@executor-js/plugin-onepassword 0.1.0 → 1.4.20

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,306 @@
1
+ import {
2
+ ConnectionStatus,
3
+ OnePasswordConfig,
4
+ OnePasswordError,
5
+ Vault
6
+ } from "./chunk-TRGRRIAX.js";
7
+
8
+ // src/sdk/service.ts
9
+ import { Context, Duration, Effect, Semaphore } from "effect";
10
+ import * as op from "@1password/op-js";
11
+ var OnePasswordServiceTag = class extends Context.Service()("@executor-js/plugin-onepassword/OnePasswordService") {
12
+ };
13
+ var DEFAULT_TIMEOUT_MS = 15e3;
14
+ var loadOnePasswordSdk = () => Effect.tryPromise({
15
+ try: () => import("@1password/sdk"),
16
+ catch: () => new OnePasswordError({
17
+ operation: "sdk module load",
18
+ message: "Failed to load 1Password SDK"
19
+ })
20
+ });
21
+ var makeTimeoutMessage = (operation, timeoutMs) => [
22
+ `${operation}: timed out after ${Math.floor(timeoutMs / 1e3)}s.`,
23
+ "Troubleshooting:",
24
+ "1. Make sure the 1Password desktop app is open and unlocked",
25
+ "2. Check for an approval prompt in the 1Password app \u2014 it may be behind other windows",
26
+ "3. Ensure 'Developer > Connect with 1Password CLI' is enabled in 1Password Settings",
27
+ "4. Make sure no other app or terminal is waiting for 1Password approval (only one prompt at a time)",
28
+ "5. Try quitting 1Password completely and reopening it, then retry"
29
+ ].join("\n");
30
+ var timeoutWithOnePasswordError = (operation, timeoutMs) => Effect.timeoutOrElse({
31
+ duration: Duration.millis(timeoutMs),
32
+ orElse: () => Effect.fail(
33
+ new OnePasswordError({
34
+ operation,
35
+ message: makeTimeoutMessage(operation, timeoutMs)
36
+ })
37
+ )
38
+ });
39
+ var makeNativeSdkService = (auth, timeoutMs = DEFAULT_TIMEOUT_MS) => Effect.gen(function* () {
40
+ const sdk = yield* loadOnePasswordSdk().pipe(
41
+ timeoutWithOnePasswordError("sdk module load", timeoutMs)
42
+ );
43
+ const client = yield* Effect.tryPromise({
44
+ try: () => sdk.createClient({
45
+ auth: auth.kind === "desktop-app" ? new sdk.DesktopAuth(auth.accountName) : auth.token,
46
+ integrationName: "Executor",
47
+ integrationVersion: "0.0.0"
48
+ }),
49
+ catch: () => new OnePasswordError({
50
+ operation: "client setup",
51
+ message: "Failed to set up 1Password client"
52
+ })
53
+ }).pipe(timeoutWithOnePasswordError("client setup", timeoutMs));
54
+ const wrap = (fn, operation) => Effect.tryPromise({
55
+ try: fn,
56
+ catch: () => new OnePasswordError({
57
+ operation,
58
+ message: `1Password SDK ${operation} failed`
59
+ })
60
+ }).pipe(
61
+ timeoutWithOnePasswordError(operation, timeoutMs),
62
+ Effect.withSpan(`onepassword.sdk.${operation}`)
63
+ );
64
+ return OnePasswordServiceTag.of({
65
+ resolveSecret: (uri) => wrap(() => client.secrets.resolve(uri), "secret resolution"),
66
+ listVaults: () => wrap(() => client.vaults.list({ decryptDetails: true }), "vault listing").pipe(
67
+ Effect.map((vaults) => vaults.map((v) => ({ id: v.id, title: v.title })))
68
+ ),
69
+ listItems: (vaultId) => wrap(() => client.items.list(vaultId), "item listing").pipe(
70
+ Effect.map((items) => items.map((i) => ({ id: i.id, title: i.title })))
71
+ )
72
+ });
73
+ }).pipe(Effect.withSpan("onepassword.sdk.make_service"));
74
+ var cliAuthLock = Semaphore.makeUnsafe(1);
75
+ var makeCliService = (auth) => Effect.sync(() => {
76
+ const wrapSync = (fn, operation) => cliAuthLock.withPermits(1)(
77
+ Effect.try({
78
+ try: () => {
79
+ if (auth.kind === "service-account") {
80
+ op.setGlobalFlags({});
81
+ op.setServiceAccount(auth.token);
82
+ } else {
83
+ op.setServiceAccount("");
84
+ op.setGlobalFlags({ account: auth.accountName });
85
+ }
86
+ return fn();
87
+ },
88
+ catch: () => new OnePasswordError({
89
+ operation,
90
+ message: `1Password CLI ${operation} failed`
91
+ })
92
+ })
93
+ ).pipe(Effect.withSpan(`onepassword.cli.${operation}`));
94
+ return OnePasswordServiceTag.of({
95
+ resolveSecret: (uri) => wrapSync(() => op.read.parse(uri), "secret resolution"),
96
+ listVaults: () => wrapSync(() => op.vault.list(), "vault listing").pipe(
97
+ Effect.map((vaults) => vaults.map((v) => ({ id: v.id, title: v.name })))
98
+ ),
99
+ listItems: (vaultId) => wrapSync(() => op.item.list({ vault: vaultId }), "item listing").pipe(
100
+ Effect.map((items) => items.map((i) => ({ id: i.id, title: i.title })))
101
+ )
102
+ });
103
+ }).pipe(Effect.withSpan("onepassword.cli.make_service"));
104
+ var makeOnePasswordService = (auth, options) => {
105
+ const timeoutMs = options?.timeoutMs ?? DEFAULT_TIMEOUT_MS;
106
+ if (options?.preferSdk) {
107
+ return makeNativeSdkService(auth, timeoutMs);
108
+ }
109
+ return makeCliService(auth).pipe(
110
+ Effect.catch(
111
+ (cliError) => (
112
+ // CLI unavailable (e.g. `op` not installed) — fall back to SDK
113
+ makeNativeSdkService(auth, timeoutMs).pipe(Effect.mapError(() => cliError))
114
+ )
115
+ )
116
+ );
117
+ };
118
+
119
+ // src/sdk/plugin.ts
120
+ import { Effect as Effect2, Schema } from "effect";
121
+ import {
122
+ definePlugin,
123
+ StorageError
124
+ } from "@executor-js/sdk/core";
125
+ var CREDENTIAL_FIELD = "credential";
126
+ var DEFAULT_TIMEOUT_MS2 = 15e3;
127
+ var CONFIG_KEY = "config";
128
+ var decodeConfig = Schema.decodeUnknownEffect(Schema.fromJsonString(OnePasswordConfig));
129
+ var blobStorageError = (operation) => (cause) => new StorageError({
130
+ message: `onepassword blob ${operation} failed`,
131
+ cause
132
+ });
133
+ var makeOnePasswordStore = (blobs) => ({
134
+ getConfig: () => blobs.get(CONFIG_KEY).pipe(
135
+ Effect2.mapError(blobStorageError("read")),
136
+ Effect2.flatMap((raw) => {
137
+ if (raw === null) return Effect2.succeed(null);
138
+ return decodeConfig(raw).pipe(
139
+ Effect2.mapError(
140
+ () => new OnePasswordError({
141
+ operation: "config decode",
142
+ message: "Failed to decode 1Password config"
143
+ })
144
+ )
145
+ );
146
+ })
147
+ ),
148
+ saveConfig: (config, targetScope) => blobs.put(
149
+ CONFIG_KEY,
150
+ JSON.stringify({
151
+ auth: config.auth,
152
+ vaultId: config.vaultId,
153
+ name: config.name
154
+ }),
155
+ { scope: targetScope }
156
+ ).pipe(Effect2.mapError(blobStorageError("write"))),
157
+ deleteConfig: (targetScope) => blobs.delete(CONFIG_KEY, { scope: targetScope }).pipe(Effect2.mapError(blobStorageError("delete")))
158
+ });
159
+ var resolveAuth = (auth, ctx) => {
160
+ if (auth.kind === "desktop-app") {
161
+ return Effect2.succeed({
162
+ kind: "desktop-app",
163
+ accountName: auth.accountName
164
+ });
165
+ }
166
+ return ctx.secrets.get(auth.tokenSecretId).pipe(
167
+ Effect2.catchTag(
168
+ "SecretOwnedByConnectionError",
169
+ () => Effect2.fail(
170
+ new OnePasswordError({
171
+ operation: "auth resolution",
172
+ message: `Service account token secret "${auth.tokenSecretId}" not found`
173
+ })
174
+ )
175
+ ),
176
+ Effect2.flatMap((token) => {
177
+ if (token === null) {
178
+ return Effect2.fail(
179
+ new OnePasswordError({
180
+ operation: "auth resolution",
181
+ message: `Service account token secret "${auth.tokenSecretId}" not found`
182
+ })
183
+ );
184
+ }
185
+ return Effect2.succeed({
186
+ kind: "service-account",
187
+ token
188
+ });
189
+ })
190
+ );
191
+ };
192
+ var getServiceFromConfig = (config, ctx, timeoutMs, preferSdk) => resolveAuth(config.auth, ctx).pipe(
193
+ Effect2.flatMap((resolved) => makeOnePasswordService(resolved, { timeoutMs, preferSdk }))
194
+ );
195
+ var configuredVaultUri = (config, secretId) => {
196
+ if (!secretId.startsWith("op://")) {
197
+ return `op://${config.vaultId}/${secretId}/${CREDENTIAL_FIELD}`;
198
+ }
199
+ const match = secretId.match(/^op:\/\/([^/]+)\/.+/);
200
+ if (!match || match[1] !== config.vaultId) return null;
201
+ return secretId;
202
+ };
203
+ var makeProvider = (ctx, timeoutMs, preferSdk) => ({
204
+ key: "onepassword",
205
+ writable: false,
206
+ allowFallback: false,
207
+ // 1Password vaults are named in the stored config; the executor-scope
208
+ // arg isn't used for routing here. A future refactor could let the
209
+ // plugin store per-scope vault bindings and pick based on `scope`.
210
+ get: (secretId, _scope) => ctx.storage.getConfig().pipe(
211
+ Effect2.flatMap((config) => {
212
+ if (!config) return Effect2.succeed(null);
213
+ const uri = configuredVaultUri(config, secretId);
214
+ if (uri === null) return Effect2.succeed(null);
215
+ return getServiceFromConfig(config, ctx, timeoutMs, preferSdk).pipe(
216
+ Effect2.flatMap((svc) => svc.resolveSecret(uri)),
217
+ Effect2.map((v) => v),
218
+ Effect2.orElseSucceed(() => null)
219
+ );
220
+ }),
221
+ Effect2.orElseSucceed(() => null)
222
+ ),
223
+ list: () => ctx.storage.getConfig().pipe(
224
+ Effect2.flatMap((config) => {
225
+ if (!config) return Effect2.succeed([]);
226
+ return getServiceFromConfig(config, ctx, timeoutMs, preferSdk).pipe(
227
+ Effect2.flatMap((svc) => svc.listItems(config.vaultId)),
228
+ Effect2.map(
229
+ (items) => items.map((item2) => ({ id: item2.id, name: item2.title }))
230
+ )
231
+ );
232
+ }),
233
+ Effect2.orElseSucceed(() => [])
234
+ )
235
+ });
236
+ var makeOnePasswordExtension = (ctx, timeoutMs, preferSdk) => {
237
+ return {
238
+ configure: (config, targetScope) => ctx.storage.saveConfig(config, targetScope),
239
+ getConfig: () => ctx.storage.getConfig(),
240
+ removeConfig: (targetScope) => ctx.storage.deleteConfig(targetScope),
241
+ status: () => Effect2.gen(function* () {
242
+ const config = yield* ctx.storage.getConfig();
243
+ if (!config) {
244
+ return ConnectionStatus.make({
245
+ connected: false,
246
+ error: "Not configured"
247
+ });
248
+ }
249
+ const svc = yield* getServiceFromConfig(config, ctx, timeoutMs, preferSdk);
250
+ const vaults = yield* svc.listVaults();
251
+ const vault2 = vaults.find((v) => v.id === config.vaultId);
252
+ return ConnectionStatus.make({
253
+ connected: true,
254
+ vaultName: vault2?.title
255
+ });
256
+ }),
257
+ listVaults: (auth) => Effect2.gen(function* () {
258
+ const resolved = yield* resolveAuth(auth, ctx);
259
+ const svc = yield* makeOnePasswordService(resolved, {
260
+ timeoutMs,
261
+ preferSdk
262
+ });
263
+ const vaults = yield* svc.listVaults();
264
+ return vaults.map((v) => Vault.make({ id: v.id, name: v.title })).sort((a, b) => a.name.localeCompare(b.name));
265
+ }),
266
+ resolve: (uri) => Effect2.gen(function* () {
267
+ const config = yield* ctx.storage.getConfig();
268
+ if (!config) {
269
+ return yield* new OnePasswordError({
270
+ operation: "resolve",
271
+ message: "1Password is not configured"
272
+ });
273
+ }
274
+ const scopedUri = configuredVaultUri(config, uri);
275
+ if (scopedUri === null) {
276
+ return yield* new OnePasswordError({
277
+ operation: "resolve",
278
+ message: "1Password secret URI is outside the configured vault"
279
+ });
280
+ }
281
+ const svc = yield* getServiceFromConfig(config, ctx, timeoutMs, preferSdk);
282
+ return yield* svc.resolveSecret(scopedUri);
283
+ })
284
+ };
285
+ };
286
+ var onepasswordPlugin = definePlugin((options) => {
287
+ const timeoutMs = options?.timeoutMs ?? DEFAULT_TIMEOUT_MS2;
288
+ const preferSdk = options?.preferSdk;
289
+ return {
290
+ id: "onepassword",
291
+ packageName: "@executor-js/plugin-onepassword",
292
+ storage: ({ blobs }) => makeOnePasswordStore(blobs),
293
+ extension: (ctx) => makeOnePasswordExtension(ctx, timeoutMs, preferSdk),
294
+ secretProviders: (ctx) => [makeProvider(ctx, timeoutMs, preferSdk)]
295
+ };
296
+ });
297
+
298
+ export {
299
+ OnePasswordServiceTag,
300
+ makeNativeSdkService,
301
+ makeCliService,
302
+ makeOnePasswordService,
303
+ makeOnePasswordStore,
304
+ onepasswordPlugin
305
+ };
306
+ //# sourceMappingURL=chunk-E4E2K5AV.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../src/sdk/service.ts","../src/sdk/plugin.ts"],"sourcesContent":["import { Context, Duration, Effect, Semaphore } from \"effect\";\nimport * as op from \"@1password/op-js\";\n\nimport { OnePasswordError } from \"./errors\";\n\n// ---------------------------------------------------------------------------\n// Canonical service interface — all backends (SDK, CLI) implement this\n// ---------------------------------------------------------------------------\n\nexport interface OnePasswordVault {\n readonly id: string;\n readonly title: string;\n}\n\nexport interface OnePasswordItem {\n readonly id: string;\n readonly title: string;\n}\n\nexport interface OnePasswordService {\n /** Resolve a secret by op:// URI */\n readonly resolveSecret: (uri: string) => Effect.Effect<string, OnePasswordError>;\n\n /** List accessible vaults */\n readonly listVaults: () => Effect.Effect<ReadonlyArray<OnePasswordVault>, OnePasswordError>;\n\n /** List items in a vault */\n readonly listItems: (\n vaultId: string,\n ) => Effect.Effect<ReadonlyArray<OnePasswordItem>, OnePasswordError>;\n}\n\nexport class OnePasswordServiceTag extends Context.Service<\n OnePasswordServiceTag,\n OnePasswordService\n>()(\"@executor-js/plugin-onepassword/OnePasswordService\") {}\n\n// ---------------------------------------------------------------------------\n// Resolved auth — raw credentials ready for any backend\n// ---------------------------------------------------------------------------\n\nexport type ResolvedAuth =\n | { readonly kind: \"desktop-app\"; readonly accountName: string }\n | { readonly kind: \"service-account\"; readonly token: string };\n\n// ---------------------------------------------------------------------------\n// SDK backend — uses @1password/sdk native IPC\n// ---------------------------------------------------------------------------\n\nconst DEFAULT_TIMEOUT_MS = 15_000;\ntype OnePasswordSdkModule = typeof import(\"@1password/sdk\");\n\nconst loadOnePasswordSdk = (): Effect.Effect<OnePasswordSdkModule, OnePasswordError> =>\n Effect.tryPromise({\n try: () => import(\"@1password/sdk\"),\n catch: () =>\n new OnePasswordError({\n operation: \"sdk module load\",\n message: \"Failed to load 1Password SDK\",\n }),\n });\n\nconst makeTimeoutMessage = (operation: string, timeoutMs: number): string =>\n [\n `${operation}: timed out after ${Math.floor(timeoutMs / 1000)}s.`,\n \"Troubleshooting:\",\n \"1. Make sure the 1Password desktop app is open and unlocked\",\n \"2. Check for an approval prompt in the 1Password app — it may be behind other windows\",\n \"3. Ensure 'Developer > Connect with 1Password CLI' is enabled in 1Password Settings\",\n \"4. Make sure no other app or terminal is waiting for 1Password approval (only one prompt at a time)\",\n \"5. Try quitting 1Password completely and reopening it, then retry\",\n ].join(\"\\n\");\n\nconst timeoutWithOnePasswordError = (operation: string, timeoutMs: number) =>\n Effect.timeoutOrElse({\n duration: Duration.millis(timeoutMs),\n orElse: () =>\n Effect.fail(\n new OnePasswordError({\n operation,\n message: makeTimeoutMessage(operation, timeoutMs),\n }),\n ),\n });\n\nexport const makeNativeSdkService = (\n auth: ResolvedAuth,\n timeoutMs: number = DEFAULT_TIMEOUT_MS,\n): Effect.Effect<OnePasswordService, OnePasswordError> =>\n Effect.gen(function* () {\n const sdk = yield* loadOnePasswordSdk().pipe(\n timeoutWithOnePasswordError(\"sdk module load\", timeoutMs),\n );\n\n const client = yield* Effect.tryPromise({\n try: () =>\n sdk.createClient({\n auth: auth.kind === \"desktop-app\" ? new sdk.DesktopAuth(auth.accountName) : auth.token,\n integrationName: \"Executor\",\n integrationVersion: \"0.0.0\",\n }),\n catch: () =>\n new OnePasswordError({\n operation: \"client setup\",\n message: \"Failed to set up 1Password client\",\n }),\n }).pipe(timeoutWithOnePasswordError(\"client setup\", timeoutMs));\n\n const wrap = <A>(fn: () => Promise<A>, operation: string): Effect.Effect<A, OnePasswordError> =>\n Effect.tryPromise({\n try: fn,\n catch: () =>\n new OnePasswordError({\n operation,\n message: `1Password SDK ${operation} failed`,\n }),\n }).pipe(\n timeoutWithOnePasswordError(operation, timeoutMs),\n Effect.withSpan(`onepassword.sdk.${operation}`),\n );\n\n return OnePasswordServiceTag.of({\n resolveSecret: (uri) => wrap(() => client.secrets.resolve(uri), \"secret resolution\"),\n\n listVaults: () =>\n wrap(() => client.vaults.list({ decryptDetails: true }), \"vault listing\").pipe(\n Effect.map((vaults) => vaults.map((v) => ({ id: v.id, title: v.title }))),\n ),\n\n listItems: (vaultId) =>\n wrap(() => client.items.list(vaultId), \"item listing\").pipe(\n Effect.map((items) => items.map((i) => ({ id: i.id, title: i.title }))),\n ),\n });\n }).pipe(Effect.withSpan(\"onepassword.sdk.make_service\"));\n\n// ---------------------------------------------------------------------------\n// CLI backend — uses @1password/op-js (shells out to `op` CLI)\n// ---------------------------------------------------------------------------\n\nconst cliAuthLock = Semaphore.makeUnsafe(1);\n\nexport const makeCliService = (\n auth: ResolvedAuth,\n): Effect.Effect<OnePasswordService, OnePasswordError> =>\n Effect.sync(() => {\n const wrapSync = <A>(fn: () => A, operation: string): Effect.Effect<A, OnePasswordError> =>\n cliAuthLock\n .withPermits(1)(\n Effect.try({\n try: () => {\n if (auth.kind === \"service-account\") {\n op.setGlobalFlags({});\n op.setServiceAccount(auth.token);\n } else {\n op.setServiceAccount(\"\");\n op.setGlobalFlags({ account: auth.accountName });\n }\n return fn();\n },\n catch: () =>\n new OnePasswordError({\n operation,\n message: `1Password CLI ${operation} failed`,\n }),\n }),\n )\n .pipe(Effect.withSpan(`onepassword.cli.${operation}`));\n\n return OnePasswordServiceTag.of({\n resolveSecret: (uri) => wrapSync(() => op.read.parse(uri), \"secret resolution\"),\n\n listVaults: () =>\n wrapSync(() => op.vault.list(), \"vault listing\").pipe(\n Effect.map((vaults) => vaults.map((v) => ({ id: v.id, title: v.name }))),\n ),\n\n listItems: (vaultId) =>\n wrapSync(() => op.item.list({ vault: vaultId }), \"item listing\").pipe(\n Effect.map((items) => items.map((i) => ({ id: i.id, title: i.title }))),\n ),\n });\n }).pipe(Effect.withSpan(\"onepassword.cli.make_service\"));\n\n// ---------------------------------------------------------------------------\n// Smart factory — tries CLI first (avoids IPC hang), falls back to SDK\n// ---------------------------------------------------------------------------\n\nexport const makeOnePasswordService = (\n auth: ResolvedAuth,\n options?: { readonly preferSdk?: boolean; readonly timeoutMs?: number },\n): Effect.Effect<OnePasswordService, OnePasswordError> => {\n const timeoutMs = options?.timeoutMs ?? DEFAULT_TIMEOUT_MS;\n\n if (options?.preferSdk) {\n return makeNativeSdkService(auth, timeoutMs);\n }\n\n // Default: prefer CLI to avoid the IPC hang bug\n return makeCliService(auth).pipe(\n Effect.catch((cliError: OnePasswordError) =>\n // CLI unavailable (e.g. `op` not installed) — fall back to SDK\n makeNativeSdkService(auth, timeoutMs).pipe(Effect.mapError(() => cliError)),\n ),\n );\n};\n","import { Effect, Schema } from \"effect\";\n\nimport {\n definePlugin,\n StorageError,\n type PluginCtx,\n type PluginBlobStore,\n type SecretProvider,\n type StorageFailure,\n} from \"@executor-js/sdk/core\";\n\nimport { OnePasswordConfig, Vault, ConnectionStatus } from \"./types\";\nimport type { OnePasswordAuth } from \"./types\";\nimport { OnePasswordError } from \"./errors\";\nimport { makeOnePasswordService, type ResolvedAuth, type OnePasswordService } from \"./service\";\n\n// ---------------------------------------------------------------------------\n// Constants\n// ---------------------------------------------------------------------------\n\nconst CREDENTIAL_FIELD = \"credential\";\nconst DEFAULT_TIMEOUT_MS = 15_000;\nconst CONFIG_KEY = \"config\";\n\n// ---------------------------------------------------------------------------\n// Shared failure alias.\n//\n// Every extension method either touches storage (`ctx.storage` blobs or\n// `ctx.secrets`) or reaches the 1Password backend. Storage I/O surfaces\n// as `StorageFailure`; the HTTP edge (`withCapture`) translates\n// `StorageError` to `InternalError({ traceId })`. Domain problems (not\n// configured, service-account token missing, backend RPC failure) stay\n// as `OnePasswordError` and encode to 502 via the schema annotation on\n// the class.\n// ---------------------------------------------------------------------------\n\nexport type OnePasswordExtensionFailure = OnePasswordError | StorageFailure;\n\n// ---------------------------------------------------------------------------\n// Plugin extension — public API on executor.onepassword\n// ---------------------------------------------------------------------------\n\n// ---------------------------------------------------------------------------\n// Typed config store — single blob, JSON encoded. Blob I/O failures surface\n// as `StorageError` (HTTP edge translates to `InternalError`); decode\n// failures stay `OnePasswordError` — the blob's contents are a plugin\n// concern, not an infrastructure one.\n// ---------------------------------------------------------------------------\n\nexport interface OnePasswordStore {\n readonly getConfig: () => Effect.Effect<\n OnePasswordConfig | null,\n StorageError | OnePasswordError\n >;\n readonly saveConfig: (\n config: OnePasswordConfig,\n targetScope: string,\n ) => Effect.Effect<void, StorageError>;\n readonly deleteConfig: (targetScope: string) => Effect.Effect<void, StorageError>;\n}\n\nconst decodeConfig = Schema.decodeUnknownEffect(Schema.fromJsonString(OnePasswordConfig));\n\nconst blobStorageError =\n (operation: string) =>\n (cause: unknown): StorageError =>\n new StorageError({\n message: `onepassword blob ${operation} failed`,\n cause,\n });\n\nexport const makeOnePasswordStore = (blobs: PluginBlobStore): OnePasswordStore => ({\n getConfig: () =>\n blobs.get(CONFIG_KEY).pipe(\n Effect.mapError(blobStorageError(\"read\")),\n Effect.flatMap((raw) => {\n if (raw === null) return Effect.succeed(null);\n return decodeConfig(raw).pipe(\n Effect.mapError(\n () =>\n new OnePasswordError({\n operation: \"config decode\",\n message: \"Failed to decode 1Password config\",\n }),\n ),\n );\n }),\n ),\n\n saveConfig: (config, targetScope) =>\n blobs\n .put(\n CONFIG_KEY,\n JSON.stringify({\n auth: config.auth,\n vaultId: config.vaultId,\n name: config.name,\n }),\n { scope: targetScope },\n )\n .pipe(Effect.mapError(blobStorageError(\"write\"))),\n\n deleteConfig: (targetScope) =>\n blobs\n .delete(CONFIG_KEY, { scope: targetScope })\n .pipe(Effect.mapError(blobStorageError(\"delete\"))),\n});\n\n// ---------------------------------------------------------------------------\n// Helpers — auth resolution + service construction\n// ---------------------------------------------------------------------------\n\nconst resolveAuth = (\n auth: OnePasswordAuth,\n ctx: PluginCtx<OnePasswordStore>,\n): Effect.Effect<ResolvedAuth, OnePasswordError | StorageFailure> => {\n if (auth.kind === \"desktop-app\") {\n return Effect.succeed({\n kind: \"desktop-app\" as const,\n accountName: auth.accountName,\n });\n }\n return ctx.secrets.get(auth.tokenSecretId).pipe(\n Effect.catchTag(\"SecretOwnedByConnectionError\", () =>\n Effect.fail(\n new OnePasswordError({\n operation: \"auth resolution\",\n message: `Service account token secret \"${auth.tokenSecretId}\" not found`,\n }),\n ),\n ),\n Effect.flatMap((token) => {\n if (token === null) {\n return Effect.fail(\n new OnePasswordError({\n operation: \"auth resolution\",\n message: `Service account token secret \"${auth.tokenSecretId}\" not found`,\n }),\n );\n }\n return Effect.succeed({\n kind: \"service-account\" as const,\n token,\n });\n }),\n );\n};\n\nconst getServiceFromConfig = (\n config: OnePasswordConfig,\n ctx: PluginCtx<OnePasswordStore>,\n timeoutMs: number,\n preferSdk: boolean | undefined,\n): Effect.Effect<OnePasswordService, OnePasswordError | StorageFailure> =>\n resolveAuth(config.auth, ctx).pipe(\n Effect.flatMap((resolved) => makeOnePasswordService(resolved, { timeoutMs, preferSdk })),\n );\n\nconst configuredVaultUri = (config: OnePasswordConfig, secretId: string): string | null => {\n if (!secretId.startsWith(\"op://\")) {\n return `op://${config.vaultId}/${secretId}/${CREDENTIAL_FIELD}`;\n }\n const match = secretId.match(/^op:\\/\\/([^/]+)\\/.+/);\n if (!match || match[1] !== config.vaultId) return null;\n return secretId;\n};\n\n// ---------------------------------------------------------------------------\n// SecretProvider — read-only, resolves op:// URIs or vaultId-based lookups\n// ---------------------------------------------------------------------------\n\nconst makeProvider = (\n ctx: PluginCtx<OnePasswordStore>,\n timeoutMs: number,\n preferSdk: boolean | undefined,\n): SecretProvider => ({\n key: \"onepassword\",\n writable: false,\n allowFallback: false,\n\n // 1Password vaults are named in the stored config; the executor-scope\n // arg isn't used for routing here. A future refactor could let the\n // plugin store per-scope vault bindings and pick based on `scope`.\n get: (secretId, _scope) =>\n ctx.storage.getConfig().pipe(\n Effect.flatMap((config) => {\n if (!config) return Effect.succeed(null as string | null);\n\n const uri = configuredVaultUri(config, secretId);\n if (uri === null) return Effect.succeed(null as string | null);\n\n return getServiceFromConfig(config, ctx, timeoutMs, preferSdk).pipe(\n Effect.flatMap((svc) => svc.resolveSecret(uri)),\n Effect.map((v): string | null => v),\n Effect.orElseSucceed(() => null),\n );\n }),\n Effect.orElseSucceed(() => null),\n ),\n\n list: () =>\n ctx.storage.getConfig().pipe(\n Effect.flatMap((config) => {\n if (!config) return Effect.succeed([] as ReadonlyArray<{ id: string; name: string }>);\n return getServiceFromConfig(config, ctx, timeoutMs, preferSdk).pipe(\n Effect.flatMap((svc) => svc.listItems(config.vaultId)),\n Effect.map(\n (items): ReadonlyArray<{ id: string; name: string }> =>\n items.map((item) => ({ id: item.id, name: item.title })),\n ),\n );\n }),\n Effect.orElseSucceed(() => [] as ReadonlyArray<{ id: string; name: string }>),\n ),\n});\n\nconst makeOnePasswordExtension = (\n ctx: PluginCtx<OnePasswordStore>,\n timeoutMs: number,\n preferSdk: boolean | undefined,\n) => {\n return {\n configure: (config: OnePasswordConfig, targetScope: string) =>\n ctx.storage.saveConfig(config, targetScope),\n\n getConfig: () => ctx.storage.getConfig(),\n\n removeConfig: (targetScope: string) => ctx.storage.deleteConfig(targetScope),\n\n status: () =>\n Effect.gen(function* () {\n const config = yield* ctx.storage.getConfig();\n if (!config) {\n return ConnectionStatus.make({\n connected: false,\n error: \"Not configured\",\n });\n }\n const svc = yield* getServiceFromConfig(config, ctx, timeoutMs, preferSdk);\n const vaults = yield* svc.listVaults();\n const vault = vaults.find((v) => v.id === config.vaultId);\n return ConnectionStatus.make({\n connected: true,\n vaultName: vault?.title,\n });\n }),\n\n listVaults: (auth: OnePasswordAuth) =>\n Effect.gen(function* () {\n const resolved = yield* resolveAuth(auth, ctx);\n const svc = yield* makeOnePasswordService(resolved, {\n timeoutMs,\n preferSdk,\n });\n const vaults = yield* svc.listVaults();\n return vaults\n .map((v) => Vault.make({ id: v.id, name: v.title }))\n .sort((a, b) => a.name.localeCompare(b.name));\n }),\n\n resolve: (uri: string) =>\n Effect.gen(function* () {\n const config = yield* ctx.storage.getConfig();\n if (!config) {\n return yield* new OnePasswordError({\n operation: \"resolve\",\n message: \"1Password is not configured\",\n });\n }\n const scopedUri = configuredVaultUri(config, uri);\n if (scopedUri === null) {\n return yield* new OnePasswordError({\n operation: \"resolve\",\n message: \"1Password secret URI is outside the configured vault\",\n });\n }\n const svc = yield* getServiceFromConfig(config, ctx, timeoutMs, preferSdk);\n return yield* svc.resolveSecret(scopedUri);\n }),\n };\n};\n\nexport type OnePasswordExtension = ReturnType<typeof makeOnePasswordExtension>;\n\n// ---------------------------------------------------------------------------\n// Plugin factory\n// ---------------------------------------------------------------------------\n\nexport interface OnePasswordPluginOptions {\n /** Request timeout in ms (default: 15000) */\n readonly timeoutMs?: number;\n /** Force use of the native SDK instead of the CLI (default: false) */\n readonly preferSdk?: boolean;\n}\n\nexport const onepasswordPlugin = definePlugin((options?: OnePasswordPluginOptions) => {\n const timeoutMs = options?.timeoutMs ?? DEFAULT_TIMEOUT_MS;\n const preferSdk = options?.preferSdk;\n\n return {\n id: \"onepassword\" as const,\n packageName: \"@executor-js/plugin-onepassword\",\n storage: ({ blobs }) => makeOnePasswordStore(blobs),\n\n extension: (ctx) => makeOnePasswordExtension(ctx, timeoutMs, preferSdk),\n\n secretProviders: (ctx) => [makeProvider(ctx, timeoutMs, preferSdk)],\n };\n // HTTP transport (routes/handlers/extensionService) is layered on by\n // the api-aware factory in `@executor-js/plugin-onepassword/api`. Hosts\n // that want the HTTP surface import the plugin from there; SDK-only\n // consumers stay on this entry and avoid the server-only deps.\n});\n"],"mappings":";;;;;;;;AAAA,SAAS,SAAS,UAAU,QAAQ,iBAAiB;AACrD,YAAY,QAAQ;AA+Bb,IAAM,wBAAN,cAAoC,QAAQ,QAGjD,EAAE,oDAAoD,EAAE;AAAC;AAc3D,IAAM,qBAAqB;AAG3B,IAAM,qBAAqB,MACzB,OAAO,WAAW;AAAA,EAChB,KAAK,MAAM,OAAO,gBAAgB;AAAA,EAClC,OAAO,MACL,IAAI,iBAAiB;AAAA,IACnB,WAAW;AAAA,IACX,SAAS;AAAA,EACX,CAAC;AACL,CAAC;AAEH,IAAM,qBAAqB,CAAC,WAAmB,cAC7C;AAAA,EACE,GAAG,SAAS,qBAAqB,KAAK,MAAM,YAAY,GAAI,CAAC;AAAA,EAC7D;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,EAAE,KAAK,IAAI;AAEb,IAAM,8BAA8B,CAAC,WAAmB,cACtD,OAAO,cAAc;AAAA,EACnB,UAAU,SAAS,OAAO,SAAS;AAAA,EACnC,QAAQ,MACN,OAAO;AAAA,IACL,IAAI,iBAAiB;AAAA,MACnB;AAAA,MACA,SAAS,mBAAmB,WAAW,SAAS;AAAA,IAClD,CAAC;AAAA,EACH;AACJ,CAAC;AAEI,IAAM,uBAAuB,CAClC,MACA,YAAoB,uBAEpB,OAAO,IAAI,aAAa;AACtB,QAAM,MAAM,OAAO,mBAAmB,EAAE;AAAA,IACtC,4BAA4B,mBAAmB,SAAS;AAAA,EAC1D;AAEA,QAAM,SAAS,OAAO,OAAO,WAAW;AAAA,IACtC,KAAK,MACH,IAAI,aAAa;AAAA,MACf,MAAM,KAAK,SAAS,gBAAgB,IAAI,IAAI,YAAY,KAAK,WAAW,IAAI,KAAK;AAAA,MACjF,iBAAiB;AAAA,MACjB,oBAAoB;AAAA,IACtB,CAAC;AAAA,IACH,OAAO,MACL,IAAI,iBAAiB;AAAA,MACnB,WAAW;AAAA,MACX,SAAS;AAAA,IACX,CAAC;AAAA,EACL,CAAC,EAAE,KAAK,4BAA4B,gBAAgB,SAAS,CAAC;AAE9D,QAAM,OAAO,CAAI,IAAsB,cACrC,OAAO,WAAW;AAAA,IAChB,KAAK;AAAA,IACL,OAAO,MACL,IAAI,iBAAiB;AAAA,MACnB;AAAA,MACA,SAAS,iBAAiB,SAAS;AAAA,IACrC,CAAC;AAAA,EACL,CAAC,EAAE;AAAA,IACD,4BAA4B,WAAW,SAAS;AAAA,IAChD,OAAO,SAAS,mBAAmB,SAAS,EAAE;AAAA,EAChD;AAEF,SAAO,sBAAsB,GAAG;AAAA,IAC9B,eAAe,CAAC,QAAQ,KAAK,MAAM,OAAO,QAAQ,QAAQ,GAAG,GAAG,mBAAmB;AAAA,IAEnF,YAAY,MACV,KAAK,MAAM,OAAO,OAAO,KAAK,EAAE,gBAAgB,KAAK,CAAC,GAAG,eAAe,EAAE;AAAA,MACxE,OAAO,IAAI,CAAC,WAAW,OAAO,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,IAAI,OAAO,EAAE,MAAM,EAAE,CAAC;AAAA,IAC1E;AAAA,IAEF,WAAW,CAAC,YACV,KAAK,MAAM,OAAO,MAAM,KAAK,OAAO,GAAG,cAAc,EAAE;AAAA,MACrD,OAAO,IAAI,CAAC,UAAU,MAAM,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,IAAI,OAAO,EAAE,MAAM,EAAE,CAAC;AAAA,IACxE;AAAA,EACJ,CAAC;AACH,CAAC,EAAE,KAAK,OAAO,SAAS,8BAA8B,CAAC;AAMzD,IAAM,cAAc,UAAU,WAAW,CAAC;AAEnC,IAAM,iBAAiB,CAC5B,SAEA,OAAO,KAAK,MAAM;AAChB,QAAM,WAAW,CAAI,IAAa,cAChC,YACG,YAAY,CAAC;AAAA,IACZ,OAAO,IAAI;AAAA,MACT,KAAK,MAAM;AACT,YAAI,KAAK,SAAS,mBAAmB;AACnC,UAAG,kBAAe,CAAC,CAAC;AACpB,UAAG,qBAAkB,KAAK,KAAK;AAAA,QACjC,OAAO;AACL,UAAG,qBAAkB,EAAE;AACvB,UAAG,kBAAe,EAAE,SAAS,KAAK,YAAY,CAAC;AAAA,QACjD;AACA,eAAO,GAAG;AAAA,MACZ;AAAA,MACA,OAAO,MACL,IAAI,iBAAiB;AAAA,QACnB;AAAA,QACA,SAAS,iBAAiB,SAAS;AAAA,MACrC,CAAC;AAAA,IACL,CAAC;AAAA,EACH,EACC,KAAK,OAAO,SAAS,mBAAmB,SAAS,EAAE,CAAC;AAEzD,SAAO,sBAAsB,GAAG;AAAA,IAC9B,eAAe,CAAC,QAAQ,SAAS,MAAS,QAAK,MAAM,GAAG,GAAG,mBAAmB;AAAA,IAE9E,YAAY,MACV,SAAS,MAAS,SAAM,KAAK,GAAG,eAAe,EAAE;AAAA,MAC/C,OAAO,IAAI,CAAC,WAAW,OAAO,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,IAAI,OAAO,EAAE,KAAK,EAAE,CAAC;AAAA,IACzE;AAAA,IAEF,WAAW,CAAC,YACV,SAAS,MAAS,QAAK,KAAK,EAAE,OAAO,QAAQ,CAAC,GAAG,cAAc,EAAE;AAAA,MAC/D,OAAO,IAAI,CAAC,UAAU,MAAM,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,IAAI,OAAO,EAAE,MAAM,EAAE,CAAC;AAAA,IACxE;AAAA,EACJ,CAAC;AACH,CAAC,EAAE,KAAK,OAAO,SAAS,8BAA8B,CAAC;AAMlD,IAAM,yBAAyB,CACpC,MACA,YACwD;AACxD,QAAM,YAAY,SAAS,aAAa;AAExC,MAAI,SAAS,WAAW;AACtB,WAAO,qBAAqB,MAAM,SAAS;AAAA,EAC7C;AAGA,SAAO,eAAe,IAAI,EAAE;AAAA,IAC1B,OAAO;AAAA,MAAM,CAAC;AAAA;AAAA,QAEZ,qBAAqB,MAAM,SAAS,EAAE,KAAK,OAAO,SAAS,MAAM,QAAQ,CAAC;AAAA;AAAA,IAC5E;AAAA,EACF;AACF;;;AC7MA,SAAS,UAAAA,SAAQ,cAAc;AAE/B;AAAA,EACE;AAAA,EACA;AAAA,OAKK;AAWP,IAAM,mBAAmB;AACzB,IAAMC,sBAAqB;AAC3B,IAAM,aAAa;AAuCnB,IAAM,eAAe,OAAO,oBAAoB,OAAO,eAAe,iBAAiB,CAAC;AAExF,IAAM,mBACJ,CAAC,cACD,CAAC,UACC,IAAI,aAAa;AAAA,EACf,SAAS,oBAAoB,SAAS;AAAA,EACtC;AACF,CAAC;AAEE,IAAM,uBAAuB,CAAC,WAA8C;AAAA,EACjF,WAAW,MACT,MAAM,IAAI,UAAU,EAAE;AAAA,IACpBC,QAAO,SAAS,iBAAiB,MAAM,CAAC;AAAA,IACxCA,QAAO,QAAQ,CAAC,QAAQ;AACtB,UAAI,QAAQ,KAAM,QAAOA,QAAO,QAAQ,IAAI;AAC5C,aAAO,aAAa,GAAG,EAAE;AAAA,QACvBA,QAAO;AAAA,UACL,MACE,IAAI,iBAAiB;AAAA,YACnB,WAAW;AAAA,YACX,SAAS;AAAA,UACX,CAAC;AAAA,QACL;AAAA,MACF;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEF,YAAY,CAAC,QAAQ,gBACnB,MACG;AAAA,IACC;AAAA,IACA,KAAK,UAAU;AAAA,MACb,MAAM,OAAO;AAAA,MACb,SAAS,OAAO;AAAA,MAChB,MAAM,OAAO;AAAA,IACf,CAAC;AAAA,IACD,EAAE,OAAO,YAAY;AAAA,EACvB,EACC,KAAKA,QAAO,SAAS,iBAAiB,OAAO,CAAC,CAAC;AAAA,EAEpD,cAAc,CAAC,gBACb,MACG,OAAO,YAAY,EAAE,OAAO,YAAY,CAAC,EACzC,KAAKA,QAAO,SAAS,iBAAiB,QAAQ,CAAC,CAAC;AACvD;AAMA,IAAM,cAAc,CAClB,MACA,QACmE;AACnE,MAAI,KAAK,SAAS,eAAe;AAC/B,WAAOA,QAAO,QAAQ;AAAA,MACpB,MAAM;AAAA,MACN,aAAa,KAAK;AAAA,IACpB,CAAC;AAAA,EACH;AACA,SAAO,IAAI,QAAQ,IAAI,KAAK,aAAa,EAAE;AAAA,IACzCA,QAAO;AAAA,MAAS;AAAA,MAAgC,MAC9CA,QAAO;AAAA,QACL,IAAI,iBAAiB;AAAA,UACnB,WAAW;AAAA,UACX,SAAS,iCAAiC,KAAK,aAAa;AAAA,QAC9D,CAAC;AAAA,MACH;AAAA,IACF;AAAA,IACAA,QAAO,QAAQ,CAAC,UAAU;AACxB,UAAI,UAAU,MAAM;AAClB,eAAOA,QAAO;AAAA,UACZ,IAAI,iBAAiB;AAAA,YACnB,WAAW;AAAA,YACX,SAAS,iCAAiC,KAAK,aAAa;AAAA,UAC9D,CAAC;AAAA,QACH;AAAA,MACF;AACA,aAAOA,QAAO,QAAQ;AAAA,QACpB,MAAM;AAAA,QACN;AAAA,MACF,CAAC;AAAA,IACH,CAAC;AAAA,EACH;AACF;AAEA,IAAM,uBAAuB,CAC3B,QACA,KACA,WACA,cAEA,YAAY,OAAO,MAAM,GAAG,EAAE;AAAA,EAC5BA,QAAO,QAAQ,CAAC,aAAa,uBAAuB,UAAU,EAAE,WAAW,UAAU,CAAC,CAAC;AACzF;AAEF,IAAM,qBAAqB,CAAC,QAA2B,aAAoC;AACzF,MAAI,CAAC,SAAS,WAAW,OAAO,GAAG;AACjC,WAAO,QAAQ,OAAO,OAAO,IAAI,QAAQ,IAAI,gBAAgB;AAAA,EAC/D;AACA,QAAM,QAAQ,SAAS,MAAM,qBAAqB;AAClD,MAAI,CAAC,SAAS,MAAM,CAAC,MAAM,OAAO,QAAS,QAAO;AAClD,SAAO;AACT;AAMA,IAAM,eAAe,CACnB,KACA,WACA,eACoB;AAAA,EACpB,KAAK;AAAA,EACL,UAAU;AAAA,EACV,eAAe;AAAA;AAAA;AAAA;AAAA,EAKf,KAAK,CAAC,UAAU,WACd,IAAI,QAAQ,UAAU,EAAE;AAAA,IACtBA,QAAO,QAAQ,CAAC,WAAW;AACzB,UAAI,CAAC,OAAQ,QAAOA,QAAO,QAAQ,IAAqB;AAExD,YAAM,MAAM,mBAAmB,QAAQ,QAAQ;AAC/C,UAAI,QAAQ,KAAM,QAAOA,QAAO,QAAQ,IAAqB;AAE7D,aAAO,qBAAqB,QAAQ,KAAK,WAAW,SAAS,EAAE;AAAA,QAC7DA,QAAO,QAAQ,CAAC,QAAQ,IAAI,cAAc,GAAG,CAAC;AAAA,QAC9CA,QAAO,IAAI,CAAC,MAAqB,CAAC;AAAA,QAClCA,QAAO,cAAc,MAAM,IAAI;AAAA,MACjC;AAAA,IACF,CAAC;AAAA,IACDA,QAAO,cAAc,MAAM,IAAI;AAAA,EACjC;AAAA,EAEF,MAAM,MACJ,IAAI,QAAQ,UAAU,EAAE;AAAA,IACtBA,QAAO,QAAQ,CAAC,WAAW;AACzB,UAAI,CAAC,OAAQ,QAAOA,QAAO,QAAQ,CAAC,CAAgD;AACpF,aAAO,qBAAqB,QAAQ,KAAK,WAAW,SAAS,EAAE;AAAA,QAC7DA,QAAO,QAAQ,CAAC,QAAQ,IAAI,UAAU,OAAO,OAAO,CAAC;AAAA,QACrDA,QAAO;AAAA,UACL,CAAC,UACC,MAAM,IAAI,CAACC,WAAU,EAAE,IAAIA,MAAK,IAAI,MAAMA,MAAK,MAAM,EAAE;AAAA,QAC3D;AAAA,MACF;AAAA,IACF,CAAC;AAAA,IACDD,QAAO,cAAc,MAAM,CAAC,CAAgD;AAAA,EAC9E;AACJ;AAEA,IAAM,2BAA2B,CAC/B,KACA,WACA,cACG;AACH,SAAO;AAAA,IACL,WAAW,CAAC,QAA2B,gBACrC,IAAI,QAAQ,WAAW,QAAQ,WAAW;AAAA,IAE5C,WAAW,MAAM,IAAI,QAAQ,UAAU;AAAA,IAEvC,cAAc,CAAC,gBAAwB,IAAI,QAAQ,aAAa,WAAW;AAAA,IAE3E,QAAQ,MACNA,QAAO,IAAI,aAAa;AACtB,YAAM,SAAS,OAAO,IAAI,QAAQ,UAAU;AAC5C,UAAI,CAAC,QAAQ;AACX,eAAO,iBAAiB,KAAK;AAAA,UAC3B,WAAW;AAAA,UACX,OAAO;AAAA,QACT,CAAC;AAAA,MACH;AACA,YAAM,MAAM,OAAO,qBAAqB,QAAQ,KAAK,WAAW,SAAS;AACzE,YAAM,SAAS,OAAO,IAAI,WAAW;AACrC,YAAME,SAAQ,OAAO,KAAK,CAAC,MAAM,EAAE,OAAO,OAAO,OAAO;AACxD,aAAO,iBAAiB,KAAK;AAAA,QAC3B,WAAW;AAAA,QACX,WAAWA,QAAO;AAAA,MACpB,CAAC;AAAA,IACH,CAAC;AAAA,IAEH,YAAY,CAAC,SACXF,QAAO,IAAI,aAAa;AACtB,YAAM,WAAW,OAAO,YAAY,MAAM,GAAG;AAC7C,YAAM,MAAM,OAAO,uBAAuB,UAAU;AAAA,QAClD;AAAA,QACA;AAAA,MACF,CAAC;AACD,YAAM,SAAS,OAAO,IAAI,WAAW;AACrC,aAAO,OACJ,IAAI,CAAC,MAAM,MAAM,KAAK,EAAE,IAAI,EAAE,IAAI,MAAM,EAAE,MAAM,CAAC,CAAC,EAClD,KAAK,CAAC,GAAG,MAAM,EAAE,KAAK,cAAc,EAAE,IAAI,CAAC;AAAA,IAChD,CAAC;AAAA,IAEH,SAAS,CAAC,QACRA,QAAO,IAAI,aAAa;AACtB,YAAM,SAAS,OAAO,IAAI,QAAQ,UAAU;AAC5C,UAAI,CAAC,QAAQ;AACX,eAAO,OAAO,IAAI,iBAAiB;AAAA,UACjC,WAAW;AAAA,UACX,SAAS;AAAA,QACX,CAAC;AAAA,MACH;AACA,YAAM,YAAY,mBAAmB,QAAQ,GAAG;AAChD,UAAI,cAAc,MAAM;AACtB,eAAO,OAAO,IAAI,iBAAiB;AAAA,UACjC,WAAW;AAAA,UACX,SAAS;AAAA,QACX,CAAC;AAAA,MACH;AACA,YAAM,MAAM,OAAO,qBAAqB,QAAQ,KAAK,WAAW,SAAS;AACzE,aAAO,OAAO,IAAI,cAAc,SAAS;AAAA,IAC3C,CAAC;AAAA,EACL;AACF;AAeO,IAAM,oBAAoB,aAAa,CAAC,YAAuC;AACpF,QAAM,YAAY,SAAS,aAAaD;AACxC,QAAM,YAAY,SAAS;AAE3B,SAAO;AAAA,IACL,IAAI;AAAA,IACJ,aAAa;AAAA,IACb,SAAS,CAAC,EAAE,MAAM,MAAM,qBAAqB,KAAK;AAAA,IAElD,WAAW,CAAC,QAAQ,yBAAyB,KAAK,WAAW,SAAS;AAAA,IAEtE,iBAAiB,CAAC,QAAQ,CAAC,aAAa,KAAK,WAAW,SAAS,CAAC;AAAA,EACpE;AAKF,CAAC;","names":["Effect","DEFAULT_TIMEOUT_MS","Effect","item","vault"]}
@@ -0,0 +1,52 @@
1
+ // src/sdk/types.ts
2
+ import { Schema } from "effect";
3
+ var DesktopAppAuth = Schema.Struct({
4
+ kind: Schema.Literal("desktop-app"),
5
+ /** 1Password account domain, e.g. "my.1password.com" */
6
+ accountName: Schema.String
7
+ });
8
+ var ServiceAccountAuth = Schema.Struct({
9
+ kind: Schema.Literal("service-account"),
10
+ /** The service account token (stored as a secret) */
11
+ tokenSecretId: Schema.String
12
+ });
13
+ var OnePasswordAuth = Schema.Union([DesktopAppAuth, ServiceAccountAuth]);
14
+ var OnePasswordConfig = Schema.Struct({
15
+ auth: OnePasswordAuth,
16
+ /** Vault to scope operations to */
17
+ vaultId: Schema.String,
18
+ /** Human label */
19
+ name: Schema.String
20
+ });
21
+ var Vault = Schema.Struct({
22
+ id: Schema.String,
23
+ name: Schema.String
24
+ });
25
+ var ConnectionStatus = Schema.Struct({
26
+ connected: Schema.Boolean,
27
+ vaultName: Schema.optional(Schema.String),
28
+ error: Schema.optional(Schema.String)
29
+ });
30
+
31
+ // src/sdk/errors.ts
32
+ import { Schema as Schema2 } from "effect";
33
+ var OnePasswordError = class extends Schema2.TaggedErrorClass()(
34
+ "OnePasswordError",
35
+ {
36
+ operation: Schema2.String,
37
+ message: Schema2.String
38
+ },
39
+ { httpApiStatus: 502 }
40
+ ) {
41
+ };
42
+
43
+ export {
44
+ DesktopAppAuth,
45
+ ServiceAccountAuth,
46
+ OnePasswordAuth,
47
+ OnePasswordConfig,
48
+ Vault,
49
+ ConnectionStatus,
50
+ OnePasswordError
51
+ };
52
+ //# sourceMappingURL=chunk-TRGRRIAX.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../src/sdk/types.ts","../src/sdk/errors.ts"],"sourcesContent":["import { Schema } from \"effect\";\n\n// ---------------------------------------------------------------------------\n// Auth — how to talk to 1Password\n// ---------------------------------------------------------------------------\n\nexport const DesktopAppAuth = Schema.Struct({\n kind: Schema.Literal(\"desktop-app\"),\n /** 1Password account domain, e.g. \"my.1password.com\" */\n accountName: Schema.String,\n});\nexport type DesktopAppAuth = typeof DesktopAppAuth.Type;\n\nexport const ServiceAccountAuth = Schema.Struct({\n kind: Schema.Literal(\"service-account\"),\n /** The service account token (stored as a secret) */\n tokenSecretId: Schema.String,\n});\nexport type ServiceAccountAuth = typeof ServiceAccountAuth.Type;\n\nexport const OnePasswordAuth = Schema.Union([DesktopAppAuth, ServiceAccountAuth]);\nexport type OnePasswordAuth = typeof OnePasswordAuth.Type;\n\n// ---------------------------------------------------------------------------\n// Stored config — persisted via KV\n// ---------------------------------------------------------------------------\n\nexport const OnePasswordConfig = Schema.Struct({\n auth: OnePasswordAuth,\n /** Vault to scope operations to */\n vaultId: Schema.String,\n /** Human label */\n name: Schema.String,\n});\nexport type OnePasswordConfig = typeof OnePasswordConfig.Type;\n\n// ---------------------------------------------------------------------------\n// Vault\n// ---------------------------------------------------------------------------\n\nexport const Vault = Schema.Struct({\n id: Schema.String,\n name: Schema.String,\n});\nexport type Vault = typeof Vault.Type;\n\n// ---------------------------------------------------------------------------\n// Connection status\n// ---------------------------------------------------------------------------\n\nexport const ConnectionStatus = Schema.Struct({\n connected: Schema.Boolean,\n vaultName: Schema.optional(Schema.String),\n error: Schema.optional(Schema.String),\n});\nexport type ConnectionStatus = typeof ConnectionStatus.Type;\n","import { Schema } from \"effect\";\n\nexport class OnePasswordError extends Schema.TaggedErrorClass<OnePasswordError>()(\n \"OnePasswordError\",\n {\n operation: Schema.String,\n message: Schema.String,\n },\n { httpApiStatus: 502 },\n) {}\n"],"mappings":";AAAA,SAAS,cAAc;AAMhB,IAAM,iBAAiB,OAAO,OAAO;AAAA,EAC1C,MAAM,OAAO,QAAQ,aAAa;AAAA;AAAA,EAElC,aAAa,OAAO;AACtB,CAAC;AAGM,IAAM,qBAAqB,OAAO,OAAO;AAAA,EAC9C,MAAM,OAAO,QAAQ,iBAAiB;AAAA;AAAA,EAEtC,eAAe,OAAO;AACxB,CAAC;AAGM,IAAM,kBAAkB,OAAO,MAAM,CAAC,gBAAgB,kBAAkB,CAAC;AAOzE,IAAM,oBAAoB,OAAO,OAAO;AAAA,EAC7C,MAAM;AAAA;AAAA,EAEN,SAAS,OAAO;AAAA;AAAA,EAEhB,MAAM,OAAO;AACf,CAAC;AAOM,IAAM,QAAQ,OAAO,OAAO;AAAA,EACjC,IAAI,OAAO;AAAA,EACX,MAAM,OAAO;AACf,CAAC;AAOM,IAAM,mBAAmB,OAAO,OAAO;AAAA,EAC5C,WAAW,OAAO;AAAA,EAClB,WAAW,OAAO,SAAS,OAAO,MAAM;AAAA,EACxC,OAAO,OAAO,SAAS,OAAO,MAAM;AACtC,CAAC;;;ACtDD,SAAS,UAAAA,eAAc;AAEhB,IAAM,mBAAN,cAA+BA,QAAO,iBAAmC;AAAA,EAC9E;AAAA,EACA;AAAA,IACE,WAAWA,QAAO;AAAA,IAClB,SAASA,QAAO;AAAA,EAClB;AAAA,EACA,EAAE,eAAe,IAAI;AACvB,EAAE;AAAC;","names":["Schema"]}
package/dist/client.js ADDED
@@ -0,0 +1,20 @@
1
+ // src/react/plugin-client.tsx
2
+ import { defineClientPlugin } from "@executor-js/sdk/client";
3
+
4
+ // src/react/secret-provider-plugin.ts
5
+ import { lazy } from "react";
6
+ var onePasswordSecretProviderPlugin = {
7
+ key: "onepassword",
8
+ label: "1Password",
9
+ settings: lazy(() => import("./OnePasswordSettings-LU6HZONL.js"))
10
+ };
11
+
12
+ // src/react/plugin-client.tsx
13
+ var plugin_client_default = defineClientPlugin({
14
+ id: "onepassword",
15
+ secretProviderPlugin: onePasswordSecretProviderPlugin
16
+ });
17
+ export {
18
+ plugin_client_default as default
19
+ };
20
+ //# sourceMappingURL=client.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../src/react/plugin-client.tsx","../src/react/secret-provider-plugin.ts"],"sourcesContent":["import { defineClientPlugin } from \"@executor-js/sdk/client\";\n\nimport { onePasswordSecretProviderPlugin } from \"./secret-provider-plugin\";\n\nexport default defineClientPlugin({\n id: \"onepassword\" as const,\n secretProviderPlugin: onePasswordSecretProviderPlugin,\n});\n","import { lazy } from \"react\";\nimport type { SecretProviderPlugin } from \"@executor-js/sdk/client\";\n\nexport const onePasswordSecretProviderPlugin: SecretProviderPlugin = {\n key: \"onepassword\",\n label: \"1Password\",\n settings: lazy(() => import(\"./OnePasswordSettings\")),\n};\n"],"mappings":";AAAA,SAAS,0BAA0B;;;ACAnC,SAAS,YAAY;AAGd,IAAM,kCAAwD;AAAA,EACnE,KAAK;AAAA,EACL,OAAO;AAAA,EACP,UAAU,KAAK,MAAM,OAAO,mCAAuB,CAAC;AACtD;;;ADHA,IAAO,wBAAQ,mBAAmB;AAAA,EAChC,IAAI;AAAA,EACJ,sBAAsB;AACxB,CAAC;","names":[]}
package/dist/core.js CHANGED
@@ -1,18 +1,20 @@
1
1
  import {
2
- ConnectionStatus,
3
- DesktopAppAuth,
4
- OnePasswordAuth,
5
- OnePasswordConfig,
6
- OnePasswordError,
7
2
  OnePasswordServiceTag,
8
- ServiceAccountAuth,
9
- Vault,
10
3
  makeCliService,
11
4
  makeNativeSdkService,
12
5
  makeOnePasswordService,
13
6
  makeOnePasswordStore,
14
7
  onepasswordPlugin
15
- } from "./chunk-2NSVLCQP.js";
8
+ } from "./chunk-E4E2K5AV.js";
9
+ import {
10
+ ConnectionStatus,
11
+ DesktopAppAuth,
12
+ OnePasswordAuth,
13
+ OnePasswordConfig,
14
+ OnePasswordError,
15
+ ServiceAccountAuth,
16
+ Vault
17
+ } from "./chunk-TRGRRIAX.js";
16
18
  export {
17
19
  ConnectionStatus,
18
20
  DesktopAppAuth,
package/dist/index.js CHANGED
@@ -1,3 +1,6 @@
1
+ import {
2
+ onepasswordPlugin
3
+ } from "./chunk-E4E2K5AV.js";
1
4
  import {
2
5
  ConnectionStatus,
3
6
  DesktopAppAuth,
@@ -5,9 +8,8 @@ import {
5
8
  OnePasswordConfig,
6
9
  OnePasswordError,
7
10
  ServiceAccountAuth,
8
- Vault,
9
- onepasswordPlugin
10
- } from "./chunk-2NSVLCQP.js";
11
+ Vault
12
+ } from "./chunk-TRGRRIAX.js";
11
13
  export {
12
14
  ConnectionStatus,
13
15
  DesktopAppAuth,
@@ -1,15 +1,42 @@
1
1
  import type { ScopeId } from "@executor-js/sdk/core";
2
2
  export declare const onepasswordWriteKeys: readonly ["secrets"];
3
- export declare const onepasswordConfigAtom: (scopeId: ScopeId) => import("effect/unstable/reactivity/Atom").Atom<import("effect/unstable/reactivity/AsyncResult").AsyncResult<import("../promise").OnePasswordConfig | null, import("@executor-js/api").InternalError | import("../promise").OnePasswordError>>;
4
- export declare const onepasswordStatusAtom: (scopeId: ScopeId) => import("effect/unstable/reactivity/Atom").Atom<import("effect/unstable/reactivity/AsyncResult").AsyncResult<import("../promise").ConnectionStatus, import("@executor-js/api").InternalError | import("../promise").OnePasswordError>>;
3
+ export declare const onepasswordConfigAtom: (scopeId: ScopeId) => import("effect/unstable/reactivity/Atom").Atom<import("effect/unstable/reactivity/AsyncResult").AsyncResult<{
4
+ readonly name: string;
5
+ readonly auth: {
6
+ readonly kind: "desktop-app";
7
+ readonly accountName: string;
8
+ } | {
9
+ readonly kind: "service-account";
10
+ readonly tokenSecretId: string;
11
+ };
12
+ readonly vaultId: string;
13
+ } | null, import("@executor-js/api").InternalError | import("../promise").OnePasswordError>>;
14
+ export declare const onepasswordStatusAtom: (scopeId: ScopeId) => import("effect/unstable/reactivity/Atom").Atom<import("effect/unstable/reactivity/AsyncResult").AsyncResult<{
15
+ readonly connected: boolean;
16
+ readonly error?: string | undefined;
17
+ readonly vaultName?: string | undefined;
18
+ }, import("@executor-js/api").InternalError | import("../promise").OnePasswordError>>;
5
19
  export declare const onepasswordVaultsAtom: (authKind: "desktop-app" | "service-account", account: string, scopeId: ScopeId) => import("effect/unstable/reactivity/Atom").Atom<import("effect/unstable/reactivity/AsyncResult").AsyncResult<{
6
- readonly vaults: readonly import("../promise").Vault[];
20
+ readonly vaults: readonly {
21
+ readonly id: string;
22
+ readonly name: string;
23
+ }[];
7
24
  }, import("@executor-js/api").InternalError | import("../promise").OnePasswordError>>;
8
25
  export declare const configureOnePassword: import("effect/unstable/reactivity/Atom").AtomResultFn<{
9
26
  readonly params: {
10
27
  readonly scopeId: string & import("effect/Brand").Brand<"ScopeId">;
11
28
  };
12
- readonly payload: import("../promise").OnePasswordConfig;
29
+ readonly payload: {
30
+ readonly name: string;
31
+ readonly auth: {
32
+ readonly kind: "desktop-app";
33
+ readonly accountName: string;
34
+ } | {
35
+ readonly kind: "service-account";
36
+ readonly tokenSecretId: string;
37
+ };
38
+ readonly vaultId: string;
39
+ };
13
40
  readonly responseMode?: "decoded-only" | undefined;
14
41
  readonly reactivityKeys?: readonly unknown[] | import("effect/Record").ReadonlyRecord<string, readonly unknown[]> | undefined;
15
42
  }, void, import("@executor-js/api").InternalError | import("../promise").OnePasswordError>;
@@ -1,16 +1,43 @@
1
1
  export declare const OnePasswordClient: import("effect/unstable/reactivity/AtomHttpApi").AtomHttpApiClient<"Plugin_onepasswordClient", `Plugin_${string}Client`, import("effect/unstable/httpapi/HttpApiGroup").HttpApiGroup<"onepassword", import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"getConfig", "GET", "/scopes/:scopeId/onepassword/config", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<import("effect/Schema").Struct<{
2
2
  scopeId: import("effect/Schema").brand<import("effect/Schema").String, "ScopeId">;
3
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").NullOr<typeof import("../promise").OnePasswordConfig>>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/api").InternalError | typeof import("../promise").OnePasswordError>, never, never> | import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"configure", "PUT", "/scopes/:scopeId/onepassword/config", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<import("effect/Schema").Struct<{
3
+ }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").NullOr<import("effect/Schema").Struct<{
4
+ readonly auth: import("effect/Schema").Union<readonly [import("effect/Schema").Struct<{
5
+ readonly kind: import("effect/Schema").Literal<"desktop-app">;
6
+ readonly accountName: import("effect/Schema").String;
7
+ }>, import("effect/Schema").Struct<{
8
+ readonly kind: import("effect/Schema").Literal<"service-account">;
9
+ readonly tokenSecretId: import("effect/Schema").String;
10
+ }>]>;
11
+ readonly vaultId: import("effect/Schema").String;
12
+ readonly name: import("effect/Schema").String;
13
+ }>>>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/sdk").InternalError | typeof import("../promise").OnePasswordError>, never, never> | import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"configure", "PUT", "/scopes/:scopeId/onepassword/config", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<import("effect/Schema").Struct<{
4
14
  scopeId: import("effect/Schema").brand<import("effect/Schema").String, "ScopeId">;
5
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("../promise").OnePasswordConfig>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").Void>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/api").InternalError | typeof import("../promise").OnePasswordError>, never, never> | import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"removeConfig", "DELETE", "/scopes/:scopeId/onepassword/config", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<import("effect/Schema").Struct<{
15
+ }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").Struct<{
16
+ readonly auth: import("effect/Schema").Union<readonly [import("effect/Schema").Struct<{
17
+ readonly kind: import("effect/Schema").Literal<"desktop-app">;
18
+ readonly accountName: import("effect/Schema").String;
19
+ }>, import("effect/Schema").Struct<{
20
+ readonly kind: import("effect/Schema").Literal<"service-account">;
21
+ readonly tokenSecretId: import("effect/Schema").String;
22
+ }>]>;
23
+ readonly vaultId: import("effect/Schema").String;
24
+ readonly name: import("effect/Schema").String;
25
+ }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").Void>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/sdk").InternalError | typeof import("../promise").OnePasswordError>, never, never> | import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"removeConfig", "DELETE", "/scopes/:scopeId/onepassword/config", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<import("effect/Schema").Struct<{
6
26
  scopeId: import("effect/Schema").brand<import("effect/Schema").String, "ScopeId">;
7
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").Void>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/api").InternalError | typeof import("../promise").OnePasswordError>, never, never> | import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"status", "GET", "/scopes/:scopeId/onepassword/status", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<import("effect/Schema").Struct<{
27
+ }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").Void>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/sdk").InternalError | typeof import("../promise").OnePasswordError>, never, never> | import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"status", "GET", "/scopes/:scopeId/onepassword/status", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<import("effect/Schema").Struct<{
8
28
  scopeId: import("effect/Schema").brand<import("effect/Schema").String, "ScopeId">;
9
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("../promise").ConnectionStatus>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/api").InternalError | typeof import("../promise").OnePasswordError>, never, never> | import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"listVaults", "GET", "/scopes/:scopeId/onepassword/vaults", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<import("effect/Schema").Struct<{
29
+ }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").Struct<{
30
+ readonly connected: import("effect/Schema").Boolean;
31
+ readonly vaultName: import("effect/Schema").optional<import("effect/Schema").String>;
32
+ readonly error: import("effect/Schema").optional<import("effect/Schema").String>;
33
+ }>>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/sdk").InternalError | typeof import("../promise").OnePasswordError>, never, never> | import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"listVaults", "GET", "/scopes/:scopeId/onepassword/vaults", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<import("effect/Schema").Struct<{
10
34
  scopeId: import("effect/Schema").brand<import("effect/Schema").String, "ScopeId">;
11
35
  }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<import("effect/Schema").Struct<{
12
36
  readonly authKind: import("effect/Schema").Literals<readonly ["desktop-app", "service-account"]>;
13
37
  readonly account: import("effect/Schema").String;
14
38
  }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").Struct<{
15
- readonly vaults: import("effect/Schema").$Array<typeof import("../promise").Vault>;
16
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/api").InternalError | typeof import("../promise").OnePasswordError>, never, never>, false>>;
39
+ readonly vaults: import("effect/Schema").$Array<import("effect/Schema").Struct<{
40
+ readonly id: import("effect/Schema").String;
41
+ readonly name: import("effect/Schema").String;
42
+ }>>;
43
+ }>>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/sdk").InternalError | typeof import("../promise").OnePasswordError>, never, never>, false>>;