@executor-js/plugin-onepassword 1.4.32 → 1.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -2,16 +2,15 @@ import {
2
2
  ConnectionStatus,
3
3
  OnePasswordConfig,
4
4
  OnePasswordError,
5
+ RedactedOnePasswordConfig,
5
6
  Vault
6
- } from "./chunk-TRGRRIAX.js";
7
+ } from "./chunk-OYHEG6OK.js";
7
8
 
8
9
  // src/react/OnePasswordSettings.tsx
9
10
  import { useState } from "react";
10
11
  import { useAtomSet, useAtomValue } from "@effect/atom-react";
11
12
  import * as Exit from "effect/Exit";
12
13
  import * as AsyncResult from "effect/unstable/reactivity/AsyncResult";
13
- import { ReactivityKey as ReactivityKey2 } from "@executor-js/react/api/reactivity-keys";
14
- import { useScope } from "@executor-js/react/api/scope-context";
15
14
  import { Button } from "@executor-js/react/components/button";
16
15
  import { Input } from "@executor-js/react/components/input";
17
16
  import { Label } from "@executor-js/react/components/label";
@@ -43,13 +42,15 @@ import { ReactivityKey } from "@executor-js/react/api/reactivity-keys";
43
42
 
44
43
  // src/react/client.ts
45
44
  import { createPluginAtomClient } from "@executor-js/sdk/client";
46
- import { getBaseUrl } from "@executor-js/react/api/base-url";
45
+ import {
46
+ getExecutorApiBaseUrl,
47
+ getExecutorServerAuthorizationHeader
48
+ } from "@executor-js/react/api/server-connection";
47
49
 
48
50
  // src/api/group.ts
49
51
  import { HttpApiEndpoint, HttpApiGroup } from "effect/unstable/httpapi";
50
52
  import { Schema } from "effect";
51
- import { InternalError, ScopeId } from "@executor-js/sdk/shared";
52
- var ScopeParams = { scopeId: ScopeId };
53
+ import { InternalError } from "@executor-js/sdk/shared";
53
54
  var ConfigurePayload = OnePasswordConfig;
54
55
  var ListVaultsParams = Schema.Struct({
55
56
  authKind: Schema.Literals(["desktop-app", "service-account"]),
@@ -58,35 +59,30 @@ var ListVaultsParams = Schema.Struct({
58
59
  var ListVaultsResponse = Schema.Struct({
59
60
  vaults: Schema.Array(Vault)
60
61
  });
61
- var GetConfigResponse = Schema.NullOr(OnePasswordConfig);
62
+ var GetConfigResponse = Schema.NullOr(RedactedOnePasswordConfig);
62
63
  var OnePasswordGroup = HttpApiGroup.make("onepassword").add(
63
- HttpApiEndpoint.get("getConfig", "/scopes/:scopeId/onepassword/config", {
64
- params: ScopeParams,
64
+ HttpApiEndpoint.get("getConfig", "/onepassword/config", {
65
65
  success: GetConfigResponse,
66
66
  error: [InternalError, OnePasswordError]
67
67
  })
68
68
  ).add(
69
- HttpApiEndpoint.put("configure", "/scopes/:scopeId/onepassword/config", {
70
- params: ScopeParams,
69
+ HttpApiEndpoint.put("configure", "/onepassword/config", {
71
70
  payload: ConfigurePayload,
72
71
  success: Schema.Void,
73
72
  error: [InternalError, OnePasswordError]
74
73
  })
75
74
  ).add(
76
- HttpApiEndpoint.delete("removeConfig", "/scopes/:scopeId/onepassword/config", {
77
- params: ScopeParams,
75
+ HttpApiEndpoint.delete("removeConfig", "/onepassword/config", {
78
76
  success: Schema.Void,
79
77
  error: [InternalError, OnePasswordError]
80
78
  })
81
79
  ).add(
82
- HttpApiEndpoint.get("status", "/scopes/:scopeId/onepassword/status", {
83
- params: ScopeParams,
80
+ HttpApiEndpoint.get("status", "/onepassword/status", {
84
81
  success: ConnectionStatus,
85
82
  error: [InternalError, OnePasswordError]
86
83
  })
87
84
  ).add(
88
- HttpApiEndpoint.get("listVaults", "/scopes/:scopeId/onepassword/vaults", {
89
- params: ScopeParams,
85
+ HttpApiEndpoint.get("listVaults", "/onepassword/vaults", {
90
86
  query: ListVaultsParams,
91
87
  success: ListVaultsResponse,
92
88
  error: [InternalError, OnePasswordError]
@@ -95,21 +91,24 @@ var OnePasswordGroup = HttpApiGroup.make("onepassword").add(
95
91
 
96
92
  // src/react/client.ts
97
93
  var OnePasswordClient = createPluginAtomClient(OnePasswordGroup, {
98
- baseUrl: getBaseUrl
94
+ baseUrl: getExecutorApiBaseUrl,
95
+ authorizationHeader: getExecutorServerAuthorizationHeader
99
96
  });
100
97
 
101
98
  // src/react/atoms.ts
102
- var onepasswordWriteKeys = [ReactivityKey.secrets];
103
- var onepasswordConfigAtom = (scopeId) => OnePasswordClient.query("onepassword", "getConfig", {
104
- params: { scopeId },
99
+ var onepasswordWriteKeys = [ReactivityKey.providers];
100
+ var onepasswordConfigAtom = OnePasswordClient.query("onepassword", "getConfig", {
105
101
  timeToLive: "30 seconds",
106
- reactivityKeys: [ReactivityKey.secrets]
102
+ reactivityKeys: [ReactivityKey.providers]
103
+ });
104
+ var onepasswordStatusAtom = OnePasswordClient.query("onepassword", "status", {
105
+ timeToLive: "15 seconds",
106
+ reactivityKeys: [ReactivityKey.providers]
107
107
  });
108
- var onepasswordVaultsAtom = (authKind, account, scopeId) => OnePasswordClient.query("onepassword", "listVaults", {
109
- params: { scopeId },
108
+ var onepasswordVaultsAtom = (authKind, account) => OnePasswordClient.query("onepassword", "listVaults", {
110
109
  query: { authKind, account },
111
110
  timeToLive: "30 seconds",
112
- reactivityKeys: [ReactivityKey.secrets]
111
+ reactivityKeys: [ReactivityKey.providers]
113
112
  });
114
113
  var configureOnePassword = OnePasswordClient.mutation("onepassword", "configure");
115
114
  var removeOnePasswordConfig = OnePasswordClient.mutation("onepassword", "removeConfig");
@@ -118,8 +117,7 @@ var removeOnePasswordConfig = OnePasswordClient.mutation("onepassword", "removeC
118
117
  import { Fragment, jsx, jsxs } from "react/jsx-runtime";
119
118
  function VaultPicker(props) {
120
119
  const account = props.accountName.trim();
121
- const scopeId = useScope();
122
- const vaultsResult = useAtomValue(onepasswordVaultsAtom(props.authKind, account, scopeId));
120
+ const vaultsResult = useAtomValue(onepasswordVaultsAtom(props.authKind, account));
123
121
  const { vaults, isLoading, error } = AsyncResult.matchWithError(
124
122
  vaultsResult,
125
123
  {
@@ -140,8 +138,9 @@ function VaultPicker(props) {
140
138
  }),
141
139
  onSuccess: ({ value }) => {
142
140
  const v = value.vaults;
143
- if (v.length > 0 && !props.vaultId) {
144
- queueMicrotask(() => props.onVaultSelect(v[0].id, v[0].name));
141
+ const defaultVault = v[0];
142
+ if (defaultVault && (!props.vaultId || v.length === 1 && props.vaultId !== defaultVault.id)) {
143
+ queueMicrotask(() => props.onVaultSelect(defaultVault.id, defaultVault.name));
145
144
  }
146
145
  return { vaults: [...v], isLoading: false, error: null };
147
146
  }
@@ -150,8 +149,9 @@ function VaultPicker(props) {
150
149
  if (!account) {
151
150
  return /* @__PURE__ */ jsx("p", { className: "text-[11px] text-muted-foreground/50 py-1", children: "Enter account details to load vaults." });
152
151
  }
152
+ const singleVault = vaults.length === 1 ? vaults[0] : null;
153
153
  return /* @__PURE__ */ jsxs("div", { className: "grid gap-2", children: [
154
- /* @__PURE__ */ jsxs(
154
+ singleVault ? /* @__PURE__ */ jsx("div", { className: "flex h-9 items-center rounded-md border border-input bg-muted/30 px-3 text-[13px] text-foreground", children: /* @__PURE__ */ jsx("span", { className: "truncate", children: singleVault.name }) }) : /* @__PURE__ */ jsxs(
155
155
  Select,
156
156
  {
157
157
  disabled: isLoading || vaults.length === 0,
@@ -179,7 +179,6 @@ function ConfigDialog(props) {
179
179
  const [vaultName, setVaultName] = useState(props.initial?.name ?? "");
180
180
  const [saving, setSaving] = useState(false);
181
181
  const [error, setError] = useState(null);
182
- const scopeId = useScope();
183
182
  const doConfigure = useAtomSet(configureOnePassword, { mode: "promiseExit" });
184
183
  const reset = () => {
185
184
  if (!isEdit) {
@@ -195,11 +194,14 @@ function ConfigDialog(props) {
195
194
  if (!accountName.trim() || !vaultId.trim()) return;
196
195
  setSaving(true);
197
196
  setError(null);
198
- const auth = authKind === "desktop-app" ? { kind: "desktop-app", accountName: accountName.trim() } : { kind: "service-account", tokenSecretId: accountName.trim() };
197
+ const auth = authKind === "desktop-app" ? { kind: "desktop-app", accountName: accountName.trim() } : { kind: "service-account", token: accountName.trim() };
199
198
  const exit = await doConfigure({
200
- params: { scopeId },
201
- payload: { auth, vaultId: vaultId.trim(), name: vaultName.trim() || "1Password" },
202
- reactivityKeys: [ReactivityKey2.secrets]
199
+ payload: {
200
+ auth,
201
+ vaultId: vaultId.trim(),
202
+ name: vaultName.trim() || "1Password"
203
+ },
204
+ reactivityKeys: onepasswordWriteKeys
203
205
  });
204
206
  if (Exit.isFailure(exit)) {
205
207
  setError("Failed to save configuration");
@@ -241,17 +243,17 @@ function ConfigDialog(props) {
241
243
  )
242
244
  ] }),
243
245
  /* @__PURE__ */ jsxs("div", { className: "grid gap-1.5", children: [
244
- /* @__PURE__ */ jsx(Label, { className: "text-[11px] font-medium uppercase tracking-[0.08em] text-muted-foreground", children: authKind === "desktop-app" ? "Account domain" : "Token secret ID" }),
246
+ /* @__PURE__ */ jsx(Label, { className: "text-[11px] font-medium uppercase tracking-[0.08em] text-muted-foreground", children: authKind === "desktop-app" ? "Account domain" : "Service account token" }),
245
247
  /* @__PURE__ */ jsx(
246
248
  Input,
247
249
  {
248
- placeholder: authKind === "desktop-app" ? "my.1password.com" : "op-service-token",
250
+ placeholder: authKind === "desktop-app" ? "my.1password.com" : "ops_...",
249
251
  value: accountName,
250
252
  onChange: (e) => setAccountName(e.target.value),
251
253
  className: "font-mono text-[13px] h-9"
252
254
  }
253
255
  ),
254
- /* @__PURE__ */ jsx("p", { className: "text-[11px] text-muted-foreground/60 leading-relaxed", children: authKind === "desktop-app" ? "Requires the 1Password desktop app with biometric unlock." : "Reference an executor secret that holds the service account token." })
256
+ /* @__PURE__ */ jsx("p", { className: "text-[11px] text-muted-foreground/60 leading-relaxed", children: authKind === "desktop-app" ? "Requires the 1Password desktop app with biometric unlock." : "The token is stored in this provider's owner-scoped config and never surfaced again." })
255
257
  ] }),
256
258
  /* @__PURE__ */ jsxs("div", { className: "grid gap-1.5", children: [
257
259
  /* @__PURE__ */ jsx(Label, { className: "text-[11px] font-medium uppercase tracking-[0.08em] text-muted-foreground", children: "Vault" }),
@@ -266,8 +268,7 @@ function ConfigDialog(props) {
266
268
  setVaultName(name);
267
269
  }
268
270
  }
269
- ),
270
- vaultId && /* @__PURE__ */ jsx("p", { className: "font-mono text-[10px] text-muted-foreground/50", children: vaultId })
271
+ )
271
272
  ] }),
272
273
  /* @__PURE__ */ jsxs("div", { className: "grid gap-1.5", children: [
273
274
  /* @__PURE__ */ jsx(Label, { className: "text-[11px] font-medium uppercase tracking-[0.08em] text-muted-foreground", children: "Display name" }),
@@ -301,15 +302,18 @@ function ConfigDialog(props) {
301
302
  }
302
303
  function OnePasswordSettings() {
303
304
  const [configOpen, setConfigOpen] = useState(false);
304
- const scopeId = useScope();
305
- const configResult = useAtomValue(onepasswordConfigAtom(scopeId));
305
+ const configResult = useAtomValue(onepasswordConfigAtom);
306
306
  const doRemove = useAtomSet(removeOnePasswordConfig, { mode: "promiseExit" });
307
307
  const handleRemove = async () => {
308
- await doRemove({ params: { scopeId }, reactivityKeys: [ReactivityKey2.secrets] });
308
+ await doRemove({ reactivityKeys: onepasswordWriteKeys });
309
309
  };
310
310
  const config = AsyncResult.match(
311
311
  configResult,
312
- { onInitial: () => null, onFailure: () => null, onSuccess: ({ value }) => value }
312
+ {
313
+ onInitial: () => null,
314
+ onFailure: () => null,
315
+ onSuccess: ({ value }) => value
316
+ }
313
317
  );
314
318
  const isLoading = AsyncResult.match(
315
319
  configResult,
@@ -333,10 +337,7 @@ function OnePasswordSettings() {
333
337
  /* @__PURE__ */ jsx("span", { className: "text-muted-foreground/60", children: "Auth" }),
334
338
  /* @__PURE__ */ jsx("span", { className: "font-mono text-foreground/80 truncate", children: config.auth.kind === "desktop-app" ? config.auth.accountName : "service-account" }),
335
339
  /* @__PURE__ */ jsx("span", { className: "text-muted-foreground/60", children: "Vault" }),
336
- /* @__PURE__ */ jsxs("div", { className: "flex items-center gap-2 min-w-0", children: [
337
- /* @__PURE__ */ jsx("span", { className: "text-foreground/80 truncate", children: config.name }),
338
- /* @__PURE__ */ jsx("span", { className: "font-mono text-[10px] text-muted-foreground/40 truncate", children: config.vaultId })
339
- ] })
340
+ /* @__PURE__ */ jsx("div", { className: "flex items-center gap-2 min-w-0", children: /* @__PURE__ */ jsx("span", { className: "text-foreground/80 truncate", children: config.name }) })
340
341
  ] }) : /* @__PURE__ */ jsx(CardStackEntryDescription, { children: "Resolve secrets from your 1Password vault." }) }),
341
342
  /* @__PURE__ */ jsx(CardStackEntryActions, { children: config ? /* @__PURE__ */ jsxs(Fragment, { children: [
342
343
  /* @__PURE__ */ jsx(
@@ -377,7 +378,9 @@ function OnePasswordSettings() {
377
378
  onOpenChange: setConfigOpen,
378
379
  initial: config ? {
379
380
  authKind: config.auth.kind,
380
- accountName: config.auth.kind === "desktop-app" ? config.auth.accountName : config.auth.tokenSecretId,
381
+ // Service-account tokens are never surfaced (redacted); the
382
+ // user re-enters the token when editing that auth method.
383
+ accountName: config.auth.kind === "desktop-app" ? config.auth.accountName : "",
381
384
  vaultId: config.vaultId,
382
385
  name: config.name
383
386
  } : void 0
@@ -388,4 +391,4 @@ function OnePasswordSettings() {
388
391
  export {
389
392
  OnePasswordSettings as default
390
393
  };
391
- //# sourceMappingURL=OnePasswordSettings-7A7INNUA.js.map
394
+ //# sourceMappingURL=OnePasswordSettings-KMRJZYUZ.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../src/react/OnePasswordSettings.tsx","../src/react/atoms.ts","../src/react/client.ts","../src/api/group.ts"],"sourcesContent":["import { useState } from \"react\";\nimport { useAtomSet, useAtomValue } from \"@effect/atom-react\";\nimport * as Exit from \"effect/Exit\";\nimport * as AsyncResult from \"effect/unstable/reactivity/AsyncResult\";\nimport { Button } from \"@executor-js/react/components/button\";\nimport { Input } from \"@executor-js/react/components/input\";\nimport { Label } from \"@executor-js/react/components/label\";\nimport {\n Select,\n SelectContent,\n SelectItem,\n SelectTrigger,\n SelectValue,\n} from \"@executor-js/react/components/select\";\nimport {\n Dialog,\n DialogContent,\n DialogHeader,\n DialogTitle,\n DialogDescription,\n DialogFooter,\n DialogClose,\n} from \"@executor-js/react/components/dialog\";\nimport {\n CardStackEntry,\n CardStackEntryActions,\n CardStackEntryContent,\n CardStackEntryDescription,\n} from \"@executor-js/react/components/card-stack\";\n\nimport {\n onepasswordConfigAtom,\n onepasswordVaultsAtom,\n configureOnePassword,\n removeOnePasswordConfig,\n onepasswordWriteKeys,\n} from \"./atoms\";\nimport type { RedactedOnePasswordConfig } from \"../sdk/types\";\n\n// ---------------------------------------------------------------------------\n// Vault picker\n// ---------------------------------------------------------------------------\n\nfunction VaultPicker(props: {\n authKind: \"desktop-app\" | \"service-account\";\n accountName: string;\n vaultId: string;\n onVaultSelect: (id: string, name: string) => void;\n}) {\n const account = props.accountName.trim();\n const vaultsResult = useAtomValue(onepasswordVaultsAtom(props.authKind, account));\n\n const { vaults, isLoading, error } = AsyncResult.matchWithError(\n vaultsResult as AsyncResult.AsyncResult<\n { vaults: ReadonlyArray<{ id: string; name: string }> },\n Error\n >,\n {\n onInitial: () => ({\n vaults: [] as { id: string; name: string }[],\n isLoading: true,\n error: null,\n }),\n onError: () => ({\n vaults: [] as { id: string; name: string }[],\n isLoading: false,\n error: \"Failed to list vaults\",\n }),\n onDefect: () => ({\n vaults: [] as { id: string; name: string }[],\n isLoading: false,\n error: \"Failed to list vaults\",\n }),\n onSuccess: ({ value }) => {\n const v = value.vaults;\n const defaultVault = v[0];\n if (\n defaultVault &&\n (!props.vaultId || (v.length === 1 && props.vaultId !== defaultVault.id))\n ) {\n queueMicrotask(() => props.onVaultSelect(defaultVault.id, defaultVault.name));\n }\n return { vaults: [...v], isLoading: false, error: null };\n },\n },\n );\n\n if (!account) {\n return (\n <p className=\"text-[11px] text-muted-foreground/50 py-1\">\n Enter account details to load vaults.\n </p>\n );\n }\n\n const singleVault = vaults.length === 1 ? vaults[0] : null;\n\n return (\n <div className=\"grid gap-2\">\n {singleVault ? (\n <div className=\"flex h-9 items-center rounded-md border border-input bg-muted/30 px-3 text-[13px] text-foreground\">\n <span className=\"truncate\">{singleVault.name}</span>\n </div>\n ) : (\n <Select\n disabled={isLoading || vaults.length === 0}\n value={props.vaultId}\n onValueChange={(id) => {\n const v = vaults.find((vault) => vault.id === id);\n if (v) props.onVaultSelect(v.id, v.name);\n }}\n >\n <SelectTrigger className=\"h-9 text-[13px]\">\n <SelectValue placeholder={isLoading ? \"Loading…\" : \"Select a vault\"} />\n </SelectTrigger>\n <SelectContent>\n {vaults.map((v) => (\n <SelectItem key={v.id} value={v.id}>\n {v.name}\n </SelectItem>\n ))}\n </SelectContent>\n </Select>\n )}\n {error && (\n <div className=\"rounded-md border border-destructive/20 bg-destructive/5 px-2.5 py-1.5\">\n <p className=\"text-[11px] text-destructive leading-relaxed whitespace-pre-line\">\n {error}\n </p>\n </div>\n )}\n </div>\n );\n}\n\n// ---------------------------------------------------------------------------\n// Config dialog\n// ---------------------------------------------------------------------------\n\nfunction ConfigDialog(props: {\n open: boolean;\n onOpenChange: (v: boolean) => void;\n initial?: {\n authKind: string;\n accountName: string;\n vaultId: string;\n name: string;\n };\n}) {\n const isEdit = !!props.initial;\n const [authKind, setAuthKind] = useState<\"desktop-app\" | \"service-account\">(\n (props.initial?.authKind as \"desktop-app\" | \"service-account\") ?? \"desktop-app\",\n );\n const [accountName, setAccountName] = useState(props.initial?.accountName ?? \"my.1password.com\");\n const [vaultId, setVaultId] = useState(props.initial?.vaultId ?? \"\");\n const [vaultName, setVaultName] = useState(props.initial?.name ?? \"\");\n const [saving, setSaving] = useState(false);\n const [error, setError] = useState<string | null>(null);\n\n const doConfigure = useAtomSet(configureOnePassword, { mode: \"promiseExit\" });\n\n const reset = () => {\n if (!isEdit) {\n setAuthKind(\"desktop-app\");\n setAccountName(\"my.1password.com\");\n setVaultId(\"\");\n setVaultName(\"\");\n }\n setError(null);\n setSaving(false);\n };\n\n const handleSave = async () => {\n if (!accountName.trim() || !vaultId.trim()) return;\n setSaving(true);\n setError(null);\n\n const auth =\n authKind === \"desktop-app\"\n ? { kind: \"desktop-app\" as const, accountName: accountName.trim() }\n : { kind: \"service-account\" as const, token: accountName.trim() };\n\n const exit = await doConfigure({\n payload: {\n auth,\n vaultId: vaultId.trim(),\n name: vaultName.trim() || \"1Password\",\n },\n reactivityKeys: onepasswordWriteKeys,\n });\n if (Exit.isFailure(exit)) {\n setError(\"Failed to save configuration\");\n setSaving(false);\n return;\n }\n\n props.onOpenChange(false);\n reset();\n };\n\n return (\n <Dialog\n open={props.open}\n onOpenChange={(v) => {\n if (!v) reset();\n props.onOpenChange(v);\n }}\n >\n <DialogContent className=\"sm:max-w-[420px]\">\n <DialogHeader>\n <DialogTitle className=\"font-display text-xl\">\n {isEdit ? \"Edit 1Password\" : \"Connect 1Password\"}\n </DialogTitle>\n <DialogDescription className=\"text-[13px] leading-relaxed\">\n Link a vault to resolve secrets via the 1Password desktop app or a service account.\n </DialogDescription>\n </DialogHeader>\n\n <div className=\"grid gap-5 py-3\">\n {/* Auth method */}\n <div className=\"grid gap-1.5\">\n <Label className=\"text-[11px] font-medium uppercase tracking-[0.08em] text-muted-foreground\">\n Auth method\n </Label>\n <Select\n value={authKind}\n onValueChange={(v) => setAuthKind(v as \"desktop-app\" | \"service-account\")}\n >\n <SelectTrigger className=\"h-9 text-[13px]\">\n <SelectValue />\n </SelectTrigger>\n <SelectContent>\n <SelectItem value=\"desktop-app\">Desktop App (biometric)</SelectItem>\n <SelectItem value=\"service-account\">Service Account</SelectItem>\n </SelectContent>\n </Select>\n </div>\n\n {/* Account / token */}\n <div className=\"grid gap-1.5\">\n <Label className=\"text-[11px] font-medium uppercase tracking-[0.08em] text-muted-foreground\">\n {authKind === \"desktop-app\" ? \"Account domain\" : \"Service account token\"}\n </Label>\n <Input\n placeholder={authKind === \"desktop-app\" ? \"my.1password.com\" : \"ops_...\"}\n value={accountName}\n onChange={(e) => setAccountName((e.target as HTMLInputElement).value)}\n className=\"font-mono text-[13px] h-9\"\n />\n <p className=\"text-[11px] text-muted-foreground/60 leading-relaxed\">\n {authKind === \"desktop-app\"\n ? \"Requires the 1Password desktop app with biometric unlock.\"\n : \"The token is stored in this provider's owner-scoped config and never surfaced again.\"}\n </p>\n </div>\n\n {/* Vault */}\n <div className=\"grid gap-1.5\">\n <Label className=\"text-[11px] font-medium uppercase tracking-[0.08em] text-muted-foreground\">\n Vault\n </Label>\n <VaultPicker\n authKind={authKind}\n accountName={accountName}\n vaultId={vaultId}\n onVaultSelect={(id, name) => {\n setVaultId(id);\n setVaultName(name);\n }}\n />\n </div>\n\n {/* Display name */}\n <div className=\"grid gap-1.5\">\n <Label className=\"text-[11px] font-medium uppercase tracking-[0.08em] text-muted-foreground\">\n Display name\n </Label>\n <Input\n placeholder=\"1Password\"\n value={vaultName}\n onChange={(e) => setVaultName((e.target as HTMLInputElement).value)}\n className=\"text-[13px] h-9\"\n />\n </div>\n\n {error && (\n <div className=\"rounded-md border border-destructive/20 bg-destructive/5 px-3 py-2\">\n <p className=\"text-[12px] text-destructive whitespace-pre-line\">{error}</p>\n </div>\n )}\n </div>\n\n <DialogFooter>\n <DialogClose asChild>\n <Button variant=\"ghost\" size=\"sm\">\n Cancel\n </Button>\n </DialogClose>\n <Button\n size=\"sm\"\n onClick={handleSave}\n disabled={!accountName.trim() || !vaultId.trim() || saving}\n >\n {saving ? \"Saving…\" : isEdit ? \"Update\" : \"Connect\"}\n </Button>\n </DialogFooter>\n </DialogContent>\n </Dialog>\n );\n}\n\n// ---------------------------------------------------------------------------\n// Settings card\n// ---------------------------------------------------------------------------\n\nexport default function OnePasswordSettings() {\n const [configOpen, setConfigOpen] = useState(false);\n const configResult = useAtomValue(onepasswordConfigAtom);\n const doRemove = useAtomSet(removeOnePasswordConfig, { mode: \"promiseExit\" });\n\n const handleRemove = async () => {\n await doRemove({ reactivityKeys: onepasswordWriteKeys });\n };\n\n const config: RedactedOnePasswordConfig | null = AsyncResult.match(\n configResult as AsyncResult.AsyncResult<RedactedOnePasswordConfig | null, unknown>,\n {\n onInitial: () => null,\n onFailure: () => null,\n onSuccess: ({ value }) => value,\n },\n );\n const isLoading = AsyncResult.match(\n configResult as AsyncResult.AsyncResult<RedactedOnePasswordConfig | null, unknown>,\n {\n onInitial: () => true,\n onFailure: () => false,\n onSuccess: () => false,\n },\n );\n const isError = AsyncResult.match(\n configResult as AsyncResult.AsyncResult<RedactedOnePasswordConfig | null, unknown>,\n {\n onInitial: () => false,\n onFailure: () => true,\n onSuccess: () => false,\n },\n );\n\n return (\n <>\n <CardStackEntry>\n <CardStackEntryContent>\n {isLoading ? (\n <CardStackEntryDescription>Loading…</CardStackEntryDescription>\n ) : isError ? (\n <CardStackEntryDescription className=\"text-destructive\">\n Failed to load configuration\n </CardStackEntryDescription>\n ) : config ? (\n <div className=\"grid grid-cols-[auto_1fr] gap-x-6 gap-y-1 text-[12px]\">\n <span className=\"text-muted-foreground/60\">Auth</span>\n <span className=\"font-mono text-foreground/80 truncate\">\n {config.auth.kind === \"desktop-app\" ? config.auth.accountName : \"service-account\"}\n </span>\n <span className=\"text-muted-foreground/60\">Vault</span>\n <div className=\"flex items-center gap-2 min-w-0\">\n <span className=\"text-foreground/80 truncate\">{config.name}</span>\n </div>\n </div>\n ) : (\n <CardStackEntryDescription>\n Resolve secrets from your 1Password vault.\n </CardStackEntryDescription>\n )}\n </CardStackEntryContent>\n <CardStackEntryActions>\n {config ? (\n <>\n <Button\n variant=\"ghost\"\n size=\"sm\"\n className=\"h-7 px-2.5 text-[12px]\"\n onClick={() => setConfigOpen(true)}\n >\n Edit\n </Button>\n <Button\n variant=\"ghost\"\n size=\"sm\"\n className=\"h-7 px-2.5 text-[12px] text-destructive/70 hover:text-destructive\"\n onClick={handleRemove}\n >\n Disconnect\n </Button>\n </>\n ) : (\n !isLoading &&\n !isError && (\n <Button\n variant=\"link\"\n size=\"sm\"\n className=\"h-7 px-0 text-[12px] shrink-0\"\n onClick={() => setConfigOpen(true)}\n >\n Add 1Password\n </Button>\n )\n )}\n </CardStackEntryActions>\n </CardStackEntry>\n\n {configOpen && (\n <ConfigDialog\n open={configOpen}\n onOpenChange={setConfigOpen}\n initial={\n config\n ? {\n authKind: config.auth.kind,\n // Service-account tokens are never surfaced (redacted); the\n // user re-enters the token when editing that auth method.\n accountName: config.auth.kind === \"desktop-app\" ? config.auth.accountName : \"\",\n vaultId: config.vaultId,\n name: config.name,\n }\n : undefined\n }\n />\n )}\n </>\n );\n}\n","import { ReactivityKey } from \"@executor-js/react/api/reactivity-keys\";\nimport { OnePasswordClient } from \"./client\";\n\n// 1Password is a CredentialProvider in v2 — its owner-scoped config lives in\n// the `providers` reactivity family (the v1 `secrets` key is gone).\nexport const onepasswordWriteKeys = [ReactivityKey.providers] as const;\n\n// ---------------------------------------------------------------------------\n// Query atoms\n//\n// v2: the 1Password config is a single owner-partitioned binding the server\n// derives from the executor's owner — there are no owner path params here; the\n// server reads the acting owner from the executor binding.\n// ---------------------------------------------------------------------------\n\nexport const onepasswordConfigAtom = OnePasswordClient.query(\"onepassword\", \"getConfig\", {\n timeToLive: \"30 seconds\",\n reactivityKeys: [ReactivityKey.providers],\n});\n\nexport const onepasswordStatusAtom = OnePasswordClient.query(\"onepassword\", \"status\", {\n timeToLive: \"15 seconds\",\n reactivityKeys: [ReactivityKey.providers],\n});\n\n// ---------------------------------------------------------------------------\n// Query atoms — vaults\n// ---------------------------------------------------------------------------\n\nexport const onepasswordVaultsAtom = (\n authKind: \"desktop-app\" | \"service-account\",\n account: string,\n) =>\n OnePasswordClient.query(\"onepassword\", \"listVaults\", {\n query: { authKind, account },\n timeToLive: \"30 seconds\",\n reactivityKeys: [ReactivityKey.providers],\n });\n\n// ---------------------------------------------------------------------------\n// Mutation atoms\n// ---------------------------------------------------------------------------\n\nexport const configureOnePassword = OnePasswordClient.mutation(\"onepassword\", \"configure\");\n\nexport const removeOnePasswordConfig = OnePasswordClient.mutation(\"onepassword\", \"removeConfig\");\n","import { createPluginAtomClient } from \"@executor-js/sdk/client\";\nimport {\n getExecutorApiBaseUrl,\n getExecutorServerAuthorizationHeader,\n} from \"@executor-js/react/api/server-connection\";\nimport { OnePasswordGroup } from \"../api/group\";\n\nexport const OnePasswordClient = createPluginAtomClient(OnePasswordGroup, {\n baseUrl: getExecutorApiBaseUrl,\n authorizationHeader: getExecutorServerAuthorizationHeader,\n});\n","import { HttpApiEndpoint, HttpApiGroup } from \"effect/unstable/httpapi\";\nimport { Schema } from \"effect\";\nimport { InternalError } from \"@executor-js/sdk/shared\";\n\nimport { OnePasswordError } from \"../sdk/errors\";\nimport {\n OnePasswordConfig,\n RedactedOnePasswordConfig,\n Vault,\n ConnectionStatus,\n} from \"../sdk/types\";\n\n// ---------------------------------------------------------------------------\n// Payloads\n//\n// v2: config is a single per-owner binding the extension derives from the\n// executor's owner binding — there are no scope segments in the path. The\n// configure payload carries the full config (including the service-account\n// token); reads return the redacted projection so the token never leaves the\n// plugin.\n// ---------------------------------------------------------------------------\n\nconst ConfigurePayload = OnePasswordConfig;\n\nconst ListVaultsParams = Schema.Struct({\n authKind: Schema.Literals([\"desktop-app\", \"service-account\"]),\n account: Schema.String,\n});\n\n// ---------------------------------------------------------------------------\n// Responses\n// ---------------------------------------------------------------------------\n\nconst ListVaultsResponse = Schema.Struct({\n vaults: Schema.Array(Vault),\n});\n\nconst GetConfigResponse = Schema.NullOr(RedactedOnePasswordConfig);\n\n// ---------------------------------------------------------------------------\n// Group\n//\n// Plugin SDK errors (OnePasswordError) are declared once per endpoint via the\n// `error` field — the error carries its own 502 status via `HttpApiSchema`\n// annotations in errors.ts.\n//\n// `InternalError` is the shared opaque 500 schema translated at the HTTP edge\n// by `withCapture`. Storage failures on `ctx.storage` flow through as\n// `StorageFailure` in the typed channel and are captured + downgraded to\n// `InternalError({ traceId })` at Layer composition.\n// ---------------------------------------------------------------------------\n\nexport const OnePasswordGroup = HttpApiGroup.make(\"onepassword\")\n .add(\n HttpApiEndpoint.get(\"getConfig\", \"/onepassword/config\", {\n success: GetConfigResponse,\n error: [InternalError, OnePasswordError],\n }),\n )\n .add(\n HttpApiEndpoint.put(\"configure\", \"/onepassword/config\", {\n payload: ConfigurePayload,\n success: Schema.Void,\n error: [InternalError, OnePasswordError],\n }),\n )\n .add(\n HttpApiEndpoint.delete(\"removeConfig\", \"/onepassword/config\", {\n success: Schema.Void,\n error: [InternalError, OnePasswordError],\n }),\n )\n .add(\n HttpApiEndpoint.get(\"status\", \"/onepassword/status\", {\n success: ConnectionStatus,\n error: [InternalError, OnePasswordError],\n }),\n )\n .add(\n HttpApiEndpoint.get(\"listVaults\", \"/onepassword/vaults\", {\n query: ListVaultsParams,\n success: ListVaultsResponse,\n error: [InternalError, OnePasswordError],\n }),\n );\n"],"mappings":";;;;;;;;;AAAA,SAAS,gBAAgB;AACzB,SAAS,YAAY,oBAAoB;AACzC,YAAY,UAAU;AACtB,YAAY,iBAAiB;AAC7B,SAAS,cAAc;AACvB,SAAS,aAAa;AACtB,SAAS,aAAa;AACtB;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;;;AC5BP,SAAS,qBAAqB;;;ACA9B,SAAS,8BAA8B;AACvC;AAAA,EACE;AAAA,EACA;AAAA,OACK;;;ACJP,SAAS,iBAAiB,oBAAoB;AAC9C,SAAS,cAAc;AACvB,SAAS,qBAAqB;AAoB9B,IAAM,mBAAmB;AAEzB,IAAM,mBAAmB,OAAO,OAAO;AAAA,EACrC,UAAU,OAAO,SAAS,CAAC,eAAe,iBAAiB,CAAC;AAAA,EAC5D,SAAS,OAAO;AAClB,CAAC;AAMD,IAAM,qBAAqB,OAAO,OAAO;AAAA,EACvC,QAAQ,OAAO,MAAM,KAAK;AAC5B,CAAC;AAED,IAAM,oBAAoB,OAAO,OAAO,yBAAyB;AAe1D,IAAM,mBAAmB,aAAa,KAAK,aAAa,EAC5D;AAAA,EACC,gBAAgB,IAAI,aAAa,uBAAuB;AAAA,IACtD,SAAS;AAAA,IACT,OAAO,CAAC,eAAe,gBAAgB;AAAA,EACzC,CAAC;AACH,EACC;AAAA,EACC,gBAAgB,IAAI,aAAa,uBAAuB;AAAA,IACtD,SAAS;AAAA,IACT,SAAS,OAAO;AAAA,IAChB,OAAO,CAAC,eAAe,gBAAgB;AAAA,EACzC,CAAC;AACH,EACC;AAAA,EACC,gBAAgB,OAAO,gBAAgB,uBAAuB;AAAA,IAC5D,SAAS,OAAO;AAAA,IAChB,OAAO,CAAC,eAAe,gBAAgB;AAAA,EACzC,CAAC;AACH,EACC;AAAA,EACC,gBAAgB,IAAI,UAAU,uBAAuB;AAAA,IACnD,SAAS;AAAA,IACT,OAAO,CAAC,eAAe,gBAAgB;AAAA,EACzC,CAAC;AACH,EACC;AAAA,EACC,gBAAgB,IAAI,cAAc,uBAAuB;AAAA,IACvD,OAAO;AAAA,IACP,SAAS;AAAA,IACT,OAAO,CAAC,eAAe,gBAAgB;AAAA,EACzC,CAAC;AACH;;;AD7EK,IAAM,oBAAoB,uBAAuB,kBAAkB;AAAA,EACxE,SAAS;AAAA,EACT,qBAAqB;AACvB,CAAC;;;ADLM,IAAM,uBAAuB,CAAC,cAAc,SAAS;AAUrD,IAAM,wBAAwB,kBAAkB,MAAM,eAAe,aAAa;AAAA,EACvF,YAAY;AAAA,EACZ,gBAAgB,CAAC,cAAc,SAAS;AAC1C,CAAC;AAEM,IAAM,wBAAwB,kBAAkB,MAAM,eAAe,UAAU;AAAA,EACpF,YAAY;AAAA,EACZ,gBAAgB,CAAC,cAAc,SAAS;AAC1C,CAAC;AAMM,IAAM,wBAAwB,CACnC,UACA,YAEA,kBAAkB,MAAM,eAAe,cAAc;AAAA,EACnD,OAAO,EAAE,UAAU,QAAQ;AAAA,EAC3B,YAAY;AAAA,EACZ,gBAAgB,CAAC,cAAc,SAAS;AAC1C,CAAC;AAMI,IAAM,uBAAuB,kBAAkB,SAAS,eAAe,WAAW;AAElF,IAAM,0BAA0B,kBAAkB,SAAS,eAAe,cAAc;;;AD4CzF,SAiSM,UAjSN,KAeE,YAfF;AA9CN,SAAS,YAAY,OAKlB;AACD,QAAM,UAAU,MAAM,YAAY,KAAK;AACvC,QAAM,eAAe,aAAa,sBAAsB,MAAM,UAAU,OAAO,CAAC;AAEhF,QAAM,EAAE,QAAQ,WAAW,MAAM,IAAgB;AAAA,IAC/C;AAAA,IAIA;AAAA,MACE,WAAW,OAAO;AAAA,QAChB,QAAQ,CAAC;AAAA,QACT,WAAW;AAAA,QACX,OAAO;AAAA,MACT;AAAA,MACA,SAAS,OAAO;AAAA,QACd,QAAQ,CAAC;AAAA,QACT,WAAW;AAAA,QACX,OAAO;AAAA,MACT;AAAA,MACA,UAAU,OAAO;AAAA,QACf,QAAQ,CAAC;AAAA,QACT,WAAW;AAAA,QACX,OAAO;AAAA,MACT;AAAA,MACA,WAAW,CAAC,EAAE,MAAM,MAAM;AACxB,cAAM,IAAI,MAAM;AAChB,cAAM,eAAe,EAAE,CAAC;AACxB,YACE,iBACC,CAAC,MAAM,WAAY,EAAE,WAAW,KAAK,MAAM,YAAY,aAAa,KACrE;AACA,yBAAe,MAAM,MAAM,cAAc,aAAa,IAAI,aAAa,IAAI,CAAC;AAAA,QAC9E;AACA,eAAO,EAAE,QAAQ,CAAC,GAAG,CAAC,GAAG,WAAW,OAAO,OAAO,KAAK;AAAA,MACzD;AAAA,IACF;AAAA,EACF;AAEA,MAAI,CAAC,SAAS;AACZ,WACE,oBAAC,OAAE,WAAU,6CAA4C,mDAEzD;AAAA,EAEJ;AAEA,QAAM,cAAc,OAAO,WAAW,IAAI,OAAO,CAAC,IAAI;AAEtD,SACE,qBAAC,SAAI,WAAU,cACZ;AAAA,kBACC,oBAAC,SAAI,WAAU,qGACb,8BAAC,UAAK,WAAU,YAAY,sBAAY,MAAK,GAC/C,IAEA;AAAA,MAAC;AAAA;AAAA,QACC,UAAU,aAAa,OAAO,WAAW;AAAA,QACzC,OAAO,MAAM;AAAA,QACb,eAAe,CAAC,OAAO;AACrB,gBAAM,IAAI,OAAO,KAAK,CAAC,UAAU,MAAM,OAAO,EAAE;AAChD,cAAI,EAAG,OAAM,cAAc,EAAE,IAAI,EAAE,IAAI;AAAA,QACzC;AAAA,QAEA;AAAA,8BAAC,iBAAc,WAAU,mBACvB,8BAAC,eAAY,aAAa,YAAY,kBAAa,kBAAkB,GACvE;AAAA,UACA,oBAAC,iBACE,iBAAO,IAAI,CAAC,MACX,oBAAC,cAAsB,OAAO,EAAE,IAC7B,YAAE,QADY,EAAE,EAEnB,CACD,GACH;AAAA;AAAA;AAAA,IACF;AAAA,IAED,SACC,oBAAC,SAAI,WAAU,0EACb,8BAAC,OAAE,WAAU,oEACV,iBACH,GACF;AAAA,KAEJ;AAEJ;AAMA,SAAS,aAAa,OASnB;AACD,QAAM,SAAS,CAAC,CAAC,MAAM;AACvB,QAAM,CAAC,UAAU,WAAW,IAAI;AAAA,IAC7B,MAAM,SAAS,YAAkD;AAAA,EACpE;AACA,QAAM,CAAC,aAAa,cAAc,IAAI,SAAS,MAAM,SAAS,eAAe,kBAAkB;AAC/F,QAAM,CAAC,SAAS,UAAU,IAAI,SAAS,MAAM,SAAS,WAAW,EAAE;AACnE,QAAM,CAAC,WAAW,YAAY,IAAI,SAAS,MAAM,SAAS,QAAQ,EAAE;AACpE,QAAM,CAAC,QAAQ,SAAS,IAAI,SAAS,KAAK;AAC1C,QAAM,CAAC,OAAO,QAAQ,IAAI,SAAwB,IAAI;AAEtD,QAAM,cAAc,WAAW,sBAAsB,EAAE,MAAM,cAAc,CAAC;AAE5E,QAAM,QAAQ,MAAM;AAClB,QAAI,CAAC,QAAQ;AACX,kBAAY,aAAa;AACzB,qBAAe,kBAAkB;AACjC,iBAAW,EAAE;AACb,mBAAa,EAAE;AAAA,IACjB;AACA,aAAS,IAAI;AACb,cAAU,KAAK;AAAA,EACjB;AAEA,QAAM,aAAa,YAAY;AAC7B,QAAI,CAAC,YAAY,KAAK,KAAK,CAAC,QAAQ,KAAK,EAAG;AAC5C,cAAU,IAAI;AACd,aAAS,IAAI;AAEb,UAAM,OACJ,aAAa,gBACT,EAAE,MAAM,eAAwB,aAAa,YAAY,KAAK,EAAE,IAChE,EAAE,MAAM,mBAA4B,OAAO,YAAY,KAAK,EAAE;AAEpE,UAAM,OAAO,MAAM,YAAY;AAAA,MAC7B,SAAS;AAAA,QACP;AAAA,QACA,SAAS,QAAQ,KAAK;AAAA,QACtB,MAAM,UAAU,KAAK,KAAK;AAAA,MAC5B;AAAA,MACA,gBAAgB;AAAA,IAClB,CAAC;AACD,QAAS,eAAU,IAAI,GAAG;AACxB,eAAS,8BAA8B;AACvC,gBAAU,KAAK;AACf;AAAA,IACF;AAEA,UAAM,aAAa,KAAK;AACxB,UAAM;AAAA,EACR;AAEA,SACE;AAAA,IAAC;AAAA;AAAA,MACC,MAAM,MAAM;AAAA,MACZ,cAAc,CAAC,MAAM;AACnB,YAAI,CAAC,EAAG,OAAM;AACd,cAAM,aAAa,CAAC;AAAA,MACtB;AAAA,MAEA,+BAAC,iBAAc,WAAU,oBACvB;AAAA,6BAAC,gBACC;AAAA,8BAAC,eAAY,WAAU,wBACpB,mBAAS,mBAAmB,qBAC/B;AAAA,UACA,oBAAC,qBAAkB,WAAU,+BAA8B,iGAE3D;AAAA,WACF;AAAA,QAEA,qBAAC,SAAI,WAAU,mBAEb;AAAA,+BAAC,SAAI,WAAU,gBACb;AAAA,gCAAC,SAAM,WAAU,6EAA4E,yBAE7F;AAAA,YACA;AAAA,cAAC;AAAA;AAAA,gBACC,OAAO;AAAA,gBACP,eAAe,CAAC,MAAM,YAAY,CAAsC;AAAA,gBAExE;AAAA,sCAAC,iBAAc,WAAU,mBACvB,8BAAC,eAAY,GACf;AAAA,kBACA,qBAAC,iBACC;AAAA,wCAAC,cAAW,OAAM,eAAc,qCAAuB;AAAA,oBACvD,oBAAC,cAAW,OAAM,mBAAkB,6BAAe;AAAA,qBACrD;AAAA;AAAA;AAAA,YACF;AAAA,aACF;AAAA,UAGA,qBAAC,SAAI,WAAU,gBACb;AAAA,gCAAC,SAAM,WAAU,6EACd,uBAAa,gBAAgB,mBAAmB,yBACnD;AAAA,YACA;AAAA,cAAC;AAAA;AAAA,gBACC,aAAa,aAAa,gBAAgB,qBAAqB;AAAA,gBAC/D,OAAO;AAAA,gBACP,UAAU,CAAC,MAAM,eAAgB,EAAE,OAA4B,KAAK;AAAA,gBACpE,WAAU;AAAA;AAAA,YACZ;AAAA,YACA,oBAAC,OAAE,WAAU,wDACV,uBAAa,gBACV,8DACA,wFACN;AAAA,aACF;AAAA,UAGA,qBAAC,SAAI,WAAU,gBACb;AAAA,gCAAC,SAAM,WAAU,6EAA4E,mBAE7F;AAAA,YACA;AAAA,cAAC;AAAA;AAAA,gBACC;AAAA,gBACA;AAAA,gBACA;AAAA,gBACA,eAAe,CAAC,IAAI,SAAS;AAC3B,6BAAW,EAAE;AACb,+BAAa,IAAI;AAAA,gBACnB;AAAA;AAAA,YACF;AAAA,aACF;AAAA,UAGA,qBAAC,SAAI,WAAU,gBACb;AAAA,gCAAC,SAAM,WAAU,6EAA4E,0BAE7F;AAAA,YACA;AAAA,cAAC;AAAA;AAAA,gBACC,aAAY;AAAA,gBACZ,OAAO;AAAA,gBACP,UAAU,CAAC,MAAM,aAAc,EAAE,OAA4B,KAAK;AAAA,gBAClE,WAAU;AAAA;AAAA,YACZ;AAAA,aACF;AAAA,UAEC,SACC,oBAAC,SAAI,WAAU,sEACb,8BAAC,OAAE,WAAU,oDAAoD,iBAAM,GACzE;AAAA,WAEJ;AAAA,QAEA,qBAAC,gBACC;AAAA,8BAAC,eAAY,SAAO,MAClB,8BAAC,UAAO,SAAQ,SAAQ,MAAK,MAAK,oBAElC,GACF;AAAA,UACA;AAAA,YAAC;AAAA;AAAA,cACC,MAAK;AAAA,cACL,SAAS;AAAA,cACT,UAAU,CAAC,YAAY,KAAK,KAAK,CAAC,QAAQ,KAAK,KAAK;AAAA,cAEnD,mBAAS,iBAAY,SAAS,WAAW;AAAA;AAAA,UAC5C;AAAA,WACF;AAAA,SACF;AAAA;AAAA,EACF;AAEJ;AAMe,SAAR,sBAAuC;AAC5C,QAAM,CAAC,YAAY,aAAa,IAAI,SAAS,KAAK;AAClD,QAAM,eAAe,aAAa,qBAAqB;AACvD,QAAM,WAAW,WAAW,yBAAyB,EAAE,MAAM,cAAc,CAAC;AAE5E,QAAM,eAAe,YAAY;AAC/B,UAAM,SAAS,EAAE,gBAAgB,qBAAqB,CAAC;AAAA,EACzD;AAEA,QAAM,SAAuD;AAAA,IAC3D;AAAA,IACA;AAAA,MACE,WAAW,MAAM;AAAA,MACjB,WAAW,MAAM;AAAA,MACjB,WAAW,CAAC,EAAE,MAAM,MAAM;AAAA,IAC5B;AAAA,EACF;AACA,QAAM,YAAwB;AAAA,IAC5B;AAAA,IACA;AAAA,MACE,WAAW,MAAM;AAAA,MACjB,WAAW,MAAM;AAAA,MACjB,WAAW,MAAM;AAAA,IACnB;AAAA,EACF;AACA,QAAM,UAAsB;AAAA,IAC1B;AAAA,IACA;AAAA,MACE,WAAW,MAAM;AAAA,MACjB,WAAW,MAAM;AAAA,MACjB,WAAW,MAAM;AAAA,IACnB;AAAA,EACF;AAEA,SACE,iCACE;AAAA,yBAAC,kBACC;AAAA,0BAAC,yBACE,sBACC,oBAAC,6BAA0B,2BAAQ,IACjC,UACF,oBAAC,6BAA0B,WAAU,oBAAmB,0CAExD,IACE,SACF,qBAAC,SAAI,WAAU,yDACb;AAAA,4BAAC,UAAK,WAAU,4BAA2B,kBAAI;AAAA,QAC/C,oBAAC,UAAK,WAAU,yCACb,iBAAO,KAAK,SAAS,gBAAgB,OAAO,KAAK,cAAc,mBAClE;AAAA,QACA,oBAAC,UAAK,WAAU,4BAA2B,mBAAK;AAAA,QAChD,oBAAC,SAAI,WAAU,mCACb,8BAAC,UAAK,WAAU,+BAA+B,iBAAO,MAAK,GAC7D;AAAA,SACF,IAEA,oBAAC,6BAA0B,wDAE3B,GAEJ;AAAA,MACA,oBAAC,yBACE,mBACC,iCACE;AAAA;AAAA,UAAC;AAAA;AAAA,YACC,SAAQ;AAAA,YACR,MAAK;AAAA,YACL,WAAU;AAAA,YACV,SAAS,MAAM,cAAc,IAAI;AAAA,YAClC;AAAA;AAAA,QAED;AAAA,QACA;AAAA,UAAC;AAAA;AAAA,YACC,SAAQ;AAAA,YACR,MAAK;AAAA,YACL,WAAU;AAAA,YACV,SAAS;AAAA,YACV;AAAA;AAAA,QAED;AAAA,SACF,IAEA,CAAC,aACD,CAAC,WACC;AAAA,QAAC;AAAA;AAAA,UACC,SAAQ;AAAA,UACR,MAAK;AAAA,UACL,WAAU;AAAA,UACV,SAAS,MAAM,cAAc,IAAI;AAAA,UAClC;AAAA;AAAA,MAED,GAGN;AAAA,OACF;AAAA,IAEC,cACC;AAAA,MAAC;AAAA;AAAA,QACC,MAAM;AAAA,QACN,cAAc;AAAA,QACd,SACE,SACI;AAAA,UACE,UAAU,OAAO,KAAK;AAAA;AAAA;AAAA,UAGtB,aAAa,OAAO,KAAK,SAAS,gBAAgB,OAAO,KAAK,cAAc;AAAA,UAC5E,SAAS,OAAO;AAAA,UAChB,MAAM,OAAO;AAAA,QACf,IACA;AAAA;AAAA,IAER;AAAA,KAEJ;AAEJ;","names":[]}
@@ -2,41 +2,30 @@ import { HttpApiEndpoint, HttpApiGroup } from "effect/unstable/httpapi";
2
2
  import { Schema } from "effect";
3
3
  import { InternalError } from "@executor-js/sdk/shared";
4
4
  import { OnePasswordError } from "../sdk/errors";
5
- export declare const OnePasswordGroup: HttpApiGroup.HttpApiGroup<"onepassword", HttpApiEndpoint.HttpApiEndpoint<"getConfig", "GET", "/scopes/:scopeId/onepassword/config", HttpApiEndpoint.StringTree<Schema.Struct<{
6
- scopeId: Schema.brand<Schema.String, "ScopeId">;
7
- }>>, HttpApiEndpoint.StringTree<never>, HttpApiEndpoint.StringTree<never>, HttpApiEndpoint.StringTree<never>, HttpApiEndpoint.Json<Schema.NullOr<Schema.Struct<{
5
+ export declare const OnePasswordGroup: HttpApiGroup.HttpApiGroup<"onepassword", HttpApiEndpoint.HttpApiEndpoint<"getConfig", "GET", "/onepassword/config", HttpApiEndpoint.StringTree<never>, HttpApiEndpoint.StringTree<never>, HttpApiEndpoint.StringTree<never>, HttpApiEndpoint.StringTree<never>, HttpApiEndpoint.Json<Schema.NullOr<Schema.Struct<{
8
6
  readonly auth: Schema.Union<readonly [Schema.Struct<{
9
7
  readonly kind: Schema.Literal<"desktop-app">;
10
8
  readonly accountName: Schema.String;
11
9
  }>, Schema.Struct<{
12
10
  readonly kind: Schema.Literal<"service-account">;
13
- readonly tokenSecretId: Schema.String;
14
11
  }>]>;
15
12
  readonly vaultId: Schema.String;
16
13
  readonly name: Schema.String;
17
- }>>>, HttpApiEndpoint.Json<typeof InternalError | typeof OnePasswordError>, never, never> | HttpApiEndpoint.HttpApiEndpoint<"configure", "PUT", "/scopes/:scopeId/onepassword/config", HttpApiEndpoint.StringTree<Schema.Struct<{
18
- scopeId: Schema.brand<Schema.String, "ScopeId">;
19
- }>>, HttpApiEndpoint.StringTree<never>, HttpApiEndpoint.Json<Schema.Struct<{
14
+ }>>>, HttpApiEndpoint.Json<typeof InternalError | typeof OnePasswordError>, never, never> | HttpApiEndpoint.HttpApiEndpoint<"configure", "PUT", "/onepassword/config", HttpApiEndpoint.StringTree<never>, HttpApiEndpoint.StringTree<never>, HttpApiEndpoint.Json<Schema.Struct<{
20
15
  readonly auth: Schema.Union<readonly [Schema.Struct<{
21
16
  readonly kind: Schema.Literal<"desktop-app">;
22
17
  readonly accountName: Schema.String;
23
18
  }>, Schema.Struct<{
24
19
  readonly kind: Schema.Literal<"service-account">;
25
- readonly tokenSecretId: Schema.String;
20
+ readonly token: Schema.String;
26
21
  }>]>;
27
22
  readonly vaultId: Schema.String;
28
23
  readonly name: Schema.String;
29
- }>>, HttpApiEndpoint.StringTree<never>, HttpApiEndpoint.Json<Schema.Void>, HttpApiEndpoint.Json<typeof InternalError | typeof OnePasswordError>, never, never> | HttpApiEndpoint.HttpApiEndpoint<"removeConfig", "DELETE", "/scopes/:scopeId/onepassword/config", HttpApiEndpoint.StringTree<Schema.Struct<{
30
- scopeId: Schema.brand<Schema.String, "ScopeId">;
31
- }>>, HttpApiEndpoint.StringTree<never>, HttpApiEndpoint.Json<never>, HttpApiEndpoint.StringTree<never>, HttpApiEndpoint.Json<Schema.Void>, HttpApiEndpoint.Json<typeof InternalError | typeof OnePasswordError>, never, never> | HttpApiEndpoint.HttpApiEndpoint<"status", "GET", "/scopes/:scopeId/onepassword/status", HttpApiEndpoint.StringTree<Schema.Struct<{
32
- scopeId: Schema.brand<Schema.String, "ScopeId">;
33
- }>>, HttpApiEndpoint.StringTree<never>, HttpApiEndpoint.StringTree<never>, HttpApiEndpoint.StringTree<never>, HttpApiEndpoint.Json<Schema.Struct<{
24
+ }>>, HttpApiEndpoint.StringTree<never>, HttpApiEndpoint.Json<Schema.Void>, HttpApiEndpoint.Json<typeof InternalError | typeof OnePasswordError>, never, never> | HttpApiEndpoint.HttpApiEndpoint<"removeConfig", "DELETE", "/onepassword/config", HttpApiEndpoint.StringTree<never>, HttpApiEndpoint.StringTree<never>, HttpApiEndpoint.Json<never>, HttpApiEndpoint.StringTree<never>, HttpApiEndpoint.Json<Schema.Void>, HttpApiEndpoint.Json<typeof InternalError | typeof OnePasswordError>, never, never> | HttpApiEndpoint.HttpApiEndpoint<"status", "GET", "/onepassword/status", HttpApiEndpoint.StringTree<never>, HttpApiEndpoint.StringTree<never>, HttpApiEndpoint.StringTree<never>, HttpApiEndpoint.StringTree<never>, HttpApiEndpoint.Json<Schema.Struct<{
34
25
  readonly connected: Schema.Boolean;
35
26
  readonly vaultName: Schema.optional<Schema.String>;
36
27
  readonly error: Schema.optional<Schema.String>;
37
- }>>, HttpApiEndpoint.Json<typeof InternalError | typeof OnePasswordError>, never, never> | HttpApiEndpoint.HttpApiEndpoint<"listVaults", "GET", "/scopes/:scopeId/onepassword/vaults", HttpApiEndpoint.StringTree<Schema.Struct<{
38
- scopeId: Schema.brand<Schema.String, "ScopeId">;
39
- }>>, HttpApiEndpoint.StringTree<Schema.Struct<{
28
+ }>>, HttpApiEndpoint.Json<typeof InternalError | typeof OnePasswordError>, never, never> | HttpApiEndpoint.HttpApiEndpoint<"listVaults", "GET", "/onepassword/vaults", HttpApiEndpoint.StringTree<never>, HttpApiEndpoint.StringTree<Schema.Struct<{
40
29
  readonly authKind: Schema.Literals<readonly ["desktop-app", "service-account"]>;
41
30
  readonly account: Schema.String;
42
31
  }>>, HttpApiEndpoint.StringTree<never>, HttpApiEndpoint.StringTree<never>, HttpApiEndpoint.Json<Schema.Struct<{
@@ -1,28 +1,18 @@
1
1
  import { Context, Effect } from "effect";
2
2
  declare const OnePasswordExtensionService_base: Context.ServiceClass<OnePasswordExtensionService, "OnePasswordExtensionService", {
3
- configure: (config: import("../promise").OnePasswordConfig, targetScope: string) => Effect.Effect<void, import("@executor-js/sdk").StorageError, never>;
4
- getConfig: () => Effect.Effect<{
5
- readonly name: string;
6
- readonly auth: {
7
- readonly kind: "desktop-app";
8
- readonly accountName: string;
9
- } | {
10
- readonly kind: "service-account";
11
- readonly tokenSecretId: string;
12
- };
13
- readonly vaultId: string;
14
- } | null, import("@executor-js/sdk").StorageError | import("../promise").OnePasswordError, never>;
15
- removeConfig: (targetScope: string) => Effect.Effect<void, import("@executor-js/sdk").StorageError, never>;
3
+ configure: (config: import("../promise").OnePasswordConfig) => Effect.Effect<void, import("@executor-js/sdk").StorageError, never>;
4
+ getConfig: () => Effect.Effect<import("../sdk").RedactedOnePasswordConfig | null, import("@executor-js/sdk").StorageError | import("../promise").OnePasswordError>;
5
+ removeConfig: () => Effect.Effect<void, import("@executor-js/sdk").StorageError, never>;
16
6
  status: () => Effect.Effect<{
17
7
  readonly connected: boolean;
18
8
  readonly error?: string | undefined;
19
9
  readonly vaultName?: string | undefined;
20
- }, import("@executor-js/sdk").StorageFailure | import("../promise").OnePasswordError, never>;
10
+ }, import("@executor-js/sdk").StorageError | import("../promise").OnePasswordError, never>;
21
11
  listVaults: (auth: import("../promise").OnePasswordAuth) => Effect.Effect<{
22
12
  readonly id: string;
23
13
  readonly name: string;
24
- }[], import("@executor-js/sdk").StorageFailure | import("../promise").OnePasswordError, never>;
25
- resolve: (uri: string) => Effect.Effect<string, import("@executor-js/sdk").StorageFailure | import("../promise").OnePasswordError, never>;
14
+ }[], import("../promise").OnePasswordError, never>;
15
+ resolve: (uri: string) => Effect.Effect<string, import("@executor-js/sdk").StorageError | import("../promise").OnePasswordError, never>;
26
16
  }>;
27
17
  export declare class OnePasswordExtensionService extends OnePasswordExtensionService_base {
28
18
  }
@@ -3,64 +3,43 @@ import { OnePasswordExtensionService } from "./handlers";
3
3
  export { OnePasswordGroup } from "./group";
4
4
  export { OnePasswordHandlers, OnePasswordExtensionService } from "./handlers";
5
5
  export declare const onepasswordHttpPlugin: import("@executor-js/sdk/core").ConfiguredPlugin<"onepassword", {
6
- configure: (config: import("../promise").OnePasswordConfig, targetScope: string) => import("effect/Effect").Effect<void, import("@executor-js/sdk/core").StorageError, never>;
7
- getConfig: () => import("effect/Effect").Effect<{
8
- readonly name: string;
9
- readonly auth: {
10
- readonly kind: "desktop-app";
11
- readonly accountName: string;
12
- } | {
13
- readonly kind: "service-account";
14
- readonly tokenSecretId: string;
15
- };
16
- readonly vaultId: string;
17
- } | null, import("@executor-js/sdk/core").StorageError | import("../promise").OnePasswordError, never>;
18
- removeConfig: (targetScope: string) => import("effect/Effect").Effect<void, import("@executor-js/sdk/core").StorageError, never>;
6
+ configure: (config: import("../promise").OnePasswordConfig) => import("effect/Effect").Effect<void, import("@executor-js/sdk/core").StorageError, never>;
7
+ getConfig: () => import("effect/Effect").Effect<import("../sdk").RedactedOnePasswordConfig | null, import("@executor-js/sdk/core").StorageError | import("../promise").OnePasswordError>;
8
+ removeConfig: () => import("effect/Effect").Effect<void, import("@executor-js/sdk/core").StorageError, never>;
19
9
  status: () => import("effect/Effect").Effect<{
20
10
  readonly connected: boolean;
21
11
  readonly error?: string | undefined;
22
12
  readonly vaultName?: string | undefined;
23
- }, import("@executor-js/sdk/core").StorageFailure | import("../promise").OnePasswordError, never>;
13
+ }, import("@executor-js/sdk/core").StorageError | import("../promise").OnePasswordError, never>;
24
14
  listVaults: (auth: import("../promise").OnePasswordAuth) => import("effect/Effect").Effect<{
25
15
  readonly id: string;
26
16
  readonly name: string;
27
- }[], import("@executor-js/sdk/core").StorageFailure | import("../promise").OnePasswordError, never>;
28
- resolve: (uri: string) => import("effect/Effect").Effect<string, import("@executor-js/sdk/core").StorageFailure | import("../promise").OnePasswordError, never>;
29
- }, import("../sdk").OnePasswordStore, OnePasswordPluginOptions, undefined, typeof OnePasswordExtensionService, import("effect/Layer").Layer<import("effect/unstable/httpapi/HttpApiGroup").ApiGroup<"executor", "onepassword">, never, import("effect/unstable/http/HttpRouter").Request<"Requires", OnePasswordExtensionService>>, import("effect/unstable/httpapi/HttpApiGroup").HttpApiGroup<"onepassword", import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"getConfig", "GET", "/scopes/:scopeId/onepassword/config", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<import("effect/Schema").Struct<{
30
- scopeId: import("effect/Schema").brand<import("effect/Schema").String, "ScopeId">;
31
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").NullOr<import("effect/Schema").Struct<{
17
+ }[], import("../promise").OnePasswordError, never>;
18
+ resolve: (uri: string) => import("effect/Effect").Effect<string, import("@executor-js/sdk/core").StorageError | import("../promise").OnePasswordError, never>;
19
+ }, import("../sdk").OnePasswordStore, OnePasswordPluginOptions, typeof OnePasswordExtensionService, import("effect/Layer").Layer<import("effect/unstable/httpapi/HttpApiGroup").ApiGroup<"executor", "onepassword">, never, import("effect/unstable/http/HttpRouter").Request<"Requires", OnePasswordExtensionService>>, import("effect/unstable/httpapi/HttpApiGroup").HttpApiGroup<"onepassword", import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"getConfig", "GET", "/onepassword/config", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").NullOr<import("effect/Schema").Struct<{
32
20
  readonly auth: import("effect/Schema").Union<readonly [import("effect/Schema").Struct<{
33
21
  readonly kind: import("effect/Schema").Literal<"desktop-app">;
34
22
  readonly accountName: import("effect/Schema").String;
35
23
  }>, import("effect/Schema").Struct<{
36
24
  readonly kind: import("effect/Schema").Literal<"service-account">;
37
- readonly tokenSecretId: import("effect/Schema").String;
38
25
  }>]>;
39
26
  readonly vaultId: import("effect/Schema").String;
40
27
  readonly name: import("effect/Schema").String;
41
- }>>>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/api").InternalError | typeof import("../promise").OnePasswordError>, never, never> | import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"configure", "PUT", "/scopes/:scopeId/onepassword/config", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<import("effect/Schema").Struct<{
42
- scopeId: import("effect/Schema").brand<import("effect/Schema").String, "ScopeId">;
43
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").Struct<{
28
+ }>>>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/api").InternalError | typeof import("../promise").OnePasswordError>, never, never> | import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"configure", "PUT", "/onepassword/config", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").Struct<{
44
29
  readonly auth: import("effect/Schema").Union<readonly [import("effect/Schema").Struct<{
45
30
  readonly kind: import("effect/Schema").Literal<"desktop-app">;
46
31
  readonly accountName: import("effect/Schema").String;
47
32
  }>, import("effect/Schema").Struct<{
48
33
  readonly kind: import("effect/Schema").Literal<"service-account">;
49
- readonly tokenSecretId: import("effect/Schema").String;
34
+ readonly token: import("effect/Schema").String;
50
35
  }>]>;
51
36
  readonly vaultId: import("effect/Schema").String;
52
37
  readonly name: import("effect/Schema").String;
53
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").Void>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/api").InternalError | typeof import("../promise").OnePasswordError>, never, never> | import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"removeConfig", "DELETE", "/scopes/:scopeId/onepassword/config", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<import("effect/Schema").Struct<{
54
- scopeId: import("effect/Schema").brand<import("effect/Schema").String, "ScopeId">;
55
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").Void>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/api").InternalError | typeof import("../promise").OnePasswordError>, never, never> | import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"status", "GET", "/scopes/:scopeId/onepassword/status", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<import("effect/Schema").Struct<{
56
- scopeId: import("effect/Schema").brand<import("effect/Schema").String, "ScopeId">;
57
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").Struct<{
38
+ }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").Void>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/api").InternalError | typeof import("../promise").OnePasswordError>, never, never> | import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"removeConfig", "DELETE", "/onepassword/config", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").Void>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/api").InternalError | typeof import("../promise").OnePasswordError>, never, never> | import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"status", "GET", "/onepassword/status", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").Struct<{
58
39
  readonly connected: import("effect/Schema").Boolean;
59
40
  readonly vaultName: import("effect/Schema").optional<import("effect/Schema").String>;
60
41
  readonly error: import("effect/Schema").optional<import("effect/Schema").String>;
61
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/api").InternalError | typeof import("../promise").OnePasswordError>, never, never> | import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"listVaults", "GET", "/scopes/:scopeId/onepassword/vaults", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<import("effect/Schema").Struct<{
62
- scopeId: import("effect/Schema").brand<import("effect/Schema").String, "ScopeId">;
63
- }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<import("effect/Schema").Struct<{
42
+ }>>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/api").InternalError | typeof import("../promise").OnePasswordError>, never, never> | import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"listVaults", "GET", "/onepassword/vaults", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<import("effect/Schema").Struct<{
64
43
  readonly authKind: import("effect/Schema").Literals<readonly ["desktop-app", "service-account"]>;
65
44
  readonly account: import("effect/Schema").String;
66
45
  }>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").Struct<{
@@ -7,8 +7,11 @@ var DesktopAppAuth = Schema.Struct({
7
7
  });
8
8
  var ServiceAccountAuth = Schema.Struct({
9
9
  kind: Schema.Literal("service-account"),
10
- /** The service account token (stored as a secret) */
11
- tokenSecretId: Schema.String
10
+ /** The service account token. Persisted in the plugin's owner-partitioned
11
+ * config blob — never surfaced to agents (`getConfig` redacts it). v1 stored
12
+ * this behind a separate secret id; v2 has no secrets table, so the
13
+ * plugin-owned config row carries it directly. */
14
+ token: Schema.String
12
15
  });
13
16
  var OnePasswordAuth = Schema.Union([DesktopAppAuth, ServiceAccountAuth]);
14
17
  var OnePasswordConfig = Schema.Struct({
@@ -18,6 +21,24 @@ var OnePasswordConfig = Schema.Struct({
18
21
  /** Human label */
19
22
  name: Schema.String
20
23
  });
24
+ var RedactedDesktopAppAuth = DesktopAppAuth;
25
+ var RedactedServiceAccountAuth = Schema.Struct({
26
+ kind: Schema.Literal("service-account")
27
+ });
28
+ var RedactedOnePasswordAuth = Schema.Union([
29
+ RedactedDesktopAppAuth,
30
+ RedactedServiceAccountAuth
31
+ ]);
32
+ var RedactedOnePasswordConfig = Schema.Struct({
33
+ auth: RedactedOnePasswordAuth,
34
+ vaultId: Schema.String,
35
+ name: Schema.String
36
+ });
37
+ var redactConfig = (config) => ({
38
+ auth: config.auth.kind === "desktop-app" ? { kind: "desktop-app", accountName: config.auth.accountName } : { kind: "service-account" },
39
+ vaultId: config.vaultId,
40
+ name: config.name
41
+ });
21
42
  var Vault = Schema.Struct({
22
43
  id: Schema.String,
23
44
  name: Schema.String
@@ -45,8 +66,11 @@ export {
45
66
  ServiceAccountAuth,
46
67
  OnePasswordAuth,
47
68
  OnePasswordConfig,
69
+ RedactedOnePasswordAuth,
70
+ RedactedOnePasswordConfig,
71
+ redactConfig,
48
72
  Vault,
49
73
  ConnectionStatus,
50
74
  OnePasswordError
51
75
  };
52
- //# sourceMappingURL=chunk-TRGRRIAX.js.map
76
+ //# sourceMappingURL=chunk-OYHEG6OK.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../src/sdk/types.ts","../src/sdk/errors.ts"],"sourcesContent":["import { Schema } from \"effect\";\n\n// ---------------------------------------------------------------------------\n// Auth — how to talk to 1Password\n// ---------------------------------------------------------------------------\n\nexport const DesktopAppAuth = Schema.Struct({\n kind: Schema.Literal(\"desktop-app\"),\n /** 1Password account domain, e.g. \"my.1password.com\" */\n accountName: Schema.String,\n});\nexport type DesktopAppAuth = typeof DesktopAppAuth.Type;\n\nexport const ServiceAccountAuth = Schema.Struct({\n kind: Schema.Literal(\"service-account\"),\n /** The service account token. Persisted in the plugin's owner-partitioned\n * config blob — never surfaced to agents (`getConfig` redacts it). v1 stored\n * this behind a separate secret id; v2 has no secrets table, so the\n * plugin-owned config row carries it directly. */\n token: Schema.String,\n});\nexport type ServiceAccountAuth = typeof ServiceAccountAuth.Type;\n\nexport const OnePasswordAuth = Schema.Union([DesktopAppAuth, ServiceAccountAuth]);\nexport type OnePasswordAuth = typeof OnePasswordAuth.Type;\n\n// ---------------------------------------------------------------------------\n// Stored config — persisted via KV\n// ---------------------------------------------------------------------------\n\nexport const OnePasswordConfig = Schema.Struct({\n auth: OnePasswordAuth,\n /** Vault to scope operations to */\n vaultId: Schema.String,\n /** Human label */\n name: Schema.String,\n});\nexport type OnePasswordConfig = typeof OnePasswordConfig.Type;\n\n// ---------------------------------------------------------------------------\n// Redacted config — what `getConfig` returns to agents / the UI. The\n// service-account token is stripped; only the auth kind + account metadata is\n// surfaced.\n// ---------------------------------------------------------------------------\n\nexport const RedactedDesktopAppAuth = DesktopAppAuth;\n\nexport const RedactedServiceAccountAuth = Schema.Struct({\n kind: Schema.Literal(\"service-account\"),\n});\n\nexport const RedactedOnePasswordAuth = Schema.Union([\n RedactedDesktopAppAuth,\n RedactedServiceAccountAuth,\n]);\n\nexport const RedactedOnePasswordConfig = Schema.Struct({\n auth: RedactedOnePasswordAuth,\n vaultId: Schema.String,\n name: Schema.String,\n});\nexport type RedactedOnePasswordConfig = typeof RedactedOnePasswordConfig.Type;\n\n/** Strip the service-account token from a stored config for external exposure. */\nexport const redactConfig = (config: OnePasswordConfig): RedactedOnePasswordConfig => ({\n auth:\n config.auth.kind === \"desktop-app\"\n ? { kind: \"desktop-app\", accountName: config.auth.accountName }\n : { kind: \"service-account\" },\n vaultId: config.vaultId,\n name: config.name,\n});\n\n// ---------------------------------------------------------------------------\n// Vault\n// ---------------------------------------------------------------------------\n\nexport const Vault = Schema.Struct({\n id: Schema.String,\n name: Schema.String,\n});\nexport type Vault = typeof Vault.Type;\n\n// ---------------------------------------------------------------------------\n// Connection status\n// ---------------------------------------------------------------------------\n\nexport const ConnectionStatus = Schema.Struct({\n connected: Schema.Boolean,\n vaultName: Schema.optional(Schema.String),\n error: Schema.optional(Schema.String),\n});\nexport type ConnectionStatus = typeof ConnectionStatus.Type;\n","import { Schema } from \"effect\";\n\nexport class OnePasswordError extends Schema.TaggedErrorClass<OnePasswordError>()(\n \"OnePasswordError\",\n {\n operation: Schema.String,\n message: Schema.String,\n },\n { httpApiStatus: 502 },\n) {}\n"],"mappings":";AAAA,SAAS,cAAc;AAMhB,IAAM,iBAAiB,OAAO,OAAO;AAAA,EAC1C,MAAM,OAAO,QAAQ,aAAa;AAAA;AAAA,EAElC,aAAa,OAAO;AACtB,CAAC;AAGM,IAAM,qBAAqB,OAAO,OAAO;AAAA,EAC9C,MAAM,OAAO,QAAQ,iBAAiB;AAAA;AAAA;AAAA;AAAA;AAAA,EAKtC,OAAO,OAAO;AAChB,CAAC;AAGM,IAAM,kBAAkB,OAAO,MAAM,CAAC,gBAAgB,kBAAkB,CAAC;AAOzE,IAAM,oBAAoB,OAAO,OAAO;AAAA,EAC7C,MAAM;AAAA;AAAA,EAEN,SAAS,OAAO;AAAA;AAAA,EAEhB,MAAM,OAAO;AACf,CAAC;AASM,IAAM,yBAAyB;AAE/B,IAAM,6BAA6B,OAAO,OAAO;AAAA,EACtD,MAAM,OAAO,QAAQ,iBAAiB;AACxC,CAAC;AAEM,IAAM,0BAA0B,OAAO,MAAM;AAAA,EAClD;AAAA,EACA;AACF,CAAC;AAEM,IAAM,4BAA4B,OAAO,OAAO;AAAA,EACrD,MAAM;AAAA,EACN,SAAS,OAAO;AAAA,EAChB,MAAM,OAAO;AACf,CAAC;AAIM,IAAM,eAAe,CAAC,YAA0D;AAAA,EACrF,MACE,OAAO,KAAK,SAAS,gBACjB,EAAE,MAAM,eAAe,aAAa,OAAO,KAAK,YAAY,IAC5D,EAAE,MAAM,kBAAkB;AAAA,EAChC,SAAS,OAAO;AAAA,EAChB,MAAM,OAAO;AACf;AAMO,IAAM,QAAQ,OAAO,OAAO;AAAA,EACjC,IAAI,OAAO;AAAA,EACX,MAAM,OAAO;AACf,CAAC;AAOM,IAAM,mBAAmB,OAAO,OAAO;AAAA,EAC5C,WAAW,OAAO;AAAA,EAClB,WAAW,OAAO,SAAS,OAAO,MAAM;AAAA,EACxC,OAAO,OAAO,SAAS,OAAO,MAAM;AACtC,CAAC;;;AC3FD,SAAS,UAAAA,eAAc;AAEhB,IAAM,mBAAN,cAA+BA,QAAO,iBAAmC;AAAA,EAC9E;AAAA,EACA;AAAA,IACE,WAAWA,QAAO;AAAA,IAClB,SAASA,QAAO;AAAA,EAClB;AAAA,EACA,EAAE,eAAe,IAAI;AACvB,EAAE;AAAC;","names":["Schema"]}