envpkt 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/LICENSE +21 -0
  2. package/README.md +507 -0
  3. package/dist/cli.js +2254 -0
  4. package/dist/index.d.ts +392 -0
  5. package/dist/index.js +1769 -0
  6. package/package.json +71 -0
  7. package/schemas/envpkt.schema.json +211 -0
package/package.json ADDED
@@ -0,0 +1,71 @@
1
+ {
2
+ "name": "envpkt",
3
+ "version": "0.1.0",
4
+ "description": "Credential lifecycle and fleet management for AI agents",
5
+ "keywords": [
6
+ "credentials",
7
+ "secrets",
8
+ "ai-agents",
9
+ "mcp",
10
+ "toml",
11
+ "fleet-management"
12
+ ],
13
+ "author": "jordan.burke@gmail.com",
14
+ "license": "Apache-2.0",
15
+ "homepage": "https://github.com/jordanburke/envpkt",
16
+ "repository": {
17
+ "type": "git",
18
+ "url": "https://github.com/jordanburke/envpkt"
19
+ },
20
+ "bin": {
21
+ "envpkt": "dist/cli.js"
22
+ },
23
+ "dependencies": {
24
+ "@modelcontextprotocol/sdk": "^1.27.1",
25
+ "@sinclair/typebox": "^0.34.48",
26
+ "commander": "^14.0.3",
27
+ "functype": "^0.48.0",
28
+ "smol-toml": "^1.6.0"
29
+ },
30
+ "devDependencies": {
31
+ "@types/node": "^24.10.15",
32
+ "ts-builds": "^2.5.0",
33
+ "tsdown": "^0.20.3",
34
+ "tsx": "^4.21.0"
35
+ },
36
+ "type": "module",
37
+ "main": "./dist/index.js",
38
+ "module": "./dist/index.js",
39
+ "types": "./dist/index.d.ts",
40
+ "exports": {
41
+ ".": {
42
+ "types": "./dist/index.d.ts",
43
+ "import": "./dist/index.js",
44
+ "default": "./dist/index.js"
45
+ },
46
+ "./schema": "./schemas/envpkt.schema.json"
47
+ },
48
+ "files": [
49
+ "lib",
50
+ "dist",
51
+ "schemas"
52
+ ],
53
+ "prettier": "ts-builds/prettier",
54
+ "scripts": {
55
+ "validate": "ts-builds validate",
56
+ "format": "ts-builds format",
57
+ "format:check": "ts-builds format:check",
58
+ "lint": "ts-builds lint",
59
+ "lint:check": "ts-builds lint:check",
60
+ "typecheck": "ts-builds typecheck",
61
+ "test": "ts-builds test",
62
+ "test:watch": "ts-builds test:watch",
63
+ "test:coverage": "ts-builds test:coverage",
64
+ "build": "ts-builds build",
65
+ "build:schema": "tsx scripts/build-schema.ts",
66
+ "demo": "tsx scripts/generate-demo-html.ts",
67
+ "dev": "ts-builds dev",
68
+ "docs:dev": "pnpm --dir site dev",
69
+ "docs:build": "pnpm --dir site build"
70
+ }
71
+ }
package/schemas/envpkt.schema.json ADDED
@@ -0,0 +1,211 @@
1
+ {
2
+ "$schema": "http://json-schema.org/draft-07/schema#",
3
+ "$id": "envpkt",
4
+ "title": "envpkt configuration",
5
+ "description": "Credential lifecycle and fleet management configuration for AI agents",
6
+ "type": "object",
7
+ "required": [
8
+ "version",
9
+ "meta"
10
+ ],
11
+ "properties": {
12
+ "version": {
13
+ "description": "Schema version number",
14
+ "default": 1,
15
+ "type": "number"
16
+ },
17
+ "catalog": {
18
+ "description": "Path to shared secret catalog (relative to this config file)",
19
+ "type": "string"
20
+ },
21
+ "agent": {
22
+ "description": "Identity and capabilities of the AI agent using this envpkt",
23
+ "type": "object",
24
+ "required": [
25
+ "name"
26
+ ],
27
+ "properties": {
28
+ "name": {
29
+ "description": "Agent display name",
30
+ "type": "string"
31
+ },
32
+ "consumer": {
33
+ "description": "Classification of the agent's consumer type",
34
+ "anyOf": [
35
+ {
36
+ "const": "agent",
37
+ "type": "string"
38
+ },
39
+ {
40
+ "const": "service",
41
+ "type": "string"
42
+ },
43
+ {
44
+ "const": "developer",
45
+ "type": "string"
46
+ },
47
+ {
48
+ "const": "ci",
49
+ "type": "string"
50
+ }
51
+ ]
52
+ },
53
+ "description": {
54
+ "description": "Agent description or role",
55
+ "type": "string"
56
+ },
57
+ "capabilities": {
58
+ "description": "List of capabilities this agent provides",
59
+ "type": "array",
60
+ "items": {
61
+ "type": "string"
62
+ }
63
+ },
64
+ "expires": {
65
+ "format": "date",
66
+ "description": "Agent credential expiration date (YYYY-MM-DD)",
67
+ "type": "string"
68
+ },
69
+ "services": {
70
+ "description": "Service dependencies for this agent",
71
+ "type": "array",
72
+ "items": {
73
+ "type": "string"
74
+ }
75
+ },
76
+ "identity": {
77
+ "description": "Path to encrypted agent key file (relative to config directory)",
78
+ "type": "string"
79
+ },
80
+ "recipient": {
81
+ "description": "Agent's age public key for encryption",
82
+ "type": "string"
83
+ },
84
+ "secrets": {
85
+ "description": "Secret keys this agent needs from the catalog",
86
+ "type": "array",
87
+ "items": {
88
+ "type": "string"
89
+ }
90
+ }
91
+ }
92
+ },
93
+ "meta": {
94
+ "description": "Per-secret metadata keyed by secret name",
95
+ "type": "object",
96
+ "patternProperties": {
97
+ "^(.*)$": {
98
+ "description": "Metadata about a single secret",
99
+ "type": "object",
100
+ "properties": {
101
+ "service": {
102
+ "description": "Service or system this secret authenticates to",
103
+ "type": "string"
104
+ },
105
+ "expires": {
106
+ "format": "date",
107
+ "description": "Date the secret expires (YYYY-MM-DD)",
108
+ "type": "string"
109
+ },
110
+ "rotation_url": {
111
+ "format": "uri",
112
+ "description": "URL or reference for secret rotation procedure",
113
+ "type": "string"
114
+ },
115
+ "purpose": {
116
+ "description": "Why this secret exists and what it enables",
117
+ "type": "string"
118
+ },
119
+ "capabilities": {
120
+ "description": "What operations this secret grants (e.g. read, write, admin)",
121
+ "type": "array",
122
+ "items": {
123
+ "type": "string"
124
+ }
125
+ },
126
+ "created": {
127
+ "format": "date",
128
+ "description": "Date the secret was provisioned (YYYY-MM-DD)",
129
+ "type": "string"
130
+ },
131
+ "rotates": {
132
+ "description": "Rotation schedule (e.g. '90d', 'quarterly')",
133
+ "type": "string"
134
+ },
135
+ "rate_limit": {
136
+ "description": "Rate limit or quota info (e.g. '1000/min')",
137
+ "type": "string"
138
+ },
139
+ "model_hint": {
140
+ "description": "Suggested model or tier for this credential",
141
+ "type": "string"
142
+ },
143
+ "source": {
144
+ "description": "Where the secret value originates (e.g. 'vault', 'ci')",
145
+ "type": "string"
146
+ },
147
+ "required": {
148
+ "description": "Whether this secret is required for operation",
149
+ "type": "boolean"
150
+ },
151
+ "tags": {
152
+ "description": "Key-value tags for grouping and filtering",
153
+ "type": "object",
154
+ "patternProperties": {
155
+ "^(.*)$": {
156
+ "type": "string"
157
+ }
158
+ }
159
+ }
160
+ }
161
+ }
162
+ }
163
+ },
164
+ "lifecycle": {
165
+ "description": "Policy configuration for credential lifecycle management",
166
+ "type": "object",
167
+ "properties": {
168
+ "stale_warning_days": {
169
+ "default": 90,
170
+ "description": "Days since creation to consider a secret stale",
171
+ "type": "number"
172
+ },
173
+ "require_expiration": {
174
+ "default": false,
175
+ "description": "Require expires on all secrets",
176
+ "type": "boolean"
177
+ },
178
+ "require_service": {
179
+ "default": false,
180
+ "description": "Require service on all secrets",
181
+ "type": "boolean"
182
+ }
183
+ }
184
+ },
185
+ "callbacks": {
186
+ "description": "Automation callbacks for lifecycle events",
187
+ "type": "object",
188
+ "properties": {
189
+ "on_expiring": {
190
+ "description": "Command or webhook to invoke when secrets are expiring",
191
+ "type": "string"
192
+ },
193
+ "on_expired": {
194
+ "description": "Command or webhook to invoke when secrets have expired",
195
+ "type": "string"
196
+ },
197
+ "on_audit_fail": {
198
+ "description": "Command or webhook on audit failure",
199
+ "type": "string"
200
+ }
201
+ }
202
+ },
203
+ "tools": {
204
+ "description": "Tool integration configuration — open namespace for third-party extensions",
205
+ "type": "object",
206
+ "patternProperties": {
207
+ "^(.*)$": {}
208
+ }
209
+ }
210
+ }
211
+ }