@executor-js/plugin-onepassword 1.4.33 → 1.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/{OnePasswordSettings-7A7INNUA.js → OnePasswordSettings-KMRJZYUZ.js} +53 -50
- package/dist/OnePasswordSettings-KMRJZYUZ.js.map +1 -0
- package/dist/api/group.d.ts +5 -16
- package/dist/api/handlers.d.ts +6 -16
- package/dist/api/index.d.ts +11 -32
- package/dist/{chunk-TRGRRIAX.js → chunk-OYHEG6OK.js} +27 -3
- package/dist/chunk-OYHEG6OK.js.map +1 -0
- package/dist/{chunk-RJVQZBUT.js → chunk-WFBABLCL.js} +45 -87
- package/dist/chunk-WFBABLCL.js.map +1 -0
- package/dist/client.js +1 -1
- package/dist/core.js +10 -4
- package/dist/index.js +2 -2
- package/dist/react/atoms.d.ts +7 -13
- package/dist/react/client.d.ts +5 -16
- package/dist/sdk/index.d.ts +1 -1
- package/dist/sdk/plugin.d.ts +17 -37
- package/dist/sdk/types.d.ts +44 -6
- package/package.json +4 -3
- package/dist/OnePasswordSettings-7A7INNUA.js.map +0 -1
- package/dist/chunk-RJVQZBUT.js.map +0 -1
- package/dist/chunk-TRGRRIAX.js.map +0 -1
|
@@ -3,8 +3,10 @@ import {
|
|
|
3
3
|
OnePasswordAuth,
|
|
4
4
|
OnePasswordConfig,
|
|
5
5
|
OnePasswordError,
|
|
6
|
-
|
|
7
|
-
|
|
6
|
+
RedactedOnePasswordConfig,
|
|
7
|
+
Vault,
|
|
8
|
+
redactConfig
|
|
9
|
+
} from "./chunk-OYHEG6OK.js";
|
|
8
10
|
|
|
9
11
|
// src/sdk/service.ts
|
|
10
12
|
import { Context, Duration, Effect, Semaphore } from "effect";
|
|
@@ -123,14 +125,16 @@ import {
|
|
|
123
125
|
definePlugin,
|
|
124
126
|
StorageError,
|
|
125
127
|
ToolResult,
|
|
126
|
-
tool
|
|
128
|
+
tool,
|
|
129
|
+
ProviderItemId,
|
|
130
|
+
ProviderKey
|
|
127
131
|
} from "@executor-js/sdk/core";
|
|
128
132
|
var CREDENTIAL_FIELD = "credential";
|
|
129
133
|
var DEFAULT_TIMEOUT_MS2 = 15e3;
|
|
130
134
|
var CONFIG_KEY = "config";
|
|
135
|
+
var PROVIDER_KEY = ProviderKey.make("onepassword");
|
|
131
136
|
var schemaToStaticToolSchema = (schema) => Schema.toStandardSchemaV1(Schema.toStandardJSONSchemaV1(schema));
|
|
132
137
|
var OnePasswordConfigureInput = Schema.Struct({
|
|
133
|
-
scope: Schema.String,
|
|
134
138
|
auth: OnePasswordAuth,
|
|
135
139
|
vaultId: Schema.String,
|
|
136
140
|
name: Schema.String
|
|
@@ -139,15 +143,12 @@ var OnePasswordConfigureOutput = Schema.Struct({
|
|
|
139
143
|
configured: Schema.Boolean
|
|
140
144
|
});
|
|
141
145
|
var OnePasswordGetConfigOutput = Schema.Struct({
|
|
142
|
-
config: Schema.NullOr(
|
|
146
|
+
config: Schema.NullOr(RedactedOnePasswordConfig)
|
|
143
147
|
});
|
|
144
148
|
var OnePasswordListVaultsInput = OnePasswordAuth;
|
|
145
149
|
var OnePasswordListVaultsOutput = Schema.Struct({
|
|
146
150
|
vaults: Schema.Array(Vault)
|
|
147
151
|
});
|
|
148
|
-
var OnePasswordRemoveConfigInput = Schema.Struct({
|
|
149
|
-
targetScope: Schema.String
|
|
150
|
-
});
|
|
151
152
|
var OnePasswordRemoveConfigOutput = Schema.Struct({
|
|
152
153
|
removed: Schema.Boolean
|
|
153
154
|
});
|
|
@@ -157,7 +158,6 @@ var OnePasswordConfigureOutputStd = schemaToStaticToolSchema(OnePasswordConfigur
|
|
|
157
158
|
var OnePasswordGetConfigOutputStd = schemaToStaticToolSchema(OnePasswordGetConfigOutput);
|
|
158
159
|
var OnePasswordListVaultsInputStd = schemaToStaticToolSchema(OnePasswordListVaultsInput);
|
|
159
160
|
var OnePasswordListVaultsOutputStd = schemaToStaticToolSchema(OnePasswordListVaultsOutput);
|
|
160
|
-
var OnePasswordRemoveConfigInputStd = schemaToStaticToolSchema(OnePasswordRemoveConfigInput);
|
|
161
161
|
var OnePasswordRemoveConfigOutputStd = schemaToStaticToolSchema(OnePasswordRemoveConfigOutput);
|
|
162
162
|
var OnePasswordStatusOutputStd = schemaToStaticToolSchema(OnePasswordStatusOutput);
|
|
163
163
|
var decodeConfig = Schema.decodeUnknownEffect(Schema.fromJsonString(OnePasswordConfig));
|
|
@@ -180,99 +180,62 @@ var makeOnePasswordStore = (blobs) => ({
|
|
|
180
180
|
);
|
|
181
181
|
})
|
|
182
182
|
),
|
|
183
|
-
saveConfig: (config,
|
|
183
|
+
saveConfig: (config, owner) => blobs.put(
|
|
184
184
|
CONFIG_KEY,
|
|
185
185
|
JSON.stringify({
|
|
186
186
|
auth: config.auth,
|
|
187
187
|
vaultId: config.vaultId,
|
|
188
188
|
name: config.name
|
|
189
189
|
}),
|
|
190
|
-
{
|
|
190
|
+
{ owner }
|
|
191
191
|
).pipe(Effect2.mapError(blobStorageError("write"))),
|
|
192
|
-
deleteConfig: (
|
|
192
|
+
deleteConfig: (owner) => blobs.delete(CONFIG_KEY, { owner }).pipe(Effect2.mapError(blobStorageError("delete")))
|
|
193
193
|
});
|
|
194
|
-
var resolveAuth = (auth
|
|
195
|
-
|
|
196
|
-
|
|
197
|
-
|
|
198
|
-
|
|
199
|
-
});
|
|
200
|
-
}
|
|
201
|
-
return ctx.secrets.get(auth.tokenSecretId).pipe(
|
|
202
|
-
Effect2.catchTag(
|
|
203
|
-
"SecretOwnedByConnectionError",
|
|
204
|
-
() => Effect2.fail(
|
|
205
|
-
new OnePasswordError({
|
|
206
|
-
operation: "auth resolution",
|
|
207
|
-
message: `Service account token secret "${auth.tokenSecretId}" not found`
|
|
208
|
-
})
|
|
209
|
-
)
|
|
210
|
-
),
|
|
211
|
-
Effect2.flatMap((token) => {
|
|
212
|
-
if (token === null) {
|
|
213
|
-
return Effect2.fail(
|
|
214
|
-
new OnePasswordError({
|
|
215
|
-
operation: "auth resolution",
|
|
216
|
-
message: `Service account token secret "${auth.tokenSecretId}" not found`
|
|
217
|
-
})
|
|
218
|
-
);
|
|
219
|
-
}
|
|
220
|
-
return Effect2.succeed({
|
|
221
|
-
kind: "service-account",
|
|
222
|
-
token
|
|
223
|
-
});
|
|
224
|
-
})
|
|
225
|
-
);
|
|
226
|
-
};
|
|
227
|
-
var getServiceFromConfig = (config, ctx, timeoutMs, preferSdk) => resolveAuth(config.auth, ctx).pipe(
|
|
228
|
-
Effect2.flatMap((resolved) => makeOnePasswordService(resolved, { timeoutMs, preferSdk }))
|
|
229
|
-
);
|
|
230
|
-
var configuredVaultUri = (config, secretId) => {
|
|
231
|
-
if (!secretId.startsWith("op://")) {
|
|
232
|
-
return `op://${config.vaultId}/${secretId}/${CREDENTIAL_FIELD}`;
|
|
194
|
+
var resolveAuth = (auth) => auth.kind === "desktop-app" ? { kind: "desktop-app", accountName: auth.accountName } : { kind: "service-account", token: auth.token };
|
|
195
|
+
var getServiceFromConfig = (config, timeoutMs, preferSdk) => makeOnePasswordService(resolveAuth(config.auth), { timeoutMs, preferSdk });
|
|
196
|
+
var configuredVaultUri = (config, itemId) => {
|
|
197
|
+
if (!itemId.startsWith("op://")) {
|
|
198
|
+
return `op://${config.vaultId}/${itemId}/${CREDENTIAL_FIELD}`;
|
|
233
199
|
}
|
|
234
|
-
const match =
|
|
200
|
+
const match = itemId.match(/^op:\/\/([^/]+)\/.+/);
|
|
235
201
|
if (!match || match[1] !== config.vaultId) return null;
|
|
236
|
-
return
|
|
202
|
+
return itemId;
|
|
237
203
|
};
|
|
238
204
|
var makeProvider = (ctx, timeoutMs, preferSdk) => ({
|
|
239
|
-
key:
|
|
205
|
+
key: PROVIDER_KEY,
|
|
240
206
|
writable: false,
|
|
241
|
-
|
|
242
|
-
// 1Password vaults are named in the stored config; the executor-scope
|
|
243
|
-
// arg isn't used for routing here. A future refactor could let the
|
|
244
|
-
// plugin store per-scope vault bindings and pick based on `scope`.
|
|
245
|
-
get: (secretId, _scope) => ctx.storage.getConfig().pipe(
|
|
207
|
+
get: (id) => ctx.storage.getConfig().pipe(
|
|
246
208
|
Effect2.flatMap((config) => {
|
|
247
209
|
if (!config) return Effect2.succeed(null);
|
|
248
|
-
const uri = configuredVaultUri(config,
|
|
210
|
+
const uri = configuredVaultUri(config, id);
|
|
249
211
|
if (uri === null) return Effect2.succeed(null);
|
|
250
|
-
return getServiceFromConfig(config,
|
|
212
|
+
return getServiceFromConfig(config, timeoutMs, preferSdk).pipe(
|
|
251
213
|
Effect2.flatMap((svc) => svc.resolveSecret(uri)),
|
|
252
214
|
Effect2.map((v) => v),
|
|
253
215
|
Effect2.orElseSucceed(() => null)
|
|
254
216
|
);
|
|
255
217
|
}),
|
|
256
|
-
Effect2.
|
|
218
|
+
Effect2.catch(() => Effect2.succeed(null))
|
|
257
219
|
),
|
|
258
220
|
list: () => ctx.storage.getConfig().pipe(
|
|
259
221
|
Effect2.flatMap((config) => {
|
|
260
222
|
if (!config) return Effect2.succeed([]);
|
|
261
|
-
return getServiceFromConfig(config,
|
|
223
|
+
return getServiceFromConfig(config, timeoutMs, preferSdk).pipe(
|
|
262
224
|
Effect2.flatMap((svc) => svc.listItems(config.vaultId)),
|
|
263
225
|
Effect2.map(
|
|
264
|
-
(items) => items.map((item2) => ({ id: item2.id, name: item2.title }))
|
|
226
|
+
(items) => items.map((item2) => ({ id: ProviderItemId.make(item2.id), name: item2.title }))
|
|
265
227
|
)
|
|
266
228
|
);
|
|
267
229
|
}),
|
|
268
|
-
Effect2.
|
|
230
|
+
Effect2.catch(() => Effect2.succeed([]))
|
|
269
231
|
)
|
|
270
232
|
});
|
|
233
|
+
var ownerForCtx = (ctx) => ctx.owner.subject === null ? "org" : "user";
|
|
271
234
|
var makeOnePasswordExtension = (ctx, timeoutMs, preferSdk) => {
|
|
272
235
|
return {
|
|
273
|
-
configure: (config
|
|
274
|
-
getConfig: () => ctx.storage.getConfig(),
|
|
275
|
-
removeConfig: (
|
|
236
|
+
configure: (config) => ctx.storage.saveConfig(config, ownerForCtx(ctx)),
|
|
237
|
+
getConfig: () => ctx.storage.getConfig().pipe(Effect2.map((config) => config ? redactConfig(config) : null)),
|
|
238
|
+
removeConfig: () => ctx.storage.deleteConfig(ownerForCtx(ctx)),
|
|
276
239
|
status: () => Effect2.gen(function* () {
|
|
277
240
|
const config = yield* ctx.storage.getConfig();
|
|
278
241
|
if (!config) {
|
|
@@ -281,7 +244,7 @@ var makeOnePasswordExtension = (ctx, timeoutMs, preferSdk) => {
|
|
|
281
244
|
error: "Not configured"
|
|
282
245
|
});
|
|
283
246
|
}
|
|
284
|
-
const svc = yield* getServiceFromConfig(config,
|
|
247
|
+
const svc = yield* getServiceFromConfig(config, timeoutMs, preferSdk);
|
|
285
248
|
const vaults = yield* svc.listVaults();
|
|
286
249
|
const vault2 = vaults.find((v) => v.id === config.vaultId);
|
|
287
250
|
return ConnectionStatus.make({
|
|
@@ -290,8 +253,7 @@ var makeOnePasswordExtension = (ctx, timeoutMs, preferSdk) => {
|
|
|
290
253
|
});
|
|
291
254
|
}),
|
|
292
255
|
listVaults: (auth) => Effect2.gen(function* () {
|
|
293
|
-
const
|
|
294
|
-
const svc = yield* makeOnePasswordService(resolved, {
|
|
256
|
+
const svc = yield* makeOnePasswordService(resolveAuth(auth), {
|
|
295
257
|
timeoutMs,
|
|
296
258
|
preferSdk
|
|
297
259
|
});
|
|
@@ -313,7 +275,7 @@ var makeOnePasswordExtension = (ctx, timeoutMs, preferSdk) => {
|
|
|
313
275
|
message: "1Password secret URI is outside the configured vault"
|
|
314
276
|
});
|
|
315
277
|
}
|
|
316
|
-
const svc = yield* getServiceFromConfig(config,
|
|
278
|
+
const svc = yield* getServiceFromConfig(config, timeoutMs, preferSdk);
|
|
317
279
|
return yield* svc.resolveSecret(scopedUri);
|
|
318
280
|
})
|
|
319
281
|
};
|
|
@@ -334,55 +296,51 @@ var onepasswordPlugin = definePlugin((options) => {
|
|
|
334
296
|
tools: [
|
|
335
297
|
tool({
|
|
336
298
|
name: "status",
|
|
337
|
-
description: "Check whether the 1Password
|
|
299
|
+
description: "Check whether the 1Password credential provider is configured and can reach its selected vault. This returns status only, never secret values.",
|
|
338
300
|
outputSchema: OnePasswordStatusOutputStd,
|
|
339
301
|
execute: () => Effect2.map(self.status(), ToolResult.ok)
|
|
340
302
|
}),
|
|
341
303
|
tool({
|
|
342
304
|
name: "getConfig",
|
|
343
|
-
description: "Read the current 1Password provider configuration. This returns account/vault metadata
|
|
305
|
+
description: "Read the current 1Password provider configuration. This returns account/vault metadata only; service-account token values are never returned.",
|
|
344
306
|
outputSchema: OnePasswordGetConfigOutputStd,
|
|
345
307
|
execute: () => Effect2.map(self.getConfig(), (config) => ToolResult.ok({ config }))
|
|
346
308
|
}),
|
|
347
309
|
tool({
|
|
348
310
|
name: "listVaults",
|
|
349
|
-
description: "List available 1Password vaults before configuring the provider. For service-account auth,
|
|
311
|
+
description: "List available 1Password vaults before configuring the provider. For service-account auth, pass the service account token directly.",
|
|
350
312
|
inputSchema: OnePasswordListVaultsInputStd,
|
|
351
313
|
outputSchema: OnePasswordListVaultsOutputStd,
|
|
352
314
|
execute: (input) => Effect2.map(self.listVaults(input), (vaults) => ToolResult.ok({ vaults }))
|
|
353
315
|
}),
|
|
354
316
|
tool({
|
|
355
317
|
name: "configure",
|
|
356
|
-
description: "Configure the 1Password
|
|
318
|
+
description: "Configure the 1Password credential provider for the acting owner. Use desktop-app auth for local biometric access, or service-account auth with the token. The token is stored in the plugin's owner-partitioned config and never surfaced again.",
|
|
357
319
|
annotations: {
|
|
358
320
|
requiresApproval: true,
|
|
359
|
-
approvalDescription: "Configure the 1Password
|
|
321
|
+
approvalDescription: "Configure the 1Password credential provider"
|
|
360
322
|
},
|
|
361
323
|
inputSchema: OnePasswordConfigureInputStd,
|
|
362
324
|
outputSchema: OnePasswordConfigureOutputStd,
|
|
363
325
|
execute: (input) => Effect2.as(
|
|
364
|
-
self.configure(
|
|
365
|
-
{ auth: input.auth, vaultId: input.vaultId, name: input.name },
|
|
366
|
-
input.scope
|
|
367
|
-
),
|
|
326
|
+
self.configure({ auth: input.auth, vaultId: input.vaultId, name: input.name }),
|
|
368
327
|
ToolResult.ok({ configured: true })
|
|
369
328
|
)
|
|
370
329
|
}),
|
|
371
330
|
tool({
|
|
372
331
|
name: "removeConfig",
|
|
373
|
-
description: "Remove the 1Password provider configuration
|
|
332
|
+
description: "Remove the 1Password provider configuration for the acting owner. Future 1Password secret resolution stops until reconfigured.",
|
|
374
333
|
annotations: {
|
|
375
334
|
requiresApproval: true,
|
|
376
|
-
approvalDescription: "Remove the 1Password
|
|
335
|
+
approvalDescription: "Remove the 1Password credential provider configuration"
|
|
377
336
|
},
|
|
378
|
-
inputSchema: OnePasswordRemoveConfigInputStd,
|
|
379
337
|
outputSchema: OnePasswordRemoveConfigOutputStd,
|
|
380
|
-
execute: (
|
|
338
|
+
execute: () => Effect2.as(self.removeConfig(), ToolResult.ok({ removed: true }))
|
|
381
339
|
})
|
|
382
340
|
]
|
|
383
341
|
}
|
|
384
342
|
],
|
|
385
|
-
|
|
343
|
+
credentialProviders: (ctx) => [makeProvider(ctx, timeoutMs, preferSdk)]
|
|
386
344
|
};
|
|
387
345
|
});
|
|
388
346
|
|
|
@@ -394,4 +352,4 @@ export {
|
|
|
394
352
|
makeOnePasswordStore,
|
|
395
353
|
onepasswordPlugin
|
|
396
354
|
};
|
|
397
|
-
//# sourceMappingURL=chunk-
|
|
355
|
+
//# sourceMappingURL=chunk-WFBABLCL.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../src/sdk/service.ts","../src/sdk/plugin.ts"],"sourcesContent":["import { Context, Duration, Effect, Semaphore } from \"effect\";\nimport * as op from \"@1password/op-js\";\n\nimport { OnePasswordError } from \"./errors\";\n\n// ---------------------------------------------------------------------------\n// Canonical service interface — all backends (SDK, CLI) implement this\n// ---------------------------------------------------------------------------\n\nexport interface OnePasswordVault {\n readonly id: string;\n readonly title: string;\n}\n\nexport interface OnePasswordItem {\n readonly id: string;\n readonly title: string;\n}\n\nexport interface OnePasswordService {\n /** Resolve a secret by op:// URI */\n readonly resolveSecret: (uri: string) => Effect.Effect<string, OnePasswordError>;\n\n /** List accessible vaults */\n readonly listVaults: () => Effect.Effect<ReadonlyArray<OnePasswordVault>, OnePasswordError>;\n\n /** List items in a vault */\n readonly listItems: (\n vaultId: string,\n ) => Effect.Effect<ReadonlyArray<OnePasswordItem>, OnePasswordError>;\n}\n\nexport class OnePasswordServiceTag extends Context.Service<\n OnePasswordServiceTag,\n OnePasswordService\n>()(\"@executor-js/plugin-onepassword/OnePasswordService\") {}\n\n// ---------------------------------------------------------------------------\n// Resolved auth — raw credentials ready for any backend\n// ---------------------------------------------------------------------------\n\nexport type ResolvedAuth =\n | { readonly kind: \"desktop-app\"; readonly accountName: string }\n | { readonly kind: \"service-account\"; readonly token: string };\n\n// ---------------------------------------------------------------------------\n// SDK backend — uses @1password/sdk native IPC\n// ---------------------------------------------------------------------------\n\nconst DEFAULT_TIMEOUT_MS = 15_000;\ntype OnePasswordSdkModule = typeof import(\"@1password/sdk\");\n\nconst loadOnePasswordSdk = (): Effect.Effect<OnePasswordSdkModule, OnePasswordError> =>\n Effect.tryPromise({\n try: () => import(\"@1password/sdk\"),\n catch: () =>\n new OnePasswordError({\n operation: \"sdk module load\",\n message: \"Failed to load 1Password SDK\",\n }),\n });\n\nconst makeTimeoutMessage = (operation: string, timeoutMs: number): string =>\n [\n `${operation}: timed out after ${Math.floor(timeoutMs / 1000)}s.`,\n \"Troubleshooting:\",\n \"1. Make sure the 1Password desktop app is open and unlocked\",\n \"2. Check for an approval prompt in the 1Password app — it may be behind other windows\",\n \"3. Ensure 'Developer > Connect with 1Password CLI' is enabled in 1Password Settings\",\n \"4. Make sure no other app or terminal is waiting for 1Password approval (only one prompt at a time)\",\n \"5. Try quitting 1Password completely and reopening it, then retry\",\n ].join(\"\\n\");\n\nconst timeoutWithOnePasswordError = (operation: string, timeoutMs: number) =>\n Effect.timeoutOrElse({\n duration: Duration.millis(timeoutMs),\n orElse: () =>\n Effect.fail(\n new OnePasswordError({\n operation,\n message: makeTimeoutMessage(operation, timeoutMs),\n }),\n ),\n });\n\nexport const makeNativeSdkService = (\n auth: ResolvedAuth,\n timeoutMs: number = DEFAULT_TIMEOUT_MS,\n): Effect.Effect<OnePasswordService, OnePasswordError> =>\n Effect.gen(function* () {\n const sdk = yield* loadOnePasswordSdk().pipe(\n timeoutWithOnePasswordError(\"sdk module load\", timeoutMs),\n );\n\n const client = yield* Effect.tryPromise({\n try: () =>\n sdk.createClient({\n auth: auth.kind === \"desktop-app\" ? new sdk.DesktopAuth(auth.accountName) : auth.token,\n integrationName: \"Executor\",\n integrationVersion: \"0.0.0\",\n }),\n catch: () =>\n new OnePasswordError({\n operation: \"client setup\",\n message: \"Failed to set up 1Password client\",\n }),\n }).pipe(timeoutWithOnePasswordError(\"client setup\", timeoutMs));\n\n const wrap = <A>(fn: () => Promise<A>, operation: string): Effect.Effect<A, OnePasswordError> =>\n Effect.tryPromise({\n try: fn,\n catch: () =>\n new OnePasswordError({\n operation,\n message: `1Password SDK ${operation} failed`,\n }),\n }).pipe(\n timeoutWithOnePasswordError(operation, timeoutMs),\n Effect.withSpan(`onepassword.sdk.${operation}`),\n );\n\n return OnePasswordServiceTag.of({\n resolveSecret: (uri) => wrap(() => client.secrets.resolve(uri), \"secret resolution\"),\n\n listVaults: () =>\n wrap(() => client.vaults.list({ decryptDetails: true }), \"vault listing\").pipe(\n Effect.map((vaults) => vaults.map((v) => ({ id: v.id, title: v.title }))),\n ),\n\n listItems: (vaultId) =>\n wrap(() => client.items.list(vaultId), \"item listing\").pipe(\n Effect.map((items) => items.map((i) => ({ id: i.id, title: i.title }))),\n ),\n });\n }).pipe(Effect.withSpan(\"onepassword.sdk.make_service\"));\n\n// ---------------------------------------------------------------------------\n// CLI backend — uses @1password/op-js (shells out to `op` CLI)\n// ---------------------------------------------------------------------------\n\nconst cliAuthLock = Semaphore.makeUnsafe(1);\n\nexport const makeCliService = (\n auth: ResolvedAuth,\n): Effect.Effect<OnePasswordService, OnePasswordError> =>\n Effect.sync(() => {\n const wrapSync = <A>(fn: () => A, operation: string): Effect.Effect<A, OnePasswordError> =>\n cliAuthLock\n .withPermits(1)(\n Effect.try({\n try: () => {\n if (auth.kind === \"service-account\") {\n op.setGlobalFlags({});\n op.setServiceAccount(auth.token);\n } else {\n op.setServiceAccount(\"\");\n op.setGlobalFlags({ account: auth.accountName });\n }\n return fn();\n },\n catch: () =>\n new OnePasswordError({\n operation,\n message: `1Password CLI ${operation} failed`,\n }),\n }),\n )\n .pipe(Effect.withSpan(`onepassword.cli.${operation}`));\n\n return OnePasswordServiceTag.of({\n resolveSecret: (uri) => wrapSync(() => op.read.parse(uri), \"secret resolution\"),\n\n listVaults: () =>\n wrapSync(() => op.vault.list(), \"vault listing\").pipe(\n Effect.map((vaults) => vaults.map((v) => ({ id: v.id, title: v.name }))),\n ),\n\n listItems: (vaultId) =>\n wrapSync(() => op.item.list({ vault: vaultId }), \"item listing\").pipe(\n Effect.map((items) => items.map((i) => ({ id: i.id, title: i.title }))),\n ),\n });\n }).pipe(Effect.withSpan(\"onepassword.cli.make_service\"));\n\n// ---------------------------------------------------------------------------\n// Smart factory — tries CLI first (avoids IPC hang), falls back to SDK\n// ---------------------------------------------------------------------------\n\nexport const makeOnePasswordService = (\n auth: ResolvedAuth,\n options?: { readonly preferSdk?: boolean; readonly timeoutMs?: number },\n): Effect.Effect<OnePasswordService, OnePasswordError> => {\n const timeoutMs = options?.timeoutMs ?? DEFAULT_TIMEOUT_MS;\n\n if (options?.preferSdk) {\n return makeNativeSdkService(auth, timeoutMs);\n }\n\n // Default: prefer CLI to avoid the IPC hang bug\n return makeCliService(auth).pipe(\n Effect.catch((cliError: OnePasswordError) =>\n // CLI unavailable (e.g. `op` not installed) — fall back to SDK\n makeNativeSdkService(auth, timeoutMs).pipe(Effect.mapError(() => cliError)),\n ),\n );\n};\n","import { Effect, Schema } from \"effect\";\n\nimport {\n definePlugin,\n StorageError,\n ToolResult,\n tool,\n ProviderItemId,\n ProviderKey,\n type CredentialProvider,\n type Owner,\n type PluginCtx,\n type PluginBlobStore,\n type ProviderEntry,\n type StaticToolSchema,\n type StorageFailure,\n} from \"@executor-js/sdk/core\";\n\nimport {\n OnePasswordAuth,\n OnePasswordConfig,\n RedactedOnePasswordConfig,\n Vault,\n ConnectionStatus,\n redactConfig,\n} from \"./types\";\nimport { OnePasswordError } from \"./errors\";\nimport { makeOnePasswordService, type ResolvedAuth, type OnePasswordService } from \"./service\";\n\n// ---------------------------------------------------------------------------\n// Constants\n// ---------------------------------------------------------------------------\n\nconst CREDENTIAL_FIELD = \"credential\";\nconst DEFAULT_TIMEOUT_MS = 15_000;\nconst CONFIG_KEY = \"config\";\nconst PROVIDER_KEY = ProviderKey.make(\"onepassword\");\n\nconst schemaToStaticToolSchema = <A, I>(schema: Schema.Decoder<A, I>): StaticToolSchema<A, I> =>\n Schema.toStandardSchemaV1(Schema.toStandardJSONSchemaV1(schema) as never) as StaticToolSchema<\n A,\n I\n >;\n\nconst OnePasswordConfigureInput = Schema.Struct({\n auth: OnePasswordAuth,\n vaultId: Schema.String,\n name: Schema.String,\n});\n\nconst OnePasswordConfigureOutput = Schema.Struct({\n configured: Schema.Boolean,\n});\n\nconst OnePasswordGetConfigOutput = Schema.Struct({\n config: Schema.NullOr(RedactedOnePasswordConfig),\n});\n\nconst OnePasswordListVaultsInput = OnePasswordAuth;\n\nconst OnePasswordListVaultsOutput = Schema.Struct({\n vaults: Schema.Array(Vault),\n});\n\nconst OnePasswordRemoveConfigOutput = Schema.Struct({\n removed: Schema.Boolean,\n});\n\nconst OnePasswordStatusOutput = ConnectionStatus;\n\nconst OnePasswordConfigureInputStd = schemaToStaticToolSchema<\n typeof OnePasswordConfigureInput.Type,\n typeof OnePasswordConfigureInput.Encoded\n>(OnePasswordConfigureInput);\nconst OnePasswordConfigureOutputStd = schemaToStaticToolSchema(OnePasswordConfigureOutput);\nconst OnePasswordGetConfigOutputStd = schemaToStaticToolSchema(OnePasswordGetConfigOutput);\nconst OnePasswordListVaultsInputStd = schemaToStaticToolSchema<\n typeof OnePasswordListVaultsInput.Type,\n typeof OnePasswordListVaultsInput.Encoded\n>(OnePasswordListVaultsInput);\nconst OnePasswordListVaultsOutputStd = schemaToStaticToolSchema(OnePasswordListVaultsOutput);\nconst OnePasswordRemoveConfigOutputStd = schemaToStaticToolSchema(OnePasswordRemoveConfigOutput);\nconst OnePasswordStatusOutputStd = schemaToStaticToolSchema(OnePasswordStatusOutput);\n\n// ---------------------------------------------------------------------------\n// Shared failure alias.\n//\n// Every extension method either touches storage (`ctx.storage` blobs) or\n// reaches the 1Password backend. Storage I/O surfaces as `StorageFailure`;\n// the HTTP edge (`withCapture`) translates `StorageError` to\n// `InternalError({ traceId })`. Domain problems (not configured, backend RPC\n// failure) stay as `OnePasswordError` and encode to 502 via the schema\n// annotation on the class.\n// ---------------------------------------------------------------------------\n\nexport type OnePasswordExtensionFailure = OnePasswordError | StorageFailure;\n\n// ---------------------------------------------------------------------------\n// Typed config store — single blob, JSON encoded, owner-partitioned. The\n// stored config carries the auth credential (desktop account name, or\n// service-account token) plus the selected vault. v1 keyed this by executor\n// scope; v2 partitions by `owner` — the plugin-owned config row owns the\n// partition, mirroring the connection model. Blob I/O failures surface as\n// `StorageError`; decode failures stay `OnePasswordError`.\n// ---------------------------------------------------------------------------\n\nexport interface OnePasswordStore {\n readonly getConfig: () => Effect.Effect<\n OnePasswordConfig | null,\n StorageError | OnePasswordError\n >;\n readonly saveConfig: (\n config: OnePasswordConfig,\n owner: Owner,\n ) => Effect.Effect<void, StorageError>;\n readonly deleteConfig: (owner: Owner) => Effect.Effect<void, StorageError>;\n}\n\nconst decodeConfig = Schema.decodeUnknownEffect(Schema.fromJsonString(OnePasswordConfig));\n\nconst blobStorageError =\n (operation: string) =>\n (cause: unknown): StorageError =>\n new StorageError({\n message: `onepassword blob ${operation} failed`,\n cause,\n });\n\nexport const makeOnePasswordStore = (blobs: PluginBlobStore): OnePasswordStore => ({\n getConfig: () =>\n blobs.get(CONFIG_KEY).pipe(\n Effect.mapError(blobStorageError(\"read\")),\n Effect.flatMap((raw) => {\n if (raw === null) return Effect.succeed(null);\n return decodeConfig(raw).pipe(\n Effect.mapError(\n () =>\n new OnePasswordError({\n operation: \"config decode\",\n message: \"Failed to decode 1Password config\",\n }),\n ),\n );\n }),\n ),\n\n saveConfig: (config, owner) =>\n blobs\n .put(\n CONFIG_KEY,\n JSON.stringify({\n auth: config.auth,\n vaultId: config.vaultId,\n name: config.name,\n }),\n { owner },\n )\n .pipe(Effect.mapError(blobStorageError(\"write\"))),\n\n deleteConfig: (owner) =>\n blobs.delete(CONFIG_KEY, { owner }).pipe(Effect.mapError(blobStorageError(\"delete\"))),\n});\n\n// ---------------------------------------------------------------------------\n// Helpers — auth resolution + service construction\n// ---------------------------------------------------------------------------\n\nconst resolveAuth = (auth: OnePasswordAuth): ResolvedAuth =>\n auth.kind === \"desktop-app\"\n ? { kind: \"desktop-app\", accountName: auth.accountName }\n : { kind: \"service-account\", token: auth.token };\n\nconst getServiceFromConfig = (\n config: OnePasswordConfig,\n timeoutMs: number,\n preferSdk: boolean | undefined,\n): Effect.Effect<OnePasswordService, OnePasswordError> =>\n makeOnePasswordService(resolveAuth(config.auth), { timeoutMs, preferSdk });\n\nconst configuredVaultUri = (config: OnePasswordConfig, itemId: string): string | null => {\n if (!itemId.startsWith(\"op://\")) {\n return `op://${config.vaultId}/${itemId}/${CREDENTIAL_FIELD}`;\n }\n const match = itemId.match(/^op:\\/\\/([^/]+)\\/.+/);\n if (!match || match[1] !== config.vaultId) return null;\n return itemId;\n};\n\n// ---------------------------------------------------------------------------\n// CredentialProvider — read-only, resolves op:// URIs or vaultId-based lookups.\n//\n// v2: `get(id)` receives only an opaque `ProviderItemId` — no scope. The id is\n// either a fully-qualified `op://vault/item/field` URI or a bare item id that\n// the stored config's vault scopes. The plugin's stored config supplies the\n// auth + vault binding; the provider never writes (writable: false).\n// ---------------------------------------------------------------------------\n\nconst makeProvider = (\n ctx: PluginCtx<OnePasswordStore>,\n timeoutMs: number,\n preferSdk: boolean | undefined,\n): CredentialProvider => ({\n key: PROVIDER_KEY,\n writable: false,\n\n get: (id: ProviderItemId): Effect.Effect<string | null, StorageFailure> =>\n ctx.storage.getConfig().pipe(\n Effect.flatMap((config) => {\n if (!config) return Effect.succeed(null as string | null);\n\n const uri = configuredVaultUri(config, id);\n if (uri === null) return Effect.succeed(null as string | null);\n\n return getServiceFromConfig(config, timeoutMs, preferSdk).pipe(\n Effect.flatMap((svc) => svc.resolveSecret(uri)),\n Effect.map((v): string | null => v),\n Effect.orElseSucceed(() => null),\n );\n }),\n Effect.catch(() => Effect.succeed(null as string | null)),\n ),\n\n list: (): Effect.Effect<readonly ProviderEntry[], StorageFailure> =>\n ctx.storage.getConfig().pipe(\n Effect.flatMap((config) => {\n if (!config) return Effect.succeed([] as readonly ProviderEntry[]);\n return getServiceFromConfig(config, timeoutMs, preferSdk).pipe(\n Effect.flatMap((svc) => svc.listItems(config.vaultId)),\n Effect.map((items): readonly ProviderEntry[] =>\n items.map((item) => ({ id: ProviderItemId.make(item.id), name: item.title })),\n ),\n );\n }),\n Effect.catch(() => Effect.succeed([] as readonly ProviderEntry[])),\n ),\n});\n\n// ---------------------------------------------------------------------------\n// Owner resolution — config is a single shared 1Password binding. We persist\n// it under the `user` partition when the executor is bound to a subject, else\n// the shared `org` partition.\n// ---------------------------------------------------------------------------\n\nconst ownerForCtx = (ctx: PluginCtx<OnePasswordStore>): Owner =>\n ctx.owner.subject === null ? \"org\" : \"user\";\n\nconst makeOnePasswordExtension = (\n ctx: PluginCtx<OnePasswordStore>,\n timeoutMs: number,\n preferSdk: boolean | undefined,\n) => {\n return {\n configure: (config: OnePasswordConfig) => ctx.storage.saveConfig(config, ownerForCtx(ctx)),\n\n getConfig: (): Effect.Effect<\n RedactedOnePasswordConfig | null,\n StorageError | OnePasswordError\n > =>\n ctx.storage.getConfig().pipe(Effect.map((config) => (config ? redactConfig(config) : null))),\n\n removeConfig: () => ctx.storage.deleteConfig(ownerForCtx(ctx)),\n\n status: () =>\n Effect.gen(function* () {\n const config = yield* ctx.storage.getConfig();\n if (!config) {\n return ConnectionStatus.make({\n connected: false,\n error: \"Not configured\",\n });\n }\n const svc = yield* getServiceFromConfig(config, timeoutMs, preferSdk);\n const vaults = yield* svc.listVaults();\n const vault = vaults.find((v) => v.id === config.vaultId);\n return ConnectionStatus.make({\n connected: true,\n vaultName: vault?.title,\n });\n }),\n\n listVaults: (auth: OnePasswordAuth) =>\n Effect.gen(function* () {\n const svc = yield* makeOnePasswordService(resolveAuth(auth), {\n timeoutMs,\n preferSdk,\n });\n const vaults = yield* svc.listVaults();\n return vaults\n .map((v) => Vault.make({ id: v.id, name: v.title }))\n .sort((a, b) => a.name.localeCompare(b.name));\n }),\n\n resolve: (uri: string) =>\n Effect.gen(function* () {\n const config = yield* ctx.storage.getConfig();\n if (!config) {\n return yield* new OnePasswordError({\n operation: \"resolve\",\n message: \"1Password is not configured\",\n });\n }\n const scopedUri = configuredVaultUri(config, uri);\n if (scopedUri === null) {\n return yield* new OnePasswordError({\n operation: \"resolve\",\n message: \"1Password secret URI is outside the configured vault\",\n });\n }\n const svc = yield* getServiceFromConfig(config, timeoutMs, preferSdk);\n return yield* svc.resolveSecret(scopedUri);\n }),\n };\n};\n\nexport type OnePasswordExtension = ReturnType<typeof makeOnePasswordExtension>;\n\n// ---------------------------------------------------------------------------\n// Plugin factory\n// ---------------------------------------------------------------------------\n\nexport interface OnePasswordPluginOptions {\n /** Request timeout in ms (default: 15000) */\n readonly timeoutMs?: number;\n /** Force use of the native SDK instead of the CLI (default: false) */\n readonly preferSdk?: boolean;\n}\n\nexport const onepasswordPlugin = definePlugin((options?: OnePasswordPluginOptions) => {\n const timeoutMs = options?.timeoutMs ?? DEFAULT_TIMEOUT_MS;\n const preferSdk = options?.preferSdk;\n\n return {\n id: \"onepassword\" as const,\n packageName: \"@executor-js/plugin-onepassword\",\n storage: ({ blobs }) => makeOnePasswordStore(blobs),\n\n extension: (ctx) => makeOnePasswordExtension(ctx, timeoutMs, preferSdk),\n\n staticSources: (self) => [\n {\n id: \"onepassword\",\n kind: \"executor\",\n name: \"1Password\",\n tools: [\n tool({\n name: \"status\",\n description:\n \"Check whether the 1Password credential provider is configured and can reach its selected vault. This returns status only, never secret values.\",\n outputSchema: OnePasswordStatusOutputStd,\n execute: () => Effect.map(self.status(), ToolResult.ok),\n }),\n tool({\n name: \"getConfig\",\n description:\n \"Read the current 1Password provider configuration. This returns account/vault metadata only; service-account token values are never returned.\",\n outputSchema: OnePasswordGetConfigOutputStd,\n execute: () => Effect.map(self.getConfig(), (config) => ToolResult.ok({ config })),\n }),\n tool({\n name: \"listVaults\",\n description:\n \"List available 1Password vaults before configuring the provider. For service-account auth, pass the service account token directly.\",\n inputSchema: OnePasswordListVaultsInputStd,\n outputSchema: OnePasswordListVaultsOutputStd,\n execute: (input) =>\n Effect.map(self.listVaults(input), (vaults) => ToolResult.ok({ vaults })),\n }),\n tool({\n name: \"configure\",\n description:\n \"Configure the 1Password credential provider for the acting owner. Use desktop-app auth for local biometric access, or service-account auth with the token. The token is stored in the plugin's owner-partitioned config and never surfaced again.\",\n annotations: {\n requiresApproval: true,\n approvalDescription: \"Configure the 1Password credential provider\",\n },\n inputSchema: OnePasswordConfigureInputStd,\n outputSchema: OnePasswordConfigureOutputStd,\n execute: (input) =>\n Effect.as(\n self.configure({ auth: input.auth, vaultId: input.vaultId, name: input.name }),\n ToolResult.ok({ configured: true }),\n ),\n }),\n tool({\n name: \"removeConfig\",\n description:\n \"Remove the 1Password provider configuration for the acting owner. Future 1Password secret resolution stops until reconfigured.\",\n annotations: {\n requiresApproval: true,\n approvalDescription: \"Remove the 1Password credential provider configuration\",\n },\n outputSchema: OnePasswordRemoveConfigOutputStd,\n execute: () => Effect.as(self.removeConfig(), ToolResult.ok({ removed: true })),\n }),\n ],\n },\n ],\n\n credentialProviders: (ctx) => [makeProvider(ctx, timeoutMs, preferSdk)],\n };\n // HTTP transport (routes/handlers/extensionService) is layered on by\n // the api-aware factory in `@executor-js/plugin-onepassword/api`. Hosts\n // that want the HTTP surface import the plugin from there; SDK-only\n // consumers stay on this entry and avoid the server-only deps.\n});\n"],"mappings":";;;;;;;;;;;AAAA,SAAS,SAAS,UAAU,QAAQ,iBAAiB;AACrD,YAAY,QAAQ;AA+Bb,IAAM,wBAAN,cAAoC,QAAQ,QAGjD,EAAE,oDAAoD,EAAE;AAAC;AAc3D,IAAM,qBAAqB;AAG3B,IAAM,qBAAqB,MACzB,OAAO,WAAW;AAAA,EAChB,KAAK,MAAM,OAAO,gBAAgB;AAAA,EAClC,OAAO,MACL,IAAI,iBAAiB;AAAA,IACnB,WAAW;AAAA,IACX,SAAS;AAAA,EACX,CAAC;AACL,CAAC;AAEH,IAAM,qBAAqB,CAAC,WAAmB,cAC7C;AAAA,EACE,GAAG,SAAS,qBAAqB,KAAK,MAAM,YAAY,GAAI,CAAC;AAAA,EAC7D;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,EAAE,KAAK,IAAI;AAEb,IAAM,8BAA8B,CAAC,WAAmB,cACtD,OAAO,cAAc;AAAA,EACnB,UAAU,SAAS,OAAO,SAAS;AAAA,EACnC,QAAQ,MACN,OAAO;AAAA,IACL,IAAI,iBAAiB;AAAA,MACnB;AAAA,MACA,SAAS,mBAAmB,WAAW,SAAS;AAAA,IAClD,CAAC;AAAA,EACH;AACJ,CAAC;AAEI,IAAM,uBAAuB,CAClC,MACA,YAAoB,uBAEpB,OAAO,IAAI,aAAa;AACtB,QAAM,MAAM,OAAO,mBAAmB,EAAE;AAAA,IACtC,4BAA4B,mBAAmB,SAAS;AAAA,EAC1D;AAEA,QAAM,SAAS,OAAO,OAAO,WAAW;AAAA,IACtC,KAAK,MACH,IAAI,aAAa;AAAA,MACf,MAAM,KAAK,SAAS,gBAAgB,IAAI,IAAI,YAAY,KAAK,WAAW,IAAI,KAAK;AAAA,MACjF,iBAAiB;AAAA,MACjB,oBAAoB;AAAA,IACtB,CAAC;AAAA,IACH,OAAO,MACL,IAAI,iBAAiB;AAAA,MACnB,WAAW;AAAA,MACX,SAAS;AAAA,IACX,CAAC;AAAA,EACL,CAAC,EAAE,KAAK,4BAA4B,gBAAgB,SAAS,CAAC;AAE9D,QAAM,OAAO,CAAI,IAAsB,cACrC,OAAO,WAAW;AAAA,IAChB,KAAK;AAAA,IACL,OAAO,MACL,IAAI,iBAAiB;AAAA,MACnB;AAAA,MACA,SAAS,iBAAiB,SAAS;AAAA,IACrC,CAAC;AAAA,EACL,CAAC,EAAE;AAAA,IACD,4BAA4B,WAAW,SAAS;AAAA,IAChD,OAAO,SAAS,mBAAmB,SAAS,EAAE;AAAA,EAChD;AAEF,SAAO,sBAAsB,GAAG;AAAA,IAC9B,eAAe,CAAC,QAAQ,KAAK,MAAM,OAAO,QAAQ,QAAQ,GAAG,GAAG,mBAAmB;AAAA,IAEnF,YAAY,MACV,KAAK,MAAM,OAAO,OAAO,KAAK,EAAE,gBAAgB,KAAK,CAAC,GAAG,eAAe,EAAE;AAAA,MACxE,OAAO,IAAI,CAAC,WAAW,OAAO,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,IAAI,OAAO,EAAE,MAAM,EAAE,CAAC;AAAA,IAC1E;AAAA,IAEF,WAAW,CAAC,YACV,KAAK,MAAM,OAAO,MAAM,KAAK,OAAO,GAAG,cAAc,EAAE;AAAA,MACrD,OAAO,IAAI,CAAC,UAAU,MAAM,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,IAAI,OAAO,EAAE,MAAM,EAAE,CAAC;AAAA,IACxE;AAAA,EACJ,CAAC;AACH,CAAC,EAAE,KAAK,OAAO,SAAS,8BAA8B,CAAC;AAMzD,IAAM,cAAc,UAAU,WAAW,CAAC;AAEnC,IAAM,iBAAiB,CAC5B,SAEA,OAAO,KAAK,MAAM;AAChB,QAAM,WAAW,CAAI,IAAa,cAChC,YACG,YAAY,CAAC;AAAA,IACZ,OAAO,IAAI;AAAA,MACT,KAAK,MAAM;AACT,YAAI,KAAK,SAAS,mBAAmB;AACnC,UAAG,kBAAe,CAAC,CAAC;AACpB,UAAG,qBAAkB,KAAK,KAAK;AAAA,QACjC,OAAO;AACL,UAAG,qBAAkB,EAAE;AACvB,UAAG,kBAAe,EAAE,SAAS,KAAK,YAAY,CAAC;AAAA,QACjD;AACA,eAAO,GAAG;AAAA,MACZ;AAAA,MACA,OAAO,MACL,IAAI,iBAAiB;AAAA,QACnB;AAAA,QACA,SAAS,iBAAiB,SAAS;AAAA,MACrC,CAAC;AAAA,IACL,CAAC;AAAA,EACH,EACC,KAAK,OAAO,SAAS,mBAAmB,SAAS,EAAE,CAAC;AAEzD,SAAO,sBAAsB,GAAG;AAAA,IAC9B,eAAe,CAAC,QAAQ,SAAS,MAAS,QAAK,MAAM,GAAG,GAAG,mBAAmB;AAAA,IAE9E,YAAY,MACV,SAAS,MAAS,SAAM,KAAK,GAAG,eAAe,EAAE;AAAA,MAC/C,OAAO,IAAI,CAAC,WAAW,OAAO,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,IAAI,OAAO,EAAE,KAAK,EAAE,CAAC;AAAA,IACzE;AAAA,IAEF,WAAW,CAAC,YACV,SAAS,MAAS,QAAK,KAAK,EAAE,OAAO,QAAQ,CAAC,GAAG,cAAc,EAAE;AAAA,MAC/D,OAAO,IAAI,CAAC,UAAU,MAAM,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,IAAI,OAAO,EAAE,MAAM,EAAE,CAAC;AAAA,IACxE;AAAA,EACJ,CAAC;AACH,CAAC,EAAE,KAAK,OAAO,SAAS,8BAA8B,CAAC;AAMlD,IAAM,yBAAyB,CACpC,MACA,YACwD;AACxD,QAAM,YAAY,SAAS,aAAa;AAExC,MAAI,SAAS,WAAW;AACtB,WAAO,qBAAqB,MAAM,SAAS;AAAA,EAC7C;AAGA,SAAO,eAAe,IAAI,EAAE;AAAA,IAC1B,OAAO;AAAA,MAAM,CAAC;AAAA;AAAA,QAEZ,qBAAqB,MAAM,SAAS,EAAE,KAAK,OAAO,SAAS,MAAM,QAAQ,CAAC;AAAA;AAAA,IAC5E;AAAA,EACF;AACF;;;AC7MA,SAAS,UAAAA,SAAQ,cAAc;AAE/B;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OAQK;AAiBP,IAAM,mBAAmB;AACzB,IAAMC,sBAAqB;AAC3B,IAAM,aAAa;AACnB,IAAM,eAAe,YAAY,KAAK,aAAa;AAEnD,IAAM,2BAA2B,CAAO,WACtC,OAAO,mBAAmB,OAAO,uBAAuB,MAAM,CAAU;AAK1E,IAAM,4BAA4B,OAAO,OAAO;AAAA,EAC9C,MAAM;AAAA,EACN,SAAS,OAAO;AAAA,EAChB,MAAM,OAAO;AACf,CAAC;AAED,IAAM,6BAA6B,OAAO,OAAO;AAAA,EAC/C,YAAY,OAAO;AACrB,CAAC;AAED,IAAM,6BAA6B,OAAO,OAAO;AAAA,EAC/C,QAAQ,OAAO,OAAO,yBAAyB;AACjD,CAAC;AAED,IAAM,6BAA6B;AAEnC,IAAM,8BAA8B,OAAO,OAAO;AAAA,EAChD,QAAQ,OAAO,MAAM,KAAK;AAC5B,CAAC;AAED,IAAM,gCAAgC,OAAO,OAAO;AAAA,EAClD,SAAS,OAAO;AAClB,CAAC;AAED,IAAM,0BAA0B;AAEhC,IAAM,+BAA+B,yBAGnC,yBAAyB;AAC3B,IAAM,gCAAgC,yBAAyB,0BAA0B;AACzF,IAAM,gCAAgC,yBAAyB,0BAA0B;AACzF,IAAM,gCAAgC,yBAGpC,0BAA0B;AAC5B,IAAM,iCAAiC,yBAAyB,2BAA2B;AAC3F,IAAM,mCAAmC,yBAAyB,6BAA6B;AAC/F,IAAM,6BAA6B,yBAAyB,uBAAuB;AAoCnF,IAAM,eAAe,OAAO,oBAAoB,OAAO,eAAe,iBAAiB,CAAC;AAExF,IAAM,mBACJ,CAAC,cACD,CAAC,UACC,IAAI,aAAa;AAAA,EACf,SAAS,oBAAoB,SAAS;AAAA,EACtC;AACF,CAAC;AAEE,IAAM,uBAAuB,CAAC,WAA8C;AAAA,EACjF,WAAW,MACT,MAAM,IAAI,UAAU,EAAE;AAAA,IACpBC,QAAO,SAAS,iBAAiB,MAAM,CAAC;AAAA,IACxCA,QAAO,QAAQ,CAAC,QAAQ;AACtB,UAAI,QAAQ,KAAM,QAAOA,QAAO,QAAQ,IAAI;AAC5C,aAAO,aAAa,GAAG,EAAE;AAAA,QACvBA,QAAO;AAAA,UACL,MACE,IAAI,iBAAiB;AAAA,YACnB,WAAW;AAAA,YACX,SAAS;AAAA,UACX,CAAC;AAAA,QACL;AAAA,MACF;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEF,YAAY,CAAC,QAAQ,UACnB,MACG;AAAA,IACC;AAAA,IACA,KAAK,UAAU;AAAA,MACb,MAAM,OAAO;AAAA,MACb,SAAS,OAAO;AAAA,MAChB,MAAM,OAAO;AAAA,IACf,CAAC;AAAA,IACD,EAAE,MAAM;AAAA,EACV,EACC,KAAKA,QAAO,SAAS,iBAAiB,OAAO,CAAC,CAAC;AAAA,EAEpD,cAAc,CAAC,UACb,MAAM,OAAO,YAAY,EAAE,MAAM,CAAC,EAAE,KAAKA,QAAO,SAAS,iBAAiB,QAAQ,CAAC,CAAC;AACxF;AAMA,IAAM,cAAc,CAAC,SACnB,KAAK,SAAS,gBACV,EAAE,MAAM,eAAe,aAAa,KAAK,YAAY,IACrD,EAAE,MAAM,mBAAmB,OAAO,KAAK,MAAM;AAEnD,IAAM,uBAAuB,CAC3B,QACA,WACA,cAEA,uBAAuB,YAAY,OAAO,IAAI,GAAG,EAAE,WAAW,UAAU,CAAC;AAE3E,IAAM,qBAAqB,CAAC,QAA2B,WAAkC;AACvF,MAAI,CAAC,OAAO,WAAW,OAAO,GAAG;AAC/B,WAAO,QAAQ,OAAO,OAAO,IAAI,MAAM,IAAI,gBAAgB;AAAA,EAC7D;AACA,QAAM,QAAQ,OAAO,MAAM,qBAAqB;AAChD,MAAI,CAAC,SAAS,MAAM,CAAC,MAAM,OAAO,QAAS,QAAO;AAClD,SAAO;AACT;AAWA,IAAM,eAAe,CACnB,KACA,WACA,eACwB;AAAA,EACxB,KAAK;AAAA,EACL,UAAU;AAAA,EAEV,KAAK,CAAC,OACJ,IAAI,QAAQ,UAAU,EAAE;AAAA,IACtBA,QAAO,QAAQ,CAAC,WAAW;AACzB,UAAI,CAAC,OAAQ,QAAOA,QAAO,QAAQ,IAAqB;AAExD,YAAM,MAAM,mBAAmB,QAAQ,EAAE;AACzC,UAAI,QAAQ,KAAM,QAAOA,QAAO,QAAQ,IAAqB;AAE7D,aAAO,qBAAqB,QAAQ,WAAW,SAAS,EAAE;AAAA,QACxDA,QAAO,QAAQ,CAAC,QAAQ,IAAI,cAAc,GAAG,CAAC;AAAA,QAC9CA,QAAO,IAAI,CAAC,MAAqB,CAAC;AAAA,QAClCA,QAAO,cAAc,MAAM,IAAI;AAAA,MACjC;AAAA,IACF,CAAC;AAAA,IACDA,QAAO,MAAM,MAAMA,QAAO,QAAQ,IAAqB,CAAC;AAAA,EAC1D;AAAA,EAEF,MAAM,MACJ,IAAI,QAAQ,UAAU,EAAE;AAAA,IACtBA,QAAO,QAAQ,CAAC,WAAW;AACzB,UAAI,CAAC,OAAQ,QAAOA,QAAO,QAAQ,CAAC,CAA6B;AACjE,aAAO,qBAAqB,QAAQ,WAAW,SAAS,EAAE;AAAA,QACxDA,QAAO,QAAQ,CAAC,QAAQ,IAAI,UAAU,OAAO,OAAO,CAAC;AAAA,QACrDA,QAAO;AAAA,UAAI,CAAC,UACV,MAAM,IAAI,CAACC,WAAU,EAAE,IAAI,eAAe,KAAKA,MAAK,EAAE,GAAG,MAAMA,MAAK,MAAM,EAAE;AAAA,QAC9E;AAAA,MACF;AAAA,IACF,CAAC;AAAA,IACDD,QAAO,MAAM,MAAMA,QAAO,QAAQ,CAAC,CAA6B,CAAC;AAAA,EACnE;AACJ;AAQA,IAAM,cAAc,CAAC,QACnB,IAAI,MAAM,YAAY,OAAO,QAAQ;AAEvC,IAAM,2BAA2B,CAC/B,KACA,WACA,cACG;AACH,SAAO;AAAA,IACL,WAAW,CAAC,WAA8B,IAAI,QAAQ,WAAW,QAAQ,YAAY,GAAG,CAAC;AAAA,IAEzF,WAAW,MAIT,IAAI,QAAQ,UAAU,EAAE,KAAKA,QAAO,IAAI,CAAC,WAAY,SAAS,aAAa,MAAM,IAAI,IAAK,CAAC;AAAA,IAE7F,cAAc,MAAM,IAAI,QAAQ,aAAa,YAAY,GAAG,CAAC;AAAA,IAE7D,QAAQ,MACNA,QAAO,IAAI,aAAa;AACtB,YAAM,SAAS,OAAO,IAAI,QAAQ,UAAU;AAC5C,UAAI,CAAC,QAAQ;AACX,eAAO,iBAAiB,KAAK;AAAA,UAC3B,WAAW;AAAA,UACX,OAAO;AAAA,QACT,CAAC;AAAA,MACH;AACA,YAAM,MAAM,OAAO,qBAAqB,QAAQ,WAAW,SAAS;AACpE,YAAM,SAAS,OAAO,IAAI,WAAW;AACrC,YAAME,SAAQ,OAAO,KAAK,CAAC,MAAM,EAAE,OAAO,OAAO,OAAO;AACxD,aAAO,iBAAiB,KAAK;AAAA,QAC3B,WAAW;AAAA,QACX,WAAWA,QAAO;AAAA,MACpB,CAAC;AAAA,IACH,CAAC;AAAA,IAEH,YAAY,CAAC,SACXF,QAAO,IAAI,aAAa;AACtB,YAAM,MAAM,OAAO,uBAAuB,YAAY,IAAI,GAAG;AAAA,QAC3D;AAAA,QACA;AAAA,MACF,CAAC;AACD,YAAM,SAAS,OAAO,IAAI,WAAW;AACrC,aAAO,OACJ,IAAI,CAAC,MAAM,MAAM,KAAK,EAAE,IAAI,EAAE,IAAI,MAAM,EAAE,MAAM,CAAC,CAAC,EAClD,KAAK,CAAC,GAAG,MAAM,EAAE,KAAK,cAAc,EAAE,IAAI,CAAC;AAAA,IAChD,CAAC;AAAA,IAEH,SAAS,CAAC,QACRA,QAAO,IAAI,aAAa;AACtB,YAAM,SAAS,OAAO,IAAI,QAAQ,UAAU;AAC5C,UAAI,CAAC,QAAQ;AACX,eAAO,OAAO,IAAI,iBAAiB;AAAA,UACjC,WAAW;AAAA,UACX,SAAS;AAAA,QACX,CAAC;AAAA,MACH;AACA,YAAM,YAAY,mBAAmB,QAAQ,GAAG;AAChD,UAAI,cAAc,MAAM;AACtB,eAAO,OAAO,IAAI,iBAAiB;AAAA,UACjC,WAAW;AAAA,UACX,SAAS;AAAA,QACX,CAAC;AAAA,MACH;AACA,YAAM,MAAM,OAAO,qBAAqB,QAAQ,WAAW,SAAS;AACpE,aAAO,OAAO,IAAI,cAAc,SAAS;AAAA,IAC3C,CAAC;AAAA,EACL;AACF;AAeO,IAAM,oBAAoB,aAAa,CAAC,YAAuC;AACpF,QAAM,YAAY,SAAS,aAAaD;AACxC,QAAM,YAAY,SAAS;AAE3B,SAAO;AAAA,IACL,IAAI;AAAA,IACJ,aAAa;AAAA,IACb,SAAS,CAAC,EAAE,MAAM,MAAM,qBAAqB,KAAK;AAAA,IAElD,WAAW,CAAC,QAAQ,yBAAyB,KAAK,WAAW,SAAS;AAAA,IAEtE,eAAe,CAAC,SAAS;AAAA,MACvB;AAAA,QACE,IAAI;AAAA,QACJ,MAAM;AAAA,QACN,MAAM;AAAA,QACN,OAAO;AAAA,UACL,KAAK;AAAA,YACH,MAAM;AAAA,YACN,aACE;AAAA,YACF,cAAc;AAAA,YACd,SAAS,MAAMC,QAAO,IAAI,KAAK,OAAO,GAAG,WAAW,EAAE;AAAA,UACxD,CAAC;AAAA,UACD,KAAK;AAAA,YACH,MAAM;AAAA,YACN,aACE;AAAA,YACF,cAAc;AAAA,YACd,SAAS,MAAMA,QAAO,IAAI,KAAK,UAAU,GAAG,CAAC,WAAW,WAAW,GAAG,EAAE,OAAO,CAAC,CAAC;AAAA,UACnF,CAAC;AAAA,UACD,KAAK;AAAA,YACH,MAAM;AAAA,YACN,aACE;AAAA,YACF,aAAa;AAAA,YACb,cAAc;AAAA,YACd,SAAS,CAAC,UACRA,QAAO,IAAI,KAAK,WAAW,KAAK,GAAG,CAAC,WAAW,WAAW,GAAG,EAAE,OAAO,CAAC,CAAC;AAAA,UAC5E,CAAC;AAAA,UACD,KAAK;AAAA,YACH,MAAM;AAAA,YACN,aACE;AAAA,YACF,aAAa;AAAA,cACX,kBAAkB;AAAA,cAClB,qBAAqB;AAAA,YACvB;AAAA,YACA,aAAa;AAAA,YACb,cAAc;AAAA,YACd,SAAS,CAAC,UACRA,QAAO;AAAA,cACL,KAAK,UAAU,EAAE,MAAM,MAAM,MAAM,SAAS,MAAM,SAAS,MAAM,MAAM,KAAK,CAAC;AAAA,cAC7E,WAAW,GAAG,EAAE,YAAY,KAAK,CAAC;AAAA,YACpC;AAAA,UACJ,CAAC;AAAA,UACD,KAAK;AAAA,YACH,MAAM;AAAA,YACN,aACE;AAAA,YACF,aAAa;AAAA,cACX,kBAAkB;AAAA,cAClB,qBAAqB;AAAA,YACvB;AAAA,YACA,cAAc;AAAA,YACd,SAAS,MAAMA,QAAO,GAAG,KAAK,aAAa,GAAG,WAAW,GAAG,EAAE,SAAS,KAAK,CAAC,CAAC;AAAA,UAChF,CAAC;AAAA,QACH;AAAA,MACF;AAAA,IACF;AAAA,IAEA,qBAAqB,CAAC,QAAQ,CAAC,aAAa,KAAK,WAAW,SAAS,CAAC;AAAA,EACxE;AAKF,CAAC;","names":["Effect","DEFAULT_TIMEOUT_MS","Effect","item","vault"]}
|
package/dist/client.js
CHANGED
|
@@ -6,7 +6,7 @@ import { lazy } from "react";
|
|
|
6
6
|
var onePasswordSecretProviderPlugin = {
|
|
7
7
|
key: "onepassword",
|
|
8
8
|
label: "1Password",
|
|
9
|
-
settings: lazy(() => import("./OnePasswordSettings-
|
|
9
|
+
settings: lazy(() => import("./OnePasswordSettings-KMRJZYUZ.js"))
|
|
10
10
|
};
|
|
11
11
|
|
|
12
12
|
// src/react/plugin-client.tsx
|
package/dist/core.js
CHANGED
|
@@ -5,16 +5,19 @@ import {
|
|
|
5
5
|
makeOnePasswordService,
|
|
6
6
|
makeOnePasswordStore,
|
|
7
7
|
onepasswordPlugin
|
|
8
|
-
} from "./chunk-
|
|
8
|
+
} from "./chunk-WFBABLCL.js";
|
|
9
9
|
import {
|
|
10
10
|
ConnectionStatus,
|
|
11
11
|
DesktopAppAuth,
|
|
12
12
|
OnePasswordAuth,
|
|
13
13
|
OnePasswordConfig,
|
|
14
14
|
OnePasswordError,
|
|
15
|
+
RedactedOnePasswordAuth,
|
|
16
|
+
RedactedOnePasswordConfig,
|
|
15
17
|
ServiceAccountAuth,
|
|
16
|
-
Vault
|
|
17
|
-
|
|
18
|
+
Vault,
|
|
19
|
+
redactConfig
|
|
20
|
+
} from "./chunk-OYHEG6OK.js";
|
|
18
21
|
export {
|
|
19
22
|
ConnectionStatus,
|
|
20
23
|
DesktopAppAuth,
|
|
@@ -22,12 +25,15 @@ export {
|
|
|
22
25
|
OnePasswordConfig,
|
|
23
26
|
OnePasswordError,
|
|
24
27
|
OnePasswordServiceTag,
|
|
28
|
+
RedactedOnePasswordAuth,
|
|
29
|
+
RedactedOnePasswordConfig,
|
|
25
30
|
ServiceAccountAuth,
|
|
26
31
|
Vault,
|
|
27
32
|
makeCliService,
|
|
28
33
|
makeNativeSdkService,
|
|
29
34
|
makeOnePasswordService,
|
|
30
35
|
makeOnePasswordStore,
|
|
31
|
-
onepasswordPlugin
|
|
36
|
+
onepasswordPlugin,
|
|
37
|
+
redactConfig
|
|
32
38
|
};
|
|
33
39
|
//# sourceMappingURL=core.js.map
|
package/dist/index.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import {
|
|
2
2
|
onepasswordPlugin
|
|
3
|
-
} from "./chunk-
|
|
3
|
+
} from "./chunk-WFBABLCL.js";
|
|
4
4
|
import {
|
|
5
5
|
ConnectionStatus,
|
|
6
6
|
DesktopAppAuth,
|
|
@@ -9,7 +9,7 @@ import {
|
|
|
9
9
|
OnePasswordError,
|
|
10
10
|
ServiceAccountAuth,
|
|
11
11
|
Vault
|
|
12
|
-
} from "./chunk-
|
|
12
|
+
} from "./chunk-OYHEG6OK.js";
|
|
13
13
|
export {
|
|
14
14
|
ConnectionStatus,
|
|
15
15
|
DesktopAppAuth,
|
package/dist/react/atoms.d.ts
CHANGED
|
@@ -1,31 +1,26 @@
|
|
|
1
|
-
|
|
2
|
-
export declare const
|
|
3
|
-
export declare const onepasswordConfigAtom: (scopeId: ScopeId) => import("effect/unstable/reactivity/Atom").Atom<import("effect/unstable/reactivity/AsyncResult").AsyncResult<{
|
|
1
|
+
export declare const onepasswordWriteKeys: readonly ["providers"];
|
|
2
|
+
export declare const onepasswordConfigAtom: import("effect/unstable/reactivity/Atom").Atom<import("effect/unstable/reactivity/AsyncResult").AsyncResult<{
|
|
4
3
|
readonly name: string;
|
|
5
4
|
readonly auth: {
|
|
6
5
|
readonly kind: "desktop-app";
|
|
7
6
|
readonly accountName: string;
|
|
8
7
|
} | {
|
|
9
8
|
readonly kind: "service-account";
|
|
10
|
-
readonly tokenSecretId: string;
|
|
11
9
|
};
|
|
12
10
|
readonly vaultId: string;
|
|
13
11
|
} | null, import("@executor-js/sdk").InternalError | import("../promise").OnePasswordError>>;
|
|
14
|
-
export declare const onepasswordStatusAtom:
|
|
12
|
+
export declare const onepasswordStatusAtom: import("effect/unstable/reactivity/Atom").Atom<import("effect/unstable/reactivity/AsyncResult").AsyncResult<{
|
|
15
13
|
readonly connected: boolean;
|
|
16
14
|
readonly error?: string | undefined;
|
|
17
15
|
readonly vaultName?: string | undefined;
|
|
18
16
|
}, import("@executor-js/sdk").InternalError | import("../promise").OnePasswordError>>;
|
|
19
|
-
export declare const onepasswordVaultsAtom: (authKind: "desktop-app" | "service-account", account: string
|
|
17
|
+
export declare const onepasswordVaultsAtom: (authKind: "desktop-app" | "service-account", account: string) => import("effect/unstable/reactivity/Atom").Atom<import("effect/unstable/reactivity/AsyncResult").AsyncResult<{
|
|
20
18
|
readonly vaults: readonly {
|
|
21
19
|
readonly id: string;
|
|
22
20
|
readonly name: string;
|
|
23
21
|
}[];
|
|
24
22
|
}, import("@executor-js/sdk").InternalError | import("../promise").OnePasswordError>>;
|
|
25
23
|
export declare const configureOnePassword: import("effect/unstable/reactivity/Atom").AtomResultFn<{
|
|
26
|
-
readonly params: {
|
|
27
|
-
readonly scopeId: string & import("effect/Brand").Brand<"ScopeId">;
|
|
28
|
-
};
|
|
29
24
|
readonly payload: {
|
|
30
25
|
readonly name: string;
|
|
31
26
|
readonly auth: {
|
|
@@ -33,7 +28,7 @@ export declare const configureOnePassword: import("effect/unstable/reactivity/At
|
|
|
33
28
|
readonly accountName: string;
|
|
34
29
|
} | {
|
|
35
30
|
readonly kind: "service-account";
|
|
36
|
-
readonly
|
|
31
|
+
readonly token: string;
|
|
37
32
|
};
|
|
38
33
|
readonly vaultId: string;
|
|
39
34
|
};
|
|
@@ -41,9 +36,8 @@ export declare const configureOnePassword: import("effect/unstable/reactivity/At
|
|
|
41
36
|
readonly reactivityKeys?: readonly unknown[] | import("effect/Record").ReadonlyRecord<string, readonly unknown[]> | undefined;
|
|
42
37
|
}, void, import("@executor-js/sdk").InternalError | import("../promise").OnePasswordError>;
|
|
43
38
|
export declare const removeOnePasswordConfig: import("effect/unstable/reactivity/Atom").AtomResultFn<{
|
|
44
|
-
readonly
|
|
45
|
-
|
|
46
|
-
};
|
|
39
|
+
readonly reactivityKeys?: readonly unknown[] | import("effect/Record").ReadonlyRecord<string, readonly unknown[]> | undefined;
|
|
40
|
+
} | {
|
|
47
41
|
readonly responseMode?: "decoded-only" | undefined;
|
|
48
42
|
readonly reactivityKeys?: readonly unknown[] | import("effect/Record").ReadonlyRecord<string, readonly unknown[]> | undefined;
|
|
49
43
|
}, void, import("@executor-js/sdk").InternalError | import("../promise").OnePasswordError>;
|
package/dist/react/client.d.ts
CHANGED
|
@@ -1,38 +1,27 @@
|
|
|
1
|
-
export declare const OnePasswordClient: import("effect/unstable/reactivity/AtomHttpApi").AtomHttpApiClient<"Plugin_onepasswordClient", `Plugin_${string}Client`, import("effect/unstable/httpapi/HttpApiGroup").HttpApiGroup<"onepassword", import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"getConfig", "GET", "/
|
|
2
|
-
scopeId: import("effect/Schema").brand<import("effect/Schema").String, "ScopeId">;
|
|
3
|
-
}>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").NullOr<import("effect/Schema").Struct<{
|
|
1
|
+
export declare const OnePasswordClient: import("effect/unstable/reactivity/AtomHttpApi").AtomHttpApiClient<"Plugin_onepasswordClient", `Plugin_${string}Client`, import("effect/unstable/httpapi/HttpApiGroup").HttpApiGroup<"onepassword", import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"getConfig", "GET", "/onepassword/config", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").NullOr<import("effect/Schema").Struct<{
|
|
4
2
|
readonly auth: import("effect/Schema").Union<readonly [import("effect/Schema").Struct<{
|
|
5
3
|
readonly kind: import("effect/Schema").Literal<"desktop-app">;
|
|
6
4
|
readonly accountName: import("effect/Schema").String;
|
|
7
5
|
}>, import("effect/Schema").Struct<{
|
|
8
6
|
readonly kind: import("effect/Schema").Literal<"service-account">;
|
|
9
|
-
readonly tokenSecretId: import("effect/Schema").String;
|
|
10
7
|
}>]>;
|
|
11
8
|
readonly vaultId: import("effect/Schema").String;
|
|
12
9
|
readonly name: import("effect/Schema").String;
|
|
13
|
-
}>>>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/sdk").InternalError | typeof import("../promise").OnePasswordError>, never, never> | import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"configure", "PUT", "/
|
|
14
|
-
scopeId: import("effect/Schema").brand<import("effect/Schema").String, "ScopeId">;
|
|
15
|
-
}>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").Struct<{
|
|
10
|
+
}>>>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/sdk").InternalError | typeof import("../promise").OnePasswordError>, never, never> | import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"configure", "PUT", "/onepassword/config", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").Struct<{
|
|
16
11
|
readonly auth: import("effect/Schema").Union<readonly [import("effect/Schema").Struct<{
|
|
17
12
|
readonly kind: import("effect/Schema").Literal<"desktop-app">;
|
|
18
13
|
readonly accountName: import("effect/Schema").String;
|
|
19
14
|
}>, import("effect/Schema").Struct<{
|
|
20
15
|
readonly kind: import("effect/Schema").Literal<"service-account">;
|
|
21
|
-
readonly
|
|
16
|
+
readonly token: import("effect/Schema").String;
|
|
22
17
|
}>]>;
|
|
23
18
|
readonly vaultId: import("effect/Schema").String;
|
|
24
19
|
readonly name: import("effect/Schema").String;
|
|
25
|
-
}>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").Void>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/sdk").InternalError | typeof import("../promise").OnePasswordError>, never, never> | import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"removeConfig", "DELETE", "/
|
|
26
|
-
scopeId: import("effect/Schema").brand<import("effect/Schema").String, "ScopeId">;
|
|
27
|
-
}>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").Void>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/sdk").InternalError | typeof import("../promise").OnePasswordError>, never, never> | import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"status", "GET", "/scopes/:scopeId/onepassword/status", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<import("effect/Schema").Struct<{
|
|
28
|
-
scopeId: import("effect/Schema").brand<import("effect/Schema").String, "ScopeId">;
|
|
29
|
-
}>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").Struct<{
|
|
20
|
+
}>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").Void>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/sdk").InternalError | typeof import("../promise").OnePasswordError>, never, never> | import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"removeConfig", "DELETE", "/onepassword/config", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").Void>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/sdk").InternalError | typeof import("../promise").OnePasswordError>, never, never> | import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"status", "GET", "/onepassword/status", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").Struct<{
|
|
30
21
|
readonly connected: import("effect/Schema").Boolean;
|
|
31
22
|
readonly vaultName: import("effect/Schema").optional<import("effect/Schema").String>;
|
|
32
23
|
readonly error: import("effect/Schema").optional<import("effect/Schema").String>;
|
|
33
|
-
}>>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/sdk").InternalError | typeof import("../promise").OnePasswordError>, never, never> | import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"listVaults", "GET", "/
|
|
34
|
-
scopeId: import("effect/Schema").brand<import("effect/Schema").String, "ScopeId">;
|
|
35
|
-
}>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<import("effect/Schema").Struct<{
|
|
24
|
+
}>>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<typeof import("@executor-js/sdk").InternalError | typeof import("../promise").OnePasswordError>, never, never> | import("effect/unstable/httpapi/HttpApiEndpoint").HttpApiEndpoint<"listVaults", "GET", "/onepassword/vaults", import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<import("effect/Schema").Struct<{
|
|
36
25
|
readonly authKind: import("effect/Schema").Literals<readonly ["desktop-app", "service-account"]>;
|
|
37
26
|
readonly account: import("effect/Schema").String;
|
|
38
27
|
}>>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").StringTree<never>, import("effect/unstable/httpapi/HttpApiEndpoint").Json<import("effect/Schema").Struct<{
|
package/dist/sdk/index.d.ts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
1
|
export { onepasswordPlugin, makeOnePasswordStore, type OnePasswordExtension, type OnePasswordPluginOptions, type OnePasswordStore, } from "./plugin";
|
|
2
|
-
export { OnePasswordConfig, Vault, ConnectionStatus, OnePasswordAuth, DesktopAppAuth, ServiceAccountAuth, } from "./types";
|
|
2
|
+
export { OnePasswordConfig, RedactedOnePasswordConfig, RedactedOnePasswordAuth, redactConfig, Vault, ConnectionStatus, OnePasswordAuth, DesktopAppAuth, ServiceAccountAuth, } from "./types";
|
|
3
3
|
export { OnePasswordError } from "./errors";
|
|
4
4
|
export { makeOnePasswordService, makeNativeSdkService, makeCliService, OnePasswordServiceTag, type OnePasswordService, type ResolvedAuth, } from "./service";
|