agntcy-dir 0.5.0-rc.3 → 0.5.0

package/dist/agntcy-dir.d.ts

@@ -86,6 +86,7 @@ export declare class Client {
     static createGRPCTransport(config: Config): Promise<Transport>;
     private static createX509Transport;
     private static createJWTTransport;
+    private static createTLSTransport;
     /**
      * Request generator helper function for streaming requests.
      */
@@ -476,21 +477,27 @@ export declare class Config {
     static DEFAULT_SPIFFE_ENDPOINT_SOCKET: string;
     static DEFAULT_AUTH_MODE: string;
     static DEFAULT_JWT_AUDIENCE: string;
+    static DEFAULT_TLS_CA_FILE: string;
+    static DEFAULT_TLS_CERT_FILE: string;
+    static DEFAULT_TLS_KEY_FILE: string;
     serverAddress: string;
     dirctlPath: string;
     spiffeEndpointSocket: string;
-    authMode: 'insecure' | 'x509' | 'jwt';
+    authMode: '' | 'x509' | 'jwt' | 'tls';
     jwtAudience: string;
+    tlsCaFile: string;
+    tlsCertFile: string;
+    tlsKeyFile: string;
     /**
      * Creates a new Config instance.
      *
      * @param serverAddress - The server address to connect to. Defaults to '127.0.0.1:8888'
      * @param dirctlPath - Path to the dirctl executable. Defaults to 'dirctl'
      * @param spiffeEndpointSocket - Path to the spire server socket. Defaults to empty string.
-     * @param authMode - Authentication mode: 'insecure', 'x509', or 'jwt'. Defaults to 'insecure'
+     * @param authMode - Authentication mode: '' for insecure, 'x509', 'jwt' or 'tls'. Defaults to ''
      * @param jwtAudience - JWT audience for JWT authentication. Required when authMode is 'jwt'
      */
-    constructor(serverAddress?: string, dirctlPath?: string, spiffeEndpointSocket?: string, authMode?: 'insecure' | 'x509' | 'jwt', jwtAudience?: string);
+    constructor(serverAddress?: string, dirctlPath?: string, spiffeEndpointSocket?: string, authMode?: '' | 'x509' | 'jwt' | 'tls', jwtAudience?: string, tlsCaFile?: string, tlsCertFile?: string, tlsKeyFile?: string);
     /**
      * Load configuration from environment variables.
      *
@@ -1575,6 +1582,22 @@ declare enum RecordQueryType {
      * @generated from enum value: RECORD_QUERY_TYPE_MODULE = 6;
      */
     MODULE = 6,
+
+    /**
+     * Query for a domain ID.
+     * Numeric field - exact match only, no wildcard support.
+     *
+     * @generated from enum value: RECORD_QUERY_TYPE_DOMAIN_ID = 7;
+     */
+    DOMAIN_ID = 7,
+
+    /**
+     * Query for a domain name.
+     * Supports wildcard patterns: "*education*", "healthcare/*", "*technology"
+     *
+     * @generated from enum value: RECORD_QUERY_TYPE_DOMAIN_NAME = 8;
+     */
+    DOMAIN_NAME = 8,
 }
 
 /**

package/dist/index.cjs

@@ -9662,7 +9662,7 @@ const RecordQueryType$1 = /*@__PURE__*/
  * Describes the file agntcy/dir/search/v1/record_query.proto.
  */
 const file_agntcy_dir_search_v1_record_query = /*@__PURE__*/
-  fileDesc("CidhZ250Y3kvZGlyL3NlYXJjaC92MS9yZWNvcmRfcXVlcnkucHJvdG8SFGFnbnRjeS5kaXIuc2VhcmNoLnYxIlEKC1JlY29yZFF1ZXJ5EjMKBHR5cGUYASABKA4yJS5hZ250Y3kuZGlyLnNlYXJjaC52MS5SZWNvcmRRdWVyeVR5cGUSDQoFdmFsdWUYAiABKAkq7gEKD1JlY29yZFF1ZXJ5VHlwZRIhCh1SRUNPUkRfUVVFUllfVFlQRV9VTlNQRUNJRklFRBAAEhoKFlJFQ09SRF9RVUVSWV9UWVBFX05BTUUQARIdChlSRUNPUkRfUVVFUllfVFlQRV9WRVJTSU9OEAISHgoaUkVDT1JEX1FVRVJZX1RZUEVfU0tJTExfSUQQAxIgChxSRUNPUkRfUVVFUllfVFlQRV9TS0lMTF9OQU1FEAQSHQoZUkVDT1JEX1FVRVJZX1RZUEVfTE9DQVRPUhAFEhwKGFJFQ09SRF9RVUVSWV9UWVBFX01PRFVMRRAGQsQBChhjb20uYWdudGN5LmRpci5zZWFyY2gudjFCEFJlY29yZFF1ZXJ5UHJvdG9QAVojZ2l0aHViLmNvbS9hZ250Y3kvZGlyL2FwaS9zZWFyY2gvdjGiAgNBRFOqAhRBZ250Y3kuRGlyLlNlYXJjaC5WMcoCFEFnbnRjeVxEaXJcU2VhcmNoXFYx4gIgQWdudGN5XERpclxTZWFyY2hcVjFcR1BCTWV0YWRhdGHqAhdBZ250Y3k6OkRpcjo6U2VhcmNoOjpWMWIGcHJvdG8z");
+  fileDesc("CidhZ250Y3kvZGlyL3NlYXJjaC92MS9yZWNvcmRfcXVlcnkucHJvdG8SFGFnbnRjeS5kaXIuc2VhcmNoLnYxIlEKC1JlY29yZFF1ZXJ5EjMKBHR5cGUYASABKA4yJS5hZ250Y3kuZGlyLnNlYXJjaC52MS5SZWNvcmRRdWVyeVR5cGUSDQoFdmFsdWUYAiABKAkqsgIKD1JlY29yZFF1ZXJ5VHlwZRIhCh1SRUNPUkRfUVVFUllfVFlQRV9VTlNQRUNJRklFRBAAEhoKFlJFQ09SRF9RVUVSWV9UWVBFX05BTUUQARIdChlSRUNPUkRfUVVFUllfVFlQRV9WRVJTSU9OEAISHgoaUkVDT1JEX1FVRVJZX1RZUEVfU0tJTExfSUQQAxIgChxSRUNPUkRfUVVFUllfVFlQRV9TS0lMTF9OQU1FEAQSHQoZUkVDT1JEX1FVRVJZX1RZUEVfTE9DQVRPUhAFEhwKGFJFQ09SRF9RVUVSWV9UWVBFX01PRFVMRRAGEh8KG1JFQ09SRF9RVUVSWV9UWVBFX0RPTUFJTl9JRBAHEiEKHVJFQ09SRF9RVUVSWV9UWVBFX0RPTUFJTl9OQU1FEAhCxAEKGGNvbS5hZ250Y3kuZGlyLnNlYXJjaC52MUIQUmVjb3JkUXVlcnlQcm90b1ABWiNnaXRodWIuY29tL2FnbnRjeS9kaXIvYXBpL3NlYXJjaC92MaICA0FEU6oCFEFnbnRjeS5EaXIuU2VhcmNoLlYxygIUQWdudGN5XERpclxTZWFyY2hcVjHiAiBBZ250Y3lcRGlyXFNlYXJjaFxWMVxHUEJNZXRhZGF0YeoCF0FnbnRjeTo6RGlyOjpTZWFyY2g6OlYxYgZwcm90bzM");
 
 /**
  * Describes the message agntcy.dir.search.v1.RecordQuery.
@@ -10274,16 +10274,16 @@ class Config {
      * @param serverAddress - The server address to connect to. Defaults to '127.0.0.1:8888'
      * @param dirctlPath - Path to the dirctl executable. Defaults to 'dirctl'
      * @param spiffeEndpointSocket - Path to the spire server socket. Defaults to empty string.
-     * @param authMode - Authentication mode: 'insecure', 'x509', or 'jwt'. Defaults to 'insecure'
+     * @param authMode - Authentication mode: '' for insecure, 'x509', 'jwt' or 'tls'. Defaults to ''
      * @param jwtAudience - JWT audience for JWT authentication. Required when authMode is 'jwt'
      */
-    constructor(serverAddress = Config.DEFAULT_SERVER_ADDRESS, dirctlPath = Config.DEFAULT_DIRCTL_PATH, spiffeEndpointSocket = Config.DEFAULT_SPIFFE_ENDPOINT_SOCKET, authMode = Config.DEFAULT_AUTH_MODE, jwtAudience = Config.DEFAULT_JWT_AUDIENCE) {
+    constructor(serverAddress = Config.DEFAULT_SERVER_ADDRESS, dirctlPath = Config.DEFAULT_DIRCTL_PATH, spiffeEndpointSocket = Config.DEFAULT_SPIFFE_ENDPOINT_SOCKET, authMode = Config.DEFAULT_AUTH_MODE, jwtAudience = Config.DEFAULT_JWT_AUDIENCE, tlsCaFile = Config.DEFAULT_TLS_CA_FILE, tlsCertFile = Config.DEFAULT_TLS_CERT_FILE, tlsKeyFile = Config.DEFAULT_TLS_KEY_FILE) {
         // add protocol prefix if not set
         // use unsafe http unless spire/auth is used
         if (!serverAddress.startsWith('http://') &&
             !serverAddress.startsWith('https://')) {
-            // use https protocol when X.509 or JWT auth is used
-            if (authMode === 'x509' || authMode === 'jwt') {
+            // use https protocol when X.509, JWT, or TLS auth is used
+            if (authMode === 'x509' || authMode === 'jwt' || authMode === 'tls') {
                 serverAddress = `https://${serverAddress}`;
             }
             else {
@@ -10295,6 +10295,9 @@ class Config {
         this.spiffeEndpointSocket = spiffeEndpointSocket;
         this.authMode = authMode;
         this.jwtAudience = jwtAudience;
+        this.tlsCaFile = tlsCaFile;
+        this.tlsCertFile = tlsCertFile;
+        this.tlsKeyFile = tlsKeyFile;
     }
     /**
      * Load configuration from environment variables.
@@ -10319,14 +10322,20 @@ class Config {
         const spiffeEndpointSocketPath = node_process.env[`${prefix}SPIFFE_SOCKET_PATH`] || Config.DEFAULT_SPIFFE_ENDPOINT_SOCKET;
         const authMode = (node_process.env[`${prefix}AUTH_MODE`] || Config.DEFAULT_AUTH_MODE);
         const jwtAudience = node_process.env[`${prefix}JWT_AUDIENCE`] || Config.DEFAULT_JWT_AUDIENCE;
-        return new Config(serverAddress, dirctlPath, spiffeEndpointSocketPath, authMode, jwtAudience);
+        const tlsCaFile = node_process.env[`${prefix}TLS_CA_FILE`] || Config.DEFAULT_TLS_CA_FILE;
+        const tlsCertFile = node_process.env[`${prefix}TLS_CERT_FILE`] || Config.DEFAULT_TLS_CERT_FILE;
+        const tlsKeyFile = node_process.env[`${prefix}TLS_KEY_FILE`] || Config.DEFAULT_TLS_KEY_FILE;
+        return new Config(serverAddress, dirctlPath, spiffeEndpointSocketPath, authMode, jwtAudience, tlsCaFile, tlsCertFile, tlsKeyFile);
     }
 }
 Config.DEFAULT_SERVER_ADDRESS = '127.0.0.1:8888';
 Config.DEFAULT_DIRCTL_PATH = 'dirctl';
 Config.DEFAULT_SPIFFE_ENDPOINT_SOCKET = '';
-Config.DEFAULT_AUTH_MODE = 'insecure';
+Config.DEFAULT_AUTH_MODE = '';
 Config.DEFAULT_JWT_AUDIENCE = '';
+Config.DEFAULT_TLS_CA_FILE = '';
+Config.DEFAULT_TLS_CERT_FILE = '';
+Config.DEFAULT_TLS_KEY_FILE = '';
 /**
  * High-level client for interacting with AGNTCY Directory services.
  *
@@ -10388,7 +10397,7 @@ class Client {
     static async createGRPCTransport(config) {
         // Handle different authentication modes
         switch (config.authMode) {
-            case 'insecure':
+            case '':
                 return createGrpcTransport({
                     baseUrl: config.serverAddress,
                 });
@@ -10396,6 +10405,8 @@ class Client {
                 return await this.createJWTTransport(config);
             case 'x509':
                 return await this.createX509Transport(config);
+            case 'tls':
+                return await this.createTLSTransport(config);
             default:
                 throw new Error(`Unsupported auth mode: ${config.authMode}`);
         }
@@ -10487,6 +10498,38 @@ class Client {
         });
         return transport;
     }
+    static async createTLSTransport(config) {
+        if (config.tlsCaFile === '') {
+            throw new Error('TLS CA file is required for TLS authentication');
+        }
+        if (config.tlsCertFile === '') {
+            throw new Error('TLS certificate file is required for TLS authentication');
+        }
+        if (config.tlsKeyFile === '') {
+            throw new Error('TLS key file is required for TLS authentication');
+        }
+        let root_ca;
+        let cert_chain;
+        let private_key;
+        try {
+            root_ca = node_fs.readFileSync(config.tlsCaFile).toString();
+            cert_chain = node_fs.readFileSync(config.tlsCertFile).toString();
+            private_key = node_fs.readFileSync(config.tlsKeyFile).toString();
+        }
+        catch (e) {
+            console.error('Error reading file:', e.message);
+            throw e;
+        }
+        const transport = createGrpcTransport({
+            baseUrl: config.serverAddress,
+            nodeOptions: {
+                ca: root_ca,
+                cert: cert_chain,
+                key: private_key,
+            },
+        });
+        return transport;
+    }
     /**
      * Request generator helper function for streaming requests.
      */

package/dist/index.mjs

@@ -1,7 +1,7 @@
 import { tmpdir } from 'node:os';
 import { join } from 'node:path';
 import { env } from 'node:process';
-import { writeFileSync } from 'node:fs';
+import { readFileSync, writeFileSync } from 'node:fs';
 import { spawnSync } from 'node:child_process';
 import { createClient as createClient$1 } from 'spiffe';
 import * as zlib from 'node:zlib';
@@ -9638,7 +9638,7 @@ const RecordQueryType$1 = /*@__PURE__*/
  * Describes the file agntcy/dir/search/v1/record_query.proto.
  */
 const file_agntcy_dir_search_v1_record_query = /*@__PURE__*/
-  fileDesc("CidhZ250Y3kvZGlyL3NlYXJjaC92MS9yZWNvcmRfcXVlcnkucHJvdG8SFGFnbnRjeS5kaXIuc2VhcmNoLnYxIlEKC1JlY29yZFF1ZXJ5EjMKBHR5cGUYASABKA4yJS5hZ250Y3kuZGlyLnNlYXJjaC52MS5SZWNvcmRRdWVyeVR5cGUSDQoFdmFsdWUYAiABKAkq7gEKD1JlY29yZFF1ZXJ5VHlwZRIhCh1SRUNPUkRfUVVFUllfVFlQRV9VTlNQRUNJRklFRBAAEhoKFlJFQ09SRF9RVUVSWV9UWVBFX05BTUUQARIdChlSRUNPUkRfUVVFUllfVFlQRV9WRVJTSU9OEAISHgoaUkVDT1JEX1FVRVJZX1RZUEVfU0tJTExfSUQQAxIgChxSRUNPUkRfUVVFUllfVFlQRV9TS0lMTF9OQU1FEAQSHQoZUkVDT1JEX1FVRVJZX1RZUEVfTE9DQVRPUhAFEhwKGFJFQ09SRF9RVUVSWV9UWVBFX01PRFVMRRAGQsQBChhjb20uYWdudGN5LmRpci5zZWFyY2gudjFCEFJlY29yZFF1ZXJ5UHJvdG9QAVojZ2l0aHViLmNvbS9hZ250Y3kvZGlyL2FwaS9zZWFyY2gvdjGiAgNBRFOqAhRBZ250Y3kuRGlyLlNlYXJjaC5WMcoCFEFnbnRjeVxEaXJcU2VhcmNoXFYx4gIgQWdudGN5XERpclxTZWFyY2hcVjFcR1BCTWV0YWRhdGHqAhdBZ250Y3k6OkRpcjo6U2VhcmNoOjpWMWIGcHJvdG8z");
+  fileDesc("CidhZ250Y3kvZGlyL3NlYXJjaC92MS9yZWNvcmRfcXVlcnkucHJvdG8SFGFnbnRjeS5kaXIuc2VhcmNoLnYxIlEKC1JlY29yZFF1ZXJ5EjMKBHR5cGUYASABKA4yJS5hZ250Y3kuZGlyLnNlYXJjaC52MS5SZWNvcmRRdWVyeVR5cGUSDQoFdmFsdWUYAiABKAkqsgIKD1JlY29yZFF1ZXJ5VHlwZRIhCh1SRUNPUkRfUVVFUllfVFlQRV9VTlNQRUNJRklFRBAAEhoKFlJFQ09SRF9RVUVSWV9UWVBFX05BTUUQARIdChlSRUNPUkRfUVVFUllfVFlQRV9WRVJTSU9OEAISHgoaUkVDT1JEX1FVRVJZX1RZUEVfU0tJTExfSUQQAxIgChxSRUNPUkRfUVVFUllfVFlQRV9TS0lMTF9OQU1FEAQSHQoZUkVDT1JEX1FVRVJZX1RZUEVfTE9DQVRPUhAFEhwKGFJFQ09SRF9RVUVSWV9UWVBFX01PRFVMRRAGEh8KG1JFQ09SRF9RVUVSWV9UWVBFX0RPTUFJTl9JRBAHEiEKHVJFQ09SRF9RVUVSWV9UWVBFX0RPTUFJTl9OQU1FEAhCxAEKGGNvbS5hZ250Y3kuZGlyLnNlYXJjaC52MUIQUmVjb3JkUXVlcnlQcm90b1ABWiNnaXRodWIuY29tL2FnbnRjeS9kaXIvYXBpL3NlYXJjaC92MaICA0FEU6oCFEFnbnRjeS5EaXIuU2VhcmNoLlYxygIUQWdudGN5XERpclxTZWFyY2hcVjHiAiBBZ250Y3lcRGlyXFNlYXJjaFxWMVxHUEJNZXRhZGF0YeoCF0FnbnRjeTo6RGlyOjpTZWFyY2g6OlYxYgZwcm90bzM");
 
 /**
  * Describes the message agntcy.dir.search.v1.RecordQuery.
@@ -10250,16 +10250,16 @@ class Config {
      * @param serverAddress - The server address to connect to. Defaults to '127.0.0.1:8888'
      * @param dirctlPath - Path to the dirctl executable. Defaults to 'dirctl'
      * @param spiffeEndpointSocket - Path to the spire server socket. Defaults to empty string.
-     * @param authMode - Authentication mode: 'insecure', 'x509', or 'jwt'. Defaults to 'insecure'
+     * @param authMode - Authentication mode: '' for insecure, 'x509', 'jwt' or 'tls'. Defaults to ''
      * @param jwtAudience - JWT audience for JWT authentication. Required when authMode is 'jwt'
      */
-    constructor(serverAddress = Config.DEFAULT_SERVER_ADDRESS, dirctlPath = Config.DEFAULT_DIRCTL_PATH, spiffeEndpointSocket = Config.DEFAULT_SPIFFE_ENDPOINT_SOCKET, authMode = Config.DEFAULT_AUTH_MODE, jwtAudience = Config.DEFAULT_JWT_AUDIENCE) {
+    constructor(serverAddress = Config.DEFAULT_SERVER_ADDRESS, dirctlPath = Config.DEFAULT_DIRCTL_PATH, spiffeEndpointSocket = Config.DEFAULT_SPIFFE_ENDPOINT_SOCKET, authMode = Config.DEFAULT_AUTH_MODE, jwtAudience = Config.DEFAULT_JWT_AUDIENCE, tlsCaFile = Config.DEFAULT_TLS_CA_FILE, tlsCertFile = Config.DEFAULT_TLS_CERT_FILE, tlsKeyFile = Config.DEFAULT_TLS_KEY_FILE) {
         // add protocol prefix if not set
         // use unsafe http unless spire/auth is used
         if (!serverAddress.startsWith('http://') &&
             !serverAddress.startsWith('https://')) {
-            // use https protocol when X.509 or JWT auth is used
-            if (authMode === 'x509' || authMode === 'jwt') {
+            // use https protocol when X.509, JWT, or TLS auth is used
+            if (authMode === 'x509' || authMode === 'jwt' || authMode === 'tls') {
                 serverAddress = `https://${serverAddress}`;
             }
             else {
@@ -10271,6 +10271,9 @@ class Config {
         this.spiffeEndpointSocket = spiffeEndpointSocket;
         this.authMode = authMode;
         this.jwtAudience = jwtAudience;
+        this.tlsCaFile = tlsCaFile;
+        this.tlsCertFile = tlsCertFile;
+        this.tlsKeyFile = tlsKeyFile;
     }
     /**
      * Load configuration from environment variables.
@@ -10295,14 +10298,20 @@ class Config {
         const spiffeEndpointSocketPath = env[`${prefix}SPIFFE_SOCKET_PATH`] || Config.DEFAULT_SPIFFE_ENDPOINT_SOCKET;
         const authMode = (env[`${prefix}AUTH_MODE`] || Config.DEFAULT_AUTH_MODE);
         const jwtAudience = env[`${prefix}JWT_AUDIENCE`] || Config.DEFAULT_JWT_AUDIENCE;
-        return new Config(serverAddress, dirctlPath, spiffeEndpointSocketPath, authMode, jwtAudience);
+        const tlsCaFile = env[`${prefix}TLS_CA_FILE`] || Config.DEFAULT_TLS_CA_FILE;
+        const tlsCertFile = env[`${prefix}TLS_CERT_FILE`] || Config.DEFAULT_TLS_CERT_FILE;
+        const tlsKeyFile = env[`${prefix}TLS_KEY_FILE`] || Config.DEFAULT_TLS_KEY_FILE;
+        return new Config(serverAddress, dirctlPath, spiffeEndpointSocketPath, authMode, jwtAudience, tlsCaFile, tlsCertFile, tlsKeyFile);
     }
 }
 Config.DEFAULT_SERVER_ADDRESS = '127.0.0.1:8888';
 Config.DEFAULT_DIRCTL_PATH = 'dirctl';
 Config.DEFAULT_SPIFFE_ENDPOINT_SOCKET = '';
-Config.DEFAULT_AUTH_MODE = 'insecure';
+Config.DEFAULT_AUTH_MODE = '';
 Config.DEFAULT_JWT_AUDIENCE = '';
+Config.DEFAULT_TLS_CA_FILE = '';
+Config.DEFAULT_TLS_CERT_FILE = '';
+Config.DEFAULT_TLS_KEY_FILE = '';
 /**
  * High-level client for interacting with AGNTCY Directory services.
  *
@@ -10364,7 +10373,7 @@ class Client {
     static async createGRPCTransport(config) {
         // Handle different authentication modes
         switch (config.authMode) {
-            case 'insecure':
+            case '':
                 return createGrpcTransport({
                     baseUrl: config.serverAddress,
                 });
@@ -10372,6 +10381,8 @@ class Client {
                 return await this.createJWTTransport(config);
             case 'x509':
                 return await this.createX509Transport(config);
+            case 'tls':
+                return await this.createTLSTransport(config);
             default:
                 throw new Error(`Unsupported auth mode: ${config.authMode}`);
         }
@@ -10463,6 +10474,38 @@ class Client {
         });
         return transport;
     }
+    static async createTLSTransport(config) {
+        if (config.tlsCaFile === '') {
+            throw new Error('TLS CA file is required for TLS authentication');
+        }
+        if (config.tlsCertFile === '') {
+            throw new Error('TLS certificate file is required for TLS authentication');
+        }
+        if (config.tlsKeyFile === '') {
+            throw new Error('TLS key file is required for TLS authentication');
+        }
+        let root_ca;
+        let cert_chain;
+        let private_key;
+        try {
+            root_ca = readFileSync(config.tlsCaFile).toString();
+            cert_chain = readFileSync(config.tlsCertFile).toString();
+            private_key = readFileSync(config.tlsKeyFile).toString();
+        }
+        catch (e) {
+            console.error('Error reading file:', e.message);
+            throw e;
+        }
+        const transport = createGrpcTransport({
+            baseUrl: config.serverAddress,
+            nodeOptions: {
+                ca: root_ca,
+                cert: cert_chain,
+                key: private_key,
+            },
+        });
+        return transport;
+    }
     /**
      * Request generator helper function for streaming requests.
      */