@executor-js/plugin-onepassword 0.0.1-beta.4 → 0.0.1-beta.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -2,8 +2,6 @@
2
2
 
3
3
  [1Password](https://1password.com) integration for the executor. Provides a secret source that resolves values from a 1Password vault, backed by either the desktop app (connect.sock) or a service account token.
4
4
 
5
- Pairs with [`@executor/sdk`](https://www.npmjs.com/package/@executor/sdk) (promise-based) or [`@executor/core`](https://www.npmjs.com/package/@executor/core) (Effect-based).
6
-
7
5
  ## Install
8
6
 
9
7
  ```sh
@@ -16,7 +14,7 @@ npm install @executor/sdk @executor/plugin-onepassword
16
14
 
17
15
  ```ts
18
16
  import { createExecutor } from "@executor/sdk";
19
- import { onepasswordPlugin } from "@executor/plugin-onepassword/core";
17
+ import { onepasswordPlugin } from "@executor/plugin-onepassword";
20
18
 
21
19
  const executor = await createExecutor({
22
20
  scope: { name: "my-app" },
@@ -44,9 +42,13 @@ await executor.onepassword.configure({
44
42
  });
45
43
  ```
46
44
 
47
- ## Effect entry point
45
+ ## Using with Effect
46
+
47
+ If you're building on `@executor/sdk` (the raw Effect entry), import this plugin from its `/core` subpath instead:
48
48
 
49
- If you're using `@executor/core` directly, the same import path works — this plugin does not ship a separate promise entry.
49
+ ```ts
50
+ import { onepasswordPlugin } from "@executor/plugin-onepassword";
51
+ ```
50
52
 
51
53
  ## Status
52
54
 
@@ -0,0 +1,311 @@
1
+ // src/sdk/types.ts
2
+ import { Schema } from "effect";
3
+ var DesktopAppAuth = class extends Schema.Class("DesktopAppAuth")({
4
+ kind: Schema.Literal("desktop-app"),
5
+ /** 1Password account domain, e.g. "my.1password.com" */
6
+ accountName: Schema.String
7
+ }) {
8
+ };
9
+ var ServiceAccountAuth = class extends Schema.Class("ServiceAccountAuth")({
10
+ kind: Schema.Literal("service-account"),
11
+ /** The service account token (stored as a secret) */
12
+ tokenSecretId: Schema.String
13
+ }) {
14
+ };
15
+ var OnePasswordAuth = Schema.Union(DesktopAppAuth, ServiceAccountAuth);
16
+ var OnePasswordConfig = class extends Schema.Class("OnePasswordConfig")({
17
+ auth: OnePasswordAuth,
18
+ /** Vault to scope operations to */
19
+ vaultId: Schema.String,
20
+ /** Human label */
21
+ name: Schema.String
22
+ }) {
23
+ };
24
+ var Vault = class extends Schema.Class("Vault")({
25
+ id: Schema.String,
26
+ name: Schema.String
27
+ }) {
28
+ };
29
+ var ConnectionStatus = class extends Schema.Class("ConnectionStatus")({
30
+ connected: Schema.Boolean,
31
+ vaultName: Schema.optional(Schema.String),
32
+ error: Schema.optional(Schema.String)
33
+ }) {
34
+ };
35
+
36
+ // src/sdk/errors.ts
37
+ import { Schema as Schema2 } from "effect";
38
+ var OnePasswordError = class extends Schema2.TaggedError()("OnePasswordError", {
39
+ operation: Schema2.String,
40
+ message: Schema2.String
41
+ }) {
42
+ };
43
+
44
+ // src/sdk/service.ts
45
+ import { Context, Duration, Effect } from "effect";
46
+ import * as op from "@1password/op-js";
47
+ var OnePasswordServiceTag = class extends Context.Tag(
48
+ "@executor-js/plugin-onepassword/OnePasswordService"
49
+ )() {
50
+ };
51
+ var DEFAULT_TIMEOUT_MS = 15e3;
52
+ var loadOnePasswordSdk = () => Effect.tryPromise({
53
+ try: () => import("@1password/sdk"),
54
+ catch: (cause) => new OnePasswordError({
55
+ operation: "sdk module load",
56
+ message: cause instanceof Error ? cause.message : String(cause)
57
+ })
58
+ });
59
+ var makeTimeoutMessage = (operation, timeoutMs) => [
60
+ `${operation}: timed out after ${Math.floor(timeoutMs / 1e3)}s.`,
61
+ "Troubleshooting:",
62
+ "1. Make sure the 1Password desktop app is open and unlocked",
63
+ "2. Check for an approval prompt in the 1Password app \u2014 it may be behind other windows",
64
+ "3. Ensure 'Developer > Connect with 1Password CLI' is enabled in 1Password Settings",
65
+ "4. Make sure no other app or terminal is waiting for 1Password approval (only one prompt at a time)",
66
+ "5. Try quitting 1Password completely and reopening it, then retry"
67
+ ].join("\n");
68
+ var makeNativeSdkService = (auth, timeoutMs = DEFAULT_TIMEOUT_MS) => Effect.gen(function* () {
69
+ const timeout = Duration.millis(timeoutMs);
70
+ const sdk = yield* loadOnePasswordSdk().pipe(
71
+ Effect.timeoutFail({
72
+ duration: timeout,
73
+ onTimeout: () => new OnePasswordError({
74
+ operation: "sdk module load",
75
+ message: makeTimeoutMessage("sdk module load", timeoutMs)
76
+ })
77
+ })
78
+ );
79
+ const client = yield* Effect.tryPromise({
80
+ try: () => sdk.createClient({
81
+ auth: auth.kind === "desktop-app" ? new sdk.DesktopAuth(auth.accountName) : auth.token,
82
+ integrationName: "Executor",
83
+ integrationVersion: "0.0.0"
84
+ }),
85
+ catch: (cause) => new OnePasswordError({
86
+ operation: "client setup",
87
+ message: cause instanceof Error ? cause.message : String(cause)
88
+ })
89
+ }).pipe(
90
+ Effect.timeoutFail({
91
+ duration: timeout,
92
+ onTimeout: () => new OnePasswordError({
93
+ operation: "client setup",
94
+ message: makeTimeoutMessage("client setup", timeoutMs)
95
+ })
96
+ })
97
+ );
98
+ const wrap = (fn, operation) => Effect.tryPromise({
99
+ try: fn,
100
+ catch: (cause) => new OnePasswordError({
101
+ operation,
102
+ message: cause instanceof Error ? cause.message : String(cause)
103
+ })
104
+ }).pipe(
105
+ Effect.timeoutFail({
106
+ duration: timeout,
107
+ onTimeout: () => new OnePasswordError({
108
+ operation,
109
+ message: makeTimeoutMessage(operation, timeoutMs)
110
+ })
111
+ }),
112
+ Effect.withSpan(`onepassword.sdk.${operation}`)
113
+ );
114
+ return OnePasswordServiceTag.of({
115
+ resolveSecret: (uri) => wrap(() => client.secrets.resolve(uri), "secret resolution"),
116
+ listVaults: () => wrap(() => client.vaults.list({ decryptDetails: true }), "vault listing").pipe(
117
+ Effect.map((vaults) => vaults.map((v) => ({ id: v.id, title: v.title })))
118
+ ),
119
+ listItems: (vaultId) => wrap(() => client.items.list(vaultId), "item listing").pipe(
120
+ Effect.map((items) => items.map((i) => ({ id: i.id, title: i.title })))
121
+ )
122
+ });
123
+ }).pipe(Effect.withSpan("onepassword.sdk.make_service"));
124
+ var makeCliService = (auth) => Effect.sync(() => {
125
+ if (auth.kind === "service-account") {
126
+ op.setServiceAccount(auth.token);
127
+ } else {
128
+ op.setGlobalFlags({ account: auth.accountName });
129
+ }
130
+ const wrapSync = (fn, operation) => Effect.try({
131
+ try: fn,
132
+ catch: (cause) => new OnePasswordError({
133
+ operation,
134
+ message: cause instanceof Error ? cause.message : String(cause)
135
+ })
136
+ }).pipe(Effect.withSpan(`onepassword.cli.${operation}`));
137
+ return OnePasswordServiceTag.of({
138
+ resolveSecret: (uri) => wrapSync(() => op.read.parse(uri), "secret resolution"),
139
+ listVaults: () => wrapSync(() => op.vault.list(), "vault listing").pipe(
140
+ Effect.map((vaults) => vaults.map((v) => ({ id: v.id, title: v.name })))
141
+ ),
142
+ listItems: (vaultId) => wrapSync(() => op.item.list({ vault: vaultId }), "item listing").pipe(
143
+ Effect.map((items) => items.map((i) => ({ id: i.id, title: i.title })))
144
+ )
145
+ });
146
+ }).pipe(Effect.withSpan("onepassword.cli.make_service"));
147
+ var makeOnePasswordService = (auth, options) => {
148
+ const timeoutMs = options?.timeoutMs ?? DEFAULT_TIMEOUT_MS;
149
+ if (options?.preferSdk) {
150
+ return makeNativeSdkService(auth, timeoutMs);
151
+ }
152
+ return makeCliService(auth).pipe(
153
+ Effect.catchAll(
154
+ (cliError) => (
155
+ // CLI unavailable (e.g. `op` not installed) — fall back to SDK
156
+ makeNativeSdkService(auth, timeoutMs).pipe(Effect.mapError(() => cliError))
157
+ )
158
+ )
159
+ );
160
+ };
161
+
162
+ // src/sdk/plugin.ts
163
+ import { Effect as Effect2, Schema as Schema3 } from "effect";
164
+ import {
165
+ definePlugin,
166
+ SecretId
167
+ } from "@executor-js/sdk";
168
+ var PLUGIN_KEY = "onepassword";
169
+ var CREDENTIAL_FIELD = "credential";
170
+ var DEFAULT_TIMEOUT_MS2 = 15e3;
171
+ var CONFIG_KEY = "config";
172
+ var resolveAuth = (auth, ctx) => {
173
+ if (auth.kind === "desktop-app") {
174
+ return Effect2.succeed({
175
+ kind: "desktop-app",
176
+ accountName: auth.accountName
177
+ });
178
+ }
179
+ return ctx.secrets.resolve(SecretId.make(auth.tokenSecretId), ctx.scope.id).pipe(
180
+ Effect2.map((token) => ({ kind: "service-account", token })),
181
+ Effect2.mapError(
182
+ (e) => new OnePasswordError({
183
+ operation: "auth resolution",
184
+ message: `Failed to resolve service account token secret "${auth.tokenSecretId}": ${e._tag}`
185
+ })
186
+ )
187
+ );
188
+ };
189
+ var getServiceFromConfig = (config, ctx, timeoutMs) => resolveAuth(config.auth, ctx).pipe(
190
+ Effect2.flatMap((resolved) => makeOnePasswordService(resolved, { timeoutMs }))
191
+ );
192
+ var makeProvider = (getConfig, ctx, timeoutMs) => ({
193
+ key: "onepassword",
194
+ writable: false,
195
+ get: (secretId) => getConfig().pipe(
196
+ Effect2.flatMap((config) => {
197
+ if (!config) return Effect2.succeed(null);
198
+ const uri = secretId.startsWith("op://") ? secretId : `op://${config.vaultId}/${secretId}/${CREDENTIAL_FIELD}`;
199
+ return getServiceFromConfig(config, ctx, timeoutMs).pipe(
200
+ Effect2.flatMap((svc) => svc.resolveSecret(uri)),
201
+ Effect2.map((v) => v),
202
+ Effect2.orElseSucceed(() => null)
203
+ );
204
+ }),
205
+ Effect2.orElseSucceed(() => null)
206
+ ),
207
+ list: () => getConfig().pipe(
208
+ Effect2.flatMap((config) => {
209
+ if (!config) return Effect2.succeed([]);
210
+ return getServiceFromConfig(config, ctx, timeoutMs).pipe(
211
+ Effect2.flatMap((svc) => svc.listItems(config.vaultId)),
212
+ Effect2.map((items) => items.map((item2) => ({ id: item2.id, name: item2.title })))
213
+ );
214
+ }),
215
+ Effect2.orElseSucceed(() => [])
216
+ )
217
+ });
218
+ var decodeConfig = Schema3.decodeUnknownSync(OnePasswordConfig);
219
+ var loadConfig = (kv) => kv.get(CONFIG_KEY).pipe(
220
+ Effect2.flatMap((v) => {
221
+ if (v === null) return Effect2.succeed(null);
222
+ return Effect2.try(() => decodeConfig(JSON.parse(v))).pipe(
223
+ Effect2.mapError(
224
+ (cause) => new OnePasswordError({
225
+ operation: "config decode",
226
+ message: cause instanceof Error ? cause.message : String(cause)
227
+ })
228
+ )
229
+ );
230
+ })
231
+ );
232
+ var saveConfig = (kv, config) => kv.set([
233
+ {
234
+ key: CONFIG_KEY,
235
+ value: JSON.stringify({
236
+ auth: config.auth,
237
+ vaultId: config.vaultId,
238
+ name: config.name
239
+ })
240
+ }
241
+ ]);
242
+ var deleteConfig = (kv) => kv.delete([CONFIG_KEY]).pipe(Effect2.asVoid);
243
+ var onepasswordPlugin = (options) => {
244
+ const timeoutMs = options.timeoutMs ?? DEFAULT_TIMEOUT_MS2;
245
+ const kv = options.kv;
246
+ return definePlugin({
247
+ key: PLUGIN_KEY,
248
+ init: (ctx) => Effect2.gen(function* () {
249
+ const getConfig = () => loadConfig(kv);
250
+ yield* ctx.secrets.addProvider(makeProvider(getConfig, ctx, timeoutMs));
251
+ const extension = {
252
+ configure: (config) => saveConfig(kv, config),
253
+ getConfig: () => getConfig(),
254
+ removeConfig: () => deleteConfig(kv),
255
+ status: () => Effect2.gen(function* () {
256
+ const config = yield* getConfig();
257
+ if (!config) {
258
+ return new ConnectionStatus({
259
+ connected: false,
260
+ error: "Not configured"
261
+ });
262
+ }
263
+ const svc = yield* getServiceFromConfig(config, ctx, timeoutMs);
264
+ const vaults = yield* svc.listVaults();
265
+ const vault2 = vaults.find((v) => v.id === config.vaultId);
266
+ return new ConnectionStatus({
267
+ connected: true,
268
+ vaultName: vault2?.title
269
+ });
270
+ }),
271
+ listVaults: (auth) => Effect2.gen(function* () {
272
+ const resolved = yield* resolveAuth(auth, ctx);
273
+ const svc = yield* makeOnePasswordService(resolved, {
274
+ timeoutMs,
275
+ preferSdk: options.preferSdk
276
+ });
277
+ const vaults = yield* svc.listVaults();
278
+ return vaults.map((v) => new Vault({ id: v.id, name: v.title })).sort((a, b) => a.name.localeCompare(b.name));
279
+ }),
280
+ resolve: (uri) => Effect2.gen(function* () {
281
+ const config = yield* getConfig();
282
+ if (!config) {
283
+ return yield* new OnePasswordError({
284
+ operation: "resolve",
285
+ message: "1Password is not configured"
286
+ });
287
+ }
288
+ const svc = yield* getServiceFromConfig(config, ctx, timeoutMs);
289
+ return yield* svc.resolveSecret(uri);
290
+ })
291
+ };
292
+ return { extension };
293
+ })
294
+ });
295
+ };
296
+
297
+ export {
298
+ DesktopAppAuth,
299
+ ServiceAccountAuth,
300
+ OnePasswordAuth,
301
+ OnePasswordConfig,
302
+ Vault,
303
+ ConnectionStatus,
304
+ OnePasswordError,
305
+ OnePasswordServiceTag,
306
+ makeNativeSdkService,
307
+ makeCliService,
308
+ makeOnePasswordService,
309
+ onepasswordPlugin
310
+ };
311
+ //# sourceMappingURL=chunk-57NB4OW6.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../src/sdk/types.ts","../src/sdk/errors.ts","../src/sdk/service.ts","../src/sdk/plugin.ts"],"sourcesContent":["import { Schema } from \"effect\";\n\n// ---------------------------------------------------------------------------\n// Auth — how to talk to 1Password\n// ---------------------------------------------------------------------------\n\nexport class DesktopAppAuth extends Schema.Class<DesktopAppAuth>(\"DesktopAppAuth\")({\n kind: Schema.Literal(\"desktop-app\"),\n /** 1Password account domain, e.g. \"my.1password.com\" */\n accountName: Schema.String,\n}) {}\n\nexport class ServiceAccountAuth extends Schema.Class<ServiceAccountAuth>(\"ServiceAccountAuth\")({\n kind: Schema.Literal(\"service-account\"),\n /** The service account token (stored as a secret) */\n tokenSecretId: Schema.String,\n}) {}\n\nexport const OnePasswordAuth = Schema.Union(DesktopAppAuth, ServiceAccountAuth);\nexport type OnePasswordAuth = typeof OnePasswordAuth.Type;\n\n// ---------------------------------------------------------------------------\n// Stored config — persisted via KV\n// ---------------------------------------------------------------------------\n\nexport class OnePasswordConfig extends Schema.Class<OnePasswordConfig>(\"OnePasswordConfig\")({\n auth: OnePasswordAuth,\n /** Vault to scope operations to */\n vaultId: Schema.String,\n /** Human label */\n name: Schema.String,\n}) {}\n\n// ---------------------------------------------------------------------------\n// Vault\n// ---------------------------------------------------------------------------\n\nexport class Vault extends Schema.Class<Vault>(\"Vault\")({\n id: Schema.String,\n name: Schema.String,\n}) {}\n\n// ---------------------------------------------------------------------------\n// Connection status\n// ---------------------------------------------------------------------------\n\nexport class ConnectionStatus extends Schema.Class<ConnectionStatus>(\"ConnectionStatus\")({\n connected: Schema.Boolean,\n vaultName: Schema.optional(Schema.String),\n error: Schema.optional(Schema.String),\n}) {}\n","import { Schema } from \"effect\";\n\nexport class OnePasswordError extends Schema.TaggedError<OnePasswordError>()(\"OnePasswordError\", {\n operation: Schema.String,\n message: Schema.String,\n}) {}\n","import { Context, Duration, Effect } from \"effect\";\nimport * as op from \"@1password/op-js\";\n\nimport { OnePasswordError } from \"./errors\";\n\n// ---------------------------------------------------------------------------\n// Canonical service interface — all backends (SDK, CLI) implement this\n// ---------------------------------------------------------------------------\n\nexport interface OnePasswordVault {\n readonly id: string;\n readonly title: string;\n}\n\nexport interface OnePasswordItem {\n readonly id: string;\n readonly title: string;\n}\n\nexport interface OnePasswordService {\n /** Resolve a secret by op:// URI */\n readonly resolveSecret: (uri: string) => Effect.Effect<string, OnePasswordError>;\n\n /** List accessible vaults */\n readonly listVaults: () => Effect.Effect<ReadonlyArray<OnePasswordVault>, OnePasswordError>;\n\n /** List items in a vault */\n readonly listItems: (\n vaultId: string,\n ) => Effect.Effect<ReadonlyArray<OnePasswordItem>, OnePasswordError>;\n}\n\nexport class OnePasswordServiceTag extends Context.Tag(\n \"@executor/plugin-onepassword/OnePasswordService\",\n)<OnePasswordServiceTag, OnePasswordService>() {}\n\n// ---------------------------------------------------------------------------\n// Resolved auth — raw credentials ready for any backend\n// ---------------------------------------------------------------------------\n\nexport type ResolvedAuth =\n | { readonly kind: \"desktop-app\"; readonly accountName: string }\n | { readonly kind: \"service-account\"; readonly token: string };\n\n// ---------------------------------------------------------------------------\n// SDK backend — uses @1password/sdk native IPC\n// ---------------------------------------------------------------------------\n\nconst DEFAULT_TIMEOUT_MS = 15_000;\ntype OnePasswordSdkModule = typeof import(\"@1password/sdk\");\n\nconst loadOnePasswordSdk = (): Effect.Effect<OnePasswordSdkModule, OnePasswordError> =>\n Effect.tryPromise({\n try: () => import(\"@1password/sdk\"),\n catch: (cause) =>\n new OnePasswordError({\n operation: \"sdk module load\",\n message: cause instanceof Error ? cause.message : String(cause),\n }),\n });\n\nconst makeTimeoutMessage = (operation: string, timeoutMs: number): string =>\n [\n `${operation}: timed out after ${Math.floor(timeoutMs / 1000)}s.`,\n \"Troubleshooting:\",\n \"1. Make sure the 1Password desktop app is open and unlocked\",\n \"2. Check for an approval prompt in the 1Password app — it may be behind other windows\",\n \"3. Ensure 'Developer > Connect with 1Password CLI' is enabled in 1Password Settings\",\n \"4. Make sure no other app or terminal is waiting for 1Password approval (only one prompt at a time)\",\n \"5. Try quitting 1Password completely and reopening it, then retry\",\n ].join(\"\\n\");\n\nexport const makeNativeSdkService = (\n auth: ResolvedAuth,\n timeoutMs: number = DEFAULT_TIMEOUT_MS,\n): Effect.Effect<OnePasswordService, OnePasswordError> =>\n Effect.gen(function* () {\n const timeout = Duration.millis(timeoutMs);\n const sdk = yield* loadOnePasswordSdk().pipe(\n Effect.timeoutFail({\n duration: timeout,\n onTimeout: () =>\n new OnePasswordError({\n operation: \"sdk module load\",\n message: makeTimeoutMessage(\"sdk module load\", timeoutMs),\n }),\n }),\n );\n\n const client = yield* Effect.tryPromise({\n try: () =>\n sdk.createClient({\n auth: auth.kind === \"desktop-app\" ? new sdk.DesktopAuth(auth.accountName) : auth.token,\n integrationName: \"Executor\",\n integrationVersion: \"0.0.0\",\n }),\n catch: (cause) =>\n new OnePasswordError({\n operation: \"client setup\",\n message: cause instanceof Error ? cause.message : String(cause),\n }),\n }).pipe(\n Effect.timeoutFail({\n duration: timeout,\n onTimeout: () =>\n new OnePasswordError({\n operation: \"client setup\",\n message: makeTimeoutMessage(\"client setup\", timeoutMs),\n }),\n }),\n );\n\n const wrap = <A>(fn: () => Promise<A>, operation: string): Effect.Effect<A, OnePasswordError> =>\n Effect.tryPromise({\n try: fn,\n catch: (cause) =>\n new OnePasswordError({\n operation,\n message: cause instanceof Error ? cause.message : String(cause),\n }),\n }).pipe(\n Effect.timeoutFail({\n duration: timeout,\n onTimeout: () =>\n new OnePasswordError({\n operation,\n message: makeTimeoutMessage(operation, timeoutMs),\n }),\n }),\n Effect.withSpan(`onepassword.sdk.${operation}`),\n );\n\n return OnePasswordServiceTag.of({\n resolveSecret: (uri) => wrap(() => client.secrets.resolve(uri), \"secret resolution\"),\n\n listVaults: () =>\n wrap(() => client.vaults.list({ decryptDetails: true }), \"vault listing\").pipe(\n Effect.map((vaults) => vaults.map((v) => ({ id: v.id, title: v.title }))),\n ),\n\n listItems: (vaultId) =>\n wrap(() => client.items.list(vaultId), \"item listing\").pipe(\n Effect.map((items) => items.map((i) => ({ id: i.id, title: i.title }))),\n ),\n });\n }).pipe(Effect.withSpan(\"onepassword.sdk.make_service\"));\n\n// ---------------------------------------------------------------------------\n// CLI backend — uses @1password/op-js (shells out to `op` CLI)\n// ---------------------------------------------------------------------------\n\nexport const makeCliService = (\n auth: ResolvedAuth,\n): Effect.Effect<OnePasswordService, OnePasswordError> =>\n Effect.sync(() => {\n // Configure auth\n if (auth.kind === \"service-account\") {\n op.setServiceAccount(auth.token);\n } else {\n op.setGlobalFlags({ account: auth.accountName });\n }\n\n const wrapSync = <A>(fn: () => A, operation: string): Effect.Effect<A, OnePasswordError> =>\n Effect.try({\n try: fn,\n catch: (cause) =>\n new OnePasswordError({\n operation,\n message: cause instanceof Error ? cause.message : String(cause),\n }),\n }).pipe(Effect.withSpan(`onepassword.cli.${operation}`));\n\n return OnePasswordServiceTag.of({\n resolveSecret: (uri) => wrapSync(() => op.read.parse(uri), \"secret resolution\"),\n\n listVaults: () =>\n wrapSync(() => op.vault.list(), \"vault listing\").pipe(\n Effect.map((vaults) => vaults.map((v) => ({ id: v.id, title: v.name }))),\n ),\n\n listItems: (vaultId) =>\n wrapSync(() => op.item.list({ vault: vaultId }), \"item listing\").pipe(\n Effect.map((items) => items.map((i) => ({ id: i.id, title: i.title }))),\n ),\n });\n }).pipe(Effect.withSpan(\"onepassword.cli.make_service\"));\n\n// ---------------------------------------------------------------------------\n// Smart factory — tries CLI first (avoids IPC hang), falls back to SDK\n// ---------------------------------------------------------------------------\n\nexport const makeOnePasswordService = (\n auth: ResolvedAuth,\n options?: { readonly preferSdk?: boolean; readonly timeoutMs?: number },\n): Effect.Effect<OnePasswordService, OnePasswordError> => {\n const timeoutMs = options?.timeoutMs ?? DEFAULT_TIMEOUT_MS;\n\n if (options?.preferSdk) {\n return makeNativeSdkService(auth, timeoutMs);\n }\n\n // Default: prefer CLI to avoid the IPC hang bug\n return makeCliService(auth).pipe(\n Effect.catchAll((cliError) =>\n // CLI unavailable (e.g. `op` not installed) — fall back to SDK\n makeNativeSdkService(auth, timeoutMs).pipe(Effect.mapError(() => cliError)),\n ),\n );\n};\n","import { Effect, Schema } from \"effect\";\n\nimport {\n definePlugin,\n type ExecutorPlugin,\n type PluginContext,\n type SecretProvider,\n type ScopedKv,\n SecretId,\n} from \"@executor/sdk\";\n\nimport { OnePasswordConfig, Vault, ConnectionStatus } from \"./types\";\nimport type { OnePasswordAuth } from \"./types\";\nimport { OnePasswordError } from \"./errors\";\nimport { makeOnePasswordService, type ResolvedAuth, type OnePasswordService } from \"./service\";\n\n// ---------------------------------------------------------------------------\n// Constants\n// ---------------------------------------------------------------------------\n\nconst PLUGIN_KEY = \"onepassword\";\nconst CREDENTIAL_FIELD = \"credential\";\nconst DEFAULT_TIMEOUT_MS = 15_000;\nconst CONFIG_KEY = \"config\";\n\n// ---------------------------------------------------------------------------\n// Plugin extension — public API on executor.onepassword\n// ---------------------------------------------------------------------------\n\nexport interface OnePasswordExtension {\n /** Configure the 1Password connection */\n readonly configure: (config: OnePasswordConfig) => Effect.Effect<void, OnePasswordError>;\n\n /** Get current configuration (if any) */\n readonly getConfig: () => Effect.Effect<OnePasswordConfig | null, OnePasswordError>;\n\n /** Remove the 1Password configuration */\n readonly removeConfig: () => Effect.Effect<void>;\n\n /** Check connection status */\n readonly status: () => Effect.Effect<ConnectionStatus, OnePasswordError>;\n\n /** List accessible vaults (requires auth) */\n readonly listVaults: (\n auth: OnePasswordAuth,\n ) => Effect.Effect<ReadonlyArray<Vault>, OnePasswordError>;\n\n /** Resolve a secret directly by op:// URI */\n readonly resolve: (uri: string) => Effect.Effect<string, OnePasswordError>;\n}\n\n// ---------------------------------------------------------------------------\n// Helpers\n// ---------------------------------------------------------------------------\n\nconst resolveAuth = (\n auth: OnePasswordAuth,\n ctx: PluginContext,\n): Effect.Effect<ResolvedAuth, OnePasswordError> => {\n if (auth.kind === \"desktop-app\") {\n return Effect.succeed({\n kind: \"desktop-app\" as const,\n accountName: auth.accountName,\n });\n }\n return ctx.secrets.resolve(SecretId.make(auth.tokenSecretId), ctx.scope.id).pipe(\n Effect.map((token): ResolvedAuth => ({ kind: \"service-account\", token })),\n Effect.mapError(\n (e) =>\n new OnePasswordError({\n operation: \"auth resolution\",\n message: `Failed to resolve service account token secret \"${auth.tokenSecretId}\": ${e._tag}`,\n }),\n ),\n );\n};\n\nconst getServiceFromConfig = (\n config: OnePasswordConfig,\n ctx: PluginContext,\n timeoutMs: number,\n): Effect.Effect<OnePasswordService, OnePasswordError> =>\n resolveAuth(config.auth, ctx).pipe(\n Effect.flatMap((resolved) => makeOnePasswordService(resolved, { timeoutMs })),\n );\n\n// ---------------------------------------------------------------------------\n// SecretProvider — read-only, resolves op:// URIs or vaultId-based lookups\n// ---------------------------------------------------------------------------\n\nconst makeProvider = (\n getConfig: () => Effect.Effect<OnePasswordConfig | null, OnePasswordError>,\n ctx: PluginContext,\n timeoutMs: number,\n): SecretProvider => ({\n key: \"onepassword\",\n writable: false,\n\n get: (secretId) =>\n getConfig().pipe(\n Effect.flatMap((config) => {\n if (!config) return Effect.succeed(null);\n\n const uri = secretId.startsWith(\"op://\")\n ? secretId\n : `op://${config.vaultId}/${secretId}/${CREDENTIAL_FIELD}`;\n\n return getServiceFromConfig(config, ctx, timeoutMs).pipe(\n Effect.flatMap((svc) => svc.resolveSecret(uri)),\n Effect.map((v): string | null => v),\n Effect.orElseSucceed(() => null),\n );\n }),\n Effect.orElseSucceed(() => null),\n ),\n\n list: () =>\n getConfig().pipe(\n Effect.flatMap((config) => {\n if (!config) return Effect.succeed([] as { id: string; name: string }[]);\n return getServiceFromConfig(config, ctx, timeoutMs).pipe(\n Effect.flatMap((svc) => svc.listItems(config.vaultId)),\n Effect.map((items) => items.map((item) => ({ id: item.id, name: item.title }))),\n );\n }),\n Effect.orElseSucceed(() => [] as { id: string; name: string }[]),\n ),\n});\n\n// ---------------------------------------------------------------------------\n// Config persistence via ScopedKv\n// ---------------------------------------------------------------------------\n\nconst decodeConfig = Schema.decodeUnknownSync(OnePasswordConfig);\n\nconst loadConfig = (kv: ScopedKv): Effect.Effect<OnePasswordConfig | null, OnePasswordError> =>\n kv.get(CONFIG_KEY).pipe(\n Effect.flatMap((v) => {\n if (v === null) return Effect.succeed(null);\n return Effect.try(() => decodeConfig(JSON.parse(v))).pipe(\n Effect.mapError(\n (cause) =>\n new OnePasswordError({\n operation: \"config decode\",\n message: cause instanceof Error ? cause.message : String(cause),\n }),\n ),\n );\n }),\n );\n\nconst saveConfig = (kv: ScopedKv, config: OnePasswordConfig): Effect.Effect<void> =>\n kv.set([\n {\n key: CONFIG_KEY,\n value: JSON.stringify({\n auth: config.auth,\n vaultId: config.vaultId,\n name: config.name,\n }),\n },\n ]);\n\nconst deleteConfig = (kv: ScopedKv): Effect.Effect<void> =>\n kv.delete([CONFIG_KEY]).pipe(Effect.asVoid);\n\n// ---------------------------------------------------------------------------\n// Plugin factory\n// ---------------------------------------------------------------------------\n\nexport interface OnePasswordPluginOptions {\n /** Scoped KV for persisting config (provided by server) */\n readonly kv: ScopedKv;\n /** Request timeout in ms (default: 15000) */\n readonly timeoutMs?: number;\n /** Force use of the native SDK instead of the CLI (default: false) */\n readonly preferSdk?: boolean;\n}\n\nexport const onepasswordPlugin = (\n options: OnePasswordPluginOptions,\n): ExecutorPlugin<typeof PLUGIN_KEY, OnePasswordExtension> => {\n const timeoutMs = options.timeoutMs ?? DEFAULT_TIMEOUT_MS;\n const kv = options.kv;\n\n return definePlugin({\n key: PLUGIN_KEY,\n init: (ctx) =>\n Effect.gen(function* () {\n const getConfig = () => loadConfig(kv);\n\n yield* ctx.secrets.addProvider(makeProvider(getConfig, ctx, timeoutMs));\n\n const extension: OnePasswordExtension = {\n configure: (config) => saveConfig(kv, config),\n\n getConfig: () => getConfig(),\n\n removeConfig: () => deleteConfig(kv),\n\n status: () =>\n Effect.gen(function* () {\n const config = yield* getConfig();\n if (!config) {\n return new ConnectionStatus({\n connected: false,\n error: \"Not configured\",\n });\n }\n const svc = yield* getServiceFromConfig(config, ctx, timeoutMs);\n const vaults = yield* svc.listVaults();\n const vault = vaults.find((v) => v.id === config.vaultId);\n return new ConnectionStatus({\n connected: true,\n vaultName: vault?.title,\n });\n }),\n\n listVaults: (auth) =>\n Effect.gen(function* () {\n const resolved = yield* resolveAuth(auth, ctx);\n const svc = yield* makeOnePasswordService(resolved, {\n timeoutMs,\n preferSdk: options.preferSdk,\n });\n const vaults = yield* svc.listVaults();\n return vaults\n .map((v) => new Vault({ id: v.id, name: v.title }))\n .sort((a, b) => a.name.localeCompare(b.name));\n }),\n\n resolve: (uri) =>\n Effect.gen(function* () {\n const config = yield* getConfig();\n if (!config) {\n return yield* new OnePasswordError({\n operation: \"resolve\",\n message: \"1Password is not configured\",\n });\n }\n const svc = yield* getServiceFromConfig(config, ctx, timeoutMs);\n return yield* svc.resolveSecret(uri);\n }),\n };\n\n return { extension };\n }),\n });\n};\n"],"mappings":";AAAA,SAAS,cAAc;AAMhB,IAAM,iBAAN,cAA6B,OAAO,MAAsB,gBAAgB,EAAE;AAAA,EACjF,MAAM,OAAO,QAAQ,aAAa;AAAA;AAAA,EAElC,aAAa,OAAO;AACtB,CAAC,EAAE;AAAC;AAEG,IAAM,qBAAN,cAAiC,OAAO,MAA0B,oBAAoB,EAAE;AAAA,EAC7F,MAAM,OAAO,QAAQ,iBAAiB;AAAA;AAAA,EAEtC,eAAe,OAAO;AACxB,CAAC,EAAE;AAAC;AAEG,IAAM,kBAAkB,OAAO,MAAM,gBAAgB,kBAAkB;AAOvE,IAAM,oBAAN,cAAgC,OAAO,MAAyB,mBAAmB,EAAE;AAAA,EAC1F,MAAM;AAAA;AAAA,EAEN,SAAS,OAAO;AAAA;AAAA,EAEhB,MAAM,OAAO;AACf,CAAC,EAAE;AAAC;AAMG,IAAM,QAAN,cAAoB,OAAO,MAAa,OAAO,EAAE;AAAA,EACtD,IAAI,OAAO;AAAA,EACX,MAAM,OAAO;AACf,CAAC,EAAE;AAAC;AAMG,IAAM,mBAAN,cAA+B,OAAO,MAAwB,kBAAkB,EAAE;AAAA,EACvF,WAAW,OAAO;AAAA,EAClB,WAAW,OAAO,SAAS,OAAO,MAAM;AAAA,EACxC,OAAO,OAAO,SAAS,OAAO,MAAM;AACtC,CAAC,EAAE;AAAC;;;AClDJ,SAAS,UAAAA,eAAc;AAEhB,IAAM,mBAAN,cAA+BA,QAAO,YAA8B,EAAE,oBAAoB;AAAA,EAC/F,WAAWA,QAAO;AAAA,EAClB,SAASA,QAAO;AAClB,CAAC,EAAE;AAAC;;;ACLJ,SAAS,SAAS,UAAU,cAAc;AAC1C,YAAY,QAAQ;AA+Bb,IAAM,wBAAN,cAAoC,QAAQ;AAAA,EACjD;AACF,EAA6C,EAAE;AAAC;AAchD,IAAM,qBAAqB;AAG3B,IAAM,qBAAqB,MACzB,OAAO,WAAW;AAAA,EAChB,KAAK,MAAM,OAAO,gBAAgB;AAAA,EAClC,OAAO,CAAC,UACN,IAAI,iBAAiB;AAAA,IACnB,WAAW;AAAA,IACX,SAAS,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAAA,EAChE,CAAC;AACL,CAAC;AAEH,IAAM,qBAAqB,CAAC,WAAmB,cAC7C;AAAA,EACE,GAAG,SAAS,qBAAqB,KAAK,MAAM,YAAY,GAAI,CAAC;AAAA,EAC7D;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,EAAE,KAAK,IAAI;AAEN,IAAM,uBAAuB,CAClC,MACA,YAAoB,uBAEpB,OAAO,IAAI,aAAa;AACtB,QAAM,UAAU,SAAS,OAAO,SAAS;AACzC,QAAM,MAAM,OAAO,mBAAmB,EAAE;AAAA,IACtC,OAAO,YAAY;AAAA,MACjB,UAAU;AAAA,MACV,WAAW,MACT,IAAI,iBAAiB;AAAA,QACnB,WAAW;AAAA,QACX,SAAS,mBAAmB,mBAAmB,SAAS;AAAA,MAC1D,CAAC;AAAA,IACL,CAAC;AAAA,EACH;AAEA,QAAM,SAAS,OAAO,OAAO,WAAW;AAAA,IACtC,KAAK,MACH,IAAI,aAAa;AAAA,MACf,MAAM,KAAK,SAAS,gBAAgB,IAAI,IAAI,YAAY,KAAK,WAAW,IAAI,KAAK;AAAA,MACjF,iBAAiB;AAAA,MACjB,oBAAoB;AAAA,IACtB,CAAC;AAAA,IACH,OAAO,CAAC,UACN,IAAI,iBAAiB;AAAA,MACnB,WAAW;AAAA,MACX,SAAS,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAAA,IAChE,CAAC;AAAA,EACL,CAAC,EAAE;AAAA,IACD,OAAO,YAAY;AAAA,MACjB,UAAU;AAAA,MACV,WAAW,MACT,IAAI,iBAAiB;AAAA,QACnB,WAAW;AAAA,QACX,SAAS,mBAAmB,gBAAgB,SAAS;AAAA,MACvD,CAAC;AAAA,IACL,CAAC;AAAA,EACH;AAEA,QAAM,OAAO,CAAI,IAAsB,cACrC,OAAO,WAAW;AAAA,IAChB,KAAK;AAAA,IACL,OAAO,CAAC,UACN,IAAI,iBAAiB;AAAA,MACnB;AAAA,MACA,SAAS,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAAA,IAChE,CAAC;AAAA,EACL,CAAC,EAAE;AAAA,IACD,OAAO,YAAY;AAAA,MACjB,UAAU;AAAA,MACV,WAAW,MACT,IAAI,iBAAiB;AAAA,QACnB;AAAA,QACA,SAAS,mBAAmB,WAAW,SAAS;AAAA,MAClD,CAAC;AAAA,IACL,CAAC;AAAA,IACD,OAAO,SAAS,mBAAmB,SAAS,EAAE;AAAA,EAChD;AAEF,SAAO,sBAAsB,GAAG;AAAA,IAC9B,eAAe,CAAC,QAAQ,KAAK,MAAM,OAAO,QAAQ,QAAQ,GAAG,GAAG,mBAAmB;AAAA,IAEnF,YAAY,MACV,KAAK,MAAM,OAAO,OAAO,KAAK,EAAE,gBAAgB,KAAK,CAAC,GAAG,eAAe,EAAE;AAAA,MACxE,OAAO,IAAI,CAAC,WAAW,OAAO,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,IAAI,OAAO,EAAE,MAAM,EAAE,CAAC;AAAA,IAC1E;AAAA,IAEF,WAAW,CAAC,YACV,KAAK,MAAM,OAAO,MAAM,KAAK,OAAO,GAAG,cAAc,EAAE;AAAA,MACrD,OAAO,IAAI,CAAC,UAAU,MAAM,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,IAAI,OAAO,EAAE,MAAM,EAAE,CAAC;AAAA,IACxE;AAAA,EACJ,CAAC;AACH,CAAC,EAAE,KAAK,OAAO,SAAS,8BAA8B,CAAC;AAMlD,IAAM,iBAAiB,CAC5B,SAEA,OAAO,KAAK,MAAM;AAEhB,MAAI,KAAK,SAAS,mBAAmB;AACnC,IAAG,qBAAkB,KAAK,KAAK;AAAA,EACjC,OAAO;AACL,IAAG,kBAAe,EAAE,SAAS,KAAK,YAAY,CAAC;AAAA,EACjD;AAEA,QAAM,WAAW,CAAI,IAAa,cAChC,OAAO,IAAI;AAAA,IACT,KAAK;AAAA,IACL,OAAO,CAAC,UACN,IAAI,iBAAiB;AAAA,MACnB;AAAA,MACA,SAAS,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAAA,IAChE,CAAC;AAAA,EACL,CAAC,EAAE,KAAK,OAAO,SAAS,mBAAmB,SAAS,EAAE,CAAC;AAEzD,SAAO,sBAAsB,GAAG;AAAA,IAC9B,eAAe,CAAC,QAAQ,SAAS,MAAS,QAAK,MAAM,GAAG,GAAG,mBAAmB;AAAA,IAE9E,YAAY,MACV,SAAS,MAAS,SAAM,KAAK,GAAG,eAAe,EAAE;AAAA,MAC/C,OAAO,IAAI,CAAC,WAAW,OAAO,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,IAAI,OAAO,EAAE,KAAK,EAAE,CAAC;AAAA,IACzE;AAAA,IAEF,WAAW,CAAC,YACV,SAAS,MAAS,QAAK,KAAK,EAAE,OAAO,QAAQ,CAAC,GAAG,cAAc,EAAE;AAAA,MAC/D,OAAO,IAAI,CAAC,UAAU,MAAM,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,IAAI,OAAO,EAAE,MAAM,EAAE,CAAC;AAAA,IACxE;AAAA,EACJ,CAAC;AACH,CAAC,EAAE,KAAK,OAAO,SAAS,8BAA8B,CAAC;AAMlD,IAAM,yBAAyB,CACpC,MACA,YACwD;AACxD,QAAM,YAAY,SAAS,aAAa;AAExC,MAAI,SAAS,WAAW;AACtB,WAAO,qBAAqB,MAAM,SAAS;AAAA,EAC7C;AAGA,SAAO,eAAe,IAAI,EAAE;AAAA,IAC1B,OAAO;AAAA,MAAS,CAAC;AAAA;AAAA,QAEf,qBAAqB,MAAM,SAAS,EAAE,KAAK,OAAO,SAAS,MAAM,QAAQ,CAAC;AAAA;AAAA,IAC5E;AAAA,EACF;AACF;;;AChNA,SAAS,UAAAC,SAAQ,UAAAC,eAAc;AAE/B;AAAA,EACE;AAAA,EAKA;AAAA,OACK;AAWP,IAAM,aAAa;AACnB,IAAM,mBAAmB;AACzB,IAAMC,sBAAqB;AAC3B,IAAM,aAAa;AAgCnB,IAAM,cAAc,CAClB,MACA,QACkD;AAClD,MAAI,KAAK,SAAS,eAAe;AAC/B,WAAOC,QAAO,QAAQ;AAAA,MACpB,MAAM;AAAA,MACN,aAAa,KAAK;AAAA,IACpB,CAAC;AAAA,EACH;AACA,SAAO,IAAI,QAAQ,QAAQ,SAAS,KAAK,KAAK,aAAa,GAAG,IAAI,MAAM,EAAE,EAAE;AAAA,IAC1EA,QAAO,IAAI,CAAC,WAAyB,EAAE,MAAM,mBAAmB,MAAM,EAAE;AAAA,IACxEA,QAAO;AAAA,MACL,CAAC,MACC,IAAI,iBAAiB;AAAA,QACnB,WAAW;AAAA,QACX,SAAS,mDAAmD,KAAK,aAAa,MAAM,EAAE,IAAI;AAAA,MAC5F,CAAC;AAAA,IACL;AAAA,EACF;AACF;AAEA,IAAM,uBAAuB,CAC3B,QACA,KACA,cAEA,YAAY,OAAO,MAAM,GAAG,EAAE;AAAA,EAC5BA,QAAO,QAAQ,CAAC,aAAa,uBAAuB,UAAU,EAAE,UAAU,CAAC,CAAC;AAC9E;AAMF,IAAM,eAAe,CACnB,WACA,KACA,eACoB;AAAA,EACpB,KAAK;AAAA,EACL,UAAU;AAAA,EAEV,KAAK,CAAC,aACJ,UAAU,EAAE;AAAA,IACVA,QAAO,QAAQ,CAAC,WAAW;AACzB,UAAI,CAAC,OAAQ,QAAOA,QAAO,QAAQ,IAAI;AAEvC,YAAM,MAAM,SAAS,WAAW,OAAO,IACnC,WACA,QAAQ,OAAO,OAAO,IAAI,QAAQ,IAAI,gBAAgB;AAE1D,aAAO,qBAAqB,QAAQ,KAAK,SAAS,EAAE;AAAA,QAClDA,QAAO,QAAQ,CAAC,QAAQ,IAAI,cAAc,GAAG,CAAC;AAAA,QAC9CA,QAAO,IAAI,CAAC,MAAqB,CAAC;AAAA,QAClCA,QAAO,cAAc,MAAM,IAAI;AAAA,MACjC;AAAA,IACF,CAAC;AAAA,IACDA,QAAO,cAAc,MAAM,IAAI;AAAA,EACjC;AAAA,EAEF,MAAM,MACJ,UAAU,EAAE;AAAA,IACVA,QAAO,QAAQ,CAAC,WAAW;AACzB,UAAI,CAAC,OAAQ,QAAOA,QAAO,QAAQ,CAAC,CAAmC;AACvE,aAAO,qBAAqB,QAAQ,KAAK,SAAS,EAAE;AAAA,QAClDA,QAAO,QAAQ,CAAC,QAAQ,IAAI,UAAU,OAAO,OAAO,CAAC;AAAA,QACrDA,QAAO,IAAI,CAAC,UAAU,MAAM,IAAI,CAACC,WAAU,EAAE,IAAIA,MAAK,IAAI,MAAMA,MAAK,MAAM,EAAE,CAAC;AAAA,MAChF;AAAA,IACF,CAAC;AAAA,IACDD,QAAO,cAAc,MAAM,CAAC,CAAmC;AAAA,EACjE;AACJ;AAMA,IAAM,eAAeE,QAAO,kBAAkB,iBAAiB;AAE/D,IAAM,aAAa,CAAC,OAClB,GAAG,IAAI,UAAU,EAAE;AAAA,EACjBF,QAAO,QAAQ,CAAC,MAAM;AACpB,QAAI,MAAM,KAAM,QAAOA,QAAO,QAAQ,IAAI;AAC1C,WAAOA,QAAO,IAAI,MAAM,aAAa,KAAK,MAAM,CAAC,CAAC,CAAC,EAAE;AAAA,MACnDA,QAAO;AAAA,QACL,CAAC,UACC,IAAI,iBAAiB;AAAA,UACnB,WAAW;AAAA,UACX,SAAS,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAAA,QAChE,CAAC;AAAA,MACL;AAAA,IACF;AAAA,EACF,CAAC;AACH;AAEF,IAAM,aAAa,CAAC,IAAc,WAChC,GAAG,IAAI;AAAA,EACL;AAAA,IACE,KAAK;AAAA,IACL,OAAO,KAAK,UAAU;AAAA,MACpB,MAAM,OAAO;AAAA,MACb,SAAS,OAAO;AAAA,MAChB,MAAM,OAAO;AAAA,IACf,CAAC;AAAA,EACH;AACF,CAAC;AAEH,IAAM,eAAe,CAAC,OACpB,GAAG,OAAO,CAAC,UAAU,CAAC,EAAE,KAAKA,QAAO,MAAM;AAerC,IAAM,oBAAoB,CAC/B,YAC4D;AAC5D,QAAM,YAAY,QAAQ,aAAaD;AACvC,QAAM,KAAK,QAAQ;AAEnB,SAAO,aAAa;AAAA,IAClB,KAAK;AAAA,IACL,MAAM,CAAC,QACLC,QAAO,IAAI,aAAa;AACtB,YAAM,YAAY,MAAM,WAAW,EAAE;AAErC,aAAO,IAAI,QAAQ,YAAY,aAAa,WAAW,KAAK,SAAS,CAAC;AAEtE,YAAM,YAAkC;AAAA,QACtC,WAAW,CAAC,WAAW,WAAW,IAAI,MAAM;AAAA,QAE5C,WAAW,MAAM,UAAU;AAAA,QAE3B,cAAc,MAAM,aAAa,EAAE;AAAA,QAEnC,QAAQ,MACNA,QAAO,IAAI,aAAa;AACtB,gBAAM,SAAS,OAAO,UAAU;AAChC,cAAI,CAAC,QAAQ;AACX,mBAAO,IAAI,iBAAiB;AAAA,cAC1B,WAAW;AAAA,cACX,OAAO;AAAA,YACT,CAAC;AAAA,UACH;AACA,gBAAM,MAAM,OAAO,qBAAqB,QAAQ,KAAK,SAAS;AAC9D,gBAAM,SAAS,OAAO,IAAI,WAAW;AACrC,gBAAMG,SAAQ,OAAO,KAAK,CAAC,MAAM,EAAE,OAAO,OAAO,OAAO;AACxD,iBAAO,IAAI,iBAAiB;AAAA,YAC1B,WAAW;AAAA,YACX,WAAWA,QAAO;AAAA,UACpB,CAAC;AAAA,QACH,CAAC;AAAA,QAEH,YAAY,CAAC,SACXH,QAAO,IAAI,aAAa;AACtB,gBAAM,WAAW,OAAO,YAAY,MAAM,GAAG;AAC7C,gBAAM,MAAM,OAAO,uBAAuB,UAAU;AAAA,YAClD;AAAA,YACA,WAAW,QAAQ;AAAA,UACrB,CAAC;AACD,gBAAM,SAAS,OAAO,IAAI,WAAW;AACrC,iBAAO,OACJ,IAAI,CAAC,MAAM,IAAI,MAAM,EAAE,IAAI,EAAE,IAAI,MAAM,EAAE,MAAM,CAAC,CAAC,EACjD,KAAK,CAAC,GAAG,MAAM,EAAE,KAAK,cAAc,EAAE,IAAI,CAAC;AAAA,QAChD,CAAC;AAAA,QAEH,SAAS,CAAC,QACRA,QAAO,IAAI,aAAa;AACtB,gBAAM,SAAS,OAAO,UAAU;AAChC,cAAI,CAAC,QAAQ;AACX,mBAAO,OAAO,IAAI,iBAAiB;AAAA,cACjC,WAAW;AAAA,cACX,SAAS;AAAA,YACX,CAAC;AAAA,UACH;AACA,gBAAM,MAAM,OAAO,qBAAqB,QAAQ,KAAK,SAAS;AAC9D,iBAAO,OAAO,IAAI,cAAc,GAAG;AAAA,QACrC,CAAC;AAAA,MACL;AAEA,aAAO,EAAE,UAAU;AAAA,IACrB,CAAC;AAAA,EACL,CAAC;AACH;","names":["Schema","Effect","Schema","DEFAULT_TIMEOUT_MS","Effect","item","Schema","vault"]}
package/dist/core.js CHANGED
@@ -4,281 +4,14 @@ import {
4
4
  OnePasswordAuth,
5
5
  OnePasswordConfig,
6
6
  OnePasswordError,
7
+ OnePasswordServiceTag,
7
8
  ServiceAccountAuth,
8
- Vault
9
- } from "./chunk-FNUS7GBT.js";
10
-
11
- // src/sdk/plugin.ts
12
- import { Effect as Effect2, Schema } from "effect";
13
- import {
14
- definePlugin,
15
- SecretId
16
- } from "@executor-js/sdk/core";
17
-
18
- // src/sdk/service.ts
19
- import { Context, Duration, Effect } from "effect";
20
- import * as op from "@1password/op-js";
21
- var OnePasswordServiceTag = class extends Context.Tag(
22
- "@executor-js/plugin-onepassword/OnePasswordService"
23
- )() {
24
- };
25
- var DEFAULT_TIMEOUT_MS = 15e3;
26
- var loadOnePasswordSdk = () => Effect.tryPromise({
27
- try: () => import("@1password/sdk"),
28
- catch: (cause) => new OnePasswordError({
29
- operation: "sdk module load",
30
- message: cause instanceof Error ? cause.message : String(cause)
31
- })
32
- });
33
- var makeTimeoutMessage = (operation, timeoutMs) => [
34
- `${operation}: timed out after ${Math.floor(timeoutMs / 1e3)}s.`,
35
- "Troubleshooting:",
36
- "1. Make sure the 1Password desktop app is open and unlocked",
37
- "2. Check for an approval prompt in the 1Password app \u2014 it may be behind other windows",
38
- "3. Ensure 'Developer > Connect with 1Password CLI' is enabled in 1Password Settings",
39
- "4. Make sure no other app or terminal is waiting for 1Password approval (only one prompt at a time)",
40
- "5. Try quitting 1Password completely and reopening it, then retry"
41
- ].join("\n");
42
- var makeNativeSdkService = (auth, timeoutMs = DEFAULT_TIMEOUT_MS) => Effect.gen(function* () {
43
- const timeout = Duration.millis(timeoutMs);
44
- const sdk = yield* loadOnePasswordSdk().pipe(
45
- Effect.timeoutFail({
46
- duration: timeout,
47
- onTimeout: () => new OnePasswordError({
48
- operation: "sdk module load",
49
- message: makeTimeoutMessage("sdk module load", timeoutMs)
50
- })
51
- })
52
- );
53
- const client = yield* Effect.tryPromise({
54
- try: () => sdk.createClient({
55
- auth: auth.kind === "desktop-app" ? new sdk.DesktopAuth(auth.accountName) : auth.token,
56
- integrationName: "Executor",
57
- integrationVersion: "0.0.0"
58
- }),
59
- catch: (cause) => new OnePasswordError({
60
- operation: "client setup",
61
- message: cause instanceof Error ? cause.message : String(cause)
62
- })
63
- }).pipe(
64
- Effect.timeoutFail({
65
- duration: timeout,
66
- onTimeout: () => new OnePasswordError({
67
- operation: "client setup",
68
- message: makeTimeoutMessage("client setup", timeoutMs)
69
- })
70
- })
71
- );
72
- const wrap = (fn, operation) => Effect.tryPromise({
73
- try: fn,
74
- catch: (cause) => new OnePasswordError({
75
- operation,
76
- message: cause instanceof Error ? cause.message : String(cause)
77
- })
78
- }).pipe(
79
- Effect.timeoutFail({
80
- duration: timeout,
81
- onTimeout: () => new OnePasswordError({
82
- operation,
83
- message: makeTimeoutMessage(operation, timeoutMs)
84
- })
85
- }),
86
- Effect.withSpan(`onepassword.sdk.${operation}`)
87
- );
88
- return OnePasswordServiceTag.of({
89
- resolveSecret: (uri) => wrap(() => client.secrets.resolve(uri), "secret resolution"),
90
- listVaults: () => wrap(
91
- () => client.vaults.list({ decryptDetails: true }),
92
- "vault listing"
93
- ).pipe(
94
- Effect.map(
95
- (vaults) => vaults.map((v) => ({ id: v.id, title: v.title }))
96
- )
97
- ),
98
- listItems: (vaultId) => wrap(() => client.items.list(vaultId), "item listing").pipe(
99
- Effect.map(
100
- (items) => items.map((i) => ({ id: i.id, title: i.title }))
101
- )
102
- )
103
- });
104
- }).pipe(Effect.withSpan("onepassword.sdk.make_service"));
105
- var makeCliService = (auth) => Effect.gen(function* () {
106
- if (auth.kind === "service-account") {
107
- op.setServiceAccount(auth.token);
108
- } else {
109
- op.setGlobalFlags({ account: auth.accountName });
110
- }
111
- const wrapSync = (fn, operation) => Effect.try({
112
- try: fn,
113
- catch: (cause) => new OnePasswordError({
114
- operation,
115
- message: cause instanceof Error ? cause.message : String(cause)
116
- })
117
- }).pipe(Effect.withSpan(`onepassword.cli.${operation}`));
118
- return OnePasswordServiceTag.of({
119
- resolveSecret: (uri) => wrapSync(() => op.read.parse(uri), "secret resolution"),
120
- listVaults: () => wrapSync(() => op.vault.list(), "vault listing").pipe(
121
- Effect.map(
122
- (vaults) => vaults.map((v) => ({ id: v.id, title: v.name }))
123
- )
124
- ),
125
- listItems: (vaultId) => wrapSync(
126
- () => op.item.list({ vault: vaultId }),
127
- "item listing"
128
- ).pipe(
129
- Effect.map(
130
- (items) => items.map((i) => ({ id: i.id, title: i.title }))
131
- )
132
- )
133
- });
134
- }).pipe(Effect.withSpan("onepassword.cli.make_service"));
135
- var makeOnePasswordService = (auth, options) => {
136
- const timeoutMs = options?.timeoutMs ?? DEFAULT_TIMEOUT_MS;
137
- if (options?.preferSdk) {
138
- return makeNativeSdkService(auth, timeoutMs);
139
- }
140
- return makeCliService(auth).pipe(
141
- Effect.catchAll(
142
- (cliError) => (
143
- // CLI unavailable (e.g. `op` not installed) — fall back to SDK
144
- makeNativeSdkService(auth, timeoutMs).pipe(
145
- Effect.mapError(() => cliError)
146
- )
147
- )
148
- )
149
- );
150
- };
151
-
152
- // src/sdk/plugin.ts
153
- var PLUGIN_KEY = "onepassword";
154
- var CREDENTIAL_FIELD = "credential";
155
- var DEFAULT_TIMEOUT_MS2 = 15e3;
156
- var CONFIG_KEY = "config";
157
- var resolveAuth = (auth, ctx) => {
158
- if (auth.kind === "desktop-app") {
159
- return Effect2.succeed({
160
- kind: "desktop-app",
161
- accountName: auth.accountName
162
- });
163
- }
164
- return ctx.secrets.resolve(SecretId.make(auth.tokenSecretId), ctx.scope.id).pipe(
165
- Effect2.map(
166
- (token) => ({ kind: "service-account", token })
167
- ),
168
- Effect2.mapError(
169
- (e) => new OnePasswordError({
170
- operation: "auth resolution",
171
- message: `Failed to resolve service account token secret "${auth.tokenSecretId}": ${e._tag}`
172
- })
173
- )
174
- );
175
- };
176
- var getServiceFromConfig = (config, ctx, timeoutMs) => resolveAuth(config.auth, ctx).pipe(
177
- Effect2.flatMap((resolved) => makeOnePasswordService(resolved, { timeoutMs }))
178
- );
179
- var makeProvider = (getConfig, ctx, timeoutMs) => ({
180
- key: "onepassword",
181
- writable: false,
182
- get: (secretId) => getConfig().pipe(
183
- Effect2.flatMap((config) => {
184
- if (!config) return Effect2.succeed(null);
185
- const uri = secretId.startsWith("op://") ? secretId : `op://${config.vaultId}/${secretId}/${CREDENTIAL_FIELD}`;
186
- return getServiceFromConfig(config, ctx, timeoutMs).pipe(
187
- Effect2.flatMap((svc) => svc.resolveSecret(uri)),
188
- Effect2.map((v) => v),
189
- Effect2.orElseSucceed(() => null)
190
- );
191
- }),
192
- Effect2.orElseSucceed(() => null)
193
- ),
194
- list: () => getConfig().pipe(
195
- Effect2.flatMap((config) => {
196
- if (!config) return Effect2.succeed([]);
197
- return getServiceFromConfig(config, ctx, timeoutMs).pipe(
198
- Effect2.flatMap((svc) => svc.listItems(config.vaultId)),
199
- Effect2.map(
200
- (items) => items.map((item2) => ({ id: item2.id, name: item2.title }))
201
- )
202
- );
203
- }),
204
- Effect2.orElseSucceed(() => [])
205
- )
206
- });
207
- var decodeConfig = Schema.decodeUnknownSync(OnePasswordConfig);
208
- var loadConfig = (kv) => kv.get(CONFIG_KEY).pipe(
209
- Effect2.flatMap((v) => {
210
- if (v === null) return Effect2.succeed(null);
211
- return Effect2.try(() => decodeConfig(JSON.parse(v))).pipe(
212
- Effect2.mapError(
213
- (cause) => new OnePasswordError({
214
- operation: "config decode",
215
- message: cause instanceof Error ? cause.message : String(cause)
216
- })
217
- )
218
- );
219
- })
220
- );
221
- var saveConfig = (kv, config) => kv.set(CONFIG_KEY, JSON.stringify({
222
- auth: config.auth,
223
- vaultId: config.vaultId,
224
- name: config.name
225
- }));
226
- var deleteConfig = (kv) => kv.delete(CONFIG_KEY);
227
- var onepasswordPlugin = (options) => {
228
- const timeoutMs = options.timeoutMs ?? DEFAULT_TIMEOUT_MS2;
229
- const kv = options.kv;
230
- return definePlugin({
231
- key: PLUGIN_KEY,
232
- init: (ctx) => Effect2.gen(function* () {
233
- const getConfig = () => loadConfig(kv);
234
- yield* ctx.secrets.addProvider(
235
- makeProvider(getConfig, ctx, timeoutMs)
236
- );
237
- const extension = {
238
- configure: (config) => saveConfig(kv, config),
239
- getConfig: () => getConfig(),
240
- removeConfig: () => deleteConfig(kv),
241
- status: () => Effect2.gen(function* () {
242
- const config = yield* getConfig();
243
- if (!config) {
244
- return new ConnectionStatus({
245
- connected: false,
246
- error: "Not configured"
247
- });
248
- }
249
- const svc = yield* getServiceFromConfig(config, ctx, timeoutMs);
250
- const vaults = yield* svc.listVaults();
251
- const vault2 = vaults.find((v) => v.id === config.vaultId);
252
- return new ConnectionStatus({
253
- connected: true,
254
- vaultName: vault2?.title
255
- });
256
- }),
257
- listVaults: (auth) => Effect2.gen(function* () {
258
- const resolved = yield* resolveAuth(auth, ctx);
259
- const svc = yield* makeOnePasswordService(resolved, {
260
- timeoutMs,
261
- preferSdk: options.preferSdk
262
- });
263
- const vaults = yield* svc.listVaults();
264
- return vaults.map((v) => new Vault({ id: v.id, name: v.title })).sort((a, b) => a.name.localeCompare(b.name));
265
- }),
266
- resolve: (uri) => Effect2.gen(function* () {
267
- const config = yield* getConfig();
268
- if (!config) {
269
- return yield* new OnePasswordError({
270
- operation: "resolve",
271
- message: "1Password is not configured"
272
- });
273
- }
274
- const svc = yield* getServiceFromConfig(config, ctx, timeoutMs);
275
- return yield* svc.resolveSecret(uri);
276
- })
277
- };
278
- return { extension };
279
- })
280
- });
281
- };
9
+ Vault,
10
+ makeCliService,
11
+ makeNativeSdkService,
12
+ makeOnePasswordService,
13
+ onepasswordPlugin
14
+ } from "./chunk-57NB4OW6.js";
282
15
  export {
283
16
  ConnectionStatus,
284
17
  DesktopAppAuth,
package/dist/core.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/sdk/plugin.ts","../src/sdk/service.ts"],"sourcesContent":["import { Effect, Schema } from \"effect\";\n\nimport {\n definePlugin,\n type ExecutorPlugin,\n type PluginContext,\n type SecretProvider,\n type ScopedKv,\n SecretId,\n} from \"@executor/sdk/core\";\n\nimport { OnePasswordConfig, Vault, ConnectionStatus } from \"./types\";\nimport type { OnePasswordAuth } from \"./types\";\nimport { OnePasswordError } from \"./errors\";\nimport {\n makeOnePasswordService,\n type ResolvedAuth,\n type OnePasswordService,\n} from \"./service\";\n\n// ---------------------------------------------------------------------------\n// Constants\n// ---------------------------------------------------------------------------\n\nconst PLUGIN_KEY = \"onepassword\";\nconst CREDENTIAL_FIELD = \"credential\";\nconst DEFAULT_TIMEOUT_MS = 15_000;\nconst CONFIG_KEY = \"config\";\n\n// ---------------------------------------------------------------------------\n// Plugin extension — public API on executor.onepassword\n// ---------------------------------------------------------------------------\n\nexport interface OnePasswordExtension {\n /** Configure the 1Password connection */\n readonly configure: (\n config: OnePasswordConfig,\n ) => Effect.Effect<void, OnePasswordError>;\n\n /** Get current configuration (if any) */\n readonly getConfig: () => Effect.Effect<OnePasswordConfig | null, OnePasswordError>;\n\n /** Remove the 1Password configuration */\n readonly removeConfig: () => Effect.Effect<void>;\n\n /** Check connection status */\n readonly status: () => Effect.Effect<ConnectionStatus, OnePasswordError>;\n\n /** List accessible vaults (requires auth) */\n readonly listVaults: (\n auth: OnePasswordAuth,\n ) => Effect.Effect<ReadonlyArray<Vault>, OnePasswordError>;\n\n /** Resolve a secret directly by op:// URI */\n readonly resolve: (uri: string) => Effect.Effect<string, OnePasswordError>;\n}\n\n// ---------------------------------------------------------------------------\n// Helpers\n// ---------------------------------------------------------------------------\n\nconst resolveAuth = (\n auth: OnePasswordAuth,\n ctx: PluginContext,\n): Effect.Effect<ResolvedAuth, OnePasswordError> => {\n if (auth.kind === \"desktop-app\") {\n return Effect.succeed({\n kind: \"desktop-app\" as const,\n accountName: auth.accountName,\n });\n }\n return ctx.secrets.resolve(SecretId.make(auth.tokenSecretId), ctx.scope.id).pipe(\n Effect.map(\n (token): ResolvedAuth => ({ kind: \"service-account\", token }),\n ),\n Effect.mapError(\n (e) =>\n new OnePasswordError({\n operation: \"auth resolution\",\n message: `Failed to resolve service account token secret \"${auth.tokenSecretId}\": ${e._tag}`,\n }),\n ),\n );\n};\n\nconst getServiceFromConfig = (\n config: OnePasswordConfig,\n ctx: PluginContext,\n timeoutMs: number,\n): Effect.Effect<OnePasswordService, OnePasswordError> =>\n resolveAuth(config.auth, ctx).pipe(\n Effect.flatMap((resolved) => makeOnePasswordService(resolved, { timeoutMs })),\n );\n\n// ---------------------------------------------------------------------------\n// SecretProvider — read-only, resolves op:// URIs or vaultId-based lookups\n// ---------------------------------------------------------------------------\n\nconst makeProvider = (\n getConfig: () => Effect.Effect<OnePasswordConfig | null, OnePasswordError>,\n ctx: PluginContext,\n timeoutMs: number,\n): SecretProvider => ({\n key: \"onepassword\",\n writable: false,\n\n get: (secretId) =>\n getConfig().pipe(\n Effect.flatMap((config) => {\n if (!config) return Effect.succeed(null);\n\n const uri = secretId.startsWith(\"op://\")\n ? secretId\n : `op://${config.vaultId}/${secretId}/${CREDENTIAL_FIELD}`;\n\n return getServiceFromConfig(config, ctx, timeoutMs).pipe(\n Effect.flatMap((svc) => svc.resolveSecret(uri)),\n Effect.map((v): string | null => v),\n Effect.orElseSucceed(() => null),\n );\n }),\n Effect.orElseSucceed(() => null),\n ),\n\n list: () =>\n getConfig().pipe(\n Effect.flatMap((config) => {\n if (!config) return Effect.succeed([] as { id: string; name: string }[]);\n return getServiceFromConfig(config, ctx, timeoutMs).pipe(\n Effect.flatMap((svc) => svc.listItems(config.vaultId)),\n Effect.map((items) =>\n items.map((item) => ({ id: item.id, name: item.title })),\n ),\n );\n }),\n Effect.orElseSucceed(() => [] as { id: string; name: string }[]),\n ),\n});\n\n// ---------------------------------------------------------------------------\n// Config persistence via ScopedKv\n// ---------------------------------------------------------------------------\n\nconst decodeConfig = Schema.decodeUnknownSync(OnePasswordConfig);\n\nconst loadConfig = (kv: ScopedKv): Effect.Effect<OnePasswordConfig | null, OnePasswordError> =>\n kv.get(CONFIG_KEY).pipe(\n Effect.flatMap((v) => {\n if (v === null) return Effect.succeed(null);\n return Effect.try(() => decodeConfig(JSON.parse(v))).pipe(\n Effect.mapError(\n (cause) =>\n new OnePasswordError({\n operation: \"config decode\",\n message:\n cause instanceof Error ? cause.message : String(cause),\n }),\n ),\n );\n }),\n );\n\nconst saveConfig = (\n kv: ScopedKv,\n config: OnePasswordConfig,\n): Effect.Effect<void> =>\n kv.set(CONFIG_KEY, JSON.stringify({\n auth: config.auth,\n vaultId: config.vaultId,\n name: config.name,\n }));\n\nconst deleteConfig = (kv: ScopedKv): Effect.Effect<void> => kv.delete(CONFIG_KEY);\n\n// ---------------------------------------------------------------------------\n// Plugin factory\n// ---------------------------------------------------------------------------\n\nexport interface OnePasswordPluginOptions {\n /** Scoped KV for persisting config (provided by server) */\n readonly kv: ScopedKv;\n /** Request timeout in ms (default: 15000) */\n readonly timeoutMs?: number;\n /** Force use of the native SDK instead of the CLI (default: false) */\n readonly preferSdk?: boolean;\n}\n\nexport const onepasswordPlugin = (\n options: OnePasswordPluginOptions,\n): ExecutorPlugin<typeof PLUGIN_KEY, OnePasswordExtension> => {\n const timeoutMs = options.timeoutMs ?? DEFAULT_TIMEOUT_MS;\n const kv = options.kv;\n\n return definePlugin({\n key: PLUGIN_KEY,\n init: (ctx) =>\n Effect.gen(function* () {\n const getConfig = () => loadConfig(kv);\n\n yield* ctx.secrets.addProvider(\n makeProvider(getConfig, ctx, timeoutMs),\n );\n\n const extension: OnePasswordExtension = {\n configure: (config) =>\n saveConfig(kv, config),\n\n getConfig: () => getConfig(),\n\n removeConfig: () => deleteConfig(kv),\n\n status: () =>\n Effect.gen(function* () {\n const config = yield* getConfig();\n if (!config) {\n return new ConnectionStatus({\n connected: false,\n error: \"Not configured\",\n });\n }\n const svc = yield* getServiceFromConfig(config, ctx, timeoutMs);\n const vaults = yield* svc.listVaults();\n const vault = vaults.find((v) => v.id === config.vaultId);\n return new ConnectionStatus({\n connected: true,\n vaultName: vault?.title,\n });\n }),\n\n listVaults: (auth) =>\n Effect.gen(function* () {\n const resolved = yield* resolveAuth(auth, ctx);\n const svc = yield* makeOnePasswordService(resolved, {\n timeoutMs,\n preferSdk: options.preferSdk,\n });\n const vaults = yield* svc.listVaults();\n return vaults\n .map((v) => new Vault({ id: v.id, name: v.title }))\n .sort((a, b) => a.name.localeCompare(b.name));\n }),\n\n resolve: (uri) =>\n Effect.gen(function* () {\n const config = yield* getConfig();\n if (!config) {\n return yield* new OnePasswordError({\n operation: \"resolve\",\n message: \"1Password is not configured\",\n });\n }\n const svc = yield* getServiceFromConfig(config, ctx, timeoutMs);\n return yield* svc.resolveSecret(uri);\n }),\n };\n\n return { extension };\n }),\n });\n};\n","import { Context, Duration, Effect } from \"effect\";\nimport * as op from \"@1password/op-js\";\n\nimport { OnePasswordError } from \"./errors\";\n\n// ---------------------------------------------------------------------------\n// Canonical service interface — all backends (SDK, CLI) implement this\n// ---------------------------------------------------------------------------\n\nexport interface OnePasswordVault {\n readonly id: string;\n readonly title: string;\n}\n\nexport interface OnePasswordItem {\n readonly id: string;\n readonly title: string;\n}\n\nexport interface OnePasswordService {\n /** Resolve a secret by op:// URI */\n readonly resolveSecret: (\n uri: string,\n ) => Effect.Effect<string, OnePasswordError>;\n\n /** List accessible vaults */\n readonly listVaults: () => Effect.Effect<\n ReadonlyArray<OnePasswordVault>,\n OnePasswordError\n >;\n\n /** List items in a vault */\n readonly listItems: (\n vaultId: string,\n ) => Effect.Effect<ReadonlyArray<OnePasswordItem>, OnePasswordError>;\n}\n\nexport class OnePasswordServiceTag extends Context.Tag(\n \"@executor/plugin-onepassword/OnePasswordService\",\n)<OnePasswordServiceTag, OnePasswordService>() {}\n\n// ---------------------------------------------------------------------------\n// Resolved auth — raw credentials ready for any backend\n// ---------------------------------------------------------------------------\n\nexport type ResolvedAuth =\n | { readonly kind: \"desktop-app\"; readonly accountName: string }\n | { readonly kind: \"service-account\"; readonly token: string };\n\n// ---------------------------------------------------------------------------\n// SDK backend — uses @1password/sdk native IPC\n// ---------------------------------------------------------------------------\n\nconst DEFAULT_TIMEOUT_MS = 15_000;\ntype OnePasswordSdkModule = typeof import(\"@1password/sdk\");\n\nconst loadOnePasswordSdk = (): Effect.Effect<OnePasswordSdkModule, OnePasswordError> =>\n Effect.tryPromise({\n try: () => import(\"@1password/sdk\"),\n catch: (cause) =>\n new OnePasswordError({\n operation: \"sdk module load\",\n message: cause instanceof Error ? cause.message : String(cause),\n }),\n });\n\nconst makeTimeoutMessage = (operation: string, timeoutMs: number): string =>\n [\n `${operation}: timed out after ${Math.floor(timeoutMs / 1000)}s.`,\n \"Troubleshooting:\",\n \"1. Make sure the 1Password desktop app is open and unlocked\",\n \"2. Check for an approval prompt in the 1Password app — it may be behind other windows\",\n \"3. Ensure 'Developer > Connect with 1Password CLI' is enabled in 1Password Settings\",\n \"4. Make sure no other app or terminal is waiting for 1Password approval (only one prompt at a time)\",\n \"5. Try quitting 1Password completely and reopening it, then retry\",\n ].join(\"\\n\");\n\nexport const makeNativeSdkService = (\n auth: ResolvedAuth,\n timeoutMs: number = DEFAULT_TIMEOUT_MS,\n): Effect.Effect<OnePasswordService, OnePasswordError> =>\n Effect.gen(function* () {\n const timeout = Duration.millis(timeoutMs);\n const sdk = yield* loadOnePasswordSdk().pipe(\n Effect.timeoutFail({\n duration: timeout,\n onTimeout: () =>\n new OnePasswordError({\n operation: \"sdk module load\",\n message: makeTimeoutMessage(\"sdk module load\", timeoutMs),\n }),\n }),\n );\n\n const client = yield* Effect.tryPromise({\n try: () =>\n sdk.createClient({\n auth:\n auth.kind === \"desktop-app\"\n ? new sdk.DesktopAuth(auth.accountName)\n : auth.token,\n integrationName: \"Executor\",\n integrationVersion: \"0.0.0\",\n }),\n catch: (cause) =>\n new OnePasswordError({\n operation: \"client setup\",\n message: cause instanceof Error ? cause.message : String(cause),\n }),\n }).pipe(\n Effect.timeoutFail({\n duration: timeout,\n onTimeout: () =>\n new OnePasswordError({\n operation: \"client setup\",\n message: makeTimeoutMessage(\"client setup\", timeoutMs),\n }),\n }),\n );\n\n const wrap = <A>(\n fn: () => Promise<A>,\n operation: string,\n ): Effect.Effect<A, OnePasswordError> =>\n Effect.tryPromise({\n try: fn,\n catch: (cause) =>\n new OnePasswordError({\n operation,\n message: cause instanceof Error ? cause.message : String(cause),\n }),\n }).pipe(\n Effect.timeoutFail({\n duration: timeout,\n onTimeout: () =>\n new OnePasswordError({\n operation,\n message: makeTimeoutMessage(operation, timeoutMs),\n }),\n }),\n Effect.withSpan(`onepassword.sdk.${operation}`),\n );\n\n return OnePasswordServiceTag.of({\n resolveSecret: (uri) =>\n wrap(() => client.secrets.resolve(uri), \"secret resolution\"),\n\n listVaults: () =>\n wrap(\n () => client.vaults.list({ decryptDetails: true }),\n \"vault listing\",\n ).pipe(\n Effect.map((vaults) =>\n vaults.map((v) => ({ id: v.id, title: v.title })),\n ),\n ),\n\n listItems: (vaultId) =>\n wrap(() => client.items.list(vaultId), \"item listing\").pipe(\n Effect.map((items) =>\n items.map((i) => ({ id: i.id, title: i.title })),\n ),\n ),\n });\n }).pipe(Effect.withSpan(\"onepassword.sdk.make_service\"));\n\n// ---------------------------------------------------------------------------\n// CLI backend — uses @1password/op-js (shells out to `op` CLI)\n// ---------------------------------------------------------------------------\n\nexport const makeCliService = (\n auth: ResolvedAuth,\n): Effect.Effect<OnePasswordService, OnePasswordError> =>\n Effect.gen(function* () {\n // Configure auth\n if (auth.kind === \"service-account\") {\n op.setServiceAccount(auth.token);\n } else {\n op.setGlobalFlags({ account: auth.accountName });\n }\n\n const wrapSync = <A>(\n fn: () => A,\n operation: string,\n ): Effect.Effect<A, OnePasswordError> =>\n Effect.try({\n try: fn,\n catch: (cause) =>\n new OnePasswordError({\n operation,\n message: cause instanceof Error ? cause.message : String(cause),\n }),\n }).pipe(Effect.withSpan(`onepassword.cli.${operation}`));\n\n return OnePasswordServiceTag.of({\n resolveSecret: (uri) =>\n wrapSync(() => op.read.parse(uri), \"secret resolution\"),\n\n listVaults: () =>\n wrapSync(() => op.vault.list(), \"vault listing\").pipe(\n Effect.map((vaults) =>\n vaults.map((v) => ({ id: v.id, title: v.name })),\n ),\n ),\n\n listItems: (vaultId) =>\n wrapSync(\n () => op.item.list({ vault: vaultId }),\n \"item listing\",\n ).pipe(\n Effect.map((items) =>\n items.map((i) => ({ id: i.id, title: i.title })),\n ),\n ),\n });\n }).pipe(Effect.withSpan(\"onepassword.cli.make_service\"));\n\n// ---------------------------------------------------------------------------\n// Smart factory — tries CLI first (avoids IPC hang), falls back to SDK\n// ---------------------------------------------------------------------------\n\nexport const makeOnePasswordService = (\n auth: ResolvedAuth,\n options?: { readonly preferSdk?: boolean; readonly timeoutMs?: number },\n): Effect.Effect<OnePasswordService, OnePasswordError> => {\n const timeoutMs = options?.timeoutMs ?? DEFAULT_TIMEOUT_MS;\n\n if (options?.preferSdk) {\n return makeNativeSdkService(auth, timeoutMs);\n }\n\n // Default: prefer CLI to avoid the IPC hang bug\n return makeCliService(auth).pipe(\n Effect.catchAll((cliError) =>\n // CLI unavailable (e.g. `op` not installed) — fall back to SDK\n makeNativeSdkService(auth, timeoutMs).pipe(\n Effect.mapError(() => cliError),\n ),\n ),\n );\n};\n"],"mappings":";;;;;;;;;;;AAAA,SAAS,UAAAA,SAAQ,cAAc;AAE/B;AAAA,EACE;AAAA,EAKA;AAAA,OACK;;;ACTP,SAAS,SAAS,UAAU,cAAc;AAC1C,YAAY,QAAQ;AAoCb,IAAM,wBAAN,cAAoC,QAAQ;AAAA,EACjD;AACF,EAA6C,EAAE;AAAC;AAchD,IAAM,qBAAqB;AAG3B,IAAM,qBAAqB,MACzB,OAAO,WAAW;AAAA,EAChB,KAAK,MAAM,OAAO,gBAAgB;AAAA,EAClC,OAAO,CAAC,UACN,IAAI,iBAAiB;AAAA,IACnB,WAAW;AAAA,IACX,SAAS,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAAA,EAChE,CAAC;AACL,CAAC;AAEH,IAAM,qBAAqB,CAAC,WAAmB,cAC7C;AAAA,EACE,GAAG,SAAS,qBAAqB,KAAK,MAAM,YAAY,GAAI,CAAC;AAAA,EAC7D;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,EAAE,KAAK,IAAI;AAEN,IAAM,uBAAuB,CAClC,MACA,YAAoB,uBAEpB,OAAO,IAAI,aAAa;AACtB,QAAM,UAAU,SAAS,OAAO,SAAS;AACzC,QAAM,MAAM,OAAO,mBAAmB,EAAE;AAAA,IACtC,OAAO,YAAY;AAAA,MACjB,UAAU;AAAA,MACV,WAAW,MACT,IAAI,iBAAiB;AAAA,QACnB,WAAW;AAAA,QACX,SAAS,mBAAmB,mBAAmB,SAAS;AAAA,MAC1D,CAAC;AAAA,IACL,CAAC;AAAA,EACH;AAEA,QAAM,SAAS,OAAO,OAAO,WAAW;AAAA,IACtC,KAAK,MACH,IAAI,aAAa;AAAA,MACf,MACE,KAAK,SAAS,gBACV,IAAI,IAAI,YAAY,KAAK,WAAW,IACpC,KAAK;AAAA,MACX,iBAAiB;AAAA,MACjB,oBAAoB;AAAA,IACtB,CAAC;AAAA,IACH,OAAO,CAAC,UACN,IAAI,iBAAiB;AAAA,MACnB,WAAW;AAAA,MACX,SAAS,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAAA,IAChE,CAAC;AAAA,EACL,CAAC,EAAE;AAAA,IACD,OAAO,YAAY;AAAA,MACjB,UAAU;AAAA,MACV,WAAW,MACT,IAAI,iBAAiB;AAAA,QACnB,WAAW;AAAA,QACX,SAAS,mBAAmB,gBAAgB,SAAS;AAAA,MACvD,CAAC;AAAA,IACL,CAAC;AAAA,EACH;AAEA,QAAM,OAAO,CACX,IACA,cAEA,OAAO,WAAW;AAAA,IAChB,KAAK;AAAA,IACL,OAAO,CAAC,UACN,IAAI,iBAAiB;AAAA,MACnB;AAAA,MACA,SAAS,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAAA,IAChE,CAAC;AAAA,EACL,CAAC,EAAE;AAAA,IACD,OAAO,YAAY;AAAA,MACjB,UAAU;AAAA,MACV,WAAW,MACT,IAAI,iBAAiB;AAAA,QACnB;AAAA,QACA,SAAS,mBAAmB,WAAW,SAAS;AAAA,MAClD,CAAC;AAAA,IACL,CAAC;AAAA,IACD,OAAO,SAAS,mBAAmB,SAAS,EAAE;AAAA,EAChD;AAEF,SAAO,sBAAsB,GAAG;AAAA,IAC9B,eAAe,CAAC,QACd,KAAK,MAAM,OAAO,QAAQ,QAAQ,GAAG,GAAG,mBAAmB;AAAA,IAE7D,YAAY,MACV;AAAA,MACE,MAAM,OAAO,OAAO,KAAK,EAAE,gBAAgB,KAAK,CAAC;AAAA,MACjD;AAAA,IACF,EAAE;AAAA,MACA,OAAO;AAAA,QAAI,CAAC,WACV,OAAO,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,IAAI,OAAO,EAAE,MAAM,EAAE;AAAA,MAClD;AAAA,IACF;AAAA,IAEF,WAAW,CAAC,YACV,KAAK,MAAM,OAAO,MAAM,KAAK,OAAO,GAAG,cAAc,EAAE;AAAA,MACrD,OAAO;AAAA,QAAI,CAAC,UACV,MAAM,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,IAAI,OAAO,EAAE,MAAM,EAAE;AAAA,MACjD;AAAA,IACF;AAAA,EACJ,CAAC;AACH,CAAC,EAAE,KAAK,OAAO,SAAS,8BAA8B,CAAC;AAMlD,IAAM,iBAAiB,CAC5B,SAEA,OAAO,IAAI,aAAa;AAEtB,MAAI,KAAK,SAAS,mBAAmB;AACnC,IAAG,qBAAkB,KAAK,KAAK;AAAA,EACjC,OAAO;AACL,IAAG,kBAAe,EAAE,SAAS,KAAK,YAAY,CAAC;AAAA,EACjD;AAEA,QAAM,WAAW,CACf,IACA,cAEA,OAAO,IAAI;AAAA,IACT,KAAK;AAAA,IACL,OAAO,CAAC,UACN,IAAI,iBAAiB;AAAA,MACnB;AAAA,MACA,SAAS,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAAA,IAChE,CAAC;AAAA,EACL,CAAC,EAAE,KAAK,OAAO,SAAS,mBAAmB,SAAS,EAAE,CAAC;AAEzD,SAAO,sBAAsB,GAAG;AAAA,IAC9B,eAAe,CAAC,QACd,SAAS,MAAS,QAAK,MAAM,GAAG,GAAG,mBAAmB;AAAA,IAExD,YAAY,MACV,SAAS,MAAS,SAAM,KAAK,GAAG,eAAe,EAAE;AAAA,MAC/C,OAAO;AAAA,QAAI,CAAC,WACV,OAAO,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,IAAI,OAAO,EAAE,KAAK,EAAE;AAAA,MACjD;AAAA,IACF;AAAA,IAEF,WAAW,CAAC,YACV;AAAA,MACE,MAAS,QAAK,KAAK,EAAE,OAAO,QAAQ,CAAC;AAAA,MACrC;AAAA,IACF,EAAE;AAAA,MACA,OAAO;AAAA,QAAI,CAAC,UACV,MAAM,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,IAAI,OAAO,EAAE,MAAM,EAAE;AAAA,MACjD;AAAA,IACF;AAAA,EACJ,CAAC;AACH,CAAC,EAAE,KAAK,OAAO,SAAS,8BAA8B,CAAC;AAMlD,IAAM,yBAAyB,CACpC,MACA,YACwD;AACxD,QAAM,YAAY,SAAS,aAAa;AAExC,MAAI,SAAS,WAAW;AACtB,WAAO,qBAAqB,MAAM,SAAS;AAAA,EAC7C;AAGA,SAAO,eAAe,IAAI,EAAE;AAAA,IAC1B,OAAO;AAAA,MAAS,CAAC;AAAA;AAAA,QAEf,qBAAqB,MAAM,SAAS,EAAE;AAAA,UACpC,OAAO,SAAS,MAAM,QAAQ;AAAA,QAChC;AAAA;AAAA,IACF;AAAA,EACF;AACF;;;ADxNA,IAAM,aAAa;AACnB,IAAM,mBAAmB;AACzB,IAAMC,sBAAqB;AAC3B,IAAM,aAAa;AAkCnB,IAAM,cAAc,CAClB,MACA,QACkD;AAClD,MAAI,KAAK,SAAS,eAAe;AAC/B,WAAOC,QAAO,QAAQ;AAAA,MACpB,MAAM;AAAA,MACN,aAAa,KAAK;AAAA,IACpB,CAAC;AAAA,EACH;AACA,SAAO,IAAI,QAAQ,QAAQ,SAAS,KAAK,KAAK,aAAa,GAAG,IAAI,MAAM,EAAE,EAAE;AAAA,IAC1EA,QAAO;AAAA,MACL,CAAC,WAAyB,EAAE,MAAM,mBAAmB,MAAM;AAAA,IAC7D;AAAA,IACAA,QAAO;AAAA,MACL,CAAC,MACC,IAAI,iBAAiB;AAAA,QACnB,WAAW;AAAA,QACX,SAAS,mDAAmD,KAAK,aAAa,MAAM,EAAE,IAAI;AAAA,MAC5F,CAAC;AAAA,IACL;AAAA,EACF;AACF;AAEA,IAAM,uBAAuB,CAC3B,QACA,KACA,cAEA,YAAY,OAAO,MAAM,GAAG,EAAE;AAAA,EAC5BA,QAAO,QAAQ,CAAC,aAAa,uBAAuB,UAAU,EAAE,UAAU,CAAC,CAAC;AAC9E;AAMF,IAAM,eAAe,CACnB,WACA,KACA,eACoB;AAAA,EACpB,KAAK;AAAA,EACL,UAAU;AAAA,EAEV,KAAK,CAAC,aACJ,UAAU,EAAE;AAAA,IACVA,QAAO,QAAQ,CAAC,WAAW;AACzB,UAAI,CAAC,OAAQ,QAAOA,QAAO,QAAQ,IAAI;AAEvC,YAAM,MAAM,SAAS,WAAW,OAAO,IACnC,WACA,QAAQ,OAAO,OAAO,IAAI,QAAQ,IAAI,gBAAgB;AAE1D,aAAO,qBAAqB,QAAQ,KAAK,SAAS,EAAE;AAAA,QAClDA,QAAO,QAAQ,CAAC,QAAQ,IAAI,cAAc,GAAG,CAAC;AAAA,QAC9CA,QAAO,IAAI,CAAC,MAAqB,CAAC;AAAA,QAClCA,QAAO,cAAc,MAAM,IAAI;AAAA,MACjC;AAAA,IACF,CAAC;AAAA,IACDA,QAAO,cAAc,MAAM,IAAI;AAAA,EACjC;AAAA,EAEF,MAAM,MACJ,UAAU,EAAE;AAAA,IACVA,QAAO,QAAQ,CAAC,WAAW;AACzB,UAAI,CAAC,OAAQ,QAAOA,QAAO,QAAQ,CAAC,CAAmC;AACvE,aAAO,qBAAqB,QAAQ,KAAK,SAAS,EAAE;AAAA,QAClDA,QAAO,QAAQ,CAAC,QAAQ,IAAI,UAAU,OAAO,OAAO,CAAC;AAAA,QACrDA,QAAO;AAAA,UAAI,CAAC,UACV,MAAM,IAAI,CAACC,WAAU,EAAE,IAAIA,MAAK,IAAI,MAAMA,MAAK,MAAM,EAAE;AAAA,QACzD;AAAA,MACF;AAAA,IACF,CAAC;AAAA,IACDD,QAAO,cAAc,MAAM,CAAC,CAAmC;AAAA,EACjE;AACJ;AAMA,IAAM,eAAe,OAAO,kBAAkB,iBAAiB;AAE/D,IAAM,aAAa,CAAC,OAClB,GAAG,IAAI,UAAU,EAAE;AAAA,EACjBA,QAAO,QAAQ,CAAC,MAAM;AACpB,QAAI,MAAM,KAAM,QAAOA,QAAO,QAAQ,IAAI;AAC1C,WAAOA,QAAO,IAAI,MAAM,aAAa,KAAK,MAAM,CAAC,CAAC,CAAC,EAAE;AAAA,MACnDA,QAAO;AAAA,QACL,CAAC,UACC,IAAI,iBAAiB;AAAA,UACnB,WAAW;AAAA,UACX,SACE,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAAA,QACzD,CAAC;AAAA,MACL;AAAA,IACF;AAAA,EACF,CAAC;AACH;AAEF,IAAM,aAAa,CACjB,IACA,WAEA,GAAG,IAAI,YAAY,KAAK,UAAU;AAAA,EAChC,MAAM,OAAO;AAAA,EACb,SAAS,OAAO;AAAA,EAChB,MAAM,OAAO;AACf,CAAC,CAAC;AAEJ,IAAM,eAAe,CAAC,OAAsC,GAAG,OAAO,UAAU;AAezE,IAAM,oBAAoB,CAC/B,YAC4D;AAC5D,QAAM,YAAY,QAAQ,aAAaD;AACvC,QAAM,KAAK,QAAQ;AAEnB,SAAO,aAAa;AAAA,IAClB,KAAK;AAAA,IACL,MAAM,CAAC,QACLC,QAAO,IAAI,aAAa;AACtB,YAAM,YAAY,MAAM,WAAW,EAAE;AAErC,aAAO,IAAI,QAAQ;AAAA,QACjB,aAAa,WAAW,KAAK,SAAS;AAAA,MACxC;AAEA,YAAM,YAAkC;AAAA,QACtC,WAAW,CAAC,WACV,WAAW,IAAI,MAAM;AAAA,QAEvB,WAAW,MAAM,UAAU;AAAA,QAE3B,cAAc,MAAM,aAAa,EAAE;AAAA,QAEnC,QAAQ,MACNA,QAAO,IAAI,aAAa;AACtB,gBAAM,SAAS,OAAO,UAAU;AAChC,cAAI,CAAC,QAAQ;AACX,mBAAO,IAAI,iBAAiB;AAAA,cAC1B,WAAW;AAAA,cACX,OAAO;AAAA,YACT,CAAC;AAAA,UACH;AACA,gBAAM,MAAM,OAAO,qBAAqB,QAAQ,KAAK,SAAS;AAC9D,gBAAM,SAAS,OAAO,IAAI,WAAW;AACrC,gBAAME,SAAQ,OAAO,KAAK,CAAC,MAAM,EAAE,OAAO,OAAO,OAAO;AACxD,iBAAO,IAAI,iBAAiB;AAAA,YAC1B,WAAW;AAAA,YACX,WAAWA,QAAO;AAAA,UACpB,CAAC;AAAA,QACH,CAAC;AAAA,QAEH,YAAY,CAAC,SACXF,QAAO,IAAI,aAAa;AACtB,gBAAM,WAAW,OAAO,YAAY,MAAM,GAAG;AAC7C,gBAAM,MAAM,OAAO,uBAAuB,UAAU;AAAA,YAClD;AAAA,YACA,WAAW,QAAQ;AAAA,UACrB,CAAC;AACD,gBAAM,SAAS,OAAO,IAAI,WAAW;AACrC,iBAAO,OACJ,IAAI,CAAC,MAAM,IAAI,MAAM,EAAE,IAAI,EAAE,IAAI,MAAM,EAAE,MAAM,CAAC,CAAC,EACjD,KAAK,CAAC,GAAG,MAAM,EAAE,KAAK,cAAc,EAAE,IAAI,CAAC;AAAA,QAChD,CAAC;AAAA,QAEH,SAAS,CAAC,QACRA,QAAO,IAAI,aAAa;AACtB,gBAAM,SAAS,OAAO,UAAU;AAChC,cAAI,CAAC,QAAQ;AACX,mBAAO,OAAO,IAAI,iBAAiB;AAAA,cACjC,WAAW;AAAA,cACX,SAAS;AAAA,YACX,CAAC;AAAA,UACH;AACA,gBAAM,MAAM,OAAO,qBAAqB,QAAQ,KAAK,SAAS;AAC9D,iBAAO,OAAO,IAAI,cAAc,GAAG;AAAA,QACrC,CAAC;AAAA,MACL;AAEA,aAAO,EAAE,UAAU;AAAA,IACrB,CAAC;AAAA,EACL,CAAC;AACH;","names":["Effect","DEFAULT_TIMEOUT_MS","Effect","item","vault"]}
1
+ {"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}
package/dist/index.js CHANGED
@@ -5,8 +5,9 @@ import {
5
5
  OnePasswordConfig,
6
6
  OnePasswordError,
7
7
  ServiceAccountAuth,
8
- Vault
9
- } from "./chunk-FNUS7GBT.js";
8
+ Vault,
9
+ onepasswordPlugin
10
+ } from "./chunk-57NB4OW6.js";
10
11
  export {
11
12
  ConnectionStatus,
12
13
  DesktopAppAuth,
@@ -14,6 +15,7 @@ export {
14
15
  OnePasswordConfig,
15
16
  OnePasswordError,
16
17
  ServiceAccountAuth,
17
- Vault
18
+ Vault,
19
+ onepasswordPlugin
18
20
  };
19
21
  //# sourceMappingURL=index.js.map
@@ -1,4 +1,4 @@
1
- export { onepasswordPlugin, type OnePasswordExtension, type OnePasswordPluginOptions } from "./plugin";
2
- export { OnePasswordConfig, Vault, ConnectionStatus, OnePasswordAuth, DesktopAppAuth, ServiceAccountAuth } from "./types";
1
+ export { onepasswordPlugin, type OnePasswordExtension, type OnePasswordPluginOptions, } from "./plugin";
2
+ export { OnePasswordConfig, Vault, ConnectionStatus, OnePasswordAuth, DesktopAppAuth, ServiceAccountAuth, } from "./types";
3
3
  export { OnePasswordError } from "./errors";
4
4
  export { makeOnePasswordService, makeNativeSdkService, makeCliService, OnePasswordServiceTag, type OnePasswordService, type ResolvedAuth, } from "./service";
@@ -1,5 +1,5 @@
1
1
  import { Effect } from "effect";
2
- import { type ExecutorPlugin, type ScopedKv } from "@executor-js/sdk/core";
2
+ import { type ExecutorPlugin, type ScopedKv } from "@executor-js/sdk";
3
3
  import { OnePasswordConfig, Vault, ConnectionStatus } from "./types";
4
4
  import type { OnePasswordAuth } from "./types";
5
5
  import { OnePasswordError } from "./errors";
package/package.json CHANGED
@@ -1,17 +1,20 @@
1
1
  {
2
2
  "name": "@executor-js/plugin-onepassword",
3
- "type": "module",
4
- "version": "0.0.1-beta.4",
3
+ "version": "0.0.1-beta.6",
4
+ "homepage": "https://github.com/RhysSullivan/executor/tree/main/packages/plugins/onepassword",
5
+ "bugs": {
6
+ "url": "https://github.com/RhysSullivan/executor/issues"
7
+ },
5
8
  "license": "MIT",
6
9
  "repository": {
7
10
  "type": "git",
8
11
  "url": "git+https://github.com/RhysSullivan/executor.git",
9
12
  "directory": "packages/plugins/onepassword"
10
13
  },
11
- "homepage": "https://github.com/RhysSullivan/executor/tree/main/packages/plugins/onepassword",
12
- "bugs": {
13
- "url": "https://github.com/RhysSullivan/executor/issues"
14
- },
14
+ "files": [
15
+ "dist"
16
+ ],
17
+ "type": "module",
15
18
  "exports": {
16
19
  ".": {
17
20
  "import": {
@@ -26,19 +29,23 @@
26
29
  }
27
30
  }
28
31
  },
32
+ "publishConfig": {
33
+ "access": "public"
34
+ },
29
35
  "scripts": {
30
36
  "build": "tsup && (tsc --declaration --emitDeclarationOnly --outDir dist --rootDir src || true)",
31
- "typecheck": "bunx tsc --noEmit -p tsconfig.json",
37
+ "typecheck": "tsgo --noEmit",
32
38
  "test": "vitest run",
33
- "test:watch": "vitest"
39
+ "test:watch": "vitest",
40
+ "typecheck:slow": "bunx tsc --noEmit -p tsconfig.json"
34
41
  },
35
42
  "dependencies": {
36
43
  "@1password/op-js": "^0.1.13",
37
44
  "@1password/sdk": "^0.4.1-beta.1",
38
45
  "@effect-atom/atom-react": "^0.5.0",
39
46
  "@effect/platform": "^0.96.0",
40
- "@executor/api": "1.4.2",
41
- "@executor-js/sdk": "0.0.1-beta.4",
47
+ "@executor/api": "1.4.3-beta.0",
48
+ "@executor-js/sdk": "0.0.1-beta.6",
42
49
  "effect": "^3.21.0"
43
50
  },
44
51
  "devDependencies": {
@@ -46,13 +53,13 @@
46
53
  "@types/react": "^19.1.0",
47
54
  "bun-types": "^1.2.22",
48
55
  "react": "^19.1.0",
49
- "vitest": "^4.1.3",
50
- "tsup": "^8.5.0"
56
+ "tsup": "^8.5.0",
57
+ "vitest": "^4.1.3"
51
58
  },
52
59
  "peerDependencies": {
53
- "react": ">=18",
54
60
  "@effect-atom/atom-react": "^0.5.0",
55
- "@executor/react": "1.4.2"
61
+ "@executor/react": "1.4.3-beta.0",
62
+ "react": ">=18"
56
63
  },
57
64
  "peerDependenciesMeta": {
58
65
  "react": {
@@ -64,11 +71,5 @@
64
71
  "@executor/react": {
65
72
  "optional": true
66
73
  }
67
- },
68
- "publishConfig": {
69
- "access": "public"
70
- },
71
- "files": [
72
- "dist"
73
- ]
74
+ }
74
75
  }
@@ -1,56 +0,0 @@
1
- // src/sdk/types.ts
2
- import { Schema } from "effect";
3
- var DesktopAppAuth = class extends Schema.Class("DesktopAppAuth")({
4
- kind: Schema.Literal("desktop-app"),
5
- /** 1Password account domain, e.g. "my.1password.com" */
6
- accountName: Schema.String
7
- }) {
8
- };
9
- var ServiceAccountAuth = class extends Schema.Class("ServiceAccountAuth")({
10
- kind: Schema.Literal("service-account"),
11
- /** The service account token (stored as a secret) */
12
- tokenSecretId: Schema.String
13
- }) {
14
- };
15
- var OnePasswordAuth = Schema.Union(DesktopAppAuth, ServiceAccountAuth);
16
- var OnePasswordConfig = class extends Schema.Class("OnePasswordConfig")({
17
- auth: OnePasswordAuth,
18
- /** Vault to scope operations to */
19
- vaultId: Schema.String,
20
- /** Human label */
21
- name: Schema.String
22
- }) {
23
- };
24
- var Vault = class extends Schema.Class("Vault")({
25
- id: Schema.String,
26
- name: Schema.String
27
- }) {
28
- };
29
- var ConnectionStatus = class extends Schema.Class("ConnectionStatus")({
30
- connected: Schema.Boolean,
31
- vaultName: Schema.optional(Schema.String),
32
- error: Schema.optional(Schema.String)
33
- }) {
34
- };
35
-
36
- // src/sdk/errors.ts
37
- import { Schema as Schema2 } from "effect";
38
- var OnePasswordError = class extends Schema2.TaggedError()(
39
- "OnePasswordError",
40
- {
41
- operation: Schema2.String,
42
- message: Schema2.String
43
- }
44
- ) {
45
- };
46
-
47
- export {
48
- DesktopAppAuth,
49
- ServiceAccountAuth,
50
- OnePasswordAuth,
51
- OnePasswordConfig,
52
- Vault,
53
- ConnectionStatus,
54
- OnePasswordError
55
- };
56
- //# sourceMappingURL=chunk-FNUS7GBT.js.map
@@ -1 +0,0 @@
1
- {"version":3,"sources":["../src/sdk/types.ts","../src/sdk/errors.ts"],"sourcesContent":["import { Schema } from \"effect\";\n\n// ---------------------------------------------------------------------------\n// Auth — how to talk to 1Password\n// ---------------------------------------------------------------------------\n\nexport class DesktopAppAuth extends Schema.Class<DesktopAppAuth>(\"DesktopAppAuth\")({\n kind: Schema.Literal(\"desktop-app\"),\n /** 1Password account domain, e.g. \"my.1password.com\" */\n accountName: Schema.String,\n}) {}\n\nexport class ServiceAccountAuth extends Schema.Class<ServiceAccountAuth>(\"ServiceAccountAuth\")({\n kind: Schema.Literal(\"service-account\"),\n /** The service account token (stored as a secret) */\n tokenSecretId: Schema.String,\n}) {}\n\nexport const OnePasswordAuth = Schema.Union(DesktopAppAuth, ServiceAccountAuth);\nexport type OnePasswordAuth = typeof OnePasswordAuth.Type;\n\n// ---------------------------------------------------------------------------\n// Stored config — persisted via KV\n// ---------------------------------------------------------------------------\n\nexport class OnePasswordConfig extends Schema.Class<OnePasswordConfig>(\"OnePasswordConfig\")({\n auth: OnePasswordAuth,\n /** Vault to scope operations to */\n vaultId: Schema.String,\n /** Human label */\n name: Schema.String,\n}) {}\n\n// ---------------------------------------------------------------------------\n// Vault\n// ---------------------------------------------------------------------------\n\nexport class Vault extends Schema.Class<Vault>(\"Vault\")({\n id: Schema.String,\n name: Schema.String,\n}) {}\n\n// ---------------------------------------------------------------------------\n// Connection status\n// ---------------------------------------------------------------------------\n\nexport class ConnectionStatus extends Schema.Class<ConnectionStatus>(\"ConnectionStatus\")({\n connected: Schema.Boolean,\n vaultName: Schema.optional(Schema.String),\n error: Schema.optional(Schema.String),\n}) {}\n","import { Schema } from \"effect\";\n\nexport class OnePasswordError extends Schema.TaggedError<OnePasswordError>()(\n \"OnePasswordError\",\n {\n operation: Schema.String,\n message: Schema.String,\n },\n) {}\n"],"mappings":";AAAA,SAAS,cAAc;AAMhB,IAAM,iBAAN,cAA6B,OAAO,MAAsB,gBAAgB,EAAE;AAAA,EACjF,MAAM,OAAO,QAAQ,aAAa;AAAA;AAAA,EAElC,aAAa,OAAO;AACtB,CAAC,EAAE;AAAC;AAEG,IAAM,qBAAN,cAAiC,OAAO,MAA0B,oBAAoB,EAAE;AAAA,EAC7F,MAAM,OAAO,QAAQ,iBAAiB;AAAA;AAAA,EAEtC,eAAe,OAAO;AACxB,CAAC,EAAE;AAAC;AAEG,IAAM,kBAAkB,OAAO,MAAM,gBAAgB,kBAAkB;AAOvE,IAAM,oBAAN,cAAgC,OAAO,MAAyB,mBAAmB,EAAE;AAAA,EAC1F,MAAM;AAAA;AAAA,EAEN,SAAS,OAAO;AAAA;AAAA,EAEhB,MAAM,OAAO;AACf,CAAC,EAAE;AAAC;AAMG,IAAM,QAAN,cAAoB,OAAO,MAAa,OAAO,EAAE;AAAA,EACtD,IAAI,OAAO;AAAA,EACX,MAAM,OAAO;AACf,CAAC,EAAE;AAAC;AAMG,IAAM,mBAAN,cAA+B,OAAO,MAAwB,kBAAkB,EAAE;AAAA,EACvF,WAAW,OAAO;AAAA,EAClB,WAAW,OAAO,SAAS,OAAO,MAAM;AAAA,EACxC,OAAO,OAAO,SAAS,OAAO,MAAM;AACtC,CAAC,EAAE;AAAC;;;AClDJ,SAAS,UAAAA,eAAc;AAEhB,IAAM,mBAAN,cAA+BA,QAAO,YAA8B;AAAA,EACzE;AAAA,EACA;AAAA,IACE,WAAWA,QAAO;AAAA,IAClB,SAASA,QAAO;AAAA,EAClB;AACF,EAAE;AAAC;","names":["Schema"]}