@partrocks/tokenvault 0.1.3 → 0.1.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/dist/index.d.ts +5 -1
  2. package/dist/index.js +35 -13
  3. package/dist/index.js.map +1 -1
  4. package/package.json +1 -1
package/dist/index.d.ts CHANGED
@@ -54,6 +54,8 @@ type Logger = {
54
54
  type ValidationContext = {
55
55
  profileId: string;
56
56
  capability: Capability;
57
+ /** When resolving a named slot (`multi` profile mode). */
58
+ selectionName?: string;
57
59
  };
58
60
 
59
61
  type TokenVaultBootstrapProvider = {
@@ -110,7 +112,9 @@ type TokenVault = {
110
112
  /** Profile used by `key()` and `setCapabilityModel` (default: bootstrap profile). */
111
113
  useProfile: (profileId: string) => void;
112
114
  get activeProfileId(): string;
113
- key: (capability: Capability | string) => Promise<VaultResolution>;
115
+ key: (capability: Capability | string, options?: {
116
+ selection?: string;
117
+ }) => Promise<VaultResolution>;
114
118
  setCapabilityModel: (capability: Capability | string, connectionId: string, modelId: string) => Promise<void>;
115
119
  };
116
120
  declare function createTokenVault(options: CreateTokenVaultOptions): TokenVault;
package/dist/index.js CHANGED
@@ -172,16 +172,25 @@ async function connectionExists(runner, connectionId) {
172
172
  const r = await runner.runJson(["connection", "inspect", connectionId]);
173
173
  return r.code === 0;
174
174
  }
175
- async function tryResolve(runner, provider, profileId, capability) {
176
- const r = await runner.runJson([
175
+ async function tryResolve(runner, provider, profileId, capability, selectionName) {
176
+ const argv = [
177
177
  "resolve",
178
178
  profileId,
179
179
  "--capability",
180
180
  capability,
181
181
  "--with-secret"
182
- ]);
182
+ ];
183
+ const trimmed = selectionName?.trim();
184
+ if (trimmed) {
185
+ argv.push("--selection", trimmed);
186
+ }
187
+ const r = await runner.runJson(argv);
183
188
  if (r.code !== 0) return null;
184
- return parseResolveStdout(r.stdout, provider, { profileId, capability });
189
+ return parseResolveStdout(r.stdout, provider, {
190
+ profileId,
191
+ capability,
192
+ ...trimmed ? { selectionName: trimmed } : {}
193
+ });
185
194
  }
186
195
  async function bootstrapVaultProfile(ctx, runner) {
187
196
  const { provider, ids, bootstrapCapability, defaultModelId, logger, appLabel } = ctx;
@@ -279,7 +288,8 @@ async function ensureBootstrapCapability(runner, ctx) {
279
288
  runner,
280
289
  provider,
281
290
  ids.profileId,
282
- bootstrapCapability
291
+ bootstrapCapability,
292
+ void 0
283
293
  );
284
294
  if (!cfg && await connectionExists(runner, ids.connectionId) && provider.refreshModelsAfterBootstrap) {
285
295
  const code = await runner.runInherit([
@@ -292,7 +302,8 @@ async function ensureBootstrapCapability(runner, ctx) {
292
302
  runner,
293
303
  provider,
294
304
  ids.profileId,
295
- bootstrapCapability
305
+ bootstrapCapability,
306
+ void 0
296
307
  );
297
308
  }
298
309
  }
@@ -302,7 +313,8 @@ async function ensureBootstrapCapability(runner, ctx) {
302
313
  runner,
303
314
  provider,
304
315
  ids.profileId,
305
- bootstrapCapability
316
+ bootstrapCapability,
317
+ void 0
306
318
  );
307
319
  }
308
320
  if (!cfg) {
@@ -312,20 +324,29 @@ async function ensureBootstrapCapability(runner, ctx) {
312
324
  }
313
325
  return cfg;
314
326
  }
315
- async function resolveWithSecret(runner, provider, profileId, capability) {
316
- const r = await runner.runJson([
327
+ async function resolveWithSecret(runner, provider, profileId, capability, selectionName) {
328
+ const argv = [
317
329
  "resolve",
318
330
  profileId,
319
331
  "--capability",
320
332
  capability,
321
333
  "--with-secret"
322
- ]);
334
+ ];
335
+ const trimmed = selectionName?.trim();
336
+ if (trimmed) {
337
+ argv.push("--selection", trimmed);
338
+ }
339
+ const r = await runner.runJson(argv);
323
340
  if (r.code !== 0) {
324
341
  throw new Error(
325
342
  r.stderr || r.stdout || `tokenvault resolve failed (exit ${r.code}) for profile "${profileId}" capability "${capability}"`
326
343
  );
327
344
  }
328
- return parseResolveStdout(r.stdout, provider, { profileId, capability });
345
+ return parseResolveStdout(r.stdout, provider, {
346
+ profileId,
347
+ capability,
348
+ ...trimmed ? { selectionName: trimmed } : {}
349
+ });
329
350
  }
330
351
  async function listVaultSnapshot(runner) {
331
352
  const r = await runner.runJson(["list"]);
@@ -569,13 +590,14 @@ function createTokenVault(options) {
569
590
  get activeProfileId() {
570
591
  return resolveProfileId;
571
592
  },
572
- async key(capability) {
593
+ async key(capability, options2) {
573
594
  const cap = typeof capability === "string" ? assertCapability(capability) : capability;
574
595
  return await resolveWithSecret(
575
596
  runner,
576
597
  provider,
577
598
  resolveProfileId,
578
- cap
599
+ cap,
600
+ options2?.selection
579
601
  );
580
602
  },
581
603
  async setCapabilityModel(capability, connectionId, modelId) {
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/capability.ts","../src/bootstrap.ts","../src/parse.ts","../src/executable.ts","../src/logger.ts","../src/runner.ts","../src/env.ts","../src/facade.ts","../src/provider.ts"],"sourcesContent":["/** Aligned with tokenVault `src/domain/capability.ts` — keep in sync when adding capabilities. */\nexport const CAPABILITY = {\n chat: \"chat\",\n reasoning: \"reasoning\",\n embeddings: \"embeddings\",\n image: \"image\",\n audio: \"audio\",\n vision: \"vision\",\n tools: \"tools\",\n} as const;\n\nexport type Capability = (typeof CAPABILITY)[keyof typeof CAPABILITY];\n\nconst CAP_VALUES: readonly string[] = Object.values(CAPABILITY);\n\nexport function isCapability(s: string): s is Capability {\n return CAP_VALUES.includes(s);\n}\n\nexport function assertCapability(s: string): Capability {\n if (!isCapability(s)) {\n throw new Error(\n `Unknown capability \"${s}\". Expected one of: ${CAP_VALUES.join(\", \")}`,\n );\n }\n return s;\n}\n","import * as readline from \"node:readline\";\nimport isInCi from \"is-in-ci\";\nimport type { Capability } from \"./capability.ts\";\nimport { parseResolveStdout, parseVaultListPayload } from \"./parse.ts\";\nimport type { TokenVaultBootstrapProvider } from \"./provider.ts\";\nimport type { VaultCliRunner } from \"./runner.ts\";\nimport type {\n ListPayload,\n Logger,\n VaultListResult,\n VaultResolution,\n} from \"./types.ts\";\n\nexport type BootstrapIds = {\n profileId: string;\n connectionId: string;\n credentialId: string;\n};\n\nexport type BootstrapContext = {\n provider: TokenVaultBootstrapProvider;\n ids: BootstrapIds;\n bootstrapCapability: Capability;\n defaultModelId: string;\n appLabel: string;\n logger: Logger;\n allowInteractive: boolean;\n};\n\nfunction promptLine(question: string): Promise<string> {\n const rl = readline.createInterface({\n input: process.stdin,\n output: process.stderr,\n });\n return new Promise((resolve) => {\n rl.question(question, (answer) => {\n rl.close();\n resolve(answer.trim());\n });\n });\n}\n\nasync function addCredentialInteractive(\n ctx: BootstrapContext,\n runner: VaultCliRunner,\n): Promise<void> {\n const { provider, ids, logger } = ctx;\n const listR = await runner.runJson([\"list\"]);\n const payload =\n listR.code === 0 ? parseVaultListPayload(listR.stdout) : null;\n const picks = payload\n ? provider.listCredentialCopyPicks(payload, ids.profileId)\n : [];\n\n if (picks.length === 0) {\n logger.notice(\n `Adding API key to tokenVault for provider \"${provider.tokenvaultProviderId}\" (hidden input). Follow the tokenVault prompts if any appear.\\n`,\n );\n } else {\n console.error(\"\");\n logger.notice(\n `API key for tokenVault credential \"${ids.credentialId}\" (${provider.tokenvaultProviderId}):`,\n );\n logger.notice(\n \" 1) Enter a new API key (hidden input via tokenvault)\",\n );\n logger.notice(\n \" 2) Copy from another profile → connection → credential (reuse a stored key)\",\n );\n console.error(\"\");\n const raw = await promptLine(\"Choose 1 or 2 [1]: \");\n const mode = raw === \"\" ? \"1\" : raw;\n\n if (mode === \"2\") {\n console.error(\"\");\n for (let i = 0; i < picks.length; i++) {\n const x = picks[i]!;\n logger.notice(\n ` ${i + 1}) profile \"${x.profileId}\" → connection \"${x.connectionId}\" → credential \"${x.credentialId}\"`,\n );\n }\n console.error(\"\");\n const numRaw = await promptLine(\n `Enter 1–${picks.length} (or blank to enter a new key instead): `,\n );\n if (numRaw !== \"\") {\n const n = Number.parseInt(numRaw, 10);\n if (Number.isFinite(n) && n >= 1 && n <= picks.length) {\n const credId = picks[n - 1]!.credentialId;\n const copyR = await runner.runJson([\n \"credential\",\n \"copy\",\n credId,\n ids.credentialId,\n ]);\n if (copyR.code === 0) {\n console.error(\"\");\n return;\n }\n throw new Error(\n copyR.stderr ||\n copyR.stdout ||\n `tokenvault credential copy failed (exit ${copyR.code})`,\n );\n }\n }\n logger.notice(\"\\nUsing new API key entry.\\n\");\n }\n\n logger.notice(\"Follow the tokenVault prompts (hidden API key).\\n\");\n }\n\n const code = await runner.runInherit([\n \"credential\",\n \"add\",\n provider.tokenvaultProviderId,\n ids.credentialId,\n ]);\n if (code !== 0) {\n throw new Error(`tokenvault credential add failed (exit ${code})`);\n }\n}\n\nasync function profileExists(\n runner: VaultCliRunner,\n profileId: string,\n): Promise<boolean> {\n const r = await runner.runJson([\"list\"]);\n if (r.code !== 0) return false;\n let payload: ListPayload;\n try {\n payload = JSON.parse(r.stdout) as ListPayload;\n } catch {\n return false;\n }\n return Boolean(payload.profiles?.some((p) => p.id === profileId));\n}\n\nasync function credentialExists(\n runner: VaultCliRunner,\n credentialId: string,\n): Promise<boolean> {\n const r = await runner.runJson([\"credential\", \"inspect\", credentialId]);\n return r.code === 0;\n}\n\nasync function connectionExists(\n runner: VaultCliRunner,\n connectionId: string,\n): Promise<boolean> {\n const r = await runner.runJson([\"connection\", \"inspect\", connectionId]);\n return r.code === 0;\n}\n\nasync function tryResolve(\n runner: VaultCliRunner,\n provider: TokenVaultBootstrapProvider,\n profileId: string,\n capability: Capability,\n): Promise<VaultResolution | null> {\n const r = await runner.runJson([\n \"resolve\",\n profileId,\n \"--capability\",\n capability,\n \"--with-secret\",\n ]);\n if (r.code !== 0) return null;\n return parseResolveStdout(r.stdout, provider, { profileId, capability });\n}\n\nasync function bootstrapVaultProfile(\n ctx: BootstrapContext,\n runner: VaultCliRunner,\n): Promise<void> {\n const { provider, ids, bootstrapCapability, defaultModelId, logger, appLabel } =\n ctx;\n\n if (!ctx.allowInteractive) {\n throw new Error(\n `tokenVault profile \"${ids.profileId}\" is not usable in this environment. Configure it interactively on a TTY, or run the tokenvault commands from the tokenVault README for profile \"${ids.profileId}\".`,\n );\n }\n\n console.error(\"\");\n logger.notice(\n `${appLabel}: tokenVault profile \"${ids.profileId}\" is missing or incomplete. Setting up credential \"${ids.credentialId}\" and wiring the profile.`,\n );\n console.error(\"\");\n\n if (!(await profileExists(runner, ids.profileId))) {\n const r = await runner.runJson([\"profile\", \"create\", ids.profileId]);\n if (r.code !== 0) {\n throw new Error(\n r.stderr || r.stdout || `tokenvault profile create failed (exit ${r.code})`,\n );\n }\n }\n\n if (!(await credentialExists(runner, ids.credentialId))) {\n await addCredentialInteractive(ctx, runner);\n }\n\n if (!(await connectionExists(runner, ids.connectionId))) {\n const r = await runner.runJson([\n \"connection\",\n \"add\",\n provider.tokenvaultProviderId,\n ids.connectionId,\n \"--credential\",\n ids.credentialId,\n ]);\n if (r.code !== 0) {\n throw new Error(\n r.stderr ||\n r.stdout ||\n `tokenvault connection add failed (exit ${r.code})`,\n );\n }\n }\n\n {\n const r = await runner.runJson([\n \"profile\",\n \"attach\",\n ids.profileId,\n ids.connectionId,\n ]);\n if (r.code !== 0) {\n throw new Error(\n r.stderr ||\n r.stdout ||\n `tokenvault profile attach failed (exit ${r.code})`,\n );\n }\n }\n\n if (provider.refreshModelsAfterBootstrap) {\n logger.notice(\"Refreshing model cache in tokenVault…\\n\");\n const code = await runner.runInherit([\n \"connection\",\n \"refresh-models\",\n ids.connectionId,\n ]);\n if (code !== 0) {\n throw new Error(\n `tokenvault connection refresh-models failed (exit ${code})`,\n );\n }\n }\n\n {\n const r = await runner.runJson([\n \"profile\",\n \"select\",\n ids.profileId,\n bootstrapCapability,\n ids.connectionId,\n defaultModelId,\n ]);\n if (r.code !== 0) {\n throw new Error(\n r.stderr ||\n r.stdout ||\n `tokenvault profile select failed (exit ${r.code}). Try: tokenvault connection refresh-models ${ids.connectionId}`,\n );\n }\n }\n\n console.error(\"\");\n logger.success(\n `${appLabel}: tokenVault profile \"${ids.profileId}\" is ready.\\n`,\n );\n}\n\nexport function interactiveSetupAllowed(\n allowInteractiveBootstrap?: boolean,\n): boolean {\n if (allowInteractiveBootstrap === false) return false;\n if (allowInteractiveBootstrap === true) return true;\n return Boolean(process.stdin.isTTY) && !isInCi;\n}\n\nexport async function ensureBootstrapCapability(\n runner: VaultCliRunner,\n ctx: BootstrapContext,\n): Promise<VaultResolution> {\n const { provider, ids, bootstrapCapability } = ctx;\n\n let cfg = await tryResolve(\n runner,\n provider,\n ids.profileId,\n bootstrapCapability,\n );\n if (\n !cfg &&\n (await connectionExists(runner, ids.connectionId)) &&\n provider.refreshModelsAfterBootstrap\n ) {\n const code = await runner.runInherit([\n \"connection\",\n \"refresh-models\",\n ids.connectionId,\n ]);\n if (code === 0) {\n cfg = await tryResolve(\n runner,\n provider,\n ids.profileId,\n bootstrapCapability,\n );\n }\n }\n\n if (!cfg) {\n await bootstrapVaultProfile(ctx, runner);\n cfg = await tryResolve(\n runner,\n provider,\n ids.profileId,\n bootstrapCapability,\n );\n }\n\n if (!cfg) {\n throw new Error(\n `Could not resolve tokenVault profile \"${ids.profileId}\" for capability \"${bootstrapCapability}\" after setup. See: tokenvault resolve ${ids.profileId} --capability ${bootstrapCapability} --json`,\n );\n }\n\n return cfg;\n}\n\nexport async function resolveWithSecret(\n runner: VaultCliRunner,\n provider: TokenVaultBootstrapProvider,\n profileId: string,\n capability: Capability,\n): Promise<VaultResolution> {\n const r = await runner.runJson([\n \"resolve\",\n profileId,\n \"--capability\",\n capability,\n \"--with-secret\",\n ]);\n if (r.code !== 0) {\n throw new Error(\n r.stderr ||\n r.stdout ||\n `tokenvault resolve failed (exit ${r.code}) for profile \"${profileId}\" capability \"${capability}\"`,\n );\n }\n return parseResolveStdout(r.stdout, provider, { profileId, capability });\n}\n\nexport async function listVaultSnapshot(\n runner: VaultCliRunner,\n): Promise<VaultListResult> {\n const r = await runner.runJson([\"list\"]);\n if (r.code !== 0) {\n throw new Error(\n r.stderr || r.stdout || `tokenvault list failed (exit ${r.code})`,\n );\n }\n const payload = parseVaultListPayload(r.stdout);\n if (!payload) {\n throw new Error(\"Could not parse JSON from `tokenvault list`.\");\n }\n return {\n providers: payload.providers,\n credentials: payload.credentials ?? [],\n connections: payload.connections ?? [],\n profiles: payload.profiles ?? [],\n };\n}\n\nexport async function selectCapabilityModel(\n runner: VaultCliRunner,\n params: {\n profileId: string;\n capability: Capability;\n connectionId: string;\n modelId: string;\n },\n): Promise<void> {\n const r = await runner.runJson([\n \"profile\",\n \"select\",\n params.profileId,\n params.capability,\n params.connectionId,\n params.modelId,\n ]);\n if (r.code !== 0) {\n throw new Error(\n r.stderr ||\n r.stdout ||\n `tokenvault profile select failed (exit ${r.code})`,\n );\n }\n}\n","import type { TokenVaultBootstrapProvider } from \"./provider.ts\";\nimport type { ListPayload, VaultResolution, ValidationContext } from \"./types.ts\";\n\nexport function parseVaultListPayload(stdout: string): ListPayload | null {\n try {\n return JSON.parse(stdout) as ListPayload;\n } catch {\n return null;\n }\n}\n\nexport function parseResolveStdout(\n stdout: string,\n provider: TokenVaultBootstrapProvider,\n ctx: ValidationContext,\n): VaultResolution {\n let data: unknown;\n try {\n data = JSON.parse(stdout);\n } catch {\n throw new Error(\n \"Could not parse JSON from `tokenvault resolve` (unexpected output).\",\n );\n }\n const resolution = (data as { resolution?: Record<string, unknown> })\n .resolution;\n if (!resolution || typeof resolution !== \"object\") {\n throw new Error(\n \"`tokenvault resolve` JSON did not include a resolution object.\",\n );\n }\n const apiKey =\n typeof resolution.apiKey === \"string\" ? resolution.apiKey.trim() : \"\";\n const modelId =\n typeof resolution.modelId === \"string\" ? resolution.modelId.trim() : \"\";\n const providerId =\n typeof resolution.providerId === \"string\"\n ? resolution.providerId.trim()\n : \"\";\n const apiBaseUrl =\n typeof resolution.apiBaseUrl === \"string\" && resolution.apiBaseUrl.trim()\n ? resolution.apiBaseUrl.trim()\n : undefined;\n const connectionId =\n typeof resolution.connectionId === \"string\"\n ? resolution.connectionId.trim()\n : undefined;\n const credentialId =\n typeof resolution.credentialId === \"string\"\n ? resolution.credentialId.trim()\n : undefined;\n\n if (!apiKey) {\n throw new Error(\n \"`tokenvault resolve` did not return an apiKey. Use a tokenVault build that supports `tokenvault resolve --with-secret` (see tokenVault README).\",\n );\n }\n\n const out: VaultResolution = {\n apiKey,\n modelId,\n providerId,\n baseURL: apiBaseUrl,\n connectionId,\n credentialId,\n };\n provider.validateResolution(out, ctx);\n return out;\n}\n","import fs from \"node:fs\";\nimport path from \"node:path\";\n\n/**\n * Resolve `tokenvault` on PATH (Windows respects PATHEXT).\n * @throws if not found and no explicit path\n */\nexport function resolveTokenvaultExecutable(explicit?: string): string {\n const trimmed = explicit?.trim();\n if (trimmed) return trimmed;\n const fromEnv = process.env.TOKENVAULT_BIN?.trim();\n if (fromEnv) return fromEnv;\n const found = whichOnPath(\"tokenvault\");\n if (!found) {\n throw new Error(\n \"tokenVault is not available: `tokenvault` was not found on PATH. Install tokenVault and link the CLI, or set TOKENVAULT_BIN to the tokenvault executable.\",\n );\n }\n return found;\n}\n\nfunction whichOnPath(cmd: string): string | null {\n const isWin = process.platform === \"win32\";\n const paths = process.env.PATH?.split(path.delimiter) ?? [];\n const exts = isWin\n ? process.env.PATHEXT?.split(path.delimiter) ?? [\".EXE\", \".CMD\", \".BAT\", \"\"]\n : [\"\"];\n\n for (const dir of paths) {\n for (const ext of exts) {\n const candidate = path.join(dir, cmd + ext);\n try {\n const st = fs.statSync(candidate);\n if (!st.isFile()) continue;\n if (!isWin) {\n try {\n fs.accessSync(candidate, fs.constants.X_OK);\n } catch {\n continue;\n }\n }\n return candidate;\n } catch {\n /* try next */\n }\n }\n }\n return null;\n}\n","import type { Logger } from \"./types.ts\";\n\nfunction stderrColorEnabled(): boolean {\n if (process.env.NO_COLOR) return false;\n if (process.env.TERM === \"dumb\") return false;\n return Boolean(process.stderr.isTTY);\n}\n\nconst ANSI_YELLOW = \"\\x1b[33m\";\nconst ANSI_GREEN = \"\\x1b[32m\";\nconst ANSI_RESET = \"\\x1b[0m\";\n\nexport function createDefaultLogger(): Logger {\n return {\n notice(message: string): void {\n if (stderrColorEnabled())\n console.error(`${ANSI_YELLOW}${message}${ANSI_RESET}`);\n else console.error(message);\n },\n success(message: string): void {\n if (stderrColorEnabled())\n console.error(`${ANSI_GREEN}${message}${ANSI_RESET}`);\n else console.error(message);\n },\n };\n}\n","import { spawn } from \"node:child_process\";\nimport { vaultProcessEnv } from \"./env.ts\";\nimport { resolveTokenvaultExecutable } from \"./executable.ts\";\n\nexport type RunJsonResult = { code: number; stdout: string; stderr: string };\n\nexport type VaultCliRunner = {\n runJson: (args: string[]) => Promise<RunJsonResult>;\n runInherit: (args: string[]) => Promise<number>;\n};\n\nexport function createVaultCliRunner(options: {\n executablePath?: string;\n env?: () => NodeJS.ProcessEnv;\n}): VaultCliRunner {\n const envFactory = options.env ?? vaultProcessEnv;\n\n function executable(): string {\n return resolveTokenvaultExecutable(options.executablePath);\n }\n\n return {\n async runJson(args: string[]): Promise<RunJsonResult> {\n const exe = executable();\n const env = envFactory();\n const stdinMode = process.stdin.isTTY ? \"inherit\" : \"ignore\";\n return await spawnCapture([exe, \"--json\", ...args], env, stdinMode);\n },\n async runInherit(args: string[]): Promise<number> {\n const exe = executable();\n const env = envFactory();\n return await spawnInheritAll([exe, ...args], env);\n },\n };\n}\n\nfunction spawnCapture(\n argv: string[],\n env: NodeJS.ProcessEnv,\n stdinMode: \"inherit\" | \"ignore\",\n): Promise<RunJsonResult> {\n const [executablePath, ...args] = argv;\n return new Promise((resolve, reject) => {\n const child = spawn(executablePath!, args, {\n env,\n stdio: [stdinMode, \"pipe\", \"pipe\"],\n });\n let stdout = \"\";\n let stderr = \"\";\n child.stdout?.setEncoding(\"utf8\");\n child.stderr?.setEncoding(\"utf8\");\n child.stdout?.on(\"data\", (c: string) => {\n stdout += c;\n });\n child.stderr?.on(\"data\", (c: string) => {\n stderr += c;\n });\n child.on(\"error\", reject);\n child.on(\"close\", (code) => {\n resolve({\n code: code ?? 1,\n stdout: stdout.trimEnd(),\n stderr: stderr.trimEnd(),\n });\n });\n });\n}\n\nfunction spawnInheritAll(\n argv: string[],\n env: NodeJS.ProcessEnv,\n): Promise<number> {\n const [executablePath, ...args] = argv;\n return new Promise((resolve, reject) => {\n const child = spawn(executablePath!, args, { env, stdio: \"inherit\" });\n child.on(\"error\", reject);\n child.on(\"close\", (code) => resolve(code ?? 1));\n });\n}\n","/**\n * Prefer the OS secure store (Keychain / Secret Service / DPAPI) so tokenVault does not create a\n * passphrase-backed vault. Ignored if the user already has `vault/passphrase-envelope.json` or\n * sets TOKENVAULT_SECURE_STORE themselves.\n */\nexport function vaultProcessEnv(): NodeJS.ProcessEnv {\n const env: NodeJS.ProcessEnv = { ...process.env };\n if (env.TOKENVAULT_SECURE_STORE?.trim()) return env;\n switch (process.platform) {\n case \"darwin\":\n env.TOKENVAULT_SECURE_STORE = \"macos-keychain\";\n break;\n case \"win32\":\n env.TOKENVAULT_SECURE_STORE = \"windows\";\n break;\n case \"linux\":\n env.TOKENVAULT_SECURE_STORE = \"linux-secret-service\";\n break;\n default:\n break;\n }\n return env;\n}\n","import {\n assertCapability,\n CAPABILITY,\n type Capability,\n} from \"./capability.ts\";\nimport {\n ensureBootstrapCapability,\n interactiveSetupAllowed,\n listVaultSnapshot,\n resolveWithSecret,\n selectCapabilityModel,\n type BootstrapContext,\n type BootstrapIds,\n} from \"./bootstrap.ts\";\nimport { resolveTokenvaultExecutable } from \"./executable.ts\";\nimport { createDefaultLogger } from \"./logger.ts\";\nimport type { TokenVaultBootstrapProvider } from \"./provider.ts\";\nimport {\n createVaultCliRunner,\n type VaultCliRunner,\n} from \"./runner.ts\";\nimport type { Logger, VaultListResult, VaultResolution } from \"./types.ts\";\n\nexport type CreateTokenVaultOptions = {\n provider: TokenVaultBootstrapProvider;\n appLabel: string;\n /** Default model per capability; must include entry for `bootstrapCapability` */\n defaultModelByCapability: Partial<Record<Capability, string>>;\n /** Capability wired by `ensure()` (default: chat) */\n bootstrapCapability?: Capability;\n executablePath?: string;\n allowInteractiveBootstrap?: boolean;\n logger?: Logger;\n /** @internal Inject for tests */\n runner?: VaultCliRunner;\n} & (\n | { namespace: string }\n | {\n profileId: string;\n connectionId: string;\n credentialId: string;\n }\n);\n\nexport type TokenVault = {\n /** Bootstrap `bootstrapCapability` for the given profile triple; optional one-off namespace convention. */\n ensure: (namespaceOverride?: string) => Promise<VaultResolution>;\n listProfiles: () => Promise<VaultListResult>;\n /** Profile used by `key()` and `setCapabilityModel` (default: bootstrap profile). */\n useProfile: (profileId: string) => void;\n get activeProfileId(): string;\n key: (capability: Capability | string) => Promise<VaultResolution>;\n setCapabilityModel: (\n capability: Capability | string,\n connectionId: string,\n modelId: string,\n ) => Promise<void>;\n};\n\nfunction idsFromNamespace(\n ns: string,\n provider: TokenVaultBootstrapProvider,\n): BootstrapIds {\n const artifact = `${ns}-${provider.tokenvaultProviderId}`;\n return { profileId: ns, connectionId: artifact, credentialId: artifact };\n}\n\nfunction resolveBootstrapIds(\n options: CreateTokenVaultOptions,\n): BootstrapIds {\n if (\"namespace\" in options) {\n return idsFromNamespace(options.namespace, options.provider);\n }\n return {\n profileId: options.profileId,\n connectionId: options.connectionId,\n credentialId: options.credentialId,\n };\n}\n\nexport function createTokenVault(\n options: CreateTokenVaultOptions,\n): TokenVault {\n const provider = options.provider;\n const bootstrapCapability =\n options.bootstrapCapability ?? CAPABILITY.chat;\n const defaultModelRaw =\n options.defaultModelByCapability[bootstrapCapability]?.trim();\n if (!defaultModelRaw) {\n throw new Error(\n `createTokenVault: defaultModelByCapability must include a default model for bootstrap capability \"${bootstrapCapability}\"`,\n );\n }\n const defaultModelId: string = defaultModelRaw;\n\n if (!options.runner) {\n resolveTokenvaultExecutable(options.executablePath);\n }\n\n const runner =\n options.runner ??\n createVaultCliRunner({ executablePath: options.executablePath });\n\n const bootstrapIds = resolveBootstrapIds(options);\n let resolveProfileId = bootstrapIds.profileId;\n\n const logger = options.logger ?? createDefaultLogger();\n const allowInteractive = interactiveSetupAllowed(\n options.allowInteractiveBootstrap,\n );\n\n function buildContext(ids: BootstrapIds): BootstrapContext {\n return {\n provider,\n ids,\n bootstrapCapability,\n defaultModelId,\n appLabel: options.appLabel,\n logger,\n allowInteractive,\n };\n }\n\n return {\n async ensure(namespaceOverride?: string): Promise<VaultResolution> {\n const trimmed = namespaceOverride?.trim();\n const ids = trimmed\n ? idsFromNamespace(trimmed, provider)\n : bootstrapIds;\n return await ensureBootstrapCapability(\n runner,\n buildContext(ids),\n );\n },\n\n async listProfiles(): Promise<VaultListResult> {\n return await listVaultSnapshot(runner);\n },\n\n useProfile(profileId: string): void {\n resolveProfileId = profileId;\n },\n\n get activeProfileId(): string {\n return resolveProfileId;\n },\n\n async key(capability: Capability | string): Promise<VaultResolution> {\n const cap = typeof capability === \"string\" ? assertCapability(capability) : capability;\n return await resolveWithSecret(\n runner,\n provider,\n resolveProfileId,\n cap,\n );\n },\n\n async setCapabilityModel(\n capability: Capability | string,\n connectionId: string,\n modelId: string,\n ): Promise<void> {\n const cap =\n typeof capability === \"string\" ? assertCapability(capability) : capability;\n await selectCapabilityModel(runner, {\n profileId: resolveProfileId,\n capability: cap,\n connectionId,\n modelId,\n });\n },\n };\n}\n","import type {\n CredentialCopyPick,\n ListPayload,\n VaultResolution,\n ValidationContext,\n} from \"./types.ts\";\n\nexport type TokenVaultBootstrapProvider = {\n /** tokenVault adapter id (e.g. `openai`) */\n readonly tokenvaultProviderId: string;\n /** After parse, enforce provider / model rules */\n validateResolution(\n resolution: VaultResolution,\n ctx: ValidationContext,\n ): void;\n /** Connections on other profiles eligible for credential copy during bootstrap */\n listCredentialCopyPicks(\n payload: ListPayload,\n excludeProfileId: string,\n ): CredentialCopyPick[];\n /** Run `connection refresh-models` after wiring (model-capable providers) */\n readonly refreshModelsAfterBootstrap: boolean;\n};\n\nfunction openAiCopyPicks(\n payload: ListPayload,\n excludeProfileId: string,\n): CredentialCopyPick[] {\n const profiles = payload.profiles ?? [];\n const connections = payload.connections ?? [];\n const byConnId = new Map(connections.map((c) => [c.id, c]));\n const seenCred = new Set<string>();\n const out: CredentialCopyPick[] = [];\n for (const p of profiles) {\n if (p.id === excludeProfileId) continue;\n for (const connId of p.attachedConnectionIds ?? []) {\n const c = byConnId.get(connId);\n if (!c || c.providerId !== \"openai\") continue;\n if (seenCred.has(c.credentialId)) continue;\n seenCred.add(c.credentialId);\n out.push({\n profileId: p.id,\n connectionId: c.id,\n credentialId: c.credentialId,\n });\n }\n }\n return out;\n}\n\nconst openAiProvider: TokenVaultBootstrapProvider = {\n tokenvaultProviderId: \"openai\",\n refreshModelsAfterBootstrap: true,\n listCredentialCopyPicks: openAiCopyPicks,\n validateResolution(resolution: VaultResolution, ctx: ValidationContext): void {\n if (resolution.providerId !== \"openai\") {\n throw new Error(\n `tokenVault profile \"${ctx.profileId}\" must select an OpenAI connection for capability \"${ctx.capability}\" (got provider \"${resolution.providerId}\").`,\n );\n }\n if (!resolution.modelId) {\n throw new Error(\n `tokenVault profile \"${ctx.profileId}\" has no model selected for capability \"${ctx.capability}\". Run: tokenvault profile select ${ctx.profileId} ${ctx.capability} <connection> <model>`,\n );\n }\n },\n};\n\nexport const builtInProviders = {\n openai: openAiProvider,\n} as const;\n"],"mappings":";AACO,IAAM,aAAa;AAAA,EACxB,MAAM;AAAA,EACN,WAAW;AAAA,EACX,YAAY;AAAA,EACZ,OAAO;AAAA,EACP,OAAO;AAAA,EACP,QAAQ;AAAA,EACR,OAAO;AACT;AAIA,IAAM,aAAgC,OAAO,OAAO,UAAU;AAEvD,SAAS,aAAa,GAA4B;AACvD,SAAO,WAAW,SAAS,CAAC;AAC9B;AAEO,SAAS,iBAAiB,GAAuB;AACtD,MAAI,CAAC,aAAa,CAAC,GAAG;AACpB,UAAM,IAAI;AAAA,MACR,uBAAuB,CAAC,uBAAuB,WAAW,KAAK,IAAI,CAAC;AAAA,IACtE;AAAA,EACF;AACA,SAAO;AACT;;;AC1BA,YAAY,cAAc;AAC1B,OAAO,YAAY;;;ACEZ,SAAS,sBAAsB,QAAoC;AACxE,MAAI;AACF,WAAO,KAAK,MAAM,MAAM;AAAA,EAC1B,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEO,SAAS,mBACd,QACA,UACA,KACiB;AACjB,MAAI;AACJ,MAAI;AACF,WAAO,KAAK,MAAM,MAAM;AAAA,EAC1B,QAAQ;AACN,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AACA,QAAM,aAAc,KACjB;AACH,MAAI,CAAC,cAAc,OAAO,eAAe,UAAU;AACjD,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AACA,QAAM,SACJ,OAAO,WAAW,WAAW,WAAW,WAAW,OAAO,KAAK,IAAI;AACrE,QAAM,UACJ,OAAO,WAAW,YAAY,WAAW,WAAW,QAAQ,KAAK,IAAI;AACvE,QAAM,aACJ,OAAO,WAAW,eAAe,WAC7B,WAAW,WAAW,KAAK,IAC3B;AACN,QAAM,aACJ,OAAO,WAAW,eAAe,YAAY,WAAW,WAAW,KAAK,IACpE,WAAW,WAAW,KAAK,IAC3B;AACN,QAAM,eACJ,OAAO,WAAW,iBAAiB,WAC/B,WAAW,aAAa,KAAK,IAC7B;AACN,QAAM,eACJ,OAAO,WAAW,iBAAiB,WAC/B,WAAW,aAAa,KAAK,IAC7B;AAEN,MAAI,CAAC,QAAQ;AACX,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AAEA,QAAM,MAAuB;AAAA,IAC3B;AAAA,IACA;AAAA,IACA;AAAA,IACA,SAAS;AAAA,IACT;AAAA,IACA;AAAA,EACF;AACA,WAAS,mBAAmB,KAAK,GAAG;AACpC,SAAO;AACT;;;ADvCA,SAAS,WAAW,UAAmC;AACrD,QAAM,KAAc,yBAAgB;AAAA,IAClC,OAAO,QAAQ;AAAA,IACf,QAAQ,QAAQ;AAAA,EAClB,CAAC;AACD,SAAO,IAAI,QAAQ,CAAC,YAAY;AAC9B,OAAG,SAAS,UAAU,CAAC,WAAW;AAChC,SAAG,MAAM;AACT,cAAQ,OAAO,KAAK,CAAC;AAAA,IACvB,CAAC;AAAA,EACH,CAAC;AACH;AAEA,eAAe,yBACb,KACA,QACe;AACf,QAAM,EAAE,UAAU,KAAK,OAAO,IAAI;AAClC,QAAM,QAAQ,MAAM,OAAO,QAAQ,CAAC,MAAM,CAAC;AAC3C,QAAM,UACJ,MAAM,SAAS,IAAI,sBAAsB,MAAM,MAAM,IAAI;AAC3D,QAAM,QAAQ,UACV,SAAS,wBAAwB,SAAS,IAAI,SAAS,IACvD,CAAC;AAEL,MAAI,MAAM,WAAW,GAAG;AACtB,WAAO;AAAA,MACL,8CAA8C,SAAS,oBAAoB;AAAA;AAAA,IAC7E;AAAA,EACF,OAAO;AACL,YAAQ,MAAM,EAAE;AAChB,WAAO;AAAA,MACL,sCAAsC,IAAI,YAAY,MAAM,SAAS,oBAAoB;AAAA,IAC3F;AACA,WAAO;AAAA,MACL;AAAA,IACF;AACA,WAAO;AAAA,MACL;AAAA,IACF;AACA,YAAQ,MAAM,EAAE;AAChB,UAAM,MAAM,MAAM,WAAW,qBAAqB;AAClD,UAAM,OAAO,QAAQ,KAAK,MAAM;AAEhC,QAAI,SAAS,KAAK;AAChB,cAAQ,MAAM,EAAE;AAChB,eAAS,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK;AACrC,cAAM,IAAI,MAAM,CAAC;AACjB,eAAO;AAAA,UACL,KAAK,IAAI,CAAC,cAAc,EAAE,SAAS,wBAAmB,EAAE,YAAY,wBAAmB,EAAE,YAAY;AAAA,QACvG;AAAA,MACF;AACA,cAAQ,MAAM,EAAE;AAChB,YAAM,SAAS,MAAM;AAAA,QACnB,gBAAW,MAAM,MAAM;AAAA,MACzB;AACA,UAAI,WAAW,IAAI;AACjB,cAAM,IAAI,OAAO,SAAS,QAAQ,EAAE;AACpC,YAAI,OAAO,SAAS,CAAC,KAAK,KAAK,KAAK,KAAK,MAAM,QAAQ;AACrD,gBAAM,SAAS,MAAM,IAAI,CAAC,EAAG;AAC7B,gBAAM,QAAQ,MAAM,OAAO,QAAQ;AAAA,YACjC;AAAA,YACA;AAAA,YACA;AAAA,YACA,IAAI;AAAA,UACN,CAAC;AACD,cAAI,MAAM,SAAS,GAAG;AACpB,oBAAQ,MAAM,EAAE;AAChB;AAAA,UACF;AACA,gBAAM,IAAI;AAAA,YACR,MAAM,UACJ,MAAM,UACN,2CAA2C,MAAM,IAAI;AAAA,UACzD;AAAA,QACF;AAAA,MACF;AACA,aAAO,OAAO,8BAA8B;AAAA,IAC9C;AAEA,WAAO,OAAO,mDAAmD;AAAA,EACnE;AAEA,QAAM,OAAO,MAAM,OAAO,WAAW;AAAA,IACnC;AAAA,IACA;AAAA,IACA,SAAS;AAAA,IACT,IAAI;AAAA,EACN,CAAC;AACD,MAAI,SAAS,GAAG;AACd,UAAM,IAAI,MAAM,0CAA0C,IAAI,GAAG;AAAA,EACnE;AACF;AAEA,eAAe,cACb,QACA,WACkB;AAClB,QAAM,IAAI,MAAM,OAAO,QAAQ,CAAC,MAAM,CAAC;AACvC,MAAI,EAAE,SAAS,EAAG,QAAO;AACzB,MAAI;AACJ,MAAI;AACF,cAAU,KAAK,MAAM,EAAE,MAAM;AAAA,EAC/B,QAAQ;AACN,WAAO;AAAA,EACT;AACA,SAAO,QAAQ,QAAQ,UAAU,KAAK,CAAC,MAAM,EAAE,OAAO,SAAS,CAAC;AAClE;AAEA,eAAe,iBACb,QACA,cACkB;AAClB,QAAM,IAAI,MAAM,OAAO,QAAQ,CAAC,cAAc,WAAW,YAAY,CAAC;AACtE,SAAO,EAAE,SAAS;AACpB;AAEA,eAAe,iBACb,QACA,cACkB;AAClB,QAAM,IAAI,MAAM,OAAO,QAAQ,CAAC,cAAc,WAAW,YAAY,CAAC;AACtE,SAAO,EAAE,SAAS;AACpB;AAEA,eAAe,WACb,QACA,UACA,WACA,YACiC;AACjC,QAAM,IAAI,MAAM,OAAO,QAAQ;AAAA,IAC7B;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,CAAC;AACD,MAAI,EAAE,SAAS,EAAG,QAAO;AACzB,SAAO,mBAAmB,EAAE,QAAQ,UAAU,EAAE,WAAW,WAAW,CAAC;AACzE;AAEA,eAAe,sBACb,KACA,QACe;AACf,QAAM,EAAE,UAAU,KAAK,qBAAqB,gBAAgB,QAAQ,SAAS,IAC3E;AAEF,MAAI,CAAC,IAAI,kBAAkB;AACzB,UAAM,IAAI;AAAA,MACR,uBAAuB,IAAI,SAAS,oJAAoJ,IAAI,SAAS;AAAA,IACvM;AAAA,EACF;AAEA,UAAQ,MAAM,EAAE;AAChB,SAAO;AAAA,IACL,GAAG,QAAQ,yBAAyB,IAAI,SAAS,sDAAsD,IAAI,YAAY;AAAA,EACzH;AACA,UAAQ,MAAM,EAAE;AAEhB,MAAI,CAAE,MAAM,cAAc,QAAQ,IAAI,SAAS,GAAI;AACjD,UAAM,IAAI,MAAM,OAAO,QAAQ,CAAC,WAAW,UAAU,IAAI,SAAS,CAAC;AACnE,QAAI,EAAE,SAAS,GAAG;AAChB,YAAM,IAAI;AAAA,QACR,EAAE,UAAU,EAAE,UAAU,0CAA0C,EAAE,IAAI;AAAA,MAC1E;AAAA,IACF;AAAA,EACF;AAEA,MAAI,CAAE,MAAM,iBAAiB,QAAQ,IAAI,YAAY,GAAI;AACvD,UAAM,yBAAyB,KAAK,MAAM;AAAA,EAC5C;AAEA,MAAI,CAAE,MAAM,iBAAiB,QAAQ,IAAI,YAAY,GAAI;AACvD,UAAM,IAAI,MAAM,OAAO,QAAQ;AAAA,MAC7B;AAAA,MACA;AAAA,MACA,SAAS;AAAA,MACT,IAAI;AAAA,MACJ;AAAA,MACA,IAAI;AAAA,IACN,CAAC;AACD,QAAI,EAAE,SAAS,GAAG;AAChB,YAAM,IAAI;AAAA,QACR,EAAE,UACA,EAAE,UACF,0CAA0C,EAAE,IAAI;AAAA,MACpD;AAAA,IACF;AAAA,EACF;AAEA;AACE,UAAM,IAAI,MAAM,OAAO,QAAQ;AAAA,MAC7B;AAAA,MACA;AAAA,MACA,IAAI;AAAA,MACJ,IAAI;AAAA,IACN,CAAC;AACD,QAAI,EAAE,SAAS,GAAG;AAChB,YAAM,IAAI;AAAA,QACR,EAAE,UACA,EAAE,UACF,0CAA0C,EAAE,IAAI;AAAA,MACpD;AAAA,IACF;AAAA,EACF;AAEA,MAAI,SAAS,6BAA6B;AACxC,WAAO,OAAO,8CAAyC;AACvD,UAAM,OAAO,MAAM,OAAO,WAAW;AAAA,MACnC;AAAA,MACA;AAAA,MACA,IAAI;AAAA,IACN,CAAC;AACD,QAAI,SAAS,GAAG;AACd,YAAM,IAAI;AAAA,QACR,qDAAqD,IAAI;AAAA,MAC3D;AAAA,IACF;AAAA,EACF;AAEA;AACE,UAAM,IAAI,MAAM,OAAO,QAAQ;AAAA,MAC7B;AAAA,MACA;AAAA,MACA,IAAI;AAAA,MACJ;AAAA,MACA,IAAI;AAAA,MACJ;AAAA,IACF,CAAC;AACD,QAAI,EAAE,SAAS,GAAG;AAChB,YAAM,IAAI;AAAA,QACR,EAAE,UACA,EAAE,UACF,0CAA0C,EAAE,IAAI,gDAAgD,IAAI,YAAY;AAAA,MACpH;AAAA,IACF;AAAA,EACF;AAEA,UAAQ,MAAM,EAAE;AAChB,SAAO;AAAA,IACL,GAAG,QAAQ,yBAAyB,IAAI,SAAS;AAAA;AAAA,EACnD;AACF;AAEO,SAAS,wBACd,2BACS;AACT,MAAI,8BAA8B,MAAO,QAAO;AAChD,MAAI,8BAA8B,KAAM,QAAO;AAC/C,SAAO,QAAQ,QAAQ,MAAM,KAAK,KAAK,CAAC;AAC1C;AAEA,eAAsB,0BACpB,QACA,KAC0B;AAC1B,QAAM,EAAE,UAAU,KAAK,oBAAoB,IAAI;AAE/C,MAAI,MAAM,MAAM;AAAA,IACd;AAAA,IACA;AAAA,IACA,IAAI;AAAA,IACJ;AAAA,EACF;AACA,MACE,CAAC,OACA,MAAM,iBAAiB,QAAQ,IAAI,YAAY,KAChD,SAAS,6BACT;AACA,UAAM,OAAO,MAAM,OAAO,WAAW;AAAA,MACnC;AAAA,MACA;AAAA,MACA,IAAI;AAAA,IACN,CAAC;AACD,QAAI,SAAS,GAAG;AACd,YAAM,MAAM;AAAA,QACV;AAAA,QACA;AAAA,QACA,IAAI;AAAA,QACJ;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAEA,MAAI,CAAC,KAAK;AACR,UAAM,sBAAsB,KAAK,MAAM;AACvC,UAAM,MAAM;AAAA,MACV;AAAA,MACA;AAAA,MACA,IAAI;AAAA,MACJ;AAAA,IACF;AAAA,EACF;AAEA,MAAI,CAAC,KAAK;AACR,UAAM,IAAI;AAAA,MACR,yCAAyC,IAAI,SAAS,qBAAqB,mBAAmB,0CAA0C,IAAI,SAAS,iBAAiB,mBAAmB;AAAA,IAC3L;AAAA,EACF;AAEA,SAAO;AACT;AAEA,eAAsB,kBACpB,QACA,UACA,WACA,YAC0B;AAC1B,QAAM,IAAI,MAAM,OAAO,QAAQ;AAAA,IAC7B;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,CAAC;AACD,MAAI,EAAE,SAAS,GAAG;AAChB,UAAM,IAAI;AAAA,MACR,EAAE,UACA,EAAE,UACF,mCAAmC,EAAE,IAAI,kBAAkB,SAAS,iBAAiB,UAAU;AAAA,IACnG;AAAA,EACF;AACA,SAAO,mBAAmB,EAAE,QAAQ,UAAU,EAAE,WAAW,WAAW,CAAC;AACzE;AAEA,eAAsB,kBACpB,QAC0B;AAC1B,QAAM,IAAI,MAAM,OAAO,QAAQ,CAAC,MAAM,CAAC;AACvC,MAAI,EAAE,SAAS,GAAG;AAChB,UAAM,IAAI;AAAA,MACR,EAAE,UAAU,EAAE,UAAU,gCAAgC,EAAE,IAAI;AAAA,IAChE;AAAA,EACF;AACA,QAAM,UAAU,sBAAsB,EAAE,MAAM;AAC9C,MAAI,CAAC,SAAS;AACZ,UAAM,IAAI,MAAM,8CAA8C;AAAA,EAChE;AACA,SAAO;AAAA,IACL,WAAW,QAAQ;AAAA,IACnB,aAAa,QAAQ,eAAe,CAAC;AAAA,IACrC,aAAa,QAAQ,eAAe,CAAC;AAAA,IACrC,UAAU,QAAQ,YAAY,CAAC;AAAA,EACjC;AACF;AAEA,eAAsB,sBACpB,QACA,QAMe;AACf,QAAM,IAAI,MAAM,OAAO,QAAQ;AAAA,IAC7B;AAAA,IACA;AAAA,IACA,OAAO;AAAA,IACP,OAAO;AAAA,IACP,OAAO;AAAA,IACP,OAAO;AAAA,EACT,CAAC;AACD,MAAI,EAAE,SAAS,GAAG;AAChB,UAAM,IAAI;AAAA,MACR,EAAE,UACA,EAAE,UACF,0CAA0C,EAAE,IAAI;AAAA,IACpD;AAAA,EACF;AACF;;;AElZA,OAAO,QAAQ;AACf,OAAO,UAAU;AAMV,SAAS,4BAA4B,UAA2B;AACrE,QAAM,UAAU,UAAU,KAAK;AAC/B,MAAI,QAAS,QAAO;AACpB,QAAM,UAAU,QAAQ,IAAI,gBAAgB,KAAK;AACjD,MAAI,QAAS,QAAO;AACpB,QAAM,QAAQ,YAAY,YAAY;AACtC,MAAI,CAAC,OAAO;AACV,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AACA,SAAO;AACT;AAEA,SAAS,YAAY,KAA4B;AAC/C,QAAM,QAAQ,QAAQ,aAAa;AACnC,QAAM,QAAQ,QAAQ,IAAI,MAAM,MAAM,KAAK,SAAS,KAAK,CAAC;AAC1D,QAAM,OAAO,QACT,QAAQ,IAAI,SAAS,MAAM,KAAK,SAAS,KAAK,CAAC,QAAQ,QAAQ,QAAQ,EAAE,IACzE,CAAC,EAAE;AAEP,aAAW,OAAO,OAAO;AACvB,eAAW,OAAO,MAAM;AACtB,YAAM,YAAY,KAAK,KAAK,KAAK,MAAM,GAAG;AAC1C,UAAI;AACF,cAAM,KAAK,GAAG,SAAS,SAAS;AAChC,YAAI,CAAC,GAAG,OAAO,EAAG;AAClB,YAAI,CAAC,OAAO;AACV,cAAI;AACF,eAAG,WAAW,WAAW,GAAG,UAAU,IAAI;AAAA,UAC5C,QAAQ;AACN;AAAA,UACF;AAAA,QACF;AACA,eAAO;AAAA,MACT,QAAQ;AAAA,MAER;AAAA,IACF;AAAA,EACF;AACA,SAAO;AACT;;;AC9CA,SAAS,qBAA8B;AACrC,MAAI,QAAQ,IAAI,SAAU,QAAO;AACjC,MAAI,QAAQ,IAAI,SAAS,OAAQ,QAAO;AACxC,SAAO,QAAQ,QAAQ,OAAO,KAAK;AACrC;AAEA,IAAM,cAAc;AACpB,IAAM,aAAa;AACnB,IAAM,aAAa;AAEZ,SAAS,sBAA8B;AAC5C,SAAO;AAAA,IACL,OAAO,SAAuB;AAC5B,UAAI,mBAAmB;AACrB,gBAAQ,MAAM,GAAG,WAAW,GAAG,OAAO,GAAG,UAAU,EAAE;AAAA,UAClD,SAAQ,MAAM,OAAO;AAAA,IAC5B;AAAA,IACA,QAAQ,SAAuB;AAC7B,UAAI,mBAAmB;AACrB,gBAAQ,MAAM,GAAG,UAAU,GAAG,OAAO,GAAG,UAAU,EAAE;AAAA,UACjD,SAAQ,MAAM,OAAO;AAAA,IAC5B;AAAA,EACF;AACF;;;ACzBA,SAAS,aAAa;;;ACKf,SAAS,kBAAqC;AACnD,QAAM,MAAyB,EAAE,GAAG,QAAQ,IAAI;AAChD,MAAI,IAAI,yBAAyB,KAAK,EAAG,QAAO;AAChD,UAAQ,QAAQ,UAAU;AAAA,IACxB,KAAK;AACH,UAAI,0BAA0B;AAC9B;AAAA,IACF,KAAK;AACH,UAAI,0BAA0B;AAC9B;AAAA,IACF,KAAK;AACH,UAAI,0BAA0B;AAC9B;AAAA,IACF;AACE;AAAA,EACJ;AACA,SAAO;AACT;;;ADXO,SAAS,qBAAqB,SAGlB;AACjB,QAAM,aAAa,QAAQ,OAAO;AAElC,WAAS,aAAqB;AAC5B,WAAO,4BAA4B,QAAQ,cAAc;AAAA,EAC3D;AAEA,SAAO;AAAA,IACL,MAAM,QAAQ,MAAwC;AACpD,YAAM,MAAM,WAAW;AACvB,YAAM,MAAM,WAAW;AACvB,YAAM,YAAY,QAAQ,MAAM,QAAQ,YAAY;AACpD,aAAO,MAAM,aAAa,CAAC,KAAK,UAAU,GAAG,IAAI,GAAG,KAAK,SAAS;AAAA,IACpE;AAAA,IACA,MAAM,WAAW,MAAiC;AAChD,YAAM,MAAM,WAAW;AACvB,YAAM,MAAM,WAAW;AACvB,aAAO,MAAM,gBAAgB,CAAC,KAAK,GAAG,IAAI,GAAG,GAAG;AAAA,IAClD;AAAA,EACF;AACF;AAEA,SAAS,aACP,MACA,KACA,WACwB;AACxB,QAAM,CAAC,gBAAgB,GAAG,IAAI,IAAI;AAClC,SAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AACtC,UAAM,QAAQ,MAAM,gBAAiB,MAAM;AAAA,MACzC;AAAA,MACA,OAAO,CAAC,WAAW,QAAQ,MAAM;AAAA,IACnC,CAAC;AACD,QAAI,SAAS;AACb,QAAI,SAAS;AACb,UAAM,QAAQ,YAAY,MAAM;AAChC,UAAM,QAAQ,YAAY,MAAM;AAChC,UAAM,QAAQ,GAAG,QAAQ,CAAC,MAAc;AACtC,gBAAU;AAAA,IACZ,CAAC;AACD,UAAM,QAAQ,GAAG,QAAQ,CAAC,MAAc;AACtC,gBAAU;AAAA,IACZ,CAAC;AACD,UAAM,GAAG,SAAS,MAAM;AACxB,UAAM,GAAG,SAAS,CAAC,SAAS;AAC1B,cAAQ;AAAA,QACN,MAAM,QAAQ;AAAA,QACd,QAAQ,OAAO,QAAQ;AAAA,QACvB,QAAQ,OAAO,QAAQ;AAAA,MACzB,CAAC;AAAA,IACH,CAAC;AAAA,EACH,CAAC;AACH;AAEA,SAAS,gBACP,MACA,KACiB;AACjB,QAAM,CAAC,gBAAgB,GAAG,IAAI,IAAI;AAClC,SAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AACtC,UAAM,QAAQ,MAAM,gBAAiB,MAAM,EAAE,KAAK,OAAO,UAAU,CAAC;AACpE,UAAM,GAAG,SAAS,MAAM;AACxB,UAAM,GAAG,SAAS,CAAC,SAAS,QAAQ,QAAQ,CAAC,CAAC;AAAA,EAChD,CAAC;AACH;;;AEnBA,SAAS,iBACP,IACA,UACc;AACd,QAAM,WAAW,GAAG,EAAE,IAAI,SAAS,oBAAoB;AACvD,SAAO,EAAE,WAAW,IAAI,cAAc,UAAU,cAAc,SAAS;AACzE;AAEA,SAAS,oBACP,SACc;AACd,MAAI,eAAe,SAAS;AAC1B,WAAO,iBAAiB,QAAQ,WAAW,QAAQ,QAAQ;AAAA,EAC7D;AACA,SAAO;AAAA,IACL,WAAW,QAAQ;AAAA,IACnB,cAAc,QAAQ;AAAA,IACtB,cAAc,QAAQ;AAAA,EACxB;AACF;AAEO,SAAS,iBACd,SACY;AACZ,QAAM,WAAW,QAAQ;AACzB,QAAM,sBACJ,QAAQ,uBAAuB,WAAW;AAC5C,QAAM,kBACJ,QAAQ,yBAAyB,mBAAmB,GAAG,KAAK;AAC9D,MAAI,CAAC,iBAAiB;AACpB,UAAM,IAAI;AAAA,MACR,qGAAqG,mBAAmB;AAAA,IAC1H;AAAA,EACF;AACA,QAAM,iBAAyB;AAE/B,MAAI,CAAC,QAAQ,QAAQ;AACnB,gCAA4B,QAAQ,cAAc;AAAA,EACpD;AAEA,QAAM,SACJ,QAAQ,UACR,qBAAqB,EAAE,gBAAgB,QAAQ,eAAe,CAAC;AAEjE,QAAM,eAAe,oBAAoB,OAAO;AAChD,MAAI,mBAAmB,aAAa;AAEpC,QAAM,SAAS,QAAQ,UAAU,oBAAoB;AACrD,QAAM,mBAAmB;AAAA,IACvB,QAAQ;AAAA,EACV;AAEA,WAAS,aAAa,KAAqC;AACzD,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,UAAU,QAAQ;AAAA,MAClB;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AAAA,IACL,MAAM,OAAO,mBAAsD;AACjE,YAAM,UAAU,mBAAmB,KAAK;AACxC,YAAM,MAAM,UACR,iBAAiB,SAAS,QAAQ,IAClC;AACJ,aAAO,MAAM;AAAA,QACX;AAAA,QACA,aAAa,GAAG;AAAA,MAClB;AAAA,IACF;AAAA,IAEA,MAAM,eAAyC;AAC7C,aAAO,MAAM,kBAAkB,MAAM;AAAA,IACvC;AAAA,IAEA,WAAW,WAAyB;AAClC,yBAAmB;AAAA,IACrB;AAAA,IAEA,IAAI,kBAA0B;AAC5B,aAAO;AAAA,IACT;AAAA,IAEA,MAAM,IAAI,YAA2D;AACnE,YAAM,MAAM,OAAO,eAAe,WAAW,iBAAiB,UAAU,IAAI;AAC5E,aAAO,MAAM;AAAA,QACX;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,IACF;AAAA,IAEA,MAAM,mBACJ,YACA,cACA,SACe;AACf,YAAM,MACJ,OAAO,eAAe,WAAW,iBAAiB,UAAU,IAAI;AAClE,YAAM,sBAAsB,QAAQ;AAAA,QAClC,WAAW;AAAA,QACX,YAAY;AAAA,QACZ;AAAA,QACA;AAAA,MACF,CAAC;AAAA,IACH;AAAA,EACF;AACF;;;ACpJA,SAAS,gBACP,SACA,kBACsB;AACtB,QAAM,WAAW,QAAQ,YAAY,CAAC;AACtC,QAAM,cAAc,QAAQ,eAAe,CAAC;AAC5C,QAAM,WAAW,IAAI,IAAI,YAAY,IAAI,CAAC,MAAM,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC;AAC1D,QAAM,WAAW,oBAAI,IAAY;AACjC,QAAM,MAA4B,CAAC;AACnC,aAAW,KAAK,UAAU;AACxB,QAAI,EAAE,OAAO,iBAAkB;AAC/B,eAAW,UAAU,EAAE,yBAAyB,CAAC,GAAG;AAClD,YAAM,IAAI,SAAS,IAAI,MAAM;AAC7B,UAAI,CAAC,KAAK,EAAE,eAAe,SAAU;AACrC,UAAI,SAAS,IAAI,EAAE,YAAY,EAAG;AAClC,eAAS,IAAI,EAAE,YAAY;AAC3B,UAAI,KAAK;AAAA,QACP,WAAW,EAAE;AAAA,QACb,cAAc,EAAE;AAAA,QAChB,cAAc,EAAE;AAAA,MAClB,CAAC;AAAA,IACH;AAAA,EACF;AACA,SAAO;AACT;AAEA,IAAM,iBAA8C;AAAA,EAClD,sBAAsB;AAAA,EACtB,6BAA6B;AAAA,EAC7B,yBAAyB;AAAA,EACzB,mBAAmB,YAA6B,KAA8B;AAC5E,QAAI,WAAW,eAAe,UAAU;AACtC,YAAM,IAAI;AAAA,QACR,uBAAuB,IAAI,SAAS,sDAAsD,IAAI,UAAU,oBAAoB,WAAW,UAAU;AAAA,MACnJ;AAAA,IACF;AACA,QAAI,CAAC,WAAW,SAAS;AACvB,YAAM,IAAI;AAAA,QACR,uBAAuB,IAAI,SAAS,2CAA2C,IAAI,UAAU,qCAAqC,IAAI,SAAS,IAAI,IAAI,UAAU;AAAA,MACnK;AAAA,IACF;AAAA,EACF;AACF;AAEO,IAAM,mBAAmB;AAAA,EAC9B,QAAQ;AACV;","names":[]}
1
+ {"version":3,"sources":["../src/capability.ts","../src/bootstrap.ts","../src/parse.ts","../src/executable.ts","../src/logger.ts","../src/runner.ts","../src/env.ts","../src/facade.ts","../src/provider.ts"],"sourcesContent":["/** Aligned with tokenVault `src/domain/capability.ts` — keep in sync when adding capabilities. */\nexport const CAPABILITY = {\n chat: \"chat\",\n reasoning: \"reasoning\",\n embeddings: \"embeddings\",\n image: \"image\",\n audio: \"audio\",\n vision: \"vision\",\n tools: \"tools\",\n} as const;\n\nexport type Capability = (typeof CAPABILITY)[keyof typeof CAPABILITY];\n\nconst CAP_VALUES: readonly string[] = Object.values(CAPABILITY);\n\nexport function isCapability(s: string): s is Capability {\n return CAP_VALUES.includes(s);\n}\n\nexport function assertCapability(s: string): Capability {\n if (!isCapability(s)) {\n throw new Error(\n `Unknown capability \"${s}\". Expected one of: ${CAP_VALUES.join(\", \")}`,\n );\n }\n return s;\n}\n","import * as readline from \"node:readline\";\nimport isInCi from \"is-in-ci\";\nimport type { Capability } from \"./capability.ts\";\nimport { parseResolveStdout, parseVaultListPayload } from \"./parse.ts\";\nimport type { TokenVaultBootstrapProvider } from \"./provider.ts\";\nimport type { VaultCliRunner } from \"./runner.ts\";\nimport type {\n ListPayload,\n Logger,\n VaultListResult,\n VaultResolution,\n} from \"./types.ts\";\n\nexport type BootstrapIds = {\n profileId: string;\n connectionId: string;\n credentialId: string;\n};\n\nexport type BootstrapContext = {\n provider: TokenVaultBootstrapProvider;\n ids: BootstrapIds;\n bootstrapCapability: Capability;\n defaultModelId: string;\n appLabel: string;\n logger: Logger;\n allowInteractive: boolean;\n};\n\nfunction promptLine(question: string): Promise<string> {\n const rl = readline.createInterface({\n input: process.stdin,\n output: process.stderr,\n });\n return new Promise((resolve) => {\n rl.question(question, (answer) => {\n rl.close();\n resolve(answer.trim());\n });\n });\n}\n\nasync function addCredentialInteractive(\n ctx: BootstrapContext,\n runner: VaultCliRunner,\n): Promise<void> {\n const { provider, ids, logger } = ctx;\n const listR = await runner.runJson([\"list\"]);\n const payload =\n listR.code === 0 ? parseVaultListPayload(listR.stdout) : null;\n const picks = payload\n ? provider.listCredentialCopyPicks(payload, ids.profileId)\n : [];\n\n if (picks.length === 0) {\n logger.notice(\n `Adding API key to tokenVault for provider \"${provider.tokenvaultProviderId}\" (hidden input). Follow the tokenVault prompts if any appear.\\n`,\n );\n } else {\n console.error(\"\");\n logger.notice(\n `API key for tokenVault credential \"${ids.credentialId}\" (${provider.tokenvaultProviderId}):`,\n );\n logger.notice(\n \" 1) Enter a new API key (hidden input via tokenvault)\",\n );\n logger.notice(\n \" 2) Copy from another profile → connection → credential (reuse a stored key)\",\n );\n console.error(\"\");\n const raw = await promptLine(\"Choose 1 or 2 [1]: \");\n const mode = raw === \"\" ? \"1\" : raw;\n\n if (mode === \"2\") {\n console.error(\"\");\n for (let i = 0; i < picks.length; i++) {\n const x = picks[i]!;\n logger.notice(\n ` ${i + 1}) profile \"${x.profileId}\" → connection \"${x.connectionId}\" → credential \"${x.credentialId}\"`,\n );\n }\n console.error(\"\");\n const numRaw = await promptLine(\n `Enter 1–${picks.length} (or blank to enter a new key instead): `,\n );\n if (numRaw !== \"\") {\n const n = Number.parseInt(numRaw, 10);\n if (Number.isFinite(n) && n >= 1 && n <= picks.length) {\n const credId = picks[n - 1]!.credentialId;\n const copyR = await runner.runJson([\n \"credential\",\n \"copy\",\n credId,\n ids.credentialId,\n ]);\n if (copyR.code === 0) {\n console.error(\"\");\n return;\n }\n throw new Error(\n copyR.stderr ||\n copyR.stdout ||\n `tokenvault credential copy failed (exit ${copyR.code})`,\n );\n }\n }\n logger.notice(\"\\nUsing new API key entry.\\n\");\n }\n\n logger.notice(\"Follow the tokenVault prompts (hidden API key).\\n\");\n }\n\n const code = await runner.runInherit([\n \"credential\",\n \"add\",\n provider.tokenvaultProviderId,\n ids.credentialId,\n ]);\n if (code !== 0) {\n throw new Error(`tokenvault credential add failed (exit ${code})`);\n }\n}\n\nasync function profileExists(\n runner: VaultCliRunner,\n profileId: string,\n): Promise<boolean> {\n const r = await runner.runJson([\"list\"]);\n if (r.code !== 0) return false;\n let payload: ListPayload;\n try {\n payload = JSON.parse(r.stdout) as ListPayload;\n } catch {\n return false;\n }\n return Boolean(payload.profiles?.some((p) => p.id === profileId));\n}\n\nasync function credentialExists(\n runner: VaultCliRunner,\n credentialId: string,\n): Promise<boolean> {\n const r = await runner.runJson([\"credential\", \"inspect\", credentialId]);\n return r.code === 0;\n}\n\nasync function connectionExists(\n runner: VaultCliRunner,\n connectionId: string,\n): Promise<boolean> {\n const r = await runner.runJson([\"connection\", \"inspect\", connectionId]);\n return r.code === 0;\n}\n\nasync function tryResolve(\n runner: VaultCliRunner,\n provider: TokenVaultBootstrapProvider,\n profileId: string,\n capability: Capability,\n selectionName?: string,\n): Promise<VaultResolution | null> {\n const argv = [\n \"resolve\",\n profileId,\n \"--capability\",\n capability,\n \"--with-secret\",\n ];\n const trimmed = selectionName?.trim();\n if (trimmed) {\n argv.push(\"--selection\", trimmed);\n }\n const r = await runner.runJson(argv);\n if (r.code !== 0) return null;\n return parseResolveStdout(r.stdout, provider, {\n profileId,\n capability,\n ...(trimmed ? { selectionName: trimmed } : {}),\n });\n}\n\nasync function bootstrapVaultProfile(\n ctx: BootstrapContext,\n runner: VaultCliRunner,\n): Promise<void> {\n const { provider, ids, bootstrapCapability, defaultModelId, logger, appLabel } =\n ctx;\n\n if (!ctx.allowInteractive) {\n throw new Error(\n `tokenVault profile \"${ids.profileId}\" is not usable in this environment. Configure it interactively on a TTY, or run the tokenvault commands from the tokenVault README for profile \"${ids.profileId}\".`,\n );\n }\n\n console.error(\"\");\n logger.notice(\n `${appLabel}: tokenVault profile \"${ids.profileId}\" is missing or incomplete. Setting up credential \"${ids.credentialId}\" and wiring the profile.`,\n );\n console.error(\"\");\n\n if (!(await profileExists(runner, ids.profileId))) {\n const r = await runner.runJson([\"profile\", \"create\", ids.profileId]);\n if (r.code !== 0) {\n throw new Error(\n r.stderr || r.stdout || `tokenvault profile create failed (exit ${r.code})`,\n );\n }\n }\n\n if (!(await credentialExists(runner, ids.credentialId))) {\n await addCredentialInteractive(ctx, runner);\n }\n\n if (!(await connectionExists(runner, ids.connectionId))) {\n const r = await runner.runJson([\n \"connection\",\n \"add\",\n provider.tokenvaultProviderId,\n ids.connectionId,\n \"--credential\",\n ids.credentialId,\n ]);\n if (r.code !== 0) {\n throw new Error(\n r.stderr ||\n r.stdout ||\n `tokenvault connection add failed (exit ${r.code})`,\n );\n }\n }\n\n {\n const r = await runner.runJson([\n \"profile\",\n \"attach\",\n ids.profileId,\n ids.connectionId,\n ]);\n if (r.code !== 0) {\n throw new Error(\n r.stderr ||\n r.stdout ||\n `tokenvault profile attach failed (exit ${r.code})`,\n );\n }\n }\n\n if (provider.refreshModelsAfterBootstrap) {\n logger.notice(\"Refreshing model cache in tokenVault…\\n\");\n const code = await runner.runInherit([\n \"connection\",\n \"refresh-models\",\n ids.connectionId,\n ]);\n if (code !== 0) {\n throw new Error(\n `tokenvault connection refresh-models failed (exit ${code})`,\n );\n }\n }\n\n {\n const r = await runner.runJson([\n \"profile\",\n \"select\",\n ids.profileId,\n bootstrapCapability,\n ids.connectionId,\n defaultModelId,\n ]);\n if (r.code !== 0) {\n throw new Error(\n r.stderr ||\n r.stdout ||\n `tokenvault profile select failed (exit ${r.code}). Try: tokenvault connection refresh-models ${ids.connectionId}`,\n );\n }\n }\n\n console.error(\"\");\n logger.success(\n `${appLabel}: tokenVault profile \"${ids.profileId}\" is ready.\\n`,\n );\n}\n\nexport function interactiveSetupAllowed(\n allowInteractiveBootstrap?: boolean,\n): boolean {\n if (allowInteractiveBootstrap === false) return false;\n if (allowInteractiveBootstrap === true) return true;\n return Boolean(process.stdin.isTTY) && !isInCi;\n}\n\nexport async function ensureBootstrapCapability(\n runner: VaultCliRunner,\n ctx: BootstrapContext,\n): Promise<VaultResolution> {\n const { provider, ids, bootstrapCapability } = ctx;\n\n let cfg = await tryResolve(\n runner,\n provider,\n ids.profileId,\n bootstrapCapability,\n undefined,\n );\n if (\n !cfg &&\n (await connectionExists(runner, ids.connectionId)) &&\n provider.refreshModelsAfterBootstrap\n ) {\n const code = await runner.runInherit([\n \"connection\",\n \"refresh-models\",\n ids.connectionId,\n ]);\n if (code === 0) {\n cfg = await tryResolve(\n runner,\n provider,\n ids.profileId,\n bootstrapCapability,\n undefined,\n );\n }\n }\n\n if (!cfg) {\n await bootstrapVaultProfile(ctx, runner);\n cfg = await tryResolve(\n runner,\n provider,\n ids.profileId,\n bootstrapCapability,\n undefined,\n );\n }\n\n if (!cfg) {\n throw new Error(\n `Could not resolve tokenVault profile \"${ids.profileId}\" for capability \"${bootstrapCapability}\" after setup. See: tokenvault resolve ${ids.profileId} --capability ${bootstrapCapability} --json`,\n );\n }\n\n return cfg;\n}\n\nexport async function resolveWithSecret(\n runner: VaultCliRunner,\n provider: TokenVaultBootstrapProvider,\n profileId: string,\n capability: Capability,\n selectionName?: string,\n): Promise<VaultResolution> {\n const argv = [\n \"resolve\",\n profileId,\n \"--capability\",\n capability,\n \"--with-secret\",\n ];\n const trimmed = selectionName?.trim();\n if (trimmed) {\n argv.push(\"--selection\", trimmed);\n }\n const r = await runner.runJson(argv);\n if (r.code !== 0) {\n throw new Error(\n r.stderr ||\n r.stdout ||\n `tokenvault resolve failed (exit ${r.code}) for profile \"${profileId}\" capability \"${capability}\"`,\n );\n }\n return parseResolveStdout(r.stdout, provider, {\n profileId,\n capability,\n ...(trimmed ? { selectionName: trimmed } : {}),\n });\n}\n\nexport async function listVaultSnapshot(\n runner: VaultCliRunner,\n): Promise<VaultListResult> {\n const r = await runner.runJson([\"list\"]);\n if (r.code !== 0) {\n throw new Error(\n r.stderr || r.stdout || `tokenvault list failed (exit ${r.code})`,\n );\n }\n const payload = parseVaultListPayload(r.stdout);\n if (!payload) {\n throw new Error(\"Could not parse JSON from `tokenvault list`.\");\n }\n return {\n providers: payload.providers,\n credentials: payload.credentials ?? [],\n connections: payload.connections ?? [],\n profiles: payload.profiles ?? [],\n };\n}\n\nexport async function selectCapabilityModel(\n runner: VaultCliRunner,\n params: {\n profileId: string;\n capability: Capability;\n connectionId: string;\n modelId: string;\n },\n): Promise<void> {\n const r = await runner.runJson([\n \"profile\",\n \"select\",\n params.profileId,\n params.capability,\n params.connectionId,\n params.modelId,\n ]);\n if (r.code !== 0) {\n throw new Error(\n r.stderr ||\n r.stdout ||\n `tokenvault profile select failed (exit ${r.code})`,\n );\n }\n}\n","import type { TokenVaultBootstrapProvider } from \"./provider.ts\";\nimport type { ListPayload, VaultResolution, ValidationContext } from \"./types.ts\";\n\nexport function parseVaultListPayload(stdout: string): ListPayload | null {\n try {\n return JSON.parse(stdout) as ListPayload;\n } catch {\n return null;\n }\n}\n\nexport function parseResolveStdout(\n stdout: string,\n provider: TokenVaultBootstrapProvider,\n ctx: ValidationContext,\n): VaultResolution {\n let data: unknown;\n try {\n data = JSON.parse(stdout);\n } catch {\n throw new Error(\n \"Could not parse JSON from `tokenvault resolve` (unexpected output).\",\n );\n }\n const resolution = (data as { resolution?: Record<string, unknown> })\n .resolution;\n if (!resolution || typeof resolution !== \"object\") {\n throw new Error(\n \"`tokenvault resolve` JSON did not include a resolution object.\",\n );\n }\n const apiKey =\n typeof resolution.apiKey === \"string\" ? resolution.apiKey.trim() : \"\";\n const modelId =\n typeof resolution.modelId === \"string\" ? resolution.modelId.trim() : \"\";\n const providerId =\n typeof resolution.providerId === \"string\"\n ? resolution.providerId.trim()\n : \"\";\n const apiBaseUrl =\n typeof resolution.apiBaseUrl === \"string\" && resolution.apiBaseUrl.trim()\n ? resolution.apiBaseUrl.trim()\n : undefined;\n const connectionId =\n typeof resolution.connectionId === \"string\"\n ? resolution.connectionId.trim()\n : undefined;\n const credentialId =\n typeof resolution.credentialId === \"string\"\n ? resolution.credentialId.trim()\n : undefined;\n\n if (!apiKey) {\n throw new Error(\n \"`tokenvault resolve` did not return an apiKey. Use a tokenVault build that supports `tokenvault resolve --with-secret` (see tokenVault README).\",\n );\n }\n\n const out: VaultResolution = {\n apiKey,\n modelId,\n providerId,\n baseURL: apiBaseUrl,\n connectionId,\n credentialId,\n };\n provider.validateResolution(out, ctx);\n return out;\n}\n","import fs from \"node:fs\";\nimport path from \"node:path\";\n\n/**\n * Resolve `tokenvault` on PATH (Windows respects PATHEXT).\n * @throws if not found and no explicit path\n */\nexport function resolveTokenvaultExecutable(explicit?: string): string {\n const trimmed = explicit?.trim();\n if (trimmed) return trimmed;\n const fromEnv = process.env.TOKENVAULT_BIN?.trim();\n if (fromEnv) return fromEnv;\n const found = whichOnPath(\"tokenvault\");\n if (!found) {\n throw new Error(\n \"tokenVault is not available: `tokenvault` was not found on PATH. Install tokenVault and link the CLI, or set TOKENVAULT_BIN to the tokenvault executable.\",\n );\n }\n return found;\n}\n\nfunction whichOnPath(cmd: string): string | null {\n const isWin = process.platform === \"win32\";\n const paths = process.env.PATH?.split(path.delimiter) ?? [];\n const exts = isWin\n ? process.env.PATHEXT?.split(path.delimiter) ?? [\".EXE\", \".CMD\", \".BAT\", \"\"]\n : [\"\"];\n\n for (const dir of paths) {\n for (const ext of exts) {\n const candidate = path.join(dir, cmd + ext);\n try {\n const st = fs.statSync(candidate);\n if (!st.isFile()) continue;\n if (!isWin) {\n try {\n fs.accessSync(candidate, fs.constants.X_OK);\n } catch {\n continue;\n }\n }\n return candidate;\n } catch {\n /* try next */\n }\n }\n }\n return null;\n}\n","import type { Logger } from \"./types.ts\";\n\nfunction stderrColorEnabled(): boolean {\n if (process.env.NO_COLOR) return false;\n if (process.env.TERM === \"dumb\") return false;\n return Boolean(process.stderr.isTTY);\n}\n\nconst ANSI_YELLOW = \"\\x1b[33m\";\nconst ANSI_GREEN = \"\\x1b[32m\";\nconst ANSI_RESET = \"\\x1b[0m\";\n\nexport function createDefaultLogger(): Logger {\n return {\n notice(message: string): void {\n if (stderrColorEnabled())\n console.error(`${ANSI_YELLOW}${message}${ANSI_RESET}`);\n else console.error(message);\n },\n success(message: string): void {\n if (stderrColorEnabled())\n console.error(`${ANSI_GREEN}${message}${ANSI_RESET}`);\n else console.error(message);\n },\n };\n}\n","import { spawn } from \"node:child_process\";\nimport { vaultProcessEnv } from \"./env.ts\";\nimport { resolveTokenvaultExecutable } from \"./executable.ts\";\n\nexport type RunJsonResult = { code: number; stdout: string; stderr: string };\n\nexport type VaultCliRunner = {\n runJson: (args: string[]) => Promise<RunJsonResult>;\n runInherit: (args: string[]) => Promise<number>;\n};\n\nexport function createVaultCliRunner(options: {\n executablePath?: string;\n env?: () => NodeJS.ProcessEnv;\n}): VaultCliRunner {\n const envFactory = options.env ?? vaultProcessEnv;\n\n function executable(): string {\n return resolveTokenvaultExecutable(options.executablePath);\n }\n\n return {\n async runJson(args: string[]): Promise<RunJsonResult> {\n const exe = executable();\n const env = envFactory();\n const stdinMode = process.stdin.isTTY ? \"inherit\" : \"ignore\";\n return await spawnCapture([exe, \"--json\", ...args], env, stdinMode);\n },\n async runInherit(args: string[]): Promise<number> {\n const exe = executable();\n const env = envFactory();\n return await spawnInheritAll([exe, ...args], env);\n },\n };\n}\n\nfunction spawnCapture(\n argv: string[],\n env: NodeJS.ProcessEnv,\n stdinMode: \"inherit\" | \"ignore\",\n): Promise<RunJsonResult> {\n const [executablePath, ...args] = argv;\n return new Promise((resolve, reject) => {\n const child = spawn(executablePath!, args, {\n env,\n stdio: [stdinMode, \"pipe\", \"pipe\"],\n });\n let stdout = \"\";\n let stderr = \"\";\n child.stdout?.setEncoding(\"utf8\");\n child.stderr?.setEncoding(\"utf8\");\n child.stdout?.on(\"data\", (c: string) => {\n stdout += c;\n });\n child.stderr?.on(\"data\", (c: string) => {\n stderr += c;\n });\n child.on(\"error\", reject);\n child.on(\"close\", (code) => {\n resolve({\n code: code ?? 1,\n stdout: stdout.trimEnd(),\n stderr: stderr.trimEnd(),\n });\n });\n });\n}\n\nfunction spawnInheritAll(\n argv: string[],\n env: NodeJS.ProcessEnv,\n): Promise<number> {\n const [executablePath, ...args] = argv;\n return new Promise((resolve, reject) => {\n const child = spawn(executablePath!, args, { env, stdio: \"inherit\" });\n child.on(\"error\", reject);\n child.on(\"close\", (code) => resolve(code ?? 1));\n });\n}\n","/**\n * Prefer the OS secure store (Keychain / Secret Service / DPAPI) so tokenVault does not create a\n * passphrase-backed vault. Ignored if the user already has `vault/passphrase-envelope.json` or\n * sets TOKENVAULT_SECURE_STORE themselves.\n */\nexport function vaultProcessEnv(): NodeJS.ProcessEnv {\n const env: NodeJS.ProcessEnv = { ...process.env };\n if (env.TOKENVAULT_SECURE_STORE?.trim()) return env;\n switch (process.platform) {\n case \"darwin\":\n env.TOKENVAULT_SECURE_STORE = \"macos-keychain\";\n break;\n case \"win32\":\n env.TOKENVAULT_SECURE_STORE = \"windows\";\n break;\n case \"linux\":\n env.TOKENVAULT_SECURE_STORE = \"linux-secret-service\";\n break;\n default:\n break;\n }\n return env;\n}\n","import {\n assertCapability,\n CAPABILITY,\n type Capability,\n} from \"./capability.ts\";\nimport {\n ensureBootstrapCapability,\n interactiveSetupAllowed,\n listVaultSnapshot,\n resolveWithSecret,\n selectCapabilityModel,\n type BootstrapContext,\n type BootstrapIds,\n} from \"./bootstrap.ts\";\nimport { resolveTokenvaultExecutable } from \"./executable.ts\";\nimport { createDefaultLogger } from \"./logger.ts\";\nimport type { TokenVaultBootstrapProvider } from \"./provider.ts\";\nimport {\n createVaultCliRunner,\n type VaultCliRunner,\n} from \"./runner.ts\";\nimport type { Logger, VaultListResult, VaultResolution } from \"./types.ts\";\n\nexport type CreateTokenVaultOptions = {\n provider: TokenVaultBootstrapProvider;\n appLabel: string;\n /** Default model per capability; must include entry for `bootstrapCapability` */\n defaultModelByCapability: Partial<Record<Capability, string>>;\n /** Capability wired by `ensure()` (default: chat) */\n bootstrapCapability?: Capability;\n executablePath?: string;\n allowInteractiveBootstrap?: boolean;\n logger?: Logger;\n /** @internal Inject for tests */\n runner?: VaultCliRunner;\n} & (\n | { namespace: string }\n | {\n profileId: string;\n connectionId: string;\n credentialId: string;\n }\n);\n\nexport type TokenVault = {\n /** Bootstrap `bootstrapCapability` for the given profile triple; optional one-off namespace convention. */\n ensure: (namespaceOverride?: string) => Promise<VaultResolution>;\n listProfiles: () => Promise<VaultListResult>;\n /** Profile used by `key()` and `setCapabilityModel` (default: bootstrap profile). */\n useProfile: (profileId: string) => void;\n get activeProfileId(): string;\n key: (\n capability: Capability | string,\n options?: { selection?: string },\n ) => Promise<VaultResolution>;\n setCapabilityModel: (\n capability: Capability | string,\n connectionId: string,\n modelId: string,\n ) => Promise<void>;\n};\n\nfunction idsFromNamespace(\n ns: string,\n provider: TokenVaultBootstrapProvider,\n): BootstrapIds {\n const artifact = `${ns}-${provider.tokenvaultProviderId}`;\n return { profileId: ns, connectionId: artifact, credentialId: artifact };\n}\n\nfunction resolveBootstrapIds(\n options: CreateTokenVaultOptions,\n): BootstrapIds {\n if (\"namespace\" in options) {\n return idsFromNamespace(options.namespace, options.provider);\n }\n return {\n profileId: options.profileId,\n connectionId: options.connectionId,\n credentialId: options.credentialId,\n };\n}\n\nexport function createTokenVault(\n options: CreateTokenVaultOptions,\n): TokenVault {\n const provider = options.provider;\n const bootstrapCapability =\n options.bootstrapCapability ?? CAPABILITY.chat;\n const defaultModelRaw =\n options.defaultModelByCapability[bootstrapCapability]?.trim();\n if (!defaultModelRaw) {\n throw new Error(\n `createTokenVault: defaultModelByCapability must include a default model for bootstrap capability \"${bootstrapCapability}\"`,\n );\n }\n const defaultModelId: string = defaultModelRaw;\n\n if (!options.runner) {\n resolveTokenvaultExecutable(options.executablePath);\n }\n\n const runner =\n options.runner ??\n createVaultCliRunner({ executablePath: options.executablePath });\n\n const bootstrapIds = resolveBootstrapIds(options);\n let resolveProfileId = bootstrapIds.profileId;\n\n const logger = options.logger ?? createDefaultLogger();\n const allowInteractive = interactiveSetupAllowed(\n options.allowInteractiveBootstrap,\n );\n\n function buildContext(ids: BootstrapIds): BootstrapContext {\n return {\n provider,\n ids,\n bootstrapCapability,\n defaultModelId,\n appLabel: options.appLabel,\n logger,\n allowInteractive,\n };\n }\n\n return {\n async ensure(namespaceOverride?: string): Promise<VaultResolution> {\n const trimmed = namespaceOverride?.trim();\n const ids = trimmed\n ? idsFromNamespace(trimmed, provider)\n : bootstrapIds;\n return await ensureBootstrapCapability(\n runner,\n buildContext(ids),\n );\n },\n\n async listProfiles(): Promise<VaultListResult> {\n return await listVaultSnapshot(runner);\n },\n\n useProfile(profileId: string): void {\n resolveProfileId = profileId;\n },\n\n get activeProfileId(): string {\n return resolveProfileId;\n },\n\n async key(\n capability: Capability | string,\n options?: { selection?: string },\n ): Promise<VaultResolution> {\n const cap = typeof capability === \"string\" ? assertCapability(capability) : capability;\n return await resolveWithSecret(\n runner,\n provider,\n resolveProfileId,\n cap,\n options?.selection,\n );\n },\n\n async setCapabilityModel(\n capability: Capability | string,\n connectionId: string,\n modelId: string,\n ): Promise<void> {\n const cap =\n typeof capability === \"string\" ? assertCapability(capability) : capability;\n await selectCapabilityModel(runner, {\n profileId: resolveProfileId,\n capability: cap,\n connectionId,\n modelId,\n });\n },\n };\n}\n","import type {\n CredentialCopyPick,\n ListPayload,\n VaultResolution,\n ValidationContext,\n} from \"./types.ts\";\n\nexport type TokenVaultBootstrapProvider = {\n /** tokenVault adapter id (e.g. `openai`) */\n readonly tokenvaultProviderId: string;\n /** After parse, enforce provider / model rules */\n validateResolution(\n resolution: VaultResolution,\n ctx: ValidationContext,\n ): void;\n /** Connections on other profiles eligible for credential copy during bootstrap */\n listCredentialCopyPicks(\n payload: ListPayload,\n excludeProfileId: string,\n ): CredentialCopyPick[];\n /** Run `connection refresh-models` after wiring (model-capable providers) */\n readonly refreshModelsAfterBootstrap: boolean;\n};\n\nfunction openAiCopyPicks(\n payload: ListPayload,\n excludeProfileId: string,\n): CredentialCopyPick[] {\n const profiles = payload.profiles ?? [];\n const connections = payload.connections ?? [];\n const byConnId = new Map(connections.map((c) => [c.id, c]));\n const seenCred = new Set<string>();\n const out: CredentialCopyPick[] = [];\n for (const p of profiles) {\n if (p.id === excludeProfileId) continue;\n for (const connId of p.attachedConnectionIds ?? []) {\n const c = byConnId.get(connId);\n if (!c || c.providerId !== \"openai\") continue;\n if (seenCred.has(c.credentialId)) continue;\n seenCred.add(c.credentialId);\n out.push({\n profileId: p.id,\n connectionId: c.id,\n credentialId: c.credentialId,\n });\n }\n }\n return out;\n}\n\nconst openAiProvider: TokenVaultBootstrapProvider = {\n tokenvaultProviderId: \"openai\",\n refreshModelsAfterBootstrap: true,\n listCredentialCopyPicks: openAiCopyPicks,\n validateResolution(resolution: VaultResolution, ctx: ValidationContext): void {\n if (resolution.providerId !== \"openai\") {\n throw new Error(\n `tokenVault profile \"${ctx.profileId}\" must select an OpenAI connection for capability \"${ctx.capability}\" (got provider \"${resolution.providerId}\").`,\n );\n }\n if (!resolution.modelId) {\n throw new Error(\n `tokenVault profile \"${ctx.profileId}\" has no model selected for capability \"${ctx.capability}\". Run: tokenvault profile select ${ctx.profileId} ${ctx.capability} <connection> <model>`,\n );\n }\n },\n};\n\nexport const builtInProviders = {\n openai: openAiProvider,\n} as const;\n"],"mappings":";AACO,IAAM,aAAa;AAAA,EACxB,MAAM;AAAA,EACN,WAAW;AAAA,EACX,YAAY;AAAA,EACZ,OAAO;AAAA,EACP,OAAO;AAAA,EACP,QAAQ;AAAA,EACR,OAAO;AACT;AAIA,IAAM,aAAgC,OAAO,OAAO,UAAU;AAEvD,SAAS,aAAa,GAA4B;AACvD,SAAO,WAAW,SAAS,CAAC;AAC9B;AAEO,SAAS,iBAAiB,GAAuB;AACtD,MAAI,CAAC,aAAa,CAAC,GAAG;AACpB,UAAM,IAAI;AAAA,MACR,uBAAuB,CAAC,uBAAuB,WAAW,KAAK,IAAI,CAAC;AAAA,IACtE;AAAA,EACF;AACA,SAAO;AACT;;;AC1BA,YAAY,cAAc;AAC1B,OAAO,YAAY;;;ACEZ,SAAS,sBAAsB,QAAoC;AACxE,MAAI;AACF,WAAO,KAAK,MAAM,MAAM;AAAA,EAC1B,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEO,SAAS,mBACd,QACA,UACA,KACiB;AACjB,MAAI;AACJ,MAAI;AACF,WAAO,KAAK,MAAM,MAAM;AAAA,EAC1B,QAAQ;AACN,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AACA,QAAM,aAAc,KACjB;AACH,MAAI,CAAC,cAAc,OAAO,eAAe,UAAU;AACjD,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AACA,QAAM,SACJ,OAAO,WAAW,WAAW,WAAW,WAAW,OAAO,KAAK,IAAI;AACrE,QAAM,UACJ,OAAO,WAAW,YAAY,WAAW,WAAW,QAAQ,KAAK,IAAI;AACvE,QAAM,aACJ,OAAO,WAAW,eAAe,WAC7B,WAAW,WAAW,KAAK,IAC3B;AACN,QAAM,aACJ,OAAO,WAAW,eAAe,YAAY,WAAW,WAAW,KAAK,IACpE,WAAW,WAAW,KAAK,IAC3B;AACN,QAAM,eACJ,OAAO,WAAW,iBAAiB,WAC/B,WAAW,aAAa,KAAK,IAC7B;AACN,QAAM,eACJ,OAAO,WAAW,iBAAiB,WAC/B,WAAW,aAAa,KAAK,IAC7B;AAEN,MAAI,CAAC,QAAQ;AACX,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AAEA,QAAM,MAAuB;AAAA,IAC3B;AAAA,IACA;AAAA,IACA;AAAA,IACA,SAAS;AAAA,IACT;AAAA,IACA;AAAA,EACF;AACA,WAAS,mBAAmB,KAAK,GAAG;AACpC,SAAO;AACT;;;ADvCA,SAAS,WAAW,UAAmC;AACrD,QAAM,KAAc,yBAAgB;AAAA,IAClC,OAAO,QAAQ;AAAA,IACf,QAAQ,QAAQ;AAAA,EAClB,CAAC;AACD,SAAO,IAAI,QAAQ,CAAC,YAAY;AAC9B,OAAG,SAAS,UAAU,CAAC,WAAW;AAChC,SAAG,MAAM;AACT,cAAQ,OAAO,KAAK,CAAC;AAAA,IACvB,CAAC;AAAA,EACH,CAAC;AACH;AAEA,eAAe,yBACb,KACA,QACe;AACf,QAAM,EAAE,UAAU,KAAK,OAAO,IAAI;AAClC,QAAM,QAAQ,MAAM,OAAO,QAAQ,CAAC,MAAM,CAAC;AAC3C,QAAM,UACJ,MAAM,SAAS,IAAI,sBAAsB,MAAM,MAAM,IAAI;AAC3D,QAAM,QAAQ,UACV,SAAS,wBAAwB,SAAS,IAAI,SAAS,IACvD,CAAC;AAEL,MAAI,MAAM,WAAW,GAAG;AACtB,WAAO;AAAA,MACL,8CAA8C,SAAS,oBAAoB;AAAA;AAAA,IAC7E;AAAA,EACF,OAAO;AACL,YAAQ,MAAM,EAAE;AAChB,WAAO;AAAA,MACL,sCAAsC,IAAI,YAAY,MAAM,SAAS,oBAAoB;AAAA,IAC3F;AACA,WAAO;AAAA,MACL;AAAA,IACF;AACA,WAAO;AAAA,MACL;AAAA,IACF;AACA,YAAQ,MAAM,EAAE;AAChB,UAAM,MAAM,MAAM,WAAW,qBAAqB;AAClD,UAAM,OAAO,QAAQ,KAAK,MAAM;AAEhC,QAAI,SAAS,KAAK;AAChB,cAAQ,MAAM,EAAE;AAChB,eAAS,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK;AACrC,cAAM,IAAI,MAAM,CAAC;AACjB,eAAO;AAAA,UACL,KAAK,IAAI,CAAC,cAAc,EAAE,SAAS,wBAAmB,EAAE,YAAY,wBAAmB,EAAE,YAAY;AAAA,QACvG;AAAA,MACF;AACA,cAAQ,MAAM,EAAE;AAChB,YAAM,SAAS,MAAM;AAAA,QACnB,gBAAW,MAAM,MAAM;AAAA,MACzB;AACA,UAAI,WAAW,IAAI;AACjB,cAAM,IAAI,OAAO,SAAS,QAAQ,EAAE;AACpC,YAAI,OAAO,SAAS,CAAC,KAAK,KAAK,KAAK,KAAK,MAAM,QAAQ;AACrD,gBAAM,SAAS,MAAM,IAAI,CAAC,EAAG;AAC7B,gBAAM,QAAQ,MAAM,OAAO,QAAQ;AAAA,YACjC;AAAA,YACA;AAAA,YACA;AAAA,YACA,IAAI;AAAA,UACN,CAAC;AACD,cAAI,MAAM,SAAS,GAAG;AACpB,oBAAQ,MAAM,EAAE;AAChB;AAAA,UACF;AACA,gBAAM,IAAI;AAAA,YACR,MAAM,UACJ,MAAM,UACN,2CAA2C,MAAM,IAAI;AAAA,UACzD;AAAA,QACF;AAAA,MACF;AACA,aAAO,OAAO,8BAA8B;AAAA,IAC9C;AAEA,WAAO,OAAO,mDAAmD;AAAA,EACnE;AAEA,QAAM,OAAO,MAAM,OAAO,WAAW;AAAA,IACnC;AAAA,IACA;AAAA,IACA,SAAS;AAAA,IACT,IAAI;AAAA,EACN,CAAC;AACD,MAAI,SAAS,GAAG;AACd,UAAM,IAAI,MAAM,0CAA0C,IAAI,GAAG;AAAA,EACnE;AACF;AAEA,eAAe,cACb,QACA,WACkB;AAClB,QAAM,IAAI,MAAM,OAAO,QAAQ,CAAC,MAAM,CAAC;AACvC,MAAI,EAAE,SAAS,EAAG,QAAO;AACzB,MAAI;AACJ,MAAI;AACF,cAAU,KAAK,MAAM,EAAE,MAAM;AAAA,EAC/B,QAAQ;AACN,WAAO;AAAA,EACT;AACA,SAAO,QAAQ,QAAQ,UAAU,KAAK,CAAC,MAAM,EAAE,OAAO,SAAS,CAAC;AAClE;AAEA,eAAe,iBACb,QACA,cACkB;AAClB,QAAM,IAAI,MAAM,OAAO,QAAQ,CAAC,cAAc,WAAW,YAAY,CAAC;AACtE,SAAO,EAAE,SAAS;AACpB;AAEA,eAAe,iBACb,QACA,cACkB;AAClB,QAAM,IAAI,MAAM,OAAO,QAAQ,CAAC,cAAc,WAAW,YAAY,CAAC;AACtE,SAAO,EAAE,SAAS;AACpB;AAEA,eAAe,WACb,QACA,UACA,WACA,YACA,eACiC;AACjC,QAAM,OAAO;AAAA,IACX;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACA,QAAM,UAAU,eAAe,KAAK;AACpC,MAAI,SAAS;AACX,SAAK,KAAK,eAAe,OAAO;AAAA,EAClC;AACA,QAAM,IAAI,MAAM,OAAO,QAAQ,IAAI;AACnC,MAAI,EAAE,SAAS,EAAG,QAAO;AACzB,SAAO,mBAAmB,EAAE,QAAQ,UAAU;AAAA,IAC5C;AAAA,IACA;AAAA,IACA,GAAI,UAAU,EAAE,eAAe,QAAQ,IAAI,CAAC;AAAA,EAC9C,CAAC;AACH;AAEA,eAAe,sBACb,KACA,QACe;AACf,QAAM,EAAE,UAAU,KAAK,qBAAqB,gBAAgB,QAAQ,SAAS,IAC3E;AAEF,MAAI,CAAC,IAAI,kBAAkB;AACzB,UAAM,IAAI;AAAA,MACR,uBAAuB,IAAI,SAAS,oJAAoJ,IAAI,SAAS;AAAA,IACvM;AAAA,EACF;AAEA,UAAQ,MAAM,EAAE;AAChB,SAAO;AAAA,IACL,GAAG,QAAQ,yBAAyB,IAAI,SAAS,sDAAsD,IAAI,YAAY;AAAA,EACzH;AACA,UAAQ,MAAM,EAAE;AAEhB,MAAI,CAAE,MAAM,cAAc,QAAQ,IAAI,SAAS,GAAI;AACjD,UAAM,IAAI,MAAM,OAAO,QAAQ,CAAC,WAAW,UAAU,IAAI,SAAS,CAAC;AACnE,QAAI,EAAE,SAAS,GAAG;AAChB,YAAM,IAAI;AAAA,QACR,EAAE,UAAU,EAAE,UAAU,0CAA0C,EAAE,IAAI;AAAA,MAC1E;AAAA,IACF;AAAA,EACF;AAEA,MAAI,CAAE,MAAM,iBAAiB,QAAQ,IAAI,YAAY,GAAI;AACvD,UAAM,yBAAyB,KAAK,MAAM;AAAA,EAC5C;AAEA,MAAI,CAAE,MAAM,iBAAiB,QAAQ,IAAI,YAAY,GAAI;AACvD,UAAM,IAAI,MAAM,OAAO,QAAQ;AAAA,MAC7B;AAAA,MACA;AAAA,MACA,SAAS;AAAA,MACT,IAAI;AAAA,MACJ;AAAA,MACA,IAAI;AAAA,IACN,CAAC;AACD,QAAI,EAAE,SAAS,GAAG;AAChB,YAAM,IAAI;AAAA,QACR,EAAE,UACA,EAAE,UACF,0CAA0C,EAAE,IAAI;AAAA,MACpD;AAAA,IACF;AAAA,EACF;AAEA;AACE,UAAM,IAAI,MAAM,OAAO,QAAQ;AAAA,MAC7B;AAAA,MACA;AAAA,MACA,IAAI;AAAA,MACJ,IAAI;AAAA,IACN,CAAC;AACD,QAAI,EAAE,SAAS,GAAG;AAChB,YAAM,IAAI;AAAA,QACR,EAAE,UACA,EAAE,UACF,0CAA0C,EAAE,IAAI;AAAA,MACpD;AAAA,IACF;AAAA,EACF;AAEA,MAAI,SAAS,6BAA6B;AACxC,WAAO,OAAO,8CAAyC;AACvD,UAAM,OAAO,MAAM,OAAO,WAAW;AAAA,MACnC;AAAA,MACA;AAAA,MACA,IAAI;AAAA,IACN,CAAC;AACD,QAAI,SAAS,GAAG;AACd,YAAM,IAAI;AAAA,QACR,qDAAqD,IAAI;AAAA,MAC3D;AAAA,IACF;AAAA,EACF;AAEA;AACE,UAAM,IAAI,MAAM,OAAO,QAAQ;AAAA,MAC7B;AAAA,MACA;AAAA,MACA,IAAI;AAAA,MACJ;AAAA,MACA,IAAI;AAAA,MACJ;AAAA,IACF,CAAC;AACD,QAAI,EAAE,SAAS,GAAG;AAChB,YAAM,IAAI;AAAA,QACR,EAAE,UACA,EAAE,UACF,0CAA0C,EAAE,IAAI,gDAAgD,IAAI,YAAY;AAAA,MACpH;AAAA,IACF;AAAA,EACF;AAEA,UAAQ,MAAM,EAAE;AAChB,SAAO;AAAA,IACL,GAAG,QAAQ,yBAAyB,IAAI,SAAS;AAAA;AAAA,EACnD;AACF;AAEO,SAAS,wBACd,2BACS;AACT,MAAI,8BAA8B,MAAO,QAAO;AAChD,MAAI,8BAA8B,KAAM,QAAO;AAC/C,SAAO,QAAQ,QAAQ,MAAM,KAAK,KAAK,CAAC;AAC1C;AAEA,eAAsB,0BACpB,QACA,KAC0B;AAC1B,QAAM,EAAE,UAAU,KAAK,oBAAoB,IAAI;AAE/C,MAAI,MAAM,MAAM;AAAA,IACd;AAAA,IACA;AAAA,IACA,IAAI;AAAA,IACJ;AAAA,IACA;AAAA,EACF;AACA,MACE,CAAC,OACA,MAAM,iBAAiB,QAAQ,IAAI,YAAY,KAChD,SAAS,6BACT;AACA,UAAM,OAAO,MAAM,OAAO,WAAW;AAAA,MACnC;AAAA,MACA;AAAA,MACA,IAAI;AAAA,IACN,CAAC;AACD,QAAI,SAAS,GAAG;AACd,YAAM,MAAM;AAAA,QACV;AAAA,QACA;AAAA,QACA,IAAI;AAAA,QACJ;AAAA,QACA;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAEA,MAAI,CAAC,KAAK;AACR,UAAM,sBAAsB,KAAK,MAAM;AACvC,UAAM,MAAM;AAAA,MACV;AAAA,MACA;AAAA,MACA,IAAI;AAAA,MACJ;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEA,MAAI,CAAC,KAAK;AACR,UAAM,IAAI;AAAA,MACR,yCAAyC,IAAI,SAAS,qBAAqB,mBAAmB,0CAA0C,IAAI,SAAS,iBAAiB,mBAAmB;AAAA,IAC3L;AAAA,EACF;AAEA,SAAO;AACT;AAEA,eAAsB,kBACpB,QACA,UACA,WACA,YACA,eAC0B;AAC1B,QAAM,OAAO;AAAA,IACX;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACA,QAAM,UAAU,eAAe,KAAK;AACpC,MAAI,SAAS;AACX,SAAK,KAAK,eAAe,OAAO;AAAA,EAClC;AACA,QAAM,IAAI,MAAM,OAAO,QAAQ,IAAI;AACnC,MAAI,EAAE,SAAS,GAAG;AAChB,UAAM,IAAI;AAAA,MACR,EAAE,UACA,EAAE,UACF,mCAAmC,EAAE,IAAI,kBAAkB,SAAS,iBAAiB,UAAU;AAAA,IACnG;AAAA,EACF;AACA,SAAO,mBAAmB,EAAE,QAAQ,UAAU;AAAA,IAC5C;AAAA,IACA;AAAA,IACA,GAAI,UAAU,EAAE,eAAe,QAAQ,IAAI,CAAC;AAAA,EAC9C,CAAC;AACH;AAEA,eAAsB,kBACpB,QAC0B;AAC1B,QAAM,IAAI,MAAM,OAAO,QAAQ,CAAC,MAAM,CAAC;AACvC,MAAI,EAAE,SAAS,GAAG;AAChB,UAAM,IAAI;AAAA,MACR,EAAE,UAAU,EAAE,UAAU,gCAAgC,EAAE,IAAI;AAAA,IAChE;AAAA,EACF;AACA,QAAM,UAAU,sBAAsB,EAAE,MAAM;AAC9C,MAAI,CAAC,SAAS;AACZ,UAAM,IAAI,MAAM,8CAA8C;AAAA,EAChE;AACA,SAAO;AAAA,IACL,WAAW,QAAQ;AAAA,IACnB,aAAa,QAAQ,eAAe,CAAC;AAAA,IACrC,aAAa,QAAQ,eAAe,CAAC;AAAA,IACrC,UAAU,QAAQ,YAAY,CAAC;AAAA,EACjC;AACF;AAEA,eAAsB,sBACpB,QACA,QAMe;AACf,QAAM,IAAI,MAAM,OAAO,QAAQ;AAAA,IAC7B;AAAA,IACA;AAAA,IACA,OAAO;AAAA,IACP,OAAO;AAAA,IACP,OAAO;AAAA,IACP,OAAO;AAAA,EACT,CAAC;AACD,MAAI,EAAE,SAAS,GAAG;AAChB,UAAM,IAAI;AAAA,MACR,EAAE,UACA,EAAE,UACF,0CAA0C,EAAE,IAAI;AAAA,IACpD;AAAA,EACF;AACF;;;AEzaA,OAAO,QAAQ;AACf,OAAO,UAAU;AAMV,SAAS,4BAA4B,UAA2B;AACrE,QAAM,UAAU,UAAU,KAAK;AAC/B,MAAI,QAAS,QAAO;AACpB,QAAM,UAAU,QAAQ,IAAI,gBAAgB,KAAK;AACjD,MAAI,QAAS,QAAO;AACpB,QAAM,QAAQ,YAAY,YAAY;AACtC,MAAI,CAAC,OAAO;AACV,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AACA,SAAO;AACT;AAEA,SAAS,YAAY,KAA4B;AAC/C,QAAM,QAAQ,QAAQ,aAAa;AACnC,QAAM,QAAQ,QAAQ,IAAI,MAAM,MAAM,KAAK,SAAS,KAAK,CAAC;AAC1D,QAAM,OAAO,QACT,QAAQ,IAAI,SAAS,MAAM,KAAK,SAAS,KAAK,CAAC,QAAQ,QAAQ,QAAQ,EAAE,IACzE,CAAC,EAAE;AAEP,aAAW,OAAO,OAAO;AACvB,eAAW,OAAO,MAAM;AACtB,YAAM,YAAY,KAAK,KAAK,KAAK,MAAM,GAAG;AAC1C,UAAI;AACF,cAAM,KAAK,GAAG,SAAS,SAAS;AAChC,YAAI,CAAC,GAAG,OAAO,EAAG;AAClB,YAAI,CAAC,OAAO;AACV,cAAI;AACF,eAAG,WAAW,WAAW,GAAG,UAAU,IAAI;AAAA,UAC5C,QAAQ;AACN;AAAA,UACF;AAAA,QACF;AACA,eAAO;AAAA,MACT,QAAQ;AAAA,MAER;AAAA,IACF;AAAA,EACF;AACA,SAAO;AACT;;;AC9CA,SAAS,qBAA8B;AACrC,MAAI,QAAQ,IAAI,SAAU,QAAO;AACjC,MAAI,QAAQ,IAAI,SAAS,OAAQ,QAAO;AACxC,SAAO,QAAQ,QAAQ,OAAO,KAAK;AACrC;AAEA,IAAM,cAAc;AACpB,IAAM,aAAa;AACnB,IAAM,aAAa;AAEZ,SAAS,sBAA8B;AAC5C,SAAO;AAAA,IACL,OAAO,SAAuB;AAC5B,UAAI,mBAAmB;AACrB,gBAAQ,MAAM,GAAG,WAAW,GAAG,OAAO,GAAG,UAAU,EAAE;AAAA,UAClD,SAAQ,MAAM,OAAO;AAAA,IAC5B;AAAA,IACA,QAAQ,SAAuB;AAC7B,UAAI,mBAAmB;AACrB,gBAAQ,MAAM,GAAG,UAAU,GAAG,OAAO,GAAG,UAAU,EAAE;AAAA,UACjD,SAAQ,MAAM,OAAO;AAAA,IAC5B;AAAA,EACF;AACF;;;ACzBA,SAAS,aAAa;;;ACKf,SAAS,kBAAqC;AACnD,QAAM,MAAyB,EAAE,GAAG,QAAQ,IAAI;AAChD,MAAI,IAAI,yBAAyB,KAAK,EAAG,QAAO;AAChD,UAAQ,QAAQ,UAAU;AAAA,IACxB,KAAK;AACH,UAAI,0BAA0B;AAC9B;AAAA,IACF,KAAK;AACH,UAAI,0BAA0B;AAC9B;AAAA,IACF,KAAK;AACH,UAAI,0BAA0B;AAC9B;AAAA,IACF;AACE;AAAA,EACJ;AACA,SAAO;AACT;;;ADXO,SAAS,qBAAqB,SAGlB;AACjB,QAAM,aAAa,QAAQ,OAAO;AAElC,WAAS,aAAqB;AAC5B,WAAO,4BAA4B,QAAQ,cAAc;AAAA,EAC3D;AAEA,SAAO;AAAA,IACL,MAAM,QAAQ,MAAwC;AACpD,YAAM,MAAM,WAAW;AACvB,YAAM,MAAM,WAAW;AACvB,YAAM,YAAY,QAAQ,MAAM,QAAQ,YAAY;AACpD,aAAO,MAAM,aAAa,CAAC,KAAK,UAAU,GAAG,IAAI,GAAG,KAAK,SAAS;AAAA,IACpE;AAAA,IACA,MAAM,WAAW,MAAiC;AAChD,YAAM,MAAM,WAAW;AACvB,YAAM,MAAM,WAAW;AACvB,aAAO,MAAM,gBAAgB,CAAC,KAAK,GAAG,IAAI,GAAG,GAAG;AAAA,IAClD;AAAA,EACF;AACF;AAEA,SAAS,aACP,MACA,KACA,WACwB;AACxB,QAAM,CAAC,gBAAgB,GAAG,IAAI,IAAI;AAClC,SAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AACtC,UAAM,QAAQ,MAAM,gBAAiB,MAAM;AAAA,MACzC;AAAA,MACA,OAAO,CAAC,WAAW,QAAQ,MAAM;AAAA,IACnC,CAAC;AACD,QAAI,SAAS;AACb,QAAI,SAAS;AACb,UAAM,QAAQ,YAAY,MAAM;AAChC,UAAM,QAAQ,YAAY,MAAM;AAChC,UAAM,QAAQ,GAAG,QAAQ,CAAC,MAAc;AACtC,gBAAU;AAAA,IACZ,CAAC;AACD,UAAM,QAAQ,GAAG,QAAQ,CAAC,MAAc;AACtC,gBAAU;AAAA,IACZ,CAAC;AACD,UAAM,GAAG,SAAS,MAAM;AACxB,UAAM,GAAG,SAAS,CAAC,SAAS;AAC1B,cAAQ;AAAA,QACN,MAAM,QAAQ;AAAA,QACd,QAAQ,OAAO,QAAQ;AAAA,QACvB,QAAQ,OAAO,QAAQ;AAAA,MACzB,CAAC;AAAA,IACH,CAAC;AAAA,EACH,CAAC;AACH;AAEA,SAAS,gBACP,MACA,KACiB;AACjB,QAAM,CAAC,gBAAgB,GAAG,IAAI,IAAI;AAClC,SAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AACtC,UAAM,QAAQ,MAAM,gBAAiB,MAAM,EAAE,KAAK,OAAO,UAAU,CAAC;AACpE,UAAM,GAAG,SAAS,MAAM;AACxB,UAAM,GAAG,SAAS,CAAC,SAAS,QAAQ,QAAQ,CAAC,CAAC;AAAA,EAChD,CAAC;AACH;;;AEhBA,SAAS,iBACP,IACA,UACc;AACd,QAAM,WAAW,GAAG,EAAE,IAAI,SAAS,oBAAoB;AACvD,SAAO,EAAE,WAAW,IAAI,cAAc,UAAU,cAAc,SAAS;AACzE;AAEA,SAAS,oBACP,SACc;AACd,MAAI,eAAe,SAAS;AAC1B,WAAO,iBAAiB,QAAQ,WAAW,QAAQ,QAAQ;AAAA,EAC7D;AACA,SAAO;AAAA,IACL,WAAW,QAAQ;AAAA,IACnB,cAAc,QAAQ;AAAA,IACtB,cAAc,QAAQ;AAAA,EACxB;AACF;AAEO,SAAS,iBACd,SACY;AACZ,QAAM,WAAW,QAAQ;AACzB,QAAM,sBACJ,QAAQ,uBAAuB,WAAW;AAC5C,QAAM,kBACJ,QAAQ,yBAAyB,mBAAmB,GAAG,KAAK;AAC9D,MAAI,CAAC,iBAAiB;AACpB,UAAM,IAAI;AAAA,MACR,qGAAqG,mBAAmB;AAAA,IAC1H;AAAA,EACF;AACA,QAAM,iBAAyB;AAE/B,MAAI,CAAC,QAAQ,QAAQ;AACnB,gCAA4B,QAAQ,cAAc;AAAA,EACpD;AAEA,QAAM,SACJ,QAAQ,UACR,qBAAqB,EAAE,gBAAgB,QAAQ,eAAe,CAAC;AAEjE,QAAM,eAAe,oBAAoB,OAAO;AAChD,MAAI,mBAAmB,aAAa;AAEpC,QAAM,SAAS,QAAQ,UAAU,oBAAoB;AACrD,QAAM,mBAAmB;AAAA,IACvB,QAAQ;AAAA,EACV;AAEA,WAAS,aAAa,KAAqC;AACzD,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,UAAU,QAAQ;AAAA,MAClB;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AAAA,IACL,MAAM,OAAO,mBAAsD;AACjE,YAAM,UAAU,mBAAmB,KAAK;AACxC,YAAM,MAAM,UACR,iBAAiB,SAAS,QAAQ,IAClC;AACJ,aAAO,MAAM;AAAA,QACX;AAAA,QACA,aAAa,GAAG;AAAA,MAClB;AAAA,IACF;AAAA,IAEA,MAAM,eAAyC;AAC7C,aAAO,MAAM,kBAAkB,MAAM;AAAA,IACvC;AAAA,IAEA,WAAW,WAAyB;AAClC,yBAAmB;AAAA,IACrB;AAAA,IAEA,IAAI,kBAA0B;AAC5B,aAAO;AAAA,IACT;AAAA,IAEA,MAAM,IACJ,YACAA,UAC0B;AAC1B,YAAM,MAAM,OAAO,eAAe,WAAW,iBAAiB,UAAU,IAAI;AAC5E,aAAO,MAAM;AAAA,QACX;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACAA,UAAS;AAAA,MACX;AAAA,IACF;AAAA,IAEA,MAAM,mBACJ,YACA,cACA,SACe;AACf,YAAM,MACJ,OAAO,eAAe,WAAW,iBAAiB,UAAU,IAAI;AAClE,YAAM,sBAAsB,QAAQ;AAAA,QAClC,WAAW;AAAA,QACX,YAAY;AAAA,QACZ;AAAA,QACA;AAAA,MACF,CAAC;AAAA,IACH;AAAA,EACF;AACF;;;AC3JA,SAAS,gBACP,SACA,kBACsB;AACtB,QAAM,WAAW,QAAQ,YAAY,CAAC;AACtC,QAAM,cAAc,QAAQ,eAAe,CAAC;AAC5C,QAAM,WAAW,IAAI,IAAI,YAAY,IAAI,CAAC,MAAM,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC;AAC1D,QAAM,WAAW,oBAAI,IAAY;AACjC,QAAM,MAA4B,CAAC;AACnC,aAAW,KAAK,UAAU;AACxB,QAAI,EAAE,OAAO,iBAAkB;AAC/B,eAAW,UAAU,EAAE,yBAAyB,CAAC,GAAG;AAClD,YAAM,IAAI,SAAS,IAAI,MAAM;AAC7B,UAAI,CAAC,KAAK,EAAE,eAAe,SAAU;AACrC,UAAI,SAAS,IAAI,EAAE,YAAY,EAAG;AAClC,eAAS,IAAI,EAAE,YAAY;AAC3B,UAAI,KAAK;AAAA,QACP,WAAW,EAAE;AAAA,QACb,cAAc,EAAE;AAAA,QAChB,cAAc,EAAE;AAAA,MAClB,CAAC;AAAA,IACH;AAAA,EACF;AACA,SAAO;AACT;AAEA,IAAM,iBAA8C;AAAA,EAClD,sBAAsB;AAAA,EACtB,6BAA6B;AAAA,EAC7B,yBAAyB;AAAA,EACzB,mBAAmB,YAA6B,KAA8B;AAC5E,QAAI,WAAW,eAAe,UAAU;AACtC,YAAM,IAAI;AAAA,QACR,uBAAuB,IAAI,SAAS,sDAAsD,IAAI,UAAU,oBAAoB,WAAW,UAAU;AAAA,MACnJ;AAAA,IACF;AACA,QAAI,CAAC,WAAW,SAAS;AACvB,YAAM,IAAI;AAAA,QACR,uBAAuB,IAAI,SAAS,2CAA2C,IAAI,UAAU,qCAAqC,IAAI,SAAS,IAAI,IAAI,UAAU;AAAA,MACnK;AAAA,IACF;AAAA,EACF;AACF;AAEO,IAAM,mBAAmB;AAAA,EAC9B,QAAQ;AACV;","names":["options"]}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@partrocks/tokenvault",
3
- "version": "0.1.3",
3
+ "version": "0.1.5",
4
4
  "description": "Facade for tokenvault CLI: bootstrap profiles, resolve secrets per capability, list profiles",
5
5
  "type": "module",
6
6
  "main": "./dist/index.js",