sandstream-kit 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/README.md +617 -0
- package/dist/adapters/api-key-adapter.d.ts +35 -0
- package/dist/adapters/api-key-adapter.js +46 -0
- package/dist/adapters/api-key-adapter.js.map +1 -0
- package/dist/adapters/clerk-auth.d.ts +6 -0
- package/dist/adapters/clerk-auth.js +20 -0
- package/dist/adapters/clerk-auth.js.map +1 -0
- package/dist/adapters/cloudflare-r2.d.ts +6 -0
- package/dist/adapters/cloudflare-r2.js +136 -0
- package/dist/adapters/cloudflare-r2.js.map +1 -0
- package/dist/adapters/expo-eas.d.ts +6 -0
- package/dist/adapters/expo-eas.js +129 -0
- package/dist/adapters/expo-eas.js.map +1 -0
- package/dist/adapters/flagsmith-flags.d.ts +5 -0
- package/dist/adapters/flagsmith-flags.js +20 -0
- package/dist/adapters/flagsmith-flags.js.map +1 -0
- package/dist/adapters/flyio-hosting.d.ts +2 -0
- package/dist/adapters/flyio-hosting.js +143 -0
- package/dist/adapters/flyio-hosting.js.map +1 -0
- package/dist/adapters/index.d.ts +6 -0
- package/dist/adapters/index.js +48 -0
- package/dist/adapters/index.js.map +1 -0
- package/dist/adapters/inngest-background.d.ts +5 -0
- package/dist/adapters/inngest-background.js +19 -0
- package/dist/adapters/inngest-background.js.map +1 -0
- package/dist/adapters/liveblocks-realtime.d.ts +11 -0
- package/dist/adapters/liveblocks-realtime.js +62 -0
- package/dist/adapters/liveblocks-realtime.js.map +1 -0
- package/dist/adapters/loops-email.d.ts +6 -0
- package/dist/adapters/loops-email.js +18 -0
- package/dist/adapters/loops-email.js.map +1 -0
- package/dist/adapters/neon-db.d.ts +10 -0
- package/dist/adapters/neon-db.js +94 -0
- package/dist/adapters/neon-db.js.map +1 -0
- package/dist/adapters/planetscale-db.d.ts +11 -0
- package/dist/adapters/planetscale-db.js +134 -0
- package/dist/adapters/planetscale-db.js.map +1 -0
- package/dist/adapters/posthog-analytics.d.ts +6 -0
- package/dist/adapters/posthog-analytics.js +22 -0
- package/dist/adapters/posthog-analytics.js.map +1 -0
- package/dist/adapters/railway-hosting.d.ts +2 -0
- package/dist/adapters/railway-hosting.js +136 -0
- package/dist/adapters/railway-hosting.js.map +1 -0
- package/dist/adapters/resend-email.d.ts +35 -0
- package/dist/adapters/resend-email.js +109 -0
- package/dist/adapters/resend-email.js.map +1 -0
- package/dist/adapters/searxng-instance.d.ts +6 -0
- package/dist/adapters/searxng-instance.js +240 -0
- package/dist/adapters/searxng-instance.js.map +1 -0
- package/dist/adapters/sentry-monitoring.d.ts +7 -0
- package/dist/adapters/sentry-monitoring.js +27 -0
- package/dist/adapters/sentry-monitoring.js.map +1 -0
- package/dist/adapters/stripe-payments.d.ts +6 -0
- package/dist/adapters/stripe-payments.js +134 -0
- package/dist/adapters/stripe-payments.js.map +1 -0
- package/dist/adapters/supabase-db.d.ts +6 -0
- package/dist/adapters/supabase-db.js +130 -0
- package/dist/adapters/supabase-db.js.map +1 -0
- package/dist/adapters/tinybird-analytics.d.ts +5 -0
- package/dist/adapters/tinybird-analytics.js +20 -0
- package/dist/adapters/tinybird-analytics.js.map +1 -0
- package/dist/adapters/trigger-background.d.ts +6 -0
- package/dist/adapters/trigger-background.js +20 -0
- package/dist/adapters/trigger-background.js.map +1 -0
- package/dist/adapters/types.d.ts +7 -0
- package/dist/adapters/types.js +2 -0
- package/dist/adapters/types.js.map +1 -0
- package/dist/adapters/upstash-redis.d.ts +6 -0
- package/dist/adapters/upstash-redis.js +88 -0
- package/dist/adapters/upstash-redis.js.map +1 -0
- package/dist/adapters/vercel-hosting.d.ts +6 -0
- package/dist/adapters/vercel-hosting.js +112 -0
- package/dist/adapters/vercel-hosting.js.map +1 -0
- package/dist/agent-adapter-model.d.ts +108 -0
- package/dist/agent-adapter-model.js +6 -0
- package/dist/agent-adapter-model.js.map +1 -0
- package/dist/agent-adapter-service.d.ts +67 -0
- package/dist/agent-adapter-service.js +299 -0
- package/dist/agent-adapter-service.js.map +1 -0
- package/dist/agent-config.d.ts +56 -0
- package/dist/agent-config.js +129 -0
- package/dist/agent-config.js.map +1 -0
- package/dist/agent-governance-model.d.ts +128 -0
- package/dist/agent-governance-model.js +6 -0
- package/dist/agent-governance-model.js.map +1 -0
- package/dist/agent-governance-service.d.ts +101 -0
- package/dist/agent-governance-service.js +319 -0
- package/dist/agent-governance-service.js.map +1 -0
- package/dist/alert-rules-engine.d.ts +102 -0
- package/dist/alert-rules-engine.js +210 -0
- package/dist/alert-rules-engine.js.map +1 -0
- package/dist/analytics-service.d.ts +126 -0
- package/dist/analytics-service.js +318 -0
- package/dist/analytics-service.js.map +1 -0
- package/dist/analyze.d.ts +19 -0
- package/dist/analyze.js +311 -0
- package/dist/analyze.js.map +1 -0
- package/dist/apm-instrumentor.d.ts +119 -0
- package/dist/apm-instrumentor.js +225 -0
- package/dist/apm-instrumentor.js.map +1 -0
- package/dist/approval-model.d.ts +82 -0
- package/dist/approval-model.js +6 -0
- package/dist/approval-model.js.map +1 -0
- package/dist/approval-service.d.ts +39 -0
- package/dist/approval-service.js +236 -0
- package/dist/approval-service.js.map +1 -0
- package/dist/approval.d.ts +22 -0
- package/dist/approval.js +148 -0
- package/dist/approval.js.map +1 -0
- package/dist/audit-logging-model.d.ts +157 -0
- package/dist/audit-logging-model.js +6 -0
- package/dist/audit-logging-model.js.map +1 -0
- package/dist/audit-logging-service.d.ts +89 -0
- package/dist/audit-logging-service.js +367 -0
- package/dist/audit-logging-service.js.map +1 -0
- package/dist/audit-secrets.d.ts +42 -0
- package/dist/audit-secrets.js +126 -0
- package/dist/audit-secrets.js.map +1 -0
- package/dist/audit.d.ts +43 -0
- package/dist/audit.js +286 -0
- package/dist/audit.js.map +1 -0
- package/dist/author-dashboard.d.ts +84 -0
- package/dist/author-dashboard.js +204 -0
- package/dist/author-dashboard.js.map +1 -0
- package/dist/author-notifications.d.ts +130 -0
- package/dist/author-notifications.js +261 -0
- package/dist/author-notifications.js.map +1 -0
- package/dist/author-verification.d.ts +79 -0
- package/dist/author-verification.js +257 -0
- package/dist/author-verification.js.map +1 -0
- package/dist/autonomous-setup-model.d.ts +117 -0
- package/dist/autonomous-setup-model.js +6 -0
- package/dist/autonomous-setup-model.js.map +1 -0
- package/dist/autonomous-setup-service.d.ts +74 -0
- package/dist/autonomous-setup-service.js +325 -0
- package/dist/autonomous-setup-service.js.map +1 -0
- package/dist/badge-system.d.ts +70 -0
- package/dist/badge-system.js +210 -0
- package/dist/badge-system.js.map +1 -0
- package/dist/baseline.d.ts +34 -0
- package/dist/baseline.js +78 -0
- package/dist/baseline.js.map +1 -0
- package/dist/beta-program-service.d.ts +112 -0
- package/dist/beta-program-service.js +240 -0
- package/dist/beta-program-service.js.map +1 -0
- package/dist/budget.d.ts +34 -0
- package/dist/budget.js +159 -0
- package/dist/budget.js.map +1 -0
- package/dist/bumblebee.d.ts +143 -0
- package/dist/bumblebee.js +384 -0
- package/dist/bumblebee.js.map +1 -0
- package/dist/cache-manager.d.ts +97 -0
- package/dist/cache-manager.js +244 -0
- package/dist/cache-manager.js.map +1 -0
- package/dist/cdn-adapter.d.ts +64 -0
- package/dist/cdn-adapter.js +263 -0
- package/dist/cdn-adapter.js.map +1 -0
- package/dist/certification-workflow-model.d.ts +95 -0
- package/dist/certification-workflow-model.js +6 -0
- package/dist/certification-workflow-model.js.map +1 -0
- package/dist/certification-workflow-service.d.ts +72 -0
- package/dist/certification-workflow-service.js +305 -0
- package/dist/certification-workflow-service.js.map +1 -0
- package/dist/check-design.d.ts +38 -0
- package/dist/check-design.js +256 -0
- package/dist/check-design.js.map +1 -0
- package/dist/check-gitignore.d.ts +39 -0
- package/dist/check-gitignore.js +156 -0
- package/dist/check-gitignore.js.map +1 -0
- package/dist/check-hooks.d.ts +15 -0
- package/dist/check-hooks.js +72 -0
- package/dist/check-hooks.js.map +1 -0
- package/dist/check-lock.d.ts +16 -0
- package/dist/check-lock.js +94 -0
- package/dist/check-lock.js.map +1 -0
- package/dist/check-secrets.d.ts +11 -0
- package/dist/check-secrets.js +320 -0
- package/dist/check-secrets.js.map +1 -0
- package/dist/check-security.d.ts +13 -0
- package/dist/check-security.js +887 -0
- package/dist/check-security.js.map +1 -0
- package/dist/check-services.d.ts +10 -0
- package/dist/check-services.js +44 -0
- package/dist/check-services.js.map +1 -0
- package/dist/check-skills.d.ts +8 -0
- package/dist/check-skills.js +26 -0
- package/dist/check-skills.js.map +1 -0
- package/dist/check-tests.d.ts +43 -0
- package/dist/check-tests.js +175 -0
- package/dist/check-tests.js.map +1 -0
- package/dist/check-tools.d.ts +8 -0
- package/dist/check-tools.js +42 -0
- package/dist/check-tools.js.map +1 -0
- package/dist/check-web-search.d.ts +12 -0
- package/dist/check-web-search.js +168 -0
- package/dist/check-web-search.js.map +1 -0
- package/dist/ci-cd-publisher.d.ts +162 -0
- package/dist/ci-cd-publisher.js +319 -0
- package/dist/ci-cd-publisher.js.map +1 -0
- package/dist/cli.d.ts +2 -0
- package/dist/cli.js +4074 -0
- package/dist/cli.js.map +1 -0
- package/dist/clone.d.ts +25 -0
- package/dist/clone.js +73 -0
- package/dist/clone.js.map +1 -0
- package/dist/completions.d.ts +8 -0
- package/dist/completions.js +250 -0
- package/dist/completions.js.map +1 -0
- package/dist/compression-manager.d.ts +107 -0
- package/dist/compression-manager.js +250 -0
- package/dist/compression-manager.js.map +1 -0
- package/dist/config.d.ts +233 -0
- package/dist/config.js +255 -0
- package/dist/config.js.map +1 -0
- package/dist/context.d.ts +38 -0
- package/dist/context.js +86 -0
- package/dist/context.js.map +1 -0
- package/dist/cost-monitor.d.ts +72 -0
- package/dist/cost-monitor.js +218 -0
- package/dist/cost-monitor.js.map +1 -0
- package/dist/create-plugin.d.ts +22 -0
- package/dist/create-plugin.js +266 -0
- package/dist/create-plugin.js.map +1 -0
- package/dist/database.d.ts +123 -0
- package/dist/database.js +354 -0
- package/dist/database.js.map +1 -0
- package/dist/datadog-adapter.d.ts +60 -0
- package/dist/datadog-adapter.js +245 -0
- package/dist/datadog-adapter.js.map +1 -0
- package/dist/doctor.d.ts +15 -0
- package/dist/doctor.js +131 -0
- package/dist/doctor.js.map +1 -0
- package/dist/documentation-generator.d.ts +226 -0
- package/dist/documentation-generator.js +348 -0
- package/dist/documentation-generator.js.map +1 -0
- package/dist/elevation-scopes.d.ts +40 -0
- package/dist/elevation-scopes.js +110 -0
- package/dist/elevation-scopes.js.map +1 -0
- package/dist/elevation.d.ts +102 -0
- package/dist/elevation.js +449 -0
- package/dist/elevation.js.map +1 -0
- package/dist/env-diff.d.ts +27 -0
- package/dist/env-diff.js +104 -0
- package/dist/env-diff.js.map +1 -0
- package/dist/env-inspect.d.ts +28 -0
- package/dist/env-inspect.js +81 -0
- package/dist/env-inspect.js.map +1 -0
- package/dist/env-switch.d.ts +37 -0
- package/dist/env-switch.js +102 -0
- package/dist/env-switch.js.map +1 -0
- package/dist/environment.d.ts +27 -0
- package/dist/environment.js +148 -0
- package/dist/environment.js.map +1 -0
- package/dist/error-tracker.d.ts +92 -0
- package/dist/error-tracker.js +206 -0
- package/dist/error-tracker.js.map +1 -0
- package/dist/escalate.d.ts +11 -0
- package/dist/escalate.js +73 -0
- package/dist/escalate.js.map +1 -0
- package/dist/event-stream.d.ts +81 -0
- package/dist/event-stream.js +161 -0
- package/dist/event-stream.js.map +1 -0
- package/dist/fix.d.ts +42 -0
- package/dist/fix.js +419 -0
- package/dist/fix.js.map +1 -0
- package/dist/governance-middleware.d.ts +22 -0
- package/dist/governance-middleware.js +173 -0
- package/dist/governance-middleware.js.map +1 -0
- package/dist/governance.d.ts +44 -0
- package/dist/governance.js +236 -0
- package/dist/governance.js.map +1 -0
- package/dist/hooks.d.ts +25 -0
- package/dist/hooks.js +281 -0
- package/dist/hooks.js.map +1 -0
- package/dist/id-generator.d.ts +43 -0
- package/dist/id-generator.js +47 -0
- package/dist/id-generator.js.map +1 -0
- package/dist/image-optimizer.d.ts +92 -0
- package/dist/image-optimizer.js +202 -0
- package/dist/image-optimizer.js.map +1 -0
- package/dist/install.d.ts +15 -0
- package/dist/install.js +59 -0
- package/dist/install.js.map +1 -0
- package/dist/lock.d.ts +82 -0
- package/dist/lock.js +264 -0
- package/dist/lock.js.map +1 -0
- package/dist/login.d.ts +23 -0
- package/dist/login.js +132 -0
- package/dist/login.js.map +1 -0
- package/dist/mcp-kit-tools-model.d.ts +195 -0
- package/dist/mcp-kit-tools-model.js +6 -0
- package/dist/mcp-kit-tools-model.js.map +1 -0
- package/dist/mcp-kit-tools-service.d.ts +127 -0
- package/dist/mcp-kit-tools-service.js +943 -0
- package/dist/mcp-kit-tools-service.js.map +1 -0
- package/dist/mcp-orchestrator.d.ts +70 -0
- package/dist/mcp-orchestrator.js +175 -0
- package/dist/mcp-orchestrator.js.map +1 -0
- package/dist/mcp-server.d.ts +3 -0
- package/dist/mcp-server.js +722 -0
- package/dist/mcp-server.js.map +1 -0
- package/dist/middleware/rate-limiter.d.ts +74 -0
- package/dist/middleware/rate-limiter.js +342 -0
- package/dist/middleware/rate-limiter.js.map +1 -0
- package/dist/migration-runner.d.ts +66 -0
- package/dist/migration-runner.js +192 -0
- package/dist/migration-runner.js.map +1 -0
- package/dist/migrations.d.ts +25 -0
- package/dist/migrations.js +530 -0
- package/dist/migrations.js.map +1 -0
- package/dist/moderation-system.d.ts +153 -0
- package/dist/moderation-system.js +338 -0
- package/dist/moderation-system.js.map +1 -0
- package/dist/multi-agent-workflow-model.d.ts +125 -0
- package/dist/multi-agent-workflow-model.js +6 -0
- package/dist/multi-agent-workflow-model.js.map +1 -0
- package/dist/multi-agent-workflow-service.d.ts +102 -0
- package/dist/multi-agent-workflow-service.js +452 -0
- package/dist/multi-agent-workflow-service.js.map +1 -0
- package/dist/onepassword.d.ts +75 -0
- package/dist/onepassword.js +140 -0
- package/dist/onepassword.js.map +1 -0
- package/dist/open.d.ts +30 -0
- package/dist/open.js +166 -0
- package/dist/open.js.map +1 -0
- package/dist/output.d.ts +32 -0
- package/dist/output.js +295 -0
- package/dist/output.js.map +1 -0
- package/dist/partner-service.d.ts +101 -0
- package/dist/partner-service.js +191 -0
- package/dist/partner-service.js.map +1 -0
- package/dist/payout-service.d.ts +136 -0
- package/dist/payout-service.js +293 -0
- package/dist/payout-service.js.map +1 -0
- package/dist/pkg.d.ts +30 -0
- package/dist/pkg.js +162 -0
- package/dist/pkg.js.map +1 -0
- package/dist/plugin-loader.d.ts +16 -0
- package/dist/plugin-loader.js +124 -0
- package/dist/plugin-loader.js.map +1 -0
- package/dist/plugin-registry-model.d.ts +133 -0
- package/dist/plugin-registry-model.js +6 -0
- package/dist/plugin-registry-model.js.map +1 -0
- package/dist/plugin-registry-service.d.ts +109 -0
- package/dist/plugin-registry-service.js +361 -0
- package/dist/plugin-registry-service.js.map +1 -0
- package/dist/plugin-registry.d.ts +58 -0
- package/dist/plugin-registry.js +108 -0
- package/dist/plugin-registry.js.map +1 -0
- package/dist/plugin-updates.d.ts +135 -0
- package/dist/plugin-updates.js +326 -0
- package/dist/plugin-updates.js.map +1 -0
- package/dist/plugins-cli.d.ts +7 -0
- package/dist/plugins-cli.js +157 -0
- package/dist/plugins-cli.js.map +1 -0
- package/dist/plugins.d.ts +88 -0
- package/dist/plugins.js +251 -0
- package/dist/plugins.js.map +1 -0
- package/dist/policy.d.ts +66 -0
- package/dist/policy.js +160 -0
- package/dist/policy.js.map +1 -0
- package/dist/post-pull-audit.d.ts +39 -0
- package/dist/post-pull-audit.js +151 -0
- package/dist/post-pull-audit.js.map +1 -0
- package/dist/provision.d.ts +17 -0
- package/dist/provision.js +147 -0
- package/dist/provision.js.map +1 -0
- package/dist/query-optimizer.d.ts +102 -0
- package/dist/query-optimizer.js +199 -0
- package/dist/query-optimizer.js.map +1 -0
- package/dist/read-only-mode.d.ts +46 -0
- package/dist/read-only-mode.js +71 -0
- package/dist/read-only-mode.js.map +1 -0
- package/dist/redis-adapter.d.ts +71 -0
- package/dist/redis-adapter.js +278 -0
- package/dist/redis-adapter.js.map +1 -0
- package/dist/resilience-tests.d.ts +120 -0
- package/dist/resilience-tests.js +293 -0
- package/dist/resilience-tests.js.map +1 -0
- package/dist/revocation.d.ts +22 -0
- package/dist/revocation.js +100 -0
- package/dist/revocation.js.map +1 -0
- package/dist/run.d.ts +21 -0
- package/dist/run.js +80 -0
- package/dist/run.js.map +1 -0
- package/dist/scan-build.d.ts +18 -0
- package/dist/scan-build.js +100 -0
- package/dist/scan-build.js.map +1 -0
- package/dist/scan-plaintext.d.ts +24 -0
- package/dist/scan-plaintext.js +147 -0
- package/dist/scan-plaintext.js.map +1 -0
- package/dist/scan-staged.d.ts +15 -0
- package/dist/scan-staged.js +70 -0
- package/dist/scan-staged.js.map +1 -0
- package/dist/scan-transcripts.d.ts +23 -0
- package/dist/scan-transcripts.js +93 -0
- package/dist/scan-transcripts.js.map +1 -0
- package/dist/secret-backends.d.ts +50 -0
- package/dist/secret-backends.js +510 -0
- package/dist/secret-backends.js.map +1 -0
- package/dist/secret-expiration.d.ts +46 -0
- package/dist/secret-expiration.js +172 -0
- package/dist/secret-expiration.js.map +1 -0
- package/dist/secrets-migrate.d.ts +75 -0
- package/dist/secrets-migrate.js +185 -0
- package/dist/secrets-migrate.js.map +1 -0
- package/dist/secrets-model.d.ts +77 -0
- package/dist/secrets-model.js +6 -0
- package/dist/secrets-model.js.map +1 -0
- package/dist/secrets-onecli.d.ts +65 -0
- package/dist/secrets-onecli.js +113 -0
- package/dist/secrets-onecli.js.map +1 -0
- package/dist/secrets-propagate.d.ts +48 -0
- package/dist/secrets-propagate.js +201 -0
- package/dist/secrets-propagate.js.map +1 -0
- package/dist/secrets-pull.d.ts +34 -0
- package/dist/secrets-pull.js +118 -0
- package/dist/secrets-pull.js.map +1 -0
- package/dist/secrets-purge-history.d.ts +53 -0
- package/dist/secrets-purge-history.js +144 -0
- package/dist/secrets-purge-history.js.map +1 -0
- package/dist/secrets-rotate-cli.d.ts +54 -0
- package/dist/secrets-rotate-cli.js +438 -0
- package/dist/secrets-rotate-cli.js.map +1 -0
- package/dist/secrets-rotate.d.ts +38 -0
- package/dist/secrets-rotate.js +65 -0
- package/dist/secrets-rotate.js.map +1 -0
- package/dist/secrets-service.d.ts +73 -0
- package/dist/secrets-service.js +283 -0
- package/dist/secrets-service.js.map +1 -0
- package/dist/secrets-set.d.ts +25 -0
- package/dist/secrets-set.js +33 -0
- package/dist/secrets-set.js.map +1 -0
- package/dist/secrets-sync.d.ts +21 -0
- package/dist/secrets-sync.js +215 -0
- package/dist/secrets-sync.js.map +1 -0
- package/dist/secrets-validate.d.ts +41 -0
- package/dist/secrets-validate.js +126 -0
- package/dist/secrets-validate.js.map +1 -0
- package/dist/secrets-vault-migrate.d.ts +71 -0
- package/dist/secrets-vault-migrate.js +258 -0
- package/dist/secrets-vault-migrate.js.map +1 -0
- package/dist/secrets.d.ts +16 -0
- package/dist/secrets.js +72 -0
- package/dist/secrets.js.map +1 -0
- package/dist/security-hardening.d.ts +150 -0
- package/dist/security-hardening.js +275 -0
- package/dist/security-hardening.js.map +1 -0
- package/dist/security-policy.d.ts +89 -0
- package/dist/security-policy.js +174 -0
- package/dist/security-policy.js.map +1 -0
- package/dist/security-prescan.d.ts +117 -0
- package/dist/security-prescan.js +566 -0
- package/dist/security-prescan.js.map +1 -0
- package/dist/sentry-adapter.d.ts +49 -0
- package/dist/sentry-adapter.js +227 -0
- package/dist/sentry-adapter.js.map +1 -0
- package/dist/service-adapter.d.ts +94 -0
- package/dist/service-adapter.js +162 -0
- package/dist/service-adapter.js.map +1 -0
- package/dist/skills.d.ts +13 -0
- package/dist/skills.js +17 -0
- package/dist/skills.js.map +1 -0
- package/dist/sla-monitor.d.ts +107 -0
- package/dist/sla-monitor.js +233 -0
- package/dist/sla-monitor.js.map +1 -0
- package/dist/stack-detector.d.ts +12 -0
- package/dist/stack-detector.js +251 -0
- package/dist/stack-detector.js.map +1 -0
- package/dist/team-model.d.ts +58 -0
- package/dist/team-model.js +83 -0
- package/dist/team-model.js.map +1 -0
- package/dist/team-service.d.ts +54 -0
- package/dist/team-service.js +206 -0
- package/dist/team-service.js.map +1 -0
- package/dist/toml-generator.d.ts +8 -0
- package/dist/toml-generator.js +223 -0
- package/dist/toml-generator.js.map +1 -0
- package/dist/triage-sandbox.d.ts +34 -0
- package/dist/triage-sandbox.js +167 -0
- package/dist/triage-sandbox.js.map +1 -0
- package/dist/triage.d.ts +30 -0
- package/dist/triage.js +79 -0
- package/dist/triage.js.map +1 -0
- package/dist/update-check.d.ts +13 -0
- package/dist/update-check.js +91 -0
- package/dist/update-check.js.map +1 -0
- package/dist/utils/colors.d.ts +14 -0
- package/dist/utils/colors.js +15 -0
- package/dist/utils/colors.js.map +1 -0
- package/dist/utils/didYouMean.d.ts +15 -0
- package/dist/utils/didYouMean.js +47 -0
- package/dist/utils/didYouMean.js.map +1 -0
- package/dist/utils/exec.d.ts +21 -0
- package/dist/utils/exec.js +23 -0
- package/dist/utils/exec.js.map +1 -0
- package/dist/utils/execFileNoThrow.d.ts +14 -0
- package/dist/utils/execFileNoThrow.js +29 -0
- package/dist/utils/execFileNoThrow.js.map +1 -0
- package/dist/utils/flags.d.ts +19 -0
- package/dist/utils/flags.js +36 -0
- package/dist/utils/flags.js.map +1 -0
- package/dist/utils/parseCommand.d.ts +16 -0
- package/dist/utils/parseCommand.js +13 -0
- package/dist/utils/parseCommand.js.map +1 -0
- package/dist/utils/prompt.d.ts +13 -0
- package/dist/utils/prompt.js +35 -0
- package/dist/utils/prompt.js.map +1 -0
- package/dist/utils/promptSelect.d.ts +19 -0
- package/dist/utils/promptSelect.js +89 -0
- package/dist/utils/promptSelect.js.map +1 -0
- package/dist/utils/redactSecrets.d.ts +24 -0
- package/dist/utils/redactSecrets.js +134 -0
- package/dist/utils/redactSecrets.js.map +1 -0
- package/dist/validation/dynamic-schema.d.ts +29 -0
- package/dist/validation/dynamic-schema.js +76 -0
- package/dist/validation/dynamic-schema.js.map +1 -0
- package/package.json +52 -0
|
@@ -0,0 +1,348 @@
|
|
|
1
|
+
import { IdGenerators } from "./id-generator.js";
|
|
2
|
+
// ─── DocumentationGenerator ───────────────────────────────────────────────────
|
|
3
|
+
export class DocumentationGenerator {
|
|
4
|
+
pages = new Map();
|
|
5
|
+
apiDocs = new Map();
|
|
6
|
+
examples = new Map();
|
|
7
|
+
tutorials = new Map();
|
|
8
|
+
collections = new Map();
|
|
9
|
+
searchIndex = new Map(); // term → pageIds
|
|
10
|
+
// ─── Page Management ──────────────────────────────────────────────────────
|
|
11
|
+
/**
|
|
12
|
+
* Create a documentation page.
|
|
13
|
+
*/
|
|
14
|
+
createPage(title, content, type, author, tags = []) {
|
|
15
|
+
const id = IdGenerators.documentation();
|
|
16
|
+
const slug = title.toLowerCase().replace(/\s+/g, "-").replace(/[^\w-]/g, "");
|
|
17
|
+
const page = {
|
|
18
|
+
id,
|
|
19
|
+
title,
|
|
20
|
+
slug,
|
|
21
|
+
type,
|
|
22
|
+
content,
|
|
23
|
+
format: "markdown",
|
|
24
|
+
author,
|
|
25
|
+
createdAt: new Date().toISOString(),
|
|
26
|
+
updatedAt: new Date().toISOString(),
|
|
27
|
+
views: 0,
|
|
28
|
+
tags,
|
|
29
|
+
relatedPages: [],
|
|
30
|
+
toc: this.generateTableOfContents(content),
|
|
31
|
+
};
|
|
32
|
+
this.pages.set(id, page);
|
|
33
|
+
this.indexPage(id, content);
|
|
34
|
+
return page;
|
|
35
|
+
}
|
|
36
|
+
/**
|
|
37
|
+
* Get a page by ID.
|
|
38
|
+
*/
|
|
39
|
+
getPage(pageId) {
|
|
40
|
+
const page = this.pages.get(pageId);
|
|
41
|
+
if (page) {
|
|
42
|
+
page.views++;
|
|
43
|
+
}
|
|
44
|
+
return page || null;
|
|
45
|
+
}
|
|
46
|
+
/**
|
|
47
|
+
* Update a page.
|
|
48
|
+
*/
|
|
49
|
+
updatePage(pageId, updates) {
|
|
50
|
+
const page = this.pages.get(pageId);
|
|
51
|
+
if (!page)
|
|
52
|
+
return null;
|
|
53
|
+
Object.assign(page, updates, { updatedAt: new Date().toISOString() });
|
|
54
|
+
return page;
|
|
55
|
+
}
|
|
56
|
+
/**
|
|
57
|
+
* Delete a page.
|
|
58
|
+
*/
|
|
59
|
+
deletePage(pageId) {
|
|
60
|
+
const page = this.pages.get(pageId);
|
|
61
|
+
if (!page)
|
|
62
|
+
return false;
|
|
63
|
+
// Remove from index
|
|
64
|
+
const terms = this.extractTerms(page.content);
|
|
65
|
+
for (const term of terms) {
|
|
66
|
+
this.searchIndex.get(term)?.delete(pageId);
|
|
67
|
+
}
|
|
68
|
+
this.pages.delete(pageId);
|
|
69
|
+
return true;
|
|
70
|
+
}
|
|
71
|
+
// ─── Table of Contents ────────────────────────────────────────────────────
|
|
72
|
+
/**
|
|
73
|
+
* Generate table of contents from markdown headings.
|
|
74
|
+
*/
|
|
75
|
+
generateTableOfContents(content) {
|
|
76
|
+
const headings = [];
|
|
77
|
+
const lines = content.split("\n");
|
|
78
|
+
lines.forEach((line) => {
|
|
79
|
+
const match = line.match(/^(#+)\s+(.+)$/);
|
|
80
|
+
if (match) {
|
|
81
|
+
const level = match[1].length;
|
|
82
|
+
const title = match[2];
|
|
83
|
+
const id = title.toLowerCase().replace(/\s+/g, "-");
|
|
84
|
+
headings.push({ level, title, id });
|
|
85
|
+
}
|
|
86
|
+
});
|
|
87
|
+
return headings;
|
|
88
|
+
}
|
|
89
|
+
// ─── Search & Indexing ───────────────────────────────────────────────────
|
|
90
|
+
/**
|
|
91
|
+
* Index page content for full-text search.
|
|
92
|
+
*/
|
|
93
|
+
indexPage(pageId, content) {
|
|
94
|
+
const terms = this.extractTerms(content);
|
|
95
|
+
for (const term of terms) {
|
|
96
|
+
const pages = this.searchIndex.get(term) || new Set();
|
|
97
|
+
pages.add(pageId);
|
|
98
|
+
this.searchIndex.set(term, pages);
|
|
99
|
+
}
|
|
100
|
+
}
|
|
101
|
+
/**
|
|
102
|
+
* Extract searchable terms from content.
|
|
103
|
+
*/
|
|
104
|
+
extractTerms(content) {
|
|
105
|
+
return content
|
|
106
|
+
.toLowerCase()
|
|
107
|
+
.split(/\W+/)
|
|
108
|
+
.filter((term) => term.length > 2 && !this.isStopWord(term));
|
|
109
|
+
}
|
|
110
|
+
isStopWord(word) {
|
|
111
|
+
const stops = ["the", "and", "or", "is", "are", "was", "be", "to", "of", "in", "on", "at"];
|
|
112
|
+
return stops.includes(word);
|
|
113
|
+
}
|
|
114
|
+
/**
|
|
115
|
+
* Search documentation by keyword.
|
|
116
|
+
*/
|
|
117
|
+
search(query, limit = 20) {
|
|
118
|
+
const terms = this.extractTerms(query);
|
|
119
|
+
const pageScores = new Map();
|
|
120
|
+
for (const term of terms) {
|
|
121
|
+
const pageIds = this.searchIndex.get(term) || new Set();
|
|
122
|
+
for (const pageId of pageIds) {
|
|
123
|
+
pageScores.set(pageId, (pageScores.get(pageId) || 0) + 1);
|
|
124
|
+
}
|
|
125
|
+
}
|
|
126
|
+
return [...pageScores.entries()]
|
|
127
|
+
.map(([pageId, score]) => {
|
|
128
|
+
const page = this.pages.get(pageId);
|
|
129
|
+
const snippet = this.extractSnippet(page.content, query, 150);
|
|
130
|
+
return { page, relevance: score, snippet };
|
|
131
|
+
})
|
|
132
|
+
.sort((a, b) => b.relevance - a.relevance)
|
|
133
|
+
.slice(0, limit);
|
|
134
|
+
}
|
|
135
|
+
/**
|
|
136
|
+
* Extract snippet around query term.
|
|
137
|
+
*/
|
|
138
|
+
extractSnippet(content, query, length) {
|
|
139
|
+
const index = content.toLowerCase().indexOf(query.toLowerCase());
|
|
140
|
+
if (index === -1)
|
|
141
|
+
return content.substring(0, length) + "...";
|
|
142
|
+
const start = Math.max(0, index - length / 2);
|
|
143
|
+
const end = Math.min(content.length, start + length);
|
|
144
|
+
return (start > 0 ? "..." : "") + content.substring(start, end) + (end < content.length ? "..." : "");
|
|
145
|
+
}
|
|
146
|
+
// ─── API Documentation ───────────────────────────────────────────────────
|
|
147
|
+
/**
|
|
148
|
+
* Register API endpoint documentation.
|
|
149
|
+
*/
|
|
150
|
+
registerAPIDoc(doc) {
|
|
151
|
+
this.apiDocs.set(doc.endpoint, doc);
|
|
152
|
+
}
|
|
153
|
+
/**
|
|
154
|
+
* Get API documentation for an endpoint.
|
|
155
|
+
*/
|
|
156
|
+
getAPIDoc(endpoint) {
|
|
157
|
+
return this.apiDocs.get(endpoint) || null;
|
|
158
|
+
}
|
|
159
|
+
/**
|
|
160
|
+
* Get all API documentation.
|
|
161
|
+
*/
|
|
162
|
+
getAllAPIDocsIndex() {
|
|
163
|
+
return [...this.apiDocs.values()];
|
|
164
|
+
}
|
|
165
|
+
/**
|
|
166
|
+
* Generate OpenAPI spec from registered endpoints.
|
|
167
|
+
*/
|
|
168
|
+
generateOpenAPISpec(version = "3.0.0", baseUrl = "https://github.com/sandstream/kit") {
|
|
169
|
+
const paths = {};
|
|
170
|
+
for (const doc of this.apiDocs.values()) {
|
|
171
|
+
paths[doc.endpoint] = {
|
|
172
|
+
[doc.method.toLowerCase()]: {
|
|
173
|
+
summary: doc.description,
|
|
174
|
+
parameters: doc.parameters,
|
|
175
|
+
responses: {
|
|
176
|
+
200: {
|
|
177
|
+
description: "Success",
|
|
178
|
+
content: {
|
|
179
|
+
"application/json": {
|
|
180
|
+
schema: doc.response,
|
|
181
|
+
},
|
|
182
|
+
},
|
|
183
|
+
},
|
|
184
|
+
...Object.fromEntries(doc.errors.map((e) => [e.code, { description: e.message }])),
|
|
185
|
+
},
|
|
186
|
+
},
|
|
187
|
+
};
|
|
188
|
+
}
|
|
189
|
+
return {
|
|
190
|
+
openapi: version,
|
|
191
|
+
info: { title: "kit Marketplace API", version },
|
|
192
|
+
servers: [{ url: baseUrl }],
|
|
193
|
+
paths,
|
|
194
|
+
};
|
|
195
|
+
}
|
|
196
|
+
// ─── Examples ────────────────────────────────────────────────────────────
|
|
197
|
+
/**
|
|
198
|
+
* Register a code example.
|
|
199
|
+
*/
|
|
200
|
+
registerExample(example) {
|
|
201
|
+
this.examples.set(example.id, example);
|
|
202
|
+
}
|
|
203
|
+
/**
|
|
204
|
+
* Get example by ID.
|
|
205
|
+
*/
|
|
206
|
+
getExample(exampleId) {
|
|
207
|
+
return this.examples.get(exampleId) || null;
|
|
208
|
+
}
|
|
209
|
+
/**
|
|
210
|
+
* Get examples by tag.
|
|
211
|
+
*/
|
|
212
|
+
getExamplesByTag(tag) {
|
|
213
|
+
return [...this.examples.values()].filter((e) => e.tags.includes(tag));
|
|
214
|
+
}
|
|
215
|
+
/**
|
|
216
|
+
* Get examples by difficulty.
|
|
217
|
+
*/
|
|
218
|
+
getExamplesByDifficulty(difficulty) {
|
|
219
|
+
return [...this.examples.values()].filter((e) => e.difficulty === difficulty);
|
|
220
|
+
}
|
|
221
|
+
// ─── Tutorials ───────────────────────────────────────────────────────────
|
|
222
|
+
/**
|
|
223
|
+
* Register a tutorial.
|
|
224
|
+
*/
|
|
225
|
+
registerTutorial(tutorial) {
|
|
226
|
+
this.tutorials.set(tutorial.id, tutorial);
|
|
227
|
+
}
|
|
228
|
+
/**
|
|
229
|
+
* Get tutorial by ID.
|
|
230
|
+
*/
|
|
231
|
+
getTutorial(tutorialId) {
|
|
232
|
+
return this.tutorials.get(tutorialId) || null;
|
|
233
|
+
}
|
|
234
|
+
/**
|
|
235
|
+
* Get tutorials by difficulty.
|
|
236
|
+
*/
|
|
237
|
+
getTutorialsByDifficulty(difficulty) {
|
|
238
|
+
return [...this.tutorials.values()].filter((t) => t.difficulty === difficulty);
|
|
239
|
+
}
|
|
240
|
+
/**
|
|
241
|
+
* Get tutorials for beginners.
|
|
242
|
+
*/
|
|
243
|
+
getBeginnerTutorials() {
|
|
244
|
+
return this.getTutorialsByDifficulty("beginner");
|
|
245
|
+
}
|
|
246
|
+
// ─── Collections ─────────────────────────────────────────────────────────
|
|
247
|
+
/**
|
|
248
|
+
* Create a documentation collection (category).
|
|
249
|
+
*/
|
|
250
|
+
createCollection(category, description, pages, order = 0) {
|
|
251
|
+
const collection = {
|
|
252
|
+
category,
|
|
253
|
+
pages,
|
|
254
|
+
description,
|
|
255
|
+
order,
|
|
256
|
+
};
|
|
257
|
+
this.collections.set(category, collection);
|
|
258
|
+
return collection;
|
|
259
|
+
}
|
|
260
|
+
/**
|
|
261
|
+
* Get collection by category.
|
|
262
|
+
*/
|
|
263
|
+
getCollection(category) {
|
|
264
|
+
return this.collections.get(category) || null;
|
|
265
|
+
}
|
|
266
|
+
/**
|
|
267
|
+
* Get all collections sorted by order.
|
|
268
|
+
*/
|
|
269
|
+
getAllCollections() {
|
|
270
|
+
return [...this.collections.values()].sort((a, b) => a.order - b.order);
|
|
271
|
+
}
|
|
272
|
+
// ─── Export & Generation ─────────────────────────────────────────────────
|
|
273
|
+
/**
|
|
274
|
+
* Generate documentation HTML site structure.
|
|
275
|
+
*/
|
|
276
|
+
generateSiteStructure() {
|
|
277
|
+
return {
|
|
278
|
+
collections: this.getAllCollections().map((col) => ({
|
|
279
|
+
name: col.category,
|
|
280
|
+
pages: col.pages.map((p) => ({
|
|
281
|
+
title: p.title,
|
|
282
|
+
slug: p.slug,
|
|
283
|
+
type: p.type,
|
|
284
|
+
})),
|
|
285
|
+
})),
|
|
286
|
+
};
|
|
287
|
+
}
|
|
288
|
+
/**
|
|
289
|
+
* Generate a static site dump (markdown files).
|
|
290
|
+
*/
|
|
291
|
+
generateMarkdownDump() {
|
|
292
|
+
const dump = {};
|
|
293
|
+
for (const page of this.pages.values()) {
|
|
294
|
+
const filename = `${page.slug}.md`;
|
|
295
|
+
dump[filename] = `# ${page.title}\n\n${page.content}`;
|
|
296
|
+
}
|
|
297
|
+
return dump;
|
|
298
|
+
}
|
|
299
|
+
/**
|
|
300
|
+
* Generate navigation sidebar structure.
|
|
301
|
+
*/
|
|
302
|
+
generateNavigation() {
|
|
303
|
+
return this.getAllCollections().map((col) => ({
|
|
304
|
+
label: col.category,
|
|
305
|
+
items: col.pages.map((p) => ({
|
|
306
|
+
label: p.title,
|
|
307
|
+
href: `/docs/${p.slug}`,
|
|
308
|
+
type: p.type,
|
|
309
|
+
})),
|
|
310
|
+
}));
|
|
311
|
+
}
|
|
312
|
+
// ─── Statistics ───────────────────────────────────────────────────────────
|
|
313
|
+
/**
|
|
314
|
+
* Get documentation statistics.
|
|
315
|
+
*/
|
|
316
|
+
getStats() {
|
|
317
|
+
const byType = {};
|
|
318
|
+
let totalLength = 0;
|
|
319
|
+
let totalViews = 0;
|
|
320
|
+
for (const page of this.pages.values()) {
|
|
321
|
+
byType[page.type] = (byType[page.type] || 0) + 1;
|
|
322
|
+
totalLength += page.content.length;
|
|
323
|
+
totalViews += page.views;
|
|
324
|
+
}
|
|
325
|
+
return {
|
|
326
|
+
totalPages: this.pages.size,
|
|
327
|
+
byType,
|
|
328
|
+
totalViews,
|
|
329
|
+
totalExamples: this.examples.size,
|
|
330
|
+
totalTutorials: this.tutorials.size,
|
|
331
|
+
avgPageLength: this.pages.size > 0 ? Math.round(totalLength / this.pages.size) : 0,
|
|
332
|
+
};
|
|
333
|
+
}
|
|
334
|
+
// ─── Cache helpers ────────────────────────────────────────────────────────
|
|
335
|
+
getPagesCache() {
|
|
336
|
+
return this.pages;
|
|
337
|
+
}
|
|
338
|
+
getExamplesCache() {
|
|
339
|
+
return this.examples;
|
|
340
|
+
}
|
|
341
|
+
getTutorialsCache() {
|
|
342
|
+
return this.tutorials;
|
|
343
|
+
}
|
|
344
|
+
getAPIDocsCache() {
|
|
345
|
+
return this.apiDocs;
|
|
346
|
+
}
|
|
347
|
+
}
|
|
348
|
+
//# sourceMappingURL=documentation-generator.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"documentation-generator.js","sourceRoot":"","sources":["../src/documentation-generator.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAyFjD,iFAAiF;AAEjF,MAAM,OAAO,sBAAsB;IACzB,KAAK,GAAyB,IAAI,GAAG,EAAE,CAAC;IACxC,OAAO,GAAwB,IAAI,GAAG,EAAE,CAAC;IACzC,QAAQ,GAAyB,IAAI,GAAG,EAAE,CAAC;IAC3C,SAAS,GAA0B,IAAI,GAAG,EAAE,CAAC;IAC7C,WAAW,GAA+B,IAAI,GAAG,EAAE,CAAC;IACpD,WAAW,GAA6B,IAAI,GAAG,EAAE,CAAC,CAAC,iBAAiB;IAE5E,6EAA6E;IAE7E;;OAEG;IACH,UAAU,CACR,KAAa,EACb,OAAe,EACf,IAAa,EACb,MAAc,EACd,OAAiB,EAAE;QAEnB,MAAM,EAAE,GAAG,YAAY,CAAC,aAAa,EAAE,CAAC;QACxC,MAAM,IAAI,GAAG,KAAK,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;QAE7E,MAAM,IAAI,GAAY;YACpB,EAAE;YACF,KAAK;YACL,IAAI;YACJ,IAAI;YACJ,OAAO;YACP,MAAM,EAAE,UAAU;YAClB,MAAM;YACN,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,KAAK,EAAE,CAAC;YACR,IAAI;YACJ,YAAY,EAAE,EAAE;YAChB,GAAG,EAAE,IAAI,CAAC,uBAAuB,CAAC,OAAO,CAAC;SAC3C,CAAC;QAEF,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC;QACzB,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;QAC5B,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACH,OAAO,CAAC,MAAc;QACpB,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACpC,IAAI,IAAI,EAAE,CAAC;YACT,IAAI,CAAC,KAAK,EAAE,CAAC;QACf,CAAC;QACD,OAAO,IAAI,IAAI,IAAI,CAAC;IACtB,CAAC;IAED;;OAEG;IACH,UAAU,CAAC,MAAc,EAAE,OAAyB;QAClD,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACpC,IAAI,CAAC,IAAI;YAAE,OAAO,IAAI,CAAC;QAEvB,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;QACtE,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACH,UAAU,CAAC,MAAc;QACvB,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACpC,IAAI,CAAC,IAAI;YAAE,OAAO,KAAK,CAAC;QAExB,oBAAoB;QACpB,MAAM,KAAK,GAAG,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC9C,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;QAC7C,CAAC;QAED,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAC1B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,6EAA6E;IAE7E;;OAEG;IACK,uBAAuB,CAAC,OAAe;QAC7C,MAAM,QAAQ,GAAsB,EAAE,CAAC;QACvC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAElC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE;YACrB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;YAC1C,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;gBAC9B,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;gBACvB,MAAM,EAAE,GAAG,KAAK,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;gBAEpD,QAAQ,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,CAAC;YACtC,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,4EAA4E;IAE5E;;OAEG;IACK,SAAS,CAAC,MAAc,EAAE,OAAe;QAC/C,MAAM,KAAK,GAAG,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;QACzC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,IAAI,GAAG,EAAE,CAAC;YACtD,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YAClB,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;QACpC,CAAC;IACH,CAAC;IAED;;OAEG;IACK,YAAY,CAAC,OAAe;QAClC,OAAO,OAAO;aACX,WAAW,EAAE;aACb,KAAK,CAAC,KAAK,CAAC;aACZ,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC;IACjE,CAAC;IAEO,UAAU,CAAC,IAAY;QAC7B,MAAM,KAAK,GAAG,CAAC,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;QAC3F,OAAO,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IAC9B,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,KAAa,EAAE,KAAK,GAAG,EAAE;QAC9B,MAAM,KAAK,GAAG,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;QACvC,MAAM,UAAU,GAAG,IAAI,GAAG,EAAkB,CAAC;QAE7C,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,IAAI,GAAG,EAAE,CAAC;YACxD,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;gBAC7B,UAAU,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YAC5D,CAAC;QACH,CAAC;QAED,OAAO,CAAC,GAAG,UAAU,CAAC,OAAO,EAAE,CAAC;aAC7B,GAAG,CAAC,CAAC,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,EAAE;YACvB,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAE,CAAC;YACrC,MAAM,OAAO,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,OAAO,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC;YAC9D,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;QAC7C,CAAC,CAAC;aACD,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,GAAG,CAAC,CAAC,SAAS,CAAC;aACzC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;IACrB,CAAC;IAED;;OAEG;IACK,cAAc,CAAC,OAAe,EAAE,KAAa,EAAE,MAAc;QACnE,MAAM,KAAK,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC;QACjE,IAAI,KAAK,KAAK,CAAC,CAAC;YAAE,OAAO,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,MAAM,CAAC,GAAG,KAAK,CAAC;QAE9D,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,GAAG,MAAM,GAAG,CAAC,CAAC,CAAC;QAC9C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,EAAE,KAAK,GAAG,MAAM,CAAC,CAAC;QACrD,OAAO,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,SAAS,CAAC,KAAK,EAAE,GAAG,CAAC,GAAG,CAAC,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;IACxG,CAAC;IAED,4EAA4E;IAE5E;;OAEG;IACH,cAAc,CAAC,GAAW;QACxB,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;IACtC,CAAC;IAED;;OAEG;IACH,SAAS,CAAC,QAAgB;QACxB,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC;IAC5C,CAAC;IAED;;OAEG;IACH,kBAAkB;QAChB,OAAO,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;IACpC,CAAC;IAED;;OAEG;IACH,mBAAmB,CAAC,UAAkB,OAAO,EAAE,UAAkB,mCAAmC;QAClG,MAAM,KAAK,GAA4B,EAAE,CAAC;QAE1C,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC;YACxC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG;gBACpB,CAAC,GAAG,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,EAAE;oBAC1B,OAAO,EAAE,GAAG,CAAC,WAAW;oBACxB,UAAU,EAAE,GAAG,CAAC,UAAU;oBAC1B,SAAS,EAAE;wBACT,GAAG,EAAE;4BACH,WAAW,EAAE,SAAS;4BACtB,OAAO,EAAE;gCACP,kBAAkB,EAAE;oCAClB,MAAM,EAAE,GAAG,CAAC,QAAQ;iCACrB;6BACF;yBACF;wBACD,GAAG,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,EAAE,WAAW,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;qBACnF;iBACF;aACF,CAAC;QACJ,CAAC;QAED,OAAO;YACL,OAAO,EAAE,OAAO;YAChB,IAAI,EAAE,EAAE,KAAK,EAAE,qBAAqB,EAAE,OAAO,EAAE;YAC/C,OAAO,EAAE,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC;YAC3B,KAAK;SACN,CAAC;IACJ,CAAC;IAED,4EAA4E;IAE5E;;OAEG;IACH,eAAe,CAAC,OAAgB;QAC9B,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;IACzC,CAAC;IAED;;OAEG;IACH,UAAU,CAAC,SAAiB;QAC1B,OAAO,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,IAAI,CAAC;IAC9C,CAAC;IAED;;OAEG;IACH,gBAAgB,CAAC,GAAW;QAC1B,OAAO,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC;IACzE,CAAC;IAED;;OAEG;IACH,uBAAuB,CAAC,UAAkB;QACxC,OAAO,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,KAAK,UAAU,CAAC,CAAC;IAChF,CAAC;IAED,4EAA4E;IAE5E;;OAEG;IACH,gBAAgB,CAAC,QAAkB;QACjC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAC;IAC5C,CAAC;IAED;;OAEG;IACH,WAAW,CAAC,UAAkB;QAC5B,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,IAAI,CAAC;IAChD,CAAC;IAED;;OAEG;IACH,wBAAwB,CAAC,UAAkB;QACzC,OAAO,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,KAAK,UAAU,CAAC,CAAC;IACjF,CAAC;IAED;;OAEG;IACH,oBAAoB;QAClB,OAAO,IAAI,CAAC,wBAAwB,CAAC,UAAU,CAAC,CAAC;IACnD,CAAC;IAED,4EAA4E;IAE5E;;OAEG;IACH,gBAAgB,CACd,QAAgB,EAChB,WAAmB,EACnB,KAAgB,EAChB,QAAgB,CAAC;QAEjB,MAAM,UAAU,GAAkB;YAChC,QAAQ;YACR,KAAK;YACL,WAAW;YACX,KAAK;SACN,CAAC;QACF,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;QAC3C,OAAO,UAAU,CAAC;IACpB,CAAC;IAED;;OAEG;IACH,aAAa,CAAC,QAAgB;QAC5B,OAAO,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC;IAChD,CAAC;IAED;;OAEG;IACH,iBAAiB;QACf,OAAO,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC;IAC1E,CAAC;IAED,4EAA4E;IAE5E;;OAEG;IACH,qBAAqB;QAMnB,OAAO;YACL,WAAW,EAAE,IAAI,CAAC,iBAAiB,EAAE,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;gBAClD,IAAI,EAAE,GAAG,CAAC,QAAQ;gBAClB,KAAK,EAAE,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;oBAC3B,KAAK,EAAE,CAAC,CAAC,KAAK;oBACd,IAAI,EAAE,CAAC,CAAC,IAAI;oBACZ,IAAI,EAAE,CAAC,CAAC,IAAI;iBACb,CAAC,CAAC;aACJ,CAAC,CAAC;SACJ,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,oBAAoB;QAClB,MAAM,IAAI,GAA2B,EAAE,CAAC;QAExC,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;YACvC,MAAM,QAAQ,GAAG,GAAG,IAAI,CAAC,IAAI,KAAK,CAAC;YACnC,IAAI,CAAC,QAAQ,CAAC,GAAG,KAAK,IAAI,CAAC,KAAK,OAAO,IAAI,CAAC,OAAO,EAAE,CAAC;QACxD,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACH,kBAAkB;QAIhB,OAAO,IAAI,CAAC,iBAAiB,EAAE,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;YAC5C,KAAK,EAAE,GAAG,CAAC,QAAQ;YACnB,KAAK,EAAE,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBAC3B,KAAK,EAAE,CAAC,CAAC,KAAK;gBACd,IAAI,EAAE,SAAS,CAAC,CAAC,IAAI,EAAE;gBACvB,IAAI,EAAE,CAAC,CAAC,IAAI;aACb,CAAC,CAAC;SACJ,CAAC,CAAC,CAAC;IACN,CAAC;IAED,6EAA6E;IAE7E;;OAEG;IACH,QAAQ;QAQN,MAAM,MAAM,GAA4B,EAA6B,CAAC;QACtE,IAAI,WAAW,GAAG,CAAC,CAAC;QACpB,IAAI,UAAU,GAAG,CAAC,CAAC;QAEnB,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;YACvC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;YACjD,WAAW,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC;YACnC,UAAU,IAAI,IAAI,CAAC,KAAK,CAAC;QAC3B,CAAC;QAED,OAAO;YACL,UAAU,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI;YAC3B,MAAM;YACN,UAAU;YACV,aAAa,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAI;YACjC,cAAc,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI;YACnC,aAAa,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;SACnF,CAAC;IACJ,CAAC;IAED,6EAA6E;IAE7E,aAAa;QACX,OAAO,IAAI,CAAC,KAAK,CAAC;IACpB,CAAC;IAED,gBAAgB;QACd,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;IAED,iBAAiB;QACf,OAAO,IAAI,CAAC,SAAS,CAAC;IACxB,CAAC;IAED,eAAe;QACb,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;CACF"}
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Per-operation elevation-scope mapping.
|
|
3
|
+
*
|
|
4
|
+
* `requireElevation("rotate")` is too coarse — it treats every rotate-mode
|
|
5
|
+
* the same. Some modes are reversible (scoped-key-mint with rollback),
|
|
6
|
+
* others are hard cutovers (jwt-secret-roll). This module maps each
|
|
7
|
+
* fine-grained operation to its canonical elevation-scope so the
|
|
8
|
+
* elevation-gate matches the destructive nature of the actual call.
|
|
9
|
+
*
|
|
10
|
+
* Mapping principles:
|
|
11
|
+
* - Reversible ops → standard 15-min TTL scope (call `requireElevation`).
|
|
12
|
+
* - Irreversible ops → one-shot scope (call `consumeElevation`); marker
|
|
13
|
+
* is atomically deleted on use so the same elevation can't fire a
|
|
14
|
+
* second destructive op silently.
|
|
15
|
+
*
|
|
16
|
+
* Callers ask `scopeFor(operation, mode)` to get the canonical scope name
|
|
17
|
+
* + whether it's one-shot. They never hard-code scope strings.
|
|
18
|
+
*/
|
|
19
|
+
export interface ElevationScopeMapping {
|
|
20
|
+
/** Canonical scope name passed to requireElevation / consumeElevation. */
|
|
21
|
+
scope: string;
|
|
22
|
+
/** One-shot scopes consume their elevation marker on first use. */
|
|
23
|
+
oneShot: boolean;
|
|
24
|
+
/** Human-readable description for audit-log + CLI help text. */
|
|
25
|
+
description: string;
|
|
26
|
+
}
|
|
27
|
+
export declare function scopeFor(operation: string, mode?: string): ElevationScopeMapping;
|
|
28
|
+
/**
|
|
29
|
+
* Returns true when the (operation, mode) pair requires one-shot elevation.
|
|
30
|
+
* Convenience helper for callers that need to pick between requireElevation
|
|
31
|
+
* and consumeElevation at runtime.
|
|
32
|
+
*/
|
|
33
|
+
export declare function isOneShot(operation: string, mode?: string): boolean;
|
|
34
|
+
/**
|
|
35
|
+
* Lists every mapping — used by `kit auth elevate --list-scopes` to
|
|
36
|
+
* surface what scopes are available + their one-shot status.
|
|
37
|
+
*/
|
|
38
|
+
export declare function listScopes(): Array<{
|
|
39
|
+
key: string;
|
|
40
|
+
} & ElevationScopeMapping>;
|
|
@@ -0,0 +1,110 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Per-operation elevation-scope mapping.
|
|
3
|
+
*
|
|
4
|
+
* `requireElevation("rotate")` is too coarse — it treats every rotate-mode
|
|
5
|
+
* the same. Some modes are reversible (scoped-key-mint with rollback),
|
|
6
|
+
* others are hard cutovers (jwt-secret-roll). This module maps each
|
|
7
|
+
* fine-grained operation to its canonical elevation-scope so the
|
|
8
|
+
* elevation-gate matches the destructive nature of the actual call.
|
|
9
|
+
*
|
|
10
|
+
* Mapping principles:
|
|
11
|
+
* - Reversible ops → standard 15-min TTL scope (call `requireElevation`).
|
|
12
|
+
* - Irreversible ops → one-shot scope (call `consumeElevation`); marker
|
|
13
|
+
* is atomically deleted on use so the same elevation can't fire a
|
|
14
|
+
* second destructive op silently.
|
|
15
|
+
*
|
|
16
|
+
* Callers ask `scopeFor(operation, mode)` to get the canonical scope name
|
|
17
|
+
* + whether it's one-shot. They never hard-code scope strings.
|
|
18
|
+
*/
|
|
19
|
+
/**
|
|
20
|
+
* `<operation>:<mode>` → mapping. Operations like "rotate" have multiple
|
|
21
|
+
* modes; bare keys (no `:<mode>`) act as fallbacks.
|
|
22
|
+
*/
|
|
23
|
+
const SCOPE_MAP = {
|
|
24
|
+
// Rotation modes
|
|
25
|
+
"rotate:jwt-secret-roll": {
|
|
26
|
+
scope: "rotate",
|
|
27
|
+
oneShot: true,
|
|
28
|
+
description: "Supabase JWT-secret reset — invalidates anon + service_role + all sessions",
|
|
29
|
+
},
|
|
30
|
+
"rotate:scoped-key-mint": {
|
|
31
|
+
scope: "rotate",
|
|
32
|
+
oneShot: false,
|
|
33
|
+
description: "Supabase scoped-key mint — additive, old key remains until revoke-old",
|
|
34
|
+
},
|
|
35
|
+
rotate: {
|
|
36
|
+
scope: "rotate",
|
|
37
|
+
oneShot: false,
|
|
38
|
+
description: "Generic credential rotation",
|
|
39
|
+
},
|
|
40
|
+
// Migration
|
|
41
|
+
"migrate:plaintext-to-vault": {
|
|
42
|
+
scope: "migrate",
|
|
43
|
+
oneShot: false,
|
|
44
|
+
description: "Plaintext .env* → vault migration",
|
|
45
|
+
},
|
|
46
|
+
"migrate:vault-to-vault": {
|
|
47
|
+
scope: "vault-migrate",
|
|
48
|
+
oneShot: true,
|
|
49
|
+
description: "Cross-vault migration (e.g. 1Password → Infisical)",
|
|
50
|
+
},
|
|
51
|
+
migrate: {
|
|
52
|
+
scope: "migrate",
|
|
53
|
+
oneShot: false,
|
|
54
|
+
description: "Generic secret migration",
|
|
55
|
+
},
|
|
56
|
+
// Propagation
|
|
57
|
+
propagate: {
|
|
58
|
+
scope: "propagate",
|
|
59
|
+
oneShot: false,
|
|
60
|
+
description: "Sync secrets from kit to deploy platform (Vercel / Fly / etc.)",
|
|
61
|
+
},
|
|
62
|
+
// History rewrite — irreversible
|
|
63
|
+
"purge-history": {
|
|
64
|
+
scope: "purge-history",
|
|
65
|
+
oneShot: true,
|
|
66
|
+
description: "git filter-repo / BFG — rewrites history, requires force-push",
|
|
67
|
+
},
|
|
68
|
+
// OneCLI register
|
|
69
|
+
"onecli-register": {
|
|
70
|
+
scope: "onecli-register",
|
|
71
|
+
oneShot: true,
|
|
72
|
+
description: "Register fake-key in OneCLI gateway",
|
|
73
|
+
},
|
|
74
|
+
// Revoke
|
|
75
|
+
"revoke-old": {
|
|
76
|
+
scope: "revoke-old",
|
|
77
|
+
oneShot: false,
|
|
78
|
+
description: "Revoke superseded credential after rotation",
|
|
79
|
+
},
|
|
80
|
+
};
|
|
81
|
+
export function scopeFor(operation, mode) {
|
|
82
|
+
if (mode) {
|
|
83
|
+
const composite = `${operation}:${mode}`;
|
|
84
|
+
if (SCOPE_MAP[composite])
|
|
85
|
+
return SCOPE_MAP[composite];
|
|
86
|
+
}
|
|
87
|
+
if (SCOPE_MAP[operation])
|
|
88
|
+
return SCOPE_MAP[operation];
|
|
89
|
+
return {
|
|
90
|
+
scope: operation,
|
|
91
|
+
oneShot: false,
|
|
92
|
+
description: `Unmapped operation "${operation}" — using bare scope`,
|
|
93
|
+
};
|
|
94
|
+
}
|
|
95
|
+
/**
|
|
96
|
+
* Returns true when the (operation, mode) pair requires one-shot elevation.
|
|
97
|
+
* Convenience helper for callers that need to pick between requireElevation
|
|
98
|
+
* and consumeElevation at runtime.
|
|
99
|
+
*/
|
|
100
|
+
export function isOneShot(operation, mode) {
|
|
101
|
+
return scopeFor(operation, mode).oneShot;
|
|
102
|
+
}
|
|
103
|
+
/**
|
|
104
|
+
* Lists every mapping — used by `kit auth elevate --list-scopes` to
|
|
105
|
+
* surface what scopes are available + their one-shot status.
|
|
106
|
+
*/
|
|
107
|
+
export function listScopes() {
|
|
108
|
+
return Object.entries(SCOPE_MAP).map(([key, m]) => ({ key, ...m }));
|
|
109
|
+
}
|
|
110
|
+
//# sourceMappingURL=elevation-scopes.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"elevation-scopes.js","sourceRoot":"","sources":["../src/elevation-scopes.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAWH;;;GAGG;AACH,MAAM,SAAS,GAA0C;IACvD,iBAAiB;IACjB,wBAAwB,EAAE;QACxB,KAAK,EAAE,QAAQ;QACf,OAAO,EAAE,IAAI;QACb,WAAW,EAAE,4EAA4E;KAC1F;IACD,wBAAwB,EAAE;QACxB,KAAK,EAAE,QAAQ;QACf,OAAO,EAAE,KAAK;QACd,WAAW,EAAE,uEAAuE;KACrF;IACD,MAAM,EAAE;QACN,KAAK,EAAE,QAAQ;QACf,OAAO,EAAE,KAAK;QACd,WAAW,EAAE,6BAA6B;KAC3C;IAED,YAAY;IACZ,4BAA4B,EAAE;QAC5B,KAAK,EAAE,SAAS;QAChB,OAAO,EAAE,KAAK;QACd,WAAW,EAAE,mCAAmC;KACjD;IACD,wBAAwB,EAAE;QACxB,KAAK,EAAE,eAAe;QACtB,OAAO,EAAE,IAAI;QACb,WAAW,EAAE,oDAAoD;KAClE;IACD,OAAO,EAAE;QACP,KAAK,EAAE,SAAS;QAChB,OAAO,EAAE,KAAK;QACd,WAAW,EAAE,0BAA0B;KACxC;IAED,cAAc;IACd,SAAS,EAAE;QACT,KAAK,EAAE,WAAW;QAClB,OAAO,EAAE,KAAK;QACd,WAAW,EAAE,gEAAgE;KAC9E;IAED,iCAAiC;IACjC,eAAe,EAAE;QACf,KAAK,EAAE,eAAe;QACtB,OAAO,EAAE,IAAI;QACb,WAAW,EAAE,+DAA+D;KAC7E;IAED,kBAAkB;IAClB,iBAAiB,EAAE;QACjB,KAAK,EAAE,iBAAiB;QACxB,OAAO,EAAE,IAAI;QACb,WAAW,EAAE,qCAAqC;KACnD;IAED,SAAS;IACT,YAAY,EAAE;QACZ,KAAK,EAAE,YAAY;QACnB,OAAO,EAAE,KAAK;QACd,WAAW,EAAE,6CAA6C;KAC3D;CACF,CAAC;AAEF,MAAM,UAAU,QAAQ,CAAC,SAAiB,EAAE,IAAa;IACvD,IAAI,IAAI,EAAE,CAAC;QACT,MAAM,SAAS,GAAG,GAAG,SAAS,IAAI,IAAI,EAAE,CAAC;QACzC,IAAI,SAAS,CAAC,SAAS,CAAC;YAAE,OAAO,SAAS,CAAC,SAAS,CAAC,CAAC;IACxD,CAAC;IACD,IAAI,SAAS,CAAC,SAAS,CAAC;QAAE,OAAO,SAAS,CAAC,SAAS,CAAC,CAAC;IACtD,OAAO;QACL,KAAK,EAAE,SAAS;QAChB,OAAO,EAAE,KAAK;QACd,WAAW,EAAE,uBAAuB,SAAS,sBAAsB;KACpE,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,SAAS,CAAC,SAAiB,EAAE,IAAa;IACxD,OAAO,QAAQ,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC,OAAO,CAAC;AAC3C,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,UAAU;IACxB,OAAO,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;AACtE,CAAC"}
|
|
@@ -0,0 +1,102 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Elevation gate for destructive secret operations.
|
|
3
|
+
*
|
|
4
|
+
* User requirement: agents (or unauthorized humans) must not be able to
|
|
5
|
+
* rotate / migrate / propagate / register-fake a key without an explicit
|
|
6
|
+
* human-loop confirmation. This module provides:
|
|
7
|
+
*
|
|
8
|
+
* 1. A short-lived elevation marker (`.kit/elevation.json`) with TTL,
|
|
9
|
+
* created by `kit auth elevate`.
|
|
10
|
+
* 2. Optional TOTP (RFC 6238) verification when `KIT_TOTP_SECRET` is set.
|
|
11
|
+
* Without TOTP, falls back to a plain interactive "YES" prompt.
|
|
12
|
+
* 3. A `requireElevation()` check that destructive ops call before running.
|
|
13
|
+
* In non-interactive / agent contexts: fails closed unless
|
|
14
|
+
* `KIT_ELEVATED=1` is set (CI escape hatch — gets audit-logged loudly
|
|
15
|
+
* so a leaked CI env doesn't silently bypass).
|
|
16
|
+
*/
|
|
17
|
+
export declare function isOneShotScope(scope: string): boolean;
|
|
18
|
+
export interface ElevationState {
|
|
19
|
+
expiresAt: string;
|
|
20
|
+
scope: string;
|
|
21
|
+
granter: string;
|
|
22
|
+
method: "yes-prompt" | "totp" | "ci-env";
|
|
23
|
+
}
|
|
24
|
+
export declare function readElevation(cwd?: string): Promise<ElevationState | null>;
|
|
25
|
+
export declare function writeElevation(state: ElevationState, cwd?: string): Promise<void>;
|
|
26
|
+
export declare function clearElevation(cwd?: string): Promise<void>;
|
|
27
|
+
/**
|
|
28
|
+
* Returns true if an unexpired elevation marker exists that covers the
|
|
29
|
+
* requested operation scope.
|
|
30
|
+
*/
|
|
31
|
+
export declare function isElevated(operation: string, cwd?: string): Promise<boolean>;
|
|
32
|
+
export declare function elevationTtlMinutes(): number;
|
|
33
|
+
/**
|
|
34
|
+
* Mints a fresh elevation marker covering `scope` for the configured TTL.
|
|
35
|
+
* Caller is responsible for prompting / verifying the user before calling.
|
|
36
|
+
*/
|
|
37
|
+
export declare function grantElevation(scope: string, method: ElevationState["method"], cwd?: string, granter?: string): Promise<ElevationState>;
|
|
38
|
+
export declare function generateBase32Secret(byteLength?: number): string;
|
|
39
|
+
export interface OtpAuthUriInput {
|
|
40
|
+
/** Identifier shown in the authenticator app (typically user@host). */
|
|
41
|
+
accountName: string;
|
|
42
|
+
/** Top-level label of the entry — appears as section heading. */
|
|
43
|
+
issuer?: string;
|
|
44
|
+
/** Base32 secret. */
|
|
45
|
+
secret: string;
|
|
46
|
+
}
|
|
47
|
+
export declare function buildOtpAuthUri(input: OtpAuthUriInput): string;
|
|
48
|
+
export interface EnrolledSecret {
|
|
49
|
+
secret: string;
|
|
50
|
+
filePath: string;
|
|
51
|
+
uri: string;
|
|
52
|
+
currentCode: string;
|
|
53
|
+
}
|
|
54
|
+
export declare function enrollTotp(opts: {
|
|
55
|
+
accountName: string;
|
|
56
|
+
issuer?: string;
|
|
57
|
+
overwrite?: boolean;
|
|
58
|
+
}): Promise<EnrolledSecret>;
|
|
59
|
+
/**
|
|
60
|
+
* Resolves the TOTP secret in priority order:
|
|
61
|
+
* 1. `KIT_TOTP_SECRET` env var (overrides everything; useful for CI)
|
|
62
|
+
* 2. `~/.kit/totp-secret` file (created by `kit auth setup-totp`)
|
|
63
|
+
* 3. undefined — caller falls back to yes-prompt
|
|
64
|
+
*/
|
|
65
|
+
export declare function resolveTotpSecret(): Promise<string | undefined>;
|
|
66
|
+
export declare function generateTotp(secretBase32: string, step?: number): string;
|
|
67
|
+
/**
|
|
68
|
+
* Verifies a user-supplied TOTP. Accepts the current step ± 1 (handles minor
|
|
69
|
+
* clock skew, ±30s window). Uses timingSafeEqual for the digit comparison —
|
|
70
|
+
* both sides are fixed 6-ASCII-digit strings, so lengths always match.
|
|
71
|
+
*/
|
|
72
|
+
export declare function verifyTotp(code: string, secretBase32: string, windowSteps?: number): boolean;
|
|
73
|
+
/**
|
|
74
|
+
* Throws (or returns false in nice mode) when the active context isn't
|
|
75
|
+
* elevated for `operation`. Used by every destructive secrets-* command.
|
|
76
|
+
*
|
|
77
|
+
* Order of resolution:
|
|
78
|
+
* 1. `KIT_ELEVATED=1` env var (CI escape hatch).
|
|
79
|
+
* 2. A live elevation marker covering the operation.
|
|
80
|
+
* 3. Otherwise: not elevated.
|
|
81
|
+
*
|
|
82
|
+
* Every decision — granted or refused — emits an audit-log entry before
|
|
83
|
+
* returning. If the audit-log write itself fails, the call returns
|
|
84
|
+
* `{ ok: false }` even if the credential would otherwise be granted. The
|
|
85
|
+
* intent is: a code path that runs destructive ops must always leave a
|
|
86
|
+
* forensic trail; "audit-log down" is treated identically to "elevation
|
|
87
|
+
* refused" so the silent-bypass property is eliminated.
|
|
88
|
+
*/
|
|
89
|
+
export declare function requireElevation(operation: string, cwd?: string): Promise<{
|
|
90
|
+
ok: boolean;
|
|
91
|
+
reason: string;
|
|
92
|
+
}>;
|
|
93
|
+
export declare function consumeElevation(operation: string, cwd?: string): Promise<{
|
|
94
|
+
ok: boolean;
|
|
95
|
+
reason: string;
|
|
96
|
+
}>;
|
|
97
|
+
/**
|
|
98
|
+
* Test-only: reset the in-process consumed-scope set. Public so tests can
|
|
99
|
+
* exercise the one-shot semantics deterministically without spawning new
|
|
100
|
+
* processes.
|
|
101
|
+
*/
|
|
102
|
+
export declare function _resetConsumedElevationForTests(): void;
|