@agent-deck/backend 1.1.0

package/dist/vault/credential-manager.d.ts

@@ -0,0 +1,45 @@
+import { AddCredentialToDeckInput, CreateCredentialInput, Credential, RemoveCredentialFromDeckInput, RotateCredentialInput, UpdateCredentialInput } from '@agent-deck/shared';
+import { DatabaseManager } from '../models/database';
+import { CredentialYamlSync } from './yaml-sync';
+import { SecretStore } from './secret-store';
+export declare class CredentialManager {
+    private db;
+    private secretStore;
+    private yamlSync;
+    constructor(db: DatabaseManager, secretStore: SecretStore, yamlSync?: CredentialYamlSync);
+    create(input: CreateCredentialInput): Promise<Credential>;
+    private syncIconFromDocsUrl;
+    applySecretStatus(credentials: Credential[]): Promise<Credential[]>;
+    list(): Promise<Credential[]>;
+    listForDeck(deckId: string): Promise<Credential[]>;
+    listForActiveDeck(): Promise<Credential[]>;
+    isCredentialOnDeck(deckId: string, credentialId: string): Promise<boolean>;
+    assertCredentialsOnDeck(deckId: string, credentialIds: string[]): Promise<void>;
+    getIfOnActiveDeck(id: string): Promise<Credential | null>;
+    get(id: string): Promise<Credential | null>;
+    update(id: string, input: UpdateCredentialInput): Promise<Credential | null>;
+    rotate(id: string, input: RotateCredentialInput): Promise<Credential | null>;
+    delete(id: string): Promise<boolean>;
+    resolveEnvMap(credentialIds: string[]): Promise<Record<string, string>>;
+    addToDeck(input: AddCredentialToDeckInput): Promise<void>;
+    removeFromDeck(input: RemoveCredentialFromDeckInput): Promise<void>;
+    recordExecRun(input: {
+        deckId?: string;
+        manifestPath?: string;
+        command: string;
+        credentialIds: string[];
+        exitCode?: number;
+        startedAt: string;
+        finishedAt?: string;
+    }): Promise<{
+        id: string;
+        command: string;
+        credentialIds: string[];
+        startedAt: string;
+        deckId?: string | undefined;
+        manifestPath?: string | undefined;
+        exitCode?: number | undefined;
+        finishedAt?: string | undefined;
+    }>;
+}
+//# sourceMappingURL=credential-manager.d.ts.map

package/dist/vault/credential-manager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"credential-manager.d.ts","sourceRoot":"","sources":["../../src/vault/credential-manager.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,wBAAwB,EACxB,qBAAqB,EACrB,UAAU,EACV,6BAA6B,EAC7B,qBAAqB,EACrB,qBAAqB,EACtB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAMrD,OAAO,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AACjD,OAAO,EAAE,WAAW,EAAyB,MAAM,gBAAgB,CAAC;AAEpE,qBAAa,iBAAiB;IAE1B,OAAO,CAAC,EAAE;IACV,OAAO,CAAC,WAAW;IACnB,OAAO,CAAC,QAAQ;gBAFR,EAAE,EAAE,eAAe,EACnB,WAAW,EAAE,WAAW,EACxB,QAAQ,GAAE,kBAA6C;IAG3D,MAAM,CAAC,KAAK,EAAE,qBAAqB,GAAG,OAAO,CAAC,UAAU,CAAC;YAwBjD,mBAAmB;IAsB3B,iBAAiB,CAAC,WAAW,EAAE,UAAU,EAAE,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC;IASnE,IAAI,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;IAa7B,WAAW,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC;IAKlD,iBAAiB,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;IAQ1C,kBAAkB,CAAC,MAAM,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAK1E,uBAAuB,CAAC,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC;IAW/E,iBAAiB,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;IAczD,GAAG,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;IAY3C,MAAM,CAAC,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,qBAAqB,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;IAmB5E,MAAM,CAAC,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,qBAAqB,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;IAyB5E,MAAM,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IA+BpC,aAAa,CAAC,aAAa,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAoBvE,SAAS,CAAC,KAAK,EAAE,wBAAwB,GAAG,OAAO,CAAC,IAAI,CAAC;IASzD,cAAc,CAAC,KAAK,EAAE,6BAA6B,GAAG,OAAO,CAAC,IAAI,CAAC;IAInE,aAAa,CAAC,KAAK,EAAE;QACzB,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,OAAO,EAAE,MAAM,CAAC;QAChB,aAAa,EAAE,MAAM,EAAE,CAAC;QACxB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,SAAS,EAAE,MAAM,CAAC;QAClB,UAAU,CAAC,EAAE,MAAM,CAAC;KACrB;;;;;;;;;;CAGF"}

package/dist/vault/credential-manager.js

@@ -0,0 +1,237 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CredentialManager = void 0;
+const icon_resolver_1 = require("../services/icon-resolver");
+const yaml_sync_1 = require("./yaml-sync");
+const secret_store_1 = require("./secret-store");
+class CredentialManager {
+    db;
+    secretStore;
+    yamlSync;
+    constructor(db, secretStore, yamlSync = new yaml_sync_1.CredentialYamlSync()) {
+        this.db = db;
+        this.secretStore = secretStore;
+        this.yamlSync = yamlSync;
+    }
+    async create(input) {
+        const keychainAccount = input.keychainAccount ?? input.id;
+        await this.secretStore.set(keychainAccount, input.value);
+        let credential = await this.db.createCredential({
+            id: input.id,
+            label: input.label,
+            scheme: input.scheme,
+            headerName: input.headerName,
+            envName: input.envName,
+            keychainAccount,
+            tags: input.tags ?? [],
+            docsUrl: input.docsUrl,
+            hasSecret: true,
+        });
+        if (input.docsUrl) {
+            credential = await this.syncIconFromDocsUrl({ ...credential, hasSecret: true });
+        }
+        await this.yamlSync.write(credential);
+        return { ...credential, hasSecret: true };
+    }
+    async syncIconFromDocsUrl(credential) {
+        if (!credential.docsUrl) {
+            await (0, icon_resolver_1.removeCachedIcon)(credential.id);
+            if (!credential.iconUrl) {
+                return credential;
+            }
+            const cleared = await this.db.updateCredential(credential.id, { iconUrl: undefined });
+            return cleared ? { ...cleared, hasSecret: credential.hasSecret } : credential;
+        }
+        const result = await (0, icon_resolver_1.cacheIconForCredential)(credential.id, credential.docsUrl);
+        if (!result.iconPath) {
+            return credential;
+        }
+        const withIcon = await this.db.updateCredential(credential.id, {
+            iconUrl: (0, icon_resolver_1.credentialIconApiPath)(credential.id),
+        });
+        return withIcon ? { ...withIcon, hasSecret: credential.hasSecret } : credential;
+    }
+    async applySecretStatus(credentials) {
+        return Promise.all(credentials.map(async (credential) => ({
+            ...credential,
+            hasSecret: await this.secretStore.has(credential.keychainAccount),
+        })));
+    }
+    async list() {
+        const credentials = await this.db.getAllCredentials();
+        const withSecrets = await this.applySecretStatus(credentials);
+        return Promise.all(withSecrets.map(async (credential) => {
+            if (credential.docsUrl && !credential.iconUrl) {
+                return this.syncIconFromDocsUrl(credential);
+            }
+            return credential;
+        }));
+    }
+    async listForDeck(deckId) {
+        const credentials = await this.db.getDeckCredentialsForDeck(deckId);
+        return this.applySecretStatus(credentials);
+    }
+    async listForActiveDeck() {
+        const activeDeck = await this.db.getActiveDeck();
+        if (!activeDeck) {
+            return [];
+        }
+        return this.listForDeck(activeDeck.id);
+    }
+    async isCredentialOnDeck(deckId, credentialId) {
+        const credentials = await this.db.getDeckCredentialsForDeck(deckId);
+        return credentials.some((credential) => credential.id === credentialId);
+    }
+    async assertCredentialsOnDeck(deckId, credentialIds) {
+        const credentials = await this.db.getDeckCredentialsForDeck(deckId);
+        const allowed = new Set(credentials.map((credential) => credential.id));
+        for (const credentialId of credentialIds) {
+            if (!allowed.has(credentialId)) {
+                throw new Error(`Credential ${credentialId} is not on deck ${deckId}`);
+            }
+        }
+    }
+    async getIfOnActiveDeck(id) {
+        const activeDeck = await this.db.getActiveDeck();
+        if (!activeDeck) {
+            return null;
+        }
+        const onDeck = await this.isCredentialOnDeck(activeDeck.id, id);
+        if (!onDeck) {
+            return null;
+        }
+        return this.get(id);
+    }
+    async get(id) {
+        const credential = await this.db.getCredential(id);
+        if (!credential) {
+            return null;
+        }
+        return {
+            ...credential,
+            hasSecret: await this.secretStore.has(credential.keychainAccount),
+        };
+    }
+    async update(id, input) {
+        const updated = await this.db.updateCredential(id, input);
+        if (!updated) {
+            return null;
+        }
+        let credential = {
+            ...updated,
+            hasSecret: await this.secretStore.has(updated.keychainAccount),
+        };
+        if (input.docsUrl !== undefined) {
+            credential = await this.syncIconFromDocsUrl(credential);
+        }
+        await this.yamlSync.write(credential);
+        return credential;
+    }
+    async rotate(id, input) {
+        const existing = await this.db.getCredential(id);
+        if (!existing) {
+            return null;
+        }
+        await this.secretStore.set(existing.keychainAccount, input.value);
+        const hasSecret = await this.secretStore.has(existing.keychainAccount);
+        if (!hasSecret) {
+            throw new Error(`Failed to store secret in vault for account "${existing.keychainAccount}"`);
+        }
+        const credential = {
+            ...existing,
+            updatedAt: new Date().toISOString(),
+            hasSecret,
+        };
+        await this.db.touchCredential(id);
+        await this.yamlSync.write(credential);
+        return credential;
+    }
+    async delete(id) {
+        const existing = await this.db.getCredential(id);
+        if (!existing) {
+            return false;
+        }
+        const dependents = await this.db.getPlaybooksDependingOnCredential(id);
+        if (dependents.length > 0) {
+            const { PlaybookDependencyError } = await Promise.resolve().then(() => __importStar(require('../playbooks/playbook-manager')));
+            throw new PlaybookDependencyError(`Cannot delete API key "${existing.label}": referenced by playbook(s): ${dependents.map((p) => p.title).join(', ')}`, dependents.map(({ id: playbookId, title }) => ({ id: playbookId, title })));
+        }
+        try {
+            await this.secretStore.delete(existing.keychainAccount);
+        }
+        catch (error) {
+            if (!(error instanceof secret_store_1.VaultUnsupportedError)) {
+                throw error;
+            }
+        }
+        const deleted = await this.db.deleteCredential(id);
+        if (deleted) {
+            await this.yamlSync.remove(id);
+            await (0, icon_resolver_1.removeCachedIcon)(id);
+        }
+        return deleted;
+    }
+    async resolveEnvMap(credentialIds) {
+        const env = {};
+        for (const credentialId of credentialIds) {
+            const credential = await this.db.getCredential(credentialId);
+            if (!credential) {
+                throw new Error(`Credential not found: ${credentialId}`);
+            }
+            const secret = await this.secretStore.get(credential.keychainAccount);
+            if (!secret) {
+                throw new Error(`Secret not found in vault for credential: ${credentialId}`);
+            }
+            env[credential.envName] = secret;
+        }
+        return env;
+    }
+    async addToDeck(input) {
+        const credential = await this.db.getCredential(input.credentialId);
+        if (!credential) {
+            throw new Error(`Credential not found: ${input.credentialId}`);
+        }
+        await this.db.addCredentialToDeck(input);
+    }
+    async removeFromDeck(input) {
+        await this.db.removeCredentialFromDeck(input);
+    }
+    async recordExecRun(input) {
+        return this.db.createExecRun(input);
+    }
+}
+exports.CredentialManager = CredentialManager;
+//# sourceMappingURL=credential-manager.js.map

package/dist/vault/credential-manager.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"credential-manager.js","sourceRoot":"","sources":["../../src/vault/credential-manager.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AASA,6DAImC;AACnC,2CAAiD;AACjD,iDAAoE;AAEpE,MAAa,iBAAiB;IAElB;IACA;IACA;IAHV,YACU,EAAmB,EACnB,WAAwB,EACxB,WAA+B,IAAI,8BAAkB,EAAE;QAFvD,OAAE,GAAF,EAAE,CAAiB;QACnB,gBAAW,GAAX,WAAW,CAAa;QACxB,aAAQ,GAAR,QAAQ,CAA+C;IAC9D,CAAC;IAEJ,KAAK,CAAC,MAAM,CAAC,KAA4B;QACvC,MAAM,eAAe,GAAG,KAAK,CAAC,eAAe,IAAI,KAAK,CAAC,EAAE,CAAC;QAC1D,MAAM,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,eAAe,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;QAEzD,IAAI,UAAU,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAAC;YAC9C,EAAE,EAAE,KAAK,CAAC,EAAE;YACZ,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,MAAM,EAAE,KAAK,CAAC,MAAM;YACpB,UAAU,EAAE,KAAK,CAAC,UAAU;YAC5B,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,eAAe;YACf,IAAI,EAAE,KAAK,CAAC,IAAI,IAAI,EAAE;YACtB,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,SAAS,EAAE,IAAI;SAChB,CAAC,CAAC;QAEH,IAAI,KAAK,CAAC,OAAO,EAAE,CAAC;YAClB,UAAU,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,EAAE,GAAG,UAAU,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAClF,CAAC;QAED,MAAM,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;QACtC,OAAO,EAAE,GAAG,UAAU,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;IAC5C,CAAC;IAEO,KAAK,CAAC,mBAAmB,CAAC,UAAsB;QACtD,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;YACxB,MAAM,IAAA,gCAAgB,EAAC,UAAU,CAAC,EAAE,CAAC,CAAC;YACtC,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;gBACxB,OAAO,UAAU,CAAC;YACpB,CAAC;YAED,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAAC,UAAU,CAAC,EAAE,EAAE,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC,CAAC;YACtF,OAAO,OAAO,CAAC,CAAC,CAAC,EAAE,GAAG,OAAO,EAAE,SAAS,EAAE,UAAU,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC;QAChF,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAA,sCAAsB,EAAC,UAAU,CAAC,EAAE,EAAE,UAAU,CAAC,OAAO,CAAC,CAAC;QAC/E,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;YACrB,OAAO,UAAU,CAAC;QACpB,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAAC,UAAU,CAAC,EAAE,EAAE;YAC7D,OAAO,EAAE,IAAA,qCAAqB,EAAC,UAAU,CAAC,EAAE,CAAC;SAC9C,CAAC,CAAC;QACH,OAAO,QAAQ,CAAC,CAAC,CAAC,EAAE,GAAG,QAAQ,EAAE,SAAS,EAAE,UAAU,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC;IAClF,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,WAAyB;QAC/C,OAAO,OAAO,CAAC,GAAG,CAChB,WAAW,CAAC,GAAG,CAAC,KAAK,EAAE,UAAU,EAAE,EAAE,CAAC,CAAC;YACrC,GAAG,UAAU;YACb,SAAS,EAAE,MAAM,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,eAAe,CAAC;SAClE,CAAC,CAAC,CACJ,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,IAAI;QACR,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,iBAAiB,EAAE,CAAC;QACtD,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,WAAW,CAAC,CAAC;QAC9D,OAAO,OAAO,CAAC,GAAG,CAChB,WAAW,CAAC,GAAG,CAAC,KAAK,EAAE,UAAU,EAAE,EAAE;YACnC,IAAI,UAAU,CAAC,OAAO,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;gBAC9C,OAAO,IAAI,CAAC,mBAAmB,CAAC,UAAU,CAAC,CAAC;YAC9C,CAAC;YACD,OAAO,UAAU,CAAC;QACpB,CAAC,CAAC,CACH,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,MAAc;QAC9B,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,yBAAyB,CAAC,MAAM,CAAC,CAAC;QACpE,OAAO,IAAI,CAAC,iBAAiB,CAAC,WAAW,CAAC,CAAC;IAC7C,CAAC;IAED,KAAK,CAAC,iBAAiB;QACrB,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,aAAa,EAAE,CAAC;QACjD,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,OAAO,EAAE,CAAC;QACZ,CAAC;QACD,OAAO,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;IACzC,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,MAAc,EAAE,YAAoB;QAC3D,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,yBAAyB,CAAC,MAAM,CAAC,CAAC;QACpE,OAAO,WAAW,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,EAAE,CAAC,UAAU,CAAC,EAAE,KAAK,YAAY,CAAC,CAAC;IAC1E,CAAC;IAED,KAAK,CAAC,uBAAuB,CAAC,MAAc,EAAE,aAAuB;QACnE,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,yBAAyB,CAAC,MAAM,CAAC,CAAC;QACpE,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,UAAU,EAAE,EAAE,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC;QAExE,KAAK,MAAM,YAAY,IAAI,aAAa,EAAE,CAAC;YACzC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE,CAAC;gBAC/B,MAAM,IAAI,KAAK,CAAC,cAAc,YAAY,mBAAmB,MAAM,EAAE,CAAC,CAAC;YACzE,CAAC;QACH,CAAC;IACH,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,EAAU;QAChC,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,aAAa,EAAE,CAAC;QACjD,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,UAAU,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;QAChE,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IACtB,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,EAAU;QAClB,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,EAAE,CAAC,CAAC;QACnD,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO;YACL,GAAG,UAAU;YACb,SAAS,EAAE,MAAM,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,eAAe,CAAC;SAClE,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,EAAU,EAAE,KAA4B;QACnD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC;QAC1D,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,UAAU,GAAG;YACf,GAAG,OAAO;YACV,SAAS,EAAE,MAAM,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC;SAC/D,CAAC;QAEF,IAAI,KAAK,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;YAChC,UAAU,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,UAAU,CAAC,CAAC;QAC1D,CAAC;QAED,MAAM,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;QACtC,OAAO,UAAU,CAAC;IACpB,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,EAAU,EAAE,KAA4B;QACnD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,EAAE,CAAC,CAAC;QACjD,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,QAAQ,CAAC,eAAe,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;QAClE,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC;QACvE,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CACb,gDAAgD,QAAQ,CAAC,eAAe,GAAG,CAC5E,CAAC;QACJ,CAAC;QAED,MAAM,UAAU,GAAG;YACjB,GAAG,QAAQ;YACX,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,SAAS;SACV,CAAC;QAEF,MAAM,IAAI,CAAC,EAAE,CAAC,eAAe,CAAC,EAAE,CAAC,CAAC;QAClC,MAAM,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;QACtC,OAAO,UAAU,CAAC;IACpB,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,EAAU;QACrB,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,EAAE,CAAC,CAAC;QACjD,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,iCAAiC,CAAC,EAAE,CAAC,CAAC;QACvE,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC1B,MAAM,EAAE,uBAAuB,EAAE,GAAG,wDAAa,+BAA+B,GAAC,CAAC;YAClF,MAAM,IAAI,uBAAuB,CAC/B,0BAA0B,QAAQ,CAAC,KAAK,iCAAiC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,EACpH,UAAU,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,UAAU,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,EAAE,UAAU,EAAE,KAAK,EAAE,CAAC,CAAC,CAC3E,CAAC;QACJ,CAAC;QAED,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC;QAC1D,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,CAAC,KAAK,YAAY,oCAAqB,CAAC,EAAE,CAAC;gBAC9C,MAAM,KAAK,CAAC;YACd,CAAC;QACH,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAAC,EAAE,CAAC,CAAC;QACnD,IAAI,OAAO,EAAE,CAAC;YACZ,MAAM,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YAC/B,MAAM,IAAA,gCAAgB,EAAC,EAAE,CAAC,CAAC;QAC7B,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,aAAuB;QACzC,MAAM,GAAG,GAA2B,EAAE,CAAC;QAEvC,KAAK,MAAM,YAAY,IAAI,aAAa,EAAE,CAAC;YACzC,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC;YAC7D,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,MAAM,IAAI,KAAK,CAAC,yBAAyB,YAAY,EAAE,CAAC,CAAC;YAC3D,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC;YACtE,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,MAAM,IAAI,KAAK,CAAC,6CAA6C,YAAY,EAAE,CAAC,CAAC;YAC/E,CAAC;YAED,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,GAAG,MAAM,CAAC;QACnC,CAAC;QAED,OAAO,GAAG,CAAC;IACb,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,KAA+B;QAC7C,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;QACnE,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CAAC,yBAAyB,KAAK,CAAC,YAAY,EAAE,CAAC,CAAC;QACjE,CAAC;QAED,MAAM,IAAI,CAAC,EAAE,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC;IAC3C,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,KAAoC;QACvD,MAAM,IAAI,CAAC,EAAE,CAAC,wBAAwB,CAAC,KAAK,CAAC,CAAC;IAChD,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,KAQnB;QACC,OAAO,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;IACtC,CAAC;CACF;AAzPD,8CAyPC"}

package/dist/vault/index.d.ts

@@ -0,0 +1,4 @@
+export * from './secret-store';
+export * from './yaml-sync';
+export * from './credential-manager';
+//# sourceMappingURL=index.d.ts.map

package/dist/vault/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/vault/index.ts"],"names":[],"mappings":"AAAA,cAAc,gBAAgB,CAAC;AAC/B,cAAc,aAAa,CAAC;AAC5B,cAAc,sBAAsB,CAAC"}

package/dist/vault/index.js

@@ -0,0 +1,20 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./secret-store"), exports);
+__exportStar(require("./yaml-sync"), exports);
+__exportStar(require("./credential-manager"), exports);
+//# sourceMappingURL=index.js.map

package/dist/vault/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/vault/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,iDAA+B;AAC/B,8CAA4B;AAC5B,uDAAqC"}

package/dist/vault/secret-store.d.ts

@@ -0,0 +1,36 @@
+export interface SecretStore {
+    set(account: string, value: string): Promise<void>;
+    get(account: string): Promise<string | null>;
+    delete(account: string): Promise<void>;
+    has(account: string): Promise<boolean>;
+}
+export declare class VaultUnsupportedError extends Error {
+    constructor(message: string);
+}
+export declare class MemorySecretStore implements SecretStore {
+    private secrets;
+    set(account: string, value: string): Promise<void>;
+    get(account: string): Promise<string | null>;
+    delete(account: string): Promise<void>;
+    has(account: string): Promise<boolean>;
+}
+export declare class DevFileSecretStore implements SecretStore {
+    private readonly secretsDir;
+    constructor(secretsDir?: string);
+    private secretPath;
+    private ensureDir;
+    set(account: string, value: string): Promise<void>;
+    get(account: string): Promise<string | null>;
+    delete(account: string): Promise<void>;
+    has(account: string): Promise<boolean>;
+}
+export declare class MacOSKeychainStore implements SecretStore {
+    private readonly serviceName;
+    private runSecurity;
+    set(account: string, value: string): Promise<void>;
+    get(account: string): Promise<string | null>;
+    delete(account: string): Promise<void>;
+    has(account: string): Promise<boolean>;
+}
+export declare function createSecretStore(): SecretStore;
+//# sourceMappingURL=secret-store.d.ts.map

package/dist/vault/secret-store.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"secret-store.d.ts","sourceRoot":"","sources":["../../src/vault/secret-store.ts"],"names":[],"mappings":"AAIA,MAAM,WAAW,WAAW;IAC1B,GAAG,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACnD,GAAG,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAC7C,MAAM,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACvC,GAAG,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;CACxC;AAED,qBAAa,qBAAsB,SAAQ,KAAK;gBAClC,OAAO,EAAE,MAAM;CAI5B;AAED,qBAAa,iBAAkB,YAAW,WAAW;IACnD,OAAO,CAAC,OAAO,CAA6B;IAEtC,GAAG,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAIlD,GAAG,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAI5C,MAAM,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAItC,GAAG,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;CAG7C;AAED,qBAAa,kBAAmB,YAAW,WAAW;IACpD,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAS;gBAExB,UAAU,CAAC,EAAE,MAAM;IAI/B,OAAO,CAAC,UAAU;YAIJ,SAAS;IAIjB,GAAG,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAKlD,GAAG,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAY5C,MAAM,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAWtC,GAAG,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;CAQ7C;AAED,qBAAa,kBAAmB,YAAW,WAAW;IACpD,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAgB;YAE9B,WAAW;IAmBnB,GAAG,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAyBlD,GAAG,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAgB5C,MAAM,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAUtC,GAAG,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;CAI7C;AAED,wBAAgB,iBAAiB,IAAI,WAAW,CAuB/C"}

package/dist/vault/secret-store.js

@@ -0,0 +1,207 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MacOSKeychainStore = exports.DevFileSecretStore = exports.MemorySecretStore = exports.VaultUnsupportedError = void 0;
+exports.createSecretStore = createSecretStore;
+const promises_1 = __importDefault(require("fs/promises"));
+const path_1 = __importDefault(require("path"));
+const yaml_sync_1 = require("./yaml-sync");
+class VaultUnsupportedError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = 'VaultUnsupportedError';
+    }
+}
+exports.VaultUnsupportedError = VaultUnsupportedError;
+class MemorySecretStore {
+    secrets = new Map();
+    async set(account, value) {
+        this.secrets.set(account, value);
+    }
+    async get(account) {
+        return this.secrets.get(account) ?? null;
+    }
+    async delete(account) {
+        this.secrets.delete(account);
+    }
+    async has(account) {
+        return this.secrets.has(account);
+    }
+}
+exports.MemorySecretStore = MemorySecretStore;
+class DevFileSecretStore {
+    secretsDir;
+    constructor(secretsDir) {
+        this.secretsDir = secretsDir ?? path_1.default.join((0, yaml_sync_1.getAgentDeckHome)(), 'secrets');
+    }
+    secretPath(account) {
+        return path_1.default.join(this.secretsDir, `${account}.secret`);
+    }
+    async ensureDir() {
+        await promises_1.default.mkdir(this.secretsDir, { recursive: true, mode: 0o700 });
+    }
+    async set(account, value) {
+        await this.ensureDir();
+        await promises_1.default.writeFile(this.secretPath(account), value, { encoding: 'utf8', mode: 0o600 });
+    }
+    async get(account) {
+        try {
+            return await promises_1.default.readFile(this.secretPath(account), 'utf8');
+        }
+        catch (error) {
+            const nodeError = error;
+            if (nodeError.code === 'ENOENT') {
+                return null;
+            }
+            throw error;
+        }
+    }
+    async delete(account) {
+        try {
+            await promises_1.default.unlink(this.secretPath(account));
+        }
+        catch (error) {
+            const nodeError = error;
+            if (nodeError.code !== 'ENOENT') {
+                throw error;
+            }
+        }
+    }
+    async has(account) {
+        try {
+            await promises_1.default.access(this.secretPath(account));
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+}
+exports.DevFileSecretStore = DevFileSecretStore;
+class MacOSKeychainStore {
+    serviceName = 'agent-deck';
+    async runSecurity(args) {
+        const { execFile } = await Promise.resolve().then(() => __importStar(require('child_process')));
+        const { promisify } = await Promise.resolve().then(() => __importStar(require('util')));
+        const execFileAsync = promisify(execFile);
+        try {
+            const result = await execFileAsync('security', args, { encoding: 'utf8' });
+            return {
+                stdout: String(result.stdout ?? ''),
+                stderr: String(result.stderr ?? ''),
+            };
+        }
+        catch (error) {
+            const execError = error;
+            const stderr = String(execError.stderr ?? execError.message ?? 'Keychain operation failed');
+            const wrapped = new Error(stderr.trim() || 'Keychain operation failed');
+            throw wrapped;
+        }
+    }
+    async set(account, value) {
+        try {
+            await this.runSecurity([
+                'delete-generic-password',
+                '-s',
+                this.serviceName,
+                '-a',
+                account,
+            ]);
+        }
+        catch {
+            // Item may not exist yet.
+        }
+        await this.runSecurity([
+            'add-generic-password',
+            '-s',
+            this.serviceName,
+            '-a',
+            account,
+            '-w',
+            value,
+            '-U',
+        ]);
+    }
+    async get(account) {
+        try {
+            const { stdout } = await this.runSecurity([
+                'find-generic-password',
+                '-s',
+                this.serviceName,
+                '-a',
+                account,
+                '-w',
+            ]);
+            return stdout.trim();
+        }
+        catch {
+            return null;
+        }
+    }
+    async delete(account) {
+        await this.runSecurity([
+            'delete-generic-password',
+            '-s',
+            this.serviceName,
+            '-a',
+            account,
+        ]);
+    }
+    async has(account) {
+        const value = await this.get(account);
+        return value !== null;
+    }
+}
+exports.MacOSKeychainStore = MacOSKeychainStore;
+function createSecretStore() {
+    if (process.env.AGENT_DECK_SECRET_STORE === 'memory') {
+        return new MemorySecretStore();
+    }
+    if (process.env.AGENT_DECK_SECRET_STORE === 'file') {
+        return new DevFileSecretStore();
+    }
+    if (process.platform === 'darwin') {
+        return new MacOSKeychainStore();
+    }
+    if (process.env.NODE_ENV !== 'production') {
+        console.warn('[agent-deck] macOS Keychain unavailable — using dev file secret store (~/.agent-deck/secrets).');
+        return new DevFileSecretStore();
+    }
+    throw new VaultUnsupportedError('Secret storage is only supported on macOS for now. Set AGENT_DECK_SECRET_STORE=memory to use the dev file store on other platforms.');
+}
+//# sourceMappingURL=secret-store.js.map

package/dist/vault/secret-store.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"secret-store.js","sourceRoot":"","sources":["../../src/vault/secret-store.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA0KA,8CAuBC;AAjMD,2DAA6B;AAC7B,gDAAwB;AACxB,2CAA+C;AAS/C,MAAa,qBAAsB,SAAQ,KAAK;IAC9C,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,uBAAuB,CAAC;IACtC,CAAC;CACF;AALD,sDAKC;AAED,MAAa,iBAAiB;IACpB,OAAO,GAAG,IAAI,GAAG,EAAkB,CAAC;IAE5C,KAAK,CAAC,GAAG,CAAC,OAAe,EAAE,KAAa;QACtC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IACnC,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,OAAe;QACvB,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC;IAC3C,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,OAAe;QAC1B,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC/B,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,OAAe;QACvB,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IACnC,CAAC;CACF;AAlBD,8CAkBC;AAED,MAAa,kBAAkB;IACZ,UAAU,CAAS;IAEpC,YAAY,UAAmB;QAC7B,IAAI,CAAC,UAAU,GAAG,UAAU,IAAI,cAAI,CAAC,IAAI,CAAC,IAAA,4BAAgB,GAAE,EAAE,SAAS,CAAC,CAAC;IAC3E,CAAC;IAEO,UAAU,CAAC,OAAe;QAChC,OAAO,cAAI,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,GAAG,OAAO,SAAS,CAAC,CAAC;IACzD,CAAC;IAEO,KAAK,CAAC,SAAS;QACrB,MAAM,kBAAE,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACpE,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,OAAe,EAAE,KAAa;QACtC,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;QACvB,MAAM,kBAAE,CAAC,SAAS,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACzF,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,OAAe;QACvB,IAAI,CAAC;YACH,OAAO,MAAM,kBAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC,CAAC;QAC7D,CAAC;QAAC,OAAO,KAAc,EAAE,CAAC;YACxB,MAAM,SAAS,GAAG,KAA8B,CAAC;YACjD,IAAI,SAAS,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;gBAChC,OAAO,IAAI,CAAC;YACd,CAAC;YACD,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,OAAe;QAC1B,IAAI,CAAC;YACH,MAAM,kBAAE,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC;QAC5C,CAAC;QAAC,OAAO,KAAc,EAAE,CAAC;YACxB,MAAM,SAAS,GAAG,KAA8B,CAAC;YACjD,IAAI,SAAS,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;gBAChC,MAAM,KAAK,CAAC;YACd,CAAC;QACH,CAAC;IACH,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,OAAe;QACvB,IAAI,CAAC;YACH,MAAM,kBAAE,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC;YAC1C,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;CACF;AAnDD,gDAmDC;AAED,MAAa,kBAAkB;IACZ,WAAW,GAAG,YAAY,CAAC;IAEpC,KAAK,CAAC,WAAW,CAAC,IAAc;QACtC,MAAM,EAAE,QAAQ,EAAE,GAAG,wDAAa,eAAe,GAAC,CAAC;QACnD,MAAM,EAAE,SAAS,EAAE,GAAG,wDAAa,MAAM,GAAC,CAAC;QAC3C,MAAM,aAAa,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;QAE1C,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,UAAU,EAAE,IAAI,EAAE,EAAE,QAAQ,EAAE,MAAwB,EAAE,CAAC,CAAC;YAC7F,OAAO;gBACL,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,MAAM,IAAI,EAAE,CAAC;gBACnC,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,MAAM,IAAI,EAAE,CAAC;aACpC,CAAC;QACJ,CAAC;QAAC,OAAO,KAAc,EAAE,CAAC;YACxB,MAAM,SAAS,GAAG,KAAiE,CAAC;YACpF,MAAM,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,MAAM,IAAI,SAAS,CAAC,OAAO,IAAI,2BAA2B,CAAC,CAAC;YAC5F,MAAM,OAAO,GAAG,IAAI,KAAK,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,2BAA2B,CAAC,CAAC;YACxE,MAAM,OAAO,CAAC;QAChB,CAAC;IACH,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,OAAe,EAAE,KAAa;QACtC,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,WAAW,CAAC;gBACrB,yBAAyB;gBACzB,IAAI;gBACJ,IAAI,CAAC,WAAW;gBAChB,IAAI;gBACJ,OAAO;aACR,CAAC,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;YACP,0BAA0B;QAC5B,CAAC;QAED,MAAM,IAAI,CAAC,WAAW,CAAC;YACrB,sBAAsB;YACtB,IAAI;YACJ,IAAI,CAAC,WAAW;YAChB,IAAI;YACJ,OAAO;YACP,IAAI;YACJ,KAAK;YACL,IAAI;SACL,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,OAAe;QACvB,IAAI,CAAC;YACH,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC;gBACxC,uBAAuB;gBACvB,IAAI;gBACJ,IAAI,CAAC,WAAW;gBAChB,IAAI;gBACJ,OAAO;gBACP,IAAI;aACL,CAAC,CAAC;YACH,OAAO,MAAM,CAAC,IAAI,EAAE,CAAC;QACvB,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,OAAe;QAC1B,MAAM,IAAI,CAAC,WAAW,CAAC;YACrB,yBAAyB;YACzB,IAAI;YACJ,IAAI,CAAC,WAAW;YAChB,IAAI;YACJ,OAAO;SACR,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,OAAe;QACvB,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACtC,OAAO,KAAK,KAAK,IAAI,CAAC;IACxB,CAAC;CACF;AA7ED,gDA6EC;AAED,SAAgB,iBAAiB;IAC/B,IAAI,OAAO,CAAC,GAAG,CAAC,uBAAuB,KAAK,QAAQ,EAAE,CAAC;QACrD,OAAO,IAAI,iBAAiB,EAAE,CAAC;IACjC,CAAC;IAED,IAAI,OAAO,CAAC,GAAG,CAAC,uBAAuB,KAAK,MAAM,EAAE,CAAC;QACnD,OAAO,IAAI,kBAAkB,EAAE,CAAC;IAClC,CAAC;IAED,IAAI,OAAO,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAClC,OAAO,IAAI,kBAAkB,EAAE,CAAC;IAClC,CAAC;IAED,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,EAAE,CAAC;QAC1C,OAAO,CAAC,IAAI,CACV,gGAAgG,CACjG,CAAC;QACF,OAAO,IAAI,kBAAkB,EAAE,CAAC;IAClC,CAAC;IAED,MAAM,IAAI,qBAAqB,CAC7B,qIAAqI,CACtI,CAAC;AACJ,CAAC"}

package/dist/vault/yaml-sync.d.ts

@@ -0,0 +1,8 @@
+import { Credential } from '@agent-deck/shared';
+export declare function getAgentDeckHome(): string;
+export declare function getCredentialsDir(): string;
+export declare class CredentialYamlSync {
+    write(credential: Credential): Promise<void>;
+    remove(credentialId: string): Promise<void>;
+}
+//# sourceMappingURL=yaml-sync.d.ts.map

package/dist/vault/yaml-sync.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"yaml-sync.d.ts","sourceRoot":"","sources":["../../src/vault/yaml-sync.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAEhD,wBAAgB,gBAAgB,IAAI,MAAM,CAEzC;AAED,wBAAgB,iBAAiB,IAAI,MAAM,CAE1C;AAED,qBAAa,kBAAkB;IACvB,KAAK,CAAC,UAAU,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC;IAgC5C,MAAM,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAUlD"}