@lifestreamdynamics/vault-cli 1.0.0

package/dist/commands/versions.js

@@ -0,0 +1,219 @@
+import chalk from 'chalk';
+import { getClient } from '../client.js';
+import { addGlobalFlags, resolveFlags } from '../utils/flags.js';
+import { createOutput, handleError } from '../utils/output.js';
+export function registerVersionCommands(program) {
+    const versions = program.command('versions').description('View and manage document version history');
+    addGlobalFlags(versions.command('list')
+        .description('List version history for a document')
+        .argument('<vaultId>', 'Vault ID')
+        .argument('<path>', 'Document path (e.g., notes/todo.md)')
+        .addHelpText('after', `
+EXAMPLES
+  lsvault versions list abc123 notes/todo.md`))
+        .action(async (vaultId, docPath, _opts) => {
+        const flags = resolveFlags(_opts);
+        const out = createOutput(flags);
+        out.startSpinner('Fetching versions...');
+        try {
+            const client = getClient();
+            const versionList = await client.documents.listVersions(vaultId, docPath);
+            out.stopSpinner();
+            out.list(versionList.map(v => ({
+                version: v.versionNum,
+                source: v.changeSource,
+                sizeBytes: v.sizeBytes,
+                pinned: v.isPinned ? 'yes' : 'no',
+                createdAt: v.createdAt,
+            })), {
+                emptyMessage: 'No versions found.',
+                columns: [
+                    { key: 'version', header: 'Version' },
+                    { key: 'source', header: 'Source' },
+                    { key: 'sizeBytes', header: 'Size' },
+                    { key: 'pinned', header: 'Pinned' },
+                    { key: 'createdAt', header: 'Created' },
+                ],
+                textFn: (v) => {
+                    const pin = v.pinned === 'yes' ? chalk.yellow(' [pinned]') : '';
+                    return `v${String(v.version)} ${chalk.dim(String(v.source))} ${chalk.dim(String(v.sizeBytes) + 'B')} ${chalk.dim(String(v.createdAt))}${pin}`;
+                },
+            });
+            if (flags.output === 'text' && versionList.length > 0) {
+                out.status(chalk.dim(`\n${versionList.length} version(s)`));
+            }
+        }
+        catch (err) {
+            handleError(out, err, 'Failed to fetch versions');
+        }
+    });
+    addGlobalFlags(versions.command('view')
+        .description('View content of a specific version')
+        .argument('<vaultId>', 'Vault ID')
+        .argument('<path>', 'Document path')
+        .argument('<version>', 'Version number')
+        .addHelpText('after', `
+EXAMPLES
+  lsvault versions view abc123 notes/todo.md 3`))
+        .action(async (vaultId, docPath, versionStr, _opts) => {
+        const flags = resolveFlags(_opts);
+        const out = createOutput(flags);
+        const versionNum = parseInt(versionStr, 10);
+        if (isNaN(versionNum)) {
+            out.error('Version must be a number');
+            process.exitCode = 1;
+            return;
+        }
+        try {
+            const client = getClient();
+            const version = await client.documents.getVersion(vaultId, docPath, versionNum);
+            if (version.content === null) {
+                out.error('Version content is no longer available (expired or pruned)');
+                process.exitCode = 1;
+                return;
+            }
+            out.raw(version.content);
+        }
+        catch (err) {
+            handleError(out, err, 'Failed to get version');
+        }
+    });
+    addGlobalFlags(versions.command('diff')
+        .description('Show diff between two versions')
+        .argument('<vaultId>', 'Vault ID')
+        .argument('<path>', 'Document path')
+        .argument('<from>', 'Source version number')
+        .argument('<to>', 'Target version number')
+        .addHelpText('after', `
+EXAMPLES
+  lsvault versions diff abc123 notes/todo.md 1 3`))
+        .action(async (vaultId, docPath, fromStr, toStr, _opts) => {
+        const flags = resolveFlags(_opts);
+        const out = createOutput(flags);
+        const from = parseInt(fromStr, 10);
+        const to = parseInt(toStr, 10);
+        if (isNaN(from) || isNaN(to)) {
+            out.error('Version numbers must be integers');
+            process.exitCode = 1;
+            return;
+        }
+        out.startSpinner('Computing diff...');
+        try {
+            const client = getClient();
+            const diff = await client.documents.diffVersions(vaultId, docPath, from, to);
+            out.stopSpinner();
+            if (flags.output === 'json') {
+                out.raw(JSON.stringify(diff, null, 2));
+            }
+            else {
+                out.status(`Diff: v${diff.fromVersion} -> v${diff.toVersion}\n`);
+                for (const change of diff.changes) {
+                    if (change.added) {
+                        out.raw(chalk.green(`+ ${change.value.replace(/\n$/, '')}`));
+                    }
+                    else if (change.removed) {
+                        out.raw(chalk.red(`- ${change.value.replace(/\n$/, '')}`));
+                    }
+                    else {
+                        out.raw(chalk.dim(`  ${change.value.replace(/\n$/, '')}`));
+                    }
+                }
+            }
+        }
+        catch (err) {
+            handleError(out, err, 'Failed to compute diff');
+        }
+    });
+    addGlobalFlags(versions.command('restore')
+        .description('Restore a document to a previous version')
+        .argument('<vaultId>', 'Vault ID')
+        .argument('<path>', 'Document path')
+        .argument('<version>', 'Version number to restore')
+        .addHelpText('after', `
+EXAMPLES
+  lsvault versions restore abc123 notes/todo.md 2`))
+        .action(async (vaultId, docPath, versionStr, _opts) => {
+        const flags = resolveFlags(_opts);
+        const out = createOutput(flags);
+        const versionNum = parseInt(versionStr, 10);
+        if (isNaN(versionNum)) {
+            out.error('Version must be a number');
+            process.exitCode = 1;
+            return;
+        }
+        out.startSpinner(`Restoring to version ${versionNum}...`);
+        try {
+            const client = getClient();
+            const doc = await client.documents.restoreVersion(vaultId, docPath, versionNum);
+            out.success(`Restored ${chalk.cyan(docPath)} to version ${versionNum}`, {
+                path: doc.path,
+                version: versionNum,
+            });
+        }
+        catch (err) {
+            handleError(out, err, 'Failed to restore version');
+        }
+    });
+    addGlobalFlags(versions.command('pin')
+        .description('Pin a version to prevent pruning')
+        .argument('<vaultId>', 'Vault ID')
+        .argument('<path>', 'Document path')
+        .argument('<version>', 'Version number to pin')
+        .addHelpText('after', `
+EXAMPLES
+  lsvault versions pin abc123 notes/todo.md 5`))
+        .action(async (vaultId, docPath, versionStr, _opts) => {
+        const flags = resolveFlags(_opts);
+        const out = createOutput(flags);
+        const versionNum = parseInt(versionStr, 10);
+        if (isNaN(versionNum)) {
+            out.error('Version must be a number');
+            process.exitCode = 1;
+            return;
+        }
+        out.startSpinner(`Pinning version ${versionNum}...`);
+        try {
+            const client = getClient();
+            await client.documents.pinVersion(vaultId, docPath, versionNum);
+            out.success(`Pinned version ${versionNum} of ${chalk.cyan(docPath)}`, {
+                path: docPath,
+                version: versionNum,
+                pinned: true,
+            });
+        }
+        catch (err) {
+            handleError(out, err, 'Failed to pin version');
+        }
+    });
+    addGlobalFlags(versions.command('unpin')
+        .description('Unpin a version, allowing it to be pruned')
+        .argument('<vaultId>', 'Vault ID')
+        .argument('<path>', 'Document path')
+        .argument('<version>', 'Version number to unpin')
+        .addHelpText('after', `
+EXAMPLES
+  lsvault versions unpin abc123 notes/todo.md 5`))
+        .action(async (vaultId, docPath, versionStr, _opts) => {
+        const flags = resolveFlags(_opts);
+        const out = createOutput(flags);
+        const versionNum = parseInt(versionStr, 10);
+        if (isNaN(versionNum)) {
+            out.error('Version must be a number');
+            process.exitCode = 1;
+            return;
+        }
+        out.startSpinner(`Unpinning version ${versionNum}...`);
+        try {
+            const client = getClient();
+            await client.documents.unpinVersion(vaultId, docPath, versionNum);
+            out.success(`Unpinned version ${versionNum} of ${chalk.cyan(docPath)}`, {
+                path: docPath,
+                version: versionNum,
+                pinned: false,
+            });
+        }
+        catch (err) {
+            handleError(out, err, 'Failed to unpin version');
+        }
+    });
+}

package/dist/commands/webhooks.d.ts

@@ -0,0 +1,2 @@
+import type { Command } from 'commander';
+export declare function registerWebhookCommands(program: Command): void;

package/dist/commands/webhooks.js

@@ -0,0 +1,181 @@
+import chalk from 'chalk';
+import { getClient } from '../client.js';
+import { addGlobalFlags, resolveFlags } from '../utils/flags.js';
+import { createOutput, handleError } from '../utils/output.js';
+export function registerWebhookCommands(program) {
+    const webhooks = program.command('webhooks').description('Manage vault webhooks');
+    addGlobalFlags(webhooks.command('list')
+        .description('List all webhooks for a vault')
+        .argument('<vaultId>', 'Vault ID'))
+        .action(async (vaultId, _opts) => {
+        const flags = resolveFlags(_opts);
+        const out = createOutput(flags);
+        out.startSpinner('Fetching webhooks...');
+        try {
+            const client = getClient();
+            const webhookList = await client.webhooks.list(vaultId);
+            out.stopSpinner();
+            out.list(webhookList.map(wh => ({
+                url: wh.url,
+                id: wh.id,
+                events: wh.events.join(', '),
+                isActive: wh.isActive,
+            })), {
+                emptyMessage: 'No webhooks found.',
+                columns: [
+                    { key: 'url', header: 'URL' },
+                    { key: 'events', header: 'Events' },
+                    { key: 'isActive', header: 'Active' },
+                ],
+                textFn: (wh) => {
+                    const lines = [chalk.cyan(`  ${String(wh.url)}`)];
+                    lines.push(`  ID:     ${String(wh.id)}`);
+                    lines.push(`  Events: ${String(wh.events)}`);
+                    lines.push(`  Active: ${wh.isActive ? chalk.green('Yes') : chalk.red('No')}`);
+                    return lines.join('\n');
+                },
+            });
+        }
+        catch (err) {
+            handleError(out, err, 'Failed to fetch webhooks');
+        }
+    });
+    addGlobalFlags(webhooks.command('create')
+        .description('Create a new webhook')
+        .argument('<vaultId>', 'Vault ID')
+        .argument('<url>', 'Webhook endpoint URL')
+        .option('--events <events>', 'Comma-separated events (e.g., create,update,delete)', 'create,update,delete'))
+        .action(async (vaultId, url, _opts) => {
+        const flags = resolveFlags(_opts);
+        const out = createOutput(flags);
+        out.startSpinner('Creating webhook...');
+        try {
+            const client = getClient();
+            const params = {
+                url,
+                events: String(_opts.events || 'create,update,delete').split(',').map((e) => e.trim()),
+            };
+            const webhook = await client.webhooks.create(vaultId, params);
+            out.stopSpinner();
+            if (flags.output === 'json') {
+                out.record({
+                    id: webhook.id,
+                    url: webhook.url,
+                    events: webhook.events.join(', '),
+                    secret: webhook.secret,
+                });
+            }
+            else {
+                out.warn('\nIMPORTANT: Save this secret securely. It cannot be retrieved later.\n');
+                process.stdout.write(chalk.green.bold(`Secret: ${webhook.secret}\n`));
+                process.stdout.write(`\nID:     ${webhook.id}\n`);
+                process.stdout.write(`URL:    ${webhook.url}\n`);
+                process.stdout.write(`Events: ${webhook.events.join(', ')}\n`);
+            }
+        }
+        catch (err) {
+            handleError(out, err, 'Failed to create webhook');
+        }
+    });
+    addGlobalFlags(webhooks.command('update')
+        .description('Update a webhook')
+        .argument('<vaultId>', 'Vault ID')
+        .argument('<webhookId>', 'Webhook ID')
+        .option('--url <url>', 'New webhook URL')
+        .option('--events <events>', 'Comma-separated events')
+        .option('--active', 'Mark webhook as active')
+        .option('--inactive', 'Mark webhook as inactive'))
+        .action(async (vaultId, webhookId, _opts) => {
+        const flags = resolveFlags(_opts);
+        const out = createOutput(flags);
+        if (!_opts.url && !_opts.events && !_opts.active && !_opts.inactive) {
+            out.error('Must specify at least one update option (--url, --events, --active, or --inactive)');
+            process.exitCode = 2;
+            return;
+        }
+        out.startSpinner('Updating webhook...');
+        try {
+            const client = getClient();
+            const params = {};
+            if (_opts.url)
+                params.url = String(_opts.url);
+            if (_opts.events)
+                params.events = String(_opts.events).split(',').map((e) => e.trim());
+            if (_opts.active)
+                params.isActive = true;
+            if (_opts.inactive)
+                params.isActive = false;
+            const updated = await client.webhooks.update(vaultId, webhookId, params);
+            out.success('Webhook updated successfully', {
+                url: updated.url,
+                events: updated.events.join(', '),
+                isActive: updated.isActive,
+            });
+        }
+        catch (err) {
+            handleError(out, err, 'Failed to update webhook');
+        }
+    });
+    addGlobalFlags(webhooks.command('delete')
+        .description('Delete a webhook')
+        .argument('<vaultId>', 'Vault ID')
+        .argument('<webhookId>', 'Webhook ID'))
+        .action(async (vaultId, webhookId, _opts) => {
+        const flags = resolveFlags(_opts);
+        const out = createOutput(flags);
+        out.startSpinner('Deleting webhook...');
+        try {
+            const client = getClient();
+            await client.webhooks.delete(vaultId, webhookId);
+            out.success('Webhook deleted successfully', { id: webhookId, deleted: true });
+        }
+        catch (err) {
+            handleError(out, err, 'Failed to delete webhook');
+        }
+    });
+    addGlobalFlags(webhooks.command('deliveries')
+        .description('List recent deliveries for a webhook')
+        .argument('<vaultId>', 'Vault ID')
+        .argument('<webhookId>', 'Webhook ID'))
+        .action(async (vaultId, webhookId, _opts) => {
+        const flags = resolveFlags(_opts);
+        const out = createOutput(flags);
+        out.startSpinner('Fetching deliveries...');
+        try {
+            const client = getClient();
+            const deliveries = await client.webhooks.listDeliveries(vaultId, webhookId);
+            out.stopSpinner();
+            out.list(deliveries.map(d => ({
+                id: d.id,
+                statusCode: d.statusCode,
+                attempt: d.attempt,
+                error: d.error || null,
+                deliveredAt: d.deliveredAt || null,
+                createdAt: d.createdAt,
+            })), {
+                emptyMessage: 'No deliveries found.',
+                columns: [
+                    { key: 'statusCode', header: 'Status' },
+                    { key: 'id', header: 'ID' },
+                    { key: 'attempt', header: 'Attempt' },
+                    { key: 'createdAt', header: 'Time' },
+                ],
+                textFn: (d) => {
+                    const statusStr = d.statusCode !== null
+                        ? (Number(d.statusCode) < 300 ? chalk.green(String(d.statusCode)) : chalk.red(String(d.statusCode)))
+                        : chalk.red('FAILED');
+                    const lines = [`  ${statusStr}  ${String(d.id)}  (attempt ${String(d.attempt)})`];
+                    if (d.error)
+                        lines.push(`  Error: ${chalk.red(String(d.error))}`);
+                    if (d.deliveredAt)
+                        lines.push(`  Delivered: ${new Date(String(d.deliveredAt)).toLocaleString()}`);
+                    lines.push(`  Created: ${new Date(String(d.createdAt)).toLocaleString()}`);
+                    return lines.join('\n');
+                },
+            });
+        }
+        catch (err) {
+            handleError(out, err, 'Failed to fetch deliveries');
+        }
+    });
+}

package/dist/config.d.ts

@@ -0,0 +1,24 @@
+import { type CredentialManager } from './lib/credential-manager.js';
+export interface CliConfig {
+    apiUrl: string;
+    apiKey?: string;
+    accessToken?: string;
+    refreshToken?: string;
+}
+export declare function getCredentialManager(): CredentialManager;
+/**
+ * Sets the credential manager instance (for testing).
+ */
+export declare function setCredentialManager(cm: CredentialManager): void;
+/**
+ * Loads config synchronously from env vars and plaintext config file.
+ * This is the legacy loader — still used by commands that need sync access.
+ * For secure credential loading, use loadConfigAsync().
+ */
+export declare function loadConfig(): CliConfig;
+/**
+ * Loads config with secure credential resolution.
+ * Priority: env vars > keychain > encrypted config > plaintext config (deprecated).
+ */
+export declare function loadConfigAsync(): Promise<CliConfig>;
+export declare function saveConfig(config: Partial<CliConfig>): void;

package/dist/config.js

@@ -0,0 +1,88 @@
+import fs from 'node:fs';
+import path from 'node:path';
+import os from 'node:os';
+import { createCredentialManager } from './lib/credential-manager.js';
+const CONFIG_DIR = path.join(os.homedir(), '.lsvault');
+const CONFIG_FILE = path.join(CONFIG_DIR, 'config.json');
+// Singleton credential manager
+let _credentialManager;
+export function getCredentialManager() {
+    if (!_credentialManager) {
+        _credentialManager = createCredentialManager();
+    }
+    return _credentialManager;
+}
+/**
+ * Sets the credential manager instance (for testing).
+ */
+export function setCredentialManager(cm) {
+    _credentialManager = cm;
+}
+/**
+ * Loads config synchronously from env vars and plaintext config file.
+ * This is the legacy loader — still used by commands that need sync access.
+ * For secure credential loading, use loadConfigAsync().
+ */
+export function loadConfig() {
+    const config = {
+        apiUrl: process.env.LSVAULT_API_URL || 'http://localhost:4660',
+    };
+    if (process.env.LSVAULT_API_KEY) {
+        config.apiKey = process.env.LSVAULT_API_KEY;
+    }
+    // Read config file if it exists
+    if (fs.existsSync(CONFIG_FILE)) {
+        const fileConfig = JSON.parse(fs.readFileSync(CONFIG_FILE, 'utf-8'));
+        if (fileConfig.apiUrl)
+            config.apiUrl = fileConfig.apiUrl;
+        if (fileConfig.apiKey && !config.apiKey)
+            config.apiKey = fileConfig.apiKey;
+    }
+    return config;
+}
+/**
+ * Loads config with secure credential resolution.
+ * Priority: env vars > keychain > encrypted config > plaintext config (deprecated).
+ */
+export async function loadConfigAsync() {
+    const cm = getCredentialManager();
+    const secureCreds = await cm.getCredentials();
+    const config = {
+        apiUrl: secureCreds.apiUrl || process.env.LSVAULT_API_URL || 'http://localhost:4660',
+    };
+    // Load JWT tokens if available
+    if (secureCreds.accessToken) {
+        config.accessToken = secureCreds.accessToken;
+    }
+    if (secureCreds.refreshToken) {
+        config.refreshToken = secureCreds.refreshToken;
+    }
+    if (secureCreds.apiKey) {
+        config.apiKey = secureCreds.apiKey;
+        return config;
+    }
+    // JWT tokens are sufficient auth (no API key needed)
+    if (config.accessToken) {
+        return config;
+    }
+    // Fall back to plaintext config (deprecated)
+    if (fs.existsSync(CONFIG_FILE)) {
+        const fileConfig = JSON.parse(fs.readFileSync(CONFIG_FILE, 'utf-8'));
+        if (fileConfig.apiUrl && !config.apiUrl)
+            config.apiUrl = fileConfig.apiUrl;
+        if (fileConfig.apiKey && !config.apiKey)
+            config.apiKey = fileConfig.apiKey;
+    }
+    return config;
+}
+export function saveConfig(config) {
+    if (!fs.existsSync(CONFIG_DIR)) {
+        fs.mkdirSync(CONFIG_DIR, { recursive: true });
+    }
+    let existing = {};
+    if (fs.existsSync(CONFIG_FILE)) {
+        existing = JSON.parse(fs.readFileSync(CONFIG_FILE, 'utf-8'));
+    }
+    const merged = { ...existing, ...config };
+    fs.writeFileSync(CONFIG_FILE, JSON.stringify(merged, null, 2) + '\n');
+}

package/dist/index.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};

package/dist/index.js

@@ -0,0 +1,63 @@
+#!/usr/bin/env node
+import { Command } from 'commander';
+import { registerAuthCommands } from './commands/auth.js';
+import { registerVaultCommands } from './commands/vaults.js';
+import { registerDocCommands } from './commands/docs.js';
+import { registerSearchCommands } from './commands/search.js';
+import { registerKeyCommands } from './commands/keys.js';
+import { registerUserCommands } from './commands/user.js';
+import { registerSubscriptionCommands } from './commands/subscription.js';
+import { registerTeamCommands } from './commands/teams.js';
+import { registerAuditCommands } from './commands/audit.js';
+import { registerAdminCommands } from './commands/admin.js';
+import { registerConnectorCommands } from './commands/connectors.js';
+import { registerShareCommands } from './commands/shares.js';
+import { registerPublishCommands } from './commands/publish.js';
+import { registerHookCommands } from './commands/hooks.js';
+import { registerWebhookCommands } from './commands/webhooks.js';
+import { registerConfigCommands } from './commands/config.js';
+import { registerSyncCommands } from './commands/sync.js';
+import { registerVersionCommands } from './commands/versions.js';
+const program = new Command();
+program
+    .name('lsvault')
+    .description('Lifestream Vault CLI - manage vaults, documents, and settings')
+    .version('0.1.0')
+    .addHelpText('after', `
+GETTING STARTED
+  lsvault auth login --email <email>         Log in with email/password
+  lsvault auth login --api-key <key>         Log in with an API key
+  lsvault config use <profile>               Switch configuration profile
+
+COMMON WORKFLOWS
+  lsvault vaults list                        List your vaults
+  lsvault docs list <vaultId>                List documents in a vault
+  lsvault search <query>                     Search across documents
+  lsvault docs get <vaultId> <path>          Print document content to stdout
+
+CONFIGURATION
+  lsvault config set <key> <value>           Set a config value
+  lsvault config profiles                    List available profiles
+
+LEARN MORE
+  lsvault <command> --help                   Show help for a command
+  lsvault <command> <subcommand> --help      Show help for a subcommand`);
+registerAuthCommands(program);
+registerVaultCommands(program);
+registerDocCommands(program);
+registerSearchCommands(program);
+registerKeyCommands(program);
+registerUserCommands(program);
+registerSubscriptionCommands(program);
+registerTeamCommands(program);
+registerAuditCommands(program);
+registerAdminCommands(program);
+registerConnectorCommands(program);
+registerShareCommands(program);
+registerPublishCommands(program);
+registerHookCommands(program);
+registerWebhookCommands(program);
+registerConfigCommands(program);
+registerSyncCommands(program);
+registerVersionCommands(program);
+program.parse();

package/dist/lib/credential-manager.d.ts

@@ -0,0 +1,48 @@
+import type { CliConfig } from '../config.js';
+import { type KeychainBackend } from './keychain.js';
+import { type EncryptedConfigBackend } from './encrypted-config.js';
+export type StorageMethod = 'env' | 'keychain' | 'encrypted-config' | 'plaintext-config' | 'none';
+export interface CredentialManager {
+    /**
+     * Resolves credentials using the priority chain:
+     * 1. Environment variables
+     * 2. OS Keychain (keytar)
+     * 3. Encrypted config (~/.lsvault/credentials.enc)
+     *
+     * Does NOT read plaintext config — that's handled by loadConfig() for
+     * backwards compat with a migration warning.
+     */
+    getCredentials(): Promise<Partial<CliConfig>>;
+    /**
+     * Saves credentials to the best available backend.
+     * Prefers keychain, falls back to encrypted config.
+     */
+    saveCredentials(config: Partial<CliConfig>): Promise<void>;
+    /**
+     * Clears credentials from all secure backends.
+     */
+    clearCredentials(): Promise<void>;
+    /**
+     * Returns the storage method that currently holds credentials.
+     */
+    getStorageMethod(): Promise<StorageMethod>;
+    /**
+     * Retrieve the encryption key for a vault.
+     * Looks up from environment, then keychain, then encrypted config.
+     */
+    getVaultKey(vaultId: string): Promise<string | null>;
+    /**
+     * Save a vault encryption key to the best available backend.
+     */
+    saveVaultKey(vaultId: string, keyHex: string): Promise<void>;
+    /**
+     * Delete a vault encryption key from all backends.
+     */
+    deleteVaultKey(vaultId: string): Promise<void>;
+}
+export interface CredentialManagerOptions {
+    keychain?: KeychainBackend;
+    encryptedConfig?: EncryptedConfigBackend;
+    passphrase?: string;
+}
+export declare function createCredentialManager(options?: CredentialManagerOptions): CredentialManager;