docs: list all 13 instance methods in README API TOC; publish with --provenance#117
Open
kurok wants to merge 3 commits into
Open
docs: list all 13 instance methods in README API TOC; publish with --provenance#117kurok wants to merge 3 commits into
kurok wants to merge 3 commits into
Conversation
…provenance The README API TOC listed only 5 of the 13 documented instance methods (fillNodeConfig, read, list, write, close), hiding the whole KV v2 and metadata surface. Add delete, update, request, deleteVersions, undeleteVersions, destroyVersions, readMetadata and deleteMetadata to the TOC and give each a full API entry (anchor, description, kind and a normalized parameter table) in the existing jsdoc2md style. Also in the README: - state the per-method return contract up front: read/list resolve to a Lease, every other data-plane method resolves to the raw parsed Vault response body - add the missing <a name="VaultClient+fillNodeConfig"></a> anchor the TOC already pointed at - add api.kv.autoDetect and api.engines rows to the constructor options table, cross-linked to the KV v2 section - fix the options.logger row (stray table cell, wrong default) and the missing type on write()'s path parameter - move the namespace option in the AWS IAM example to its canonical api.namespace location (auth.config.namespace stays a legacy fallback) publish.yml: CONTRIBUTING.md documents the release as running 'npm publish --provenance --access public' and the publish job already requests id-token: write for OIDC, but the actual command never passed --provenance, so no provenance attestation was generated. Add the flag so the workflow matches the documented supply-chain claim. Fixes #109 Signed-off-by: Yuriy R <22548029+kurok@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes #109 — two documentation/artifact drifts from the 2026-07-02 repository audit.
delete,update,request,deleteVersions,undeleteVersions,destroyVersions,readMetadataanddeleteMetadataeach got a full API entry (anchor, description, kind, normalized parameter table) in the existing jsdoc2md style, and the per-method return contract is now stated up front:read()/list()resolve to aLease, every other data-plane method resolves to the raw parsed Vault response body.CONTRIBUTING.mddocuments the release asnpm publish --provenance --access publicandpublish.ymlalready requestsid-token: writefor OIDC — but the actual publish command never passed--provenance, so no provenance attestation was generated. The workflow now passes--provenance, matching the documented claim.Note for maintainers (from the issue checklist): please confirm npm trusted publishing / granular token setup for
node-vault-clienton npmjs.com before the next release — with--provenancethe publish now fails loudly if OIDC is unavailable, and the provenance badge on the next published version verifies the end-to-end claim.Changes
README.mddelete,update,request,deleteVersions,undeleteVersions,destroyVersions,readMetadata,deleteMetadataLeasevs raw parsed body) after the TOC<a name="VaultClient+fillNodeConfig"></a>anchor the TOC already linked toapi.kv.autoDetect/api.enginesrows (cross-linked to the KV v2 section); fixed theoptions.loggerrow (stray extra cell, wrong default) and the missingstringtype onwrite()'spathparamnamespaceto its canonicalapi.namespacelocation (auth.config.namespaceremains documented as the legacy fallback).github/workflows/publish.yml:npm publish --access public→npm publish --provenance --access public(the job already haspermissions: id-token: write)Type of change
Checklist
npm run lint && npm testpasses locally (lint clean;test:unit255 passing)# UnreleasedinCHANGELOG.md— n/a, no package behavior changeSigned-off-by:trailer (git commit -s)Verification
<a name>anchors and GitHub heading slugs — all resolvepublish.ymlvalidated withpython3 -c "import yaml; yaml.safe_load(...)"