@executor-js/plugin-onepassword 0.2.1 → 1.4.20

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,10 +1,9 @@
1
1
  import {
2
2
  ConnectionStatus,
3
3
  OnePasswordConfig,
4
- OnePasswordConfigSchema,
5
4
  OnePasswordError,
6
5
  Vault
7
- } from "./chunk-NRYSRUWU.js";
6
+ } from "./chunk-TRGRRIAX.js";
8
7
 
9
8
  // src/react/OnePasswordSettings.tsx
10
9
  import { useState } from "react";
@@ -51,7 +50,7 @@ import { HttpApiEndpoint, HttpApiGroup } from "effect/unstable/httpapi";
51
50
  import { Schema } from "effect";
52
51
  import { InternalError, ScopeId } from "@executor-js/sdk/core";
53
52
  var ScopeParams = { scopeId: ScopeId };
54
- var ConfigurePayload = OnePasswordConfigSchema;
53
+ var ConfigurePayload = OnePasswordConfig;
55
54
  var ListVaultsParams = Schema.Struct({
56
55
  authKind: Schema.Literals(["desktop-app", "service-account"]),
57
56
  account: Schema.String
@@ -389,4 +388,4 @@ function OnePasswordSettings() {
389
388
  export {
390
389
  OnePasswordSettings as default
391
390
  };
392
- //# sourceMappingURL=OnePasswordSettings-NUPVIEGH.js.map
391
+ //# sourceMappingURL=OnePasswordSettings-LU6HZONL.js.map
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/react/OnePasswordSettings.tsx","../src/react/atoms.ts","../src/react/client.ts","../src/api/group.ts"],"sourcesContent":["import { useState } from \"react\";\nimport { useAtomSet, useAtomValue } from \"@effect/atom-react\";\nimport * as Exit from \"effect/Exit\";\nimport * as AsyncResult from \"effect/unstable/reactivity/AsyncResult\";\nimport { ReactivityKey } from \"@executor-js/react/api/reactivity-keys\";\nimport { useScope } from \"@executor-js/react/api/scope-context\";\nimport { Button } from \"@executor-js/react/components/button\";\nimport { Input } from \"@executor-js/react/components/input\";\nimport { Label } from \"@executor-js/react/components/label\";\nimport {\n Select,\n SelectContent,\n SelectItem,\n SelectTrigger,\n SelectValue,\n} from \"@executor-js/react/components/select\";\nimport {\n Dialog,\n DialogContent,\n DialogHeader,\n DialogTitle,\n DialogDescription,\n DialogFooter,\n DialogClose,\n} from \"@executor-js/react/components/dialog\";\nimport {\n CardStackEntry,\n CardStackEntryActions,\n CardStackEntryContent,\n CardStackEntryDescription,\n} from \"@executor-js/react/components/card-stack\";\n\nimport {\n onepasswordConfigAtom,\n onepasswordVaultsAtom,\n configureOnePassword,\n removeOnePasswordConfig,\n} from \"./atoms\";\nimport type { OnePasswordConfig } from \"../sdk/types\";\n\n// ---------------------------------------------------------------------------\n// Vault picker\n// ---------------------------------------------------------------------------\n\nfunction VaultPicker(props: {\n authKind: \"desktop-app\" | \"service-account\";\n accountName: string;\n vaultId: string;\n onVaultSelect: (id: string, name: string) => void;\n}) {\n const account = props.accountName.trim();\n const scopeId = useScope();\n const vaultsResult = useAtomValue(onepasswordVaultsAtom(props.authKind, account, scopeId));\n\n const { vaults, isLoading, error } = AsyncResult.matchWithError(\n vaultsResult as AsyncResult.AsyncResult<\n { vaults: ReadonlyArray<{ id: string; name: string }> },\n Error\n >,\n {\n onInitial: () => ({\n vaults: [] as { id: string; name: string }[],\n isLoading: true,\n error: null,\n }),\n onError: () => ({\n vaults: [] as { id: string; name: string }[],\n isLoading: false,\n error: \"Failed to list vaults\",\n }),\n onDefect: () => ({\n vaults: [] as { id: string; name: string }[],\n isLoading: false,\n error: \"Failed to list vaults\",\n }),\n onSuccess: ({ value }) => {\n const v = value.vaults;\n if (v.length > 0 && !props.vaultId) {\n queueMicrotask(() => props.onVaultSelect(v[0].id, v[0].name));\n }\n return { vaults: [...v], isLoading: false, error: null };\n },\n },\n );\n\n if (!account) {\n return (\n <p className=\"text-[11px] text-muted-foreground/50 py-1\">\n Enter account details to load vaults.\n </p>\n );\n }\n\n return (\n <div className=\"grid gap-2\">\n <Select\n disabled={isLoading || vaults.length === 0}\n value={props.vaultId}\n onValueChange={(id) => {\n const v = vaults.find((vault) => vault.id === id);\n if (v) props.onVaultSelect(v.id, v.name);\n }}\n >\n <SelectTrigger className=\"h-9 text-[13px]\">\n <SelectValue placeholder={isLoading ? \"Loading…\" : \"Select a vault\"} />\n </SelectTrigger>\n <SelectContent>\n {vaults.map((v) => (\n <SelectItem key={v.id} value={v.id}>\n {v.name}\n </SelectItem>\n ))}\n </SelectContent>\n </Select>\n {error && (\n <div className=\"rounded-md border border-destructive/20 bg-destructive/5 px-2.5 py-1.5\">\n <p className=\"text-[11px] text-destructive leading-relaxed whitespace-pre-line\">\n {error}\n </p>\n </div>\n )}\n </div>\n );\n}\n\n// ---------------------------------------------------------------------------\n// Config dialog\n// ---------------------------------------------------------------------------\n\nfunction ConfigDialog(props: {\n open: boolean;\n onOpenChange: (v: boolean) => void;\n initial?: { authKind: string; accountName: string; vaultId: string; name: string };\n}) {\n const isEdit = !!props.initial;\n const [authKind, setAuthKind] = useState<\"desktop-app\" | \"service-account\">(\n (props.initial?.authKind as \"desktop-app\" | \"service-account\") ?? \"desktop-app\",\n );\n const [accountName, setAccountName] = useState(props.initial?.accountName ?? \"my.1password.com\");\n const [vaultId, setVaultId] = useState(props.initial?.vaultId ?? \"\");\n const [vaultName, setVaultName] = useState(props.initial?.name ?? \"\");\n const [saving, setSaving] = useState(false);\n const [error, setError] = useState<string | null>(null);\n\n const scopeId = useScope();\n const doConfigure = useAtomSet(configureOnePassword, { mode: \"promiseExit\" });\n\n const reset = () => {\n if (!isEdit) {\n setAuthKind(\"desktop-app\");\n setAccountName(\"my.1password.com\");\n setVaultId(\"\");\n setVaultName(\"\");\n }\n setError(null);\n setSaving(false);\n };\n\n const handleSave = async () => {\n if (!accountName.trim() || !vaultId.trim()) return;\n setSaving(true);\n setError(null);\n\n const auth =\n authKind === \"desktop-app\"\n ? { kind: \"desktop-app\" as const, accountName: accountName.trim() }\n : { kind: \"service-account\" as const, tokenSecretId: accountName.trim() };\n\n const exit = await doConfigure({\n params: { scopeId },\n payload: { auth, vaultId: vaultId.trim(), name: vaultName.trim() || \"1Password\" },\n reactivityKeys: [ReactivityKey.secrets],\n });\n if (Exit.isFailure(exit)) {\n setError(\"Failed to save configuration\");\n setSaving(false);\n return;\n }\n\n props.onOpenChange(false);\n reset();\n };\n\n return (\n <Dialog\n open={props.open}\n onOpenChange={(v) => {\n if (!v) reset();\n props.onOpenChange(v);\n }}\n >\n <DialogContent className=\"sm:max-w-[420px]\">\n <DialogHeader>\n <DialogTitle className=\"font-display text-xl\">\n {isEdit ? \"Edit 1Password\" : \"Connect 1Password\"}\n </DialogTitle>\n <DialogDescription className=\"text-[13px] leading-relaxed\">\n Link a vault to resolve secrets via the 1Password desktop app or a service account.\n </DialogDescription>\n </DialogHeader>\n\n <div className=\"grid gap-5 py-3\">\n {/* Auth method */}\n <div className=\"grid gap-1.5\">\n <Label className=\"text-[11px] font-medium uppercase tracking-[0.08em] text-muted-foreground\">\n Auth method\n </Label>\n <Select\n value={authKind}\n onValueChange={(v) => setAuthKind(v as \"desktop-app\" | \"service-account\")}\n >\n <SelectTrigger className=\"h-9 text-[13px]\">\n <SelectValue />\n </SelectTrigger>\n <SelectContent>\n <SelectItem value=\"desktop-app\">Desktop App (biometric)</SelectItem>\n <SelectItem value=\"service-account\">Service Account</SelectItem>\n </SelectContent>\n </Select>\n </div>\n\n {/* Account / token */}\n <div className=\"grid gap-1.5\">\n <Label className=\"text-[11px] font-medium uppercase tracking-[0.08em] text-muted-foreground\">\n {authKind === \"desktop-app\" ? \"Account domain\" : \"Token secret ID\"}\n </Label>\n <Input\n placeholder={authKind === \"desktop-app\" ? \"my.1password.com\" : \"op-service-token\"}\n value={accountName}\n onChange={(e) => setAccountName((e.target as HTMLInputElement).value)}\n className=\"font-mono text-[13px] h-9\"\n />\n <p className=\"text-[11px] text-muted-foreground/60 leading-relaxed\">\n {authKind === \"desktop-app\"\n ? \"Requires the 1Password desktop app with biometric unlock.\"\n : \"Reference an executor secret that holds the service account token.\"}\n </p>\n </div>\n\n {/* Vault */}\n <div className=\"grid gap-1.5\">\n <Label className=\"text-[11px] font-medium uppercase tracking-[0.08em] text-muted-foreground\">\n Vault\n </Label>\n <VaultPicker\n authKind={authKind}\n accountName={accountName}\n vaultId={vaultId}\n onVaultSelect={(id, name) => {\n setVaultId(id);\n setVaultName(name);\n }}\n />\n {vaultId && <p className=\"font-mono text-[10px] text-muted-foreground/50\">{vaultId}</p>}\n </div>\n\n {/* Display name */}\n <div className=\"grid gap-1.5\">\n <Label className=\"text-[11px] font-medium uppercase tracking-[0.08em] text-muted-foreground\">\n Display name\n </Label>\n <Input\n placeholder=\"1Password\"\n value={vaultName}\n onChange={(e) => setVaultName((e.target as HTMLInputElement).value)}\n className=\"text-[13px] h-9\"\n />\n </div>\n\n {error && (\n <div className=\"rounded-md border border-destructive/20 bg-destructive/5 px-3 py-2\">\n <p className=\"text-[12px] text-destructive whitespace-pre-line\">{error}</p>\n </div>\n )}\n </div>\n\n <DialogFooter>\n <DialogClose asChild>\n <Button variant=\"ghost\" size=\"sm\">\n Cancel\n </Button>\n </DialogClose>\n <Button\n size=\"sm\"\n onClick={handleSave}\n disabled={!accountName.trim() || !vaultId.trim() || saving}\n >\n {saving ? \"Saving…\" : isEdit ? \"Update\" : \"Connect\"}\n </Button>\n </DialogFooter>\n </DialogContent>\n </Dialog>\n );\n}\n\n// ---------------------------------------------------------------------------\n// Settings card\n// ---------------------------------------------------------------------------\n\nexport default function OnePasswordSettings() {\n const [configOpen, setConfigOpen] = useState(false);\n const scopeId = useScope();\n const configResult = useAtomValue(onepasswordConfigAtom(scopeId));\n const doRemove = useAtomSet(removeOnePasswordConfig, { mode: \"promiseExit\" });\n\n const handleRemove = async () => {\n await doRemove({ params: { scopeId }, reactivityKeys: [ReactivityKey.secrets] });\n };\n\n const config: OnePasswordConfig | null = AsyncResult.match(\n configResult as AsyncResult.AsyncResult<OnePasswordConfig | null, unknown>,\n { onInitial: () => null, onFailure: () => null, onSuccess: ({ value }) => value },\n );\n const isLoading = AsyncResult.match(\n configResult as AsyncResult.AsyncResult<OnePasswordConfig | null, unknown>,\n {\n onInitial: () => true,\n onFailure: () => false,\n onSuccess: () => false,\n },\n );\n const isError = AsyncResult.match(\n configResult as AsyncResult.AsyncResult<OnePasswordConfig | null, unknown>,\n {\n onInitial: () => false,\n onFailure: () => true,\n onSuccess: () => false,\n },\n );\n\n return (\n <>\n <CardStackEntry>\n <CardStackEntryContent>\n {isLoading ? (\n <CardStackEntryDescription>Loading…</CardStackEntryDescription>\n ) : isError ? (\n <CardStackEntryDescription className=\"text-destructive\">\n Failed to load configuration\n </CardStackEntryDescription>\n ) : config ? (\n <div className=\"grid grid-cols-[auto_1fr] gap-x-6 gap-y-1 text-[12px]\">\n <span className=\"text-muted-foreground/60\">Auth</span>\n <span className=\"font-mono text-foreground/80 truncate\">\n {config.auth.kind === \"desktop-app\" ? config.auth.accountName : \"service-account\"}\n </span>\n <span className=\"text-muted-foreground/60\">Vault</span>\n <div className=\"flex items-center gap-2 min-w-0\">\n <span className=\"text-foreground/80 truncate\">{config.name}</span>\n <span className=\"font-mono text-[10px] text-muted-foreground/40 truncate\">\n {config.vaultId}\n </span>\n </div>\n </div>\n ) : (\n <CardStackEntryDescription>\n Resolve secrets from your 1Password vault.\n </CardStackEntryDescription>\n )}\n </CardStackEntryContent>\n <CardStackEntryActions>\n {config ? (\n <>\n <Button\n variant=\"ghost\"\n size=\"sm\"\n className=\"h-7 px-2.5 text-[12px]\"\n onClick={() => setConfigOpen(true)}\n >\n Edit\n </Button>\n <Button\n variant=\"ghost\"\n size=\"sm\"\n className=\"h-7 px-2.5 text-[12px] text-destructive/70 hover:text-destructive\"\n onClick={handleRemove}\n >\n Disconnect\n </Button>\n </>\n ) : (\n !isLoading &&\n !isError && (\n <Button\n variant=\"link\"\n size=\"sm\"\n className=\"h-7 px-0 text-[12px] shrink-0\"\n onClick={() => setConfigOpen(true)}\n >\n Add 1Password\n </Button>\n )\n )}\n </CardStackEntryActions>\n </CardStackEntry>\n\n {configOpen && (\n <ConfigDialog\n open={configOpen}\n onOpenChange={setConfigOpen}\n initial={\n config\n ? {\n authKind: config.auth.kind,\n accountName:\n config.auth.kind === \"desktop-app\"\n ? config.auth.accountName\n : config.auth.tokenSecretId,\n vaultId: config.vaultId,\n name: config.name,\n }\n : undefined\n }\n />\n )}\n </>\n );\n}\n","import type { ScopeId } from \"@executor-js/sdk/core\";\nimport { ReactivityKey } from \"@executor-js/react/api/reactivity-keys\";\nimport { OnePasswordClient } from \"./client\";\n\nexport const onepasswordWriteKeys = [ReactivityKey.secrets] as const;\n\n// ---------------------------------------------------------------------------\n// Query atoms\n// ---------------------------------------------------------------------------\n\nexport const onepasswordConfigAtom = (scopeId: ScopeId) =>\n OnePasswordClient.query(\"onepassword\", \"getConfig\", {\n params: { scopeId },\n timeToLive: \"30 seconds\",\n reactivityKeys: [ReactivityKey.secrets],\n });\n\nexport const onepasswordStatusAtom = (scopeId: ScopeId) =>\n OnePasswordClient.query(\"onepassword\", \"status\", {\n params: { scopeId },\n timeToLive: \"15 seconds\",\n reactivityKeys: [ReactivityKey.secrets],\n });\n\n// ---------------------------------------------------------------------------\n// Query atoms — vaults\n// ---------------------------------------------------------------------------\n\nexport const onepasswordVaultsAtom = (\n authKind: \"desktop-app\" | \"service-account\",\n account: string,\n scopeId: ScopeId,\n) =>\n OnePasswordClient.query(\"onepassword\", \"listVaults\", {\n params: { scopeId },\n query: { authKind, account },\n timeToLive: \"30 seconds\",\n reactivityKeys: [ReactivityKey.secrets],\n });\n\n// ---------------------------------------------------------------------------\n// Mutation atoms\n// ---------------------------------------------------------------------------\n\nexport const configureOnePassword = OnePasswordClient.mutation(\"onepassword\", \"configure\");\n\nexport const removeOnePasswordConfig = OnePasswordClient.mutation(\"onepassword\", \"removeConfig\");\n","import { createPluginAtomClient } from \"@executor-js/sdk/client\";\nimport { getBaseUrl } from \"@executor-js/react/api/base-url\";\nimport { OnePasswordGroup } from \"../api/group\";\n\nexport const OnePasswordClient = createPluginAtomClient(OnePasswordGroup, {\n baseUrl: getBaseUrl,\n});\n","import { HttpApiEndpoint, HttpApiGroup } from \"effect/unstable/httpapi\";\nimport { Schema } from \"effect\";\nimport { InternalError, ScopeId } from \"@executor-js/sdk/core\";\n\nimport { OnePasswordError } from \"../sdk/errors\";\nimport { OnePasswordConfig, OnePasswordConfigSchema, Vault, ConnectionStatus } from \"../sdk/types\";\n\n// ---------------------------------------------------------------------------\n// Params\n// ---------------------------------------------------------------------------\n\nconst ScopeParams = { scopeId: ScopeId };\n\n// ---------------------------------------------------------------------------\n// Payloads\n// ---------------------------------------------------------------------------\n\nconst ConfigurePayload = OnePasswordConfigSchema;\n\nconst ListVaultsParams = Schema.Struct({\n authKind: Schema.Literals([\"desktop-app\", \"service-account\"]),\n account: Schema.String,\n});\n\n// ---------------------------------------------------------------------------\n// Responses\n// ---------------------------------------------------------------------------\n\nconst ListVaultsResponse = Schema.Struct({\n vaults: Schema.Array(Vault),\n});\n\nconst GetConfigResponse = Schema.NullOr(OnePasswordConfig);\n\n// ---------------------------------------------------------------------------\n// Group\n//\n// Plugin SDK errors (OnePasswordError) are declared once at the group level\n// via `.addError(...)` — every endpoint inherits. The error carries its own\n// 502 status via `HttpApiSchema.annotations` in errors.ts.\n//\n// `InternalError` is the shared opaque 500 schema translated at the HTTP\n// edge by `withCapture` (see observability.ts). Storage failures on\n// `ctx.storage`/`ctx.secrets` flow through as `StorageFailure` in the\n// typed channel and are captured + downgraded to `InternalError({ traceId })`\n// at Layer composition. No per-handler translation.\n// ---------------------------------------------------------------------------\n\nexport const OnePasswordGroup = HttpApiGroup.make(\"onepassword\")\n .add(\n HttpApiEndpoint.get(\"getConfig\", \"/scopes/:scopeId/onepassword/config\", {\n params: ScopeParams,\n success: GetConfigResponse,\n error: [InternalError, OnePasswordError],\n }),\n )\n .add(\n HttpApiEndpoint.put(\"configure\", \"/scopes/:scopeId/onepassword/config\", {\n params: ScopeParams,\n payload: ConfigurePayload,\n success: Schema.Void,\n error: [InternalError, OnePasswordError],\n }),\n )\n .add(\n HttpApiEndpoint.delete(\"removeConfig\", \"/scopes/:scopeId/onepassword/config\", {\n params: ScopeParams,\n success: Schema.Void,\n error: [InternalError, OnePasswordError],\n }),\n )\n .add(\n HttpApiEndpoint.get(\"status\", \"/scopes/:scopeId/onepassword/status\", {\n params: ScopeParams,\n success: ConnectionStatus,\n error: [InternalError, OnePasswordError],\n }),\n )\n .add(\n HttpApiEndpoint.get(\"listVaults\", \"/scopes/:scopeId/onepassword/vaults\", {\n params: ScopeParams,\n query: ListVaultsParams,\n success: ListVaultsResponse,\n error: [InternalError, OnePasswordError],\n }),\n );\n"],"mappings":";;;;;;;;;AAAA,SAAS,gBAAgB;AACzB,SAAS,YAAY,oBAAoB;AACzC,YAAY,UAAU;AACtB,YAAY,iBAAiB;AAC7B,SAAS,iBAAAA,sBAAqB;AAC9B,SAAS,gBAAgB;AACzB,SAAS,cAAc;AACvB,SAAS,aAAa;AACtB,SAAS,aAAa;AACtB;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;;;AC7BP,SAAS,qBAAqB;;;ACD9B,SAAS,8BAA8B;AACvC,SAAS,kBAAkB;;;ACD3B,SAAS,iBAAiB,oBAAoB;AAC9C,SAAS,cAAc;AACvB,SAAS,eAAe,eAAe;AASvC,IAAM,cAAc,EAAE,SAAS,QAAQ;AAMvC,IAAM,mBAAmB;AAEzB,IAAM,mBAAmB,OAAO,OAAO;AAAA,EACrC,UAAU,OAAO,SAAS,CAAC,eAAe,iBAAiB,CAAC;AAAA,EAC5D,SAAS,OAAO;AAClB,CAAC;AAMD,IAAM,qBAAqB,OAAO,OAAO;AAAA,EACvC,QAAQ,OAAO,MAAM,KAAK;AAC5B,CAAC;AAED,IAAM,oBAAoB,OAAO,OAAO,iBAAiB;AAgBlD,IAAM,mBAAmB,aAAa,KAAK,aAAa,EAC5D;AAAA,EACC,gBAAgB,IAAI,aAAa,uCAAuC;AAAA,IACtE,QAAQ;AAAA,IACR,SAAS;AAAA,IACT,OAAO,CAAC,eAAe,gBAAgB;AAAA,EACzC,CAAC;AACH,EACC;AAAA,EACC,gBAAgB,IAAI,aAAa,uCAAuC;AAAA,IACtE,QAAQ;AAAA,IACR,SAAS;AAAA,IACT,SAAS,OAAO;AAAA,IAChB,OAAO,CAAC,eAAe,gBAAgB;AAAA,EACzC,CAAC;AACH,EACC;AAAA,EACC,gBAAgB,OAAO,gBAAgB,uCAAuC;AAAA,IAC5E,QAAQ;AAAA,IACR,SAAS,OAAO;AAAA,IAChB,OAAO,CAAC,eAAe,gBAAgB;AAAA,EACzC,CAAC;AACH,EACC;AAAA,EACC,gBAAgB,IAAI,UAAU,uCAAuC;AAAA,IACnE,QAAQ;AAAA,IACR,SAAS;AAAA,IACT,OAAO,CAAC,eAAe,gBAAgB;AAAA,EACzC,CAAC;AACH,EACC;AAAA,EACC,gBAAgB,IAAI,cAAc,uCAAuC;AAAA,IACvE,QAAQ;AAAA,IACR,OAAO;AAAA,IACP,SAAS;AAAA,IACT,OAAO,CAAC,eAAe,gBAAgB;AAAA,EACzC,CAAC;AACH;;;ADjFK,IAAM,oBAAoB,uBAAuB,kBAAkB;AAAA,EACxE,SAAS;AACX,CAAC;;;ADFM,IAAM,uBAAuB,CAAC,cAAc,OAAO;AAMnD,IAAM,wBAAwB,CAAC,YACpC,kBAAkB,MAAM,eAAe,aAAa;AAAA,EAClD,QAAQ,EAAE,QAAQ;AAAA,EAClB,YAAY;AAAA,EACZ,gBAAgB,CAAC,cAAc,OAAO;AACxC,CAAC;AAaI,IAAM,wBAAwB,CACnC,UACA,SACA,YAEA,kBAAkB,MAAM,eAAe,cAAc;AAAA,EACnD,QAAQ,EAAE,QAAQ;AAAA,EAClB,OAAO,EAAE,UAAU,QAAQ;AAAA,EAC3B,YAAY;AAAA,EACZ,gBAAgB,CAAC,cAAc,OAAO;AACxC,CAAC;AAMI,IAAM,uBAAuB,kBAAkB,SAAS,eAAe,WAAW;AAElF,IAAM,0BAA0B,kBAAkB,SAAS,eAAe,cAAc;;;ADyCzF,SAmRM,UAnRN,KAQA,YARA;AA3CN,SAAS,YAAY,OAKlB;AACD,QAAM,UAAU,MAAM,YAAY,KAAK;AACvC,QAAM,UAAU,SAAS;AACzB,QAAM,eAAe,aAAa,sBAAsB,MAAM,UAAU,SAAS,OAAO,CAAC;AAEzF,QAAM,EAAE,QAAQ,WAAW,MAAM,IAAgB;AAAA,IAC/C;AAAA,IAIA;AAAA,MACE,WAAW,OAAO;AAAA,QAChB,QAAQ,CAAC;AAAA,QACT,WAAW;AAAA,QACX,OAAO;AAAA,MACT;AAAA,MACA,SAAS,OAAO;AAAA,QACd,QAAQ,CAAC;AAAA,QACT,WAAW;AAAA,QACX,OAAO;AAAA,MACT;AAAA,MACA,UAAU,OAAO;AAAA,QACf,QAAQ,CAAC;AAAA,QACT,WAAW;AAAA,QACX,OAAO;AAAA,MACT;AAAA,MACA,WAAW,CAAC,EAAE,MAAM,MAAM;AACxB,cAAM,IAAI,MAAM;AAChB,YAAI,EAAE,SAAS,KAAK,CAAC,MAAM,SAAS;AAClC,yBAAe,MAAM,MAAM,cAAc,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,CAAC;AAAA,QAC9D;AACA,eAAO,EAAE,QAAQ,CAAC,GAAG,CAAC,GAAG,WAAW,OAAO,OAAO,KAAK;AAAA,MACzD;AAAA,IACF;AAAA,EACF;AAEA,MAAI,CAAC,SAAS;AACZ,WACE,oBAAC,OAAE,WAAU,6CAA4C,mDAEzD;AAAA,EAEJ;AAEA,SACE,qBAAC,SAAI,WAAU,cACb;AAAA;AAAA,MAAC;AAAA;AAAA,QACC,UAAU,aAAa,OAAO,WAAW;AAAA,QACzC,OAAO,MAAM;AAAA,QACb,eAAe,CAAC,OAAO;AACrB,gBAAM,IAAI,OAAO,KAAK,CAAC,UAAU,MAAM,OAAO,EAAE;AAChD,cAAI,EAAG,OAAM,cAAc,EAAE,IAAI,EAAE,IAAI;AAAA,QACzC;AAAA,QAEA;AAAA,8BAAC,iBAAc,WAAU,mBACvB,8BAAC,eAAY,aAAa,YAAY,kBAAa,kBAAkB,GACvE;AAAA,UACA,oBAAC,iBACE,iBAAO,IAAI,CAAC,MACX,oBAAC,cAAsB,OAAO,EAAE,IAC7B,YAAE,QADY,EAAE,EAEnB,CACD,GACH;AAAA;AAAA;AAAA,IACF;AAAA,IACC,SACC,oBAAC,SAAI,WAAU,0EACb,8BAAC,OAAE,WAAU,oEACV,iBACH,GACF;AAAA,KAEJ;AAEJ;AAMA,SAAS,aAAa,OAInB;AACD,QAAM,SAAS,CAAC,CAAC,MAAM;AACvB,QAAM,CAAC,UAAU,WAAW,IAAI;AAAA,IAC7B,MAAM,SAAS,YAAkD;AAAA,EACpE;AACA,QAAM,CAAC,aAAa,cAAc,IAAI,SAAS,MAAM,SAAS,eAAe,kBAAkB;AAC/F,QAAM,CAAC,SAAS,UAAU,IAAI,SAAS,MAAM,SAAS,WAAW,EAAE;AACnE,QAAM,CAAC,WAAW,YAAY,IAAI,SAAS,MAAM,SAAS,QAAQ,EAAE;AACpE,QAAM,CAAC,QAAQ,SAAS,IAAI,SAAS,KAAK;AAC1C,QAAM,CAAC,OAAO,QAAQ,IAAI,SAAwB,IAAI;AAEtD,QAAM,UAAU,SAAS;AACzB,QAAM,cAAc,WAAW,sBAAsB,EAAE,MAAM,cAAc,CAAC;AAE5E,QAAM,QAAQ,MAAM;AAClB,QAAI,CAAC,QAAQ;AACX,kBAAY,aAAa;AACzB,qBAAe,kBAAkB;AACjC,iBAAW,EAAE;AACb,mBAAa,EAAE;AAAA,IACjB;AACA,aAAS,IAAI;AACb,cAAU,KAAK;AAAA,EACjB;AAEA,QAAM,aAAa,YAAY;AAC7B,QAAI,CAAC,YAAY,KAAK,KAAK,CAAC,QAAQ,KAAK,EAAG;AAC5C,cAAU,IAAI;AACd,aAAS,IAAI;AAEb,UAAM,OACJ,aAAa,gBACT,EAAE,MAAM,eAAwB,aAAa,YAAY,KAAK,EAAE,IAChE,EAAE,MAAM,mBAA4B,eAAe,YAAY,KAAK,EAAE;AAE5E,UAAM,OAAO,MAAM,YAAY;AAAA,MAC7B,QAAQ,EAAE,QAAQ;AAAA,MAClB,SAAS,EAAE,MAAM,SAAS,QAAQ,KAAK,GAAG,MAAM,UAAU,KAAK,KAAK,YAAY;AAAA,MAChF,gBAAgB,CAACC,eAAc,OAAO;AAAA,IACxC,CAAC;AACD,QAAS,eAAU,IAAI,GAAG;AACxB,eAAS,8BAA8B;AACvC,gBAAU,KAAK;AACf;AAAA,IACF;AAEA,UAAM,aAAa,KAAK;AACxB,UAAM;AAAA,EACR;AAEA,SACE;AAAA,IAAC;AAAA;AAAA,MACC,MAAM,MAAM;AAAA,MACZ,cAAc,CAAC,MAAM;AACnB,YAAI,CAAC,EAAG,OAAM;AACd,cAAM,aAAa,CAAC;AAAA,MACtB;AAAA,MAEA,+BAAC,iBAAc,WAAU,oBACvB;AAAA,6BAAC,gBACC;AAAA,8BAAC,eAAY,WAAU,wBACpB,mBAAS,mBAAmB,qBAC/B;AAAA,UACA,oBAAC,qBAAkB,WAAU,+BAA8B,iGAE3D;AAAA,WACF;AAAA,QAEA,qBAAC,SAAI,WAAU,mBAEb;AAAA,+BAAC,SAAI,WAAU,gBACb;AAAA,gCAAC,SAAM,WAAU,6EAA4E,yBAE7F;AAAA,YACA;AAAA,cAAC;AAAA;AAAA,gBACC,OAAO;AAAA,gBACP,eAAe,CAAC,MAAM,YAAY,CAAsC;AAAA,gBAExE;AAAA,sCAAC,iBAAc,WAAU,mBACvB,8BAAC,eAAY,GACf;AAAA,kBACA,qBAAC,iBACC;AAAA,wCAAC,cAAW,OAAM,eAAc,qCAAuB;AAAA,oBACvD,oBAAC,cAAW,OAAM,mBAAkB,6BAAe;AAAA,qBACrD;AAAA;AAAA;AAAA,YACF;AAAA,aACF;AAAA,UAGA,qBAAC,SAAI,WAAU,gBACb;AAAA,gCAAC,SAAM,WAAU,6EACd,uBAAa,gBAAgB,mBAAmB,mBACnD;AAAA,YACA;AAAA,cAAC;AAAA;AAAA,gBACC,aAAa,aAAa,gBAAgB,qBAAqB;AAAA,gBAC/D,OAAO;AAAA,gBACP,UAAU,CAAC,MAAM,eAAgB,EAAE,OAA4B,KAAK;AAAA,gBACpE,WAAU;AAAA;AAAA,YACZ;AAAA,YACA,oBAAC,OAAE,WAAU,wDACV,uBAAa,gBACV,8DACA,sEACN;AAAA,aACF;AAAA,UAGA,qBAAC,SAAI,WAAU,gBACb;AAAA,gCAAC,SAAM,WAAU,6EAA4E,mBAE7F;AAAA,YACA;AAAA,cAAC;AAAA;AAAA,gBACC;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA,eAAe,CAAC,IAAI,SAAS;AAC3B,6BAAW,EAAE;AACb,+BAAa,IAAI;AAAA,gBACnB;AAAA;AAAA,YACF;AAAA,YACC,WAAW,oBAAC,OAAE,WAAU,kDAAkD,mBAAQ;AAAA,aACrF;AAAA,UAGA,qBAAC,SAAI,WAAU,gBACb;AAAA,gCAAC,SAAM,WAAU,6EAA4E,0BAE7F;AAAA,YACA;AAAA,cAAC;AAAA;AAAA,gBACC,aAAY;AAAA,gBACZ,OAAO;AAAA,gBACP,UAAU,CAAC,MAAM,aAAc,EAAE,OAA4B,KAAK;AAAA,gBAClE,WAAU;AAAA;AAAA,YACZ;AAAA,aACF;AAAA,UAEC,SACC,oBAAC,SAAI,WAAU,sEACb,8BAAC,OAAE,WAAU,oDAAoD,iBAAM,GACzE;AAAA,WAEJ;AAAA,QAEA,qBAAC,gBACC;AAAA,8BAAC,eAAY,SAAO,MAClB,8BAAC,UAAO,SAAQ,SAAQ,MAAK,MAAK,oBAElC,GACF;AAAA,UACA;AAAA,YAAC;AAAA;AAAA,cACC,MAAK;AAAA,cACL,SAAS;AAAA,cACT,UAAU,CAAC,YAAY,KAAK,KAAK,CAAC,QAAQ,KAAK,KAAK;AAAA,cAEnD,mBAAS,iBAAY,SAAS,WAAW;AAAA;AAAA,UAC5C;AAAA,WACF;AAAA,SACF;AAAA;AAAA,EACF;AAEJ;AAMe,SAAR,sBAAuC;AAC5C,QAAM,CAAC,YAAY,aAAa,IAAI,SAAS,KAAK;AAClD,QAAM,UAAU,SAAS;AACzB,QAAM,eAAe,aAAa,sBAAsB,OAAO,CAAC;AAChE,QAAM,WAAW,WAAW,yBAAyB,EAAE,MAAM,cAAc,CAAC;AAE5E,QAAM,eAAe,YAAY;AAC/B,UAAM,SAAS,EAAE,QAAQ,EAAE,QAAQ,GAAG,gBAAgB,CAACA,eAAc,OAAO,EAAE,CAAC;AAAA,EACjF;AAEA,QAAM,SAA+C;AAAA,IACnD;AAAA,IACA,EAAE,WAAW,MAAM,MAAM,WAAW,MAAM,MAAM,WAAW,CAAC,EAAE,MAAM,MAAM,MAAM;AAAA,EAClF;AACA,QAAM,YAAwB;AAAA,IAC5B;AAAA,IACA;AAAA,MACE,WAAW,MAAM;AAAA,MACjB,WAAW,MAAM;AAAA,MACjB,WAAW,MAAM;AAAA,IACnB;AAAA,EACF;AACA,QAAM,UAAsB;AAAA,IAC1B;AAAA,IACA;AAAA,MACE,WAAW,MAAM;AAAA,MACjB,WAAW,MAAM;AAAA,MACjB,WAAW,MAAM;AAAA,IACnB;AAAA,EACF;AAEA,SACE,iCACE;AAAA,yBAAC,kBACC;AAAA,0BAAC,yBACE,sBACC,oBAAC,6BAA0B,2BAAQ,IACjC,UACF,oBAAC,6BAA0B,WAAU,oBAAmB,0CAExD,IACE,SACF,qBAAC,SAAI,WAAU,yDACb;AAAA,4BAAC,UAAK,WAAU,4BAA2B,kBAAI;AAAA,QAC/C,oBAAC,UAAK,WAAU,yCACb,iBAAO,KAAK,SAAS,gBAAgB,OAAO,KAAK,cAAc,mBAClE;AAAA,QACA,oBAAC,UAAK,WAAU,4BAA2B,mBAAK;AAAA,QAChD,qBAAC,SAAI,WAAU,mCACb;AAAA,8BAAC,UAAK,WAAU,+BAA+B,iBAAO,MAAK;AAAA,UAC3D,oBAAC,UAAK,WAAU,2DACb,iBAAO,SACV;AAAA,WACF;AAAA,SACF,IAEA,oBAAC,6BAA0B,wDAE3B,GAEJ;AAAA,MACA,oBAAC,yBACE,mBACC,iCACE;AAAA;AAAA,UAAC;AAAA;AAAA,YACC,SAAQ;AAAA,YACR,MAAK;AAAA,YACL,WAAU;AAAA,YACV,SAAS,MAAM,cAAc,IAAI;AAAA,YAClC;AAAA;AAAA,QAED;AAAA,QACA;AAAA,UAAC;AAAA;AAAA,YACC,SAAQ;AAAA,YACR,MAAK;AAAA,YACL,WAAU;AAAA,YACV,SAAS;AAAA,YACV;AAAA;AAAA,QAED;AAAA,SACF,IAEA,CAAC,aACD,CAAC,WACC;AAAA,QAAC;AAAA;AAAA,UACC,SAAQ;AAAA,UACR,MAAK;AAAA,UACL,WAAU;AAAA,UACV,SAAS,MAAM,cAAc,IAAI;AAAA,UAClC;AAAA;AAAA,MAED,GAGN;AAAA,OACF;AAAA,IAEC,cACC;AAAA,MAAC;AAAA;AAAA,QACC,MAAM;AAAA,QACN,cAAc;AAAA,QACd,SACE,SACI;AAAA,UACE,UAAU,OAAO,KAAK;AAAA,UACtB,aACE,OAAO,KAAK,SAAS,gBACjB,OAAO,KAAK,cACZ,OAAO,KAAK;AAAA,UAClB,SAAS,OAAO;AAAA,UAChB,MAAM,OAAO;AAAA,QACf,IACA;AAAA;AAAA,IAER;AAAA,KAEJ;AAEJ;","names":["ReactivityKey","ReactivityKey"]}
1
+ {"version":3,"sources":["../src/react/OnePasswordSettings.tsx","../src/react/atoms.ts","../src/react/client.ts","../src/api/group.ts"],"sourcesContent":["import { useState } from \"react\";\nimport { useAtomSet, useAtomValue } from \"@effect/atom-react\";\nimport * as Exit from \"effect/Exit\";\nimport * as AsyncResult from \"effect/unstable/reactivity/AsyncResult\";\nimport { ReactivityKey } from \"@executor-js/react/api/reactivity-keys\";\nimport { useScope } from \"@executor-js/react/api/scope-context\";\nimport { Button } from \"@executor-js/react/components/button\";\nimport { Input } from \"@executor-js/react/components/input\";\nimport { Label } from \"@executor-js/react/components/label\";\nimport {\n Select,\n SelectContent,\n SelectItem,\n SelectTrigger,\n SelectValue,\n} from \"@executor-js/react/components/select\";\nimport {\n Dialog,\n DialogContent,\n DialogHeader,\n DialogTitle,\n DialogDescription,\n DialogFooter,\n DialogClose,\n} from \"@executor-js/react/components/dialog\";\nimport {\n CardStackEntry,\n CardStackEntryActions,\n CardStackEntryContent,\n CardStackEntryDescription,\n} from \"@executor-js/react/components/card-stack\";\n\nimport {\n onepasswordConfigAtom,\n onepasswordVaultsAtom,\n configureOnePassword,\n removeOnePasswordConfig,\n} from \"./atoms\";\nimport type { OnePasswordConfig } from \"../sdk/types\";\n\n// ---------------------------------------------------------------------------\n// Vault picker\n// ---------------------------------------------------------------------------\n\nfunction VaultPicker(props: {\n authKind: \"desktop-app\" | \"service-account\";\n accountName: string;\n vaultId: string;\n onVaultSelect: (id: string, name: string) => void;\n}) {\n const account = props.accountName.trim();\n const scopeId = useScope();\n const vaultsResult = useAtomValue(onepasswordVaultsAtom(props.authKind, account, scopeId));\n\n const { vaults, isLoading, error } = AsyncResult.matchWithError(\n vaultsResult as AsyncResult.AsyncResult<\n { vaults: ReadonlyArray<{ id: string; name: string }> },\n Error\n >,\n {\n onInitial: () => ({\n vaults: [] as { id: string; name: string }[],\n isLoading: true,\n error: null,\n }),\n onError: () => ({\n vaults: [] as { id: string; name: string }[],\n isLoading: false,\n error: \"Failed to list vaults\",\n }),\n onDefect: () => ({\n vaults: [] as { id: string; name: string }[],\n isLoading: false,\n error: \"Failed to list vaults\",\n }),\n onSuccess: ({ value }) => {\n const v = value.vaults;\n if (v.length > 0 && !props.vaultId) {\n queueMicrotask(() => props.onVaultSelect(v[0].id, v[0].name));\n }\n return { vaults: [...v], isLoading: false, error: null };\n },\n },\n );\n\n if (!account) {\n return (\n <p className=\"text-[11px] text-muted-foreground/50 py-1\">\n Enter account details to load vaults.\n </p>\n );\n }\n\n return (\n <div className=\"grid gap-2\">\n <Select\n disabled={isLoading || vaults.length === 0}\n value={props.vaultId}\n onValueChange={(id) => {\n const v = vaults.find((vault) => vault.id === id);\n if (v) props.onVaultSelect(v.id, v.name);\n }}\n >\n <SelectTrigger className=\"h-9 text-[13px]\">\n <SelectValue placeholder={isLoading ? \"Loading…\" : \"Select a vault\"} />\n </SelectTrigger>\n <SelectContent>\n {vaults.map((v) => (\n <SelectItem key={v.id} value={v.id}>\n {v.name}\n </SelectItem>\n ))}\n </SelectContent>\n </Select>\n {error && (\n <div className=\"rounded-md border border-destructive/20 bg-destructive/5 px-2.5 py-1.5\">\n <p className=\"text-[11px] text-destructive leading-relaxed whitespace-pre-line\">\n {error}\n </p>\n </div>\n )}\n </div>\n );\n}\n\n// ---------------------------------------------------------------------------\n// Config dialog\n// ---------------------------------------------------------------------------\n\nfunction ConfigDialog(props: {\n open: boolean;\n onOpenChange: (v: boolean) => void;\n initial?: { authKind: string; accountName: string; vaultId: string; name: string };\n}) {\n const isEdit = !!props.initial;\n const [authKind, setAuthKind] = useState<\"desktop-app\" | \"service-account\">(\n (props.initial?.authKind as \"desktop-app\" | \"service-account\") ?? \"desktop-app\",\n );\n const [accountName, setAccountName] = useState(props.initial?.accountName ?? \"my.1password.com\");\n const [vaultId, setVaultId] = useState(props.initial?.vaultId ?? \"\");\n const [vaultName, setVaultName] = useState(props.initial?.name ?? \"\");\n const [saving, setSaving] = useState(false);\n const [error, setError] = useState<string | null>(null);\n\n const scopeId = useScope();\n const doConfigure = useAtomSet(configureOnePassword, { mode: \"promiseExit\" });\n\n const reset = () => {\n if (!isEdit) {\n setAuthKind(\"desktop-app\");\n setAccountName(\"my.1password.com\");\n setVaultId(\"\");\n setVaultName(\"\");\n }\n setError(null);\n setSaving(false);\n };\n\n const handleSave = async () => {\n if (!accountName.trim() || !vaultId.trim()) return;\n setSaving(true);\n setError(null);\n\n const auth =\n authKind === \"desktop-app\"\n ? { kind: \"desktop-app\" as const, accountName: accountName.trim() }\n : { kind: \"service-account\" as const, tokenSecretId: accountName.trim() };\n\n const exit = await doConfigure({\n params: { scopeId },\n payload: { auth, vaultId: vaultId.trim(), name: vaultName.trim() || \"1Password\" },\n reactivityKeys: [ReactivityKey.secrets],\n });\n if (Exit.isFailure(exit)) {\n setError(\"Failed to save configuration\");\n setSaving(false);\n return;\n }\n\n props.onOpenChange(false);\n reset();\n };\n\n return (\n <Dialog\n open={props.open}\n onOpenChange={(v) => {\n if (!v) reset();\n props.onOpenChange(v);\n }}\n >\n <DialogContent className=\"sm:max-w-[420px]\">\n <DialogHeader>\n <DialogTitle className=\"font-display text-xl\">\n {isEdit ? \"Edit 1Password\" : \"Connect 1Password\"}\n </DialogTitle>\n <DialogDescription className=\"text-[13px] leading-relaxed\">\n Link a vault to resolve secrets via the 1Password desktop app or a service account.\n </DialogDescription>\n </DialogHeader>\n\n <div className=\"grid gap-5 py-3\">\n {/* Auth method */}\n <div className=\"grid gap-1.5\">\n <Label className=\"text-[11px] font-medium uppercase tracking-[0.08em] text-muted-foreground\">\n Auth method\n </Label>\n <Select\n value={authKind}\n onValueChange={(v) => setAuthKind(v as \"desktop-app\" | \"service-account\")}\n >\n <SelectTrigger className=\"h-9 text-[13px]\">\n <SelectValue />\n </SelectTrigger>\n <SelectContent>\n <SelectItem value=\"desktop-app\">Desktop App (biometric)</SelectItem>\n <SelectItem value=\"service-account\">Service Account</SelectItem>\n </SelectContent>\n </Select>\n </div>\n\n {/* Account / token */}\n <div className=\"grid gap-1.5\">\n <Label className=\"text-[11px] font-medium uppercase tracking-[0.08em] text-muted-foreground\">\n {authKind === \"desktop-app\" ? \"Account domain\" : \"Token secret ID\"}\n </Label>\n <Input\n placeholder={authKind === \"desktop-app\" ? \"my.1password.com\" : \"op-service-token\"}\n value={accountName}\n onChange={(e) => setAccountName((e.target as HTMLInputElement).value)}\n className=\"font-mono text-[13px] h-9\"\n />\n <p className=\"text-[11px] text-muted-foreground/60 leading-relaxed\">\n {authKind === \"desktop-app\"\n ? \"Requires the 1Password desktop app with biometric unlock.\"\n : \"Reference an executor secret that holds the service account token.\"}\n </p>\n </div>\n\n {/* Vault */}\n <div className=\"grid gap-1.5\">\n <Label className=\"text-[11px] font-medium uppercase tracking-[0.08em] text-muted-foreground\">\n Vault\n </Label>\n <VaultPicker\n authKind={authKind}\n accountName={accountName}\n vaultId={vaultId}\n onVaultSelect={(id, name) => {\n setVaultId(id);\n setVaultName(name);\n }}\n />\n {vaultId && <p className=\"font-mono text-[10px] text-muted-foreground/50\">{vaultId}</p>}\n </div>\n\n {/* Display name */}\n <div className=\"grid gap-1.5\">\n <Label className=\"text-[11px] font-medium uppercase tracking-[0.08em] text-muted-foreground\">\n Display name\n </Label>\n <Input\n placeholder=\"1Password\"\n value={vaultName}\n onChange={(e) => setVaultName((e.target as HTMLInputElement).value)}\n className=\"text-[13px] h-9\"\n />\n </div>\n\n {error && (\n <div className=\"rounded-md border border-destructive/20 bg-destructive/5 px-3 py-2\">\n <p className=\"text-[12px] text-destructive whitespace-pre-line\">{error}</p>\n </div>\n )}\n </div>\n\n <DialogFooter>\n <DialogClose asChild>\n <Button variant=\"ghost\" size=\"sm\">\n Cancel\n </Button>\n </DialogClose>\n <Button\n size=\"sm\"\n onClick={handleSave}\n disabled={!accountName.trim() || !vaultId.trim() || saving}\n >\n {saving ? \"Saving…\" : isEdit ? \"Update\" : \"Connect\"}\n </Button>\n </DialogFooter>\n </DialogContent>\n </Dialog>\n );\n}\n\n// ---------------------------------------------------------------------------\n// Settings card\n// ---------------------------------------------------------------------------\n\nexport default function OnePasswordSettings() {\n const [configOpen, setConfigOpen] = useState(false);\n const scopeId = useScope();\n const configResult = useAtomValue(onepasswordConfigAtom(scopeId));\n const doRemove = useAtomSet(removeOnePasswordConfig, { mode: \"promiseExit\" });\n\n const handleRemove = async () => {\n await doRemove({ params: { scopeId }, reactivityKeys: [ReactivityKey.secrets] });\n };\n\n const config: OnePasswordConfig | null = AsyncResult.match(\n configResult as AsyncResult.AsyncResult<OnePasswordConfig | null, unknown>,\n { onInitial: () => null, onFailure: () => null, onSuccess: ({ value }) => value },\n );\n const isLoading = AsyncResult.match(\n configResult as AsyncResult.AsyncResult<OnePasswordConfig | null, unknown>,\n {\n onInitial: () => true,\n onFailure: () => false,\n onSuccess: () => false,\n },\n );\n const isError = AsyncResult.match(\n configResult as AsyncResult.AsyncResult<OnePasswordConfig | null, unknown>,\n {\n onInitial: () => false,\n onFailure: () => true,\n onSuccess: () => false,\n },\n );\n\n return (\n <>\n <CardStackEntry>\n <CardStackEntryContent>\n {isLoading ? (\n <CardStackEntryDescription>Loading…</CardStackEntryDescription>\n ) : isError ? (\n <CardStackEntryDescription className=\"text-destructive\">\n Failed to load configuration\n </CardStackEntryDescription>\n ) : config ? (\n <div className=\"grid grid-cols-[auto_1fr] gap-x-6 gap-y-1 text-[12px]\">\n <span className=\"text-muted-foreground/60\">Auth</span>\n <span className=\"font-mono text-foreground/80 truncate\">\n {config.auth.kind === \"desktop-app\" ? config.auth.accountName : \"service-account\"}\n </span>\n <span className=\"text-muted-foreground/60\">Vault</span>\n <div className=\"flex items-center gap-2 min-w-0\">\n <span className=\"text-foreground/80 truncate\">{config.name}</span>\n <span className=\"font-mono text-[10px] text-muted-foreground/40 truncate\">\n {config.vaultId}\n </span>\n </div>\n </div>\n ) : (\n <CardStackEntryDescription>\n Resolve secrets from your 1Password vault.\n </CardStackEntryDescription>\n )}\n </CardStackEntryContent>\n <CardStackEntryActions>\n {config ? (\n <>\n <Button\n variant=\"ghost\"\n size=\"sm\"\n className=\"h-7 px-2.5 text-[12px]\"\n onClick={() => setConfigOpen(true)}\n >\n Edit\n </Button>\n <Button\n variant=\"ghost\"\n size=\"sm\"\n className=\"h-7 px-2.5 text-[12px] text-destructive/70 hover:text-destructive\"\n onClick={handleRemove}\n >\n Disconnect\n </Button>\n </>\n ) : (\n !isLoading &&\n !isError && (\n <Button\n variant=\"link\"\n size=\"sm\"\n className=\"h-7 px-0 text-[12px] shrink-0\"\n onClick={() => setConfigOpen(true)}\n >\n Add 1Password\n </Button>\n )\n )}\n </CardStackEntryActions>\n </CardStackEntry>\n\n {configOpen && (\n <ConfigDialog\n open={configOpen}\n onOpenChange={setConfigOpen}\n initial={\n config\n ? {\n authKind: config.auth.kind,\n accountName:\n config.auth.kind === \"desktop-app\"\n ? config.auth.accountName\n : config.auth.tokenSecretId,\n vaultId: config.vaultId,\n name: config.name,\n }\n : undefined\n }\n />\n )}\n </>\n );\n}\n","import type { ScopeId } from \"@executor-js/sdk/core\";\nimport { ReactivityKey } from \"@executor-js/react/api/reactivity-keys\";\nimport { OnePasswordClient } from \"./client\";\n\nexport const onepasswordWriteKeys = [ReactivityKey.secrets] as const;\n\n// ---------------------------------------------------------------------------\n// Query atoms\n// ---------------------------------------------------------------------------\n\nexport const onepasswordConfigAtom = (scopeId: ScopeId) =>\n OnePasswordClient.query(\"onepassword\", \"getConfig\", {\n params: { scopeId },\n timeToLive: \"30 seconds\",\n reactivityKeys: [ReactivityKey.secrets],\n });\n\nexport const onepasswordStatusAtom = (scopeId: ScopeId) =>\n OnePasswordClient.query(\"onepassword\", \"status\", {\n params: { scopeId },\n timeToLive: \"15 seconds\",\n reactivityKeys: [ReactivityKey.secrets],\n });\n\n// ---------------------------------------------------------------------------\n// Query atoms — vaults\n// ---------------------------------------------------------------------------\n\nexport const onepasswordVaultsAtom = (\n authKind: \"desktop-app\" | \"service-account\",\n account: string,\n scopeId: ScopeId,\n) =>\n OnePasswordClient.query(\"onepassword\", \"listVaults\", {\n params: { scopeId },\n query: { authKind, account },\n timeToLive: \"30 seconds\",\n reactivityKeys: [ReactivityKey.secrets],\n });\n\n// ---------------------------------------------------------------------------\n// Mutation atoms\n// ---------------------------------------------------------------------------\n\nexport const configureOnePassword = OnePasswordClient.mutation(\"onepassword\", \"configure\");\n\nexport const removeOnePasswordConfig = OnePasswordClient.mutation(\"onepassword\", \"removeConfig\");\n","import { createPluginAtomClient } from \"@executor-js/sdk/client\";\nimport { getBaseUrl } from \"@executor-js/react/api/base-url\";\nimport { OnePasswordGroup } from \"../api/group\";\n\nexport const OnePasswordClient = createPluginAtomClient(OnePasswordGroup, {\n baseUrl: getBaseUrl,\n});\n","import { HttpApiEndpoint, HttpApiGroup } from \"effect/unstable/httpapi\";\nimport { Schema } from \"effect\";\nimport { InternalError, ScopeId } from \"@executor-js/sdk/core\";\n\nimport { OnePasswordError } from \"../sdk/errors\";\nimport { OnePasswordConfig, Vault, ConnectionStatus } from \"../sdk/types\";\n\n// ---------------------------------------------------------------------------\n// Params\n// ---------------------------------------------------------------------------\n\nconst ScopeParams = { scopeId: ScopeId };\n\n// ---------------------------------------------------------------------------\n// Payloads\n// ---------------------------------------------------------------------------\n\nconst ConfigurePayload = OnePasswordConfig;\n\nconst ListVaultsParams = Schema.Struct({\n authKind: Schema.Literals([\"desktop-app\", \"service-account\"]),\n account: Schema.String,\n});\n\n// ---------------------------------------------------------------------------\n// Responses\n// ---------------------------------------------------------------------------\n\nconst ListVaultsResponse = Schema.Struct({\n vaults: Schema.Array(Vault),\n});\n\nconst GetConfigResponse = Schema.NullOr(OnePasswordConfig);\n\n// ---------------------------------------------------------------------------\n// Group\n//\n// Plugin SDK errors (OnePasswordError) are declared once at the group level\n// via `.addError(...)` — every endpoint inherits. The error carries its own\n// 502 status via `HttpApiSchema.annotations` in errors.ts.\n//\n// `InternalError` is the shared opaque 500 schema translated at the HTTP\n// edge by `withCapture` (see observability.ts). Storage failures on\n// `ctx.storage`/`ctx.secrets` flow through as `StorageFailure` in the\n// typed channel and are captured + downgraded to `InternalError({ traceId })`\n// at Layer composition. No per-handler translation.\n// ---------------------------------------------------------------------------\n\nexport const OnePasswordGroup = HttpApiGroup.make(\"onepassword\")\n .add(\n HttpApiEndpoint.get(\"getConfig\", \"/scopes/:scopeId/onepassword/config\", {\n params: ScopeParams,\n success: GetConfigResponse,\n error: [InternalError, OnePasswordError],\n }),\n )\n .add(\n HttpApiEndpoint.put(\"configure\", \"/scopes/:scopeId/onepassword/config\", {\n params: ScopeParams,\n payload: ConfigurePayload,\n success: Schema.Void,\n error: [InternalError, OnePasswordError],\n }),\n )\n .add(\n HttpApiEndpoint.delete(\"removeConfig\", \"/scopes/:scopeId/onepassword/config\", {\n params: ScopeParams,\n success: Schema.Void,\n error: [InternalError, OnePasswordError],\n }),\n )\n .add(\n HttpApiEndpoint.get(\"status\", \"/scopes/:scopeId/onepassword/status\", {\n params: ScopeParams,\n success: ConnectionStatus,\n error: [InternalError, OnePasswordError],\n }),\n )\n .add(\n HttpApiEndpoint.get(\"listVaults\", \"/scopes/:scopeId/onepassword/vaults\", {\n params: ScopeParams,\n query: ListVaultsParams,\n success: ListVaultsResponse,\n error: [InternalError, OnePasswordError],\n }),\n );\n"],"mappings":";;;;;;;;AAAA,SAAS,gBAAgB;AACzB,SAAS,YAAY,oBAAoB;AACzC,YAAY,UAAU;AACtB,YAAY,iBAAiB;AAC7B,SAAS,iBAAAA,sBAAqB;AAC9B,SAAS,gBAAgB;AACzB,SAAS,cAAc;AACvB,SAAS,aAAa;AACtB,SAAS,aAAa;AACtB;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;;;AC7BP,SAAS,qBAAqB;;;ACD9B,SAAS,8BAA8B;AACvC,SAAS,kBAAkB;;;ACD3B,SAAS,iBAAiB,oBAAoB;AAC9C,SAAS,cAAc;AACvB,SAAS,eAAe,eAAe;AASvC,IAAM,cAAc,EAAE,SAAS,QAAQ;AAMvC,IAAM,mBAAmB;AAEzB,IAAM,mBAAmB,OAAO,OAAO;AAAA,EACrC,UAAU,OAAO,SAAS,CAAC,eAAe,iBAAiB,CAAC;AAAA,EAC5D,SAAS,OAAO;AAClB,CAAC;AAMD,IAAM,qBAAqB,OAAO,OAAO;AAAA,EACvC,QAAQ,OAAO,MAAM,KAAK;AAC5B,CAAC;AAED,IAAM,oBAAoB,OAAO,OAAO,iBAAiB;AAgBlD,IAAM,mBAAmB,aAAa,KAAK,aAAa,EAC5D;AAAA,EACC,gBAAgB,IAAI,aAAa,uCAAuC;AAAA,IACtE,QAAQ;AAAA,IACR,SAAS;AAAA,IACT,OAAO,CAAC,eAAe,gBAAgB;AAAA,EACzC,CAAC;AACH,EACC;AAAA,EACC,gBAAgB,IAAI,aAAa,uCAAuC;AAAA,IACtE,QAAQ;AAAA,IACR,SAAS;AAAA,IACT,SAAS,OAAO;AAAA,IAChB,OAAO,CAAC,eAAe,gBAAgB;AAAA,EACzC,CAAC;AACH,EACC;AAAA,EACC,gBAAgB,OAAO,gBAAgB,uCAAuC;AAAA,IAC5E,QAAQ;AAAA,IACR,SAAS,OAAO;AAAA,IAChB,OAAO,CAAC,eAAe,gBAAgB;AAAA,EACzC,CAAC;AACH,EACC;AAAA,EACC,gBAAgB,IAAI,UAAU,uCAAuC;AAAA,IACnE,QAAQ;AAAA,IACR,SAAS;AAAA,IACT,OAAO,CAAC,eAAe,gBAAgB;AAAA,EACzC,CAAC;AACH,EACC;AAAA,EACC,gBAAgB,IAAI,cAAc,uCAAuC;AAAA,IACvE,QAAQ;AAAA,IACR,OAAO;AAAA,IACP,SAAS;AAAA,IACT,OAAO,CAAC,eAAe,gBAAgB;AAAA,EACzC,CAAC;AACH;;;ADjFK,IAAM,oBAAoB,uBAAuB,kBAAkB;AAAA,EACxE,SAAS;AACX,CAAC;;;ADFM,IAAM,uBAAuB,CAAC,cAAc,OAAO;AAMnD,IAAM,wBAAwB,CAAC,YACpC,kBAAkB,MAAM,eAAe,aAAa;AAAA,EAClD,QAAQ,EAAE,QAAQ;AAAA,EAClB,YAAY;AAAA,EACZ,gBAAgB,CAAC,cAAc,OAAO;AACxC,CAAC;AAaI,IAAM,wBAAwB,CACnC,UACA,SACA,YAEA,kBAAkB,MAAM,eAAe,cAAc;AAAA,EACnD,QAAQ,EAAE,QAAQ;AAAA,EAClB,OAAO,EAAE,UAAU,QAAQ;AAAA,EAC3B,YAAY;AAAA,EACZ,gBAAgB,CAAC,cAAc,OAAO;AACxC,CAAC;AAMI,IAAM,uBAAuB,kBAAkB,SAAS,eAAe,WAAW;AAElF,IAAM,0BAA0B,kBAAkB,SAAS,eAAe,cAAc;;;ADyCzF,SAmRM,UAnRN,KAQA,YARA;AA3CN,SAAS,YAAY,OAKlB;AACD,QAAM,UAAU,MAAM,YAAY,KAAK;AACvC,QAAM,UAAU,SAAS;AACzB,QAAM,eAAe,aAAa,sBAAsB,MAAM,UAAU,SAAS,OAAO,CAAC;AAEzF,QAAM,EAAE,QAAQ,WAAW,MAAM,IAAgB;AAAA,IAC/C;AAAA,IAIA;AAAA,MACE,WAAW,OAAO;AAAA,QAChB,QAAQ,CAAC;AAAA,QACT,WAAW;AAAA,QACX,OAAO;AAAA,MACT;AAAA,MACA,SAAS,OAAO;AAAA,QACd,QAAQ,CAAC;AAAA,QACT,WAAW;AAAA,QACX,OAAO;AAAA,MACT;AAAA,MACA,UAAU,OAAO;AAAA,QACf,QAAQ,CAAC;AAAA,QACT,WAAW;AAAA,QACX,OAAO;AAAA,MACT;AAAA,MACA,WAAW,CAAC,EAAE,MAAM,MAAM;AACxB,cAAM,IAAI,MAAM;AAChB,YAAI,EAAE,SAAS,KAAK,CAAC,MAAM,SAAS;AAClC,yBAAe,MAAM,MAAM,cAAc,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,CAAC;AAAA,QAC9D;AACA,eAAO,EAAE,QAAQ,CAAC,GAAG,CAAC,GAAG,WAAW,OAAO,OAAO,KAAK;AAAA,MACzD;AAAA,IACF;AAAA,EACF;AAEA,MAAI,CAAC,SAAS;AACZ,WACE,oBAAC,OAAE,WAAU,6CAA4C,mDAEzD;AAAA,EAEJ;AAEA,SACE,qBAAC,SAAI,WAAU,cACb;AAAA;AAAA,MAAC;AAAA;AAAA,QACC,UAAU,aAAa,OAAO,WAAW;AAAA,QACzC,OAAO,MAAM;AAAA,QACb,eAAe,CAAC,OAAO;AACrB,gBAAM,IAAI,OAAO,KAAK,CAAC,UAAU,MAAM,OAAO,EAAE;AAChD,cAAI,EAAG,OAAM,cAAc,EAAE,IAAI,EAAE,IAAI;AAAA,QACzC;AAAA,QAEA;AAAA,8BAAC,iBAAc,WAAU,mBACvB,8BAAC,eAAY,aAAa,YAAY,kBAAa,kBAAkB,GACvE;AAAA,UACA,oBAAC,iBACE,iBAAO,IAAI,CAAC,MACX,oBAAC,cAAsB,OAAO,EAAE,IAC7B,YAAE,QADY,EAAE,EAEnB,CACD,GACH;AAAA;AAAA;AAAA,IACF;AAAA,IACC,SACC,oBAAC,SAAI,WAAU,0EACb,8BAAC,OAAE,WAAU,oEACV,iBACH,GACF;AAAA,KAEJ;AAEJ;AAMA,SAAS,aAAa,OAInB;AACD,QAAM,SAAS,CAAC,CAAC,MAAM;AACvB,QAAM,CAAC,UAAU,WAAW,IAAI;AAAA,IAC7B,MAAM,SAAS,YAAkD;AAAA,EACpE;AACA,QAAM,CAAC,aAAa,cAAc,IAAI,SAAS,MAAM,SAAS,eAAe,kBAAkB;AAC/F,QAAM,CAAC,SAAS,UAAU,IAAI,SAAS,MAAM,SAAS,WAAW,EAAE;AACnE,QAAM,CAAC,WAAW,YAAY,IAAI,SAAS,MAAM,SAAS,QAAQ,EAAE;AACpE,QAAM,CAAC,QAAQ,SAAS,IAAI,SAAS,KAAK;AAC1C,QAAM,CAAC,OAAO,QAAQ,IAAI,SAAwB,IAAI;AAEtD,QAAM,UAAU,SAAS;AACzB,QAAM,cAAc,WAAW,sBAAsB,EAAE,MAAM,cAAc,CAAC;AAE5E,QAAM,QAAQ,MAAM;AAClB,QAAI,CAAC,QAAQ;AACX,kBAAY,aAAa;AACzB,qBAAe,kBAAkB;AACjC,iBAAW,EAAE;AACb,mBAAa,EAAE;AAAA,IACjB;AACA,aAAS,IAAI;AACb,cAAU,KAAK;AAAA,EACjB;AAEA,QAAM,aAAa,YAAY;AAC7B,QAAI,CAAC,YAAY,KAAK,KAAK,CAAC,QAAQ,KAAK,EAAG;AAC5C,cAAU,IAAI;AACd,aAAS,IAAI;AAEb,UAAM,OACJ,aAAa,gBACT,EAAE,MAAM,eAAwB,aAAa,YAAY,KAAK,EAAE,IAChE,EAAE,MAAM,mBAA4B,eAAe,YAAY,KAAK,EAAE;AAE5E,UAAM,OAAO,MAAM,YAAY;AAAA,MAC7B,QAAQ,EAAE,QAAQ;AAAA,MAClB,SAAS,EAAE,MAAM,SAAS,QAAQ,KAAK,GAAG,MAAM,UAAU,KAAK,KAAK,YAAY;AAAA,MAChF,gBAAgB,CAACC,eAAc,OAAO;AAAA,IACxC,CAAC;AACD,QAAS,eAAU,IAAI,GAAG;AACxB,eAAS,8BAA8B;AACvC,gBAAU,KAAK;AACf;AAAA,IACF;AAEA,UAAM,aAAa,KAAK;AACxB,UAAM;AAAA,EACR;AAEA,SACE;AAAA,IAAC;AAAA;AAAA,MACC,MAAM,MAAM;AAAA,MACZ,cAAc,CAAC,MAAM;AACnB,YAAI,CAAC,EAAG,OAAM;AACd,cAAM,aAAa,CAAC;AAAA,MACtB;AAAA,MAEA,+BAAC,iBAAc,WAAU,oBACvB;AAAA,6BAAC,gBACC;AAAA,8BAAC,eAAY,WAAU,wBACpB,mBAAS,mBAAmB,qBAC/B;AAAA,UACA,oBAAC,qBAAkB,WAAU,+BAA8B,iGAE3D;AAAA,WACF;AAAA,QAEA,qBAAC,SAAI,WAAU,mBAEb;AAAA,+BAAC,SAAI,WAAU,gBACb;AAAA,gCAAC,SAAM,WAAU,6EAA4E,yBAE7F;AAAA,YACA;AAAA,cAAC;AAAA;AAAA,gBACC,OAAO;AAAA,gBACP,eAAe,CAAC,MAAM,YAAY,CAAsC;AAAA,gBAExE;AAAA,sCAAC,iBAAc,WAAU,mBACvB,8BAAC,eAAY,GACf;AAAA,kBACA,qBAAC,iBACC;AAAA,wCAAC,cAAW,OAAM,eAAc,qCAAuB;AAAA,oBACvD,oBAAC,cAAW,OAAM,mBAAkB,6BAAe;AAAA,qBACrD;AAAA;AAAA;AAAA,YACF;AAAA,aACF;AAAA,UAGA,qBAAC,SAAI,WAAU,gBACb;AAAA,gCAAC,SAAM,WAAU,6EACd,uBAAa,gBAAgB,mBAAmB,mBACnD;AAAA,YACA;AAAA,cAAC;AAAA;AAAA,gBACC,aAAa,aAAa,gBAAgB,qBAAqB;AAAA,gBAC/D,OAAO;AAAA,gBACP,UAAU,CAAC,MAAM,eAAgB,EAAE,OAA4B,KAAK;AAAA,gBACpE,WAAU;AAAA;AAAA,YACZ;AAAA,YACA,oBAAC,OAAE,WAAU,wDACV,uBAAa,gBACV,8DACA,sEACN;AAAA,aACF;AAAA,UAGA,qBAAC,SAAI,WAAU,gBACb;AAAA,gCAAC,SAAM,WAAU,6EAA4E,mBAE7F;AAAA,YACA;AAAA,cAAC;AAAA;AAAA,gBACC;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA,eAAe,CAAC,IAAI,SAAS;AAC3B,6BAAW,EAAE;AACb,+BAAa,IAAI;AAAA,gBACnB;AAAA;AAAA,YACF;AAAA,YACC,WAAW,oBAAC,OAAE,WAAU,kDAAkD,mBAAQ;AAAA,aACrF;AAAA,UAGA,qBAAC,SAAI,WAAU,gBACb;AAAA,gCAAC,SAAM,WAAU,6EAA4E,0BAE7F;AAAA,YACA;AAAA,cAAC;AAAA;AAAA,gBACC,aAAY;AAAA,gBACZ,OAAO;AAAA,gBACP,UAAU,CAAC,MAAM,aAAc,EAAE,OAA4B,KAAK;AAAA,gBAClE,WAAU;AAAA;AAAA,YACZ;AAAA,aACF;AAAA,UAEC,SACC,oBAAC,SAAI,WAAU,sEACb,8BAAC,OAAE,WAAU,oDAAoD,iBAAM,GACzE;AAAA,WAEJ;AAAA,QAEA,qBAAC,gBACC;AAAA,8BAAC,eAAY,SAAO,MAClB,8BAAC,UAAO,SAAQ,SAAQ,MAAK,MAAK,oBAElC,GACF;AAAA,UACA;AAAA,YAAC;AAAA;AAAA,cACC,MAAK;AAAA,cACL,SAAS;AAAA,cACT,UAAU,CAAC,YAAY,KAAK,KAAK,CAAC,QAAQ,KAAK,KAAK;AAAA,cAEnD,mBAAS,iBAAY,SAAS,WAAW;AAAA;AAAA,UAC5C;AAAA,WACF;AAAA,SACF;AAAA;AAAA,EACF;AAEJ;AAMe,SAAR,sBAAuC;AAC5C,QAAM,CAAC,YAAY,aAAa,IAAI,SAAS,KAAK;AAClD,QAAM,UAAU,SAAS;AACzB,QAAM,eAAe,aAAa,sBAAsB,OAAO,CAAC;AAChE,QAAM,WAAW,WAAW,yBAAyB,EAAE,MAAM,cAAc,CAAC;AAE5E,QAAM,eAAe,YAAY;AAC/B,UAAM,SAAS,EAAE,QAAQ,EAAE,QAAQ,GAAG,gBAAgB,CAACA,eAAc,OAAO,EAAE,CAAC;AAAA,EACjF;AAEA,QAAM,SAA+C;AAAA,IACnD;AAAA,IACA,EAAE,WAAW,MAAM,MAAM,WAAW,MAAM,MAAM,WAAW,CAAC,EAAE,MAAM,MAAM,MAAM;AAAA,EAClF;AACA,QAAM,YAAwB;AAAA,IAC5B;AAAA,IACA;AAAA,MACE,WAAW,MAAM;AAAA,MACjB,WAAW,MAAM;AAAA,MACjB,WAAW,MAAM;AAAA,IACnB;AAAA,EACF;AACA,QAAM,UAAsB;AAAA,IAC1B;AAAA,IACA;AAAA,MACE,WAAW,MAAM;AAAA,MACjB,WAAW,MAAM;AAAA,MACjB,WAAW,MAAM;AAAA,IACnB;AAAA,EACF;AAEA,SACE,iCACE;AAAA,yBAAC,kBACC;AAAA,0BAAC,yBACE,sBACC,oBAAC,6BAA0B,2BAAQ,IACjC,UACF,oBAAC,6BAA0B,WAAU,oBAAmB,0CAExD,IACE,SACF,qBAAC,SAAI,WAAU,yDACb;AAAA,4BAAC,UAAK,WAAU,4BAA2B,kBAAI;AAAA,QAC/C,oBAAC,UAAK,WAAU,yCACb,iBAAO,KAAK,SAAS,gBAAgB,OAAO,KAAK,cAAc,mBAClE;AAAA,QACA,oBAAC,UAAK,WAAU,4BAA2B,mBAAK;AAAA,QAChD,qBAAC,SAAI,WAAU,mCACb;AAAA,8BAAC,UAAK,WAAU,+BAA+B,iBAAO,MAAK;AAAA,UAC3D,oBAAC,UAAK,WAAU,2DACb,iBAAO,SACV;AAAA,WACF;AAAA,SACF,IAEA,oBAAC,6BAA0B,wDAE3B,GAEJ;AAAA,MACA,oBAAC,yBACE,mBACC,iCACE;AAAA;AAAA,UAAC;AAAA;AAAA,YACC,SAAQ;AAAA,YACR,MAAK;AAAA,YACL,WAAU;AAAA,YACV,SAAS,MAAM,cAAc,IAAI;AAAA,YAClC;AAAA;AAAA,QAED;AAAA,QACA;AAAA,UAAC;AAAA;AAAA,YACC,SAAQ;AAAA,YACR,MAAK;AAAA,YACL,WAAU;AAAA,YACV,SAAS;AAAA,YACV;AAAA;AAAA,QAED;AAAA,SACF,IAEA,CAAC,aACD,CAAC,WACC;AAAA,QAAC;AAAA;AAAA,UACC,SAAQ;AAAA,UACR,MAAK;AAAA,UACL,WAAU;AAAA,UACV,SAAS,MAAM,cAAc,IAAI;AAAA,UAClC;AAAA;AAAA,MAED,GAGN;AAAA,OACF;AAAA,IAEC,cACC;AAAA,MAAC;AAAA;AAAA,QACC,MAAM;AAAA,QACN,cAAc;AAAA,QACd,SACE,SACI;AAAA,UACE,UAAU,OAAO,KAAK;AAAA,UACtB,aACE,OAAO,KAAK,SAAS,gBACjB,OAAO,KAAK,cACZ,OAAO,KAAK;AAAA,UAClB,SAAS,OAAO;AAAA,UAChB,MAAM,OAAO;AAAA,QACf,IACA;AAAA;AAAA,IAER;AAAA,KAEJ;AAEJ;","names":["ReactivityKey","ReactivityKey"]}
@@ -2,10 +2,19 @@ import { HttpApiEndpoint, HttpApiGroup } from "effect/unstable/httpapi";
2
2
  import { Schema } from "effect";
3
3
  import { InternalError } from "@executor-js/sdk/core";
4
4
  import { OnePasswordError } from "../sdk/errors";
5
- import { OnePasswordConfig, Vault, ConnectionStatus } from "../sdk/types";
6
5
  export declare const OnePasswordGroup: HttpApiGroup.HttpApiGroup<"onepassword", HttpApiEndpoint.HttpApiEndpoint<"getConfig", "GET", "/scopes/:scopeId/onepassword/config", HttpApiEndpoint.StringTree<Schema.Struct<{
7
6
  scopeId: Schema.brand<Schema.String, "ScopeId">;
8
- }>>, HttpApiEndpoint.StringTree<never>, HttpApiEndpoint.StringTree<never>, HttpApiEndpoint.StringTree<never>, HttpApiEndpoint.Json<Schema.NullOr<typeof OnePasswordConfig>>, HttpApiEndpoint.Json<typeof InternalError | typeof OnePasswordError>, never, never> | HttpApiEndpoint.HttpApiEndpoint<"configure", "PUT", "/scopes/:scopeId/onepassword/config", HttpApiEndpoint.StringTree<Schema.Struct<{
7
+ }>>, HttpApiEndpoint.StringTree<never>, HttpApiEndpoint.StringTree<never>, HttpApiEndpoint.StringTree<never>, HttpApiEndpoint.Json<Schema.NullOr<Schema.Struct<{
8
+ readonly auth: Schema.Union<readonly [Schema.Struct<{
9
+ readonly kind: Schema.Literal<"desktop-app">;
10
+ readonly accountName: Schema.String;
11
+ }>, Schema.Struct<{
12
+ readonly kind: Schema.Literal<"service-account">;
13
+ readonly tokenSecretId: Schema.String;
14
+ }>]>;
15
+ readonly vaultId: Schema.String;
16
+ readonly name: Schema.String;
17
+ }>>>, HttpApiEndpoint.Json<typeof InternalError | typeof OnePasswordError>, never, never> | HttpApiEndpoint.HttpApiEndpoint<"configure", "PUT", "/scopes/:scopeId/onepassword/config", HttpApiEndpoint.StringTree<Schema.Struct<{
9
18
  scopeId: Schema.brand<Schema.String, "ScopeId">;
10
19
  }>>, HttpApiEndpoint.StringTree<never>, HttpApiEndpoint.Json<Schema.Struct<{
11
20
  readonly auth: Schema.Union<readonly [Schema.Struct<{
@@ -21,11 +30,18 @@ export declare const OnePasswordGroup: HttpApiGroup.HttpApiGroup<"onepassword",
21
30
  scopeId: Schema.brand<Schema.String, "ScopeId">;
22
31
  }>>, HttpApiEndpoint.StringTree<never>, HttpApiEndpoint.Json<never>, HttpApiEndpoint.StringTree<never>, HttpApiEndpoint.Json<Schema.Void>, HttpApiEndpoint.Json<typeof InternalError | typeof OnePasswordError>, never, never> | HttpApiEndpoint.HttpApiEndpoint<"status", "GET", "/scopes/:scopeId/onepassword/status", HttpApiEndpoint.StringTree<Schema.Struct<{
23
32
  scopeId: Schema.brand<Schema.String, "ScopeId">;
24
- }>>, HttpApiEndpoint.StringTree<never>, HttpApiEndpoint.StringTree<never>, HttpApiEndpoint.StringTree<never>, HttpApiEndpoint.Json<typeof ConnectionStatus>, HttpApiEndpoint.Json<typeof InternalError | typeof OnePasswordError>, never, never> | HttpApiEndpoint.HttpApiEndpoint<"listVaults", "GET", "/scopes/:scopeId/onepassword/vaults", HttpApiEndpoint.StringTree<Schema.Struct<{
33
+ }>>, HttpApiEndpoint.StringTree<never>, HttpApiEndpoint.StringTree<never>, HttpApiEndpoint.StringTree<never>, HttpApiEndpoint.Json<Schema.Struct<{
34
+ readonly connected: Schema.Boolean;
35
+ readonly vaultName: Schema.optional<Schema.String>;
36
+ readonly error: Schema.optional<Schema.String>;
37
+ }>>, HttpApiEndpoint.Json<typeof InternalError | typeof OnePasswordError>, never, never> | HttpApiEndpoint.HttpApiEndpoint<"listVaults", "GET", "/scopes/:scopeId/onepassword/vaults", HttpApiEndpoint.StringTree<Schema.Struct<{
25
38
  scopeId: Schema.brand<Schema.String, "ScopeId">;
26
39
  }>>, HttpApiEndpoint.StringTree<Schema.Struct<{
27
40
  readonly authKind: Schema.Literals<readonly ["desktop-app", "service-account"]>;
28
41
  readonly account: Schema.String;
29
42
  }>>, HttpApiEndpoint.StringTree<never>, HttpApiEndpoint.StringTree<never>, HttpApiEndpoint.Json<Schema.Struct<{
30
- readonly vaults: Schema.$Array<typeof Vault>;
43
+ readonly vaults: Schema.$Array<Schema.Struct<{
44
+ readonly id: Schema.String;
45
+ readonly name: Schema.String;
46
+ }>>;
31
47
  }>>, HttpApiEndpoint.Json<typeof InternalError | typeof OnePasswordError>, never, never>, false>;
@@ -1,10 +1,27 @@
1
1
  import { Context, Effect } from "effect";
2
2
  declare const OnePasswordExtensionService_base: Context.ServiceClass<OnePasswordExtensionService, "OnePasswordExtensionService", {
3
3
  configure: (config: import("../promise").OnePasswordConfig, targetScope: string) => Effect.Effect<void, import("@executor-js/storage-core").StorageError, never>;
4
- getConfig: () => Effect.Effect<import("../promise").OnePasswordConfig | null, import("@executor-js/storage-core").StorageError | import("../promise").OnePasswordError, never>;
4
+ getConfig: () => Effect.Effect<{
5
+ readonly name: string;
6
+ readonly auth: {
7
+ readonly kind: "desktop-app";
8
+ readonly accountName: string;
9
+ } | {
10
+ readonly kind: "service-account";
11
+ readonly tokenSecretId: string;
12
+ };
13
+ readonly vaultId: string;
14
+ } | null, import("@executor-js/storage-core").StorageError | import("../promise").OnePasswordError, never>;
5
15
  removeConfig: (targetScope: string) => Effect.Effect<void, import("@executor-js/storage-core").StorageError, never>;
6
- status: () => Effect.Effect<import("../promise").ConnectionStatus, import("@executor-js/storage-core").StorageFailure | import("../promise").OnePasswordError, never>;
7
- listVaults: (auth: import("../promise").OnePasswordAuth) => Effect.Effect<import("../promise").Vault[], import("@executor-js/storage-core").StorageFailure | import("../promise").OnePasswordError, never>;
16
+ status: () => Effect.Effect<{
17
+ readonly connected: boolean;
18
+ readonly error?: string | undefined;
19
+ readonly vaultName?: string | undefined;
20
+ }, import("@executor-js/storage-core").StorageFailure | import("../promise").OnePasswordError, never>;
21
+ listVaults: (auth: import("../promise").OnePasswordAuth) => Effect.Effect<{
22
+ readonly id: string;
23
+ readonly name: string;
24
+ }[], import("@executor-js/storage-core").StorageFailure | import("../promise").OnePasswordError, never>;
8
25
  resolve: (uri: string) => Effect.Effect<string, import("@executor-js/storage-core").StorageFailure | import("../promise").OnePasswordError, never>;
9
26
  }>;
10
27
  export declare class OnePasswordExtensionService extends OnePasswordExtensionService_base {
@@ -4,14 +4,41 @@ export { OnePasswordGroup } from "./group";
4
4
  export { OnePasswordHandlers, OnePasswordExtensionService } from "./handlers";
5
5
  export declare const onepasswordHttpPlugin: import("@executor-js/sdk/core").ConfiguredPlugin<"onepassword", {
6
6
  configure: (config: import("../promise").OnePasswordConfig, targetScope: string) => import("effect/Effect").Effect<void, import("@executor-js/storage-core").StorageError, never>;
7
- getConfig: () => import("effect/Effect").Effect<import("../promise").OnePasswordConfig | null, import("@executor-js/storage-core").StorageError | import("../promise").OnePasswordError, never>;
7
+ getConfig: () => import("effect/Effect").Effect<{
8
+ readonly name: string;
9
+ readonly auth: {
10
+ readonly kind: "desktop-app";
11
+ readonly accountName: string;
12
+ } | {
13
+ readonly kind: "service-account";
14
+ readonly tokenSecretId: string;
15
+ };
16
+ readonly vaultId: string;
17
+ } | null, import("@executor-js/storage-core").StorageError | import("../promise").OnePasswordError, never>;
8
18
  removeConfig: (targetScope: string) => import("effect/Effect").Effect<void, import("@executor-js/storage-core").StorageError, never>;
9
- status: () => import("effect/Effect").Effect<import("../promise").ConnectionStatus, import("@executor-js/storage-core").StorageFailure | import("../promise").OnePasswordError, never>;
10
- listVaults: (auth: import("../promise").OnePasswordAuth) => import("effect/Effect").Effect<import("../promise").Vault[], import("@executor-js/storage-core").StorageFailure | import("../promise").OnePasswordError, never>;
19
+ status: () => import("effect/Effect").Effect<{
20
+ readonly connected: boolean;
21
+ readonly error?: string | undefined;
22
+ readonly vaultName?: string | undefined;
23
+ }, import("@executor-js/storage-core").StorageFailure | import("../promise").OnePasswordError, never>;
24
+ listVaults: (auth: import("../promise").OnePasswordAuth) => import("effect/Effect").Effect<{
25
+ readonly id: string;
26
+ readonly name: string;
27
+ }[], import("@executor-js/storage-core").StorageFailure | import("../promise").OnePasswordError, never>;
11
28
  resolve: (uri: string) => import("effect/Effect").Effect<string, import("@executor-js/storage-core").StorageFailure | import("../promise").OnePasswordError, never>;
12
29
  }, import("../sdk").OnePasswordStore, OnePasswordPluginOptions, undefined, typeof OnePasswordExtensionService, import("effect/Layer").Layer<import("effect/unstable/httpapi/HttpApiGroup").ApiGroup<"executor", "onepassword">, never, import("effect/unstable/http/HttpRouter").Request<"Requires", OnePasswordExtensionService>>, import("effect/unstable/httpapi/HttpApiGroup").HttpApiGroup<"onepassword", import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"getConfig", "GET", "/scopes/:scopeId/onepassword/config", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<import("effect/Schema").Struct<{
13
30
  scopeId: import("effect/Schema").brand<import("effect/Schema").String, "ScopeId">;
14
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").NullOr<typeof import("../promise").OnePasswordConfig>>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/api").InternalError | typeof import("../promise").OnePasswordError>, never, never> | import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"configure", "PUT", "/scopes/:scopeId/onepassword/config", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<import("effect/Schema").Struct<{
31
+ }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").NullOr<import("effect/Schema").Struct<{
32
+ readonly auth: import("effect/Schema").Union<readonly [import("effect/Schema").Struct<{
33
+ readonly kind: import("effect/Schema").Literal<"desktop-app">;
34
+ readonly accountName: import("effect/Schema").String;
35
+ }>, import("effect/Schema").Struct<{
36
+ readonly kind: import("effect/Schema").Literal<"service-account">;
37
+ readonly tokenSecretId: import("effect/Schema").String;
38
+ }>]>;
39
+ readonly vaultId: import("effect/Schema").String;
40
+ readonly name: import("effect/Schema").String;
41
+ }>>>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/api").InternalError | typeof import("../promise").OnePasswordError>, never, never> | import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"configure", "PUT", "/scopes/:scopeId/onepassword/config", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<import("effect/Schema").Struct<{
15
42
  scopeId: import("effect/Schema").brand<import("effect/Schema").String, "ScopeId">;
16
43
  }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").Struct<{
17
44
  readonly auth: import("effect/Schema").Union<readonly [import("effect/Schema").Struct<{
@@ -27,11 +54,18 @@ export declare const onepasswordHttpPlugin: import("@executor-js/sdk/core").Conf
27
54
  scopeId: import("effect/Schema").brand<import("effect/Schema").String, "ScopeId">;
28
55
  }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").Void>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/api").InternalError | typeof import("../promise").OnePasswordError>, never, never> | import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"status", "GET", "/scopes/:scopeId/onepassword/status", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<import("effect/Schema").Struct<{
29
56
  scopeId: import("effect/Schema").brand<import("effect/Schema").String, "ScopeId">;
30
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("../promise").ConnectionStatus>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/api").InternalError | typeof import("../promise").OnePasswordError>, never, never> | import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"listVaults", "GET", "/scopes/:scopeId/onepassword/vaults", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<import("effect/Schema").Struct<{
57
+ }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").Struct<{
58
+ readonly connected: import("effect/Schema").Boolean;
59
+ readonly vaultName: import("effect/Schema").optional<import("effect/Schema").String>;
60
+ readonly error: import("effect/Schema").optional<import("effect/Schema").String>;
61
+ }>>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/api").InternalError | typeof import("../promise").OnePasswordError>, never, never> | import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"listVaults", "GET", "/scopes/:scopeId/onepassword/vaults", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<import("effect/Schema").Struct<{
31
62
  scopeId: import("effect/Schema").brand<import("effect/Schema").String, "ScopeId">;
32
63
  }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<import("effect/Schema").Struct<{
33
64
  readonly authKind: import("effect/Schema").Literals<readonly ["desktop-app", "service-account"]>;
34
65
  readonly account: import("effect/Schema").String;
35
66
  }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").Struct<{
36
- readonly vaults: import("effect/Schema").$Array<typeof import("../promise").Vault>;
67
+ readonly vaults: import("effect/Schema").$Array<import("effect/Schema").Struct<{
68
+ readonly id: import("effect/Schema").String;
69
+ readonly name: import("effect/Schema").String;
70
+ }>>;
37
71
  }>>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/api").InternalError | typeof import("../promise").OnePasswordError>, never, never>, false>>;
@@ -3,7 +3,7 @@ import {
3
3
  OnePasswordConfig,
4
4
  OnePasswordError,
5
5
  Vault
6
- } from "./chunk-NRYSRUWU.js";
6
+ } from "./chunk-TRGRRIAX.js";
7
7
 
8
8
  // src/sdk/service.ts
9
9
  import { Context, Duration, Effect, Semaphore } from "effect";
@@ -241,7 +241,7 @@ var makeOnePasswordExtension = (ctx, timeoutMs, preferSdk) => {
241
241
  status: () => Effect2.gen(function* () {
242
242
  const config = yield* ctx.storage.getConfig();
243
243
  if (!config) {
244
- return new ConnectionStatus({
244
+ return ConnectionStatus.make({
245
245
  connected: false,
246
246
  error: "Not configured"
247
247
  });
@@ -249,7 +249,7 @@ var makeOnePasswordExtension = (ctx, timeoutMs, preferSdk) => {
249
249
  const svc = yield* getServiceFromConfig(config, ctx, timeoutMs, preferSdk);
250
250
  const vaults = yield* svc.listVaults();
251
251
  const vault2 = vaults.find((v) => v.id === config.vaultId);
252
- return new ConnectionStatus({
252
+ return ConnectionStatus.make({
253
253
  connected: true,
254
254
  vaultName: vault2?.title
255
255
  });
@@ -261,7 +261,7 @@ var makeOnePasswordExtension = (ctx, timeoutMs, preferSdk) => {
261
261
  preferSdk
262
262
  });
263
263
  const vaults = yield* svc.listVaults();
264
- return vaults.map((v) => new Vault({ id: v.id, name: v.title })).sort((a, b) => a.name.localeCompare(b.name));
264
+ return vaults.map((v) => Vault.make({ id: v.id, name: v.title })).sort((a, b) => a.name.localeCompare(b.name));
265
265
  }),
266
266
  resolve: (uri) => Effect2.gen(function* () {
267
267
  const config = yield* ctx.storage.getConfig();
@@ -303,4 +303,4 @@ export {
303
303
  makeOnePasswordStore,
304
304
  onepasswordPlugin
305
305
  };
306
- //# sourceMappingURL=chunk-ULLNZ6JH.js.map
306
+ //# sourceMappingURL=chunk-E4E2K5AV.js.map
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/sdk/service.ts","../src/sdk/plugin.ts"],"sourcesContent":["import { Context, Duration, Effect, Semaphore } from \"effect\";\nimport * as op from \"@1password/op-js\";\n\nimport { OnePasswordError } from \"./errors\";\n\n// ---------------------------------------------------------------------------\n// Canonical service interface — all backends (SDK, CLI) implement this\n// ---------------------------------------------------------------------------\n\nexport interface OnePasswordVault {\n readonly id: string;\n readonly title: string;\n}\n\nexport interface OnePasswordItem {\n readonly id: string;\n readonly title: string;\n}\n\nexport interface OnePasswordService {\n /** Resolve a secret by op:// URI */\n readonly resolveSecret: (uri: string) => Effect.Effect<string, OnePasswordError>;\n\n /** List accessible vaults */\n readonly listVaults: () => Effect.Effect<ReadonlyArray<OnePasswordVault>, OnePasswordError>;\n\n /** List items in a vault */\n readonly listItems: (\n vaultId: string,\n ) => Effect.Effect<ReadonlyArray<OnePasswordItem>, OnePasswordError>;\n}\n\nexport class OnePasswordServiceTag extends Context.Service<\n OnePasswordServiceTag,\n OnePasswordService\n>()(\"@executor-js/plugin-onepassword/OnePasswordService\") {}\n\n// ---------------------------------------------------------------------------\n// Resolved auth — raw credentials ready for any backend\n// ---------------------------------------------------------------------------\n\nexport type ResolvedAuth =\n | { readonly kind: \"desktop-app\"; readonly accountName: string }\n | { readonly kind: \"service-account\"; readonly token: string };\n\n// ---------------------------------------------------------------------------\n// SDK backend — uses @1password/sdk native IPC\n// ---------------------------------------------------------------------------\n\nconst DEFAULT_TIMEOUT_MS = 15_000;\ntype OnePasswordSdkModule = typeof import(\"@1password/sdk\");\n\nconst loadOnePasswordSdk = (): Effect.Effect<OnePasswordSdkModule, OnePasswordError> =>\n Effect.tryPromise({\n try: () => import(\"@1password/sdk\"),\n catch: () =>\n new OnePasswordError({\n operation: \"sdk module load\",\n message: \"Failed to load 1Password SDK\",\n }),\n });\n\nconst makeTimeoutMessage = (operation: string, timeoutMs: number): string =>\n [\n `${operation}: timed out after ${Math.floor(timeoutMs / 1000)}s.`,\n \"Troubleshooting:\",\n \"1. Make sure the 1Password desktop app is open and unlocked\",\n \"2. Check for an approval prompt in the 1Password app — it may be behind other windows\",\n \"3. Ensure 'Developer > Connect with 1Password CLI' is enabled in 1Password Settings\",\n \"4. Make sure no other app or terminal is waiting for 1Password approval (only one prompt at a time)\",\n \"5. Try quitting 1Password completely and reopening it, then retry\",\n ].join(\"\\n\");\n\nconst timeoutWithOnePasswordError = (operation: string, timeoutMs: number) =>\n Effect.timeoutOrElse({\n duration: Duration.millis(timeoutMs),\n orElse: () =>\n Effect.fail(\n new OnePasswordError({\n operation,\n message: makeTimeoutMessage(operation, timeoutMs),\n }),\n ),\n });\n\nexport const makeNativeSdkService = (\n auth: ResolvedAuth,\n timeoutMs: number = DEFAULT_TIMEOUT_MS,\n): Effect.Effect<OnePasswordService, OnePasswordError> =>\n Effect.gen(function* () {\n const sdk = yield* loadOnePasswordSdk().pipe(\n timeoutWithOnePasswordError(\"sdk module load\", timeoutMs),\n );\n\n const client = yield* Effect.tryPromise({\n try: () =>\n sdk.createClient({\n auth: auth.kind === \"desktop-app\" ? new sdk.DesktopAuth(auth.accountName) : auth.token,\n integrationName: \"Executor\",\n integrationVersion: \"0.0.0\",\n }),\n catch: () =>\n new OnePasswordError({\n operation: \"client setup\",\n message: \"Failed to set up 1Password client\",\n }),\n }).pipe(timeoutWithOnePasswordError(\"client setup\", timeoutMs));\n\n const wrap = <A>(fn: () => Promise<A>, operation: string): Effect.Effect<A, OnePasswordError> =>\n Effect.tryPromise({\n try: fn,\n catch: () =>\n new OnePasswordError({\n operation,\n message: `1Password SDK ${operation} failed`,\n }),\n }).pipe(\n timeoutWithOnePasswordError(operation, timeoutMs),\n Effect.withSpan(`onepassword.sdk.${operation}`),\n );\n\n return OnePasswordServiceTag.of({\n resolveSecret: (uri) => wrap(() => client.secrets.resolve(uri), \"secret resolution\"),\n\n listVaults: () =>\n wrap(() => client.vaults.list({ decryptDetails: true }), \"vault listing\").pipe(\n Effect.map((vaults) => vaults.map((v) => ({ id: v.id, title: v.title }))),\n ),\n\n listItems: (vaultId) =>\n wrap(() => client.items.list(vaultId), \"item listing\").pipe(\n Effect.map((items) => items.map((i) => ({ id: i.id, title: i.title }))),\n ),\n });\n }).pipe(Effect.withSpan(\"onepassword.sdk.make_service\"));\n\n// ---------------------------------------------------------------------------\n// CLI backend — uses @1password/op-js (shells out to `op` CLI)\n// ---------------------------------------------------------------------------\n\nconst cliAuthLock = Semaphore.makeUnsafe(1);\n\nexport const makeCliService = (\n auth: ResolvedAuth,\n): Effect.Effect<OnePasswordService, OnePasswordError> =>\n Effect.sync(() => {\n const wrapSync = <A>(fn: () => A, operation: string): Effect.Effect<A, OnePasswordError> =>\n cliAuthLock\n .withPermits(1)(\n Effect.try({\n try: () => {\n if (auth.kind === \"service-account\") {\n op.setGlobalFlags({});\n op.setServiceAccount(auth.token);\n } else {\n op.setServiceAccount(\"\");\n op.setGlobalFlags({ account: auth.accountName });\n }\n return fn();\n },\n catch: () =>\n new OnePasswordError({\n operation,\n message: `1Password CLI ${operation} failed`,\n }),\n }),\n )\n .pipe(Effect.withSpan(`onepassword.cli.${operation}`));\n\n return OnePasswordServiceTag.of({\n resolveSecret: (uri) => wrapSync(() => op.read.parse(uri), \"secret resolution\"),\n\n listVaults: () =>\n wrapSync(() => op.vault.list(), \"vault listing\").pipe(\n Effect.map((vaults) => vaults.map((v) => ({ id: v.id, title: v.name }))),\n ),\n\n listItems: (vaultId) =>\n wrapSync(() => op.item.list({ vault: vaultId }), \"item listing\").pipe(\n Effect.map((items) => items.map((i) => ({ id: i.id, title: i.title }))),\n ),\n });\n }).pipe(Effect.withSpan(\"onepassword.cli.make_service\"));\n\n// ---------------------------------------------------------------------------\n// Smart factory — tries CLI first (avoids IPC hang), falls back to SDK\n// ---------------------------------------------------------------------------\n\nexport const makeOnePasswordService = (\n auth: ResolvedAuth,\n options?: { readonly preferSdk?: boolean; readonly timeoutMs?: number },\n): Effect.Effect<OnePasswordService, OnePasswordError> => {\n const timeoutMs = options?.timeoutMs ?? DEFAULT_TIMEOUT_MS;\n\n if (options?.preferSdk) {\n return makeNativeSdkService(auth, timeoutMs);\n }\n\n // Default: prefer CLI to avoid the IPC hang bug\n return makeCliService(auth).pipe(\n Effect.catch((cliError: OnePasswordError) =>\n // CLI unavailable (e.g. `op` not installed) — fall back to SDK\n makeNativeSdkService(auth, timeoutMs).pipe(Effect.mapError(() => cliError)),\n ),\n );\n};\n","import { Effect, Schema } from \"effect\";\n\nimport {\n definePlugin,\n StorageError,\n type PluginCtx,\n type PluginBlobStore,\n type SecretProvider,\n type StorageFailure,\n} from \"@executor-js/sdk/core\";\n\nimport { OnePasswordConfig, Vault, ConnectionStatus } from \"./types\";\nimport type { OnePasswordAuth } from \"./types\";\nimport { OnePasswordError } from \"./errors\";\nimport { makeOnePasswordService, type ResolvedAuth, type OnePasswordService } from \"./service\";\n\n// ---------------------------------------------------------------------------\n// Constants\n// ---------------------------------------------------------------------------\n\nconst CREDENTIAL_FIELD = \"credential\";\nconst DEFAULT_TIMEOUT_MS = 15_000;\nconst CONFIG_KEY = \"config\";\n\n// ---------------------------------------------------------------------------\n// Shared failure alias.\n//\n// Every extension method either touches storage (`ctx.storage` blobs or\n// `ctx.secrets`) or reaches the 1Password backend. Storage I/O surfaces\n// as `StorageFailure`; the HTTP edge (`withCapture`) translates\n// `StorageError` to `InternalError({ traceId })`. Domain problems (not\n// configured, service-account token missing, backend RPC failure) stay\n// as `OnePasswordError` and encode to 502 via the schema annotation on\n// the class.\n// ---------------------------------------------------------------------------\n\nexport type OnePasswordExtensionFailure = OnePasswordError | StorageFailure;\n\n// ---------------------------------------------------------------------------\n// Plugin extension — public API on executor.onepassword\n// ---------------------------------------------------------------------------\n\n// ---------------------------------------------------------------------------\n// Typed config store — single blob, JSON encoded. Blob I/O failures surface\n// as `StorageError` (HTTP edge translates to `InternalError`); decode\n// failures stay `OnePasswordError` — the blob's contents are a plugin\n// concern, not an infrastructure one.\n// ---------------------------------------------------------------------------\n\nexport interface OnePasswordStore {\n readonly getConfig: () => Effect.Effect<\n OnePasswordConfig | null,\n StorageError | OnePasswordError\n >;\n readonly saveConfig: (\n config: OnePasswordConfig,\n targetScope: string,\n ) => Effect.Effect<void, StorageError>;\n readonly deleteConfig: (targetScope: string) => Effect.Effect<void, StorageError>;\n}\n\nconst decodeConfig = Schema.decodeUnknownEffect(Schema.fromJsonString(OnePasswordConfig));\n\nconst blobStorageError =\n (operation: string) =>\n (cause: unknown): StorageError =>\n new StorageError({\n message: `onepassword blob ${operation} failed`,\n cause,\n });\n\nexport const makeOnePasswordStore = (blobs: PluginBlobStore): OnePasswordStore => ({\n getConfig: () =>\n blobs.get(CONFIG_KEY).pipe(\n Effect.mapError(blobStorageError(\"read\")),\n Effect.flatMap((raw) => {\n if (raw === null) return Effect.succeed(null);\n return decodeConfig(raw).pipe(\n Effect.mapError(\n () =>\n new OnePasswordError({\n operation: \"config decode\",\n message: \"Failed to decode 1Password config\",\n }),\n ),\n );\n }),\n ),\n\n saveConfig: (config, targetScope) =>\n blobs\n .put(\n CONFIG_KEY,\n JSON.stringify({\n auth: config.auth,\n vaultId: config.vaultId,\n name: config.name,\n }),\n { scope: targetScope },\n )\n .pipe(Effect.mapError(blobStorageError(\"write\"))),\n\n deleteConfig: (targetScope) =>\n blobs\n .delete(CONFIG_KEY, { scope: targetScope })\n .pipe(Effect.mapError(blobStorageError(\"delete\"))),\n});\n\n// ---------------------------------------------------------------------------\n// Helpers — auth resolution + service construction\n// ---------------------------------------------------------------------------\n\nconst resolveAuth = (\n auth: OnePasswordAuth,\n ctx: PluginCtx<OnePasswordStore>,\n): Effect.Effect<ResolvedAuth, OnePasswordError | StorageFailure> => {\n if (auth.kind === \"desktop-app\") {\n return Effect.succeed({\n kind: \"desktop-app\" as const,\n accountName: auth.accountName,\n });\n }\n return ctx.secrets.get(auth.tokenSecretId).pipe(\n Effect.catchTag(\"SecretOwnedByConnectionError\", () =>\n Effect.fail(\n new OnePasswordError({\n operation: \"auth resolution\",\n message: `Service account token secret \"${auth.tokenSecretId}\" not found`,\n }),\n ),\n ),\n Effect.flatMap((token) => {\n if (token === null) {\n return Effect.fail(\n new OnePasswordError({\n operation: \"auth resolution\",\n message: `Service account token secret \"${auth.tokenSecretId}\" not found`,\n }),\n );\n }\n return Effect.succeed({\n kind: \"service-account\" as const,\n token,\n });\n }),\n );\n};\n\nconst getServiceFromConfig = (\n config: OnePasswordConfig,\n ctx: PluginCtx<OnePasswordStore>,\n timeoutMs: number,\n preferSdk: boolean | undefined,\n): Effect.Effect<OnePasswordService, OnePasswordError | StorageFailure> =>\n resolveAuth(config.auth, ctx).pipe(\n Effect.flatMap((resolved) => makeOnePasswordService(resolved, { timeoutMs, preferSdk })),\n );\n\nconst configuredVaultUri = (config: OnePasswordConfig, secretId: string): string | null => {\n if (!secretId.startsWith(\"op://\")) {\n return `op://${config.vaultId}/${secretId}/${CREDENTIAL_FIELD}`;\n }\n const match = secretId.match(/^op:\\/\\/([^/]+)\\/.+/);\n if (!match || match[1] !== config.vaultId) return null;\n return secretId;\n};\n\n// ---------------------------------------------------------------------------\n// SecretProvider — read-only, resolves op:// URIs or vaultId-based lookups\n// ---------------------------------------------------------------------------\n\nconst makeProvider = (\n ctx: PluginCtx<OnePasswordStore>,\n timeoutMs: number,\n preferSdk: boolean | undefined,\n): SecretProvider => ({\n key: \"onepassword\",\n writable: false,\n allowFallback: false,\n\n // 1Password vaults are named in the stored config; the executor-scope\n // arg isn't used for routing here. A future refactor could let the\n // plugin store per-scope vault bindings and pick based on `scope`.\n get: (secretId, _scope) =>\n ctx.storage.getConfig().pipe(\n Effect.flatMap((config) => {\n if (!config) return Effect.succeed(null as string | null);\n\n const uri = configuredVaultUri(config, secretId);\n if (uri === null) return Effect.succeed(null as string | null);\n\n return getServiceFromConfig(config, ctx, timeoutMs, preferSdk).pipe(\n Effect.flatMap((svc) => svc.resolveSecret(uri)),\n Effect.map((v): string | null => v),\n Effect.orElseSucceed(() => null),\n );\n }),\n Effect.orElseSucceed(() => null),\n ),\n\n list: () =>\n ctx.storage.getConfig().pipe(\n Effect.flatMap((config) => {\n if (!config) return Effect.succeed([] as ReadonlyArray<{ id: string; name: string }>);\n return getServiceFromConfig(config, ctx, timeoutMs, preferSdk).pipe(\n Effect.flatMap((svc) => svc.listItems(config.vaultId)),\n Effect.map(\n (items): ReadonlyArray<{ id: string; name: string }> =>\n items.map((item) => ({ id: item.id, name: item.title })),\n ),\n );\n }),\n Effect.orElseSucceed(() => [] as ReadonlyArray<{ id: string; name: string }>),\n ),\n});\n\nconst makeOnePasswordExtension = (\n ctx: PluginCtx<OnePasswordStore>,\n timeoutMs: number,\n preferSdk: boolean | undefined,\n) => {\n return {\n configure: (config: OnePasswordConfig, targetScope: string) =>\n ctx.storage.saveConfig(config, targetScope),\n\n getConfig: () => ctx.storage.getConfig(),\n\n removeConfig: (targetScope: string) => ctx.storage.deleteConfig(targetScope),\n\n status: () =>\n Effect.gen(function* () {\n const config = yield* ctx.storage.getConfig();\n if (!config) {\n return new ConnectionStatus({\n connected: false,\n error: \"Not configured\",\n });\n }\n const svc = yield* getServiceFromConfig(config, ctx, timeoutMs, preferSdk);\n const vaults = yield* svc.listVaults();\n const vault = vaults.find((v) => v.id === config.vaultId);\n return new ConnectionStatus({\n connected: true,\n vaultName: vault?.title,\n });\n }),\n\n listVaults: (auth: OnePasswordAuth) =>\n Effect.gen(function* () {\n const resolved = yield* resolveAuth(auth, ctx);\n const svc = yield* makeOnePasswordService(resolved, {\n timeoutMs,\n preferSdk,\n });\n const vaults = yield* svc.listVaults();\n return vaults\n .map((v) => new Vault({ id: v.id, name: v.title }))\n .sort((a, b) => a.name.localeCompare(b.name));\n }),\n\n resolve: (uri: string) =>\n Effect.gen(function* () {\n const config = yield* ctx.storage.getConfig();\n if (!config) {\n return yield* new OnePasswordError({\n operation: \"resolve\",\n message: \"1Password is not configured\",\n });\n }\n const scopedUri = configuredVaultUri(config, uri);\n if (scopedUri === null) {\n return yield* new OnePasswordError({\n operation: \"resolve\",\n message: \"1Password secret URI is outside the configured vault\",\n });\n }\n const svc = yield* getServiceFromConfig(config, ctx, timeoutMs, preferSdk);\n return yield* svc.resolveSecret(scopedUri);\n }),\n };\n};\n\nexport type OnePasswordExtension = ReturnType<typeof makeOnePasswordExtension>;\n\n// ---------------------------------------------------------------------------\n// Plugin factory\n// ---------------------------------------------------------------------------\n\nexport interface OnePasswordPluginOptions {\n /** Request timeout in ms (default: 15000) */\n readonly timeoutMs?: number;\n /** Force use of the native SDK instead of the CLI (default: false) */\n readonly preferSdk?: boolean;\n}\n\nexport const onepasswordPlugin = definePlugin((options?: OnePasswordPluginOptions) => {\n const timeoutMs = options?.timeoutMs ?? DEFAULT_TIMEOUT_MS;\n const preferSdk = options?.preferSdk;\n\n return {\n id: \"onepassword\" as const,\n packageName: \"@executor-js/plugin-onepassword\",\n storage: ({ blobs }) => makeOnePasswordStore(blobs),\n\n extension: (ctx) => makeOnePasswordExtension(ctx, timeoutMs, preferSdk),\n\n secretProviders: (ctx) => [makeProvider(ctx, timeoutMs, preferSdk)],\n };\n // HTTP transport (routes/handlers/extensionService) is layered on by\n // the api-aware factory in `@executor-js/plugin-onepassword/api`. Hosts\n // that want the HTTP surface import the plugin from there; SDK-only\n // consumers stay on this entry and avoid the server-only deps.\n});\n"],"mappings":";;;;;;;;AAAA,SAAS,SAAS,UAAU,QAAQ,iBAAiB;AACrD,YAAY,QAAQ;AA+Bb,IAAM,wBAAN,cAAoC,QAAQ,QAGjD,EAAE,oDAAoD,EAAE;AAAC;AAc3D,IAAM,qBAAqB;AAG3B,IAAM,qBAAqB,MACzB,OAAO,WAAW;AAAA,EAChB,KAAK,MAAM,OAAO,gBAAgB;AAAA,EAClC,OAAO,MACL,IAAI,iBAAiB;AAAA,IACnB,WAAW;AAAA,IACX,SAAS;AAAA,EACX,CAAC;AACL,CAAC;AAEH,IAAM,qBAAqB,CAAC,WAAmB,cAC7C;AAAA,EACE,GAAG,SAAS,qBAAqB,KAAK,MAAM,YAAY,GAAI,CAAC;AAAA,EAC7D;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,EAAE,KAAK,IAAI;AAEb,IAAM,8BAA8B,CAAC,WAAmB,cACtD,OAAO,cAAc;AAAA,EACnB,UAAU,SAAS,OAAO,SAAS;AAAA,EACnC,QAAQ,MACN,OAAO;AAAA,IACL,IAAI,iBAAiB;AAAA,MACnB;AAAA,MACA,SAAS,mBAAmB,WAAW,SAAS;AAAA,IAClD,CAAC;AAAA,EACH;AACJ,CAAC;AAEI,IAAM,uBAAuB,CAClC,MACA,YAAoB,uBAEpB,OAAO,IAAI,aAAa;AACtB,QAAM,MAAM,OAAO,mBAAmB,EAAE;AAAA,IACtC,4BAA4B,mBAAmB,SAAS;AAAA,EAC1D;AAEA,QAAM,SAAS,OAAO,OAAO,WAAW;AAAA,IACtC,KAAK,MACH,IAAI,aAAa;AAAA,MACf,MAAM,KAAK,SAAS,gBAAgB,IAAI,IAAI,YAAY,KAAK,WAAW,IAAI,KAAK;AAAA,MACjF,iBAAiB;AAAA,MACjB,oBAAoB;AAAA,IACtB,CAAC;AAAA,IACH,OAAO,MACL,IAAI,iBAAiB;AAAA,MACnB,WAAW;AAAA,MACX,SAAS;AAAA,IACX,CAAC;AAAA,EACL,CAAC,EAAE,KAAK,4BAA4B,gBAAgB,SAAS,CAAC;AAE9D,QAAM,OAAO,CAAI,IAAsB,cACrC,OAAO,WAAW;AAAA,IAChB,KAAK;AAAA,IACL,OAAO,MACL,IAAI,iBAAiB;AAAA,MACnB;AAAA,MACA,SAAS,iBAAiB,SAAS;AAAA,IACrC,CAAC;AAAA,EACL,CAAC,EAAE;AAAA,IACD,4BAA4B,WAAW,SAAS;AAAA,IAChD,OAAO,SAAS,mBAAmB,SAAS,EAAE;AAAA,EAChD;AAEF,SAAO,sBAAsB,GAAG;AAAA,IAC9B,eAAe,CAAC,QAAQ,KAAK,MAAM,OAAO,QAAQ,QAAQ,GAAG,GAAG,mBAAmB;AAAA,IAEnF,YAAY,MACV,KAAK,MAAM,OAAO,OAAO,KAAK,EAAE,gBAAgB,KAAK,CAAC,GAAG,eAAe,EAAE;AAAA,MACxE,OAAO,IAAI,CAAC,WAAW,OAAO,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,IAAI,OAAO,EAAE,MAAM,EAAE,CAAC;AAAA,IAC1E;AAAA,IAEF,WAAW,CAAC,YACV,KAAK,MAAM,OAAO,MAAM,KAAK,OAAO,GAAG,cAAc,EAAE;AAAA,MACrD,OAAO,IAAI,CAAC,UAAU,MAAM,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,IAAI,OAAO,EAAE,MAAM,EAAE,CAAC;AAAA,IACxE;AAAA,EACJ,CAAC;AACH,CAAC,EAAE,KAAK,OAAO,SAAS,8BAA8B,CAAC;AAMzD,IAAM,cAAc,UAAU,WAAW,CAAC;AAEnC,IAAM,iBAAiB,CAC5B,SAEA,OAAO,KAAK,MAAM;AAChB,QAAM,WAAW,CAAI,IAAa,cAChC,YACG,YAAY,CAAC;AAAA,IACZ,OAAO,IAAI;AAAA,MACT,KAAK,MAAM;AACT,YAAI,KAAK,SAAS,mBAAmB;AACnC,UAAG,kBAAe,CAAC,CAAC;AACpB,UAAG,qBAAkB,KAAK,KAAK;AAAA,QACjC,OAAO;AACL,UAAG,qBAAkB,EAAE;AACvB,UAAG,kBAAe,EAAE,SAAS,KAAK,YAAY,CAAC;AAAA,QACjD;AACA,eAAO,GAAG;AAAA,MACZ;AAAA,MACA,OAAO,MACL,IAAI,iBAAiB;AAAA,QACnB;AAAA,QACA,SAAS,iBAAiB,SAAS;AAAA,MACrC,CAAC;AAAA,IACL,CAAC;AAAA,EACH,EACC,KAAK,OAAO,SAAS,mBAAmB,SAAS,EAAE,CAAC;AAEzD,SAAO,sBAAsB,GAAG;AAAA,IAC9B,eAAe,CAAC,QAAQ,SAAS,MAAS,QAAK,MAAM,GAAG,GAAG,mBAAmB;AAAA,IAE9E,YAAY,MACV,SAAS,MAAS,SAAM,KAAK,GAAG,eAAe,EAAE;AAAA,MAC/C,OAAO,IAAI,CAAC,WAAW,OAAO,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,IAAI,OAAO,EAAE,KAAK,EAAE,CAAC;AAAA,IACzE;AAAA,IAEF,WAAW,CAAC,YACV,SAAS,MAAS,QAAK,KAAK,EAAE,OAAO,QAAQ,CAAC,GAAG,cAAc,EAAE;AAAA,MAC/D,OAAO,IAAI,CAAC,UAAU,MAAM,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,IAAI,OAAO,EAAE,MAAM,EAAE,CAAC;AAAA,IACxE;AAAA,EACJ,CAAC;AACH,CAAC,EAAE,KAAK,OAAO,SAAS,8BAA8B,CAAC;AAMlD,IAAM,yBAAyB,CACpC,MACA,YACwD;AACxD,QAAM,YAAY,SAAS,aAAa;AAExC,MAAI,SAAS,WAAW;AACtB,WAAO,qBAAqB,MAAM,SAAS;AAAA,EAC7C;AAGA,SAAO,eAAe,IAAI,EAAE;AAAA,IAC1B,OAAO;AAAA,MAAM,CAAC;AAAA;AAAA,QAEZ,qBAAqB,MAAM,SAAS,EAAE,KAAK,OAAO,SAAS,MAAM,QAAQ,CAAC;AAAA;AAAA,IAC5E;AAAA,EACF;AACF;;;AC7MA,SAAS,UAAAA,SAAQ,cAAc;AAE/B;AAAA,EACE;AAAA,EACA;AAAA,OAKK;AAWP,IAAM,mBAAmB;AACzB,IAAMC,sBAAqB;AAC3B,IAAM,aAAa;AAuCnB,IAAM,eAAe,OAAO,oBAAoB,OAAO,eAAe,iBAAiB,CAAC;AAExF,IAAM,mBACJ,CAAC,cACD,CAAC,UACC,IAAI,aAAa;AAAA,EACf,SAAS,oBAAoB,SAAS;AAAA,EACtC;AACF,CAAC;AAEE,IAAM,uBAAuB,CAAC,WAA8C;AAAA,EACjF,WAAW,MACT,MAAM,IAAI,UAAU,EAAE;AAAA,IACpBC,QAAO,SAAS,iBAAiB,MAAM,CAAC;AAAA,IACxCA,QAAO,QAAQ,CAAC,QAAQ;AACtB,UAAI,QAAQ,KAAM,QAAOA,QAAO,QAAQ,IAAI;AAC5C,aAAO,aAAa,GAAG,EAAE;AAAA,QACvBA,QAAO;AAAA,UACL,MACE,IAAI,iBAAiB;AAAA,YACnB,WAAW;AAAA,YACX,SAAS;AAAA,UACX,CAAC;AAAA,QACL;AAAA,MACF;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEF,YAAY,CAAC,QAAQ,gBACnB,MACG;AAAA,IACC;AAAA,IACA,KAAK,UAAU;AAAA,MACb,MAAM,OAAO;AAAA,MACb,SAAS,OAAO;AAAA,MAChB,MAAM,OAAO;AAAA,IACf,CAAC;AAAA,IACD,EAAE,OAAO,YAAY;AAAA,EACvB,EACC,KAAKA,QAAO,SAAS,iBAAiB,OAAO,CAAC,CAAC;AAAA,EAEpD,cAAc,CAAC,gBACb,MACG,OAAO,YAAY,EAAE,OAAO,YAAY,CAAC,EACzC,KAAKA,QAAO,SAAS,iBAAiB,QAAQ,CAAC,CAAC;AACvD;AAMA,IAAM,cAAc,CAClB,MACA,QACmE;AACnE,MAAI,KAAK,SAAS,eAAe;AAC/B,WAAOA,QAAO,QAAQ;AAAA,MACpB,MAAM;AAAA,MACN,aAAa,KAAK;AAAA,IACpB,CAAC;AAAA,EACH;AACA,SAAO,IAAI,QAAQ,IAAI,KAAK,aAAa,EAAE;AAAA,IACzCA,QAAO;AAAA,MAAS;AAAA,MAAgC,MAC9CA,QAAO;AAAA,QACL,IAAI,iBAAiB;AAAA,UACnB,WAAW;AAAA,UACX,SAAS,iCAAiC,KAAK,aAAa;AAAA,QAC9D,CAAC;AAAA,MACH;AAAA,IACF;AAAA,IACAA,QAAO,QAAQ,CAAC,UAAU;AACxB,UAAI,UAAU,MAAM;AAClB,eAAOA,QAAO;AAAA,UACZ,IAAI,iBAAiB;AAAA,YACnB,WAAW;AAAA,YACX,SAAS,iCAAiC,KAAK,aAAa;AAAA,UAC9D,CAAC;AAAA,QACH;AAAA,MACF;AACA,aAAOA,QAAO,QAAQ;AAAA,QACpB,MAAM;AAAA,QACN;AAAA,MACF,CAAC;AAAA,IACH,CAAC;AAAA,EACH;AACF;AAEA,IAAM,uBAAuB,CAC3B,QACA,KACA,WACA,cAEA,YAAY,OAAO,MAAM,GAAG,EAAE;AAAA,EAC5BA,QAAO,QAAQ,CAAC,aAAa,uBAAuB,UAAU,EAAE,WAAW,UAAU,CAAC,CAAC;AACzF;AAEF,IAAM,qBAAqB,CAAC,QAA2B,aAAoC;AACzF,MAAI,CAAC,SAAS,WAAW,OAAO,GAAG;AACjC,WAAO,QAAQ,OAAO,OAAO,IAAI,QAAQ,IAAI,gBAAgB;AAAA,EAC/D;AACA,QAAM,QAAQ,SAAS,MAAM,qBAAqB;AAClD,MAAI,CAAC,SAAS,MAAM,CAAC,MAAM,OAAO,QAAS,QAAO;AAClD,SAAO;AACT;AAMA,IAAM,eAAe,CACnB,KACA,WACA,eACoB;AAAA,EACpB,KAAK;AAAA,EACL,UAAU;AAAA,EACV,eAAe;AAAA;AAAA;AAAA;AAAA,EAKf,KAAK,CAAC,UAAU,WACd,IAAI,QAAQ,UAAU,EAAE;AAAA,IACtBA,QAAO,QAAQ,CAAC,WAAW;AACzB,UAAI,CAAC,OAAQ,QAAOA,QAAO,QAAQ,IAAqB;AAExD,YAAM,MAAM,mBAAmB,QAAQ,QAAQ;AAC/C,UAAI,QAAQ,KAAM,QAAOA,QAAO,QAAQ,IAAqB;AAE7D,aAAO,qBAAqB,QAAQ,KAAK,WAAW,SAAS,EAAE;AAAA,QAC7DA,QAAO,QAAQ,CAAC,QAAQ,IAAI,cAAc,GAAG,CAAC;AAAA,QAC9CA,QAAO,IAAI,CAAC,MAAqB,CAAC;AAAA,QAClCA,QAAO,cAAc,MAAM,IAAI;AAAA,MACjC;AAAA,IACF,CAAC;AAAA,IACDA,QAAO,cAAc,MAAM,IAAI;AAAA,EACjC;AAAA,EAEF,MAAM,MACJ,IAAI,QAAQ,UAAU,EAAE;AAAA,IACtBA,QAAO,QAAQ,CAAC,WAAW;AACzB,UAAI,CAAC,OAAQ,QAAOA,QAAO,QAAQ,CAAC,CAAgD;AACpF,aAAO,qBAAqB,QAAQ,KAAK,WAAW,SAAS,EAAE;AAAA,QAC7DA,QAAO,QAAQ,CAAC,QAAQ,IAAI,UAAU,OAAO,OAAO,CAAC;AAAA,QACrDA,QAAO;AAAA,UACL,CAAC,UACC,MAAM,IAAI,CAACC,WAAU,EAAE,IAAIA,MAAK,IAAI,MAAMA,MAAK,MAAM,EAAE;AAAA,QAC3D;AAAA,MACF;AAAA,IACF,CAAC;AAAA,IACDD,QAAO,cAAc,MAAM,CAAC,CAAgD;AAAA,EAC9E;AACJ;AAEA,IAAM,2BAA2B,CAC/B,KACA,WACA,cACG;AACH,SAAO;AAAA,IACL,WAAW,CAAC,QAA2B,gBACrC,IAAI,QAAQ,WAAW,QAAQ,WAAW;AAAA,IAE5C,WAAW,MAAM,IAAI,QAAQ,UAAU;AAAA,IAEvC,cAAc,CAAC,gBAAwB,IAAI,QAAQ,aAAa,WAAW;AAAA,IAE3E,QAAQ,MACNA,QAAO,IAAI,aAAa;AACtB,YAAM,SAAS,OAAO,IAAI,QAAQ,UAAU;AAC5C,UAAI,CAAC,QAAQ;AACX,eAAO,IAAI,iBAAiB;AAAA,UAC1B,WAAW;AAAA,UACX,OAAO;AAAA,QACT,CAAC;AAAA,MACH;AACA,YAAM,MAAM,OAAO,qBAAqB,QAAQ,KAAK,WAAW,SAAS;AACzE,YAAM,SAAS,OAAO,IAAI,WAAW;AACrC,YAAME,SAAQ,OAAO,KAAK,CAAC,MAAM,EAAE,OAAO,OAAO,OAAO;AACxD,aAAO,IAAI,iBAAiB;AAAA,QAC1B,WAAW;AAAA,QACX,WAAWA,QAAO;AAAA,MACpB,CAAC;AAAA,IACH,CAAC;AAAA,IAEH,YAAY,CAAC,SACXF,QAAO,IAAI,aAAa;AACtB,YAAM,WAAW,OAAO,YAAY,MAAM,GAAG;AAC7C,YAAM,MAAM,OAAO,uBAAuB,UAAU;AAAA,QAClD;AAAA,QACA;AAAA,MACF,CAAC;AACD,YAAM,SAAS,OAAO,IAAI,WAAW;AACrC,aAAO,OACJ,IAAI,CAAC,MAAM,IAAI,MAAM,EAAE,IAAI,EAAE,IAAI,MAAM,EAAE,MAAM,CAAC,CAAC,EACjD,KAAK,CAAC,GAAG,MAAM,EAAE,KAAK,cAAc,EAAE,IAAI,CAAC;AAAA,IAChD,CAAC;AAAA,IAEH,SAAS,CAAC,QACRA,QAAO,IAAI,aAAa;AACtB,YAAM,SAAS,OAAO,IAAI,QAAQ,UAAU;AAC5C,UAAI,CAAC,QAAQ;AACX,eAAO,OAAO,IAAI,iBAAiB;AAAA,UACjC,WAAW;AAAA,UACX,SAAS;AAAA,QACX,CAAC;AAAA,MACH;AACA,YAAM,YAAY,mBAAmB,QAAQ,GAAG;AAChD,UAAI,cAAc,MAAM;AACtB,eAAO,OAAO,IAAI,iBAAiB;AAAA,UACjC,WAAW;AAAA,UACX,SAAS;AAAA,QACX,CAAC;AAAA,MACH;AACA,YAAM,MAAM,OAAO,qBAAqB,QAAQ,KAAK,WAAW,SAAS;AACzE,aAAO,OAAO,IAAI,cAAc,SAAS;AAAA,IAC3C,CAAC;AAAA,EACL;AACF;AAeO,IAAM,oBAAoB,aAAa,CAAC,YAAuC;AACpF,QAAM,YAAY,SAAS,aAAaD;AACxC,QAAM,YAAY,SAAS;AAE3B,SAAO;AAAA,IACL,IAAI;AAAA,IACJ,aAAa;AAAA,IACb,SAAS,CAAC,EAAE,MAAM,MAAM,qBAAqB,KAAK;AAAA,IAElD,WAAW,CAAC,QAAQ,yBAAyB,KAAK,WAAW,SAAS;AAAA,IAEtE,iBAAiB,CAAC,QAAQ,CAAC,aAAa,KAAK,WAAW,SAAS,CAAC;AAAA,EACpE;AAKF,CAAC;","names":["Effect","DEFAULT_TIMEOUT_MS","Effect","item","vault"]}
1
+ {"version":3,"sources":["../src/sdk/service.ts","../src/sdk/plugin.ts"],"sourcesContent":["import { Context, Duration, Effect, Semaphore } from \"effect\";\nimport * as op from \"@1password/op-js\";\n\nimport { OnePasswordError } from \"./errors\";\n\n// ---------------------------------------------------------------------------\n// Canonical service interface — all backends (SDK, CLI) implement this\n// ---------------------------------------------------------------------------\n\nexport interface OnePasswordVault {\n readonly id: string;\n readonly title: string;\n}\n\nexport interface OnePasswordItem {\n readonly id: string;\n readonly title: string;\n}\n\nexport interface OnePasswordService {\n /** Resolve a secret by op:// URI */\n readonly resolveSecret: (uri: string) => Effect.Effect<string, OnePasswordError>;\n\n /** List accessible vaults */\n readonly listVaults: () => Effect.Effect<ReadonlyArray<OnePasswordVault>, OnePasswordError>;\n\n /** List items in a vault */\n readonly listItems: (\n vaultId: string,\n ) => Effect.Effect<ReadonlyArray<OnePasswordItem>, OnePasswordError>;\n}\n\nexport class OnePasswordServiceTag extends Context.Service<\n OnePasswordServiceTag,\n OnePasswordService\n>()(\"@executor-js/plugin-onepassword/OnePasswordService\") {}\n\n// ---------------------------------------------------------------------------\n// Resolved auth — raw credentials ready for any backend\n// ---------------------------------------------------------------------------\n\nexport type ResolvedAuth =\n | { readonly kind: \"desktop-app\"; readonly accountName: string }\n | { readonly kind: \"service-account\"; readonly token: string };\n\n// ---------------------------------------------------------------------------\n// SDK backend — uses @1password/sdk native IPC\n// ---------------------------------------------------------------------------\n\nconst DEFAULT_TIMEOUT_MS = 15_000;\ntype OnePasswordSdkModule = typeof import(\"@1password/sdk\");\n\nconst loadOnePasswordSdk = (): Effect.Effect<OnePasswordSdkModule, OnePasswordError> =>\n Effect.tryPromise({\n try: () => import(\"@1password/sdk\"),\n catch: () =>\n new OnePasswordError({\n operation: \"sdk module load\",\n message: \"Failed to load 1Password SDK\",\n }),\n });\n\nconst makeTimeoutMessage = (operation: string, timeoutMs: number): string =>\n [\n `${operation}: timed out after ${Math.floor(timeoutMs / 1000)}s.`,\n \"Troubleshooting:\",\n \"1. Make sure the 1Password desktop app is open and unlocked\",\n \"2. Check for an approval prompt in the 1Password app — it may be behind other windows\",\n \"3. Ensure 'Developer > Connect with 1Password CLI' is enabled in 1Password Settings\",\n \"4. Make sure no other app or terminal is waiting for 1Password approval (only one prompt at a time)\",\n \"5. Try quitting 1Password completely and reopening it, then retry\",\n ].join(\"\\n\");\n\nconst timeoutWithOnePasswordError = (operation: string, timeoutMs: number) =>\n Effect.timeoutOrElse({\n duration: Duration.millis(timeoutMs),\n orElse: () =>\n Effect.fail(\n new OnePasswordError({\n operation,\n message: makeTimeoutMessage(operation, timeoutMs),\n }),\n ),\n });\n\nexport const makeNativeSdkService = (\n auth: ResolvedAuth,\n timeoutMs: number = DEFAULT_TIMEOUT_MS,\n): Effect.Effect<OnePasswordService, OnePasswordError> =>\n Effect.gen(function* () {\n const sdk = yield* loadOnePasswordSdk().pipe(\n timeoutWithOnePasswordError(\"sdk module load\", timeoutMs),\n );\n\n const client = yield* Effect.tryPromise({\n try: () =>\n sdk.createClient({\n auth: auth.kind === \"desktop-app\" ? new sdk.DesktopAuth(auth.accountName) : auth.token,\n integrationName: \"Executor\",\n integrationVersion: \"0.0.0\",\n }),\n catch: () =>\n new OnePasswordError({\n operation: \"client setup\",\n message: \"Failed to set up 1Password client\",\n }),\n }).pipe(timeoutWithOnePasswordError(\"client setup\", timeoutMs));\n\n const wrap = <A>(fn: () => Promise<A>, operation: string): Effect.Effect<A, OnePasswordError> =>\n Effect.tryPromise({\n try: fn,\n catch: () =>\n new OnePasswordError({\n operation,\n message: `1Password SDK ${operation} failed`,\n }),\n }).pipe(\n timeoutWithOnePasswordError(operation, timeoutMs),\n Effect.withSpan(`onepassword.sdk.${operation}`),\n );\n\n return OnePasswordServiceTag.of({\n resolveSecret: (uri) => wrap(() => client.secrets.resolve(uri), \"secret resolution\"),\n\n listVaults: () =>\n wrap(() => client.vaults.list({ decryptDetails: true }), \"vault listing\").pipe(\n Effect.map((vaults) => vaults.map((v) => ({ id: v.id, title: v.title }))),\n ),\n\n listItems: (vaultId) =>\n wrap(() => client.items.list(vaultId), \"item listing\").pipe(\n Effect.map((items) => items.map((i) => ({ id: i.id, title: i.title }))),\n ),\n });\n }).pipe(Effect.withSpan(\"onepassword.sdk.make_service\"));\n\n// ---------------------------------------------------------------------------\n// CLI backend — uses @1password/op-js (shells out to `op` CLI)\n// ---------------------------------------------------------------------------\n\nconst cliAuthLock = Semaphore.makeUnsafe(1);\n\nexport const makeCliService = (\n auth: ResolvedAuth,\n): Effect.Effect<OnePasswordService, OnePasswordError> =>\n Effect.sync(() => {\n const wrapSync = <A>(fn: () => A, operation: string): Effect.Effect<A, OnePasswordError> =>\n cliAuthLock\n .withPermits(1)(\n Effect.try({\n try: () => {\n if (auth.kind === \"service-account\") {\n op.setGlobalFlags({});\n op.setServiceAccount(auth.token);\n } else {\n op.setServiceAccount(\"\");\n op.setGlobalFlags({ account: auth.accountName });\n }\n return fn();\n },\n catch: () =>\n new OnePasswordError({\n operation,\n message: `1Password CLI ${operation} failed`,\n }),\n }),\n )\n .pipe(Effect.withSpan(`onepassword.cli.${operation}`));\n\n return OnePasswordServiceTag.of({\n resolveSecret: (uri) => wrapSync(() => op.read.parse(uri), \"secret resolution\"),\n\n listVaults: () =>\n wrapSync(() => op.vault.list(), \"vault listing\").pipe(\n Effect.map((vaults) => vaults.map((v) => ({ id: v.id, title: v.name }))),\n ),\n\n listItems: (vaultId) =>\n wrapSync(() => op.item.list({ vault: vaultId }), \"item listing\").pipe(\n Effect.map((items) => items.map((i) => ({ id: i.id, title: i.title }))),\n ),\n });\n }).pipe(Effect.withSpan(\"onepassword.cli.make_service\"));\n\n// ---------------------------------------------------------------------------\n// Smart factory — tries CLI first (avoids IPC hang), falls back to SDK\n// ---------------------------------------------------------------------------\n\nexport const makeOnePasswordService = (\n auth: ResolvedAuth,\n options?: { readonly preferSdk?: boolean; readonly timeoutMs?: number },\n): Effect.Effect<OnePasswordService, OnePasswordError> => {\n const timeoutMs = options?.timeoutMs ?? DEFAULT_TIMEOUT_MS;\n\n if (options?.preferSdk) {\n return makeNativeSdkService(auth, timeoutMs);\n }\n\n // Default: prefer CLI to avoid the IPC hang bug\n return makeCliService(auth).pipe(\n Effect.catch((cliError: OnePasswordError) =>\n // CLI unavailable (e.g. `op` not installed) — fall back to SDK\n makeNativeSdkService(auth, timeoutMs).pipe(Effect.mapError(() => cliError)),\n ),\n );\n};\n","import { Effect, Schema } from \"effect\";\n\nimport {\n definePlugin,\n StorageError,\n type PluginCtx,\n type PluginBlobStore,\n type SecretProvider,\n type StorageFailure,\n} from \"@executor-js/sdk/core\";\n\nimport { OnePasswordConfig, Vault, ConnectionStatus } from \"./types\";\nimport type { OnePasswordAuth } from \"./types\";\nimport { OnePasswordError } from \"./errors\";\nimport { makeOnePasswordService, type ResolvedAuth, type OnePasswordService } from \"./service\";\n\n// ---------------------------------------------------------------------------\n// Constants\n// ---------------------------------------------------------------------------\n\nconst CREDENTIAL_FIELD = \"credential\";\nconst DEFAULT_TIMEOUT_MS = 15_000;\nconst CONFIG_KEY = \"config\";\n\n// ---------------------------------------------------------------------------\n// Shared failure alias.\n//\n// Every extension method either touches storage (`ctx.storage` blobs or\n// `ctx.secrets`) or reaches the 1Password backend. Storage I/O surfaces\n// as `StorageFailure`; the HTTP edge (`withCapture`) translates\n// `StorageError` to `InternalError({ traceId })`. Domain problems (not\n// configured, service-account token missing, backend RPC failure) stay\n// as `OnePasswordError` and encode to 502 via the schema annotation on\n// the class.\n// ---------------------------------------------------------------------------\n\nexport type OnePasswordExtensionFailure = OnePasswordError | StorageFailure;\n\n// ---------------------------------------------------------------------------\n// Plugin extension — public API on executor.onepassword\n// ---------------------------------------------------------------------------\n\n// ---------------------------------------------------------------------------\n// Typed config store — single blob, JSON encoded. Blob I/O failures surface\n// as `StorageError` (HTTP edge translates to `InternalError`); decode\n// failures stay `OnePasswordError` — the blob's contents are a plugin\n// concern, not an infrastructure one.\n// ---------------------------------------------------------------------------\n\nexport interface OnePasswordStore {\n readonly getConfig: () => Effect.Effect<\n OnePasswordConfig | null,\n StorageError | OnePasswordError\n >;\n readonly saveConfig: (\n config: OnePasswordConfig,\n targetScope: string,\n ) => Effect.Effect<void, StorageError>;\n readonly deleteConfig: (targetScope: string) => Effect.Effect<void, StorageError>;\n}\n\nconst decodeConfig = Schema.decodeUnknownEffect(Schema.fromJsonString(OnePasswordConfig));\n\nconst blobStorageError =\n (operation: string) =>\n (cause: unknown): StorageError =>\n new StorageError({\n message: `onepassword blob ${operation} failed`,\n cause,\n });\n\nexport const makeOnePasswordStore = (blobs: PluginBlobStore): OnePasswordStore => ({\n getConfig: () =>\n blobs.get(CONFIG_KEY).pipe(\n Effect.mapError(blobStorageError(\"read\")),\n Effect.flatMap((raw) => {\n if (raw === null) return Effect.succeed(null);\n return decodeConfig(raw).pipe(\n Effect.mapError(\n () =>\n new OnePasswordError({\n operation: \"config decode\",\n message: \"Failed to decode 1Password config\",\n }),\n ),\n );\n }),\n ),\n\n saveConfig: (config, targetScope) =>\n blobs\n .put(\n CONFIG_KEY,\n JSON.stringify({\n auth: config.auth,\n vaultId: config.vaultId,\n name: config.name,\n }),\n { scope: targetScope },\n )\n .pipe(Effect.mapError(blobStorageError(\"write\"))),\n\n deleteConfig: (targetScope) =>\n blobs\n .delete(CONFIG_KEY, { scope: targetScope })\n .pipe(Effect.mapError(blobStorageError(\"delete\"))),\n});\n\n// ---------------------------------------------------------------------------\n// Helpers — auth resolution + service construction\n// ---------------------------------------------------------------------------\n\nconst resolveAuth = (\n auth: OnePasswordAuth,\n ctx: PluginCtx<OnePasswordStore>,\n): Effect.Effect<ResolvedAuth, OnePasswordError | StorageFailure> => {\n if (auth.kind === \"desktop-app\") {\n return Effect.succeed({\n kind: \"desktop-app\" as const,\n accountName: auth.accountName,\n });\n }\n return ctx.secrets.get(auth.tokenSecretId).pipe(\n Effect.catchTag(\"SecretOwnedByConnectionError\", () =>\n Effect.fail(\n new OnePasswordError({\n operation: \"auth resolution\",\n message: `Service account token secret \"${auth.tokenSecretId}\" not found`,\n }),\n ),\n ),\n Effect.flatMap((token) => {\n if (token === null) {\n return Effect.fail(\n new OnePasswordError({\n operation: \"auth resolution\",\n message: `Service account token secret \"${auth.tokenSecretId}\" not found`,\n }),\n );\n }\n return Effect.succeed({\n kind: \"service-account\" as const,\n token,\n });\n }),\n );\n};\n\nconst getServiceFromConfig = (\n config: OnePasswordConfig,\n ctx: PluginCtx<OnePasswordStore>,\n timeoutMs: number,\n preferSdk: boolean | undefined,\n): Effect.Effect<OnePasswordService, OnePasswordError | StorageFailure> =>\n resolveAuth(config.auth, ctx).pipe(\n Effect.flatMap((resolved) => makeOnePasswordService(resolved, { timeoutMs, preferSdk })),\n );\n\nconst configuredVaultUri = (config: OnePasswordConfig, secretId: string): string | null => {\n if (!secretId.startsWith(\"op://\")) {\n return `op://${config.vaultId}/${secretId}/${CREDENTIAL_FIELD}`;\n }\n const match = secretId.match(/^op:\\/\\/([^/]+)\\/.+/);\n if (!match || match[1] !== config.vaultId) return null;\n return secretId;\n};\n\n// ---------------------------------------------------------------------------\n// SecretProvider — read-only, resolves op:// URIs or vaultId-based lookups\n// ---------------------------------------------------------------------------\n\nconst makeProvider = (\n ctx: PluginCtx<OnePasswordStore>,\n timeoutMs: number,\n preferSdk: boolean | undefined,\n): SecretProvider => ({\n key: \"onepassword\",\n writable: false,\n allowFallback: false,\n\n // 1Password vaults are named in the stored config; the executor-scope\n // arg isn't used for routing here. A future refactor could let the\n // plugin store per-scope vault bindings and pick based on `scope`.\n get: (secretId, _scope) =>\n ctx.storage.getConfig().pipe(\n Effect.flatMap((config) => {\n if (!config) return Effect.succeed(null as string | null);\n\n const uri = configuredVaultUri(config, secretId);\n if (uri === null) return Effect.succeed(null as string | null);\n\n return getServiceFromConfig(config, ctx, timeoutMs, preferSdk).pipe(\n Effect.flatMap((svc) => svc.resolveSecret(uri)),\n Effect.map((v): string | null => v),\n Effect.orElseSucceed(() => null),\n );\n }),\n Effect.orElseSucceed(() => null),\n ),\n\n list: () =>\n ctx.storage.getConfig().pipe(\n Effect.flatMap((config) => {\n if (!config) return Effect.succeed([] as ReadonlyArray<{ id: string; name: string }>);\n return getServiceFromConfig(config, ctx, timeoutMs, preferSdk).pipe(\n Effect.flatMap((svc) => svc.listItems(config.vaultId)),\n Effect.map(\n (items): ReadonlyArray<{ id: string; name: string }> =>\n items.map((item) => ({ id: item.id, name: item.title })),\n ),\n );\n }),\n Effect.orElseSucceed(() => [] as ReadonlyArray<{ id: string; name: string }>),\n ),\n});\n\nconst makeOnePasswordExtension = (\n ctx: PluginCtx<OnePasswordStore>,\n timeoutMs: number,\n preferSdk: boolean | undefined,\n) => {\n return {\n configure: (config: OnePasswordConfig, targetScope: string) =>\n ctx.storage.saveConfig(config, targetScope),\n\n getConfig: () => ctx.storage.getConfig(),\n\n removeConfig: (targetScope: string) => ctx.storage.deleteConfig(targetScope),\n\n status: () =>\n Effect.gen(function* () {\n const config = yield* ctx.storage.getConfig();\n if (!config) {\n return ConnectionStatus.make({\n connected: false,\n error: \"Not configured\",\n });\n }\n const svc = yield* getServiceFromConfig(config, ctx, timeoutMs, preferSdk);\n const vaults = yield* svc.listVaults();\n const vault = vaults.find((v) => v.id === config.vaultId);\n return ConnectionStatus.make({\n connected: true,\n vaultName: vault?.title,\n });\n }),\n\n listVaults: (auth: OnePasswordAuth) =>\n Effect.gen(function* () {\n const resolved = yield* resolveAuth(auth, ctx);\n const svc = yield* makeOnePasswordService(resolved, {\n timeoutMs,\n preferSdk,\n });\n const vaults = yield* svc.listVaults();\n return vaults\n .map((v) => Vault.make({ id: v.id, name: v.title }))\n .sort((a, b) => a.name.localeCompare(b.name));\n }),\n\n resolve: (uri: string) =>\n Effect.gen(function* () {\n const config = yield* ctx.storage.getConfig();\n if (!config) {\n return yield* new OnePasswordError({\n operation: \"resolve\",\n message: \"1Password is not configured\",\n });\n }\n const scopedUri = configuredVaultUri(config, uri);\n if (scopedUri === null) {\n return yield* new OnePasswordError({\n operation: \"resolve\",\n message: \"1Password secret URI is outside the configured vault\",\n });\n }\n const svc = yield* getServiceFromConfig(config, ctx, timeoutMs, preferSdk);\n return yield* svc.resolveSecret(scopedUri);\n }),\n };\n};\n\nexport type OnePasswordExtension = ReturnType<typeof makeOnePasswordExtension>;\n\n// ---------------------------------------------------------------------------\n// Plugin factory\n// ---------------------------------------------------------------------------\n\nexport interface OnePasswordPluginOptions {\n /** Request timeout in ms (default: 15000) */\n readonly timeoutMs?: number;\n /** Force use of the native SDK instead of the CLI (default: false) */\n readonly preferSdk?: boolean;\n}\n\nexport const onepasswordPlugin = definePlugin((options?: OnePasswordPluginOptions) => {\n const timeoutMs = options?.timeoutMs ?? DEFAULT_TIMEOUT_MS;\n const preferSdk = options?.preferSdk;\n\n return {\n id: \"onepassword\" as const,\n packageName: \"@executor-js/plugin-onepassword\",\n storage: ({ blobs }) => makeOnePasswordStore(blobs),\n\n extension: (ctx) => makeOnePasswordExtension(ctx, timeoutMs, preferSdk),\n\n secretProviders: (ctx) => [makeProvider(ctx, timeoutMs, preferSdk)],\n };\n // HTTP transport (routes/handlers/extensionService) is layered on by\n // the api-aware factory in `@executor-js/plugin-onepassword/api`. Hosts\n // that want the HTTP surface import the plugin from there; SDK-only\n // consumers stay on this entry and avoid the server-only deps.\n});\n"],"mappings":";;;;;;;;AAAA,SAAS,SAAS,UAAU,QAAQ,iBAAiB;AACrD,YAAY,QAAQ;AA+Bb,IAAM,wBAAN,cAAoC,QAAQ,QAGjD,EAAE,oDAAoD,EAAE;AAAC;AAc3D,IAAM,qBAAqB;AAG3B,IAAM,qBAAqB,MACzB,OAAO,WAAW;AAAA,EAChB,KAAK,MAAM,OAAO,gBAAgB;AAAA,EAClC,OAAO,MACL,IAAI,iBAAiB;AAAA,IACnB,WAAW;AAAA,IACX,SAAS;AAAA,EACX,CAAC;AACL,CAAC;AAEH,IAAM,qBAAqB,CAAC,WAAmB,cAC7C;AAAA,EACE,GAAG,SAAS,qBAAqB,KAAK,MAAM,YAAY,GAAI,CAAC;AAAA,EAC7D;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,EAAE,KAAK,IAAI;AAEb,IAAM,8BAA8B,CAAC,WAAmB,cACtD,OAAO,cAAc;AAAA,EACnB,UAAU,SAAS,OAAO,SAAS;AAAA,EACnC,QAAQ,MACN,OAAO;AAAA,IACL,IAAI,iBAAiB;AAAA,MACnB;AAAA,MACA,SAAS,mBAAmB,WAAW,SAAS;AAAA,IAClD,CAAC;AAAA,EACH;AACJ,CAAC;AAEI,IAAM,uBAAuB,CAClC,MACA,YAAoB,uBAEpB,OAAO,IAAI,aAAa;AACtB,QAAM,MAAM,OAAO,mBAAmB,EAAE;AAAA,IACtC,4BAA4B,mBAAmB,SAAS;AAAA,EAC1D;AAEA,QAAM,SAAS,OAAO,OAAO,WAAW;AAAA,IACtC,KAAK,MACH,IAAI,aAAa;AAAA,MACf,MAAM,KAAK,SAAS,gBAAgB,IAAI,IAAI,YAAY,KAAK,WAAW,IAAI,KAAK;AAAA,MACjF,iBAAiB;AAAA,MACjB,oBAAoB;AAAA,IACtB,CAAC;AAAA,IACH,OAAO,MACL,IAAI,iBAAiB;AAAA,MACnB,WAAW;AAAA,MACX,SAAS;AAAA,IACX,CAAC;AAAA,EACL,CAAC,EAAE,KAAK,4BAA4B,gBAAgB,SAAS,CAAC;AAE9D,QAAM,OAAO,CAAI,IAAsB,cACrC,OAAO,WAAW;AAAA,IAChB,KAAK;AAAA,IACL,OAAO,MACL,IAAI,iBAAiB;AAAA,MACnB;AAAA,MACA,SAAS,iBAAiB,SAAS;AAAA,IACrC,CAAC;AAAA,EACL,CAAC,EAAE;AAAA,IACD,4BAA4B,WAAW,SAAS;AAAA,IAChD,OAAO,SAAS,mBAAmB,SAAS,EAAE;AAAA,EAChD;AAEF,SAAO,sBAAsB,GAAG;AAAA,IAC9B,eAAe,CAAC,QAAQ,KAAK,MAAM,OAAO,QAAQ,QAAQ,GAAG,GAAG,mBAAmB;AAAA,IAEnF,YAAY,MACV,KAAK,MAAM,OAAO,OAAO,KAAK,EAAE,gBAAgB,KAAK,CAAC,GAAG,eAAe,EAAE;AAAA,MACxE,OAAO,IAAI,CAAC,WAAW,OAAO,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,IAAI,OAAO,EAAE,MAAM,EAAE,CAAC;AAAA,IAC1E;AAAA,IAEF,WAAW,CAAC,YACV,KAAK,MAAM,OAAO,MAAM,KAAK,OAAO,GAAG,cAAc,EAAE;AAAA,MACrD,OAAO,IAAI,CAAC,UAAU,MAAM,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,IAAI,OAAO,EAAE,MAAM,EAAE,CAAC;AAAA,IACxE;AAAA,EACJ,CAAC;AACH,CAAC,EAAE,KAAK,OAAO,SAAS,8BAA8B,CAAC;AAMzD,IAAM,cAAc,UAAU,WAAW,CAAC;AAEnC,IAAM,iBAAiB,CAC5B,SAEA,OAAO,KAAK,MAAM;AAChB,QAAM,WAAW,CAAI,IAAa,cAChC,YACG,YAAY,CAAC;AAAA,IACZ,OAAO,IAAI;AAAA,MACT,KAAK,MAAM;AACT,YAAI,KAAK,SAAS,mBAAmB;AACnC,UAAG,kBAAe,CAAC,CAAC;AACpB,UAAG,qBAAkB,KAAK,KAAK;AAAA,QACjC,OAAO;AACL,UAAG,qBAAkB,EAAE;AACvB,UAAG,kBAAe,EAAE,SAAS,KAAK,YAAY,CAAC;AAAA,QACjD;AACA,eAAO,GAAG;AAAA,MACZ;AAAA,MACA,OAAO,MACL,IAAI,iBAAiB;AAAA,QACnB;AAAA,QACA,SAAS,iBAAiB,SAAS;AAAA,MACrC,CAAC;AAAA,IACL,CAAC;AAAA,EACH,EACC,KAAK,OAAO,SAAS,mBAAmB,SAAS,EAAE,CAAC;AAEzD,SAAO,sBAAsB,GAAG;AAAA,IAC9B,eAAe,CAAC,QAAQ,SAAS,MAAS,QAAK,MAAM,GAAG,GAAG,mBAAmB;AAAA,IAE9E,YAAY,MACV,SAAS,MAAS,SAAM,KAAK,GAAG,eAAe,EAAE;AAAA,MAC/C,OAAO,IAAI,CAAC,WAAW,OAAO,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,IAAI,OAAO,EAAE,KAAK,EAAE,CAAC;AAAA,IACzE;AAAA,IAEF,WAAW,CAAC,YACV,SAAS,MAAS,QAAK,KAAK,EAAE,OAAO,QAAQ,CAAC,GAAG,cAAc,EAAE;AAAA,MAC/D,OAAO,IAAI,CAAC,UAAU,MAAM,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,IAAI,OAAO,EAAE,MAAM,EAAE,CAAC;AAAA,IACxE;AAAA,EACJ,CAAC;AACH,CAAC,EAAE,KAAK,OAAO,SAAS,8BAA8B,CAAC;AAMlD,IAAM,yBAAyB,CACpC,MACA,YACwD;AACxD,QAAM,YAAY,SAAS,aAAa;AAExC,MAAI,SAAS,WAAW;AACtB,WAAO,qBAAqB,MAAM,SAAS;AAAA,EAC7C;AAGA,SAAO,eAAe,IAAI,EAAE;AAAA,IAC1B,OAAO;AAAA,MAAM,CAAC;AAAA;AAAA,QAEZ,qBAAqB,MAAM,SAAS,EAAE,KAAK,OAAO,SAAS,MAAM,QAAQ,CAAC;AAAA;AAAA,IAC5E;AAAA,EACF;AACF;;;AC7MA,SAAS,UAAAA,SAAQ,cAAc;AAE/B;AAAA,EACE;AAAA,EACA;AAAA,OAKK;AAWP,IAAM,mBAAmB;AACzB,IAAMC,sBAAqB;AAC3B,IAAM,aAAa;AAuCnB,IAAM,eAAe,OAAO,oBAAoB,OAAO,eAAe,iBAAiB,CAAC;AAExF,IAAM,mBACJ,CAAC,cACD,CAAC,UACC,IAAI,aAAa;AAAA,EACf,SAAS,oBAAoB,SAAS;AAAA,EACtC;AACF,CAAC;AAEE,IAAM,uBAAuB,CAAC,WAA8C;AAAA,EACjF,WAAW,MACT,MAAM,IAAI,UAAU,EAAE;AAAA,IACpBC,QAAO,SAAS,iBAAiB,MAAM,CAAC;AAAA,IACxCA,QAAO,QAAQ,CAAC,QAAQ;AACtB,UAAI,QAAQ,KAAM,QAAOA,QAAO,QAAQ,IAAI;AAC5C,aAAO,aAAa,GAAG,EAAE;AAAA,QACvBA,QAAO;AAAA,UACL,MACE,IAAI,iBAAiB;AAAA,YACnB,WAAW;AAAA,YACX,SAAS;AAAA,UACX,CAAC;AAAA,QACL;AAAA,MACF;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEF,YAAY,CAAC,QAAQ,gBACnB,MACG;AAAA,IACC;AAAA,IACA,KAAK,UAAU;AAAA,MACb,MAAM,OAAO;AAAA,MACb,SAAS,OAAO;AAAA,MAChB,MAAM,OAAO;AAAA,IACf,CAAC;AAAA,IACD,EAAE,OAAO,YAAY;AAAA,EACvB,EACC,KAAKA,QAAO,SAAS,iBAAiB,OAAO,CAAC,CAAC;AAAA,EAEpD,cAAc,CAAC,gBACb,MACG,OAAO,YAAY,EAAE,OAAO,YAAY,CAAC,EACzC,KAAKA,QAAO,SAAS,iBAAiB,QAAQ,CAAC,CAAC;AACvD;AAMA,IAAM,cAAc,CAClB,MACA,QACmE;AACnE,MAAI,KAAK,SAAS,eAAe;AAC/B,WAAOA,QAAO,QAAQ;AAAA,MACpB,MAAM;AAAA,MACN,aAAa,KAAK;AAAA,IACpB,CAAC;AAAA,EACH;AACA,SAAO,IAAI,QAAQ,IAAI,KAAK,aAAa,EAAE;AAAA,IACzCA,QAAO;AAAA,MAAS;AAAA,MAAgC,MAC9CA,QAAO;AAAA,QACL,IAAI,iBAAiB;AAAA,UACnB,WAAW;AAAA,UACX,SAAS,iCAAiC,KAAK,aAAa;AAAA,QAC9D,CAAC;AAAA,MACH;AAAA,IACF;AAAA,IACAA,QAAO,QAAQ,CAAC,UAAU;AACxB,UAAI,UAAU,MAAM;AAClB,eAAOA,QAAO;AAAA,UACZ,IAAI,iBAAiB;AAAA,YACnB,WAAW;AAAA,YACX,SAAS,iCAAiC,KAAK,aAAa;AAAA,UAC9D,CAAC;AAAA,QACH;AAAA,MACF;AACA,aAAOA,QAAO,QAAQ;AAAA,QACpB,MAAM;AAAA,QACN;AAAA,MACF,CAAC;AAAA,IACH,CAAC;AAAA,EACH;AACF;AAEA,IAAM,uBAAuB,CAC3B,QACA,KACA,WACA,cAEA,YAAY,OAAO,MAAM,GAAG,EAAE;AAAA,EAC5BA,QAAO,QAAQ,CAAC,aAAa,uBAAuB,UAAU,EAAE,WAAW,UAAU,CAAC,CAAC;AACzF;AAEF,IAAM,qBAAqB,CAAC,QAA2B,aAAoC;AACzF,MAAI,CAAC,SAAS,WAAW,OAAO,GAAG;AACjC,WAAO,QAAQ,OAAO,OAAO,IAAI,QAAQ,IAAI,gBAAgB;AAAA,EAC/D;AACA,QAAM,QAAQ,SAAS,MAAM,qBAAqB;AAClD,MAAI,CAAC,SAAS,MAAM,CAAC,MAAM,OAAO,QAAS,QAAO;AAClD,SAAO;AACT;AAMA,IAAM,eAAe,CACnB,KACA,WACA,eACoB;AAAA,EACpB,KAAK;AAAA,EACL,UAAU;AAAA,EACV,eAAe;AAAA;AAAA;AAAA;AAAA,EAKf,KAAK,CAAC,UAAU,WACd,IAAI,QAAQ,UAAU,EAAE;AAAA,IACtBA,QAAO,QAAQ,CAAC,WAAW;AACzB,UAAI,CAAC,OAAQ,QAAOA,QAAO,QAAQ,IAAqB;AAExD,YAAM,MAAM,mBAAmB,QAAQ,QAAQ;AAC/C,UAAI,QAAQ,KAAM,QAAOA,QAAO,QAAQ,IAAqB;AAE7D,aAAO,qBAAqB,QAAQ,KAAK,WAAW,SAAS,EAAE;AAAA,QAC7DA,QAAO,QAAQ,CAAC,QAAQ,IAAI,cAAc,GAAG,CAAC;AAAA,QAC9CA,QAAO,IAAI,CAAC,MAAqB,CAAC;AAAA,QAClCA,QAAO,cAAc,MAAM,IAAI;AAAA,MACjC;AAAA,IACF,CAAC;AAAA,IACDA,QAAO,cAAc,MAAM,IAAI;AAAA,EACjC;AAAA,EAEF,MAAM,MACJ,IAAI,QAAQ,UAAU,EAAE;AAAA,IACtBA,QAAO,QAAQ,CAAC,WAAW;AACzB,UAAI,CAAC,OAAQ,QAAOA,QAAO,QAAQ,CAAC,CAAgD;AACpF,aAAO,qBAAqB,QAAQ,KAAK,WAAW,SAAS,EAAE;AAAA,QAC7DA,QAAO,QAAQ,CAAC,QAAQ,IAAI,UAAU,OAAO,OAAO,CAAC;AAAA,QACrDA,QAAO;AAAA,UACL,CAAC,UACC,MAAM,IAAI,CAACC,WAAU,EAAE,IAAIA,MAAK,IAAI,MAAMA,MAAK,MAAM,EAAE;AAAA,QAC3D;AAAA,MACF;AAAA,IACF,CAAC;AAAA,IACDD,QAAO,cAAc,MAAM,CAAC,CAAgD;AAAA,EAC9E;AACJ;AAEA,IAAM,2BAA2B,CAC/B,KACA,WACA,cACG;AACH,SAAO;AAAA,IACL,WAAW,CAAC,QAA2B,gBACrC,IAAI,QAAQ,WAAW,QAAQ,WAAW;AAAA,IAE5C,WAAW,MAAM,IAAI,QAAQ,UAAU;AAAA,IAEvC,cAAc,CAAC,gBAAwB,IAAI,QAAQ,aAAa,WAAW;AAAA,IAE3E,QAAQ,MACNA,QAAO,IAAI,aAAa;AACtB,YAAM,SAAS,OAAO,IAAI,QAAQ,UAAU;AAC5C,UAAI,CAAC,QAAQ;AACX,eAAO,iBAAiB,KAAK;AAAA,UAC3B,WAAW;AAAA,UACX,OAAO;AAAA,QACT,CAAC;AAAA,MACH;AACA,YAAM,MAAM,OAAO,qBAAqB,QAAQ,KAAK,WAAW,SAAS;AACzE,YAAM,SAAS,OAAO,IAAI,WAAW;AACrC,YAAME,SAAQ,OAAO,KAAK,CAAC,MAAM,EAAE,OAAO,OAAO,OAAO;AACxD,aAAO,iBAAiB,KAAK;AAAA,QAC3B,WAAW;AAAA,QACX,WAAWA,QAAO;AAAA,MACpB,CAAC;AAAA,IACH,CAAC;AAAA,IAEH,YAAY,CAAC,SACXF,QAAO,IAAI,aAAa;AACtB,YAAM,WAAW,OAAO,YAAY,MAAM,GAAG;AAC7C,YAAM,MAAM,OAAO,uBAAuB,UAAU;AAAA,QAClD;AAAA,QACA;AAAA,MACF,CAAC;AACD,YAAM,SAAS,OAAO,IAAI,WAAW;AACrC,aAAO,OACJ,IAAI,CAAC,MAAM,MAAM,KAAK,EAAE,IAAI,EAAE,IAAI,MAAM,EAAE,MAAM,CAAC,CAAC,EAClD,KAAK,CAAC,GAAG,MAAM,EAAE,KAAK,cAAc,EAAE,IAAI,CAAC;AAAA,IAChD,CAAC;AAAA,IAEH,SAAS,CAAC,QACRA,QAAO,IAAI,aAAa;AACtB,YAAM,SAAS,OAAO,IAAI,QAAQ,UAAU;AAC5C,UAAI,CAAC,QAAQ;AACX,eAAO,OAAO,IAAI,iBAAiB;AAAA,UACjC,WAAW;AAAA,UACX,SAAS;AAAA,QACX,CAAC;AAAA,MACH;AACA,YAAM,YAAY,mBAAmB,QAAQ,GAAG;AAChD,UAAI,cAAc,MAAM;AACtB,eAAO,OAAO,IAAI,iBAAiB;AAAA,UACjC,WAAW;AAAA,UACX,SAAS;AAAA,QACX,CAAC;AAAA,MACH;AACA,YAAM,MAAM,OAAO,qBAAqB,QAAQ,KAAK,WAAW,SAAS;AACzE,aAAO,OAAO,IAAI,cAAc,SAAS;AAAA,IAC3C,CAAC;AAAA,EACL;AACF;AAeO,IAAM,oBAAoB,aAAa,CAAC,YAAuC;AACpF,QAAM,YAAY,SAAS,aAAaD;AACxC,QAAM,YAAY,SAAS;AAE3B,SAAO;AAAA,IACL,IAAI;AAAA,IACJ,aAAa;AAAA,IACb,SAAS,CAAC,EAAE,MAAM,MAAM,qBAAqB,KAAK;AAAA,IAElD,WAAW,CAAC,QAAQ,yBAAyB,KAAK,WAAW,SAAS;AAAA,IAEtE,iBAAiB,CAAC,QAAQ,CAAC,aAAa,KAAK,WAAW,SAAS,CAAC;AAAA,EACpE;AAKF,CAAC;","names":["Effect","DEFAULT_TIMEOUT_MS","Effect","item","vault"]}
@@ -1,47 +1,32 @@
1
1
  // src/sdk/types.ts
2
2
  import { Schema } from "effect";
3
- var DesktopAppAuthSchema = Schema.Struct({
3
+ var DesktopAppAuth = Schema.Struct({
4
4
  kind: Schema.Literal("desktop-app"),
5
5
  /** 1Password account domain, e.g. "my.1password.com" */
6
6
  accountName: Schema.String
7
7
  });
8
- var DesktopAppAuth = class extends Schema.Class("DesktopAppAuth")(
9
- DesktopAppAuthSchema.fields
10
- ) {
11
- };
12
- var ServiceAccountAuthSchema = Schema.Struct({
8
+ var ServiceAccountAuth = Schema.Struct({
13
9
  kind: Schema.Literal("service-account"),
14
10
  /** The service account token (stored as a secret) */
15
11
  tokenSecretId: Schema.String
16
12
  });
17
- var ServiceAccountAuth = class extends Schema.Class("ServiceAccountAuth")(
18
- ServiceAccountAuthSchema.fields
19
- ) {
20
- };
21
- var OnePasswordAuthSchema = Schema.Union([DesktopAppAuthSchema, ServiceAccountAuthSchema]);
22
13
  var OnePasswordAuth = Schema.Union([DesktopAppAuth, ServiceAccountAuth]);
23
- var OnePasswordConfigSchema = Schema.Struct({
24
- auth: OnePasswordAuthSchema,
14
+ var OnePasswordConfig = Schema.Struct({
15
+ auth: OnePasswordAuth,
25
16
  /** Vault to scope operations to */
26
17
  vaultId: Schema.String,
27
18
  /** Human label */
28
19
  name: Schema.String
29
20
  });
30
- var OnePasswordConfig = class extends Schema.Class("OnePasswordConfig")(
31
- OnePasswordConfigSchema.fields
32
- ) {
33
- };
34
- var Vault = class extends Schema.Class("Vault")({
21
+ var Vault = Schema.Struct({
35
22
  id: Schema.String,
36
23
  name: Schema.String
37
- }) {
38
- };
39
- var ConnectionStatus = class extends Schema.Class("ConnectionStatus")({
24
+ });
25
+ var ConnectionStatus = Schema.Struct({
40
26
  connected: Schema.Boolean,
41
27
  vaultName: Schema.optional(Schema.String),
42
28
  error: Schema.optional(Schema.String)
43
- }) {
44
- };
29
+ });
45
30
 
46
31
  // src/sdk/errors.ts
47
32
  import { Schema as Schema2 } from "effect";
@@ -59,10 +44,9 @@ export {
59
44
  DesktopAppAuth,
60
45
  ServiceAccountAuth,
61
46
  OnePasswordAuth,
62
- OnePasswordConfigSchema,
63
47
  OnePasswordConfig,
64
48
  Vault,
65
49
  ConnectionStatus,
66
50
  OnePasswordError
67
51
  };
68
- //# sourceMappingURL=chunk-NRYSRUWU.js.map
52
+ //# sourceMappingURL=chunk-TRGRRIAX.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../src/sdk/types.ts","../src/sdk/errors.ts"],"sourcesContent":["import { Schema } from \"effect\";\n\n// ---------------------------------------------------------------------------\n// Auth — how to talk to 1Password\n// ---------------------------------------------------------------------------\n\nexport const DesktopAppAuth = Schema.Struct({\n kind: Schema.Literal(\"desktop-app\"),\n /** 1Password account domain, e.g. \"my.1password.com\" */\n accountName: Schema.String,\n});\nexport type DesktopAppAuth = typeof DesktopAppAuth.Type;\n\nexport const ServiceAccountAuth = Schema.Struct({\n kind: Schema.Literal(\"service-account\"),\n /** The service account token (stored as a secret) */\n tokenSecretId: Schema.String,\n});\nexport type ServiceAccountAuth = typeof ServiceAccountAuth.Type;\n\nexport const OnePasswordAuth = Schema.Union([DesktopAppAuth, ServiceAccountAuth]);\nexport type OnePasswordAuth = typeof OnePasswordAuth.Type;\n\n// ---------------------------------------------------------------------------\n// Stored config — persisted via KV\n// ---------------------------------------------------------------------------\n\nexport const OnePasswordConfig = Schema.Struct({\n auth: OnePasswordAuth,\n /** Vault to scope operations to */\n vaultId: Schema.String,\n /** Human label */\n name: Schema.String,\n});\nexport type OnePasswordConfig = typeof OnePasswordConfig.Type;\n\n// ---------------------------------------------------------------------------\n// Vault\n// ---------------------------------------------------------------------------\n\nexport const Vault = Schema.Struct({\n id: Schema.String,\n name: Schema.String,\n});\nexport type Vault = typeof Vault.Type;\n\n// ---------------------------------------------------------------------------\n// Connection status\n// ---------------------------------------------------------------------------\n\nexport const ConnectionStatus = Schema.Struct({\n connected: Schema.Boolean,\n vaultName: Schema.optional(Schema.String),\n error: Schema.optional(Schema.String),\n});\nexport type ConnectionStatus = typeof ConnectionStatus.Type;\n","import { Schema } from \"effect\";\n\nexport class OnePasswordError extends Schema.TaggedErrorClass<OnePasswordError>()(\n \"OnePasswordError\",\n {\n operation: Schema.String,\n message: Schema.String,\n },\n { httpApiStatus: 502 },\n) {}\n"],"mappings":";AAAA,SAAS,cAAc;AAMhB,IAAM,iBAAiB,OAAO,OAAO;AAAA,EAC1C,MAAM,OAAO,QAAQ,aAAa;AAAA;AAAA,EAElC,aAAa,OAAO;AACtB,CAAC;AAGM,IAAM,qBAAqB,OAAO,OAAO;AAAA,EAC9C,MAAM,OAAO,QAAQ,iBAAiB;AAAA;AAAA,EAEtC,eAAe,OAAO;AACxB,CAAC;AAGM,IAAM,kBAAkB,OAAO,MAAM,CAAC,gBAAgB,kBAAkB,CAAC;AAOzE,IAAM,oBAAoB,OAAO,OAAO;AAAA,EAC7C,MAAM;AAAA;AAAA,EAEN,SAAS,OAAO;AAAA;AAAA,EAEhB,MAAM,OAAO;AACf,CAAC;AAOM,IAAM,QAAQ,OAAO,OAAO;AAAA,EACjC,IAAI,OAAO;AAAA,EACX,MAAM,OAAO;AACf,CAAC;AAOM,IAAM,mBAAmB,OAAO,OAAO;AAAA,EAC5C,WAAW,OAAO;AAAA,EAClB,WAAW,OAAO,SAAS,OAAO,MAAM;AAAA,EACxC,OAAO,OAAO,SAAS,OAAO,MAAM;AACtC,CAAC;;;ACtDD,SAAS,UAAAA,eAAc;AAEhB,IAAM,mBAAN,cAA+BA,QAAO,iBAAmC;AAAA,EAC9E;AAAA,EACA;AAAA,IACE,WAAWA,QAAO;AAAA,IAClB,SAASA,QAAO;AAAA,EAClB;AAAA,EACA,EAAE,eAAe,IAAI;AACvB,EAAE;AAAC;","names":["Schema"]}
package/dist/client.js CHANGED
@@ -6,7 +6,7 @@ import { lazy } from "react";
6
6
  var onePasswordSecretProviderPlugin = {
7
7
  key: "onepassword",
8
8
  label: "1Password",
9
- settings: lazy(() => import("./OnePasswordSettings-NUPVIEGH.js"))
9
+ settings: lazy(() => import("./OnePasswordSettings-LU6HZONL.js"))
10
10
  };
11
11
 
12
12
  // src/react/plugin-client.tsx
package/dist/core.js CHANGED
@@ -5,7 +5,7 @@ import {
5
5
  makeOnePasswordService,
6
6
  makeOnePasswordStore,
7
7
  onepasswordPlugin
8
- } from "./chunk-ULLNZ6JH.js";
8
+ } from "./chunk-E4E2K5AV.js";
9
9
  import {
10
10
  ConnectionStatus,
11
11
  DesktopAppAuth,
@@ -14,7 +14,7 @@ import {
14
14
  OnePasswordError,
15
15
  ServiceAccountAuth,
16
16
  Vault
17
- } from "./chunk-NRYSRUWU.js";
17
+ } from "./chunk-TRGRRIAX.js";
18
18
  export {
19
19
  ConnectionStatus,
20
20
  DesktopAppAuth,
package/dist/index.js CHANGED
@@ -1,6 +1,6 @@
1
1
  import {
2
2
  onepasswordPlugin
3
- } from "./chunk-ULLNZ6JH.js";
3
+ } from "./chunk-E4E2K5AV.js";
4
4
  import {
5
5
  ConnectionStatus,
6
6
  DesktopAppAuth,
@@ -9,7 +9,7 @@ import {
9
9
  OnePasswordError,
10
10
  ServiceAccountAuth,
11
11
  Vault
12
- } from "./chunk-NRYSRUWU.js";
12
+ } from "./chunk-TRGRRIAX.js";
13
13
  export {
14
14
  ConnectionStatus,
15
15
  DesktopAppAuth,
@@ -1,9 +1,26 @@
1
1
  import type { ScopeId } from "@executor-js/sdk/core";
2
2
  export declare const onepasswordWriteKeys: readonly ["secrets"];
3
- export declare const onepasswordConfigAtom: (scopeId: ScopeId) => import("effect/unstable/reactivity/Atom").Atom<import("effect/unstable/reactivity/AsyncResult").AsyncResult<import("../promise").OnePasswordConfig | null, import("@executor-js/api").InternalError | import("../promise").OnePasswordError>>;
4
- export declare const onepasswordStatusAtom: (scopeId: ScopeId) => import("effect/unstable/reactivity/Atom").Atom<import("effect/unstable/reactivity/AsyncResult").AsyncResult<import("../promise").ConnectionStatus, import("@executor-js/api").InternalError | import("../promise").OnePasswordError>>;
3
+ export declare const onepasswordConfigAtom: (scopeId: ScopeId) => import("effect/unstable/reactivity/Atom").Atom<import("effect/unstable/reactivity/AsyncResult").AsyncResult<{
4
+ readonly name: string;
5
+ readonly auth: {
6
+ readonly kind: "desktop-app";
7
+ readonly accountName: string;
8
+ } | {
9
+ readonly kind: "service-account";
10
+ readonly tokenSecretId: string;
11
+ };
12
+ readonly vaultId: string;
13
+ } | null, import("@executor-js/api").InternalError | import("../promise").OnePasswordError>>;
14
+ export declare const onepasswordStatusAtom: (scopeId: ScopeId) => import("effect/unstable/reactivity/Atom").Atom<import("effect/unstable/reactivity/AsyncResult").AsyncResult<{
15
+ readonly connected: boolean;
16
+ readonly error?: string | undefined;
17
+ readonly vaultName?: string | undefined;
18
+ }, import("@executor-js/api").InternalError | import("../promise").OnePasswordError>>;
5
19
  export declare const onepasswordVaultsAtom: (authKind: "desktop-app" | "service-account", account: string, scopeId: ScopeId) => import("effect/unstable/reactivity/Atom").Atom<import("effect/unstable/reactivity/AsyncResult").AsyncResult<{
6
- readonly vaults: readonly import("../promise").Vault[];
20
+ readonly vaults: readonly {
21
+ readonly id: string;
22
+ readonly name: string;
23
+ }[];
7
24
  }, import("@executor-js/api").InternalError | import("../promise").OnePasswordError>>;
8
25
  export declare const configureOnePassword: import("effect/unstable/reactivity/Atom").AtomResultFn<{
9
26
  readonly params: {
@@ -1,6 +1,16 @@
1
1
  export declare const OnePasswordClient: import("effect/unstable/reactivity/AtomHttpApi").AtomHttpApiClient<"Plugin_onepasswordClient", `Plugin_${string}Client`, import("effect/unstable/httpapi/HttpApiGroup").HttpApiGroup<"onepassword", import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"getConfig", "GET", "/scopes/:scopeId/onepassword/config", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<import("effect/Schema").Struct<{
2
2
  scopeId: import("effect/Schema").brand<import("effect/Schema").String, "ScopeId">;
3
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").NullOr<typeof import("../promise").OnePasswordConfig>>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/sdk").InternalError | typeof import("../promise").OnePasswordError>, never, never> | import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"configure", "PUT", "/scopes/:scopeId/onepassword/config", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<import("effect/Schema").Struct<{
3
+ }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").NullOr<import("effect/Schema").Struct<{
4
+ readonly auth: import("effect/Schema").Union<readonly [import("effect/Schema").Struct<{
5
+ readonly kind: import("effect/Schema").Literal<"desktop-app">;
6
+ readonly accountName: import("effect/Schema").String;
7
+ }>, import("effect/Schema").Struct<{
8
+ readonly kind: import("effect/Schema").Literal<"service-account">;
9
+ readonly tokenSecretId: import("effect/Schema").String;
10
+ }>]>;
11
+ readonly vaultId: import("effect/Schema").String;
12
+ readonly name: import("effect/Schema").String;
13
+ }>>>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/sdk").InternalError | typeof import("../promise").OnePasswordError>, never, never> | import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"configure", "PUT", "/scopes/:scopeId/onepassword/config", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<import("effect/Schema").Struct<{
4
14
  scopeId: import("effect/Schema").brand<import("effect/Schema").String, "ScopeId">;
5
15
  }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").Struct<{
6
16
  readonly auth: import("effect/Schema").Union<readonly [import("effect/Schema").Struct<{
@@ -16,11 +26,18 @@ export declare const OnePasswordClient: import("effect/unstable/reactivity/AtomH
16
26
  scopeId: import("effect/Schema").brand<import("effect/Schema").String, "ScopeId">;
17
27
  }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").Void>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/sdk").InternalError | typeof import("../promise").OnePasswordError>, never, never> | import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"status", "GET", "/scopes/:scopeId/onepassword/status", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<import("effect/Schema").Struct<{
18
28
  scopeId: import("effect/Schema").brand<import("effect/Schema").String, "ScopeId">;
19
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("../promise").ConnectionStatus>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/sdk").InternalError | typeof import("../promise").OnePasswordError>, never, never> | import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"listVaults", "GET", "/scopes/:scopeId/onepassword/vaults", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<import("effect/Schema").Struct<{
29
+ }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").Struct<{
30
+ readonly connected: import("effect/Schema").Boolean;
31
+ readonly vaultName: import("effect/Schema").optional<import("effect/Schema").String>;
32
+ readonly error: import("effect/Schema").optional<import("effect/Schema").String>;
33
+ }>>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/sdk").InternalError | typeof import("../promise").OnePasswordError>, never, never> | import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"listVaults", "GET", "/scopes/:scopeId/onepassword/vaults", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<import("effect/Schema").Struct<{
20
34
  scopeId: import("effect/Schema").brand<import("effect/Schema").String, "ScopeId">;
21
35
  }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<import("effect/Schema").Struct<{
22
36
  readonly authKind: import("effect/Schema").Literals<readonly ["desktop-app", "service-account"]>;
23
37
  readonly account: import("effect/Schema").String;
24
38
  }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").Struct<{
25
- readonly vaults: import("effect/Schema").$Array<typeof import("../promise").Vault>;
39
+ readonly vaults: import("effect/Schema").$Array<import("effect/Schema").Struct<{
40
+ readonly id: import("effect/Schema").String;
41
+ readonly name: import("effect/Schema").String;
42
+ }>>;
26
43
  }>>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/sdk").InternalError | typeof import("../promise").OnePasswordError>, never, never>, false>>;
@@ -1,6 +1,6 @@
1
1
  import { Effect } from "effect";
2
2
  import { StorageError, type PluginCtx, type PluginBlobStore, type StorageFailure } from "@executor-js/sdk/core";
3
- import { OnePasswordConfig, Vault, ConnectionStatus } from "./types";
3
+ import { OnePasswordConfig } from "./types";
4
4
  import type { OnePasswordAuth } from "./types";
5
5
  import { OnePasswordError } from "./errors";
6
6
  export type OnePasswordExtensionFailure = OnePasswordError | StorageFailure;
@@ -12,10 +12,27 @@ export interface OnePasswordStore {
12
12
  export declare const makeOnePasswordStore: (blobs: PluginBlobStore) => OnePasswordStore;
13
13
  declare const makeOnePasswordExtension: (ctx: PluginCtx<OnePasswordStore>, timeoutMs: number, preferSdk: boolean | undefined) => {
14
14
  configure: (config: OnePasswordConfig, targetScope: string) => Effect.Effect<void, StorageError, never>;
15
- getConfig: () => Effect.Effect<OnePasswordConfig | null, StorageError | OnePasswordError, never>;
15
+ getConfig: () => Effect.Effect<{
16
+ readonly name: string;
17
+ readonly auth: {
18
+ readonly kind: "desktop-app";
19
+ readonly accountName: string;
20
+ } | {
21
+ readonly kind: "service-account";
22
+ readonly tokenSecretId: string;
23
+ };
24
+ readonly vaultId: string;
25
+ } | null, StorageError | OnePasswordError, never>;
16
26
  removeConfig: (targetScope: string) => Effect.Effect<void, StorageError, never>;
17
- status: () => Effect.Effect<ConnectionStatus, StorageFailure | OnePasswordError, never>;
18
- listVaults: (auth: OnePasswordAuth) => Effect.Effect<Vault[], StorageFailure | OnePasswordError, never>;
27
+ status: () => Effect.Effect<{
28
+ readonly connected: boolean;
29
+ readonly error?: string | undefined;
30
+ readonly vaultName?: string | undefined;
31
+ }, StorageFailure | OnePasswordError, never>;
32
+ listVaults: (auth: OnePasswordAuth) => Effect.Effect<{
33
+ readonly id: string;
34
+ readonly name: string;
35
+ }[], StorageFailure | OnePasswordError, never>;
19
36
  resolve: (uri: string) => Effect.Effect<string, StorageFailure | OnePasswordError, never>;
20
37
  };
21
38
  export type OnePasswordExtension = ReturnType<typeof makeOnePasswordExtension>;
@@ -27,10 +44,27 @@ export interface OnePasswordPluginOptions {
27
44
  }
28
45
  export declare const onepasswordPlugin: import("@executor-js/sdk/core").ConfiguredPlugin<"onepassword", {
29
46
  configure: (config: OnePasswordConfig, targetScope: string) => Effect.Effect<void, StorageError, never>;
30
- getConfig: () => Effect.Effect<OnePasswordConfig | null, StorageError | OnePasswordError, never>;
47
+ getConfig: () => Effect.Effect<{
48
+ readonly name: string;
49
+ readonly auth: {
50
+ readonly kind: "desktop-app";
51
+ readonly accountName: string;
52
+ } | {
53
+ readonly kind: "service-account";
54
+ readonly tokenSecretId: string;
55
+ };
56
+ readonly vaultId: string;
57
+ } | null, StorageError | OnePasswordError, never>;
31
58
  removeConfig: (targetScope: string) => Effect.Effect<void, StorageError, never>;
32
- status: () => Effect.Effect<ConnectionStatus, StorageFailure | OnePasswordError, never>;
33
- listVaults: (auth: OnePasswordAuth) => Effect.Effect<Vault[], StorageFailure | OnePasswordError, never>;
59
+ status: () => Effect.Effect<{
60
+ readonly connected: boolean;
61
+ readonly error?: string | undefined;
62
+ readonly vaultName?: string | undefined;
63
+ }, StorageFailure | OnePasswordError, never>;
64
+ listVaults: (auth: OnePasswordAuth) => Effect.Effect<{
65
+ readonly id: string;
66
+ readonly name: string;
67
+ }[], StorageFailure | OnePasswordError, never>;
34
68
  resolve: (uri: string) => Effect.Effect<string, StorageFailure | OnePasswordError, never>;
35
69
  }, OnePasswordStore, OnePasswordPluginOptions, undefined, undefined, import("effect/Layer").Layer<unknown, never, never>, import("effect/unstable/httpapi/HttpApiGroup").Any>;
36
70
  export {};
@@ -1,29 +1,17 @@
1
1
  import { Schema } from "effect";
2
- export declare const DesktopAppAuthSchema: Schema.Struct<{
2
+ export declare const DesktopAppAuth: Schema.Struct<{
3
3
  readonly kind: Schema.Literal<"desktop-app">;
4
4
  /** 1Password account domain, e.g. "my.1password.com" */
5
5
  readonly accountName: Schema.String;
6
6
  }>;
7
- declare const DesktopAppAuth_base: Schema.Class<DesktopAppAuth, Schema.Struct<{
8
- readonly kind: Schema.Literal<"desktop-app">;
9
- /** 1Password account domain, e.g. "my.1password.com" */
10
- readonly accountName: Schema.String;
11
- }>, {}>;
12
- export declare class DesktopAppAuth extends DesktopAppAuth_base {
13
- }
14
- export declare const ServiceAccountAuthSchema: Schema.Struct<{
7
+ export type DesktopAppAuth = typeof DesktopAppAuth.Type;
8
+ export declare const ServiceAccountAuth: Schema.Struct<{
15
9
  readonly kind: Schema.Literal<"service-account">;
16
10
  /** The service account token (stored as a secret) */
17
11
  readonly tokenSecretId: Schema.String;
18
12
  }>;
19
- declare const ServiceAccountAuth_base: Schema.Class<ServiceAccountAuth, Schema.Struct<{
20
- readonly kind: Schema.Literal<"service-account">;
21
- /** The service account token (stored as a secret) */
22
- readonly tokenSecretId: Schema.String;
23
- }>, {}>;
24
- export declare class ServiceAccountAuth extends ServiceAccountAuth_base {
25
- }
26
- export declare const OnePasswordAuthSchema: Schema.Union<readonly [Schema.Struct<{
13
+ export type ServiceAccountAuth = typeof ServiceAccountAuth.Type;
14
+ export declare const OnePasswordAuth: Schema.Union<readonly [Schema.Struct<{
27
15
  readonly kind: Schema.Literal<"desktop-app">;
28
16
  /** 1Password account domain, e.g. "my.1password.com" */
29
17
  readonly accountName: Schema.String;
@@ -32,9 +20,8 @@ export declare const OnePasswordAuthSchema: Schema.Union<readonly [Schema.Struct
32
20
  /** The service account token (stored as a secret) */
33
21
  readonly tokenSecretId: Schema.String;
34
22
  }>]>;
35
- export declare const OnePasswordAuth: Schema.Union<readonly [typeof DesktopAppAuth, typeof ServiceAccountAuth]>;
36
23
  export type OnePasswordAuth = typeof OnePasswordAuth.Type;
37
- export declare const OnePasswordConfigSchema: Schema.Struct<{
24
+ export declare const OnePasswordConfig: Schema.Struct<{
38
25
  readonly auth: Schema.Union<readonly [Schema.Struct<{
39
26
  readonly kind: Schema.Literal<"desktop-app">;
40
27
  /** 1Password account domain, e.g. "my.1password.com" */
@@ -49,34 +36,15 @@ export declare const OnePasswordConfigSchema: Schema.Struct<{
49
36
  /** Human label */
50
37
  readonly name: Schema.String;
51
38
  }>;
52
- declare const OnePasswordConfig_base: Schema.Class<OnePasswordConfig, Schema.Struct<{
53
- readonly auth: Schema.Union<readonly [Schema.Struct<{
54
- readonly kind: Schema.Literal<"desktop-app">;
55
- /** 1Password account domain, e.g. "my.1password.com" */
56
- readonly accountName: Schema.String;
57
- }>, Schema.Struct<{
58
- readonly kind: Schema.Literal<"service-account">;
59
- /** The service account token (stored as a secret) */
60
- readonly tokenSecretId: Schema.String;
61
- }>]>;
62
- /** Vault to scope operations to */
63
- readonly vaultId: Schema.String;
64
- /** Human label */
65
- readonly name: Schema.String;
66
- }>, {}>;
67
- export declare class OnePasswordConfig extends OnePasswordConfig_base {
68
- }
69
- declare const Vault_base: Schema.Class<Vault, Schema.Struct<{
39
+ export type OnePasswordConfig = typeof OnePasswordConfig.Type;
40
+ export declare const Vault: Schema.Struct<{
70
41
  readonly id: Schema.String;
71
42
  readonly name: Schema.String;
72
- }>, {}>;
73
- export declare class Vault extends Vault_base {
74
- }
75
- declare const ConnectionStatus_base: Schema.Class<ConnectionStatus, Schema.Struct<{
43
+ }>;
44
+ export type Vault = typeof Vault.Type;
45
+ export declare const ConnectionStatus: Schema.Struct<{
76
46
  readonly connected: Schema.Boolean;
77
47
  readonly vaultName: Schema.optional<Schema.String>;
78
48
  readonly error: Schema.optional<Schema.String>;
79
- }>, {}>;
80
- export declare class ConnectionStatus extends ConnectionStatus_base {
81
- }
82
- export {};
49
+ }>;
50
+ export type ConnectionStatus = typeof ConnectionStatus.Type;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@executor-js/plugin-onepassword",
3
- "version": "0.2.1",
3
+ "version": "1.4.20",
4
4
  "homepage": "https://github.com/RhysSullivan/executor/tree/main/packages/plugins/onepassword",
5
5
  "bugs": {
6
6
  "url": "https://github.com/RhysSullivan/executor/issues"
@@ -49,7 +49,7 @@
49
49
  "@1password/op-js": "^0.1.13",
50
50
  "@1password/sdk": "^0.4.1-beta.1",
51
51
  "@effect/atom-react": "4.0.0-beta.59",
52
- "@executor-js/sdk": "0.2.1",
52
+ "@executor-js/sdk": "1.4.20",
53
53
  "effect": "4.0.0-beta.59"
54
54
  },
55
55
  "devDependencies": {
@@ -1 +0,0 @@
1
- {"version":3,"sources":["../src/sdk/types.ts","../src/sdk/errors.ts"],"sourcesContent":["import { Schema } from \"effect\";\n\n// ---------------------------------------------------------------------------\n// Auth — how to talk to 1Password\n// ---------------------------------------------------------------------------\n\nexport const DesktopAppAuthSchema = Schema.Struct({\n kind: Schema.Literal(\"desktop-app\"),\n /** 1Password account domain, e.g. \"my.1password.com\" */\n accountName: Schema.String,\n});\n\nexport class DesktopAppAuth extends Schema.Class<DesktopAppAuth>(\"DesktopAppAuth\")(\n DesktopAppAuthSchema.fields,\n) {}\n\nexport const ServiceAccountAuthSchema = Schema.Struct({\n kind: Schema.Literal(\"service-account\"),\n /** The service account token (stored as a secret) */\n tokenSecretId: Schema.String,\n});\n\nexport class ServiceAccountAuth extends Schema.Class<ServiceAccountAuth>(\"ServiceAccountAuth\")(\n ServiceAccountAuthSchema.fields,\n) {}\n\nexport const OnePasswordAuthSchema = Schema.Union([DesktopAppAuthSchema, ServiceAccountAuthSchema]);\nexport const OnePasswordAuth = Schema.Union([DesktopAppAuth, ServiceAccountAuth]);\nexport type OnePasswordAuth = typeof OnePasswordAuth.Type;\n\n// ---------------------------------------------------------------------------\n// Stored config — persisted via KV\n// ---------------------------------------------------------------------------\n\nexport const OnePasswordConfigSchema = Schema.Struct({\n auth: OnePasswordAuthSchema,\n /** Vault to scope operations to */\n vaultId: Schema.String,\n /** Human label */\n name: Schema.String,\n});\n\nexport class OnePasswordConfig extends Schema.Class<OnePasswordConfig>(\"OnePasswordConfig\")(\n OnePasswordConfigSchema.fields,\n) {}\n\n// ---------------------------------------------------------------------------\n// Vault\n// ---------------------------------------------------------------------------\n\nexport class Vault extends Schema.Class<Vault>(\"Vault\")({\n id: Schema.String,\n name: Schema.String,\n}) {}\n\n// ---------------------------------------------------------------------------\n// Connection status\n// ---------------------------------------------------------------------------\n\nexport class ConnectionStatus extends Schema.Class<ConnectionStatus>(\"ConnectionStatus\")({\n connected: Schema.Boolean,\n vaultName: Schema.optional(Schema.String),\n error: Schema.optional(Schema.String),\n}) {}\n","import { Schema } from \"effect\";\n\nexport class OnePasswordError extends Schema.TaggedErrorClass<OnePasswordError>()(\n \"OnePasswordError\",\n {\n operation: Schema.String,\n message: Schema.String,\n },\n { httpApiStatus: 502 },\n) {}\n"],"mappings":";AAAA,SAAS,cAAc;AAMhB,IAAM,uBAAuB,OAAO,OAAO;AAAA,EAChD,MAAM,OAAO,QAAQ,aAAa;AAAA;AAAA,EAElC,aAAa,OAAO;AACtB,CAAC;AAEM,IAAM,iBAAN,cAA6B,OAAO,MAAsB,gBAAgB;AAAA,EAC/E,qBAAqB;AACvB,EAAE;AAAC;AAEI,IAAM,2BAA2B,OAAO,OAAO;AAAA,EACpD,MAAM,OAAO,QAAQ,iBAAiB;AAAA;AAAA,EAEtC,eAAe,OAAO;AACxB,CAAC;AAEM,IAAM,qBAAN,cAAiC,OAAO,MAA0B,oBAAoB;AAAA,EAC3F,yBAAyB;AAC3B,EAAE;AAAC;AAEI,IAAM,wBAAwB,OAAO,MAAM,CAAC,sBAAsB,wBAAwB,CAAC;AAC3F,IAAM,kBAAkB,OAAO,MAAM,CAAC,gBAAgB,kBAAkB,CAAC;AAOzE,IAAM,0BAA0B,OAAO,OAAO;AAAA,EACnD,MAAM;AAAA;AAAA,EAEN,SAAS,OAAO;AAAA;AAAA,EAEhB,MAAM,OAAO;AACf,CAAC;AAEM,IAAM,oBAAN,cAAgC,OAAO,MAAyB,mBAAmB;AAAA,EACxF,wBAAwB;AAC1B,EAAE;AAAC;AAMI,IAAM,QAAN,cAAoB,OAAO,MAAa,OAAO,EAAE;AAAA,EACtD,IAAI,OAAO;AAAA,EACX,MAAM,OAAO;AACf,CAAC,EAAE;AAAC;AAMG,IAAM,mBAAN,cAA+B,OAAO,MAAwB,kBAAkB,EAAE;AAAA,EACvF,WAAW,OAAO;AAAA,EAClB,WAAW,OAAO,SAAS,OAAO,MAAM;AAAA,EACxC,OAAO,OAAO,SAAS,OAAO,MAAM;AACtC,CAAC,EAAE;AAAC;;;AC/DJ,SAAS,UAAAA,eAAc;AAEhB,IAAM,mBAAN,cAA+BA,QAAO,iBAAmC;AAAA,EAC9E;AAAA,EACA;AAAA,IACE,WAAWA,QAAO;AAAA,IAClB,SAASA,QAAO;AAAA,EAClB;AAAA,EACA,EAAE,eAAe,IAAI;AACvB,EAAE;AAAC;","names":["Schema"]}