogger } from '../lib/logger.js';
+const log = createLogger({ module: 'api-key-renewal' });
+// Renewal threshold (days before expiry to renew)
+const RENEWAL_THRESHOLD_DAYS = 30;
+// Check interval (once per day)
+const CHECK_INTERVAL_MS = 24 * 60 * 60 * 1000;
+let checkTimer = null;
+let isRunning = false;
+/**
+ * Make HTTP request with proper TLS handling
+ */
+function makeRequest(method, path, body) {
+    return new Promise((resolve, reject) => {
+        const config = loadConfig();
+        if (!config.vaultUrl) {
+            reject(new Error('Vault URL not configured'));
+            return;
+        }
+        if (!config.auth.apiKey) {
+            reject(new Error('No API key configured'));
+            return;
+        }
+        const url = new URL(config.vaultUrl);
+        const urlPath = new URL(path, config.vaultUrl);
+        if (config.tenantId) {
+            urlPath.searchParams.set('tenantId', config.tenantId);
+        }
+        const isHttps = url.protocol === 'https:';
+        const protocol = isHttps ? https : http;
+        const requestOptions = {
+            hostname: url.hostname,
+            port: url.port || (isHttps ? 443 : 80),
+            path: urlPath.pathname + urlPath.search,
+            method,
+            headers: {
+                'X-API-Key': config.auth.apiKey,
+                'Content-Type': 'application/json',
+                'Accept': 'application/json',
+            },
+            timeout: 30000,
+            rejectUnauthorized: !config.insecure,
+        };
+        const req = protocol.request(requestOptions, (res) => {
+            let data = '';
+            res.on('data', (chunk) => (data += chunk));
+            res.on('end', () => {
+                try {
+                    if (res.statusCode && res.statusCode >= 400) {
+                        const error = data ? JSON.parse(data) : { message: res.statusMessage };
+                        reject(new Error(error.message || `Request failed: ${res.statusCode}`));
+                        return;
+                    }
+                    const parsed = data ? JSON.parse(data) : {};
+                    resolve(parsed);
+                }
+                catch (err) {
+                    reject(new Error(`Failed to parse response: ${err}`));
+                }
+            });
+        });
+        req.on('error', reject);
+        req.on('timeout', () => {
+            req.destroy();
+            reject(new Error('Request timeout'));
+        });
+        if (body) {
+            req.write(JSON.stringify(body));
+        }
+        req.end();
+    });
+}
+/**
+ * Check API key status
+ */
+async function checkApiKeyStatus() {
+    const config = loadConfig();
+    if (!config.auth.apiKey) {
+        log.debug('No API key configured, skipping status check');
+        return null;
+    }
+    try {
+        const status = await makeRequest('GET', '/auth/api-keys/self');
+        return status;
+    }
+    catch (err) {
+        log.error({ err }, 'Failed to check API key status');
+        return null;
+    }
+}
+/**
+ * Rotate the API key
+ */
+async function rotateApiKey() {
+    const config = loadConfig();
+    if (!config.auth.apiKey) {
+        log.error('No API key configured, cannot rotate');
+        return null;
+    }
+    try {
+        const result = await makeRequest('POST', '/auth/api-keys/self/rotate', {});
+        log.info({
+            newPrefix: result.apiKey.prefix,
+            expiresAt: result.apiKey.expires_at,
+        }, 'API key rotated successfully');
+        return result.key;
+    }
+    catch (err) {
+        log.error({ err }, 'Failed to rotate API key');
+        return null;
+    }
+}
+/**
+ * Check and renew API key if needed
+ */
+export async function checkAndRenewApiKey() {
+    const config = loadConfig();
+    // Only works with API key auth
+    if (!config.auth.apiKey) {
+        return false;
+    }
+    log.debug('Checking API key expiry...');
+    const status = await checkApiKeyStatus();
+    if (!status) {
+        return false;
+    }
+    log.info({
+        expiresInDays: status.expiresInDays,
+        isExpiringSoon: status.isExpiringSoon,
+        prefix: status.prefix,
+    }, 'API key status');
+    // Check if renewal is needed
+    if (status.expiresInDays > RENEWAL_THRESHOLD_DAYS) {
+        log.debug({ expiresInDays: status.expiresInDays }, 'API key not expiring soon, no renewal needed');
+        return false;
+    }
+    log.info({
+        expiresInDays: status.expiresInDays,
+        threshold: RENEWAL_THRESHOLD_DAYS,
+    }, 'API key expiring soon, initiating rotation');
+    // Rotate the key
+    const newKey = await rotateApiKey();
+    if (!newKey) {
+        log.error('Failed to rotate API key');
+        return false;
+    }
+    // Update config file with new key
+    try {
+        updateApiKey(newKey);
+        log.info('Config file updated with new API key');
+        return true;
+    }
+    catch (err) {
+        log.error({ err }, 'Failed to update config file with new API key');
+        // The old key is now invalid, this is a critical error
+        return false;
+    }
+}
+/**
+ * Start the API key renewal service
+ */
+export function startApiKeyRenewal() {
+    if (isRunning) {
+        log.warn('API key renewal service already running');
+        return;
+    }
+    const config = loadConfig();
+    // Only start if using API key auth
+    if (!config.auth.apiKey) {
+        log.debug('Not using API key auth, renewal service not needed');
+        return;
+    }
+    isRunning = true;
+    log.info({
+        checkIntervalHours: CHECK_INTERVAL_MS / (60 * 60 * 1000),
+        renewalThresholdDays: RENEWAL_THRESHOLD_DAYS,
+    }, 'Starting API key renewal service');
+    // Check immediately on startup
+    checkAndRenewApiKey().catch(err => {
+        log.error({ err }, 'Initial API key check failed');
+    });
+    // Schedule periodic checks
+    checkTimer = setInterval(() => {
+        checkAndRenewApiKey().catch(err => {
+            log.error({ err }, 'Periodic API key check failed');
+        });
+    }, CHECK_INTERVAL_MS);
+}
+/**
+ * Stop the API key renewal service
+ */
+export function stopApiKeyRenewal() {
+    if (checkTimer) {
+        clearInterval(checkTimer);
+        checkTimer = null;
+    }
+    isRunning = false;
+    log.debug('API key renewal service stopped');
+}
+//# sourceMappingURL=api-key-renewal.js.map

package/dist/services/api-key-renewal.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"api-key-renewal.js","sourceRoot":"","sources":["../../src/services/api-key-renewal.ts"],"names":[],"mappings":"AAAA,wCAAwC;AACxC,0CAA0C;AAE1C,OAAO,KAAK,MAAM,YAAY,CAAC;AAC/B,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAC5D,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAEhD,MAAM,GAAG,GAAG,YAAY,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,CAAC,CAAC;AAuBxD,kDAAkD;AAClD,MAAM,sBAAsB,GAAG,EAAE,CAAC;AAElC,gCAAgC;AAChC,MAAM,iBAAiB,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAE9C,IAAI,UAAU,GAA0B,IAAI,CAAC;AAC7C,IAAI,SAAS,GAAG,KAAK,CAAC;AAEtB;;GAEG;AACH,SAAS,WAAW,CAClB,MAAsB,EACtB,IAAY,EACZ,IAAc;IAEd,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;QAE5B,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;YACrB,MAAM,CAAC,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC,CAAC;YAC9C,OAAO;QACT,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACxB,MAAM,CAAC,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC,CAAC;YAC3C,OAAO;QACT,CAAC;QAED,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QACrC,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,IAAI,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;QAC/C,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YACpB,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;QACxD,CAAC;QAED,MAAM,OAAO,GAAG,GAAG,CAAC,QAAQ,KAAK,QAAQ,CAAC;QAC1C,MAAM,QAAQ,GAAG,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;QAExC,MAAM,cAAc,GAAyB;YAC3C,QAAQ,EAAE,GAAG,CAAC,QAAQ;YACtB,IAAI,EAAE,GAAG,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;YACtC,IAAI,EAAE,OAAO,CAAC,QAAQ,GAAG,OAAO,CAAC,MAAM;YACvC,MAAM;YACN,OAAO,EAAE;gBACP,WAAW,EAAE,MAAM,CAAC,IAAI,CAAC,MAAM;gBAC/B,cAAc,EAAE,kBAAkB;gBAClC,QAAQ,EAAE,kBAAkB;aAC7B;YACD,OAAO,EAAE,KAAK;YACd,kBAAkB,EAAE,CAAC,MAAM,CAAC,QAAQ;SACrC,CAAC;QAEF,MAAM,GAAG,GAAG,QAAQ,CAAC,OAAO,CAAC,cAAc,EAAE,CAAC,GAAG,EAAE,EAAE;YACnD,IAAI,IAAI,GAAG,EAAE,CAAC;YACd,GAAG,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,IAAI,IAAI,KAAK,CAAC,CAAC,CAAC;YAC3C,GAAG,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;gBACjB,IAAI,CAAC;oBACH,IAAI,GAAG,CAAC,UAAU,IAAI,GAAG,CAAC,UAAU,IAAI,GAAG,EAAE,CAAC;wBAC5C,MAAM,KAAK,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,GAAG,CAAC,aAAa,EAAE,CAAC;wBACvE,MAAM,CAAC,IAAI,KAAK,CAAC,KAAK,CAAC,OAAO,IAAI,mBAAmB,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC;wBACxE,OAAO;oBACT,CAAC;oBACD,MAAM,MAAM,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;oBAC5C,OAAO,CAAC,MAAW,CAAC,CAAC;gBACvB,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,MAAM,CAAC,IAAI,KAAK,CAAC,6BAA6B,GAAG,EAAE,CAAC,CAAC,CAAC;gBACxD,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QACxB,GAAG,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE;YACrB,GAAG,CAAC,OAAO,EAAE,CAAC;YACd,MAAM,CAAC,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC,CAAC;QACvC,CAAC,CAAC,CAAC;QAEH,IAAI,IAAI,EAAE,CAAC;YACT,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;QAClC,CAAC;QACD,GAAG,CAAC,GAAG,EAAE,CAAC;IACZ,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,iBAAiB;IAC9B,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAE5B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;QACxB,GAAG,CAAC,KAAK,CAAC,8CAA8C,CAAC,CAAC;QAC1D,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,WAAW,CAAe,KAAK,EAAE,qBAAqB,CAAC,CAAC;QAC7E,OAAO,MAAM,CAAC;IAChB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,GAAG,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,gCAAgC,CAAC,CAAC;QACrD,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,YAAY;IACzB,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAE5B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;QACxB,GAAG,CAAC,KAAK,CAAC,sCAAsC,CAAC,CAAC;QAClD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,WAAW,CAAuB,MAAM,EAAE,4BAA4B,EAAE,EAAE,CAAC,CAAC;QACjG,GAAG,CAAC,IAAI,CAAC;YACP,SAAS,EAAE,MAAM,CAAC,MAAM,CAAC,MAAM;YAC/B,SAAS,EAAE,MAAM,CAAC,MAAM,CAAC,UAAU;SACpC,EAAE,8BAA8B,CAAC,CAAC;QACnC,OAAO,MAAM,CAAC,GAAG,CAAC;IACpB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,GAAG,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,0BAA0B,CAAC,CAAC;QAC/C,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB;IACvC,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAE5B,+BAA+B;IAC/B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;QACxB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,GAAG,CAAC,KAAK,CAAC,4BAA4B,CAAC,CAAC;IAExC,MAAM,MAAM,GAAG,MAAM,iBAAiB,EAAE,CAAC;IACzC,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,KAAK,CAAC;IACf,CAAC;IAED,GAAG,CAAC,IAAI,CAAC;QACP,aAAa,EAAE,MAAM,CAAC,aAAa;QACnC,cAAc,EAAE,MAAM,CAAC,cAAc;QACrC,MAAM,EAAE,MAAM,CAAC,MAAM;KACtB,EAAE,gBAAgB,CAAC,CAAC;IAErB,6BAA6B;IAC7B,IAAI,MAAM,CAAC,aAAa,GAAG,sBAAsB,EAAE,CAAC;QAClD,GAAG,CAAC,KAAK,CAAC,EAAE,aAAa,EAAE,MAAM,CAAC,aAAa,EAAE,EAAE,8CAA8C,CAAC,CAAC;QACnG,OAAO,KAAK,CAAC;IACf,CAAC;IAED,GAAG,CAAC,IAAI,CAAC;QACP,aAAa,EAAE,MAAM,CAAC,aAAa;QACnC,SAAS,EAAE,sBAAsB;KAClC,EAAE,4CAA4C,CAAC,CAAC;IAEjD,iBAAiB;IACjB,MAAM,MAAM,GAAG,MAAM,YAAY,EAAE,CAAC;IACpC,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,GAAG,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAC;QACtC,OAAO,KAAK,CAAC;IACf,CAAC;IAED,kCAAkC;IAClC,IAAI,CAAC;QACH,YAAY,CAAC,MAAM,CAAC,CAAC;QACrB,GAAG,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;QACjD,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,GAAG,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,+CAA+C,CAAC,CAAC;QACpE,uDAAuD;QACvD,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB;IAChC,IAAI,SAAS,EAAE,CAAC;QACd,GAAG,CAAC,IAAI,CAAC,yCAAyC,CAAC,CAAC;QACpD,OAAO;IACT,CAAC;IAED,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAE5B,mCAAmC;IACnC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;QACxB,GAAG,CAAC,KAAK,CAAC,oDAAoD,CAAC,CAAC;QAChE,OAAO;IACT,CAAC;IAED,SAAS,GAAG,IAAI,CAAC;IACjB,GAAG,CAAC,IAAI,CAAC;QACP,kBAAkB,EAAE,iBAAiB,GAAG,CAAC,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;QACxD,oBAAoB,EAAE,sBAAsB;KAC7C,EAAE,kCAAkC,CAAC,CAAC;IAEvC,+BAA+B;IAC/B,mBAAmB,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE;QAChC,GAAG,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,8BAA8B,CAAC,CAAC;IACrD,CAAC,CAAC,CAAC;IAEH,2BAA2B;IAC3B,UAAU,GAAG,WAAW,CAAC,GAAG,EAAE;QAC5B,mBAAmB,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE;YAChC,GAAG,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,+BAA+B,CAAC,CAAC;QACtD,CAAC,CAAC,CAAC;IACL,CAAC,EAAE,iBAAiB,CAAC,CAAC;AACxB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB;IAC/B,IAAI,UAAU,EAAE,CAAC;QACf,aAAa,CAAC,UAAU,CAAC,CAAC;QAC1B,UAAU,GAAG,IAAI,CAAC;IACpB,CAAC;IACD,SAAS,GAAG,KAAK,CAAC;IAClB,GAAG,CAAC,KAAK,CAAC,iCAAiC,CAAC,CAAC;AAC/C,CAAC"}

package/dist/services/npm-auto-update.d.ts

@@ -0,0 +1,60 @@
+import type { UpdateConfig, NpmVersionInfo } from '../types/update.js';
+export declare class NpmAutoUpdateService {
+    private checkInterval;
+    private initialCheckTimeout;
+    private config;
+    constructor(config?: Partial<UpdateConfig>);
+    /**
+     * Start the auto-update service.
+     * Performs initial check after 1 minute, then checks periodically.
+     */
+    start(): void;
+    /**
+     * Stop the auto-update service.
+     */
+    stop(): void;
+    /**
+     * Check for updates without installing.
+     */
+    checkForUpdates(): Promise<NpmVersionInfo>;
+    /**
+     * Check for updates and install if available.
+     */
+    private checkAndUpdate;
+    /**
+     * Get current installed version from package.json.
+     */
+    private getCurrentVersion;
+    /**
+     * Get latest version from npm registry.
+     */
+    private getLatestVersion;
+    /**
+     * Compare semver versions.
+     * Returns true if `latest` is newer than `current`.
+     */
+    private isNewer;
+    /**
+     * Acquire update lock file.
+     * Returns false if another agent is updating.
+     */
+    private acquireLock;
+    /**
+     * Release update lock file.
+     */
+    private releaseLock;
+    /**
+     * Perform the npm update.
+     */
+    private performUpdate;
+    /**
+     * Request daemon restart via SIGTERM.
+     * systemd will restart us with the new version.
+     */
+    private requestRestart;
+}
+/**
+ * Load update config from environment or use defaults.
+ */
+export declare function loadUpdateConfig(): UpdateConfig;
+//# sourceMappingURL=npm-auto-update.d.ts.map

package/dist/services/npm-auto-update.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"npm-auto-update.d.ts","sourceRoot":"","sources":["../../src/services/npm-auto-update.ts"],"names":[],"mappings":"AAgBA,OAAO,KAAK,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAOvE,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,aAAa,CAA+B;IACpD,OAAO,CAAC,mBAAmB,CAA+B;IAC1D,OAAO,CAAC,MAAM,CAAe;gBAEjB,MAAM,GAAE,OAAO,CAAC,YAAY,CAAM;IAI9C;;;OAGG;IACH,KAAK,IAAI,IAAI;IA0Bb;;OAEG;IACH,IAAI,IAAI,IAAI;IAYZ;;OAEG;IACG,eAAe,IAAI,OAAO,CAAC,cAAc,CAAC;IAUhD;;OAEG;YACW,cAAc;IAgC5B;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAazB;;OAEG;YACW,gBAAgB;IAa9B;;;OAGG;IACH,OAAO,CAAC,OAAO;IAcf;;;OAGG;IACH,OAAO,CAAC,WAAW;IAsBnB;;OAEG;IACH,OAAO,CAAC,WAAW;IAQnB;;OAEG;YACW,aAAa;IAiB3B;;;OAGG;IACH,OAAO,CAAC,cAAc;CAOvB;AAED;;GAEG;AACH,wBAAgB,gBAAgB,IAAI,YAAY,CAuB/C"}

package/dist/services/npm-auto-update.js

@@ -0,0 +1,245 @@
+// Path: zn-vault-agent/src/services/npm-auto-update.ts
+/**
+ * npm-based Auto-Update Service
+ *
+ * Periodically checks npm registry for new versions and auto-updates
+ * the agent via `npm install -g`. Uses a lock file to prevent multiple
+ * agents from updating simultaneously.
+ */
+import { exec } from 'child_process';
+import { promisify } from 'util';
+import { existsSync, writeFileSync, unlinkSync, readFileSync, statSync } from 'fs';
+import { fileURLToPath } from 'url';
+import { dirname, join } from 'path';
+import { logger } from '../lib/logger.js';
+import { DEFAULT_UPDATE_CONFIG } from '../types/update.js';
+const execAsync = promisify(exec);
+const LOCK_FILE = '/var/run/zn-vault-agent.update.lock';
+const PACKAGE_NAME = '@zincapp/zn-vault-agent';
+export class NpmAutoUpdateService {
+    checkInterval = null;
+    initialCheckTimeout = null;
+    config;
+    constructor(config = {}) {
+        this.config = { ...DEFAULT_UPDATE_CONFIG, ...config };
+    }
+    /**
+     * Start the auto-update service.
+     * Performs initial check after 1 minute, then checks periodically.
+     */
+    start() {
+        if (!this.config.enabled) {
+            logger.debug('Auto-update disabled');
+            return;
+        }
+        logger.info({ interval: this.config.checkIntervalMs / 1000, channel: this.config.channel }, 'Starting npm auto-update service');
+        // Initial check after 1 minute (let daemon stabilize)
+        this.initialCheckTimeout = setTimeout(() => {
+            this.checkAndUpdate().catch((err) => {
+                logger.error({ err }, 'Initial auto-update check failed');
+            });
+        }, 60_000);
+        // Then check periodically
+        this.checkInterval = setInterval(() => {
+            this.checkAndUpdate().catch((err) => {
+                logger.error({ err }, 'Auto-update check failed');
+            });
+        }, this.config.checkIntervalMs);
+    }
+    /**
+     * Stop the auto-update service.
+     */
+    stop() {
+        if (this.initialCheckTimeout) {
+            clearTimeout(this.initialCheckTimeout);
+            this.initialCheckTimeout = null;
+        }
+        if (this.checkInterval) {
+            clearInterval(this.checkInterval);
+            this.checkInterval = null;
+        }
+        logger.debug('Auto-update service stopped');
+    }
+    /**
+     * Check for updates without installing.
+     */
+    async checkForUpdates() {
+        const current = this.getCurrentVersion();
+        const latest = await this.getLatestVersion();
+        return {
+            current,
+            latest,
+            updateAvailable: this.isNewer(latest, current),
+        };
+    }
+    /**
+     * Check for updates and install if available.
+     */
+    async checkAndUpdate() {
+        try {
+            const info = await this.checkForUpdates();
+            if (!info.updateAvailable) {
+                logger.debug({ current: info.current, latest: info.latest }, 'No update available');
+                return;
+            }
+            logger.info({ current: info.current, latest: info.latest }, 'Update available, attempting upgrade');
+            // Acquire lock (prevents multiple agents updating simultaneously)
+            if (!this.acquireLock()) {
+                logger.info('Another agent is updating, skipping');
+                return;
+            }
+            try {
+                await this.performUpdate();
+                logger.info({ version: info.latest }, 'Update complete, requesting restart');
+                this.requestRestart();
+            }
+            finally {
+                this.releaseLock();
+            }
+        }
+        catch (err) {
+            logger.error({ err }, 'Auto-update check failed');
+        }
+    }
+    /**
+     * Get current installed version from package.json.
+     */
+    getCurrentVersion() {
+        try {
+            const __filename = fileURLToPath(import.meta.url);
+            const __dirname = dirname(__filename);
+            const pkgPath = join(__dirname, '..', '..', 'package.json');
+            const pkg = JSON.parse(readFileSync(pkgPath, 'utf-8'));
+            return pkg.version;
+        }
+        catch {
+            // Fallback: try to read from global npm
+            return '0.0.0';
+        }
+    }
+    /**
+     * Get latest version from npm registry.
+     */
+    async getLatestVersion() {
+        const tag = this.config.channel;
+        try {
+            const { stdout } = await execAsync(`npm view ${PACKAGE_NAME}@${tag} version`, {
+                timeout: 30_000,
+            });
+            return stdout.trim();
+        }
+        catch (err) {
+            logger.warn({ err, channel: tag }, 'Failed to fetch latest version from npm');
+            throw err;
+        }
+    }
+    /**
+     * Compare semver versions.
+     * Returns true if `latest` is newer than `current`.
+     */
+    isNewer(latest, current) {
+        const parseSemver = (v) => {
+            const parts = v.replace(/^v/, '').split('.');
+            return parts.map((p) => parseInt(p, 10) || 0);
+        };
+        const [lMaj, lMin = 0, lPatch = 0] = parseSemver(latest);
+        const [cMaj, cMin = 0, cPatch = 0] = parseSemver(current);
+        if (lMaj !== cMaj)
+            return lMaj > cMaj;
+        if (lMin !== cMin)
+            return lMin > cMin;
+        return lPatch > cPatch;
+    }
+    /**
+     * Acquire update lock file.
+     * Returns false if another agent is updating.
+     */
+    acquireLock() {
+        try {
+            if (existsSync(LOCK_FILE)) {
+                // Check if lock is stale (> 10 minutes old)
+                const stat = statSync(LOCK_FILE);
+                const age = Date.now() - stat.mtimeMs;
+                if (age < 10 * 60 * 1000) {
+                    const pid = readFileSync(LOCK_FILE, 'utf-8').trim();
+                    logger.debug({ pid, age: Math.round(age / 1000) }, 'Lock file exists');
+                    return false;
+                }
+                logger.warn({ age: Math.round(age / 1000) }, 'Stale lock file detected, removing');
+            }
+            writeFileSync(LOCK_FILE, String(process.pid));
+            return true;
+        }
+        catch (err) {
+            // Can't write to /var/run - might not be running as root
+            logger.debug({ err }, 'Could not acquire lock file (non-root?)');
+            return true; // Allow update anyway
+        }
+    }
+    /**
+     * Release update lock file.
+     */
+    releaseLock() {
+        try {
+            unlinkSync(LOCK_FILE);
+        }
+        catch {
+            // Ignore errors
+        }
+    }
+    /**
+     * Perform the npm update.
+     */
+    async performUpdate() {
+        const tag = this.config.channel;
+        logger.info({ package: PACKAGE_NAME, channel: tag }, 'Installing update via npm');
+        try {
+            const { stdout, stderr } = await execAsync(`npm install -g ${PACKAGE_NAME}@${tag}`, {
+                timeout: 5 * 60 * 1000, // 5 minute timeout
+            });
+            if (stdout)
+                logger.debug({ stdout: stdout.trim() }, 'npm install stdout');
+            if (stderr)
+                logger.debug({ stderr: stderr.trim() }, 'npm install stderr');
+        }
+        catch (err) {
+            logger.error({ err }, 'npm install failed');
+            throw err;
+        }
+    }
+    /**
+     * Request daemon restart via SIGTERM.
+     * systemd will restart us with the new version.
+     */
+    requestRestart() {
+        logger.info('Sending SIGTERM to self for restart');
+        // Give logs time to flush
+        setTimeout(() => {
+            process.kill(process.pid, 'SIGTERM');
+        }, 1000);
+    }
+}
+/**
+ * Load update config from environment or use defaults.
+ */
+export function loadUpdateConfig() {
+    const config = { ...DEFAULT_UPDATE_CONFIG };
+    // Check for environment overrides
+    if (process.env.AUTO_UPDATE === 'false' || process.env.AUTO_UPDATE === '0') {
+        config.enabled = false;
+    }
+    if (process.env.AUTO_UPDATE_INTERVAL) {
+        const interval = parseInt(process.env.AUTO_UPDATE_INTERVAL, 10);
+        if (!isNaN(interval) && interval > 0) {
+            config.checkIntervalMs = interval * 1000; // Convert seconds to ms
+        }
+    }
+    if (process.env.AUTO_UPDATE_CHANNEL) {
+        const channel = process.env.AUTO_UPDATE_CHANNEL.toLowerCase();
+        if (channel === 'latest' || channel === 'beta' || channel === 'next') {
+            config.channel = channel;
+        }
+    }
+    return config;
+}
+//# sourceMappingURL=npm-auto-update.js.map

package/dist/services/npm-auto-update.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"npm-auto-update.js","sourceRoot":"","sources":["../../src/services/npm-auto-update.ts"],"names":[],"mappings":"AAAA,uDAAuD;AAEvD;;;;;;GAMG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AACrC,OAAO,EAAE,SAAS,EAAE,MAAM,MAAM,CAAC;AACjC,OAAO,EAAE,UAAU,EAAE,aAAa,EAAE,UAAU,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,IAAI,CAAC;AACnF,OAAO,EAAE,aAAa,EAAE,MAAM,KAAK,CAAC;AACpC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AACrC,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAE1C,OAAO,EAAE,qBAAqB,EAAE,MAAM,oBAAoB,CAAC;AAE3D,MAAM,SAAS,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;AAClC,MAAM,SAAS,GAAG,qCAAqC,CAAC;AACxD,MAAM,YAAY,GAAG,yBAAyB,CAAC;AAE/C,MAAM,OAAO,oBAAoB;IACvB,aAAa,GAA0B,IAAI,CAAC;IAC5C,mBAAmB,GAA0B,IAAI,CAAC;IAClD,MAAM,CAAe;IAE7B,YAAY,SAAgC,EAAE;QAC5C,IAAI,CAAC,MAAM,GAAG,EAAE,GAAG,qBAAqB,EAAE,GAAG,MAAM,EAAE,CAAC;IACxD,CAAC;IAED;;;OAGG;IACH,KAAK;QACH,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACzB,MAAM,CAAC,KAAK,CAAC,sBAAsB,CAAC,CAAC;YACrC,OAAO;QACT,CAAC;QAED,MAAM,CAAC,IAAI,CACT,EAAE,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,eAAe,GAAG,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,EAC9E,kCAAkC,CACnC,CAAC;QAEF,sDAAsD;QACtD,IAAI,CAAC,mBAAmB,GAAG,UAAU,CAAC,GAAG,EAAE;YACzC,IAAI,CAAC,cAAc,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;gBAClC,MAAM,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,kCAAkC,CAAC,CAAC;YAC5D,CAAC,CAAC,CAAC;QACL,CAAC,EAAE,MAAM,CAAC,CAAC;QAEX,0BAA0B;QAC1B,IAAI,CAAC,aAAa,GAAG,WAAW,CAAC,GAAG,EAAE;YACpC,IAAI,CAAC,cAAc,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;gBAClC,MAAM,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,0BAA0B,CAAC,CAAC;YACpD,CAAC,CAAC,CAAC;QACL,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;IAClC,CAAC;IAED;;OAEG;IACH,IAAI;QACF,IAAI,IAAI,CAAC,mBAAmB,EAAE,CAAC;YAC7B,YAAY,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;YACvC,IAAI,CAAC,mBAAmB,GAAG,IAAI,CAAC;QAClC,CAAC;QACD,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YACvB,aAAa,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;YAClC,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC;QAC5B,CAAC;QACD,MAAM,CAAC,KAAK,CAAC,6BAA6B,CAAC,CAAC;IAC9C,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,eAAe;QACnB,MAAM,OAAO,GAAG,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACzC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAC7C,OAAO;YACL,OAAO;YACP,MAAM;YACN,eAAe,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC;SAC/C,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,cAAc;QAC1B,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC;YAE1C,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,CAAC;gBAC1B,MAAM,CAAC,KAAK,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,EAAE,qBAAqB,CAAC,CAAC;gBACpF,OAAO;YACT,CAAC;YAED,MAAM,CAAC,IAAI,CACT,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,EAC9C,sCAAsC,CACvC,CAAC;YAEF,kEAAkE;YAClE,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,EAAE,CAAC;gBACxB,MAAM,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;gBACnD,OAAO;YACT,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,aAAa,EAAE,CAAC;gBAC3B,MAAM,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,MAAM,EAAE,EAAE,qCAAqC,CAAC,CAAC;gBAC7E,IAAI,CAAC,cAAc,EAAE,CAAC;YACxB,CAAC;oBAAS,CAAC;gBACT,IAAI,CAAC,WAAW,EAAE,CAAC;YACrB,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,0BAA0B,CAAC,CAAC;QACpD,CAAC;IACH,CAAC;IAED;;OAEG;IACK,iBAAiB;QACvB,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAClD,MAAM,SAAS,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;YACtC,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,cAAc,CAAC,CAAC;YAC5D,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;YACvD,OAAO,GAAG,CAAC,OAAO,CAAC;QACrB,CAAC;QAAC,MAAM,CAAC;YACP,wCAAwC;YACxC,OAAO,OAAO,CAAC;QACjB,CAAC;IACH,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,gBAAgB;QAC5B,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC;QAChC,IAAI,CAAC;YACH,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,SAAS,CAAC,YAAY,YAAY,IAAI,GAAG,UAAU,EAAE;gBAC5E,OAAO,EAAE,MAAM;aAChB,CAAC,CAAC;YACH,OAAO,MAAM,CAAC,IAAI,EAAE,CAAC;QACvB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,EAAE,yCAAyC,CAAC,CAAC;YAC9E,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;IAED;;;OAGG;IACK,OAAO,CAAC,MAAc,EAAE,OAAe;QAC7C,MAAM,WAAW,GAAG,CAAC,CAAS,EAAY,EAAE;YAC1C,MAAM,KAAK,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAC7C,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC;QAChD,CAAC,CAAC;QAEF,MAAM,CAAC,IAAI,EAAE,IAAI,GAAG,CAAC,EAAE,MAAM,GAAG,CAAC,CAAC,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;QACzD,MAAM,CAAC,IAAI,EAAE,IAAI,GAAG,CAAC,EAAE,MAAM,GAAG,CAAC,CAAC,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;QAE1D,IAAI,IAAI,KAAK,IAAI;YAAE,OAAO,IAAI,GAAG,IAAI,CAAC;QACtC,IAAI,IAAI,KAAK,IAAI;YAAE,OAAO,IAAI,GAAG,IAAI,CAAC;QACtC,OAAO,MAAM,GAAG,MAAM,CAAC;IACzB,CAAC;IAED;;;OAGG;IACK,WAAW;QACjB,IAAI,CAAC;YACH,IAAI,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC1B,4CAA4C;gBAC5C,MAAM,IAAI,GAAG,QAAQ,CAAC,SAAS,CAAC,CAAC;gBACjC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC;gBACtC,IAAI,GAAG,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,CAAC;oBACzB,MAAM,GAAG,GAAG,YAAY,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;oBACpD,MAAM,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,GAAG,IAAI,CAAC,EAAE,EAAE,kBAAkB,CAAC,CAAC;oBACvE,OAAO,KAAK,CAAC;gBACf,CAAC;gBACD,MAAM,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,GAAG,IAAI,CAAC,EAAE,EAAE,oCAAoC,CAAC,CAAC;YACrF,CAAC;YACD,aAAa,CAAC,SAAS,EAAE,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC;YAC9C,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,yDAAyD;YACzD,MAAM,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,yCAAyC,CAAC,CAAC;YACjE,OAAO,IAAI,CAAC,CAAC,sBAAsB;QACrC,CAAC;IACH,CAAC;IAED;;OAEG;IACK,WAAW;QACjB,IAAI,CAAC;YACH,UAAU,CAAC,SAAS,CAAC,CAAC;QACxB,CAAC;QAAC,MAAM,CAAC;YACP,gBAAgB;QAClB,CAAC;IACH,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,aAAa;QACzB,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC;QAChC,MAAM,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,YAAY,EAAE,OAAO,EAAE,GAAG,EAAE,EAAE,2BAA2B,CAAC,CAAC;QAElF,IAAI,CAAC;YACH,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,SAAS,CAAC,kBAAkB,YAAY,IAAI,GAAG,EAAE,EAAE;gBAClF,OAAO,EAAE,CAAC,GAAG,EAAE,GAAG,IAAI,EAAE,mBAAmB;aAC5C,CAAC,CAAC;YAEH,IAAI,MAAM;gBAAE,MAAM,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,MAAM,CAAC,IAAI,EAAE,EAAE,EAAE,oBAAoB,CAAC,CAAC;YAC1E,IAAI,MAAM;gBAAE,MAAM,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,MAAM,CAAC,IAAI,EAAE,EAAE,EAAE,oBAAoB,CAAC,CAAC;QAC5E,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,oBAAoB,CAAC,CAAC;YAC5C,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;IAED;;;OAGG;IACK,cAAc;QACpB,MAAM,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;QACnD,0BAA0B;QAC1B,UAAU,CAAC,GAAG,EAAE;YACd,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;QACvC,CAAC,EAAE,IAAI,CAAC,CAAC;IACX,CAAC;CACF;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB;IAC9B,MAAM,MAAM,GAAiB,EAAE,GAAG,qBAAqB,EAAE,CAAC;IAE1D,kCAAkC;IAClC,IAAI,OAAO,CAAC,GAAG,CAAC,WAAW,KAAK,OAAO,IAAI,OAAO,CAAC,GAAG,CAAC,WAAW,KAAK,GAAG,EAAE,CAAC;QAC3E,MAAM,CAAC,OAAO,GAAG,KAAK,CAAC;IACzB,CAAC;IAED,IAAI,OAAO,CAAC,GAAG,CAAC,oBAAoB,EAAE,CAAC;QACrC,MAAM,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,EAAE,EAAE,CAAC,CAAC;QAChE,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,QAAQ,GAAG,CAAC,EAAE,CAAC;YACrC,MAAM,CAAC,eAAe,GAAG,QAAQ,GAAG,IAAI,CAAC,CAAC,wBAAwB;QACpE,CAAC;IACH,CAAC;IAED,IAAI,OAAO,CAAC,GAAG,CAAC,mBAAmB,EAAE,CAAC;QACpC,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,WAAW,EAAE,CAAC;QAC9D,IAAI,OAAO,KAAK,QAAQ,IAAI,OAAO,KAAK,MAAM,IAAI,OAAO,KAAK,MAAM,EAAE,CAAC;YACrE,MAAM,CAAC,OAAO,GAAG,OAAO,CAAC;QAC3B,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/types/update.d.ts

@@ -0,0 +1,19 @@
+/**
+ * Simplified Update Types for npm-based Auto-Update
+ *
+ * Replaces the complex S3/GPG update system (~170 lines) with
+ * a simple npm-based approach (~30 lines).
+ */
+export interface NpmVersionInfo {
+    current: string;
+    latest: string;
+    updateAvailable: boolean;
+}
+export type UpdateChannel = 'latest' | 'beta' | 'next';
+export interface UpdateConfig {
+    enabled: boolean;
+    checkIntervalMs: number;
+    channel: UpdateChannel;
+}
+export declare const DEFAULT_UPDATE_CONFIG: UpdateConfig;
+//# sourceMappingURL=update.d.ts.map

package/dist/types/update.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"update.d.ts","sourceRoot":"","sources":["../../src/types/update.ts"],"names":[],"mappings":"AAEA;;;;;GAKG;AAEH,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,eAAe,EAAE,OAAO,CAAC;CAC1B;AAED,MAAM,MAAM,aAAa,GAAG,QAAQ,GAAG,MAAM,GAAG,MAAM,CAAC;AAEvD,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,OAAO,CAAC;IACjB,eAAe,EAAE,MAAM,CAAC;IACxB,OAAO,EAAE,aAAa,CAAC;CACxB;AAED,eAAO,MAAM,qBAAqB,EAAE,YAInC,CAAC"}

package/dist/types/update.js

@@ -0,0 +1,7 @@
+// Path: zn-vault-agent/src/types/update.ts
+export const DEFAULT_UPDATE_CONFIG = {
+    enabled: true,
+    checkIntervalMs: 5 * 60 * 1000, // 5 minutes
+    channel: 'latest',
+};
+//# sourceMappingURL=update.js.map

package/dist/types/update.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"update.js","sourceRoot":"","sources":["../../src/types/update.ts"],"names":[],"mappings":"AAAA,2CAA2C;AAuB3C,MAAM,CAAC,MAAM,qBAAqB,GAAiB;IACjD,OAAO,EAAE,IAAI;IACb,eAAe,EAAE,CAAC,GAAG,EAAE,GAAG,IAAI,EAAE,YAAY;IAC5C,OAAO,EAAE,QAAQ;CAClB,CAAC"}

package/package.json

@@ -0,0 +1,74 @@
+{
+  "name": "@zincapp/zn-vault-agent",
+  "version": "1.3.0",
+  "description": "ZN-Vault Certificate Agent - Real-time certificate distribution",
+  "type": "module",
+  "main": "dist/index.js",
+  "bin": {
+    "zn-vault-agent": "./dist/index.js"
+  },
+  "files": [
+    "dist/",
+    "!dist/**/*.test.js",
+    "!dist/**/*.test.js.map",
+    "!dist/**/*.test.d.ts",
+    "!dist/**/*.test.d.ts.map",
+    "!dist/*.cjs",
+    "!dist/*.cjs.map",
+    "deploy/systemd/zn-vault-agent.service",
+    "deploy/logrotate.d/"
+  ],
+  "publishConfig": {
+    "access": "public"
+  },
+  "scripts": {
+    "build": "tsc",
+    "build:bundle": "node scripts/bundle.mjs",
+    "dev": "tsx watch src/index.ts",
+    "start": "node dist/index.js",
+    "start:bundle": "node dist/zn-vault-agent.cjs",
+    "lint": "eslint src/",
+    "lint:fix": "eslint src/ --fix",
+    "typecheck": "tsc --noEmit",
+    "pretest": "npm run build",
+    "test": "../scripts/sdk-test-run.sh npm run test:all",
+    "test:watch": "vitest",
+    "test:coverage": "vitest run --coverage",
+    "test:unit": "vitest run",
+    "test:integration": "vitest run --config vitest.integration.config.ts",
+    "test:integration:watch": "vitest --config vitest.integration.config.ts",
+    "test:all": "npm run test:unit && npm run test:integration"
+  },
+  "keywords": [
+    "znvault",
+    "certificates",
+    "ssl",
+    "tls",
+    "agent"
+  ],
+  "author": "ZincApp",
+  "license": "MIT",
+  "dependencies": {
+    "chalk": "^5.3.0",
+    "commander": "^12.1.0",
+    "conf": "^13.0.1",
+    "inquirer": "^9.3.7",
+    "ora": "^8.1.1",
+    "pino": "^9.0.0",
+    "ws": "^8.18.0"
+  },
+  "devDependencies": {
+    "@types/inquirer": "^9.0.7",
+    "@types/node": "^20.17.10",
+    "@types/ws": "^8.5.13",
+    "@vitest/coverage-v8": "^2.0.0",
+    "esbuild": "^0.24.0",
+    "pino-pretty": "^11.0.0",
+    "tsx": "^4.19.0",
+    "typescript": "^5.7.2",
+    "vitest": "^2.0.0"
+  },
+  "engines": {
+    "node": ">=18"
+  }
+}