@executor-js/plugin-onepassword 0.0.2 → 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -5,17 +5,17 @@ import { OnePasswordError } from "../sdk/errors";
5
5
  import { OnePasswordConfig, Vault, ConnectionStatus } from "../sdk/types";
6
6
  export declare const OnePasswordGroup: HttpApiGroup.HttpApiGroup<"onepassword", HttpApiEndpoint.HttpApiEndpoint<"getConfig", "GET", "/scopes/:scopeId/onepassword/config", HttpApiEndpoint.StringTree<Schema.Struct<{
7
7
  scopeId: Schema.brand<Schema.String, "ScopeId">;
8
- }>>, HttpApiEndpoint.StringTree<never>, HttpApiEndpoint.StringTree<never>, HttpApiEndpoint.StringTree<never>, HttpApiEndpoint.Json<Schema.NullOr<typeof OnePasswordConfig>>, HttpApiEndpoint.Json<typeof OnePasswordError | typeof InternalError>, never, never> | HttpApiEndpoint.HttpApiEndpoint<"configure", "PUT", "/scopes/:scopeId/onepassword/config", HttpApiEndpoint.StringTree<Schema.Struct<{
8
+ }>>, HttpApiEndpoint.StringTree<never>, HttpApiEndpoint.StringTree<never>, HttpApiEndpoint.StringTree<never>, HttpApiEndpoint.Json<Schema.NullOr<typeof OnePasswordConfig>>, HttpApiEndpoint.Json<typeof InternalError | typeof OnePasswordError>, never, never> | HttpApiEndpoint.HttpApiEndpoint<"configure", "PUT", "/scopes/:scopeId/onepassword/config", HttpApiEndpoint.StringTree<Schema.Struct<{
9
9
  scopeId: Schema.brand<Schema.String, "ScopeId">;
10
- }>>, HttpApiEndpoint.StringTree<never>, HttpApiEndpoint.Json<typeof OnePasswordConfig>, HttpApiEndpoint.StringTree<never>, HttpApiEndpoint.Json<Schema.Void>, HttpApiEndpoint.Json<typeof OnePasswordError | typeof InternalError>, never, never> | HttpApiEndpoint.HttpApiEndpoint<"removeConfig", "DELETE", "/scopes/:scopeId/onepassword/config", HttpApiEndpoint.StringTree<Schema.Struct<{
10
+ }>>, HttpApiEndpoint.StringTree<never>, HttpApiEndpoint.Json<typeof OnePasswordConfig>, HttpApiEndpoint.StringTree<never>, HttpApiEndpoint.Json<Schema.Void>, HttpApiEndpoint.Json<typeof InternalError | typeof OnePasswordError>, never, never> | HttpApiEndpoint.HttpApiEndpoint<"removeConfig", "DELETE", "/scopes/:scopeId/onepassword/config", HttpApiEndpoint.StringTree<Schema.Struct<{
11
11
  scopeId: Schema.brand<Schema.String, "ScopeId">;
12
- }>>, HttpApiEndpoint.StringTree<never>, HttpApiEndpoint.Json<never>, HttpApiEndpoint.StringTree<never>, HttpApiEndpoint.Json<Schema.Void>, HttpApiEndpoint.Json<typeof OnePasswordError | typeof InternalError>, never, never> | HttpApiEndpoint.HttpApiEndpoint<"status", "GET", "/scopes/:scopeId/onepassword/status", HttpApiEndpoint.StringTree<Schema.Struct<{
12
+ }>>, HttpApiEndpoint.StringTree<never>, HttpApiEndpoint.Json<never>, HttpApiEndpoint.StringTree<never>, HttpApiEndpoint.Json<Schema.Void>, HttpApiEndpoint.Json<typeof InternalError | typeof OnePasswordError>, never, never> | HttpApiEndpoint.HttpApiEndpoint<"status", "GET", "/scopes/:scopeId/onepassword/status", HttpApiEndpoint.StringTree<Schema.Struct<{
13
13
  scopeId: Schema.brand<Schema.String, "ScopeId">;
14
- }>>, HttpApiEndpoint.StringTree<never>, HttpApiEndpoint.StringTree<never>, HttpApiEndpoint.StringTree<never>, HttpApiEndpoint.Json<typeof ConnectionStatus>, HttpApiEndpoint.Json<typeof OnePasswordError | typeof InternalError>, never, never> | HttpApiEndpoint.HttpApiEndpoint<"listVaults", "GET", "/scopes/:scopeId/onepassword/vaults", HttpApiEndpoint.StringTree<Schema.Struct<{
14
+ }>>, HttpApiEndpoint.StringTree<never>, HttpApiEndpoint.StringTree<never>, HttpApiEndpoint.StringTree<never>, HttpApiEndpoint.Json<typeof ConnectionStatus>, HttpApiEndpoint.Json<typeof InternalError | typeof OnePasswordError>, never, never> | HttpApiEndpoint.HttpApiEndpoint<"listVaults", "GET", "/scopes/:scopeId/onepassword/vaults", HttpApiEndpoint.StringTree<Schema.Struct<{
15
15
  scopeId: Schema.brand<Schema.String, "ScopeId">;
16
16
  }>>, HttpApiEndpoint.StringTree<Schema.Struct<{
17
17
  readonly authKind: Schema.Literals<readonly ["desktop-app", "service-account"]>;
18
18
  readonly account: Schema.String;
19
19
  }>>, HttpApiEndpoint.StringTree<never>, HttpApiEndpoint.StringTree<never>, HttpApiEndpoint.Json<Schema.Struct<{
20
20
  readonly vaults: Schema.$Array<typeof Vault>;
21
- }>>, HttpApiEndpoint.Json<typeof OnePasswordError | typeof InternalError>, never, never>, false>;
21
+ }>>, HttpApiEndpoint.Json<typeof InternalError | typeof OnePasswordError>, never, never>, false>;
@@ -1,50 +1,50 @@
1
- // src/sdk/types.ts
1
+ // src/sdk/errors.ts
2
2
  import { Schema } from "effect";
3
- var DesktopAppAuth = class extends Schema.Class("DesktopAppAuth")({
4
- kind: Schema.Literal("desktop-app"),
3
+ var OnePasswordError = class extends Schema.TaggedErrorClass()(
4
+ "OnePasswordError",
5
+ {
6
+ operation: Schema.String,
7
+ message: Schema.String
8
+ },
9
+ { httpApiStatus: 502 }
10
+ ) {
11
+ };
12
+
13
+ // src/sdk/types.ts
14
+ import { Schema as Schema2 } from "effect";
15
+ var DesktopAppAuth = class extends Schema2.Class("DesktopAppAuth")({
16
+ kind: Schema2.Literal("desktop-app"),
5
17
  /** 1Password account domain, e.g. "my.1password.com" */
6
- accountName: Schema.String
18
+ accountName: Schema2.String
7
19
  }) {
8
20
  };
9
- var ServiceAccountAuth = class extends Schema.Class("ServiceAccountAuth")({
10
- kind: Schema.Literal("service-account"),
21
+ var ServiceAccountAuth = class extends Schema2.Class("ServiceAccountAuth")({
22
+ kind: Schema2.Literal("service-account"),
11
23
  /** The service account token (stored as a secret) */
12
- tokenSecretId: Schema.String
24
+ tokenSecretId: Schema2.String
13
25
  }) {
14
26
  };
15
- var OnePasswordAuth = Schema.Union([DesktopAppAuth, ServiceAccountAuth]);
16
- var OnePasswordConfig = class extends Schema.Class("OnePasswordConfig")({
27
+ var OnePasswordAuth = Schema2.Union([DesktopAppAuth, ServiceAccountAuth]);
28
+ var OnePasswordConfig = class extends Schema2.Class("OnePasswordConfig")({
17
29
  auth: OnePasswordAuth,
18
30
  /** Vault to scope operations to */
19
- vaultId: Schema.String,
31
+ vaultId: Schema2.String,
20
32
  /** Human label */
21
- name: Schema.String
33
+ name: Schema2.String
22
34
  }) {
23
35
  };
24
- var Vault = class extends Schema.Class("Vault")({
25
- id: Schema.String,
26
- name: Schema.String
36
+ var Vault = class extends Schema2.Class("Vault")({
37
+ id: Schema2.String,
38
+ name: Schema2.String
27
39
  }) {
28
40
  };
29
- var ConnectionStatus = class extends Schema.Class("ConnectionStatus")({
30
- connected: Schema.Boolean,
31
- vaultName: Schema.optional(Schema.String),
32
- error: Schema.optional(Schema.String)
41
+ var ConnectionStatus = class extends Schema2.Class("ConnectionStatus")({
42
+ connected: Schema2.Boolean,
43
+ vaultName: Schema2.optional(Schema2.String),
44
+ error: Schema2.optional(Schema2.String)
33
45
  }) {
34
46
  };
35
47
 
36
- // src/sdk/errors.ts
37
- import { Schema as Schema2 } from "effect";
38
- var OnePasswordError = class extends Schema2.TaggedErrorClass()(
39
- "OnePasswordError",
40
- {
41
- operation: Schema2.String,
42
- message: Schema2.String
43
- },
44
- { httpApiStatus: 502 }
45
- ) {
46
- };
47
-
48
48
  // src/sdk/service.ts
49
49
  import { Context, Duration, Effect } from "effect";
50
50
  import * as op from "@1password/op-js";
@@ -152,25 +152,121 @@ var makeOnePasswordService = (auth, options) => {
152
152
  };
153
153
 
154
154
  // src/sdk/plugin.ts
155
- import { Effect as Effect2, Schema as Schema3 } from "effect";
155
+ import { Effect as Effect3, Schema as Schema4 } from "effect";
156
156
  import {
157
157
  definePlugin,
158
158
  StorageError
159
159
  } from "@executor-js/sdk/core";
160
+
161
+ // src/api/group.ts
162
+ import { HttpApiEndpoint, HttpApiGroup } from "effect/unstable/httpapi";
163
+ import { Schema as Schema3 } from "effect";
164
+ import { ScopeId } from "@executor-js/sdk/core";
165
+ import { InternalError } from "@executor-js/api";
166
+ var ScopeParams = { scopeId: ScopeId };
167
+ var ConfigurePayload = OnePasswordConfig;
168
+ var ListVaultsParams = Schema3.Struct({
169
+ authKind: Schema3.Literals(["desktop-app", "service-account"]),
170
+ account: Schema3.String
171
+ });
172
+ var ListVaultsResponse = Schema3.Struct({
173
+ vaults: Schema3.Array(Vault)
174
+ });
175
+ var GetConfigResponse = Schema3.NullOr(OnePasswordConfig);
176
+ var OnePasswordGroup = HttpApiGroup.make("onepassword").add(
177
+ HttpApiEndpoint.get("getConfig", "/scopes/:scopeId/onepassword/config", {
178
+ params: ScopeParams,
179
+ success: GetConfigResponse,
180
+ error: [InternalError, OnePasswordError]
181
+ })
182
+ ).add(
183
+ HttpApiEndpoint.put("configure", "/scopes/:scopeId/onepassword/config", {
184
+ params: ScopeParams,
185
+ payload: ConfigurePayload,
186
+ success: Schema3.Void,
187
+ error: [InternalError, OnePasswordError]
188
+ })
189
+ ).add(
190
+ HttpApiEndpoint.delete("removeConfig", "/scopes/:scopeId/onepassword/config", {
191
+ params: ScopeParams,
192
+ success: Schema3.Void,
193
+ error: [InternalError, OnePasswordError]
194
+ })
195
+ ).add(
196
+ HttpApiEndpoint.get("status", "/scopes/:scopeId/onepassword/status", {
197
+ params: ScopeParams,
198
+ success: ConnectionStatus,
199
+ error: [InternalError, OnePasswordError]
200
+ })
201
+ ).add(
202
+ HttpApiEndpoint.get("listVaults", "/scopes/:scopeId/onepassword/vaults", {
203
+ params: ScopeParams,
204
+ query: ListVaultsParams,
205
+ success: ListVaultsResponse,
206
+ error: [InternalError, OnePasswordError]
207
+ })
208
+ );
209
+
210
+ // src/api/handlers.ts
211
+ import { HttpApiBuilder } from "effect/unstable/httpapi";
212
+ import { Context as Context2, Effect as Effect2 } from "effect";
213
+ import { addGroup, capture } from "@executor-js/api";
214
+ var OnePasswordExtensionService = class extends Context2.Service()("OnePasswordExtensionService") {
215
+ };
216
+ var ExecutorApiWithOnePassword = addGroup(OnePasswordGroup);
217
+ var OnePasswordHandlers = HttpApiBuilder.group(
218
+ ExecutorApiWithOnePassword,
219
+ "onepassword",
220
+ (handlers) => handlers.handle(
221
+ "getConfig",
222
+ () => capture(Effect2.gen(function* () {
223
+ const ext = yield* OnePasswordExtensionService;
224
+ return yield* ext.getConfig();
225
+ }))
226
+ ).handle(
227
+ "configure",
228
+ ({ payload }) => capture(Effect2.gen(function* () {
229
+ const ext = yield* OnePasswordExtensionService;
230
+ yield* ext.configure(payload);
231
+ }))
232
+ ).handle(
233
+ "removeConfig",
234
+ () => capture(Effect2.gen(function* () {
235
+ const ext = yield* OnePasswordExtensionService;
236
+ yield* ext.removeConfig();
237
+ }))
238
+ ).handle(
239
+ "status",
240
+ () => capture(Effect2.gen(function* () {
241
+ const ext = yield* OnePasswordExtensionService;
242
+ return yield* ext.status();
243
+ }))
244
+ ).handle(
245
+ "listVaults",
246
+ ({ query: urlParams }) => capture(Effect2.gen(function* () {
247
+ const ext = yield* OnePasswordExtensionService;
248
+ const auth = urlParams.authKind === "desktop-app" ? { kind: "desktop-app", accountName: urlParams.account } : { kind: "service-account", tokenSecretId: urlParams.account };
249
+ const vaults = yield* ext.listVaults(auth);
250
+ return { vaults: [...vaults] };
251
+ }))
252
+ )
253
+ );
254
+
255
+ // src/sdk/plugin.ts
160
256
  var CREDENTIAL_FIELD = "credential";
161
257
  var DEFAULT_TIMEOUT_MS2 = 15e3;
162
258
  var CONFIG_KEY = "config";
163
- var decodeConfig = Schema3.decodeUnknownSync(OnePasswordConfig);
259
+ var decodeConfig = Schema4.decodeUnknownSync(OnePasswordConfig);
164
260
  var blobStorageError = (operation) => (cause) => new StorageError({
165
261
  message: `onepassword blob ${operation}: ${cause instanceof Error ? cause.message : String(cause)}`,
166
262
  cause
167
263
  });
168
264
  var makeOnePasswordStore = (blobs, writeScope) => ({
169
265
  getConfig: () => blobs.get(CONFIG_KEY).pipe(
170
- Effect2.mapError(blobStorageError("read")),
171
- Effect2.flatMap((raw) => {
172
- if (raw === null) return Effect2.succeed(null);
173
- return Effect2.try({
266
+ Effect3.mapError(blobStorageError("read")),
267
+ Effect3.flatMap((raw) => {
268
+ if (raw === null) return Effect3.succeed(null);
269
+ return Effect3.try({
174
270
  try: () => decodeConfig(JSON.parse(raw)),
175
271
  catch: (cause) => new OnePasswordError({
176
272
  operation: "config decode",
@@ -187,33 +283,33 @@ var makeOnePasswordStore = (blobs, writeScope) => ({
187
283
  name: config.name
188
284
  }),
189
285
  { scope: writeScope }
190
- ).pipe(Effect2.mapError(blobStorageError("write"))),
191
- deleteConfig: () => blobs.delete(CONFIG_KEY, { scope: writeScope }).pipe(Effect2.mapError(blobStorageError("delete")))
286
+ ).pipe(Effect3.mapError(blobStorageError("write"))),
287
+ deleteConfig: () => blobs.delete(CONFIG_KEY, { scope: writeScope }).pipe(Effect3.mapError(blobStorageError("delete")))
192
288
  });
193
289
  var resolveAuth = (auth, ctx) => {
194
290
  if (auth.kind === "desktop-app") {
195
- return Effect2.succeed({
291
+ return Effect3.succeed({
196
292
  kind: "desktop-app",
197
293
  accountName: auth.accountName
198
294
  });
199
295
  }
200
296
  return ctx.secrets.get(auth.tokenSecretId).pipe(
201
- Effect2.mapError(
297
+ Effect3.mapError(
202
298
  (err) => "_tag" in err && err._tag === "SecretOwnedByConnectionError" ? new OnePasswordError({
203
299
  operation: "auth resolution",
204
300
  message: `Service account token secret "${auth.tokenSecretId}" not found`
205
301
  }) : err
206
302
  ),
207
- Effect2.flatMap((token) => {
303
+ Effect3.flatMap((token) => {
208
304
  if (token === null) {
209
- return Effect2.fail(
305
+ return Effect3.fail(
210
306
  new OnePasswordError({
211
307
  operation: "auth resolution",
212
308
  message: `Service account token secret "${auth.tokenSecretId}" not found`
213
309
  })
214
310
  );
215
311
  }
216
- return Effect2.succeed({
312
+ return Effect3.succeed({
217
313
  kind: "service-account",
218
314
  token
219
315
  });
@@ -221,7 +317,7 @@ var resolveAuth = (auth, ctx) => {
221
317
  );
222
318
  };
223
319
  var getServiceFromConfig = (config, ctx, timeoutMs, preferSdk) => resolveAuth(config.auth, ctx).pipe(
224
- Effect2.flatMap(
320
+ Effect3.flatMap(
225
321
  (resolved) => makeOnePasswordService(resolved, { timeoutMs, preferSdk })
226
322
  )
227
323
  );
@@ -232,31 +328,31 @@ var makeProvider = (ctx, timeoutMs, preferSdk) => ({
232
328
  // arg isn't used for routing here. A future refactor could let the
233
329
  // plugin store per-scope vault bindings and pick based on `scope`.
234
330
  get: (secretId, _scope) => ctx.storage.getConfig().pipe(
235
- Effect2.flatMap((config) => {
236
- if (!config) return Effect2.succeed(null);
331
+ Effect3.flatMap((config) => {
332
+ if (!config) return Effect3.succeed(null);
237
333
  const uri = secretId.startsWith("op://") ? secretId : `op://${config.vaultId}/${secretId}/${CREDENTIAL_FIELD}`;
238
334
  return getServiceFromConfig(config, ctx, timeoutMs, preferSdk).pipe(
239
- Effect2.flatMap((svc) => svc.resolveSecret(uri)),
240
- Effect2.map((v) => v),
241
- Effect2.orElseSucceed(() => null)
335
+ Effect3.flatMap((svc) => svc.resolveSecret(uri)),
336
+ Effect3.map((v) => v),
337
+ Effect3.orElseSucceed(() => null)
242
338
  );
243
339
  }),
244
- Effect2.orElseSucceed(() => null)
340
+ Effect3.orElseSucceed(() => null)
245
341
  ),
246
342
  list: () => ctx.storage.getConfig().pipe(
247
- Effect2.flatMap((config) => {
343
+ Effect3.flatMap((config) => {
248
344
  if (!config)
249
- return Effect2.succeed(
345
+ return Effect3.succeed(
250
346
  []
251
347
  );
252
348
  return getServiceFromConfig(config, ctx, timeoutMs, preferSdk).pipe(
253
- Effect2.flatMap((svc) => svc.listItems(config.vaultId)),
254
- Effect2.map(
349
+ Effect3.flatMap((svc) => svc.listItems(config.vaultId)),
350
+ Effect3.map(
255
351
  (items) => items.map((item2) => ({ id: item2.id, name: item2.title }))
256
352
  )
257
353
  );
258
354
  }),
259
- Effect2.orElseSucceed(
355
+ Effect3.orElseSucceed(
260
356
  () => []
261
357
  )
262
358
  )
@@ -267,13 +363,14 @@ var onepasswordPlugin = definePlugin(
267
363
  const preferSdk = options?.preferSdk;
268
364
  return {
269
365
  id: "onepassword",
366
+ packageName: "@executor-js/plugin-onepassword",
270
367
  storage: ({ blobs, scopes }) => makeOnePasswordStore(blobs, scopes.at(-1).id),
271
368
  extension: (ctx) => {
272
369
  return {
273
370
  configure: (config) => ctx.storage.saveConfig(config),
274
371
  getConfig: () => ctx.storage.getConfig(),
275
372
  removeConfig: () => ctx.storage.deleteConfig(),
276
- status: () => Effect2.gen(function* () {
373
+ status: () => Effect3.gen(function* () {
277
374
  const config = yield* ctx.storage.getConfig();
278
375
  if (!config) {
279
376
  return new ConnectionStatus({
@@ -294,7 +391,7 @@ var onepasswordPlugin = definePlugin(
294
391
  vaultName: vault2?.title
295
392
  });
296
393
  }),
297
- listVaults: (auth) => Effect2.gen(function* () {
394
+ listVaults: (auth) => Effect3.gen(function* () {
298
395
  const resolved = yield* resolveAuth(auth, ctx);
299
396
  const svc = yield* makeOnePasswordService(resolved, {
300
397
  timeoutMs,
@@ -303,10 +400,10 @@ var onepasswordPlugin = definePlugin(
303
400
  const vaults = yield* svc.listVaults();
304
401
  return vaults.map((v) => new Vault({ id: v.id, name: v.title })).sort((a, b) => a.name.localeCompare(b.name));
305
402
  }),
306
- resolve: (uri) => Effect2.gen(function* () {
403
+ resolve: (uri) => Effect3.gen(function* () {
307
404
  const config = yield* ctx.storage.getConfig();
308
405
  if (!config) {
309
- return yield* Effect2.fail(
406
+ return yield* Effect3.fail(
310
407
  new OnePasswordError({
311
408
  operation: "resolve",
312
409
  message: "1Password is not configured"
@@ -323,19 +420,22 @@ var onepasswordPlugin = definePlugin(
323
420
  })
324
421
  };
325
422
  },
326
- secretProviders: (ctx) => [makeProvider(ctx, timeoutMs, preferSdk)]
423
+ secretProviders: (ctx) => [makeProvider(ctx, timeoutMs, preferSdk)],
424
+ routes: () => OnePasswordGroup,
425
+ handlers: () => OnePasswordHandlers,
426
+ extensionService: OnePasswordExtensionService
327
427
  };
328
428
  }
329
429
  );
330
430
 
331
431
  export {
432
+ OnePasswordError,
332
433
  DesktopAppAuth,
333
434
  ServiceAccountAuth,
334
435
  OnePasswordAuth,
335
436
  OnePasswordConfig,
336
437
  Vault,
337
438
  ConnectionStatus,
338
- OnePasswordError,
339
439
  OnePasswordServiceTag,
340
440
  makeNativeSdkService,
341
441
  makeCliService,
@@ -343,4 +443,4 @@ export {
343
443
  makeOnePasswordStore,
344
444
  onepasswordPlugin
345
445
  };
346
- //# sourceMappingURL=chunk-HWMHIFQL.js.map
446
+ //# sourceMappingURL=chunk-2NSVLCQP.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../src/sdk/errors.ts","../src/sdk/types.ts","../src/sdk/service.ts","../src/sdk/plugin.ts","../src/api/group.ts","../src/api/handlers.ts"],"sourcesContent":["import { Schema } from \"effect\";\n\nexport class OnePasswordError extends Schema.TaggedErrorClass<OnePasswordError>()(\n \"OnePasswordError\",\n {\n operation: Schema.String,\n message: Schema.String,\n },\n { httpApiStatus: 502 },\n) {}\n","import { Schema } from \"effect\";\n\n// ---------------------------------------------------------------------------\n// Auth — how to talk to 1Password\n// ---------------------------------------------------------------------------\n\nexport class DesktopAppAuth extends Schema.Class<DesktopAppAuth>(\"DesktopAppAuth\")({\n kind: Schema.Literal(\"desktop-app\"),\n /** 1Password account domain, e.g. \"my.1password.com\" */\n accountName: Schema.String,\n}) {}\n\nexport class ServiceAccountAuth extends Schema.Class<ServiceAccountAuth>(\"ServiceAccountAuth\")({\n kind: Schema.Literal(\"service-account\"),\n /** The service account token (stored as a secret) */\n tokenSecretId: Schema.String,\n}) {}\n\nexport const OnePasswordAuth = Schema.Union([DesktopAppAuth, ServiceAccountAuth]);\nexport type OnePasswordAuth = typeof OnePasswordAuth.Type;\n\n// ---------------------------------------------------------------------------\n// Stored config — persisted via KV\n// ---------------------------------------------------------------------------\n\nexport class OnePasswordConfig extends Schema.Class<OnePasswordConfig>(\"OnePasswordConfig\")({\n auth: OnePasswordAuth,\n /** Vault to scope operations to */\n vaultId: Schema.String,\n /** Human label */\n name: Schema.String,\n}) {}\n\n// ---------------------------------------------------------------------------\n// Vault\n// ---------------------------------------------------------------------------\n\nexport class Vault extends Schema.Class<Vault>(\"Vault\")({\n id: Schema.String,\n name: Schema.String,\n}) {}\n\n// ---------------------------------------------------------------------------\n// Connection status\n// ---------------------------------------------------------------------------\n\nexport class ConnectionStatus extends Schema.Class<ConnectionStatus>(\"ConnectionStatus\")({\n connected: Schema.Boolean,\n vaultName: Schema.optional(Schema.String),\n error: Schema.optional(Schema.String),\n}) {}\n","import { Context, Duration, Effect } from \"effect\";\nimport * as op from \"@1password/op-js\";\n\nimport { OnePasswordError } from \"./errors\";\n\n// ---------------------------------------------------------------------------\n// Canonical service interface — all backends (SDK, CLI) implement this\n// ---------------------------------------------------------------------------\n\nexport interface OnePasswordVault {\n readonly id: string;\n readonly title: string;\n}\n\nexport interface OnePasswordItem {\n readonly id: string;\n readonly title: string;\n}\n\nexport interface OnePasswordService {\n /** Resolve a secret by op:// URI */\n readonly resolveSecret: (uri: string) => Effect.Effect<string, OnePasswordError>;\n\n /** List accessible vaults */\n readonly listVaults: () => Effect.Effect<ReadonlyArray<OnePasswordVault>, OnePasswordError>;\n\n /** List items in a vault */\n readonly listItems: (\n vaultId: string,\n ) => Effect.Effect<ReadonlyArray<OnePasswordItem>, OnePasswordError>;\n}\n\nexport class OnePasswordServiceTag extends Context.Service<\n OnePasswordServiceTag,\n OnePasswordService\n>()(\"@executor-js/plugin-onepassword/OnePasswordService\") {}\n\n// ---------------------------------------------------------------------------\n// Resolved auth — raw credentials ready for any backend\n// ---------------------------------------------------------------------------\n\nexport type ResolvedAuth =\n | { readonly kind: \"desktop-app\"; readonly accountName: string }\n | { readonly kind: \"service-account\"; readonly token: string };\n\n// ---------------------------------------------------------------------------\n// SDK backend — uses @1password/sdk native IPC\n// ---------------------------------------------------------------------------\n\nconst DEFAULT_TIMEOUT_MS = 15_000;\ntype OnePasswordSdkModule = typeof import(\"@1password/sdk\");\n\nconst loadOnePasswordSdk = (): Effect.Effect<OnePasswordSdkModule, OnePasswordError> =>\n Effect.tryPromise({\n try: () => import(\"@1password/sdk\"),\n catch: (cause) =>\n new OnePasswordError({\n operation: \"sdk module load\",\n message: cause instanceof Error ? cause.message : String(cause),\n }),\n });\n\nconst makeTimeoutMessage = (operation: string, timeoutMs: number): string =>\n [\n `${operation}: timed out after ${Math.floor(timeoutMs / 1000)}s.`,\n \"Troubleshooting:\",\n \"1. Make sure the 1Password desktop app is open and unlocked\",\n \"2. Check for an approval prompt in the 1Password app — it may be behind other windows\",\n \"3. Ensure 'Developer > Connect with 1Password CLI' is enabled in 1Password Settings\",\n \"4. Make sure no other app or terminal is waiting for 1Password approval (only one prompt at a time)\",\n \"5. Try quitting 1Password completely and reopening it, then retry\",\n ].join(\"\\n\");\n\nconst timeoutWithOnePasswordError = (operation: string, timeoutMs: number) =>\n Effect.timeoutOrElse({\n duration: Duration.millis(timeoutMs),\n orElse: () =>\n Effect.fail(\n new OnePasswordError({\n operation,\n message: makeTimeoutMessage(operation, timeoutMs),\n }),\n ),\n });\n\nexport const makeNativeSdkService = (\n auth: ResolvedAuth,\n timeoutMs: number = DEFAULT_TIMEOUT_MS,\n): Effect.Effect<OnePasswordService, OnePasswordError> =>\n Effect.gen(function* () {\n const sdk = yield* loadOnePasswordSdk().pipe(\n timeoutWithOnePasswordError(\"sdk module load\", timeoutMs),\n );\n\n const client = yield* Effect.tryPromise({\n try: () =>\n sdk.createClient({\n auth: auth.kind === \"desktop-app\" ? new sdk.DesktopAuth(auth.accountName) : auth.token,\n integrationName: \"Executor\",\n integrationVersion: \"0.0.0\",\n }),\n catch: (cause) =>\n new OnePasswordError({\n operation: \"client setup\",\n message: cause instanceof Error ? cause.message : String(cause),\n }),\n }).pipe(\n timeoutWithOnePasswordError(\"client setup\", timeoutMs),\n );\n\n const wrap = <A>(fn: () => Promise<A>, operation: string): Effect.Effect<A, OnePasswordError> =>\n Effect.tryPromise({\n try: fn,\n catch: (cause) =>\n new OnePasswordError({\n operation,\n message: cause instanceof Error ? cause.message : String(cause),\n }),\n }).pipe(\n timeoutWithOnePasswordError(operation, timeoutMs),\n Effect.withSpan(`onepassword.sdk.${operation}`),\n );\n\n return OnePasswordServiceTag.of({\n resolveSecret: (uri) => wrap(() => client.secrets.resolve(uri), \"secret resolution\"),\n\n listVaults: () =>\n wrap(() => client.vaults.list({ decryptDetails: true }), \"vault listing\").pipe(\n Effect.map((vaults) => vaults.map((v) => ({ id: v.id, title: v.title }))),\n ),\n\n listItems: (vaultId) =>\n wrap(() => client.items.list(vaultId), \"item listing\").pipe(\n Effect.map((items) => items.map((i) => ({ id: i.id, title: i.title }))),\n ),\n });\n }).pipe(Effect.withSpan(\"onepassword.sdk.make_service\"));\n\n// ---------------------------------------------------------------------------\n// CLI backend — uses @1password/op-js (shells out to `op` CLI)\n// ---------------------------------------------------------------------------\n\nexport const makeCliService = (\n auth: ResolvedAuth,\n): Effect.Effect<OnePasswordService, OnePasswordError> =>\n Effect.sync(() => {\n // Configure auth\n if (auth.kind === \"service-account\") {\n op.setServiceAccount(auth.token);\n } else {\n op.setGlobalFlags({ account: auth.accountName });\n }\n\n const wrapSync = <A>(fn: () => A, operation: string): Effect.Effect<A, OnePasswordError> =>\n Effect.try({\n try: fn,\n catch: (cause) =>\n new OnePasswordError({\n operation,\n message: cause instanceof Error ? cause.message : String(cause),\n }),\n }).pipe(Effect.withSpan(`onepassword.cli.${operation}`));\n\n return OnePasswordServiceTag.of({\n resolveSecret: (uri) => wrapSync(() => op.read.parse(uri), \"secret resolution\"),\n\n listVaults: () =>\n wrapSync(() => op.vault.list(), \"vault listing\").pipe(\n Effect.map((vaults) => vaults.map((v) => ({ id: v.id, title: v.name }))),\n ),\n\n listItems: (vaultId) =>\n wrapSync(() => op.item.list({ vault: vaultId }), \"item listing\").pipe(\n Effect.map((items) => items.map((i) => ({ id: i.id, title: i.title }))),\n ),\n });\n }).pipe(Effect.withSpan(\"onepassword.cli.make_service\"));\n\n// ---------------------------------------------------------------------------\n// Smart factory — tries CLI first (avoids IPC hang), falls back to SDK\n// ---------------------------------------------------------------------------\n\nexport const makeOnePasswordService = (\n auth: ResolvedAuth,\n options?: { readonly preferSdk?: boolean; readonly timeoutMs?: number },\n): Effect.Effect<OnePasswordService, OnePasswordError> => {\n const timeoutMs = options?.timeoutMs ?? DEFAULT_TIMEOUT_MS;\n\n if (options?.preferSdk) {\n return makeNativeSdkService(auth, timeoutMs);\n }\n\n // Default: prefer CLI to avoid the IPC hang bug\n return makeCliService(auth).pipe(\n Effect.catch((cliError: OnePasswordError) =>\n // CLI unavailable (e.g. `op` not installed) — fall back to SDK\n makeNativeSdkService(auth, timeoutMs).pipe(Effect.mapError(() => cliError)),\n ),\n );\n};\n","import { Effect, Schema } from \"effect\";\n\nimport {\n definePlugin,\n StorageError,\n type PluginCtx,\n type PluginBlobStore,\n type SecretProvider,\n type StorageFailure,\n} from \"@executor-js/sdk/core\";\n\nimport { OnePasswordGroup } from \"../api/group\";\nimport {\n OnePasswordExtensionService,\n OnePasswordHandlers,\n} from \"../api/handlers\";\n\nimport { OnePasswordConfig, Vault, ConnectionStatus } from \"./types\";\nimport type { OnePasswordAuth } from \"./types\";\nimport { OnePasswordError } from \"./errors\";\nimport {\n makeOnePasswordService,\n type ResolvedAuth,\n type OnePasswordService,\n} from \"./service\";\n\n// ---------------------------------------------------------------------------\n// Constants\n// ---------------------------------------------------------------------------\n\nconst CREDENTIAL_FIELD = \"credential\";\nconst DEFAULT_TIMEOUT_MS = 15_000;\nconst CONFIG_KEY = \"config\";\n\n// ---------------------------------------------------------------------------\n// Shared failure alias.\n//\n// Every extension method either touches storage (`ctx.storage` blobs or\n// `ctx.secrets`) or reaches the 1Password backend. Storage I/O surfaces\n// as `StorageFailure`; the HTTP edge (`withCapture`) translates\n// `StorageError` to `InternalError({ traceId })`. Domain problems (not\n// configured, service-account token missing, backend RPC failure) stay\n// as `OnePasswordError` and encode to 502 via the schema annotation on\n// the class.\n// ---------------------------------------------------------------------------\n\nexport type OnePasswordExtensionFailure = OnePasswordError | StorageFailure;\n\n// ---------------------------------------------------------------------------\n// Plugin extension — public API on executor.onepassword\n// ---------------------------------------------------------------------------\n\nexport interface OnePasswordExtension {\n /** Configure the 1Password connection */\n readonly configure: (\n config: OnePasswordConfig,\n ) => Effect.Effect<void, StorageFailure>;\n\n /** Get current configuration (if any) */\n readonly getConfig: () => Effect.Effect<\n OnePasswordConfig | null,\n OnePasswordExtensionFailure\n >;\n\n /** Remove the 1Password configuration */\n readonly removeConfig: () => Effect.Effect<void, StorageFailure>;\n\n /** Check connection status */\n readonly status: () => Effect.Effect<\n ConnectionStatus,\n OnePasswordExtensionFailure\n >;\n\n /** List accessible vaults (requires auth) */\n readonly listVaults: (\n auth: OnePasswordAuth,\n ) => Effect.Effect<ReadonlyArray<Vault>, OnePasswordExtensionFailure>;\n\n /** Resolve a secret directly by op:// URI */\n readonly resolve: (\n uri: string,\n ) => Effect.Effect<string, OnePasswordExtensionFailure>;\n}\n\n// ---------------------------------------------------------------------------\n// Typed config store — single blob, JSON encoded. Blob I/O failures surface\n// as `StorageError` (HTTP edge translates to `InternalError`); decode\n// failures stay `OnePasswordError` — the blob's contents are a plugin\n// concern, not an infrastructure one.\n// ---------------------------------------------------------------------------\n\nexport interface OnePasswordStore {\n readonly getConfig: () => Effect.Effect<\n OnePasswordConfig | null,\n StorageError | OnePasswordError\n >;\n readonly saveConfig: (\n config: OnePasswordConfig,\n ) => Effect.Effect<void, StorageError>;\n readonly deleteConfig: () => Effect.Effect<void, StorageError>;\n}\n\nconst decodeConfig = Schema.decodeUnknownSync(OnePasswordConfig);\n\nconst blobStorageError = (operation: string) =>\n (cause: unknown): StorageError =>\n new StorageError({\n message: `onepassword blob ${operation}: ${\n cause instanceof Error ? cause.message : String(cause)\n }`,\n cause,\n });\n\nexport const makeOnePasswordStore = (\n blobs: PluginBlobStore,\n /** Scope id that owns the single 1Password config blob. Default is the\n * outermost scope (org/workspace) so the config is visible across\n * every per-user scope via the blob store's fall-through read. */\n writeScope: string,\n): OnePasswordStore => ({\n getConfig: () =>\n blobs.get(CONFIG_KEY).pipe(\n Effect.mapError(blobStorageError(\"read\")),\n Effect.flatMap((raw) => {\n if (raw === null) return Effect.succeed(null);\n return Effect.try({\n try: () => decodeConfig(JSON.parse(raw)),\n catch: (cause) =>\n new OnePasswordError({\n operation: \"config decode\",\n message: cause instanceof Error ? cause.message : String(cause),\n }),\n });\n }),\n ),\n\n saveConfig: (config) =>\n blobs\n .put(\n CONFIG_KEY,\n JSON.stringify({\n auth: config.auth,\n vaultId: config.vaultId,\n name: config.name,\n }),\n { scope: writeScope },\n )\n .pipe(Effect.mapError(blobStorageError(\"write\"))),\n\n deleteConfig: () =>\n blobs\n .delete(CONFIG_KEY, { scope: writeScope })\n .pipe(Effect.mapError(blobStorageError(\"delete\"))),\n});\n\n// ---------------------------------------------------------------------------\n// Helpers — auth resolution + service construction\n// ---------------------------------------------------------------------------\n\nconst resolveAuth = (\n auth: OnePasswordAuth,\n ctx: PluginCtx<OnePasswordStore>,\n): Effect.Effect<ResolvedAuth, OnePasswordError | StorageFailure> => {\n if (auth.kind === \"desktop-app\") {\n return Effect.succeed({\n kind: \"desktop-app\" as const,\n accountName: auth.accountName,\n });\n }\n return ctx.secrets.get(auth.tokenSecretId).pipe(\n Effect.mapError((err) =>\n \"_tag\" in err && err._tag === \"SecretOwnedByConnectionError\"\n ? new OnePasswordError({\n operation: \"auth resolution\",\n message: `Service account token secret \"${auth.tokenSecretId}\" not found`,\n })\n : err,\n ),\n Effect.flatMap((token) => {\n if (token === null) {\n return Effect.fail(\n new OnePasswordError({\n operation: \"auth resolution\",\n message: `Service account token secret \"${auth.tokenSecretId}\" not found`,\n }),\n );\n }\n return Effect.succeed({\n kind: \"service-account\" as const,\n token,\n });\n }),\n );\n};\n\nconst getServiceFromConfig = (\n config: OnePasswordConfig,\n ctx: PluginCtx<OnePasswordStore>,\n timeoutMs: number,\n preferSdk: boolean | undefined,\n): Effect.Effect<OnePasswordService, OnePasswordError | StorageFailure> =>\n resolveAuth(config.auth, ctx).pipe(\n Effect.flatMap((resolved) =>\n makeOnePasswordService(resolved, { timeoutMs, preferSdk }),\n ),\n );\n\n// ---------------------------------------------------------------------------\n// SecretProvider — read-only, resolves op:// URIs or vaultId-based lookups\n// ---------------------------------------------------------------------------\n\nconst makeProvider = (\n ctx: PluginCtx<OnePasswordStore>,\n timeoutMs: number,\n preferSdk: boolean | undefined,\n): SecretProvider => ({\n key: \"onepassword\",\n writable: false,\n\n // 1Password vaults are named in the stored config; the executor-scope\n // arg isn't used for routing here. A future refactor could let the\n // plugin store per-scope vault bindings and pick based on `scope`.\n get: (secretId, _scope) =>\n ctx.storage.getConfig().pipe(\n Effect.flatMap((config) => {\n if (!config) return Effect.succeed(null as string | null);\n\n const uri = secretId.startsWith(\"op://\")\n ? secretId\n : `op://${config.vaultId}/${secretId}/${CREDENTIAL_FIELD}`;\n\n return getServiceFromConfig(config, ctx, timeoutMs, preferSdk).pipe(\n Effect.flatMap((svc) => svc.resolveSecret(uri)),\n Effect.map((v): string | null => v),\n Effect.orElseSucceed(() => null),\n );\n }),\n Effect.orElseSucceed(() => null),\n ),\n\n list: () =>\n ctx.storage.getConfig().pipe(\n Effect.flatMap((config) => {\n if (!config)\n return Effect.succeed(\n [] as ReadonlyArray<{ id: string; name: string }>,\n );\n return getServiceFromConfig(config, ctx, timeoutMs, preferSdk).pipe(\n Effect.flatMap((svc) => svc.listItems(config.vaultId)),\n Effect.map(\n (items): ReadonlyArray<{ id: string; name: string }> =>\n items.map((item) => ({ id: item.id, name: item.title })),\n ),\n );\n }),\n Effect.orElseSucceed(\n () => [] as ReadonlyArray<{ id: string; name: string }>,\n ),\n ),\n});\n\n// ---------------------------------------------------------------------------\n// Plugin factory\n// ---------------------------------------------------------------------------\n\nexport interface OnePasswordPluginOptions {\n /** Request timeout in ms (default: 15000) */\n readonly timeoutMs?: number;\n /** Force use of the native SDK instead of the CLI (default: false) */\n readonly preferSdk?: boolean;\n}\n\nexport const onepasswordPlugin = definePlugin(\n (options?: OnePasswordPluginOptions) => {\n const timeoutMs = options?.timeoutMs ?? DEFAULT_TIMEOUT_MS;\n const preferSdk = options?.preferSdk;\n\n return {\n id: \"onepassword\" as const,\n packageName: \"@executor-js/plugin-onepassword\",\n storage: ({ blobs, scopes }) =>\n makeOnePasswordStore(blobs, scopes.at(-1)!.id as string),\n\n extension: (ctx) => {\n return {\n configure: (config) => ctx.storage.saveConfig(config),\n\n getConfig: () => ctx.storage.getConfig(),\n\n removeConfig: () => ctx.storage.deleteConfig(),\n\n status: () =>\n Effect.gen(function* () {\n const config = yield* ctx.storage.getConfig();\n if (!config) {\n return new ConnectionStatus({\n connected: false,\n error: \"Not configured\",\n });\n }\n const svc = yield* getServiceFromConfig(\n config,\n ctx,\n timeoutMs,\n preferSdk,\n );\n const vaults = yield* svc.listVaults();\n const vault = vaults.find((v) => v.id === config.vaultId);\n return new ConnectionStatus({\n connected: true,\n vaultName: vault?.title,\n });\n }),\n\n listVaults: (auth) =>\n Effect.gen(function* () {\n const resolved = yield* resolveAuth(auth, ctx);\n const svc = yield* makeOnePasswordService(resolved, {\n timeoutMs,\n preferSdk,\n });\n const vaults = yield* svc.listVaults();\n return vaults\n .map((v) => new Vault({ id: v.id, name: v.title }))\n .sort((a, b) => a.name.localeCompare(b.name));\n }),\n\n resolve: (uri) =>\n Effect.gen(function* () {\n const config = yield* ctx.storage.getConfig();\n if (!config) {\n return yield* Effect.fail(\n new OnePasswordError({\n operation: \"resolve\",\n message: \"1Password is not configured\",\n }),\n );\n }\n const svc = yield* getServiceFromConfig(\n config,\n ctx,\n timeoutMs,\n preferSdk,\n );\n return yield* svc.resolveSecret(uri);\n }),\n } satisfies OnePasswordExtension;\n },\n\n secretProviders: (ctx) => [makeProvider(ctx, timeoutMs, preferSdk)],\n\n routes: () => OnePasswordGroup,\n handlers: () => OnePasswordHandlers,\n extensionService: OnePasswordExtensionService,\n };\n },\n);\n","import { HttpApiEndpoint, HttpApiGroup } from \"effect/unstable/httpapi\";\nimport { Schema } from \"effect\";\nimport { ScopeId } from \"@executor-js/sdk/core\";\nimport { InternalError } from \"@executor-js/api\";\n\nimport { OnePasswordError } from \"../sdk/errors\";\nimport { OnePasswordConfig, Vault, ConnectionStatus } from \"../sdk/types\";\n\n// ---------------------------------------------------------------------------\n// Params\n// ---------------------------------------------------------------------------\n\nconst ScopeParams = { scopeId: ScopeId };\n\n// ---------------------------------------------------------------------------\n// Payloads\n// ---------------------------------------------------------------------------\n\nconst ConfigurePayload = OnePasswordConfig;\n\nconst ListVaultsParams = Schema.Struct({\n authKind: Schema.Literals([\"desktop-app\", \"service-account\"]),\n account: Schema.String,\n});\n\n// ---------------------------------------------------------------------------\n// Responses\n// ---------------------------------------------------------------------------\n\nconst ListVaultsResponse = Schema.Struct({\n vaults: Schema.Array(Vault),\n});\n\nconst GetConfigResponse = Schema.NullOr(OnePasswordConfig);\n\n// ---------------------------------------------------------------------------\n// Group\n//\n// Plugin SDK errors (OnePasswordError) are declared once at the group level\n// via `.addError(...)` — every endpoint inherits. The error carries its own\n// 502 status via `HttpApiSchema.annotations` in errors.ts.\n//\n// `InternalError` is the shared opaque 500 schema translated at the HTTP\n// edge by `withCapture` (see observability.ts). Storage failures on\n// `ctx.storage`/`ctx.secrets` flow through as `StorageFailure` in the\n// typed channel and are captured + downgraded to `InternalError({ traceId })`\n// at Layer composition. No per-handler translation.\n// ---------------------------------------------------------------------------\n\nexport const OnePasswordGroup = HttpApiGroup.make(\"onepassword\")\n .add(\n HttpApiEndpoint.get(\"getConfig\", \"/scopes/:scopeId/onepassword/config\", {\n params: ScopeParams,\n success: GetConfigResponse,\n error: [InternalError, OnePasswordError],\n }),\n )\n .add(\n HttpApiEndpoint.put(\"configure\", \"/scopes/:scopeId/onepassword/config\", {\n params: ScopeParams,\n payload: ConfigurePayload,\n success: Schema.Void,\n error: [InternalError, OnePasswordError],\n }),\n )\n .add(\n HttpApiEndpoint.delete(\"removeConfig\", \"/scopes/:scopeId/onepassword/config\", {\n params: ScopeParams,\n success: Schema.Void,\n error: [InternalError, OnePasswordError],\n }),\n )\n .add(\n HttpApiEndpoint.get(\"status\", \"/scopes/:scopeId/onepassword/status\", {\n params: ScopeParams,\n success: ConnectionStatus,\n error: [InternalError, OnePasswordError],\n }),\n )\n .add(\n HttpApiEndpoint.get(\"listVaults\", \"/scopes/:scopeId/onepassword/vaults\", {\n params: ScopeParams,\n query: ListVaultsParams,\n success: ListVaultsResponse,\n error: [InternalError, OnePasswordError],\n }),\n );\n","import { HttpApiBuilder } from \"effect/unstable/httpapi\";\nimport { Context, Effect } from \"effect\";\n\nimport { addGroup, capture } from \"@executor-js/api\";\nimport type { OnePasswordExtension } from \"../sdk/plugin\";\nimport { OnePasswordGroup } from \"./group\";\n\n// ---------------------------------------------------------------------------\n// Service tag\n//\n// Holds the `Captured` shape — every method's `StorageFailure` channel has\n// been swapped for `InternalError({ traceId })`. The host provides an\n// already-wrapped extension via\n// `Layer.succeed(OnePasswordExtensionService, withCapture(executor).onepassword)`.\n// Handlers see `InternalError` in the error union, which matches\n// `.addError(InternalError)` on the group — no per-handler translation.\n// ---------------------------------------------------------------------------\n\nexport class OnePasswordExtensionService extends Context.Service<OnePasswordExtensionService, OnePasswordExtension\n>()(\"OnePasswordExtensionService\") {}\n\n// ---------------------------------------------------------------------------\n// Composed API — core + onepassword group\n// ---------------------------------------------------------------------------\n\nconst ExecutorApiWithOnePassword = addGroup(OnePasswordGroup);\n\n// ---------------------------------------------------------------------------\n// Handlers\n//\n// Each handler is exactly: yield the extension service, call the method,\n// return. Plugin SDK errors flow through the typed channel and are\n// schema-encoded (OnePasswordError -> 502) by HttpApi. Defects bubble up\n// and are captured + downgraded to `InternalError(traceId)` by the\n// observability middleware.\n// ---------------------------------------------------------------------------\n\nexport const OnePasswordHandlers = HttpApiBuilder.group(\n ExecutorApiWithOnePassword,\n \"onepassword\",\n (handlers) =>\n handlers\n .handle(\"getConfig\", () =>\n capture(Effect.gen(function* () {\n const ext = yield* OnePasswordExtensionService;\n return yield* ext.getConfig();\n })),\n )\n .handle(\"configure\", ({ payload }) =>\n capture(Effect.gen(function* () {\n const ext = yield* OnePasswordExtensionService;\n yield* ext.configure(payload);\n })),\n )\n .handle(\"removeConfig\", () =>\n capture(Effect.gen(function* () {\n const ext = yield* OnePasswordExtensionService;\n yield* ext.removeConfig();\n })),\n )\n .handle(\"status\", () =>\n capture(Effect.gen(function* () {\n const ext = yield* OnePasswordExtensionService;\n return yield* ext.status();\n })),\n )\n .handle(\"listVaults\", ({ query: urlParams }) =>\n capture(Effect.gen(function* () {\n const ext = yield* OnePasswordExtensionService;\n const auth =\n urlParams.authKind === \"desktop-app\"\n ? { kind: \"desktop-app\" as const, accountName: urlParams.account }\n : { kind: \"service-account\" as const, tokenSecretId: urlParams.account };\n const vaults = yield* ext.listVaults(auth);\n return { vaults: [...vaults] };\n })),\n ),\n);\n"],"mappings":";AAAA,SAAS,cAAc;AAEhB,IAAM,mBAAN,cAA+B,OAAO,iBAAmC;AAAA,EAC9E;AAAA,EACA;AAAA,IACE,WAAW,OAAO;AAAA,IAClB,SAAS,OAAO;AAAA,EAClB;AAAA,EACA,EAAE,eAAe,IAAI;AACvB,EAAE;AAAC;;;ACTH,SAAS,UAAAA,eAAc;AAMhB,IAAM,iBAAN,cAA6BA,QAAO,MAAsB,gBAAgB,EAAE;AAAA,EACjF,MAAMA,QAAO,QAAQ,aAAa;AAAA;AAAA,EAElC,aAAaA,QAAO;AACtB,CAAC,EAAE;AAAC;AAEG,IAAM,qBAAN,cAAiCA,QAAO,MAA0B,oBAAoB,EAAE;AAAA,EAC7F,MAAMA,QAAO,QAAQ,iBAAiB;AAAA;AAAA,EAEtC,eAAeA,QAAO;AACxB,CAAC,EAAE;AAAC;AAEG,IAAM,kBAAkBA,QAAO,MAAM,CAAC,gBAAgB,kBAAkB,CAAC;AAOzE,IAAM,oBAAN,cAAgCA,QAAO,MAAyB,mBAAmB,EAAE;AAAA,EAC1F,MAAM;AAAA;AAAA,EAEN,SAASA,QAAO;AAAA;AAAA,EAEhB,MAAMA,QAAO;AACf,CAAC,EAAE;AAAC;AAMG,IAAM,QAAN,cAAoBA,QAAO,MAAa,OAAO,EAAE;AAAA,EACtD,IAAIA,QAAO;AAAA,EACX,MAAMA,QAAO;AACf,CAAC,EAAE;AAAC;AAMG,IAAM,mBAAN,cAA+BA,QAAO,MAAwB,kBAAkB,EAAE;AAAA,EACvF,WAAWA,QAAO;AAAA,EAClB,WAAWA,QAAO,SAASA,QAAO,MAAM;AAAA,EACxC,OAAOA,QAAO,SAASA,QAAO,MAAM;AACtC,CAAC,EAAE;AAAC;;;AClDJ,SAAS,SAAS,UAAU,cAAc;AAC1C,YAAY,QAAQ;AA+Bb,IAAM,wBAAN,cAAoC,QAAQ,QAGjD,EAAE,oDAAoD,EAAE;AAAC;AAc3D,IAAM,qBAAqB;AAG3B,IAAM,qBAAqB,MACzB,OAAO,WAAW;AAAA,EAChB,KAAK,MAAM,OAAO,gBAAgB;AAAA,EAClC,OAAO,CAAC,UACN,IAAI,iBAAiB;AAAA,IACnB,WAAW;AAAA,IACX,SAAS,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAAA,EAChE,CAAC;AACL,CAAC;AAEH,IAAM,qBAAqB,CAAC,WAAmB,cAC7C;AAAA,EACE,GAAG,SAAS,qBAAqB,KAAK,MAAM,YAAY,GAAI,CAAC;AAAA,EAC7D;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,EAAE,KAAK,IAAI;AAEb,IAAM,8BAA8B,CAAC,WAAmB,cACtD,OAAO,cAAc;AAAA,EACnB,UAAU,SAAS,OAAO,SAAS;AAAA,EACnC,QAAQ,MACN,OAAO;AAAA,IACL,IAAI,iBAAiB;AAAA,MACnB;AAAA,MACA,SAAS,mBAAmB,WAAW,SAAS;AAAA,IAClD,CAAC;AAAA,EACH;AACJ,CAAC;AAEI,IAAM,uBAAuB,CAClC,MACA,YAAoB,uBAEpB,OAAO,IAAI,aAAa;AACtB,QAAM,MAAM,OAAO,mBAAmB,EAAE;AAAA,IACtC,4BAA4B,mBAAmB,SAAS;AAAA,EAC1D;AAEA,QAAM,SAAS,OAAO,OAAO,WAAW;AAAA,IACtC,KAAK,MACH,IAAI,aAAa;AAAA,MACf,MAAM,KAAK,SAAS,gBAAgB,IAAI,IAAI,YAAY,KAAK,WAAW,IAAI,KAAK;AAAA,MACjF,iBAAiB;AAAA,MACjB,oBAAoB;AAAA,IACtB,CAAC;AAAA,IACH,OAAO,CAAC,UACN,IAAI,iBAAiB;AAAA,MACnB,WAAW;AAAA,MACX,SAAS,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAAA,IAChE,CAAC;AAAA,EACL,CAAC,EAAE;AAAA,IACD,4BAA4B,gBAAgB,SAAS;AAAA,EACvD;AAEA,QAAM,OAAO,CAAI,IAAsB,cACrC,OAAO,WAAW;AAAA,IAChB,KAAK;AAAA,IACL,OAAO,CAAC,UACN,IAAI,iBAAiB;AAAA,MACnB;AAAA,MACA,SAAS,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAAA,IAChE,CAAC;AAAA,EACL,CAAC,EAAE;AAAA,IACD,4BAA4B,WAAW,SAAS;AAAA,IAChD,OAAO,SAAS,mBAAmB,SAAS,EAAE;AAAA,EAChD;AAEF,SAAO,sBAAsB,GAAG;AAAA,IAC9B,eAAe,CAAC,QAAQ,KAAK,MAAM,OAAO,QAAQ,QAAQ,GAAG,GAAG,mBAAmB;AAAA,IAEnF,YAAY,MACV,KAAK,MAAM,OAAO,OAAO,KAAK,EAAE,gBAAgB,KAAK,CAAC,GAAG,eAAe,EAAE;AAAA,MACxE,OAAO,IAAI,CAAC,WAAW,OAAO,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,IAAI,OAAO,EAAE,MAAM,EAAE,CAAC;AAAA,IAC1E;AAAA,IAEF,WAAW,CAAC,YACV,KAAK,MAAM,OAAO,MAAM,KAAK,OAAO,GAAG,cAAc,EAAE;AAAA,MACrD,OAAO,IAAI,CAAC,UAAU,MAAM,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,IAAI,OAAO,EAAE,MAAM,EAAE,CAAC;AAAA,IACxE;AAAA,EACJ,CAAC;AACH,CAAC,EAAE,KAAK,OAAO,SAAS,8BAA8B,CAAC;AAMlD,IAAM,iBAAiB,CAC5B,SAEA,OAAO,KAAK,MAAM;AAEhB,MAAI,KAAK,SAAS,mBAAmB;AACnC,IAAG,qBAAkB,KAAK,KAAK;AAAA,EACjC,OAAO;AACL,IAAG,kBAAe,EAAE,SAAS,KAAK,YAAY,CAAC;AAAA,EACjD;AAEA,QAAM,WAAW,CAAI,IAAa,cAChC,OAAO,IAAI;AAAA,IACT,KAAK;AAAA,IACL,OAAO,CAAC,UACN,IAAI,iBAAiB;AAAA,MACnB;AAAA,MACA,SAAS,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAAA,IAChE,CAAC;AAAA,EACL,CAAC,EAAE,KAAK,OAAO,SAAS,mBAAmB,SAAS,EAAE,CAAC;AAEzD,SAAO,sBAAsB,GAAG;AAAA,IAC9B,eAAe,CAAC,QAAQ,SAAS,MAAS,QAAK,MAAM,GAAG,GAAG,mBAAmB;AAAA,IAE9E,YAAY,MACV,SAAS,MAAS,SAAM,KAAK,GAAG,eAAe,EAAE;AAAA,MAC/C,OAAO,IAAI,CAAC,WAAW,OAAO,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,IAAI,OAAO,EAAE,KAAK,EAAE,CAAC;AAAA,IACzE;AAAA,IAEF,WAAW,CAAC,YACV,SAAS,MAAS,QAAK,KAAK,EAAE,OAAO,QAAQ,CAAC,GAAG,cAAc,EAAE;AAAA,MAC/D,OAAO,IAAI,CAAC,UAAU,MAAM,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,IAAI,OAAO,EAAE,MAAM,EAAE,CAAC;AAAA,IACxE;AAAA,EACJ,CAAC;AACH,CAAC,EAAE,KAAK,OAAO,SAAS,8BAA8B,CAAC;AAMlD,IAAM,yBAAyB,CACpC,MACA,YACwD;AACxD,QAAM,YAAY,SAAS,aAAa;AAExC,MAAI,SAAS,WAAW;AACtB,WAAO,qBAAqB,MAAM,SAAS;AAAA,EAC7C;AAGA,SAAO,eAAe,IAAI,EAAE;AAAA,IAC1B,OAAO;AAAA,MAAM,CAAC;AAAA;AAAA,QAEZ,qBAAqB,MAAM,SAAS,EAAE,KAAK,OAAO,SAAS,MAAM,QAAQ,CAAC;AAAA;AAAA,IAC5E;AAAA,EACF;AACF;;;ACvMA,SAAS,UAAAC,SAAQ,UAAAC,eAAc;AAE/B;AAAA,EACE;AAAA,EACA;AAAA,OAKK;;;ACTP,SAAS,iBAAiB,oBAAoB;AAC9C,SAAS,UAAAC,eAAc;AACvB,SAAS,eAAe;AACxB,SAAS,qBAAqB;AAS9B,IAAM,cAAc,EAAE,SAAS,QAAQ;AAMvC,IAAM,mBAAmB;AAEzB,IAAM,mBAAmBC,QAAO,OAAO;AAAA,EACrC,UAAUA,QAAO,SAAS,CAAC,eAAe,iBAAiB,CAAC;AAAA,EAC5D,SAASA,QAAO;AAClB,CAAC;AAMD,IAAM,qBAAqBA,QAAO,OAAO;AAAA,EACvC,QAAQA,QAAO,MAAM,KAAK;AAC5B,CAAC;AAED,IAAM,oBAAoBA,QAAO,OAAO,iBAAiB;AAgBlD,IAAM,mBAAmB,aAAa,KAAK,aAAa,EAC5D;AAAA,EACC,gBAAgB,IAAI,aAAa,uCAAuC;AAAA,IACtE,QAAQ;AAAA,IACR,SAAS;AAAA,IACT,OAAO,CAAC,eAAe,gBAAgB;AAAA,EACzC,CAAC;AACH,EACC;AAAA,EACC,gBAAgB,IAAI,aAAa,uCAAuC;AAAA,IACtE,QAAQ;AAAA,IACR,SAAS;AAAA,IACT,SAASA,QAAO;AAAA,IAChB,OAAO,CAAC,eAAe,gBAAgB;AAAA,EACzC,CAAC;AACH,EACC;AAAA,EACC,gBAAgB,OAAO,gBAAgB,uCAAuC;AAAA,IAC5E,QAAQ;AAAA,IACR,SAASA,QAAO;AAAA,IAChB,OAAO,CAAC,eAAe,gBAAgB;AAAA,EACzC,CAAC;AACH,EACC;AAAA,EACC,gBAAgB,IAAI,UAAU,uCAAuC;AAAA,IACnE,QAAQ;AAAA,IACR,SAAS;AAAA,IACT,OAAO,CAAC,eAAe,gBAAgB;AAAA,EACzC,CAAC;AACH,EACC;AAAA,EACC,gBAAgB,IAAI,cAAc,uCAAuC;AAAA,IACvE,QAAQ;AAAA,IACR,OAAO;AAAA,IACP,SAAS;AAAA,IACT,OAAO,CAAC,eAAe,gBAAgB;AAAA,EACzC,CAAC;AACH;;;ACtFF,SAAS,sBAAsB;AAC/B,SAAS,WAAAC,UAAS,UAAAC,eAAc;AAEhC,SAAS,UAAU,eAAe;AAe3B,IAAM,8BAAN,cAA0CC,SAAQ,QACvD,EAAE,6BAA6B,EAAE;AAAC;AAMpC,IAAM,6BAA6B,SAAS,gBAAgB;AAYrD,IAAM,sBAAsB,eAAe;AAAA,EAChD;AAAA,EACA;AAAA,EACA,CAAC,aACC,SACG;AAAA,IAAO;AAAA,IAAa,MACnB,QAAQC,QAAO,IAAI,aAAa;AAC9B,YAAM,MAAM,OAAO;AACnB,aAAO,OAAO,IAAI,UAAU;AAAA,IAC9B,CAAC,CAAC;AAAA,EACJ,EACC;AAAA,IAAO;AAAA,IAAa,CAAC,EAAE,QAAQ,MAC9B,QAAQA,QAAO,IAAI,aAAa;AAC9B,YAAM,MAAM,OAAO;AACnB,aAAO,IAAI,UAAU,OAAO;AAAA,IAC9B,CAAC,CAAC;AAAA,EACJ,EACC;AAAA,IAAO;AAAA,IAAgB,MACtB,QAAQA,QAAO,IAAI,aAAa;AAC9B,YAAM,MAAM,OAAO;AACnB,aAAO,IAAI,aAAa;AAAA,IAC1B,CAAC,CAAC;AAAA,EACJ,EACC;AAAA,IAAO;AAAA,IAAU,MAChB,QAAQA,QAAO,IAAI,aAAa;AAC9B,YAAM,MAAM,OAAO;AACnB,aAAO,OAAO,IAAI,OAAO;AAAA,IAC3B,CAAC,CAAC;AAAA,EACJ,EACC;AAAA,IAAO;AAAA,IAAc,CAAC,EAAE,OAAO,UAAU,MACxC,QAAQA,QAAO,IAAI,aAAa;AAC9B,YAAM,MAAM,OAAO;AACnB,YAAM,OACJ,UAAU,aAAa,gBACnB,EAAE,MAAM,eAAwB,aAAa,UAAU,QAAQ,IAC/D,EAAE,MAAM,mBAA4B,eAAe,UAAU,QAAQ;AAC3E,YAAM,SAAS,OAAO,IAAI,WAAW,IAAI;AACzC,aAAO,EAAE,QAAQ,CAAC,GAAG,MAAM,EAAE;AAAA,IAC/B,CAAC,CAAC;AAAA,EACJ;AACN;;;AF/CA,IAAM,mBAAmB;AACzB,IAAMC,sBAAqB;AAC3B,IAAM,aAAa;AAsEnB,IAAM,eAAeC,QAAO,kBAAkB,iBAAiB;AAE/D,IAAM,mBAAmB,CAAC,cACxB,CAAC,UACC,IAAI,aAAa;AAAA,EACf,SAAS,oBAAoB,SAAS,KACpC,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK,CACvD;AAAA,EACA;AACF,CAAC;AAEE,IAAM,uBAAuB,CAClC,OAIA,gBACsB;AAAA,EACtB,WAAW,MACT,MAAM,IAAI,UAAU,EAAE;AAAA,IACpBC,QAAO,SAAS,iBAAiB,MAAM,CAAC;AAAA,IACxCA,QAAO,QAAQ,CAAC,QAAQ;AACtB,UAAI,QAAQ,KAAM,QAAOA,QAAO,QAAQ,IAAI;AAC5C,aAAOA,QAAO,IAAI;AAAA,QAChB,KAAK,MAAM,aAAa,KAAK,MAAM,GAAG,CAAC;AAAA,QACvC,OAAO,CAAC,UACN,IAAI,iBAAiB;AAAA,UACnB,WAAW;AAAA,UACX,SAAS,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAAA,QAChE,CAAC;AAAA,MACL,CAAC;AAAA,IACH,CAAC;AAAA,EACH;AAAA,EAEF,YAAY,CAAC,WACX,MACG;AAAA,IACC;AAAA,IACA,KAAK,UAAU;AAAA,MACb,MAAM,OAAO;AAAA,MACb,SAAS,OAAO;AAAA,MAChB,MAAM,OAAO;AAAA,IACf,CAAC;AAAA,IACD,EAAE,OAAO,WAAW;AAAA,EACtB,EACC,KAAKA,QAAO,SAAS,iBAAiB,OAAO,CAAC,CAAC;AAAA,EAEpD,cAAc,MACZ,MACG,OAAO,YAAY,EAAE,OAAO,WAAW,CAAC,EACxC,KAAKA,QAAO,SAAS,iBAAiB,QAAQ,CAAC,CAAC;AACvD;AAMA,IAAM,cAAc,CAClB,MACA,QACmE;AACnE,MAAI,KAAK,SAAS,eAAe;AAC/B,WAAOA,QAAO,QAAQ;AAAA,MACpB,MAAM;AAAA,MACN,aAAa,KAAK;AAAA,IACpB,CAAC;AAAA,EACH;AACA,SAAO,IAAI,QAAQ,IAAI,KAAK,aAAa,EAAE;AAAA,IACzCA,QAAO;AAAA,MAAS,CAAC,QACf,UAAU,OAAO,IAAI,SAAS,iCAC1B,IAAI,iBAAiB;AAAA,QACnB,WAAW;AAAA,QACX,SAAS,iCAAiC,KAAK,aAAa;AAAA,MAC9D,CAAC,IACD;AAAA,IACN;AAAA,IACAA,QAAO,QAAQ,CAAC,UAAU;AACxB,UAAI,UAAU,MAAM;AAClB,eAAOA,QAAO;AAAA,UACZ,IAAI,iBAAiB;AAAA,YACnB,WAAW;AAAA,YACX,SAAS,iCAAiC,KAAK,aAAa;AAAA,UAC9D,CAAC;AAAA,QACH;AAAA,MACF;AACA,aAAOA,QAAO,QAAQ;AAAA,QACpB,MAAM;AAAA,QACN;AAAA,MACF,CAAC;AAAA,IACH,CAAC;AAAA,EACH;AACF;AAEA,IAAM,uBAAuB,CAC3B,QACA,KACA,WACA,cAEA,YAAY,OAAO,MAAM,GAAG,EAAE;AAAA,EAC5BA,QAAO;AAAA,IAAQ,CAAC,aACd,uBAAuB,UAAU,EAAE,WAAW,UAAU,CAAC;AAAA,EAC3D;AACF;AAMF,IAAM,eAAe,CACnB,KACA,WACA,eACoB;AAAA,EACpB,KAAK;AAAA,EACL,UAAU;AAAA;AAAA;AAAA;AAAA,EAKV,KAAK,CAAC,UAAU,WACd,IAAI,QAAQ,UAAU,EAAE;AAAA,IACtBA,QAAO,QAAQ,CAAC,WAAW;AACzB,UAAI,CAAC,OAAQ,QAAOA,QAAO,QAAQ,IAAqB;AAExD,YAAM,MAAM,SAAS,WAAW,OAAO,IACnC,WACA,QAAQ,OAAO,OAAO,IAAI,QAAQ,IAAI,gBAAgB;AAE1D,aAAO,qBAAqB,QAAQ,KAAK,WAAW,SAAS,EAAE;AAAA,QAC7DA,QAAO,QAAQ,CAAC,QAAQ,IAAI,cAAc,GAAG,CAAC;AAAA,QAC9CA,QAAO,IAAI,CAAC,MAAqB,CAAC;AAAA,QAClCA,QAAO,cAAc,MAAM,IAAI;AAAA,MACjC;AAAA,IACF,CAAC;AAAA,IACDA,QAAO,cAAc,MAAM,IAAI;AAAA,EACjC;AAAA,EAEF,MAAM,MACJ,IAAI,QAAQ,UAAU,EAAE;AAAA,IACtBA,QAAO,QAAQ,CAAC,WAAW;AACzB,UAAI,CAAC;AACH,eAAOA,QAAO;AAAA,UACZ,CAAC;AAAA,QACH;AACF,aAAO,qBAAqB,QAAQ,KAAK,WAAW,SAAS,EAAE;AAAA,QAC7DA,QAAO,QAAQ,CAAC,QAAQ,IAAI,UAAU,OAAO,OAAO,CAAC;AAAA,QACrDA,QAAO;AAAA,UACL,CAAC,UACC,MAAM,IAAI,CAACC,WAAU,EAAE,IAAIA,MAAK,IAAI,MAAMA,MAAK,MAAM,EAAE;AAAA,QAC3D;AAAA,MACF;AAAA,IACF,CAAC;AAAA,IACDD,QAAO;AAAA,MACL,MAAM,CAAC;AAAA,IACT;AAAA,EACF;AACJ;AAaO,IAAM,oBAAoB;AAAA,EAC/B,CAAC,YAAuC;AACtC,UAAM,YAAY,SAAS,aAAaF;AACxC,UAAM,YAAY,SAAS;AAE3B,WAAO;AAAA,MACL,IAAI;AAAA,MACJ,aAAa;AAAA,MACb,SAAS,CAAC,EAAE,OAAO,OAAO,MACxB,qBAAqB,OAAO,OAAO,GAAG,EAAE,EAAG,EAAY;AAAA,MAEzD,WAAW,CAAC,QAAQ;AAClB,eAAO;AAAA,UACL,WAAW,CAAC,WAAW,IAAI,QAAQ,WAAW,MAAM;AAAA,UAEpD,WAAW,MAAM,IAAI,QAAQ,UAAU;AAAA,UAEvC,cAAc,MAAM,IAAI,QAAQ,aAAa;AAAA,UAE7C,QAAQ,MACNE,QAAO,IAAI,aAAa;AACtB,kBAAM,SAAS,OAAO,IAAI,QAAQ,UAAU;AAC5C,gBAAI,CAAC,QAAQ;AACX,qBAAO,IAAI,iBAAiB;AAAA,gBAC1B,WAAW;AAAA,gBACX,OAAO;AAAA,cACT,CAAC;AAAA,YACH;AACA,kBAAM,MAAM,OAAO;AAAA,cACjB;AAAA,cACA;AAAA,cACA;AAAA,cACA;AAAA,YACF;AACA,kBAAM,SAAS,OAAO,IAAI,WAAW;AACrC,kBAAME,SAAQ,OAAO,KAAK,CAAC,MAAM,EAAE,OAAO,OAAO,OAAO;AACxD,mBAAO,IAAI,iBAAiB;AAAA,cAC1B,WAAW;AAAA,cACX,WAAWA,QAAO;AAAA,YACpB,CAAC;AAAA,UACH,CAAC;AAAA,UAEH,YAAY,CAAC,SACXF,QAAO,IAAI,aAAa;AACtB,kBAAM,WAAW,OAAO,YAAY,MAAM,GAAG;AAC7C,kBAAM,MAAM,OAAO,uBAAuB,UAAU;AAAA,cAClD;AAAA,cACA;AAAA,YACF,CAAC;AACD,kBAAM,SAAS,OAAO,IAAI,WAAW;AACrC,mBAAO,OACJ,IAAI,CAAC,MAAM,IAAI,MAAM,EAAE,IAAI,EAAE,IAAI,MAAM,EAAE,MAAM,CAAC,CAAC,EACjD,KAAK,CAAC,GAAG,MAAM,EAAE,KAAK,cAAc,EAAE,IAAI,CAAC;AAAA,UAChD,CAAC;AAAA,UAEH,SAAS,CAAC,QACRA,QAAO,IAAI,aAAa;AACtB,kBAAM,SAAS,OAAO,IAAI,QAAQ,UAAU;AAC5C,gBAAI,CAAC,QAAQ;AACX,qBAAO,OAAOA,QAAO;AAAA,gBACnB,IAAI,iBAAiB;AAAA,kBACnB,WAAW;AAAA,kBACX,SAAS;AAAA,gBACX,CAAC;AAAA,cACH;AAAA,YACF;AACA,kBAAM,MAAM,OAAO;AAAA,cACjB;AAAA,cACA;AAAA,cACA;AAAA,cACA;AAAA,YACF;AACA,mBAAO,OAAO,IAAI,cAAc,GAAG;AAAA,UACrC,CAAC;AAAA,QACL;AAAA,MACF;AAAA,MAEA,iBAAiB,CAAC,QAAQ,CAAC,aAAa,KAAK,WAAW,SAAS,CAAC;AAAA,MAElE,QAAQ,MAAM;AAAA,MACd,UAAU,MAAM;AAAA,MAChB,kBAAkB;AAAA,IACpB;AAAA,EACF;AACF;","names":["Schema","Effect","Schema","Schema","Schema","Context","Effect","Context","Effect","DEFAULT_TIMEOUT_MS","Schema","Effect","item","vault"]}
package/dist/core.js CHANGED
@@ -12,7 +12,7 @@ import {
12
12
  makeOnePasswordService,
13
13
  makeOnePasswordStore,
14
14
  onepasswordPlugin
15
- } from "./chunk-HWMHIFQL.js";
15
+ } from "./chunk-2NSVLCQP.js";
16
16
  export {
17
17
  ConnectionStatus,
18
18
  DesktopAppAuth,
package/dist/index.js CHANGED
@@ -7,7 +7,7 @@ import {
7
7
  ServiceAccountAuth,
8
8
  Vault,
9
9
  onepasswordPlugin
10
- } from "./chunk-HWMHIFQL.js";
10
+ } from "./chunk-2NSVLCQP.js";
11
11
  export {
12
12
  ConnectionStatus,
13
13
  DesktopAppAuth,
@@ -1,10 +1,10 @@
1
1
  import type { ScopeId } from "@executor-js/sdk/core";
2
2
  export declare const onepasswordWriteKeys: readonly ["secrets"];
3
- export declare const onepasswordConfigAtom: (scopeId: ScopeId) => import("effect/unstable/reactivity/Atom").Atom<import("effect/unstable/reactivity/AsyncResult").AsyncResult<import("../promise").OnePasswordConfig | null, import("../promise").OnePasswordError | import("@executor-js/api").InternalError>>;
4
- export declare const onepasswordStatusAtom: (scopeId: ScopeId) => import("effect/unstable/reactivity/Atom").Atom<import("effect/unstable/reactivity/AsyncResult").AsyncResult<import("../promise").ConnectionStatus, import("../promise").OnePasswordError | import("@executor-js/api").InternalError>>;
3
+ export declare const onepasswordConfigAtom: (scopeId: ScopeId) => import("effect/unstable/reactivity/Atom").Atom<import("effect/unstable/reactivity/AsyncResult").AsyncResult<import("../promise").OnePasswordConfig | null, import("@executor-js/api").InternalError | import("../promise").OnePasswordError>>;
4
+ export declare const onepasswordStatusAtom: (scopeId: ScopeId) => import("effect/unstable/reactivity/Atom").Atom<import("effect/unstable/reactivity/AsyncResult").AsyncResult<import("../promise").ConnectionStatus, import("@executor-js/api").InternalError | import("../promise").OnePasswordError>>;
5
5
  export declare const onepasswordVaultsAtom: (authKind: "desktop-app" | "service-account", account: string, scopeId: ScopeId) => import("effect/unstable/reactivity/Atom").Atom<import("effect/unstable/reactivity/AsyncResult").AsyncResult<{
6
6
  readonly vaults: readonly import("../promise").Vault[];
7
- }, import("../promise").OnePasswordError | import("@executor-js/api").InternalError>>;
7
+ }, import("@executor-js/api").InternalError | import("../promise").OnePasswordError>>;
8
8
  export declare const configureOnePassword: import("effect/unstable/reactivity/Atom").AtomResultFn<{
9
9
  readonly params: {
10
10
  readonly scopeId: string & import("effect/Brand").Brand<"ScopeId">;
@@ -12,11 +12,11 @@ export declare const configureOnePassword: import("effect/unstable/reactivity/At
12
12
  readonly payload: import("../promise").OnePasswordConfig;
13
13
  readonly responseMode?: "decoded-only" | undefined;
14
14
  readonly reactivityKeys?: readonly unknown[] | import("effect/Record").ReadonlyRecord<string, readonly unknown[]> | undefined;
15
- }, void, import("../promise").OnePasswordError | import("@executor-js/api").InternalError>;
15
+ }, void, import("@executor-js/api").InternalError | import("../promise").OnePasswordError>;
16
16
  export declare const removeOnePasswordConfig: import("effect/unstable/reactivity/Atom").AtomResultFn<{
17
17
  readonly params: {
18
18
  readonly scopeId: string & import("effect/Brand").Brand<"ScopeId">;
19
19
  };
20
20
  readonly responseMode?: "decoded-only" | undefined;
21
21
  readonly reactivityKeys?: readonly unknown[] | import("effect/Record").ReadonlyRecord<string, readonly unknown[]> | undefined;
22
- }, void, import("../promise").OnePasswordError | import("@executor-js/api").InternalError>;
22
+ }, void, import("@executor-js/api").InternalError | import("../promise").OnePasswordError>;
@@ -1,349 +1,16 @@
1
- import * as AtomHttpApi from "effect/unstable/reactivity/AtomHttpApi";
2
- export declare const OnePasswordClient: AtomHttpApi.AtomHttpApiClient<"OnePasswordClient", "OnePasswordClient", import("effect/unstable/httpapi/HttpApiGroup").HttpApiGroup<"tools", import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"list", "GET", "/scopes/:scopeId/tools", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<import("effect/Schema").Struct<{
1
+ export declare const OnePasswordClient: import("effect/unstable/reactivity/AtomHttpApi").AtomHttpApiClient<"Plugin_onepasswordClient", `Plugin_${string}Client`, import("effect/unstable/httpapi/HttpApiGroup").HttpApiGroup<"onepassword", import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"getConfig", "GET", "/scopes/:scopeId/onepassword/config", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<import("effect/Schema").Struct<{
3
2
  scopeId: import("effect/Schema").brand<import("effect/Schema").String, "ScopeId">;
4
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").$Array<import("effect/Schema").Struct<{
5
- readonly id: import("effect/Schema").brand<import("effect/Schema").String, "ToolId">;
6
- readonly pluginId: import("effect/Schema").String;
7
- readonly sourceId: import("effect/Schema").String;
8
- readonly name: import("effect/Schema").String;
9
- readonly description: import("effect/Schema").optional<import("effect/Schema").String>;
10
- readonly mayElicit: import("effect/Schema").optional<import("effect/Schema").Boolean>;
11
- }>>>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/api").InternalError>, never, never> | import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"schema", "GET", "/scopes/:scopeId/tools/:toolId/schema", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<import("effect/Schema").Struct<{
3
+ }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").NullOr<typeof import("../promise").OnePasswordConfig>>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/api").InternalError | typeof import("../promise").OnePasswordError>, never, never> | import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"configure", "PUT", "/scopes/:scopeId/onepassword/config", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<import("effect/Schema").Struct<{
12
4
  scopeId: import("effect/Schema").brand<import("effect/Schema").String, "ScopeId">;
13
- toolId: import("effect/Schema").brand<import("effect/Schema").String, "ToolId">;
14
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").Struct<{
15
- readonly id: import("effect/Schema").brand<import("effect/Schema").String, "ToolId">;
16
- readonly inputTypeScript: import("effect/Schema").optional<import("effect/Schema").String>;
17
- readonly outputTypeScript: import("effect/Schema").optional<import("effect/Schema").String>;
18
- readonly typeScriptDefinitions: import("effect/Schema").optional<import("effect/Schema").$Record<import("effect/Schema").String, import("effect/Schema").String>>;
19
- readonly inputSchema: import("effect/Schema").optional<import("effect/Schema").Unknown>;
20
- readonly outputSchema: import("effect/Schema").optional<import("effect/Schema").Unknown>;
21
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").decodeTo<import("effect/Schema").declareConstructor<import("@executor-js/sdk").ToolNotFoundError, {
22
- readonly _tag: "ToolNotFoundError";
23
- readonly toolId: string;
24
- }, readonly [import("effect/Schema").TaggedStruct<"ToolNotFoundError", {
25
- readonly toolId: import("effect/Schema").brand<import("effect/Schema").String, "ToolId">;
26
- }>], {
27
- readonly _tag: "ToolNotFoundError";
28
- readonly toolId: string & import("effect/Brand").Brand<"ToolId">;
29
- }>, import("effect/Schema").TaggedStruct<"ToolNotFoundError", {
30
- readonly toolId: import("effect/Schema").brand<import("effect/Schema").String, "ToolId">;
31
- }>, never, never> | typeof import("@executor-js/api").InternalError>, never, never>, false> | import("effect/unstable/httpapi/HttpApiGroup").HttpApiGroup<"sources", import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"list", "GET", "/scopes/:scopeId/sources", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<import("effect/Schema").Struct<{
5
+ }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("../promise").OnePasswordConfig>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").Void>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/api").InternalError | typeof import("../promise").OnePasswordError>, never, never> | import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"removeConfig", "DELETE", "/scopes/:scopeId/onepassword/config", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<import("effect/Schema").Struct<{
32
6
  scopeId: import("effect/Schema").brand<import("effect/Schema").String, "ScopeId">;
33
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").$Array<import("effect/Schema").Struct<{
34
- readonly id: import("effect/Schema").String;
35
- readonly scopeId: import("effect/Schema").optional<import("effect/Schema").brand<import("effect/Schema").String, "ScopeId">>;
36
- readonly name: import("effect/Schema").String;
37
- readonly kind: import("effect/Schema").String;
38
- readonly url: import("effect/Schema").optional<import("effect/Schema").String>;
39
- readonly runtime: import("effect/Schema").optional<import("effect/Schema").Boolean>;
40
- readonly canRemove: import("effect/Schema").optional<import("effect/Schema").Boolean>;
41
- readonly canRefresh: import("effect/Schema").optional<import("effect/Schema").Boolean>;
42
- readonly canEdit: import("effect/Schema").optional<import("effect/Schema").Boolean>;
43
- }>>>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/api").InternalError>, never, never> | import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"remove", "DELETE", "/scopes/:scopeId/sources/:sourceId", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<import("effect/Schema").Struct<{
7
+ }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").Void>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/api").InternalError | typeof import("../promise").OnePasswordError>, never, never> | import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"status", "GET", "/scopes/:scopeId/onepassword/status", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<import("effect/Schema").Struct<{
44
8
  scopeId: import("effect/Schema").brand<import("effect/Schema").String, "ScopeId">;
45
- sourceId: import("effect/Schema").String;
46
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").Struct<{
47
- readonly removed: import("effect/Schema").Boolean;
48
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").decodeTo<import("effect/Schema").declareConstructor<import("@executor-js/sdk").SourceRemovalNotAllowedError, {
49
- readonly _tag: "SourceRemovalNotAllowedError";
50
- readonly sourceId: string;
51
- }, readonly [import("effect/Schema").TaggedStruct<"SourceRemovalNotAllowedError", {
52
- readonly sourceId: import("effect/Schema").String;
53
- }>], {
54
- readonly _tag: "SourceRemovalNotAllowedError";
55
- readonly sourceId: string;
56
- }>, import("effect/Schema").TaggedStruct<"SourceRemovalNotAllowedError", {
57
- readonly sourceId: import("effect/Schema").String;
58
- }>, never, never> | typeof import("@executor-js/api").InternalError>, never, never> | import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"refresh", "POST", "/scopes/:scopeId/sources/:sourceId/refresh", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<import("effect/Schema").Struct<{
59
- scopeId: import("effect/Schema").brand<import("effect/Schema").String, "ScopeId">;
60
- sourceId: import("effect/Schema").String;
61
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").Struct<{
62
- readonly refreshed: import("effect/Schema").Boolean;
63
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/api").InternalError>, never, never> | import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"tools", "GET", "/scopes/:scopeId/sources/:sourceId/tools", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<import("effect/Schema").Struct<{
64
- scopeId: import("effect/Schema").brand<import("effect/Schema").String, "ScopeId">;
65
- sourceId: import("effect/Schema").String;
66
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").$Array<import("effect/Schema").Struct<{
67
- readonly id: import("effect/Schema").brand<import("effect/Schema").String, "ToolId">;
68
- readonly pluginId: import("effect/Schema").String;
69
- readonly sourceId: import("effect/Schema").String;
70
- readonly name: import("effect/Schema").String;
71
- readonly description: import("effect/Schema").optional<import("effect/Schema").String>;
72
- readonly mayElicit: import("effect/Schema").optional<import("effect/Schema").Boolean>;
73
- readonly requiresApproval: import("effect/Schema").optional<import("effect/Schema").Boolean>;
74
- readonly approvalDescription: import("effect/Schema").optional<import("effect/Schema").String>;
75
- }>>>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/api").InternalError>, never, never> | import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"detect", "POST", "/scopes/:scopeId/sources/detect", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<import("effect/Schema").Struct<{
76
- scopeId: import("effect/Schema").brand<import("effect/Schema").String, "ScopeId">;
77
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").Struct<{
78
- readonly url: import("effect/Schema").String;
79
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").$Array<import("effect/Schema").Struct<{
80
- readonly kind: import("effect/Schema").String;
81
- readonly confidence: import("effect/Schema").Literals<readonly ["high", "medium", "low"]>;
82
- readonly endpoint: import("effect/Schema").String;
83
- readonly name: import("effect/Schema").String;
84
- readonly namespace: import("effect/Schema").String;
85
- }>>>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/api").InternalError>, never, never>, false> | import("effect/unstable/httpapi/HttpApiGroup").HttpApiGroup<"secrets", import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"list", "GET", "/scopes/:scopeId/secrets", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<import("effect/Schema").Struct<{
86
- scopeId: import("effect/Schema").brand<import("effect/Schema").String, "ScopeId">;
87
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").$Array<import("effect/Schema").Struct<{
88
- readonly id: import("effect/Schema").brand<import("effect/Schema").String, "SecretId">;
89
- readonly scopeId: import("effect/Schema").brand<import("effect/Schema").String, "ScopeId">;
90
- readonly name: import("effect/Schema").String;
91
- readonly provider: import("effect/Schema").String;
92
- readonly createdAt: import("effect/Schema").Number;
93
- }>>>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/api").InternalError>, never, never> | import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"status", "GET", "/scopes/:scopeId/secrets/:secretId/status", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<import("effect/Schema").Struct<{
94
- scopeId: import("effect/Schema").brand<import("effect/Schema").String, "ScopeId">;
95
- secretId: import("effect/Schema").brand<import("effect/Schema").String, "SecretId">;
96
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").Struct<{
97
- readonly secretId: import("effect/Schema").brand<import("effect/Schema").String, "SecretId">;
98
- readonly status: import("effect/Schema").Literals<readonly ["resolved", "missing"]>;
99
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/api").InternalError>, never, never> | import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"set", "POST", "/scopes/:scopeId/secrets", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<import("effect/Schema").Struct<{
100
- scopeId: import("effect/Schema").brand<import("effect/Schema").String, "ScopeId">;
101
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").Struct<{
102
- readonly id: import("effect/Schema").brand<import("effect/Schema").String, "SecretId">;
103
- readonly name: import("effect/Schema").String;
104
- readonly value: import("effect/Schema").String;
105
- readonly provider: import("effect/Schema").optional<import("effect/Schema").String>;
106
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").Struct<{
107
- readonly id: import("effect/Schema").brand<import("effect/Schema").String, "SecretId">;
108
- readonly scopeId: import("effect/Schema").brand<import("effect/Schema").String, "ScopeId">;
109
- readonly name: import("effect/Schema").String;
110
- readonly provider: import("effect/Schema").String;
111
- readonly createdAt: import("effect/Schema").Number;
112
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").decodeTo<import("effect/Schema").declareConstructor<import("@executor-js/sdk").SecretResolutionError, {
113
- readonly message: string;
114
- readonly _tag: "SecretResolutionError";
115
- readonly secretId: string;
116
- }, readonly [import("effect/Schema").TaggedStruct<"SecretResolutionError", {
117
- readonly secretId: import("effect/Schema").brand<import("effect/Schema").String, "SecretId">;
118
- readonly message: import("effect/Schema").String;
119
- }>], {
120
- readonly message: string;
121
- readonly _tag: "SecretResolutionError";
122
- readonly secretId: string & import("effect/Brand").Brand<"SecretId">;
123
- }>, import("effect/Schema").TaggedStruct<"SecretResolutionError", {
124
- readonly secretId: import("effect/Schema").brand<import("effect/Schema").String, "SecretId">;
125
- readonly message: import("effect/Schema").String;
126
- }>, never, never> | typeof import("@executor-js/api").InternalError>, never, never> | import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"remove", "DELETE", "/scopes/:scopeId/secrets/:secretId", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<import("effect/Schema").Struct<{
127
- scopeId: import("effect/Schema").brand<import("effect/Schema").String, "ScopeId">;
128
- secretId: import("effect/Schema").brand<import("effect/Schema").String, "SecretId">;
129
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").Struct<{
130
- readonly removed: import("effect/Schema").Boolean;
131
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").decodeTo<import("effect/Schema").declareConstructor<import("@executor-js/sdk").SecretNotFoundError, {
132
- readonly _tag: "SecretNotFoundError";
133
- readonly secretId: string;
134
- }, readonly [import("effect/Schema").TaggedStruct<"SecretNotFoundError", {
135
- readonly secretId: import("effect/Schema").brand<import("effect/Schema").String, "SecretId">;
136
- }>], {
137
- readonly _tag: "SecretNotFoundError";
138
- readonly secretId: string & import("effect/Brand").Brand<"SecretId">;
139
- }>, import("effect/Schema").TaggedStruct<"SecretNotFoundError", {
140
- readonly secretId: import("effect/Schema").brand<import("effect/Schema").String, "SecretId">;
141
- }>, never, never> | import("effect/Schema").decodeTo<import("effect/Schema").declareConstructor<import("@executor-js/sdk").SecretOwnedByConnectionError, {
142
- readonly _tag: "SecretOwnedByConnectionError";
143
- readonly secretId: string;
144
- readonly connectionId: string;
145
- }, readonly [import("effect/Schema").TaggedStruct<"SecretOwnedByConnectionError", {
146
- readonly secretId: import("effect/Schema").brand<import("effect/Schema").String, "SecretId">;
147
- readonly connectionId: import("effect/Schema").brand<import("effect/Schema").String, "ConnectionId">;
148
- }>], {
149
- readonly _tag: "SecretOwnedByConnectionError";
150
- readonly secretId: string & import("effect/Brand").Brand<"SecretId">;
151
- readonly connectionId: string & import("effect/Brand").Brand<"ConnectionId">;
152
- }>, import("effect/Schema").TaggedStruct<"SecretOwnedByConnectionError", {
153
- readonly secretId: import("effect/Schema").brand<import("effect/Schema").String, "SecretId">;
154
- readonly connectionId: import("effect/Schema").brand<import("effect/Schema").String, "ConnectionId">;
155
- }>, never, never> | typeof import("@executor-js/api").InternalError>, never, never>, false> | import("effect/unstable/httpapi/HttpApiGroup").HttpApiGroup<"connections", import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"list", "GET", "/scopes/:scopeId/connections", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<import("effect/Schema").Struct<{
156
- scopeId: import("effect/Schema").brand<import("effect/Schema").String, "ScopeId">;
157
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").$Array<import("effect/Schema").Struct<{
158
- readonly id: import("effect/Schema").brand<import("effect/Schema").String, "ConnectionId">;
159
- readonly scopeId: import("effect/Schema").brand<import("effect/Schema").String, "ScopeId">;
160
- readonly provider: import("effect/Schema").String;
161
- readonly identityLabel: import("effect/Schema").NullOr<import("effect/Schema").String>;
162
- readonly expiresAt: import("effect/Schema").NullOr<import("effect/Schema").Number>;
163
- readonly oauthScope: import("effect/Schema").NullOr<import("effect/Schema").String>;
164
- readonly createdAt: import("effect/Schema").Number;
165
- readonly updatedAt: import("effect/Schema").Number;
166
- }>>>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/api").InternalError>, never, never> | import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"remove", "DELETE", "/scopes/:scopeId/connections/:connectionId", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<import("effect/Schema").Struct<{
167
- scopeId: import("effect/Schema").brand<import("effect/Schema").String, "ScopeId">;
168
- connectionId: import("effect/Schema").brand<import("effect/Schema").String, "ConnectionId">;
169
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").Struct<{
170
- readonly removed: import("effect/Schema").Boolean;
171
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/api").InternalError>, never, never>, false> | import("effect/unstable/httpapi/HttpApiGroup").HttpApiGroup<"executions", import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"execute", "POST", "/executions", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").Struct<{
172
- readonly code: import("effect/Schema").String;
173
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").Union<readonly [import("effect/Schema").Struct<{
174
- readonly status: import("effect/Schema").Literal<"completed">;
175
- readonly text: import("effect/Schema").String;
176
- readonly structured: import("effect/Schema").Unknown;
177
- readonly isError: import("effect/Schema").Boolean;
178
- }>, import("effect/Schema").Struct<{
179
- readonly status: import("effect/Schema").Literal<"paused">;
180
- readonly text: import("effect/Schema").String;
181
- readonly structured: import("effect/Schema").Unknown;
182
- }>]>>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/api").InternalError>, never, never> | import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"resume", "POST", "/executions/:executionId/resume", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<import("effect/Schema").Struct<{
183
- executionId: import("effect/Schema").String;
184
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").Struct<{
185
- readonly action: import("effect/Schema").Literals<readonly ["accept", "decline", "cancel"]>;
186
- readonly content: import("effect/Schema").optional<import("effect/Schema").Unknown>;
187
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").Struct<{
188
- readonly text: import("effect/Schema").String;
189
- readonly structured: import("effect/Schema").Unknown;
190
- readonly isError: import("effect/Schema").Boolean;
191
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/api").InternalError | import("effect/Schema").Struct<{
192
- readonly _tag: import("effect/Schema").tag<"ExecutionNotFoundError">;
193
- readonly executionId: import("effect/Schema").String;
194
- }>>, never, never>, false> | import("effect/unstable/httpapi/HttpApiGroup").HttpApiGroup<"scope", import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"info", "GET", "/scope", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").Struct<{
195
- readonly id: import("effect/Schema").brand<import("effect/Schema").String, "ScopeId">;
196
- readonly name: import("effect/Schema").String;
197
- readonly dir: import("effect/Schema").String;
198
- readonly stack: import("effect/Schema").$Array<import("effect/Schema").Struct<{
199
- readonly id: import("effect/Schema").brand<import("effect/Schema").String, "ScopeId">;
200
- readonly name: import("effect/Schema").String;
201
- readonly dir: import("effect/Schema").String;
202
- }>>;
203
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/api").InternalError>, never, never>, false> | import("effect/unstable/httpapi/HttpApiGroup").HttpApiGroup<"oauth", import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"probe", "POST", "/scopes/:scopeId/oauth/probe", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<import("effect/Schema").Struct<{
204
- scopeId: import("effect/Schema").brand<import("effect/Schema").String, "ScopeId">;
205
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").Struct<{
206
- readonly endpoint: import("effect/Schema").String;
207
- readonly headers: import("effect/Schema").optional<import("effect/Schema").$Record<import("effect/Schema").String, import("effect/Schema").Union<readonly [import("effect/Schema").String, import("effect/Schema").Struct<{
208
- readonly secretId: import("effect/Schema").String;
209
- readonly prefix: import("effect/Schema").optional<import("effect/Schema").String>;
210
- }>]>>>;
211
- readonly queryParams: import("effect/Schema").optional<import("effect/Schema").$Record<import("effect/Schema").String, import("effect/Schema").Union<readonly [import("effect/Schema").String, import("effect/Schema").Struct<{
212
- readonly secretId: import("effect/Schema").String;
213
- readonly prefix: import("effect/Schema").optional<import("effect/Schema").String>;
214
- }>]>>>;
215
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").Struct<{
216
- readonly resourceMetadata: import("effect/Schema").NullOr<import("effect/Schema").$Record<import("effect/Schema").String, import("effect/Schema").Unknown>>;
217
- readonly resourceMetadataUrl: import("effect/Schema").NullOr<import("effect/Schema").String>;
218
- readonly authorizationServerMetadata: import("effect/Schema").NullOr<import("effect/Schema").$Record<import("effect/Schema").String, import("effect/Schema").Unknown>>;
219
- readonly authorizationServerMetadataUrl: import("effect/Schema").NullOr<import("effect/Schema").String>;
220
- readonly authorizationServerUrl: import("effect/Schema").NullOr<import("effect/Schema").String>;
221
- readonly supportsDynamicRegistration: import("effect/Schema").Boolean;
222
- readonly isBearerChallengeEndpoint: import("effect/Schema").Boolean;
223
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/sdk").OAuthProbeError | typeof import("@executor-js/api").InternalError>, never, never> | import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"start", "POST", "/scopes/:scopeId/oauth/start", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<import("effect/Schema").Struct<{
224
- scopeId: import("effect/Schema").brand<import("effect/Schema").String, "ScopeId">;
225
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").Struct<{
226
- readonly endpoint: import("effect/Schema").String;
227
- readonly headers: import("effect/Schema").optional<import("effect/Schema").$Record<import("effect/Schema").String, import("effect/Schema").Union<readonly [import("effect/Schema").String, import("effect/Schema").Struct<{
228
- readonly secretId: import("effect/Schema").String;
229
- readonly prefix: import("effect/Schema").optional<import("effect/Schema").String>;
230
- }>]>>>;
231
- readonly queryParams: import("effect/Schema").optional<import("effect/Schema").$Record<import("effect/Schema").String, import("effect/Schema").Union<readonly [import("effect/Schema").String, import("effect/Schema").Struct<{
232
- readonly secretId: import("effect/Schema").String;
233
- readonly prefix: import("effect/Schema").optional<import("effect/Schema").String>;
234
- }>]>>>;
235
- readonly redirectUrl: import("effect/Schema").String;
236
- readonly connectionId: import("effect/Schema").String;
237
- readonly tokenScope: import("effect/Schema").optional<import("effect/Schema").String>;
238
- readonly strategy: import("effect/Schema").Union<readonly [import("effect/Schema").Struct<{
239
- readonly kind: import("effect/Schema").Literal<"dynamic-dcr">;
240
- readonly scopes: import("effect/Schema").optional<import("effect/Schema").$Array<import("effect/Schema").String>>;
241
- }>, import("effect/Schema").Struct<{
242
- readonly kind: import("effect/Schema").Literal<"authorization-code">;
243
- readonly authorizationEndpoint: import("effect/Schema").String;
244
- readonly tokenEndpoint: import("effect/Schema").String;
245
- readonly issuerUrl: import("effect/Schema").optional<import("effect/Schema").NullOr<import("effect/Schema").String>>;
246
- readonly clientIdSecretId: import("effect/Schema").String;
247
- readonly clientSecretSecretId: import("effect/Schema").NullOr<import("effect/Schema").String>;
248
- readonly scopes: import("effect/Schema").$Array<import("effect/Schema").String>;
249
- readonly scopeSeparator: import("effect/Schema").optional<import("effect/Schema").String>;
250
- readonly extraAuthorizationParams: import("effect/Schema").optional<import("effect/Schema").$Record<import("effect/Schema").String, import("effect/Schema").String>>;
251
- readonly clientAuth: import("effect/Schema").optional<import("effect/Schema").Literals<readonly ["body", "basic"]>>;
252
- }>, import("effect/Schema").Struct<{
253
- readonly kind: import("effect/Schema").Literal<"client-credentials">;
254
- readonly tokenEndpoint: import("effect/Schema").String;
255
- readonly clientIdSecretId: import("effect/Schema").String;
256
- readonly clientSecretSecretId: import("effect/Schema").String;
257
- readonly scopes: import("effect/Schema").optional<import("effect/Schema").$Array<import("effect/Schema").String>>;
258
- readonly scopeSeparator: import("effect/Schema").optional<import("effect/Schema").String>;
259
- readonly clientAuth: import("effect/Schema").optional<import("effect/Schema").Literals<readonly ["body", "basic"]>>;
260
- }>]>;
261
- readonly pluginId: import("effect/Schema").String;
262
- readonly identityLabel: import("effect/Schema").optional<import("effect/Schema").String>;
263
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").Struct<{
264
- readonly sessionId: import("effect/Schema").String;
265
- readonly authorizationUrl: import("effect/Schema").NullOr<import("effect/Schema").String>;
266
- readonly completedConnection: import("effect/Schema").NullOr<import("effect/Schema").Struct<{
267
- readonly connectionId: import("effect/Schema").String;
268
- }>>;
269
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/sdk").OAuthStartError | typeof import("@executor-js/api").InternalError>, never, never> | import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"complete", "POST", "/scopes/:scopeId/oauth/complete", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<import("effect/Schema").Struct<{
270
- scopeId: import("effect/Schema").brand<import("effect/Schema").String, "ScopeId">;
271
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").Struct<{
272
- readonly state: import("effect/Schema").String;
273
- readonly code: import("effect/Schema").optional<import("effect/Schema").String>;
274
- readonly error: import("effect/Schema").optional<import("effect/Schema").String>;
275
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").Struct<{
276
- readonly connectionId: import("effect/Schema").String;
277
- readonly expiresAt: import("effect/Schema").NullOr<import("effect/Schema").Number>;
278
- readonly scope: import("effect/Schema").NullOr<import("effect/Schema").String>;
279
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/sdk").OAuthCompleteError | typeof import("@executor-js/sdk").OAuthSessionNotFoundError | typeof import("@executor-js/api").InternalError>, never, never> | import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"cancel", "POST", "/scopes/:scopeId/oauth/cancel", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<import("effect/Schema").Struct<{
280
- scopeId: import("effect/Schema").brand<import("effect/Schema").String, "ScopeId">;
281
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").Struct<{
282
- readonly sessionId: import("effect/Schema").String;
283
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").Struct<{
284
- readonly cancelled: import("effect/Schema").Boolean;
285
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/sdk").OAuthSessionNotFoundError | typeof import("@executor-js/api").InternalError>, never, never> | import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"callback", "GET", "/oauth/callback", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<import("effect/Schema").Struct<{
286
- readonly state: import("effect/Schema").String;
287
- readonly code: import("effect/Schema").optional<import("effect/Schema").String>;
288
- readonly error: import("effect/Schema").optional<import("effect/Schema").String>;
289
- readonly error_description: import("effect/Schema").optional<import("effect/Schema").String>;
290
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").String>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/sdk").OAuthCompleteError | typeof import("@executor-js/sdk").OAuthSessionNotFoundError | typeof import("@executor-js/api").InternalError>, never, never>, false> | import("effect/unstable/httpapi/HttpApiGroup").HttpApiGroup<"policies", import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"list", "GET", "/scopes/:scopeId/policies", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<import("effect/Schema").Struct<{
291
- scopeId: import("effect/Schema").brand<import("effect/Schema").String, "ScopeId">;
292
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").$Array<import("effect/Schema").Struct<{
293
- readonly id: import("effect/Schema").brand<import("effect/Schema").String, "PolicyId">;
294
- readonly scopeId: import("effect/Schema").brand<import("effect/Schema").String, "ScopeId">;
295
- readonly pattern: import("effect/Schema").String;
296
- readonly action: import("effect/Schema").Literals<readonly ["approve", "require_approval", "block"]>;
297
- readonly position: import("effect/Schema").String;
298
- readonly createdAt: import("effect/Schema").Number;
299
- readonly updatedAt: import("effect/Schema").Number;
300
- }>>>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/api").InternalError>, never, never> | import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"create", "POST", "/scopes/:scopeId/policies", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<import("effect/Schema").Struct<{
301
- scopeId: import("effect/Schema").brand<import("effect/Schema").String, "ScopeId">;
302
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").Struct<{
303
- readonly pattern: import("effect/Schema").String;
304
- readonly action: import("effect/Schema").Literals<readonly ["approve", "require_approval", "block"]>;
305
- readonly position: import("effect/Schema").optional<import("effect/Schema").String>;
306
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").Struct<{
307
- readonly id: import("effect/Schema").brand<import("effect/Schema").String, "PolicyId">;
308
- readonly scopeId: import("effect/Schema").brand<import("effect/Schema").String, "ScopeId">;
309
- readonly pattern: import("effect/Schema").String;
310
- readonly action: import("effect/Schema").Literals<readonly ["approve", "require_approval", "block"]>;
311
- readonly position: import("effect/Schema").String;
312
- readonly createdAt: import("effect/Schema").Number;
313
- readonly updatedAt: import("effect/Schema").Number;
314
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/api").InternalError>, never, never> | import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"update", "PATCH", "/scopes/:scopeId/policies/:policyId", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<import("effect/Schema").Struct<{
315
- scopeId: import("effect/Schema").brand<import("effect/Schema").String, "ScopeId">;
316
- policyId: import("effect/Schema").brand<import("effect/Schema").String, "PolicyId">;
317
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").Struct<{
318
- readonly pattern: import("effect/Schema").optional<import("effect/Schema").String>;
319
- readonly action: import("effect/Schema").optional<import("effect/Schema").Literals<readonly ["approve", "require_approval", "block"]>>;
320
- readonly position: import("effect/Schema").optional<import("effect/Schema").String>;
321
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").Struct<{
322
- readonly id: import("effect/Schema").brand<import("effect/Schema").String, "PolicyId">;
323
- readonly scopeId: import("effect/Schema").brand<import("effect/Schema").String, "ScopeId">;
324
- readonly pattern: import("effect/Schema").String;
325
- readonly action: import("effect/Schema").Literals<readonly ["approve", "require_approval", "block"]>;
326
- readonly position: import("effect/Schema").String;
327
- readonly createdAt: import("effect/Schema").Number;
328
- readonly updatedAt: import("effect/Schema").Number;
329
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/api").InternalError>, never, never> | import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"remove", "DELETE", "/scopes/:scopeId/policies/:policyId", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<import("effect/Schema").Struct<{
330
- scopeId: import("effect/Schema").brand<import("effect/Schema").String, "ScopeId">;
331
- policyId: import("effect/Schema").brand<import("effect/Schema").String, "PolicyId">;
332
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").Struct<{
333
- readonly removed: import("effect/Schema").Boolean;
334
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/api").InternalError>, never, never>, false> | import("effect/unstable/httpapi/HttpApiGroup").HttpApiGroup<"onepassword", import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"getConfig", "GET", "/scopes/:scopeId/onepassword/config", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<import("effect/Schema").Struct<{
335
- scopeId: import("effect/Schema").brand<import("effect/Schema").String, "ScopeId">;
336
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").NullOr<typeof import("../promise").OnePasswordConfig>>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("../promise").OnePasswordError | typeof import("@executor-js/api").InternalError>, never, never> | import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"configure", "PUT", "/scopes/:scopeId/onepassword/config", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<import("effect/Schema").Struct<{
337
- scopeId: import("effect/Schema").brand<import("effect/Schema").String, "ScopeId">;
338
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("../promise").OnePasswordConfig>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").Void>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("../promise").OnePasswordError | typeof import("@executor-js/api").InternalError>, never, never> | import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"removeConfig", "DELETE", "/scopes/:scopeId/onepassword/config", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<import("effect/Schema").Struct<{
339
- scopeId: import("effect/Schema").brand<import("effect/Schema").String, "ScopeId">;
340
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").Void>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("../promise").OnePasswordError | typeof import("@executor-js/api").InternalError>, never, never> | import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"status", "GET", "/scopes/:scopeId/onepassword/status", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<import("effect/Schema").Struct<{
341
- scopeId: import("effect/Schema").brand<import("effect/Schema").String, "ScopeId">;
342
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("../promise").ConnectionStatus>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("../promise").OnePasswordError | typeof import("@executor-js/api").InternalError>, never, never> | import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"listVaults", "GET", "/scopes/:scopeId/onepassword/vaults", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<import("effect/Schema").Struct<{
9
+ }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("../promise").ConnectionStatus>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/api").InternalError | typeof import("../promise").OnePasswordError>, never, never> | import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"listVaults", "GET", "/scopes/:scopeId/onepassword/vaults", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<import("effect/Schema").Struct<{
343
10
  scopeId: import("effect/Schema").brand<import("effect/Schema").String, "ScopeId">;
344
11
  }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<import("effect/Schema").Struct<{
345
12
  readonly authKind: import("effect/Schema").Literals<readonly ["desktop-app", "service-account"]>;
346
13
  readonly account: import("effect/Schema").String;
347
14
  }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").Struct<{
348
15
  readonly vaults: import("effect/Schema").$Array<typeof import("../promise").Vault>;
349
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("../promise").OnePasswordError | typeof import("@executor-js/api").InternalError>, never, never>, false>>;
16
+ }>>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/api").InternalError | typeof import("../promise").OnePasswordError>, never, never>, false>>;
@@ -0,0 +1,2 @@
1
+ declare const _default: import("@executor-js/sdk/client").ClientPluginSpec<"onepassword">;
2
+ export default _default;
@@ -1,2 +1,2 @@
1
- import type { SecretProviderPlugin } from "@executor-js/react/plugins/secret-provider-plugin";
1
+ import type { SecretProviderPlugin } from "@executor-js/sdk/client";
2
2
  export declare const onePasswordSecretProviderPlugin: SecretProviderPlugin;
@@ -1,5 +1,6 @@
1
- import { Effect } from "effect";
1
+ import { Effect, Schema } from "effect";
2
2
  import { StorageError, type PluginBlobStore, type StorageFailure } from "@executor-js/sdk/core";
3
+ import { OnePasswordExtensionService } from "../api/handlers";
3
4
  import { OnePasswordConfig, Vault, ConnectionStatus } from "./types";
4
5
  import type { OnePasswordAuth } from "./types";
5
6
  import { OnePasswordError } from "./errors";
@@ -41,4 +42,19 @@ export declare const onepasswordPlugin: import("@executor-js/sdk/core").Configur
41
42
  status: () => Effect.Effect<ConnectionStatus, StorageFailure | OnePasswordError, never>;
42
43
  listVaults: (auth: import("./types").DesktopAppAuth | import("./types").ServiceAccountAuth) => Effect.Effect<Vault[], StorageFailure | OnePasswordError, never>;
43
44
  resolve: (uri: string) => Effect.Effect<string, StorageFailure | OnePasswordError, never>;
44
- }, OnePasswordStore, OnePasswordPluginOptions, undefined>;
45
+ }, OnePasswordStore, OnePasswordPluginOptions, undefined, typeof OnePasswordExtensionService, import("effect/Layer").Layer<import("effect/unstable/httpapi/HttpApiGroup").ApiGroup<"executor", "onepassword">, never, import("effect/unstable/http/HttpRouter").Request<"Requires", OnePasswordExtensionService>>, import("effect/unstable/httpapi/HttpApiGroup").HttpApiGroup<"onepassword", import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"getConfig", "GET", "/scopes/:scopeId/onepassword/config", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<Schema.Struct<{
46
+ scopeId: Schema.brand<Schema.String, "ScopeId">;
47
+ }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<Schema.NullOr<typeof OnePasswordConfig>>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/api").InternalError | typeof OnePasswordError>, never, never> | import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"configure", "PUT", "/scopes/:scopeId/onepassword/config", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<Schema.Struct<{
48
+ scopeId: Schema.brand<Schema.String, "ScopeId">;
49
+ }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof OnePasswordConfig>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<Schema.Void>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/api").InternalError | typeof OnePasswordError>, never, never> | import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"removeConfig", "DELETE", "/scopes/:scopeId/onepassword/config", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<Schema.Struct<{
50
+ scopeId: Schema.brand<Schema.String, "ScopeId">;
51
+ }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<Schema.Void>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/api").InternalError | typeof OnePasswordError>, never, never> | import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"status", "GET", "/scopes/:scopeId/onepassword/status", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<Schema.Struct<{
52
+ scopeId: Schema.brand<Schema.String, "ScopeId">;
53
+ }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof ConnectionStatus>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/api").InternalError | typeof OnePasswordError>, never, never> | import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"listVaults", "GET", "/scopes/:scopeId/onepassword/vaults", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<Schema.Struct<{
54
+ scopeId: Schema.brand<Schema.String, "ScopeId">;
55
+ }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<Schema.Struct<{
56
+ readonly authKind: Schema.Literals<readonly ["desktop-app", "service-account"]>;
57
+ readonly account: Schema.String;
58
+ }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<Schema.Struct<{
59
+ readonly vaults: Schema.$Array<typeof Vault>;
60
+ }>>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/api").InternalError | typeof OnePasswordError>, never, never>, false>>;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@executor-js/plugin-onepassword",
3
- "version": "0.0.2",
3
+ "version": "0.1.0",
4
4
  "homepage": "https://github.com/RhysSullivan/executor/tree/main/packages/plugins/onepassword",
5
5
  "bugs": {
6
6
  "url": "https://github.com/RhysSullivan/executor/issues"
@@ -43,7 +43,7 @@
43
43
  "@1password/op-js": "^0.1.13",
44
44
  "@1password/sdk": "^0.4.1-beta.1",
45
45
  "@effect/atom-react": "4.0.0-beta.59",
46
- "@executor-js/sdk": "0.0.2",
46
+ "@executor-js/sdk": "0.1.0",
47
47
  "effect": "4.0.0-beta.59"
48
48
  },
49
49
  "devDependencies": {
@@ -1 +0,0 @@
1
- {"version":3,"sources":["../src/sdk/types.ts","../src/sdk/errors.ts","../src/sdk/service.ts","../src/sdk/plugin.ts"],"sourcesContent":["import { Schema } from \"effect\";\n\n// ---------------------------------------------------------------------------\n// Auth — how to talk to 1Password\n// ---------------------------------------------------------------------------\n\nexport class DesktopAppAuth extends Schema.Class<DesktopAppAuth>(\"DesktopAppAuth\")({\n kind: Schema.Literal(\"desktop-app\"),\n /** 1Password account domain, e.g. \"my.1password.com\" */\n accountName: Schema.String,\n}) {}\n\nexport class ServiceAccountAuth extends Schema.Class<ServiceAccountAuth>(\"ServiceAccountAuth\")({\n kind: Schema.Literal(\"service-account\"),\n /** The service account token (stored as a secret) */\n tokenSecretId: Schema.String,\n}) {}\n\nexport const OnePasswordAuth = Schema.Union([DesktopAppAuth, ServiceAccountAuth]);\nexport type OnePasswordAuth = typeof OnePasswordAuth.Type;\n\n// ---------------------------------------------------------------------------\n// Stored config — persisted via KV\n// ---------------------------------------------------------------------------\n\nexport class OnePasswordConfig extends Schema.Class<OnePasswordConfig>(\"OnePasswordConfig\")({\n auth: OnePasswordAuth,\n /** Vault to scope operations to */\n vaultId: Schema.String,\n /** Human label */\n name: Schema.String,\n}) {}\n\n// ---------------------------------------------------------------------------\n// Vault\n// ---------------------------------------------------------------------------\n\nexport class Vault extends Schema.Class<Vault>(\"Vault\")({\n id: Schema.String,\n name: Schema.String,\n}) {}\n\n// ---------------------------------------------------------------------------\n// Connection status\n// ---------------------------------------------------------------------------\n\nexport class ConnectionStatus extends Schema.Class<ConnectionStatus>(\"ConnectionStatus\")({\n connected: Schema.Boolean,\n vaultName: Schema.optional(Schema.String),\n error: Schema.optional(Schema.String),\n}) {}\n","import { Schema } from \"effect\";\n\nexport class OnePasswordError extends Schema.TaggedErrorClass<OnePasswordError>()(\n \"OnePasswordError\",\n {\n operation: Schema.String,\n message: Schema.String,\n },\n { httpApiStatus: 502 },\n) {}\n","import { Context, Duration, Effect } from \"effect\";\nimport * as op from \"@1password/op-js\";\n\nimport { OnePasswordError } from \"./errors\";\n\n// ---------------------------------------------------------------------------\n// Canonical service interface — all backends (SDK, CLI) implement this\n// ---------------------------------------------------------------------------\n\nexport interface OnePasswordVault {\n readonly id: string;\n readonly title: string;\n}\n\nexport interface OnePasswordItem {\n readonly id: string;\n readonly title: string;\n}\n\nexport interface OnePasswordService {\n /** Resolve a secret by op:// URI */\n readonly resolveSecret: (uri: string) => Effect.Effect<string, OnePasswordError>;\n\n /** List accessible vaults */\n readonly listVaults: () => Effect.Effect<ReadonlyArray<OnePasswordVault>, OnePasswordError>;\n\n /** List items in a vault */\n readonly listItems: (\n vaultId: string,\n ) => Effect.Effect<ReadonlyArray<OnePasswordItem>, OnePasswordError>;\n}\n\nexport class OnePasswordServiceTag extends Context.Service<\n OnePasswordServiceTag,\n OnePasswordService\n>()(\"@executor-js/plugin-onepassword/OnePasswordService\") {}\n\n// ---------------------------------------------------------------------------\n// Resolved auth — raw credentials ready for any backend\n// ---------------------------------------------------------------------------\n\nexport type ResolvedAuth =\n | { readonly kind: \"desktop-app\"; readonly accountName: string }\n | { readonly kind: \"service-account\"; readonly token: string };\n\n// ---------------------------------------------------------------------------\n// SDK backend — uses @1password/sdk native IPC\n// ---------------------------------------------------------------------------\n\nconst DEFAULT_TIMEOUT_MS = 15_000;\ntype OnePasswordSdkModule = typeof import(\"@1password/sdk\");\n\nconst loadOnePasswordSdk = (): Effect.Effect<OnePasswordSdkModule, OnePasswordError> =>\n Effect.tryPromise({\n try: () => import(\"@1password/sdk\"),\n catch: (cause) =>\n new OnePasswordError({\n operation: \"sdk module load\",\n message: cause instanceof Error ? cause.message : String(cause),\n }),\n });\n\nconst makeTimeoutMessage = (operation: string, timeoutMs: number): string =>\n [\n `${operation}: timed out after ${Math.floor(timeoutMs / 1000)}s.`,\n \"Troubleshooting:\",\n \"1. Make sure the 1Password desktop app is open and unlocked\",\n \"2. Check for an approval prompt in the 1Password app — it may be behind other windows\",\n \"3. Ensure 'Developer > Connect with 1Password CLI' is enabled in 1Password Settings\",\n \"4. Make sure no other app or terminal is waiting for 1Password approval (only one prompt at a time)\",\n \"5. Try quitting 1Password completely and reopening it, then retry\",\n ].join(\"\\n\");\n\nconst timeoutWithOnePasswordError = (operation: string, timeoutMs: number) =>\n Effect.timeoutOrElse({\n duration: Duration.millis(timeoutMs),\n orElse: () =>\n Effect.fail(\n new OnePasswordError({\n operation,\n message: makeTimeoutMessage(operation, timeoutMs),\n }),\n ),\n });\n\nexport const makeNativeSdkService = (\n auth: ResolvedAuth,\n timeoutMs: number = DEFAULT_TIMEOUT_MS,\n): Effect.Effect<OnePasswordService, OnePasswordError> =>\n Effect.gen(function* () {\n const sdk = yield* loadOnePasswordSdk().pipe(\n timeoutWithOnePasswordError(\"sdk module load\", timeoutMs),\n );\n\n const client = yield* Effect.tryPromise({\n try: () =>\n sdk.createClient({\n auth: auth.kind === \"desktop-app\" ? new sdk.DesktopAuth(auth.accountName) : auth.token,\n integrationName: \"Executor\",\n integrationVersion: \"0.0.0\",\n }),\n catch: (cause) =>\n new OnePasswordError({\n operation: \"client setup\",\n message: cause instanceof Error ? cause.message : String(cause),\n }),\n }).pipe(\n timeoutWithOnePasswordError(\"client setup\", timeoutMs),\n );\n\n const wrap = <A>(fn: () => Promise<A>, operation: string): Effect.Effect<A, OnePasswordError> =>\n Effect.tryPromise({\n try: fn,\n catch: (cause) =>\n new OnePasswordError({\n operation,\n message: cause instanceof Error ? cause.message : String(cause),\n }),\n }).pipe(\n timeoutWithOnePasswordError(operation, timeoutMs),\n Effect.withSpan(`onepassword.sdk.${operation}`),\n );\n\n return OnePasswordServiceTag.of({\n resolveSecret: (uri) => wrap(() => client.secrets.resolve(uri), \"secret resolution\"),\n\n listVaults: () =>\n wrap(() => client.vaults.list({ decryptDetails: true }), \"vault listing\").pipe(\n Effect.map((vaults) => vaults.map((v) => ({ id: v.id, title: v.title }))),\n ),\n\n listItems: (vaultId) =>\n wrap(() => client.items.list(vaultId), \"item listing\").pipe(\n Effect.map((items) => items.map((i) => ({ id: i.id, title: i.title }))),\n ),\n });\n }).pipe(Effect.withSpan(\"onepassword.sdk.make_service\"));\n\n// ---------------------------------------------------------------------------\n// CLI backend — uses @1password/op-js (shells out to `op` CLI)\n// ---------------------------------------------------------------------------\n\nexport const makeCliService = (\n auth: ResolvedAuth,\n): Effect.Effect<OnePasswordService, OnePasswordError> =>\n Effect.sync(() => {\n // Configure auth\n if (auth.kind === \"service-account\") {\n op.setServiceAccount(auth.token);\n } else {\n op.setGlobalFlags({ account: auth.accountName });\n }\n\n const wrapSync = <A>(fn: () => A, operation: string): Effect.Effect<A, OnePasswordError> =>\n Effect.try({\n try: fn,\n catch: (cause) =>\n new OnePasswordError({\n operation,\n message: cause instanceof Error ? cause.message : String(cause),\n }),\n }).pipe(Effect.withSpan(`onepassword.cli.${operation}`));\n\n return OnePasswordServiceTag.of({\n resolveSecret: (uri) => wrapSync(() => op.read.parse(uri), \"secret resolution\"),\n\n listVaults: () =>\n wrapSync(() => op.vault.list(), \"vault listing\").pipe(\n Effect.map((vaults) => vaults.map((v) => ({ id: v.id, title: v.name }))),\n ),\n\n listItems: (vaultId) =>\n wrapSync(() => op.item.list({ vault: vaultId }), \"item listing\").pipe(\n Effect.map((items) => items.map((i) => ({ id: i.id, title: i.title }))),\n ),\n });\n }).pipe(Effect.withSpan(\"onepassword.cli.make_service\"));\n\n// ---------------------------------------------------------------------------\n// Smart factory — tries CLI first (avoids IPC hang), falls back to SDK\n// ---------------------------------------------------------------------------\n\nexport const makeOnePasswordService = (\n auth: ResolvedAuth,\n options?: { readonly preferSdk?: boolean; readonly timeoutMs?: number },\n): Effect.Effect<OnePasswordService, OnePasswordError> => {\n const timeoutMs = options?.timeoutMs ?? DEFAULT_TIMEOUT_MS;\n\n if (options?.preferSdk) {\n return makeNativeSdkService(auth, timeoutMs);\n }\n\n // Default: prefer CLI to avoid the IPC hang bug\n return makeCliService(auth).pipe(\n Effect.catch((cliError: OnePasswordError) =>\n // CLI unavailable (e.g. `op` not installed) — fall back to SDK\n makeNativeSdkService(auth, timeoutMs).pipe(Effect.mapError(() => cliError)),\n ),\n );\n};\n","import { Effect, Schema } from \"effect\";\n\nimport {\n definePlugin,\n StorageError,\n type PluginCtx,\n type PluginBlobStore,\n type SecretProvider,\n type StorageFailure,\n} from \"@executor-js/sdk/core\";\n\nimport { OnePasswordConfig, Vault, ConnectionStatus } from \"./types\";\nimport type { OnePasswordAuth } from \"./types\";\nimport { OnePasswordError } from \"./errors\";\nimport {\n makeOnePasswordService,\n type ResolvedAuth,\n type OnePasswordService,\n} from \"./service\";\n\n// ---------------------------------------------------------------------------\n// Constants\n// ---------------------------------------------------------------------------\n\nconst CREDENTIAL_FIELD = \"credential\";\nconst DEFAULT_TIMEOUT_MS = 15_000;\nconst CONFIG_KEY = \"config\";\n\n// ---------------------------------------------------------------------------\n// Shared failure alias.\n//\n// Every extension method either touches storage (`ctx.storage` blobs or\n// `ctx.secrets`) or reaches the 1Password backend. Storage I/O surfaces\n// as `StorageFailure`; the HTTP edge (`withCapture`) translates\n// `StorageError` to `InternalError({ traceId })`. Domain problems (not\n// configured, service-account token missing, backend RPC failure) stay\n// as `OnePasswordError` and encode to 502 via the schema annotation on\n// the class.\n// ---------------------------------------------------------------------------\n\nexport type OnePasswordExtensionFailure = OnePasswordError | StorageFailure;\n\n// ---------------------------------------------------------------------------\n// Plugin extension — public API on executor.onepassword\n// ---------------------------------------------------------------------------\n\nexport interface OnePasswordExtension {\n /** Configure the 1Password connection */\n readonly configure: (\n config: OnePasswordConfig,\n ) => Effect.Effect<void, StorageFailure>;\n\n /** Get current configuration (if any) */\n readonly getConfig: () => Effect.Effect<\n OnePasswordConfig | null,\n OnePasswordExtensionFailure\n >;\n\n /** Remove the 1Password configuration */\n readonly removeConfig: () => Effect.Effect<void, StorageFailure>;\n\n /** Check connection status */\n readonly status: () => Effect.Effect<\n ConnectionStatus,\n OnePasswordExtensionFailure\n >;\n\n /** List accessible vaults (requires auth) */\n readonly listVaults: (\n auth: OnePasswordAuth,\n ) => Effect.Effect<ReadonlyArray<Vault>, OnePasswordExtensionFailure>;\n\n /** Resolve a secret directly by op:// URI */\n readonly resolve: (\n uri: string,\n ) => Effect.Effect<string, OnePasswordExtensionFailure>;\n}\n\n// ---------------------------------------------------------------------------\n// Typed config store — single blob, JSON encoded. Blob I/O failures surface\n// as `StorageError` (HTTP edge translates to `InternalError`); decode\n// failures stay `OnePasswordError` — the blob's contents are a plugin\n// concern, not an infrastructure one.\n// ---------------------------------------------------------------------------\n\nexport interface OnePasswordStore {\n readonly getConfig: () => Effect.Effect<\n OnePasswordConfig | null,\n StorageError | OnePasswordError\n >;\n readonly saveConfig: (\n config: OnePasswordConfig,\n ) => Effect.Effect<void, StorageError>;\n readonly deleteConfig: () => Effect.Effect<void, StorageError>;\n}\n\nconst decodeConfig = Schema.decodeUnknownSync(OnePasswordConfig);\n\nconst blobStorageError = (operation: string) =>\n (cause: unknown): StorageError =>\n new StorageError({\n message: `onepassword blob ${operation}: ${\n cause instanceof Error ? cause.message : String(cause)\n }`,\n cause,\n });\n\nexport const makeOnePasswordStore = (\n blobs: PluginBlobStore,\n /** Scope id that owns the single 1Password config blob. Default is the\n * outermost scope (org/workspace) so the config is visible across\n * every per-user scope via the blob store's fall-through read. */\n writeScope: string,\n): OnePasswordStore => ({\n getConfig: () =>\n blobs.get(CONFIG_KEY).pipe(\n Effect.mapError(blobStorageError(\"read\")),\n Effect.flatMap((raw) => {\n if (raw === null) return Effect.succeed(null);\n return Effect.try({\n try: () => decodeConfig(JSON.parse(raw)),\n catch: (cause) =>\n new OnePasswordError({\n operation: \"config decode\",\n message: cause instanceof Error ? cause.message : String(cause),\n }),\n });\n }),\n ),\n\n saveConfig: (config) =>\n blobs\n .put(\n CONFIG_KEY,\n JSON.stringify({\n auth: config.auth,\n vaultId: config.vaultId,\n name: config.name,\n }),\n { scope: writeScope },\n )\n .pipe(Effect.mapError(blobStorageError(\"write\"))),\n\n deleteConfig: () =>\n blobs\n .delete(CONFIG_KEY, { scope: writeScope })\n .pipe(Effect.mapError(blobStorageError(\"delete\"))),\n});\n\n// ---------------------------------------------------------------------------\n// Helpers — auth resolution + service construction\n// ---------------------------------------------------------------------------\n\nconst resolveAuth = (\n auth: OnePasswordAuth,\n ctx: PluginCtx<OnePasswordStore>,\n): Effect.Effect<ResolvedAuth, OnePasswordError | StorageFailure> => {\n if (auth.kind === \"desktop-app\") {\n return Effect.succeed({\n kind: \"desktop-app\" as const,\n accountName: auth.accountName,\n });\n }\n return ctx.secrets.get(auth.tokenSecretId).pipe(\n Effect.mapError((err) =>\n \"_tag\" in err && err._tag === \"SecretOwnedByConnectionError\"\n ? new OnePasswordError({\n operation: \"auth resolution\",\n message: `Service account token secret \"${auth.tokenSecretId}\" not found`,\n })\n : err,\n ),\n Effect.flatMap((token) => {\n if (token === null) {\n return Effect.fail(\n new OnePasswordError({\n operation: \"auth resolution\",\n message: `Service account token secret \"${auth.tokenSecretId}\" not found`,\n }),\n );\n }\n return Effect.succeed({\n kind: \"service-account\" as const,\n token,\n });\n }),\n );\n};\n\nconst getServiceFromConfig = (\n config: OnePasswordConfig,\n ctx: PluginCtx<OnePasswordStore>,\n timeoutMs: number,\n preferSdk: boolean | undefined,\n): Effect.Effect<OnePasswordService, OnePasswordError | StorageFailure> =>\n resolveAuth(config.auth, ctx).pipe(\n Effect.flatMap((resolved) =>\n makeOnePasswordService(resolved, { timeoutMs, preferSdk }),\n ),\n );\n\n// ---------------------------------------------------------------------------\n// SecretProvider — read-only, resolves op:// URIs or vaultId-based lookups\n// ---------------------------------------------------------------------------\n\nconst makeProvider = (\n ctx: PluginCtx<OnePasswordStore>,\n timeoutMs: number,\n preferSdk: boolean | undefined,\n): SecretProvider => ({\n key: \"onepassword\",\n writable: false,\n\n // 1Password vaults are named in the stored config; the executor-scope\n // arg isn't used for routing here. A future refactor could let the\n // plugin store per-scope vault bindings and pick based on `scope`.\n get: (secretId, _scope) =>\n ctx.storage.getConfig().pipe(\n Effect.flatMap((config) => {\n if (!config) return Effect.succeed(null as string | null);\n\n const uri = secretId.startsWith(\"op://\")\n ? secretId\n : `op://${config.vaultId}/${secretId}/${CREDENTIAL_FIELD}`;\n\n return getServiceFromConfig(config, ctx, timeoutMs, preferSdk).pipe(\n Effect.flatMap((svc) => svc.resolveSecret(uri)),\n Effect.map((v): string | null => v),\n Effect.orElseSucceed(() => null),\n );\n }),\n Effect.orElseSucceed(() => null),\n ),\n\n list: () =>\n ctx.storage.getConfig().pipe(\n Effect.flatMap((config) => {\n if (!config)\n return Effect.succeed(\n [] as ReadonlyArray<{ id: string; name: string }>,\n );\n return getServiceFromConfig(config, ctx, timeoutMs, preferSdk).pipe(\n Effect.flatMap((svc) => svc.listItems(config.vaultId)),\n Effect.map(\n (items): ReadonlyArray<{ id: string; name: string }> =>\n items.map((item) => ({ id: item.id, name: item.title })),\n ),\n );\n }),\n Effect.orElseSucceed(\n () => [] as ReadonlyArray<{ id: string; name: string }>,\n ),\n ),\n});\n\n// ---------------------------------------------------------------------------\n// Plugin factory\n// ---------------------------------------------------------------------------\n\nexport interface OnePasswordPluginOptions {\n /** Request timeout in ms (default: 15000) */\n readonly timeoutMs?: number;\n /** Force use of the native SDK instead of the CLI (default: false) */\n readonly preferSdk?: boolean;\n}\n\nexport const onepasswordPlugin = definePlugin(\n (options?: OnePasswordPluginOptions) => {\n const timeoutMs = options?.timeoutMs ?? DEFAULT_TIMEOUT_MS;\n const preferSdk = options?.preferSdk;\n\n return {\n id: \"onepassword\" as const,\n storage: ({ blobs, scopes }) =>\n makeOnePasswordStore(blobs, scopes.at(-1)!.id as string),\n\n extension: (ctx) => {\n return {\n configure: (config) => ctx.storage.saveConfig(config),\n\n getConfig: () => ctx.storage.getConfig(),\n\n removeConfig: () => ctx.storage.deleteConfig(),\n\n status: () =>\n Effect.gen(function* () {\n const config = yield* ctx.storage.getConfig();\n if (!config) {\n return new ConnectionStatus({\n connected: false,\n error: \"Not configured\",\n });\n }\n const svc = yield* getServiceFromConfig(\n config,\n ctx,\n timeoutMs,\n preferSdk,\n );\n const vaults = yield* svc.listVaults();\n const vault = vaults.find((v) => v.id === config.vaultId);\n return new ConnectionStatus({\n connected: true,\n vaultName: vault?.title,\n });\n }),\n\n listVaults: (auth) =>\n Effect.gen(function* () {\n const resolved = yield* resolveAuth(auth, ctx);\n const svc = yield* makeOnePasswordService(resolved, {\n timeoutMs,\n preferSdk,\n });\n const vaults = yield* svc.listVaults();\n return vaults\n .map((v) => new Vault({ id: v.id, name: v.title }))\n .sort((a, b) => a.name.localeCompare(b.name));\n }),\n\n resolve: (uri) =>\n Effect.gen(function* () {\n const config = yield* ctx.storage.getConfig();\n if (!config) {\n return yield* Effect.fail(\n new OnePasswordError({\n operation: \"resolve\",\n message: \"1Password is not configured\",\n }),\n );\n }\n const svc = yield* getServiceFromConfig(\n config,\n ctx,\n timeoutMs,\n preferSdk,\n );\n return yield* svc.resolveSecret(uri);\n }),\n } satisfies OnePasswordExtension;\n },\n\n secretProviders: (ctx) => [makeProvider(ctx, timeoutMs, preferSdk)],\n };\n },\n);\n"],"mappings":";AAAA,SAAS,cAAc;AAMhB,IAAM,iBAAN,cAA6B,OAAO,MAAsB,gBAAgB,EAAE;AAAA,EACjF,MAAM,OAAO,QAAQ,aAAa;AAAA;AAAA,EAElC,aAAa,OAAO;AACtB,CAAC,EAAE;AAAC;AAEG,IAAM,qBAAN,cAAiC,OAAO,MAA0B,oBAAoB,EAAE;AAAA,EAC7F,MAAM,OAAO,QAAQ,iBAAiB;AAAA;AAAA,EAEtC,eAAe,OAAO;AACxB,CAAC,EAAE;AAAC;AAEG,IAAM,kBAAkB,OAAO,MAAM,CAAC,gBAAgB,kBAAkB,CAAC;AAOzE,IAAM,oBAAN,cAAgC,OAAO,MAAyB,mBAAmB,EAAE;AAAA,EAC1F,MAAM;AAAA;AAAA,EAEN,SAAS,OAAO;AAAA;AAAA,EAEhB,MAAM,OAAO;AACf,CAAC,EAAE;AAAC;AAMG,IAAM,QAAN,cAAoB,OAAO,MAAa,OAAO,EAAE;AAAA,EACtD,IAAI,OAAO;AAAA,EACX,MAAM,OAAO;AACf,CAAC,EAAE;AAAC;AAMG,IAAM,mBAAN,cAA+B,OAAO,MAAwB,kBAAkB,EAAE;AAAA,EACvF,WAAW,OAAO;AAAA,EAClB,WAAW,OAAO,SAAS,OAAO,MAAM;AAAA,EACxC,OAAO,OAAO,SAAS,OAAO,MAAM;AACtC,CAAC,EAAE;AAAC;;;AClDJ,SAAS,UAAAA,eAAc;AAEhB,IAAM,mBAAN,cAA+BA,QAAO,iBAAmC;AAAA,EAC9E;AAAA,EACA;AAAA,IACE,WAAWA,QAAO;AAAA,IAClB,SAASA,QAAO;AAAA,EAClB;AAAA,EACA,EAAE,eAAe,IAAI;AACvB,EAAE;AAAC;;;ACTH,SAAS,SAAS,UAAU,cAAc;AAC1C,YAAY,QAAQ;AA+Bb,IAAM,wBAAN,cAAoC,QAAQ,QAGjD,EAAE,oDAAoD,EAAE;AAAC;AAc3D,IAAM,qBAAqB;AAG3B,IAAM,qBAAqB,MACzB,OAAO,WAAW;AAAA,EAChB,KAAK,MAAM,OAAO,gBAAgB;AAAA,EAClC,OAAO,CAAC,UACN,IAAI,iBAAiB;AAAA,IACnB,WAAW;AAAA,IACX,SAAS,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAAA,EAChE,CAAC;AACL,CAAC;AAEH,IAAM,qBAAqB,CAAC,WAAmB,cAC7C;AAAA,EACE,GAAG,SAAS,qBAAqB,KAAK,MAAM,YAAY,GAAI,CAAC;AAAA,EAC7D;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,EAAE,KAAK,IAAI;AAEb,IAAM,8BAA8B,CAAC,WAAmB,cACtD,OAAO,cAAc;AAAA,EACnB,UAAU,SAAS,OAAO,SAAS;AAAA,EACnC,QAAQ,MACN,OAAO;AAAA,IACL,IAAI,iBAAiB;AAAA,MACnB;AAAA,MACA,SAAS,mBAAmB,WAAW,SAAS;AAAA,IAClD,CAAC;AAAA,EACH;AACJ,CAAC;AAEI,IAAM,uBAAuB,CAClC,MACA,YAAoB,uBAEpB,OAAO,IAAI,aAAa;AACtB,QAAM,MAAM,OAAO,mBAAmB,EAAE;AAAA,IACtC,4BAA4B,mBAAmB,SAAS;AAAA,EAC1D;AAEA,QAAM,SAAS,OAAO,OAAO,WAAW;AAAA,IACtC,KAAK,MACH,IAAI,aAAa;AAAA,MACf,MAAM,KAAK,SAAS,gBAAgB,IAAI,IAAI,YAAY,KAAK,WAAW,IAAI,KAAK;AAAA,MACjF,iBAAiB;AAAA,MACjB,oBAAoB;AAAA,IACtB,CAAC;AAAA,IACH,OAAO,CAAC,UACN,IAAI,iBAAiB;AAAA,MACnB,WAAW;AAAA,MACX,SAAS,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAAA,IAChE,CAAC;AAAA,EACL,CAAC,EAAE;AAAA,IACD,4BAA4B,gBAAgB,SAAS;AAAA,EACvD;AAEA,QAAM,OAAO,CAAI,IAAsB,cACrC,OAAO,WAAW;AAAA,IAChB,KAAK;AAAA,IACL,OAAO,CAAC,UACN,IAAI,iBAAiB;AAAA,MACnB;AAAA,MACA,SAAS,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAAA,IAChE,CAAC;AAAA,EACL,CAAC,EAAE;AAAA,IACD,4BAA4B,WAAW,SAAS;AAAA,IAChD,OAAO,SAAS,mBAAmB,SAAS,EAAE;AAAA,EAChD;AAEF,SAAO,sBAAsB,GAAG;AAAA,IAC9B,eAAe,CAAC,QAAQ,KAAK,MAAM,OAAO,QAAQ,QAAQ,GAAG,GAAG,mBAAmB;AAAA,IAEnF,YAAY,MACV,KAAK,MAAM,OAAO,OAAO,KAAK,EAAE,gBAAgB,KAAK,CAAC,GAAG,eAAe,EAAE;AAAA,MACxE,OAAO,IAAI,CAAC,WAAW,OAAO,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,IAAI,OAAO,EAAE,MAAM,EAAE,CAAC;AAAA,IAC1E;AAAA,IAEF,WAAW,CAAC,YACV,KAAK,MAAM,OAAO,MAAM,KAAK,OAAO,GAAG,cAAc,EAAE;AAAA,MACrD,OAAO,IAAI,CAAC,UAAU,MAAM,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,IAAI,OAAO,EAAE,MAAM,EAAE,CAAC;AAAA,IACxE;AAAA,EACJ,CAAC;AACH,CAAC,EAAE,KAAK,OAAO,SAAS,8BAA8B,CAAC;AAMlD,IAAM,iBAAiB,CAC5B,SAEA,OAAO,KAAK,MAAM;AAEhB,MAAI,KAAK,SAAS,mBAAmB;AACnC,IAAG,qBAAkB,KAAK,KAAK;AAAA,EACjC,OAAO;AACL,IAAG,kBAAe,EAAE,SAAS,KAAK,YAAY,CAAC;AAAA,EACjD;AAEA,QAAM,WAAW,CAAI,IAAa,cAChC,OAAO,IAAI;AAAA,IACT,KAAK;AAAA,IACL,OAAO,CAAC,UACN,IAAI,iBAAiB;AAAA,MACnB;AAAA,MACA,SAAS,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAAA,IAChE,CAAC;AAAA,EACL,CAAC,EAAE,KAAK,OAAO,SAAS,mBAAmB,SAAS,EAAE,CAAC;AAEzD,SAAO,sBAAsB,GAAG;AAAA,IAC9B,eAAe,CAAC,QAAQ,SAAS,MAAS,QAAK,MAAM,GAAG,GAAG,mBAAmB;AAAA,IAE9E,YAAY,MACV,SAAS,MAAS,SAAM,KAAK,GAAG,eAAe,EAAE;AAAA,MAC/C,OAAO,IAAI,CAAC,WAAW,OAAO,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,IAAI,OAAO,EAAE,KAAK,EAAE,CAAC;AAAA,IACzE;AAAA,IAEF,WAAW,CAAC,YACV,SAAS,MAAS,QAAK,KAAK,EAAE,OAAO,QAAQ,CAAC,GAAG,cAAc,EAAE;AAAA,MAC/D,OAAO,IAAI,CAAC,UAAU,MAAM,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,IAAI,OAAO,EAAE,MAAM,EAAE,CAAC;AAAA,IACxE;AAAA,EACJ,CAAC;AACH,CAAC,EAAE,KAAK,OAAO,SAAS,8BAA8B,CAAC;AAMlD,IAAM,yBAAyB,CACpC,MACA,YACwD;AACxD,QAAM,YAAY,SAAS,aAAa;AAExC,MAAI,SAAS,WAAW;AACtB,WAAO,qBAAqB,MAAM,SAAS;AAAA,EAC7C;AAGA,SAAO,eAAe,IAAI,EAAE;AAAA,IAC1B,OAAO;AAAA,MAAM,CAAC;AAAA;AAAA,QAEZ,qBAAqB,MAAM,SAAS,EAAE,KAAK,OAAO,SAAS,MAAM,QAAQ,CAAC;AAAA;AAAA,IAC5E;AAAA,EACF;AACF;;;ACvMA,SAAS,UAAAC,SAAQ,UAAAC,eAAc;AAE/B;AAAA,EACE;AAAA,EACA;AAAA,OAKK;AAeP,IAAM,mBAAmB;AACzB,IAAMC,sBAAqB;AAC3B,IAAM,aAAa;AAsEnB,IAAM,eAAeC,QAAO,kBAAkB,iBAAiB;AAE/D,IAAM,mBAAmB,CAAC,cACxB,CAAC,UACC,IAAI,aAAa;AAAA,EACf,SAAS,oBAAoB,SAAS,KACpC,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK,CACvD;AAAA,EACA;AACF,CAAC;AAEE,IAAM,uBAAuB,CAClC,OAIA,gBACsB;AAAA,EACtB,WAAW,MACT,MAAM,IAAI,UAAU,EAAE;AAAA,IACpBC,QAAO,SAAS,iBAAiB,MAAM,CAAC;AAAA,IACxCA,QAAO,QAAQ,CAAC,QAAQ;AACtB,UAAI,QAAQ,KAAM,QAAOA,QAAO,QAAQ,IAAI;AAC5C,aAAOA,QAAO,IAAI;AAAA,QAChB,KAAK,MAAM,aAAa,KAAK,MAAM,GAAG,CAAC;AAAA,QACvC,OAAO,CAAC,UACN,IAAI,iBAAiB;AAAA,UACnB,WAAW;AAAA,UACX,SAAS,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAAA,QAChE,CAAC;AAAA,MACL,CAAC;AAAA,IACH,CAAC;AAAA,EACH;AAAA,EAEF,YAAY,CAAC,WACX,MACG;AAAA,IACC;AAAA,IACA,KAAK,UAAU;AAAA,MACb,MAAM,OAAO;AAAA,MACb,SAAS,OAAO;AAAA,MAChB,MAAM,OAAO;AAAA,IACf,CAAC;AAAA,IACD,EAAE,OAAO,WAAW;AAAA,EACtB,EACC,KAAKA,QAAO,SAAS,iBAAiB,OAAO,CAAC,CAAC;AAAA,EAEpD,cAAc,MACZ,MACG,OAAO,YAAY,EAAE,OAAO,WAAW,CAAC,EACxC,KAAKA,QAAO,SAAS,iBAAiB,QAAQ,CAAC,CAAC;AACvD;AAMA,IAAM,cAAc,CAClB,MACA,QACmE;AACnE,MAAI,KAAK,SAAS,eAAe;AAC/B,WAAOA,QAAO,QAAQ;AAAA,MACpB,MAAM;AAAA,MACN,aAAa,KAAK;AAAA,IACpB,CAAC;AAAA,EACH;AACA,SAAO,IAAI,QAAQ,IAAI,KAAK,aAAa,EAAE;AAAA,IACzCA,QAAO;AAAA,MAAS,CAAC,QACf,UAAU,OAAO,IAAI,SAAS,iCAC1B,IAAI,iBAAiB;AAAA,QACnB,WAAW;AAAA,QACX,SAAS,iCAAiC,KAAK,aAAa;AAAA,MAC9D,CAAC,IACD;AAAA,IACN;AAAA,IACAA,QAAO,QAAQ,CAAC,UAAU;AACxB,UAAI,UAAU,MAAM;AAClB,eAAOA,QAAO;AAAA,UACZ,IAAI,iBAAiB;AAAA,YACnB,WAAW;AAAA,YACX,SAAS,iCAAiC,KAAK,aAAa;AAAA,UAC9D,CAAC;AAAA,QACH;AAAA,MACF;AACA,aAAOA,QAAO,QAAQ;AAAA,QACpB,MAAM;AAAA,QACN;AAAA,MACF,CAAC;AAAA,IACH,CAAC;AAAA,EACH;AACF;AAEA,IAAM,uBAAuB,CAC3B,QACA,KACA,WACA,cAEA,YAAY,OAAO,MAAM,GAAG,EAAE;AAAA,EAC5BA,QAAO;AAAA,IAAQ,CAAC,aACd,uBAAuB,UAAU,EAAE,WAAW,UAAU,CAAC;AAAA,EAC3D;AACF;AAMF,IAAM,eAAe,CACnB,KACA,WACA,eACoB;AAAA,EACpB,KAAK;AAAA,EACL,UAAU;AAAA;AAAA;AAAA;AAAA,EAKV,KAAK,CAAC,UAAU,WACd,IAAI,QAAQ,UAAU,EAAE;AAAA,IACtBA,QAAO,QAAQ,CAAC,WAAW;AACzB,UAAI,CAAC,OAAQ,QAAOA,QAAO,QAAQ,IAAqB;AAExD,YAAM,MAAM,SAAS,WAAW,OAAO,IACnC,WACA,QAAQ,OAAO,OAAO,IAAI,QAAQ,IAAI,gBAAgB;AAE1D,aAAO,qBAAqB,QAAQ,KAAK,WAAW,SAAS,EAAE;AAAA,QAC7DA,QAAO,QAAQ,CAAC,QAAQ,IAAI,cAAc,GAAG,CAAC;AAAA,QAC9CA,QAAO,IAAI,CAAC,MAAqB,CAAC;AAAA,QAClCA,QAAO,cAAc,MAAM,IAAI;AAAA,MACjC;AAAA,IACF,CAAC;AAAA,IACDA,QAAO,cAAc,MAAM,IAAI;AAAA,EACjC;AAAA,EAEF,MAAM,MACJ,IAAI,QAAQ,UAAU,EAAE;AAAA,IACtBA,QAAO,QAAQ,CAAC,WAAW;AACzB,UAAI,CAAC;AACH,eAAOA,QAAO;AAAA,UACZ,CAAC;AAAA,QACH;AACF,aAAO,qBAAqB,QAAQ,KAAK,WAAW,SAAS,EAAE;AAAA,QAC7DA,QAAO,QAAQ,CAAC,QAAQ,IAAI,UAAU,OAAO,OAAO,CAAC;AAAA,QACrDA,QAAO;AAAA,UACL,CAAC,UACC,MAAM,IAAI,CAACC,WAAU,EAAE,IAAIA,MAAK,IAAI,MAAMA,MAAK,MAAM,EAAE;AAAA,QAC3D;AAAA,MACF;AAAA,IACF,CAAC;AAAA,IACDD,QAAO;AAAA,MACL,MAAM,CAAC;AAAA,IACT;AAAA,EACF;AACJ;AAaO,IAAM,oBAAoB;AAAA,EAC/B,CAAC,YAAuC;AACtC,UAAM,YAAY,SAAS,aAAaF;AACxC,UAAM,YAAY,SAAS;AAE3B,WAAO;AAAA,MACL,IAAI;AAAA,MACJ,SAAS,CAAC,EAAE,OAAO,OAAO,MACxB,qBAAqB,OAAO,OAAO,GAAG,EAAE,EAAG,EAAY;AAAA,MAEzD,WAAW,CAAC,QAAQ;AAClB,eAAO;AAAA,UACL,WAAW,CAAC,WAAW,IAAI,QAAQ,WAAW,MAAM;AAAA,UAEpD,WAAW,MAAM,IAAI,QAAQ,UAAU;AAAA,UAEvC,cAAc,MAAM,IAAI,QAAQ,aAAa;AAAA,UAE7C,QAAQ,MACNE,QAAO,IAAI,aAAa;AACtB,kBAAM,SAAS,OAAO,IAAI,QAAQ,UAAU;AAC5C,gBAAI,CAAC,QAAQ;AACX,qBAAO,IAAI,iBAAiB;AAAA,gBAC1B,WAAW;AAAA,gBACX,OAAO;AAAA,cACT,CAAC;AAAA,YACH;AACA,kBAAM,MAAM,OAAO;AAAA,cACjB;AAAA,cACA;AAAA,cACA;AAAA,cACA;AAAA,YACF;AACA,kBAAM,SAAS,OAAO,IAAI,WAAW;AACrC,kBAAME,SAAQ,OAAO,KAAK,CAAC,MAAM,EAAE,OAAO,OAAO,OAAO;AACxD,mBAAO,IAAI,iBAAiB;AAAA,cAC1B,WAAW;AAAA,cACX,WAAWA,QAAO;AAAA,YACpB,CAAC;AAAA,UACH,CAAC;AAAA,UAEH,YAAY,CAAC,SACXF,QAAO,IAAI,aAAa;AACtB,kBAAM,WAAW,OAAO,YAAY,MAAM,GAAG;AAC7C,kBAAM,MAAM,OAAO,uBAAuB,UAAU;AAAA,cAClD;AAAA,cACA;AAAA,YACF,CAAC;AACD,kBAAM,SAAS,OAAO,IAAI,WAAW;AACrC,mBAAO,OACJ,IAAI,CAAC,MAAM,IAAI,MAAM,EAAE,IAAI,EAAE,IAAI,MAAM,EAAE,MAAM,CAAC,CAAC,EACjD,KAAK,CAAC,GAAG,MAAM,EAAE,KAAK,cAAc,EAAE,IAAI,CAAC;AAAA,UAChD,CAAC;AAAA,UAEH,SAAS,CAAC,QACRA,QAAO,IAAI,aAAa;AACtB,kBAAM,SAAS,OAAO,IAAI,QAAQ,UAAU;AAC5C,gBAAI,CAAC,QAAQ;AACX,qBAAO,OAAOA,QAAO;AAAA,gBACnB,IAAI,iBAAiB;AAAA,kBACnB,WAAW;AAAA,kBACX,SAAS;AAAA,gBACX,CAAC;AAAA,cACH;AAAA,YACF;AACA,kBAAM,MAAM,OAAO;AAAA,cACjB;AAAA,cACA;AAAA,cACA;AAAA,cACA;AAAA,YACF;AACA,mBAAO,OAAO,IAAI,cAAc,GAAG;AAAA,UACrC,CAAC;AAAA,QACL;AAAA,MACF;AAAA,MAEA,iBAAiB,CAAC,QAAQ,CAAC,aAAa,KAAK,WAAW,SAAS,CAAC;AAAA,IACpE;AAAA,EACF;AACF;","names":["Schema","Effect","Schema","DEFAULT_TIMEOUT_MS","Schema","Effect","item","vault"]}