@elizaos/plugin-browser 2.0.0-alpha.9 → 2.0.3-beta.2

package/dist/password-manager-bridge.d.ts

@@ -0,0 +1,50 @@
+/**
+ * Password manager bridge — dual-backend (1Password CLI `op` or ProtonPass CLI).
+ *
+ * Security posture:
+ *   - Plaintext credentials NEVER enter return values.
+ *   - `injectCredentialToClipboard` pipes the secret from the backend CLI
+ *     directly into the OS clipboard via `execFile` without ever surfacing
+ *     the value to the Node process beyond a narrow buffer that is
+ *     discarded immediately.
+ *   - Nothing is logged that could contain secret material.
+ *   - All subprocess invocations use `execFile` with an args array.
+ */
+export type PasswordManagerBackend = "1password" | "protonpass" | "fixture" | "none";
+export interface PasswordManagerItem {
+    id: string;
+    title: string;
+    url?: string;
+    username?: string;
+    /** Metadata flag only — the actual password is never returned. */
+    hasPassword: boolean;
+    tags?: string[];
+    metadata?: Record<string, unknown>;
+}
+export interface PasswordManagerBridgeConfig {
+    preferredBackend?: PasswordManagerBackend;
+    /** Passed via `op --account`. Sourced from env `ELIZA_1PASSWORD_ACCOUNT`. */
+    onePasswordAccount?: string;
+    /** Binary override for 1Password CLI (default: "op"). */
+    opPath?: string;
+    /** Binary override for ProtonPass CLI (default: "protonpass" then "pass"). */
+    protonPassPath?: string;
+}
+export declare class PasswordManagerError extends Error {
+    readonly backend: PasswordManagerBackend;
+    readonly cause?: unknown;
+    constructor(message: string, backend: PasswordManagerBackend, cause?: unknown);
+}
+export declare function detectPasswordManagerBackend(config?: PasswordManagerBridgeConfig): Promise<PasswordManagerBackend>;
+/** Clear the backend detection cache. Exposed for tests. */
+export declare function clearPasswordManagerBackendCache(): void;
+export declare function searchPasswordItems(query: string, config?: PasswordManagerBridgeConfig): Promise<PasswordManagerItem[]>;
+export declare function listPasswordItems(opts: {
+    limit?: number;
+}, config?: PasswordManagerBridgeConfig): Promise<PasswordManagerItem[]>;
+export declare function injectCredentialToClipboard(itemId: string, field: "username" | "password", config?: PasswordManagerBridgeConfig): Promise<{
+    ok: true;
+    expiresInSeconds: number;
+    fixtureMode?: boolean;
+}>;
+//# sourceMappingURL=password-manager-bridge.d.ts.map

package/dist/password-manager-bridge.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"password-manager-bridge.d.ts","sourceRoot":"","sources":["../src/password-manager-bridge.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAYH,MAAM,MAAM,sBAAsB,GAC9B,WAAW,GACX,YAAY,GACZ,SAAS,GACT,MAAM,CAAC;AAEX,MAAM,WAAW,mBAAmB;IAClC,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,kEAAkE;IAClE,WAAW,EAAE,OAAO,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC;AAED,MAAM,WAAW,2BAA2B;IAC1C,gBAAgB,CAAC,EAAE,sBAAsB,CAAC;IAC1C,6EAA6E;IAC7E,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,yDAAyD;IACzD,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,8EAA8E;IAC9E,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAED,qBAAa,oBAAqB,SAAQ,KAAK;IAC7C,QAAQ,CAAC,OAAO,EAAE,sBAAsB,CAAC;IACzC,QAAQ,CAAC,KAAK,CAAC,EAAE,OAAO,CAAC;gBAGvB,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,sBAAsB,EAC/B,KAAK,CAAC,EAAE,OAAO;CAOlB;AA0HD,wBAAsB,4BAA4B,CAChD,MAAM,CAAC,EAAE,2BAA2B,GACnC,OAAO,CAAC,sBAAsB,CAAC,CAyCjC;AAED,4DAA4D;AAC5D,wBAAgB,gCAAgC,IAAI,IAAI,CAEvD;AAoSD,wBAAsB,mBAAmB,CACvC,KAAK,EAAE,MAAM,EACb,MAAM,CAAC,EAAE,2BAA2B,GACnC,OAAO,CAAC,mBAAmB,EAAE,CAAC,CAShC;AAED,wBAAsB,iBAAiB,CACrC,IAAI,EAAE;IAAE,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,EACxB,MAAM,CAAC,EAAE,2BAA2B,GACnC,OAAO,CAAC,mBAAmB,EAAE,CAAC,CAahC;AAED,wBAAsB,2BAA2B,CAC/C,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,UAAU,GAAG,UAAU,EAC9B,MAAM,CAAC,EAAE,2BAA2B,GACnC,OAAO,CAAC;IAAE,EAAE,EAAE,IAAI,CAAC;IAAC,gBAAgB,EAAE,MAAM,CAAC;IAAC,WAAW,CAAC,EAAE,OAAO,CAAA;CAAE,CAAC,CA6DxE"}

package/dist/password-manager-bridge.js

@@ -0,0 +1,437 @@
+import { execFile, spawn } from "node:child_process";
+import { promisify } from "node:util";
+import { logger } from "@elizaos/core";
+const execFileAsync = promisify(execFile);
+class PasswordManagerError extends Error {
+  backend;
+  cause;
+  constructor(message, backend, cause) {
+    super(message);
+    this.name = "PasswordManagerError";
+    this.backend = backend;
+    this.cause = cause;
+  }
+}
+const CLIPBOARD_TTL_SECONDS = 30;
+const PASSWORD_MANAGER_FIXTURE_ITEMS = [
+  {
+    id: "pm-github",
+    title: "GitHub",
+    url: "https://github.com/login",
+    username: "benchmark-user",
+    hasPassword: true,
+    tags: ["dev", "github", "code"],
+    metadata: { vault: "Mocked Benchmark" }
+  },
+  {
+    id: "pm-google-workspace",
+    title: "Google Workspace",
+    url: "https://mail.google.com",
+    username: "owner@example.com",
+    hasPassword: true,
+    tags: ["google", "email"],
+    metadata: { vault: "Mocked Benchmark" }
+  },
+  {
+    id: "pm-aws-prod",
+    title: "AWS Console",
+    url: "https://signin.aws.amazon.com",
+    username: "infra@example.com",
+    hasPassword: true,
+    tags: ["aws", "cloud"],
+    metadata: { vault: "Mocked Benchmark" }
+  }
+];
+function isTruthyEnv(value) {
+  if (!value) return false;
+  const normalized = value.trim().toLowerCase();
+  return normalized === "1" || normalized === "true" || normalized === "yes" || normalized === "on" || normalized === "fixture";
+}
+function isFalsyEnv(value) {
+  if (!value) return false;
+  const normalized = value.trim().toLowerCase();
+  return normalized === "0" || normalized === "false" || normalized === "no" || normalized === "off";
+}
+function isFixturePasswordManagerEnabled() {
+  const explicit = process.env.ELIZA_TEST_PASSWORD_MANAGER_BACKEND;
+  if (isFalsyEnv(explicit)) return false;
+  if (isTruthyEnv(explicit)) return true;
+  return false;
+}
+function listItemsViaFixture() {
+  return PASSWORD_MANAGER_FIXTURE_ITEMS.map((item) => ({
+    ...item,
+    tags: item.tags ? [...item.tags] : void 0,
+    metadata: item.metadata ? { ...item.metadata } : void 0
+  }));
+}
+const detectionCache = /* @__PURE__ */ new Map();
+function cacheKey(config) {
+  const c = config ?? {};
+  return [
+    c.preferredBackend ?? "",
+    c.onePasswordAccount ?? "",
+    c.opPath ?? "",
+    c.protonPassPath ?? ""
+  ].join("|");
+}
+function resolveOpBinary(config) {
+  return config?.opPath?.trim() || "op";
+}
+function resolveProtonPassBinary(config) {
+  return config?.protonPassPath?.trim() || "protonpass";
+}
+async function probeBinary(binary, args) {
+  try {
+    await execFileAsync(binary, args, { timeout: 3e3 });
+    return true;
+  } catch {
+    return false;
+  }
+}
+async function probeOp(config) {
+  return probeBinary(resolveOpBinary(config), ["--version"]);
+}
+async function probeProtonPass(config) {
+  if (await probeBinary(resolveProtonPassBinary(config), ["--version"])) {
+    return true;
+  }
+  if (!config?.protonPassPath) {
+    return probeBinary("pass", ["--version"]);
+  }
+  return false;
+}
+async function detectPasswordManagerBackend(config) {
+  const key = cacheKey(config);
+  const cached = detectionCache.get(key);
+  if (cached !== void 0) return cached;
+  const preferred = config?.preferredBackend;
+  if (preferred === "none") {
+    detectionCache.set(key, "none");
+    return "none";
+  }
+  if (preferred === "fixture") {
+    detectionCache.set(key, "fixture");
+    return "fixture";
+  }
+  if (isFixturePasswordManagerEnabled()) {
+    detectionCache.set(key, "fixture");
+    return "fixture";
+  }
+  if (preferred === "1password") {
+    const ok = await probeOp(config);
+    const result = ok ? "1password" : "none";
+    detectionCache.set(key, result);
+    return result;
+  }
+  if (preferred === "protonpass") {
+    const ok = await probeProtonPass(config);
+    const result = ok ? "protonpass" : "none";
+    detectionCache.set(key, result);
+    return result;
+  }
+  if (await probeOp(config)) {
+    detectionCache.set(key, "1password");
+    return "1password";
+  }
+  if (await probeProtonPass(config)) {
+    detectionCache.set(key, "protonpass");
+    return "protonpass";
+  }
+  detectionCache.set(key, "none");
+  return "none";
+}
+function clearPasswordManagerBackendCache() {
+  detectionCache.clear();
+}
+function opBaseArgs(config) {
+  const args = [];
+  const account = config?.onePasswordAccount?.trim();
+  if (account) args.push("--account", account);
+  return args;
+}
+async function runOp(args, config) {
+  const binary = resolveOpBinary(config);
+  const fullArgs = [...opBaseArgs(config), ...args];
+  try {
+    const { stdout } = await execFileAsync(binary, fullArgs, {
+      timeout: 15e3,
+      maxBuffer: 16 * 1024 * 1024
+    });
+    return stdout;
+  } catch (error) {
+    throw new PasswordManagerError(
+      `1Password CLI failed for "${args[0] ?? ""}": ${error instanceof Error ? error.message : String(error)}`,
+      "1password",
+      error
+    );
+  }
+}
+function normalizeOpListEntry(raw) {
+  const id = raw.id ?? "";
+  if (!id) {
+    throw new PasswordManagerError("1Password item missing id", "1password");
+  }
+  const primaryUrl = raw.urls?.find((u) => u.primary)?.href ?? raw.urls?.[0]?.href;
+  return {
+    id,
+    title: raw.title ?? id,
+    url: primaryUrl,
+    username: raw.additional_information,
+    hasPassword: (raw.category ?? "").toUpperCase() === "LOGIN",
+    tags: raw.tags,
+    metadata: {
+      category: raw.category,
+      vault: raw.vault?.name
+    }
+  };
+}
+async function listItemsVia1Password(config) {
+  const stdout = await runOp(["item", "list", "--format", "json"], config);
+  const trimmed = stdout.trim();
+  if (!trimmed) return [];
+  let parsed;
+  try {
+    parsed = JSON.parse(trimmed);
+  } catch (error) {
+    throw new PasswordManagerError(
+      "1Password returned invalid JSON from item list",
+      "1password",
+      error
+    );
+  }
+  if (!Array.isArray(parsed)) {
+    throw new PasswordManagerError(
+      "1Password item list was not an array",
+      "1password"
+    );
+  }
+  return parsed.map(normalizeOpListEntry);
+}
+function matchesQuery(item, q) {
+  if (!q) return true;
+  const needle = q.toLowerCase();
+  if (item.title.toLowerCase().includes(needle)) return true;
+  if (item.url?.toLowerCase().includes(needle)) return true;
+  if (item.username?.toLowerCase().includes(needle)) return true;
+  if (item.tags?.some((t) => t.toLowerCase().includes(needle))) return true;
+  return false;
+}
+async function listItemsViaProtonPass(config) {
+  const binary = resolveProtonPassBinary(config);
+  let stdout;
+  try {
+    const result = await execFileAsync(binary, ["list"], {
+      timeout: 1e4,
+      maxBuffer: 8 * 1024 * 1024
+    });
+    stdout = result.stdout;
+  } catch (error) {
+    if (!config?.protonPassPath) {
+      try {
+        const result = await execFileAsync("pass", ["ls"], {
+          timeout: 1e4,
+          maxBuffer: 8 * 1024 * 1024
+        });
+        stdout = result.stdout;
+      } catch (inner) {
+        throw new PasswordManagerError(
+          `ProtonPass/pass list failed: ${inner instanceof Error ? inner.message : String(inner)}`,
+          "protonpass",
+          inner
+        );
+      }
+    } else {
+      throw new PasswordManagerError(
+        `ProtonPass list failed: ${error instanceof Error ? error.message : String(error)}`,
+        "protonpass",
+        error
+      );
+    }
+  }
+  const items = [];
+  for (const rawLine of stdout.split("\n")) {
+    const line = rawLine.replace(/[│├└─]+/g, "").replace(/\u00a0/g, " ").trim();
+    if (!line) continue;
+    if (line.toLowerCase().startsWith("password store")) continue;
+    items.push({
+      id: line,
+      title: line,
+      hasPassword: true
+    });
+  }
+  return items;
+}
+function clipboardCommand() {
+  switch (process.platform) {
+    case "darwin":
+      return { cmd: "pbcopy", args: [] };
+    case "win32":
+      return { cmd: "clip", args: [] };
+    default:
+      return { cmd: "xclip", args: ["-selection", "clipboard"] };
+  }
+}
+async function pipeToClipboard(producer, backend) {
+  const clip = clipboardCommand();
+  await new Promise((resolve, reject) => {
+    const source = spawn(producer.cmd, producer.args, {
+      stdio: ["ignore", "pipe", "pipe"]
+    });
+    const sink = spawn(clip.cmd, clip.args, {
+      stdio: ["pipe", "ignore", "pipe"]
+    });
+    let settled = false;
+    const settle = (err) => {
+      if (settled) return;
+      settled = true;
+      if (err) {
+        source.kill();
+        sink.kill();
+        reject(err);
+      } else {
+        resolve();
+      }
+    };
+    source.on(
+      "error",
+      (err) => settle(
+        new PasswordManagerError(
+          `Failed to run ${producer.cmd}: ${err.message}`,
+          backend,
+          err
+        )
+      )
+    );
+    sink.on(
+      "error",
+      (err) => settle(
+        new PasswordManagerError(
+          `Failed to run clipboard command ${clip.cmd}: ${err.message}`,
+          backend,
+          err
+        )
+      )
+    );
+    source.stdout.pipe(sink.stdin);
+    let sourceExit = null;
+    let sinkExit = null;
+    const maybeDone = () => {
+      if (sourceExit === null || sinkExit === null) return;
+      if (sourceExit !== 0) {
+        settle(
+          new PasswordManagerError(
+            `${producer.cmd} exited with code ${sourceExit}`,
+            backend
+          )
+        );
+        return;
+      }
+      if (sinkExit !== 0) {
+        settle(
+          new PasswordManagerError(
+            `${clip.cmd} exited with code ${sinkExit}`,
+            backend
+          )
+        );
+        return;
+      }
+      settle();
+    };
+    source.on("close", (code) => {
+      sourceExit = code ?? 0;
+      maybeDone();
+    });
+    sink.on("close", (code) => {
+      sinkExit = code ?? 0;
+      maybeDone();
+    });
+  });
+}
+async function resolveActiveBackend(config) {
+  const backend = await detectPasswordManagerBackend(config);
+  if (backend === "none") {
+    throw new PasswordManagerError(
+      "No password manager backend available (install 1Password CLI `op` or ProtonPass/`pass`)",
+      "none"
+    );
+  }
+  return backend;
+}
+async function searchPasswordItems(query, config) {
+  const backend = await resolveActiveBackend(config);
+  const items = backend === "fixture" ? listItemsViaFixture() : backend === "1password" ? await listItemsVia1Password(config) : await listItemsViaProtonPass(config);
+  return items.filter((item) => matchesQuery(item, query));
+}
+async function listPasswordItems(opts, config) {
+  const backend = await resolveActiveBackend(config);
+  const items = backend === "fixture" ? listItemsViaFixture() : backend === "1password" ? await listItemsVia1Password(config) : await listItemsViaProtonPass(config);
+  const limit = opts.limit;
+  if (typeof limit === "number" && limit >= 0) {
+    return items.slice(0, limit);
+  }
+  return items;
+}
+async function injectCredentialToClipboard(itemId, field, config) {
+  if (!itemId || typeof itemId !== "string") {
+    throw new PasswordManagerError(
+      "itemId is required",
+      config?.preferredBackend ?? "none"
+    );
+  }
+  const backend = await resolveActiveBackend(config);
+  if (backend === "fixture") {
+    logger.warn(
+      {
+        itemId,
+        field,
+        boundary: "browser",
+        component: "password-manager-bridge"
+      },
+      "[password-manager-bridge] fixture backend active: no clipboard write performed. Set ELIZA_TEST_PASSWORD_MANAGER_BACKEND=0 for real injection."
+    );
+    return {
+      ok: true,
+      expiresInSeconds: CLIPBOARD_TTL_SECONDS,
+      fixtureMode: true
+    };
+  }
+  if (backend === "1password") {
+    const binary2 = resolveOpBinary(config);
+    const args = [
+      ...opBaseArgs(config),
+      "item",
+      "get",
+      itemId,
+      "--fields",
+      field === "password" ? "password" : "username",
+      "--reveal"
+    ];
+    await pipeToClipboard({ cmd: binary2, args }, "1password");
+    return { ok: true, expiresInSeconds: CLIPBOARD_TTL_SECONDS };
+  }
+  const binary = resolveProtonPassBinary(config);
+  if (field === "username") {
+    throw new PasswordManagerError(
+      "Username injection is not supported by the ProtonPass/pass backend",
+      "protonpass"
+    );
+  }
+  let producerCmd = binary;
+  const producerArgs = ["show", itemId];
+  if (!config?.protonPassPath) {
+    const hasProton = await probeBinary(binary, ["--version"]);
+    if (!hasProton) producerCmd = "pass";
+  }
+  await pipeToClipboard({ cmd: producerCmd, args: producerArgs }, "protonpass");
+  return { ok: true, expiresInSeconds: CLIPBOARD_TTL_SECONDS };
+}
+export {
+  PasswordManagerError,
+  clearPasswordManagerBackendCache,
+  detectPasswordManagerBackend,
+  injectCredentialToClipboard,
+  listPasswordItems,
+  searchPasswordItems
+};
+//# sourceMappingURL=password-manager-bridge.js.map

package/dist/password-manager-bridge.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/password-manager-bridge.ts"],"sourcesContent":["/**\n * Password manager bridge — dual-backend (1Password CLI `op` or ProtonPass CLI).\n *\n * Security posture:\n *   - Plaintext credentials NEVER enter return values.\n *   - `injectCredentialToClipboard` pipes the secret from the backend CLI\n *     directly into the OS clipboard via `execFile` without ever surfacing\n *     the value to the Node process beyond a narrow buffer that is\n *     discarded immediately.\n *   - Nothing is logged that could contain secret material.\n *   - All subprocess invocations use `execFile` with an args array.\n */\n\nimport { execFile, spawn } from \"node:child_process\";\nimport { promisify } from \"node:util\";\nimport { logger } from \"@elizaos/core\";\n\nconst execFileAsync = promisify(execFile);\n\n// ---------------------------------------------------------------------------\n// Types\n// ---------------------------------------------------------------------------\n\nexport type PasswordManagerBackend =\n  | \"1password\"\n  | \"protonpass\"\n  | \"fixture\"\n  | \"none\";\n\nexport interface PasswordManagerItem {\n  id: string;\n  title: string;\n  url?: string;\n  username?: string;\n  /** Metadata flag only — the actual password is never returned. */\n  hasPassword: boolean;\n  tags?: string[];\n  metadata?: Record<string, unknown>;\n}\n\nexport interface PasswordManagerBridgeConfig {\n  preferredBackend?: PasswordManagerBackend;\n  /** Passed via `op --account`. Sourced from env `ELIZA_1PASSWORD_ACCOUNT`. */\n  onePasswordAccount?: string;\n  /** Binary override for 1Password CLI (default: \"op\"). */\n  opPath?: string;\n  /** Binary override for ProtonPass CLI (default: \"protonpass\" then \"pass\"). */\n  protonPassPath?: string;\n}\n\nexport class PasswordManagerError extends Error {\n  readonly backend: PasswordManagerBackend;\n  readonly cause?: unknown;\n\n  constructor(\n    message: string,\n    backend: PasswordManagerBackend,\n    cause?: unknown,\n  ) {\n    super(message);\n    this.name = \"PasswordManagerError\";\n    this.backend = backend;\n    this.cause = cause;\n  }\n}\n\nconst CLIPBOARD_TTL_SECONDS = 30;\n\nconst PASSWORD_MANAGER_FIXTURE_ITEMS: ReadonlyArray<PasswordManagerItem> = [\n  {\n    id: \"pm-github\",\n    title: \"GitHub\",\n    url: \"https://github.com/login\",\n    username: \"benchmark-user\",\n    hasPassword: true,\n    tags: [\"dev\", \"github\", \"code\"],\n    metadata: { vault: \"Mocked Benchmark\" },\n  },\n  {\n    id: \"pm-google-workspace\",\n    title: \"Google Workspace\",\n    url: \"https://mail.google.com\",\n    username: \"owner@example.com\",\n    hasPassword: true,\n    tags: [\"google\", \"email\"],\n    metadata: { vault: \"Mocked Benchmark\" },\n  },\n  {\n    id: \"pm-aws-prod\",\n    title: \"AWS Console\",\n    url: \"https://signin.aws.amazon.com\",\n    username: \"infra@example.com\",\n    hasPassword: true,\n    tags: [\"aws\", \"cloud\"],\n    metadata: { vault: \"Mocked Benchmark\" },\n  },\n];\n\nfunction isTruthyEnv(value: string | undefined): boolean {\n  if (!value) return false;\n  const normalized = value.trim().toLowerCase();\n  return (\n    normalized === \"1\" ||\n    normalized === \"true\" ||\n    normalized === \"yes\" ||\n    normalized === \"on\" ||\n    normalized === \"fixture\"\n  );\n}\n\nfunction isFalsyEnv(value: string | undefined): boolean {\n  if (!value) return false;\n  const normalized = value.trim().toLowerCase();\n  return (\n    normalized === \"0\" ||\n    normalized === \"false\" ||\n    normalized === \"no\" ||\n    normalized === \"off\"\n  );\n}\n\nfunction isFixturePasswordManagerEnabled(): boolean {\n  const explicit = process.env.ELIZA_TEST_PASSWORD_MANAGER_BACKEND;\n  if (isFalsyEnv(explicit)) return false;\n  if (isTruthyEnv(explicit)) return true;\n  return false;\n}\n\nfunction listItemsViaFixture(): PasswordManagerItem[] {\n  return PASSWORD_MANAGER_FIXTURE_ITEMS.map((item) => ({\n    ...item,\n    tags: item.tags ? [...item.tags] : undefined,\n    metadata: item.metadata ? { ...item.metadata } : undefined,\n  }));\n}\n\n// ---------------------------------------------------------------------------\n// Detection\n// ---------------------------------------------------------------------------\n\nconst detectionCache = new Map<string, PasswordManagerBackend>();\n\nfunction cacheKey(config?: PasswordManagerBridgeConfig): string {\n  const c = config ?? {};\n  return [\n    c.preferredBackend ?? \"\",\n    c.onePasswordAccount ?? \"\",\n    c.opPath ?? \"\",\n    c.protonPassPath ?? \"\",\n  ].join(\"|\");\n}\n\nfunction resolveOpBinary(config?: PasswordManagerBridgeConfig): string {\n  return config?.opPath?.trim() || \"op\";\n}\n\nfunction resolveProtonPassBinary(config?: PasswordManagerBridgeConfig): string {\n  return config?.protonPassPath?.trim() || \"protonpass\";\n}\n\nasync function probeBinary(binary: string, args: string[]): Promise<boolean> {\n  try {\n    await execFileAsync(binary, args, { timeout: 3_000 });\n    return true;\n  } catch {\n    return false;\n  }\n}\n\nasync function probeOp(config?: PasswordManagerBridgeConfig): Promise<boolean> {\n  return probeBinary(resolveOpBinary(config), [\"--version\"]);\n}\n\nasync function probeProtonPass(\n  config?: PasswordManagerBridgeConfig,\n): Promise<boolean> {\n  if (await probeBinary(resolveProtonPassBinary(config), [\"--version\"])) {\n    return true;\n  }\n  // `pass` — classic Unix password-store — also supported as a fallback.\n  if (!config?.protonPassPath) {\n    return probeBinary(\"pass\", [\"--version\"]);\n  }\n  return false;\n}\n\nexport async function detectPasswordManagerBackend(\n  config?: PasswordManagerBridgeConfig,\n): Promise<PasswordManagerBackend> {\n  const key = cacheKey(config);\n  const cached = detectionCache.get(key);\n  if (cached !== undefined) return cached;\n\n  const preferred = config?.preferredBackend;\n  if (preferred === \"none\") {\n    detectionCache.set(key, \"none\");\n    return \"none\";\n  }\n  if (preferred === \"fixture\") {\n    detectionCache.set(key, \"fixture\");\n    return \"fixture\";\n  }\n  if (isFixturePasswordManagerEnabled()) {\n    detectionCache.set(key, \"fixture\");\n    return \"fixture\";\n  }\n  if (preferred === \"1password\") {\n    const ok = await probeOp(config);\n    const result: PasswordManagerBackend = ok ? \"1password\" : \"none\";\n    detectionCache.set(key, result);\n    return result;\n  }\n  if (preferred === \"protonpass\") {\n    const ok = await probeProtonPass(config);\n    const result: PasswordManagerBackend = ok ? \"protonpass\" : \"none\";\n    detectionCache.set(key, result);\n    return result;\n  }\n\n  if (await probeOp(config)) {\n    detectionCache.set(key, \"1password\");\n    return \"1password\";\n  }\n  if (await probeProtonPass(config)) {\n    detectionCache.set(key, \"protonpass\");\n    return \"protonpass\";\n  }\n  detectionCache.set(key, \"none\");\n  return \"none\";\n}\n\n/** Clear the backend detection cache. Exposed for tests. */\nexport function clearPasswordManagerBackendCache(): void {\n  detectionCache.clear();\n}\n\n// ---------------------------------------------------------------------------\n// 1Password CLI backend\n// ---------------------------------------------------------------------------\n\ninterface OpItemListEntry {\n  id?: string;\n  title?: string;\n  tags?: string[];\n  urls?: Array<{ href?: string; primary?: boolean }>;\n  additional_information?: string;\n  category?: string;\n  vault?: { id?: string; name?: string };\n}\n\nfunction opBaseArgs(config?: PasswordManagerBridgeConfig): string[] {\n  const args: string[] = [];\n  const account = config?.onePasswordAccount?.trim();\n  if (account) args.push(\"--account\", account);\n  return args;\n}\n\nasync function runOp(\n  args: string[],\n  config?: PasswordManagerBridgeConfig,\n): Promise<string> {\n  const binary = resolveOpBinary(config);\n  const fullArgs = [...opBaseArgs(config), ...args];\n  try {\n    const { stdout } = await execFileAsync(binary, fullArgs, {\n      timeout: 15_000,\n      maxBuffer: 16 * 1024 * 1024,\n    });\n    return stdout;\n  } catch (error) {\n    throw new PasswordManagerError(\n      `1Password CLI failed for \"${args[0] ?? \"\"}\": ${\n        error instanceof Error ? error.message : String(error)\n      }`,\n      \"1password\",\n      error,\n    );\n  }\n}\n\nfunction normalizeOpListEntry(raw: OpItemListEntry): PasswordManagerItem {\n  const id = raw.id ?? \"\";\n  if (!id) {\n    throw new PasswordManagerError(\"1Password item missing id\", \"1password\");\n  }\n  const primaryUrl =\n    raw.urls?.find((u) => u.primary)?.href ?? raw.urls?.[0]?.href;\n  return {\n    id,\n    title: raw.title ?? id,\n    url: primaryUrl,\n    username: raw.additional_information,\n    hasPassword: (raw.category ?? \"\").toUpperCase() === \"LOGIN\",\n    tags: raw.tags,\n    metadata: {\n      category: raw.category,\n      vault: raw.vault?.name,\n    },\n  };\n}\n\nasync function listItemsVia1Password(\n  config?: PasswordManagerBridgeConfig,\n): Promise<PasswordManagerItem[]> {\n  const stdout = await runOp([\"item\", \"list\", \"--format\", \"json\"], config);\n  const trimmed = stdout.trim();\n  if (!trimmed) return [];\n  let parsed: unknown;\n  try {\n    parsed = JSON.parse(trimmed);\n  } catch (error) {\n    throw new PasswordManagerError(\n      \"1Password returned invalid JSON from item list\",\n      \"1password\",\n      error,\n    );\n  }\n  if (!Array.isArray(parsed)) {\n    throw new PasswordManagerError(\n      \"1Password item list was not an array\",\n      \"1password\",\n    );\n  }\n  return (parsed as OpItemListEntry[]).map(normalizeOpListEntry);\n}\n\nfunction matchesQuery(item: PasswordManagerItem, q: string): boolean {\n  if (!q) return true;\n  const needle = q.toLowerCase();\n  if (item.title.toLowerCase().includes(needle)) return true;\n  if (item.url?.toLowerCase().includes(needle)) return true;\n  if (item.username?.toLowerCase().includes(needle)) return true;\n  if (item.tags?.some((t) => t.toLowerCase().includes(needle))) return true;\n  return false;\n}\n\n// ---------------------------------------------------------------------------\n// ProtonPass / pass backend\n// ---------------------------------------------------------------------------\n//\n// Both `protonpass` and classic `pass` support listing entries by name.\n// Neither exposes rich metadata; we emit title-only items with the entry\n// path used as the id. Per the contract, we never include plaintext\n// secrets in returned objects.\n\nasync function listItemsViaProtonPass(\n  config?: PasswordManagerBridgeConfig,\n): Promise<PasswordManagerItem[]> {\n  const binary = resolveProtonPassBinary(config);\n  let stdout: string;\n  try {\n    const result = await execFileAsync(binary, [\"list\"], {\n      timeout: 10_000,\n      maxBuffer: 8 * 1024 * 1024,\n    });\n    stdout = result.stdout;\n  } catch (error) {\n    // Try classic `pass` if protonpass failed and user didn't pin a binary.\n    if (!config?.protonPassPath) {\n      try {\n        const result = await execFileAsync(\"pass\", [\"ls\"], {\n          timeout: 10_000,\n          maxBuffer: 8 * 1024 * 1024,\n        });\n        stdout = result.stdout;\n      } catch (inner) {\n        throw new PasswordManagerError(\n          `ProtonPass/pass list failed: ${\n            inner instanceof Error ? inner.message : String(inner)\n          }`,\n          \"protonpass\",\n          inner,\n        );\n      }\n    } else {\n      throw new PasswordManagerError(\n        `ProtonPass list failed: ${\n          error instanceof Error ? error.message : String(error)\n        }`,\n        \"protonpass\",\n        error,\n      );\n    }\n  }\n\n  const items: PasswordManagerItem[] = [];\n  for (const rawLine of stdout.split(\"\\n\")) {\n    // Strip tree characters from `pass ls` output (├── └── │ etc.).\n    const line = rawLine\n      .replace(/[│├└─]+/g, \"\")\n      .replace(/\\u00a0/g, \" \")\n      .trim();\n    if (!line) continue;\n    if (line.toLowerCase().startsWith(\"password store\")) continue;\n    items.push({\n      id: line,\n      title: line,\n      hasPassword: true,\n    });\n  }\n  return items;\n}\n\n// ---------------------------------------------------------------------------\n// Clipboard injection\n// ---------------------------------------------------------------------------\n\nfunction clipboardCommand(): { cmd: string; args: string[] } {\n  switch (process.platform) {\n    case \"darwin\":\n      return { cmd: \"pbcopy\", args: [] };\n    case \"win32\":\n      return { cmd: \"clip\", args: [] };\n    default:\n      // Linux/BSD — prefer xclip, but the command must be present on PATH.\n      return { cmd: \"xclip\", args: [\"-selection\", \"clipboard\"] };\n  }\n}\n\n/**\n * Pipe stdout of a producer subprocess directly into the clipboard command.\n *\n * The plaintext secret passes through this process's memory only as kernel\n * pipe buffers between the two children — it is never buffered as a JS\n * string, never logged, and never returned.\n */\nasync function pipeToClipboard(\n  producer: { cmd: string; args: string[] },\n  backend: PasswordManagerBackend,\n): Promise<void> {\n  const clip = clipboardCommand();\n\n  await new Promise<void>((resolve, reject) => {\n    const source = spawn(producer.cmd, producer.args, {\n      stdio: [\"ignore\", \"pipe\", \"pipe\"],\n    });\n    const sink = spawn(clip.cmd, clip.args, {\n      stdio: [\"pipe\", \"ignore\", \"pipe\"],\n    });\n\n    let settled = false;\n    const settle = (err?: Error) => {\n      if (settled) return;\n      settled = true;\n      if (err) {\n        source.kill();\n        sink.kill();\n        reject(err);\n      } else {\n        resolve();\n      }\n    };\n\n    source.on(\"error\", (err) =>\n      settle(\n        new PasswordManagerError(\n          `Failed to run ${producer.cmd}: ${err.message}`,\n          backend,\n          err,\n        ),\n      ),\n    );\n    sink.on(\"error\", (err) =>\n      settle(\n        new PasswordManagerError(\n          `Failed to run clipboard command ${clip.cmd}: ${err.message}`,\n          backend,\n          err,\n        ),\n      ),\n    );\n\n    source.stdout.pipe(sink.stdin);\n\n    let sourceExit: number | null = null;\n    let sinkExit: number | null = null;\n    const maybeDone = () => {\n      if (sourceExit === null || sinkExit === null) return;\n      if (sourceExit !== 0) {\n        settle(\n          new PasswordManagerError(\n            `${producer.cmd} exited with code ${sourceExit}`,\n            backend,\n          ),\n        );\n        return;\n      }\n      if (sinkExit !== 0) {\n        settle(\n          new PasswordManagerError(\n            `${clip.cmd} exited with code ${sinkExit}`,\n            backend,\n          ),\n        );\n        return;\n      }\n      settle();\n    };\n    source.on(\"close\", (code) => {\n      sourceExit = code ?? 0;\n      maybeDone();\n    });\n    sink.on(\"close\", (code) => {\n      sinkExit = code ?? 0;\n      maybeDone();\n    });\n  });\n}\n\n// ---------------------------------------------------------------------------\n// Public dispatch\n// ---------------------------------------------------------------------------\n\nasync function resolveActiveBackend(\n  config?: PasswordManagerBridgeConfig,\n): Promise<PasswordManagerBackend> {\n  const backend = await detectPasswordManagerBackend(config);\n  if (backend === \"none\") {\n    throw new PasswordManagerError(\n      \"No password manager backend available (install 1Password CLI `op` or ProtonPass/`pass`)\",\n      \"none\",\n    );\n  }\n  return backend;\n}\n\nexport async function searchPasswordItems(\n  query: string,\n  config?: PasswordManagerBridgeConfig,\n): Promise<PasswordManagerItem[]> {\n  const backend = await resolveActiveBackend(config);\n  const items =\n    backend === \"fixture\"\n      ? listItemsViaFixture()\n      : backend === \"1password\"\n        ? await listItemsVia1Password(config)\n        : await listItemsViaProtonPass(config);\n  return items.filter((item) => matchesQuery(item, query));\n}\n\nexport async function listPasswordItems(\n  opts: { limit?: number },\n  config?: PasswordManagerBridgeConfig,\n): Promise<PasswordManagerItem[]> {\n  const backend = await resolveActiveBackend(config);\n  const items =\n    backend === \"fixture\"\n      ? listItemsViaFixture()\n      : backend === \"1password\"\n        ? await listItemsVia1Password(config)\n        : await listItemsViaProtonPass(config);\n  const limit = opts.limit;\n  if (typeof limit === \"number\" && limit >= 0) {\n    return items.slice(0, limit);\n  }\n  return items;\n}\n\nexport async function injectCredentialToClipboard(\n  itemId: string,\n  field: \"username\" | \"password\",\n  config?: PasswordManagerBridgeConfig,\n): Promise<{ ok: true; expiresInSeconds: number; fixtureMode?: boolean }> {\n  if (!itemId || typeof itemId !== \"string\") {\n    throw new PasswordManagerError(\n      \"itemId is required\",\n      config?.preferredBackend ?? \"none\",\n    );\n  }\n  const backend = await resolveActiveBackend(config);\n\n  if (backend === \"fixture\") {\n    logger.warn(\n      {\n        itemId,\n        field,\n        boundary: \"browser\",\n        component: \"password-manager-bridge\",\n      },\n      \"[password-manager-bridge] fixture backend active: no clipboard write performed. Set ELIZA_TEST_PASSWORD_MANAGER_BACKEND=0 for real injection.\",\n    );\n    return {\n      ok: true,\n      expiresInSeconds: CLIPBOARD_TTL_SECONDS,\n      fixtureMode: true,\n    };\n  }\n\n  if (backend === \"1password\") {\n    const binary = resolveOpBinary(config);\n    const args = [\n      ...opBaseArgs(config),\n      \"item\",\n      \"get\",\n      itemId,\n      \"--fields\",\n      field === \"password\" ? \"password\" : \"username\",\n      \"--reveal\",\n    ];\n    await pipeToClipboard({ cmd: binary, args }, \"1password\");\n    return { ok: true, expiresInSeconds: CLIPBOARD_TTL_SECONDS };\n  }\n\n  // protonpass / pass\n  const binary = resolveProtonPassBinary(config);\n  // Both `protonpass show <id>` and `pass show <id>` print the secret on the\n  // first line. Username retrieval is not uniformly supported in classic\n  // pass; callers must store username in the entry body to retrieve it.\n  if (field === \"username\") {\n    throw new PasswordManagerError(\n      \"Username injection is not supported by the ProtonPass/pass backend\",\n      \"protonpass\",\n    );\n  }\n  let producerCmd = binary;\n  const producerArgs = [\"show\", itemId];\n  // Fallback to classic `pass` when protonpass isn't pinned and missing.\n  if (!config?.protonPassPath) {\n    const hasProton = await probeBinary(binary, [\"--version\"]);\n    if (!hasProton) producerCmd = \"pass\";\n  }\n  await pipeToClipboard({ cmd: producerCmd, args: producerArgs }, \"protonpass\");\n  return { ok: true, expiresInSeconds: CLIPBOARD_TTL_SECONDS };\n}\n"],"mappings":"AAaA,SAAS,UAAU,aAAa;AAChC,SAAS,iBAAiB;AAC1B,SAAS,cAAc;AAEvB,MAAM,gBAAgB,UAAU,QAAQ;AAiCjC,MAAM,6BAA6B,MAAM;AAAA,EACrC;AAAA,EACA;AAAA,EAET,YACE,SACA,SACA,OACA;AACA,UAAM,OAAO;AACb,SAAK,OAAO;AACZ,SAAK,UAAU;AACf,SAAK,QAAQ;AAAA,EACf;AACF;AAEA,MAAM,wBAAwB;AAE9B,MAAM,iCAAqE;AAAA,EACzE;AAAA,IACE,IAAI;AAAA,IACJ,OAAO;AAAA,IACP,KAAK;AAAA,IACL,UAAU;AAAA,IACV,aAAa;AAAA,IACb,MAAM,CAAC,OAAO,UAAU,MAAM;AAAA,IAC9B,UAAU,EAAE,OAAO,mBAAmB;AAAA,EACxC;AAAA,EACA;AAAA,IACE,IAAI;AAAA,IACJ,OAAO;AAAA,IACP,KAAK;AAAA,IACL,UAAU;AAAA,IACV,aAAa;AAAA,IACb,MAAM,CAAC,UAAU,OAAO;AAAA,IACxB,UAAU,EAAE,OAAO,mBAAmB;AAAA,EACxC;AAAA,EACA;AAAA,IACE,IAAI;AAAA,IACJ,OAAO;AAAA,IACP,KAAK;AAAA,IACL,UAAU;AAAA,IACV,aAAa;AAAA,IACb,MAAM,CAAC,OAAO,OAAO;AAAA,IACrB,UAAU,EAAE,OAAO,mBAAmB;AAAA,EACxC;AACF;AAEA,SAAS,YAAY,OAAoC;AACvD,MAAI,CAAC,MAAO,QAAO;AACnB,QAAM,aAAa,MAAM,KAAK,EAAE,YAAY;AAC5C,SACE,eAAe,OACf,eAAe,UACf,eAAe,SACf,eAAe,QACf,eAAe;AAEnB;AAEA,SAAS,WAAW,OAAoC;AACtD,MAAI,CAAC,MAAO,QAAO;AACnB,QAAM,aAAa,MAAM,KAAK,EAAE,YAAY;AAC5C,SACE,eAAe,OACf,eAAe,WACf,eAAe,QACf,eAAe;AAEnB;AAEA,SAAS,kCAA2C;AAClD,QAAM,WAAW,QAAQ,IAAI;AAC7B,MAAI,WAAW,QAAQ,EAAG,QAAO;AACjC,MAAI,YAAY,QAAQ,EAAG,QAAO;AAClC,SAAO;AACT;AAEA,SAAS,sBAA6C;AACpD,SAAO,+BAA+B,IAAI,CAAC,UAAU;AAAA,IACnD,GAAG;AAAA,IACH,MAAM,KAAK,OAAO,CAAC,GAAG,KAAK,IAAI,IAAI;AAAA,IACnC,UAAU,KAAK,WAAW,EAAE,GAAG,KAAK,SAAS,IAAI;AAAA,EACnD,EAAE;AACJ;AAMA,MAAM,iBAAiB,oBAAI,IAAoC;AAE/D,SAAS,SAAS,QAA8C;AAC9D,QAAM,IAAI,UAAU,CAAC;AACrB,SAAO;AAAA,IACL,EAAE,oBAAoB;AAAA,IACtB,EAAE,sBAAsB;AAAA,IACxB,EAAE,UAAU;AAAA,IACZ,EAAE,kBAAkB;AAAA,EACtB,EAAE,KAAK,GAAG;AACZ;AAEA,SAAS,gBAAgB,QAA8C;AACrE,SAAO,QAAQ,QAAQ,KAAK,KAAK;AACnC;AAEA,SAAS,wBAAwB,QAA8C;AAC7E,SAAO,QAAQ,gBAAgB,KAAK,KAAK;AAC3C;AAEA,eAAe,YAAY,QAAgB,MAAkC;AAC3E,MAAI;AACF,UAAM,cAAc,QAAQ,MAAM,EAAE,SAAS,IAAM,CAAC;AACpD,WAAO;AAAA,EACT,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEA,eAAe,QAAQ,QAAwD;AAC7E,SAAO,YAAY,gBAAgB,MAAM,GAAG,CAAC,WAAW,CAAC;AAC3D;AAEA,eAAe,gBACb,QACkB;AAClB,MAAI,MAAM,YAAY,wBAAwB,MAAM,GAAG,CAAC,WAAW,CAAC,GAAG;AACrE,WAAO;AAAA,EACT;AAEA,MAAI,CAAC,QAAQ,gBAAgB;AAC3B,WAAO,YAAY,QAAQ,CAAC,WAAW,CAAC;AAAA,EAC1C;AACA,SAAO;AACT;AAEA,eAAsB,6BACpB,QACiC;AACjC,QAAM,MAAM,SAAS,MAAM;AAC3B,QAAM,SAAS,eAAe,IAAI,GAAG;AACrC,MAAI,WAAW,OAAW,QAAO;AAEjC,QAAM,YAAY,QAAQ;AAC1B,MAAI,cAAc,QAAQ;AACxB,mBAAe,IAAI,KAAK,MAAM;AAC9B,WAAO;AAAA,EACT;AACA,MAAI,cAAc,WAAW;AAC3B,mBAAe,IAAI,KAAK,SAAS;AACjC,WAAO;AAAA,EACT;AACA,MAAI,gCAAgC,GAAG;AACrC,mBAAe,IAAI,KAAK,SAAS;AACjC,WAAO;AAAA,EACT;AACA,MAAI,cAAc,aAAa;AAC7B,UAAM,KAAK,MAAM,QAAQ,MAAM;AAC/B,UAAM,SAAiC,KAAK,cAAc;AAC1D,mBAAe,IAAI,KAAK,MAAM;AAC9B,WAAO;AAAA,EACT;AACA,MAAI,cAAc,cAAc;AAC9B,UAAM,KAAK,MAAM,gBAAgB,MAAM;AACvC,UAAM,SAAiC,KAAK,eAAe;AAC3D,mBAAe,IAAI,KAAK,MAAM;AAC9B,WAAO;AAAA,EACT;AAEA,MAAI,MAAM,QAAQ,MAAM,GAAG;AACzB,mBAAe,IAAI,KAAK,WAAW;AACnC,WAAO;AAAA,EACT;AACA,MAAI,MAAM,gBAAgB,MAAM,GAAG;AACjC,mBAAe,IAAI,KAAK,YAAY;AACpC,WAAO;AAAA,EACT;AACA,iBAAe,IAAI,KAAK,MAAM;AAC9B,SAAO;AACT;AAGO,SAAS,mCAAyC;AACvD,iBAAe,MAAM;AACvB;AAgBA,SAAS,WAAW,QAAgD;AAClE,QAAM,OAAiB,CAAC;AACxB,QAAM,UAAU,QAAQ,oBAAoB,KAAK;AACjD,MAAI,QAAS,MAAK,KAAK,aAAa,OAAO;AAC3C,SAAO;AACT;AAEA,eAAe,MACb,MACA,QACiB;AACjB,QAAM,SAAS,gBAAgB,MAAM;AACrC,QAAM,WAAW,CAAC,GAAG,WAAW,MAAM,GAAG,GAAG,IAAI;AAChD,MAAI;AACF,UAAM,EAAE,OAAO,IAAI,MAAM,cAAc,QAAQ,UAAU;AAAA,MACvD,SAAS;AAAA,MACT,WAAW,KAAK,OAAO;AAAA,IACzB,CAAC;AACD,WAAO;AAAA,EACT,SAAS,OAAO;AACd,UAAM,IAAI;AAAA,MACR,6BAA6B,KAAK,CAAC,KAAK,EAAE,MACxC,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK,CACvD;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAAA,EACF;AACF;AAEA,SAAS,qBAAqB,KAA2C;AACvE,QAAM,KAAK,IAAI,MAAM;AACrB,MAAI,CAAC,IAAI;AACP,UAAM,IAAI,qBAAqB,6BAA6B,WAAW;AAAA,EACzE;AACA,QAAM,aACJ,IAAI,MAAM,KAAK,CAAC,MAAM,EAAE,OAAO,GAAG,QAAQ,IAAI,OAAO,CAAC,GAAG;AAC3D,SAAO;AAAA,IACL;AAAA,IACA,OAAO,IAAI,SAAS;AAAA,IACpB,KAAK;AAAA,IACL,UAAU,IAAI;AAAA,IACd,cAAc,IAAI,YAAY,IAAI,YAAY,MAAM;AAAA,IACpD,MAAM,IAAI;AAAA,IACV,UAAU;AAAA,MACR,UAAU,IAAI;AAAA,MACd,OAAO,IAAI,OAAO;AAAA,IACpB;AAAA,EACF;AACF;AAEA,eAAe,sBACb,QACgC;AAChC,QAAM,SAAS,MAAM,MAAM,CAAC,QAAQ,QAAQ,YAAY,MAAM,GAAG,MAAM;AACvE,QAAM,UAAU,OAAO,KAAK;AAC5B,MAAI,CAAC,QAAS,QAAO,CAAC;AACtB,MAAI;AACJ,MAAI;AACF,aAAS,KAAK,MAAM,OAAO;AAAA,EAC7B,SAAS,OAAO;AACd,UAAM,IAAI;AAAA,MACR;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAAA,EACF;AACA,MAAI,CAAC,MAAM,QAAQ,MAAM,GAAG;AAC1B,UAAM,IAAI;AAAA,MACR;AAAA,MACA;AAAA,IACF;AAAA,EACF;AACA,SAAQ,OAA6B,IAAI,oBAAoB;AAC/D;AAEA,SAAS,aAAa,MAA2B,GAAoB;AACnE,MAAI,CAAC,EAAG,QAAO;AACf,QAAM,SAAS,EAAE,YAAY;AAC7B,MAAI,KAAK,MAAM,YAAY,EAAE,SAAS,MAAM,EAAG,QAAO;AACtD,MAAI,KAAK,KAAK,YAAY,EAAE,SAAS,MAAM,EAAG,QAAO;AACrD,MAAI,KAAK,UAAU,YAAY,EAAE,SAAS,MAAM,EAAG,QAAO;AAC1D,MAAI,KAAK,MAAM,KAAK,CAAC,MAAM,EAAE,YAAY,EAAE,SAAS,MAAM,CAAC,EAAG,QAAO;AACrE,SAAO;AACT;AAWA,eAAe,uBACb,QACgC;AAChC,QAAM,SAAS,wBAAwB,MAAM;AAC7C,MAAI;AACJ,MAAI;AACF,UAAM,SAAS,MAAM,cAAc,QAAQ,CAAC,MAAM,GAAG;AAAA,MACnD,SAAS;AAAA,MACT,WAAW,IAAI,OAAO;AAAA,IACxB,CAAC;AACD,aAAS,OAAO;AAAA,EAClB,SAAS,OAAO;AAEd,QAAI,CAAC,QAAQ,gBAAgB;AAC3B,UAAI;AACF,cAAM,SAAS,MAAM,cAAc,QAAQ,CAAC,IAAI,GAAG;AAAA,UACjD,SAAS;AAAA,UACT,WAAW,IAAI,OAAO;AAAA,QACxB,CAAC;AACD,iBAAS,OAAO;AAAA,MAClB,SAAS,OAAO;AACd,cAAM,IAAI;AAAA,UACR,gCACE,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK,CACvD;AAAA,UACA;AAAA,UACA;AAAA,QACF;AAAA,MACF;AAAA,IACF,OAAO;AACL,YAAM,IAAI;AAAA,QACR,2BACE,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK,CACvD;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAEA,QAAM,QAA+B,CAAC;AACtC,aAAW,WAAW,OAAO,MAAM,IAAI,GAAG;AAExC,UAAM,OAAO,QACV,QAAQ,YAAY,EAAE,EACtB,QAAQ,WAAW,GAAG,EACtB,KAAK;AACR,QAAI,CAAC,KAAM;AACX,QAAI,KAAK,YAAY,EAAE,WAAW,gBAAgB,EAAG;AACrD,UAAM,KAAK;AAAA,MACT,IAAI;AAAA,MACJ,OAAO;AAAA,MACP,aAAa;AAAA,IACf,CAAC;AAAA,EACH;AACA,SAAO;AACT;AAMA,SAAS,mBAAoD;AAC3D,UAAQ,QAAQ,UAAU;AAAA,IACxB,KAAK;AACH,aAAO,EAAE,KAAK,UAAU,MAAM,CAAC,EAAE;AAAA,IACnC,KAAK;AACH,aAAO,EAAE,KAAK,QAAQ,MAAM,CAAC,EAAE;AAAA,IACjC;AAEE,aAAO,EAAE,KAAK,SAAS,MAAM,CAAC,cAAc,WAAW,EAAE;AAAA,EAC7D;AACF;AASA,eAAe,gBACb,UACA,SACe;AACf,QAAM,OAAO,iBAAiB;AAE9B,QAAM,IAAI,QAAc,CAAC,SAAS,WAAW;AAC3C,UAAM,SAAS,MAAM,SAAS,KAAK,SAAS,MAAM;AAAA,MAChD,OAAO,CAAC,UAAU,QAAQ,MAAM;AAAA,IAClC,CAAC;AACD,UAAM,OAAO,MAAM,KAAK,KAAK,KAAK,MAAM;AAAA,MACtC,OAAO,CAAC,QAAQ,UAAU,MAAM;AAAA,IAClC,CAAC;AAED,QAAI,UAAU;AACd,UAAM,SAAS,CAAC,QAAgB;AAC9B,UAAI,QAAS;AACb,gBAAU;AACV,UAAI,KAAK;AACP,eAAO,KAAK;AACZ,aAAK,KAAK;AACV,eAAO,GAAG;AAAA,MACZ,OAAO;AACL,gBAAQ;AAAA,MACV;AAAA,IACF;AAEA,WAAO;AAAA,MAAG;AAAA,MAAS,CAAC,QAClB;AAAA,QACE,IAAI;AAAA,UACF,iBAAiB,SAAS,GAAG,KAAK,IAAI,OAAO;AAAA,UAC7C;AAAA,UACA;AAAA,QACF;AAAA,MACF;AAAA,IACF;AACA,SAAK;AAAA,MAAG;AAAA,MAAS,CAAC,QAChB;AAAA,QACE,IAAI;AAAA,UACF,mCAAmC,KAAK,GAAG,KAAK,IAAI,OAAO;AAAA,UAC3D;AAAA,UACA;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAEA,WAAO,OAAO,KAAK,KAAK,KAAK;AAE7B,QAAI,aAA4B;AAChC,QAAI,WAA0B;AAC9B,UAAM,YAAY,MAAM;AACtB,UAAI,eAAe,QAAQ,aAAa,KAAM;AAC9C,UAAI,eAAe,GAAG;AACpB;AAAA,UACE,IAAI;AAAA,YACF,GAAG,SAAS,GAAG,qBAAqB,UAAU;AAAA,YAC9C;AAAA,UACF;AAAA,QACF;AACA;AAAA,MACF;AACA,UAAI,aAAa,GAAG;AAClB;AAAA,UACE,IAAI;AAAA,YACF,GAAG,KAAK,GAAG,qBAAqB,QAAQ;AAAA,YACxC;AAAA,UACF;AAAA,QACF;AACA;AAAA,MACF;AACA,aAAO;AAAA,IACT;AACA,WAAO,GAAG,SAAS,CAAC,SAAS;AAC3B,mBAAa,QAAQ;AACrB,gBAAU;AAAA,IACZ,CAAC;AACD,SAAK,GAAG,SAAS,CAAC,SAAS;AACzB,iBAAW,QAAQ;AACnB,gBAAU;AAAA,IACZ,CAAC;AAAA,EACH,CAAC;AACH;AAMA,eAAe,qBACb,QACiC;AACjC,QAAM,UAAU,MAAM,6BAA6B,MAAM;AACzD,MAAI,YAAY,QAAQ;AACtB,UAAM,IAAI;AAAA,MACR;AAAA,MACA;AAAA,IACF;AAAA,EACF;AACA,SAAO;AACT;AAEA,eAAsB,oBACpB,OACA,QACgC;AAChC,QAAM,UAAU,MAAM,qBAAqB,MAAM;AACjD,QAAM,QACJ,YAAY,YACR,oBAAoB,IACpB,YAAY,cACV,MAAM,sBAAsB,MAAM,IAClC,MAAM,uBAAuB,MAAM;AAC3C,SAAO,MAAM,OAAO,CAAC,SAAS,aAAa,MAAM,KAAK,CAAC;AACzD;AAEA,eAAsB,kBACpB,MACA,QACgC;AAChC,QAAM,UAAU,MAAM,qBAAqB,MAAM;AACjD,QAAM,QACJ,YAAY,YACR,oBAAoB,IACpB,YAAY,cACV,MAAM,sBAAsB,MAAM,IAClC,MAAM,uBAAuB,MAAM;AAC3C,QAAM,QAAQ,KAAK;AACnB,MAAI,OAAO,UAAU,YAAY,SAAS,GAAG;AAC3C,WAAO,MAAM,MAAM,GAAG,KAAK;AAAA,EAC7B;AACA,SAAO;AACT;AAEA,eAAsB,4BACpB,QACA,OACA,QACwE;AACxE,MAAI,CAAC,UAAU,OAAO,WAAW,UAAU;AACzC,UAAM,IAAI;AAAA,MACR;AAAA,MACA,QAAQ,oBAAoB;AAAA,IAC9B;AAAA,EACF;AACA,QAAM,UAAU,MAAM,qBAAqB,MAAM;AAEjD,MAAI,YAAY,WAAW;AACzB,WAAO;AAAA,MACL;AAAA,QACE;AAAA,QACA;AAAA,QACA,UAAU;AAAA,QACV,WAAW;AAAA,MACb;AAAA,MACA;AAAA,IACF;AACA,WAAO;AAAA,MACL,IAAI;AAAA,MACJ,kBAAkB;AAAA,MAClB,aAAa;AAAA,IACf;AAAA,EACF;AAEA,MAAI,YAAY,aAAa;AAC3B,UAAMA,UAAS,gBAAgB,MAAM;AACrC,UAAM,OAAO;AAAA,MACX,GAAG,WAAW,MAAM;AAAA,MACpB;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,UAAU,aAAa,aAAa;AAAA,MACpC;AAAA,IACF;AACA,UAAM,gBAAgB,EAAE,KAAKA,SAAQ,KAAK,GAAG,WAAW;AACxD,WAAO,EAAE,IAAI,MAAM,kBAAkB,sBAAsB;AAAA,EAC7D;AAGA,QAAM,SAAS,wBAAwB,MAAM;AAI7C,MAAI,UAAU,YAAY;AACxB,UAAM,IAAI;AAAA,MACR;AAAA,MACA;AAAA,IACF;AAAA,EACF;AACA,MAAI,cAAc;AAClB,QAAM,eAAe,CAAC,QAAQ,MAAM;AAEpC,MAAI,CAAC,QAAQ,gBAAgB;AAC3B,UAAM,YAAY,MAAM,YAAY,QAAQ,CAAC,WAAW,CAAC;AACzD,QAAI,CAAC,UAAW,eAAc;AAAA,EAChC;AACA,QAAM,gBAAgB,EAAE,KAAK,aAAa,MAAM,aAAa,GAAG,YAAY;AAC5E,SAAO,EAAE,IAAI,MAAM,kBAAkB,sBAAsB;AAC7D;","names":["binary"]}

package/dist/plugin.d.ts

@@ -0,0 +1,10 @@
+/**
+ * @elizaos/plugin-browser plugin export.
+ *
+ * plugin-collector discovers `routes` and `schema` at runtime. Eliza loads
+ * this as a core plugin so the Browser Workspace UI and browser companion
+ * extension share one route surface.
+ */
+import type { Plugin } from "@elizaos/core";
+export declare const browserPlugin: Plugin;
+//# sourceMappingURL=plugin.d.ts.map

package/dist/plugin.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"plugin.d.ts","sourceRoot":"","sources":["../src/plugin.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH,OAAO,KAAK,EAGV,MAAM,EAIP,MAAM,eAAe,CAAC;AAgLvB,eAAO,MAAM,aAAa,EAAE,MA6B3B,CAAC"}