envpkt 0.11.1 → 0.11.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.js +616 -294
- package/dist/index.d.ts +100 -112
- package/dist/index.js +158 -209
- package/package.json +8 -8
- package/schemas/envpkt.schema.json +5 -0
package/dist/index.d.ts
CHANGED
|
@@ -1,4 +1,3 @@
|
|
|
1
|
-
import * as _$_sinclair_typebox0 from "@sinclair/typebox";
|
|
2
1
|
import { Static } from "@sinclair/typebox";
|
|
3
2
|
import { Either, List, Option } from "functype";
|
|
4
3
|
import { DirectLogger, DirectTestLoggerHandle, createDirectConsoleLogger, createDirectTestLogger, directSilentLogger } from "functype-log/direct";
|
|
@@ -7,121 +6,123 @@ import { CallToolResult, ReadResourceResult, Resource } from "@modelcontextproto
|
|
|
7
6
|
import { DirectLogger as DirectLogger$1, LogEntry, LogLevel, LogMetadata } from "functype-log";
|
|
8
7
|
|
|
9
8
|
//#region src/core/schema.d.ts
|
|
10
|
-
declare const ConsumerType:
|
|
9
|
+
declare const ConsumerType: import("@sinclair/typebox").TUnion<[import("@sinclair/typebox").TLiteral<"agent">, import("@sinclair/typebox").TLiteral<"service">, import("@sinclair/typebox").TLiteral<"developer">, import("@sinclair/typebox").TLiteral<"ci">]>;
|
|
11
10
|
type ConsumerType = Static<typeof ConsumerType>;
|
|
12
|
-
declare const IdentitySchema:
|
|
13
|
-
name:
|
|
14
|
-
consumer:
|
|
15
|
-
description:
|
|
16
|
-
capabilities:
|
|
17
|
-
expires:
|
|
18
|
-
services:
|
|
19
|
-
key_file:
|
|
20
|
-
recipient:
|
|
21
|
-
secrets:
|
|
11
|
+
declare const IdentitySchema: import("@sinclair/typebox").TObject<{
|
|
12
|
+
name: import("@sinclair/typebox").TString;
|
|
13
|
+
consumer: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TUnion<[import("@sinclair/typebox").TLiteral<"agent">, import("@sinclair/typebox").TLiteral<"service">, import("@sinclair/typebox").TLiteral<"developer">, import("@sinclair/typebox").TLiteral<"ci">]>>;
|
|
14
|
+
description: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
|
|
15
|
+
capabilities: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TArray<import("@sinclair/typebox").TString>>;
|
|
16
|
+
expires: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
|
|
17
|
+
services: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TArray<import("@sinclair/typebox").TString>>;
|
|
18
|
+
key_file: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
|
|
19
|
+
recipient: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
|
|
20
|
+
secrets: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TArray<import("@sinclair/typebox").TString>>;
|
|
22
21
|
}>;
|
|
23
22
|
type Identity = Static<typeof IdentitySchema>;
|
|
24
23
|
/** @deprecated Use `IdentitySchema` instead */
|
|
25
|
-
declare const AgentIdentitySchema:
|
|
26
|
-
name:
|
|
27
|
-
consumer:
|
|
28
|
-
description:
|
|
29
|
-
capabilities:
|
|
30
|
-
expires:
|
|
31
|
-
services:
|
|
32
|
-
key_file:
|
|
33
|
-
recipient:
|
|
34
|
-
secrets:
|
|
24
|
+
declare const AgentIdentitySchema: import("@sinclair/typebox").TObject<{
|
|
25
|
+
name: import("@sinclair/typebox").TString;
|
|
26
|
+
consumer: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TUnion<[import("@sinclair/typebox").TLiteral<"agent">, import("@sinclair/typebox").TLiteral<"service">, import("@sinclair/typebox").TLiteral<"developer">, import("@sinclair/typebox").TLiteral<"ci">]>>;
|
|
27
|
+
description: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
|
|
28
|
+
capabilities: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TArray<import("@sinclair/typebox").TString>>;
|
|
29
|
+
expires: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
|
|
30
|
+
services: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TArray<import("@sinclair/typebox").TString>>;
|
|
31
|
+
key_file: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
|
|
32
|
+
recipient: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
|
|
33
|
+
secrets: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TArray<import("@sinclair/typebox").TString>>;
|
|
35
34
|
}>;
|
|
36
|
-
declare const SecretMetaSchema:
|
|
37
|
-
service:
|
|
38
|
-
expires:
|
|
39
|
-
rotation_url:
|
|
40
|
-
purpose:
|
|
41
|
-
comment:
|
|
42
|
-
capabilities:
|
|
43
|
-
created:
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
35
|
+
declare const SecretMetaSchema: import("@sinclair/typebox").TObject<{
|
|
36
|
+
service: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
|
|
37
|
+
expires: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
|
|
38
|
+
rotation_url: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
|
|
39
|
+
purpose: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
|
|
40
|
+
comment: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
|
|
41
|
+
capabilities: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TArray<import("@sinclair/typebox").TString>>;
|
|
42
|
+
created: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
|
|
43
|
+
last_rotated_at: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
|
|
44
|
+
rotates: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
|
|
45
|
+
rate_limit: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
|
|
46
|
+
model_hint: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
|
|
47
|
+
source: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
|
|
48
|
+
encrypted_value: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
|
|
49
|
+
from_key: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
|
|
50
|
+
required: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TBoolean>;
|
|
51
|
+
tags: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TRecord<import("@sinclair/typebox").TString, import("@sinclair/typebox").TString>>;
|
|
52
52
|
}>;
|
|
53
53
|
type SecretMeta = Static<typeof SecretMetaSchema>;
|
|
54
|
-
declare const LifecycleConfigSchema:
|
|
55
|
-
stale_warning_days:
|
|
56
|
-
require_expiration:
|
|
57
|
-
require_service:
|
|
54
|
+
declare const LifecycleConfigSchema: import("@sinclair/typebox").TObject<{
|
|
55
|
+
stale_warning_days: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TNumber>;
|
|
56
|
+
require_expiration: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TBoolean>;
|
|
57
|
+
require_service: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TBoolean>;
|
|
58
58
|
}>;
|
|
59
59
|
type LifecycleConfig = Static<typeof LifecycleConfigSchema>;
|
|
60
|
-
declare const CallbackConfigSchema:
|
|
61
|
-
on_expiring:
|
|
62
|
-
on_expired:
|
|
63
|
-
on_audit_fail:
|
|
60
|
+
declare const CallbackConfigSchema: import("@sinclair/typebox").TObject<{
|
|
61
|
+
on_expiring: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
|
|
62
|
+
on_expired: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
|
|
63
|
+
on_audit_fail: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
|
|
64
64
|
}>;
|
|
65
65
|
type CallbackConfig = Static<typeof CallbackConfigSchema>;
|
|
66
|
-
declare const ToolsConfigSchema:
|
|
66
|
+
declare const ToolsConfigSchema: import("@sinclair/typebox").TRecord<import("@sinclair/typebox").TString, import("@sinclair/typebox").TUnknown>;
|
|
67
67
|
type ToolsConfig = Static<typeof ToolsConfigSchema>;
|
|
68
|
-
declare const EnvMetaSchema:
|
|
69
|
-
value:
|
|
70
|
-
from_key:
|
|
71
|
-
purpose:
|
|
72
|
-
comment:
|
|
73
|
-
tags:
|
|
68
|
+
declare const EnvMetaSchema: import("@sinclair/typebox").TObject<{
|
|
69
|
+
value: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
|
|
70
|
+
from_key: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
|
|
71
|
+
purpose: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
|
|
72
|
+
comment: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
|
|
73
|
+
tags: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TRecord<import("@sinclair/typebox").TString, import("@sinclair/typebox").TString>>;
|
|
74
74
|
}>;
|
|
75
75
|
type EnvMeta = Static<typeof EnvMetaSchema>;
|
|
76
|
-
declare const EnvpktConfigSchema:
|
|
77
|
-
version:
|
|
78
|
-
catalog:
|
|
79
|
-
identity:
|
|
80
|
-
name:
|
|
81
|
-
consumer:
|
|
82
|
-
description:
|
|
83
|
-
capabilities:
|
|
84
|
-
expires:
|
|
85
|
-
services:
|
|
86
|
-
key_file:
|
|
87
|
-
recipient:
|
|
88
|
-
secrets:
|
|
76
|
+
declare const EnvpktConfigSchema: import("@sinclair/typebox").TObject<{
|
|
77
|
+
version: import("@sinclair/typebox").TNumber;
|
|
78
|
+
catalog: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
|
|
79
|
+
identity: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TObject<{
|
|
80
|
+
name: import("@sinclair/typebox").TString;
|
|
81
|
+
consumer: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TUnion<[import("@sinclair/typebox").TLiteral<"agent">, import("@sinclair/typebox").TLiteral<"service">, import("@sinclair/typebox").TLiteral<"developer">, import("@sinclair/typebox").TLiteral<"ci">]>>;
|
|
82
|
+
description: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
|
|
83
|
+
capabilities: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TArray<import("@sinclair/typebox").TString>>;
|
|
84
|
+
expires: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
|
|
85
|
+
services: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TArray<import("@sinclair/typebox").TString>>;
|
|
86
|
+
key_file: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
|
|
87
|
+
recipient: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
|
|
88
|
+
secrets: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TArray<import("@sinclair/typebox").TString>>;
|
|
89
89
|
}>>;
|
|
90
|
-
secret:
|
|
91
|
-
service:
|
|
92
|
-
expires:
|
|
93
|
-
rotation_url:
|
|
94
|
-
purpose:
|
|
95
|
-
comment:
|
|
96
|
-
capabilities:
|
|
97
|
-
created:
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
90
|
+
secret: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TRecord<import("@sinclair/typebox").TString, import("@sinclair/typebox").TObject<{
|
|
91
|
+
service: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
|
|
92
|
+
expires: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
|
|
93
|
+
rotation_url: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
|
|
94
|
+
purpose: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
|
|
95
|
+
comment: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
|
|
96
|
+
capabilities: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TArray<import("@sinclair/typebox").TString>>;
|
|
97
|
+
created: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
|
|
98
|
+
last_rotated_at: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
|
|
99
|
+
rotates: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
|
|
100
|
+
rate_limit: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
|
|
101
|
+
model_hint: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
|
|
102
|
+
source: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
|
|
103
|
+
encrypted_value: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
|
|
104
|
+
from_key: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
|
|
105
|
+
required: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TBoolean>;
|
|
106
|
+
tags: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TRecord<import("@sinclair/typebox").TString, import("@sinclair/typebox").TString>>;
|
|
106
107
|
}>>>;
|
|
107
|
-
env:
|
|
108
|
-
value:
|
|
109
|
-
from_key:
|
|
110
|
-
purpose:
|
|
111
|
-
comment:
|
|
112
|
-
tags:
|
|
108
|
+
env: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TRecord<import("@sinclair/typebox").TString, import("@sinclair/typebox").TObject<{
|
|
109
|
+
value: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
|
|
110
|
+
from_key: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
|
|
111
|
+
purpose: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
|
|
112
|
+
comment: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
|
|
113
|
+
tags: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TRecord<import("@sinclair/typebox").TString, import("@sinclair/typebox").TString>>;
|
|
113
114
|
}>>>;
|
|
114
|
-
lifecycle:
|
|
115
|
-
stale_warning_days:
|
|
116
|
-
require_expiration:
|
|
117
|
-
require_service:
|
|
115
|
+
lifecycle: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TObject<{
|
|
116
|
+
stale_warning_days: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TNumber>;
|
|
117
|
+
require_expiration: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TBoolean>;
|
|
118
|
+
require_service: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TBoolean>;
|
|
118
119
|
}>>;
|
|
119
|
-
callbacks:
|
|
120
|
-
on_expiring:
|
|
121
|
-
on_expired:
|
|
122
|
-
on_audit_fail:
|
|
120
|
+
callbacks: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TObject<{
|
|
121
|
+
on_expiring: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
|
|
122
|
+
on_expired: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
|
|
123
|
+
on_audit_fail: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
|
|
123
124
|
}>>;
|
|
124
|
-
tools:
|
|
125
|
+
tools: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TRecord<import("@sinclair/typebox").TString, import("@sinclair/typebox").TUnknown>>;
|
|
125
126
|
}>;
|
|
126
127
|
type EnvpktConfig = Static<typeof EnvpktConfigSchema>;
|
|
127
128
|
//#endregion
|
|
@@ -139,6 +140,7 @@ type SecretHealth = {
|
|
|
139
140
|
readonly purpose: Option<string>;
|
|
140
141
|
readonly created: Option<string>;
|
|
141
142
|
readonly expires: Option<string>;
|
|
143
|
+
readonly last_rotated_at: Option<string>;
|
|
142
144
|
readonly issues: List<string>; /** If this entry is an alias (from_key), the reference it points at (e.g. "secret.X") */
|
|
143
145
|
readonly alias_of: Option<string>;
|
|
144
146
|
};
|
|
@@ -405,20 +407,6 @@ declare const resolveSecrets: (agentMeta: Record<string, SecretMeta>, catalogMet
|
|
|
405
407
|
declare const resolveConfig: (agentConfig: EnvpktConfig, agentConfigDir: string) => Either<CatalogError, ResolveResult>;
|
|
406
408
|
//#endregion
|
|
407
409
|
//#region src/core/alias.d.ts
|
|
408
|
-
/**
|
|
409
|
-
* Validate all `from_key` references in a resolved config. Produces an
|
|
410
|
-
* AliasTable mapping each alias to its target, or an AliasError describing
|
|
411
|
-
* the first failure.
|
|
412
|
-
*
|
|
413
|
-
* Rules:
|
|
414
|
-
* - Ref must be "secret.<KEY>" or "env.<KEY>"
|
|
415
|
-
* - Target must exist in the same resolved config
|
|
416
|
-
* - Target must be the same type (secret→secret, env→env only)
|
|
417
|
-
* - Target must not itself be a from_key entry (single hop only)
|
|
418
|
-
* - Self-reference is rejected
|
|
419
|
-
* - An alias entry cannot also carry a value field (encrypted_value for
|
|
420
|
-
* secrets, value for env)
|
|
421
|
-
*/
|
|
422
410
|
declare const validateAliases: (config: EnvpktConfig) => Either<AliasError, AliasTable>;
|
|
423
411
|
/** Does this secret entry point at another entry? */
|
|
424
412
|
declare const isSecretAlias: (meta: {
|
|
@@ -631,4 +619,4 @@ type ToolDef = {
|
|
|
631
619
|
declare const toolDefinitions: readonly ToolDef[];
|
|
632
620
|
declare const callTool: (name: string, args: Record<string, unknown>) => CallToolResult;
|
|
633
621
|
//#endregion
|
|
634
|
-
export { type AgentIdentity, AgentIdentitySchema, type AliasError, type AliasTable, type AuditResult, type BootError, type BootOptions, type BootResult, type CallbackConfig, CallbackConfigSchema, type CatalogError, type CheckResult, type ConfidenceLevel, type ConfigError, type ConfigSource,
|
|
622
|
+
export { type AgentIdentity, AgentIdentitySchema, type AliasError, type AliasTable, type AuditResult, type BootError, type BootOptions, type BootResult, type CallbackConfig, CallbackConfigSchema, type CatalogError, type CheckResult, type ConfidenceLevel, type ConfigError, type ConfigSource, ConsumerType, type CredentialPattern, type DirectLogger, type DirectTestLoggerHandle, type DriftEntry, type DriftStatus, type EnvAuditResult, type EnvDriftEntry, type EnvDriftStatus, type EnvMeta, EnvMetaSchema, EnvpktBootError, type EnvpktConfig, EnvpktConfigSchema, type FleetAgent, type FleetHealth, type FnoxConfig, type FnoxError, type FnoxSecret, type FormatPacketOptions, type HealthStatus, type Identity, type IdentityError, IdentitySchema, type KeygenError, type KeygenResult, type LifecycleConfig, LifecycleConfigSchema, type LogEntry, type LogLevel, type LogMetadata, type MatchResult, type ResolveOptions, type ResolveResult, type ResolvedPath, type ScanOptions, type ScanResult, type SealError, type SecretDisplay, type SecretHealth, type SecretMeta, SecretMetaSchema, type SecretStatus, type TomlEditError, type ToolsConfig, ToolsConfigSchema, ageAvailable, ageDecrypt, ageEncrypt, appendSection, boot, bootSafe, callTool, compareFnoxAndEnvpkt, computeAudit, computeEnvAudit, createDirectConsoleLogger, createDirectTestLogger, createServer, deriveServiceFromName, detectFnox, directSilentLogger, discoverConfig, envCheck, envScan, extractFnoxKeys, findConfigPath, fnoxAvailable, fnoxExport, fnoxGet, formatAliasError, formatPacket, generateKeypair, generateTomlFromScan, isEnvAlias, isSecretAlias, loadCatalog, loadConfig, loadConfigFromCwd, maskValue, matchEnvVar, matchValueShape, parseToml, readConfigFile, readFnoxConfig, readResource, removeSection, renameSection, resolveConfig, resolveConfigPath, resolveInlineKey, resolveKeyPath, resolveSecrets, resolveValues, resourceDefinitions, scanEnv, scanFleet, sealSecrets, startServer, toolDefinitions, unsealSecrets, unwrapAgentKey, updateConfigIdentity, updateSectionFields, validateAliases, validateConfig };
|