@cdm1/credential

v0.1.1

Published

11 days ago

Canonical credential field types, validators, and normalisers shared across cdecli, forms-stack, adminIde-stack and the connector runtime.

0High
0Medium
0Low

cdm1

@cdm1/credential

Canonical credential field types, validators, and normalisers shared across:

cdecli (Go) — via generated JSON schemas in ./schemas/
@cdm/connector-runtime — re-exports for backward compatibility
forms-stack credentials server — validation + vault routing
adminIde-stack integration-api-server — GraphQL resolver pass-through

Zero runtime dependencies. Pure types and pure functions.

What's inside

| Module | Exports | | ------------- | -------------------------------------------------------------------------------- | | types | CredentialField, CredentialMapping, AuthInput, Placement, ValidationResult | | normalize | toEnvKey, deriveSecretKey, normalizePlacement, normalizeField | | validate | validateCredentialFields, buildCredentialMappings |

Usage

import {
  validateCredentialFields,
  buildCredentialMappings,
  type CredentialField,
} from '@cdm1/credential';

const fields: CredentialField[] = [
  { name: 'e2b-api-key', isSecret: true, placement: 'header', placementKey: 'X-API-Key' },
  { name: 'baseUrl', isSecret: false, placement: 'none' },
];

const result = validateCredentialFields(fields, { 'e2b-api-key': 'tok' });
if (!result.ok) throw new Error(result.errors.map((e) => e.message).join('\n'));

const mappings = buildCredentialMappings(fields);
// → pass into AuthInput.credentialMappings on the wire

Field contract

Every entry must match these rules. Adding fields outside this list at any stage (cdecli set, server create, runtime apiCall) MUST be rejected.

interface CredentialField {
  name: string;                                 // wire identifier
  isSecret: boolean;                            // vault vs settings
  placement: 'header' | 'query' | 'body' | 'path' | 'none';
  placementKey?: string;                        // e.g. 'X-API-Key'
  secretKey?: string;                           // optional vault pin
  genericType?: string;                         // UI grouping
  required?: boolean;                           // defaults to isSecret
}

JSON Schemas (for Go / Python / Kotlin consumers)

yarn schemas:gen

Produces:

schemas/credential-field.schema.json
schemas/auth-input.schema.json

cdecli vendors these and validates input before sending GraphQL mutations.

Published

Vulnerabilities

Links

Maintainers

Keywords

Readme

@cdm1/credential

What's inside

Usage

Field contract

JSON Schemas (for Go / Python / Kotlin consumers)