@apiquest/plugin-vault-file 1.0.4

package/README.md

@@ -0,0 +1,140 @@
+# @apiquest/plugin-vault-file
+
+File-based vault provider plugin for ApiQuest. Provides secure secret storage using encrypted or plain JSON files.
+
+## Installation
+
+```bash
+# Using npm
+npm install -g @apiquest/plugin-vault-file
+
+# Or using fracture CLI
+fracture plugin install vault-file
+```
+
+## Features
+
+- Read secrets from JSON files
+- AES-256-GCM encryption support
+- Environment variable integration for encryption keys
+- Read-only access (no write operations)
+- Secure key handling from environment variables
+
+## Usage
+
+Configure the plugin in your collection's runtime options:
+
+### Plain JSON Vault
+
+```json
+{
+  "$schema": "https://apiquest.net/schemas/collection-v1.0.json",
+  "protocol": "http",
+  "options": {
+    "plugins": {
+      "vault:file": {
+        "filePath": "./secrets.json"
+      }
+    }
+  }
+}
+```
+
+**secrets.json:**
+```json
+{
+  "apiKey": "sk_live_abc123",
+  "dbPassword": "secret_password",
+  "jwtSecret": "my_jwt_secret"
+}
+```
+
+### Encrypted Vault
+
+For encrypted vaults, specify the encryption key from an environment variable:
+
+```json
+{
+  "options": {
+    "plugins": {
+      "vault:file": {
+        "filePath": "./secrets.json.enc",
+        "key": "VAULT_KEY",
+        "source": "env"
+      }
+    }
+  }
+}
+```
+
+This reads the encryption key from `process.env.VAULT_KEY`.
+
+### Accessing Vault Secrets
+
+Use the `{{$vault:file:secretName}}` syntax in your requests:
+
+```json
+{
+  "type": "request",
+  "id": "api-call",
+  "name": "API Call with Secret",
+  "auth": {
+    "type": "apikey",
+    "apikey": {
+      "key": "x-api-key",
+      "value": "{{$vault:file:apiKey}}",
+      "in": "header"
+    }
+  }
+}
+```
+
+### Using in Scripts
+
+```javascript
+// preRequestScript
+const dbPassword = await quest.vault.get('file', 'dbPassword');
+quest.variables.set('password', dbPassword);
+
+quest.test('Vault accessible', async () => {
+  const secret = await quest.vault.get('file', 'apiKey');
+  expect(secret).to.be.a('string');
+});
+```
+
+## Encryption
+
+To create an encrypted vault file, use AES-256-GCM encryption with the following format:
+
+```json
+{
+  "_encrypted": "aes-256-gcm",
+  "_iv": "base64_initialization_vector",
+  "_authTag": "base64_authentication_tag",
+  "_data": "base64_encrypted_data"
+}
+```
+
+The plugin automatically detects encrypted files by the presence of the `_encrypted` field.
+
+## Security Best Practices
+
+1. **Never commit unencrypted secrets** to version control
+2. **Store encryption keys in environment variables**, not in code
+3. **Use different vault files** for different environments (dev, staging, prod)
+4. **Rotate secrets regularly** and update vault files
+5. **Use encrypted vaults** for sensitive production secrets
+
+## Compatibility
+
+- **Protocols:** Works with all plugins
+- **Node.js:** Requires Node.js 20+
+
+## Documentation
+
+- [Fracture Documentation](https://apiquest.net/docs/fracture)
+- [Schema Reference](https://apiquest.net/schemas/collection-v1.0.json)
+
+## License
+
+Dual-licensed under AGPL-3.0-or-later and commercial license. See LICENSE.txt for details.

package/dist/index.d.ts

@@ -0,0 +1,125 @@
+import { IValueProviderPlugin, ValidationResult, ExecutionContext, ILogger } from '@apiquest/types';
+/**
+ * Encrypted file format
+ */
+interface EncryptedFile {
+    _encrypted: 'aes-256-gcm';
+    _iv: string;
+    _authTag: string;
+    _data: string;
+}
+/**
+ * File-based Vault Provider Plugin
+ * Reads secrets from a JSON file (plain or AES-256-GCM encrypted)
+ *
+ * Configuration:
+ * - filePath: Path to JSON file containing secrets
+ * - key: Encryption key or name of environment variable (when source="env")
+ * - source: "env" to read key from process.env[key], omit to use key directly
+ *
+ * Usage - Unencrypted:
+ * {
+ *   "plugins": {
+ *     "vault:file": {
+ *       "filePath": "./secrets.json"
+ *     }
+ *   }
+ * }
+ *
+ * Usage - Encrypted with env var:
+ * {
+ *   "plugins": {
+ *     "vault:file": {
+ *       "filePath": "./secrets.json.enc",
+ *       "key": "VAULT_KEY",
+ *       "source": "env"
+ *     }
+ *   }
+ * }
+ *
+ * Usage - Encrypted with variable resolution:
+ * {
+ *   "variables": [{"key": "vaultKey", "value": "my-secret"}],
+ *   "plugins": {
+ *     "vault:file": {
+ *       "filePath": "./secrets.json.enc",
+ *       "key": "{{vaultKey}}"
+ *     }
+ *   }
+ * }
+ *
+ * Plain secrets.json format:
+ * {
+ *   "apiKey": "secret-value",
+ *   "database": {
+ *     "password": "db-password"
+ *   }
+ * }
+ *
+ * Encrypted secrets.json.enc format:
+ * {
+ *   "_encrypted": "aes-256-gcm",
+ *   "_iv": "base64_encoded_iv",
+ *   "_authTag": "base64_encoded_auth_tag",
+ *   "_data": "base64_encoded_encrypted_json"
+ * }
+ *
+ * Access nested keys with dot notation: "database.password"
+ */
+export declare class FileVaultProvider implements IValueProviderPlugin {
+    provider: string;
+    name: string;
+    description: string;
+    configSchema: {
+        type: string;
+        properties: {
+            filePath: {
+                type: string;
+                description: string;
+            };
+            key: {
+                type: string;
+                description: string;
+            };
+            source: {
+                type: string;
+                enum: string[];
+                description: string;
+            };
+        };
+        required: string[];
+    };
+    private cache;
+    getValue(key: string, config?: unknown, context?: ExecutionContext, logger?: ILogger): Promise<string | null>;
+    validate(config?: unknown): ValidationResult;
+    /**
+     * Resolve the encryption key from config
+     * - If source="env", read from process.env[config.key]
+     * - Otherwise, use config.key directly
+     */
+    private resolveEncryptionKey;
+    /**
+     * Check if data is an encrypted file
+     */
+    private isEncryptedFile;
+    /**
+     * Decrypt an encrypted file using AES-256-GCM
+     */
+    private decryptFile;
+    /**
+     * Encrypt data to create an encrypted file (utility method for generating encrypted files)
+     */
+    static encryptData(data: unknown, key: string): EncryptedFile;
+    /**
+     * Get nested value from object using dot notation
+     * Example: getNestedValue({ a: { b: { c: 'value' } } }, 'a.b.c') => 'value'
+     */
+    private getNestedValue;
+    /**
+     * Clear the cache (useful for testing or forcing reload)
+     */
+    clearCache(): void;
+}
+export declare const fileVaultProvider: FileVaultProvider;
+export default fileVaultProvider;
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,oBAAoB,EAAE,gBAAgB,EAAmB,gBAAgB,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAC;AAKrH;;GAEG;AACH,UAAU,aAAa;IACrB,UAAU,EAAE,aAAa,CAAC;IAC1B,GAAG,EAAE,MAAM,CAAC;IACZ,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;CACf;AAWD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAyDG;AACH,qBAAa,iBAAkB,YAAW,oBAAoB;IAC5D,QAAQ,SAAgB;IACxB,IAAI,SAAyB;IAC7B,WAAW,SAAqE;IAEhF,YAAY;;;;;;;;;;;;;;;;;;MAkBV;IAEF,OAAO,CAAC,KAAK,CAA8B;IAErC,QAAQ,CACZ,GAAG,EAAE,MAAM,EACX,MAAM,CAAC,EAAE,OAAO,EAChB,OAAO,CAAC,EAAE,gBAAgB,EAC1B,MAAM,CAAC,EAAE,OAAO,GACf,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IA8DzB,QAAQ,CAAC,MAAM,CAAC,EAAE,OAAO,GAAG,gBAAgB;IAoH5C;;;;OAIG;IACH,OAAO,CAAC,oBAAoB;IAe5B;;OAEG;IACH,OAAO,CAAC,eAAe;IASvB;;OAEG;IACH,OAAO,CAAC,WAAW;IA4BnB;;OAEG;IACH,MAAM,CAAC,WAAW,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,EAAE,MAAM,GAAG,aAAa;IA6B7D;;;OAGG;IACH,OAAO,CAAC,cAAc;IAiBtB;;OAEG;IACH,UAAU,IAAI,IAAI;CAGnB;AAGD,eAAO,MAAM,iBAAiB,mBAA0B,CAAC;AAGzD,eAAe,iBAAiB,CAAC"}

package/dist/index.js

@@ -0,0 +1,357 @@
+import * as fs from 'fs';
+import * as path from 'path';
+import * as crypto from 'crypto';
+
+/**
+ * File-based Vault Provider Plugin
+ * Reads secrets from a JSON file (plain or AES-256-GCM encrypted)
+ *
+ * Configuration:
+ * - filePath: Path to JSON file containing secrets
+ * - key: Encryption key or name of environment variable (when source="env")
+ * - source: "env" to read key from process.env[key], omit to use key directly
+ *
+ * Usage - Unencrypted:
+ * {
+ *   "plugins": {
+ *     "vault:file": {
+ *       "filePath": "./secrets.json"
+ *     }
+ *   }
+ * }
+ *
+ * Usage - Encrypted with env var:
+ * {
+ *   "plugins": {
+ *     "vault:file": {
+ *       "filePath": "./secrets.json.enc",
+ *       "key": "VAULT_KEY",
+ *       "source": "env"
+ *     }
+ *   }
+ * }
+ *
+ * Usage - Encrypted with variable resolution:
+ * {
+ *   "variables": [{"key": "vaultKey", "value": "my-secret"}],
+ *   "plugins": {
+ *     "vault:file": {
+ *       "filePath": "./secrets.json.enc",
+ *       "key": "{{vaultKey}}"
+ *     }
+ *   }
+ * }
+ *
+ * Plain secrets.json format:
+ * {
+ *   "apiKey": "secret-value",
+ *   "database": {
+ *     "password": "db-password"
+ *   }
+ * }
+ *
+ * Encrypted secrets.json.enc format:
+ * {
+ *   "_encrypted": "aes-256-gcm",
+ *   "_iv": "base64_encoded_iv",
+ *   "_authTag": "base64_encoded_auth_tag",
+ *   "_data": "base64_encoded_encrypted_json"
+ * }
+ *
+ * Access nested keys with dot notation: "database.password"
+ */
+class FileVaultProvider {
+    provider = 'vault:file';
+    name = 'File Vault Provider';
+    description = 'Load secrets from a JSON file (supports AES-256-GCM encryption)';
+    configSchema = {
+        type: 'object',
+        properties: {
+            filePath: {
+                type: 'string',
+                description: 'Path to JSON file containing secrets'
+            },
+            key: {
+                type: 'string',
+                description: 'Encryption key or environment variable name'
+            },
+            source: {
+                type: 'string',
+                enum: ['env'],
+                description: 'Set to "env" to read key from process.env'
+            }
+        },
+        required: ['filePath']
+    };
+    cache = new Map();
+    async getValue(key, config, context, logger) {
+        if (config === undefined || config === null || typeof config !== 'object') {
+            logger?.error('Vault file configuration missing');
+            throw new Error('FileVaultProvider: filePath not configured in options.plugins["vault:file"]');
+        }
+        const configObj = config;
+        if (!('filePath' in configObj) || typeof configObj.filePath !== 'string') {
+            logger?.error('Vault filePath missing in configuration');
+            throw new Error('FileVaultProvider: filePath not configured in options.plugins["vault:file"]');
+        }
+        const filePath = path.resolve(configObj.filePath);
+        const cacheKey = filePath;
+        // Cache load
+        if (!this.cache.has(cacheKey)) {
+            try {
+                logger?.debug('Loading vault file', { filePath });
+                const fileContent = fs.readFileSync(filePath, 'utf-8');
+                const fileData = JSON.parse(fileContent);
+                if (this.isEncryptedFile(fileData)) {
+                    const encryptionKey = this.resolveEncryptionKey(configObj);
+                    if (encryptionKey === null || encryptionKey === undefined || encryptionKey === '') {
+                        logger?.error('Encrypted vault file missing encryption key');
+                        throw new Error('FileVaultProvider: Encrypted vault file requires encryption key (config.key)');
+                    }
+                    const decrypted = this.decryptFile(fileData, encryptionKey);
+                    this.cache.set(cacheKey, decrypted);
+                    logger?.debug('Encrypted vault file decrypted and cached');
+                }
+                else {
+                    this.cache.set(cacheKey, fileData);
+                    logger?.debug('Vault file cached');
+                }
+            }
+            catch (error) {
+                if (error !== null && typeof error === 'object' && 'code' in error && error.code === 'ENOENT') {
+                    logger?.error('Vault file not found', { filePath });
+                    throw new Error(`FileVaultProvider: Vault file not found: ${filePath}`);
+                }
+                if (error instanceof SyntaxError) {
+                    logger?.error('Vault file JSON parsing failed', { filePath });
+                    throw new Error(`FileVaultProvider: Invalid JSON in vault file: ${filePath}`);
+                }
+                throw error;
+            }
+        }
+        const secrets = this.cache.get(cacheKey);
+        const value = this.getNestedValue(secrets, key);
+        if (value === undefined) {
+            logger?.trace('Vault key not found', { key });
+            return null;
+        }
+        logger?.trace('Vault key resolved', { key });
+        return String(value);
+    }
+    validate(config) {
+        if (config === undefined || config === null) {
+            return {
+                valid: false,
+                errors: [{
+                        message: 'Configuration required: must specify filePath',
+                        location: '',
+                        source: 'vault'
+                    }]
+            };
+        }
+        // Type guard to check if config is an object and has filePath
+        if (typeof config !== 'object' || config === null) {
+            return {
+                valid: false,
+                errors: [{
+                        message: 'Configuration must be an object',
+                        location: '',
+                        source: 'vault'
+                    }]
+            };
+        }
+        const configObj = config;
+        if (!('filePath' in configObj) || configObj.filePath === undefined || configObj.filePath === null) {
+            return {
+                valid: false,
+                errors: [{
+                        message: 'filePath is required in configuration',
+                        location: '',
+                        source: 'vault'
+                    }]
+            };
+        }
+        if (typeof configObj.filePath !== 'string') {
+            return {
+                valid: false,
+                errors: [{
+                        message: 'filePath must be a string',
+                        location: '',
+                        source: 'vault'
+                    }]
+            };
+        }
+        // Check if file exists
+        const filePath = path.resolve(configObj.filePath);
+        if (!fs.existsSync(filePath)) {
+            return {
+                valid: false,
+                errors: [{
+                        message: `Vault file not found: ${filePath}`,
+                        location: '',
+                        source: 'vault'
+                    }]
+            };
+        }
+        // Try to parse JSON and check encryption
+        try {
+            const content = fs.readFileSync(filePath, 'utf-8');
+            const data = JSON.parse(content);
+            // If file is encrypted, validate we have a key
+            if (this.isEncryptedFile(data)) {
+                const vaultConfig = {
+                    filePath: String(configObj.filePath),
+                    key: typeof configObj.key === 'string' ? configObj.key : undefined,
+                    source: configObj.source === 'env' ? 'env' : undefined
+                };
+                const encryptionKey = this.resolveEncryptionKey(vaultConfig);
+                if (encryptionKey === null || encryptionKey === undefined || encryptionKey === '') {
+                    return {
+                        valid: false,
+                        errors: [{
+                                message: 'Encrypted vault file requires encryption key (config.key)',
+                                location: '',
+                                source: 'vault'
+                            }]
+                    };
+                }
+                // Try to decrypt to validate key
+                try {
+                    this.decryptFile(data, encryptionKey);
+                }
+                catch (decryptError) {
+                    const errorMessage = decryptError instanceof Error ? decryptError.message : 'Decryption failed';
+                    return {
+                        valid: false,
+                        errors: [{
+                                message: `Failed to decrypt vault file: ${errorMessage}`,
+                                location: '',
+                                source: 'vault'
+                            }]
+                    };
+                }
+            }
+        }
+        catch (error) {
+            const errorMessage = error instanceof Error ? error.message : 'Unknown error';
+            return {
+                valid: false,
+                errors: [{
+                        message: `Invalid JSON in vault file: ${errorMessage}`,
+                        location: '',
+                        source: 'vault'
+                    }]
+            };
+        }
+        return { valid: true };
+    }
+    /**
+     * Resolve the encryption key from config
+     * - If source="env", read from process.env[config.key]
+     * - Otherwise, use config.key directly
+     */
+    resolveEncryptionKey(config) {
+        if (config.key === undefined || config.key === null || config.key === '') {
+            return null;
+        }
+        if (config.source === 'env') {
+            // Read from environment variable
+            const envValue = process.env[config.key];
+            return envValue ?? null;
+        }
+        // Use key directly (could be resolved variable like {{vaultKey}})
+        return config.key;
+    }
+    /**
+     * Check if data is an encrypted file
+     */
+    isEncryptedFile(data) {
+        if (typeof data !== 'object' || data === null) {
+            return false;
+        }
+        const obj = data;
+        return '_encrypted' in obj && obj._encrypted === 'aes-256-gcm';
+    }
+    /**
+     * Decrypt an encrypted file using AES-256-GCM
+     */
+    decryptFile(encryptedFile, key) {
+        try {
+            // Derive a 32-byte key from the provided key using SHA-256
+            const keyBuffer = crypto.createHash('sha256').update(key).digest();
+            // Decode base64 values
+            const iv = Buffer.from(encryptedFile._iv, 'base64');
+            const authTag = Buffer.from(encryptedFile._authTag, 'base64');
+            const encryptedData = Buffer.from(encryptedFile._data, 'base64');
+            // Create decipher
+            const decipher = crypto.createDecipheriv('aes-256-gcm', keyBuffer, iv);
+            decipher.setAuthTag(authTag);
+            // Decrypt
+            const decrypted = Buffer.concat([
+                decipher.update(encryptedData),
+                decipher.final()
+            ]);
+            // Parse JSON
+            return JSON.parse(decrypted.toString('utf-8'));
+        }
+        catch (error) {
+            const errorMessage = error instanceof Error ? error.message : 'Unknown error';
+            throw new Error(`Failed to decrypt vault file: ${errorMessage}`);
+        }
+    }
+    /**
+     * Encrypt data to create an encrypted file (utility method for generating encrypted files)
+     */
+    static encryptData(data, key) {
+        // Derive a 32-byte key from the provided key using SHA-256
+        const keyBuffer = crypto.createHash('sha256').update(key).digest();
+        // Generate random IV (12 bytes for GCM)
+        const iv = crypto.randomBytes(12);
+        // Create cipher
+        const cipher = crypto.createCipheriv('aes-256-gcm', keyBuffer, iv);
+        // Encrypt
+        const jsonData = JSON.stringify(data);
+        const encrypted = Buffer.concat([
+            cipher.update(jsonData, 'utf-8'),
+            cipher.final()
+        ]);
+        // Get auth tag
+        const authTag = cipher.getAuthTag();
+        // Return encrypted file format
+        return {
+            _encrypted: 'aes-256-gcm',
+            _iv: iv.toString('base64'),
+            _authTag: authTag.toString('base64'),
+            _data: encrypted.toString('base64')
+        };
+    }
+    /**
+     * Get nested value from object using dot notation
+     * Example: getNestedValue({ a: { b: { c: 'value' } } }, 'a.b.c') => 'value'
+     */
+    getNestedValue(obj, key) {
+        const keys = key.split('.');
+        let current = obj;
+        for (const k of keys) {
+            if (current === null || current === undefined) {
+                return undefined;
+            }
+            if (typeof current !== 'object') {
+                return undefined;
+            }
+            current = current[k];
+        }
+        return current;
+    }
+    /**
+     * Clear the cache (useful for testing or forcing reload)
+     */
+    clearCache() {
+        this.cache.clear();
+    }
+}
+// Export singleton instance
+const fileVaultProvider = new FileVaultProvider();
+
+export { FileVaultProvider, fileVaultProvider as default, fileVaultProvider };
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sources":["../src/index.ts"],"sourcesContent":[null],"names":[],"mappings":";;;;AAwBA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAyDG;MACU,iBAAiB,CAAA;IAC5B,QAAQ,GAAG,YAAY;IACvB,IAAI,GAAG,qBAAqB;IAC5B,WAAW,GAAG,iEAAiE;AAE/E,IAAA,YAAY,GAAG;AACb,QAAA,IAAI,EAAE,QAAQ;AACd,QAAA,UAAU,EAAE;AACV,YAAA,QAAQ,EAAE;AACR,gBAAA,IAAI,EAAE,QAAQ;AACd,gBAAA,WAAW,EAAE;AACd,aAAA;AACD,YAAA,GAAG,EAAE;AACH,gBAAA,IAAI,EAAE,QAAQ;AACd,gBAAA,WAAW,EAAE;AACd,aAAA;AACD,YAAA,MAAM,EAAE;AACN,gBAAA,IAAI,EAAE,QAAQ;gBACd,IAAI,EAAE,CAAC,KAAK,CAAC;AACb,gBAAA,WAAW,EAAE;AACd;AACF,SAAA;QACD,QAAQ,EAAE,CAAC,UAAU;KACtB;AAEO,IAAA,KAAK,GAAG,IAAI,GAAG,EAAmB;IAE1C,MAAM,QAAQ,CACZ,GAAW,EACX,MAAgB,EAChB,OAA0B,EAC1B,MAAgB,EAAA;AAEhB,QAAA,IAAI,MAAM,KAAK,SAAS,IAAI,MAAM,KAAK,IAAI,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE;AACzE,YAAA,MAAM,EAAE,KAAK,CAAC,kCAAkC,CAAC;AACjD,YAAA,MAAM,IAAI,KAAK,CAAC,6EAA6E,CAAC;QAChG;QAEA,MAAM,SAAS,GAAG,MAAyB;AAE3C,QAAA,IAAI,EAAE,UAAU,IAAI,SAAS,CAAC,IAAI,OAAO,SAAS,CAAC,QAAQ,KAAK,QAAQ,EAAE;AACxE,YAAA,MAAM,EAAE,KAAK,CAAC,yCAAyC,CAAC;AACxD,YAAA,MAAM,IAAI,KAAK,CAAC,6EAA6E,CAAC;QAChG;QAEA,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,QAAQ,CAAC;QACjD,MAAM,QAAQ,GAAG,QAAQ;;QAGzB,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE;AAC7B,YAAA,IAAI;gBACF,MAAM,EAAE,KAAK,CAAC,oBAAoB,EAAE,EAAE,QAAQ,EAAE,CAAC;gBACjD,MAAM,WAAW,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC;gBACtD,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAY;AAEnD,gBAAA,IAAI,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,EAAE;oBAClC,MAAM,aAAa,GAAG,IAAI,CAAC,oBAAoB,CAAC,SAAS,CAAC;AAC1D,oBAAA,IAAI,aAAa,KAAK,IAAI,IAAI,aAAa,KAAK,SAAS,IAAI,aAAa,KAAK,EAAE,EAAE;AACjF,wBAAA,MAAM,EAAE,KAAK,CAAC,6CAA6C,CAAC;AAC5D,wBAAA,MAAM,IAAI,KAAK,CAAC,8EAA8E,CAAC;oBACjG;oBAEA,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,aAAa,CAAC;oBAC3D,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,SAAS,CAAC;AACnC,oBAAA,MAAM,EAAE,KAAK,CAAC,2CAA2C,CAAC;gBAC5D;qBAAO;oBACL,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,QAAQ,CAAC;AAClC,oBAAA,MAAM,EAAE,KAAK,CAAC,mBAAmB,CAAC;gBACpC;YACF;YAAE,OAAO,KAAc,EAAE;AACvB,gBAAA,IAAI,KAAK,KAAK,IAAI,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,MAAM,IAAI,KAAK,IAAI,KAAK,CAAC,IAAI,KAAK,QAAQ,EAAE;oBAC7F,MAAM,EAAE,KAAK,CAAC,sBAAsB,EAAE,EAAE,QAAQ,EAAE,CAAC;AACnD,oBAAA,MAAM,IAAI,KAAK,CAAC,4CAA4C,QAAQ,CAAA,CAAE,CAAC;gBACzE;AACA,gBAAA,IAAI,KAAK,YAAY,WAAW,EAAE;oBAChC,MAAM,EAAE,KAAK,CAAC,gCAAgC,EAAE,EAAE,QAAQ,EAAE,CAAC;AAC7D,oBAAA,MAAM,IAAI,KAAK,CAAC,kDAAkD,QAAQ,CAAA,CAAE,CAAC;gBAC/E;AACA,gBAAA,MAAM,KAAK;YACb;QACF;QAEA,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC;QACxC,MAAM,KAAK,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,GAAG,CAAC;AAE/C,QAAA,IAAI,KAAK,KAAK,SAAS,EAAE;YACvB,MAAM,EAAE,KAAK,CAAC,qBAAqB,EAAE,EAAE,GAAG,EAAE,CAAC;AAC7C,YAAA,OAAO,IAAI;QACb;QAEA,MAAM,EAAE,KAAK,CAAC,oBAAoB,EAAE,EAAE,GAAG,EAAE,CAAC;AAC5C,QAAA,OAAO,MAAM,CAAC,KAAK,CAAC;IACtB;AAEA,IAAA,QAAQ,CAAC,MAAgB,EAAA;QACvB,IAAI,MAAM,KAAK,SAAS,IAAI,MAAM,KAAK,IAAI,EAAE;YAC3C,OAAO;AACL,gBAAA,KAAK,EAAE,KAAK;AACZ,gBAAA,MAAM,EAAE,CAAC;AACP,wBAAA,OAAO,EAAE,+CAA+C;AACxD,wBAAA,QAAQ,EAAE,EAAE;AACZ,wBAAA,MAAM,EAAE;qBACT;aACF;QACH;;QAGA,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,KAAK,IAAI,EAAE;YACjD,OAAO;AACL,gBAAA,KAAK,EAAE,KAAK;AACZ,gBAAA,MAAM,EAAE,CAAC;AACP,wBAAA,OAAO,EAAE,iCAAiC;AAC1C,wBAAA,QAAQ,EAAE,EAAE;AACZ,wBAAA,MAAM,EAAE;qBACT;aACF;QACH;QAEA,MAAM,SAAS,GAAG,MAAiC;AAEnD,QAAA,IAAI,EAAE,UAAU,IAAI,SAAS,CAAC,IAAI,SAAS,CAAC,QAAQ,KAAK,SAAS,IAAI,SAAS,CAAC,QAAQ,KAAK,IAAI,EAAE;YACjG,OAAO;AACL,gBAAA,KAAK,EAAE,KAAK;AACZ,gBAAA,MAAM,EAAE,CAAC;AACP,wBAAA,OAAO,EAAE,uCAAuC;AAChD,wBAAA,QAAQ,EAAE,EAAE;AACZ,wBAAA,MAAM,EAAE;qBACT;aACF;QACH;AAEA,QAAA,IAAI,OAAO,SAAS,CAAC,QAAQ,KAAK,QAAQ,EAAE;YAC1C,OAAO;AACL,gBAAA,KAAK,EAAE,KAAK;AACZ,gBAAA,MAAM,EAAE,CAAC;AACP,wBAAA,OAAO,EAAE,2BAA2B;AACpC,wBAAA,QAAQ,EAAE,EAAE;AACZ,wBAAA,MAAM,EAAE;qBACT;aACF;QACH;;QAGA,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,QAAQ,CAAC;QACjD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE;YAC5B,OAAO;AACL,gBAAA,KAAK,EAAE,KAAK;AACZ,gBAAA,MAAM,EAAE,CAAC;wBACP,OAAO,EAAE,CAAA,sBAAA,EAAyB,QAAQ,CAAA,CAAE;AAC5C,wBAAA,QAAQ,EAAE,EAAE;AACZ,wBAAA,MAAM,EAAE;qBACT;aACF;QACH;;AAGA,QAAA,IAAI;YACF,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC;YAClD,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAY;;AAG3C,YAAA,IAAI,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,EAAE;AAC9B,gBAAA,MAAM,WAAW,GAAoB;AACnC,oBAAA,QAAQ,EAAE,MAAM,CAAC,SAAS,CAAC,QAAQ,CAAC;AACpC,oBAAA,GAAG,EAAE,OAAO,SAAS,CAAC,GAAG,KAAK,QAAQ,GAAG,SAAS,CAAC,GAAG,GAAG,SAAS;AAClE,oBAAA,MAAM,EAAE,SAAS,CAAC,MAAM,KAAK,KAAK,GAAG,KAAK,GAAG;iBAC9C;gBACD,MAAM,aAAa,GAAG,IAAI,CAAC,oBAAoB,CAAC,WAAW,CAAC;AAE5D,gBAAA,IAAI,aAAa,KAAK,IAAI,IAAI,aAAa,KAAK,SAAS,IAAI,aAAa,KAAK,EAAE,EAAE;oBACjF,OAAO;AACL,wBAAA,KAAK,EAAE,KAAK;AACZ,wBAAA,MAAM,EAAE,CAAC;AACP,gCAAA,OAAO,EAAE,2DAA2D;AACpE,gCAAA,QAAQ,EAAE,EAAE;AACZ,gCAAA,MAAM,EAAE;6BACT;qBACF;gBACH;;AAGA,gBAAA,IAAI;AACF,oBAAA,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,aAAa,CAAC;gBACvC;gBAAE,OAAO,YAAqB,EAAE;AAC9B,oBAAA,MAAM,YAAY,GAAG,YAAY,YAAY,KAAK,GAAG,YAAY,CAAC,OAAO,GAAG,mBAAmB;oBAC/F,OAAO;AACL,wBAAA,KAAK,EAAE,KAAK;AACZ,wBAAA,MAAM,EAAE,CAAC;gCACP,OAAO,EAAE,CAAA,8BAAA,EAAiC,YAAY,CAAA,CAAE;AACxD,gCAAA,QAAQ,EAAE,EAAE;AACZ,gCAAA,MAAM,EAAE;6BACT;qBACF;gBACH;YACF;QACF;QAAE,OAAO,KAAc,EAAE;AACvB,YAAA,MAAM,YAAY,GAAG,KAAK,YAAY,KAAK,GAAG,KAAK,CAAC,OAAO,GAAG,eAAe;YAC7E,OAAO;AACL,gBAAA,KAAK,EAAE,KAAK;AACZ,gBAAA,MAAM,EAAE,CAAC;wBACP,OAAO,EAAE,CAAA,4BAAA,EAA+B,YAAY,CAAA,CAAE;AACtD,wBAAA,QAAQ,EAAE,EAAE;AACZ,wBAAA,MAAM,EAAE;qBACT;aACF;QACH;AAEA,QAAA,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE;IACxB;AAEA;;;;AAIG;AACK,IAAA,oBAAoB,CAAC,MAAuB,EAAA;AAClD,QAAA,IAAI,MAAM,CAAC,GAAG,KAAK,SAAS,IAAI,MAAM,CAAC,GAAG,KAAK,IAAI,IAAI,MAAM,CAAC,GAAG,KAAK,EAAE,EAAE;AACxE,YAAA,OAAO,IAAI;QACb;AAEA,QAAA,IAAI,MAAM,CAAC,MAAM,KAAK,KAAK,EAAE;;YAE3B,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC;YACxC,OAAO,QAAQ,IAAI,IAAI;QACzB;;QAGA,OAAO,MAAM,CAAC,GAAG;IACnB;AAEA;;AAEG;AACK,IAAA,eAAe,CAAC,IAAa,EAAA;QACnC,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,IAAI,EAAE;AAC7C,YAAA,OAAO,KAAK;QACd;QAEA,MAAM,GAAG,GAAG,IAA+B;QAC3C,OAAO,YAAY,IAAI,GAAG,IAAI,GAAG,CAAC,UAAU,KAAK,aAAa;IAChE;AAEA;;AAEG;IACK,WAAW,CAAC,aAA4B,EAAE,GAAW,EAAA;AAC3D,QAAA,IAAI;;AAEF,YAAA,MAAM,SAAS,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE;;AAGlE,YAAA,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,GAAG,EAAE,QAAQ,CAAC;AACnD,YAAA,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,QAAQ,EAAE,QAAQ,CAAC;AAC7D,YAAA,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,QAAQ,CAAC;;AAGhE,YAAA,MAAM,QAAQ,GAAG,MAAM,CAAC,gBAAgB,CAAC,aAAa,EAAE,SAAS,EAAE,EAAE,CAAC;AACtE,YAAA,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC;;AAG5B,YAAA,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC;AAC9B,gBAAA,QAAQ,CAAC,MAAM,CAAC,aAAa,CAAC;gBAC9B,QAAQ,CAAC,KAAK;AACf,aAAA,CAAC;;YAGF,OAAO,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAY;QAC3D;QAAE,OAAO,KAAc,EAAE;AACvB,YAAA,MAAM,YAAY,GAAG,KAAK,YAAY,KAAK,GAAG,KAAK,CAAC,OAAO,GAAG,eAAe;AAC7E,YAAA,MAAM,IAAI,KAAK,CAAC,iCAAiC,YAAY,CAAA,CAAE,CAAC;QAClE;IACF;AAEA;;AAEG;AACH,IAAA,OAAO,WAAW,CAAC,IAAa,EAAE,GAAW,EAAA;;AAE3C,QAAA,MAAM,SAAS,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE;;QAGlE,MAAM,EAAE,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC;;AAGjC,QAAA,MAAM,MAAM,GAAG,MAAM,CAAC,cAAc,CAAC,aAAa,EAAE,SAAS,EAAE,EAAE,CAAC;;QAGlE,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;AACrC,QAAA,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC;AAC9B,YAAA,MAAM,CAAC,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC;YAChC,MAAM,CAAC,KAAK;AACb,SAAA,CAAC;;AAGF,QAAA,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,EAAE;;QAGnC,OAAO;AACL,YAAA,UAAU,EAAE,aAAa;AACzB,YAAA,GAAG,EAAE,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC;AAC1B,YAAA,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC;AACpC,YAAA,KAAK,EAAE,SAAS,CAAC,QAAQ,CAAC,QAAQ;SACnC;IACH;AAEA;;;AAGG;IACK,cAAc,CAAC,GAAY,EAAE,GAAW,EAAA;QAC9C,MAAM,IAAI,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC;QAC3B,IAAI,OAAO,GAAG,GAAG;AAEjB,QAAA,KAAK,MAAM,CAAC,IAAI,IAAI,EAAE;YACpB,IAAI,OAAO,KAAK,IAAI,IAAI,OAAO,KAAK,SAAS,EAAE;AAC7C,gBAAA,OAAO,SAAS;YAClB;AACA,YAAA,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE;AAC/B,gBAAA,OAAO,SAAS;YAClB;AACA,YAAA,OAAO,GAAI,OAAmC,CAAC,CAAC,CAAC;QACnD;AAEA,QAAA,OAAO,OAAO;IAChB;AAEA;;AAEG;IACH,UAAU,GAAA;AACR,QAAA,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE;IACpB;AACD;AAED;AACO,MAAM,iBAAiB,GAAG,IAAI,iBAAiB;;;;"}

package/package.json

@@ -0,0 +1,54 @@
+{
+  "name": "@apiquest/plugin-vault-file",
+  "version": "1.0.4",
+  "description": "File-based vault provider plugin for ApiQuest (JSON, readonly)",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "type": "module",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/hh-apiquest/fracture.git",
+    "directory": "packages/plugin-vault-file"
+  },
+  "scripts": {
+    "build": "rollup -c && tsc --emitDeclarationOnly",
+    "dev": "rollup -c --watch",
+    "test": "vitest"
+  },
+  "keywords": [
+    "apiquest",
+    "vault",
+    "secrets",
+    "plugin",
+    "file"
+  ],
+  "author": "ApiQuest",
+  "license": "AGPL-3.0-or-later",
+  "apiquest": {
+    "type": "value",
+    "runtime": [
+      "fracture"
+    ],
+    "capabilities": {
+      "provides": {
+        "provider": "file"
+      }
+    }
+  },
+  "dependencies": {
+    "@apiquest/types": "workspace:*"
+  },
+  "devDependencies": {
+    "@apiquest/types": "workspace:*",
+    "@rollup/plugin-commonjs": "^29.0.0",
+    "@rollup/plugin-node-resolve": "^16.0.3",
+    "@rollup/plugin-typescript": "^12.3.0",
+    "@types/node": "^25.2.3",
+    "rollup": "^4.57.1",
+    "typescript": "^5.3.3",
+    "vitest": "^4.0.18"
+  },
+  "peerDependencies": {
+    "@apiquest/types": "^1.0.0"
+  }
+}