@passwd/passwd-agent-cli 1.3.0

package/dist/commands/envs.d.ts

@@ -0,0 +1,3 @@
+export declare function envsCommand(opts: {
+    json?: boolean;
+}): Promise<void>;

package/dist/commands/envs.js

@@ -0,0 +1,24 @@
+import { getTokenDir } from "@passwd/passwd-lib";
+import { scanTokenFiles } from "../util/envs.js";
+export async function envsCommand(opts) {
+    const envs = await scanTokenFiles(getTokenDir());
+    if (envs.length === 0) {
+        console.log("No known environments. Log in with PASSWD_ORIGIN set first.");
+        return;
+    }
+    const currentOrigin = process.env.PASSWD_ORIGIN?.replace(/\/+$/, "");
+    if (opts.json) {
+        const out = envs.map((e) => ({
+            origin: e.origin,
+            current: e.origin === currentOrigin,
+            savedAt: e.savedAt,
+        }));
+        console.log(JSON.stringify(out, null, 2));
+        return;
+    }
+    for (const env of envs) {
+        const marker = env.origin === currentOrigin ? " *" : "";
+        console.log(`${env.origin}${marker}`);
+    }
+}
+//# sourceMappingURL=envs.js.map

package/dist/commands/envs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"envs.js","sourceRoot":"","sources":["../../src/commands/envs.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AAEjD,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,IAAwB;IACxD,MAAM,IAAI,GAAG,MAAM,cAAc,CAAC,WAAW,EAAE,CAAC,CAAC;IAEjD,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtB,OAAO,CAAC,GAAG,CAAC,6DAA6D,CAAC,CAAC;QAC3E,OAAO;IACT,CAAC;IAED,MAAM,aAAa,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,EAAE,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IAErE,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QACd,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAC3B,MAAM,EAAE,CAAC,CAAC,MAAM;YAChB,OAAO,EAAE,CAAC,CAAC,MAAM,KAAK,aAAa;YACnC,OAAO,EAAE,CAAC,CAAC,OAAO;SACnB,CAAC,CAAC,CAAC;QACJ,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QAC1C,OAAO;IACT,CAAC;IAED,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,KAAK,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;QACxD,OAAO,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,MAAM,GAAG,MAAM,EAAE,CAAC,CAAC;IACxC,CAAC;AACH,CAAC"}

package/dist/commands/exec.d.ts

@@ -0,0 +1,3 @@
+export declare function execCommand(args: string[], opts: {
+    inject?: string[];
+}): Promise<void>;

package/dist/commands/exec.js

@@ -0,0 +1,60 @@
+import { spawn } from "node:child_process";
+import { getSecret } from "@passwd/passwd-lib";
+export async function execCommand(args, opts) {
+    if (!args.length) {
+        console.error("Usage: passwd-agent exec --inject VAR=SECRET_ID:FIELD -- command [args...]");
+        process.exitCode = 1;
+        return;
+    }
+    const injections = opts.inject ?? [];
+    const env = { ...process.env };
+    // Scrub passwd credentials so the child only gets the specific fields requested
+    delete env.PASSWD_ACCESS_TOKEN;
+    delete env.PASSWD_API_URL;
+    delete env.PASSWD_CLIENT_ID;
+    // Parse and fetch all injections in parallel
+    const tasks = injections.map(async (spec) => {
+        const eqIdx = spec.indexOf("=");
+        if (eqIdx === -1) {
+            throw new Error(`Invalid --inject format: '${spec}'. Expected VAR=SECRET_ID:FIELD`);
+        }
+        const varName = spec.slice(0, eqIdx);
+        const rest = spec.slice(eqIdx + 1);
+        const colonIdx = rest.indexOf(":");
+        if (colonIdx === -1) {
+            throw new Error(`Invalid --inject format: '${spec}'. Expected VAR=SECRET_ID:FIELD`);
+        }
+        const secretId = rest.slice(0, colonIdx);
+        const field = rest.slice(colonIdx + 1);
+        const secret = await getSecret(secretId);
+        const value = secret[field];
+        if (value === undefined) {
+            throw new Error(`Field '${field}' not found in secret '${secretId}'`);
+        }
+        return { varName, value: String(value) };
+    });
+    const resolved = await Promise.all(tasks);
+    for (const { varName, value } of resolved) {
+        env[varName] = value;
+    }
+    const secretValues = resolved.map((r) => r.value).filter((v) => v.length > 0);
+    const [cmd, ...cmdArgs] = args;
+    // Always mask — no --no-masking flag exists in the agent CLI
+    const child = spawn(cmd, cmdArgs, {
+        env,
+        stdio: ["inherit", "pipe", "pipe"],
+    });
+    const mask = (chunk) => {
+        let str = chunk.toString();
+        for (const v of secretValues) {
+            str = str.replaceAll(v, "<concealed by passwd>");
+        }
+        return Buffer.from(str);
+    };
+    child.stdout?.on("data", (chunk) => process.stdout.write(mask(chunk)));
+    child.stderr?.on("data", (chunk) => process.stderr.write(mask(chunk)));
+    child.on("close", (code) => {
+        process.exitCode = code ?? 1;
+    });
+}
+//# sourceMappingURL=exec.js.map

package/dist/commands/exec.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"exec.js","sourceRoot":"","sources":["../../src/commands/exec.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAC3C,OAAO,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAE/C,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,IAAc,EACd,IAA2B;IAE3B,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;QACjB,OAAO,CAAC,KAAK,CAAC,4EAA4E,CAAC,CAAC;QAC5F,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,IAAI,EAAE,CAAC;IACrC,MAAM,GAAG,GAA2B,EAAE,GAAG,OAAO,CAAC,GAAG,EAA4B,CAAC;IAEjF,gFAAgF;IAChF,OAAO,GAAG,CAAC,mBAAmB,CAAC;IAC/B,OAAO,GAAG,CAAC,cAAc,CAAC;IAC1B,OAAO,GAAG,CAAC,gBAAgB,CAAC;IAE5B,6CAA6C;IAC7C,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;QAC1C,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAChC,IAAI,KAAK,KAAK,CAAC,CAAC,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,6BAA6B,IAAI,iCAAiC,CAAC,CAAC;QACtF,CAAC;QACD,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;QACrC,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;QACnC,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACnC,IAAI,QAAQ,KAAK,CAAC,CAAC,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CAAC,6BAA6B,IAAI,iCAAiC,CAAC,CAAC;QACtF,CAAC;QACD,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;QACzC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC;QAEvC,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,QAAQ,CAAC,CAAC;QACzC,MAAM,KAAK,GAAI,MAA6C,CAAC,KAAK,CAAC,CAAC;QACpE,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CAAC,UAAU,KAAK,0BAA0B,QAAQ,GAAG,CAAC,CAAC;QACxE,CAAC;QACD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;IAC3C,CAAC,CAAC,CAAC;IAEH,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IAC1C,KAAK,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,QAAQ,EAAE,CAAC;QAC1C,GAAG,CAAC,OAAO,CAAC,GAAG,KAAK,CAAC;IACvB,CAAC;IAED,MAAM,YAAY,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAE9E,MAAM,CAAC,GAAG,EAAE,GAAG,OAAO,CAAC,GAAG,IAAI,CAAC;IAC/B,6DAA6D;IAC7D,MAAM,KAAK,GAAG,KAAK,CAAC,GAAG,EAAE,OAAO,EAAE;QAChC,GAAG;QACH,KAAK,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,CAAC;KACnC,CAAC,CAAC;IAEH,MAAM,IAAI,GAAG,CAAC,KAAa,EAAU,EAAE;QACrC,IAAI,GAAG,GAAG,KAAK,CAAC,QAAQ,EAAE,CAAC;QAC3B,KAAK,MAAM,CAAC,IAAI,YAAY,EAAE,CAAC;YAC7B,GAAG,GAAG,GAAG,CAAC,UAAU,CAAC,CAAC,EAAE,uBAAuB,CAAC,CAAC;QACnD,CAAC;QACD,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC1B,CAAC,CAAC;IAEF,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAC/E,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAE/E,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE;QACzB,OAAO,CAAC,QAAQ,GAAG,IAAI,IAAI,CAAC,CAAC;IAC/B,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/commands/get.d.ts

@@ -0,0 +1,3 @@
+export declare function getCommand(id: string, opts: {
+    json?: boolean;
+}): Promise<void>;

package/dist/commands/get.js

@@ -0,0 +1,8 @@
+import { getSecret, redactSecret } from "@passwd/passwd-lib";
+import { formatJson } from "../util/format.js";
+export async function getCommand(id, opts) {
+    const secret = await getSecret(id);
+    // Always redacted — no --field flag exists in the agent CLI
+    console.log(formatJson(redactSecret(secret)));
+}
+//# sourceMappingURL=get.js.map

package/dist/commands/get.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"get.js","sourceRoot":"","sources":["../../src/commands/get.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAC7D,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAE/C,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,EAAU,EACV,IAAwB;IAExB,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,EAAE,CAAC,CAAC;IACnC,4DAA4D;IAC5D,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;AAChD,CAAC"}

package/dist/commands/list.d.ts

@@ -0,0 +1,7 @@
+export declare function listCommand(opts: {
+    query?: string;
+    type?: string;
+    limit?: string;
+    offset?: string;
+    json?: boolean;
+}): Promise<void>;

package/dist/commands/list.js

@@ -0,0 +1,20 @@
+import { listSecrets } from "@passwd/passwd-lib";
+import { formatJson, formatSecretRow } from "../util/format.js";
+export async function listCommand(opts) {
+    const result = await listSecrets({
+        query: opts.query,
+        secretType: opts.type,
+        limit: opts.limit !== undefined ? Number(opts.limit) : undefined,
+        offset: opts.offset !== undefined ? Number(opts.offset) : undefined,
+    });
+    if (opts.json) {
+        console.log(formatJson(result));
+    }
+    else {
+        console.log(`Total: ${result.totalCount}`);
+        for (const s of result.secrets) {
+            console.log(formatSecretRow(s));
+        }
+    }
+}
+//# sourceMappingURL=list.js.map

package/dist/commands/list.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"list.js","sourceRoot":"","sources":["../../src/commands/list.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAEhE,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,IAMjC;IACC,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC;QAC/B,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,UAAU,EAAE,IAAI,CAAC,IAAI;QACrB,KAAK,EAAE,IAAI,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS;QAChE,MAAM,EAAE,IAAI,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,SAAS;KACpE,CAAC,CAAC;IAEH,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QACd,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;IAClC,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,UAAU,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC;QAC3C,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YAC/B,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,CAAC;QAClC,CAAC;IACH,CAAC;AACH,CAAC"}

package/dist/commands/login.d.ts

@@ -0,0 +1 @@
+export declare function loginCommand(): Promise<void>;

package/dist/commands/login.js

@@ -0,0 +1,20 @@
+import { createInterface } from "node:readline/promises";
+import { stdin, stdout } from "node:process";
+import { buildOAuthUrl, extractCodeFromRedirectUrl, exchangeCode } from "@passwd/passwd-lib";
+export async function loginCommand() {
+    const oauthUrl = await buildOAuthUrl();
+    console.log("Open this URL in your browser to authenticate:\n");
+    console.log(oauthUrl);
+    console.log();
+    const rl = createInterface({ input: stdin, output: stdout });
+    try {
+        const redirectUrl = await rl.question("Paste the redirect URL here: ");
+        const code = extractCodeFromRedirectUrl(redirectUrl.trim());
+        await exchangeCode(code);
+        console.log("Authenticated successfully. Token saved to ~/.passwd/");
+    }
+    finally {
+        rl.close();
+    }
+}
+//# sourceMappingURL=login.js.map

package/dist/commands/login.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"login.js","sourceRoot":"","sources":["../../src/commands/login.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AACzD,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AAC7C,OAAO,EAAE,aAAa,EAAE,0BAA0B,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAE7F,MAAM,CAAC,KAAK,UAAU,YAAY;IAChC,MAAM,QAAQ,GAAG,MAAM,aAAa,EAAE,CAAC;IAEvC,OAAO,CAAC,GAAG,CAAC,kDAAkD,CAAC,CAAC;IAChE,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACtB,OAAO,CAAC,GAAG,EAAE,CAAC;IAEd,MAAM,EAAE,GAAG,eAAe,CAAC,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;IAC7D,IAAI,CAAC;QACH,MAAM,WAAW,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,+BAA+B,CAAC,CAAC;QACvE,MAAM,IAAI,GAAG,0BAA0B,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC,CAAC;QAC5D,MAAM,YAAY,CAAC,IAAI,CAAC,CAAC;QACzB,OAAO,CAAC,GAAG,CAAC,uDAAuD,CAAC,CAAC;IACvE,CAAC;YAAS,CAAC;QACT,EAAE,CAAC,KAAK,EAAE,CAAC;IACb,CAAC;AACH,CAAC"}

package/dist/commands/resolve.d.ts

@@ -0,0 +1,10 @@
+/**
+ * OpenClaw exec secrets provider protocol.
+ *
+ * Reads a JSON request from stdin:
+ *   { "protocolVersion": 1, "provider": "passwd", "ids": ["secretId:field", ...] }
+ *
+ * Writes a JSON response to stdout:
+ *   { "protocolVersion": 1, "values": { "secretId:field": "value", ... }, "errors": { "id": "msg", ... } }
+ */
+export declare function resolveCommand(): Promise<void>;

package/dist/commands/resolve.js

@@ -0,0 +1,81 @@
+import { getSecret } from "@passwd/passwd-lib";
+/**
+ * OpenClaw exec secrets provider protocol.
+ *
+ * Reads a JSON request from stdin:
+ *   { "protocolVersion": 1, "provider": "passwd", "ids": ["secretId:field", ...] }
+ *
+ * Writes a JSON response to stdout:
+ *   { "protocolVersion": 1, "values": { "secretId:field": "value", ... }, "errors": { "id": "msg", ... } }
+ */
+export async function resolveCommand() {
+    const input = await readStdin();
+    let request;
+    try {
+        request = JSON.parse(input);
+    }
+    catch {
+        writeResponse({}, { _parse: "Invalid JSON on stdin" });
+        return;
+    }
+    const ids = request.ids ?? [];
+    if (!Array.isArray(ids) || ids.length === 0) {
+        writeResponse({}, {});
+        return;
+    }
+    // Deduplicate secret IDs to minimize API calls
+    const secretIds = [...new Set(ids.map((id) => id.split(":")[0]))];
+    const secrets = new Map();
+    const fetchErrors = new Map();
+    const results = await Promise.allSettled(secretIds.map(async (sid) => {
+        const secret = await getSecret(sid);
+        return { sid, secret };
+    }));
+    for (const result of results) {
+        if (result.status === "fulfilled") {
+            secrets.set(result.value.sid, result.value.secret);
+        }
+        else {
+            const sid = secretIds[results.indexOf(result)];
+            fetchErrors.set(sid, String(result.reason));
+        }
+    }
+    const values = {};
+    const errors = {};
+    for (const id of ids) {
+        const [secretId, field = "password"] = id.split(":");
+        const fetchError = fetchErrors.get(secretId);
+        if (fetchError) {
+            errors[id] = fetchError;
+            continue;
+        }
+        const secret = secrets.get(secretId);
+        if (!secret) {
+            errors[id] = "Secret not found";
+            continue;
+        }
+        const value = secret[field];
+        if (value === undefined || value === null) {
+            errors[id] = `Field '${field}' not found`;
+            continue;
+        }
+        values[id] = String(value);
+    }
+    writeResponse(values, errors);
+}
+function writeResponse(values, errors) {
+    const response = { protocolVersion: 1, values };
+    if (Object.keys(errors).length > 0) {
+        response.errors = errors;
+    }
+    process.stdout.write(JSON.stringify(response) + "\n");
+}
+function readStdin() {
+    return new Promise((resolve, reject) => {
+        const chunks = [];
+        process.stdin.on("data", (chunk) => chunks.push(chunk));
+        process.stdin.on("end", () => resolve(Buffer.concat(chunks).toString("utf-8")));
+        process.stdin.on("error", reject);
+    });
+}
+//# sourceMappingURL=resolve.js.map

package/dist/commands/resolve.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"resolve.js","sourceRoot":"","sources":["../../src/commands/resolve.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAE/C;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc;IAClC,MAAM,KAAK,GAAG,MAAM,SAAS,EAAE,CAAC;IAEhC,IAAI,OAAqD,CAAC;IAC1D,IAAI,CAAC;QACH,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAC9B,CAAC;IAAC,MAAM,CAAC;QACP,aAAa,CAAC,EAAE,EAAE,EAAE,MAAM,EAAE,uBAAuB,EAAE,CAAC,CAAC;QACvD,OAAO;IACT,CAAC;IAED,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,IAAI,EAAE,CAAC;IAC9B,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5C,aAAa,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;QACtB,OAAO;IACT,CAAC;IAED,+CAA+C;IAC/C,MAAM,SAAS,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAClE,MAAM,OAAO,GAAG,IAAI,GAAG,EAAmC,CAAC;IAC3D,MAAM,WAAW,GAAG,IAAI,GAAG,EAAkB,CAAC;IAE9C,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,UAAU,CACtC,SAAS,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;QAC1B,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,GAAG,CAAC,CAAC;QACpC,OAAO,EAAE,GAAG,EAAE,MAAM,EAAE,CAAC;IACzB,CAAC,CAAC,CACH,CAAC;IAEF,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,IAAI,MAAM,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;YAClC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE,MAAM,CAAC,KAAK,CAAC,MAA4C,CAAC,CAAC;QAC3F,CAAC;aAAM,CAAC;YACN,MAAM,GAAG,GAAG,SAAS,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC;YAC/C,WAAW,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAED,MAAM,MAAM,GAA2B,EAAE,CAAC;IAC1C,MAAM,MAAM,GAA2B,EAAE,CAAC;IAE1C,KAAK,MAAM,EAAE,IAAI,GAAG,EAAE,CAAC;QACrB,MAAM,CAAC,QAAQ,EAAE,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACrD,MAAM,UAAU,GAAG,WAAW,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC7C,IAAI,UAAU,EAAE,CAAC;YACf,MAAM,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC;YACxB,SAAS;QACX,CAAC;QACD,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QACrC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,CAAC,EAAE,CAAC,GAAG,kBAAkB,CAAC;YAChC,SAAS;QACX,CAAC;QACD,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;QAC5B,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;YAC1C,MAAM,CAAC,EAAE,CAAC,GAAG,UAAU,KAAK,aAAa,CAAC;YAC1C,SAAS;QACX,CAAC;QACD,MAAM,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;IAC7B,CAAC;IAED,aAAa,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AAChC,CAAC;AAED,SAAS,aAAa,CAAC,MAA8B,EAAE,MAA8B;IACnF,MAAM,QAAQ,GAA4B,EAAE,eAAe,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC;IACzE,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACnC,QAAQ,CAAC,MAAM,GAAG,MAAM,CAAC;IAC3B,CAAC;IACD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,CAAC;AACxD,CAAC;AAED,SAAS,SAAS;IAChB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,MAAM,GAAa,EAAE,CAAC;QAC5B,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;QACxD,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;QAChF,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IACpC,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/commands/totp.d.ts

@@ -0,0 +1,3 @@
+export declare function totpCommand(id: string, opts: {
+    json?: boolean;
+}): Promise<void>;

package/dist/commands/totp.js

@@ -0,0 +1,26 @@
+import { getTotpCode } from "@passwd/passwd-lib";
+import { formatJson } from "../util/format.js";
+export async function totpCommand(id, opts) {
+    const codes = await getTotpCode(id);
+    if (opts.json) {
+        console.log(formatJson(codes));
+    }
+    else {
+        // Find the currently valid code
+        const now = Math.floor(Date.now() / 1000);
+        const current = codes.find((c) => now >= c.validityStart && now < c.validityEnd);
+        if (current) {
+            const remaining = current.validityEnd - now;
+            console.log(`${current.code} (${remaining}s remaining)`);
+        }
+        else if (codes.length > 0) {
+            // Fallback: show the first code
+            console.log(codes[0].code);
+        }
+        else {
+            console.error("No TOTP codes returned");
+            process.exitCode = 1;
+        }
+    }
+}
+//# sourceMappingURL=totp.js.map

package/dist/commands/totp.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"totp.js","sourceRoot":"","sources":["../../src/commands/totp.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAE/C,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,EAAU,EACV,IAAwB;IAExB,MAAM,KAAK,GAAG,MAAM,WAAW,CAAC,EAAE,CAAC,CAAC;IACpC,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QACd,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC;IACjC,CAAC;SAAM,CAAC;QACN,gCAAgC;QAChC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAC1C,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC,aAAa,IAAI,GAAG,GAAG,CAAC,CAAC,WAAW,CAAC,CAAC;QACjF,IAAI,OAAO,EAAE,CAAC;YACZ,MAAM,SAAS,GAAG,OAAO,CAAC,WAAW,GAAG,GAAG,CAAC;YAC5C,OAAO,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC,IAAI,KAAK,SAAS,cAAc,CAAC,CAAC;QAC3D,CAAC;aAAM,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC5B,gCAAgC;YAChC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QAC7B,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC;YACxC,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACvB,CAAC;IACH,CAAC;AACH,CAAC"}

package/dist/commands/whoami.d.ts

@@ -0,0 +1,3 @@
+export declare function whoamiCommand(opts: {
+    json?: boolean;
+}): Promise<void>;

package/dist/commands/whoami.js

@@ -0,0 +1,12 @@
+import { getCurrentUser } from "@passwd/passwd-lib";
+import { formatJson } from "../util/format.js";
+export async function whoamiCommand(opts) {
+    const user = await getCurrentUser();
+    if (opts.json) {
+        console.log(formatJson(user));
+    }
+    else {
+        console.log(`${user.name} <${user.email}>`);
+    }
+}
+//# sourceMappingURL=whoami.js.map

package/dist/commands/whoami.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"whoami.js","sourceRoot":"","sources":["../../src/commands/whoami.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACpD,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAE/C,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,IAAwB;IAC1D,MAAM,IAAI,GAAG,MAAM,cAAc,EAAE,CAAC;IACpC,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QACd,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC;IAChC,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,IAAI,KAAK,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC;IAC9C,CAAC;AACH,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};

package/dist/index.js

@@ -0,0 +1,80 @@
+#!/usr/bin/env node
+import { Command } from "commander";
+import { loginCommand } from "./commands/login.js";
+import { whoamiCommand } from "./commands/whoami.js";
+import { listCommand } from "./commands/list.js";
+import { getCommand } from "./commands/get.js";
+import { totpCommand } from "./commands/totp.js";
+import { execCommand } from "./commands/exec.js";
+import { envsCommand } from "./commands/envs.js";
+import { resolveCommand } from "./commands/resolve.js";
+import { formatError } from "./util/format.js";
+import { resolveEnv } from "./util/envs.js";
+import { resetDiscoveryCache, getTokenDir } from "@passwd/passwd-lib";
+const program = new Command();
+program
+    .name("passwd-agent")
+    .description("Agent-safe CLI for passwd.team — no command exposes raw credential values")
+    .version("1.3.0")
+    .enablePositionalOptions()
+    .option("--env <name>", "Target a specific environment (substring match against known origins)");
+program.hook("preAction", async (thisCommand) => {
+    const envName = thisCommand.opts().env;
+    if (envName) {
+        const origin = await resolveEnv(envName, getTokenDir());
+        process.env.PASSWD_ORIGIN = origin;
+        resetDiscoveryCache();
+    }
+});
+program
+    .command("login")
+    .description("Authenticate with Google OAuth")
+    .action(() => loginCommand().catch(die));
+program
+    .command("whoami")
+    .description("Show current user")
+    .option("--json", "Output as JSON")
+    .action((opts) => whoamiCommand(opts).catch(die));
+program
+    .command("list")
+    .description("List secrets")
+    .option("-q, --query <text>", "Search by name, username, or URL")
+    .option("-t, --type <type>", "Filter by secret type")
+    .option("-l, --limit <n>", "Maximum results")
+    .option("-o, --offset <n>", "Skip first N results")
+    .option("--json", "Output as JSON")
+    .action((opts) => listCommand(opts).catch(die));
+program
+    .command("get <id>")
+    .description("Get a secret (credentials always redacted)")
+    .option("--json", "Output as JSON")
+    .action((id, opts) => getCommand(id, opts).catch(die));
+program
+    .command("totp <id>")
+    .description("Get current TOTP code")
+    .option("--json", "Output as JSON (includes remaining seconds)")
+    .action((id, opts) => totpCommand(id, opts).catch(die));
+program
+    .command("exec")
+    .description("Run a command with secrets injected as environment variables")
+    .option("--inject <mapping...>", "VAR=SECRET_ID:FIELD (repeatable)")
+    .argument("[args...]", "Command to execute (after --)")
+    .passThroughOptions()
+    .action((args, opts) => {
+    execCommand(args, opts).catch(die);
+});
+program
+    .command("envs")
+    .description("List known environments")
+    .option("--json", "Output as JSON")
+    .action((opts) => envsCommand(opts).catch(die));
+program
+    .command("resolve", { hidden: true })
+    .description("Resolve secrets for exec secrets provider (reads JSON from stdin)")
+    .action(() => resolveCommand().catch(die));
+function die(err) {
+    console.error(`Error: ${formatError(err)}`);
+    process.exitCode = 1;
+}
+program.parse();
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACnD,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAC/C,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAC/C,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAC5C,OAAO,EAAE,mBAAmB,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAEtE,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,cAAc,CAAC;KACpB,WAAW,CAAC,2EAA2E,CAAC;KACxF,OAAO,CAAC,OAAO,CAAC;KAChB,uBAAuB,EAAE;KACzB,MAAM,CAAC,cAAc,EAAE,uEAAuE,CAAC,CAAC;AAEnG,OAAO,CAAC,IAAI,CAAC,WAAW,EAAE,KAAK,EAAE,WAAW,EAAE,EAAE;IAC9C,MAAM,OAAO,GAAG,WAAW,CAAC,IAAI,EAAE,CAAC,GAAyB,CAAC;IAC7D,IAAI,OAAO,EAAE,CAAC;QACZ,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,OAAO,EAAE,WAAW,EAAE,CAAC,CAAC;QACxD,OAAO,CAAC,GAAG,CAAC,aAAa,GAAG,MAAM,CAAC;QACnC,mBAAmB,EAAE,CAAC;IACxB,CAAC;AACH,CAAC,CAAC,CAAC;AAEH,OAAO;KACJ,OAAO,CAAC,OAAO,CAAC;KAChB,WAAW,CAAC,gCAAgC,CAAC;KAC7C,MAAM,CAAC,GAAG,EAAE,CAAC,YAAY,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC;AAE3C,OAAO;KACJ,OAAO,CAAC,QAAQ,CAAC;KACjB,WAAW,CAAC,mBAAmB,CAAC;KAChC,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;KAClC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC;AAEpD,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,cAAc,CAAC;KAC3B,MAAM,CAAC,oBAAoB,EAAE,kCAAkC,CAAC;KAChE,MAAM,CAAC,mBAAmB,EAAE,uBAAuB,CAAC;KACpD,MAAM,CAAC,iBAAiB,EAAE,iBAAiB,CAAC;KAC5C,MAAM,CAAC,kBAAkB,EAAE,sBAAsB,CAAC;KAClD,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;KAClC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC;AAElD,OAAO;KACJ,OAAO,CAAC,UAAU,CAAC;KACnB,WAAW,CAAC,4CAA4C,CAAC;KACzD,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;KAClC,MAAM,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,EAAE,CAAC,UAAU,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC;AAEzD,OAAO;KACJ,OAAO,CAAC,WAAW,CAAC;KACpB,WAAW,CAAC,uBAAuB,CAAC;KACpC,MAAM,CAAC,QAAQ,EAAE,6CAA6C,CAAC;KAC/D,MAAM,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,EAAE,CAAC,WAAW,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC;AAE1D,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,8DAA8D,CAAC;KAC3E,MAAM,CAAC,uBAAuB,EAAE,kCAAkC,CAAC;KACnE,QAAQ,CAAC,WAAW,EAAE,+BAA+B,CAAC;KACtD,kBAAkB,EAAE;KACpB,MAAM,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,EAAE;IACrB,WAAW,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;AACrC,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,yBAAyB,CAAC;KACtC,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;KAClC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC;AAElD,OAAO;KACJ,OAAO,CAAC,SAAS,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;KACpC,WAAW,CAAC,mEAAmE,CAAC;KAChF,MAAM,CAAC,GAAG,EAAE,CAAC,cAAc,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC;AAE7C,SAAS,GAAG,CAAC,GAAY;IACvB,OAAO,CAAC,KAAK,CAAC,UAAU,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAC5C,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;AACvB,CAAC;AAED,OAAO,CAAC,KAAK,EAAE,CAAC"}

package/dist/util/envs.d.ts

@@ -0,0 +1,7 @@
+export interface EnvInfo {
+    origin: string;
+    file: string;
+    savedAt?: number;
+}
+export declare function scanTokenFiles(tokenDir: string): Promise<EnvInfo[]>;
+export declare function resolveEnv(name: string, tokenDir: string): Promise<string>;

package/dist/util/envs.js

@@ -0,0 +1,49 @@
+import { readdir, readFile } from "node:fs/promises";
+import { join } from "node:path";
+export async function scanTokenFiles(tokenDir) {
+    let files;
+    try {
+        files = await readdir(tokenDir);
+    }
+    catch {
+        return [];
+    }
+    const results = [];
+    for (const file of files) {
+        if (!file.startsWith("tokens-") || !file.endsWith(".json"))
+            continue;
+        try {
+            const content = await readFile(join(tokenDir, file), "utf-8");
+            const tokens = JSON.parse(content);
+            if (tokens.origin) {
+                results.push({
+                    origin: tokens.origin,
+                    file,
+                    savedAt: tokens.saved_at,
+                });
+            }
+        }
+        catch {
+            // skip unreadable/corrupt files
+        }
+    }
+    return results;
+}
+export async function resolveEnv(name, tokenDir) {
+    const envs = await scanTokenFiles(tokenDir);
+    if (envs.length === 0) {
+        throw new Error("No known environments. Log in with PASSWD_ORIGIN set first.");
+    }
+    const lower = name.toLowerCase();
+    const matches = envs.filter((e) => e.origin.toLowerCase().includes(lower));
+    if (matches.length === 0) {
+        const known = envs.map((e) => `  ${e.origin}`).join("\n");
+        throw new Error(`No environment matching "${name}". Known environments:\n${known}`);
+    }
+    if (matches.length > 1) {
+        const list = matches.map((e) => `  ${e.origin}`).join("\n");
+        throw new Error(`Ambiguous match for "${name}". Matching environments:\n${list}\nBe more specific.`);
+    }
+    return matches[0].origin;
+}
+//# sourceMappingURL=envs.js.map

package/dist/util/envs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"envs.js","sourceRoot":"","sources":["../../src/util/envs.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AACrD,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AASjC,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,QAAgB;IACnD,IAAI,KAAe,CAAC;IACpB,IAAI,CAAC;QACH,KAAK,GAAG,MAAM,OAAO,CAAC,QAAQ,CAAC,CAAC;IAClC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,MAAM,OAAO,GAAc,EAAE,CAAC;IAC9B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC;YAAE,SAAS;QACrE,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,EAAE,OAAO,CAAC,CAAC;YAC9D,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAe,CAAC;YACjD,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;gBAClB,OAAO,CAAC,IAAI,CAAC;oBACX,MAAM,EAAE,MAAM,CAAC,MAAM;oBACrB,IAAI;oBACJ,OAAO,EAAE,MAAM,CAAC,QAAQ;iBACzB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,gCAAgC;QAClC,CAAC;IACH,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,IAAY,EACZ,QAAgB;IAEhB,MAAM,IAAI,GAAG,MAAM,cAAc,CAAC,QAAQ,CAAC,CAAC;IAC5C,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CACb,6DAA6D,CAC9D,CAAC;IACJ,CAAC;IAED,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;IACjC,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC;IAE3E,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1D,MAAM,IAAI,KAAK,CACb,4BAA4B,IAAI,2BAA2B,KAAK,EAAE,CACnE,CAAC;IACJ,CAAC;IACD,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvB,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC5D,MAAM,IAAI,KAAK,CACb,wBAAwB,IAAI,8BAA8B,IAAI,qBAAqB,CACpF,CAAC;IACJ,CAAC;IACD,OAAO,OAAO,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;AAC3B,CAAC"}

package/dist/util/format.d.ts

@@ -0,0 +1,4 @@
+import type { SecretListItem } from "@passwd/passwd-lib";
+export declare function formatError(error: unknown): string;
+export declare function formatJson(data: unknown): string;
+export declare function formatSecretRow(s: SecretListItem): string;

package/dist/util/format.js

@@ -0,0 +1,15 @@
+export function formatError(error) {
+    return error instanceof Error ? error.message : String(error);
+}
+export function formatJson(data) {
+    return JSON.stringify(data, null, 2);
+}
+export function formatSecretRow(s) {
+    const parts = [s.id, s.type, s.name];
+    if (s.username)
+        parts.push(s.username);
+    if (s.web)
+        parts.push(s.web);
+    return parts.join("\t");
+}
+//# sourceMappingURL=format.js.map

package/dist/util/format.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"format.js","sourceRoot":"","sources":["../../src/util/format.ts"],"names":[],"mappings":"AAEA,MAAM,UAAU,WAAW,CAAC,KAAc;IACxC,OAAO,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAChE,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,IAAa;IACtC,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;AACvC,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,CAAiB;IAC/C,MAAM,KAAK,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC;IACrC,IAAI,CAAC,CAAC,QAAQ;QAAE,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;IACvC,IAAI,CAAC,CAAC,GAAG;QAAE,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IAC7B,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}

package/package.json

@@ -0,0 +1,36 @@
+{
+  "name": "@passwd/passwd-agent-cli",
+  "version": "1.3.0",
+  "description": "Agent-safe CLI for passwd.team — no command exposes raw credential values",
+  "type": "module",
+  "main": "dist/index.js",
+  "bin": {
+    "passwd-agent": "dist/index.js"
+  },
+  "files": [
+    "dist"
+  ],
+  "scripts": {
+    "build": "tsc -b"
+  },
+  "keywords": [
+    "passwd",
+    "password-manager",
+    "cli",
+    "agent",
+    "passwd-team"
+  ],
+  "license": "MIT",
+  "dependencies": {
+    "@passwd/passwd-lib": "1.3.0",
+    "commander": "^13.1.0"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/pepuscz/passwd.git",
+    "directory": "packages/passwd-agent-cli"
+  },
+  "publishConfig": {
+    "access": "public"
+  }
+}