@executor-js/plugin-onepassword 0.0.2 → 0.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/OnePasswordSettings-NUPVIEGH.js +392 -0
- package/dist/OnePasswordSettings-NUPVIEGH.js.map +1 -0
- package/dist/api/group.d.ts +16 -6
- package/dist/api/handlers.d.ts +9 -3
- package/dist/api/index.d.ts +35 -0
- package/dist/chunk-NRYSRUWU.js +68 -0
- package/dist/chunk-NRYSRUWU.js.map +1 -0
- package/dist/{chunk-HWMHIFQL.js → chunk-ULLNZ6JH.js} +131 -171
- package/dist/chunk-ULLNZ6JH.js.map +1 -0
- package/dist/client.js +20 -0
- package/dist/client.js.map +1 -0
- package/dist/core.js +10 -8
- package/dist/index.js +5 -3
- package/dist/react/atoms.d.ts +16 -6
- package/dist/react/client.d.ts +13 -336
- package/dist/react/plugin-client.d.ts +2 -0
- package/dist/react/secret-provider-plugin.d.ts +1 -1
- package/dist/sdk/plugin.d.ts +18 -26
- package/dist/sdk/types.d.ts +43 -1
- package/package.json +8 -2
- package/dist/chunk-HWMHIFQL.js.map +0 -1
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../src/sdk/types.ts","../src/sdk/errors.ts"],"sourcesContent":["import { Schema } from \"effect\";\n\n// ---------------------------------------------------------------------------\n// Auth — how to talk to 1Password\n// ---------------------------------------------------------------------------\n\nexport const DesktopAppAuthSchema = Schema.Struct({\n kind: Schema.Literal(\"desktop-app\"),\n /** 1Password account domain, e.g. \"my.1password.com\" */\n accountName: Schema.String,\n});\n\nexport class DesktopAppAuth extends Schema.Class<DesktopAppAuth>(\"DesktopAppAuth\")(\n DesktopAppAuthSchema.fields,\n) {}\n\nexport const ServiceAccountAuthSchema = Schema.Struct({\n kind: Schema.Literal(\"service-account\"),\n /** The service account token (stored as a secret) */\n tokenSecretId: Schema.String,\n});\n\nexport class ServiceAccountAuth extends Schema.Class<ServiceAccountAuth>(\"ServiceAccountAuth\")(\n ServiceAccountAuthSchema.fields,\n) {}\n\nexport const OnePasswordAuthSchema = Schema.Union([DesktopAppAuthSchema, ServiceAccountAuthSchema]);\nexport const OnePasswordAuth = Schema.Union([DesktopAppAuth, ServiceAccountAuth]);\nexport type OnePasswordAuth = typeof OnePasswordAuth.Type;\n\n// ---------------------------------------------------------------------------\n// Stored config — persisted via KV\n// ---------------------------------------------------------------------------\n\nexport const OnePasswordConfigSchema = Schema.Struct({\n auth: OnePasswordAuthSchema,\n /** Vault to scope operations to */\n vaultId: Schema.String,\n /** Human label */\n name: Schema.String,\n});\n\nexport class OnePasswordConfig extends Schema.Class<OnePasswordConfig>(\"OnePasswordConfig\")(\n OnePasswordConfigSchema.fields,\n) {}\n\n// ---------------------------------------------------------------------------\n// Vault\n// ---------------------------------------------------------------------------\n\nexport class Vault extends Schema.Class<Vault>(\"Vault\")({\n id: Schema.String,\n name: Schema.String,\n}) {}\n\n// ---------------------------------------------------------------------------\n// Connection status\n// ---------------------------------------------------------------------------\n\nexport class ConnectionStatus extends Schema.Class<ConnectionStatus>(\"ConnectionStatus\")({\n connected: Schema.Boolean,\n vaultName: Schema.optional(Schema.String),\n error: Schema.optional(Schema.String),\n}) {}\n","import { Schema } from \"effect\";\n\nexport class OnePasswordError extends Schema.TaggedErrorClass<OnePasswordError>()(\n \"OnePasswordError\",\n {\n operation: Schema.String,\n message: Schema.String,\n },\n { httpApiStatus: 502 },\n) {}\n"],"mappings":";AAAA,SAAS,cAAc;AAMhB,IAAM,uBAAuB,OAAO,OAAO;AAAA,EAChD,MAAM,OAAO,QAAQ,aAAa;AAAA;AAAA,EAElC,aAAa,OAAO;AACtB,CAAC;AAEM,IAAM,iBAAN,cAA6B,OAAO,MAAsB,gBAAgB;AAAA,EAC/E,qBAAqB;AACvB,EAAE;AAAC;AAEI,IAAM,2BAA2B,OAAO,OAAO;AAAA,EACpD,MAAM,OAAO,QAAQ,iBAAiB;AAAA;AAAA,EAEtC,eAAe,OAAO;AACxB,CAAC;AAEM,IAAM,qBAAN,cAAiC,OAAO,MAA0B,oBAAoB;AAAA,EAC3F,yBAAyB;AAC3B,EAAE;AAAC;AAEI,IAAM,wBAAwB,OAAO,MAAM,CAAC,sBAAsB,wBAAwB,CAAC;AAC3F,IAAM,kBAAkB,OAAO,MAAM,CAAC,gBAAgB,kBAAkB,CAAC;AAOzE,IAAM,0BAA0B,OAAO,OAAO;AAAA,EACnD,MAAM;AAAA;AAAA,EAEN,SAAS,OAAO;AAAA;AAAA,EAEhB,MAAM,OAAO;AACf,CAAC;AAEM,IAAM,oBAAN,cAAgC,OAAO,MAAyB,mBAAmB;AAAA,EACxF,wBAAwB;AAC1B,EAAE;AAAC;AAMI,IAAM,QAAN,cAAoB,OAAO,MAAa,OAAO,EAAE;AAAA,EACtD,IAAI,OAAO;AAAA,EACX,MAAM,OAAO;AACf,CAAC,EAAE;AAAC;AAMG,IAAM,mBAAN,cAA+B,OAAO,MAAwB,kBAAkB,EAAE;AAAA,EACvF,WAAW,OAAO;AAAA,EAClB,WAAW,OAAO,SAAS,OAAO,MAAM;AAAA,EACxC,OAAO,OAAO,SAAS,OAAO,MAAM;AACtC,CAAC,EAAE;AAAC;;;AC/DJ,SAAS,UAAAA,eAAc;AAEhB,IAAM,mBAAN,cAA+BA,QAAO,iBAAmC;AAAA,EAC9E;AAAA,EACA;AAAA,IACE,WAAWA,QAAO;AAAA,IAClB,SAASA,QAAO;AAAA,EAClB;AAAA,EACA,EAAE,eAAe,IAAI;AACvB,EAAE;AAAC;","names":["Schema"]}
|
|
@@ -1,61 +1,21 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
}) {
|
|
8
|
-
};
|
|
9
|
-
var ServiceAccountAuth = class extends Schema.Class("ServiceAccountAuth")({
|
|
10
|
-
kind: Schema.Literal("service-account"),
|
|
11
|
-
/** The service account token (stored as a secret) */
|
|
12
|
-
tokenSecretId: Schema.String
|
|
13
|
-
}) {
|
|
14
|
-
};
|
|
15
|
-
var OnePasswordAuth = Schema.Union([DesktopAppAuth, ServiceAccountAuth]);
|
|
16
|
-
var OnePasswordConfig = class extends Schema.Class("OnePasswordConfig")({
|
|
17
|
-
auth: OnePasswordAuth,
|
|
18
|
-
/** Vault to scope operations to */
|
|
19
|
-
vaultId: Schema.String,
|
|
20
|
-
/** Human label */
|
|
21
|
-
name: Schema.String
|
|
22
|
-
}) {
|
|
23
|
-
};
|
|
24
|
-
var Vault = class extends Schema.Class("Vault")({
|
|
25
|
-
id: Schema.String,
|
|
26
|
-
name: Schema.String
|
|
27
|
-
}) {
|
|
28
|
-
};
|
|
29
|
-
var ConnectionStatus = class extends Schema.Class("ConnectionStatus")({
|
|
30
|
-
connected: Schema.Boolean,
|
|
31
|
-
vaultName: Schema.optional(Schema.String),
|
|
32
|
-
error: Schema.optional(Schema.String)
|
|
33
|
-
}) {
|
|
34
|
-
};
|
|
35
|
-
|
|
36
|
-
// src/sdk/errors.ts
|
|
37
|
-
import { Schema as Schema2 } from "effect";
|
|
38
|
-
var OnePasswordError = class extends Schema2.TaggedErrorClass()(
|
|
39
|
-
"OnePasswordError",
|
|
40
|
-
{
|
|
41
|
-
operation: Schema2.String,
|
|
42
|
-
message: Schema2.String
|
|
43
|
-
},
|
|
44
|
-
{ httpApiStatus: 502 }
|
|
45
|
-
) {
|
|
46
|
-
};
|
|
1
|
+
import {
|
|
2
|
+
ConnectionStatus,
|
|
3
|
+
OnePasswordConfig,
|
|
4
|
+
OnePasswordError,
|
|
5
|
+
Vault
|
|
6
|
+
} from "./chunk-NRYSRUWU.js";
|
|
47
7
|
|
|
48
8
|
// src/sdk/service.ts
|
|
49
|
-
import { Context, Duration, Effect } from "effect";
|
|
9
|
+
import { Context, Duration, Effect, Semaphore } from "effect";
|
|
50
10
|
import * as op from "@1password/op-js";
|
|
51
11
|
var OnePasswordServiceTag = class extends Context.Service()("@executor-js/plugin-onepassword/OnePasswordService") {
|
|
52
12
|
};
|
|
53
13
|
var DEFAULT_TIMEOUT_MS = 15e3;
|
|
54
14
|
var loadOnePasswordSdk = () => Effect.tryPromise({
|
|
55
15
|
try: () => import("@1password/sdk"),
|
|
56
|
-
catch: (
|
|
16
|
+
catch: () => new OnePasswordError({
|
|
57
17
|
operation: "sdk module load",
|
|
58
|
-
message:
|
|
18
|
+
message: "Failed to load 1Password SDK"
|
|
59
19
|
})
|
|
60
20
|
});
|
|
61
21
|
var makeTimeoutMessage = (operation, timeoutMs) => [
|
|
@@ -86,18 +46,16 @@ var makeNativeSdkService = (auth, timeoutMs = DEFAULT_TIMEOUT_MS) => Effect.gen(
|
|
|
86
46
|
integrationName: "Executor",
|
|
87
47
|
integrationVersion: "0.0.0"
|
|
88
48
|
}),
|
|
89
|
-
catch: (
|
|
49
|
+
catch: () => new OnePasswordError({
|
|
90
50
|
operation: "client setup",
|
|
91
|
-
message:
|
|
51
|
+
message: "Failed to set up 1Password client"
|
|
92
52
|
})
|
|
93
|
-
}).pipe(
|
|
94
|
-
timeoutWithOnePasswordError("client setup", timeoutMs)
|
|
95
|
-
);
|
|
53
|
+
}).pipe(timeoutWithOnePasswordError("client setup", timeoutMs));
|
|
96
54
|
const wrap = (fn, operation) => Effect.tryPromise({
|
|
97
55
|
try: fn,
|
|
98
|
-
catch: (
|
|
56
|
+
catch: () => new OnePasswordError({
|
|
99
57
|
operation,
|
|
100
|
-
message:
|
|
58
|
+
message: `1Password SDK ${operation} failed`
|
|
101
59
|
})
|
|
102
60
|
}).pipe(
|
|
103
61
|
timeoutWithOnePasswordError(operation, timeoutMs),
|
|
@@ -113,19 +71,26 @@ var makeNativeSdkService = (auth, timeoutMs = DEFAULT_TIMEOUT_MS) => Effect.gen(
|
|
|
113
71
|
)
|
|
114
72
|
});
|
|
115
73
|
}).pipe(Effect.withSpan("onepassword.sdk.make_service"));
|
|
74
|
+
var cliAuthLock = Semaphore.makeUnsafe(1);
|
|
116
75
|
var makeCliService = (auth) => Effect.sync(() => {
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
|
|
76
|
+
const wrapSync = (fn, operation) => cliAuthLock.withPermits(1)(
|
|
77
|
+
Effect.try({
|
|
78
|
+
try: () => {
|
|
79
|
+
if (auth.kind === "service-account") {
|
|
80
|
+
op.setGlobalFlags({});
|
|
81
|
+
op.setServiceAccount(auth.token);
|
|
82
|
+
} else {
|
|
83
|
+
op.setServiceAccount("");
|
|
84
|
+
op.setGlobalFlags({ account: auth.accountName });
|
|
85
|
+
}
|
|
86
|
+
return fn();
|
|
87
|
+
},
|
|
88
|
+
catch: () => new OnePasswordError({
|
|
89
|
+
operation,
|
|
90
|
+
message: `1Password CLI ${operation} failed`
|
|
91
|
+
})
|
|
127
92
|
})
|
|
128
|
-
|
|
93
|
+
).pipe(Effect.withSpan(`onepassword.cli.${operation}`));
|
|
129
94
|
return OnePasswordServiceTag.of({
|
|
130
95
|
resolveSecret: (uri) => wrapSync(() => op.read.parse(uri), "secret resolution"),
|
|
131
96
|
listVaults: () => wrapSync(() => op.vault.list(), "vault listing").pipe(
|
|
@@ -152,7 +117,7 @@ var makeOnePasswordService = (auth, options) => {
|
|
|
152
117
|
};
|
|
153
118
|
|
|
154
119
|
// src/sdk/plugin.ts
|
|
155
|
-
import { Effect as Effect2, Schema
|
|
120
|
+
import { Effect as Effect2, Schema } from "effect";
|
|
156
121
|
import {
|
|
157
122
|
definePlugin,
|
|
158
123
|
StorageError
|
|
@@ -160,35 +125,36 @@ import {
|
|
|
160
125
|
var CREDENTIAL_FIELD = "credential";
|
|
161
126
|
var DEFAULT_TIMEOUT_MS2 = 15e3;
|
|
162
127
|
var CONFIG_KEY = "config";
|
|
163
|
-
var decodeConfig =
|
|
128
|
+
var decodeConfig = Schema.decodeUnknownEffect(Schema.fromJsonString(OnePasswordConfig));
|
|
164
129
|
var blobStorageError = (operation) => (cause) => new StorageError({
|
|
165
|
-
message: `onepassword blob ${operation}
|
|
130
|
+
message: `onepassword blob ${operation} failed`,
|
|
166
131
|
cause
|
|
167
132
|
});
|
|
168
|
-
var makeOnePasswordStore = (blobs
|
|
133
|
+
var makeOnePasswordStore = (blobs) => ({
|
|
169
134
|
getConfig: () => blobs.get(CONFIG_KEY).pipe(
|
|
170
135
|
Effect2.mapError(blobStorageError("read")),
|
|
171
136
|
Effect2.flatMap((raw) => {
|
|
172
137
|
if (raw === null) return Effect2.succeed(null);
|
|
173
|
-
return
|
|
174
|
-
|
|
175
|
-
|
|
176
|
-
|
|
177
|
-
|
|
178
|
-
|
|
179
|
-
|
|
138
|
+
return decodeConfig(raw).pipe(
|
|
139
|
+
Effect2.mapError(
|
|
140
|
+
() => new OnePasswordError({
|
|
141
|
+
operation: "config decode",
|
|
142
|
+
message: "Failed to decode 1Password config"
|
|
143
|
+
})
|
|
144
|
+
)
|
|
145
|
+
);
|
|
180
146
|
})
|
|
181
147
|
),
|
|
182
|
-
saveConfig: (config) => blobs.put(
|
|
148
|
+
saveConfig: (config, targetScope) => blobs.put(
|
|
183
149
|
CONFIG_KEY,
|
|
184
150
|
JSON.stringify({
|
|
185
151
|
auth: config.auth,
|
|
186
152
|
vaultId: config.vaultId,
|
|
187
153
|
name: config.name
|
|
188
154
|
}),
|
|
189
|
-
{ scope:
|
|
155
|
+
{ scope: targetScope }
|
|
190
156
|
).pipe(Effect2.mapError(blobStorageError("write"))),
|
|
191
|
-
deleteConfig: () => blobs.delete(CONFIG_KEY, { scope:
|
|
157
|
+
deleteConfig: (targetScope) => blobs.delete(CONFIG_KEY, { scope: targetScope }).pipe(Effect2.mapError(blobStorageError("delete")))
|
|
192
158
|
});
|
|
193
159
|
var resolveAuth = (auth, ctx) => {
|
|
194
160
|
if (auth.kind === "desktop-app") {
|
|
@@ -198,11 +164,14 @@ var resolveAuth = (auth, ctx) => {
|
|
|
198
164
|
});
|
|
199
165
|
}
|
|
200
166
|
return ctx.secrets.get(auth.tokenSecretId).pipe(
|
|
201
|
-
Effect2.
|
|
202
|
-
|
|
203
|
-
|
|
204
|
-
|
|
205
|
-
|
|
167
|
+
Effect2.catchTag(
|
|
168
|
+
"SecretOwnedByConnectionError",
|
|
169
|
+
() => Effect2.fail(
|
|
170
|
+
new OnePasswordError({
|
|
171
|
+
operation: "auth resolution",
|
|
172
|
+
message: `Service account token secret "${auth.tokenSecretId}" not found`
|
|
173
|
+
})
|
|
174
|
+
)
|
|
206
175
|
),
|
|
207
176
|
Effect2.flatMap((token) => {
|
|
208
177
|
if (token === null) {
|
|
@@ -221,20 +190,28 @@ var resolveAuth = (auth, ctx) => {
|
|
|
221
190
|
);
|
|
222
191
|
};
|
|
223
192
|
var getServiceFromConfig = (config, ctx, timeoutMs, preferSdk) => resolveAuth(config.auth, ctx).pipe(
|
|
224
|
-
Effect2.flatMap(
|
|
225
|
-
(resolved) => makeOnePasswordService(resolved, { timeoutMs, preferSdk })
|
|
226
|
-
)
|
|
193
|
+
Effect2.flatMap((resolved) => makeOnePasswordService(resolved, { timeoutMs, preferSdk }))
|
|
227
194
|
);
|
|
195
|
+
var configuredVaultUri = (config, secretId) => {
|
|
196
|
+
if (!secretId.startsWith("op://")) {
|
|
197
|
+
return `op://${config.vaultId}/${secretId}/${CREDENTIAL_FIELD}`;
|
|
198
|
+
}
|
|
199
|
+
const match = secretId.match(/^op:\/\/([^/]+)\/.+/);
|
|
200
|
+
if (!match || match[1] !== config.vaultId) return null;
|
|
201
|
+
return secretId;
|
|
202
|
+
};
|
|
228
203
|
var makeProvider = (ctx, timeoutMs, preferSdk) => ({
|
|
229
204
|
key: "onepassword",
|
|
230
205
|
writable: false,
|
|
206
|
+
allowFallback: false,
|
|
231
207
|
// 1Password vaults are named in the stored config; the executor-scope
|
|
232
208
|
// arg isn't used for routing here. A future refactor could let the
|
|
233
209
|
// plugin store per-scope vault bindings and pick based on `scope`.
|
|
234
210
|
get: (secretId, _scope) => ctx.storage.getConfig().pipe(
|
|
235
211
|
Effect2.flatMap((config) => {
|
|
236
212
|
if (!config) return Effect2.succeed(null);
|
|
237
|
-
const uri =
|
|
213
|
+
const uri = configuredVaultUri(config, secretId);
|
|
214
|
+
if (uri === null) return Effect2.succeed(null);
|
|
238
215
|
return getServiceFromConfig(config, ctx, timeoutMs, preferSdk).pipe(
|
|
239
216
|
Effect2.flatMap((svc) => svc.resolveSecret(uri)),
|
|
240
217
|
Effect2.map((v) => v),
|
|
@@ -245,10 +222,7 @@ var makeProvider = (ctx, timeoutMs, preferSdk) => ({
|
|
|
245
222
|
),
|
|
246
223
|
list: () => ctx.storage.getConfig().pipe(
|
|
247
224
|
Effect2.flatMap((config) => {
|
|
248
|
-
if (!config)
|
|
249
|
-
return Effect2.succeed(
|
|
250
|
-
[]
|
|
251
|
-
);
|
|
225
|
+
if (!config) return Effect2.succeed([]);
|
|
252
226
|
return getServiceFromConfig(config, ctx, timeoutMs, preferSdk).pipe(
|
|
253
227
|
Effect2.flatMap((svc) => svc.listItems(config.vaultId)),
|
|
254
228
|
Effect2.map(
|
|
@@ -256,86 +230,72 @@ var makeProvider = (ctx, timeoutMs, preferSdk) => ({
|
|
|
256
230
|
)
|
|
257
231
|
);
|
|
258
232
|
}),
|
|
259
|
-
Effect2.orElseSucceed(
|
|
260
|
-
() => []
|
|
261
|
-
)
|
|
233
|
+
Effect2.orElseSucceed(() => [])
|
|
262
234
|
)
|
|
263
235
|
});
|
|
264
|
-
var
|
|
265
|
-
|
|
266
|
-
|
|
267
|
-
|
|
268
|
-
|
|
269
|
-
|
|
270
|
-
|
|
271
|
-
|
|
272
|
-
return {
|
|
273
|
-
|
|
274
|
-
|
|
275
|
-
|
|
276
|
-
|
|
277
|
-
|
|
278
|
-
|
|
279
|
-
|
|
280
|
-
|
|
281
|
-
|
|
282
|
-
|
|
283
|
-
|
|
284
|
-
|
|
285
|
-
|
|
286
|
-
|
|
287
|
-
|
|
288
|
-
|
|
289
|
-
|
|
290
|
-
|
|
291
|
-
|
|
292
|
-
|
|
293
|
-
|
|
294
|
-
|
|
295
|
-
|
|
296
|
-
|
|
297
|
-
|
|
298
|
-
|
|
299
|
-
|
|
300
|
-
|
|
301
|
-
|
|
302
|
-
|
|
303
|
-
|
|
304
|
-
|
|
305
|
-
|
|
306
|
-
|
|
307
|
-
|
|
308
|
-
|
|
309
|
-
|
|
310
|
-
|
|
311
|
-
|
|
312
|
-
|
|
313
|
-
|
|
314
|
-
|
|
315
|
-
|
|
316
|
-
|
|
317
|
-
|
|
318
|
-
|
|
319
|
-
|
|
320
|
-
|
|
321
|
-
|
|
322
|
-
|
|
323
|
-
|
|
324
|
-
|
|
325
|
-
},
|
|
326
|
-
secretProviders: (ctx) => [makeProvider(ctx, timeoutMs, preferSdk)]
|
|
327
|
-
};
|
|
328
|
-
}
|
|
329
|
-
);
|
|
236
|
+
var makeOnePasswordExtension = (ctx, timeoutMs, preferSdk) => {
|
|
237
|
+
return {
|
|
238
|
+
configure: (config, targetScope) => ctx.storage.saveConfig(config, targetScope),
|
|
239
|
+
getConfig: () => ctx.storage.getConfig(),
|
|
240
|
+
removeConfig: (targetScope) => ctx.storage.deleteConfig(targetScope),
|
|
241
|
+
status: () => Effect2.gen(function* () {
|
|
242
|
+
const config = yield* ctx.storage.getConfig();
|
|
243
|
+
if (!config) {
|
|
244
|
+
return new ConnectionStatus({
|
|
245
|
+
connected: false,
|
|
246
|
+
error: "Not configured"
|
|
247
|
+
});
|
|
248
|
+
}
|
|
249
|
+
const svc = yield* getServiceFromConfig(config, ctx, timeoutMs, preferSdk);
|
|
250
|
+
const vaults = yield* svc.listVaults();
|
|
251
|
+
const vault2 = vaults.find((v) => v.id === config.vaultId);
|
|
252
|
+
return new ConnectionStatus({
|
|
253
|
+
connected: true,
|
|
254
|
+
vaultName: vault2?.title
|
|
255
|
+
});
|
|
256
|
+
}),
|
|
257
|
+
listVaults: (auth) => Effect2.gen(function* () {
|
|
258
|
+
const resolved = yield* resolveAuth(auth, ctx);
|
|
259
|
+
const svc = yield* makeOnePasswordService(resolved, {
|
|
260
|
+
timeoutMs,
|
|
261
|
+
preferSdk
|
|
262
|
+
});
|
|
263
|
+
const vaults = yield* svc.listVaults();
|
|
264
|
+
return vaults.map((v) => new Vault({ id: v.id, name: v.title })).sort((a, b) => a.name.localeCompare(b.name));
|
|
265
|
+
}),
|
|
266
|
+
resolve: (uri) => Effect2.gen(function* () {
|
|
267
|
+
const config = yield* ctx.storage.getConfig();
|
|
268
|
+
if (!config) {
|
|
269
|
+
return yield* new OnePasswordError({
|
|
270
|
+
operation: "resolve",
|
|
271
|
+
message: "1Password is not configured"
|
|
272
|
+
});
|
|
273
|
+
}
|
|
274
|
+
const scopedUri = configuredVaultUri(config, uri);
|
|
275
|
+
if (scopedUri === null) {
|
|
276
|
+
return yield* new OnePasswordError({
|
|
277
|
+
operation: "resolve",
|
|
278
|
+
message: "1Password secret URI is outside the configured vault"
|
|
279
|
+
});
|
|
280
|
+
}
|
|
281
|
+
const svc = yield* getServiceFromConfig(config, ctx, timeoutMs, preferSdk);
|
|
282
|
+
return yield* svc.resolveSecret(scopedUri);
|
|
283
|
+
})
|
|
284
|
+
};
|
|
285
|
+
};
|
|
286
|
+
var onepasswordPlugin = definePlugin((options) => {
|
|
287
|
+
const timeoutMs = options?.timeoutMs ?? DEFAULT_TIMEOUT_MS2;
|
|
288
|
+
const preferSdk = options?.preferSdk;
|
|
289
|
+
return {
|
|
290
|
+
id: "onepassword",
|
|
291
|
+
packageName: "@executor-js/plugin-onepassword",
|
|
292
|
+
storage: ({ blobs }) => makeOnePasswordStore(blobs),
|
|
293
|
+
extension: (ctx) => makeOnePasswordExtension(ctx, timeoutMs, preferSdk),
|
|
294
|
+
secretProviders: (ctx) => [makeProvider(ctx, timeoutMs, preferSdk)]
|
|
295
|
+
};
|
|
296
|
+
});
|
|
330
297
|
|
|
331
298
|
export {
|
|
332
|
-
DesktopAppAuth,
|
|
333
|
-
ServiceAccountAuth,
|
|
334
|
-
OnePasswordAuth,
|
|
335
|
-
OnePasswordConfig,
|
|
336
|
-
Vault,
|
|
337
|
-
ConnectionStatus,
|
|
338
|
-
OnePasswordError,
|
|
339
299
|
OnePasswordServiceTag,
|
|
340
300
|
makeNativeSdkService,
|
|
341
301
|
makeCliService,
|
|
@@ -343,4 +303,4 @@ export {
|
|
|
343
303
|
makeOnePasswordStore,
|
|
344
304
|
onepasswordPlugin
|
|
345
305
|
};
|
|
346
|
-
//# sourceMappingURL=chunk-
|
|
306
|
+
//# sourceMappingURL=chunk-ULLNZ6JH.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../src/sdk/service.ts","../src/sdk/plugin.ts"],"sourcesContent":["import { Context, Duration, Effect, Semaphore } from \"effect\";\nimport * as op from \"@1password/op-js\";\n\nimport { OnePasswordError } from \"./errors\";\n\n// ---------------------------------------------------------------------------\n// Canonical service interface — all backends (SDK, CLI) implement this\n// ---------------------------------------------------------------------------\n\nexport interface OnePasswordVault {\n readonly id: string;\n readonly title: string;\n}\n\nexport interface OnePasswordItem {\n readonly id: string;\n readonly title: string;\n}\n\nexport interface OnePasswordService {\n /** Resolve a secret by op:// URI */\n readonly resolveSecret: (uri: string) => Effect.Effect<string, OnePasswordError>;\n\n /** List accessible vaults */\n readonly listVaults: () => Effect.Effect<ReadonlyArray<OnePasswordVault>, OnePasswordError>;\n\n /** List items in a vault */\n readonly listItems: (\n vaultId: string,\n ) => Effect.Effect<ReadonlyArray<OnePasswordItem>, OnePasswordError>;\n}\n\nexport class OnePasswordServiceTag extends Context.Service<\n OnePasswordServiceTag,\n OnePasswordService\n>()(\"@executor-js/plugin-onepassword/OnePasswordService\") {}\n\n// ---------------------------------------------------------------------------\n// Resolved auth — raw credentials ready for any backend\n// ---------------------------------------------------------------------------\n\nexport type ResolvedAuth =\n | { readonly kind: \"desktop-app\"; readonly accountName: string }\n | { readonly kind: \"service-account\"; readonly token: string };\n\n// ---------------------------------------------------------------------------\n// SDK backend — uses @1password/sdk native IPC\n// ---------------------------------------------------------------------------\n\nconst DEFAULT_TIMEOUT_MS = 15_000;\ntype OnePasswordSdkModule = typeof import(\"@1password/sdk\");\n\nconst loadOnePasswordSdk = (): Effect.Effect<OnePasswordSdkModule, OnePasswordError> =>\n Effect.tryPromise({\n try: () => import(\"@1password/sdk\"),\n catch: () =>\n new OnePasswordError({\n operation: \"sdk module load\",\n message: \"Failed to load 1Password SDK\",\n }),\n });\n\nconst makeTimeoutMessage = (operation: string, timeoutMs: number): string =>\n [\n `${operation}: timed out after ${Math.floor(timeoutMs / 1000)}s.`,\n \"Troubleshooting:\",\n \"1. Make sure the 1Password desktop app is open and unlocked\",\n \"2. Check for an approval prompt in the 1Password app — it may be behind other windows\",\n \"3. Ensure 'Developer > Connect with 1Password CLI' is enabled in 1Password Settings\",\n \"4. Make sure no other app or terminal is waiting for 1Password approval (only one prompt at a time)\",\n \"5. Try quitting 1Password completely and reopening it, then retry\",\n ].join(\"\\n\");\n\nconst timeoutWithOnePasswordError = (operation: string, timeoutMs: number) =>\n Effect.timeoutOrElse({\n duration: Duration.millis(timeoutMs),\n orElse: () =>\n Effect.fail(\n new OnePasswordError({\n operation,\n message: makeTimeoutMessage(operation, timeoutMs),\n }),\n ),\n });\n\nexport const makeNativeSdkService = (\n auth: ResolvedAuth,\n timeoutMs: number = DEFAULT_TIMEOUT_MS,\n): Effect.Effect<OnePasswordService, OnePasswordError> =>\n Effect.gen(function* () {\n const sdk = yield* loadOnePasswordSdk().pipe(\n timeoutWithOnePasswordError(\"sdk module load\", timeoutMs),\n );\n\n const client = yield* Effect.tryPromise({\n try: () =>\n sdk.createClient({\n auth: auth.kind === \"desktop-app\" ? new sdk.DesktopAuth(auth.accountName) : auth.token,\n integrationName: \"Executor\",\n integrationVersion: \"0.0.0\",\n }),\n catch: () =>\n new OnePasswordError({\n operation: \"client setup\",\n message: \"Failed to set up 1Password client\",\n }),\n }).pipe(timeoutWithOnePasswordError(\"client setup\", timeoutMs));\n\n const wrap = <A>(fn: () => Promise<A>, operation: string): Effect.Effect<A, OnePasswordError> =>\n Effect.tryPromise({\n try: fn,\n catch: () =>\n new OnePasswordError({\n operation,\n message: `1Password SDK ${operation} failed`,\n }),\n }).pipe(\n timeoutWithOnePasswordError(operation, timeoutMs),\n Effect.withSpan(`onepassword.sdk.${operation}`),\n );\n\n return OnePasswordServiceTag.of({\n resolveSecret: (uri) => wrap(() => client.secrets.resolve(uri), \"secret resolution\"),\n\n listVaults: () =>\n wrap(() => client.vaults.list({ decryptDetails: true }), \"vault listing\").pipe(\n Effect.map((vaults) => vaults.map((v) => ({ id: v.id, title: v.title }))),\n ),\n\n listItems: (vaultId) =>\n wrap(() => client.items.list(vaultId), \"item listing\").pipe(\n Effect.map((items) => items.map((i) => ({ id: i.id, title: i.title }))),\n ),\n });\n }).pipe(Effect.withSpan(\"onepassword.sdk.make_service\"));\n\n// ---------------------------------------------------------------------------\n// CLI backend — uses @1password/op-js (shells out to `op` CLI)\n// ---------------------------------------------------------------------------\n\nconst cliAuthLock = Semaphore.makeUnsafe(1);\n\nexport const makeCliService = (\n auth: ResolvedAuth,\n): Effect.Effect<OnePasswordService, OnePasswordError> =>\n Effect.sync(() => {\n const wrapSync = <A>(fn: () => A, operation: string): Effect.Effect<A, OnePasswordError> =>\n cliAuthLock\n .withPermits(1)(\n Effect.try({\n try: () => {\n if (auth.kind === \"service-account\") {\n op.setGlobalFlags({});\n op.setServiceAccount(auth.token);\n } else {\n op.setServiceAccount(\"\");\n op.setGlobalFlags({ account: auth.accountName });\n }\n return fn();\n },\n catch: () =>\n new OnePasswordError({\n operation,\n message: `1Password CLI ${operation} failed`,\n }),\n }),\n )\n .pipe(Effect.withSpan(`onepassword.cli.${operation}`));\n\n return OnePasswordServiceTag.of({\n resolveSecret: (uri) => wrapSync(() => op.read.parse(uri), \"secret resolution\"),\n\n listVaults: () =>\n wrapSync(() => op.vault.list(), \"vault listing\").pipe(\n Effect.map((vaults) => vaults.map((v) => ({ id: v.id, title: v.name }))),\n ),\n\n listItems: (vaultId) =>\n wrapSync(() => op.item.list({ vault: vaultId }), \"item listing\").pipe(\n Effect.map((items) => items.map((i) => ({ id: i.id, title: i.title }))),\n ),\n });\n }).pipe(Effect.withSpan(\"onepassword.cli.make_service\"));\n\n// ---------------------------------------------------------------------------\n// Smart factory — tries CLI first (avoids IPC hang), falls back to SDK\n// ---------------------------------------------------------------------------\n\nexport const makeOnePasswordService = (\n auth: ResolvedAuth,\n options?: { readonly preferSdk?: boolean; readonly timeoutMs?: number },\n): Effect.Effect<OnePasswordService, OnePasswordError> => {\n const timeoutMs = options?.timeoutMs ?? DEFAULT_TIMEOUT_MS;\n\n if (options?.preferSdk) {\n return makeNativeSdkService(auth, timeoutMs);\n }\n\n // Default: prefer CLI to avoid the IPC hang bug\n return makeCliService(auth).pipe(\n Effect.catch((cliError: OnePasswordError) =>\n // CLI unavailable (e.g. `op` not installed) — fall back to SDK\n makeNativeSdkService(auth, timeoutMs).pipe(Effect.mapError(() => cliError)),\n ),\n );\n};\n","import { Effect, Schema } from \"effect\";\n\nimport {\n definePlugin,\n StorageError,\n type PluginCtx,\n type PluginBlobStore,\n type SecretProvider,\n type StorageFailure,\n} from \"@executor-js/sdk/core\";\n\nimport { OnePasswordConfig, Vault, ConnectionStatus } from \"./types\";\nimport type { OnePasswordAuth } from \"./types\";\nimport { OnePasswordError } from \"./errors\";\nimport { makeOnePasswordService, type ResolvedAuth, type OnePasswordService } from \"./service\";\n\n// ---------------------------------------------------------------------------\n// Constants\n// ---------------------------------------------------------------------------\n\nconst CREDENTIAL_FIELD = \"credential\";\nconst DEFAULT_TIMEOUT_MS = 15_000;\nconst CONFIG_KEY = \"config\";\n\n// ---------------------------------------------------------------------------\n// Shared failure alias.\n//\n// Every extension method either touches storage (`ctx.storage` blobs or\n// `ctx.secrets`) or reaches the 1Password backend. Storage I/O surfaces\n// as `StorageFailure`; the HTTP edge (`withCapture`) translates\n// `StorageError` to `InternalError({ traceId })`. Domain problems (not\n// configured, service-account token missing, backend RPC failure) stay\n// as `OnePasswordError` and encode to 502 via the schema annotation on\n// the class.\n// ---------------------------------------------------------------------------\n\nexport type OnePasswordExtensionFailure = OnePasswordError | StorageFailure;\n\n// ---------------------------------------------------------------------------\n// Plugin extension — public API on executor.onepassword\n// ---------------------------------------------------------------------------\n\n// ---------------------------------------------------------------------------\n// Typed config store — single blob, JSON encoded. Blob I/O failures surface\n// as `StorageError` (HTTP edge translates to `InternalError`); decode\n// failures stay `OnePasswordError` — the blob's contents are a plugin\n// concern, not an infrastructure one.\n// ---------------------------------------------------------------------------\n\nexport interface OnePasswordStore {\n readonly getConfig: () => Effect.Effect<\n OnePasswordConfig | null,\n StorageError | OnePasswordError\n >;\n readonly saveConfig: (\n config: OnePasswordConfig,\n targetScope: string,\n ) => Effect.Effect<void, StorageError>;\n readonly deleteConfig: (targetScope: string) => Effect.Effect<void, StorageError>;\n}\n\nconst decodeConfig = Schema.decodeUnknownEffect(Schema.fromJsonString(OnePasswordConfig));\n\nconst blobStorageError =\n (operation: string) =>\n (cause: unknown): StorageError =>\n new StorageError({\n message: `onepassword blob ${operation} failed`,\n cause,\n });\n\nexport const makeOnePasswordStore = (blobs: PluginBlobStore): OnePasswordStore => ({\n getConfig: () =>\n blobs.get(CONFIG_KEY).pipe(\n Effect.mapError(blobStorageError(\"read\")),\n Effect.flatMap((raw) => {\n if (raw === null) return Effect.succeed(null);\n return decodeConfig(raw).pipe(\n Effect.mapError(\n () =>\n new OnePasswordError({\n operation: \"config decode\",\n message: \"Failed to decode 1Password config\",\n }),\n ),\n );\n }),\n ),\n\n saveConfig: (config, targetScope) =>\n blobs\n .put(\n CONFIG_KEY,\n JSON.stringify({\n auth: config.auth,\n vaultId: config.vaultId,\n name: config.name,\n }),\n { scope: targetScope },\n )\n .pipe(Effect.mapError(blobStorageError(\"write\"))),\n\n deleteConfig: (targetScope) =>\n blobs\n .delete(CONFIG_KEY, { scope: targetScope })\n .pipe(Effect.mapError(blobStorageError(\"delete\"))),\n});\n\n// ---------------------------------------------------------------------------\n// Helpers — auth resolution + service construction\n// ---------------------------------------------------------------------------\n\nconst resolveAuth = (\n auth: OnePasswordAuth,\n ctx: PluginCtx<OnePasswordStore>,\n): Effect.Effect<ResolvedAuth, OnePasswordError | StorageFailure> => {\n if (auth.kind === \"desktop-app\") {\n return Effect.succeed({\n kind: \"desktop-app\" as const,\n accountName: auth.accountName,\n });\n }\n return ctx.secrets.get(auth.tokenSecretId).pipe(\n Effect.catchTag(\"SecretOwnedByConnectionError\", () =>\n Effect.fail(\n new OnePasswordError({\n operation: \"auth resolution\",\n message: `Service account token secret \"${auth.tokenSecretId}\" not found`,\n }),\n ),\n ),\n Effect.flatMap((token) => {\n if (token === null) {\n return Effect.fail(\n new OnePasswordError({\n operation: \"auth resolution\",\n message: `Service account token secret \"${auth.tokenSecretId}\" not found`,\n }),\n );\n }\n return Effect.succeed({\n kind: \"service-account\" as const,\n token,\n });\n }),\n );\n};\n\nconst getServiceFromConfig = (\n config: OnePasswordConfig,\n ctx: PluginCtx<OnePasswordStore>,\n timeoutMs: number,\n preferSdk: boolean | undefined,\n): Effect.Effect<OnePasswordService, OnePasswordError | StorageFailure> =>\n resolveAuth(config.auth, ctx).pipe(\n Effect.flatMap((resolved) => makeOnePasswordService(resolved, { timeoutMs, preferSdk })),\n );\n\nconst configuredVaultUri = (config: OnePasswordConfig, secretId: string): string | null => {\n if (!secretId.startsWith(\"op://\")) {\n return `op://${config.vaultId}/${secretId}/${CREDENTIAL_FIELD}`;\n }\n const match = secretId.match(/^op:\\/\\/([^/]+)\\/.+/);\n if (!match || match[1] !== config.vaultId) return null;\n return secretId;\n};\n\n// ---------------------------------------------------------------------------\n// SecretProvider — read-only, resolves op:// URIs or vaultId-based lookups\n// ---------------------------------------------------------------------------\n\nconst makeProvider = (\n ctx: PluginCtx<OnePasswordStore>,\n timeoutMs: number,\n preferSdk: boolean | undefined,\n): SecretProvider => ({\n key: \"onepassword\",\n writable: false,\n allowFallback: false,\n\n // 1Password vaults are named in the stored config; the executor-scope\n // arg isn't used for routing here. A future refactor could let the\n // plugin store per-scope vault bindings and pick based on `scope`.\n get: (secretId, _scope) =>\n ctx.storage.getConfig().pipe(\n Effect.flatMap((config) => {\n if (!config) return Effect.succeed(null as string | null);\n\n const uri = configuredVaultUri(config, secretId);\n if (uri === null) return Effect.succeed(null as string | null);\n\n return getServiceFromConfig(config, ctx, timeoutMs, preferSdk).pipe(\n Effect.flatMap((svc) => svc.resolveSecret(uri)),\n Effect.map((v): string | null => v),\n Effect.orElseSucceed(() => null),\n );\n }),\n Effect.orElseSucceed(() => null),\n ),\n\n list: () =>\n ctx.storage.getConfig().pipe(\n Effect.flatMap((config) => {\n if (!config) return Effect.succeed([] as ReadonlyArray<{ id: string; name: string }>);\n return getServiceFromConfig(config, ctx, timeoutMs, preferSdk).pipe(\n Effect.flatMap((svc) => svc.listItems(config.vaultId)),\n Effect.map(\n (items): ReadonlyArray<{ id: string; name: string }> =>\n items.map((item) => ({ id: item.id, name: item.title })),\n ),\n );\n }),\n Effect.orElseSucceed(() => [] as ReadonlyArray<{ id: string; name: string }>),\n ),\n});\n\nconst makeOnePasswordExtension = (\n ctx: PluginCtx<OnePasswordStore>,\n timeoutMs: number,\n preferSdk: boolean | undefined,\n) => {\n return {\n configure: (config: OnePasswordConfig, targetScope: string) =>\n ctx.storage.saveConfig(config, targetScope),\n\n getConfig: () => ctx.storage.getConfig(),\n\n removeConfig: (targetScope: string) => ctx.storage.deleteConfig(targetScope),\n\n status: () =>\n Effect.gen(function* () {\n const config = yield* ctx.storage.getConfig();\n if (!config) {\n return new ConnectionStatus({\n connected: false,\n error: \"Not configured\",\n });\n }\n const svc = yield* getServiceFromConfig(config, ctx, timeoutMs, preferSdk);\n const vaults = yield* svc.listVaults();\n const vault = vaults.find((v) => v.id === config.vaultId);\n return new ConnectionStatus({\n connected: true,\n vaultName: vault?.title,\n });\n }),\n\n listVaults: (auth: OnePasswordAuth) =>\n Effect.gen(function* () {\n const resolved = yield* resolveAuth(auth, ctx);\n const svc = yield* makeOnePasswordService(resolved, {\n timeoutMs,\n preferSdk,\n });\n const vaults = yield* svc.listVaults();\n return vaults\n .map((v) => new Vault({ id: v.id, name: v.title }))\n .sort((a, b) => a.name.localeCompare(b.name));\n }),\n\n resolve: (uri: string) =>\n Effect.gen(function* () {\n const config = yield* ctx.storage.getConfig();\n if (!config) {\n return yield* new OnePasswordError({\n operation: \"resolve\",\n message: \"1Password is not configured\",\n });\n }\n const scopedUri = configuredVaultUri(config, uri);\n if (scopedUri === null) {\n return yield* new OnePasswordError({\n operation: \"resolve\",\n message: \"1Password secret URI is outside the configured vault\",\n });\n }\n const svc = yield* getServiceFromConfig(config, ctx, timeoutMs, preferSdk);\n return yield* svc.resolveSecret(scopedUri);\n }),\n };\n};\n\nexport type OnePasswordExtension = ReturnType<typeof makeOnePasswordExtension>;\n\n// ---------------------------------------------------------------------------\n// Plugin factory\n// ---------------------------------------------------------------------------\n\nexport interface OnePasswordPluginOptions {\n /** Request timeout in ms (default: 15000) */\n readonly timeoutMs?: number;\n /** Force use of the native SDK instead of the CLI (default: false) */\n readonly preferSdk?: boolean;\n}\n\nexport const onepasswordPlugin = definePlugin((options?: OnePasswordPluginOptions) => {\n const timeoutMs = options?.timeoutMs ?? DEFAULT_TIMEOUT_MS;\n const preferSdk = options?.preferSdk;\n\n return {\n id: \"onepassword\" as const,\n packageName: \"@executor-js/plugin-onepassword\",\n storage: ({ blobs }) => makeOnePasswordStore(blobs),\n\n extension: (ctx) => makeOnePasswordExtension(ctx, timeoutMs, preferSdk),\n\n secretProviders: (ctx) => [makeProvider(ctx, timeoutMs, preferSdk)],\n };\n // HTTP transport (routes/handlers/extensionService) is layered on by\n // the api-aware factory in `@executor-js/plugin-onepassword/api`. Hosts\n // that want the HTTP surface import the plugin from there; SDK-only\n // consumers stay on this entry and avoid the server-only deps.\n});\n"],"mappings":";;;;;;;;AAAA,SAAS,SAAS,UAAU,QAAQ,iBAAiB;AACrD,YAAY,QAAQ;AA+Bb,IAAM,wBAAN,cAAoC,QAAQ,QAGjD,EAAE,oDAAoD,EAAE;AAAC;AAc3D,IAAM,qBAAqB;AAG3B,IAAM,qBAAqB,MACzB,OAAO,WAAW;AAAA,EAChB,KAAK,MAAM,OAAO,gBAAgB;AAAA,EAClC,OAAO,MACL,IAAI,iBAAiB;AAAA,IACnB,WAAW;AAAA,IACX,SAAS;AAAA,EACX,CAAC;AACL,CAAC;AAEH,IAAM,qBAAqB,CAAC,WAAmB,cAC7C;AAAA,EACE,GAAG,SAAS,qBAAqB,KAAK,MAAM,YAAY,GAAI,CAAC;AAAA,EAC7D;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,EAAE,KAAK,IAAI;AAEb,IAAM,8BAA8B,CAAC,WAAmB,cACtD,OAAO,cAAc;AAAA,EACnB,UAAU,SAAS,OAAO,SAAS;AAAA,EACnC,QAAQ,MACN,OAAO;AAAA,IACL,IAAI,iBAAiB;AAAA,MACnB;AAAA,MACA,SAAS,mBAAmB,WAAW,SAAS;AAAA,IAClD,CAAC;AAAA,EACH;AACJ,CAAC;AAEI,IAAM,uBAAuB,CAClC,MACA,YAAoB,uBAEpB,OAAO,IAAI,aAAa;AACtB,QAAM,MAAM,OAAO,mBAAmB,EAAE;AAAA,IACtC,4BAA4B,mBAAmB,SAAS;AAAA,EAC1D;AAEA,QAAM,SAAS,OAAO,OAAO,WAAW;AAAA,IACtC,KAAK,MACH,IAAI,aAAa;AAAA,MACf,MAAM,KAAK,SAAS,gBAAgB,IAAI,IAAI,YAAY,KAAK,WAAW,IAAI,KAAK;AAAA,MACjF,iBAAiB;AAAA,MACjB,oBAAoB;AAAA,IACtB,CAAC;AAAA,IACH,OAAO,MACL,IAAI,iBAAiB;AAAA,MACnB,WAAW;AAAA,MACX,SAAS;AAAA,IACX,CAAC;AAAA,EACL,CAAC,EAAE,KAAK,4BAA4B,gBAAgB,SAAS,CAAC;AAE9D,QAAM,OAAO,CAAI,IAAsB,cACrC,OAAO,WAAW;AAAA,IAChB,KAAK;AAAA,IACL,OAAO,MACL,IAAI,iBAAiB;AAAA,MACnB;AAAA,MACA,SAAS,iBAAiB,SAAS;AAAA,IACrC,CAAC;AAAA,EACL,CAAC,EAAE;AAAA,IACD,4BAA4B,WAAW,SAAS;AAAA,IAChD,OAAO,SAAS,mBAAmB,SAAS,EAAE;AAAA,EAChD;AAEF,SAAO,sBAAsB,GAAG;AAAA,IAC9B,eAAe,CAAC,QAAQ,KAAK,MAAM,OAAO,QAAQ,QAAQ,GAAG,GAAG,mBAAmB;AAAA,IAEnF,YAAY,MACV,KAAK,MAAM,OAAO,OAAO,KAAK,EAAE,gBAAgB,KAAK,CAAC,GAAG,eAAe,EAAE;AAAA,MACxE,OAAO,IAAI,CAAC,WAAW,OAAO,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,IAAI,OAAO,EAAE,MAAM,EAAE,CAAC;AAAA,IAC1E;AAAA,IAEF,WAAW,CAAC,YACV,KAAK,MAAM,OAAO,MAAM,KAAK,OAAO,GAAG,cAAc,EAAE;AAAA,MACrD,OAAO,IAAI,CAAC,UAAU,MAAM,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,IAAI,OAAO,EAAE,MAAM,EAAE,CAAC;AAAA,IACxE;AAAA,EACJ,CAAC;AACH,CAAC,EAAE,KAAK,OAAO,SAAS,8BAA8B,CAAC;AAMzD,IAAM,cAAc,UAAU,WAAW,CAAC;AAEnC,IAAM,iBAAiB,CAC5B,SAEA,OAAO,KAAK,MAAM;AAChB,QAAM,WAAW,CAAI,IAAa,cAChC,YACG,YAAY,CAAC;AAAA,IACZ,OAAO,IAAI;AAAA,MACT,KAAK,MAAM;AACT,YAAI,KAAK,SAAS,mBAAmB;AACnC,UAAG,kBAAe,CAAC,CAAC;AACpB,UAAG,qBAAkB,KAAK,KAAK;AAAA,QACjC,OAAO;AACL,UAAG,qBAAkB,EAAE;AACvB,UAAG,kBAAe,EAAE,SAAS,KAAK,YAAY,CAAC;AAAA,QACjD;AACA,eAAO,GAAG;AAAA,MACZ;AAAA,MACA,OAAO,MACL,IAAI,iBAAiB;AAAA,QACnB;AAAA,QACA,SAAS,iBAAiB,SAAS;AAAA,MACrC,CAAC;AAAA,IACL,CAAC;AAAA,EACH,EACC,KAAK,OAAO,SAAS,mBAAmB,SAAS,EAAE,CAAC;AAEzD,SAAO,sBAAsB,GAAG;AAAA,IAC9B,eAAe,CAAC,QAAQ,SAAS,MAAS,QAAK,MAAM,GAAG,GAAG,mBAAmB;AAAA,IAE9E,YAAY,MACV,SAAS,MAAS,SAAM,KAAK,GAAG,eAAe,EAAE;AAAA,MAC/C,OAAO,IAAI,CAAC,WAAW,OAAO,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,IAAI,OAAO,EAAE,KAAK,EAAE,CAAC;AAAA,IACzE;AAAA,IAEF,WAAW,CAAC,YACV,SAAS,MAAS,QAAK,KAAK,EAAE,OAAO,QAAQ,CAAC,GAAG,cAAc,EAAE;AAAA,MAC/D,OAAO,IAAI,CAAC,UAAU,MAAM,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,IAAI,OAAO,EAAE,MAAM,EAAE,CAAC;AAAA,IACxE;AAAA,EACJ,CAAC;AACH,CAAC,EAAE,KAAK,OAAO,SAAS,8BAA8B,CAAC;AAMlD,IAAM,yBAAyB,CACpC,MACA,YACwD;AACxD,QAAM,YAAY,SAAS,aAAa;AAExC,MAAI,SAAS,WAAW;AACtB,WAAO,qBAAqB,MAAM,SAAS;AAAA,EAC7C;AAGA,SAAO,eAAe,IAAI,EAAE;AAAA,IAC1B,OAAO;AAAA,MAAM,CAAC;AAAA;AAAA,QAEZ,qBAAqB,MAAM,SAAS,EAAE,KAAK,OAAO,SAAS,MAAM,QAAQ,CAAC;AAAA;AAAA,IAC5E;AAAA,EACF;AACF;;;AC7MA,SAAS,UAAAA,SAAQ,cAAc;AAE/B;AAAA,EACE;AAAA,EACA;AAAA,OAKK;AAWP,IAAM,mBAAmB;AACzB,IAAMC,sBAAqB;AAC3B,IAAM,aAAa;AAuCnB,IAAM,eAAe,OAAO,oBAAoB,OAAO,eAAe,iBAAiB,CAAC;AAExF,IAAM,mBACJ,CAAC,cACD,CAAC,UACC,IAAI,aAAa;AAAA,EACf,SAAS,oBAAoB,SAAS;AAAA,EACtC;AACF,CAAC;AAEE,IAAM,uBAAuB,CAAC,WAA8C;AAAA,EACjF,WAAW,MACT,MAAM,IAAI,UAAU,EAAE;AAAA,IACpBC,QAAO,SAAS,iBAAiB,MAAM,CAAC;AAAA,IACxCA,QAAO,QAAQ,CAAC,QAAQ;AACtB,UAAI,QAAQ,KAAM,QAAOA,QAAO,QAAQ,IAAI;AAC5C,aAAO,aAAa,GAAG,EAAE;AAAA,QACvBA,QAAO;AAAA,UACL,MACE,IAAI,iBAAiB;AAAA,YACnB,WAAW;AAAA,YACX,SAAS;AAAA,UACX,CAAC;AAAA,QACL;AAAA,MACF;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEF,YAAY,CAAC,QAAQ,gBACnB,MACG;AAAA,IACC;AAAA,IACA,KAAK,UAAU;AAAA,MACb,MAAM,OAAO;AAAA,MACb,SAAS,OAAO;AAAA,MAChB,MAAM,OAAO;AAAA,IACf,CAAC;AAAA,IACD,EAAE,OAAO,YAAY;AAAA,EACvB,EACC,KAAKA,QAAO,SAAS,iBAAiB,OAAO,CAAC,CAAC;AAAA,EAEpD,cAAc,CAAC,gBACb,MACG,OAAO,YAAY,EAAE,OAAO,YAAY,CAAC,EACzC,KAAKA,QAAO,SAAS,iBAAiB,QAAQ,CAAC,CAAC;AACvD;AAMA,IAAM,cAAc,CAClB,MACA,QACmE;AACnE,MAAI,KAAK,SAAS,eAAe;AAC/B,WAAOA,QAAO,QAAQ;AAAA,MACpB,MAAM;AAAA,MACN,aAAa,KAAK;AAAA,IACpB,CAAC;AAAA,EACH;AACA,SAAO,IAAI,QAAQ,IAAI,KAAK,aAAa,EAAE;AAAA,IACzCA,QAAO;AAAA,MAAS;AAAA,MAAgC,MAC9CA,QAAO;AAAA,QACL,IAAI,iBAAiB;AAAA,UACnB,WAAW;AAAA,UACX,SAAS,iCAAiC,KAAK,aAAa;AAAA,QAC9D,CAAC;AAAA,MACH;AAAA,IACF;AAAA,IACAA,QAAO,QAAQ,CAAC,UAAU;AACxB,UAAI,UAAU,MAAM;AAClB,eAAOA,QAAO;AAAA,UACZ,IAAI,iBAAiB;AAAA,YACnB,WAAW;AAAA,YACX,SAAS,iCAAiC,KAAK,aAAa;AAAA,UAC9D,CAAC;AAAA,QACH;AAAA,MACF;AACA,aAAOA,QAAO,QAAQ;AAAA,QACpB,MAAM;AAAA,QACN;AAAA,MACF,CAAC;AAAA,IACH,CAAC;AAAA,EACH;AACF;AAEA,IAAM,uBAAuB,CAC3B,QACA,KACA,WACA,cAEA,YAAY,OAAO,MAAM,GAAG,EAAE;AAAA,EAC5BA,QAAO,QAAQ,CAAC,aAAa,uBAAuB,UAAU,EAAE,WAAW,UAAU,CAAC,CAAC;AACzF;AAEF,IAAM,qBAAqB,CAAC,QAA2B,aAAoC;AACzF,MAAI,CAAC,SAAS,WAAW,OAAO,GAAG;AACjC,WAAO,QAAQ,OAAO,OAAO,IAAI,QAAQ,IAAI,gBAAgB;AAAA,EAC/D;AACA,QAAM,QAAQ,SAAS,MAAM,qBAAqB;AAClD,MAAI,CAAC,SAAS,MAAM,CAAC,MAAM,OAAO,QAAS,QAAO;AAClD,SAAO;AACT;AAMA,IAAM,eAAe,CACnB,KACA,WACA,eACoB;AAAA,EACpB,KAAK;AAAA,EACL,UAAU;AAAA,EACV,eAAe;AAAA;AAAA;AAAA;AAAA,EAKf,KAAK,CAAC,UAAU,WACd,IAAI,QAAQ,UAAU,EAAE;AAAA,IACtBA,QAAO,QAAQ,CAAC,WAAW;AACzB,UAAI,CAAC,OAAQ,QAAOA,QAAO,QAAQ,IAAqB;AAExD,YAAM,MAAM,mBAAmB,QAAQ,QAAQ;AAC/C,UAAI,QAAQ,KAAM,QAAOA,QAAO,QAAQ,IAAqB;AAE7D,aAAO,qBAAqB,QAAQ,KAAK,WAAW,SAAS,EAAE;AAAA,QAC7DA,QAAO,QAAQ,CAAC,QAAQ,IAAI,cAAc,GAAG,CAAC;AAAA,QAC9CA,QAAO,IAAI,CAAC,MAAqB,CAAC;AAAA,QAClCA,QAAO,cAAc,MAAM,IAAI;AAAA,MACjC;AAAA,IACF,CAAC;AAAA,IACDA,QAAO,cAAc,MAAM,IAAI;AAAA,EACjC;AAAA,EAEF,MAAM,MACJ,IAAI,QAAQ,UAAU,EAAE;AAAA,IACtBA,QAAO,QAAQ,CAAC,WAAW;AACzB,UAAI,CAAC,OAAQ,QAAOA,QAAO,QAAQ,CAAC,CAAgD;AACpF,aAAO,qBAAqB,QAAQ,KAAK,WAAW,SAAS,EAAE;AAAA,QAC7DA,QAAO,QAAQ,CAAC,QAAQ,IAAI,UAAU,OAAO,OAAO,CAAC;AAAA,QACrDA,QAAO;AAAA,UACL,CAAC,UACC,MAAM,IAAI,CAACC,WAAU,EAAE,IAAIA,MAAK,IAAI,MAAMA,MAAK,MAAM,EAAE;AAAA,QAC3D;AAAA,MACF;AAAA,IACF,CAAC;AAAA,IACDD,QAAO,cAAc,MAAM,CAAC,CAAgD;AAAA,EAC9E;AACJ;AAEA,IAAM,2BAA2B,CAC/B,KACA,WACA,cACG;AACH,SAAO;AAAA,IACL,WAAW,CAAC,QAA2B,gBACrC,IAAI,QAAQ,WAAW,QAAQ,WAAW;AAAA,IAE5C,WAAW,MAAM,IAAI,QAAQ,UAAU;AAAA,IAEvC,cAAc,CAAC,gBAAwB,IAAI,QAAQ,aAAa,WAAW;AAAA,IAE3E,QAAQ,MACNA,QAAO,IAAI,aAAa;AACtB,YAAM,SAAS,OAAO,IAAI,QAAQ,UAAU;AAC5C,UAAI,CAAC,QAAQ;AACX,eAAO,IAAI,iBAAiB;AAAA,UAC1B,WAAW;AAAA,UACX,OAAO;AAAA,QACT,CAAC;AAAA,MACH;AACA,YAAM,MAAM,OAAO,qBAAqB,QAAQ,KAAK,WAAW,SAAS;AACzE,YAAM,SAAS,OAAO,IAAI,WAAW;AACrC,YAAME,SAAQ,OAAO,KAAK,CAAC,MAAM,EAAE,OAAO,OAAO,OAAO;AACxD,aAAO,IAAI,iBAAiB;AAAA,QAC1B,WAAW;AAAA,QACX,WAAWA,QAAO;AAAA,MACpB,CAAC;AAAA,IACH,CAAC;AAAA,IAEH,YAAY,CAAC,SACXF,QAAO,IAAI,aAAa;AACtB,YAAM,WAAW,OAAO,YAAY,MAAM,GAAG;AAC7C,YAAM,MAAM,OAAO,uBAAuB,UAAU;AAAA,QAClD;AAAA,QACA;AAAA,MACF,CAAC;AACD,YAAM,SAAS,OAAO,IAAI,WAAW;AACrC,aAAO,OACJ,IAAI,CAAC,MAAM,IAAI,MAAM,EAAE,IAAI,EAAE,IAAI,MAAM,EAAE,MAAM,CAAC,CAAC,EACjD,KAAK,CAAC,GAAG,MAAM,EAAE,KAAK,cAAc,EAAE,IAAI,CAAC;AAAA,IAChD,CAAC;AAAA,IAEH,SAAS,CAAC,QACRA,QAAO,IAAI,aAAa;AACtB,YAAM,SAAS,OAAO,IAAI,QAAQ,UAAU;AAC5C,UAAI,CAAC,QAAQ;AACX,eAAO,OAAO,IAAI,iBAAiB;AAAA,UACjC,WAAW;AAAA,UACX,SAAS;AAAA,QACX,CAAC;AAAA,MACH;AACA,YAAM,YAAY,mBAAmB,QAAQ,GAAG;AAChD,UAAI,cAAc,MAAM;AACtB,eAAO,OAAO,IAAI,iBAAiB;AAAA,UACjC,WAAW;AAAA,UACX,SAAS;AAAA,QACX,CAAC;AAAA,MACH;AACA,YAAM,MAAM,OAAO,qBAAqB,QAAQ,KAAK,WAAW,SAAS;AACzE,aAAO,OAAO,IAAI,cAAc,SAAS;AAAA,IAC3C,CAAC;AAAA,EACL;AACF;AAeO,IAAM,oBAAoB,aAAa,CAAC,YAAuC;AACpF,QAAM,YAAY,SAAS,aAAaD;AACxC,QAAM,YAAY,SAAS;AAE3B,SAAO;AAAA,IACL,IAAI;AAAA,IACJ,aAAa;AAAA,IACb,SAAS,CAAC,EAAE,MAAM,MAAM,qBAAqB,KAAK;AAAA,IAElD,WAAW,CAAC,QAAQ,yBAAyB,KAAK,WAAW,SAAS;AAAA,IAEtE,iBAAiB,CAAC,QAAQ,CAAC,aAAa,KAAK,WAAW,SAAS,CAAC;AAAA,EACpE;AAKF,CAAC;","names":["Effect","DEFAULT_TIMEOUT_MS","Effect","item","vault"]}
|
package/dist/client.js
ADDED
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
// src/react/plugin-client.tsx
|
|
2
|
+
import { defineClientPlugin } from "@executor-js/sdk/client";
|
|
3
|
+
|
|
4
|
+
// src/react/secret-provider-plugin.ts
|
|
5
|
+
import { lazy } from "react";
|
|
6
|
+
var onePasswordSecretProviderPlugin = {
|
|
7
|
+
key: "onepassword",
|
|
8
|
+
label: "1Password",
|
|
9
|
+
settings: lazy(() => import("./OnePasswordSettings-NUPVIEGH.js"))
|
|
10
|
+
};
|
|
11
|
+
|
|
12
|
+
// src/react/plugin-client.tsx
|
|
13
|
+
var plugin_client_default = defineClientPlugin({
|
|
14
|
+
id: "onepassword",
|
|
15
|
+
secretProviderPlugin: onePasswordSecretProviderPlugin
|
|
16
|
+
});
|
|
17
|
+
export {
|
|
18
|
+
plugin_client_default as default
|
|
19
|
+
};
|
|
20
|
+
//# sourceMappingURL=client.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../src/react/plugin-client.tsx","../src/react/secret-provider-plugin.ts"],"sourcesContent":["import { defineClientPlugin } from \"@executor-js/sdk/client\";\n\nimport { onePasswordSecretProviderPlugin } from \"./secret-provider-plugin\";\n\nexport default defineClientPlugin({\n id: \"onepassword\" as const,\n secretProviderPlugin: onePasswordSecretProviderPlugin,\n});\n","import { lazy } from \"react\";\nimport type { SecretProviderPlugin } from \"@executor-js/sdk/client\";\n\nexport const onePasswordSecretProviderPlugin: SecretProviderPlugin = {\n key: \"onepassword\",\n label: \"1Password\",\n settings: lazy(() => import(\"./OnePasswordSettings\")),\n};\n"],"mappings":";AAAA,SAAS,0BAA0B;;;ACAnC,SAAS,YAAY;AAGd,IAAM,kCAAwD;AAAA,EACnE,KAAK;AAAA,EACL,OAAO;AAAA,EACP,UAAU,KAAK,MAAM,OAAO,mCAAuB,CAAC;AACtD;;;ADHA,IAAO,wBAAQ,mBAAmB;AAAA,EAChC,IAAI;AAAA,EACJ,sBAAsB;AACxB,CAAC;","names":[]}
|
package/dist/core.js
CHANGED
|
@@ -1,18 +1,20 @@
|
|
|
1
1
|
import {
|
|
2
|
-
ConnectionStatus,
|
|
3
|
-
DesktopAppAuth,
|
|
4
|
-
OnePasswordAuth,
|
|
5
|
-
OnePasswordConfig,
|
|
6
|
-
OnePasswordError,
|
|
7
2
|
OnePasswordServiceTag,
|
|
8
|
-
ServiceAccountAuth,
|
|
9
|
-
Vault,
|
|
10
3
|
makeCliService,
|
|
11
4
|
makeNativeSdkService,
|
|
12
5
|
makeOnePasswordService,
|
|
13
6
|
makeOnePasswordStore,
|
|
14
7
|
onepasswordPlugin
|
|
15
|
-
} from "./chunk-
|
|
8
|
+
} from "./chunk-ULLNZ6JH.js";
|
|
9
|
+
import {
|
|
10
|
+
ConnectionStatus,
|
|
11
|
+
DesktopAppAuth,
|
|
12
|
+
OnePasswordAuth,
|
|
13
|
+
OnePasswordConfig,
|
|
14
|
+
OnePasswordError,
|
|
15
|
+
ServiceAccountAuth,
|
|
16
|
+
Vault
|
|
17
|
+
} from "./chunk-NRYSRUWU.js";
|
|
16
18
|
export {
|
|
17
19
|
ConnectionStatus,
|
|
18
20
|
DesktopAppAuth,
|
package/dist/index.js
CHANGED
|
@@ -1,3 +1,6 @@
|
|
|
1
|
+
import {
|
|
2
|
+
onepasswordPlugin
|
|
3
|
+
} from "./chunk-ULLNZ6JH.js";
|
|
1
4
|
import {
|
|
2
5
|
ConnectionStatus,
|
|
3
6
|
DesktopAppAuth,
|
|
@@ -5,9 +8,8 @@ import {
|
|
|
5
8
|
OnePasswordConfig,
|
|
6
9
|
OnePasswordError,
|
|
7
10
|
ServiceAccountAuth,
|
|
8
|
-
Vault
|
|
9
|
-
|
|
10
|
-
} from "./chunk-HWMHIFQL.js";
|
|
11
|
+
Vault
|
|
12
|
+
} from "./chunk-NRYSRUWU.js";
|
|
11
13
|
export {
|
|
12
14
|
ConnectionStatus,
|
|
13
15
|
DesktopAppAuth,
|
package/dist/react/atoms.d.ts
CHANGED
|
@@ -1,22 +1,32 @@
|
|
|
1
1
|
import type { ScopeId } from "@executor-js/sdk/core";
|
|
2
2
|
export declare const onepasswordWriteKeys: readonly ["secrets"];
|
|
3
|
-
export declare const onepasswordConfigAtom: (scopeId: ScopeId) => import("effect/unstable/reactivity/Atom").Atom<import("effect/unstable/reactivity/AsyncResult").AsyncResult<import("../promise").OnePasswordConfig | null, import("
|
|
4
|
-
export declare const onepasswordStatusAtom: (scopeId: ScopeId) => import("effect/unstable/reactivity/Atom").Atom<import("effect/unstable/reactivity/AsyncResult").AsyncResult<import("../promise").ConnectionStatus, import("
|
|
3
|
+
export declare const onepasswordConfigAtom: (scopeId: ScopeId) => import("effect/unstable/reactivity/Atom").Atom<import("effect/unstable/reactivity/AsyncResult").AsyncResult<import("../promise").OnePasswordConfig | null, import("@executor-js/api").InternalError | import("../promise").OnePasswordError>>;
|
|
4
|
+
export declare const onepasswordStatusAtom: (scopeId: ScopeId) => import("effect/unstable/reactivity/Atom").Atom<import("effect/unstable/reactivity/AsyncResult").AsyncResult<import("../promise").ConnectionStatus, import("@executor-js/api").InternalError | import("../promise").OnePasswordError>>;
|
|
5
5
|
export declare const onepasswordVaultsAtom: (authKind: "desktop-app" | "service-account", account: string, scopeId: ScopeId) => import("effect/unstable/reactivity/Atom").Atom<import("effect/unstable/reactivity/AsyncResult").AsyncResult<{
|
|
6
6
|
readonly vaults: readonly import("../promise").Vault[];
|
|
7
|
-
}, import("
|
|
7
|
+
}, import("@executor-js/api").InternalError | import("../promise").OnePasswordError>>;
|
|
8
8
|
export declare const configureOnePassword: import("effect/unstable/reactivity/Atom").AtomResultFn<{
|
|
9
9
|
readonly params: {
|
|
10
10
|
readonly scopeId: string & import("effect/Brand").Brand<"ScopeId">;
|
|
11
11
|
};
|
|
12
|
-
readonly payload:
|
|
12
|
+
readonly payload: {
|
|
13
|
+
readonly name: string;
|
|
14
|
+
readonly auth: {
|
|
15
|
+
readonly kind: "desktop-app";
|
|
16
|
+
readonly accountName: string;
|
|
17
|
+
} | {
|
|
18
|
+
readonly kind: "service-account";
|
|
19
|
+
readonly tokenSecretId: string;
|
|
20
|
+
};
|
|
21
|
+
readonly vaultId: string;
|
|
22
|
+
};
|
|
13
23
|
readonly responseMode?: "decoded-only" | undefined;
|
|
14
24
|
readonly reactivityKeys?: readonly unknown[] | import("effect/Record").ReadonlyRecord<string, readonly unknown[]> | undefined;
|
|
15
|
-
}, void, import("
|
|
25
|
+
}, void, import("@executor-js/api").InternalError | import("../promise").OnePasswordError>;
|
|
16
26
|
export declare const removeOnePasswordConfig: import("effect/unstable/reactivity/Atom").AtomResultFn<{
|
|
17
27
|
readonly params: {
|
|
18
28
|
readonly scopeId: string & import("effect/Brand").Brand<"ScopeId">;
|
|
19
29
|
};
|
|
20
30
|
readonly responseMode?: "decoded-only" | undefined;
|
|
21
31
|
readonly reactivityKeys?: readonly unknown[] | import("effect/Record").ReadonlyRecord<string, readonly unknown[]> | undefined;
|
|
22
|
-
}, void, import("
|
|
32
|
+
}, void, import("@executor-js/api").InternalError | import("../promise").OnePasswordError>;
|