secretless-ai 0.12.2 → 0.12.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +20 -1
- package/dist/backends/cache.d.ts +8 -0
- package/dist/backends/cache.d.ts.map +1 -1
- package/dist/backends/cache.js +69 -3
- package/dist/backends/cache.js.map +1 -1
- package/dist/backends/factory.d.ts +4 -0
- package/dist/backends/factory.d.ts.map +1 -1
- package/dist/backends/factory.js +21 -0
- package/dist/backends/factory.js.map +1 -1
- package/dist/backends/local.d.ts +9 -0
- package/dist/backends/local.d.ts.map +1 -1
- package/dist/backends/local.js +84 -5
- package/dist/backends/local.js.map +1 -1
- package/dist/broker/aim-client.d.ts.map +1 -1
- package/dist/broker/aim-client.js +12 -1
- package/dist/broker/aim-client.js.map +1 -1
- package/dist/broker/daemon.d.ts.map +1 -1
- package/dist/broker/daemon.js +13 -0
- package/dist/broker/daemon.js.map +1 -1
- package/dist/broker/events.d.ts +1 -0
- package/dist/broker/events.d.ts.map +1 -1
- package/dist/broker/events.js +11 -4
- package/dist/broker/events.js.map +1 -1
- package/dist/broker/policy.d.ts.map +1 -1
- package/dist/broker/policy.js +11 -10
- package/dist/broker/policy.js.map +1 -1
- package/dist/broker/server.d.ts +9 -1
- package/dist/broker/server.d.ts.map +1 -1
- package/dist/broker/server.js +44 -2
- package/dist/broker/server.js.map +1 -1
- package/dist/cli.js +50 -7
- package/dist/cli.js.map +1 -1
- package/dist/doctor.js +2 -3
- package/dist/doctor.js.map +1 -1
- package/dist/mcp/install-wrapper.d.ts.map +1 -1
- package/dist/mcp/install-wrapper.js +2 -1
- package/dist/mcp/install-wrapper.js.map +1 -1
- package/dist/mcp/rewrite.d.ts.map +1 -1
- package/dist/mcp/rewrite.js +42 -4
- package/dist/mcp/rewrite.js.map +1 -1
- package/dist/session/session-state.d.ts.map +1 -1
- package/dist/session/session-state.js +29 -2
- package/dist/session/session-state.js.map +1 -1
- package/dist/transcript.d.ts.map +1 -1
- package/dist/transcript.js +3 -0
- package/dist/transcript.js.map +1 -1
- package/dist/watch.d.ts.map +1 -1
- package/dist/watch.js +17 -4
- package/dist/watch.js.map +1 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -32,7 +32,7 @@ Detects which AI coding tools you use, installs the right protections for each,
|
|
|
32
32
|
|
|
33
33
|
```
|
|
34
34
|
┌──────────────────────────────────────────────────┐
|
|
35
|
-
│ Secretless v0.12.
|
|
35
|
+
│ Secretless v0.12.3 │
|
|
36
36
|
│ Keeping secrets out of AI │
|
|
37
37
|
│ │
|
|
38
38
|
│ Detected: │
|
|
@@ -677,6 +677,25 @@ jobs:
|
|
|
677
677
|
| `rules list` | Show active custom rules and deny rule count |
|
|
678
678
|
| `rules test "PATTERN" [--bash]` | Preview generated deny rules for a pattern |
|
|
679
679
|
|
|
680
|
+
## Security Architecture
|
|
681
|
+
|
|
682
|
+
| Layer | Algorithm | Purpose |
|
|
683
|
+
|-------|-----------|---------|
|
|
684
|
+
| Secret encryption | AES-256-GCM | Encrypt secrets at rest (local store, cache, MCP backups) |
|
|
685
|
+
| Key derivation | scrypt (N=16384, r=8, p=1) | Derive encryption keys from machine identity + random salt |
|
|
686
|
+
| Session integrity | HMAC-SHA256 | Tamper detection on session state files |
|
|
687
|
+
| Broker auth | crypto.randomBytes(32) | Bearer token for localhost credential broker |
|
|
688
|
+
| Cloud signing | HMAC-SHA256 (AWS SigV4), RS256 (GCP JWT) | Authenticate to cloud secret managers |
|
|
689
|
+
|
|
690
|
+
**Design principles:**
|
|
691
|
+
- All encryption uses symmetric cryptography only (no RSA/ECDSA in core)
|
|
692
|
+
- Encryption keys derived via scrypt with 16-byte random salts (not password-derived)
|
|
693
|
+
- Constant-time comparison (`timingSafeEqual`) for all token and HMAC verification
|
|
694
|
+
- Crypto agility: encryption isolated behind backend interfaces for algorithm portability
|
|
695
|
+
- Key material zeroed after use (`Buffer.fill(0)`)
|
|
696
|
+
- Restrictive file permissions (0o600 files, 0o700 directories)
|
|
697
|
+
- No external crypto dependencies -- Node.js built-in `crypto` module only
|
|
698
|
+
|
|
680
699
|
## Development
|
|
681
700
|
|
|
682
701
|
```bash
|
package/dist/backends/cache.d.ts
CHANGED
|
@@ -16,6 +16,7 @@ export declare class CachedBackend implements WritableSecretBackend {
|
|
|
16
16
|
readonly name: string;
|
|
17
17
|
private readonly inner;
|
|
18
18
|
private readonly cachePath;
|
|
19
|
+
private readonly cacheDir;
|
|
19
20
|
private readonly encryptionKey;
|
|
20
21
|
private readonly ttlMs;
|
|
21
22
|
/** In-memory mirror — avoids decrypting the file on every resolve(). */
|
|
@@ -24,6 +25,13 @@ export declare class CachedBackend implements WritableSecretBackend {
|
|
|
24
25
|
ttlMs?: number;
|
|
25
26
|
storeDir?: string;
|
|
26
27
|
});
|
|
28
|
+
/** Zero the encryption key buffer. Call when the backend is no longer needed. */
|
|
29
|
+
destroy(): void;
|
|
30
|
+
/**
|
|
31
|
+
* If cache file exists but cannot be decrypted with the new key,
|
|
32
|
+
* try the legacy SHA-256 key and re-encrypt if successful.
|
|
33
|
+
*/
|
|
34
|
+
private migrateCacheIfNeeded;
|
|
27
35
|
resolve(secretPath: string): Promise<Record<string, string>>;
|
|
28
36
|
store(key: string, value: string): Promise<void>;
|
|
29
37
|
delete(key: string): Promise<boolean>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cache.d.ts","sourceRoot":"","sources":["../../src/backends/cache.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAKH,OAAO,KAAK,EAAE,qBAAqB,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;
|
|
1
|
+
{"version":3,"file":"cache.d.ts","sourceRoot":"","sources":["../../src/backends/cache.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAKH,OAAO,KAAK,EAAE,qBAAqB,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAgCpE,qBAAa,aAAc,YAAW,qBAAqB;IACzD,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAwB;IAC9C,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAS;IACnC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAS;IAClC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAS;IACvC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAS;IAE/B,wEAAwE;IACxE,OAAO,CAAC,QAAQ,CAA2B;gBAGzC,KAAK,EAAE,qBAAqB,EAC5B,OAAO,CAAC,EAAE;QAAE,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,QAAQ,CAAC,EAAE,MAAM,CAAA;KAAE;IAqBjD,iFAAiF;IACjF,OAAO,IAAI,IAAI;IAIf;;;OAGG;IACH,OAAO,CAAC,oBAAoB;IA+BtB,OAAO,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAsD5D,KAAK,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAWhD,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAYrC,WAAW,IAAI,OAAO,CAAC,aAAa,CAAC;IAI3C,8BAA8B;IAC9B,UAAU,IAAI,IAAI;IAWlB,kEAAkE;IAClE,aAAa,IAAI;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE;IAgBrD,OAAO,CAAC,uBAAuB;IAU/B,OAAO,CAAC,SAAS;IA4BjB,OAAO,CAAC,SAAS;IAajB,OAAO,CAAC,OAAO;IAQf,OAAO,CAAC,OAAO;CAQhB;AAED;;;GAGG;AACH,wBAAgB,cAAc,CAAC,QAAQ,CAAC,EAAE,MAAM,GAAG,OAAO,CAczD"}
|
package/dist/backends/cache.js
CHANGED
|
@@ -52,6 +52,26 @@ const fs = __importStar(require("fs"));
|
|
|
52
52
|
const path = __importStar(require("path"));
|
|
53
53
|
const crypto = __importStar(require("crypto"));
|
|
54
54
|
const CACHE_FILENAME = '.secret-cache';
|
|
55
|
+
const SALT_FILE = '.salt';
|
|
56
|
+
/**
|
|
57
|
+
* Load or create a 16-byte random salt for key derivation.
|
|
58
|
+
* The salt is stored at `<dir>/.salt` with 0o600 permissions.
|
|
59
|
+
*/
|
|
60
|
+
function loadOrCreateCacheSalt(dir) {
|
|
61
|
+
const saltPath = path.join(dir, SALT_FILE);
|
|
62
|
+
try {
|
|
63
|
+
const existing = fs.readFileSync(saltPath);
|
|
64
|
+
if (existing.length === 16)
|
|
65
|
+
return existing;
|
|
66
|
+
}
|
|
67
|
+
catch {
|
|
68
|
+
// Salt file does not exist yet — will be created below
|
|
69
|
+
}
|
|
70
|
+
fs.mkdirSync(dir, { recursive: true, mode: 0o700 });
|
|
71
|
+
const salt = crypto.randomBytes(16);
|
|
72
|
+
fs.writeFileSync(saltPath, salt, { mode: 0o600 });
|
|
73
|
+
return salt;
|
|
74
|
+
}
|
|
55
75
|
class CachedBackend {
|
|
56
76
|
constructor(inner, options) {
|
|
57
77
|
/** In-memory mirror — avoids decrypting the file on every resolve(). */
|
|
@@ -60,12 +80,58 @@ class CachedBackend {
|
|
|
60
80
|
this.name = `cached(${inner.name})`;
|
|
61
81
|
this.ttlMs = options?.ttlMs ?? 5 * 60 * 1000; // default 5 minutes
|
|
62
82
|
const home = process.env.HOME ?? process.env.USERPROFILE ?? '/tmp';
|
|
63
|
-
const storeDir = options?.storeDir ?? path.join(home, '.secretless-ai', '
|
|
83
|
+
const storeDir = options?.storeDir ?? path.join(home, '.secretless-ai', 'cache');
|
|
64
84
|
fs.mkdirSync(storeDir, { recursive: true, mode: 0o700 });
|
|
85
|
+
this.cacheDir = storeDir;
|
|
65
86
|
this.cachePath = path.join(storeDir, CACHE_FILENAME);
|
|
66
|
-
//
|
|
87
|
+
// Derive key via scrypt with a persistent random salt
|
|
67
88
|
const keyMaterial = `${home}-secretless-cache-${process.env.USER ?? 'default'}`;
|
|
68
|
-
|
|
89
|
+
const salt = loadOrCreateCacheSalt(storeDir);
|
|
90
|
+
this.encryptionKey = crypto.scryptSync(keyMaterial, salt, 32, { N: 16384, r: 8, p: 1 });
|
|
91
|
+
// Migration: try to read existing cache with legacy SHA-256 key
|
|
92
|
+
this.migrateCacheIfNeeded(keyMaterial);
|
|
93
|
+
}
|
|
94
|
+
/** Zero the encryption key buffer. Call when the backend is no longer needed. */
|
|
95
|
+
destroy() {
|
|
96
|
+
this.encryptionKey.fill(0);
|
|
97
|
+
}
|
|
98
|
+
/**
|
|
99
|
+
* If cache file exists but cannot be decrypted with the new key,
|
|
100
|
+
* try the legacy SHA-256 key and re-encrypt if successful.
|
|
101
|
+
*/
|
|
102
|
+
migrateCacheIfNeeded(keyMaterial) {
|
|
103
|
+
if (!fs.existsSync(this.cachePath))
|
|
104
|
+
return;
|
|
105
|
+
try {
|
|
106
|
+
const data = fs.readFileSync(this.cachePath);
|
|
107
|
+
this.decrypt(data);
|
|
108
|
+
// New key works — no migration needed
|
|
109
|
+
}
|
|
110
|
+
catch {
|
|
111
|
+
try {
|
|
112
|
+
const data = fs.readFileSync(this.cachePath);
|
|
113
|
+
const legacyKey = crypto.createHash('sha256').update(keyMaterial).digest();
|
|
114
|
+
const iv = data.subarray(0, 16);
|
|
115
|
+
const tag = data.subarray(16, 32);
|
|
116
|
+
const ciphertext = data.subarray(32);
|
|
117
|
+
const decipher = crypto.createDecipheriv('aes-256-gcm', legacyKey, iv);
|
|
118
|
+
decipher.setAuthTag(tag);
|
|
119
|
+
const plaintext = decipher.update(ciphertext) + decipher.final('utf-8');
|
|
120
|
+
legacyKey.fill(0);
|
|
121
|
+
// Re-encrypt with new key
|
|
122
|
+
const encrypted = this.encrypt(plaintext);
|
|
123
|
+
const tmpPath = this.cachePath + '.tmp';
|
|
124
|
+
fs.writeFileSync(tmpPath, encrypted, { mode: 0o600 });
|
|
125
|
+
fs.renameSync(tmpPath, this.cachePath);
|
|
126
|
+
}
|
|
127
|
+
catch {
|
|
128
|
+
// Neither key works — discard corrupted cache
|
|
129
|
+
try {
|
|
130
|
+
fs.unlinkSync(this.cachePath);
|
|
131
|
+
}
|
|
132
|
+
catch { /* ignore */ }
|
|
133
|
+
}
|
|
134
|
+
}
|
|
69
135
|
}
|
|
70
136
|
async resolve(secretPath) {
|
|
71
137
|
if (this.ttlMs <= 0) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cache.js","sourceRoot":"","sources":["../../src/backends/cache.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;GAYG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
1
|
+
{"version":3,"file":"cache.js","sourceRoot":"","sources":["../../src/backends/cache.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;GAYG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAsSH,wCAcC;AAlTD,uCAAyB;AACzB,2CAA6B;AAC7B,+CAAiC;AAGjC,MAAM,cAAc,GAAG,eAAe,CAAC;AACvC,MAAM,SAAS,GAAG,OAAO,CAAC;AAW1B;;;GAGG;AACH,SAAS,qBAAqB,CAAC,GAAW;IACxC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;IAC3C,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;QAC3C,IAAI,QAAQ,CAAC,MAAM,KAAK,EAAE;YAAE,OAAO,QAAQ,CAAC;IAC9C,CAAC;IAAC,MAAM,CAAC;QACP,uDAAuD;IACzD,CAAC;IACD,EAAE,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACpD,MAAM,IAAI,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;IACpC,EAAE,CAAC,aAAa,CAAC,QAAQ,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAClD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAa,aAAa;IAWxB,YACE,KAA4B,EAC5B,OAA+C;QALjD,wEAAwE;QAChE,aAAQ,GAAsB,IAAI,CAAC;QAMzC,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACnB,IAAI,CAAC,IAAI,GAAG,UAAU,KAAK,CAAC,IAAI,GAAG,CAAC;QACpC,IAAI,CAAC,KAAK,GAAG,OAAO,EAAE,KAAK,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,oBAAoB;QAElE,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,MAAM,CAAC;QACnE,MAAM,QAAQ,GAAG,OAAO,EAAE,QAAQ,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,gBAAgB,EAAE,OAAO,CAAC,CAAC;QACjF,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QACzD,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;QAErD,sDAAsD;QACtD,MAAM,WAAW,GAAG,GAAG,IAAI,qBAAqB,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,SAAS,EAAE,CAAC;QAChF,MAAM,IAAI,GAAG,qBAAqB,CAAC,QAAQ,CAAC,CAAC;QAC7C,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,UAAU,CAAC,WAAW,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;QAExF,gEAAgE;QAChE,IAAI,CAAC,oBAAoB,CAAC,WAAW,CAAC,CAAC;IACzC,CAAC;IAED,iFAAiF;IACjF,OAAO;QACL,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC7B,CAAC;IAED;;;OAGG;IACK,oBAAoB,CAAC,WAAmB;QAC9C,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC;YAAE,OAAO;QAE3C,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAC7C,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YACnB,sCAAsC;QACxC,CAAC;QAAC,MAAM,CAAC;YACP,IAAI,CAAC;gBACH,MAAM,IAAI,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;gBAC7C,MAAM,SAAS,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,MAAM,EAAE,CAAC;gBAC3E,MAAM,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBAChC,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;gBAClC,MAAM,UAAU,GAAG,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;gBACrC,MAAM,QAAQ,GAAG,MAAM,CAAC,gBAAgB,CAAC,aAAa,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC;gBACvE,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;gBACzB,MAAM,SAAS,GAAG,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;gBACxE,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;gBAElB,0BAA0B;gBAC1B,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;gBAC1C,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,GAAG,MAAM,CAAC;gBACxC,EAAE,CAAC,aAAa,CAAC,OAAO,EAAE,SAAS,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;gBACtD,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;YACzC,CAAC;YAAC,MAAM,CAAC;gBACP,8CAA8C;gBAC9C,IAAI,CAAC;oBAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;gBAAC,CAAC;gBAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;YAC/D,CAAC;QACH,CAAC;IACH,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,UAAkB;QAC9B,IAAI,IAAI,CAAC,KAAK,IAAI,CAAC,EAAE,CAAC;YACpB,gCAAgC;YAChC,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QACxC,CAAC;QAED,MAAM,KAAK,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;QAC/B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAEvB,2DAA2D;QAC3D,iEAAiE;QACjE,MAAM,aAAa,GAA2B,EAAE,CAAC;QACjD,IAAI,SAAS,GAAG,KAAK,CAAC;QAEtB,yDAAyD;QACzD,0DAA0D;QAC1D,MAAM,cAAc,GAA2B,EAAE,CAAC;QAClD,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;YACzD,IAAI,GAAG,KAAK,UAAU,IAAI,GAAG,CAAC,UAAU,CAAC,UAAU,GAAG,GAAG,CAAC,EAAE,CAAC;gBAC3D,IAAI,GAAG,GAAG,KAAK,CAAC,QAAQ,GAAG,IAAI,CAAC,KAAK,EAAE,CAAC;oBACtC,cAAc,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC;gBACpC,CAAC;YACH,CAAC;QACH,CAAC;QAED,uEAAuE;QACvE,oEAAoE;QACpE,MAAM,YAAY,GAAG,eAAe,UAAU,EAAE,CAAC;QACjD,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAChD,IAAI,WAAW,IAAI,GAAG,GAAG,WAAW,CAAC,QAAQ,GAAG,IAAI,CAAC,KAAK,IAAI,cAAc,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;YACzF,SAAS,GAAG,IAAI,CAAC;YACjB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,cAAc,EAAE,CAAC;gBAC1C,aAAa,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC;YACnC,CAAC;QACH,CAAC;QAED,IAAI,SAAS,EAAE,CAAC;YACd,OAAO,aAAa,CAAC;QACvB,CAAC;QAED,wDAAwD;QACxD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QAErD,yBAAyB;QACzB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;YACnD,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,EAAE,CAAC;QAChD,CAAC;QACD,oCAAoC;QACpC,KAAK,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE,EAAE,QAAQ,EAAE,GAAG,EAAE,CAAC;QAE3D,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QACtB,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,GAAW,EAAE,KAAa;QACpC,MAAM,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QAEnC,8BAA8B;QAC9B,MAAM,KAAK,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;QAC/B,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;QACrD,gDAAgD;QAChD,IAAI,CAAC,uBAAuB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QACzC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;IACxB,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,GAAW;QACtB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAE5C,oBAAoB;QACpB,MAAM,KAAK,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;QAC/B,OAAO,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAC1B,IAAI,CAAC,uBAAuB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QACzC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QAEtB,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,KAAK,CAAC,WAAW;QACf,OAAO,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC;IAClC,CAAC;IAED,8BAA8B;IAC9B,UAAU;QACR,IAAI,CAAC,QAAQ,GAAG,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;QAChC,IAAI,CAAC;YACH,IAAI,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;gBAClC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAChC,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,8BAA8B;QAChC,CAAC;IACH,CAAC;IAED,kEAAkE;IAClE,aAAa;QACX,MAAM,KAAK,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;QAC/B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,IAAI,KAAK,GAAG,CAAC,CAAC;QACd,IAAI,OAAO,GAAG,CAAC,CAAC;QAChB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;YACzD,IAAI,GAAG,CAAC,UAAU,CAAC,cAAc,CAAC;gBAAE,SAAS;YAC7C,IAAI,GAAG,GAAG,KAAK,CAAC,QAAQ,GAAG,IAAI,CAAC,KAAK,EAAE,CAAC;gBACtC,KAAK,EAAE,CAAC;YACV,CAAC;iBAAM,CAAC;gBACN,OAAO,EAAE,CAAC;YACZ,CAAC;QACH,CAAC;QACD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;IACrC,CAAC;IAEO,uBAAuB,CAAC,KAAiB,EAAE,GAAW;QAC5D,oDAAoD;QACpD,qEAAqE;QACrE,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC7B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAC/C,OAAO,KAAK,CAAC,OAAO,CAAC,eAAe,MAAM,EAAE,CAAC,CAAC;QAChD,CAAC;IACH,CAAC;IAEO,SAAS;QACf,IAAI,IAAI,CAAC,QAAQ;YAAE,OAAO,IAAI,CAAC,QAAQ,CAAC;QAExC,IAAI,CAAC;YACH,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;gBACnC,IAAI,CAAC,QAAQ,GAAG,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;gBAChC,OAAO,IAAI,CAAC,QAAQ,CAAC;YACvB,CAAC;YAED,MAAM,SAAS,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAClD,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YAC1C,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAe,CAAC;YAEpD,gCAAgC;YAChC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YACvB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;gBACjE,IAAI,GAAG,GAAG,KAAK,CAAC,QAAQ,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;oBACvC,OAAO,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;gBACpC,CAAC;YACH,CAAC;YAED,OAAO,IAAI,CAAC,QAAQ,CAAC;QACvB,CAAC;QAAC,MAAM,CAAC;YACP,IAAI,CAAC,QAAQ,GAAG,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;YAChC,OAAO,IAAI,CAAC,QAAQ,CAAC;QACvB,CAAC;IACH,CAAC;IAEO,SAAS,CAAC,KAAiB;QACjC,IAAI,CAAC,QAAQ,GAAG,KAAK,CAAC;QACtB,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;YACxC,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YAC1C,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,GAAG,MAAM,CAAC;YACxC,EAAE,CAAC,aAAa,CAAC,OAAO,EAAE,SAAS,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;YACtD,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;QACzC,CAAC;QAAC,MAAM,CAAC;YACP,mCAAmC;QACrC,CAAC;IACH,CAAC;IAEO,OAAO,CAAC,SAAiB;QAC/B,MAAM,EAAE,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;QAClC,MAAM,MAAM,GAAG,MAAM,CAAC,cAAc,CAAC,aAAa,EAAE,IAAI,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;QAC5E,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QACrF,MAAM,GAAG,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QAChC,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,GAAG,EAAE,SAAS,CAAC,CAAC,CAAC;IAC7C,CAAC;IAEO,OAAO,CAAC,IAAY;QAC1B,MAAM,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAChC,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;QAClC,MAAM,UAAU,GAAG,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;QACrC,MAAM,QAAQ,GAAG,MAAM,CAAC,gBAAgB,CAAC,aAAa,EAAE,IAAI,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;QAChF,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;QACzB,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAC/D,CAAC;CACF;AA3PD,sCA2PC;AAED;;;GAGG;AACH,SAAgB,cAAc,CAAC,QAAiB;IAC9C,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,MAAM,CAAC;IACnE,MAAM,GAAG,GAAG,QAAQ,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,gBAAgB,EAAE,OAAO,CAAC,CAAC;IACnE,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,cAAc,CAAC,CAAC;IAEjD,IAAI,CAAC;QACH,IAAI,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YAC7B,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;YACzB,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC"}
|
|
@@ -10,6 +10,10 @@ import type { SelectableBackendType } from './config';
|
|
|
10
10
|
/**
|
|
11
11
|
* Create a WritableSecretBackend instance for the given type.
|
|
12
12
|
*
|
|
13
|
+
* When type is 'local', attempts to upgrade to 'keychain' if the OS keychain
|
|
14
|
+
* is available (macOS Keychain, Linux Secret Service, or Windows Credential
|
|
15
|
+
* Manager). Falls back to 'local' only when keychain initialization fails.
|
|
16
|
+
*
|
|
13
17
|
* @param type - 'local', 'keychain', '1password', 'vault', or 'gcp-sm'
|
|
14
18
|
* @param config - Backend-specific configuration (e.g. storeDir, key, vault)
|
|
15
19
|
* @param strict - If true, throw instead of falling back to local. Default: false.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"factory.d.ts","sourceRoot":"","sources":["../../src/backends/factory.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAUH,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,SAAS,CAAC;AACrD,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,UAAU,CAAC;AAEtD
|
|
1
|
+
{"version":3,"file":"factory.d.ts","sourceRoot":"","sources":["../../src/backends/factory.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAUH,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,SAAS,CAAC;AACrD,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,UAAU,CAAC;AAEtD;;;;;;;;;;GAUG;AACH,wBAAgB,aAAa,CAC3B,IAAI,EAAE,qBAAqB,EAC3B,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAChC,MAAM,CAAC,EAAE,OAAO,GACf,qBAAqB,CA2EvB;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,IAAI;IAAE,SAAS,EAAE,OAAO,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAgC/F;AAED;;;GAGG;AACH,wBAAgB,sBAAsB,IAAI;IAAE,SAAS,EAAE,OAAO,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAwBhF"}
|
package/dist/backends/factory.js
CHANGED
|
@@ -21,12 +21,33 @@ const config_1 = require("./config");
|
|
|
21
21
|
/**
|
|
22
22
|
* Create a WritableSecretBackend instance for the given type.
|
|
23
23
|
*
|
|
24
|
+
* When type is 'local', attempts to upgrade to 'keychain' if the OS keychain
|
|
25
|
+
* is available (macOS Keychain, Linux Secret Service, or Windows Credential
|
|
26
|
+
* Manager). Falls back to 'local' only when keychain initialization fails.
|
|
27
|
+
*
|
|
24
28
|
* @param type - 'local', 'keychain', '1password', 'vault', or 'gcp-sm'
|
|
25
29
|
* @param config - Backend-specific configuration (e.g. storeDir, key, vault)
|
|
26
30
|
* @param strict - If true, throw instead of falling back to local. Default: false.
|
|
27
31
|
*/
|
|
28
32
|
function createBackend(type, config, strict) {
|
|
29
33
|
let backend;
|
|
34
|
+
// When callers request 'local', prefer keychain if the platform supports it
|
|
35
|
+
if (type === 'local' && !config?.key) {
|
|
36
|
+
const keychainStatus = isKeychainAvailable();
|
|
37
|
+
if (keychainStatus.available) {
|
|
38
|
+
try {
|
|
39
|
+
backend = createKeychainBackend(config);
|
|
40
|
+
const ttlSeconds = (0, config_1.readCacheTtl)();
|
|
41
|
+
if (ttlSeconds > 0) {
|
|
42
|
+
return new cache_1.CachedBackend(backend, { ttlMs: ttlSeconds * 1000 });
|
|
43
|
+
}
|
|
44
|
+
return backend;
|
|
45
|
+
}
|
|
46
|
+
catch {
|
|
47
|
+
// Keychain initialization failed — fall through to local
|
|
48
|
+
}
|
|
49
|
+
}
|
|
50
|
+
}
|
|
30
51
|
switch (type) {
|
|
31
52
|
case 'keychain':
|
|
32
53
|
backend = createKeychainBackend(config);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"factory.js","sourceRoot":"","sources":["../../src/backends/factory.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;
|
|
1
|
+
{"version":3,"file":"factory.js","sourceRoot":"","sources":["../../src/backends/factory.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;AAwBH,sCA+EC;AAMD,kDAgCC;AAMD,wDAwBC;AAzKD,mCAAuC;AACvC,qDAAwD;AACxD,qDAAwD;AACxD,+CAAmD;AACnD,mCAAuC;AACvC,qCAAmE;AACnE,mCAAwC;AACxC,qCAAwC;AAIxC;;;;;;;;;;GAUG;AACH,SAAgB,aAAa,CAC3B,IAA2B,EAC3B,MAAgC,EAChC,MAAgB;IAEhB,IAAI,OAA8B,CAAC;IAEnC,4EAA4E;IAC5E,IAAI,IAAI,KAAK,OAAO,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC;QACrC,MAAM,cAAc,GAAG,mBAAmB,EAAE,CAAC;QAC7C,IAAI,cAAc,CAAC,SAAS,EAAE,CAAC;YAC7B,IAAI,CAAC;gBACH,OAAO,GAAG,qBAAqB,CAAC,MAAM,CAAC,CAAC;gBACxC,MAAM,UAAU,GAAG,IAAA,qBAAY,GAAE,CAAC;gBAClC,IAAI,UAAU,GAAG,CAAC,EAAE,CAAC;oBACnB,OAAO,IAAI,qBAAa,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,UAAU,GAAG,IAAI,EAAE,CAAC,CAAC;gBAClE,CAAC;gBACD,OAAO,OAAO,CAAC;YACjB,CAAC;YAAC,MAAM,CAAC;gBACP,yDAAyD;YAC3D,CAAC;QACH,CAAC;IACH,CAAC;IAED,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,UAAU;YACb,OAAO,GAAG,qBAAqB,CAAC,MAAM,CAAC,CAAC;YACxC,MAAM;QAER,KAAK,WAAW,CAAC,CAAC,CAAC;YACjB,MAAM,EAAE,GAAG,sBAAsB,EAAE,CAAC;YACpC,IAAI,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC;gBAClB,IAAI,MAAM;oBAAE,MAAM,IAAI,KAAK,CAAC,iCAAiC,EAAE,CAAC,OAAO,EAAE,CAAC,CAAC;gBAC3E,OAAO,CAAC,KAAK,CAAC,uEAAuE,CAAC,CAAC;gBACvF,OAAO,CAAC,KAAK,CAAC,mDAAmD,CAAC,CAAC;gBACnE,OAAO,CAAC,KAAK,CAAC,oDAAoD,CAAC,CAAC;gBACpE,OAAO,IAAI,oBAAY,CAAC,MAAM,CAAC,CAAC;YAClC,CAAC;YACD,OAAO,GAAG,IAAI,gCAAkB,CAAC,MAAM,CAAC,CAAC;YACzC,MAAM;QACR,CAAC;QAED,KAAK,OAAO,CAAC,CAAC,CAAC;YACb,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;gBACxD,IAAI,MAAM;oBAAE,MAAM,IAAI,KAAK,CAAC,kEAAkE,CAAC,CAAC;gBAChG,OAAO,CAAC,KAAK,CAAC,gEAAgE,CAAC,CAAC;gBAChF,OAAO,CAAC,KAAK,CAAC,iDAAiD,CAAC,CAAC;gBACjE,OAAO,CAAC,KAAK,CAAC,oDAAoD,CAAC,CAAC;gBACpE,OAAO,IAAI,oBAAY,CAAC,MAAM,CAAC,CAAC;YAClC,CAAC;YACD,OAAO,GAAG,IAAI,oBAAY,CAAC,MAAM,CAAC,CAAC;YACnC,MAAM;QACR,CAAC;QAED,KAAK,QAAQ,CAAC,CAAC,CAAC;YACd,MAAM,GAAG,GAAG,IAAA,uBAAc,GAAE,CAAC;YAC7B,IAAI,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC;gBACnB,IAAI,MAAM;oBAAE,MAAM,IAAI,KAAK,CAAC,0CAA0C,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;gBACrF,OAAO,CAAC,KAAK,CAAC,yEAAyE,CAAC,CAAC;gBACzF,OAAO,CAAC,KAAK,CAAC,aAAa,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;gBAC1C,OAAO,CAAC,KAAK,CAAC,oDAAoD,CAAC,CAAC;gBACpE,OAAO,IAAI,oBAAY,CAAC,MAAM,CAAC,CAAC;YAClC,CAAC;YACD,OAAO,GAAG,IAAI,gCAAuB,CAAC,MAAM,CAAC,CAAC;YAC9C,MAAM;QACR,CAAC;QAED,KAAK,OAAO,CAAC;QACb;YACE,4EAA4E;YAC5E,OAAO,IAAI,oBAAY,CAAC,MAAM,CAAC,CAAC;IACpC,CAAC;IAED,kFAAkF;IAClF,MAAM,UAAU,GAAG,IAAA,qBAAY,GAAE,CAAC;IAClC,IAAI,UAAU,GAAG,CAAC,EAAE,CAAC;QACnB,OAAO,IAAI,qBAAa,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,UAAU,GAAG,IAAI,EAAE,CAAC,CAAC;IAClE,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;GAGG;AACH,SAAgB,mBAAmB;IACjC,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IAElC,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC1B,IAAI,CAAC;YACH,MAAM,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC;YAClD,YAAY,CAAC,UAAU,EAAE,CAAC,kBAAkB,CAAC,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;YAClE,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,6BAA6B,EAAE,CAAC;QACxF,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,kCAAkC,EAAE,CAAC;QAC9F,CAAC;IACH,CAAC;IAED,IAAI,QAAQ,KAAK,OAAO,EAAE,CAAC;QACzB,IAAI,CAAC;YACH,MAAM,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC;YAClD,YAAY,CAAC,OAAO,EAAE,CAAC,aAAa,CAAC,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;YAC1D,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,iDAAiD,EAAE,CAAC;QAC5G,CAAC;QAAC,MAAM,CAAC;YACP,OAAO;gBACL,SAAS,EAAE,KAAK;gBAChB,QAAQ,EAAE,OAAO;gBACjB,OAAO,EAAE,4FAA4F;aACtG,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO;QACL,SAAS,EAAE,KAAK;QAChB,QAAQ,EAAE,QAAQ;QAClB,OAAO,EAAE,mCAAmC,QAAQ,kCAAkC;KACvF,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,SAAgB,sBAAsB;IACpC,IAAI,CAAC;QACH,MAAM,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC;QAClD,YAAY,CAAC,IAAI,EAAE,CAAC,WAAW,CAAC,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;IACvD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;YACL,SAAS,EAAE,KAAK;YAChB,OAAO,EAAE,qFAAqF;SAC/F,CAAC;IACJ,CAAC;IAED,IAAI,CAAC;QACH,MAAM,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC;QAClD,YAAY,CAAC,IAAI,EAAE,CAAC,SAAS,EAAE,KAAK,EAAE,UAAU,EAAE,MAAM,CAAC,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;QAC9E,OAAO;YACL,SAAS,EAAE,IAAI;YACf,OAAO,EAAE,2CAA2C;SACrD,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;YACL,SAAS,EAAE,KAAK;YAChB,OAAO,EAAE,6FAA6F;SACvG,CAAC;IACJ,CAAC;AACH,CAAC;AAED,SAAS,qBAAqB,CAAC,MAAgC;IAC7D,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IAElC,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC1B,OAAO,IAAI,qCAAoB,CAAC,MAAM,CAAC,CAAC;IAC1C,CAAC;IAED,IAAI,QAAQ,KAAK,OAAO,EAAE,CAAC;QACzB,OAAO,IAAI,qCAAoB,CAAC,MAAM,CAAC,CAAC;IAC1C,CAAC;IAED,2DAA2D;IAC3D,OAAO,CAAC,KAAK,CACX,4CAA4C,QAAQ,4CAA4C,CACjG,CAAC;IACF,OAAO,IAAI,oBAAY,CAAC,MAAM,CAAC,CAAC;AAClC,CAAC"}
|
package/dist/backends/local.d.ts
CHANGED
|
@@ -7,7 +7,16 @@ export declare class LocalBackend implements WritableSecretBackend {
|
|
|
7
7
|
readonly name = "local";
|
|
8
8
|
private readonly storeDir;
|
|
9
9
|
private readonly encryptionKey;
|
|
10
|
+
private readonly keyMaterial;
|
|
10
11
|
constructor(config?: Record<string, unknown>);
|
|
12
|
+
/** Zero the encryption key buffer. Call when the backend is no longer needed. */
|
|
13
|
+
destroy(): void;
|
|
14
|
+
/**
|
|
15
|
+
* Detect and migrate data encrypted with the legacy SHA-256 key.
|
|
16
|
+
* If the current (scrypt) key cannot decrypt the store but the legacy key can,
|
|
17
|
+
* re-encrypt with the new key and persist.
|
|
18
|
+
*/
|
|
19
|
+
private migrateIfNeeded;
|
|
11
20
|
resolve(secretPath: string): Promise<Record<string, string>>;
|
|
12
21
|
healthCheck(): Promise<BackendHealth>;
|
|
13
22
|
/** Store a secret locally */
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"local.d.ts","sourceRoot":"","sources":["../../src/backends/local.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,qBAAqB,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;
|
|
1
|
+
{"version":3,"file":"local.d.ts","sourceRoot":"","sources":["../../src/backends/local.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,qBAAqB,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AA+CpE;;;GAGG;AACH,qBAAa,YAAa,YAAW,qBAAqB;IACxD,QAAQ,CAAC,IAAI,WAAW;IACxB,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAS;IAClC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAS;IACvC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAS;gBAEzB,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;IAe5C,iFAAiF;IACjF,OAAO,IAAI,IAAI;IAIf;;;;OAIG;IACH,OAAO,CAAC,eAAe;IAgCjB,OAAO,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAsB5D,WAAW,IAAI,OAAO,CAAC,aAAa,CAAC;IAW3C,6BAA6B;IACvB,KAAK,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAoCtD,gFAAgF;IAC1E,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAmC3C,OAAO,CAAC,OAAO;IASf,OAAO,CAAC,OAAO;CAQhB"}
|
package/dist/backends/local.js
CHANGED
|
@@ -39,6 +39,41 @@ const path = __importStar(require("path"));
|
|
|
39
39
|
const crypto = __importStar(require("crypto"));
|
|
40
40
|
const STORE_FILE = 'secrets.enc';
|
|
41
41
|
const META_FILE = 'secrets.meta.json';
|
|
42
|
+
const SALT_FILE = '.salt';
|
|
43
|
+
/**
|
|
44
|
+
* Load or create a 16-byte random salt for key derivation.
|
|
45
|
+
* The salt is stored at `<dir>/.salt` with 0o600 permissions.
|
|
46
|
+
*/
|
|
47
|
+
function loadOrCreateSalt(dir) {
|
|
48
|
+
const saltPath = path.join(dir, SALT_FILE);
|
|
49
|
+
try {
|
|
50
|
+
const existing = fs.readFileSync(saltPath);
|
|
51
|
+
if (existing.length === 16)
|
|
52
|
+
return existing;
|
|
53
|
+
}
|
|
54
|
+
catch {
|
|
55
|
+
// Salt file does not exist yet — will be created below
|
|
56
|
+
}
|
|
57
|
+
fs.mkdirSync(dir, { recursive: true, mode: 0o700 });
|
|
58
|
+
const salt = crypto.randomBytes(16);
|
|
59
|
+
fs.writeFileSync(saltPath, salt, { mode: 0o600 });
|
|
60
|
+
return salt;
|
|
61
|
+
}
|
|
62
|
+
/**
|
|
63
|
+
* Derive an encryption key using scrypt with a persistent random salt.
|
|
64
|
+
* Falls back to SHA-256 (legacy) when no salt file exists and data was
|
|
65
|
+
* encrypted with the old scheme.
|
|
66
|
+
*/
|
|
67
|
+
function deriveKey(keyMaterial, salt) {
|
|
68
|
+
return crypto.scryptSync(keyMaterial, salt, 32, { N: 16384, r: 8, p: 1 });
|
|
69
|
+
}
|
|
70
|
+
/**
|
|
71
|
+
* Derive the legacy (pre-salt) encryption key via single SHA-256.
|
|
72
|
+
* Used only during migration from the old key derivation scheme.
|
|
73
|
+
*/
|
|
74
|
+
function deriveLegacyKey(keyMaterial) {
|
|
75
|
+
return crypto.createHash('sha256').update(keyMaterial).digest();
|
|
76
|
+
}
|
|
42
77
|
/**
|
|
43
78
|
* Local encrypted store backend — resolves secrets from a local AES-256-GCM encrypted file.
|
|
44
79
|
* Used for development/local setups. Zero network dependencies.
|
|
@@ -48,11 +83,55 @@ class LocalBackend {
|
|
|
48
83
|
this.name = 'local';
|
|
49
84
|
const home = process.env.HOME ?? process.env.USERPROFILE ?? '/tmp';
|
|
50
85
|
this.storeDir = config?.storeDir ?? path.join(home, '.secretless-ai', 'store');
|
|
51
|
-
//
|
|
52
|
-
//
|
|
53
|
-
|
|
54
|
-
const
|
|
55
|
-
this.encryptionKey =
|
|
86
|
+
// Key material is either caller-supplied or derived from machine-specific data.
|
|
87
|
+
// The actual encryption key is derived via scrypt with a persistent random salt.
|
|
88
|
+
this.keyMaterial = config?.key ?? `${home}-secretless-${process.env.USER ?? 'default'}`;
|
|
89
|
+
const salt = loadOrCreateSalt(this.storeDir);
|
|
90
|
+
this.encryptionKey = deriveKey(this.keyMaterial, salt);
|
|
91
|
+
// Migration: if secrets.enc exists but was encrypted with the legacy SHA-256 key,
|
|
92
|
+
// re-encrypt with the new scrypt-derived key.
|
|
93
|
+
this.migrateIfNeeded();
|
|
94
|
+
}
|
|
95
|
+
/** Zero the encryption key buffer. Call when the backend is no longer needed. */
|
|
96
|
+
destroy() {
|
|
97
|
+
this.encryptionKey.fill(0);
|
|
98
|
+
}
|
|
99
|
+
/**
|
|
100
|
+
* Detect and migrate data encrypted with the legacy SHA-256 key.
|
|
101
|
+
* If the current (scrypt) key cannot decrypt the store but the legacy key can,
|
|
102
|
+
* re-encrypt with the new key and persist.
|
|
103
|
+
*/
|
|
104
|
+
migrateIfNeeded() {
|
|
105
|
+
const storePath = path.join(this.storeDir, STORE_FILE);
|
|
106
|
+
if (!fs.existsSync(storePath))
|
|
107
|
+
return;
|
|
108
|
+
try {
|
|
109
|
+
// Try decrypting with the new key — if it works, no migration needed
|
|
110
|
+
const data = fs.readFileSync(storePath);
|
|
111
|
+
this.decrypt(data);
|
|
112
|
+
}
|
|
113
|
+
catch {
|
|
114
|
+
// New key failed — try legacy key
|
|
115
|
+
try {
|
|
116
|
+
const data = fs.readFileSync(storePath);
|
|
117
|
+
const legacyKey = deriveLegacyKey(this.keyMaterial);
|
|
118
|
+
const iv = data.subarray(0, 16);
|
|
119
|
+
const tag = data.subarray(16, 32);
|
|
120
|
+
const ciphertext = data.subarray(32);
|
|
121
|
+
const decipher = crypto.createDecipheriv('aes-256-gcm', legacyKey, iv);
|
|
122
|
+
decipher.setAuthTag(tag);
|
|
123
|
+
const plaintext = decipher.update(ciphertext) + decipher.final('utf-8');
|
|
124
|
+
legacyKey.fill(0);
|
|
125
|
+
// Legacy key worked — re-encrypt with new key
|
|
126
|
+
const encrypted = this.encrypt(plaintext);
|
|
127
|
+
const tmpPath = storePath + '.tmp';
|
|
128
|
+
fs.writeFileSync(tmpPath, encrypted, { mode: 0o600 });
|
|
129
|
+
fs.renameSync(tmpPath, storePath);
|
|
130
|
+
}
|
|
131
|
+
catch {
|
|
132
|
+
// Neither key works — store is corrupted, nothing to migrate
|
|
133
|
+
}
|
|
134
|
+
}
|
|
56
135
|
}
|
|
57
136
|
async resolve(secretPath) {
|
|
58
137
|
const storePath = path.join(this.storeDir, STORE_FILE);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"local.js","sourceRoot":"","sources":["../../src/backends/local.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AACzB,2CAA6B;AAC7B,+CAAiC;AAGjC,MAAM,UAAU,GAAG,aAAa,CAAC;AACjC,MAAM,SAAS,GAAG,mBAAmB,CAAC;AAOtC;;;GAGG;AACH,MAAa,YAAY;
|
|
1
|
+
{"version":3,"file":"local.js","sourceRoot":"","sources":["../../src/backends/local.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AACzB,2CAA6B;AAC7B,+CAAiC;AAGjC,MAAM,UAAU,GAAG,aAAa,CAAC;AACjC,MAAM,SAAS,GAAG,mBAAmB,CAAC;AAOtC,MAAM,SAAS,GAAG,OAAO,CAAC;AAE1B;;;GAGG;AACH,SAAS,gBAAgB,CAAC,GAAW;IACnC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;IAC3C,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;QAC3C,IAAI,QAAQ,CAAC,MAAM,KAAK,EAAE;YAAE,OAAO,QAAQ,CAAC;IAC9C,CAAC;IAAC,MAAM,CAAC;QACP,uDAAuD;IACzD,CAAC;IACD,EAAE,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACpD,MAAM,IAAI,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;IACpC,EAAE,CAAC,aAAa,CAAC,QAAQ,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAClD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;GAIG;AACH,SAAS,SAAS,CAAC,WAAmB,EAAE,IAAY;IAClD,OAAO,MAAM,CAAC,UAAU,CAAC,WAAW,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;AAC5E,CAAC;AAED;;;GAGG;AACH,SAAS,eAAe,CAAC,WAAmB;IAC1C,OAAO,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,MAAM,EAAE,CAAC;AAClE,CAAC;AAED;;;GAGG;AACH,MAAa,YAAY;IAMvB,YAAY,MAAgC;QALnC,SAAI,GAAG,OAAO,CAAC;QAMtB,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,MAAM,CAAC;QACnE,IAAI,CAAC,QAAQ,GAAI,MAAM,EAAE,QAAmB,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,gBAAgB,EAAE,OAAO,CAAC,CAAC;QAE3F,gFAAgF;QAChF,iFAAiF;QACjF,IAAI,CAAC,WAAW,GAAI,MAAM,EAAE,GAAc,IAAI,GAAG,IAAI,eAAe,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,SAAS,EAAE,CAAC;QACpG,MAAM,IAAI,GAAG,gBAAgB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC7C,IAAI,CAAC,aAAa,GAAG,SAAS,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;QAEvD,kFAAkF;QAClF,8CAA8C;QAC9C,IAAI,CAAC,eAAe,EAAE,CAAC;IACzB,CAAC;IAED,iFAAiF;IACjF,OAAO;QACL,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC7B,CAAC;IAED;;;;OAIG;IACK,eAAe;QACrB,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;QACvD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC;YAAE,OAAO;QAEtC,IAAI,CAAC;YACH,qEAAqE;YACrE,MAAM,IAAI,GAAG,EAAE,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC;YACxC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACrB,CAAC;QAAC,MAAM,CAAC;YACP,kCAAkC;YAClC,IAAI,CAAC;gBACH,MAAM,IAAI,GAAG,EAAE,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC;gBACxC,MAAM,SAAS,GAAG,eAAe,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;gBACpD,MAAM,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBAChC,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;gBAClC,MAAM,UAAU,GAAG,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;gBACrC,MAAM,QAAQ,GAAG,MAAM,CAAC,gBAAgB,CAAC,aAAa,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC;gBACvE,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;gBACzB,MAAM,SAAS,GAAG,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;gBACxE,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;gBAElB,8CAA8C;gBAC9C,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;gBAC1C,MAAM,OAAO,GAAG,SAAS,GAAG,MAAM,CAAC;gBACnC,EAAE,CAAC,aAAa,CAAC,OAAO,EAAE,SAAS,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;gBACtD,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;YACpC,CAAC;YAAC,MAAM,CAAC;gBACP,6DAA6D;YAC/D,CAAC;QACH,CAAC;IACH,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,UAAkB;QAC9B,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;QACvD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC;YAAE,OAAO,EAAE,CAAC;QAEzC,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,EAAE,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC;YAC7C,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YAC1C,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;YAEpC,yEAAyE;YACzE,MAAM,OAAO,GAA2B,EAAE,CAAC;YAC3C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;gBACjD,IAAI,CAAC,UAAU,IAAI,GAAG,KAAK,UAAU,IAAI,GAAG,CAAC,UAAU,CAAC,UAAU,GAAG,GAAG,CAAC,EAAE,CAAC;oBAC1E,OAAO,CAAC,GAAG,CAAC,GAAG,KAAe,CAAC;gBACjC,CAAC;YACH,CAAC;YACD,OAAO,OAAO,CAAC;QACjB,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;IAED,KAAK,CAAC,WAAW;QACf,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACzB,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;QACvD,MAAM,MAAM,GAAG,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;QACxC,OAAO;YACL,OAAO,EAAE,MAAM;YACf,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;YAC7B,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC,uBAAuB,CAAC,CAAC,CAAC,sBAAsB;SACnE,CAAC;IACJ,CAAC;IAED,6BAA6B;IAC7B,KAAK,CAAC,KAAK,CAAC,GAAW,EAAE,KAAa;QACpC,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QAE9D,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;QACvD,IAAI,KAAK,GAA2B,EAAE,CAAC;QAEvC,IAAI,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YAC7B,IAAI,CAAC;gBACH,MAAM,SAAS,GAAG,EAAE,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC;gBAC7C,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC;YAC9C,CAAC;YAAC,MAAM,CAAC;gBACP,gCAAgC;YAClC,CAAC;QACH,CAAC;QAED,KAAK,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;QACnB,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC;QACtD,MAAM,YAAY,GAAG,SAAS,GAAG,MAAM,CAAC;QACxC,EAAE,CAAC,aAAa,CAAC,YAAY,EAAE,SAAS,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QAC3D,EAAE,CAAC,UAAU,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;QAEvC,kBAAkB;QAClB,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;QACrD,IAAI,IAAI,GAAc,EAAE,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;QACpD,IAAI,CAAC;YACH,IAAI,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC5B,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;YACxD,CAAC;QACH,CAAC;QAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;QAExB,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC;QAC5D,MAAM,WAAW,GAAG,QAAQ,GAAG,MAAM,CAAC;QACtC,EAAE,CAAC,aAAa,CAAC,WAAW,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QAC9E,EAAE,CAAC,UAAU,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;IACvC,CAAC;IAED,gFAAgF;IAChF,KAAK,CAAC,MAAM,CAAC,GAAW;QACtB,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;QACvD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC;YAAE,OAAO,KAAK,CAAC;QAE5C,IAAI,KAAK,GAA2B,EAAE,CAAC;QACvC,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,EAAE,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC;YAC7C,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC;QAC9C,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,CAAC,CAAC,GAAG,IAAI,KAAK,CAAC;YAAE,OAAO,KAAK,CAAC;QAElC,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC;QAClB,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC;QACtD,MAAM,YAAY,GAAG,SAAS,GAAG,MAAM,CAAC;QACxC,EAAE,CAAC,aAAa,CAAC,YAAY,EAAE,SAAS,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QAC3D,EAAE,CAAC,UAAU,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;QAEvC,kBAAkB;QAClB,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;QACrD,IAAI,CAAC;YACH,IAAI,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC5B,MAAM,IAAI,GAAc,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;gBACvE,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;gBACzB,MAAM,WAAW,GAAG,QAAQ,GAAG,MAAM,CAAC;gBACtC,EAAE,CAAC,aAAa,CAAC,WAAW,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;gBAC9E,EAAE,CAAC,UAAU,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;YACvC,CAAC;QACH,CAAC;QAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;QAExB,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,OAAO,CAAC,SAAiB;QAC/B,MAAM,EAAE,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;QAClC,MAAM,MAAM,GAAG,MAAM,CAAC,cAAc,CAAC,aAAa,EAAE,IAAI,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;QAC5E,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QACrF,MAAM,GAAG,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QAChC,wCAAwC;QACxC,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,GAAG,EAAE,SAAS,CAAC,CAAC,CAAC;IAC7C,CAAC;IAEO,OAAO,CAAC,IAAY;QAC1B,MAAM,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAChC,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;QAClC,MAAM,UAAU,GAAG,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;QACrC,MAAM,QAAQ,GAAG,MAAM,CAAC,gBAAgB,CAAC,aAAa,EAAE,IAAI,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;QAChF,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;QACzB,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAC/D,CAAC;CACF;AA1LD,oCA0LC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"aim-client.d.ts","sourceRoot":"","sources":["../../src/broker/aim-client.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;
|
|
1
|
+
{"version":3,"file":"aim-client.d.ts","sourceRoot":"","sources":["../../src/broker/aim-client.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAiB7C,qBAAa,SAAS;IACpB,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;IACjC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAsC;IAC5D,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAS;gBAExB,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE;QAAE,UAAU,CAAC,EAAE,MAAM,CAAA;KAAE;IAM9D;;;;OAIG;IACG,gBAAgB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,GAAG,SAAS,CAAC;IAkC3E;;OAEG;IACG,WAAW,IAAI,OAAO,CAAC,OAAO,CAAC;IAUrC;;OAEG;IACH,UAAU,IAAI,IAAI;IAIlB;;OAEG;IACH,KAAK,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI;IAI5B,6DAA6D;IAC7D,IAAI,SAAS,IAAI,MAAM,CAEtB;IAED,yEAAyE;IACzE,OAAO,CAAC,OAAO;CAwChB"}
|
|
@@ -47,6 +47,8 @@ const https = __importStar(require("https"));
|
|
|
47
47
|
const DEFAULT_CACHE_TTL_MS = 60000;
|
|
48
48
|
/** Request timeout in milliseconds. */
|
|
49
49
|
const REQUEST_TIMEOUT_MS = 5000;
|
|
50
|
+
/** Maximum response body size (1 MB). */
|
|
51
|
+
const MAX_RESPONSE_SIZE = 1024 * 1024;
|
|
50
52
|
class AimClient {
|
|
51
53
|
constructor(baseUrl, options) {
|
|
52
54
|
this.cache = new Map();
|
|
@@ -130,7 +132,16 @@ class AimClient {
|
|
|
130
132
|
return;
|
|
131
133
|
}
|
|
132
134
|
const chunks = [];
|
|
133
|
-
|
|
135
|
+
let size = 0;
|
|
136
|
+
res.on('data', (chunk) => {
|
|
137
|
+
size += chunk.length;
|
|
138
|
+
if (size > MAX_RESPONSE_SIZE) {
|
|
139
|
+
res.destroy();
|
|
140
|
+
resolve(undefined);
|
|
141
|
+
return;
|
|
142
|
+
}
|
|
143
|
+
chunks.push(chunk);
|
|
144
|
+
});
|
|
134
145
|
res.on('end', () => {
|
|
135
146
|
try {
|
|
136
147
|
const body = Buffer.concat(chunks).toString('utf-8');
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"aim-client.js","sourceRoot":"","sources":["../../src/broker/aim-client.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,2CAA6B;AAC7B,6CAA+B;AAS/B,sDAAsD;AACtD,MAAM,oBAAoB,GAAG,KAAM,CAAC;AAEpC,uCAAuC;AACvC,MAAM,kBAAkB,GAAG,IAAK,CAAC;AAEjC,MAAa,SAAS;IAKpB,YAAY,OAAe,EAAE,OAAiC;QAH7C,UAAK,GAA4B,IAAI,GAAG,EAAE,CAAC;QAI1D,wBAAwB;QACxB,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QAC3C,IAAI,CAAC,UAAU,GAAG,OAAO,EAAE,UAAU,IAAI,oBAAoB,CAAC;IAChE,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,gBAAgB,CAAC,OAAe;QACpC,oBAAoB;QACpB,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACvC,IAAI,MAAM,IAAI,MAAM,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;YAC5C,OAAO,MAAM,CAAC,QAAQ,CAAC;QACzB,CAAC;QAED,sBAAsB;QACtB,IAAI,MAAM,EAAE,CAAC;YACX,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAC7B,CAAC;QAED,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,OAAO,kBAAkB,kBAAkB,CAAC,OAAO,CAAC,EAAE,CAAC;YAC3E,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YAEzC,IAAI,CAAC,QAAQ;gBAAE,OAAO,SAAS,CAAC;YAEhC,MAAM,QAAQ,GAAG,kBAAkB,CAAC,QAAQ,CAAC,CAAC;YAC9C,IAAI,CAAC,QAAQ;gBAAE,OAAO,SAAS,CAAC;YAEhC,mBAAmB;YACnB,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,EAAE;gBACtB,QAAQ;gBACR,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU;aACxC,CAAC,CAAC;YAEH,OAAO,QAAQ,CAAC;QAClB,CAAC;QAAC,MAAM,CAAC;YACP,oCAAoC;YACpC,OAAO,SAAS,CAAC;QACnB,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW;QACf,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,OAAO,SAAS,CAAC;YACrC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACzC,OAAO,QAAQ,KAAK,SAAS,CAAC;QAChC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED;;OAEG;IACH,UAAU;QACR,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;IACrB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAAe;QACnB,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC7B,CAAC;IAED,6DAA6D;IAC7D,IAAI,SAAS;QACX,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC;IACzB,CAAC;IAED,yEAAyE;IACjE,OAAO,CAAC,GAAW;QACzB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAC7B,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;YAC/B,MAAM,SAAS,GAAG,SAAS,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;YAEjE,MAAM,GAAG,GAAG,SAAS,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,OAAO,EAAE,kBAAkB,EAAE,EAAE,CAAC,GAAG,EAAE,EAAE;gBACtE,IAAI,CAAC,GAAG,CAAC,UAAU,IAAI,GAAG,CAAC,UAAU,GAAG,GAAG,IAAI,GAAG,CAAC,UAAU,IAAI,GAAG,EAAE,CAAC;oBACrE,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC,iBAAiB;oBAC/B,OAAO,CAAC,SAAS,CAAC,CAAC;oBACnB,OAAO;gBACT,CAAC;gBAED,MAAM,MAAM,GAAa,EAAE,CAAC;gBAC5B,GAAG,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"aim-client.js","sourceRoot":"","sources":["../../src/broker/aim-client.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,2CAA6B;AAC7B,6CAA+B;AAS/B,sDAAsD;AACtD,MAAM,oBAAoB,GAAG,KAAM,CAAC;AAEpC,uCAAuC;AACvC,MAAM,kBAAkB,GAAG,IAAK,CAAC;AAEjC,yCAAyC;AACzC,MAAM,iBAAiB,GAAG,IAAI,GAAG,IAAI,CAAC;AAEtC,MAAa,SAAS;IAKpB,YAAY,OAAe,EAAE,OAAiC;QAH7C,UAAK,GAA4B,IAAI,GAAG,EAAE,CAAC;QAI1D,wBAAwB;QACxB,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QAC3C,IAAI,CAAC,UAAU,GAAG,OAAO,EAAE,UAAU,IAAI,oBAAoB,CAAC;IAChE,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,gBAAgB,CAAC,OAAe;QACpC,oBAAoB;QACpB,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACvC,IAAI,MAAM,IAAI,MAAM,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;YAC5C,OAAO,MAAM,CAAC,QAAQ,CAAC;QACzB,CAAC;QAED,sBAAsB;QACtB,IAAI,MAAM,EAAE,CAAC;YACX,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAC7B,CAAC;QAED,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,OAAO,kBAAkB,kBAAkB,CAAC,OAAO,CAAC,EAAE,CAAC;YAC3E,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YAEzC,IAAI,CAAC,QAAQ;gBAAE,OAAO,SAAS,CAAC;YAEhC,MAAM,QAAQ,GAAG,kBAAkB,CAAC,QAAQ,CAAC,CAAC;YAC9C,IAAI,CAAC,QAAQ;gBAAE,OAAO,SAAS,CAAC;YAEhC,mBAAmB;YACnB,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,EAAE;gBACtB,QAAQ;gBACR,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU;aACxC,CAAC,CAAC;YAEH,OAAO,QAAQ,CAAC;QAClB,CAAC;QAAC,MAAM,CAAC;YACP,oCAAoC;YACpC,OAAO,SAAS,CAAC;QACnB,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW;QACf,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,OAAO,SAAS,CAAC;YACrC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACzC,OAAO,QAAQ,KAAK,SAAS,CAAC;QAChC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED;;OAEG;IACH,UAAU;QACR,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;IACrB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAAe;QACnB,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC7B,CAAC;IAED,6DAA6D;IAC7D,IAAI,SAAS;QACX,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC;IACzB,CAAC;IAED,yEAAyE;IACjE,OAAO,CAAC,GAAW;QACzB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAC7B,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;YAC/B,MAAM,SAAS,GAAG,SAAS,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;YAEjE,MAAM,GAAG,GAAG,SAAS,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,OAAO,EAAE,kBAAkB,EAAE,EAAE,CAAC,GAAG,EAAE,EAAE;gBACtE,IAAI,CAAC,GAAG,CAAC,UAAU,IAAI,GAAG,CAAC,UAAU,GAAG,GAAG,IAAI,GAAG,CAAC,UAAU,IAAI,GAAG,EAAE,CAAC;oBACrE,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC,iBAAiB;oBAC/B,OAAO,CAAC,SAAS,CAAC,CAAC;oBACnB,OAAO;gBACT,CAAC;gBAED,MAAM,MAAM,GAAa,EAAE,CAAC;gBAC5B,IAAI,IAAI,GAAG,CAAC,CAAC;gBACb,GAAG,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;oBAC/B,IAAI,IAAI,KAAK,CAAC,MAAM,CAAC;oBACrB,IAAI,IAAI,GAAG,iBAAiB,EAAE,CAAC;wBAC7B,GAAG,CAAC,OAAO,EAAE,CAAC;wBACd,OAAO,CAAC,SAAS,CAAC,CAAC;wBACnB,OAAO;oBACT,CAAC;oBACD,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBACrB,CAAC,CAAC,CAAC;gBACH,GAAG,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;oBACjB,IAAI,CAAC;wBACH,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;wBACrD,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;oBAC5B,CAAC;oBAAC,MAAM,CAAC;wBACP,OAAO,CAAC,SAAS,CAAC,CAAC;oBACrB,CAAC;gBACH,CAAC,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;YAEH,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC;YAC1C,GAAG,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE;gBACrB,GAAG,CAAC,OAAO,EAAE,CAAC;gBACd,OAAO,CAAC,SAAS,CAAC,CAAC;YACrB,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;CACF;AA3HD,8BA2HC;AAED,6DAA6D;AAC7D,SAAS,kBAAkB,CAAC,IAA6B;IACvD,MAAM,OAAO,GAAG,OAAO,IAAI,CAAC,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;IAC5E,IAAI,CAAC,OAAO;QAAE,OAAO,SAAS,CAAC;IAE/B,MAAM,UAAU,GAAG,OAAO,IAAI,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;IAC7E,MAAM,YAAY,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC;QACnD,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC;QACrE,CAAC,CAAC,EAAE,CAAC;IACP,MAAM,QAAQ,GAAG,OAAO,IAAI,CAAC,QAAQ,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC;IAE5E,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,QAAQ,EAAE,CAAC;AACzD,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"daemon.d.ts","sourceRoot":"","sources":["../../src/broker/daemon.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAKH,OAAO,KAAK,EAAgB,YAAY,EAAE,MAAM,SAAS,CAAC;AAC1D,OAAO,EAAE,YAAY,
|
|
1
|
+
{"version":3,"file":"daemon.d.ts","sourceRoot":"","sources":["../../src/broker/daemon.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAKH,OAAO,KAAK,EAAgB,YAAY,EAAE,MAAM,SAAS,CAAC;AAC1D,OAAO,EAAE,YAAY,EAAc,MAAM,UAAU,CAAC;AAGpD,QAAA,MAAM,gBAAgB,QAA0C,CAAC;AACjE,QAAA,MAAM,mBAAmB,QAA2C,CAAC;AACrE,QAAA,MAAM,iBAAiB,QAAQ,CAAC;AAChC,QAAA,MAAM,mBAAmB,QAAoD,CAAC;AAC9E,QAAA,MAAM,iBAAiB,QAAgD,CAAC;AAExE,MAAM,WAAW,aAAa;IAC5B,4BAA4B;IAC5B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,0BAA0B;IAC1B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,sBAAsB;IACtB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,wBAAwB;IACxB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,sBAAsB;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,qBAAqB;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED;;;GAGG;AACH,wBAAsB,WAAW,CAAC,OAAO,CAAC,EAAE,aAAa,GAAG,OAAO,CAAC,YAAY,CAAC,CAsEhF;AAED;;;GAGG;AACH,wBAAgB,UAAU,CAAC,OAAO,CAAC,EAAE,MAAM,GAAG,OAAO,CAkBpD;AAWD;;;GAGG;AACH,wBAAgB,eAAe,CAAC,OAAO,CAAC,EAAE,MAAM,GAAG,YAAY,GAAG,IAAI,CA+BrE;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,OAAO,CAAC,EAAE,MAAM,GAAG,OAAO,CAWzD;AAoCD,OAAO,EACL,gBAAgB,EAChB,mBAAmB,EACnB,iBAAiB,EACjB,mBAAmB,EACnB,iBAAiB,GAClB,CAAC"}
|
package/dist/broker/daemon.js
CHANGED
|
@@ -121,6 +121,8 @@ async function startDaemon(options) {
|
|
|
121
121
|
cleanupPidFile(pidFile);
|
|
122
122
|
throw err;
|
|
123
123
|
}
|
|
124
|
+
// Print token file path so callers know where to read the auth token
|
|
125
|
+
console.log(`Broker auth token: ${server_1.TOKEN_FILE}`);
|
|
124
126
|
return server;
|
|
125
127
|
}
|
|
126
128
|
/**
|
|
@@ -136,14 +138,25 @@ function stopDaemon(pidFile) {
|
|
|
136
138
|
process.kill(pidInfo.pid, 'SIGTERM');
|
|
137
139
|
// Wait briefly for cleanup, then remove PID file
|
|
138
140
|
cleanupPidFile(file);
|
|
141
|
+
cleanupTokenFile();
|
|
139
142
|
return true;
|
|
140
143
|
}
|
|
141
144
|
catch {
|
|
142
145
|
// Process already dead — clean up
|
|
143
146
|
cleanupPidFile(file);
|
|
147
|
+
cleanupTokenFile();
|
|
144
148
|
return false;
|
|
145
149
|
}
|
|
146
150
|
}
|
|
151
|
+
/** Remove token file (best-effort). */
|
|
152
|
+
function cleanupTokenFile() {
|
|
153
|
+
try {
|
|
154
|
+
fs.unlinkSync(server_1.TOKEN_FILE);
|
|
155
|
+
}
|
|
156
|
+
catch {
|
|
157
|
+
// Ignore — file may already be gone (server.stop() may have removed it)
|
|
158
|
+
}
|
|
159
|
+
}
|
|
147
160
|
/**
|
|
148
161
|
* Get the status of the broker daemon.
|
|
149
162
|
* Returns null if the daemon is not running.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"daemon.js","sourceRoot":"","sources":["../../src/broker/daemon.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAkCH,
|
|
1
|
+
{"version":3,"file":"daemon.js","sourceRoot":"","sources":["../../src/broker/daemon.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAkCH,kCAsEC;AAMD,gCAkBC;AAeD,0CA+BC;AAKD,0CAWC;AA5LD,uCAAyB;AACzB,2CAA6B;AAC7B,uCAAyB;AAEzB,qCAAoD;AAEpD,MAAM,cAAc,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,gBAAgB,CAAC,CAAC;AACjE,MAAM,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,YAAY,CAAC,CAAC;AA0N/D,4CAAgB;AAzNlB,MAAM,mBAAmB,GAAG,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,aAAa,CAAC,CAAC;AA0NnE,kDAAmB;AAzNrB,MAAM,iBAAiB,GAAG,KAAK,CAAC;AA0N9B,8CAAiB;AAzNnB,MAAM,mBAAmB,GAAG,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,sBAAsB,CAAC,CAAC;AA0N5E,kDAAmB;AAzNrB,MAAM,iBAAiB,GAAG,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC;AA0NtE,8CAAiB;AAzMnB;;;GAGG;AACI,KAAK,UAAU,WAAW,CAAC,OAAuB;IACvD,MAAM,OAAO,GAAG,OAAO,EAAE,OAAO,IAAI,gBAAgB,CAAC;IAErD,EAAE,CAAC,SAAS,CAAC,cAAc,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAE/D,4BAA4B;IAC5B,IAAI,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC;QAC7B,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;IACtD,CAAC;IAED,0BAA0B;IAC1B,IAAI,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QAC3B,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IACzB,CAAC;IAED,MAAM,MAAM,GAAiB;QAC3B,UAAU,EAAE,OAAO,EAAE,UAAU,IAAI,mBAAmB;QACtD,QAAQ,EAAE,OAAO,EAAE,QAAQ,IAAI,iBAAiB;QAChD,MAAM,EAAE,OAAO,EAAE,MAAM;QACvB,UAAU,EAAE,OAAO,EAAE,UAAU,IAAI,mBAAmB;QACtD,QAAQ,EAAE,OAAO,EAAE,QAAQ,IAAI,iBAAiB;KACjD,CAAC;IAEF,MAAM,MAAM,GAAG,IAAI,qBAAY,CAAC,MAAM,CAAC,CAAC;IAExC,gEAAgE;IAChE,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC;QAC7B,GAAG,EAAE,OAAO,CAAC,GAAG;QAChB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,UAAU,EAAE,MAAM,CAAC,UAAU;QAC7B,QAAQ,EAAE,MAAM,CAAC,QAAQ;KAC1B,CAAC,CAAC;IAEH,IAAI,CAAC;QACH,MAAM,EAAE,GAAG,EAAE,CAAC,QAAQ,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;QACtC,EAAE,CAAC,SAAS,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;QAC1B,EAAE,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;IACnB,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,MAAM,KAAK,GAAG,GAA4B,CAAC;QAC3C,IAAI,KAAK,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC5B,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;QACxE,CAAC;QACD,MAAM,GAAG,CAAC;IACZ,CAAC;IAED,0BAA0B;IAC1B,MAAM,QAAQ,GAAG,KAAK,IAAI,EAAE;QAC1B,IAAI,CAAC;YACH,MAAM,MAAM,CAAC,IAAI,EAAE,CAAC;QACtB,CAAC;QAAC,MAAM,CAAC;YACP,sBAAsB;QACxB,CAAC;QACD,cAAc,CAAC,OAAO,CAAC,CAAC;QACxB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC;IAEF,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;IAChC,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAE/B,IAAI,CAAC;QACH,MAAM,MAAM,CAAC,KAAK,EAAE,CAAC;IACvB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,cAAc,CAAC,OAAO,CAAC,CAAC;QACxB,MAAM,GAAG,CAAC;IACZ,CAAC;IAED,qEAAqE;IACrE,OAAO,CAAC,GAAG,CAAC,sBAAsB,mBAAU,EAAE,CAAC,CAAC;IAEhD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;GAGG;AACH,SAAgB,UAAU,CAAC,OAAgB;IACzC,MAAM,IAAI,GAAG,OAAO,IAAI,gBAAgB,CAAC;IACzC,MAAM,OAAO,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;IAElC,IAAI,CAAC,OAAO;QAAE,OAAO,KAAK,CAAC;IAE3B,IAAI,CAAC;QACH,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;QACrC,iDAAiD;QACjD,cAAc,CAAC,IAAI,CAAC,CAAC;QACrB,gBAAgB,EAAE,CAAC;QACnB,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,kCAAkC;QAClC,cAAc,CAAC,IAAI,CAAC,CAAC;QACrB,gBAAgB,EAAE,CAAC;QACnB,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,uCAAuC;AACvC,SAAS,gBAAgB;IACvB,IAAI,CAAC;QACH,EAAE,CAAC,UAAU,CAAC,mBAAU,CAAC,CAAC;IAC5B,CAAC;IAAC,MAAM,CAAC;QACP,wEAAwE;IAC1E,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,SAAgB,eAAe,CAAC,OAAgB;IAC9C,MAAM,IAAI,GAAG,OAAO,IAAI,gBAAgB,CAAC;IACzC,MAAM,OAAO,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;IAElC,IAAI,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC;IAE1B,yCAAyC;IACzC,IAAI,CAAC;QACH,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;IAC/B,CAAC;IAAC,MAAM,CAAC;QACP,4CAA4C;QAC5C,cAAc,CAAC,IAAI,CAAC,CAAC;QACrB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,EAAE,CAAC;IAC1C,MAAM,aAAa,GAAG,SAAS;QAC7B,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,IAAI,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,CAAC,GAAG,IAAI,CAAC;QACjE,CAAC,CAAC,CAAC,CAAC;IAEN,OAAO;QACL,OAAO,EAAE,IAAI;QACb,aAAa;QACb,YAAY,EAAE,CAAC,EAAE,4CAA4C;QAC7D,YAAY,EAAE,KAAK;QACnB,WAAW,EAAE,CAAC;QACd,GAAG,EAAE,OAAO,CAAC,GAAG;QAChB,SAAS;QACT,UAAU,EAAE,OAAO,CAAC,UAAU,IAAI,mBAAmB;QACrD,QAAQ,EAAE,OAAO,CAAC,QAAQ,IAAI,iBAAiB;KAChD,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAgB,eAAe,CAAC,OAAgB;IAC9C,MAAM,IAAI,GAAG,OAAO,IAAI,gBAAgB,CAAC;IACzC,MAAM,OAAO,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;IAClC,IAAI,CAAC,OAAO;QAAE,OAAO,KAAK,CAAC;IAE3B,IAAI,CAAC;QACH,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;QAC7B,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,mCAAmC;AACnC,SAAS,WAAW,CAClB,QAAgB;IAEhB,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC;QAAE,OAAO,IAAI,CAAC;IAE1C,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;QACtD,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAC7B,IAAI,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,OAAO,IAAI,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;gBACrE,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,0BAA0B;YAC1B,MAAM,GAAG,GAAG,QAAQ,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;YAC9B,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,GAAG,GAAG,CAAC;gBAAE,OAAO,EAAE,GAAG,EAAE,CAAC;QAC7C,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,sBAAsB;IACxB,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,qCAAqC;AACrC,SAAS,cAAc,CAAC,QAAgB;IACtC,IAAI,CAAC;QACH,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;IAC1B,CAAC;IAAC,MAAM,CAAC;QACP,oCAAoC;IACtC,CAAC;AACH,CAAC"}
|
package/dist/broker/events.d.ts
CHANGED
|
@@ -49,6 +49,7 @@ export interface CredentialEvent {
|
|
|
49
49
|
export declare class CredentialEventEmitter {
|
|
50
50
|
private readonly auditLogger;
|
|
51
51
|
private readonly aimAuditUrl;
|
|
52
|
+
private readonly aimAuthHeader;
|
|
52
53
|
constructor(auditLogger: AuditLogger, aimAuditUrl?: string);
|
|
53
54
|
/** Emit a credential requested event. */
|
|
54
55
|
emitRequested(agentId: string, secretRef: string, capability?: string): void;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"events.d.ts","sourceRoot":"","sources":["../../src/broker/events.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAIH,OAAO,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAEtC,0DAA0D;AAC1D,MAAM,MAAM,mBAAmB,GAC3B,sBAAsB,GACtB,oBAAoB,GACpB,mBAAmB,GACnB,oBAAoB,GACpB,oBAAoB,GACpB,oBAAoB,GACpB,0BAA0B,CAAC;AAE/B,6BAA6B;AAC7B,MAAM,MAAM,UAAU,GAAG,MAAM,GAAG,SAAS,GAAG,UAAU,CAAC;AAEzD,uDAAuD;AACvD,MAAM,WAAW,eAAe;IAC9B,kBAAkB;IAClB,IAAI,EAAE,mBAAmB,CAAC;IAC1B,0BAA0B;IAC1B,SAAS,EAAE,MAAM,CAAC;IAClB,sCAAsC;IACtC,OAAO,EAAE,MAAM,CAAC;IAChB,8DAA8D;IAC9D,SAAS,EAAE,MAAM,CAAC;IAClB,6DAA6D;IAC7D,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,8CAA8C;IAC9C,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,oEAAoE;IACpE,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,kDAAkD;IAClD,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB,yCAAyC;IACzC,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,kDAAkD;IAClD,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,qDAAqD;IACrD,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,+CAA+C;IAC/C,OAAO,EAAE,CAAC,CAAC;CACZ;AAED;;;GAGG;AACH,qBAAa,sBAAsB;IACjC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAc;IAC1C,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAgB;
|
|
1
|
+
{"version":3,"file":"events.d.ts","sourceRoot":"","sources":["../../src/broker/events.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAIH,OAAO,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAEtC,0DAA0D;AAC1D,MAAM,MAAM,mBAAmB,GAC3B,sBAAsB,GACtB,oBAAoB,GACpB,mBAAmB,GACnB,oBAAoB,GACpB,oBAAoB,GACpB,oBAAoB,GACpB,0BAA0B,CAAC;AAE/B,6BAA6B;AAC7B,MAAM,MAAM,UAAU,GAAG,MAAM,GAAG,SAAS,GAAG,UAAU,CAAC;AAEzD,uDAAuD;AACvD,MAAM,WAAW,eAAe;IAC9B,kBAAkB;IAClB,IAAI,EAAE,mBAAmB,CAAC;IAC1B,0BAA0B;IAC1B,SAAS,EAAE,MAAM,CAAC;IAClB,sCAAsC;IACtC,OAAO,EAAE,MAAM,CAAC;IAChB,8DAA8D;IAC9D,SAAS,EAAE,MAAM,CAAC;IAClB,6DAA6D;IAC7D,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,8CAA8C;IAC9C,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,oEAAoE;IACpE,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,kDAAkD;IAClD,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB,yCAAyC;IACzC,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,kDAAkD;IAClD,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,qDAAqD;IACrD,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,+CAA+C;IAC/C,OAAO,EAAE,CAAC,CAAC;CACZ;AAED;;;GAGG;AACH,qBAAa,sBAAsB;IACjC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAc;IAC1C,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAgB;IAC5C,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAgB;gBAElC,WAAW,EAAE,WAAW,EAAE,WAAW,CAAC,EAAE,MAAM;IAQ1D,yCAAyC;IACzC,aAAa,CACX,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,EACjB,UAAU,CAAC,EAAE,MAAM,GAClB,IAAI;IAYP,uCAAuC;IACvC,WAAW,CACT,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE;QACP,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB,GACA,IAAI;IAeP,sCAAsC;IACtC,UAAU,CACR,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,OAAO,CAAC,EAAE;QACR,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,UAAU,CAAC,EAAE,UAAU,CAAC;KACzB,GACA,IAAI;IAcP,uCAAuC;IACvC,WAAW,CACT,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,OAAO,GACf,IAAI;IAYP,uCAAuC;IACvC,WAAW,CACT,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,GACb,IAAI;IAYP,6CAA6C;IAC7C,gBAAgB,CACd,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,EACjB,WAAW,EAAE,MAAM,GAClB,IAAI;IAYP,uCAAuC;IACvC,WAAW,CACT,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,MAAM,GACd,IAAI;IAYP;;OAEG;IACH,OAAO,CAAC,IAAI;IAsBZ;;;OAGG;IACH,OAAO,CAAC,YAAY;CAyCrB"}
|
package/dist/broker/events.js
CHANGED
|
@@ -56,6 +56,9 @@ class CredentialEventEmitter {
|
|
|
56
56
|
constructor(auditLogger, aimAuditUrl) {
|
|
57
57
|
this.auditLogger = auditLogger;
|
|
58
58
|
this.aimAuditUrl = aimAuditUrl ?? null;
|
|
59
|
+
// Read AIM API key from environment for authenticated event forwarding
|
|
60
|
+
const aimApiKey = process.env.AIM_API_KEY;
|
|
61
|
+
this.aimAuthHeader = aimApiKey ? `Bearer ${aimApiKey}` : null;
|
|
59
62
|
}
|
|
60
63
|
/** Emit a credential requested event. */
|
|
61
64
|
emitRequested(agentId, secretRef, capability) {
|
|
@@ -175,15 +178,19 @@ class CredentialEventEmitter {
|
|
|
175
178
|
const url = new URL(this.aimAuditUrl);
|
|
176
179
|
const transport = url.protocol === 'https:' ? https : http;
|
|
177
180
|
const body = JSON.stringify(event);
|
|
181
|
+
const headers = {
|
|
182
|
+
'Content-Type': 'application/json',
|
|
183
|
+
'Content-Length': Buffer.byteLength(body),
|
|
184
|
+
};
|
|
185
|
+
if (this.aimAuthHeader) {
|
|
186
|
+
headers['Authorization'] = this.aimAuthHeader;
|
|
187
|
+
}
|
|
178
188
|
const req = transport.request({
|
|
179
189
|
hostname: url.hostname,
|
|
180
190
|
port: url.port,
|
|
181
191
|
path: url.pathname,
|
|
182
192
|
method: 'POST',
|
|
183
|
-
headers
|
|
184
|
-
'Content-Type': 'application/json',
|
|
185
|
-
'Content-Length': Buffer.byteLength(body),
|
|
186
|
-
},
|
|
193
|
+
headers,
|
|
187
194
|
timeout: 3000, // 3s timeout — don't block on AIM
|
|
188
195
|
}, (res) => {
|
|
189
196
|
res.resume(); // Drain response
|