envilder 0.9.3 → 0.9.4

package/lib/sdks/nodejs/src/domain/map-file-config.d.ts

@@ -0,0 +1,7 @@
+import type { SecretProviderType } from './secret-provider-type.js';
+export interface MapFileConfig {
+    readonly provider?: SecretProviderType;
+    readonly vaultUrl?: string;
+    readonly profile?: string;
+}
+//# sourceMappingURL=map-file-config.d.ts.map

package/lib/sdks/nodejs/src/domain/map-file-config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"map-file-config.d.ts","sourceRoot":"","sources":["../../../../../src/sdks/nodejs/src/domain/map-file-config.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAEpE,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,QAAQ,CAAC,EAAE,kBAAkB,CAAC;IACvC,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;CAC3B"}

package/lib/sdks/nodejs/src/domain/map-file-config.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=map-file-config.js.map

package/lib/sdks/nodejs/src/domain/map-file-config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"map-file-config.js","sourceRoot":"","sources":["../../../../../src/sdks/nodejs/src/domain/map-file-config.ts"],"names":[],"mappings":""}

package/lib/sdks/nodejs/src/domain/parsed-map-file.d.ts

@@ -0,0 +1,6 @@
+import type { MapFileConfig } from './map-file-config.js';
+export interface ParsedMapFile {
+    readonly config: MapFileConfig;
+    readonly mappings: ReadonlyMap<string, string>;
+}
+//# sourceMappingURL=parsed-map-file.d.ts.map

package/lib/sdks/nodejs/src/domain/parsed-map-file.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"parsed-map-file.d.ts","sourceRoot":"","sources":["../../../../../src/sdks/nodejs/src/domain/parsed-map-file.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAE1D,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,MAAM,EAAE,aAAa,CAAC;IAC/B,QAAQ,CAAC,QAAQ,EAAE,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAChD"}

package/lib/sdks/nodejs/src/domain/parsed-map-file.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=parsed-map-file.js.map

package/lib/sdks/nodejs/src/domain/parsed-map-file.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"parsed-map-file.js","sourceRoot":"","sources":["../../../../../src/sdks/nodejs/src/domain/parsed-map-file.ts"],"names":[],"mappings":""}

package/lib/sdks/nodejs/src/domain/ports/secret-provider.d.ts

@@ -0,0 +1,18 @@
+/**
+ * Abstracts access to a secret store (e.g. AWS SSM Parameter Store, Azure Key Vault).
+ * Implement this interface to add support for a new secret provider.
+ */
+export interface ISecretProvider {
+    /**
+     * Retrieves multiple secrets by their provider-specific identifiers.
+     *
+     * For AWS SSM these are parameter paths (e.g. `/app/db-url`);
+     * for Azure Key Vault these are secret names.
+     *
+     * Secrets that do not exist are silently omitted from the result.
+     *
+     * @returns A map of name → value for secrets that were found.
+     */
+    getSecrets(names: string[]): Promise<Map<string, string>>;
+}
+//# sourceMappingURL=secret-provider.d.ts.map

package/lib/sdks/nodejs/src/domain/ports/secret-provider.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"secret-provider.d.ts","sourceRoot":"","sources":["../../../../../../src/sdks/nodejs/src/domain/ports/secret-provider.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,MAAM,WAAW,eAAe;IAC9B;;;;;;;;;OASG;IACH,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;CAC3D"}

package/lib/sdks/nodejs/src/domain/ports/secret-provider.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=secret-provider.js.map

package/lib/sdks/nodejs/src/domain/ports/secret-provider.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"secret-provider.js","sourceRoot":"","sources":["../../../../../../src/sdks/nodejs/src/domain/ports/secret-provider.ts"],"names":[],"mappings":""}

package/lib/sdks/nodejs/src/domain/secret-provider-type.d.ts

@@ -0,0 +1,5 @@
+export declare enum SecretProviderType {
+    Aws = "aws",
+    Azure = "azure"
+}
+//# sourceMappingURL=secret-provider-type.d.ts.map

package/lib/sdks/nodejs/src/domain/secret-provider-type.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"secret-provider-type.d.ts","sourceRoot":"","sources":["../../../../../src/sdks/nodejs/src/domain/secret-provider-type.ts"],"names":[],"mappings":"AAAA,oBAAY,kBAAkB;IAC5B,GAAG,QAAQ;IACX,KAAK,UAAU;CAChB"}

package/lib/sdks/nodejs/src/domain/secret-provider-type.js

@@ -0,0 +1,6 @@
+export var SecretProviderType;
+(function (SecretProviderType) {
+    SecretProviderType["Aws"] = "aws";
+    SecretProviderType["Azure"] = "azure";
+})(SecretProviderType || (SecretProviderType = {}));
+//# sourceMappingURL=secret-provider-type.js.map

package/lib/sdks/nodejs/src/domain/secret-provider-type.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"secret-provider-type.js","sourceRoot":"","sources":["../../../../../src/sdks/nodejs/src/domain/secret-provider-type.ts"],"names":[],"mappings":"AAAA,MAAM,CAAN,IAAY,kBAGX;AAHD,WAAY,kBAAkB;IAC5B,iCAAW,CAAA;IACX,qCAAe,CAAA;AACjB,CAAC,EAHW,kBAAkB,KAAlB,kBAAkB,QAG7B"}

package/lib/sdks/nodejs/src/index.d.ts

@@ -0,0 +1,12 @@
+export { Envilder } from './application/envilder.js';
+export { EnvilderClient } from './application/envilder-client.js';
+export { MapFileParser } from './application/map-file-parser.js';
+export { SecretValidationError, validateSecrets, } from './application/secret-validation.js';
+export type { EnvilderOptions } from './domain/envilder-options.js';
+export type { MapFileConfig } from './domain/map-file-config.js';
+export type { ParsedMapFile } from './domain/parsed-map-file.js';
+export type { ISecretProvider } from './domain/ports/secret-provider.js';
+export { SecretProviderType } from './domain/secret-provider-type.js';
+export { AwsSsmSecretProvider } from './infrastructure/aws/aws-ssm-secret-provider.js';
+export { AzureKeyVaultSecretProvider } from './infrastructure/azure/azure-key-vault-secret-provider.js';
+//# sourceMappingURL=index.d.ts.map

package/lib/sdks/nodejs/src/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/sdks/nodejs/src/index.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,QAAQ,EAAE,MAAM,2BAA2B,CAAC;AACrD,OAAO,EAAE,cAAc,EAAE,MAAM,kCAAkC,CAAC;AAClE,OAAO,EAAE,aAAa,EAAE,MAAM,kCAAkC,CAAC;AACjE,OAAO,EACL,qBAAqB,EACrB,eAAe,GAChB,MAAM,oCAAoC,CAAC;AAC5C,YAAY,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAC;AACpE,YAAY,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AACjE,YAAY,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AACjE,YAAY,EAAE,eAAe,EAAE,MAAM,mCAAmC,CAAC;AACzE,OAAO,EAAE,kBAAkB,EAAE,MAAM,kCAAkC,CAAC;AAGtE,OAAO,EAAE,oBAAoB,EAAE,MAAM,iDAAiD,CAAC;AACvF,OAAO,EAAE,2BAA2B,EAAE,MAAM,2DAA2D,CAAC"}

package/lib/sdks/nodejs/src/index.js

@@ -0,0 +1,11 @@
+// Domain
+// Application
+export { Envilder } from './application/envilder.js';
+export { EnvilderClient } from './application/envilder-client.js';
+export { MapFileParser } from './application/map-file-parser.js';
+export { SecretValidationError, validateSecrets, } from './application/secret-validation.js';
+export { SecretProviderType } from './domain/secret-provider-type.js';
+// Infrastructure (for advanced usage)
+export { AwsSsmSecretProvider } from './infrastructure/aws/aws-ssm-secret-provider.js';
+export { AzureKeyVaultSecretProvider } from './infrastructure/azure/azure-key-vault-secret-provider.js';
+//# sourceMappingURL=index.js.map

package/lib/sdks/nodejs/src/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/sdks/nodejs/src/index.ts"],"names":[],"mappings":"AAAA,SAAS;AAET,cAAc;AACd,OAAO,EAAE,QAAQ,EAAE,MAAM,2BAA2B,CAAC;AACrD,OAAO,EAAE,cAAc,EAAE,MAAM,kCAAkC,CAAC;AAClE,OAAO,EAAE,aAAa,EAAE,MAAM,kCAAkC,CAAC;AACjE,OAAO,EACL,qBAAqB,EACrB,eAAe,GAChB,MAAM,oCAAoC,CAAC;AAK5C,OAAO,EAAE,kBAAkB,EAAE,MAAM,kCAAkC,CAAC;AAEtE,sCAAsC;AACtC,OAAO,EAAE,oBAAoB,EAAE,MAAM,iDAAiD,CAAC;AACvF,OAAO,EAAE,2BAA2B,EAAE,MAAM,2DAA2D,CAAC"}

package/lib/sdks/nodejs/src/infrastructure/aws/aws-ssm-secret-provider.d.ts

@@ -0,0 +1,17 @@
+import { type SSMClient } from '@aws-sdk/client-ssm';
+import type { ISecretProvider } from '../../domain/ports/secret-provider.js';
+/**
+ * {@link ISecretProvider} backed by AWS SSM Parameter Store.
+ *
+ * Parameters are retrieved with decryption enabled so that
+ * SecureString values are returned in plain text.
+ *
+ * SSM supports fetching up to 10 parameters per request,
+ * so names are chunked into batches automatically.
+ */
+export declare class AwsSsmSecretProvider implements ISecretProvider {
+    private readonly ssmClient;
+    constructor(ssmClient: SSMClient);
+    getSecrets(names: string[]): Promise<Map<string, string>>;
+}
+//# sourceMappingURL=aws-ssm-secret-provider.d.ts.map

package/lib/sdks/nodejs/src/infrastructure/aws/aws-ssm-secret-provider.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"aws-ssm-secret-provider.d.ts","sourceRoot":"","sources":["../../../../../../src/sdks/nodejs/src/infrastructure/aws/aws-ssm-secret-provider.ts"],"names":[],"mappings":"AAAA,OAAO,EAAwB,KAAK,SAAS,EAAE,MAAM,qBAAqB,CAAC;AAC3E,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,uCAAuC,CAAC;AAI7E;;;;;;;;GAQG;AACH,qBAAa,oBAAqB,YAAW,eAAe;IAC1D,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAY;gBAE1B,SAAS,EAAE,SAAS;IAO1B,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CA8BhE"}

package/lib/sdks/nodejs/src/infrastructure/aws/aws-ssm-secret-provider.js

@@ -0,0 +1,56 @@
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+import { GetParametersCommand } from '@aws-sdk/client-ssm';
+const SSM_BATCH_SIZE = 10;
+/**
+ * {@link ISecretProvider} backed by AWS SSM Parameter Store.
+ *
+ * Parameters are retrieved with decryption enabled so that
+ * SecureString values are returned in plain text.
+ *
+ * SSM supports fetching up to 10 parameters per request,
+ * so names are chunked into batches automatically.
+ */
+export class AwsSsmSecretProvider {
+    constructor(ssmClient) {
+        if (!ssmClient) {
+            throw new Error('ssmClient cannot be null');
+        }
+        this.ssmClient = ssmClient;
+    }
+    getSecrets(names) {
+        return __awaiter(this, void 0, void 0, function* () {
+            var _a;
+            const result = new Map();
+            if (names.length === 0) {
+                return result;
+            }
+            for (const name of names) {
+                if (!(name === null || name === void 0 ? void 0 : name.trim())) {
+                    throw new Error('Secret name cannot be null or whitespace');
+                }
+            }
+            for (let i = 0; i < names.length; i += SSM_BATCH_SIZE) {
+                const batch = names.slice(i, i + SSM_BATCH_SIZE);
+                const response = yield this.ssmClient.send(new GetParametersCommand({
+                    Names: batch,
+                    WithDecryption: true,
+                }));
+                for (const param of (_a = response.Parameters) !== null && _a !== void 0 ? _a : []) {
+                    if (param.Name && param.Value != null) {
+                        result.set(param.Name, param.Value);
+                    }
+                }
+            }
+            return result;
+        });
+    }
+}
+//# sourceMappingURL=aws-ssm-secret-provider.js.map

package/lib/sdks/nodejs/src/infrastructure/aws/aws-ssm-secret-provider.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"aws-ssm-secret-provider.js","sourceRoot":"","sources":["../../../../../../src/sdks/nodejs/src/infrastructure/aws/aws-ssm-secret-provider.ts"],"names":[],"mappings":";;;;;;;;;AAAA,OAAO,EAAE,oBAAoB,EAAkB,MAAM,qBAAqB,CAAC;AAG3E,MAAM,cAAc,GAAG,EAAE,CAAC;AAE1B;;;;;;;;GAQG;AACH,MAAM,OAAO,oBAAoB;IAG/B,YAAY,SAAoB;QAC9B,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;QAC9C,CAAC;QACD,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;IAC7B,CAAC;IAEK,UAAU,CAAC,KAAe;;;YAC9B,MAAM,MAAM,GAAG,IAAI,GAAG,EAAkB,CAAC;YACzC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACvB,OAAO,MAAM,CAAC;YAChB,CAAC;YAED,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,IAAI,CAAC,CAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,IAAI,EAAE,CAAA,EAAE,CAAC;oBAClB,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;gBAC9D,CAAC;YACH,CAAC;YAED,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,IAAI,cAAc,EAAE,CAAC;gBACtD,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,cAAc,CAAC,CAAC;gBACjD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,IAAI,CACxC,IAAI,oBAAoB,CAAC;oBACvB,KAAK,EAAE,KAAK;oBACZ,cAAc,EAAE,IAAI;iBACrB,CAAC,CACH,CAAC;gBAEF,KAAK,MAAM,KAAK,IAAI,MAAA,QAAQ,CAAC,UAAU,mCAAI,EAAE,EAAE,CAAC;oBAC9C,IAAI,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,KAAK,IAAI,IAAI,EAAE,CAAC;wBACtC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;oBACtC,CAAC;gBACH,CAAC;YACH,CAAC;YAED,OAAO,MAAM,CAAC;QAChB,CAAC;KAAA;CACF"}

package/lib/sdks/nodejs/src/infrastructure/azure/azure-key-vault-secret-provider.d.ts

@@ -0,0 +1,15 @@
+import type { SecretClient } from '@azure/keyvault-secrets';
+import type { ISecretProvider } from '../../domain/ports/secret-provider.js';
+/**
+ * {@link ISecretProvider} backed by Azure Key Vault.
+ *
+ * Secrets are fetched in parallel. Secrets that return HTTP 404
+ * are treated as missing and silently omitted from the result.
+ */
+export declare class AzureKeyVaultSecretProvider implements ISecretProvider {
+    private readonly secretClient;
+    constructor(secretClient: SecretClient);
+    getSecrets(names: string[]): Promise<Map<string, string>>;
+    private fetchSecret;
+}
+//# sourceMappingURL=azure-key-vault-secret-provider.d.ts.map

package/lib/sdks/nodejs/src/infrastructure/azure/azure-key-vault-secret-provider.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"azure-key-vault-secret-provider.d.ts","sourceRoot":"","sources":["../../../../../../src/sdks/nodejs/src/infrastructure/azure/azure-key-vault-secret-provider.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,uCAAuC,CAAC;AAE7E;;;;;GAKG;AACH,qBAAa,2BAA4B,YAAW,eAAe;IACjE,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAe;gBAEhC,YAAY,EAAE,YAAY;IAOhC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;YA4BjD,WAAW;CAW1B"}

package/lib/sdks/nodejs/src/infrastructure/azure/azure-key-vault-secret-provider.js

@@ -0,0 +1,68 @@
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+/**
+ * {@link ISecretProvider} backed by Azure Key Vault.
+ *
+ * Secrets are fetched in parallel. Secrets that return HTTP 404
+ * are treated as missing and silently omitted from the result.
+ */
+export class AzureKeyVaultSecretProvider {
+    constructor(secretClient) {
+        if (!secretClient) {
+            throw new Error('secretClient cannot be null');
+        }
+        this.secretClient = secretClient;
+    }
+    getSecrets(names) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const result = new Map();
+            if (names.length === 0) {
+                return result;
+            }
+            for (const name of names) {
+                if (!(name === null || name === void 0 ? void 0 : name.trim())) {
+                    throw new Error('Secret name cannot be null or empty');
+                }
+            }
+            const entries = yield Promise.all(names.map((name) => __awaiter(this, void 0, void 0, function* () {
+                const value = yield this.fetchSecret(name);
+                return [name, value];
+            })));
+            for (const [name, value] of entries) {
+                if (value !== null) {
+                    result.set(name, value);
+                }
+            }
+            return result;
+        });
+    }
+    fetchSecret(name) {
+        return __awaiter(this, void 0, void 0, function* () {
+            var _a;
+            try {
+                const response = yield this.secretClient.getSecret(name);
+                return (_a = response.value) !== null && _a !== void 0 ? _a : null;
+            }
+            catch (error) {
+                if (isNotFound(error)) {
+                    return null;
+                }
+                throw error;
+            }
+        });
+    }
+}
+function isNotFound(error) {
+    return (typeof error === 'object' &&
+        error !== null &&
+        'statusCode' in error &&
+        error.statusCode === 404);
+}
+//# sourceMappingURL=azure-key-vault-secret-provider.js.map

package/lib/sdks/nodejs/src/infrastructure/azure/azure-key-vault-secret-provider.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"azure-key-vault-secret-provider.js","sourceRoot":"","sources":["../../../../../../src/sdks/nodejs/src/infrastructure/azure/azure-key-vault-secret-provider.ts"],"names":[],"mappings":";;;;;;;;;AAGA;;;;;GAKG;AACH,MAAM,OAAO,2BAA2B;IAGtC,YAAY,YAA0B;QACpC,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;QACjD,CAAC;QACD,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;IACnC,CAAC;IAEK,UAAU,CAAC,KAAe;;YAC9B,MAAM,MAAM,GAAG,IAAI,GAAG,EAAkB,CAAC;YACzC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACvB,OAAO,MAAM,CAAC;YAChB,CAAC;YAED,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,IAAI,CAAC,CAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,IAAI,EAAE,CAAA,EAAE,CAAC;oBAClB,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;gBACzD,CAAC;YACH,CAAC;YAED,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAC/B,KAAK,CAAC,GAAG,CAAC,CAAO,IAAI,EAAE,EAAE;gBACvB,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;gBAC3C,OAAO,CAAC,IAAI,EAAE,KAAK,CAAU,CAAC;YAChC,CAAC,CAAA,CAAC,CACH,CAAC;YAEF,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,OAAO,EAAE,CAAC;gBACpC,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;oBACnB,MAAM,CAAC,GAAG,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;gBAC1B,CAAC;YACH,CAAC;YAED,OAAO,MAAM,CAAC;QAChB,CAAC;KAAA;IAEa,WAAW,CAAC,IAAY;;;YACpC,IAAI,CAAC;gBACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;gBACzD,OAAO,MAAA,QAAQ,CAAC,KAAK,mCAAI,IAAI,CAAC;YAChC,CAAC;YAAC,OAAO,KAAc,EAAE,CAAC;gBACxB,IAAI,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;oBACtB,OAAO,IAAI,CAAC;gBACd,CAAC;gBACD,MAAM,KAAK,CAAC;YACd,CAAC;QACH,CAAC;KAAA;CACF;AAED,SAAS,UAAU,CAAC,KAAc;IAChC,OAAO,CACL,OAAO,KAAK,KAAK,QAAQ;QACzB,KAAK,KAAK,IAAI;QACd,YAAY,IAAI,KAAK;QACpB,KAAgC,CAAC,UAAU,KAAK,GAAG,CACrD,CAAC;AACJ,CAAC"}

package/lib/sdks/nodejs/src/infrastructure/secret-provider-factory.d.ts

@@ -0,0 +1,5 @@
+import type { EnvilderOptions } from '../domain/envilder-options.js';
+import type { MapFileConfig } from '../domain/map-file-config.js';
+import type { ISecretProvider } from '../domain/ports/secret-provider.js';
+export declare function createSecretProvider(config: MapFileConfig, options?: EnvilderOptions): ISecretProvider;
+//# sourceMappingURL=secret-provider-factory.d.ts.map

package/lib/sdks/nodejs/src/infrastructure/secret-provider-factory.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"secret-provider-factory.d.ts","sourceRoot":"","sources":["../../../../../src/sdks/nodejs/src/infrastructure/secret-provider-factory.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;AACrE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,8BAA8B,CAAC;AAClE,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,oCAAoC,CAAC;AAK1E,wBAAgB,oBAAoB,CAClC,MAAM,EAAE,aAAa,EACrB,OAAO,CAAC,EAAE,eAAe,GACxB,eAAe,CAmBjB"}

package/lib/sdks/nodejs/src/infrastructure/secret-provider-factory.js

@@ -0,0 +1,42 @@
+import { SSMClient } from '@aws-sdk/client-ssm';
+import { fromIni } from '@aws-sdk/credential-providers';
+import { DefaultAzureCredential } from '@azure/identity';
+import { SecretClient } from '@azure/keyvault-secrets';
+import { SecretProviderType } from '../domain/secret-provider-type.js';
+import { AwsSsmSecretProvider } from './aws/aws-ssm-secret-provider.js';
+import { AzureKeyVaultSecretProvider } from './azure/azure-key-vault-secret-provider.js';
+export function createSecretProvider(config, options) {
+    var _a, _b, _c;
+    const provider = (_a = options === null || options === void 0 ? void 0 : options.provider) !== null && _a !== void 0 ? _a : config.provider;
+    const profile = normalize((_b = options === null || options === void 0 ? void 0 : options.profile) !== null && _b !== void 0 ? _b : config.profile);
+    const vaultUrl = normalize((_c = options === null || options === void 0 ? void 0 : options.vaultUrl) !== null && _c !== void 0 ? _c : config.vaultUrl);
+    const isAzure = provider === SecretProviderType.Azure;
+    if (isAzure && profile) {
+        throw new Error('AWS profile cannot be used with Azure Key Vault provider');
+    }
+    if (!isAzure && vaultUrl) {
+        throw new Error('Vault URL cannot be used with AWS SSM provider');
+    }
+    if (isAzure) {
+        return createAzureProvider(vaultUrl);
+    }
+    return createAwsProvider(profile);
+}
+function createAzureProvider(vaultUrl) {
+    if (!(vaultUrl === null || vaultUrl === void 0 ? void 0 : vaultUrl.trim())) {
+        throw new Error('Vault URL must be provided for Azure Key Vault provider');
+    }
+    const credential = new DefaultAzureCredential();
+    const client = new SecretClient(vaultUrl, credential);
+    return new AzureKeyVaultSecretProvider(client);
+}
+function createAwsProvider(profile) {
+    const clientOptions = profile ? { credentials: fromIni({ profile }) } : {};
+    const client = new SSMClient(clientOptions);
+    return new AwsSsmSecretProvider(client);
+}
+function normalize(value) {
+    const trimmed = value === null || value === void 0 ? void 0 : value.trim();
+    return trimmed || undefined;
+}
+//# sourceMappingURL=secret-provider-factory.js.map

package/lib/sdks/nodejs/src/infrastructure/secret-provider-factory.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"secret-provider-factory.js","sourceRoot":"","sources":["../../../../../src/sdks/nodejs/src/infrastructure/secret-provider-factory.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAC;AAChD,OAAO,EAAE,OAAO,EAAE,MAAM,+BAA+B,CAAC;AACxD,OAAO,EAAE,sBAAsB,EAAE,MAAM,iBAAiB,CAAC;AACzD,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AAIvD,OAAO,EAAE,kBAAkB,EAAE,MAAM,mCAAmC,CAAC;AACvE,OAAO,EAAE,oBAAoB,EAAE,MAAM,kCAAkC,CAAC;AACxE,OAAO,EAAE,2BAA2B,EAAE,MAAM,4CAA4C,CAAC;AAEzF,MAAM,UAAU,oBAAoB,CAClC,MAAqB,EACrB,OAAyB;;IAEzB,MAAM,QAAQ,GAAG,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,QAAQ,mCAAI,MAAM,CAAC,QAAQ,CAAC;IACtD,MAAM,OAAO,GAAG,SAAS,CAAC,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,OAAO,mCAAI,MAAM,CAAC,OAAO,CAAC,CAAC;IAC9D,MAAM,QAAQ,GAAG,SAAS,CAAC,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,QAAQ,mCAAI,MAAM,CAAC,QAAQ,CAAC,CAAC;IACjE,MAAM,OAAO,GAAG,QAAQ,KAAK,kBAAkB,CAAC,KAAK,CAAC;IAEtD,IAAI,OAAO,IAAI,OAAO,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;IAC9E,CAAC;IAED,IAAI,CAAC,OAAO,IAAI,QAAQ,EAAE,CAAC;QACzB,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;IACpE,CAAC;IAED,IAAI,OAAO,EAAE,CAAC;QACZ,OAAO,mBAAmB,CAAC,QAAQ,CAAC,CAAC;IACvC,CAAC;IAED,OAAO,iBAAiB,CAAC,OAAO,CAAC,CAAC;AACpC,CAAC;AAED,SAAS,mBAAmB,CAC1B,QAA4B;IAE5B,IAAI,CAAC,CAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,IAAI,EAAE,CAAA,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC;IAC7E,CAAC;IAED,MAAM,UAAU,GAAG,IAAI,sBAAsB,EAAE,CAAC;IAChD,MAAM,MAAM,GAAG,IAAI,YAAY,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;IACtD,OAAO,IAAI,2BAA2B,CAAC,MAAM,CAAC,CAAC;AACjD,CAAC;AAED,SAAS,iBAAiB,CAAC,OAA2B;IACpD,MAAM,aAAa,GAAG,OAAO,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,OAAO,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IAC3E,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC,aAAa,CAAC,CAAC;IAC5C,OAAO,IAAI,oBAAoB,CAAC,MAAM,CAAC,CAAC;AAC1C,CAAC;AAED,SAAS,SAAS,CAAC,KAAyB;IAC1C,MAAM,OAAO,GAAG,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,IAAI,EAAE,CAAC;IAC9B,OAAO,OAAO,IAAI,SAAS,CAAC;AAC9B,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "envilder",
-  "version": "0.9.3",
+  "version": "0.9.4",
   "description": "A CLI and GitHub Action that securely centralizes your environment variables from AWS SSM or Azure Key Vault as a single source of truth",
   "homepage": "https://envilder.com",
   "author": {
@@ -25,9 +25,9 @@
     "verify:gha": "pnpm build:gha && git diff --exit-code github-action/dist/index.js || (echo '❌ github-action/dist/index.js is not up to date. Run pnpm build:gha' && exit 1)",
     "local:install": "pnpm build && node --loader ts-node/esm scripts/pack-and-install.ts",
     "local:test-run": "pnpm build && node lib/envilder/apps/cli/Index.js --map=tests/sample/param-map.json --envfile=tests/sample/autogenerated.env",
-    "format": "biome format",
-    "format:write": "biome format --write",
-    "lint": "secretlint \"**/*\" && biome check --write && tsc --noEmit",
+    "format": "biome check --write --unsafe && biome format --write",
+    "format:check": "biome check && biome format",
+    "lint": "secretlint \"**/*\" && biome check && tsc --noEmit",
     "lint:fix": "biome lint --fix",
     "test": "vitest run --reporter=verbose --coverage",
     "test:ci": "vitest run --reporter=verbose --reporter=junit --coverage --outputFile=coverage/junit/test-results.xml",
@@ -81,6 +81,7 @@
     "LICENSE",
     "ROADMAP.md",
     "docs/CHANGELOG.md",
+    "docs/changelogs/**",
     "docs/SECURITY.md"
   ],
   "type": "module",
@@ -100,14 +101,14 @@
     "@biomejs/biome": "catalog:",
     "@commitlint/cli": "^20.5.0",
     "@commitlint/config-conventional": "^20.5.0",
-    "@secretlint/secretlint-rule-preset-recommend": "^11.4.0",
+    "@secretlint/secretlint-rule-preset-recommend": "^12.3.1",
     "@testcontainers/localstack": "^11.13.0",
     "@types/node": "catalog:",
     "@vercel/ncc": "^0.38.4",
     "@vitest/coverage-v8": "catalog:",
     "glob": "^13.0.6",
     "lefthook": "^2.1.4",
-    "secretlint": "^11.4.0",
+    "secretlint": "^12.3.1",
     "testcontainers": "^11.13.0",
     "ts-node": "catalog:",
     "tsx": "^4.21.0",
@@ -129,7 +130,8 @@
     "overrides": {
       "defu": ">=6.1.5",
       "lodash": ">=4.18.0",
-      "vite": ">=7.3.2"
+      "vite": "^7.3.2",
+      "yaml": ">=2.8.3"
     }
   }
 }