@enactprotocol/secrets 2.0.0 → 2.0.2

package/dist/dagger/index.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Dagger secret integration
+ *
+ * Re-exports all dagger-related functions
+ */
+export { parseSecretUri, resolveSecretUri, isSecretUri, getSupportedSchemes, } from "./uri-parser";
+export { getSecretObject, getSecretObjects, parseSecretOverride, parseSecretOverrides, } from "./secret-object";
+//# sourceMappingURL=index.d.ts.map

package/dist/dagger/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/dagger/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EACL,cAAc,EACd,gBAAgB,EAChB,WAAW,EACX,mBAAmB,GACpB,MAAM,cAAc,CAAC;AAEtB,OAAO,EACL,eAAe,EACf,gBAAgB,EAChB,mBAAmB,EACnB,oBAAoB,GACrB,MAAM,iBAAiB,CAAC"}

package/dist/dagger/index.js

@@ -0,0 +1,8 @@
+/**
+ * Dagger secret integration
+ *
+ * Re-exports all dagger-related functions
+ */
+export { parseSecretUri, resolveSecretUri, isSecretUri, getSupportedSchemes, } from "./uri-parser";
+export { getSecretObject, getSecretObjects, parseSecretOverride, parseSecretOverrides, } from "./secret-object";
+//# sourceMappingURL=index.js.map

package/dist/dagger/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/dagger/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EACL,cAAc,EACd,gBAAgB,EAChB,WAAW,EACX,mBAAmB,GACpB,MAAM,cAAc,CAAC;AAEtB,OAAO,EACL,eAAe,EACf,gBAAgB,EAChB,mBAAmB,EACnB,oBAAoB,GACrB,MAAM,iBAAiB,CAAC"}

package/dist/dagger/secret-object.d.ts

@@ -0,0 +1,49 @@
+/**
+ * Get secret objects for Dagger integration
+ *
+ * Combines keyring secrets with Dagger URI overrides
+ */
+import type { GetSecretOptions, SecretObject } from "../types";
+/**
+ * Get a secret object for Dagger
+ *
+ * If an override URI is provided, resolves that instead of keyring.
+ * Otherwise, resolves from keyring with namespace inheritance.
+ *
+ * @param toolPath - The tool path for namespace resolution
+ * @param secretName - The secret name
+ * @param options - Options including override URI
+ * @returns Secret object with name, value, and source info
+ * @throws Error if secret not found
+ */
+export declare function getSecretObject(toolPath: string, secretName: string, options?: GetSecretOptions): Promise<SecretObject>;
+/**
+ * Get multiple secret objects for a tool
+ *
+ * @param toolPath - The tool path for namespace resolution
+ * @param secrets - Map of secret name to optional override URI
+ * @returns Map of secret name to secret object
+ */
+export declare function getSecretObjects(toolPath: string, secrets: Record<string, string | undefined>): Promise<Map<string, SecretObject>>;
+/**
+ * Parse a secret override from CLI format
+ *
+ * Format: SECRET_NAME=uri
+ * Example: API_TOKEN=env://MY_API_TOKEN
+ *
+ * @param override - The override string
+ * @returns Parsed name and URI, or null if invalid
+ */
+export declare function parseSecretOverride(override: string): {
+    name: string;
+    uri: string;
+} | null;
+/**
+ * Parse multiple secret overrides from CLI
+ *
+ * @param overrides - Array of override strings
+ * @returns Map of secret name to override URI
+ */
+export declare function parseSecretOverrides(overrides: string[]): Record<string, string>;
+export { parseSecretUri, resolveSecretUri, isSecretUri, getSupportedSchemes } from "./uri-parser";
+//# sourceMappingURL=secret-object.d.ts.map

package/dist/dagger/secret-object.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"secret-object.d.ts","sourceRoot":"","sources":["../../src/dagger/secret-object.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,KAAK,EAAE,gBAAgB,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAG/D;;;;;;;;;;;GAWG;AACH,wBAAsB,eAAe,CACnC,QAAQ,EAAE,MAAM,EAChB,UAAU,EAAE,MAAM,EAClB,OAAO,GAAE,gBAAqB,GAC7B,OAAO,CAAC,YAAY,CAAC,CA+BvB;AAED;;;;;;GAMG;AACH,wBAAsB,gBAAgB,CACpC,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,GAC1C,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC,CASpC;AAED;;;;;;;;GAQG;AACH,wBAAgB,mBAAmB,CAAC,QAAQ,EAAE,MAAM,GAAG;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,GAAG,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,CAc1F;AAED;;;;;GAKG;AACH,wBAAgB,oBAAoB,CAAC,SAAS,EAAE,MAAM,EAAE,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAWhF;AAGD,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,WAAW,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAC"}

package/dist/dagger/secret-object.js

@@ -0,0 +1,100 @@
+/**
+ * Get secret objects for Dagger integration
+ *
+ * Combines keyring secrets with Dagger URI overrides
+ */
+import { resolveSecret } from "../resolver";
+import { isSecretUri, resolveSecretUri } from "./uri-parser";
+/**
+ * Get a secret object for Dagger
+ *
+ * If an override URI is provided, resolves that instead of keyring.
+ * Otherwise, resolves from keyring with namespace inheritance.
+ *
+ * @param toolPath - The tool path for namespace resolution
+ * @param secretName - The secret name
+ * @param options - Options including override URI
+ * @returns Secret object with name, value, and source info
+ * @throws Error if secret not found
+ */
+export async function getSecretObject(toolPath, secretName, options = {}) {
+    const { overrideUri } = options;
+    // If override URI is provided, resolve it
+    if (overrideUri) {
+        const value = await resolveSecretUri(overrideUri);
+        return {
+            name: secretName,
+            value,
+            source: "override",
+            overrideUri,
+        };
+    }
+    // Otherwise, resolve from keyring
+    const result = await resolveSecret(toolPath, secretName);
+    if (!result.found) {
+        throw new Error(`Secret '${secretName}' not found for tool '${toolPath}'. ` +
+            `Searched namespaces: ${result.searchedNamespaces.join(", ")}. ` +
+            `Set with: enact env set ${secretName} --secret --namespace <namespace>`);
+    }
+    return {
+        name: secretName,
+        value: result.value,
+        source: "keyring",
+        namespace: result.namespace,
+    };
+}
+/**
+ * Get multiple secret objects for a tool
+ *
+ * @param toolPath - The tool path for namespace resolution
+ * @param secrets - Map of secret name to optional override URI
+ * @returns Map of secret name to secret object
+ */
+export async function getSecretObjects(toolPath, secrets) {
+    const results = new Map();
+    for (const [name, overrideUri] of Object.entries(secrets)) {
+        const obj = await getSecretObject(toolPath, name, overrideUri ? { overrideUri } : {});
+        results.set(name, obj);
+    }
+    return results;
+}
+/**
+ * Parse a secret override from CLI format
+ *
+ * Format: SECRET_NAME=uri
+ * Example: API_TOKEN=env://MY_API_TOKEN
+ *
+ * @param override - The override string
+ * @returns Parsed name and URI, or null if invalid
+ */
+export function parseSecretOverride(override) {
+    const eqIndex = override.indexOf("=");
+    if (eqIndex === -1) {
+        return null;
+    }
+    const name = override.slice(0, eqIndex).trim();
+    const uri = override.slice(eqIndex + 1).trim();
+    if (!name || !isSecretUri(uri)) {
+        return null;
+    }
+    return { name, uri };
+}
+/**
+ * Parse multiple secret overrides from CLI
+ *
+ * @param overrides - Array of override strings
+ * @returns Map of secret name to override URI
+ */
+export function parseSecretOverrides(overrides) {
+    const result = {};
+    for (const override of overrides) {
+        const parsed = parseSecretOverride(override);
+        if (parsed) {
+            result[parsed.name] = parsed.uri;
+        }
+    }
+    return result;
+}
+// Re-export URI functions
+export { parseSecretUri, resolveSecretUri, isSecretUri, getSupportedSchemes } from "./uri-parser";
+//# sourceMappingURL=secret-object.js.map

package/dist/dagger/secret-object.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"secret-object.js","sourceRoot":"","sources":["../../src/dagger/secret-object.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAE5C,OAAO,EAAE,WAAW,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAE7D;;;;;;;;;;;GAWG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,QAAgB,EAChB,UAAkB,EAClB,UAA4B,EAAE;IAE9B,MAAM,EAAE,WAAW,EAAE,GAAG,OAAO,CAAC;IAEhC,0CAA0C;IAC1C,IAAI,WAAW,EAAE,CAAC;QAChB,MAAM,KAAK,GAAG,MAAM,gBAAgB,CAAC,WAAW,CAAC,CAAC;QAClD,OAAO;YACL,IAAI,EAAE,UAAU;YAChB,KAAK;YACL,MAAM,EAAE,UAAU;YAClB,WAAW;SACZ,CAAC;IACJ,CAAC;IAED,kCAAkC;IAClC,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;IAEzD,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;QAClB,MAAM,IAAI,KAAK,CACb,WAAW,UAAU,yBAAyB,QAAQ,KAAK;YACzD,wBAAwB,MAAM,CAAC,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI;YAChE,2BAA2B,UAAU,mCAAmC,CAC3E,CAAC;IACJ,CAAC;IAED,OAAO;QACL,IAAI,EAAE,UAAU;QAChB,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,MAAM,EAAE,SAAS;QACjB,SAAS,EAAE,MAAM,CAAC,SAAS;KAC5B,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,QAAgB,EAChB,OAA2C;IAE3C,MAAM,OAAO,GAAG,IAAI,GAAG,EAAwB,CAAC;IAEhD,KAAK,MAAM,CAAC,IAAI,EAAE,WAAW,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QAC1D,MAAM,GAAG,GAAG,MAAM,eAAe,CAAC,QAAQ,EAAE,IAAI,EAAE,WAAW,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QACtF,OAAO,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IACzB,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,mBAAmB,CAAC,QAAgB;IAClD,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACtC,IAAI,OAAO,KAAK,CAAC,CAAC,EAAE,CAAC;QACnB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,IAAI,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;IAC/C,MAAM,GAAG,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;IAE/C,IAAI,CAAC,IAAI,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC;QAC/B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC;AACvB,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,oBAAoB,CAAC,SAAmB;IACtD,MAAM,MAAM,GAA2B,EAAE,CAAC;IAE1C,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;QACjC,MAAM,MAAM,GAAG,mBAAmB,CAAC,QAAQ,CAAC,CAAC;QAC7C,IAAI,MAAM,EAAE,CAAC;YACX,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC;QACnC,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,0BAA0B;AAC1B,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,WAAW,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAC"}

package/dist/dagger/uri-parser.d.ts

@@ -0,0 +1,36 @@
+/**
+ * Dagger Secret URI parser and resolver
+ *
+ * Supports secret URIs:
+ * - env://VAR_NAME - Environment variable
+ * - file://PATH - File contents
+ * - cmd://COMMAND - Command output
+ * - op://VAULT/ITEM/FIELD - 1Password
+ * - vault://PATH - HashiCorp Vault
+ */
+import type { DaggerSecretScheme, DaggerSecretUri } from "../types";
+/**
+ * Parse a Dagger secret URI
+ *
+ * @param uri - The URI to parse (e.g., "env://API_KEY")
+ * @returns Parsed URI with scheme and value
+ * @throws Error if URI is invalid
+ */
+export declare function parseSecretUri(uri: string): DaggerSecretUri;
+/**
+ * Check if a string is a valid secret URI
+ */
+export declare function isSecretUri(uri: string): boolean;
+/**
+ * Resolve a secret URI to its actual value
+ *
+ * @param uri - The URI to resolve
+ * @returns The secret value
+ * @throws Error if resolution fails
+ */
+export declare function resolveSecretUri(uri: string): Promise<string>;
+/**
+ * Get supported URI schemes
+ */
+export declare function getSupportedSchemes(): DaggerSecretScheme[];
+//# sourceMappingURL=uri-parser.d.ts.map

package/dist/dagger/uri-parser.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"uri-parser.d.ts","sourceRoot":"","sources":["../../src/dagger/uri-parser.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAKH,OAAO,KAAK,EAAE,kBAAkB,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAOpE;;;;;;GAMG;AACH,wBAAgB,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG,eAAe,CAqB3D;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAOhD;AAED;;;;;;GAMG;AACH,wBAAsB,gBAAgB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAiBnE;AA6GD;;GAEG;AACH,wBAAgB,mBAAmB,IAAI,kBAAkB,EAAE,CAE1D"}

package/dist/dagger/uri-parser.js

@@ -0,0 +1,179 @@
+/**
+ * Dagger Secret URI parser and resolver
+ *
+ * Supports secret URIs:
+ * - env://VAR_NAME - Environment variable
+ * - file://PATH - File contents
+ * - cmd://COMMAND - Command output
+ * - op://VAULT/ITEM/FIELD - 1Password
+ * - vault://PATH - HashiCorp Vault
+ */
+import { execSync } from "node:child_process";
+import { existsSync, readFileSync } from "node:fs";
+import { resolve } from "node:path";
+/**
+ * Valid URI schemes
+ */
+const VALID_SCHEMES = new Set(["env", "file", "cmd", "op", "vault"]);
+/**
+ * Parse a Dagger secret URI
+ *
+ * @param uri - The URI to parse (e.g., "env://API_KEY")
+ * @returns Parsed URI with scheme and value
+ * @throws Error if URI is invalid
+ */
+export function parseSecretUri(uri) {
+    const match = uri.match(/^([a-z]+):\/\/(.+)$/);
+    if (!match || !match[1] || !match[2]) {
+        throw new Error(`Invalid secret URI format: ${uri}. Expected format: scheme://value`);
+    }
+    const schemeStr = match[1];
+    const value = match[2];
+    const scheme = schemeStr;
+    if (!VALID_SCHEMES.has(scheme)) {
+        throw new Error(`Invalid secret URI scheme: ${scheme}. Valid schemes: ${Array.from(VALID_SCHEMES).join(", ")}`);
+    }
+    return {
+        scheme,
+        value,
+        original: uri,
+    };
+}
+/**
+ * Check if a string is a valid secret URI
+ */
+export function isSecretUri(uri) {
+    try {
+        parseSecretUri(uri);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Resolve a secret URI to its actual value
+ *
+ * @param uri - The URI to resolve
+ * @returns The secret value
+ * @throws Error if resolution fails
+ */
+export async function resolveSecretUri(uri) {
+    const parsed = parseSecretUri(uri);
+    switch (parsed.scheme) {
+        case "env":
+            return resolveEnvUri(parsed.value);
+        case "file":
+            return resolveFileUri(parsed.value);
+        case "cmd":
+            return resolveCmdUri(parsed.value);
+        case "op":
+            return resolveOpUri(parsed.value);
+        case "vault":
+            return resolveVaultUri(parsed.value);
+        default:
+            throw new Error(`Unsupported secret scheme: ${parsed.scheme}`);
+    }
+}
+/**
+ * Resolve env:// URI - read from environment variable
+ */
+function resolveEnvUri(varName) {
+    const value = process.env[varName];
+    if (value === undefined) {
+        throw new Error(`Environment variable '${varName}' is not set (from env://${varName})`);
+    }
+    return value;
+}
+/**
+ * Resolve file:// URI - read file contents
+ */
+function resolveFileUri(path) {
+    // Handle relative paths
+    const resolvedPath = resolve(path);
+    if (!existsSync(resolvedPath)) {
+        throw new Error(`File not found: ${resolvedPath} (from file://${path})`);
+    }
+    return readFileSync(resolvedPath, "utf-8").trim();
+}
+/**
+ * Resolve cmd:// URI - execute command and capture output
+ */
+function resolveCmdUri(command) {
+    try {
+        const output = execSync(command, {
+            encoding: "utf-8",
+            stdio: ["pipe", "pipe", "pipe"],
+        });
+        return output.trim();
+    }
+    catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        throw new Error(`Command failed: ${command} (from cmd://${command}): ${message}`);
+    }
+}
+/**
+ * Resolve op:// URI - 1Password CLI
+ * Format: op://vault/item/field
+ *
+ * Requires 1Password CLI (op) to be installed and authenticated
+ */
+function resolveOpUri(path) {
+    const opUri = `op://${path}`;
+    try {
+        const output = execSync(`op read "${opUri}"`, {
+            encoding: "utf-8",
+            stdio: ["pipe", "pipe", "pipe"],
+        });
+        return output.trim();
+    }
+    catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        throw new Error(`1Password read failed for ${opUri}. Ensure 'op' CLI is installed and authenticated: ${message}`);
+    }
+}
+/**
+ * Resolve vault:// URI - HashiCorp Vault
+ * Format: vault://path/to/secret#field
+ *
+ * Requires Vault CLI and VAULT_ADDR, VAULT_TOKEN environment variables
+ */
+function resolveVaultUri(path) {
+    // Parse path and optional field
+    const [secretPath, field] = path.split("#");
+    try {
+        const command = `vault kv get -format=json "${secretPath}"`;
+        const output = execSync(command, {
+            encoding: "utf-8",
+            stdio: ["pipe", "pipe", "pipe"],
+        });
+        const data = JSON.parse(output);
+        const secretData = data.data?.data ?? data.data;
+        if (field) {
+            if (!(field in secretData)) {
+                throw new Error(`Field '${field}' not found in secret at ${secretPath}`);
+            }
+            return String(secretData[field]);
+        }
+        // If no field specified, return first value or JSON
+        const values = Object.values(secretData);
+        if (values.length === 1) {
+            return String(values[0]);
+        }
+        return JSON.stringify(secretData);
+    }
+    catch (error) {
+        if (error instanceof SyntaxError) {
+            throw new Error(`Failed to parse Vault response for ${path}. Ensure VAULT_ADDR and VAULT_TOKEN are set.`);
+        }
+        const message = error instanceof Error ? error.message : String(error);
+        throw new Error(`Vault read failed for ${path}: ${message}`);
+    }
+}
+/**
+ * Get supported URI schemes
+ */
+export function getSupportedSchemes() {
+    return Array.from(VALID_SCHEMES);
+}
+//# sourceMappingURL=uri-parser.js.map

package/dist/dagger/uri-parser.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"uri-parser.js","sourceRoot":"","sources":["../../src/dagger/uri-parser.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACnD,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAGpC;;GAEG;AACH,MAAM,aAAa,GAAG,IAAI,GAAG,CAAqB,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC;AAEzF;;;;;;GAMG;AACH,MAAM,UAAU,cAAc,CAAC,GAAW;IACxC,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;IAC/C,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;QACrC,MAAM,IAAI,KAAK,CAAC,8BAA8B,GAAG,mCAAmC,CAAC,CAAC;IACxF,CAAC;IAED,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;IAC3B,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;IACvB,MAAM,MAAM,GAAG,SAA+B,CAAC;IAE/C,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;QAC/B,MAAM,IAAI,KAAK,CACb,8BAA8B,MAAM,oBAAoB,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAC/F,CAAC;IACJ,CAAC;IAED,OAAO;QACL,MAAM;QACN,KAAK;QACL,QAAQ,EAAE,GAAG;KACd,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,GAAW;IACrC,IAAI,CAAC;QACH,cAAc,CAAC,GAAG,CAAC,CAAC;QACpB,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,GAAW;IAChD,MAAM,MAAM,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC;IAEnC,QAAQ,MAAM,CAAC,MAAM,EAAE,CAAC;QACtB,KAAK,KAAK;YACR,OAAO,aAAa,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACrC,KAAK,MAAM;YACT,OAAO,cAAc,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACtC,KAAK,KAAK;YACR,OAAO,aAAa,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACrC,KAAK,IAAI;YACP,OAAO,YAAY,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACpC,KAAK,OAAO;YACV,OAAO,eAAe,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACvC;YACE,MAAM,IAAI,KAAK,CAAC,8BAA8B,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;IACnE,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CAAC,OAAe;IACpC,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IACnC,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CAAC,yBAAyB,OAAO,4BAA4B,OAAO,GAAG,CAAC,CAAC;IAC1F,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CAAC,IAAY;IAClC,wBAAwB;IACxB,MAAM,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEnC,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;QAC9B,MAAM,IAAI,KAAK,CAAC,mBAAmB,YAAY,iBAAiB,IAAI,GAAG,CAAC,CAAC;IAC3E,CAAC;IAED,OAAO,YAAY,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;AACpD,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CAAC,OAAe;IACpC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,QAAQ,CAAC,OAAO,EAAE;YAC/B,QAAQ,EAAE,OAAO;YACjB,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;SAChC,CAAC,CAAC;QACH,OAAO,MAAM,CAAC,IAAI,EAAE,CAAC;IACvB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACvE,MAAM,IAAI,KAAK,CAAC,mBAAmB,OAAO,gBAAgB,OAAO,MAAM,OAAO,EAAE,CAAC,CAAC;IACpF,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,SAAS,YAAY,CAAC,IAAY;IAChC,MAAM,KAAK,GAAG,QAAQ,IAAI,EAAE,CAAC;IAC7B,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,QAAQ,CAAC,YAAY,KAAK,GAAG,EAAE;YAC5C,QAAQ,EAAE,OAAO;YACjB,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;SAChC,CAAC,CAAC;QACH,OAAO,MAAM,CAAC,IAAI,EAAE,CAAC;IACvB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACvE,MAAM,IAAI,KAAK,CACb,6BAA6B,KAAK,qDAAqD,OAAO,EAAE,CACjG,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,SAAS,eAAe,CAAC,IAAY;IACnC,gCAAgC;IAChC,MAAM,CAAC,UAAU,EAAE,KAAK,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAE5C,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,8BAA8B,UAAU,GAAG,CAAC;QAC5D,MAAM,MAAM,GAAG,QAAQ,CAAC,OAAO,EAAE;YAC/B,QAAQ,EAAE,OAAO;YACjB,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;SAChC,CAAC,CAAC;QAEH,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAChC,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,EAAE,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC;QAEhD,IAAI,KAAK,EAAE,CAAC;YACV,IAAI,CAAC,CAAC,KAAK,IAAI,UAAU,CAAC,EAAE,CAAC;gBAC3B,MAAM,IAAI,KAAK,CAAC,UAAU,KAAK,4BAA4B,UAAU,EAAE,CAAC,CAAC;YAC3E,CAAC;YACD,OAAO,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC;QACnC,CAAC;QAED,oDAAoD;QACpD,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;QACzC,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxB,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;QAC3B,CAAC;QACD,OAAO,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;IACpC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,KAAK,YAAY,WAAW,EAAE,CAAC;YACjC,MAAM,IAAI,KAAK,CACb,sCAAsC,IAAI,8CAA8C,CACzF,CAAC;QACJ,CAAC;QACD,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACvE,MAAM,IAAI,KAAK,CAAC,yBAAyB,IAAI,KAAK,OAAO,EAAE,CAAC,CAAC;IAC/D,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,mBAAmB;IACjC,OAAO,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;AACnC,CAAC"}

package/dist/env/index.d.ts

@@ -0,0 +1,10 @@
+/**
+ * Environment variable management
+ *
+ * Re-exports all env-related functions
+ */
+export { parseEnvFile, parseEnvContent, serializeEnvFile, createEnvContent, updateEnvVar, removeEnvVar, } from "./parser";
+export { getGlobalEnvPath, getLocalEnvPath, readEnvFile, readEnvVars, loadGlobalEnv, loadLocalEnv, loadGlobalEnvFile, loadLocalEnvFile, globalEnvExists, localEnvExists, } from "./reader";
+export { writeEnvFile, writeEnvVars, setEnvVar, deleteEnvVar, setGlobalEnvVar, setLocalEnvVar, deleteGlobalEnvVar, deleteLocalEnvVar, } from "./writer";
+export { setEnv, getEnv, getEnvValue, deleteEnv, listEnv, resolveAllEnv, resolveToolEnv, hasLocalEnv, hasGlobalEnv, } from "./manager";
+//# sourceMappingURL=index.d.ts.map

package/dist/env/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/env/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EACL,YAAY,EACZ,eAAe,EACf,gBAAgB,EAChB,gBAAgB,EAChB,YAAY,EACZ,YAAY,GACb,MAAM,UAAU,CAAC;AAGlB,OAAO,EACL,gBAAgB,EAChB,eAAe,EACf,WAAW,EACX,WAAW,EACX,aAAa,EACb,YAAY,EACZ,iBAAiB,EACjB,gBAAgB,EAChB,eAAe,EACf,cAAc,GACf,MAAM,UAAU,CAAC;AAGlB,OAAO,EACL,YAAY,EACZ,YAAY,EACZ,SAAS,EACT,YAAY,EACZ,eAAe,EACf,cAAc,EACd,kBAAkB,EAClB,iBAAiB,GAClB,MAAM,UAAU,CAAC;AAGlB,OAAO,EACL,MAAM,EACN,MAAM,EACN,WAAW,EACX,SAAS,EACT,OAAO,EACP,aAAa,EACb,cAAc,EACd,WAAW,EACX,YAAY,GACb,MAAM,WAAW,CAAC"}

package/dist/env/index.js

@@ -0,0 +1,14 @@
+/**
+ * Environment variable management
+ *
+ * Re-exports all env-related functions
+ */
+// Parser functions
+export { parseEnvFile, parseEnvContent, serializeEnvFile, createEnvContent, updateEnvVar, removeEnvVar, } from "./parser";
+// Reader functions
+export { getGlobalEnvPath, getLocalEnvPath, readEnvFile, readEnvVars, loadGlobalEnv, loadLocalEnv, loadGlobalEnvFile, loadLocalEnvFile, globalEnvExists, localEnvExists, } from "./reader";
+// Writer functions
+export { writeEnvFile, writeEnvVars, setEnvVar, deleteEnvVar, setGlobalEnvVar, setLocalEnvVar, deleteGlobalEnvVar, deleteLocalEnvVar, } from "./writer";
+// Manager functions (high-level API)
+export { setEnv, getEnv, getEnvValue, deleteEnv, listEnv, resolveAllEnv, resolveToolEnv, hasLocalEnv, hasGlobalEnv, } from "./manager";
+//# sourceMappingURL=index.js.map

package/dist/env/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/env/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,mBAAmB;AACnB,OAAO,EACL,YAAY,EACZ,eAAe,EACf,gBAAgB,EAChB,gBAAgB,EAChB,YAAY,EACZ,YAAY,GACb,MAAM,UAAU,CAAC;AAElB,mBAAmB;AACnB,OAAO,EACL,gBAAgB,EAChB,eAAe,EACf,WAAW,EACX,WAAW,EACX,aAAa,EACb,YAAY,EACZ,iBAAiB,EACjB,gBAAgB,EAChB,eAAe,EACf,cAAc,GACf,MAAM,UAAU,CAAC;AAElB,mBAAmB;AACnB,OAAO,EACL,YAAY,EACZ,YAAY,EACZ,SAAS,EACT,YAAY,EACZ,eAAe,EACf,cAAc,EACd,kBAAkB,EAClB,iBAAiB,GAClB,MAAM,UAAU,CAAC;AAElB,qCAAqC;AACrC,OAAO,EACL,MAAM,EACN,MAAM,EACN,WAAW,EACX,SAAS,EACT,OAAO,EACP,aAAa,EACb,cAAc,EACd,WAAW,EACX,YAAY,GACb,MAAM,WAAW,CAAC"}

package/dist/env/manager.d.ts

@@ -0,0 +1,87 @@
+/**
+ * Unified environment variable manager
+ *
+ * Provides high-level functions for managing environment variables
+ * with priority resolution: local → global → default
+ */
+import type { EnvResolution, EnvironmentVariable } from "../types";
+/**
+ * Set an environment variable
+ *
+ * @param key - Variable key
+ * @param value - Variable value
+ * @param scope - Where to set: 'local' or 'global' (default: 'global')
+ * @param cwd - Current working directory for local scope
+ */
+export declare function setEnv(key: string, value: string, scope?: "local" | "global", cwd?: string): void;
+/**
+ * Get an environment variable with priority resolution
+ *
+ * Priority: local → global → default
+ *
+ * @param key - Variable key
+ * @param defaultValue - Default value if not found
+ * @param cwd - Current working directory for local scope
+ * @returns Resolution result with value and source
+ */
+export declare function getEnv(key: string, defaultValue?: string, cwd?: string): EnvResolution | null;
+/**
+ * Get just the value of an environment variable
+ *
+ * @param key - Variable key
+ * @param defaultValue - Default value if not found
+ * @param cwd - Current working directory for local scope
+ * @returns The value, or default/undefined if not found
+ */
+export declare function getEnvValue(key: string, defaultValue?: string, cwd?: string): string | undefined;
+/**
+ * Delete an environment variable
+ *
+ * @param key - Variable key
+ * @param scope - Where to delete from: 'local' or 'global' (default: 'global')
+ * @param cwd - Current working directory for local scope
+ * @returns true if variable existed and was deleted
+ */
+export declare function deleteEnv(key: string, scope?: "local" | "global", cwd?: string): boolean;
+/**
+ * List all environment variables from a scope
+ *
+ * @param scope - Which scope to list: 'local', 'global', or 'all'
+ * @param cwd - Current working directory for local scope
+ * @returns Array of environment variables with sources
+ */
+export declare function listEnv(scope?: "local" | "global" | "all", cwd?: string): EnvironmentVariable[];
+/**
+ * Get all environment variables with priority resolution
+ * Returns the effective value for each key (local overrides global)
+ *
+ * @param defaults - Default values for keys
+ * @param cwd - Current working directory for local scope
+ * @returns Map of key to resolution result
+ */
+export declare function resolveAllEnv(defaults?: Record<string, string>, cwd?: string): Map<string, EnvResolution>;
+/**
+ * Resolve environment variables for a tool manifest
+ * Checks that all required vars are present
+ *
+ * @param envDeclarations - Env declarations from manifest
+ * @param cwd - Current working directory
+ * @returns Object with resolved vars and any missing required vars
+ */
+export declare function resolveToolEnv(envDeclarations: Record<string, {
+    description?: string;
+    default?: string;
+    secret?: boolean;
+}>, cwd?: string): {
+    resolved: Map<string, EnvResolution>;
+    missing: string[];
+};
+/**
+ * Check if local .env exists
+ */
+export declare function hasLocalEnv(cwd?: string): boolean;
+/**
+ * Check if global .env exists
+ */
+export declare function hasGlobalEnv(): boolean;
+//# sourceMappingURL=manager.d.ts.map

package/dist/env/manager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"manager.d.ts","sourceRoot":"","sources":["../../src/env/manager.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,mBAAmB,EAAE,MAAM,UAAU,CAAC;AAWnE;;;;;;;GAOG;AACH,wBAAgB,MAAM,CACpB,GAAG,EAAE,MAAM,EACX,KAAK,EAAE,MAAM,EACb,KAAK,GAAE,OAAO,GAAG,QAAmB,EACpC,GAAG,CAAC,EAAE,MAAM,GACX,IAAI,CAMN;AAED;;;;;;;;;GASG;AACH,wBAAgB,MAAM,CAAC,GAAG,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,MAAM,EAAE,GAAG,CAAC,EAAE,MAAM,GAAG,aAAa,GAAG,IAAI,CAmC7F;AAED;;;;;;;GAOG;AACH,wBAAgB,WAAW,CAAC,GAAG,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,MAAM,EAAE,GAAG,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAGhG;AAED;;;;;;;GAOG;AACH,wBAAgB,SAAS,CACvB,GAAG,EAAE,MAAM,EACX,KAAK,GAAE,OAAO,GAAG,QAAmB,EACpC,GAAG,CAAC,EAAE,MAAM,GACX,OAAO,CAKT;AAED;;;;;;GAMG;AACH,wBAAgB,OAAO,CACrB,KAAK,GAAE,OAAO,GAAG,QAAQ,GAAG,KAAa,EACzC,GAAG,CAAC,EAAE,MAAM,GACX,mBAAmB,EAAE,CA6BvB;AAED;;;;;;;GAOG;AACH,wBAAgB,aAAa,CAC3B,QAAQ,GAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAM,EACrC,GAAG,CAAC,EAAE,MAAM,GACX,GAAG,CAAC,MAAM,EAAE,aAAa,CAAC,CA+B5B;AAED;;;;;;;GAOG;AACH,wBAAgB,cAAc,CAC5B,eAAe,EAAE,MAAM,CAAC,MAAM,EAAE;IAAE,WAAW,CAAC,EAAE,MAAM,CAAC;IAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAAC,MAAM,CAAC,EAAE,OAAO,CAAA;CAAE,CAAC,EAC7F,GAAG,CAAC,EAAE,MAAM,GACX;IACD,QAAQ,EAAE,GAAG,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;IACrC,OAAO,EAAE,MAAM,EAAE,CAAC;CACnB,CAmBA;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,OAAO,CAEjD;AAED;;GAEG;AACH,wBAAgB,YAAY,IAAI,OAAO,CAEtC"}