npm - keyenv - Versions diffs - 1.1.0 → 1.1.1 - Mend

keyenv 1.1.0 → 1.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.d.mts CHANGED Viewed

@@ -6,6 +6,8 @@ interface KeyEnvOptions {
     timeout?: number;
     /** Cache TTL in seconds for exportSecrets/loadEnv (default: 0 = disabled). Also configurable via KEYENV_CACHE_TTL env var. */
     cacheTtl?: number;
+    /** Custom API base URL (default: https://api.keyenv.dev). Also configurable via KEYENV_API_URL env var. */
+    baseUrl?: string;
 }
 /** User or service token info */
 interface User {
@@ -141,8 +143,10 @@ interface ProjectDefault {
  */
 declare class KeyEnv {
     private readonly token;
+    private readonly baseUrl;
     private readonly timeout;
     private readonly cacheTtl;
+    private readonly secretsCache;
     constructor(options: KeyEnvOptions);
     private request;
     /** Get the current user or service token info */

package/dist/index.d.ts CHANGED Viewed

@@ -6,6 +6,8 @@ interface KeyEnvOptions {
     timeout?: number;
     /** Cache TTL in seconds for exportSecrets/loadEnv (default: 0 = disabled). Also configurable via KEYENV_CACHE_TTL env var. */
     cacheTtl?: number;
+    /** Custom API base URL (default: https://api.keyenv.dev). Also configurable via KEYENV_API_URL env var. */
+    baseUrl?: string;
 }
 /** User or service token info */
 interface User {
@@ -141,8 +143,10 @@ interface ProjectDefault {
  */
 declare class KeyEnv {
     private readonly token;
+    private readonly baseUrl;
     private readonly timeout;
     private readonly cacheTtl;
+    private readonly secretsCache;
     constructor(options: KeyEnvOptions);
     private request;
     /** Get the current user or service token info */

package/dist/index.js CHANGED Viewed

@@ -40,26 +40,28 @@ var KeyEnvError = class extends Error {
 };
 // src/client.ts
-var BASE_URL = "https://api.keyenv.dev";
+var DEFAULT_BASE_URL = "https://api.keyenv.dev";
 var DEFAULT_TIMEOUT = 3e4;
-var secretsCache = /* @__PURE__ */ new Map();
 function getCacheKey(projectId, environment) {
   return `${projectId}:${environment}`;
 }
 var KeyEnv = class {
   token;
+  baseUrl;
   timeout;
   cacheTtl;
+  secretsCache = /* @__PURE__ */ new Map();
   constructor(options) {
     if (!options.token) {
       throw new Error("KeyEnv token is required");
     }
     this.token = options.token;
+    this.baseUrl = (options.baseUrl ?? process.env.KEYENV_API_URL ?? DEFAULT_BASE_URL).replace(/\/+$/, "");
     this.timeout = options.timeout || DEFAULT_TIMEOUT;
     this.cacheTtl = options.cacheTtl ?? (process.env.KEYENV_CACHE_TTL ? parseInt(process.env.KEYENV_CACHE_TTL, 10) : 0);
   }
   async request(method, path, body) {
-    const url = `${BASE_URL}${path}`;
+    const url = `${this.baseUrl}${path}`;
     const controller = new AbortController();
     const timeoutId = setTimeout(() => controller.abort(), this.timeout);
     try {
@@ -98,7 +100,8 @@ var KeyEnv = class {
   }
   /** Get the current user or service token info */
   async getCurrentUser() {
-    return this.request("GET", "/api/v1/users/me");
+    const response = await this.request("GET", "/api/v1/users/me");
+    return response.data;
   }
   /** Validate the token and return user info */
   async validateToken() {
@@ -107,15 +110,17 @@ var KeyEnv = class {
   /** List all accessible projects */
   async listProjects() {
     const response = await this.request("GET", "/api/v1/projects");
-    return response.projects;
+    return response.data;
   }
   /** Get a project by ID */
   async getProject(projectId) {
-    return this.request("GET", `/api/v1/projects/${projectId}`);
+    const response = await this.request("GET", `/api/v1/projects/${projectId}`);
+    return response.data;
   }
   /** Create a new project */
   async createProject(teamId, name) {
-    return this.request("POST", "/api/v1/projects", { team_id: teamId, name });
+    const response = await this.request("POST", "/api/v1/projects", { team_id: teamId, name });
+    return response.data;
   }
   /** Delete a project */
   async deleteProject(projectId) {
@@ -127,15 +132,16 @@ var KeyEnv = class {
       "GET",
       `/api/v1/projects/${projectId}/environments`
     );
-    return response.environments;
+    return response.data;
   }
   /** Create a new environment */
   async createEnvironment(projectId, name, inheritsFrom) {
-    return this.request(
+    const response = await this.request(
       "POST",
       `/api/v1/projects/${projectId}/environments`,
       { name, inherits_from: inheritsFrom }
     );
+    return response.data;
   }
   /** Delete an environment */
   async deleteEnvironment(projectId, environment) {
@@ -147,7 +153,7 @@ var KeyEnv = class {
       "GET",
       `/api/v1/projects/${projectId}/environments/${environment}/secrets`
     );
-    return response.secrets;
+    return response.data;
   }
   /**
    * Export all secrets with their decrypted values.
@@ -163,22 +169,25 @@ var KeyEnv = class {
   async exportSecrets(projectId, environment) {
     const cacheKey = getCacheKey(projectId, environment);
     if (this.cacheTtl > 0) {
-      const cached = secretsCache.get(cacheKey);
+      const cached = this.secretsCache.get(cacheKey);
       if (cached && Date.now() < cached.expiresAt) {
         return cached.secrets;
       }
+      if (cached) {
+        this.secretsCache.delete(cacheKey);
+      }
     }
     const response = await this.request(
       "GET",
       `/api/v1/projects/${projectId}/environments/${environment}/secrets/export`
     );
     if (this.cacheTtl > 0) {
-      secretsCache.set(cacheKey, {
-        secrets: response.secrets,
+      this.secretsCache.set(cacheKey, {
+        secrets: response.data,
         expiresAt: Date.now() + this.cacheTtl * 1e3
       });
     }
-    return response.secrets;
+    return response.data;
   }
   /**
    * Export secrets as a key-value object
@@ -198,7 +207,7 @@ var KeyEnv = class {
       "GET",
       `/api/v1/projects/${projectId}/environments/${environment}/secrets/${key}`
     );
-    return response.secret;
+    return response.data;
   }
   /** Create a new secret */
   async createSecret(projectId, environment, key, value, description) {
@@ -208,7 +217,7 @@ var KeyEnv = class {
       { key, value, description }
     );
     this.clearCache(projectId, environment);
-    return response.secret;
+    return response.data;
   }
   /** Update a secret's value */
   async updateSecret(projectId, environment, key, value, description) {
@@ -218,7 +227,7 @@ var KeyEnv = class {
       { value, description }
     );
     this.clearCache(projectId, environment);
-    return response.secret;
+    return response.data;
   }
   /** Set a secret (create or update) */
   async setSecret(projectId, environment, key, value, description) {
@@ -245,7 +254,7 @@ var KeyEnv = class {
       "GET",
       `/api/v1/projects/${projectId}/environments/${environment}/secrets/${key}/history`
     );
-    return response.history;
+    return response.data;
   }
   /**
    * Bulk import secrets
@@ -258,13 +267,13 @@ var KeyEnv = class {
    * ```
    */
   async bulkImport(projectId, environment, secrets, options = {}) {
-    const result = await this.request(
+    const response = await this.request(
       "POST",
       `/api/v1/projects/${projectId}/environments/${environment}/secrets/bulk`,
       { secrets, overwrite: options.overwrite ?? false }
     );
     this.clearCache(projectId, environment);
-    return result;
+    return response.data;
   }
   /**
    * Load secrets into process.env
@@ -292,8 +301,8 @@ var KeyEnv = class {
     ];
     for (const secret of secrets) {
       const value = secret.value;
-      if (value.includes("\n") || value.includes('"') || value.includes("'") || value.includes(" ")) {
-        const escaped = value.replace(/\\/g, "\\\\").replace(/"/g, '\\"');
+      if (value.includes("\n") || value.includes('"') || value.includes("'") || value.includes(" ") || value.includes("$")) {
+        const escaped = value.replace(/\\/g, "\\\\").replace(/"/g, '\\"').replace(/\n/g, "\\n").replace(/\$/g, "\\$");
         lines.push(`${secret.key}="${escaped}"`);
       } else {
         lines.push(`${secret.key}=${value}`);
@@ -308,15 +317,15 @@ var KeyEnv = class {
    */
   clearCache(projectId, environment) {
     if (projectId && environment) {
-      secretsCache.delete(getCacheKey(projectId, environment));
+      this.secretsCache.delete(getCacheKey(projectId, environment));
     } else if (projectId) {
-      for (const key of secretsCache.keys()) {
+      for (const key of this.secretsCache.keys()) {
         if (key.startsWith(`${projectId}:`)) {
-          secretsCache.delete(key);
+          this.secretsCache.delete(key);
         }
       }
     } else {
-      secretsCache.clear();
+      this.secretsCache.clear();
     }
   }
   // ============================================================================
@@ -340,7 +349,7 @@ var KeyEnv = class {
       "GET",
       `/api/v1/projects/${projectId}/environments/${environment}/permissions`
     );
-    return response.permissions;
+    return response.data;
   }
   /**
    * Set a user's permission for an environment.
@@ -361,7 +370,7 @@ var KeyEnv = class {
       `/api/v1/projects/${projectId}/environments/${environment}/permissions/${userId}`,
       { role }
     );
-    return response.permission;
+    return response.data;
   }
   /**
    * Delete a user's permission for an environment.
@@ -399,7 +408,7 @@ var KeyEnv = class {
       `/api/v1/projects/${projectId}/environments/${environment}/permissions`,
       { permissions: permissions.map((p) => ({ user_id: p.userId, role: p.role })) }
     );
-    return response.permissions;
+    return response.data;
   }
   /**
    * Get the current user's permissions for all environments in a project.
@@ -433,7 +442,7 @@ var KeyEnv = class {
       "GET",
       `/api/v1/projects/${projectId}/permissions/defaults`
     );
-    return response.defaults;
+    return response.data;
   }
   /**
    * Set default permission settings for a project's environments.
@@ -454,7 +463,7 @@ var KeyEnv = class {
       `/api/v1/projects/${projectId}/permissions/defaults`,
       { defaults: defaults.map((d) => ({ environment_name: d.environmentName, default_role: d.defaultRole })) }
     );
-    return response.defaults;
+    return response.data;
   }
 };
 // Annotate the CommonJS export names for ESM import in node:

package/dist/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../src/index.ts","../src/types.ts","../src/client.ts"],"sourcesContent":["export { KeyEnv } from './client.js';\nexport { KeyEnvError } from './types.js';\nexport type {\n KeyEnvOptions,\n User,\n Project,\n ProjectWithEnvironments,\n Environment,\n Secret,\n SecretWithValue,\n SecretHistory,\n BulkSecretItem,\n BulkImportResult,\n EnvironmentRole,\n EnvironmentPermission,\n MyPermission,\n MyPermissionsResponse,\n ProjectDefault,\n} from './types.js';\n","/** KeyEnv client configuration options /\nexport interface KeyEnvOptions {\n /* Service token for authentication /\n token: string;\n /* Request timeout in milliseconds (default: 30000) /\n timeout?: number;\n /* Cache TTL in seconds for exportSecrets/loadEnv (default: 0 = disabled). Also configurable via KEYENV_CACHE_TTL env var. /\n cacheTtl?: number;\n}\n\n/* User or service token info /\nexport interface User {\n id: string;\n email?: string;\n name?: string;\n clerk_id?: string;\n avatar_url?: string;\n /* Present for service tokens /\n auth_type?: 'service_token' \| 'user';\n /* Team ID (for service tokens) /\n team_id?: string;\n /* Project IDs (for project-scoped service tokens) /\n project_ids?: string[];\n /* Token scopes (for service tokens) /\n scopes?: string[];\n created_at: string;\n}\n\n/* Project /\nexport interface Project {\n id: string;\n team_id: string;\n name: string;\n slug: string;\n description?: string;\n created_at: string;\n}\n\n/* Environment /\nexport interface Environment {\n id: string;\n project_id: string;\n name: string;\n inherits_from?: string;\n created_at: string;\n}\n\n/* Project with environments /\nexport interface ProjectWithEnvironments extends Project {\n environments: Environment[];\n}\n\n/* Secret (without value) /\nexport interface Secret {\n id: string;\n environment_id: string;\n key: string;\n type: string;\n description?: string;\n version: number;\n created_at: string;\n updated_at: string;\n}\n\n/* Secret with decrypted value /\nexport interface SecretWithValue extends Secret {\n value: string;\n inherited_from?: string;\n}\n\n/* Secret history entry /\nexport interface SecretHistory {\n id: string;\n secret_id: string;\n value: string;\n version: number;\n changed_by?: string;\n changed_at: string;\n}\n\n/* Bulk import request item /\nexport interface BulkSecretItem {\n key: string;\n value: string;\n description?: string;\n}\n\n/* Bulk import result /\nexport interface BulkImportResult {\n created: number;\n updated: number;\n skipped: number;\n}\n\n/* API error response /\nexport interface ApiError {\n error: string;\n code?: string;\n details?: Record<string, unknown>;\n}\n\n/* KeyEnv API error /\nexport class KeyEnvError extends Error {\n public readonly status: number;\n public readonly code?: string;\n public readonly details?: Record<string, unknown>;\n\n constructor(message: string, status: number, code?: string, details?: Record<string, unknown>) {\n super(message);\n this.name = 'KeyEnvError';\n this.status = status;\n this.code = code;\n this.details = details;\n }\n}\n\n/* Environment permission role /\nexport type EnvironmentRole = 'none' \| 'read' \| 'write' \| 'admin';\n\n/* Environment permission for a user /\nexport interface EnvironmentPermission {\n id: string;\n environment_id: string;\n user_id: string;\n role: EnvironmentRole;\n user_email?: string;\n user_name?: string;\n granted_by?: string;\n created_at: string;\n updated_at: string;\n}\n\n/* User's permission for an environment /\nexport interface MyPermission {\n environment_id: string;\n environment_name: string;\n role: EnvironmentRole;\n can_read: boolean;\n can_write: boolean;\n can_admin: boolean;\n}\n\n/* Response for getting user's permissions /\nexport interface MyPermissionsResponse {\n permissions: MyPermission[];\n is_team_admin: boolean;\n}\n\n/* Project default permission for an environment /\nexport interface ProjectDefault {\n id: string;\n project_id: string;\n environment_name: string;\n default_role: EnvironmentRole;\n created_at: string;\n}\n","import type {\n KeyEnvOptions,\n User,\n Project,\n ProjectWithEnvironments,\n Environment,\n Secret,\n SecretWithValue,\n SecretHistory,\n BulkSecretItem,\n BulkImportResult,\n ApiError,\n EnvironmentRole,\n EnvironmentPermission,\n MyPermissionsResponse,\n ProjectDefault,\n} from './types.js';\nimport { KeyEnvError } from './types.js';\n\nconst BASE_URL = 'https://api.keyenv.dev';\nconst DEFAULT_TIMEOUT = 30000;\n\n/* Module-level cache for secrets (survives across warm serverless invocations) /\nconst secretsCache = new Map<string, { secrets: SecretWithValue[]; expiresAt: number }>();\n\nfunction getCacheKey(projectId: string, environment: string): string {\n return `${projectId}:${environment}`;\n}\n\n/\n KeyEnv API client for managing secrets\n \n @example\n * ```ts\n * import { KeyEnv } from 'keyenv';\n \n const client = new KeyEnv({ token: process.env.KEYENV_TOKEN });\n \n // Export all secrets for an environment\n * const secrets = await client.exportSecrets('project-id', 'production');\n * ```\n /\nexport class KeyEnv {\n private readonly token: string;\n private readonly timeout: number;\n private readonly cacheTtl: number;\n\n constructor(options: KeyEnvOptions) {\n if (!options.token) {\n throw new Error('KeyEnv token is required');\n }\n this.token = options.token;\n this.timeout = options.timeout \|\| DEFAULT_TIMEOUT;\n // Cache TTL: constructor option → env var → 0 (disabled)\n this.cacheTtl = options.cacheTtl ??\n (process.env.KEYENV_CACHE_TTL ? parseInt(process.env.KEYENV_CACHE_TTL, 10) : 0);\n }\n\n private async request<T>(method: string, path: string, body?: unknown): Promise<T> {\n const url = `${BASE_URL}${path}`;\n const controller = new AbortController();\n const timeoutId = setTimeout(() => controller.abort(), this.timeout);\n\n try {\n const response = await fetch(url, {\n method,\n headers: {\n 'Authorization': `Bearer ${this.token}`,\n 'Content-Type': 'application/json',\n 'User-Agent': 'keyenv-node/1.0.0',\n },\n body: body ? JSON.stringify(body) : undefined,\n signal: controller.signal,\n });\n\n clearTimeout(timeoutId);\n\n if (!response.ok) {\n let errorData: ApiError = { error: 'Unknown error' };\n try {\n errorData = await response.json() as ApiError;\n } catch {\n errorData = { error: response.statusText };\n }\n throw new KeyEnvError(errorData.error, response.status, errorData.code, errorData.details);\n }\n\n if (response.status === 204) {\n return undefined as T;\n }\n\n return response.json() as Promise<T>;\n } catch (error) {\n clearTimeout(timeoutId);\n if (error instanceof KeyEnvError) throw error;\n if (error instanceof Error && error.name === 'AbortError') {\n throw new KeyEnvError('Request timeout', 408);\n }\n throw new KeyEnvError(error instanceof Error ? error.message : 'Network error', 0);\n }\n }\n\n /* Get the current user or service token info /\n async getCurrentUser(): Promise<User> {\n return this.request<User>('GET', '/api/v1/users/me');\n }\n\n /* Validate the token and return user info /\n async validateToken(): Promise<User> {\n return this.getCurrentUser();\n }\n\n /* List all accessible projects /\n async listProjects(): Promise<Project[]> {\n const response = await this.request<{ projects: Project[] }>('GET', '/api/v1/projects');\n return response.projects;\n }\n\n /* Get a project by ID /\n async getProject(projectId: string): Promise<ProjectWithEnvironments> {\n return this.request<ProjectWithEnvironments>('GET', `/api/v1/projects/${projectId}`);\n }\n\n /* Create a new project /\n async createProject(teamId: string, name: string): Promise<Project> {\n return this.request<Project>('POST', '/api/v1/projects', { team_id: teamId, name });\n }\n\n /* Delete a project /\n async deleteProject(projectId: string): Promise<void> {\n await this.request<void>('DELETE', `/api/v1/projects/${projectId}`);\n }\n\n /* List environments in a project /\n async listEnvironments(projectId: string): Promise<Environment[]> {\n const response = await this.request<{ environments: Environment[] }>(\n 'GET', `/api/v1/projects/${projectId}/environments`\n );\n return response.environments;\n }\n\n /* Create a new environment /\n async createEnvironment(projectId: string, name: string, inheritsFrom?: string): Promise<Environment> {\n return this.request<Environment>(\n 'POST', `/api/v1/projects/${projectId}/environments`,\n { name, inherits_from: inheritsFrom }\n );\n }\n\n /* Delete an environment /\n async deleteEnvironment(projectId: string, environment: string): Promise<void> {\n await this.request<void>('DELETE', `/api/v1/projects/${projectId}/environments/${environment}`);\n }\n\n /* List secrets in an environment (keys and metadata only) /\n async listSecrets(projectId: string, environment: string): Promise<Secret[]> {\n const response = await this.request<{ secrets: Secret[] }>(\n 'GET', `/api/v1/projects/${projectId}/environments/${environment}/secrets`\n );\n return response.secrets;\n }\n\n /\n Export all secrets with their decrypted values.\n * Results are cached when cacheTtl > 0.\n * @example\n * ```ts\n * const secrets = await client.exportSecrets('project-id', 'production');\n * for (const secret of secrets) {\n * process.env[secret.key] = secret.value;\n * }\n * ```\n /\n async exportSecrets(projectId: string, environment: string): Promise<SecretWithValue[]> {\n const cacheKey = getCacheKey(projectId, environment);\n\n // Check cache if TTL > 0\n if (this.cacheTtl > 0) {\n const cached = secretsCache.get(cacheKey);\n if (cached && Date.now() < cached.expiresAt) {\n return cached.secrets;\n }\n }\n\n const response = await this.request<{ secrets: SecretWithValue[] }>(\n 'GET', `/api/v1/projects/${projectId}/environments/${environment}/secrets/export`\n );\n\n // Store in cache if TTL > 0\n if (this.cacheTtl > 0) {\n secretsCache.set(cacheKey, {\n secrets: response.secrets,\n expiresAt: Date.now() + (this.cacheTtl 1000),\n });\n }\n\n return response.secrets;\n }\n\n /*\n Export secrets as a key-value object\n * @example\n * ```ts\n * const env = await client.exportSecretsAsObject('project-id', 'production');\n * // { DATABASE_URL: '...', API_KEY: '...' }\n * ```\n /\n async exportSecretsAsObject(projectId: string, environment: string): Promise<Record<string, string>> {\n const secrets = await this.exportSecrets(projectId, environment);\n return Object.fromEntries(secrets.map((s) => [s.key, s.value]));\n }\n\n /* Get a single secret with its value /\n async getSecret(projectId: string, environment: string, key: string): Promise<SecretWithValue> {\n const response = await this.request<{ secret: SecretWithValue }>(\n 'GET', `/api/v1/projects/${projectId}/environments/${environment}/secrets/${key}`\n );\n return response.secret;\n }\n\n /* Create a new secret /\n async createSecret(\n projectId: string, environment: string, key: string, value: string, description?: string\n ): Promise<Secret> {\n const response = await this.request<{ secret: Secret }>(\n 'POST', `/api/v1/projects/${projectId}/environments/${environment}/secrets`,\n { key, value, description }\n );\n this.clearCache(projectId, environment);\n return response.secret;\n }\n\n /* Update a secret's value /\n async updateSecret(\n projectId: string, environment: string, key: string, value: string, description?: string\n ): Promise<Secret> {\n const response = await this.request<{ secret: Secret }>(\n 'PUT', `/api/v1/projects/${projectId}/environments/${environment}/secrets/${key}`,\n { value, description }\n );\n this.clearCache(projectId, environment);\n return response.secret;\n }\n\n /* Set a secret (create or update) /\n async setSecret(\n projectId: string, environment: string, key: string, value: string, description?: string\n ): Promise<Secret> {\n try {\n return await this.updateSecret(projectId, environment, key, value, description);\n } catch (error) {\n if (error instanceof KeyEnvError && error.status === 404) {\n return this.createSecret(projectId, environment, key, value, description);\n }\n throw error;\n }\n }\n\n /* Delete a secret /\n async deleteSecret(projectId: string, environment: string, key: string): Promise<void> {\n await this.request<void>(\n 'DELETE', `/api/v1/projects/${projectId}/environments/${environment}/secrets/${key}`\n );\n this.clearCache(projectId, environment);\n }\n\n /* Get secret version history /\n async getSecretHistory(projectId: string, environment: string, key: string): Promise<SecretHistory[]> {\n const response = await this.request<{ history: SecretHistory[] }>(\n 'GET', `/api/v1/projects/${projectId}/environments/${environment}/secrets/${key}/history`\n );\n return response.history;\n }\n\n /\n Bulk import secrets\n * @example\n * ```ts\n * await client.bulkImport('project-id', 'development', [\n * { key: 'DATABASE_URL', value: 'postgres://...' },\n * { key: 'API_KEY', value: 'sk_...' },\n * ], { overwrite: true });\n * ```\n /\n async bulkImport(\n projectId: string, environment: string, secrets: BulkSecretItem[], options: { overwrite?: boolean } = {}\n ): Promise<BulkImportResult> {\n const result = await this.request<BulkImportResult>(\n 'POST', `/api/v1/projects/${projectId}/environments/${environment}/secrets/bulk`,\n { secrets, overwrite: options.overwrite ?? false }\n );\n this.clearCache(projectId, environment);\n return result;\n }\n\n /\n Load secrets into process.env\n * @example\n * ```ts\n * await client.loadEnv('project-id', 'production');\n * console.log(process.env.DATABASE_URL);\n * ```\n /\n async loadEnv(projectId: string, environment: string): Promise<number> {\n const secrets = await this.exportSecrets(projectId, environment);\n for (const secret of secrets) {\n process.env[secret.key] = secret.value;\n }\n return secrets.length;\n }\n\n /* Generate .env file content from secrets /\n async generateEnvFile(projectId: string, environment: string): Promise<string> {\n const secrets = await this.exportSecrets(projectId, environment);\n const lines = [\n '# Generated by KeyEnv',\n `# Environment: ${environment}`,\n `# Generated at: ${new Date().toISOString()}`,\n '',\n ];\n\n for (const secret of secrets) {\n const value = secret.value;\n if (value.includes('\\n') \|\| value.includes('\"') \|\| value.includes(\"'\") \|\| value.includes(' ')) {\n const escaped = value.replace(/\\\\/g, '\\\\\\\\').replace(/\"/g, '\\\\\"');\n lines.push(`${secret.key}=\"${escaped}\"`);\n } else {\n lines.push(`${secret.key}=${value}`);\n }\n }\n\n return lines.join('\\n') + '\\n';\n }\n\n /\n Clear the secrets cache.\n * @param projectId - Clear cache for specific project (optional)\n * @param environment - Clear cache for specific environment (requires projectId)\n /\n clearCache(projectId?: string, environment?: string): void {\n if (projectId && environment) {\n secretsCache.delete(getCacheKey(projectId, environment));\n } else if (projectId) {\n // Clear all environments for this project\n for (const key of secretsCache.keys()) {\n if (key.startsWith(`${projectId}:`)) {\n secretsCache.delete(key);\n }\n }\n } else {\n secretsCache.clear();\n }\n }\n\n // ============================================================================\n // Environment Permission Management\n // ============================================================================\n\n /\n List all permissions for an environment.\n * @param projectId - The project ID\n * @param environment - The environment name\n * @returns Array of environment permissions\n * @example\n * ```ts\n * const permissions = await client.listPermissions('project-id', 'production');\n * for (const perm of permissions) {\n * console.log(`${perm.user_email}: ${perm.role}`);\n * }\n * ```\n /\n async listPermissions(projectId: string, environment: string): Promise<EnvironmentPermission[]> {\n const response = await this.request<{ permissions: EnvironmentPermission[] }>(\n 'GET', `/api/v1/projects/${projectId}/environments/${environment}/permissions`\n );\n return response.permissions;\n }\n\n /\n Set a user's permission for an environment.\n * @param projectId - The project ID\n * @param environment - The environment name\n * @param userId - The user ID to set permission for\n * @param role - The permission role ('none', 'read', 'write', or 'admin')\n * @returns The created or updated permission\n * @example\n * ```ts\n * const permission = await client.setPermission('project-id', 'production', 'user-id', 'write');\n * console.log(`Set ${permission.user_email} to ${permission.role}`);\n * ```\n /\n async setPermission(\n projectId: string, environment: string, userId: string, role: EnvironmentRole\n ): Promise<EnvironmentPermission> {\n const response = await this.request<{ permission: EnvironmentPermission }>(\n 'PUT', `/api/v1/projects/${projectId}/environments/${environment}/permissions/${userId}`,\n { role }\n );\n return response.permission;\n }\n\n /\n Delete a user's permission for an environment.\n * @param projectId - The project ID\n * @param environment - The environment name\n * @param userId - The user ID to delete permission for\n * @example\n * ```ts\n * await client.deletePermission('project-id', 'production', 'user-id');\n * ```\n /\n async deletePermission(projectId: string, environment: string, userId: string): Promise<void> {\n await this.request<void>(\n 'DELETE', `/api/v1/projects/${projectId}/environments/${environment}/permissions/${userId}`\n );\n }\n\n /\n Bulk set permissions for multiple users in an environment.\n * @param projectId - The project ID\n * @param environment - The environment name\n * @param permissions - Array of user permissions to set\n * @returns Array of created or updated permissions\n * @example\n * ```ts\n * const permissions = await client.bulkSetPermissions('project-id', 'production', [\n * { userId: 'user-1', role: 'write' },\n * { userId: 'user-2', role: 'read' },\n * ]);\n * ```\n /\n async bulkSetPermissions(\n projectId: string, environment: string, permissions: Array<{ userId: string; role: EnvironmentRole }>\n ): Promise<EnvironmentPermission[]> {\n const response = await this.request<{ permissions: EnvironmentPermission[] }>(\n 'PUT', `/api/v1/projects/${projectId}/environments/${environment}/permissions`,\n { permissions: permissions.map(p => ({ user_id: p.userId, role: p.role })) }\n );\n return response.permissions;\n }\n\n /\n Get the current user's permissions for all environments in a project.\n * @param projectId - The project ID\n * @returns The user's permissions and team admin status\n * @example\n * ```ts\n * const { permissions, is_team_admin } = await client.getMyPermissions('project-id');\n * for (const perm of permissions) {\n * console.log(`${perm.environment_name}: ${perm.role} (can_write: ${perm.can_write})`);\n * }\n * ```\n /\n async getMyPermissions(projectId: string): Promise<MyPermissionsResponse> {\n return this.request<MyPermissionsResponse>('GET', `/api/v1/projects/${projectId}/my-permissions`);\n }\n\n /\n Get default permission settings for a project's environments.\n * @param projectId - The project ID\n * @returns Array of project default permissions\n * @example\n * ```ts\n * const defaults = await client.getProjectDefaults('project-id');\n * for (const def of defaults) {\n * console.log(`${def.environment_name}: ${def.default_role}`);\n * }\n * ```\n /\n async getProjectDefaults(projectId: string): Promise<ProjectDefault[]> {\n const response = await this.request<{ defaults: ProjectDefault[] }>(\n 'GET', `/api/v1/projects/${projectId}/permissions/defaults`\n );\n return response.defaults;\n }\n\n /\n Set default permission settings for a project's environments.\n * @param projectId - The project ID\n * @param defaults - Array of default permissions to set\n * @returns Array of updated project default permissions\n * @example\n * ```ts\n * const defaults = await client.setProjectDefaults('project-id', [\n * { environmentName: 'development', defaultRole: 'write' },\n * { environmentName: 'production', defaultRole: 'read' },\n * ]);\n * ```\n */\n async setProjectDefaults(\n projectId: string, defaults: Array<{ environmentName: string; defaultRole: EnvironmentRole }>\n ): Promise<ProjectDefault[]> {\n const response = await this.request<{ defaults: ProjectDefault[] }>(\n 'PUT', `/api/v1/projects/${projectId}/permissions/defaults`,\n { defaults: defaults.map(d => ({ environment_name: d.environmentName, default_role: d.defaultRole })) }\n );\n return response.defaults;\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACsGO,IAAM,cAAN,cAA0B,MAAM;AAAA,EACrB;AAAA,EACA;AAAA,EACA;AAAA,EAEhB,YAAY,SAAiB,QAAgB,MAAe,SAAmC;AAC7F,UAAM,OAAO;AACb,SAAK,OAAO;AACZ,SAAK,SAAS;AACd,SAAK,OAAO;AACZ,SAAK,UAAU;AAAA,EACjB;AACF;;;AC/FA,IAAM,WAAW;AACjB,IAAM,kBAAkB;AAGxB,IAAM,eAAe,oBAAI,IAA+D;AAExF,SAAS,YAAY,WAAmB,aAA6B;AACnE,SAAO,GAAG,SAAS,IAAI,WAAW;AACpC;AAeO,IAAM,SAAN,MAAa;AAAA,EACD;AAAA,EACA;AAAA,EACA;AAAA,EAEjB,YAAY,SAAwB;AAClC,QAAI,CAAC,QAAQ,OAAO;AAClB,YAAM,IAAI,MAAM,0BAA0B;AAAA,IAC5C;AACA,SAAK,QAAQ,QAAQ;AACrB,SAAK,UAAU,QAAQ,WAAW;AAElC,SAAK,WAAW,QAAQ,aACrB,QAAQ,IAAI,mBAAmB,SAAS,QAAQ,IAAI,kBAAkB,EAAE,IAAI;AAAA,EACjF;AAAA,EAEA,MAAc,QAAW,QAAgB,MAAc,MAA4B;AACjF,UAAM,MAAM,GAAG,QAAQ,GAAG,IAAI;AAC9B,UAAM,aAAa,IAAI,gBAAgB;AACvC,UAAM,YAAY,WAAW,MAAM,WAAW,MAAM,GAAG,KAAK,OAAO;AAEnE,QAAI;AACF,YAAM,WAAW,MAAM,MAAM,KAAK;AAAA,QAChC;AAAA,QACA,SAAS;AAAA,UACP,iBAAiB,UAAU,KAAK,KAAK;AAAA,UACrC,gBAAgB;AAAA,UAChB,cAAc;AAAA,QAChB;AAAA,QACA,MAAM,OAAO,KAAK,UAAU,IAAI,IAAI;AAAA,QACpC,QAAQ,WAAW;AAAA,MACrB,CAAC;AAED,mBAAa,SAAS;AAEtB,UAAI,CAAC,SAAS,IAAI;AAChB,YAAI,YAAsB,EAAE,OAAO,gBAAgB;AACnD,YAAI;AACF,sBAAY,MAAM,SAAS,KAAK;AAAA,QAClC,QAAQ;AACN,sBAAY,EAAE,OAAO,SAAS,WAAW;AAAA,QAC3C;AACA,cAAM,IAAI,YAAY,UAAU,OAAO,SAAS,QAAQ,UAAU,MAAM,UAAU,OAAO;AAAA,MAC3F;AAEA,UAAI,SAAS,WAAW,KAAK;AAC3B,eAAO;AAAA,MACT;AAEA,aAAO,SAAS,KAAK;AAAA,IACvB,SAAS,OAAO;AACd,mBAAa,SAAS;AACtB,UAAI,iBAAiB,YAAa,OAAM;AACxC,UAAI,iBAAiB,SAAS,MAAM,SAAS,cAAc;AACzD,cAAM,IAAI,YAAY,mBAAmB,GAAG;AAAA,MAC9C;AACA,YAAM,IAAI,YAAY,iBAAiB,QAAQ,MAAM,UAAU,iBAAiB,CAAC;AAAA,IACnF;AAAA,EACF;AAAA;AAAA,EAGA,MAAM,iBAAgC;AACpC,WAAO,KAAK,QAAc,OAAO,kBAAkB;AAAA,EACrD;AAAA;AAAA,EAGA,MAAM,gBAA+B;AACnC,WAAO,KAAK,eAAe;AAAA,EAC7B;AAAA;AAAA,EAGA,MAAM,eAAmC;AACvC,UAAM,WAAW,MAAM,KAAK,QAAiC,OAAO,kBAAkB;AACtF,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA,EAGA,MAAM,WAAW,WAAqD;AACpE,WAAO,KAAK,QAAiC,OAAO,oBAAoB,SAAS,EAAE;AAAA,EACrF;AAAA;AAAA,EAGA,MAAM,cAAc,QAAgB,MAAgC;AAClE,WAAO,KAAK,QAAiB,QAAQ,oBAAoB,EAAE,SAAS,QAAQ,KAAK,CAAC;AAAA,EACpF;AAAA;AAAA,EAGA,MAAM,cAAc,WAAkC;AACpD,UAAM,KAAK,QAAc,UAAU,oBAAoB,SAAS,EAAE;AAAA,EACpE;AAAA;AAAA,EAGA,MAAM,iBAAiB,WAA2C;AAChE,UAAM,WAAW,MAAM,KAAK;AAAA,MAC1B;AAAA,MAAO,oBAAoB,SAAS;AAAA,IACtC;AACA,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA,EAGA,MAAM,kBAAkB,WAAmB,MAAc,cAA6C;AACpG,WAAO,KAAK;AAAA,MACV;AAAA,MAAQ,oBAAoB,SAAS;AAAA,MACrC,EAAE,MAAM,eAAe,aAAa;AAAA,IACtC;AAAA,EACF;AAAA;AAAA,EAGA,MAAM,kBAAkB,WAAmB,aAAoC;AAC7E,UAAM,KAAK,QAAc,UAAU,oBAAoB,SAAS,iBAAiB,WAAW,EAAE;AAAA,EAChG;AAAA;AAAA,EAGA,MAAM,YAAY,WAAmB,aAAwC;AAC3E,UAAM,WAAW,MAAM,KAAK;AAAA,MAC1B;AAAA,MAAO,oBAAoB,SAAS,iBAAiB,WAAW;AAAA,IAClE;AACA,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAaA,MAAM,cAAc,WAAmB,aAAiD;AACtF,UAAM,WAAW,YAAY,WAAW,WAAW;AAGnD,QAAI,KAAK,WAAW,GAAG;AACrB,YAAM,SAAS,aAAa,IAAI,QAAQ;AACxC,UAAI,UAAU,KAAK,IAAI,IAAI,OAAO,WAAW;AAC3C,eAAO,OAAO;AAAA,MAChB;AAAA,IACF;AAEA,UAAM,WAAW,MAAM,KAAK;AAAA,MAC1B;AAAA,MAAO,oBAAoB,SAAS,iBAAiB,WAAW;AAAA,IAClE;AAGA,QAAI,KAAK,WAAW,GAAG;AACrB,mBAAa,IAAI,UAAU;AAAA,QACzB,SAAS,SAAS;AAAA,QAClB,WAAW,KAAK,IAAI,IAAK,KAAK,WAAW;AAAA,MAC3C,CAAC;AAAA,IACH;AAEA,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAM,sBAAsB,WAAmB,aAAsD;AACnG,UAAM,UAAU,MAAM,KAAK,cAAc,WAAW,WAAW;AAC/D,WAAO,OAAO,YAAY,QAAQ,IAAI,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC;AAAA,EAChE;AAAA;AAAA,EAGA,MAAM,UAAU,WAAmB,aAAqB,KAAuC;AAC7F,UAAM,WAAW,MAAM,KAAK;AAAA,MAC1B;AAAA,MAAO,oBAAoB,SAAS,iBAAiB,WAAW,YAAY,GAAG;AAAA,IACjF;AACA,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA,EAGA,MAAM,aACJ,WAAmB,aAAqB,KAAa,OAAe,aACnD;AACjB,UAAM,WAAW,MAAM,KAAK;AAAA,MAC1B;AAAA,MAAQ,oBAAoB,SAAS,iBAAiB,WAAW;AAAA,MACjE,EAAE,KAAK,OAAO,YAAY;AAAA,IAC5B;AACA,SAAK,WAAW,WAAW,WAAW;AACtC,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA,EAGA,MAAM,aACJ,WAAmB,aAAqB,KAAa,OAAe,aACnD;AACjB,UAAM,WAAW,MAAM,KAAK;AAAA,MAC1B;AAAA,MAAO,oBAAoB,SAAS,iBAAiB,WAAW,YAAY,GAAG;AAAA,MAC/E,EAAE,OAAO,YAAY;AAAA,IACvB;AACA,SAAK,WAAW,WAAW,WAAW;AACtC,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA,EAGA,MAAM,UACJ,WAAmB,aAAqB,KAAa,OAAe,aACnD;AACjB,QAAI;AACF,aAAO,MAAM,KAAK,aAAa,WAAW,aAAa,KAAK,OAAO,WAAW;AAAA,IAChF,SAAS,OAAO;AACd,UAAI,iBAAiB,eAAe,MAAM,WAAW,KAAK;AACxD,eAAO,KAAK,aAAa,WAAW,aAAa,KAAK,OAAO,WAAW;AAAA,MAC1E;AACA,YAAM;AAAA,IACR;AAAA,EACF;AAAA;AAAA,EAGA,MAAM,aAAa,WAAmB,aAAqB,KAA4B;AACrF,UAAM,KAAK;AAAA,MACT;AAAA,MAAU,oBAAoB,SAAS,iBAAiB,WAAW,YAAY,GAAG;AAAA,IACpF;AACA,SAAK,WAAW,WAAW,WAAW;AAAA,EACxC;AAAA;AAAA,EAGA,MAAM,iBAAiB,WAAmB,aAAqB,KAAuC;AACpG,UAAM,WAAW,MAAM,KAAK;AAAA,MAC1B;AAAA,MAAO,oBAAoB,SAAS,iBAAiB,WAAW,YAAY,GAAG;AAAA,IACjF;AACA,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYA,MAAM,WACJ,WAAmB,aAAqB,SAA2B,UAAmC,CAAC,GAC5E;AAC3B,UAAM,SAAS,MAAM,KAAK;AAAA,MACxB;AAAA,MAAQ,oBAAoB,SAAS,iBAAiB,WAAW;AAAA,MACjE,EAAE,SAAS,WAAW,QAAQ,aAAa,MAAM;AAAA,IACnD;AACA,SAAK,WAAW,WAAW,WAAW;AACtC,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAM,QAAQ,WAAmB,aAAsC;AACrE,UAAM,UAAU,MAAM,KAAK,cAAc,WAAW,WAAW;AAC/D,eAAW,UAAU,SAAS;AAC5B,cAAQ,IAAI,OAAO,GAAG,IAAI,OAAO;AAAA,IACnC;AACA,WAAO,QAAQ;AAAA,EACjB;AAAA;AAAA,EAGA,MAAM,gBAAgB,WAAmB,aAAsC;AAC7E,UAAM,UAAU,MAAM,KAAK,cAAc,WAAW,WAAW;AAC/D,UAAM,QAAQ;AAAA,MACZ;AAAA,MACA,kBAAkB,WAAW;AAAA,MAC7B,oBAAmB,oBAAI,KAAK,GAAE,YAAY,CAAC;AAAA,MAC3C;AAAA,IACF;AAEA,eAAW,UAAU,SAAS;AAC5B,YAAM,QAAQ,OAAO;AACrB,UAAI,MAAM,SAAS,IAAI,KAAK,MAAM,SAAS,GAAG,KAAK,MAAM,SAAS,GAAG,KAAK,MAAM,SAAS,GAAG,GAAG;AAC7F,cAAM,UAAU,MAAM,QAAQ,OAAO,MAAM,EAAE,QAAQ,MAAM,KAAK;AAChE,cAAM,KAAK,GAAG,OAAO,GAAG,KAAK,OAAO,GAAG;AAAA,MACzC,OAAO;AACL,cAAM,KAAK,GAAG,OAAO,GAAG,IAAI,KAAK,EAAE;AAAA,MACrC;AAAA,IACF;AAEA,WAAO,MAAM,KAAK,IAAI,IAAI;AAAA,EAC5B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,WAAW,WAAoB,aAA4B;AACzD,QAAI,aAAa,aAAa;AAC5B,mBAAa,OAAO,YAAY,WAAW,WAAW,CAAC;AAAA,IACzD,WAAW,WAAW;AAEpB,iBAAW,OAAO,aAAa,KAAK,GAAG;AACrC,YAAI,IAAI,WAAW,GAAG,SAAS,GAAG,GAAG;AACnC,uBAAa,OAAO,GAAG;AAAA,QACzB;AAAA,MACF;AAAA,IACF,OAAO;AACL,mBAAa,MAAM;AAAA,IACrB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAmBA,MAAM,gBAAgB,WAAmB,aAAuD;AAC9F,UAAM,WAAW,MAAM,KAAK;AAAA,MAC1B;AAAA,MAAO,oBAAoB,SAAS,iBAAiB,WAAW;AAAA,IAClE;AACA,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAeA,MAAM,cACJ,WAAmB,aAAqB,QAAgB,MACxB;AAChC,UAAM,WAAW,MAAM,KAAK;AAAA,MAC1B;AAAA,MAAO,oBAAoB,SAAS,iBAAiB,WAAW,gBAAgB,MAAM;AAAA,MACtF,EAAE,KAAK;AAAA,IACT;AACA,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYA,MAAM,iBAAiB,WAAmB,aAAqB,QAA+B;AAC5F,UAAM,KAAK;AAAA,MACT;AAAA,MAAU,oBAAoB,SAAS,iBAAiB,WAAW,gBAAgB,MAAM;AAAA,IAC3F;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAgBA,MAAM,mBACJ,WAAmB,aAAqB,aACN;AAClC,UAAM,WAAW,MAAM,KAAK;AAAA,MAC1B;AAAA,MAAO,oBAAoB,SAAS,iBAAiB,WAAW;AAAA,MAChE,EAAE,aAAa,YAAY,IAAI,QAAM,EAAE,SAAS,EAAE,QAAQ,MAAM,EAAE,KAAK,EAAE,EAAE;AAAA,IAC7E;AACA,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcA,MAAM,iBAAiB,WAAmD;AACxE,WAAO,KAAK,QAA+B,OAAO,oBAAoB,SAAS,iBAAiB;AAAA,EAClG;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcA,MAAM,mBAAmB,WAA8C;AACrE,UAAM,WAAW,MAAM,KAAK;AAAA,MAC1B;AAAA,MAAO,oBAAoB,SAAS;AAAA,IACtC;AACA,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAeA,MAAM,mBACJ,WAAmB,UACQ;AAC3B,UAAM,WAAW,MAAM,KAAK;AAAA,MAC1B;AAAA,MAAO,oBAAoB,SAAS;AAAA,MACpC,EAAE,UAAU,SAAS,IAAI,QAAM,EAAE,kBAAkB,EAAE,iBAAiB,cAAc,EAAE,YAAY,EAAE,EAAE;AAAA,IACxG;AACA,WAAO,SAAS;AAAA,EAClB;AACF;","names":[]}
1	+ {"version":3,"sources":["../src/index.ts","../src/types.ts","../src/client.ts"],"sourcesContent":["export { KeyEnv } from './client.js';\nexport { KeyEnvError } from './types.js';\nexport type {\n KeyEnvOptions,\n User,\n Project,\n ProjectWithEnvironments,\n Environment,\n Secret,\n SecretWithValue,\n SecretHistory,\n BulkSecretItem,\n BulkImportResult,\n EnvironmentRole,\n EnvironmentPermission,\n MyPermission,\n MyPermissionsResponse,\n ProjectDefault,\n} from './types.js';\n","/** KeyEnv client configuration options /\nexport interface KeyEnvOptions {\n /* Service token for authentication /\n token: string;\n /* Request timeout in milliseconds (default: 30000) /\n timeout?: number;\n /* Cache TTL in seconds for exportSecrets/loadEnv (default: 0 = disabled). Also configurable via KEYENV_CACHE_TTL env var. /\n cacheTtl?: number;\n /* Custom API base URL (default: https://api.keyenv.dev). Also configurable via KEYENV_API_URL env var. /\n baseUrl?: string;\n}\n\n/* User or service token info /\nexport interface User {\n id: string;\n email?: string;\n name?: string;\n clerk_id?: string;\n avatar_url?: string;\n /* Present for service tokens /\n auth_type?: 'service_token' \| 'user';\n /* Team ID (for service tokens) /\n team_id?: string;\n /* Project IDs (for project-scoped service tokens) /\n project_ids?: string[];\n /* Token scopes (for service tokens) /\n scopes?: string[];\n created_at: string;\n}\n\n/* Project /\nexport interface Project {\n id: string;\n team_id: string;\n name: string;\n slug: string;\n description?: string;\n created_at: string;\n}\n\n/* Environment /\nexport interface Environment {\n id: string;\n project_id: string;\n name: string;\n inherits_from?: string;\n created_at: string;\n}\n\n/* Project with environments /\nexport interface ProjectWithEnvironments extends Project {\n environments: Environment[];\n}\n\n/* Secret (without value) /\nexport interface Secret {\n id: string;\n environment_id: string;\n key: string;\n type: string;\n description?: string;\n version: number;\n created_at: string;\n updated_at: string;\n}\n\n/* Secret with decrypted value /\nexport interface SecretWithValue extends Secret {\n value: string;\n inherited_from?: string;\n}\n\n/* Secret history entry /\nexport interface SecretHistory {\n id: string;\n secret_id: string;\n value: string;\n version: number;\n changed_by?: string;\n changed_at: string;\n}\n\n/* Bulk import request item /\nexport interface BulkSecretItem {\n key: string;\n value: string;\n description?: string;\n}\n\n/* Bulk import result /\nexport interface BulkImportResult {\n created: number;\n updated: number;\n skipped: number;\n}\n\n/* API error response /\nexport interface ApiError {\n error: string;\n code?: string;\n details?: Record<string, unknown>;\n}\n\n/* KeyEnv API error /\nexport class KeyEnvError extends Error {\n public readonly status: number;\n public readonly code?: string;\n public readonly details?: Record<string, unknown>;\n\n constructor(message: string, status: number, code?: string, details?: Record<string, unknown>) {\n super(message);\n this.name = 'KeyEnvError';\n this.status = status;\n this.code = code;\n this.details = details;\n }\n}\n\n/* Environment permission role /\nexport type EnvironmentRole = 'none' \| 'read' \| 'write' \| 'admin';\n\n/* Environment permission for a user /\nexport interface EnvironmentPermission {\n id: string;\n environment_id: string;\n user_id: string;\n role: EnvironmentRole;\n user_email?: string;\n user_name?: string;\n granted_by?: string;\n created_at: string;\n updated_at: string;\n}\n\n/* User's permission for an environment /\nexport interface MyPermission {\n environment_id: string;\n environment_name: string;\n role: EnvironmentRole;\n can_read: boolean;\n can_write: boolean;\n can_admin: boolean;\n}\n\n/* Response for getting user's permissions /\nexport interface MyPermissionsResponse {\n permissions: MyPermission[];\n is_team_admin: boolean;\n}\n\n/* Project default permission for an environment /\nexport interface ProjectDefault {\n id: string;\n project_id: string;\n environment_name: string;\n default_role: EnvironmentRole;\n created_at: string;\n}\n","import type {\n KeyEnvOptions,\n User,\n Project,\n ProjectWithEnvironments,\n Environment,\n Secret,\n SecretWithValue,\n SecretHistory,\n BulkSecretItem,\n BulkImportResult,\n ApiError,\n EnvironmentRole,\n EnvironmentPermission,\n MyPermissionsResponse,\n ProjectDefault,\n} from './types.js';\nimport { KeyEnvError } from './types.js';\n\nconst DEFAULT_BASE_URL = 'https://api.keyenv.dev';\nconst DEFAULT_TIMEOUT = 30000;\n\nfunction getCacheKey(projectId: string, environment: string): string {\n return `${projectId}:${environment}`;\n}\n\n/\n KeyEnv API client for managing secrets\n \n @example\n * ```ts\n * import { KeyEnv } from 'keyenv';\n \n const client = new KeyEnv({ token: process.env.KEYENV_TOKEN });\n \n // Export all secrets for an environment\n * const secrets = await client.exportSecrets('project-id', 'production');\n * ```\n /\nexport class KeyEnv {\n private readonly token: string;\n private readonly baseUrl: string;\n private readonly timeout: number;\n private readonly cacheTtl: number;\n private readonly secretsCache = new Map<string, { secrets: SecretWithValue[]; expiresAt: number }>();\n\n constructor(options: KeyEnvOptions) {\n if (!options.token) {\n throw new Error('KeyEnv token is required');\n }\n this.token = options.token;\n // Base URL: constructor option → env var → default\n this.baseUrl = (options.baseUrl ?? process.env.KEYENV_API_URL ?? DEFAULT_BASE_URL).replace(/\\/+$/, '');\n this.timeout = options.timeout \|\| DEFAULT_TIMEOUT;\n // Cache TTL: constructor option → env var → 0 (disabled)\n this.cacheTtl = options.cacheTtl ??\n (process.env.KEYENV_CACHE_TTL ? parseInt(process.env.KEYENV_CACHE_TTL, 10) : 0);\n }\n\n private async request<T>(method: string, path: string, body?: unknown): Promise<T> {\n const url = `${this.baseUrl}${path}`;\n const controller = new AbortController();\n const timeoutId = setTimeout(() => controller.abort(), this.timeout);\n\n try {\n const response = await fetch(url, {\n method,\n headers: {\n 'Authorization': `Bearer ${this.token}`,\n 'Content-Type': 'application/json',\n 'User-Agent': 'keyenv-node/1.0.0',\n },\n body: body ? JSON.stringify(body) : undefined,\n signal: controller.signal,\n });\n\n clearTimeout(timeoutId);\n\n if (!response.ok) {\n let errorData: ApiError = { error: 'Unknown error' };\n try {\n errorData = await response.json() as ApiError;\n } catch {\n errorData = { error: response.statusText };\n }\n throw new KeyEnvError(errorData.error, response.status, errorData.code, errorData.details);\n }\n\n if (response.status === 204) {\n return undefined as T;\n }\n\n return response.json() as Promise<T>;\n } catch (error) {\n clearTimeout(timeoutId);\n if (error instanceof KeyEnvError) throw error;\n if (error instanceof Error && error.name === 'AbortError') {\n throw new KeyEnvError('Request timeout', 408);\n }\n throw new KeyEnvError(error instanceof Error ? error.message : 'Network error', 0);\n }\n }\n\n /* Get the current user or service token info /\n async getCurrentUser(): Promise<User> {\n const response = await this.request<{ data: User }>('GET', '/api/v1/users/me');\n return response.data;\n }\n\n /* Validate the token and return user info /\n async validateToken(): Promise<User> {\n return this.getCurrentUser();\n }\n\n /* List all accessible projects /\n async listProjects(): Promise<Project[]> {\n const response = await this.request<{ data: Project[] }>('GET', '/api/v1/projects');\n return response.data;\n }\n\n /* Get a project by ID /\n async getProject(projectId: string): Promise<ProjectWithEnvironments> {\n const response = await this.request<{ data: ProjectWithEnvironments }>('GET', `/api/v1/projects/${projectId}`);\n return response.data;\n }\n\n /* Create a new project /\n async createProject(teamId: string, name: string): Promise<Project> {\n const response = await this.request<{ data: Project }>('POST', '/api/v1/projects', { team_id: teamId, name });\n return response.data;\n }\n\n /* Delete a project /\n async deleteProject(projectId: string): Promise<void> {\n await this.request<void>('DELETE', `/api/v1/projects/${projectId}`);\n }\n\n /* List environments in a project /\n async listEnvironments(projectId: string): Promise<Environment[]> {\n const response = await this.request<{ data: Environment[] }>(\n 'GET', `/api/v1/projects/${projectId}/environments`\n );\n return response.data;\n }\n\n /* Create a new environment /\n async createEnvironment(projectId: string, name: string, inheritsFrom?: string): Promise<Environment> {\n const response = await this.request<{ data: Environment }>(\n 'POST', `/api/v1/projects/${projectId}/environments`,\n { name, inherits_from: inheritsFrom }\n );\n return response.data;\n }\n\n /* Delete an environment /\n async deleteEnvironment(projectId: string, environment: string): Promise<void> {\n await this.request<void>('DELETE', `/api/v1/projects/${projectId}/environments/${environment}`);\n }\n\n /* List secrets in an environment (keys and metadata only) /\n async listSecrets(projectId: string, environment: string): Promise<Secret[]> {\n const response = await this.request<{ data: Secret[] }>(\n 'GET', `/api/v1/projects/${projectId}/environments/${environment}/secrets`\n );\n return response.data;\n }\n\n /\n Export all secrets with their decrypted values.\n * Results are cached when cacheTtl > 0.\n * @example\n * ```ts\n * const secrets = await client.exportSecrets('project-id', 'production');\n * for (const secret of secrets) {\n * process.env[secret.key] = secret.value;\n * }\n * ```\n /\n async exportSecrets(projectId: string, environment: string): Promise<SecretWithValue[]> {\n const cacheKey = getCacheKey(projectId, environment);\n\n // Check cache if TTL > 0\n if (this.cacheTtl > 0) {\n const cached = this.secretsCache.get(cacheKey);\n if (cached && Date.now() < cached.expiresAt) {\n return cached.secrets;\n }\n // Delete expired entry to prevent memory leaks\n if (cached) {\n this.secretsCache.delete(cacheKey);\n }\n }\n\n const response = await this.request<{ data: SecretWithValue[] }>(\n 'GET', `/api/v1/projects/${projectId}/environments/${environment}/secrets/export`\n );\n\n // Store in cache if TTL > 0\n if (this.cacheTtl > 0) {\n this.secretsCache.set(cacheKey, {\n secrets: response.data,\n expiresAt: Date.now() + (this.cacheTtl 1000),\n });\n }\n\n return response.data;\n }\n\n /*\n Export secrets as a key-value object\n * @example\n * ```ts\n * const env = await client.exportSecretsAsObject('project-id', 'production');\n * // { DATABASE_URL: '...', API_KEY: '...' }\n * ```\n /\n async exportSecretsAsObject(projectId: string, environment: string): Promise<Record<string, string>> {\n const secrets = await this.exportSecrets(projectId, environment);\n return Object.fromEntries(secrets.map((s) => [s.key, s.value]));\n }\n\n /* Get a single secret with its value /\n async getSecret(projectId: string, environment: string, key: string): Promise<SecretWithValue> {\n const response = await this.request<{ data: SecretWithValue }>(\n 'GET', `/api/v1/projects/${projectId}/environments/${environment}/secrets/${key}`\n );\n return response.data;\n }\n\n /* Create a new secret /\n async createSecret(\n projectId: string, environment: string, key: string, value: string, description?: string\n ): Promise<Secret> {\n const response = await this.request<{ data: Secret }>(\n 'POST', `/api/v1/projects/${projectId}/environments/${environment}/secrets`,\n { key, value, description }\n );\n this.clearCache(projectId, environment);\n return response.data;\n }\n\n /* Update a secret's value /\n async updateSecret(\n projectId: string, environment: string, key: string, value: string, description?: string\n ): Promise<Secret> {\n const response = await this.request<{ data: Secret }>(\n 'PUT', `/api/v1/projects/${projectId}/environments/${environment}/secrets/${key}`,\n { value, description }\n );\n this.clearCache(projectId, environment);\n return response.data;\n }\n\n /* Set a secret (create or update) /\n async setSecret(\n projectId: string, environment: string, key: string, value: string, description?: string\n ): Promise<Secret> {\n try {\n return await this.updateSecret(projectId, environment, key, value, description);\n } catch (error) {\n if (error instanceof KeyEnvError && error.status === 404) {\n return this.createSecret(projectId, environment, key, value, description);\n }\n throw error;\n }\n }\n\n /* Delete a secret /\n async deleteSecret(projectId: string, environment: string, key: string): Promise<void> {\n await this.request<void>(\n 'DELETE', `/api/v1/projects/${projectId}/environments/${environment}/secrets/${key}`\n );\n this.clearCache(projectId, environment);\n }\n\n /* Get secret version history /\n async getSecretHistory(projectId: string, environment: string, key: string): Promise<SecretHistory[]> {\n const response = await this.request<{ data: SecretHistory[] }>(\n 'GET', `/api/v1/projects/${projectId}/environments/${environment}/secrets/${key}/history`\n );\n return response.data;\n }\n\n /\n Bulk import secrets\n * @example\n * ```ts\n * await client.bulkImport('project-id', 'development', [\n * { key: 'DATABASE_URL', value: 'postgres://...' },\n * { key: 'API_KEY', value: 'sk_...' },\n * ], { overwrite: true });\n * ```\n /\n async bulkImport(\n projectId: string, environment: string, secrets: BulkSecretItem[], options: { overwrite?: boolean } = {}\n ): Promise<BulkImportResult> {\n const response = await this.request<{ data: BulkImportResult }>(\n 'POST', `/api/v1/projects/${projectId}/environments/${environment}/secrets/bulk`,\n { secrets, overwrite: options.overwrite ?? false }\n );\n this.clearCache(projectId, environment);\n return response.data;\n }\n\n /\n Load secrets into process.env\n * @example\n * ```ts\n * await client.loadEnv('project-id', 'production');\n * console.log(process.env.DATABASE_URL);\n * ```\n /\n async loadEnv(projectId: string, environment: string): Promise<number> {\n const secrets = await this.exportSecrets(projectId, environment);\n for (const secret of secrets) {\n process.env[secret.key] = secret.value;\n }\n return secrets.length;\n }\n\n /* Generate .env file content from secrets /\n async generateEnvFile(projectId: string, environment: string): Promise<string> {\n const secrets = await this.exportSecrets(projectId, environment);\n const lines = [\n '# Generated by KeyEnv',\n `# Environment: ${environment}`,\n `# Generated at: ${new Date().toISOString()}`,\n '',\n ];\n\n for (const secret of secrets) {\n const value = secret.value;\n if (value.includes('\\n') \|\| value.includes('\"') \|\| value.includes(\"'\") \|\| value.includes(' ') \|\| value.includes('$')) {\n const escaped = value.replace(/\\\\/g, '\\\\\\\\').replace(/\"/g, '\\\\\"').replace(/\\n/g, '\\\\n').replace(/\\$/g, '\\\\$');\n lines.push(`${secret.key}=\"${escaped}\"`);\n } else {\n lines.push(`${secret.key}=${value}`);\n }\n }\n\n return lines.join('\\n') + '\\n';\n }\n\n /\n Clear the secrets cache.\n * @param projectId - Clear cache for specific project (optional)\n * @param environment - Clear cache for specific environment (requires projectId)\n /\n clearCache(projectId?: string, environment?: string): void {\n if (projectId && environment) {\n this.secretsCache.delete(getCacheKey(projectId, environment));\n } else if (projectId) {\n // Clear all environments for this project\n for (const key of this.secretsCache.keys()) {\n if (key.startsWith(`${projectId}:`)) {\n this.secretsCache.delete(key);\n }\n }\n } else {\n this.secretsCache.clear();\n }\n }\n\n // ============================================================================\n // Environment Permission Management\n // ============================================================================\n\n /\n List all permissions for an environment.\n * @param projectId - The project ID\n * @param environment - The environment name\n * @returns Array of environment permissions\n * @example\n * ```ts\n * const permissions = await client.listPermissions('project-id', 'production');\n * for (const perm of permissions) {\n * console.log(`${perm.user_email}: ${perm.role}`);\n * }\n * ```\n /\n async listPermissions(projectId: string, environment: string): Promise<EnvironmentPermission[]> {\n const response = await this.request<{ data: EnvironmentPermission[] }>(\n 'GET', `/api/v1/projects/${projectId}/environments/${environment}/permissions`\n );\n return response.data;\n }\n\n /\n Set a user's permission for an environment.\n * @param projectId - The project ID\n * @param environment - The environment name\n * @param userId - The user ID to set permission for\n * @param role - The permission role ('none', 'read', 'write', or 'admin')\n * @returns The created or updated permission\n * @example\n * ```ts\n * const permission = await client.setPermission('project-id', 'production', 'user-id', 'write');\n * console.log(`Set ${permission.user_email} to ${permission.role}`);\n * ```\n /\n async setPermission(\n projectId: string, environment: string, userId: string, role: EnvironmentRole\n ): Promise<EnvironmentPermission> {\n const response = await this.request<{ data: EnvironmentPermission }>(\n 'PUT', `/api/v1/projects/${projectId}/environments/${environment}/permissions/${userId}`,\n { role }\n );\n return response.data;\n }\n\n /\n Delete a user's permission for an environment.\n * @param projectId - The project ID\n * @param environment - The environment name\n * @param userId - The user ID to delete permission for\n * @example\n * ```ts\n * await client.deletePermission('project-id', 'production', 'user-id');\n * ```\n /\n async deletePermission(projectId: string, environment: string, userId: string): Promise<void> {\n await this.request<void>(\n 'DELETE', `/api/v1/projects/${projectId}/environments/${environment}/permissions/${userId}`\n );\n }\n\n /\n Bulk set permissions for multiple users in an environment.\n * @param projectId - The project ID\n * @param environment - The environment name\n * @param permissions - Array of user permissions to set\n * @returns Array of created or updated permissions\n * @example\n * ```ts\n * const permissions = await client.bulkSetPermissions('project-id', 'production', [\n * { userId: 'user-1', role: 'write' },\n * { userId: 'user-2', role: 'read' },\n * ]);\n * ```\n /\n async bulkSetPermissions(\n projectId: string, environment: string, permissions: Array<{ userId: string; role: EnvironmentRole }>\n ): Promise<EnvironmentPermission[]> {\n const response = await this.request<{ data: EnvironmentPermission[] }>(\n 'PUT', `/api/v1/projects/${projectId}/environments/${environment}/permissions`,\n { permissions: permissions.map(p => ({ user_id: p.userId, role: p.role })) }\n );\n return response.data;\n }\n\n /\n Get the current user's permissions for all environments in a project.\n * @param projectId - The project ID\n * @returns The user's permissions and team admin status\n * @example\n * ```ts\n * const { permissions, is_team_admin } = await client.getMyPermissions('project-id');\n * for (const perm of permissions) {\n * console.log(`${perm.environment_name}: ${perm.role} (can_write: ${perm.can_write})`);\n * }\n * ```\n /\n async getMyPermissions(projectId: string): Promise<MyPermissionsResponse> {\n return this.request<MyPermissionsResponse>('GET', `/api/v1/projects/${projectId}/my-permissions`);\n }\n\n /\n Get default permission settings for a project's environments.\n * @param projectId - The project ID\n * @returns Array of project default permissions\n * @example\n * ```ts\n * const defaults = await client.getProjectDefaults('project-id');\n * for (const def of defaults) {\n * console.log(`${def.environment_name}: ${def.default_role}`);\n * }\n * ```\n /\n async getProjectDefaults(projectId: string): Promise<ProjectDefault[]> {\n const response = await this.request<{ data: ProjectDefault[] }>(\n 'GET', `/api/v1/projects/${projectId}/permissions/defaults`\n );\n return response.data;\n }\n\n /\n Set default permission settings for a project's environments.\n * @param projectId - The project ID\n * @param defaults - Array of default permissions to set\n * @returns Array of updated project default permissions\n * @example\n * ```ts\n * const defaults = await client.setProjectDefaults('project-id', [\n * { environmentName: 'development', defaultRole: 'write' },\n * { environmentName: 'production', defaultRole: 'read' },\n * ]);\n * ```\n */\n async setProjectDefaults(\n projectId: string, defaults: Array<{ environmentName: string; defaultRole: EnvironmentRole }>\n ): Promise<ProjectDefault[]> {\n const response = await this.request<{ data: ProjectDefault[] }>(\n 'PUT', `/api/v1/projects/${projectId}/permissions/defaults`,\n { defaults: defaults.map(d => ({ environment_name: d.environmentName, default_role: d.defaultRole })) }\n );\n return response.data;\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACwGO,IAAM,cAAN,cAA0B,MAAM;AAAA,EACrB;AAAA,EACA;AAAA,EACA;AAAA,EAEhB,YAAY,SAAiB,QAAgB,MAAe,SAAmC;AAC7F,UAAM,OAAO;AACb,SAAK,OAAO;AACZ,SAAK,SAAS;AACd,SAAK,OAAO;AACZ,SAAK,UAAU;AAAA,EACjB;AACF;;;ACjGA,IAAM,mBAAmB;AACzB,IAAM,kBAAkB;AAExB,SAAS,YAAY,WAAmB,aAA6B;AACnE,SAAO,GAAG,SAAS,IAAI,WAAW;AACpC;AAeO,IAAM,SAAN,MAAa;AAAA,EACD;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,eAAe,oBAAI,IAA+D;AAAA,EAEnG,YAAY,SAAwB;AAClC,QAAI,CAAC,QAAQ,OAAO;AAClB,YAAM,IAAI,MAAM,0BAA0B;AAAA,IAC5C;AACA,SAAK,QAAQ,QAAQ;AAErB,SAAK,WAAW,QAAQ,WAAW,QAAQ,IAAI,kBAAkB,kBAAkB,QAAQ,QAAQ,EAAE;AACrG,SAAK,UAAU,QAAQ,WAAW;AAElC,SAAK,WAAW,QAAQ,aACrB,QAAQ,IAAI,mBAAmB,SAAS,QAAQ,IAAI,kBAAkB,EAAE,IAAI;AAAA,EACjF;AAAA,EAEA,MAAc,QAAW,QAAgB,MAAc,MAA4B;AACjF,UAAM,MAAM,GAAG,KAAK,OAAO,GAAG,IAAI;AAClC,UAAM,aAAa,IAAI,gBAAgB;AACvC,UAAM,YAAY,WAAW,MAAM,WAAW,MAAM,GAAG,KAAK,OAAO;AAEnE,QAAI;AACF,YAAM,WAAW,MAAM,MAAM,KAAK;AAAA,QAChC;AAAA,QACA,SAAS;AAAA,UACP,iBAAiB,UAAU,KAAK,KAAK;AAAA,UACrC,gBAAgB;AAAA,UAChB,cAAc;AAAA,QAChB;AAAA,QACA,MAAM,OAAO,KAAK,UAAU,IAAI,IAAI;AAAA,QACpC,QAAQ,WAAW;AAAA,MACrB,CAAC;AAED,mBAAa,SAAS;AAEtB,UAAI,CAAC,SAAS,IAAI;AAChB,YAAI,YAAsB,EAAE,OAAO,gBAAgB;AACnD,YAAI;AACF,sBAAY,MAAM,SAAS,KAAK;AAAA,QAClC,QAAQ;AACN,sBAAY,EAAE,OAAO,SAAS,WAAW;AAAA,QAC3C;AACA,cAAM,IAAI,YAAY,UAAU,OAAO,SAAS,QAAQ,UAAU,MAAM,UAAU,OAAO;AAAA,MAC3F;AAEA,UAAI,SAAS,WAAW,KAAK;AAC3B,eAAO;AAAA,MACT;AAEA,aAAO,SAAS,KAAK;AAAA,IACvB,SAAS,OAAO;AACd,mBAAa,SAAS;AACtB,UAAI,iBAAiB,YAAa,OAAM;AACxC,UAAI,iBAAiB,SAAS,MAAM,SAAS,cAAc;AACzD,cAAM,IAAI,YAAY,mBAAmB,GAAG;AAAA,MAC9C;AACA,YAAM,IAAI,YAAY,iBAAiB,QAAQ,MAAM,UAAU,iBAAiB,CAAC;AAAA,IACnF;AAAA,EACF;AAAA;AAAA,EAGA,MAAM,iBAAgC;AACpC,UAAM,WAAW,MAAM,KAAK,QAAwB,OAAO,kBAAkB;AAC7E,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA,EAGA,MAAM,gBAA+B;AACnC,WAAO,KAAK,eAAe;AAAA,EAC7B;AAAA;AAAA,EAGA,MAAM,eAAmC;AACvC,UAAM,WAAW,MAAM,KAAK,QAA6B,OAAO,kBAAkB;AAClF,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA,EAGA,MAAM,WAAW,WAAqD;AACpE,UAAM,WAAW,MAAM,KAAK,QAA2C,OAAO,oBAAoB,SAAS,EAAE;AAC7G,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA,EAGA,MAAM,cAAc,QAAgB,MAAgC;AAClE,UAAM,WAAW,MAAM,KAAK,QAA2B,QAAQ,oBAAoB,EAAE,SAAS,QAAQ,KAAK,CAAC;AAC5G,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA,EAGA,MAAM,cAAc,WAAkC;AACpD,UAAM,KAAK,QAAc,UAAU,oBAAoB,SAAS,EAAE;AAAA,EACpE;AAAA;AAAA,EAGA,MAAM,iBAAiB,WAA2C;AAChE,UAAM,WAAW,MAAM,KAAK;AAAA,MAC1B;AAAA,MAAO,oBAAoB,SAAS;AAAA,IACtC;AACA,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA,EAGA,MAAM,kBAAkB,WAAmB,MAAc,cAA6C;AACpG,UAAM,WAAW,MAAM,KAAK;AAAA,MAC1B;AAAA,MAAQ,oBAAoB,SAAS;AAAA,MACrC,EAAE,MAAM,eAAe,aAAa;AAAA,IACtC;AACA,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA,EAGA,MAAM,kBAAkB,WAAmB,aAAoC;AAC7E,UAAM,KAAK,QAAc,UAAU,oBAAoB,SAAS,iBAAiB,WAAW,EAAE;AAAA,EAChG;AAAA;AAAA,EAGA,MAAM,YAAY,WAAmB,aAAwC;AAC3E,UAAM,WAAW,MAAM,KAAK;AAAA,MAC1B;AAAA,MAAO,oBAAoB,SAAS,iBAAiB,WAAW;AAAA,IAClE;AACA,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAaA,MAAM,cAAc,WAAmB,aAAiD;AACtF,UAAM,WAAW,YAAY,WAAW,WAAW;AAGnD,QAAI,KAAK,WAAW,GAAG;AACrB,YAAM,SAAS,KAAK,aAAa,IAAI,QAAQ;AAC7C,UAAI,UAAU,KAAK,IAAI,IAAI,OAAO,WAAW;AAC3C,eAAO,OAAO;AAAA,MAChB;AAEA,UAAI,QAAQ;AACV,aAAK,aAAa,OAAO,QAAQ;AAAA,MACnC;AAAA,IACF;AAEA,UAAM,WAAW,MAAM,KAAK;AAAA,MAC1B;AAAA,MAAO,oBAAoB,SAAS,iBAAiB,WAAW;AAAA,IAClE;AAGA,QAAI,KAAK,WAAW,GAAG;AACrB,WAAK,aAAa,IAAI,UAAU;AAAA,QAC9B,SAAS,SAAS;AAAA,QAClB,WAAW,KAAK,IAAI,IAAK,KAAK,WAAW;AAAA,MAC3C,CAAC;AAAA,IACH;AAEA,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAM,sBAAsB,WAAmB,aAAsD;AACnG,UAAM,UAAU,MAAM,KAAK,cAAc,WAAW,WAAW;AAC/D,WAAO,OAAO,YAAY,QAAQ,IAAI,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC;AAAA,EAChE;AAAA;AAAA,EAGA,MAAM,UAAU,WAAmB,aAAqB,KAAuC;AAC7F,UAAM,WAAW,MAAM,KAAK;AAAA,MAC1B;AAAA,MAAO,oBAAoB,SAAS,iBAAiB,WAAW,YAAY,GAAG;AAAA,IACjF;AACA,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA,EAGA,MAAM,aACJ,WAAmB,aAAqB,KAAa,OAAe,aACnD;AACjB,UAAM,WAAW,MAAM,KAAK;AAAA,MAC1B;AAAA,MAAQ,oBAAoB,SAAS,iBAAiB,WAAW;AAAA,MACjE,EAAE,KAAK,OAAO,YAAY;AAAA,IAC5B;AACA,SAAK,WAAW,WAAW,WAAW;AACtC,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA,EAGA,MAAM,aACJ,WAAmB,aAAqB,KAAa,OAAe,aACnD;AACjB,UAAM,WAAW,MAAM,KAAK;AAAA,MAC1B;AAAA,MAAO,oBAAoB,SAAS,iBAAiB,WAAW,YAAY,GAAG;AAAA,MAC/E,EAAE,OAAO,YAAY;AAAA,IACvB;AACA,SAAK,WAAW,WAAW,WAAW;AACtC,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA,EAGA,MAAM,UACJ,WAAmB,aAAqB,KAAa,OAAe,aACnD;AACjB,QAAI;AACF,aAAO,MAAM,KAAK,aAAa,WAAW,aAAa,KAAK,OAAO,WAAW;AAAA,IAChF,SAAS,OAAO;AACd,UAAI,iBAAiB,eAAe,MAAM,WAAW,KAAK;AACxD,eAAO,KAAK,aAAa,WAAW,aAAa,KAAK,OAAO,WAAW;AAAA,MAC1E;AACA,YAAM;AAAA,IACR;AAAA,EACF;AAAA;AAAA,EAGA,MAAM,aAAa,WAAmB,aAAqB,KAA4B;AACrF,UAAM,KAAK;AAAA,MACT;AAAA,MAAU,oBAAoB,SAAS,iBAAiB,WAAW,YAAY,GAAG;AAAA,IACpF;AACA,SAAK,WAAW,WAAW,WAAW;AAAA,EACxC;AAAA;AAAA,EAGA,MAAM,iBAAiB,WAAmB,aAAqB,KAAuC;AACpG,UAAM,WAAW,MAAM,KAAK;AAAA,MAC1B;AAAA,MAAO,oBAAoB,SAAS,iBAAiB,WAAW,YAAY,GAAG;AAAA,IACjF;AACA,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYA,MAAM,WACJ,WAAmB,aAAqB,SAA2B,UAAmC,CAAC,GAC5E;AAC3B,UAAM,WAAW,MAAM,KAAK;AAAA,MAC1B;AAAA,MAAQ,oBAAoB,SAAS,iBAAiB,WAAW;AAAA,MACjE,EAAE,SAAS,WAAW,QAAQ,aAAa,MAAM;AAAA,IACnD;AACA,SAAK,WAAW,WAAW,WAAW;AACtC,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAM,QAAQ,WAAmB,aAAsC;AACrE,UAAM,UAAU,MAAM,KAAK,cAAc,WAAW,WAAW;AAC/D,eAAW,UAAU,SAAS;AAC5B,cAAQ,IAAI,OAAO,GAAG,IAAI,OAAO;AAAA,IACnC;AACA,WAAO,QAAQ;AAAA,EACjB;AAAA;AAAA,EAGA,MAAM,gBAAgB,WAAmB,aAAsC;AAC7E,UAAM,UAAU,MAAM,KAAK,cAAc,WAAW,WAAW;AAC/D,UAAM,QAAQ;AAAA,MACZ;AAAA,MACA,kBAAkB,WAAW;AAAA,MAC7B,oBAAmB,oBAAI,KAAK,GAAE,YAAY,CAAC;AAAA,MAC3C;AAAA,IACF;AAEA,eAAW,UAAU,SAAS;AAC5B,YAAM,QAAQ,OAAO;AACrB,UAAI,MAAM,SAAS,IAAI,KAAK,MAAM,SAAS,GAAG,KAAK,MAAM,SAAS,GAAG,KAAK,MAAM,SAAS,GAAG,KAAK,MAAM,SAAS,GAAG,GAAG;AACpH,cAAM,UAAU,MAAM,QAAQ,OAAO,MAAM,EAAE,QAAQ,MAAM,KAAK,EAAE,QAAQ,OAAO,KAAK,EAAE,QAAQ,OAAO,KAAK;AAC5G,cAAM,KAAK,GAAG,OAAO,GAAG,KAAK,OAAO,GAAG;AAAA,MACzC,OAAO;AACL,cAAM,KAAK,GAAG,OAAO,GAAG,IAAI,KAAK,EAAE;AAAA,MACrC;AAAA,IACF;AAEA,WAAO,MAAM,KAAK,IAAI,IAAI;AAAA,EAC5B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,WAAW,WAAoB,aAA4B;AACzD,QAAI,aAAa,aAAa;AAC5B,WAAK,aAAa,OAAO,YAAY,WAAW,WAAW,CAAC;AAAA,IAC9D,WAAW,WAAW;AAEpB,iBAAW,OAAO,KAAK,aAAa,KAAK,GAAG;AAC1C,YAAI,IAAI,WAAW,GAAG,SAAS,GAAG,GAAG;AACnC,eAAK,aAAa,OAAO,GAAG;AAAA,QAC9B;AAAA,MACF;AAAA,IACF,OAAO;AACL,WAAK,aAAa,MAAM;AAAA,IAC1B;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAmBA,MAAM,gBAAgB,WAAmB,aAAuD;AAC9F,UAAM,WAAW,MAAM,KAAK;AAAA,MAC1B;AAAA,MAAO,oBAAoB,SAAS,iBAAiB,WAAW;AAAA,IAClE;AACA,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAeA,MAAM,cACJ,WAAmB,aAAqB,QAAgB,MACxB;AAChC,UAAM,WAAW,MAAM,KAAK;AAAA,MAC1B;AAAA,MAAO,oBAAoB,SAAS,iBAAiB,WAAW,gBAAgB,MAAM;AAAA,MACtF,EAAE,KAAK;AAAA,IACT;AACA,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYA,MAAM,iBAAiB,WAAmB,aAAqB,QAA+B;AAC5F,UAAM,KAAK;AAAA,MACT;AAAA,MAAU,oBAAoB,SAAS,iBAAiB,WAAW,gBAAgB,MAAM;AAAA,IAC3F;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAgBA,MAAM,mBACJ,WAAmB,aAAqB,aACN;AAClC,UAAM,WAAW,MAAM,KAAK;AAAA,MAC1B;AAAA,MAAO,oBAAoB,SAAS,iBAAiB,WAAW;AAAA,MAChE,EAAE,aAAa,YAAY,IAAI,QAAM,EAAE,SAAS,EAAE,QAAQ,MAAM,EAAE,KAAK,EAAE,EAAE;AAAA,IAC7E;AACA,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcA,MAAM,iBAAiB,WAAmD;AACxE,WAAO,KAAK,QAA+B,OAAO,oBAAoB,SAAS,iBAAiB;AAAA,EAClG;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcA,MAAM,mBAAmB,WAA8C;AACrE,UAAM,WAAW,MAAM,KAAK;AAAA,MAC1B;AAAA,MAAO,oBAAoB,SAAS;AAAA,IACtC;AACA,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAeA,MAAM,mBACJ,WAAmB,UACQ;AAC3B,UAAM,WAAW,MAAM,KAAK;AAAA,MAC1B;AAAA,MAAO,oBAAoB,SAAS;AAAA,MACpC,EAAE,UAAU,SAAS,IAAI,QAAM,EAAE,kBAAkB,EAAE,iBAAiB,cAAc,EAAE,YAAY,EAAE,EAAE;AAAA,IACxG;AACA,WAAO,SAAS;AAAA,EAClB;AACF;","names":[]}

package/dist/index.mjs CHANGED Viewed

@@ -13,26 +13,28 @@ var KeyEnvError = class extends Error {
 };
 // src/client.ts
-var BASE_URL = "https://api.keyenv.dev";
+var DEFAULT_BASE_URL = "https://api.keyenv.dev";
 var DEFAULT_TIMEOUT = 3e4;
-var secretsCache = /* @__PURE__ */ new Map();
 function getCacheKey(projectId, environment) {
   return `${projectId}:${environment}`;
 }
 var KeyEnv = class {
   token;
+  baseUrl;
   timeout;
   cacheTtl;
+  secretsCache = /* @__PURE__ */ new Map();
   constructor(options) {
     if (!options.token) {
       throw new Error("KeyEnv token is required");
     }
     this.token = options.token;
+    this.baseUrl = (options.baseUrl ?? process.env.KEYENV_API_URL ?? DEFAULT_BASE_URL).replace(/\/+$/, "");
     this.timeout = options.timeout || DEFAULT_TIMEOUT;
     this.cacheTtl = options.cacheTtl ?? (process.env.KEYENV_CACHE_TTL ? parseInt(process.env.KEYENV_CACHE_TTL, 10) : 0);
   }
   async request(method, path, body) {
-    const url = `${BASE_URL}${path}`;
+    const url = `${this.baseUrl}${path}`;
     const controller = new AbortController();
     const timeoutId = setTimeout(() => controller.abort(), this.timeout);
     try {
@@ -71,7 +73,8 @@ var KeyEnv = class {
   }
   /** Get the current user or service token info */
   async getCurrentUser() {
-    return this.request("GET", "/api/v1/users/me");
+    const response = await this.request("GET", "/api/v1/users/me");
+    return response.data;
   }
   /** Validate the token and return user info */
   async validateToken() {
@@ -80,15 +83,17 @@ var KeyEnv = class {
   /** List all accessible projects */
   async listProjects() {
     const response = await this.request("GET", "/api/v1/projects");
-    return response.projects;
+    return response.data;
   }
   /** Get a project by ID */
   async getProject(projectId) {
-    return this.request("GET", `/api/v1/projects/${projectId}`);
+    const response = await this.request("GET", `/api/v1/projects/${projectId}`);
+    return response.data;
   }
   /** Create a new project */
   async createProject(teamId, name) {
-    return this.request("POST", "/api/v1/projects", { team_id: teamId, name });
+    const response = await this.request("POST", "/api/v1/projects", { team_id: teamId, name });
+    return response.data;
   }
   /** Delete a project */
   async deleteProject(projectId) {
@@ -100,15 +105,16 @@ var KeyEnv = class {
       "GET",
       `/api/v1/projects/${projectId}/environments`
     );
-    return response.environments;
+    return response.data;
   }
   /** Create a new environment */
   async createEnvironment(projectId, name, inheritsFrom) {
-    return this.request(
+    const response = await this.request(
       "POST",
       `/api/v1/projects/${projectId}/environments`,
       { name, inherits_from: inheritsFrom }
     );
+    return response.data;
   }
   /** Delete an environment */
   async deleteEnvironment(projectId, environment) {
@@ -120,7 +126,7 @@ var KeyEnv = class {
       "GET",
       `/api/v1/projects/${projectId}/environments/${environment}/secrets`
     );
-    return response.secrets;
+    return response.data;
   }
   /**
    * Export all secrets with their decrypted values.
@@ -136,22 +142,25 @@ var KeyEnv = class {
   async exportSecrets(projectId, environment) {
     const cacheKey = getCacheKey(projectId, environment);
     if (this.cacheTtl > 0) {
-      const cached = secretsCache.get(cacheKey);
+      const cached = this.secretsCache.get(cacheKey);
       if (cached && Date.now() < cached.expiresAt) {
         return cached.secrets;
       }
+      if (cached) {
+        this.secretsCache.delete(cacheKey);
+      }
     }
     const response = await this.request(
       "GET",
       `/api/v1/projects/${projectId}/environments/${environment}/secrets/export`
     );
     if (this.cacheTtl > 0) {
-      secretsCache.set(cacheKey, {
-        secrets: response.secrets,
+      this.secretsCache.set(cacheKey, {
+        secrets: response.data,
         expiresAt: Date.now() + this.cacheTtl * 1e3
       });
     }
-    return response.secrets;
+    return response.data;
   }
   /**
    * Export secrets as a key-value object
@@ -171,7 +180,7 @@ var KeyEnv = class {
       "GET",
       `/api/v1/projects/${projectId}/environments/${environment}/secrets/${key}`
     );
-    return response.secret;
+    return response.data;
   }
   /** Create a new secret */
   async createSecret(projectId, environment, key, value, description) {
@@ -181,7 +190,7 @@ var KeyEnv = class {
       { key, value, description }
     );
     this.clearCache(projectId, environment);
-    return response.secret;
+    return response.data;
   }
   /** Update a secret's value */
   async updateSecret(projectId, environment, key, value, description) {
@@ -191,7 +200,7 @@ var KeyEnv = class {
       { value, description }
     );
     this.clearCache(projectId, environment);
-    return response.secret;
+    return response.data;
   }
   /** Set a secret (create or update) */
   async setSecret(projectId, environment, key, value, description) {
@@ -218,7 +227,7 @@ var KeyEnv = class {
       "GET",
       `/api/v1/projects/${projectId}/environments/${environment}/secrets/${key}/history`
     );
-    return response.history;
+    return response.data;
   }
   /**
    * Bulk import secrets
@@ -231,13 +240,13 @@ var KeyEnv = class {
    * ```
    */
   async bulkImport(projectId, environment, secrets, options = {}) {
-    const result = await this.request(
+    const response = await this.request(
       "POST",
       `/api/v1/projects/${projectId}/environments/${environment}/secrets/bulk`,
       { secrets, overwrite: options.overwrite ?? false }
     );
     this.clearCache(projectId, environment);
-    return result;
+    return response.data;
   }
   /**
    * Load secrets into process.env
@@ -265,8 +274,8 @@ var KeyEnv = class {
     ];
     for (const secret of secrets) {
       const value = secret.value;
-      if (value.includes("\n") || value.includes('"') || value.includes("'") || value.includes(" ")) {
-        const escaped = value.replace(/\\/g, "\\\\").replace(/"/g, '\\"');
+      if (value.includes("\n") || value.includes('"') || value.includes("'") || value.includes(" ") || value.includes("$")) {
+        const escaped = value.replace(/\\/g, "\\\\").replace(/"/g, '\\"').replace(/\n/g, "\\n").replace(/\$/g, "\\$");
         lines.push(`${secret.key}="${escaped}"`);
       } else {
         lines.push(`${secret.key}=${value}`);
@@ -281,15 +290,15 @@ var KeyEnv = class {
    */
   clearCache(projectId, environment) {
     if (projectId && environment) {
-      secretsCache.delete(getCacheKey(projectId, environment));
+      this.secretsCache.delete(getCacheKey(projectId, environment));
     } else if (projectId) {
-      for (const key of secretsCache.keys()) {
+      for (const key of this.secretsCache.keys()) {
         if (key.startsWith(`${projectId}:`)) {
-          secretsCache.delete(key);
+          this.secretsCache.delete(key);
         }
       }
     } else {
-      secretsCache.clear();
+      this.secretsCache.clear();
     }
   }
   // ============================================================================
@@ -313,7 +322,7 @@ var KeyEnv = class {
       "GET",
       `/api/v1/projects/${projectId}/environments/${environment}/permissions`
     );
-    return response.permissions;
+    return response.data;
   }
   /**
    * Set a user's permission for an environment.
@@ -334,7 +343,7 @@ var KeyEnv = class {
       `/api/v1/projects/${projectId}/environments/${environment}/permissions/${userId}`,
       { role }
     );
-    return response.permission;
+    return response.data;
   }
   /**
    * Delete a user's permission for an environment.
@@ -372,7 +381,7 @@ var KeyEnv = class {
       `/api/v1/projects/${projectId}/environments/${environment}/permissions`,
       { permissions: permissions.map((p) => ({ user_id: p.userId, role: p.role })) }
     );
-    return response.permissions;
+    return response.data;
   }
   /**
    * Get the current user's permissions for all environments in a project.
@@ -406,7 +415,7 @@ var KeyEnv = class {
       "GET",
       `/api/v1/projects/${projectId}/permissions/defaults`
     );
-    return response.defaults;
+    return response.data;
   }
   /**
    * Set default permission settings for a project's environments.
@@ -427,7 +436,7 @@ var KeyEnv = class {
       `/api/v1/projects/${projectId}/permissions/defaults`,
       { defaults: defaults.map((d) => ({ environment_name: d.environmentName, default_role: d.defaultRole })) }
     );
-    return response.defaults;
+    return response.data;
   }
 };
 export {

package/dist/index.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../src/types.ts","../src/client.ts"],"sourcesContent":["/** KeyEnv client configuration options /\nexport interface KeyEnvOptions {\n /* Service token for authentication /\n token: string;\n /* Request timeout in milliseconds (default: 30000) /\n timeout?: number;\n /* Cache TTL in seconds for exportSecrets/loadEnv (default: 0 = disabled). Also configurable via KEYENV_CACHE_TTL env var. /\n cacheTtl?: number;\n}\n\n/* User or service token info /\nexport interface User {\n id: string;\n email?: string;\n name?: string;\n clerk_id?: string;\n avatar_url?: string;\n /* Present for service tokens /\n auth_type?: 'service_token' \| 'user';\n /* Team ID (for service tokens) /\n team_id?: string;\n /* Project IDs (for project-scoped service tokens) /\n project_ids?: string[];\n /* Token scopes (for service tokens) /\n scopes?: string[];\n created_at: string;\n}\n\n/* Project /\nexport interface Project {\n id: string;\n team_id: string;\n name: string;\n slug: string;\n description?: string;\n created_at: string;\n}\n\n/* Environment /\nexport interface Environment {\n id: string;\n project_id: string;\n name: string;\n inherits_from?: string;\n created_at: string;\n}\n\n/* Project with environments /\nexport interface ProjectWithEnvironments extends Project {\n environments: Environment[];\n}\n\n/* Secret (without value) /\nexport interface Secret {\n id: string;\n environment_id: string;\n key: string;\n type: string;\n description?: string;\n version: number;\n created_at: string;\n updated_at: string;\n}\n\n/* Secret with decrypted value /\nexport interface SecretWithValue extends Secret {\n value: string;\n inherited_from?: string;\n}\n\n/* Secret history entry /\nexport interface SecretHistory {\n id: string;\n secret_id: string;\n value: string;\n version: number;\n changed_by?: string;\n changed_at: string;\n}\n\n/* Bulk import request item /\nexport interface BulkSecretItem {\n key: string;\n value: string;\n description?: string;\n}\n\n/* Bulk import result /\nexport interface BulkImportResult {\n created: number;\n updated: number;\n skipped: number;\n}\n\n/* API error response /\nexport interface ApiError {\n error: string;\n code?: string;\n details?: Record<string, unknown>;\n}\n\n/* KeyEnv API error /\nexport class KeyEnvError extends Error {\n public readonly status: number;\n public readonly code?: string;\n public readonly details?: Record<string, unknown>;\n\n constructor(message: string, status: number, code?: string, details?: Record<string, unknown>) {\n super(message);\n this.name = 'KeyEnvError';\n this.status = status;\n this.code = code;\n this.details = details;\n }\n}\n\n/* Environment permission role /\nexport type EnvironmentRole = 'none' \| 'read' \| 'write' \| 'admin';\n\n/* Environment permission for a user /\nexport interface EnvironmentPermission {\n id: string;\n environment_id: string;\n user_id: string;\n role: EnvironmentRole;\n user_email?: string;\n user_name?: string;\n granted_by?: string;\n created_at: string;\n updated_at: string;\n}\n\n/* User's permission for an environment /\nexport interface MyPermission {\n environment_id: string;\n environment_name: string;\n role: EnvironmentRole;\n can_read: boolean;\n can_write: boolean;\n can_admin: boolean;\n}\n\n/* Response for getting user's permissions /\nexport interface MyPermissionsResponse {\n permissions: MyPermission[];\n is_team_admin: boolean;\n}\n\n/* Project default permission for an environment /\nexport interface ProjectDefault {\n id: string;\n project_id: string;\n environment_name: string;\n default_role: EnvironmentRole;\n created_at: string;\n}\n","import type {\n KeyEnvOptions,\n User,\n Project,\n ProjectWithEnvironments,\n Environment,\n Secret,\n SecretWithValue,\n SecretHistory,\n BulkSecretItem,\n BulkImportResult,\n ApiError,\n EnvironmentRole,\n EnvironmentPermission,\n MyPermissionsResponse,\n ProjectDefault,\n} from './types.js';\nimport { KeyEnvError } from './types.js';\n\nconst BASE_URL = 'https://api.keyenv.dev';\nconst DEFAULT_TIMEOUT = 30000;\n\n/* Module-level cache for secrets (survives across warm serverless invocations) /\nconst secretsCache = new Map<string, { secrets: SecretWithValue[]; expiresAt: number }>();\n\nfunction getCacheKey(projectId: string, environment: string): string {\n return `${projectId}:${environment}`;\n}\n\n/\n KeyEnv API client for managing secrets\n \n @example\n * ```ts\n * import { KeyEnv } from 'keyenv';\n \n const client = new KeyEnv({ token: process.env.KEYENV_TOKEN });\n \n // Export all secrets for an environment\n * const secrets = await client.exportSecrets('project-id', 'production');\n * ```\n /\nexport class KeyEnv {\n private readonly token: string;\n private readonly timeout: number;\n private readonly cacheTtl: number;\n\n constructor(options: KeyEnvOptions) {\n if (!options.token) {\n throw new Error('KeyEnv token is required');\n }\n this.token = options.token;\n this.timeout = options.timeout \|\| DEFAULT_TIMEOUT;\n // Cache TTL: constructor option → env var → 0 (disabled)\n this.cacheTtl = options.cacheTtl ??\n (process.env.KEYENV_CACHE_TTL ? parseInt(process.env.KEYENV_CACHE_TTL, 10) : 0);\n }\n\n private async request<T>(method: string, path: string, body?: unknown): Promise<T> {\n const url = `${BASE_URL}${path}`;\n const controller = new AbortController();\n const timeoutId = setTimeout(() => controller.abort(), this.timeout);\n\n try {\n const response = await fetch(url, {\n method,\n headers: {\n 'Authorization': `Bearer ${this.token}`,\n 'Content-Type': 'application/json',\n 'User-Agent': 'keyenv-node/1.0.0',\n },\n body: body ? JSON.stringify(body) : undefined,\n signal: controller.signal,\n });\n\n clearTimeout(timeoutId);\n\n if (!response.ok) {\n let errorData: ApiError = { error: 'Unknown error' };\n try {\n errorData = await response.json() as ApiError;\n } catch {\n errorData = { error: response.statusText };\n }\n throw new KeyEnvError(errorData.error, response.status, errorData.code, errorData.details);\n }\n\n if (response.status === 204) {\n return undefined as T;\n }\n\n return response.json() as Promise<T>;\n } catch (error) {\n clearTimeout(timeoutId);\n if (error instanceof KeyEnvError) throw error;\n if (error instanceof Error && error.name === 'AbortError') {\n throw new KeyEnvError('Request timeout', 408);\n }\n throw new KeyEnvError(error instanceof Error ? error.message : 'Network error', 0);\n }\n }\n\n /* Get the current user or service token info /\n async getCurrentUser(): Promise<User> {\n return this.request<User>('GET', '/api/v1/users/me');\n }\n\n /* Validate the token and return user info /\n async validateToken(): Promise<User> {\n return this.getCurrentUser();\n }\n\n /* List all accessible projects /\n async listProjects(): Promise<Project[]> {\n const response = await this.request<{ projects: Project[] }>('GET', '/api/v1/projects');\n return response.projects;\n }\n\n /* Get a project by ID /\n async getProject(projectId: string): Promise<ProjectWithEnvironments> {\n return this.request<ProjectWithEnvironments>('GET', `/api/v1/projects/${projectId}`);\n }\n\n /* Create a new project /\n async createProject(teamId: string, name: string): Promise<Project> {\n return this.request<Project>('POST', '/api/v1/projects', { team_id: teamId, name });\n }\n\n /* Delete a project /\n async deleteProject(projectId: string): Promise<void> {\n await this.request<void>('DELETE', `/api/v1/projects/${projectId}`);\n }\n\n /* List environments in a project /\n async listEnvironments(projectId: string): Promise<Environment[]> {\n const response = await this.request<{ environments: Environment[] }>(\n 'GET', `/api/v1/projects/${projectId}/environments`\n );\n return response.environments;\n }\n\n /* Create a new environment /\n async createEnvironment(projectId: string, name: string, inheritsFrom?: string): Promise<Environment> {\n return this.request<Environment>(\n 'POST', `/api/v1/projects/${projectId}/environments`,\n { name, inherits_from: inheritsFrom }\n );\n }\n\n /* Delete an environment /\n async deleteEnvironment(projectId: string, environment: string): Promise<void> {\n await this.request<void>('DELETE', `/api/v1/projects/${projectId}/environments/${environment}`);\n }\n\n /* List secrets in an environment (keys and metadata only) /\n async listSecrets(projectId: string, environment: string): Promise<Secret[]> {\n const response = await this.request<{ secrets: Secret[] }>(\n 'GET', `/api/v1/projects/${projectId}/environments/${environment}/secrets`\n );\n return response.secrets;\n }\n\n /\n Export all secrets with their decrypted values.\n * Results are cached when cacheTtl > 0.\n * @example\n * ```ts\n * const secrets = await client.exportSecrets('project-id', 'production');\n * for (const secret of secrets) {\n * process.env[secret.key] = secret.value;\n * }\n * ```\n /\n async exportSecrets(projectId: string, environment: string): Promise<SecretWithValue[]> {\n const cacheKey = getCacheKey(projectId, environment);\n\n // Check cache if TTL > 0\n if (this.cacheTtl > 0) {\n const cached = secretsCache.get(cacheKey);\n if (cached && Date.now() < cached.expiresAt) {\n return cached.secrets;\n }\n }\n\n const response = await this.request<{ secrets: SecretWithValue[] }>(\n 'GET', `/api/v1/projects/${projectId}/environments/${environment}/secrets/export`\n );\n\n // Store in cache if TTL > 0\n if (this.cacheTtl > 0) {\n secretsCache.set(cacheKey, {\n secrets: response.secrets,\n expiresAt: Date.now() + (this.cacheTtl 1000),\n });\n }\n\n return response.secrets;\n }\n\n /*\n Export secrets as a key-value object\n * @example\n * ```ts\n * const env = await client.exportSecretsAsObject('project-id', 'production');\n * // { DATABASE_URL: '...', API_KEY: '...' }\n * ```\n /\n async exportSecretsAsObject(projectId: string, environment: string): Promise<Record<string, string>> {\n const secrets = await this.exportSecrets(projectId, environment);\n return Object.fromEntries(secrets.map((s) => [s.key, s.value]));\n }\n\n /* Get a single secret with its value /\n async getSecret(projectId: string, environment: string, key: string): Promise<SecretWithValue> {\n const response = await this.request<{ secret: SecretWithValue }>(\n 'GET', `/api/v1/projects/${projectId}/environments/${environment}/secrets/${key}`\n );\n return response.secret;\n }\n\n /* Create a new secret /\n async createSecret(\n projectId: string, environment: string, key: string, value: string, description?: string\n ): Promise<Secret> {\n const response = await this.request<{ secret: Secret }>(\n 'POST', `/api/v1/projects/${projectId}/environments/${environment}/secrets`,\n { key, value, description }\n );\n this.clearCache(projectId, environment);\n return response.secret;\n }\n\n /* Update a secret's value /\n async updateSecret(\n projectId: string, environment: string, key: string, value: string, description?: string\n ): Promise<Secret> {\n const response = await this.request<{ secret: Secret }>(\n 'PUT', `/api/v1/projects/${projectId}/environments/${environment}/secrets/${key}`,\n { value, description }\n );\n this.clearCache(projectId, environment);\n return response.secret;\n }\n\n /* Set a secret (create or update) /\n async setSecret(\n projectId: string, environment: string, key: string, value: string, description?: string\n ): Promise<Secret> {\n try {\n return await this.updateSecret(projectId, environment, key, value, description);\n } catch (error) {\n if (error instanceof KeyEnvError && error.status === 404) {\n return this.createSecret(projectId, environment, key, value, description);\n }\n throw error;\n }\n }\n\n /* Delete a secret /\n async deleteSecret(projectId: string, environment: string, key: string): Promise<void> {\n await this.request<void>(\n 'DELETE', `/api/v1/projects/${projectId}/environments/${environment}/secrets/${key}`\n );\n this.clearCache(projectId, environment);\n }\n\n /* Get secret version history /\n async getSecretHistory(projectId: string, environment: string, key: string): Promise<SecretHistory[]> {\n const response = await this.request<{ history: SecretHistory[] }>(\n 'GET', `/api/v1/projects/${projectId}/environments/${environment}/secrets/${key}/history`\n );\n return response.history;\n }\n\n /\n Bulk import secrets\n * @example\n * ```ts\n * await client.bulkImport('project-id', 'development', [\n * { key: 'DATABASE_URL', value: 'postgres://...' },\n * { key: 'API_KEY', value: 'sk_...' },\n * ], { overwrite: true });\n * ```\n /\n async bulkImport(\n projectId: string, environment: string, secrets: BulkSecretItem[], options: { overwrite?: boolean } = {}\n ): Promise<BulkImportResult> {\n const result = await this.request<BulkImportResult>(\n 'POST', `/api/v1/projects/${projectId}/environments/${environment}/secrets/bulk`,\n { secrets, overwrite: options.overwrite ?? false }\n );\n this.clearCache(projectId, environment);\n return result;\n }\n\n /\n Load secrets into process.env\n * @example\n * ```ts\n * await client.loadEnv('project-id', 'production');\n * console.log(process.env.DATABASE_URL);\n * ```\n /\n async loadEnv(projectId: string, environment: string): Promise<number> {\n const secrets = await this.exportSecrets(projectId, environment);\n for (const secret of secrets) {\n process.env[secret.key] = secret.value;\n }\n return secrets.length;\n }\n\n /* Generate .env file content from secrets /\n async generateEnvFile(projectId: string, environment: string): Promise<string> {\n const secrets = await this.exportSecrets(projectId, environment);\n const lines = [\n '# Generated by KeyEnv',\n `# Environment: ${environment}`,\n `# Generated at: ${new Date().toISOString()}`,\n '',\n ];\n\n for (const secret of secrets) {\n const value = secret.value;\n if (value.includes('\\n') \|\| value.includes('\"') \|\| value.includes(\"'\") \|\| value.includes(' ')) {\n const escaped = value.replace(/\\\\/g, '\\\\\\\\').replace(/\"/g, '\\\\\"');\n lines.push(`${secret.key}=\"${escaped}\"`);\n } else {\n lines.push(`${secret.key}=${value}`);\n }\n }\n\n return lines.join('\\n') + '\\n';\n }\n\n /\n Clear the secrets cache.\n * @param projectId - Clear cache for specific project (optional)\n * @param environment - Clear cache for specific environment (requires projectId)\n /\n clearCache(projectId?: string, environment?: string): void {\n if (projectId && environment) {\n secretsCache.delete(getCacheKey(projectId, environment));\n } else if (projectId) {\n // Clear all environments for this project\n for (const key of secretsCache.keys()) {\n if (key.startsWith(`${projectId}:`)) {\n secretsCache.delete(key);\n }\n }\n } else {\n secretsCache.clear();\n }\n }\n\n // ============================================================================\n // Environment Permission Management\n // ============================================================================\n\n /\n List all permissions for an environment.\n * @param projectId - The project ID\n * @param environment - The environment name\n * @returns Array of environment permissions\n * @example\n * ```ts\n * const permissions = await client.listPermissions('project-id', 'production');\n * for (const perm of permissions) {\n * console.log(`${perm.user_email}: ${perm.role}`);\n * }\n * ```\n /\n async listPermissions(projectId: string, environment: string): Promise<EnvironmentPermission[]> {\n const response = await this.request<{ permissions: EnvironmentPermission[] }>(\n 'GET', `/api/v1/projects/${projectId}/environments/${environment}/permissions`\n );\n return response.permissions;\n }\n\n /\n Set a user's permission for an environment.\n * @param projectId - The project ID\n * @param environment - The environment name\n * @param userId - The user ID to set permission for\n * @param role - The permission role ('none', 'read', 'write', or 'admin')\n * @returns The created or updated permission\n * @example\n * ```ts\n * const permission = await client.setPermission('project-id', 'production', 'user-id', 'write');\n * console.log(`Set ${permission.user_email} to ${permission.role}`);\n * ```\n /\n async setPermission(\n projectId: string, environment: string, userId: string, role: EnvironmentRole\n ): Promise<EnvironmentPermission> {\n const response = await this.request<{ permission: EnvironmentPermission }>(\n 'PUT', `/api/v1/projects/${projectId}/environments/${environment}/permissions/${userId}`,\n { role }\n );\n return response.permission;\n }\n\n /\n Delete a user's permission for an environment.\n * @param projectId - The project ID\n * @param environment - The environment name\n * @param userId - The user ID to delete permission for\n * @example\n * ```ts\n * await client.deletePermission('project-id', 'production', 'user-id');\n * ```\n /\n async deletePermission(projectId: string, environment: string, userId: string): Promise<void> {\n await this.request<void>(\n 'DELETE', `/api/v1/projects/${projectId}/environments/${environment}/permissions/${userId}`\n );\n }\n\n /\n Bulk set permissions for multiple users in an environment.\n * @param projectId - The project ID\n * @param environment - The environment name\n * @param permissions - Array of user permissions to set\n * @returns Array of created or updated permissions\n * @example\n * ```ts\n * const permissions = await client.bulkSetPermissions('project-id', 'production', [\n * { userId: 'user-1', role: 'write' },\n * { userId: 'user-2', role: 'read' },\n * ]);\n * ```\n /\n async bulkSetPermissions(\n projectId: string, environment: string, permissions: Array<{ userId: string; role: EnvironmentRole }>\n ): Promise<EnvironmentPermission[]> {\n const response = await this.request<{ permissions: EnvironmentPermission[] }>(\n 'PUT', `/api/v1/projects/${projectId}/environments/${environment}/permissions`,\n { permissions: permissions.map(p => ({ user_id: p.userId, role: p.role })) }\n );\n return response.permissions;\n }\n\n /\n Get the current user's permissions for all environments in a project.\n * @param projectId - The project ID\n * @returns The user's permissions and team admin status\n * @example\n * ```ts\n * const { permissions, is_team_admin } = await client.getMyPermissions('project-id');\n * for (const perm of permissions) {\n * console.log(`${perm.environment_name}: ${perm.role} (can_write: ${perm.can_write})`);\n * }\n * ```\n /\n async getMyPermissions(projectId: string): Promise<MyPermissionsResponse> {\n return this.request<MyPermissionsResponse>('GET', `/api/v1/projects/${projectId}/my-permissions`);\n }\n\n /\n Get default permission settings for a project's environments.\n * @param projectId - The project ID\n * @returns Array of project default permissions\n * @example\n * ```ts\n * const defaults = await client.getProjectDefaults('project-id');\n * for (const def of defaults) {\n * console.log(`${def.environment_name}: ${def.default_role}`);\n * }\n * ```\n /\n async getProjectDefaults(projectId: string): Promise<ProjectDefault[]> {\n const response = await this.request<{ defaults: ProjectDefault[] }>(\n 'GET', `/api/v1/projects/${projectId}/permissions/defaults`\n );\n return response.defaults;\n }\n\n /\n Set default permission settings for a project's environments.\n * @param projectId - The project ID\n * @param defaults - Array of default permissions to set\n * @returns Array of updated project default permissions\n * @example\n * ```ts\n * const defaults = await client.setProjectDefaults('project-id', [\n * { environmentName: 'development', defaultRole: 'write' },\n * { environmentName: 'production', defaultRole: 'read' },\n * ]);\n * ```\n */\n async setProjectDefaults(\n projectId: string, defaults: Array<{ environmentName: string; defaultRole: EnvironmentRole }>\n ): Promise<ProjectDefault[]> {\n const response = await this.request<{ defaults: ProjectDefault[] }>(\n 'PUT', `/api/v1/projects/${projectId}/permissions/defaults`,\n { defaults: defaults.map(d => ({ environment_name: d.environmentName, default_role: d.defaultRole })) }\n );\n return response.defaults;\n }\n}\n"],"mappings":";AAsGO,IAAM,cAAN,cAA0B,MAAM;AAAA,EACrB;AAAA,EACA;AAAA,EACA;AAAA,EAEhB,YAAY,SAAiB,QAAgB,MAAe,SAAmC;AAC7F,UAAM,OAAO;AACb,SAAK,OAAO;AACZ,SAAK,SAAS;AACd,SAAK,OAAO;AACZ,SAAK,UAAU;AAAA,EACjB;AACF;;;AC/FA,IAAM,WAAW;AACjB,IAAM,kBAAkB;AAGxB,IAAM,eAAe,oBAAI,IAA+D;AAExF,SAAS,YAAY,WAAmB,aAA6B;AACnE,SAAO,GAAG,SAAS,IAAI,WAAW;AACpC;AAeO,IAAM,SAAN,MAAa;AAAA,EACD;AAAA,EACA;AAAA,EACA;AAAA,EAEjB,YAAY,SAAwB;AAClC,QAAI,CAAC,QAAQ,OAAO;AAClB,YAAM,IAAI,MAAM,0BAA0B;AAAA,IAC5C;AACA,SAAK,QAAQ,QAAQ;AACrB,SAAK,UAAU,QAAQ,WAAW;AAElC,SAAK,WAAW,QAAQ,aACrB,QAAQ,IAAI,mBAAmB,SAAS,QAAQ,IAAI,kBAAkB,EAAE,IAAI;AAAA,EACjF;AAAA,EAEA,MAAc,QAAW,QAAgB,MAAc,MAA4B;AACjF,UAAM,MAAM,GAAG,QAAQ,GAAG,IAAI;AAC9B,UAAM,aAAa,IAAI,gBAAgB;AACvC,UAAM,YAAY,WAAW,MAAM,WAAW,MAAM,GAAG,KAAK,OAAO;AAEnE,QAAI;AACF,YAAM,WAAW,MAAM,MAAM,KAAK;AAAA,QAChC;AAAA,QACA,SAAS;AAAA,UACP,iBAAiB,UAAU,KAAK,KAAK;AAAA,UACrC,gBAAgB;AAAA,UAChB,cAAc;AAAA,QAChB;AAAA,QACA,MAAM,OAAO,KAAK,UAAU,IAAI,IAAI;AAAA,QACpC,QAAQ,WAAW;AAAA,MACrB,CAAC;AAED,mBAAa,SAAS;AAEtB,UAAI,CAAC,SAAS,IAAI;AAChB,YAAI,YAAsB,EAAE,OAAO,gBAAgB;AACnD,YAAI;AACF,sBAAY,MAAM,SAAS,KAAK;AAAA,QAClC,QAAQ;AACN,sBAAY,EAAE,OAAO,SAAS,WAAW;AAAA,QAC3C;AACA,cAAM,IAAI,YAAY,UAAU,OAAO,SAAS,QAAQ,UAAU,MAAM,UAAU,OAAO;AAAA,MAC3F;AAEA,UAAI,SAAS,WAAW,KAAK;AAC3B,eAAO;AAAA,MACT;AAEA,aAAO,SAAS,KAAK;AAAA,IACvB,SAAS,OAAO;AACd,mBAAa,SAAS;AACtB,UAAI,iBAAiB,YAAa,OAAM;AACxC,UAAI,iBAAiB,SAAS,MAAM,SAAS,cAAc;AACzD,cAAM,IAAI,YAAY,mBAAmB,GAAG;AAAA,MAC9C;AACA,YAAM,IAAI,YAAY,iBAAiB,QAAQ,MAAM,UAAU,iBAAiB,CAAC;AAAA,IACnF;AAAA,EACF;AAAA;AAAA,EAGA,MAAM,iBAAgC;AACpC,WAAO,KAAK,QAAc,OAAO,kBAAkB;AAAA,EACrD;AAAA;AAAA,EAGA,MAAM,gBAA+B;AACnC,WAAO,KAAK,eAAe;AAAA,EAC7B;AAAA;AAAA,EAGA,MAAM,eAAmC;AACvC,UAAM,WAAW,MAAM,KAAK,QAAiC,OAAO,kBAAkB;AACtF,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA,EAGA,MAAM,WAAW,WAAqD;AACpE,WAAO,KAAK,QAAiC,OAAO,oBAAoB,SAAS,EAAE;AAAA,EACrF;AAAA;AAAA,EAGA,MAAM,cAAc,QAAgB,MAAgC;AAClE,WAAO,KAAK,QAAiB,QAAQ,oBAAoB,EAAE,SAAS,QAAQ,KAAK,CAAC;AAAA,EACpF;AAAA;AAAA,EAGA,MAAM,cAAc,WAAkC;AACpD,UAAM,KAAK,QAAc,UAAU,oBAAoB,SAAS,EAAE;AAAA,EACpE;AAAA;AAAA,EAGA,MAAM,iBAAiB,WAA2C;AAChE,UAAM,WAAW,MAAM,KAAK;AAAA,MAC1B;AAAA,MAAO,oBAAoB,SAAS;AAAA,IACtC;AACA,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA,EAGA,MAAM,kBAAkB,WAAmB,MAAc,cAA6C;AACpG,WAAO,KAAK;AAAA,MACV;AAAA,MAAQ,oBAAoB,SAAS;AAAA,MACrC,EAAE,MAAM,eAAe,aAAa;AAAA,IACtC;AAAA,EACF;AAAA;AAAA,EAGA,MAAM,kBAAkB,WAAmB,aAAoC;AAC7E,UAAM,KAAK,QAAc,UAAU,oBAAoB,SAAS,iBAAiB,WAAW,EAAE;AAAA,EAChG;AAAA;AAAA,EAGA,MAAM,YAAY,WAAmB,aAAwC;AAC3E,UAAM,WAAW,MAAM,KAAK;AAAA,MAC1B;AAAA,MAAO,oBAAoB,SAAS,iBAAiB,WAAW;AAAA,IAClE;AACA,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAaA,MAAM,cAAc,WAAmB,aAAiD;AACtF,UAAM,WAAW,YAAY,WAAW,WAAW;AAGnD,QAAI,KAAK,WAAW,GAAG;AACrB,YAAM,SAAS,aAAa,IAAI,QAAQ;AACxC,UAAI,UAAU,KAAK,IAAI,IAAI,OAAO,WAAW;AAC3C,eAAO,OAAO;AAAA,MAChB;AAAA,IACF;AAEA,UAAM,WAAW,MAAM,KAAK;AAAA,MAC1B;AAAA,MAAO,oBAAoB,SAAS,iBAAiB,WAAW;AAAA,IAClE;AAGA,QAAI,KAAK,WAAW,GAAG;AACrB,mBAAa,IAAI,UAAU;AAAA,QACzB,SAAS,SAAS;AAAA,QAClB,WAAW,KAAK,IAAI,IAAK,KAAK,WAAW;AAAA,MAC3C,CAAC;AAAA,IACH;AAEA,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAM,sBAAsB,WAAmB,aAAsD;AACnG,UAAM,UAAU,MAAM,KAAK,cAAc,WAAW,WAAW;AAC/D,WAAO,OAAO,YAAY,QAAQ,IAAI,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC;AAAA,EAChE;AAAA;AAAA,EAGA,MAAM,UAAU,WAAmB,aAAqB,KAAuC;AAC7F,UAAM,WAAW,MAAM,KAAK;AAAA,MAC1B;AAAA,MAAO,oBAAoB,SAAS,iBAAiB,WAAW,YAAY,GAAG;AAAA,IACjF;AACA,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA,EAGA,MAAM,aACJ,WAAmB,aAAqB,KAAa,OAAe,aACnD;AACjB,UAAM,WAAW,MAAM,KAAK;AAAA,MAC1B;AAAA,MAAQ,oBAAoB,SAAS,iBAAiB,WAAW;AAAA,MACjE,EAAE,KAAK,OAAO,YAAY;AAAA,IAC5B;AACA,SAAK,WAAW,WAAW,WAAW;AACtC,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA,EAGA,MAAM,aACJ,WAAmB,aAAqB,KAAa,OAAe,aACnD;AACjB,UAAM,WAAW,MAAM,KAAK;AAAA,MAC1B;AAAA,MAAO,oBAAoB,SAAS,iBAAiB,WAAW,YAAY,GAAG;AAAA,MAC/E,EAAE,OAAO,YAAY;AAAA,IACvB;AACA,SAAK,WAAW,WAAW,WAAW;AACtC,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA,EAGA,MAAM,UACJ,WAAmB,aAAqB,KAAa,OAAe,aACnD;AACjB,QAAI;AACF,aAAO,MAAM,KAAK,aAAa,WAAW,aAAa,KAAK,OAAO,WAAW;AAAA,IAChF,SAAS,OAAO;AACd,UAAI,iBAAiB,eAAe,MAAM,WAAW,KAAK;AACxD,eAAO,KAAK,aAAa,WAAW,aAAa,KAAK,OAAO,WAAW;AAAA,MAC1E;AACA,YAAM;AAAA,IACR;AAAA,EACF;AAAA;AAAA,EAGA,MAAM,aAAa,WAAmB,aAAqB,KAA4B;AACrF,UAAM,KAAK;AAAA,MACT;AAAA,MAAU,oBAAoB,SAAS,iBAAiB,WAAW,YAAY,GAAG;AAAA,IACpF;AACA,SAAK,WAAW,WAAW,WAAW;AAAA,EACxC;AAAA;AAAA,EAGA,MAAM,iBAAiB,WAAmB,aAAqB,KAAuC;AACpG,UAAM,WAAW,MAAM,KAAK;AAAA,MAC1B;AAAA,MAAO,oBAAoB,SAAS,iBAAiB,WAAW,YAAY,GAAG;AAAA,IACjF;AACA,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYA,MAAM,WACJ,WAAmB,aAAqB,SAA2B,UAAmC,CAAC,GAC5E;AAC3B,UAAM,SAAS,MAAM,KAAK;AAAA,MACxB;AAAA,MAAQ,oBAAoB,SAAS,iBAAiB,WAAW;AAAA,MACjE,EAAE,SAAS,WAAW,QAAQ,aAAa,MAAM;AAAA,IACnD;AACA,SAAK,WAAW,WAAW,WAAW;AACtC,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAM,QAAQ,WAAmB,aAAsC;AACrE,UAAM,UAAU,MAAM,KAAK,cAAc,WAAW,WAAW;AAC/D,eAAW,UAAU,SAAS;AAC5B,cAAQ,IAAI,OAAO,GAAG,IAAI,OAAO;AAAA,IACnC;AACA,WAAO,QAAQ;AAAA,EACjB;AAAA;AAAA,EAGA,MAAM,gBAAgB,WAAmB,aAAsC;AAC7E,UAAM,UAAU,MAAM,KAAK,cAAc,WAAW,WAAW;AAC/D,UAAM,QAAQ;AAAA,MACZ;AAAA,MACA,kBAAkB,WAAW;AAAA,MAC7B,oBAAmB,oBAAI,KAAK,GAAE,YAAY,CAAC;AAAA,MAC3C;AAAA,IACF;AAEA,eAAW,UAAU,SAAS;AAC5B,YAAM,QAAQ,OAAO;AACrB,UAAI,MAAM,SAAS,IAAI,KAAK,MAAM,SAAS,GAAG,KAAK,MAAM,SAAS,GAAG,KAAK,MAAM,SAAS,GAAG,GAAG;AAC7F,cAAM,UAAU,MAAM,QAAQ,OAAO,MAAM,EAAE,QAAQ,MAAM,KAAK;AAChE,cAAM,KAAK,GAAG,OAAO,GAAG,KAAK,OAAO,GAAG;AAAA,MACzC,OAAO;AACL,cAAM,KAAK,GAAG,OAAO,GAAG,IAAI,KAAK,EAAE;AAAA,MACrC;AAAA,IACF;AAEA,WAAO,MAAM,KAAK,IAAI,IAAI;AAAA,EAC5B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,WAAW,WAAoB,aAA4B;AACzD,QAAI,aAAa,aAAa;AAC5B,mBAAa,OAAO,YAAY,WAAW,WAAW,CAAC;AAAA,IACzD,WAAW,WAAW;AAEpB,iBAAW,OAAO,aAAa,KAAK,GAAG;AACrC,YAAI,IAAI,WAAW,GAAG,SAAS,GAAG,GAAG;AACnC,uBAAa,OAAO,GAAG;AAAA,QACzB;AAAA,MACF;AAAA,IACF,OAAO;AACL,mBAAa,MAAM;AAAA,IACrB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAmBA,MAAM,gBAAgB,WAAmB,aAAuD;AAC9F,UAAM,WAAW,MAAM,KAAK;AAAA,MAC1B;AAAA,MAAO,oBAAoB,SAAS,iBAAiB,WAAW;AAAA,IAClE;AACA,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAeA,MAAM,cACJ,WAAmB,aAAqB,QAAgB,MACxB;AAChC,UAAM,WAAW,MAAM,KAAK;AAAA,MAC1B;AAAA,MAAO,oBAAoB,SAAS,iBAAiB,WAAW,gBAAgB,MAAM;AAAA,MACtF,EAAE,KAAK;AAAA,IACT;AACA,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYA,MAAM,iBAAiB,WAAmB,aAAqB,QAA+B;AAC5F,UAAM,KAAK;AAAA,MACT;AAAA,MAAU,oBAAoB,SAAS,iBAAiB,WAAW,gBAAgB,MAAM;AAAA,IAC3F;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAgBA,MAAM,mBACJ,WAAmB,aAAqB,aACN;AAClC,UAAM,WAAW,MAAM,KAAK;AAAA,MAC1B;AAAA,MAAO,oBAAoB,SAAS,iBAAiB,WAAW;AAAA,MAChE,EAAE,aAAa,YAAY,IAAI,QAAM,EAAE,SAAS,EAAE,QAAQ,MAAM,EAAE,KAAK,EAAE,EAAE;AAAA,IAC7E;AACA,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcA,MAAM,iBAAiB,WAAmD;AACxE,WAAO,KAAK,QAA+B,OAAO,oBAAoB,SAAS,iBAAiB;AAAA,EAClG;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcA,MAAM,mBAAmB,WAA8C;AACrE,UAAM,WAAW,MAAM,KAAK;AAAA,MAC1B;AAAA,MAAO,oBAAoB,SAAS;AAAA,IACtC;AACA,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAeA,MAAM,mBACJ,WAAmB,UACQ;AAC3B,UAAM,WAAW,MAAM,KAAK;AAAA,MAC1B;AAAA,MAAO,oBAAoB,SAAS;AAAA,MACpC,EAAE,UAAU,SAAS,IAAI,QAAM,EAAE,kBAAkB,EAAE,iBAAiB,cAAc,EAAE,YAAY,EAAE,EAAE;AAAA,IACxG;AACA,WAAO,SAAS;AAAA,EAClB;AACF;","names":[]}
1	+ {"version":3,"sources":["../src/types.ts","../src/client.ts"],"sourcesContent":["/** KeyEnv client configuration options /\nexport interface KeyEnvOptions {\n /* Service token for authentication /\n token: string;\n /* Request timeout in milliseconds (default: 30000) /\n timeout?: number;\n /* Cache TTL in seconds for exportSecrets/loadEnv (default: 0 = disabled). Also configurable via KEYENV_CACHE_TTL env var. /\n cacheTtl?: number;\n /* Custom API base URL (default: https://api.keyenv.dev). Also configurable via KEYENV_API_URL env var. /\n baseUrl?: string;\n}\n\n/* User or service token info /\nexport interface User {\n id: string;\n email?: string;\n name?: string;\n clerk_id?: string;\n avatar_url?: string;\n /* Present for service tokens /\n auth_type?: 'service_token' \| 'user';\n /* Team ID (for service tokens) /\n team_id?: string;\n /* Project IDs (for project-scoped service tokens) /\n project_ids?: string[];\n /* Token scopes (for service tokens) /\n scopes?: string[];\n created_at: string;\n}\n\n/* Project /\nexport interface Project {\n id: string;\n team_id: string;\n name: string;\n slug: string;\n description?: string;\n created_at: string;\n}\n\n/* Environment /\nexport interface Environment {\n id: string;\n project_id: string;\n name: string;\n inherits_from?: string;\n created_at: string;\n}\n\n/* Project with environments /\nexport interface ProjectWithEnvironments extends Project {\n environments: Environment[];\n}\n\n/* Secret (without value) /\nexport interface Secret {\n id: string;\n environment_id: string;\n key: string;\n type: string;\n description?: string;\n version: number;\n created_at: string;\n updated_at: string;\n}\n\n/* Secret with decrypted value /\nexport interface SecretWithValue extends Secret {\n value: string;\n inherited_from?: string;\n}\n\n/* Secret history entry /\nexport interface SecretHistory {\n id: string;\n secret_id: string;\n value: string;\n version: number;\n changed_by?: string;\n changed_at: string;\n}\n\n/* Bulk import request item /\nexport interface BulkSecretItem {\n key: string;\n value: string;\n description?: string;\n}\n\n/* Bulk import result /\nexport interface BulkImportResult {\n created: number;\n updated: number;\n skipped: number;\n}\n\n/* API error response /\nexport interface ApiError {\n error: string;\n code?: string;\n details?: Record<string, unknown>;\n}\n\n/* KeyEnv API error /\nexport class KeyEnvError extends Error {\n public readonly status: number;\n public readonly code?: string;\n public readonly details?: Record<string, unknown>;\n\n constructor(message: string, status: number, code?: string, details?: Record<string, unknown>) {\n super(message);\n this.name = 'KeyEnvError';\n this.status = status;\n this.code = code;\n this.details = details;\n }\n}\n\n/* Environment permission role /\nexport type EnvironmentRole = 'none' \| 'read' \| 'write' \| 'admin';\n\n/* Environment permission for a user /\nexport interface EnvironmentPermission {\n id: string;\n environment_id: string;\n user_id: string;\n role: EnvironmentRole;\n user_email?: string;\n user_name?: string;\n granted_by?: string;\n created_at: string;\n updated_at: string;\n}\n\n/* User's permission for an environment /\nexport interface MyPermission {\n environment_id: string;\n environment_name: string;\n role: EnvironmentRole;\n can_read: boolean;\n can_write: boolean;\n can_admin: boolean;\n}\n\n/* Response for getting user's permissions /\nexport interface MyPermissionsResponse {\n permissions: MyPermission[];\n is_team_admin: boolean;\n}\n\n/* Project default permission for an environment /\nexport interface ProjectDefault {\n id: string;\n project_id: string;\n environment_name: string;\n default_role: EnvironmentRole;\n created_at: string;\n}\n","import type {\n KeyEnvOptions,\n User,\n Project,\n ProjectWithEnvironments,\n Environment,\n Secret,\n SecretWithValue,\n SecretHistory,\n BulkSecretItem,\n BulkImportResult,\n ApiError,\n EnvironmentRole,\n EnvironmentPermission,\n MyPermissionsResponse,\n ProjectDefault,\n} from './types.js';\nimport { KeyEnvError } from './types.js';\n\nconst DEFAULT_BASE_URL = 'https://api.keyenv.dev';\nconst DEFAULT_TIMEOUT = 30000;\n\nfunction getCacheKey(projectId: string, environment: string): string {\n return `${projectId}:${environment}`;\n}\n\n/\n KeyEnv API client for managing secrets\n \n @example\n * ```ts\n * import { KeyEnv } from 'keyenv';\n \n const client = new KeyEnv({ token: process.env.KEYENV_TOKEN });\n \n // Export all secrets for an environment\n * const secrets = await client.exportSecrets('project-id', 'production');\n * ```\n /\nexport class KeyEnv {\n private readonly token: string;\n private readonly baseUrl: string;\n private readonly timeout: number;\n private readonly cacheTtl: number;\n private readonly secretsCache = new Map<string, { secrets: SecretWithValue[]; expiresAt: number }>();\n\n constructor(options: KeyEnvOptions) {\n if (!options.token) {\n throw new Error('KeyEnv token is required');\n }\n this.token = options.token;\n // Base URL: constructor option → env var → default\n this.baseUrl = (options.baseUrl ?? process.env.KEYENV_API_URL ?? DEFAULT_BASE_URL).replace(/\\/+$/, '');\n this.timeout = options.timeout \|\| DEFAULT_TIMEOUT;\n // Cache TTL: constructor option → env var → 0 (disabled)\n this.cacheTtl = options.cacheTtl ??\n (process.env.KEYENV_CACHE_TTL ? parseInt(process.env.KEYENV_CACHE_TTL, 10) : 0);\n }\n\n private async request<T>(method: string, path: string, body?: unknown): Promise<T> {\n const url = `${this.baseUrl}${path}`;\n const controller = new AbortController();\n const timeoutId = setTimeout(() => controller.abort(), this.timeout);\n\n try {\n const response = await fetch(url, {\n method,\n headers: {\n 'Authorization': `Bearer ${this.token}`,\n 'Content-Type': 'application/json',\n 'User-Agent': 'keyenv-node/1.0.0',\n },\n body: body ? JSON.stringify(body) : undefined,\n signal: controller.signal,\n });\n\n clearTimeout(timeoutId);\n\n if (!response.ok) {\n let errorData: ApiError = { error: 'Unknown error' };\n try {\n errorData = await response.json() as ApiError;\n } catch {\n errorData = { error: response.statusText };\n }\n throw new KeyEnvError(errorData.error, response.status, errorData.code, errorData.details);\n }\n\n if (response.status === 204) {\n return undefined as T;\n }\n\n return response.json() as Promise<T>;\n } catch (error) {\n clearTimeout(timeoutId);\n if (error instanceof KeyEnvError) throw error;\n if (error instanceof Error && error.name === 'AbortError') {\n throw new KeyEnvError('Request timeout', 408);\n }\n throw new KeyEnvError(error instanceof Error ? error.message : 'Network error', 0);\n }\n }\n\n /* Get the current user or service token info /\n async getCurrentUser(): Promise<User> {\n const response = await this.request<{ data: User }>('GET', '/api/v1/users/me');\n return response.data;\n }\n\n /* Validate the token and return user info /\n async validateToken(): Promise<User> {\n return this.getCurrentUser();\n }\n\n /* List all accessible projects /\n async listProjects(): Promise<Project[]> {\n const response = await this.request<{ data: Project[] }>('GET', '/api/v1/projects');\n return response.data;\n }\n\n /* Get a project by ID /\n async getProject(projectId: string): Promise<ProjectWithEnvironments> {\n const response = await this.request<{ data: ProjectWithEnvironments }>('GET', `/api/v1/projects/${projectId}`);\n return response.data;\n }\n\n /* Create a new project /\n async createProject(teamId: string, name: string): Promise<Project> {\n const response = await this.request<{ data: Project }>('POST', '/api/v1/projects', { team_id: teamId, name });\n return response.data;\n }\n\n /* Delete a project /\n async deleteProject(projectId: string): Promise<void> {\n await this.request<void>('DELETE', `/api/v1/projects/${projectId}`);\n }\n\n /* List environments in a project /\n async listEnvironments(projectId: string): Promise<Environment[]> {\n const response = await this.request<{ data: Environment[] }>(\n 'GET', `/api/v1/projects/${projectId}/environments`\n );\n return response.data;\n }\n\n /* Create a new environment /\n async createEnvironment(projectId: string, name: string, inheritsFrom?: string): Promise<Environment> {\n const response = await this.request<{ data: Environment }>(\n 'POST', `/api/v1/projects/${projectId}/environments`,\n { name, inherits_from: inheritsFrom }\n );\n return response.data;\n }\n\n /* Delete an environment /\n async deleteEnvironment(projectId: string, environment: string): Promise<void> {\n await this.request<void>('DELETE', `/api/v1/projects/${projectId}/environments/${environment}`);\n }\n\n /* List secrets in an environment (keys and metadata only) /\n async listSecrets(projectId: string, environment: string): Promise<Secret[]> {\n const response = await this.request<{ data: Secret[] }>(\n 'GET', `/api/v1/projects/${projectId}/environments/${environment}/secrets`\n );\n return response.data;\n }\n\n /\n Export all secrets with their decrypted values.\n * Results are cached when cacheTtl > 0.\n * @example\n * ```ts\n * const secrets = await client.exportSecrets('project-id', 'production');\n * for (const secret of secrets) {\n * process.env[secret.key] = secret.value;\n * }\n * ```\n /\n async exportSecrets(projectId: string, environment: string): Promise<SecretWithValue[]> {\n const cacheKey = getCacheKey(projectId, environment);\n\n // Check cache if TTL > 0\n if (this.cacheTtl > 0) {\n const cached = this.secretsCache.get(cacheKey);\n if (cached && Date.now() < cached.expiresAt) {\n return cached.secrets;\n }\n // Delete expired entry to prevent memory leaks\n if (cached) {\n this.secretsCache.delete(cacheKey);\n }\n }\n\n const response = await this.request<{ data: SecretWithValue[] }>(\n 'GET', `/api/v1/projects/${projectId}/environments/${environment}/secrets/export`\n );\n\n // Store in cache if TTL > 0\n if (this.cacheTtl > 0) {\n this.secretsCache.set(cacheKey, {\n secrets: response.data,\n expiresAt: Date.now() + (this.cacheTtl 1000),\n });\n }\n\n return response.data;\n }\n\n /*\n Export secrets as a key-value object\n * @example\n * ```ts\n * const env = await client.exportSecretsAsObject('project-id', 'production');\n * // { DATABASE_URL: '...', API_KEY: '...' }\n * ```\n /\n async exportSecretsAsObject(projectId: string, environment: string): Promise<Record<string, string>> {\n const secrets = await this.exportSecrets(projectId, environment);\n return Object.fromEntries(secrets.map((s) => [s.key, s.value]));\n }\n\n /* Get a single secret with its value /\n async getSecret(projectId: string, environment: string, key: string): Promise<SecretWithValue> {\n const response = await this.request<{ data: SecretWithValue }>(\n 'GET', `/api/v1/projects/${projectId}/environments/${environment}/secrets/${key}`\n );\n return response.data;\n }\n\n /* Create a new secret /\n async createSecret(\n projectId: string, environment: string, key: string, value: string, description?: string\n ): Promise<Secret> {\n const response = await this.request<{ data: Secret }>(\n 'POST', `/api/v1/projects/${projectId}/environments/${environment}/secrets`,\n { key, value, description }\n );\n this.clearCache(projectId, environment);\n return response.data;\n }\n\n /* Update a secret's value /\n async updateSecret(\n projectId: string, environment: string, key: string, value: string, description?: string\n ): Promise<Secret> {\n const response = await this.request<{ data: Secret }>(\n 'PUT', `/api/v1/projects/${projectId}/environments/${environment}/secrets/${key}`,\n { value, description }\n );\n this.clearCache(projectId, environment);\n return response.data;\n }\n\n /* Set a secret (create or update) /\n async setSecret(\n projectId: string, environment: string, key: string, value: string, description?: string\n ): Promise<Secret> {\n try {\n return await this.updateSecret(projectId, environment, key, value, description);\n } catch (error) {\n if (error instanceof KeyEnvError && error.status === 404) {\n return this.createSecret(projectId, environment, key, value, description);\n }\n throw error;\n }\n }\n\n /* Delete a secret /\n async deleteSecret(projectId: string, environment: string, key: string): Promise<void> {\n await this.request<void>(\n 'DELETE', `/api/v1/projects/${projectId}/environments/${environment}/secrets/${key}`\n );\n this.clearCache(projectId, environment);\n }\n\n /* Get secret version history /\n async getSecretHistory(projectId: string, environment: string, key: string): Promise<SecretHistory[]> {\n const response = await this.request<{ data: SecretHistory[] }>(\n 'GET', `/api/v1/projects/${projectId}/environments/${environment}/secrets/${key}/history`\n );\n return response.data;\n }\n\n /\n Bulk import secrets\n * @example\n * ```ts\n * await client.bulkImport('project-id', 'development', [\n * { key: 'DATABASE_URL', value: 'postgres://...' },\n * { key: 'API_KEY', value: 'sk_...' },\n * ], { overwrite: true });\n * ```\n /\n async bulkImport(\n projectId: string, environment: string, secrets: BulkSecretItem[], options: { overwrite?: boolean } = {}\n ): Promise<BulkImportResult> {\n const response = await this.request<{ data: BulkImportResult }>(\n 'POST', `/api/v1/projects/${projectId}/environments/${environment}/secrets/bulk`,\n { secrets, overwrite: options.overwrite ?? false }\n );\n this.clearCache(projectId, environment);\n return response.data;\n }\n\n /\n Load secrets into process.env\n * @example\n * ```ts\n * await client.loadEnv('project-id', 'production');\n * console.log(process.env.DATABASE_URL);\n * ```\n /\n async loadEnv(projectId: string, environment: string): Promise<number> {\n const secrets = await this.exportSecrets(projectId, environment);\n for (const secret of secrets) {\n process.env[secret.key] = secret.value;\n }\n return secrets.length;\n }\n\n /* Generate .env file content from secrets /\n async generateEnvFile(projectId: string, environment: string): Promise<string> {\n const secrets = await this.exportSecrets(projectId, environment);\n const lines = [\n '# Generated by KeyEnv',\n `# Environment: ${environment}`,\n `# Generated at: ${new Date().toISOString()}`,\n '',\n ];\n\n for (const secret of secrets) {\n const value = secret.value;\n if (value.includes('\\n') \|\| value.includes('\"') \|\| value.includes(\"'\") \|\| value.includes(' ') \|\| value.includes('$')) {\n const escaped = value.replace(/\\\\/g, '\\\\\\\\').replace(/\"/g, '\\\\\"').replace(/\\n/g, '\\\\n').replace(/\\$/g, '\\\\$');\n lines.push(`${secret.key}=\"${escaped}\"`);\n } else {\n lines.push(`${secret.key}=${value}`);\n }\n }\n\n return lines.join('\\n') + '\\n';\n }\n\n /\n Clear the secrets cache.\n * @param projectId - Clear cache for specific project (optional)\n * @param environment - Clear cache for specific environment (requires projectId)\n /\n clearCache(projectId?: string, environment?: string): void {\n if (projectId && environment) {\n this.secretsCache.delete(getCacheKey(projectId, environment));\n } else if (projectId) {\n // Clear all environments for this project\n for (const key of this.secretsCache.keys()) {\n if (key.startsWith(`${projectId}:`)) {\n this.secretsCache.delete(key);\n }\n }\n } else {\n this.secretsCache.clear();\n }\n }\n\n // ============================================================================\n // Environment Permission Management\n // ============================================================================\n\n /\n List all permissions for an environment.\n * @param projectId - The project ID\n * @param environment - The environment name\n * @returns Array of environment permissions\n * @example\n * ```ts\n * const permissions = await client.listPermissions('project-id', 'production');\n * for (const perm of permissions) {\n * console.log(`${perm.user_email}: ${perm.role}`);\n * }\n * ```\n /\n async listPermissions(projectId: string, environment: string): Promise<EnvironmentPermission[]> {\n const response = await this.request<{ data: EnvironmentPermission[] }>(\n 'GET', `/api/v1/projects/${projectId}/environments/${environment}/permissions`\n );\n return response.data;\n }\n\n /\n Set a user's permission for an environment.\n * @param projectId - The project ID\n * @param environment - The environment name\n * @param userId - The user ID to set permission for\n * @param role - The permission role ('none', 'read', 'write', or 'admin')\n * @returns The created or updated permission\n * @example\n * ```ts\n * const permission = await client.setPermission('project-id', 'production', 'user-id', 'write');\n * console.log(`Set ${permission.user_email} to ${permission.role}`);\n * ```\n /\n async setPermission(\n projectId: string, environment: string, userId: string, role: EnvironmentRole\n ): Promise<EnvironmentPermission> {\n const response = await this.request<{ data: EnvironmentPermission }>(\n 'PUT', `/api/v1/projects/${projectId}/environments/${environment}/permissions/${userId}`,\n { role }\n );\n return response.data;\n }\n\n /\n Delete a user's permission for an environment.\n * @param projectId - The project ID\n * @param environment - The environment name\n * @param userId - The user ID to delete permission for\n * @example\n * ```ts\n * await client.deletePermission('project-id', 'production', 'user-id');\n * ```\n /\n async deletePermission(projectId: string, environment: string, userId: string): Promise<void> {\n await this.request<void>(\n 'DELETE', `/api/v1/projects/${projectId}/environments/${environment}/permissions/${userId}`\n );\n }\n\n /\n Bulk set permissions for multiple users in an environment.\n * @param projectId - The project ID\n * @param environment - The environment name\n * @param permissions - Array of user permissions to set\n * @returns Array of created or updated permissions\n * @example\n * ```ts\n * const permissions = await client.bulkSetPermissions('project-id', 'production', [\n * { userId: 'user-1', role: 'write' },\n * { userId: 'user-2', role: 'read' },\n * ]);\n * ```\n /\n async bulkSetPermissions(\n projectId: string, environment: string, permissions: Array<{ userId: string; role: EnvironmentRole }>\n ): Promise<EnvironmentPermission[]> {\n const response = await this.request<{ data: EnvironmentPermission[] }>(\n 'PUT', `/api/v1/projects/${projectId}/environments/${environment}/permissions`,\n { permissions: permissions.map(p => ({ user_id: p.userId, role: p.role })) }\n );\n return response.data;\n }\n\n /\n Get the current user's permissions for all environments in a project.\n * @param projectId - The project ID\n * @returns The user's permissions and team admin status\n * @example\n * ```ts\n * const { permissions, is_team_admin } = await client.getMyPermissions('project-id');\n * for (const perm of permissions) {\n * console.log(`${perm.environment_name}: ${perm.role} (can_write: ${perm.can_write})`);\n * }\n * ```\n /\n async getMyPermissions(projectId: string): Promise<MyPermissionsResponse> {\n return this.request<MyPermissionsResponse>('GET', `/api/v1/projects/${projectId}/my-permissions`);\n }\n\n /\n Get default permission settings for a project's environments.\n * @param projectId - The project ID\n * @returns Array of project default permissions\n * @example\n * ```ts\n * const defaults = await client.getProjectDefaults('project-id');\n * for (const def of defaults) {\n * console.log(`${def.environment_name}: ${def.default_role}`);\n * }\n * ```\n /\n async getProjectDefaults(projectId: string): Promise<ProjectDefault[]> {\n const response = await this.request<{ data: ProjectDefault[] }>(\n 'GET', `/api/v1/projects/${projectId}/permissions/defaults`\n );\n return response.data;\n }\n\n /\n Set default permission settings for a project's environments.\n * @param projectId - The project ID\n * @param defaults - Array of default permissions to set\n * @returns Array of updated project default permissions\n * @example\n * ```ts\n * const defaults = await client.setProjectDefaults('project-id', [\n * { environmentName: 'development', defaultRole: 'write' },\n * { environmentName: 'production', defaultRole: 'read' },\n * ]);\n * ```\n */\n async setProjectDefaults(\n projectId: string, defaults: Array<{ environmentName: string; defaultRole: EnvironmentRole }>\n ): Promise<ProjectDefault[]> {\n const response = await this.request<{ data: ProjectDefault[] }>(\n 'PUT', `/api/v1/projects/${projectId}/permissions/defaults`,\n { defaults: defaults.map(d => ({ environment_name: d.environmentName, default_role: d.defaultRole })) }\n );\n return response.data;\n }\n}\n"],"mappings":";AAwGO,IAAM,cAAN,cAA0B,MAAM;AAAA,EACrB;AAAA,EACA;AAAA,EACA;AAAA,EAEhB,YAAY,SAAiB,QAAgB,MAAe,SAAmC;AAC7F,UAAM,OAAO;AACb,SAAK,OAAO;AACZ,SAAK,SAAS;AACd,SAAK,OAAO;AACZ,SAAK,UAAU;AAAA,EACjB;AACF;;;ACjGA,IAAM,mBAAmB;AACzB,IAAM,kBAAkB;AAExB,SAAS,YAAY,WAAmB,aAA6B;AACnE,SAAO,GAAG,SAAS,IAAI,WAAW;AACpC;AAeO,IAAM,SAAN,MAAa;AAAA,EACD;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,eAAe,oBAAI,IAA+D;AAAA,EAEnG,YAAY,SAAwB;AAClC,QAAI,CAAC,QAAQ,OAAO;AAClB,YAAM,IAAI,MAAM,0BAA0B;AAAA,IAC5C;AACA,SAAK,QAAQ,QAAQ;AAErB,SAAK,WAAW,QAAQ,WAAW,QAAQ,IAAI,kBAAkB,kBAAkB,QAAQ,QAAQ,EAAE;AACrG,SAAK,UAAU,QAAQ,WAAW;AAElC,SAAK,WAAW,QAAQ,aACrB,QAAQ,IAAI,mBAAmB,SAAS,QAAQ,IAAI,kBAAkB,EAAE,IAAI;AAAA,EACjF;AAAA,EAEA,MAAc,QAAW,QAAgB,MAAc,MAA4B;AACjF,UAAM,MAAM,GAAG,KAAK,OAAO,GAAG,IAAI;AAClC,UAAM,aAAa,IAAI,gBAAgB;AACvC,UAAM,YAAY,WAAW,MAAM,WAAW,MAAM,GAAG,KAAK,OAAO;AAEnE,QAAI;AACF,YAAM,WAAW,MAAM,MAAM,KAAK;AAAA,QAChC;AAAA,QACA,SAAS;AAAA,UACP,iBAAiB,UAAU,KAAK,KAAK;AAAA,UACrC,gBAAgB;AAAA,UAChB,cAAc;AAAA,QAChB;AAAA,QACA,MAAM,OAAO,KAAK,UAAU,IAAI,IAAI;AAAA,QACpC,QAAQ,WAAW;AAAA,MACrB,CAAC;AAED,mBAAa,SAAS;AAEtB,UAAI,CAAC,SAAS,IAAI;AAChB,YAAI,YAAsB,EAAE,OAAO,gBAAgB;AACnD,YAAI;AACF,sBAAY,MAAM,SAAS,KAAK;AAAA,QAClC,QAAQ;AACN,sBAAY,EAAE,OAAO,SAAS,WAAW;AAAA,QAC3C;AACA,cAAM,IAAI,YAAY,UAAU,OAAO,SAAS,QAAQ,UAAU,MAAM,UAAU,OAAO;AAAA,MAC3F;AAEA,UAAI,SAAS,WAAW,KAAK;AAC3B,eAAO;AAAA,MACT;AAEA,aAAO,SAAS,KAAK;AAAA,IACvB,SAAS,OAAO;AACd,mBAAa,SAAS;AACtB,UAAI,iBAAiB,YAAa,OAAM;AACxC,UAAI,iBAAiB,SAAS,MAAM,SAAS,cAAc;AACzD,cAAM,IAAI,YAAY,mBAAmB,GAAG;AAAA,MAC9C;AACA,YAAM,IAAI,YAAY,iBAAiB,QAAQ,MAAM,UAAU,iBAAiB,CAAC;AAAA,IACnF;AAAA,EACF;AAAA;AAAA,EAGA,MAAM,iBAAgC;AACpC,UAAM,WAAW,MAAM,KAAK,QAAwB,OAAO,kBAAkB;AAC7E,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA,EAGA,MAAM,gBAA+B;AACnC,WAAO,KAAK,eAAe;AAAA,EAC7B;AAAA;AAAA,EAGA,MAAM,eAAmC;AACvC,UAAM,WAAW,MAAM,KAAK,QAA6B,OAAO,kBAAkB;AAClF,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA,EAGA,MAAM,WAAW,WAAqD;AACpE,UAAM,WAAW,MAAM,KAAK,QAA2C,OAAO,oBAAoB,SAAS,EAAE;AAC7G,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA,EAGA,MAAM,cAAc,QAAgB,MAAgC;AAClE,UAAM,WAAW,MAAM,KAAK,QAA2B,QAAQ,oBAAoB,EAAE,SAAS,QAAQ,KAAK,CAAC;AAC5G,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA,EAGA,MAAM,cAAc,WAAkC;AACpD,UAAM,KAAK,QAAc,UAAU,oBAAoB,SAAS,EAAE;AAAA,EACpE;AAAA;AAAA,EAGA,MAAM,iBAAiB,WAA2C;AAChE,UAAM,WAAW,MAAM,KAAK;AAAA,MAC1B;AAAA,MAAO,oBAAoB,SAAS;AAAA,IACtC;AACA,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA,EAGA,MAAM,kBAAkB,WAAmB,MAAc,cAA6C;AACpG,UAAM,WAAW,MAAM,KAAK;AAAA,MAC1B;AAAA,MAAQ,oBAAoB,SAAS;AAAA,MACrC,EAAE,MAAM,eAAe,aAAa;AAAA,IACtC;AACA,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA,EAGA,MAAM,kBAAkB,WAAmB,aAAoC;AAC7E,UAAM,KAAK,QAAc,UAAU,oBAAoB,SAAS,iBAAiB,WAAW,EAAE;AAAA,EAChG;AAAA;AAAA,EAGA,MAAM,YAAY,WAAmB,aAAwC;AAC3E,UAAM,WAAW,MAAM,KAAK;AAAA,MAC1B;AAAA,MAAO,oBAAoB,SAAS,iBAAiB,WAAW;AAAA,IAClE;AACA,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAaA,MAAM,cAAc,WAAmB,aAAiD;AACtF,UAAM,WAAW,YAAY,WAAW,WAAW;AAGnD,QAAI,KAAK,WAAW,GAAG;AACrB,YAAM,SAAS,KAAK,aAAa,IAAI,QAAQ;AAC7C,UAAI,UAAU,KAAK,IAAI,IAAI,OAAO,WAAW;AAC3C,eAAO,OAAO;AAAA,MAChB;AAEA,UAAI,QAAQ;AACV,aAAK,aAAa,OAAO,QAAQ;AAAA,MACnC;AAAA,IACF;AAEA,UAAM,WAAW,MAAM,KAAK;AAAA,MAC1B;AAAA,MAAO,oBAAoB,SAAS,iBAAiB,WAAW;AAAA,IAClE;AAGA,QAAI,KAAK,WAAW,GAAG;AACrB,WAAK,aAAa,IAAI,UAAU;AAAA,QAC9B,SAAS,SAAS;AAAA,QAClB,WAAW,KAAK,IAAI,IAAK,KAAK,WAAW;AAAA,MAC3C,CAAC;AAAA,IACH;AAEA,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAM,sBAAsB,WAAmB,aAAsD;AACnG,UAAM,UAAU,MAAM,KAAK,cAAc,WAAW,WAAW;AAC/D,WAAO,OAAO,YAAY,QAAQ,IAAI,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC;AAAA,EAChE;AAAA;AAAA,EAGA,MAAM,UAAU,WAAmB,aAAqB,KAAuC;AAC7F,UAAM,WAAW,MAAM,KAAK;AAAA,MAC1B;AAAA,MAAO,oBAAoB,SAAS,iBAAiB,WAAW,YAAY,GAAG;AAAA,IACjF;AACA,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA,EAGA,MAAM,aACJ,WAAmB,aAAqB,KAAa,OAAe,aACnD;AACjB,UAAM,WAAW,MAAM,KAAK;AAAA,MAC1B;AAAA,MAAQ,oBAAoB,SAAS,iBAAiB,WAAW;AAAA,MACjE,EAAE,KAAK,OAAO,YAAY;AAAA,IAC5B;AACA,SAAK,WAAW,WAAW,WAAW;AACtC,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA,EAGA,MAAM,aACJ,WAAmB,aAAqB,KAAa,OAAe,aACnD;AACjB,UAAM,WAAW,MAAM,KAAK;AAAA,MAC1B;AAAA,MAAO,oBAAoB,SAAS,iBAAiB,WAAW,YAAY,GAAG;AAAA,MAC/E,EAAE,OAAO,YAAY;AAAA,IACvB;AACA,SAAK,WAAW,WAAW,WAAW;AACtC,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA,EAGA,MAAM,UACJ,WAAmB,aAAqB,KAAa,OAAe,aACnD;AACjB,QAAI;AACF,aAAO,MAAM,KAAK,aAAa,WAAW,aAAa,KAAK,OAAO,WAAW;AAAA,IAChF,SAAS,OAAO;AACd,UAAI,iBAAiB,eAAe,MAAM,WAAW,KAAK;AACxD,eAAO,KAAK,aAAa,WAAW,aAAa,KAAK,OAAO,WAAW;AAAA,MAC1E;AACA,YAAM;AAAA,IACR;AAAA,EACF;AAAA;AAAA,EAGA,MAAM,aAAa,WAAmB,aAAqB,KAA4B;AACrF,UAAM,KAAK;AAAA,MACT;AAAA,MAAU,oBAAoB,SAAS,iBAAiB,WAAW,YAAY,GAAG;AAAA,IACpF;AACA,SAAK,WAAW,WAAW,WAAW;AAAA,EACxC;AAAA;AAAA,EAGA,MAAM,iBAAiB,WAAmB,aAAqB,KAAuC;AACpG,UAAM,WAAW,MAAM,KAAK;AAAA,MAC1B;AAAA,MAAO,oBAAoB,SAAS,iBAAiB,WAAW,YAAY,GAAG;AAAA,IACjF;AACA,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYA,MAAM,WACJ,WAAmB,aAAqB,SAA2B,UAAmC,CAAC,GAC5E;AAC3B,UAAM,WAAW,MAAM,KAAK;AAAA,MAC1B;AAAA,MAAQ,oBAAoB,SAAS,iBAAiB,WAAW;AAAA,MACjE,EAAE,SAAS,WAAW,QAAQ,aAAa,MAAM;AAAA,IACnD;AACA,SAAK,WAAW,WAAW,WAAW;AACtC,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAM,QAAQ,WAAmB,aAAsC;AACrE,UAAM,UAAU,MAAM,KAAK,cAAc,WAAW,WAAW;AAC/D,eAAW,UAAU,SAAS;AAC5B,cAAQ,IAAI,OAAO,GAAG,IAAI,OAAO;AAAA,IACnC;AACA,WAAO,QAAQ;AAAA,EACjB;AAAA;AAAA,EAGA,MAAM,gBAAgB,WAAmB,aAAsC;AAC7E,UAAM,UAAU,MAAM,KAAK,cAAc,WAAW,WAAW;AAC/D,UAAM,QAAQ;AAAA,MACZ;AAAA,MACA,kBAAkB,WAAW;AAAA,MAC7B,oBAAmB,oBAAI,KAAK,GAAE,YAAY,CAAC;AAAA,MAC3C;AAAA,IACF;AAEA,eAAW,UAAU,SAAS;AAC5B,YAAM,QAAQ,OAAO;AACrB,UAAI,MAAM,SAAS,IAAI,KAAK,MAAM,SAAS,GAAG,KAAK,MAAM,SAAS,GAAG,KAAK,MAAM,SAAS,GAAG,KAAK,MAAM,SAAS,GAAG,GAAG;AACpH,cAAM,UAAU,MAAM,QAAQ,OAAO,MAAM,EAAE,QAAQ,MAAM,KAAK,EAAE,QAAQ,OAAO,KAAK,EAAE,QAAQ,OAAO,KAAK;AAC5G,cAAM,KAAK,GAAG,OAAO,GAAG,KAAK,OAAO,GAAG;AAAA,MACzC,OAAO;AACL,cAAM,KAAK,GAAG,OAAO,GAAG,IAAI,KAAK,EAAE;AAAA,MACrC;AAAA,IACF;AAEA,WAAO,MAAM,KAAK,IAAI,IAAI;AAAA,EAC5B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,WAAW,WAAoB,aAA4B;AACzD,QAAI,aAAa,aAAa;AAC5B,WAAK,aAAa,OAAO,YAAY,WAAW,WAAW,CAAC;AAAA,IAC9D,WAAW,WAAW;AAEpB,iBAAW,OAAO,KAAK,aAAa,KAAK,GAAG;AAC1C,YAAI,IAAI,WAAW,GAAG,SAAS,GAAG,GAAG;AACnC,eAAK,aAAa,OAAO,GAAG;AAAA,QAC9B;AAAA,MACF;AAAA,IACF,OAAO;AACL,WAAK,aAAa,MAAM;AAAA,IAC1B;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAmBA,MAAM,gBAAgB,WAAmB,aAAuD;AAC9F,UAAM,WAAW,MAAM,KAAK;AAAA,MAC1B;AAAA,MAAO,oBAAoB,SAAS,iBAAiB,WAAW;AAAA,IAClE;AACA,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAeA,MAAM,cACJ,WAAmB,aAAqB,QAAgB,MACxB;AAChC,UAAM,WAAW,MAAM,KAAK;AAAA,MAC1B;AAAA,MAAO,oBAAoB,SAAS,iBAAiB,WAAW,gBAAgB,MAAM;AAAA,MACtF,EAAE,KAAK;AAAA,IACT;AACA,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYA,MAAM,iBAAiB,WAAmB,aAAqB,QAA+B;AAC5F,UAAM,KAAK;AAAA,MACT;AAAA,MAAU,oBAAoB,SAAS,iBAAiB,WAAW,gBAAgB,MAAM;AAAA,IAC3F;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAgBA,MAAM,mBACJ,WAAmB,aAAqB,aACN;AAClC,UAAM,WAAW,MAAM,KAAK;AAAA,MAC1B;AAAA,MAAO,oBAAoB,SAAS,iBAAiB,WAAW;AAAA,MAChE,EAAE,aAAa,YAAY,IAAI,QAAM,EAAE,SAAS,EAAE,QAAQ,MAAM,EAAE,KAAK,EAAE,EAAE;AAAA,IAC7E;AACA,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcA,MAAM,iBAAiB,WAAmD;AACxE,WAAO,KAAK,QAA+B,OAAO,oBAAoB,SAAS,iBAAiB;AAAA,EAClG;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcA,MAAM,mBAAmB,WAA8C;AACrE,UAAM,WAAW,MAAM,KAAK;AAAA,MAC1B;AAAA,MAAO,oBAAoB,SAAS;AAAA,IACtC;AACA,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAeA,MAAM,mBACJ,WAAmB,UACQ;AAC3B,UAAM,WAAW,MAAM,KAAK;AAAA,MAC1B;AAAA,MAAO,oBAAoB,SAAS;AAAA,MACpC,EAAE,UAAU,SAAS,IAAI,QAAM,EAAE,kBAAkB,EAAE,iBAAiB,cAAc,EAAE,YAAY,EAAE,EAAE;AAAA,IACxG;AACA,WAAO,SAAS;AAAA,EAClB;AACF;","names":[]}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "keyenv",
-  "version": "1.1.0",
+  "version": "1.1.1",
   "description": "Official Node.js SDK for KeyEnv - Secure secrets management",
   "main": "dist/index.js",
   "module": "dist/index.mjs",
@@ -19,6 +19,7 @@
     "build": "tsup",
     "test": "vitest run",
     "test:watch": "vitest",
+    "test:integration": "vitest run src/__tests__/integration.test.ts",
     "lint": "eslint src --ext .ts",
     "typecheck": "tsc --noEmit",
     "prepublishOnly": "npm run build"