@partrocks/tokenvault 0.1.8 → 0.1.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/dist/index.d.ts +74 -1
  2. package/dist/index.js +204 -1
  3. package/dist/index.js.map +1 -1
  4. package/package.json +1 -1
package/dist/index.d.ts CHANGED
@@ -79,6 +79,19 @@ type ValidationContext = {
79
79
  /** When the CLI includes layout metadata in resolve JSON. */
80
80
  profileMode?: ProfileLayoutMode;
81
81
  };
82
+ /** Entry from `tokenvault list` `providers` (adapter registry metadata). */
83
+ type VaultRegisteredProvider = {
84
+ id: string;
85
+ displayName: string;
86
+ description?: string;
87
+ apiBaseUrl?: string;
88
+ docsUrl?: string;
89
+ };
90
+ type VaultCachedModel = {
91
+ id: string;
92
+ displayName?: string;
93
+ capabilities: string[];
94
+ };
82
95
 
83
96
  type TokenVaultBootstrapProvider = {
84
97
  /** tokenVault adapter id (e.g. `openai`) */
@@ -99,8 +112,20 @@ type RunJsonResult = {
99
112
  stdout: string;
100
113
  stderr: string;
101
114
  };
115
+ type RunJsonWithStdinOptions = {
116
+ /**
117
+ * When true (default), passes `--non-interactive` so stdin is only used for `--stdin` secrets.
118
+ * Set false if the subprocess must prompt (e.g. vault unlock on TTY).
119
+ */
120
+ nonInteractive?: boolean;
121
+ };
102
122
  type VaultCliRunner = {
103
123
  runJson: (args: string[]) => Promise<RunJsonResult>;
124
+ /**
125
+ * Runs `tokenvault --json ...args` with the given string written to child stdin (then closed).
126
+ * Used for `credential add ... --stdin` and similar.
127
+ */
128
+ runJsonWithStdin: (args: string[], stdin: string, options?: RunJsonWithStdinOptions) => Promise<RunJsonResult>;
104
129
  runInherit: (args: string[]) => Promise<number>;
105
130
  };
106
131
  declare function createVaultCliRunner(options: {
@@ -122,6 +147,33 @@ declare function removeProfileNamedSelection(runner: VaultCliRunner, params: {
122
147
  }): Promise<void>;
123
148
  declare function inspectVaultProfile(runner: VaultCliRunner, profileId: string): Promise<VaultProfileRecord>;
124
149
 
150
+ /**
151
+ * Providers from the tokenvault registry that do not appear on any connection
152
+ * currently attached to `profileId`.
153
+ */
154
+ declare function listMissingRegisteredProvidersForProfile(snapshot: VaultListResult, profileId: string): VaultRegisteredProvider[];
155
+ declare function defaultProfileProviderArtifactIds(profileId: string, providerId: string): {
156
+ credentialId: string;
157
+ connectionId: string;
158
+ };
159
+ /**
160
+ * Ensures credential, connection, profile attach, and model cache refresh for an extra provider.
161
+ * Does not change capability selections (`profile select`); callers can do that separately.
162
+ */
163
+ declare function wireRegisteredProviderToProfile(runner: VaultCliRunner, params: {
164
+ profileId: string;
165
+ providerId: string;
166
+ apiKey: string;
167
+ credentialId: string;
168
+ connectionId: string;
169
+ }): Promise<{
170
+ refreshedModelCount: number;
171
+ }>;
172
+ /**
173
+ * Parses `tokenvault connection models <id> --json` output.
174
+ */
175
+ declare function fetchConnectionCachedModels(runner: VaultCliRunner, connectionId: string): Promise<VaultCachedModel[]>;
176
+
125
177
  type CreateTokenVaultOptions = {
126
178
  provider: TokenVaultBootstrapProvider;
127
179
  appLabel: string;
@@ -164,6 +216,27 @@ type TokenVault = {
164
216
  }) => Promise<void>;
165
217
  /** Full profile record from `tokenvault profile inspect` (includes explicit `mode`). */
166
218
  inspectProfile: (profileId?: string) => Promise<VaultProfileRecord>;
219
+ /**
220
+ * Registry providers that have no connection attached to the active profile
221
+ * (from `tokenvault list` vs profile attachments).
222
+ */
223
+ listMissingRegisteredProviders: () => Promise<VaultRegisteredProvider[]>;
224
+ /**
225
+ * Add API key + connection for a registry provider and attach it to the active profile.
226
+ * Uses credential/connection ids `{profileId}-{providerId}` (same convention as namespace bootstrap).
227
+ */
228
+ addRegisteredProviderToProfile: (params: {
229
+ providerId: string;
230
+ apiKey: string;
231
+ }) => Promise<{
232
+ credentialId: string;
233
+ connectionId: string;
234
+ refreshedModelCount: number;
235
+ }>;
236
+ /** Cached models from `tokenvault connection models <id> --json`. */
237
+ listCachedModelsForConnection: (connectionId: string) => Promise<VaultCachedModel[]>;
238
+ /** Runs `connection refresh-models` then returns the updated cache listing. */
239
+ refreshCachedModelsForConnection: (connectionId: string) => Promise<VaultCachedModel[]>;
167
240
  };
168
241
  declare function createTokenVault(options: CreateTokenVaultOptions): TokenVault;
169
242
 
@@ -183,4 +256,4 @@ declare function resolveTokenvaultExecutable(explicit?: string): string;
183
256
  declare function parseVaultListPayload(stdout: string): ListPayload | null;
184
257
  declare function parseResolveStdout(stdout: string, provider: TokenVaultBootstrapProvider, ctx: ValidationContext): VaultResolution;
185
258
 
186
- export { CAPABILITY, type Capability, type CreateTokenVaultOptions, type CredentialCopyPick, type ListPayload, type Logger, type ProfileLayoutMode, type TokenVault, type TokenVaultBootstrapProvider, type ValidationContext, type VaultCliRunner, type VaultListResult, type VaultProfileRecord, type VaultResolution, assertCapability, builtInProviders, createTokenVault, createVaultCliRunner, createVaultProfile, inspectVaultProfile, isCapability, parseResolveStdout, parseVaultListPayload, removeProfileNamedSelection, resolveTokenvaultExecutable, setProfileLayoutMode, vaultProcessEnv };
259
+ export { CAPABILITY, type Capability, type CreateTokenVaultOptions, type CredentialCopyPick, type ListPayload, type Logger, type ProfileLayoutMode, type RunJsonWithStdinOptions, type TokenVault, type TokenVaultBootstrapProvider, type ValidationContext, type VaultCachedModel, type VaultCliRunner, type VaultListResult, type VaultProfileRecord, type VaultRegisteredProvider, type VaultResolution, assertCapability, builtInProviders, createTokenVault, createVaultCliRunner, createVaultProfile, defaultProfileProviderArtifactIds, fetchConnectionCachedModels, inspectVaultProfile, isCapability, listMissingRegisteredProvidersForProfile, parseResolveStdout, parseVaultListPayload, removeProfileNamedSelection, resolveTokenvaultExecutable, setProfileLayoutMode, vaultProcessEnv, wireRegisteredProviderToProfile };
package/dist/index.js CHANGED
@@ -460,6 +460,136 @@ async function inspectVaultProfile(runner, profileId) {
460
460
  return profile;
461
461
  }
462
462
 
463
+ // src/profile-providers.ts
464
+ function parseProviderRegistryRow(row) {
465
+ if (!row || typeof row !== "object") return null;
466
+ const o = row;
467
+ const id = typeof o.id === "string" ? o.id.trim() : "";
468
+ if (!id) return null;
469
+ const displayName = typeof o.displayName === "string" && o.displayName.trim() ? o.displayName.trim() : id;
470
+ const description = typeof o.description === "string" && o.description.trim() ? o.description.trim() : void 0;
471
+ const apiBaseUrl = typeof o.apiBaseUrl === "string" && o.apiBaseUrl.trim() ? o.apiBaseUrl.trim() : void 0;
472
+ const docsUrl = typeof o.docsUrl === "string" && o.docsUrl.trim() ? o.docsUrl.trim() : void 0;
473
+ return { id, displayName, description, apiBaseUrl, docsUrl };
474
+ }
475
+ function listMissingRegisteredProvidersForProfile(snapshot, profileId) {
476
+ const reg = [];
477
+ for (const row of snapshot.providers ?? []) {
478
+ const p = parseProviderRegistryRow(row);
479
+ if (p) reg.push(p);
480
+ }
481
+ reg.sort((a, b) => a.id.localeCompare(b.id));
482
+ const profile = snapshot.profiles.find((p) => p.id === profileId);
483
+ const byConn = new Map(snapshot.connections.map((c) => [c.id, c]));
484
+ const attachedProviderIds = /* @__PURE__ */ new Set();
485
+ for (const cid of profile?.attachedConnectionIds ?? []) {
486
+ const c = byConn.get(cid);
487
+ if (c?.providerId) attachedProviderIds.add(c.providerId);
488
+ }
489
+ return reg.filter((p) => !attachedProviderIds.has(p.id));
490
+ }
491
+ function defaultProfileProviderArtifactIds(profileId, providerId) {
492
+ const suffix = `${profileId}-${providerId}`;
493
+ return { credentialId: suffix, connectionId: suffix };
494
+ }
495
+ function throwCli(message, r) {
496
+ const detail = r.stderr || r.stdout || `exit ${r.code}`;
497
+ throw new Error(`${message}: ${detail}`);
498
+ }
499
+ async function wireRegisteredProviderToProfile(runner, params) {
500
+ const { profileId, providerId, apiKey, credentialId, connectionId } = params;
501
+ {
502
+ const r = await runner.runJson(["profile", "create", profileId]);
503
+ if (r.code !== 0) {
504
+ const insp = await runner.runJson(["profile", "inspect", profileId]);
505
+ if (insp.code !== 0) {
506
+ throwCli(`tokenvault profile create / inspect failed for "${profileId}"`, r);
507
+ }
508
+ }
509
+ }
510
+ {
511
+ const r = await runner.runJson(["credential", "inspect", credentialId]);
512
+ if (r.code !== 0) {
513
+ const add = await runner.runJsonWithStdin(
514
+ ["credential", "add", providerId, credentialId, "--stdin"],
515
+ apiKey,
516
+ { nonInteractive: true }
517
+ );
518
+ if (add.code !== 0) {
519
+ throwCli(
520
+ `tokenvault credential add failed for "${credentialId}" (provider ${providerId})`,
521
+ add
522
+ );
523
+ }
524
+ }
525
+ }
526
+ {
527
+ const r = await runner.runJson(["connection", "inspect", connectionId]);
528
+ if (r.code !== 0) {
529
+ const add = await runner.runJson([
530
+ "connection",
531
+ "add",
532
+ providerId,
533
+ connectionId,
534
+ "--credential",
535
+ credentialId
536
+ ]);
537
+ if (add.code !== 0) {
538
+ throwCli(`tokenvault connection add failed for "${connectionId}"`, add);
539
+ }
540
+ }
541
+ }
542
+ {
543
+ const r = await runner.runJson(["profile", "attach", profileId, connectionId]);
544
+ if (r.code !== 0) {
545
+ throwCli(`tokenvault profile attach failed (${profileId} \u2190 ${connectionId})`, r);
546
+ }
547
+ }
548
+ let refreshedModelCount = 0;
549
+ {
550
+ const r = await runner.runJson(["connection", "refresh-models", connectionId]);
551
+ if (r.code === 0) {
552
+ try {
553
+ const j = JSON.parse(r.stdout);
554
+ if (typeof j.count === "number") refreshedModelCount = j.count;
555
+ } catch {
556
+ refreshedModelCount = 0;
557
+ }
558
+ }
559
+ }
560
+ if (refreshedModelCount === 0) {
561
+ const models = await fetchConnectionCachedModels(runner, connectionId);
562
+ refreshedModelCount = models.length;
563
+ }
564
+ return { refreshedModelCount };
565
+ }
566
+ async function fetchConnectionCachedModels(runner, connectionId) {
567
+ const r = await runner.runJson(["connection", "models", connectionId]);
568
+ if (r.code !== 0) {
569
+ throwCli(`tokenvault connection models failed for "${connectionId}"`, r);
570
+ }
571
+ let data;
572
+ try {
573
+ data = JSON.parse(r.stdout);
574
+ } catch {
575
+ return [];
576
+ }
577
+ const modelsRaw = data.models;
578
+ if (!Array.isArray(modelsRaw)) return [];
579
+ const out = [];
580
+ for (const row of modelsRaw) {
581
+ if (!row || typeof row !== "object") continue;
582
+ const o = row;
583
+ const id = typeof o.id === "string" ? o.id.trim() : "";
584
+ if (!id) continue;
585
+ const displayName = typeof o.displayName === "string" && o.displayName.trim() ? o.displayName.trim() : void 0;
586
+ const caps = o.capabilities;
587
+ const capabilities = Array.isArray(caps) ? caps.filter((x) => typeof x === "string") : [];
588
+ out.push({ id, displayName, capabilities });
589
+ }
590
+ return out.sort((a, b) => a.id.localeCompare(b.id));
591
+ }
592
+
463
593
  // src/executable.ts
464
594
  import fs from "fs";
465
595
  import path from "path";
@@ -561,6 +691,15 @@ function createVaultCliRunner(options) {
561
691
  const stdinMode = process.stdin.isTTY ? "inherit" : "ignore";
562
692
  return await spawnCapture([exe, "--json", ...args], env, stdinMode);
563
693
  },
694
+ async runJsonWithStdin(args, stdin, options2) {
695
+ const exe = executable();
696
+ const env = envFactory();
697
+ const globals = ["--json"];
698
+ if (options2?.nonInteractive !== false) {
699
+ globals.push("--non-interactive");
700
+ }
701
+ return await spawnCaptureWithStdin([exe, ...globals, ...args], env, stdin);
702
+ },
564
703
  async runInherit(args) {
565
704
  const exe = executable();
566
705
  const env = envFactory();
@@ -595,6 +734,36 @@ function spawnCapture(argv, env, stdinMode) {
595
734
  });
596
735
  });
597
736
  }
737
+ function spawnCaptureWithStdin(argv, env, stdinBody) {
738
+ const [executablePath, ...args] = argv;
739
+ return new Promise((resolve, reject) => {
740
+ const child = spawn(executablePath, args, {
741
+ env,
742
+ stdio: ["pipe", "pipe", "pipe"]
743
+ });
744
+ let stdout = "";
745
+ let stderr = "";
746
+ child.stdout?.setEncoding("utf8");
747
+ child.stderr?.setEncoding("utf8");
748
+ child.stdout?.on("data", (c) => {
749
+ stdout += c;
750
+ });
751
+ child.stderr?.on("data", (c) => {
752
+ stderr += c;
753
+ });
754
+ child.on("error", reject);
755
+ child.on("close", (code) => {
756
+ resolve({
757
+ code: code ?? 1,
758
+ stdout: stdout.trimEnd(),
759
+ stderr: stderr.trimEnd()
760
+ });
761
+ });
762
+ child.stdin?.write(stdinBody, "utf8", () => {
763
+ child.stdin?.end();
764
+ });
765
+ });
766
+ }
598
767
  function spawnInheritAll(argv, env) {
599
768
  const [executablePath, ...args] = argv;
600
769
  return new Promise((resolve, reject) => {
@@ -708,6 +877,36 @@ function createTokenVault(options) {
708
877
  async inspectProfile(profileId) {
709
878
  const id = (profileId ?? resolveProfileId).trim();
710
879
  return await inspectVaultProfile(runner, id);
880
+ },
881
+ async listMissingRegisteredProviders() {
882
+ const snap = await listVaultSnapshot(runner);
883
+ return listMissingRegisteredProvidersForProfile(snap, resolveProfileId);
884
+ },
885
+ async addRegisteredProviderToProfile(params) {
886
+ const { credentialId, connectionId } = defaultProfileProviderArtifactIds(
887
+ resolveProfileId,
888
+ params.providerId.trim()
889
+ );
890
+ const { refreshedModelCount } = await wireRegisteredProviderToProfile(runner, {
891
+ profileId: resolveProfileId,
892
+ providerId: params.providerId.trim(),
893
+ apiKey: params.apiKey,
894
+ credentialId,
895
+ connectionId
896
+ });
897
+ return { credentialId, connectionId, refreshedModelCount };
898
+ },
899
+ async listCachedModelsForConnection(connectionId) {
900
+ return await fetchConnectionCachedModels(runner, connectionId.trim());
901
+ },
902
+ async refreshCachedModelsForConnection(connectionId) {
903
+ const cid = connectionId.trim();
904
+ const r = await runner.runJson(["connection", "refresh-models", cid]);
905
+ if (r.code !== 0) {
906
+ const detail = r.stderr || r.stdout || `exit ${r.code}`;
907
+ throw new Error(`tokenvault connection refresh-models failed: ${detail}`);
908
+ }
909
+ return await fetchConnectionCachedModels(runner, cid);
711
910
  }
712
911
  };
713
912
  }
@@ -762,13 +961,17 @@ export {
762
961
  createTokenVault,
763
962
  createVaultCliRunner,
764
963
  createVaultProfile,
964
+ defaultProfileProviderArtifactIds,
965
+ fetchConnectionCachedModels,
765
966
  inspectVaultProfile,
766
967
  isCapability,
968
+ listMissingRegisteredProvidersForProfile,
767
969
  parseResolveStdout,
768
970
  parseVaultListPayload,
769
971
  removeProfileNamedSelection,
770
972
  resolveTokenvaultExecutable,
771
973
  setProfileLayoutMode,
772
- vaultProcessEnv
974
+ vaultProcessEnv,
975
+ wireRegisteredProviderToProfile
773
976
  };
774
977
  //# sourceMappingURL=index.js.map
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/capability.ts","../src/bootstrap.ts","../src/parse.ts","../src/executable.ts","../src/logger.ts","../src/runner.ts","../src/env.ts","../src/facade.ts","../src/provider.ts"],"sourcesContent":["/** Aligned with tokenVault `src/domain/capability.ts` — keep in sync when adding capabilities. */\nexport const CAPABILITY = {\n chat: \"chat\",\n reasoning: \"reasoning\",\n embeddings: \"embeddings\",\n image: \"image\",\n audio: \"audio\",\n vision: \"vision\",\n tools: \"tools\",\n} as const;\n\nexport type Capability = (typeof CAPABILITY)[keyof typeof CAPABILITY];\n\nconst CAP_VALUES: readonly string[] = Object.values(CAPABILITY);\n\nexport function isCapability(s: string): s is Capability {\n return CAP_VALUES.includes(s);\n}\n\nexport function assertCapability(s: string): Capability {\n if (!isCapability(s)) {\n throw new Error(\n `Unknown capability \"${s}\". Expected one of: ${CAP_VALUES.join(\", \")}`,\n );\n }\n return s;\n}\n","import * as readline from \"node:readline\";\nimport isInCi from \"is-in-ci\";\nimport type { Capability } from \"./capability.ts\";\nimport { parseResolveStdout, parseVaultListPayload } from \"./parse.ts\";\nimport type { TokenVaultBootstrapProvider } from \"./provider.ts\";\nimport type { VaultCliRunner } from \"./runner.ts\";\nimport type {\n ListPayload,\n Logger,\n ProfileLayoutMode,\n VaultListResult,\n VaultProfileRecord,\n VaultResolution,\n} from \"./types.ts\";\n\nexport type BootstrapIds = {\n profileId: string;\n connectionId: string;\n credentialId: string;\n};\n\nexport type BootstrapContext = {\n provider: TokenVaultBootstrapProvider;\n ids: BootstrapIds;\n bootstrapCapability: Capability;\n defaultModelId: string;\n appLabel: string;\n logger: Logger;\n allowInteractive: boolean;\n};\n\nfunction promptLine(question: string): Promise<string> {\n const rl = readline.createInterface({\n input: process.stdin,\n output: process.stderr,\n });\n return new Promise((resolve) => {\n rl.question(question, (answer) => {\n rl.close();\n resolve(answer.trim());\n });\n });\n}\n\nasync function addCredentialInteractive(\n ctx: BootstrapContext,\n runner: VaultCliRunner,\n): Promise<void> {\n const { provider, ids, logger } = ctx;\n const listR = await runner.runJson([\"list\"]);\n const payload =\n listR.code === 0 ? parseVaultListPayload(listR.stdout) : null;\n const picks = payload\n ? provider.listCredentialCopyPicks(payload, ids.profileId)\n : [];\n\n if (picks.length === 0) {\n logger.notice(\n `Adding API key to tokenVault for provider \"${provider.tokenvaultProviderId}\" (hidden input). Follow the tokenVault prompts if any appear.\\n`,\n );\n } else {\n console.error(\"\");\n logger.notice(\n `API key for tokenVault credential \"${ids.credentialId}\" (${provider.tokenvaultProviderId}):`,\n );\n logger.notice(\n \" 1) Enter a new API key (hidden input via tokenvault)\",\n );\n logger.notice(\n \" 2) Copy from another profile → connection → credential (reuse a stored key)\",\n );\n console.error(\"\");\n const raw = await promptLine(\"Choose 1 or 2 [1]: \");\n const mode = raw === \"\" ? \"1\" : raw;\n\n if (mode === \"2\") {\n console.error(\"\");\n for (let i = 0; i < picks.length; i++) {\n const x = picks[i]!;\n logger.notice(\n ` ${i + 1}) profile \"${x.profileId}\" → connection \"${x.connectionId}\" → credential \"${x.credentialId}\"`,\n );\n }\n console.error(\"\");\n const numRaw = await promptLine(\n `Enter 1–${picks.length} (or blank to enter a new key instead): `,\n );\n if (numRaw !== \"\") {\n const n = Number.parseInt(numRaw, 10);\n if (Number.isFinite(n) && n >= 1 && n <= picks.length) {\n const credId = picks[n - 1]!.credentialId;\n const copyR = await runner.runJson([\n \"credential\",\n \"copy\",\n credId,\n ids.credentialId,\n ]);\n if (copyR.code === 0) {\n console.error(\"\");\n return;\n }\n throw new Error(\n copyR.stderr ||\n copyR.stdout ||\n `tokenvault credential copy failed (exit ${copyR.code})`,\n );\n }\n }\n logger.notice(\"\\nUsing new API key entry.\\n\");\n }\n\n logger.notice(\"Follow the tokenVault prompts (hidden API key).\\n\");\n }\n\n const code = await runner.runInherit([\n \"credential\",\n \"add\",\n provider.tokenvaultProviderId,\n ids.credentialId,\n ]);\n if (code !== 0) {\n throw new Error(`tokenvault credential add failed (exit ${code})`);\n }\n}\n\nasync function profileExists(\n runner: VaultCliRunner,\n profileId: string,\n): Promise<boolean> {\n const r = await runner.runJson([\"list\"]);\n if (r.code !== 0) return false;\n let payload: ListPayload;\n try {\n payload = JSON.parse(r.stdout) as ListPayload;\n } catch {\n return false;\n }\n return Boolean(payload.profiles?.some((p) => p.id === profileId));\n}\n\nasync function credentialExists(\n runner: VaultCliRunner,\n credentialId: string,\n): Promise<boolean> {\n const r = await runner.runJson([\"credential\", \"inspect\", credentialId]);\n return r.code === 0;\n}\n\nasync function connectionExists(\n runner: VaultCliRunner,\n connectionId: string,\n): Promise<boolean> {\n const r = await runner.runJson([\"connection\", \"inspect\", connectionId]);\n return r.code === 0;\n}\n\nasync function tryResolve(\n runner: VaultCliRunner,\n provider: TokenVaultBootstrapProvider,\n profileId: string,\n capability: Capability,\n selectionName?: string,\n): Promise<VaultResolution | null> {\n const argv = [\n \"resolve\",\n profileId,\n \"--capability\",\n capability,\n \"--with-secret\",\n ];\n const trimmed = selectionName?.trim();\n if (trimmed) {\n argv.push(\"--selection\", trimmed);\n }\n const r = await runner.runJson(argv);\n if (r.code !== 0) return null;\n return parseResolveStdout(r.stdout, provider, {\n profileId,\n capability,\n ...(trimmed ? { selectionName: trimmed } : {}),\n });\n}\n\nasync function bootstrapVaultProfile(\n ctx: BootstrapContext,\n runner: VaultCliRunner,\n): Promise<void> {\n const { provider, ids, bootstrapCapability, defaultModelId, logger, appLabel } =\n ctx;\n\n if (!ctx.allowInteractive) {\n throw new Error(\n `tokenVault profile \"${ids.profileId}\" is not usable in this environment. Configure it interactively on a TTY, or run the tokenvault commands documented in TOKENVAULT.md for profile \"${ids.profileId}\".`,\n );\n }\n\n console.error(\"\");\n logger.notice(\n `${appLabel}: tokenVault profile \"${ids.profileId}\" is missing or incomplete. Setting up credential \"${ids.credentialId}\" and wiring the profile.`,\n );\n console.error(\"\");\n\n if (!(await profileExists(runner, ids.profileId))) {\n const r = await runner.runJson([\"profile\", \"create\", ids.profileId]);\n if (r.code !== 0) {\n throw new Error(\n r.stderr || r.stdout || `tokenvault profile create failed (exit ${r.code})`,\n );\n }\n }\n\n if (!(await credentialExists(runner, ids.credentialId))) {\n await addCredentialInteractive(ctx, runner);\n }\n\n if (!(await connectionExists(runner, ids.connectionId))) {\n const r = await runner.runJson([\n \"connection\",\n \"add\",\n provider.tokenvaultProviderId,\n ids.connectionId,\n \"--credential\",\n ids.credentialId,\n ]);\n if (r.code !== 0) {\n throw new Error(\n r.stderr ||\n r.stdout ||\n `tokenvault connection add failed (exit ${r.code})`,\n );\n }\n }\n\n {\n const r = await runner.runJson([\n \"profile\",\n \"attach\",\n ids.profileId,\n ids.connectionId,\n ]);\n if (r.code !== 0) {\n throw new Error(\n r.stderr ||\n r.stdout ||\n `tokenvault profile attach failed (exit ${r.code})`,\n );\n }\n }\n\n if (provider.refreshModelsAfterBootstrap) {\n logger.notice(\"Refreshing model cache in tokenVault…\\n\");\n const code = await runner.runInherit([\n \"connection\",\n \"refresh-models\",\n ids.connectionId,\n ]);\n if (code !== 0) {\n throw new Error(\n `tokenvault connection refresh-models failed (exit ${code})`,\n );\n }\n }\n\n {\n const r = await runner.runJson([\n \"profile\",\n \"select\",\n ids.profileId,\n bootstrapCapability,\n ids.connectionId,\n defaultModelId,\n ]);\n if (r.code !== 0) {\n throw new Error(\n r.stderr ||\n r.stdout ||\n `tokenvault profile select failed (exit ${r.code}). Try: tokenvault connection refresh-models ${ids.connectionId}`,\n );\n }\n }\n\n console.error(\"\");\n logger.success(\n `${appLabel}: tokenVault profile \"${ids.profileId}\" is ready.\\n`,\n );\n}\n\nexport function interactiveSetupAllowed(\n allowInteractiveBootstrap?: boolean,\n): boolean {\n if (allowInteractiveBootstrap === false) return false;\n if (allowInteractiveBootstrap === true) return true;\n return Boolean(process.stdin.isTTY) && !isInCi;\n}\n\nexport async function ensureBootstrapCapability(\n runner: VaultCliRunner,\n ctx: BootstrapContext,\n): Promise<VaultResolution> {\n const { provider, ids, bootstrapCapability } = ctx;\n\n let cfg = await tryResolve(\n runner,\n provider,\n ids.profileId,\n bootstrapCapability,\n undefined,\n );\n if (\n !cfg &&\n (await connectionExists(runner, ids.connectionId)) &&\n provider.refreshModelsAfterBootstrap\n ) {\n const code = await runner.runInherit([\n \"connection\",\n \"refresh-models\",\n ids.connectionId,\n ]);\n if (code === 0) {\n cfg = await tryResolve(\n runner,\n provider,\n ids.profileId,\n bootstrapCapability,\n undefined,\n );\n }\n }\n\n if (!cfg) {\n await bootstrapVaultProfile(ctx, runner);\n cfg = await tryResolve(\n runner,\n provider,\n ids.profileId,\n bootstrapCapability,\n undefined,\n );\n }\n\n if (!cfg) {\n throw new Error(\n `Could not resolve tokenVault profile \"${ids.profileId}\" for capability \"${bootstrapCapability}\" after setup. See: tokenvault resolve ${ids.profileId} --capability ${bootstrapCapability} --json`,\n );\n }\n\n return cfg;\n}\n\nexport async function resolveWithSecret(\n runner: VaultCliRunner,\n provider: TokenVaultBootstrapProvider,\n profileId: string,\n capability: Capability,\n selectionName?: string,\n): Promise<VaultResolution> {\n const argv = [\n \"resolve\",\n profileId,\n \"--capability\",\n capability,\n \"--with-secret\",\n ];\n const trimmed = selectionName?.trim();\n if (trimmed) {\n argv.push(\"--selection\", trimmed);\n }\n const r = await runner.runJson(argv);\n if (r.code !== 0) {\n throw new Error(\n r.stderr ||\n r.stdout ||\n `tokenvault resolve failed (exit ${r.code}) for profile \"${profileId}\" capability \"${capability}\"`,\n );\n }\n return parseResolveStdout(r.stdout, provider, {\n profileId,\n capability,\n ...(trimmed ? { selectionName: trimmed } : {}),\n });\n}\n\nexport async function listVaultSnapshot(\n runner: VaultCliRunner,\n): Promise<VaultListResult> {\n const r = await runner.runJson([\"list\"]);\n if (r.code !== 0) {\n throw new Error(\n r.stderr || r.stdout || `tokenvault list failed (exit ${r.code})`,\n );\n }\n const payload = parseVaultListPayload(r.stdout);\n if (!payload) {\n throw new Error(\"Could not parse JSON from `tokenvault list`.\");\n }\n return {\n providers: payload.providers,\n credentials: payload.credentials ?? [],\n connections: payload.connections ?? [],\n profiles: payload.profiles ?? [],\n };\n}\n\nexport async function selectCapabilityModel(\n runner: VaultCliRunner,\n params: {\n profileId: string;\n capability: Capability;\n connectionId: string;\n modelId: string;\n /** Named selection id (`multi` layout only). */\n selection?: string;\n },\n): Promise<void> {\n const argv = [\n \"profile\",\n \"select\",\n params.profileId,\n params.capability,\n params.connectionId,\n params.modelId,\n ];\n const trimmed = params.selection?.trim();\n if (trimmed) {\n argv.push(\"--selection\", trimmed);\n }\n const r = await runner.runJson(argv);\n if (r.code !== 0) {\n throw new Error(\n r.stderr ||\n r.stdout ||\n `tokenvault profile select failed (exit ${r.code})`,\n );\n }\n}\n\nexport async function createVaultProfile(\n runner: VaultCliRunner,\n profileId: string,\n options?: { mode?: ProfileLayoutMode },\n): Promise<void> {\n const argv = [\"profile\", \"create\", profileId];\n if (options?.mode === \"multi\") {\n argv.push(\"--mode\", \"multi\");\n }\n const r = await runner.runJson(argv);\n if (r.code !== 0) {\n throw new Error(\n r.stderr ||\n r.stdout ||\n `tokenvault profile create failed (exit ${r.code})`,\n );\n }\n}\n\nexport async function setProfileLayoutMode(\n runner: VaultCliRunner,\n params: { profileId: string; mode: ProfileLayoutMode },\n): Promise<void> {\n const r = await runner.runJson([\n \"profile\",\n \"mode\",\n \"set\",\n params.profileId,\n params.mode,\n ]);\n if (r.code !== 0) {\n throw new Error(\n r.stderr ||\n r.stdout ||\n `tokenvault profile mode set failed (exit ${r.code})`,\n );\n }\n}\n\nexport async function removeProfileNamedSelection(\n runner: VaultCliRunner,\n params: {\n profileId: string;\n capability: Capability;\n selectionName: string;\n },\n): Promise<void> {\n const name = params.selectionName.trim();\n const r = await runner.runJson([\n \"profile\",\n \"selection\",\n \"remove\",\n params.profileId,\n params.capability,\n name,\n ]);\n if (r.code !== 0) {\n throw new Error(\n r.stderr ||\n r.stdout ||\n `tokenvault profile selection remove failed (exit ${r.code})`,\n );\n }\n}\n\nexport async function inspectVaultProfile(\n runner: VaultCliRunner,\n profileId: string,\n): Promise<VaultProfileRecord> {\n const r = await runner.runJson([\"profile\", \"inspect\", profileId]);\n if (r.code !== 0) {\n throw new Error(\n r.stderr ||\n r.stdout ||\n `tokenvault profile inspect failed (exit ${r.code})`,\n );\n }\n let payload: unknown;\n try {\n payload = JSON.parse(r.stdout);\n } catch {\n throw new Error(\"Could not parse JSON from `tokenvault profile inspect`.\");\n }\n const profile = (payload as { profile?: VaultProfileRecord }).profile;\n if (!profile || typeof profile.id !== \"string\" || typeof profile.mode !== \"string\") {\n throw new Error(\n \"`tokenvault profile inspect` JSON did not include a valid profile object.\",\n );\n }\n return profile;\n}\n","import type { TokenVaultBootstrapProvider } from \"./provider.ts\";\nimport type { ListPayload, VaultResolution, ValidationContext } from \"./types.ts\";\n\nexport function parseVaultListPayload(stdout: string): ListPayload | null {\n try {\n return JSON.parse(stdout) as ListPayload;\n } catch {\n return null;\n }\n}\n\nexport function parseResolveStdout(\n stdout: string,\n provider: TokenVaultBootstrapProvider,\n ctx: ValidationContext,\n): VaultResolution {\n let data: unknown;\n try {\n data = JSON.parse(stdout);\n } catch {\n throw new Error(\n \"Could not parse JSON from `tokenvault resolve` (unexpected output).\",\n );\n }\n const resolution = (data as { resolution?: Record<string, unknown> })\n .resolution;\n if (!resolution || typeof resolution !== \"object\") {\n throw new Error(\n \"`tokenvault resolve` JSON did not include a resolution object.\",\n );\n }\n const apiKey =\n typeof resolution.apiKey === \"string\" ? resolution.apiKey.trim() : \"\";\n const modelId =\n typeof resolution.modelId === \"string\" ? resolution.modelId.trim() : \"\";\n const providerId =\n typeof resolution.providerId === \"string\"\n ? resolution.providerId.trim()\n : \"\";\n const apiBaseUrl =\n typeof resolution.apiBaseUrl === \"string\" && resolution.apiBaseUrl.trim()\n ? resolution.apiBaseUrl.trim()\n : undefined;\n const connectionId =\n typeof resolution.connectionId === \"string\"\n ? resolution.connectionId.trim()\n : undefined;\n const credentialId =\n typeof resolution.credentialId === \"string\"\n ? resolution.credentialId.trim()\n : undefined;\n\n const modeRaw =\n (typeof resolution.profileMode === \"string\"\n ? resolution.profileMode.trim()\n : \"\") ||\n (typeof (resolution as { mode?: unknown }).mode === \"string\"\n ? String((resolution as { mode?: string }).mode).trim()\n : \"\");\n const profileMode =\n modeRaw === \"single\" || modeRaw === \"multi\" ? modeRaw : undefined;\n\n const selRaw =\n (typeof resolution.selection === \"string\"\n ? resolution.selection.trim()\n : \"\") ||\n (typeof resolution.selectionName === \"string\"\n ? resolution.selectionName.trim()\n : \"\");\n const selectionName = selRaw || undefined;\n\n if (!apiKey) {\n throw new Error(\n \"`tokenvault resolve` did not return an apiKey. Use a tokenVault build that supports `tokenvault resolve --with-secret` (see TOKENVAULT.md in the tokenVault repository).\",\n );\n }\n\n const out: VaultResolution = {\n apiKey,\n modelId,\n providerId,\n baseURL: apiBaseUrl,\n connectionId,\n credentialId,\n ...(profileMode !== undefined ? { profileMode } : {}),\n ...(selectionName !== undefined ? { selectionName } : {}),\n };\n provider.validateResolution(out, {\n ...ctx,\n ...(profileMode !== undefined ? { profileMode } : {}),\n ...(selectionName !== undefined ? { selectionName } : {}),\n });\n return out;\n}\n","import fs from \"node:fs\";\nimport path from \"node:path\";\n\n/**\n * Resolve `tokenvault` on PATH (Windows respects PATHEXT).\n * @throws if not found and no explicit path\n */\nexport function resolveTokenvaultExecutable(explicit?: string): string {\n const trimmed = explicit?.trim();\n if (trimmed) return trimmed;\n const fromEnv = process.env.TOKENVAULT_BIN?.trim();\n if (fromEnv) return fromEnv;\n const found = whichOnPath(\"tokenvault\");\n if (!found) {\n throw new Error(\n \"tokenVault is not available: `tokenvault` was not found on PATH. Install tokenVault and link the CLI, or set TOKENVAULT_BIN to the tokenvault executable.\",\n );\n }\n return found;\n}\n\nfunction whichOnPath(cmd: string): string | null {\n const isWin = process.platform === \"win32\";\n const paths = process.env.PATH?.split(path.delimiter) ?? [];\n const exts = isWin\n ? process.env.PATHEXT?.split(path.delimiter) ?? [\".EXE\", \".CMD\", \".BAT\", \"\"]\n : [\"\"];\n\n for (const dir of paths) {\n for (const ext of exts) {\n const candidate = path.join(dir, cmd + ext);\n try {\n const st = fs.statSync(candidate);\n if (!st.isFile()) continue;\n if (!isWin) {\n try {\n fs.accessSync(candidate, fs.constants.X_OK);\n } catch {\n continue;\n }\n }\n return candidate;\n } catch {\n /* try next */\n }\n }\n }\n return null;\n}\n","import type { Logger } from \"./types.ts\";\n\nfunction stderrColorEnabled(): boolean {\n if (process.env.NO_COLOR) return false;\n if (process.env.TERM === \"dumb\") return false;\n return Boolean(process.stderr.isTTY);\n}\n\nconst ANSI_YELLOW = \"\\x1b[33m\";\nconst ANSI_GREEN = \"\\x1b[32m\";\nconst ANSI_RESET = \"\\x1b[0m\";\n\nexport function createDefaultLogger(): Logger {\n return {\n notice(message: string): void {\n if (stderrColorEnabled())\n console.error(`${ANSI_YELLOW}${message}${ANSI_RESET}`);\n else console.error(message);\n },\n success(message: string): void {\n if (stderrColorEnabled())\n console.error(`${ANSI_GREEN}${message}${ANSI_RESET}`);\n else console.error(message);\n },\n };\n}\n","import { spawn } from \"node:child_process\";\nimport { vaultProcessEnv } from \"./env.ts\";\nimport { resolveTokenvaultExecutable } from \"./executable.ts\";\n\nexport type RunJsonResult = { code: number; stdout: string; stderr: string };\n\nexport type VaultCliRunner = {\n runJson: (args: string[]) => Promise<RunJsonResult>;\n runInherit: (args: string[]) => Promise<number>;\n};\n\nexport function createVaultCliRunner(options: {\n executablePath?: string;\n env?: () => NodeJS.ProcessEnv;\n}): VaultCliRunner {\n const envFactory = options.env ?? vaultProcessEnv;\n\n function executable(): string {\n return resolveTokenvaultExecutable(options.executablePath);\n }\n\n return {\n async runJson(args: string[]): Promise<RunJsonResult> {\n const exe = executable();\n const env = envFactory();\n const stdinMode = process.stdin.isTTY ? \"inherit\" : \"ignore\";\n return await spawnCapture([exe, \"--json\", ...args], env, stdinMode);\n },\n async runInherit(args: string[]): Promise<number> {\n const exe = executable();\n const env = envFactory();\n return await spawnInheritAll([exe, ...args], env);\n },\n };\n}\n\nfunction spawnCapture(\n argv: string[],\n env: NodeJS.ProcessEnv,\n stdinMode: \"inherit\" | \"ignore\",\n): Promise<RunJsonResult> {\n const [executablePath, ...args] = argv;\n return new Promise((resolve, reject) => {\n const child = spawn(executablePath!, args, {\n env,\n stdio: [stdinMode, \"pipe\", \"pipe\"],\n });\n let stdout = \"\";\n let stderr = \"\";\n child.stdout?.setEncoding(\"utf8\");\n child.stderr?.setEncoding(\"utf8\");\n child.stdout?.on(\"data\", (c: string) => {\n stdout += c;\n });\n child.stderr?.on(\"data\", (c: string) => {\n stderr += c;\n });\n child.on(\"error\", reject);\n child.on(\"close\", (code) => {\n resolve({\n code: code ?? 1,\n stdout: stdout.trimEnd(),\n stderr: stderr.trimEnd(),\n });\n });\n });\n}\n\nfunction spawnInheritAll(\n argv: string[],\n env: NodeJS.ProcessEnv,\n): Promise<number> {\n const [executablePath, ...args] = argv;\n return new Promise((resolve, reject) => {\n const child = spawn(executablePath!, args, { env, stdio: \"inherit\" });\n child.on(\"error\", reject);\n child.on(\"close\", (code) => resolve(code ?? 1));\n });\n}\n","/**\n * Prefer the OS secure store (Keychain / Secret Service / DPAPI) so tokenVault does not create a\n * passphrase-backed vault. Ignored if the user already has `vault/passphrase-envelope.json` or\n * sets TOKENVAULT_SECURE_STORE themselves.\n */\nexport function vaultProcessEnv(): NodeJS.ProcessEnv {\n const env: NodeJS.ProcessEnv = { ...process.env };\n if (env.TOKENVAULT_SECURE_STORE?.trim()) return env;\n switch (process.platform) {\n case \"darwin\":\n env.TOKENVAULT_SECURE_STORE = \"macos-keychain\";\n break;\n case \"win32\":\n env.TOKENVAULT_SECURE_STORE = \"windows\";\n break;\n case \"linux\":\n env.TOKENVAULT_SECURE_STORE = \"linux-secret-service\";\n break;\n default:\n break;\n }\n return env;\n}\n","import {\n assertCapability,\n CAPABILITY,\n type Capability,\n} from \"./capability.ts\";\nimport {\n createVaultProfile,\n ensureBootstrapCapability,\n inspectVaultProfile,\n interactiveSetupAllowed,\n listVaultSnapshot,\n removeProfileNamedSelection,\n resolveWithSecret,\n selectCapabilityModel,\n setProfileLayoutMode,\n type BootstrapContext,\n type BootstrapIds,\n} from \"./bootstrap.ts\";\nimport { resolveTokenvaultExecutable } from \"./executable.ts\";\nimport { createDefaultLogger } from \"./logger.ts\";\nimport type { TokenVaultBootstrapProvider } from \"./provider.ts\";\nimport {\n createVaultCliRunner,\n type VaultCliRunner,\n} from \"./runner.ts\";\nimport type {\n Logger,\n ProfileLayoutMode,\n VaultListResult,\n VaultProfileRecord,\n VaultResolution,\n} from \"./types.ts\";\n\nexport type CreateTokenVaultOptions = {\n provider: TokenVaultBootstrapProvider;\n appLabel: string;\n /** Default model per capability; must include entry for `bootstrapCapability` */\n defaultModelByCapability: Partial<Record<Capability, string>>;\n /** Capability wired by `ensure()` (default: chat) */\n bootstrapCapability?: Capability;\n executablePath?: string;\n allowInteractiveBootstrap?: boolean;\n logger?: Logger;\n /** @internal Inject for tests */\n runner?: VaultCliRunner;\n} & (\n | { namespace: string }\n | {\n profileId: string;\n connectionId: string;\n credentialId: string;\n }\n);\n\nexport type TokenVault = {\n /** Bootstrap `bootstrapCapability` for the given profile triple; optional one-off namespace convention. */\n ensure: (namespaceOverride?: string) => Promise<VaultResolution>;\n listProfiles: () => Promise<VaultListResult>;\n /** Profile used by `key()`, `setCapabilityModel`, and related helpers (default: bootstrap profile). */\n useProfile: (profileId: string) => void;\n get activeProfileId(): string;\n key: (\n capability: Capability | string,\n options?: { selection?: string },\n ) => Promise<VaultResolution>;\n setCapabilityModel: (\n capability: Capability | string,\n connectionId: string,\n modelId: string,\n options?: { selection?: string },\n ) => Promise<void>;\n /** Remove a named selection on the active profile (`multi` layout only). */\n removeNamedSelection: (\n capability: Capability | string,\n selectionName: string,\n ) => Promise<void>;\n /** Switch active profile between default-slot-per-capability and named selections per capability. */\n setProfileLayoutMode: (mode: ProfileLayoutMode) => Promise<void>;\n /** Create a profile id (optional `multi` layout). */\n createProfile: (\n name: string,\n options?: { mode?: ProfileLayoutMode },\n ) => Promise<void>;\n /** Full profile record from `tokenvault profile inspect` (includes explicit `mode`). */\n inspectProfile: (profileId?: string) => Promise<VaultProfileRecord>;\n};\n\nfunction idsFromNamespace(\n ns: string,\n provider: TokenVaultBootstrapProvider,\n): BootstrapIds {\n const artifact = `${ns}-${provider.tokenvaultProviderId}`;\n return { profileId: ns, connectionId: artifact, credentialId: artifact };\n}\n\nfunction resolveBootstrapIds(\n options: CreateTokenVaultOptions,\n): BootstrapIds {\n if (\"namespace\" in options) {\n return idsFromNamespace(options.namespace, options.provider);\n }\n return {\n profileId: options.profileId,\n connectionId: options.connectionId,\n credentialId: options.credentialId,\n };\n}\n\nexport function createTokenVault(\n options: CreateTokenVaultOptions,\n): TokenVault {\n const provider = options.provider;\n const bootstrapCapability =\n options.bootstrapCapability ?? CAPABILITY.chat;\n const defaultModelRaw =\n options.defaultModelByCapability[bootstrapCapability]?.trim();\n if (!defaultModelRaw) {\n throw new Error(\n `createTokenVault: defaultModelByCapability must include a default model for bootstrap capability \"${bootstrapCapability}\"`,\n );\n }\n const defaultModelId: string = defaultModelRaw;\n\n if (!options.runner) {\n resolveTokenvaultExecutable(options.executablePath);\n }\n\n const runner =\n options.runner ??\n createVaultCliRunner({ executablePath: options.executablePath });\n\n const bootstrapIds = resolveBootstrapIds(options);\n let resolveProfileId = bootstrapIds.profileId;\n\n const logger = options.logger ?? createDefaultLogger();\n const allowInteractive = interactiveSetupAllowed(\n options.allowInteractiveBootstrap,\n );\n\n function buildContext(ids: BootstrapIds): BootstrapContext {\n return {\n provider,\n ids,\n bootstrapCapability,\n defaultModelId,\n appLabel: options.appLabel,\n logger,\n allowInteractive,\n };\n }\n\n return {\n async ensure(namespaceOverride?: string): Promise<VaultResolution> {\n const trimmed = namespaceOverride?.trim();\n const ids = trimmed\n ? idsFromNamespace(trimmed, provider)\n : bootstrapIds;\n return await ensureBootstrapCapability(\n runner,\n buildContext(ids),\n );\n },\n\n async listProfiles(): Promise<VaultListResult> {\n return await listVaultSnapshot(runner);\n },\n\n useProfile(profileId: string): void {\n resolveProfileId = profileId;\n },\n\n get activeProfileId(): string {\n return resolveProfileId;\n },\n\n async key(\n capability: Capability | string,\n options?: { selection?: string },\n ): Promise<VaultResolution> {\n const cap = typeof capability === \"string\" ? assertCapability(capability) : capability;\n return await resolveWithSecret(\n runner,\n provider,\n resolveProfileId,\n cap,\n options?.selection,\n );\n },\n\n async setCapabilityModel(\n capability: Capability | string,\n connectionId: string,\n modelId: string,\n options?: { selection?: string },\n ): Promise<void> {\n const cap =\n typeof capability === \"string\" ? assertCapability(capability) : capability;\n await selectCapabilityModel(runner, {\n profileId: resolveProfileId,\n capability: cap,\n connectionId,\n modelId,\n selection: options?.selection,\n });\n },\n\n async removeNamedSelection(\n capability: Capability | string,\n selectionName: string,\n ): Promise<void> {\n const cap =\n typeof capability === \"string\" ? assertCapability(capability) : capability;\n await removeProfileNamedSelection(runner, {\n profileId: resolveProfileId,\n capability: cap,\n selectionName,\n });\n },\n\n async setProfileLayoutMode(mode: ProfileLayoutMode): Promise<void> {\n await setProfileLayoutMode(runner, {\n profileId: resolveProfileId,\n mode,\n });\n },\n\n async createProfile(\n name: string,\n options?: { mode?: ProfileLayoutMode },\n ): Promise<void> {\n await createVaultProfile(runner, name, options);\n },\n\n async inspectProfile(profileId?: string): Promise<VaultProfileRecord> {\n const id = (profileId ?? resolveProfileId).trim();\n return await inspectVaultProfile(runner, id);\n },\n };\n}\n","import type {\n CredentialCopyPick,\n ListPayload,\n VaultResolution,\n ValidationContext,\n} from \"./types.ts\";\n\nexport type TokenVaultBootstrapProvider = {\n /** tokenVault adapter id (e.g. `openai`) */\n readonly tokenvaultProviderId: string;\n /** After parse, enforce provider / model rules */\n validateResolution(\n resolution: VaultResolution,\n ctx: ValidationContext,\n ): void;\n /** Connections on other profiles eligible for credential copy during bootstrap */\n listCredentialCopyPicks(\n payload: ListPayload,\n excludeProfileId: string,\n ): CredentialCopyPick[];\n /** Run `connection refresh-models` after wiring (model-capable providers) */\n readonly refreshModelsAfterBootstrap: boolean;\n};\n\nfunction openAiCopyPicks(\n payload: ListPayload,\n excludeProfileId: string,\n): CredentialCopyPick[] {\n const profiles = payload.profiles ?? [];\n const connections = payload.connections ?? [];\n const byConnId = new Map(connections.map((c) => [c.id, c]));\n const seenCred = new Set<string>();\n const out: CredentialCopyPick[] = [];\n for (const p of profiles) {\n if (p.id === excludeProfileId) continue;\n for (const connId of p.attachedConnectionIds ?? []) {\n const c = byConnId.get(connId);\n if (!c || c.providerId !== \"openai\") continue;\n if (seenCred.has(c.credentialId)) continue;\n seenCred.add(c.credentialId);\n out.push({\n profileId: p.id,\n connectionId: c.id,\n credentialId: c.credentialId,\n });\n }\n }\n return out;\n}\n\nconst openAiProvider: TokenVaultBootstrapProvider = {\n tokenvaultProviderId: \"openai\",\n refreshModelsAfterBootstrap: true,\n listCredentialCopyPicks: openAiCopyPicks,\n validateResolution(resolution: VaultResolution, ctx: ValidationContext): void {\n if (resolution.providerId !== \"openai\") {\n throw new Error(\n `tokenVault profile \"${ctx.profileId}\" must select an OpenAI connection for capability \"${ctx.capability}\" (got provider \"${resolution.providerId}\").`,\n );\n }\n if (!resolution.modelId) {\n throw new Error(\n `tokenVault profile \"${ctx.profileId}\" has no model selected for capability \"${ctx.capability}\". Run: tokenvault profile select ${ctx.profileId} ${ctx.capability} <connection> <model>`,\n );\n }\n },\n};\n\nexport const builtInProviders = {\n openai: openAiProvider,\n} as const;\n"],"mappings":";AACO,IAAM,aAAa;AAAA,EACxB,MAAM;AAAA,EACN,WAAW;AAAA,EACX,YAAY;AAAA,EACZ,OAAO;AAAA,EACP,OAAO;AAAA,EACP,QAAQ;AAAA,EACR,OAAO;AACT;AAIA,IAAM,aAAgC,OAAO,OAAO,UAAU;AAEvD,SAAS,aAAa,GAA4B;AACvD,SAAO,WAAW,SAAS,CAAC;AAC9B;AAEO,SAAS,iBAAiB,GAAuB;AACtD,MAAI,CAAC,aAAa,CAAC,GAAG;AACpB,UAAM,IAAI;AAAA,MACR,uBAAuB,CAAC,uBAAuB,WAAW,KAAK,IAAI,CAAC;AAAA,IACtE;AAAA,EACF;AACA,SAAO;AACT;;;AC1BA,YAAY,cAAc;AAC1B,OAAO,YAAY;;;ACEZ,SAAS,sBAAsB,QAAoC;AACxE,MAAI;AACF,WAAO,KAAK,MAAM,MAAM;AAAA,EAC1B,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEO,SAAS,mBACd,QACA,UACA,KACiB;AACjB,MAAI;AACJ,MAAI;AACF,WAAO,KAAK,MAAM,MAAM;AAAA,EAC1B,QAAQ;AACN,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AACA,QAAM,aAAc,KACjB;AACH,MAAI,CAAC,cAAc,OAAO,eAAe,UAAU;AACjD,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AACA,QAAM,SACJ,OAAO,WAAW,WAAW,WAAW,WAAW,OAAO,KAAK,IAAI;AACrE,QAAM,UACJ,OAAO,WAAW,YAAY,WAAW,WAAW,QAAQ,KAAK,IAAI;AACvE,QAAM,aACJ,OAAO,WAAW,eAAe,WAC7B,WAAW,WAAW,KAAK,IAC3B;AACN,QAAM,aACJ,OAAO,WAAW,eAAe,YAAY,WAAW,WAAW,KAAK,IACpE,WAAW,WAAW,KAAK,IAC3B;AACN,QAAM,eACJ,OAAO,WAAW,iBAAiB,WAC/B,WAAW,aAAa,KAAK,IAC7B;AACN,QAAM,eACJ,OAAO,WAAW,iBAAiB,WAC/B,WAAW,aAAa,KAAK,IAC7B;AAEN,QAAM,WACH,OAAO,WAAW,gBAAgB,WAC/B,WAAW,YAAY,KAAK,IAC5B,QACH,OAAQ,WAAkC,SAAS,WAChD,OAAQ,WAAiC,IAAI,EAAE,KAAK,IACpD;AACN,QAAM,cACJ,YAAY,YAAY,YAAY,UAAU,UAAU;AAE1D,QAAM,UACH,OAAO,WAAW,cAAc,WAC7B,WAAW,UAAU,KAAK,IAC1B,QACH,OAAO,WAAW,kBAAkB,WACjC,WAAW,cAAc,KAAK,IAC9B;AACN,QAAM,gBAAgB,UAAU;AAEhC,MAAI,CAAC,QAAQ;AACX,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AAEA,QAAM,MAAuB;AAAA,IAC3B;AAAA,IACA;AAAA,IACA;AAAA,IACA,SAAS;AAAA,IACT;AAAA,IACA;AAAA,IACA,GAAI,gBAAgB,SAAY,EAAE,YAAY,IAAI,CAAC;AAAA,IACnD,GAAI,kBAAkB,SAAY,EAAE,cAAc,IAAI,CAAC;AAAA,EACzD;AACA,WAAS,mBAAmB,KAAK;AAAA,IAC/B,GAAG;AAAA,IACH,GAAI,gBAAgB,SAAY,EAAE,YAAY,IAAI,CAAC;AAAA,IACnD,GAAI,kBAAkB,SAAY,EAAE,cAAc,IAAI,CAAC;AAAA,EACzD,CAAC;AACD,SAAO;AACT;;;AD9DA,SAAS,WAAW,UAAmC;AACrD,QAAM,KAAc,yBAAgB;AAAA,IAClC,OAAO,QAAQ;AAAA,IACf,QAAQ,QAAQ;AAAA,EAClB,CAAC;AACD,SAAO,IAAI,QAAQ,CAAC,YAAY;AAC9B,OAAG,SAAS,UAAU,CAAC,WAAW;AAChC,SAAG,MAAM;AACT,cAAQ,OAAO,KAAK,CAAC;AAAA,IACvB,CAAC;AAAA,EACH,CAAC;AACH;AAEA,eAAe,yBACb,KACA,QACe;AACf,QAAM,EAAE,UAAU,KAAK,OAAO,IAAI;AAClC,QAAM,QAAQ,MAAM,OAAO,QAAQ,CAAC,MAAM,CAAC;AAC3C,QAAM,UACJ,MAAM,SAAS,IAAI,sBAAsB,MAAM,MAAM,IAAI;AAC3D,QAAM,QAAQ,UACV,SAAS,wBAAwB,SAAS,IAAI,SAAS,IACvD,CAAC;AAEL,MAAI,MAAM,WAAW,GAAG;AACtB,WAAO;AAAA,MACL,8CAA8C,SAAS,oBAAoB;AAAA;AAAA,IAC7E;AAAA,EACF,OAAO;AACL,YAAQ,MAAM,EAAE;AAChB,WAAO;AAAA,MACL,sCAAsC,IAAI,YAAY,MAAM,SAAS,oBAAoB;AAAA,IAC3F;AACA,WAAO;AAAA,MACL;AAAA,IACF;AACA,WAAO;AAAA,MACL;AAAA,IACF;AACA,YAAQ,MAAM,EAAE;AAChB,UAAM,MAAM,MAAM,WAAW,qBAAqB;AAClD,UAAM,OAAO,QAAQ,KAAK,MAAM;AAEhC,QAAI,SAAS,KAAK;AAChB,cAAQ,MAAM,EAAE;AAChB,eAAS,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK;AACrC,cAAM,IAAI,MAAM,CAAC;AACjB,eAAO;AAAA,UACL,KAAK,IAAI,CAAC,cAAc,EAAE,SAAS,wBAAmB,EAAE,YAAY,wBAAmB,EAAE,YAAY;AAAA,QACvG;AAAA,MACF;AACA,cAAQ,MAAM,EAAE;AAChB,YAAM,SAAS,MAAM;AAAA,QACnB,gBAAW,MAAM,MAAM;AAAA,MACzB;AACA,UAAI,WAAW,IAAI;AACjB,cAAM,IAAI,OAAO,SAAS,QAAQ,EAAE;AACpC,YAAI,OAAO,SAAS,CAAC,KAAK,KAAK,KAAK,KAAK,MAAM,QAAQ;AACrD,gBAAM,SAAS,MAAM,IAAI,CAAC,EAAG;AAC7B,gBAAM,QAAQ,MAAM,OAAO,QAAQ;AAAA,YACjC;AAAA,YACA;AAAA,YACA;AAAA,YACA,IAAI;AAAA,UACN,CAAC;AACD,cAAI,MAAM,SAAS,GAAG;AACpB,oBAAQ,MAAM,EAAE;AAChB;AAAA,UACF;AACA,gBAAM,IAAI;AAAA,YACR,MAAM,UACJ,MAAM,UACN,2CAA2C,MAAM,IAAI;AAAA,UACzD;AAAA,QACF;AAAA,MACF;AACA,aAAO,OAAO,8BAA8B;AAAA,IAC9C;AAEA,WAAO,OAAO,mDAAmD;AAAA,EACnE;AAEA,QAAM,OAAO,MAAM,OAAO,WAAW;AAAA,IACnC;AAAA,IACA;AAAA,IACA,SAAS;AAAA,IACT,IAAI;AAAA,EACN,CAAC;AACD,MAAI,SAAS,GAAG;AACd,UAAM,IAAI,MAAM,0CAA0C,IAAI,GAAG;AAAA,EACnE;AACF;AAEA,eAAe,cACb,QACA,WACkB;AAClB,QAAM,IAAI,MAAM,OAAO,QAAQ,CAAC,MAAM,CAAC;AACvC,MAAI,EAAE,SAAS,EAAG,QAAO;AACzB,MAAI;AACJ,MAAI;AACF,cAAU,KAAK,MAAM,EAAE,MAAM;AAAA,EAC/B,QAAQ;AACN,WAAO;AAAA,EACT;AACA,SAAO,QAAQ,QAAQ,UAAU,KAAK,CAAC,MAAM,EAAE,OAAO,SAAS,CAAC;AAClE;AAEA,eAAe,iBACb,QACA,cACkB;AAClB,QAAM,IAAI,MAAM,OAAO,QAAQ,CAAC,cAAc,WAAW,YAAY,CAAC;AACtE,SAAO,EAAE,SAAS;AACpB;AAEA,eAAe,iBACb,QACA,cACkB;AAClB,QAAM,IAAI,MAAM,OAAO,QAAQ,CAAC,cAAc,WAAW,YAAY,CAAC;AACtE,SAAO,EAAE,SAAS;AACpB;AAEA,eAAe,WACb,QACA,UACA,WACA,YACA,eACiC;AACjC,QAAM,OAAO;AAAA,IACX;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACA,QAAM,UAAU,eAAe,KAAK;AACpC,MAAI,SAAS;AACX,SAAK,KAAK,eAAe,OAAO;AAAA,EAClC;AACA,QAAM,IAAI,MAAM,OAAO,QAAQ,IAAI;AACnC,MAAI,EAAE,SAAS,EAAG,QAAO;AACzB,SAAO,mBAAmB,EAAE,QAAQ,UAAU;AAAA,IAC5C;AAAA,IACA;AAAA,IACA,GAAI,UAAU,EAAE,eAAe,QAAQ,IAAI,CAAC;AAAA,EAC9C,CAAC;AACH;AAEA,eAAe,sBACb,KACA,QACe;AACf,QAAM,EAAE,UAAU,KAAK,qBAAqB,gBAAgB,QAAQ,SAAS,IAC3E;AAEF,MAAI,CAAC,IAAI,kBAAkB;AACzB,UAAM,IAAI;AAAA,MACR,uBAAuB,IAAI,SAAS,qJAAqJ,IAAI,SAAS;AAAA,IACxM;AAAA,EACF;AAEA,UAAQ,MAAM,EAAE;AAChB,SAAO;AAAA,IACL,GAAG,QAAQ,yBAAyB,IAAI,SAAS,sDAAsD,IAAI,YAAY;AAAA,EACzH;AACA,UAAQ,MAAM,EAAE;AAEhB,MAAI,CAAE,MAAM,cAAc,QAAQ,IAAI,SAAS,GAAI;AACjD,UAAM,IAAI,MAAM,OAAO,QAAQ,CAAC,WAAW,UAAU,IAAI,SAAS,CAAC;AACnE,QAAI,EAAE,SAAS,GAAG;AAChB,YAAM,IAAI;AAAA,QACR,EAAE,UAAU,EAAE,UAAU,0CAA0C,EAAE,IAAI;AAAA,MAC1E;AAAA,IACF;AAAA,EACF;AAEA,MAAI,CAAE,MAAM,iBAAiB,QAAQ,IAAI,YAAY,GAAI;AACvD,UAAM,yBAAyB,KAAK,MAAM;AAAA,EAC5C;AAEA,MAAI,CAAE,MAAM,iBAAiB,QAAQ,IAAI,YAAY,GAAI;AACvD,UAAM,IAAI,MAAM,OAAO,QAAQ;AAAA,MAC7B;AAAA,MACA;AAAA,MACA,SAAS;AAAA,MACT,IAAI;AAAA,MACJ;AAAA,MACA,IAAI;AAAA,IACN,CAAC;AACD,QAAI,EAAE,SAAS,GAAG;AAChB,YAAM,IAAI;AAAA,QACR,EAAE,UACA,EAAE,UACF,0CAA0C,EAAE,IAAI;AAAA,MACpD;AAAA,IACF;AAAA,EACF;AAEA;AACE,UAAM,IAAI,MAAM,OAAO,QAAQ;AAAA,MAC7B;AAAA,MACA;AAAA,MACA,IAAI;AAAA,MACJ,IAAI;AAAA,IACN,CAAC;AACD,QAAI,EAAE,SAAS,GAAG;AAChB,YAAM,IAAI;AAAA,QACR,EAAE,UACA,EAAE,UACF,0CAA0C,EAAE,IAAI;AAAA,MACpD;AAAA,IACF;AAAA,EACF;AAEA,MAAI,SAAS,6BAA6B;AACxC,WAAO,OAAO,8CAAyC;AACvD,UAAM,OAAO,MAAM,OAAO,WAAW;AAAA,MACnC;AAAA,MACA;AAAA,MACA,IAAI;AAAA,IACN,CAAC;AACD,QAAI,SAAS,GAAG;AACd,YAAM,IAAI;AAAA,QACR,qDAAqD,IAAI;AAAA,MAC3D;AAAA,IACF;AAAA,EACF;AAEA;AACE,UAAM,IAAI,MAAM,OAAO,QAAQ;AAAA,MAC7B;AAAA,MACA;AAAA,MACA,IAAI;AAAA,MACJ;AAAA,MACA,IAAI;AAAA,MACJ;AAAA,IACF,CAAC;AACD,QAAI,EAAE,SAAS,GAAG;AAChB,YAAM,IAAI;AAAA,QACR,EAAE,UACA,EAAE,UACF,0CAA0C,EAAE,IAAI,gDAAgD,IAAI,YAAY;AAAA,MACpH;AAAA,IACF;AAAA,EACF;AAEA,UAAQ,MAAM,EAAE;AAChB,SAAO;AAAA,IACL,GAAG,QAAQ,yBAAyB,IAAI,SAAS;AAAA;AAAA,EACnD;AACF;AAEO,SAAS,wBACd,2BACS;AACT,MAAI,8BAA8B,MAAO,QAAO;AAChD,MAAI,8BAA8B,KAAM,QAAO;AAC/C,SAAO,QAAQ,QAAQ,MAAM,KAAK,KAAK,CAAC;AAC1C;AAEA,eAAsB,0BACpB,QACA,KAC0B;AAC1B,QAAM,EAAE,UAAU,KAAK,oBAAoB,IAAI;AAE/C,MAAI,MAAM,MAAM;AAAA,IACd;AAAA,IACA;AAAA,IACA,IAAI;AAAA,IACJ;AAAA,IACA;AAAA,EACF;AACA,MACE,CAAC,OACA,MAAM,iBAAiB,QAAQ,IAAI,YAAY,KAChD,SAAS,6BACT;AACA,UAAM,OAAO,MAAM,OAAO,WAAW;AAAA,MACnC;AAAA,MACA;AAAA,MACA,IAAI;AAAA,IACN,CAAC;AACD,QAAI,SAAS,GAAG;AACd,YAAM,MAAM;AAAA,QACV;AAAA,QACA;AAAA,QACA,IAAI;AAAA,QACJ;AAAA,QACA;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAEA,MAAI,CAAC,KAAK;AACR,UAAM,sBAAsB,KAAK,MAAM;AACvC,UAAM,MAAM;AAAA,MACV;AAAA,MACA;AAAA,MACA,IAAI;AAAA,MACJ;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEA,MAAI,CAAC,KAAK;AACR,UAAM,IAAI;AAAA,MACR,yCAAyC,IAAI,SAAS,qBAAqB,mBAAmB,0CAA0C,IAAI,SAAS,iBAAiB,mBAAmB;AAAA,IAC3L;AAAA,EACF;AAEA,SAAO;AACT;AAEA,eAAsB,kBACpB,QACA,UACA,WACA,YACA,eAC0B;AAC1B,QAAM,OAAO;AAAA,IACX;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACA,QAAM,UAAU,eAAe,KAAK;AACpC,MAAI,SAAS;AACX,SAAK,KAAK,eAAe,OAAO;AAAA,EAClC;AACA,QAAM,IAAI,MAAM,OAAO,QAAQ,IAAI;AACnC,MAAI,EAAE,SAAS,GAAG;AAChB,UAAM,IAAI;AAAA,MACR,EAAE,UACA,EAAE,UACF,mCAAmC,EAAE,IAAI,kBAAkB,SAAS,iBAAiB,UAAU;AAAA,IACnG;AAAA,EACF;AACA,SAAO,mBAAmB,EAAE,QAAQ,UAAU;AAAA,IAC5C;AAAA,IACA;AAAA,IACA,GAAI,UAAU,EAAE,eAAe,QAAQ,IAAI,CAAC;AAAA,EAC9C,CAAC;AACH;AAEA,eAAsB,kBACpB,QAC0B;AAC1B,QAAM,IAAI,MAAM,OAAO,QAAQ,CAAC,MAAM,CAAC;AACvC,MAAI,EAAE,SAAS,GAAG;AAChB,UAAM,IAAI;AAAA,MACR,EAAE,UAAU,EAAE,UAAU,gCAAgC,EAAE,IAAI;AAAA,IAChE;AAAA,EACF;AACA,QAAM,UAAU,sBAAsB,EAAE,MAAM;AAC9C,MAAI,CAAC,SAAS;AACZ,UAAM,IAAI,MAAM,8CAA8C;AAAA,EAChE;AACA,SAAO;AAAA,IACL,WAAW,QAAQ;AAAA,IACnB,aAAa,QAAQ,eAAe,CAAC;AAAA,IACrC,aAAa,QAAQ,eAAe,CAAC;AAAA,IACrC,UAAU,QAAQ,YAAY,CAAC;AAAA,EACjC;AACF;AAEA,eAAsB,sBACpB,QACA,QAQe;AACf,QAAM,OAAO;AAAA,IACX;AAAA,IACA;AAAA,IACA,OAAO;AAAA,IACP,OAAO;AAAA,IACP,OAAO;AAAA,IACP,OAAO;AAAA,EACT;AACA,QAAM,UAAU,OAAO,WAAW,KAAK;AACvC,MAAI,SAAS;AACX,SAAK,KAAK,eAAe,OAAO;AAAA,EAClC;AACA,QAAM,IAAI,MAAM,OAAO,QAAQ,IAAI;AACnC,MAAI,EAAE,SAAS,GAAG;AAChB,UAAM,IAAI;AAAA,MACR,EAAE,UACA,EAAE,UACF,0CAA0C,EAAE,IAAI;AAAA,IACpD;AAAA,EACF;AACF;AAEA,eAAsB,mBACpB,QACA,WACA,SACe;AACf,QAAM,OAAO,CAAC,WAAW,UAAU,SAAS;AAC5C,MAAI,SAAS,SAAS,SAAS;AAC7B,SAAK,KAAK,UAAU,OAAO;AAAA,EAC7B;AACA,QAAM,IAAI,MAAM,OAAO,QAAQ,IAAI;AACnC,MAAI,EAAE,SAAS,GAAG;AAChB,UAAM,IAAI;AAAA,MACR,EAAE,UACA,EAAE,UACF,0CAA0C,EAAE,IAAI;AAAA,IACpD;AAAA,EACF;AACF;AAEA,eAAsB,qBACpB,QACA,QACe;AACf,QAAM,IAAI,MAAM,OAAO,QAAQ;AAAA,IAC7B;AAAA,IACA;AAAA,IACA;AAAA,IACA,OAAO;AAAA,IACP,OAAO;AAAA,EACT,CAAC;AACD,MAAI,EAAE,SAAS,GAAG;AAChB,UAAM,IAAI;AAAA,MACR,EAAE,UACA,EAAE,UACF,4CAA4C,EAAE,IAAI;AAAA,IACtD;AAAA,EACF;AACF;AAEA,eAAsB,4BACpB,QACA,QAKe;AACf,QAAM,OAAO,OAAO,cAAc,KAAK;AACvC,QAAM,IAAI,MAAM,OAAO,QAAQ;AAAA,IAC7B;AAAA,IACA;AAAA,IACA;AAAA,IACA,OAAO;AAAA,IACP,OAAO;AAAA,IACP;AAAA,EACF,CAAC;AACD,MAAI,EAAE,SAAS,GAAG;AAChB,UAAM,IAAI;AAAA,MACR,EAAE,UACA,EAAE,UACF,oDAAoD,EAAE,IAAI;AAAA,IAC9D;AAAA,EACF;AACF;AAEA,eAAsB,oBACpB,QACA,WAC6B;AAC7B,QAAM,IAAI,MAAM,OAAO,QAAQ,CAAC,WAAW,WAAW,SAAS,CAAC;AAChE,MAAI,EAAE,SAAS,GAAG;AAChB,UAAM,IAAI;AAAA,MACR,EAAE,UACA,EAAE,UACF,2CAA2C,EAAE,IAAI;AAAA,IACrD;AAAA,EACF;AACA,MAAI;AACJ,MAAI;AACF,cAAU,KAAK,MAAM,EAAE,MAAM;AAAA,EAC/B,QAAQ;AACN,UAAM,IAAI,MAAM,yDAAyD;AAAA,EAC3E;AACA,QAAM,UAAW,QAA6C;AAC9D,MAAI,CAAC,WAAW,OAAO,QAAQ,OAAO,YAAY,OAAO,QAAQ,SAAS,UAAU;AAClF,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AACA,SAAO;AACT;;;AE9gBA,OAAO,QAAQ;AACf,OAAO,UAAU;AAMV,SAAS,4BAA4B,UAA2B;AACrE,QAAM,UAAU,UAAU,KAAK;AAC/B,MAAI,QAAS,QAAO;AACpB,QAAM,UAAU,QAAQ,IAAI,gBAAgB,KAAK;AACjD,MAAI,QAAS,QAAO;AACpB,QAAM,QAAQ,YAAY,YAAY;AACtC,MAAI,CAAC,OAAO;AACV,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AACA,SAAO;AACT;AAEA,SAAS,YAAY,KAA4B;AAC/C,QAAM,QAAQ,QAAQ,aAAa;AACnC,QAAM,QAAQ,QAAQ,IAAI,MAAM,MAAM,KAAK,SAAS,KAAK,CAAC;AAC1D,QAAM,OAAO,QACT,QAAQ,IAAI,SAAS,MAAM,KAAK,SAAS,KAAK,CAAC,QAAQ,QAAQ,QAAQ,EAAE,IACzE,CAAC,EAAE;AAEP,aAAW,OAAO,OAAO;AACvB,eAAW,OAAO,MAAM;AACtB,YAAM,YAAY,KAAK,KAAK,KAAK,MAAM,GAAG;AAC1C,UAAI;AACF,cAAM,KAAK,GAAG,SAAS,SAAS;AAChC,YAAI,CAAC,GAAG,OAAO,EAAG;AAClB,YAAI,CAAC,OAAO;AACV,cAAI;AACF,eAAG,WAAW,WAAW,GAAG,UAAU,IAAI;AAAA,UAC5C,QAAQ;AACN;AAAA,UACF;AAAA,QACF;AACA,eAAO;AAAA,MACT,QAAQ;AAAA,MAER;AAAA,IACF;AAAA,EACF;AACA,SAAO;AACT;;;AC9CA,SAAS,qBAA8B;AACrC,MAAI,QAAQ,IAAI,SAAU,QAAO;AACjC,MAAI,QAAQ,IAAI,SAAS,OAAQ,QAAO;AACxC,SAAO,QAAQ,QAAQ,OAAO,KAAK;AACrC;AAEA,IAAM,cAAc;AACpB,IAAM,aAAa;AACnB,IAAM,aAAa;AAEZ,SAAS,sBAA8B;AAC5C,SAAO;AAAA,IACL,OAAO,SAAuB;AAC5B,UAAI,mBAAmB;AACrB,gBAAQ,MAAM,GAAG,WAAW,GAAG,OAAO,GAAG,UAAU,EAAE;AAAA,UAClD,SAAQ,MAAM,OAAO;AAAA,IAC5B;AAAA,IACA,QAAQ,SAAuB;AAC7B,UAAI,mBAAmB;AACrB,gBAAQ,MAAM,GAAG,UAAU,GAAG,OAAO,GAAG,UAAU,EAAE;AAAA,UACjD,SAAQ,MAAM,OAAO;AAAA,IAC5B;AAAA,EACF;AACF;;;ACzBA,SAAS,aAAa;;;ACKf,SAAS,kBAAqC;AACnD,QAAM,MAAyB,EAAE,GAAG,QAAQ,IAAI;AAChD,MAAI,IAAI,yBAAyB,KAAK,EAAG,QAAO;AAChD,UAAQ,QAAQ,UAAU;AAAA,IACxB,KAAK;AACH,UAAI,0BAA0B;AAC9B;AAAA,IACF,KAAK;AACH,UAAI,0BAA0B;AAC9B;AAAA,IACF,KAAK;AACH,UAAI,0BAA0B;AAC9B;AAAA,IACF;AACE;AAAA,EACJ;AACA,SAAO;AACT;;;ADXO,SAAS,qBAAqB,SAGlB;AACjB,QAAM,aAAa,QAAQ,OAAO;AAElC,WAAS,aAAqB;AAC5B,WAAO,4BAA4B,QAAQ,cAAc;AAAA,EAC3D;AAEA,SAAO;AAAA,IACL,MAAM,QAAQ,MAAwC;AACpD,YAAM,MAAM,WAAW;AACvB,YAAM,MAAM,WAAW;AACvB,YAAM,YAAY,QAAQ,MAAM,QAAQ,YAAY;AACpD,aAAO,MAAM,aAAa,CAAC,KAAK,UAAU,GAAG,IAAI,GAAG,KAAK,SAAS;AAAA,IACpE;AAAA,IACA,MAAM,WAAW,MAAiC;AAChD,YAAM,MAAM,WAAW;AACvB,YAAM,MAAM,WAAW;AACvB,aAAO,MAAM,gBAAgB,CAAC,KAAK,GAAG,IAAI,GAAG,GAAG;AAAA,IAClD;AAAA,EACF;AACF;AAEA,SAAS,aACP,MACA,KACA,WACwB;AACxB,QAAM,CAAC,gBAAgB,GAAG,IAAI,IAAI;AAClC,SAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AACtC,UAAM,QAAQ,MAAM,gBAAiB,MAAM;AAAA,MACzC;AAAA,MACA,OAAO,CAAC,WAAW,QAAQ,MAAM;AAAA,IACnC,CAAC;AACD,QAAI,SAAS;AACb,QAAI,SAAS;AACb,UAAM,QAAQ,YAAY,MAAM;AAChC,UAAM,QAAQ,YAAY,MAAM;AAChC,UAAM,QAAQ,GAAG,QAAQ,CAAC,MAAc;AACtC,gBAAU;AAAA,IACZ,CAAC;AACD,UAAM,QAAQ,GAAG,QAAQ,CAAC,MAAc;AACtC,gBAAU;AAAA,IACZ,CAAC;AACD,UAAM,GAAG,SAAS,MAAM;AACxB,UAAM,GAAG,SAAS,CAAC,SAAS;AAC1B,cAAQ;AAAA,QACN,MAAM,QAAQ;AAAA,QACd,QAAQ,OAAO,QAAQ;AAAA,QACvB,QAAQ,OAAO,QAAQ;AAAA,MACzB,CAAC;AAAA,IACH,CAAC;AAAA,EACH,CAAC;AACH;AAEA,SAAS,gBACP,MACA,KACiB;AACjB,QAAM,CAAC,gBAAgB,GAAG,IAAI,IAAI;AAClC,SAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AACtC,UAAM,QAAQ,MAAM,gBAAiB,MAAM,EAAE,KAAK,OAAO,UAAU,CAAC;AACpE,UAAM,GAAG,SAAS,MAAM;AACxB,UAAM,GAAG,SAAS,CAAC,SAAS,QAAQ,QAAQ,CAAC,CAAC;AAAA,EAChD,CAAC;AACH;;;AESA,SAAS,iBACP,IACA,UACc;AACd,QAAM,WAAW,GAAG,EAAE,IAAI,SAAS,oBAAoB;AACvD,SAAO,EAAE,WAAW,IAAI,cAAc,UAAU,cAAc,SAAS;AACzE;AAEA,SAAS,oBACP,SACc;AACd,MAAI,eAAe,SAAS;AAC1B,WAAO,iBAAiB,QAAQ,WAAW,QAAQ,QAAQ;AAAA,EAC7D;AACA,SAAO;AAAA,IACL,WAAW,QAAQ;AAAA,IACnB,cAAc,QAAQ;AAAA,IACtB,cAAc,QAAQ;AAAA,EACxB;AACF;AAEO,SAAS,iBACd,SACY;AACZ,QAAM,WAAW,QAAQ;AACzB,QAAM,sBACJ,QAAQ,uBAAuB,WAAW;AAC5C,QAAM,kBACJ,QAAQ,yBAAyB,mBAAmB,GAAG,KAAK;AAC9D,MAAI,CAAC,iBAAiB;AACpB,UAAM,IAAI;AAAA,MACR,qGAAqG,mBAAmB;AAAA,IAC1H;AAAA,EACF;AACA,QAAM,iBAAyB;AAE/B,MAAI,CAAC,QAAQ,QAAQ;AACnB,gCAA4B,QAAQ,cAAc;AAAA,EACpD;AAEA,QAAM,SACJ,QAAQ,UACR,qBAAqB,EAAE,gBAAgB,QAAQ,eAAe,CAAC;AAEjE,QAAM,eAAe,oBAAoB,OAAO;AAChD,MAAI,mBAAmB,aAAa;AAEpC,QAAM,SAAS,QAAQ,UAAU,oBAAoB;AACrD,QAAM,mBAAmB;AAAA,IACvB,QAAQ;AAAA,EACV;AAEA,WAAS,aAAa,KAAqC;AACzD,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,UAAU,QAAQ;AAAA,MAClB;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AAAA,IACL,MAAM,OAAO,mBAAsD;AACjE,YAAM,UAAU,mBAAmB,KAAK;AACxC,YAAM,MAAM,UACR,iBAAiB,SAAS,QAAQ,IAClC;AACJ,aAAO,MAAM;AAAA,QACX;AAAA,QACA,aAAa,GAAG;AAAA,MAClB;AAAA,IACF;AAAA,IAEA,MAAM,eAAyC;AAC7C,aAAO,MAAM,kBAAkB,MAAM;AAAA,IACvC;AAAA,IAEA,WAAW,WAAyB;AAClC,yBAAmB;AAAA,IACrB;AAAA,IAEA,IAAI,kBAA0B;AAC5B,aAAO;AAAA,IACT;AAAA,IAEA,MAAM,IACJ,YACAA,UAC0B;AAC1B,YAAM,MAAM,OAAO,eAAe,WAAW,iBAAiB,UAAU,IAAI;AAC5E,aAAO,MAAM;AAAA,QACX;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACAA,UAAS;AAAA,MACX;AAAA,IACF;AAAA,IAEA,MAAM,mBACJ,YACA,cACA,SACAA,UACe;AACf,YAAM,MACJ,OAAO,eAAe,WAAW,iBAAiB,UAAU,IAAI;AAClE,YAAM,sBAAsB,QAAQ;AAAA,QAClC,WAAW;AAAA,QACX,YAAY;AAAA,QACZ;AAAA,QACA;AAAA,QACA,WAAWA,UAAS;AAAA,MACtB,CAAC;AAAA,IACH;AAAA,IAEA,MAAM,qBACJ,YACA,eACe;AACf,YAAM,MACJ,OAAO,eAAe,WAAW,iBAAiB,UAAU,IAAI;AAClE,YAAM,4BAA4B,QAAQ;AAAA,QACxC,WAAW;AAAA,QACX,YAAY;AAAA,QACZ;AAAA,MACF,CAAC;AAAA,IACH;AAAA,IAEA,MAAM,qBAAqB,MAAwC;AACjE,YAAM,qBAAqB,QAAQ;AAAA,QACjC,WAAW;AAAA,QACX;AAAA,MACF,CAAC;AAAA,IACH;AAAA,IAEA,MAAM,cACJ,MACAA,UACe;AACf,YAAM,mBAAmB,QAAQ,MAAMA,QAAO;AAAA,IAChD;AAAA,IAEA,MAAM,eAAe,WAAiD;AACpE,YAAM,MAAM,aAAa,kBAAkB,KAAK;AAChD,aAAO,MAAM,oBAAoB,QAAQ,EAAE;AAAA,IAC7C;AAAA,EACF;AACF;;;ACtNA,SAAS,gBACP,SACA,kBACsB;AACtB,QAAM,WAAW,QAAQ,YAAY,CAAC;AACtC,QAAM,cAAc,QAAQ,eAAe,CAAC;AAC5C,QAAM,WAAW,IAAI,IAAI,YAAY,IAAI,CAAC,MAAM,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC;AAC1D,QAAM,WAAW,oBAAI,IAAY;AACjC,QAAM,MAA4B,CAAC;AACnC,aAAW,KAAK,UAAU;AACxB,QAAI,EAAE,OAAO,iBAAkB;AAC/B,eAAW,UAAU,EAAE,yBAAyB,CAAC,GAAG;AAClD,YAAM,IAAI,SAAS,IAAI,MAAM;AAC7B,UAAI,CAAC,KAAK,EAAE,eAAe,SAAU;AACrC,UAAI,SAAS,IAAI,EAAE,YAAY,EAAG;AAClC,eAAS,IAAI,EAAE,YAAY;AAC3B,UAAI,KAAK;AAAA,QACP,WAAW,EAAE;AAAA,QACb,cAAc,EAAE;AAAA,QAChB,cAAc,EAAE;AAAA,MAClB,CAAC;AAAA,IACH;AAAA,EACF;AACA,SAAO;AACT;AAEA,IAAM,iBAA8C;AAAA,EAClD,sBAAsB;AAAA,EACtB,6BAA6B;AAAA,EAC7B,yBAAyB;AAAA,EACzB,mBAAmB,YAA6B,KAA8B;AAC5E,QAAI,WAAW,eAAe,UAAU;AACtC,YAAM,IAAI;AAAA,QACR,uBAAuB,IAAI,SAAS,sDAAsD,IAAI,UAAU,oBAAoB,WAAW,UAAU;AAAA,MACnJ;AAAA,IACF;AACA,QAAI,CAAC,WAAW,SAAS;AACvB,YAAM,IAAI;AAAA,QACR,uBAAuB,IAAI,SAAS,2CAA2C,IAAI,UAAU,qCAAqC,IAAI,SAAS,IAAI,IAAI,UAAU;AAAA,MACnK;AAAA,IACF;AAAA,EACF;AACF;AAEO,IAAM,mBAAmB;AAAA,EAC9B,QAAQ;AACV;","names":["options"]}
1
+ {"version":3,"sources":["../src/capability.ts","../src/bootstrap.ts","../src/parse.ts","../src/profile-providers.ts","../src/executable.ts","../src/logger.ts","../src/runner.ts","../src/env.ts","../src/facade.ts","../src/provider.ts"],"sourcesContent":["/** Aligned with tokenVault `src/domain/capability.ts` — keep in sync when adding capabilities. */\nexport const CAPABILITY = {\n chat: \"chat\",\n reasoning: \"reasoning\",\n embeddings: \"embeddings\",\n image: \"image\",\n audio: \"audio\",\n vision: \"vision\",\n tools: \"tools\",\n} as const;\n\nexport type Capability = (typeof CAPABILITY)[keyof typeof CAPABILITY];\n\nconst CAP_VALUES: readonly string[] = Object.values(CAPABILITY);\n\nexport function isCapability(s: string): s is Capability {\n return CAP_VALUES.includes(s);\n}\n\nexport function assertCapability(s: string): Capability {\n if (!isCapability(s)) {\n throw new Error(\n `Unknown capability \"${s}\". Expected one of: ${CAP_VALUES.join(\", \")}`,\n );\n }\n return s;\n}\n","import * as readline from \"node:readline\";\nimport isInCi from \"is-in-ci\";\nimport type { Capability } from \"./capability.ts\";\nimport { parseResolveStdout, parseVaultListPayload } from \"./parse.ts\";\nimport type { TokenVaultBootstrapProvider } from \"./provider.ts\";\nimport type { VaultCliRunner } from \"./runner.ts\";\nimport type {\n ListPayload,\n Logger,\n ProfileLayoutMode,\n VaultListResult,\n VaultProfileRecord,\n VaultResolution,\n} from \"./types.ts\";\n\nexport type BootstrapIds = {\n profileId: string;\n connectionId: string;\n credentialId: string;\n};\n\nexport type BootstrapContext = {\n provider: TokenVaultBootstrapProvider;\n ids: BootstrapIds;\n bootstrapCapability: Capability;\n defaultModelId: string;\n appLabel: string;\n logger: Logger;\n allowInteractive: boolean;\n};\n\nfunction promptLine(question: string): Promise<string> {\n const rl = readline.createInterface({\n input: process.stdin,\n output: process.stderr,\n });\n return new Promise((resolve) => {\n rl.question(question, (answer) => {\n rl.close();\n resolve(answer.trim());\n });\n });\n}\n\nasync function addCredentialInteractive(\n ctx: BootstrapContext,\n runner: VaultCliRunner,\n): Promise<void> {\n const { provider, ids, logger } = ctx;\n const listR = await runner.runJson([\"list\"]);\n const payload =\n listR.code === 0 ? parseVaultListPayload(listR.stdout) : null;\n const picks = payload\n ? provider.listCredentialCopyPicks(payload, ids.profileId)\n : [];\n\n if (picks.length === 0) {\n logger.notice(\n `Adding API key to tokenVault for provider \"${provider.tokenvaultProviderId}\" (hidden input). Follow the tokenVault prompts if any appear.\\n`,\n );\n } else {\n console.error(\"\");\n logger.notice(\n `API key for tokenVault credential \"${ids.credentialId}\" (${provider.tokenvaultProviderId}):`,\n );\n logger.notice(\n \" 1) Enter a new API key (hidden input via tokenvault)\",\n );\n logger.notice(\n \" 2) Copy from another profile → connection → credential (reuse a stored key)\",\n );\n console.error(\"\");\n const raw = await promptLine(\"Choose 1 or 2 [1]: \");\n const mode = raw === \"\" ? \"1\" : raw;\n\n if (mode === \"2\") {\n console.error(\"\");\n for (let i = 0; i < picks.length; i++) {\n const x = picks[i]!;\n logger.notice(\n ` ${i + 1}) profile \"${x.profileId}\" → connection \"${x.connectionId}\" → credential \"${x.credentialId}\"`,\n );\n }\n console.error(\"\");\n const numRaw = await promptLine(\n `Enter 1–${picks.length} (or blank to enter a new key instead): `,\n );\n if (numRaw !== \"\") {\n const n = Number.parseInt(numRaw, 10);\n if (Number.isFinite(n) && n >= 1 && n <= picks.length) {\n const credId = picks[n - 1]!.credentialId;\n const copyR = await runner.runJson([\n \"credential\",\n \"copy\",\n credId,\n ids.credentialId,\n ]);\n if (copyR.code === 0) {\n console.error(\"\");\n return;\n }\n throw new Error(\n copyR.stderr ||\n copyR.stdout ||\n `tokenvault credential copy failed (exit ${copyR.code})`,\n );\n }\n }\n logger.notice(\"\\nUsing new API key entry.\\n\");\n }\n\n logger.notice(\"Follow the tokenVault prompts (hidden API key).\\n\");\n }\n\n const code = await runner.runInherit([\n \"credential\",\n \"add\",\n provider.tokenvaultProviderId,\n ids.credentialId,\n ]);\n if (code !== 0) {\n throw new Error(`tokenvault credential add failed (exit ${code})`);\n }\n}\n\nasync function profileExists(\n runner: VaultCliRunner,\n profileId: string,\n): Promise<boolean> {\n const r = await runner.runJson([\"list\"]);\n if (r.code !== 0) return false;\n let payload: ListPayload;\n try {\n payload = JSON.parse(r.stdout) as ListPayload;\n } catch {\n return false;\n }\n return Boolean(payload.profiles?.some((p) => p.id === profileId));\n}\n\nasync function credentialExists(\n runner: VaultCliRunner,\n credentialId: string,\n): Promise<boolean> {\n const r = await runner.runJson([\"credential\", \"inspect\", credentialId]);\n return r.code === 0;\n}\n\nasync function connectionExists(\n runner: VaultCliRunner,\n connectionId: string,\n): Promise<boolean> {\n const r = await runner.runJson([\"connection\", \"inspect\", connectionId]);\n return r.code === 0;\n}\n\nasync function tryResolve(\n runner: VaultCliRunner,\n provider: TokenVaultBootstrapProvider,\n profileId: string,\n capability: Capability,\n selectionName?: string,\n): Promise<VaultResolution | null> {\n const argv = [\n \"resolve\",\n profileId,\n \"--capability\",\n capability,\n \"--with-secret\",\n ];\n const trimmed = selectionName?.trim();\n if (trimmed) {\n argv.push(\"--selection\", trimmed);\n }\n const r = await runner.runJson(argv);\n if (r.code !== 0) return null;\n return parseResolveStdout(r.stdout, provider, {\n profileId,\n capability,\n ...(trimmed ? { selectionName: trimmed } : {}),\n });\n}\n\nasync function bootstrapVaultProfile(\n ctx: BootstrapContext,\n runner: VaultCliRunner,\n): Promise<void> {\n const { provider, ids, bootstrapCapability, defaultModelId, logger, appLabel } =\n ctx;\n\n if (!ctx.allowInteractive) {\n throw new Error(\n `tokenVault profile \"${ids.profileId}\" is not usable in this environment. Configure it interactively on a TTY, or run the tokenvault commands documented in TOKENVAULT.md for profile \"${ids.profileId}\".`,\n );\n }\n\n console.error(\"\");\n logger.notice(\n `${appLabel}: tokenVault profile \"${ids.profileId}\" is missing or incomplete. Setting up credential \"${ids.credentialId}\" and wiring the profile.`,\n );\n console.error(\"\");\n\n if (!(await profileExists(runner, ids.profileId))) {\n const r = await runner.runJson([\"profile\", \"create\", ids.profileId]);\n if (r.code !== 0) {\n throw new Error(\n r.stderr || r.stdout || `tokenvault profile create failed (exit ${r.code})`,\n );\n }\n }\n\n if (!(await credentialExists(runner, ids.credentialId))) {\n await addCredentialInteractive(ctx, runner);\n }\n\n if (!(await connectionExists(runner, ids.connectionId))) {\n const r = await runner.runJson([\n \"connection\",\n \"add\",\n provider.tokenvaultProviderId,\n ids.connectionId,\n \"--credential\",\n ids.credentialId,\n ]);\n if (r.code !== 0) {\n throw new Error(\n r.stderr ||\n r.stdout ||\n `tokenvault connection add failed (exit ${r.code})`,\n );\n }\n }\n\n {\n const r = await runner.runJson([\n \"profile\",\n \"attach\",\n ids.profileId,\n ids.connectionId,\n ]);\n if (r.code !== 0) {\n throw new Error(\n r.stderr ||\n r.stdout ||\n `tokenvault profile attach failed (exit ${r.code})`,\n );\n }\n }\n\n if (provider.refreshModelsAfterBootstrap) {\n logger.notice(\"Refreshing model cache in tokenVault…\\n\");\n const code = await runner.runInherit([\n \"connection\",\n \"refresh-models\",\n ids.connectionId,\n ]);\n if (code !== 0) {\n throw new Error(\n `tokenvault connection refresh-models failed (exit ${code})`,\n );\n }\n }\n\n {\n const r = await runner.runJson([\n \"profile\",\n \"select\",\n ids.profileId,\n bootstrapCapability,\n ids.connectionId,\n defaultModelId,\n ]);\n if (r.code !== 0) {\n throw new Error(\n r.stderr ||\n r.stdout ||\n `tokenvault profile select failed (exit ${r.code}). Try: tokenvault connection refresh-models ${ids.connectionId}`,\n );\n }\n }\n\n console.error(\"\");\n logger.success(\n `${appLabel}: tokenVault profile \"${ids.profileId}\" is ready.\\n`,\n );\n}\n\nexport function interactiveSetupAllowed(\n allowInteractiveBootstrap?: boolean,\n): boolean {\n if (allowInteractiveBootstrap === false) return false;\n if (allowInteractiveBootstrap === true) return true;\n return Boolean(process.stdin.isTTY) && !isInCi;\n}\n\nexport async function ensureBootstrapCapability(\n runner: VaultCliRunner,\n ctx: BootstrapContext,\n): Promise<VaultResolution> {\n const { provider, ids, bootstrapCapability } = ctx;\n\n let cfg = await tryResolve(\n runner,\n provider,\n ids.profileId,\n bootstrapCapability,\n undefined,\n );\n if (\n !cfg &&\n (await connectionExists(runner, ids.connectionId)) &&\n provider.refreshModelsAfterBootstrap\n ) {\n const code = await runner.runInherit([\n \"connection\",\n \"refresh-models\",\n ids.connectionId,\n ]);\n if (code === 0) {\n cfg = await tryResolve(\n runner,\n provider,\n ids.profileId,\n bootstrapCapability,\n undefined,\n );\n }\n }\n\n if (!cfg) {\n await bootstrapVaultProfile(ctx, runner);\n cfg = await tryResolve(\n runner,\n provider,\n ids.profileId,\n bootstrapCapability,\n undefined,\n );\n }\n\n if (!cfg) {\n throw new Error(\n `Could not resolve tokenVault profile \"${ids.profileId}\" for capability \"${bootstrapCapability}\" after setup. See: tokenvault resolve ${ids.profileId} --capability ${bootstrapCapability} --json`,\n );\n }\n\n return cfg;\n}\n\nexport async function resolveWithSecret(\n runner: VaultCliRunner,\n provider: TokenVaultBootstrapProvider,\n profileId: string,\n capability: Capability,\n selectionName?: string,\n): Promise<VaultResolution> {\n const argv = [\n \"resolve\",\n profileId,\n \"--capability\",\n capability,\n \"--with-secret\",\n ];\n const trimmed = selectionName?.trim();\n if (trimmed) {\n argv.push(\"--selection\", trimmed);\n }\n const r = await runner.runJson(argv);\n if (r.code !== 0) {\n throw new Error(\n r.stderr ||\n r.stdout ||\n `tokenvault resolve failed (exit ${r.code}) for profile \"${profileId}\" capability \"${capability}\"`,\n );\n }\n return parseResolveStdout(r.stdout, provider, {\n profileId,\n capability,\n ...(trimmed ? { selectionName: trimmed } : {}),\n });\n}\n\nexport async function listVaultSnapshot(\n runner: VaultCliRunner,\n): Promise<VaultListResult> {\n const r = await runner.runJson([\"list\"]);\n if (r.code !== 0) {\n throw new Error(\n r.stderr || r.stdout || `tokenvault list failed (exit ${r.code})`,\n );\n }\n const payload = parseVaultListPayload(r.stdout);\n if (!payload) {\n throw new Error(\"Could not parse JSON from `tokenvault list`.\");\n }\n return {\n providers: payload.providers,\n credentials: payload.credentials ?? [],\n connections: payload.connections ?? [],\n profiles: payload.profiles ?? [],\n };\n}\n\nexport async function selectCapabilityModel(\n runner: VaultCliRunner,\n params: {\n profileId: string;\n capability: Capability;\n connectionId: string;\n modelId: string;\n /** Named selection id (`multi` layout only). */\n selection?: string;\n },\n): Promise<void> {\n const argv = [\n \"profile\",\n \"select\",\n params.profileId,\n params.capability,\n params.connectionId,\n params.modelId,\n ];\n const trimmed = params.selection?.trim();\n if (trimmed) {\n argv.push(\"--selection\", trimmed);\n }\n const r = await runner.runJson(argv);\n if (r.code !== 0) {\n throw new Error(\n r.stderr ||\n r.stdout ||\n `tokenvault profile select failed (exit ${r.code})`,\n );\n }\n}\n\nexport async function createVaultProfile(\n runner: VaultCliRunner,\n profileId: string,\n options?: { mode?: ProfileLayoutMode },\n): Promise<void> {\n const argv = [\"profile\", \"create\", profileId];\n if (options?.mode === \"multi\") {\n argv.push(\"--mode\", \"multi\");\n }\n const r = await runner.runJson(argv);\n if (r.code !== 0) {\n throw new Error(\n r.stderr ||\n r.stdout ||\n `tokenvault profile create failed (exit ${r.code})`,\n );\n }\n}\n\nexport async function setProfileLayoutMode(\n runner: VaultCliRunner,\n params: { profileId: string; mode: ProfileLayoutMode },\n): Promise<void> {\n const r = await runner.runJson([\n \"profile\",\n \"mode\",\n \"set\",\n params.profileId,\n params.mode,\n ]);\n if (r.code !== 0) {\n throw new Error(\n r.stderr ||\n r.stdout ||\n `tokenvault profile mode set failed (exit ${r.code})`,\n );\n }\n}\n\nexport async function removeProfileNamedSelection(\n runner: VaultCliRunner,\n params: {\n profileId: string;\n capability: Capability;\n selectionName: string;\n },\n): Promise<void> {\n const name = params.selectionName.trim();\n const r = await runner.runJson([\n \"profile\",\n \"selection\",\n \"remove\",\n params.profileId,\n params.capability,\n name,\n ]);\n if (r.code !== 0) {\n throw new Error(\n r.stderr ||\n r.stdout ||\n `tokenvault profile selection remove failed (exit ${r.code})`,\n );\n }\n}\n\nexport async function inspectVaultProfile(\n runner: VaultCliRunner,\n profileId: string,\n): Promise<VaultProfileRecord> {\n const r = await runner.runJson([\"profile\", \"inspect\", profileId]);\n if (r.code !== 0) {\n throw new Error(\n r.stderr ||\n r.stdout ||\n `tokenvault profile inspect failed (exit ${r.code})`,\n );\n }\n let payload: unknown;\n try {\n payload = JSON.parse(r.stdout);\n } catch {\n throw new Error(\"Could not parse JSON from `tokenvault profile inspect`.\");\n }\n const profile = (payload as { profile?: VaultProfileRecord }).profile;\n if (!profile || typeof profile.id !== \"string\" || typeof profile.mode !== \"string\") {\n throw new Error(\n \"`tokenvault profile inspect` JSON did not include a valid profile object.\",\n );\n }\n return profile;\n}\n","import type { TokenVaultBootstrapProvider } from \"./provider.ts\";\nimport type { ListPayload, VaultResolution, ValidationContext } from \"./types.ts\";\n\nexport function parseVaultListPayload(stdout: string): ListPayload | null {\n try {\n return JSON.parse(stdout) as ListPayload;\n } catch {\n return null;\n }\n}\n\nexport function parseResolveStdout(\n stdout: string,\n provider: TokenVaultBootstrapProvider,\n ctx: ValidationContext,\n): VaultResolution {\n let data: unknown;\n try {\n data = JSON.parse(stdout);\n } catch {\n throw new Error(\n \"Could not parse JSON from `tokenvault resolve` (unexpected output).\",\n );\n }\n const resolution = (data as { resolution?: Record<string, unknown> })\n .resolution;\n if (!resolution || typeof resolution !== \"object\") {\n throw new Error(\n \"`tokenvault resolve` JSON did not include a resolution object.\",\n );\n }\n const apiKey =\n typeof resolution.apiKey === \"string\" ? resolution.apiKey.trim() : \"\";\n const modelId =\n typeof resolution.modelId === \"string\" ? resolution.modelId.trim() : \"\";\n const providerId =\n typeof resolution.providerId === \"string\"\n ? resolution.providerId.trim()\n : \"\";\n const apiBaseUrl =\n typeof resolution.apiBaseUrl === \"string\" && resolution.apiBaseUrl.trim()\n ? resolution.apiBaseUrl.trim()\n : undefined;\n const connectionId =\n typeof resolution.connectionId === \"string\"\n ? resolution.connectionId.trim()\n : undefined;\n const credentialId =\n typeof resolution.credentialId === \"string\"\n ? resolution.credentialId.trim()\n : undefined;\n\n const modeRaw =\n (typeof resolution.profileMode === \"string\"\n ? resolution.profileMode.trim()\n : \"\") ||\n (typeof (resolution as { mode?: unknown }).mode === \"string\"\n ? String((resolution as { mode?: string }).mode).trim()\n : \"\");\n const profileMode =\n modeRaw === \"single\" || modeRaw === \"multi\" ? modeRaw : undefined;\n\n const selRaw =\n (typeof resolution.selection === \"string\"\n ? resolution.selection.trim()\n : \"\") ||\n (typeof resolution.selectionName === \"string\"\n ? resolution.selectionName.trim()\n : \"\");\n const selectionName = selRaw || undefined;\n\n if (!apiKey) {\n throw new Error(\n \"`tokenvault resolve` did not return an apiKey. Use a tokenVault build that supports `tokenvault resolve --with-secret` (see TOKENVAULT.md in the tokenVault repository).\",\n );\n }\n\n const out: VaultResolution = {\n apiKey,\n modelId,\n providerId,\n baseURL: apiBaseUrl,\n connectionId,\n credentialId,\n ...(profileMode !== undefined ? { profileMode } : {}),\n ...(selectionName !== undefined ? { selectionName } : {}),\n };\n provider.validateResolution(out, {\n ...ctx,\n ...(profileMode !== undefined ? { profileMode } : {}),\n ...(selectionName !== undefined ? { selectionName } : {}),\n });\n return out;\n}\n","import type { VaultCliRunner } from \"./runner.ts\";\nimport type {\n VaultCachedModel,\n VaultListResult,\n VaultRegisteredProvider,\n} from \"./types.ts\";\n\nfunction parseProviderRegistryRow(row: unknown): VaultRegisteredProvider | null {\n if (!row || typeof row !== \"object\") return null;\n const o = row as Record<string, unknown>;\n const id = typeof o.id === \"string\" ? o.id.trim() : \"\";\n if (!id) return null;\n const displayName =\n typeof o.displayName === \"string\" && o.displayName.trim()\n ? o.displayName.trim()\n : id;\n const description =\n typeof o.description === \"string\" && o.description.trim()\n ? o.description.trim()\n : undefined;\n const apiBaseUrl =\n typeof o.apiBaseUrl === \"string\" && o.apiBaseUrl.trim()\n ? o.apiBaseUrl.trim()\n : undefined;\n const docsUrl =\n typeof o.docsUrl === \"string\" && o.docsUrl.trim()\n ? o.docsUrl.trim()\n : undefined;\n return { id, displayName, description, apiBaseUrl, docsUrl };\n}\n\n/**\n * Providers from the tokenvault registry that do not appear on any connection\n * currently attached to `profileId`.\n */\nexport function listMissingRegisteredProvidersForProfile(\n snapshot: VaultListResult,\n profileId: string,\n): VaultRegisteredProvider[] {\n const reg: VaultRegisteredProvider[] = [];\n for (const row of snapshot.providers ?? []) {\n const p = parseProviderRegistryRow(row);\n if (p) reg.push(p);\n }\n reg.sort((a, b) => a.id.localeCompare(b.id));\n\n const profile = snapshot.profiles.find((p) => p.id === profileId);\n const byConn = new Map(snapshot.connections.map((c) => [c.id, c]));\n const attachedProviderIds = new Set<string>();\n for (const cid of profile?.attachedConnectionIds ?? []) {\n const c = byConn.get(cid);\n if (c?.providerId) attachedProviderIds.add(c.providerId);\n }\n\n return reg.filter((p) => !attachedProviderIds.has(p.id));\n}\n\nexport function defaultProfileProviderArtifactIds(\n profileId: string,\n providerId: string,\n): { credentialId: string; connectionId: string } {\n const suffix = `${profileId}-${providerId}`;\n return { credentialId: suffix, connectionId: suffix };\n}\n\nfunction throwCli(message: string, r: { stderr: string; stdout: string; code: number }): never {\n const detail = r.stderr || r.stdout || `exit ${r.code}`;\n throw new Error(`${message}: ${detail}`);\n}\n\n/**\n * Ensures credential, connection, profile attach, and model cache refresh for an extra provider.\n * Does not change capability selections (`profile select`); callers can do that separately.\n */\nexport async function wireRegisteredProviderToProfile(\n runner: VaultCliRunner,\n params: {\n profileId: string;\n providerId: string;\n apiKey: string;\n credentialId: string;\n connectionId: string;\n },\n): Promise<{ refreshedModelCount: number }> {\n const { profileId, providerId, apiKey, credentialId, connectionId } = params;\n\n {\n const r = await runner.runJson([\"profile\", \"create\", profileId]);\n if (r.code !== 0) {\n const insp = await runner.runJson([\"profile\", \"inspect\", profileId]);\n if (insp.code !== 0) {\n throwCli(`tokenvault profile create / inspect failed for \"${profileId}\"`, r);\n }\n }\n }\n\n {\n const r = await runner.runJson([\"credential\", \"inspect\", credentialId]);\n if (r.code !== 0) {\n const add = await runner.runJsonWithStdin(\n [\"credential\", \"add\", providerId, credentialId, \"--stdin\"],\n apiKey,\n { nonInteractive: true },\n );\n if (add.code !== 0) {\n throwCli(\n `tokenvault credential add failed for \"${credentialId}\" (provider ${providerId})`,\n add,\n );\n }\n }\n }\n\n {\n const r = await runner.runJson([\"connection\", \"inspect\", connectionId]);\n if (r.code !== 0) {\n const add = await runner.runJson([\n \"connection\",\n \"add\",\n providerId,\n connectionId,\n \"--credential\",\n credentialId,\n ]);\n if (add.code !== 0) {\n throwCli(`tokenvault connection add failed for \"${connectionId}\"`, add);\n }\n }\n }\n\n {\n const r = await runner.runJson([\"profile\", \"attach\", profileId, connectionId]);\n if (r.code !== 0) {\n throwCli(`tokenvault profile attach failed (${profileId} ← ${connectionId})`, r);\n }\n }\n\n let refreshedModelCount = 0;\n {\n const r = await runner.runJson([\"connection\", \"refresh-models\", connectionId]);\n if (r.code === 0) {\n try {\n const j = JSON.parse(r.stdout) as { count?: number };\n if (typeof j.count === \"number\") refreshedModelCount = j.count;\n } catch {\n refreshedModelCount = 0;\n }\n }\n }\n\n if (refreshedModelCount === 0) {\n const models = await fetchConnectionCachedModels(runner, connectionId);\n refreshedModelCount = models.length;\n }\n\n return { refreshedModelCount };\n}\n\n/**\n * Parses `tokenvault connection models <id> --json` output.\n */\nexport async function fetchConnectionCachedModels(\n runner: VaultCliRunner,\n connectionId: string,\n): Promise<VaultCachedModel[]> {\n const r = await runner.runJson([\"connection\", \"models\", connectionId]);\n if (r.code !== 0) {\n throwCli(`tokenvault connection models failed for \"${connectionId}\"`, r);\n }\n let data: unknown;\n try {\n data = JSON.parse(r.stdout);\n } catch {\n return [];\n }\n const modelsRaw = (data as { models?: unknown }).models;\n if (!Array.isArray(modelsRaw)) return [];\n\n const out: VaultCachedModel[] = [];\n for (const row of modelsRaw) {\n if (!row || typeof row !== \"object\") continue;\n const o = row as Record<string, unknown>;\n const id = typeof o.id === \"string\" ? o.id.trim() : \"\";\n if (!id) continue;\n const displayName =\n typeof o.displayName === \"string\" && o.displayName.trim()\n ? o.displayName.trim()\n : undefined;\n const caps = o.capabilities;\n const capabilities = Array.isArray(caps)\n ? caps.filter((x): x is string => typeof x === \"string\")\n : [];\n out.push({ id, displayName, capabilities });\n }\n return out.sort((a, b) => a.id.localeCompare(b.id));\n}\n","import fs from \"node:fs\";\nimport path from \"node:path\";\n\n/**\n * Resolve `tokenvault` on PATH (Windows respects PATHEXT).\n * @throws if not found and no explicit path\n */\nexport function resolveTokenvaultExecutable(explicit?: string): string {\n const trimmed = explicit?.trim();\n if (trimmed) return trimmed;\n const fromEnv = process.env.TOKENVAULT_BIN?.trim();\n if (fromEnv) return fromEnv;\n const found = whichOnPath(\"tokenvault\");\n if (!found) {\n throw new Error(\n \"tokenVault is not available: `tokenvault` was not found on PATH. Install tokenVault and link the CLI, or set TOKENVAULT_BIN to the tokenvault executable.\",\n );\n }\n return found;\n}\n\nfunction whichOnPath(cmd: string): string | null {\n const isWin = process.platform === \"win32\";\n const paths = process.env.PATH?.split(path.delimiter) ?? [];\n const exts = isWin\n ? process.env.PATHEXT?.split(path.delimiter) ?? [\".EXE\", \".CMD\", \".BAT\", \"\"]\n : [\"\"];\n\n for (const dir of paths) {\n for (const ext of exts) {\n const candidate = path.join(dir, cmd + ext);\n try {\n const st = fs.statSync(candidate);\n if (!st.isFile()) continue;\n if (!isWin) {\n try {\n fs.accessSync(candidate, fs.constants.X_OK);\n } catch {\n continue;\n }\n }\n return candidate;\n } catch {\n /* try next */\n }\n }\n }\n return null;\n}\n","import type { Logger } from \"./types.ts\";\n\nfunction stderrColorEnabled(): boolean {\n if (process.env.NO_COLOR) return false;\n if (process.env.TERM === \"dumb\") return false;\n return Boolean(process.stderr.isTTY);\n}\n\nconst ANSI_YELLOW = \"\\x1b[33m\";\nconst ANSI_GREEN = \"\\x1b[32m\";\nconst ANSI_RESET = \"\\x1b[0m\";\n\nexport function createDefaultLogger(): Logger {\n return {\n notice(message: string): void {\n if (stderrColorEnabled())\n console.error(`${ANSI_YELLOW}${message}${ANSI_RESET}`);\n else console.error(message);\n },\n success(message: string): void {\n if (stderrColorEnabled())\n console.error(`${ANSI_GREEN}${message}${ANSI_RESET}`);\n else console.error(message);\n },\n };\n}\n","import { spawn } from \"node:child_process\";\nimport { vaultProcessEnv } from \"./env.ts\";\nimport { resolveTokenvaultExecutable } from \"./executable.ts\";\n\nexport type RunJsonResult = { code: number; stdout: string; stderr: string };\n\nexport type RunJsonWithStdinOptions = {\n /**\n * When true (default), passes `--non-interactive` so stdin is only used for `--stdin` secrets.\n * Set false if the subprocess must prompt (e.g. vault unlock on TTY).\n */\n nonInteractive?: boolean;\n};\n\nexport type VaultCliRunner = {\n runJson: (args: string[]) => Promise<RunJsonResult>;\n /**\n * Runs `tokenvault --json ...args` with the given string written to child stdin (then closed).\n * Used for `credential add ... --stdin` and similar.\n */\n runJsonWithStdin: (\n args: string[],\n stdin: string,\n options?: RunJsonWithStdinOptions,\n ) => Promise<RunJsonResult>;\n runInherit: (args: string[]) => Promise<number>;\n};\n\nexport function createVaultCliRunner(options: {\n executablePath?: string;\n env?: () => NodeJS.ProcessEnv;\n}): VaultCliRunner {\n const envFactory = options.env ?? vaultProcessEnv;\n\n function executable(): string {\n return resolveTokenvaultExecutable(options.executablePath);\n }\n\n return {\n async runJson(args: string[]): Promise<RunJsonResult> {\n const exe = executable();\n const env = envFactory();\n const stdinMode = process.stdin.isTTY ? \"inherit\" : \"ignore\";\n return await spawnCapture([exe, \"--json\", ...args], env, stdinMode);\n },\n async runJsonWithStdin(\n args: string[],\n stdin: string,\n options?: RunJsonWithStdinOptions,\n ): Promise<RunJsonResult> {\n const exe = executable();\n const env = envFactory();\n const globals = [\"--json\"];\n if (options?.nonInteractive !== false) {\n globals.push(\"--non-interactive\");\n }\n return await spawnCaptureWithStdin([exe, ...globals, ...args], env, stdin);\n },\n async runInherit(args: string[]): Promise<number> {\n const exe = executable();\n const env = envFactory();\n return await spawnInheritAll([exe, ...args], env);\n },\n };\n}\n\nfunction spawnCapture(\n argv: string[],\n env: NodeJS.ProcessEnv,\n stdinMode: \"inherit\" | \"ignore\",\n): Promise<RunJsonResult> {\n const [executablePath, ...args] = argv;\n return new Promise((resolve, reject) => {\n const child = spawn(executablePath!, args, {\n env,\n stdio: [stdinMode, \"pipe\", \"pipe\"],\n });\n let stdout = \"\";\n let stderr = \"\";\n child.stdout?.setEncoding(\"utf8\");\n child.stderr?.setEncoding(\"utf8\");\n child.stdout?.on(\"data\", (c: string) => {\n stdout += c;\n });\n child.stderr?.on(\"data\", (c: string) => {\n stderr += c;\n });\n child.on(\"error\", reject);\n child.on(\"close\", (code) => {\n resolve({\n code: code ?? 1,\n stdout: stdout.trimEnd(),\n stderr: stderr.trimEnd(),\n });\n });\n });\n}\n\nfunction spawnCaptureWithStdin(\n argv: string[],\n env: NodeJS.ProcessEnv,\n stdinBody: string,\n): Promise<RunJsonResult> {\n const [executablePath, ...args] = argv;\n return new Promise((resolve, reject) => {\n const child = spawn(executablePath!, args, {\n env,\n stdio: [\"pipe\", \"pipe\", \"pipe\"],\n });\n let stdout = \"\";\n let stderr = \"\";\n child.stdout?.setEncoding(\"utf8\");\n child.stderr?.setEncoding(\"utf8\");\n child.stdout?.on(\"data\", (c: string) => {\n stdout += c;\n });\n child.stderr?.on(\"data\", (c: string) => {\n stderr += c;\n });\n child.on(\"error\", reject);\n child.on(\"close\", (code) => {\n resolve({\n code: code ?? 1,\n stdout: stdout.trimEnd(),\n stderr: stderr.trimEnd(),\n });\n });\n child.stdin?.write(stdinBody, \"utf8\", () => {\n child.stdin?.end();\n });\n });\n}\n\nfunction spawnInheritAll(\n argv: string[],\n env: NodeJS.ProcessEnv,\n): Promise<number> {\n const [executablePath, ...args] = argv;\n return new Promise((resolve, reject) => {\n const child = spawn(executablePath!, args, { env, stdio: \"inherit\" });\n child.on(\"error\", reject);\n child.on(\"close\", (code) => resolve(code ?? 1));\n });\n}\n","/**\n * Prefer the OS secure store (Keychain / Secret Service / DPAPI) so tokenVault does not create a\n * passphrase-backed vault. Ignored if the user already has `vault/passphrase-envelope.json` or\n * sets TOKENVAULT_SECURE_STORE themselves.\n */\nexport function vaultProcessEnv(): NodeJS.ProcessEnv {\n const env: NodeJS.ProcessEnv = { ...process.env };\n if (env.TOKENVAULT_SECURE_STORE?.trim()) return env;\n switch (process.platform) {\n case \"darwin\":\n env.TOKENVAULT_SECURE_STORE = \"macos-keychain\";\n break;\n case \"win32\":\n env.TOKENVAULT_SECURE_STORE = \"windows\";\n break;\n case \"linux\":\n env.TOKENVAULT_SECURE_STORE = \"linux-secret-service\";\n break;\n default:\n break;\n }\n return env;\n}\n","import {\n assertCapability,\n CAPABILITY,\n type Capability,\n} from \"./capability.ts\";\nimport {\n createVaultProfile,\n ensureBootstrapCapability,\n inspectVaultProfile,\n interactiveSetupAllowed,\n listVaultSnapshot,\n removeProfileNamedSelection,\n resolveWithSecret,\n selectCapabilityModel,\n setProfileLayoutMode,\n type BootstrapContext,\n type BootstrapIds,\n} from \"./bootstrap.ts\";\nimport {\n defaultProfileProviderArtifactIds,\n fetchConnectionCachedModels,\n listMissingRegisteredProvidersForProfile,\n wireRegisteredProviderToProfile,\n} from \"./profile-providers.ts\";\nimport { resolveTokenvaultExecutable } from \"./executable.ts\";\nimport { createDefaultLogger } from \"./logger.ts\";\nimport type { TokenVaultBootstrapProvider } from \"./provider.ts\";\nimport {\n createVaultCliRunner,\n type VaultCliRunner,\n} from \"./runner.ts\";\nimport type {\n Logger,\n ProfileLayoutMode,\n VaultCachedModel,\n VaultListResult,\n VaultProfileRecord,\n VaultRegisteredProvider,\n VaultResolution,\n} from \"./types.ts\";\n\nexport type CreateTokenVaultOptions = {\n provider: TokenVaultBootstrapProvider;\n appLabel: string;\n /** Default model per capability; must include entry for `bootstrapCapability` */\n defaultModelByCapability: Partial<Record<Capability, string>>;\n /** Capability wired by `ensure()` (default: chat) */\n bootstrapCapability?: Capability;\n executablePath?: string;\n allowInteractiveBootstrap?: boolean;\n logger?: Logger;\n /** @internal Inject for tests */\n runner?: VaultCliRunner;\n} & (\n | { namespace: string }\n | {\n profileId: string;\n connectionId: string;\n credentialId: string;\n }\n);\n\nexport type TokenVault = {\n /** Bootstrap `bootstrapCapability` for the given profile triple; optional one-off namespace convention. */\n ensure: (namespaceOverride?: string) => Promise<VaultResolution>;\n listProfiles: () => Promise<VaultListResult>;\n /** Profile used by `key()`, `setCapabilityModel`, and related helpers (default: bootstrap profile). */\n useProfile: (profileId: string) => void;\n get activeProfileId(): string;\n key: (\n capability: Capability | string,\n options?: { selection?: string },\n ) => Promise<VaultResolution>;\n setCapabilityModel: (\n capability: Capability | string,\n connectionId: string,\n modelId: string,\n options?: { selection?: string },\n ) => Promise<void>;\n /** Remove a named selection on the active profile (`multi` layout only). */\n removeNamedSelection: (\n capability: Capability | string,\n selectionName: string,\n ) => Promise<void>;\n /** Switch active profile between default-slot-per-capability and named selections per capability. */\n setProfileLayoutMode: (mode: ProfileLayoutMode) => Promise<void>;\n /** Create a profile id (optional `multi` layout). */\n createProfile: (\n name: string,\n options?: { mode?: ProfileLayoutMode },\n ) => Promise<void>;\n /** Full profile record from `tokenvault profile inspect` (includes explicit `mode`). */\n inspectProfile: (profileId?: string) => Promise<VaultProfileRecord>;\n /**\n * Registry providers that have no connection attached to the active profile\n * (from `tokenvault list` vs profile attachments).\n */\n listMissingRegisteredProviders: () => Promise<VaultRegisteredProvider[]>;\n /**\n * Add API key + connection for a registry provider and attach it to the active profile.\n * Uses credential/connection ids `{profileId}-{providerId}` (same convention as namespace bootstrap).\n */\n addRegisteredProviderToProfile: (params: {\n providerId: string;\n apiKey: string;\n }) => Promise<{\n credentialId: string;\n connectionId: string;\n refreshedModelCount: number;\n }>;\n /** Cached models from `tokenvault connection models <id> --json`. */\n listCachedModelsForConnection: (connectionId: string) => Promise<VaultCachedModel[]>;\n /** Runs `connection refresh-models` then returns the updated cache listing. */\n refreshCachedModelsForConnection: (connectionId: string) => Promise<VaultCachedModel[]>;\n};\n\nfunction idsFromNamespace(\n ns: string,\n provider: TokenVaultBootstrapProvider,\n): BootstrapIds {\n const artifact = `${ns}-${provider.tokenvaultProviderId}`;\n return { profileId: ns, connectionId: artifact, credentialId: artifact };\n}\n\nfunction resolveBootstrapIds(\n options: CreateTokenVaultOptions,\n): BootstrapIds {\n if (\"namespace\" in options) {\n return idsFromNamespace(options.namespace, options.provider);\n }\n return {\n profileId: options.profileId,\n connectionId: options.connectionId,\n credentialId: options.credentialId,\n };\n}\n\nexport function createTokenVault(\n options: CreateTokenVaultOptions,\n): TokenVault {\n const provider = options.provider;\n const bootstrapCapability =\n options.bootstrapCapability ?? CAPABILITY.chat;\n const defaultModelRaw =\n options.defaultModelByCapability[bootstrapCapability]?.trim();\n if (!defaultModelRaw) {\n throw new Error(\n `createTokenVault: defaultModelByCapability must include a default model for bootstrap capability \"${bootstrapCapability}\"`,\n );\n }\n const defaultModelId: string = defaultModelRaw;\n\n if (!options.runner) {\n resolveTokenvaultExecutable(options.executablePath);\n }\n\n const runner =\n options.runner ??\n createVaultCliRunner({ executablePath: options.executablePath });\n\n const bootstrapIds = resolveBootstrapIds(options);\n let resolveProfileId = bootstrapIds.profileId;\n\n const logger = options.logger ?? createDefaultLogger();\n const allowInteractive = interactiveSetupAllowed(\n options.allowInteractiveBootstrap,\n );\n\n function buildContext(ids: BootstrapIds): BootstrapContext {\n return {\n provider,\n ids,\n bootstrapCapability,\n defaultModelId,\n appLabel: options.appLabel,\n logger,\n allowInteractive,\n };\n }\n\n return {\n async ensure(namespaceOverride?: string): Promise<VaultResolution> {\n const trimmed = namespaceOverride?.trim();\n const ids = trimmed\n ? idsFromNamespace(trimmed, provider)\n : bootstrapIds;\n return await ensureBootstrapCapability(\n runner,\n buildContext(ids),\n );\n },\n\n async listProfiles(): Promise<VaultListResult> {\n return await listVaultSnapshot(runner);\n },\n\n useProfile(profileId: string): void {\n resolveProfileId = profileId;\n },\n\n get activeProfileId(): string {\n return resolveProfileId;\n },\n\n async key(\n capability: Capability | string,\n options?: { selection?: string },\n ): Promise<VaultResolution> {\n const cap = typeof capability === \"string\" ? assertCapability(capability) : capability;\n return await resolveWithSecret(\n runner,\n provider,\n resolveProfileId,\n cap,\n options?.selection,\n );\n },\n\n async setCapabilityModel(\n capability: Capability | string,\n connectionId: string,\n modelId: string,\n options?: { selection?: string },\n ): Promise<void> {\n const cap =\n typeof capability === \"string\" ? assertCapability(capability) : capability;\n await selectCapabilityModel(runner, {\n profileId: resolveProfileId,\n capability: cap,\n connectionId,\n modelId,\n selection: options?.selection,\n });\n },\n\n async removeNamedSelection(\n capability: Capability | string,\n selectionName: string,\n ): Promise<void> {\n const cap =\n typeof capability === \"string\" ? assertCapability(capability) : capability;\n await removeProfileNamedSelection(runner, {\n profileId: resolveProfileId,\n capability: cap,\n selectionName,\n });\n },\n\n async setProfileLayoutMode(mode: ProfileLayoutMode): Promise<void> {\n await setProfileLayoutMode(runner, {\n profileId: resolveProfileId,\n mode,\n });\n },\n\n async createProfile(\n name: string,\n options?: { mode?: ProfileLayoutMode },\n ): Promise<void> {\n await createVaultProfile(runner, name, options);\n },\n\n async inspectProfile(profileId?: string): Promise<VaultProfileRecord> {\n const id = (profileId ?? resolveProfileId).trim();\n return await inspectVaultProfile(runner, id);\n },\n\n async listMissingRegisteredProviders(): Promise<VaultRegisteredProvider[]> {\n const snap = await listVaultSnapshot(runner);\n return listMissingRegisteredProvidersForProfile(snap, resolveProfileId);\n },\n\n async addRegisteredProviderToProfile(params: {\n providerId: string;\n apiKey: string;\n }): Promise<{\n credentialId: string;\n connectionId: string;\n refreshedModelCount: number;\n }> {\n const { credentialId, connectionId } = defaultProfileProviderArtifactIds(\n resolveProfileId,\n params.providerId.trim(),\n );\n const { refreshedModelCount } = await wireRegisteredProviderToProfile(runner, {\n profileId: resolveProfileId,\n providerId: params.providerId.trim(),\n apiKey: params.apiKey,\n credentialId,\n connectionId,\n });\n return { credentialId, connectionId, refreshedModelCount };\n },\n\n async listCachedModelsForConnection(connectionId: string): Promise<VaultCachedModel[]> {\n return await fetchConnectionCachedModels(runner, connectionId.trim());\n },\n\n async refreshCachedModelsForConnection(connectionId: string): Promise<VaultCachedModel[]> {\n const cid = connectionId.trim();\n const r = await runner.runJson([\"connection\", \"refresh-models\", cid]);\n if (r.code !== 0) {\n const detail = r.stderr || r.stdout || `exit ${r.code}`;\n throw new Error(`tokenvault connection refresh-models failed: ${detail}`);\n }\n return await fetchConnectionCachedModels(runner, cid);\n },\n };\n}\n","import type {\n CredentialCopyPick,\n ListPayload,\n VaultResolution,\n ValidationContext,\n} from \"./types.ts\";\n\nexport type TokenVaultBootstrapProvider = {\n /** tokenVault adapter id (e.g. `openai`) */\n readonly tokenvaultProviderId: string;\n /** After parse, enforce provider / model rules */\n validateResolution(\n resolution: VaultResolution,\n ctx: ValidationContext,\n ): void;\n /** Connections on other profiles eligible for credential copy during bootstrap */\n listCredentialCopyPicks(\n payload: ListPayload,\n excludeProfileId: string,\n ): CredentialCopyPick[];\n /** Run `connection refresh-models` after wiring (model-capable providers) */\n readonly refreshModelsAfterBootstrap: boolean;\n};\n\nfunction openAiCopyPicks(\n payload: ListPayload,\n excludeProfileId: string,\n): CredentialCopyPick[] {\n const profiles = payload.profiles ?? [];\n const connections = payload.connections ?? [];\n const byConnId = new Map(connections.map((c) => [c.id, c]));\n const seenCred = new Set<string>();\n const out: CredentialCopyPick[] = [];\n for (const p of profiles) {\n if (p.id === excludeProfileId) continue;\n for (const connId of p.attachedConnectionIds ?? []) {\n const c = byConnId.get(connId);\n if (!c || c.providerId !== \"openai\") continue;\n if (seenCred.has(c.credentialId)) continue;\n seenCred.add(c.credentialId);\n out.push({\n profileId: p.id,\n connectionId: c.id,\n credentialId: c.credentialId,\n });\n }\n }\n return out;\n}\n\nconst openAiProvider: TokenVaultBootstrapProvider = {\n tokenvaultProviderId: \"openai\",\n refreshModelsAfterBootstrap: true,\n listCredentialCopyPicks: openAiCopyPicks,\n validateResolution(resolution: VaultResolution, ctx: ValidationContext): void {\n if (resolution.providerId !== \"openai\") {\n throw new Error(\n `tokenVault profile \"${ctx.profileId}\" must select an OpenAI connection for capability \"${ctx.capability}\" (got provider \"${resolution.providerId}\").`,\n );\n }\n if (!resolution.modelId) {\n throw new Error(\n `tokenVault profile \"${ctx.profileId}\" has no model selected for capability \"${ctx.capability}\". Run: tokenvault profile select ${ctx.profileId} ${ctx.capability} <connection> <model>`,\n );\n }\n },\n};\n\nexport const builtInProviders = {\n openai: openAiProvider,\n} as const;\n"],"mappings":";AACO,IAAM,aAAa;AAAA,EACxB,MAAM;AAAA,EACN,WAAW;AAAA,EACX,YAAY;AAAA,EACZ,OAAO;AAAA,EACP,OAAO;AAAA,EACP,QAAQ;AAAA,EACR,OAAO;AACT;AAIA,IAAM,aAAgC,OAAO,OAAO,UAAU;AAEvD,SAAS,aAAa,GAA4B;AACvD,SAAO,WAAW,SAAS,CAAC;AAC9B;AAEO,SAAS,iBAAiB,GAAuB;AACtD,MAAI,CAAC,aAAa,CAAC,GAAG;AACpB,UAAM,IAAI;AAAA,MACR,uBAAuB,CAAC,uBAAuB,WAAW,KAAK,IAAI,CAAC;AAAA,IACtE;AAAA,EACF;AACA,SAAO;AACT;;;AC1BA,YAAY,cAAc;AAC1B,OAAO,YAAY;;;ACEZ,SAAS,sBAAsB,QAAoC;AACxE,MAAI;AACF,WAAO,KAAK,MAAM,MAAM;AAAA,EAC1B,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEO,SAAS,mBACd,QACA,UACA,KACiB;AACjB,MAAI;AACJ,MAAI;AACF,WAAO,KAAK,MAAM,MAAM;AAAA,EAC1B,QAAQ;AACN,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AACA,QAAM,aAAc,KACjB;AACH,MAAI,CAAC,cAAc,OAAO,eAAe,UAAU;AACjD,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AACA,QAAM,SACJ,OAAO,WAAW,WAAW,WAAW,WAAW,OAAO,KAAK,IAAI;AACrE,QAAM,UACJ,OAAO,WAAW,YAAY,WAAW,WAAW,QAAQ,KAAK,IAAI;AACvE,QAAM,aACJ,OAAO,WAAW,eAAe,WAC7B,WAAW,WAAW,KAAK,IAC3B;AACN,QAAM,aACJ,OAAO,WAAW,eAAe,YAAY,WAAW,WAAW,KAAK,IACpE,WAAW,WAAW,KAAK,IAC3B;AACN,QAAM,eACJ,OAAO,WAAW,iBAAiB,WAC/B,WAAW,aAAa,KAAK,IAC7B;AACN,QAAM,eACJ,OAAO,WAAW,iBAAiB,WAC/B,WAAW,aAAa,KAAK,IAC7B;AAEN,QAAM,WACH,OAAO,WAAW,gBAAgB,WAC/B,WAAW,YAAY,KAAK,IAC5B,QACH,OAAQ,WAAkC,SAAS,WAChD,OAAQ,WAAiC,IAAI,EAAE,KAAK,IACpD;AACN,QAAM,cACJ,YAAY,YAAY,YAAY,UAAU,UAAU;AAE1D,QAAM,UACH,OAAO,WAAW,cAAc,WAC7B,WAAW,UAAU,KAAK,IAC1B,QACH,OAAO,WAAW,kBAAkB,WACjC,WAAW,cAAc,KAAK,IAC9B;AACN,QAAM,gBAAgB,UAAU;AAEhC,MAAI,CAAC,QAAQ;AACX,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AAEA,QAAM,MAAuB;AAAA,IAC3B;AAAA,IACA;AAAA,IACA;AAAA,IACA,SAAS;AAAA,IACT;AAAA,IACA;AAAA,IACA,GAAI,gBAAgB,SAAY,EAAE,YAAY,IAAI,CAAC;AAAA,IACnD,GAAI,kBAAkB,SAAY,EAAE,cAAc,IAAI,CAAC;AAAA,EACzD;AACA,WAAS,mBAAmB,KAAK;AAAA,IAC/B,GAAG;AAAA,IACH,GAAI,gBAAgB,SAAY,EAAE,YAAY,IAAI,CAAC;AAAA,IACnD,GAAI,kBAAkB,SAAY,EAAE,cAAc,IAAI,CAAC;AAAA,EACzD,CAAC;AACD,SAAO;AACT;;;AD9DA,SAAS,WAAW,UAAmC;AACrD,QAAM,KAAc,yBAAgB;AAAA,IAClC,OAAO,QAAQ;AAAA,IACf,QAAQ,QAAQ;AAAA,EAClB,CAAC;AACD,SAAO,IAAI,QAAQ,CAAC,YAAY;AAC9B,OAAG,SAAS,UAAU,CAAC,WAAW;AAChC,SAAG,MAAM;AACT,cAAQ,OAAO,KAAK,CAAC;AAAA,IACvB,CAAC;AAAA,EACH,CAAC;AACH;AAEA,eAAe,yBACb,KACA,QACe;AACf,QAAM,EAAE,UAAU,KAAK,OAAO,IAAI;AAClC,QAAM,QAAQ,MAAM,OAAO,QAAQ,CAAC,MAAM,CAAC;AAC3C,QAAM,UACJ,MAAM,SAAS,IAAI,sBAAsB,MAAM,MAAM,IAAI;AAC3D,QAAM,QAAQ,UACV,SAAS,wBAAwB,SAAS,IAAI,SAAS,IACvD,CAAC;AAEL,MAAI,MAAM,WAAW,GAAG;AACtB,WAAO;AAAA,MACL,8CAA8C,SAAS,oBAAoB;AAAA;AAAA,IAC7E;AAAA,EACF,OAAO;AACL,YAAQ,MAAM,EAAE;AAChB,WAAO;AAAA,MACL,sCAAsC,IAAI,YAAY,MAAM,SAAS,oBAAoB;AAAA,IAC3F;AACA,WAAO;AAAA,MACL;AAAA,IACF;AACA,WAAO;AAAA,MACL;AAAA,IACF;AACA,YAAQ,MAAM,EAAE;AAChB,UAAM,MAAM,MAAM,WAAW,qBAAqB;AAClD,UAAM,OAAO,QAAQ,KAAK,MAAM;AAEhC,QAAI,SAAS,KAAK;AAChB,cAAQ,MAAM,EAAE;AAChB,eAAS,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK;AACrC,cAAM,IAAI,MAAM,CAAC;AACjB,eAAO;AAAA,UACL,KAAK,IAAI,CAAC,cAAc,EAAE,SAAS,wBAAmB,EAAE,YAAY,wBAAmB,EAAE,YAAY;AAAA,QACvG;AAAA,MACF;AACA,cAAQ,MAAM,EAAE;AAChB,YAAM,SAAS,MAAM;AAAA,QACnB,gBAAW,MAAM,MAAM;AAAA,MACzB;AACA,UAAI,WAAW,IAAI;AACjB,cAAM,IAAI,OAAO,SAAS,QAAQ,EAAE;AACpC,YAAI,OAAO,SAAS,CAAC,KAAK,KAAK,KAAK,KAAK,MAAM,QAAQ;AACrD,gBAAM,SAAS,MAAM,IAAI,CAAC,EAAG;AAC7B,gBAAM,QAAQ,MAAM,OAAO,QAAQ;AAAA,YACjC;AAAA,YACA;AAAA,YACA;AAAA,YACA,IAAI;AAAA,UACN,CAAC;AACD,cAAI,MAAM,SAAS,GAAG;AACpB,oBAAQ,MAAM,EAAE;AAChB;AAAA,UACF;AACA,gBAAM,IAAI;AAAA,YACR,MAAM,UACJ,MAAM,UACN,2CAA2C,MAAM,IAAI;AAAA,UACzD;AAAA,QACF;AAAA,MACF;AACA,aAAO,OAAO,8BAA8B;AAAA,IAC9C;AAEA,WAAO,OAAO,mDAAmD;AAAA,EACnE;AAEA,QAAM,OAAO,MAAM,OAAO,WAAW;AAAA,IACnC;AAAA,IACA;AAAA,IACA,SAAS;AAAA,IACT,IAAI;AAAA,EACN,CAAC;AACD,MAAI,SAAS,GAAG;AACd,UAAM,IAAI,MAAM,0CAA0C,IAAI,GAAG;AAAA,EACnE;AACF;AAEA,eAAe,cACb,QACA,WACkB;AAClB,QAAM,IAAI,MAAM,OAAO,QAAQ,CAAC,MAAM,CAAC;AACvC,MAAI,EAAE,SAAS,EAAG,QAAO;AACzB,MAAI;AACJ,MAAI;AACF,cAAU,KAAK,MAAM,EAAE,MAAM;AAAA,EAC/B,QAAQ;AACN,WAAO;AAAA,EACT;AACA,SAAO,QAAQ,QAAQ,UAAU,KAAK,CAAC,MAAM,EAAE,OAAO,SAAS,CAAC;AAClE;AAEA,eAAe,iBACb,QACA,cACkB;AAClB,QAAM,IAAI,MAAM,OAAO,QAAQ,CAAC,cAAc,WAAW,YAAY,CAAC;AACtE,SAAO,EAAE,SAAS;AACpB;AAEA,eAAe,iBACb,QACA,cACkB;AAClB,QAAM,IAAI,MAAM,OAAO,QAAQ,CAAC,cAAc,WAAW,YAAY,CAAC;AACtE,SAAO,EAAE,SAAS;AACpB;AAEA,eAAe,WACb,QACA,UACA,WACA,YACA,eACiC;AACjC,QAAM,OAAO;AAAA,IACX;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACA,QAAM,UAAU,eAAe,KAAK;AACpC,MAAI,SAAS;AACX,SAAK,KAAK,eAAe,OAAO;AAAA,EAClC;AACA,QAAM,IAAI,MAAM,OAAO,QAAQ,IAAI;AACnC,MAAI,EAAE,SAAS,EAAG,QAAO;AACzB,SAAO,mBAAmB,EAAE,QAAQ,UAAU;AAAA,IAC5C;AAAA,IACA;AAAA,IACA,GAAI,UAAU,EAAE,eAAe,QAAQ,IAAI,CAAC;AAAA,EAC9C,CAAC;AACH;AAEA,eAAe,sBACb,KACA,QACe;AACf,QAAM,EAAE,UAAU,KAAK,qBAAqB,gBAAgB,QAAQ,SAAS,IAC3E;AAEF,MAAI,CAAC,IAAI,kBAAkB;AACzB,UAAM,IAAI;AAAA,MACR,uBAAuB,IAAI,SAAS,qJAAqJ,IAAI,SAAS;AAAA,IACxM;AAAA,EACF;AAEA,UAAQ,MAAM,EAAE;AAChB,SAAO;AAAA,IACL,GAAG,QAAQ,yBAAyB,IAAI,SAAS,sDAAsD,IAAI,YAAY;AAAA,EACzH;AACA,UAAQ,MAAM,EAAE;AAEhB,MAAI,CAAE,MAAM,cAAc,QAAQ,IAAI,SAAS,GAAI;AACjD,UAAM,IAAI,MAAM,OAAO,QAAQ,CAAC,WAAW,UAAU,IAAI,SAAS,CAAC;AACnE,QAAI,EAAE,SAAS,GAAG;AAChB,YAAM,IAAI;AAAA,QACR,EAAE,UAAU,EAAE,UAAU,0CAA0C,EAAE,IAAI;AAAA,MAC1E;AAAA,IACF;AAAA,EACF;AAEA,MAAI,CAAE,MAAM,iBAAiB,QAAQ,IAAI,YAAY,GAAI;AACvD,UAAM,yBAAyB,KAAK,MAAM;AAAA,EAC5C;AAEA,MAAI,CAAE,MAAM,iBAAiB,QAAQ,IAAI,YAAY,GAAI;AACvD,UAAM,IAAI,MAAM,OAAO,QAAQ;AAAA,MAC7B;AAAA,MACA;AAAA,MACA,SAAS;AAAA,MACT,IAAI;AAAA,MACJ;AAAA,MACA,IAAI;AAAA,IACN,CAAC;AACD,QAAI,EAAE,SAAS,GAAG;AAChB,YAAM,IAAI;AAAA,QACR,EAAE,UACA,EAAE,UACF,0CAA0C,EAAE,IAAI;AAAA,MACpD;AAAA,IACF;AAAA,EACF;AAEA;AACE,UAAM,IAAI,MAAM,OAAO,QAAQ;AAAA,MAC7B;AAAA,MACA;AAAA,MACA,IAAI;AAAA,MACJ,IAAI;AAAA,IACN,CAAC;AACD,QAAI,EAAE,SAAS,GAAG;AAChB,YAAM,IAAI;AAAA,QACR,EAAE,UACA,EAAE,UACF,0CAA0C,EAAE,IAAI;AAAA,MACpD;AAAA,IACF;AAAA,EACF;AAEA,MAAI,SAAS,6BAA6B;AACxC,WAAO,OAAO,8CAAyC;AACvD,UAAM,OAAO,MAAM,OAAO,WAAW;AAAA,MACnC;AAAA,MACA;AAAA,MACA,IAAI;AAAA,IACN,CAAC;AACD,QAAI,SAAS,GAAG;AACd,YAAM,IAAI;AAAA,QACR,qDAAqD,IAAI;AAAA,MAC3D;AAAA,IACF;AAAA,EACF;AAEA;AACE,UAAM,IAAI,MAAM,OAAO,QAAQ;AAAA,MAC7B;AAAA,MACA;AAAA,MACA,IAAI;AAAA,MACJ;AAAA,MACA,IAAI;AAAA,MACJ;AAAA,IACF,CAAC;AACD,QAAI,EAAE,SAAS,GAAG;AAChB,YAAM,IAAI;AAAA,QACR,EAAE,UACA,EAAE,UACF,0CAA0C,EAAE,IAAI,gDAAgD,IAAI,YAAY;AAAA,MACpH;AAAA,IACF;AAAA,EACF;AAEA,UAAQ,MAAM,EAAE;AAChB,SAAO;AAAA,IACL,GAAG,QAAQ,yBAAyB,IAAI,SAAS;AAAA;AAAA,EACnD;AACF;AAEO,SAAS,wBACd,2BACS;AACT,MAAI,8BAA8B,MAAO,QAAO;AAChD,MAAI,8BAA8B,KAAM,QAAO;AAC/C,SAAO,QAAQ,QAAQ,MAAM,KAAK,KAAK,CAAC;AAC1C;AAEA,eAAsB,0BACpB,QACA,KAC0B;AAC1B,QAAM,EAAE,UAAU,KAAK,oBAAoB,IAAI;AAE/C,MAAI,MAAM,MAAM;AAAA,IACd;AAAA,IACA;AAAA,IACA,IAAI;AAAA,IACJ;AAAA,IACA;AAAA,EACF;AACA,MACE,CAAC,OACA,MAAM,iBAAiB,QAAQ,IAAI,YAAY,KAChD,SAAS,6BACT;AACA,UAAM,OAAO,MAAM,OAAO,WAAW;AAAA,MACnC;AAAA,MACA;AAAA,MACA,IAAI;AAAA,IACN,CAAC;AACD,QAAI,SAAS,GAAG;AACd,YAAM,MAAM;AAAA,QACV;AAAA,QACA;AAAA,QACA,IAAI;AAAA,QACJ;AAAA,QACA;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAEA,MAAI,CAAC,KAAK;AACR,UAAM,sBAAsB,KAAK,MAAM;AACvC,UAAM,MAAM;AAAA,MACV;AAAA,MACA;AAAA,MACA,IAAI;AAAA,MACJ;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEA,MAAI,CAAC,KAAK;AACR,UAAM,IAAI;AAAA,MACR,yCAAyC,IAAI,SAAS,qBAAqB,mBAAmB,0CAA0C,IAAI,SAAS,iBAAiB,mBAAmB;AAAA,IAC3L;AAAA,EACF;AAEA,SAAO;AACT;AAEA,eAAsB,kBACpB,QACA,UACA,WACA,YACA,eAC0B;AAC1B,QAAM,OAAO;AAAA,IACX;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACA,QAAM,UAAU,eAAe,KAAK;AACpC,MAAI,SAAS;AACX,SAAK,KAAK,eAAe,OAAO;AAAA,EAClC;AACA,QAAM,IAAI,MAAM,OAAO,QAAQ,IAAI;AACnC,MAAI,EAAE,SAAS,GAAG;AAChB,UAAM,IAAI;AAAA,MACR,EAAE,UACA,EAAE,UACF,mCAAmC,EAAE,IAAI,kBAAkB,SAAS,iBAAiB,UAAU;AAAA,IACnG;AAAA,EACF;AACA,SAAO,mBAAmB,EAAE,QAAQ,UAAU;AAAA,IAC5C;AAAA,IACA;AAAA,IACA,GAAI,UAAU,EAAE,eAAe,QAAQ,IAAI,CAAC;AAAA,EAC9C,CAAC;AACH;AAEA,eAAsB,kBACpB,QAC0B;AAC1B,QAAM,IAAI,MAAM,OAAO,QAAQ,CAAC,MAAM,CAAC;AACvC,MAAI,EAAE,SAAS,GAAG;AAChB,UAAM,IAAI;AAAA,MACR,EAAE,UAAU,EAAE,UAAU,gCAAgC,EAAE,IAAI;AAAA,IAChE;AAAA,EACF;AACA,QAAM,UAAU,sBAAsB,EAAE,MAAM;AAC9C,MAAI,CAAC,SAAS;AACZ,UAAM,IAAI,MAAM,8CAA8C;AAAA,EAChE;AACA,SAAO;AAAA,IACL,WAAW,QAAQ;AAAA,IACnB,aAAa,QAAQ,eAAe,CAAC;AAAA,IACrC,aAAa,QAAQ,eAAe,CAAC;AAAA,IACrC,UAAU,QAAQ,YAAY,CAAC;AAAA,EACjC;AACF;AAEA,eAAsB,sBACpB,QACA,QAQe;AACf,QAAM,OAAO;AAAA,IACX;AAAA,IACA;AAAA,IACA,OAAO;AAAA,IACP,OAAO;AAAA,IACP,OAAO;AAAA,IACP,OAAO;AAAA,EACT;AACA,QAAM,UAAU,OAAO,WAAW,KAAK;AACvC,MAAI,SAAS;AACX,SAAK,KAAK,eAAe,OAAO;AAAA,EAClC;AACA,QAAM,IAAI,MAAM,OAAO,QAAQ,IAAI;AACnC,MAAI,EAAE,SAAS,GAAG;AAChB,UAAM,IAAI;AAAA,MACR,EAAE,UACA,EAAE,UACF,0CAA0C,EAAE,IAAI;AAAA,IACpD;AAAA,EACF;AACF;AAEA,eAAsB,mBACpB,QACA,WACA,SACe;AACf,QAAM,OAAO,CAAC,WAAW,UAAU,SAAS;AAC5C,MAAI,SAAS,SAAS,SAAS;AAC7B,SAAK,KAAK,UAAU,OAAO;AAAA,EAC7B;AACA,QAAM,IAAI,MAAM,OAAO,QAAQ,IAAI;AACnC,MAAI,EAAE,SAAS,GAAG;AAChB,UAAM,IAAI;AAAA,MACR,EAAE,UACA,EAAE,UACF,0CAA0C,EAAE,IAAI;AAAA,IACpD;AAAA,EACF;AACF;AAEA,eAAsB,qBACpB,QACA,QACe;AACf,QAAM,IAAI,MAAM,OAAO,QAAQ;AAAA,IAC7B;AAAA,IACA;AAAA,IACA;AAAA,IACA,OAAO;AAAA,IACP,OAAO;AAAA,EACT,CAAC;AACD,MAAI,EAAE,SAAS,GAAG;AAChB,UAAM,IAAI;AAAA,MACR,EAAE,UACA,EAAE,UACF,4CAA4C,EAAE,IAAI;AAAA,IACtD;AAAA,EACF;AACF;AAEA,eAAsB,4BACpB,QACA,QAKe;AACf,QAAM,OAAO,OAAO,cAAc,KAAK;AACvC,QAAM,IAAI,MAAM,OAAO,QAAQ;AAAA,IAC7B;AAAA,IACA;AAAA,IACA;AAAA,IACA,OAAO;AAAA,IACP,OAAO;AAAA,IACP;AAAA,EACF,CAAC;AACD,MAAI,EAAE,SAAS,GAAG;AAChB,UAAM,IAAI;AAAA,MACR,EAAE,UACA,EAAE,UACF,oDAAoD,EAAE,IAAI;AAAA,IAC9D;AAAA,EACF;AACF;AAEA,eAAsB,oBACpB,QACA,WAC6B;AAC7B,QAAM,IAAI,MAAM,OAAO,QAAQ,CAAC,WAAW,WAAW,SAAS,CAAC;AAChE,MAAI,EAAE,SAAS,GAAG;AAChB,UAAM,IAAI;AAAA,MACR,EAAE,UACA,EAAE,UACF,2CAA2C,EAAE,IAAI;AAAA,IACrD;AAAA,EACF;AACA,MAAI;AACJ,MAAI;AACF,cAAU,KAAK,MAAM,EAAE,MAAM;AAAA,EAC/B,QAAQ;AACN,UAAM,IAAI,MAAM,yDAAyD;AAAA,EAC3E;AACA,QAAM,UAAW,QAA6C;AAC9D,MAAI,CAAC,WAAW,OAAO,QAAQ,OAAO,YAAY,OAAO,QAAQ,SAAS,UAAU;AAClF,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AACA,SAAO;AACT;;;AEvgBA,SAAS,yBAAyB,KAA8C;AAC9E,MAAI,CAAC,OAAO,OAAO,QAAQ,SAAU,QAAO;AAC5C,QAAM,IAAI;AACV,QAAM,KAAK,OAAO,EAAE,OAAO,WAAW,EAAE,GAAG,KAAK,IAAI;AACpD,MAAI,CAAC,GAAI,QAAO;AAChB,QAAM,cACJ,OAAO,EAAE,gBAAgB,YAAY,EAAE,YAAY,KAAK,IACpD,EAAE,YAAY,KAAK,IACnB;AACN,QAAM,cACJ,OAAO,EAAE,gBAAgB,YAAY,EAAE,YAAY,KAAK,IACpD,EAAE,YAAY,KAAK,IACnB;AACN,QAAM,aACJ,OAAO,EAAE,eAAe,YAAY,EAAE,WAAW,KAAK,IAClD,EAAE,WAAW,KAAK,IAClB;AACN,QAAM,UACJ,OAAO,EAAE,YAAY,YAAY,EAAE,QAAQ,KAAK,IAC5C,EAAE,QAAQ,KAAK,IACf;AACN,SAAO,EAAE,IAAI,aAAa,aAAa,YAAY,QAAQ;AAC7D;AAMO,SAAS,yCACd,UACA,WAC2B;AAC3B,QAAM,MAAiC,CAAC;AACxC,aAAW,OAAO,SAAS,aAAa,CAAC,GAAG;AAC1C,UAAM,IAAI,yBAAyB,GAAG;AACtC,QAAI,EAAG,KAAI,KAAK,CAAC;AAAA,EACnB;AACA,MAAI,KAAK,CAAC,GAAG,MAAM,EAAE,GAAG,cAAc,EAAE,EAAE,CAAC;AAE3C,QAAM,UAAU,SAAS,SAAS,KAAK,CAAC,MAAM,EAAE,OAAO,SAAS;AAChE,QAAM,SAAS,IAAI,IAAI,SAAS,YAAY,IAAI,CAAC,MAAM,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC;AACjE,QAAM,sBAAsB,oBAAI,IAAY;AAC5C,aAAW,OAAO,SAAS,yBAAyB,CAAC,GAAG;AACtD,UAAM,IAAI,OAAO,IAAI,GAAG;AACxB,QAAI,GAAG,WAAY,qBAAoB,IAAI,EAAE,UAAU;AAAA,EACzD;AAEA,SAAO,IAAI,OAAO,CAAC,MAAM,CAAC,oBAAoB,IAAI,EAAE,EAAE,CAAC;AACzD;AAEO,SAAS,kCACd,WACA,YACgD;AAChD,QAAM,SAAS,GAAG,SAAS,IAAI,UAAU;AACzC,SAAO,EAAE,cAAc,QAAQ,cAAc,OAAO;AACtD;AAEA,SAAS,SAAS,SAAiB,GAA4D;AAC7F,QAAM,SAAS,EAAE,UAAU,EAAE,UAAU,QAAQ,EAAE,IAAI;AACrD,QAAM,IAAI,MAAM,GAAG,OAAO,KAAK,MAAM,EAAE;AACzC;AAMA,eAAsB,gCACpB,QACA,QAO0C;AAC1C,QAAM,EAAE,WAAW,YAAY,QAAQ,cAAc,aAAa,IAAI;AAEtE;AACE,UAAM,IAAI,MAAM,OAAO,QAAQ,CAAC,WAAW,UAAU,SAAS,CAAC;AAC/D,QAAI,EAAE,SAAS,GAAG;AAChB,YAAM,OAAO,MAAM,OAAO,QAAQ,CAAC,WAAW,WAAW,SAAS,CAAC;AACnE,UAAI,KAAK,SAAS,GAAG;AACnB,iBAAS,mDAAmD,SAAS,KAAK,CAAC;AAAA,MAC7E;AAAA,IACF;AAAA,EACF;AAEA;AACE,UAAM,IAAI,MAAM,OAAO,QAAQ,CAAC,cAAc,WAAW,YAAY,CAAC;AACtE,QAAI,EAAE,SAAS,GAAG;AAChB,YAAM,MAAM,MAAM,OAAO;AAAA,QACvB,CAAC,cAAc,OAAO,YAAY,cAAc,SAAS;AAAA,QACzD;AAAA,QACA,EAAE,gBAAgB,KAAK;AAAA,MACzB;AACA,UAAI,IAAI,SAAS,GAAG;AAClB;AAAA,UACE,yCAAyC,YAAY,eAAe,UAAU;AAAA,UAC9E;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAEA;AACE,UAAM,IAAI,MAAM,OAAO,QAAQ,CAAC,cAAc,WAAW,YAAY,CAAC;AACtE,QAAI,EAAE,SAAS,GAAG;AAChB,YAAM,MAAM,MAAM,OAAO,QAAQ;AAAA,QAC/B;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF,CAAC;AACD,UAAI,IAAI,SAAS,GAAG;AAClB,iBAAS,yCAAyC,YAAY,KAAK,GAAG;AAAA,MACxE;AAAA,IACF;AAAA,EACF;AAEA;AACE,UAAM,IAAI,MAAM,OAAO,QAAQ,CAAC,WAAW,UAAU,WAAW,YAAY,CAAC;AAC7E,QAAI,EAAE,SAAS,GAAG;AAChB,eAAS,qCAAqC,SAAS,WAAM,YAAY,KAAK,CAAC;AAAA,IACjF;AAAA,EACF;AAEA,MAAI,sBAAsB;AAC1B;AACE,UAAM,IAAI,MAAM,OAAO,QAAQ,CAAC,cAAc,kBAAkB,YAAY,CAAC;AAC7E,QAAI,EAAE,SAAS,GAAG;AAChB,UAAI;AACF,cAAM,IAAI,KAAK,MAAM,EAAE,MAAM;AAC7B,YAAI,OAAO,EAAE,UAAU,SAAU,uBAAsB,EAAE;AAAA,MAC3D,QAAQ;AACN,8BAAsB;AAAA,MACxB;AAAA,IACF;AAAA,EACF;AAEA,MAAI,wBAAwB,GAAG;AAC7B,UAAM,SAAS,MAAM,4BAA4B,QAAQ,YAAY;AACrE,0BAAsB,OAAO;AAAA,EAC/B;AAEA,SAAO,EAAE,oBAAoB;AAC/B;AAKA,eAAsB,4BACpB,QACA,cAC6B;AAC7B,QAAM,IAAI,MAAM,OAAO,QAAQ,CAAC,cAAc,UAAU,YAAY,CAAC;AACrE,MAAI,EAAE,SAAS,GAAG;AAChB,aAAS,4CAA4C,YAAY,KAAK,CAAC;AAAA,EACzE;AACA,MAAI;AACJ,MAAI;AACF,WAAO,KAAK,MAAM,EAAE,MAAM;AAAA,EAC5B,QAAQ;AACN,WAAO,CAAC;AAAA,EACV;AACA,QAAM,YAAa,KAA8B;AACjD,MAAI,CAAC,MAAM,QAAQ,SAAS,EAAG,QAAO,CAAC;AAEvC,QAAM,MAA0B,CAAC;AACjC,aAAW,OAAO,WAAW;AAC3B,QAAI,CAAC,OAAO,OAAO,QAAQ,SAAU;AACrC,UAAM,IAAI;AACV,UAAM,KAAK,OAAO,EAAE,OAAO,WAAW,EAAE,GAAG,KAAK,IAAI;AACpD,QAAI,CAAC,GAAI;AACT,UAAM,cACJ,OAAO,EAAE,gBAAgB,YAAY,EAAE,YAAY,KAAK,IACpD,EAAE,YAAY,KAAK,IACnB;AACN,UAAM,OAAO,EAAE;AACf,UAAM,eAAe,MAAM,QAAQ,IAAI,IACnC,KAAK,OAAO,CAAC,MAAmB,OAAO,MAAM,QAAQ,IACrD,CAAC;AACL,QAAI,KAAK,EAAE,IAAI,aAAa,aAAa,CAAC;AAAA,EAC5C;AACA,SAAO,IAAI,KAAK,CAAC,GAAG,MAAM,EAAE,GAAG,cAAc,EAAE,EAAE,CAAC;AACpD;;;ACnMA,OAAO,QAAQ;AACf,OAAO,UAAU;AAMV,SAAS,4BAA4B,UAA2B;AACrE,QAAM,UAAU,UAAU,KAAK;AAC/B,MAAI,QAAS,QAAO;AACpB,QAAM,UAAU,QAAQ,IAAI,gBAAgB,KAAK;AACjD,MAAI,QAAS,QAAO;AACpB,QAAM,QAAQ,YAAY,YAAY;AACtC,MAAI,CAAC,OAAO;AACV,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AACA,SAAO;AACT;AAEA,SAAS,YAAY,KAA4B;AAC/C,QAAM,QAAQ,QAAQ,aAAa;AACnC,QAAM,QAAQ,QAAQ,IAAI,MAAM,MAAM,KAAK,SAAS,KAAK,CAAC;AAC1D,QAAM,OAAO,QACT,QAAQ,IAAI,SAAS,MAAM,KAAK,SAAS,KAAK,CAAC,QAAQ,QAAQ,QAAQ,EAAE,IACzE,CAAC,EAAE;AAEP,aAAW,OAAO,OAAO;AACvB,eAAW,OAAO,MAAM;AACtB,YAAM,YAAY,KAAK,KAAK,KAAK,MAAM,GAAG;AAC1C,UAAI;AACF,cAAM,KAAK,GAAG,SAAS,SAAS;AAChC,YAAI,CAAC,GAAG,OAAO,EAAG;AAClB,YAAI,CAAC,OAAO;AACV,cAAI;AACF,eAAG,WAAW,WAAW,GAAG,UAAU,IAAI;AAAA,UAC5C,QAAQ;AACN;AAAA,UACF;AAAA,QACF;AACA,eAAO;AAAA,MACT,QAAQ;AAAA,MAER;AAAA,IACF;AAAA,EACF;AACA,SAAO;AACT;;;AC9CA,SAAS,qBAA8B;AACrC,MAAI,QAAQ,IAAI,SAAU,QAAO;AACjC,MAAI,QAAQ,IAAI,SAAS,OAAQ,QAAO;AACxC,SAAO,QAAQ,QAAQ,OAAO,KAAK;AACrC;AAEA,IAAM,cAAc;AACpB,IAAM,aAAa;AACnB,IAAM,aAAa;AAEZ,SAAS,sBAA8B;AAC5C,SAAO;AAAA,IACL,OAAO,SAAuB;AAC5B,UAAI,mBAAmB;AACrB,gBAAQ,MAAM,GAAG,WAAW,GAAG,OAAO,GAAG,UAAU,EAAE;AAAA,UAClD,SAAQ,MAAM,OAAO;AAAA,IAC5B;AAAA,IACA,QAAQ,SAAuB;AAC7B,UAAI,mBAAmB;AACrB,gBAAQ,MAAM,GAAG,UAAU,GAAG,OAAO,GAAG,UAAU,EAAE;AAAA,UACjD,SAAQ,MAAM,OAAO;AAAA,IAC5B;AAAA,EACF;AACF;;;ACzBA,SAAS,aAAa;;;ACKf,SAAS,kBAAqC;AACnD,QAAM,MAAyB,EAAE,GAAG,QAAQ,IAAI;AAChD,MAAI,IAAI,yBAAyB,KAAK,EAAG,QAAO;AAChD,UAAQ,QAAQ,UAAU;AAAA,IACxB,KAAK;AACH,UAAI,0BAA0B;AAC9B;AAAA,IACF,KAAK;AACH,UAAI,0BAA0B;AAC9B;AAAA,IACF,KAAK;AACH,UAAI,0BAA0B;AAC9B;AAAA,IACF;AACE;AAAA,EACJ;AACA,SAAO;AACT;;;ADMO,SAAS,qBAAqB,SAGlB;AACjB,QAAM,aAAa,QAAQ,OAAO;AAElC,WAAS,aAAqB;AAC5B,WAAO,4BAA4B,QAAQ,cAAc;AAAA,EAC3D;AAEA,SAAO;AAAA,IACL,MAAM,QAAQ,MAAwC;AACpD,YAAM,MAAM,WAAW;AACvB,YAAM,MAAM,WAAW;AACvB,YAAM,YAAY,QAAQ,MAAM,QAAQ,YAAY;AACpD,aAAO,MAAM,aAAa,CAAC,KAAK,UAAU,GAAG,IAAI,GAAG,KAAK,SAAS;AAAA,IACpE;AAAA,IACA,MAAM,iBACJ,MACA,OACAA,UACwB;AACxB,YAAM,MAAM,WAAW;AACvB,YAAM,MAAM,WAAW;AACvB,YAAM,UAAU,CAAC,QAAQ;AACzB,UAAIA,UAAS,mBAAmB,OAAO;AACrC,gBAAQ,KAAK,mBAAmB;AAAA,MAClC;AACA,aAAO,MAAM,sBAAsB,CAAC,KAAK,GAAG,SAAS,GAAG,IAAI,GAAG,KAAK,KAAK;AAAA,IAC3E;AAAA,IACA,MAAM,WAAW,MAAiC;AAChD,YAAM,MAAM,WAAW;AACvB,YAAM,MAAM,WAAW;AACvB,aAAO,MAAM,gBAAgB,CAAC,KAAK,GAAG,IAAI,GAAG,GAAG;AAAA,IAClD;AAAA,EACF;AACF;AAEA,SAAS,aACP,MACA,KACA,WACwB;AACxB,QAAM,CAAC,gBAAgB,GAAG,IAAI,IAAI;AAClC,SAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AACtC,UAAM,QAAQ,MAAM,gBAAiB,MAAM;AAAA,MACzC;AAAA,MACA,OAAO,CAAC,WAAW,QAAQ,MAAM;AAAA,IACnC,CAAC;AACD,QAAI,SAAS;AACb,QAAI,SAAS;AACb,UAAM,QAAQ,YAAY,MAAM;AAChC,UAAM,QAAQ,YAAY,MAAM;AAChC,UAAM,QAAQ,GAAG,QAAQ,CAAC,MAAc;AACtC,gBAAU;AAAA,IACZ,CAAC;AACD,UAAM,QAAQ,GAAG,QAAQ,CAAC,MAAc;AACtC,gBAAU;AAAA,IACZ,CAAC;AACD,UAAM,GAAG,SAAS,MAAM;AACxB,UAAM,GAAG,SAAS,CAAC,SAAS;AAC1B,cAAQ;AAAA,QACN,MAAM,QAAQ;AAAA,QACd,QAAQ,OAAO,QAAQ;AAAA,QACvB,QAAQ,OAAO,QAAQ;AAAA,MACzB,CAAC;AAAA,IACH,CAAC;AAAA,EACH,CAAC;AACH;AAEA,SAAS,sBACP,MACA,KACA,WACwB;AACxB,QAAM,CAAC,gBAAgB,GAAG,IAAI,IAAI;AAClC,SAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AACtC,UAAM,QAAQ,MAAM,gBAAiB,MAAM;AAAA,MACzC;AAAA,MACA,OAAO,CAAC,QAAQ,QAAQ,MAAM;AAAA,IAChC,CAAC;AACD,QAAI,SAAS;AACb,QAAI,SAAS;AACb,UAAM,QAAQ,YAAY,MAAM;AAChC,UAAM,QAAQ,YAAY,MAAM;AAChC,UAAM,QAAQ,GAAG,QAAQ,CAAC,MAAc;AACtC,gBAAU;AAAA,IACZ,CAAC;AACD,UAAM,QAAQ,GAAG,QAAQ,CAAC,MAAc;AACtC,gBAAU;AAAA,IACZ,CAAC;AACD,UAAM,GAAG,SAAS,MAAM;AACxB,UAAM,GAAG,SAAS,CAAC,SAAS;AAC1B,cAAQ;AAAA,QACN,MAAM,QAAQ;AAAA,QACd,QAAQ,OAAO,QAAQ;AAAA,QACvB,QAAQ,OAAO,QAAQ;AAAA,MACzB,CAAC;AAAA,IACH,CAAC;AACD,UAAM,OAAO,MAAM,WAAW,QAAQ,MAAM;AAC1C,YAAM,OAAO,IAAI;AAAA,IACnB,CAAC;AAAA,EACH,CAAC;AACH;AAEA,SAAS,gBACP,MACA,KACiB;AACjB,QAAM,CAAC,gBAAgB,GAAG,IAAI,IAAI;AAClC,SAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AACtC,UAAM,QAAQ,MAAM,gBAAiB,MAAM,EAAE,KAAK,OAAO,UAAU,CAAC;AACpE,UAAM,GAAG,SAAS,MAAM;AACxB,UAAM,GAAG,SAAS,CAAC,SAAS,QAAQ,QAAQ,CAAC,CAAC;AAAA,EAChD,CAAC;AACH;;;AE3BA,SAAS,iBACP,IACA,UACc;AACd,QAAM,WAAW,GAAG,EAAE,IAAI,SAAS,oBAAoB;AACvD,SAAO,EAAE,WAAW,IAAI,cAAc,UAAU,cAAc,SAAS;AACzE;AAEA,SAAS,oBACP,SACc;AACd,MAAI,eAAe,SAAS;AAC1B,WAAO,iBAAiB,QAAQ,WAAW,QAAQ,QAAQ;AAAA,EAC7D;AACA,SAAO;AAAA,IACL,WAAW,QAAQ;AAAA,IACnB,cAAc,QAAQ;AAAA,IACtB,cAAc,QAAQ;AAAA,EACxB;AACF;AAEO,SAAS,iBACd,SACY;AACZ,QAAM,WAAW,QAAQ;AACzB,QAAM,sBACJ,QAAQ,uBAAuB,WAAW;AAC5C,QAAM,kBACJ,QAAQ,yBAAyB,mBAAmB,GAAG,KAAK;AAC9D,MAAI,CAAC,iBAAiB;AACpB,UAAM,IAAI;AAAA,MACR,qGAAqG,mBAAmB;AAAA,IAC1H;AAAA,EACF;AACA,QAAM,iBAAyB;AAE/B,MAAI,CAAC,QAAQ,QAAQ;AACnB,gCAA4B,QAAQ,cAAc;AAAA,EACpD;AAEA,QAAM,SACJ,QAAQ,UACR,qBAAqB,EAAE,gBAAgB,QAAQ,eAAe,CAAC;AAEjE,QAAM,eAAe,oBAAoB,OAAO;AAChD,MAAI,mBAAmB,aAAa;AAEpC,QAAM,SAAS,QAAQ,UAAU,oBAAoB;AACrD,QAAM,mBAAmB;AAAA,IACvB,QAAQ;AAAA,EACV;AAEA,WAAS,aAAa,KAAqC;AACzD,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,UAAU,QAAQ;AAAA,MAClB;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AAAA,IACL,MAAM,OAAO,mBAAsD;AACjE,YAAM,UAAU,mBAAmB,KAAK;AACxC,YAAM,MAAM,UACR,iBAAiB,SAAS,QAAQ,IAClC;AACJ,aAAO,MAAM;AAAA,QACX;AAAA,QACA,aAAa,GAAG;AAAA,MAClB;AAAA,IACF;AAAA,IAEA,MAAM,eAAyC;AAC7C,aAAO,MAAM,kBAAkB,MAAM;AAAA,IACvC;AAAA,IAEA,WAAW,WAAyB;AAClC,yBAAmB;AAAA,IACrB;AAAA,IAEA,IAAI,kBAA0B;AAC5B,aAAO;AAAA,IACT;AAAA,IAEA,MAAM,IACJ,YACAC,UAC0B;AAC1B,YAAM,MAAM,OAAO,eAAe,WAAW,iBAAiB,UAAU,IAAI;AAC5E,aAAO,MAAM;AAAA,QACX;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACAA,UAAS;AAAA,MACX;AAAA,IACF;AAAA,IAEA,MAAM,mBACJ,YACA,cACA,SACAA,UACe;AACf,YAAM,MACJ,OAAO,eAAe,WAAW,iBAAiB,UAAU,IAAI;AAClE,YAAM,sBAAsB,QAAQ;AAAA,QAClC,WAAW;AAAA,QACX,YAAY;AAAA,QACZ;AAAA,QACA;AAAA,QACA,WAAWA,UAAS;AAAA,MACtB,CAAC;AAAA,IACH;AAAA,IAEA,MAAM,qBACJ,YACA,eACe;AACf,YAAM,MACJ,OAAO,eAAe,WAAW,iBAAiB,UAAU,IAAI;AAClE,YAAM,4BAA4B,QAAQ;AAAA,QACxC,WAAW;AAAA,QACX,YAAY;AAAA,QACZ;AAAA,MACF,CAAC;AAAA,IACH;AAAA,IAEA,MAAM,qBAAqB,MAAwC;AACjE,YAAM,qBAAqB,QAAQ;AAAA,QACjC,WAAW;AAAA,QACX;AAAA,MACF,CAAC;AAAA,IACH;AAAA,IAEA,MAAM,cACJ,MACAA,UACe;AACf,YAAM,mBAAmB,QAAQ,MAAMA,QAAO;AAAA,IAChD;AAAA,IAEA,MAAM,eAAe,WAAiD;AACpE,YAAM,MAAM,aAAa,kBAAkB,KAAK;AAChD,aAAO,MAAM,oBAAoB,QAAQ,EAAE;AAAA,IAC7C;AAAA,IAEA,MAAM,iCAAqE;AACzE,YAAM,OAAO,MAAM,kBAAkB,MAAM;AAC3C,aAAO,yCAAyC,MAAM,gBAAgB;AAAA,IACxE;AAAA,IAEA,MAAM,+BAA+B,QAOlC;AACD,YAAM,EAAE,cAAc,aAAa,IAAI;AAAA,QACrC;AAAA,QACA,OAAO,WAAW,KAAK;AAAA,MACzB;AACA,YAAM,EAAE,oBAAoB,IAAI,MAAM,gCAAgC,QAAQ;AAAA,QAC5E,WAAW;AAAA,QACX,YAAY,OAAO,WAAW,KAAK;AAAA,QACnC,QAAQ,OAAO;AAAA,QACf;AAAA,QACA;AAAA,MACF,CAAC;AACD,aAAO,EAAE,cAAc,cAAc,oBAAoB;AAAA,IAC3D;AAAA,IAEA,MAAM,8BAA8B,cAAmD;AACrF,aAAO,MAAM,4BAA4B,QAAQ,aAAa,KAAK,CAAC;AAAA,IACtE;AAAA,IAEA,MAAM,iCAAiC,cAAmD;AACxF,YAAM,MAAM,aAAa,KAAK;AAC9B,YAAM,IAAI,MAAM,OAAO,QAAQ,CAAC,cAAc,kBAAkB,GAAG,CAAC;AACpE,UAAI,EAAE,SAAS,GAAG;AAChB,cAAM,SAAS,EAAE,UAAU,EAAE,UAAU,QAAQ,EAAE,IAAI;AACrD,cAAM,IAAI,MAAM,gDAAgD,MAAM,EAAE;AAAA,MAC1E;AACA,aAAO,MAAM,4BAA4B,QAAQ,GAAG;AAAA,IACtD;AAAA,EACF;AACF;;;AC5RA,SAAS,gBACP,SACA,kBACsB;AACtB,QAAM,WAAW,QAAQ,YAAY,CAAC;AACtC,QAAM,cAAc,QAAQ,eAAe,CAAC;AAC5C,QAAM,WAAW,IAAI,IAAI,YAAY,IAAI,CAAC,MAAM,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC;AAC1D,QAAM,WAAW,oBAAI,IAAY;AACjC,QAAM,MAA4B,CAAC;AACnC,aAAW,KAAK,UAAU;AACxB,QAAI,EAAE,OAAO,iBAAkB;AAC/B,eAAW,UAAU,EAAE,yBAAyB,CAAC,GAAG;AAClD,YAAM,IAAI,SAAS,IAAI,MAAM;AAC7B,UAAI,CAAC,KAAK,EAAE,eAAe,SAAU;AACrC,UAAI,SAAS,IAAI,EAAE,YAAY,EAAG;AAClC,eAAS,IAAI,EAAE,YAAY;AAC3B,UAAI,KAAK;AAAA,QACP,WAAW,EAAE;AAAA,QACb,cAAc,EAAE;AAAA,QAChB,cAAc,EAAE;AAAA,MAClB,CAAC;AAAA,IACH;AAAA,EACF;AACA,SAAO;AACT;AAEA,IAAM,iBAA8C;AAAA,EAClD,sBAAsB;AAAA,EACtB,6BAA6B;AAAA,EAC7B,yBAAyB;AAAA,EACzB,mBAAmB,YAA6B,KAA8B;AAC5E,QAAI,WAAW,eAAe,UAAU;AACtC,YAAM,IAAI;AAAA,QACR,uBAAuB,IAAI,SAAS,sDAAsD,IAAI,UAAU,oBAAoB,WAAW,UAAU;AAAA,MACnJ;AAAA,IACF;AACA,QAAI,CAAC,WAAW,SAAS;AACvB,YAAM,IAAI;AAAA,QACR,uBAAuB,IAAI,SAAS,2CAA2C,IAAI,UAAU,qCAAqC,IAAI,SAAS,IAAI,IAAI,UAAU;AAAA,MACnK;AAAA,IACF;AAAA,EACF;AACF;AAEO,IAAM,mBAAmB;AAAA,EAC9B,QAAQ;AACV;","names":["options","options"]}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@partrocks/tokenvault",
3
- "version": "0.1.8",
3
+ "version": "0.1.11",
4
4
  "description": "Facade for tokenvault CLI: bootstrap profiles, resolve secrets per capability, list profiles",
5
5
  "type": "module",
6
6
  "main": "./dist/index.js",