@passwd/passwd-cli 1.1.0

package/dist/commands/contacts.d.ts

@@ -0,0 +1,3 @@
+export declare function contactsCommand(opts: {
+    json?: boolean;
+}): Promise<void>;

package/dist/commands/contacts.js

@@ -0,0 +1,14 @@
+import { listContacts } from "@passwd/passwd-lib";
+import { formatJson } from "../util/format.js";
+export async function contactsCommand(opts) {
+    const contacts = await listContacts();
+    if (opts.json) {
+        console.log(formatJson(contacts));
+    }
+    else {
+        for (const c of contacts) {
+            console.log(`${c.id}\t${c.name}\t${c.email}`);
+        }
+    }
+}
+//# sourceMappingURL=contacts.js.map

package/dist/commands/contacts.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"contacts.js","sourceRoot":"","sources":["../../src/commands/contacts.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAE/C,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,IAAwB;IAC5D,MAAM,QAAQ,GAAG,MAAM,YAAY,EAAE,CAAC;IACtC,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QACd,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC;IACpC,CAAC;SAAM,CAAC;QACN,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;YACzB,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;QAChD,CAAC;IACH,CAAC;AACH,CAAC"}

package/dist/commands/create.d.ts

@@ -0,0 +1,19 @@
+export declare function createCommand(opts: {
+    type: string;
+    name: string;
+    username?: string;
+    password?: string;
+    web?: string;
+    note?: string;
+    tags?: string[];
+    group?: string[];
+    user?: string[];
+    file?: string;
+    visibleToAll?: boolean;
+    totp?: string;
+    cardNumber?: string;
+    cvvCode?: string;
+    credentials?: string;
+    privateKey?: string;
+    secureNote?: string;
+}): Promise<void>;

package/dist/commands/create.js

@@ -0,0 +1,66 @@
+import { readFileSync } from "node:fs";
+import { basename } from "node:path";
+import { createSecret } from "@passwd/passwd-lib";
+import { formatJson } from "../util/format.js";
+import { parseRefFlag } from "../util/parse-ref.js";
+export async function createCommand(opts) {
+    const payload = {
+        type: opts.type,
+        name: opts.name,
+    };
+    if (opts.username !== undefined)
+        payload.username = opts.username;
+    if (opts.password !== undefined)
+        payload.password = opts.password;
+    if (opts.web !== undefined)
+        payload.web = opts.web;
+    if (opts.note !== undefined)
+        payload.note = opts.note;
+    if (opts.tags !== undefined)
+        payload.tags = opts.tags;
+    if (opts.group !== undefined) {
+        payload.groups = opts.group.map(parseRefFlag);
+    }
+    if (opts.user !== undefined) {
+        payload.whitelistUsers = opts.user.map(parseRefFlag);
+    }
+    if (opts.file !== undefined) {
+        const buf = readFileSync(opts.file);
+        const name = basename(opts.file);
+        const ext = name.split(".").pop() ?? "";
+        const mime = guessMime(ext);
+        payload.file = { name, data: `data:${mime};base64,${buf.toString("base64")}` };
+    }
+    if (opts.visibleToAll !== undefined)
+        payload.visibleToAll = opts.visibleToAll;
+    if (opts.totp !== undefined)
+        payload.TOTP = opts.totp;
+    if (opts.cardNumber !== undefined)
+        payload.cardNumber = opts.cardNumber;
+    if (opts.cvvCode !== undefined)
+        payload.cvvCode = opts.cvvCode;
+    if (opts.credentials !== undefined)
+        payload.credentials = opts.credentials;
+    if (opts.privateKey !== undefined)
+        payload.privateKey = opts.privateKey;
+    if (opts.secureNote !== undefined)
+        payload.secureNote = opts.secureNote;
+    const secret = await createSecret(payload);
+    console.log(formatJson(secret));
+}
+function guessMime(ext) {
+    const map = {
+        txt: "text/plain",
+        pdf: "application/pdf",
+        png: "image/png",
+        jpg: "image/jpeg",
+        jpeg: "image/jpeg",
+        gif: "image/gif",
+        json: "application/json",
+        xml: "application/xml",
+        csv: "text/csv",
+        zip: "application/zip",
+    };
+    return map[ext.toLowerCase()] ?? "application/octet-stream";
+}
+//# sourceMappingURL=create.js.map

package/dist/commands/create.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"create.js","sourceRoot":"","sources":["../../src/commands/create.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AACrC,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAElD,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAC/C,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AAEpD,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,IAkBnC;IACC,MAAM,OAAO,GAA4B;QACvC,IAAI,EAAE,IAAI,CAAC,IAAkB;QAC7B,IAAI,EAAE,IAAI,CAAC,IAAI;KAChB,CAAC;IAEF,IAAI,IAAI,CAAC,QAAQ,KAAK,SAAS;QAAE,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;IAClE,IAAI,IAAI,CAAC,QAAQ,KAAK,SAAS;QAAE,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;IAClE,IAAI,IAAI,CAAC,GAAG,KAAK,SAAS;QAAE,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC;IACnD,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS;QAAE,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;IACtD,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS;QAAE,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;IACtD,IAAI,IAAI,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;QAC7B,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IAChD,CAAC;IACD,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;QAC5B,OAAO,CAAC,cAAc,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IACvD,CAAC;IACD,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;QAC5B,MAAM,GAAG,GAAG,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpC,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACjC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC;QACxC,MAAM,IAAI,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC;QAC5B,OAAO,CAAC,IAAI,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,IAAI,WAAW,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;IACjF,CAAC;IACD,IAAI,IAAI,CAAC,YAAY,KAAK,SAAS;QAAE,OAAO,CAAC,YAAY,GAAG,IAAI,CAAC,YAAY,CAAC;IAC9E,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS;QAAE,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;IACtD,IAAI,IAAI,CAAC,UAAU,KAAK,SAAS;QAAE,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC;IACxE,IAAI,IAAI,CAAC,OAAO,KAAK,SAAS;QAAE,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC;IAC/D,IAAI,IAAI,CAAC,WAAW,KAAK,SAAS;QAAE,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,WAAW,CAAC;IAC3E,IAAI,IAAI,CAAC,UAAU,KAAK,SAAS;QAAE,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC;IACxE,IAAI,IAAI,CAAC,UAAU,KAAK,SAAS;QAAE,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC;IAExE,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,CAAC;IAC3C,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;AAClC,CAAC;AAED,SAAS,SAAS,CAAC,GAAW;IAC5B,MAAM,GAAG,GAA2B;QAClC,GAAG,EAAE,YAAY;QACjB,GAAG,EAAE,iBAAiB;QACtB,GAAG,EAAE,WAAW;QAChB,GAAG,EAAE,YAAY;QACjB,IAAI,EAAE,YAAY;QAClB,GAAG,EAAE,WAAW;QAChB,IAAI,EAAE,kBAAkB;QACxB,GAAG,EAAE,iBAAiB;QACtB,GAAG,EAAE,UAAU;QACf,GAAG,EAAE,iBAAiB;KACvB,CAAC;IACF,OAAO,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,IAAI,0BAA0B,CAAC;AAC9D,CAAC"}

package/dist/commands/delete.d.ts

@@ -0,0 +1,3 @@
+export declare function deleteCommand(id: string, opts: {
+    yes?: boolean;
+}): Promise<void>;

package/dist/commands/delete.js

@@ -0,0 +1,21 @@
+import { createInterface } from "node:readline/promises";
+import { stdin, stdout } from "node:process";
+import { deleteSecret } from "@passwd/passwd-lib";
+export async function deleteCommand(id, opts) {
+    if (!opts.yes) {
+        const rl = createInterface({ input: stdin, output: stdout });
+        try {
+            const answer = await rl.question(`Delete secret ${id}? This is irreversible. [y/N] `);
+            if (answer.trim().toLowerCase() !== "y") {
+                console.log("Aborted.");
+                return;
+            }
+        }
+        finally {
+            rl.close();
+        }
+    }
+    await deleteSecret(id);
+    console.log(`Deleted secret ${id}.`);
+}
+//# sourceMappingURL=delete.js.map

package/dist/commands/delete.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"delete.js","sourceRoot":"","sources":["../../src/commands/delete.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AACzD,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AAC7C,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAElD,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,EAAU,EACV,IAAuB;IAEvB,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;QACd,MAAM,EAAE,GAAG,eAAe,CAAC,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;QAC7D,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,iBAAiB,EAAE,gCAAgC,CAAC,CAAC;YACtF,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,KAAK,GAAG,EAAE,CAAC;gBACxC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;gBACxB,OAAO;YACT,CAAC;QACH,CAAC;gBAAS,CAAC;YACT,EAAE,CAAC,KAAK,EAAE,CAAC;QACb,CAAC;IACH,CAAC;IAED,MAAM,YAAY,CAAC,EAAE,CAAC,CAAC;IACvB,OAAO,CAAC,GAAG,CAAC,kBAAkB,EAAE,GAAG,CAAC,CAAC;AACvC,CAAC"}

package/dist/commands/envs.d.ts

@@ -0,0 +1,3 @@
+export declare function envsCommand(opts: {
+    json?: boolean;
+}): Promise<void>;

package/dist/commands/envs.js

@@ -0,0 +1,24 @@
+import { getTokenDir } from "@passwd/passwd-lib";
+import { scanTokenFiles } from "../util/envs.js";
+export async function envsCommand(opts) {
+    const envs = await scanTokenFiles(getTokenDir());
+    if (envs.length === 0) {
+        console.log("No known environments. Log in with PASSWD_ORIGIN set first.");
+        return;
+    }
+    const currentOrigin = process.env.PASSWD_ORIGIN?.replace(/\/+$/, "");
+    if (opts.json) {
+        const out = envs.map((e) => ({
+            origin: e.origin,
+            current: e.origin === currentOrigin,
+            savedAt: e.savedAt,
+        }));
+        console.log(JSON.stringify(out, null, 2));
+        return;
+    }
+    for (const env of envs) {
+        const marker = env.origin === currentOrigin ? " *" : "";
+        console.log(`${env.origin}${marker}`);
+    }
+}
+//# sourceMappingURL=envs.js.map

package/dist/commands/envs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"envs.js","sourceRoot":"","sources":["../../src/commands/envs.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AAEjD,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,IAAwB;IACxD,MAAM,IAAI,GAAG,MAAM,cAAc,CAAC,WAAW,EAAE,CAAC,CAAC;IAEjD,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtB,OAAO,CAAC,GAAG,CAAC,6DAA6D,CAAC,CAAC;QAC3E,OAAO;IACT,CAAC;IAED,MAAM,aAAa,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,EAAE,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IAErE,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QACd,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAC3B,MAAM,EAAE,CAAC,CAAC,MAAM;YAChB,OAAO,EAAE,CAAC,CAAC,MAAM,KAAK,aAAa;YACnC,OAAO,EAAE,CAAC,CAAC,OAAO;SACnB,CAAC,CAAC,CAAC;QACJ,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QAC1C,OAAO;IACT,CAAC;IAED,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,KAAK,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;QACxD,OAAO,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,MAAM,GAAG,MAAM,EAAE,CAAC,CAAC;IACxC,CAAC;AACH,CAAC"}

package/dist/commands/exec.d.ts

@@ -0,0 +1,3 @@
+export declare function execCommand(args: string[], opts: {
+    inject?: string[];
+}): Promise<void>;

package/dist/commands/exec.js

@@ -0,0 +1,49 @@
+import { spawn } from "node:child_process";
+import { getSecret } from "@passwd/passwd-lib";
+export async function execCommand(args, opts) {
+    if (!args.length) {
+        console.error("Usage: passwd exec --inject VAR=SECRET_ID:FIELD -- command [args...]");
+        process.exitCode = 1;
+        return;
+    }
+    const injections = opts.inject ?? [];
+    const env = { ...process.env };
+    // Scrub passwd credentials so the child only gets the specific fields requested
+    delete env.PASSWD_ACCESS_TOKEN;
+    delete env.PASSWD_API_URL;
+    delete env.PASSWD_CLIENT_ID;
+    // Parse and fetch all injections in parallel
+    const tasks = injections.map(async (spec) => {
+        const eqIdx = spec.indexOf("=");
+        if (eqIdx === -1) {
+            throw new Error(`Invalid --inject format: '${spec}'. Expected VAR=SECRET_ID:FIELD`);
+        }
+        const varName = spec.slice(0, eqIdx);
+        const rest = spec.slice(eqIdx + 1);
+        const colonIdx = rest.indexOf(":");
+        if (colonIdx === -1) {
+            throw new Error(`Invalid --inject format: '${spec}'. Expected VAR=SECRET_ID:FIELD`);
+        }
+        const secretId = rest.slice(0, colonIdx);
+        const field = rest.slice(colonIdx + 1);
+        const secret = await getSecret(secretId);
+        const value = secret[field];
+        if (value === undefined) {
+            throw new Error(`Field '${field}' not found in secret '${secretId}'`);
+        }
+        return { varName, value: String(value) };
+    });
+    const resolved = await Promise.all(tasks);
+    for (const { varName, value } of resolved) {
+        env[varName] = value;
+    }
+    const [cmd, ...cmdArgs] = args;
+    const child = spawn(cmd, cmdArgs, {
+        env,
+        stdio: "inherit",
+    });
+    child.on("close", (code) => {
+        process.exitCode = code ?? 1;
+    });
+}
+//# sourceMappingURL=exec.js.map

package/dist/commands/exec.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"exec.js","sourceRoot":"","sources":["../../src/commands/exec.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAC3C,OAAO,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAE/C,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,IAAc,EACd,IAA2B;IAE3B,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;QACjB,OAAO,CAAC,KAAK,CAAC,sEAAsE,CAAC,CAAC;QACtF,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,IAAI,EAAE,CAAC;IACrC,MAAM,GAAG,GAA2B,EAAE,GAAG,OAAO,CAAC,GAAG,EAA4B,CAAC;IAEjF,gFAAgF;IAChF,OAAO,GAAG,CAAC,mBAAmB,CAAC;IAC/B,OAAO,GAAG,CAAC,cAAc,CAAC;IAC1B,OAAO,GAAG,CAAC,gBAAgB,CAAC;IAE5B,6CAA6C;IAC7C,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;QAC1C,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAChC,IAAI,KAAK,KAAK,CAAC,CAAC,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,6BAA6B,IAAI,iCAAiC,CAAC,CAAC;QACtF,CAAC;QACD,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;QACrC,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;QACnC,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACnC,IAAI,QAAQ,KAAK,CAAC,CAAC,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CAAC,6BAA6B,IAAI,iCAAiC,CAAC,CAAC;QACtF,CAAC;QACD,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;QACzC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC;QAEvC,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,QAAQ,CAAC,CAAC;QACzC,MAAM,KAAK,GAAI,MAA6C,CAAC,KAAK,CAAC,CAAC;QACpE,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CAAC,UAAU,KAAK,0BAA0B,QAAQ,GAAG,CAAC,CAAC;QACxE,CAAC;QACD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;IAC3C,CAAC,CAAC,CAAC;IAEH,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IAC1C,KAAK,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,QAAQ,EAAE,CAAC;QAC1C,GAAG,CAAC,OAAO,CAAC,GAAG,KAAK,CAAC;IACvB,CAAC;IAED,MAAM,CAAC,GAAG,EAAE,GAAG,OAAO,CAAC,GAAG,IAAI,CAAC;IAC/B,MAAM,KAAK,GAAG,KAAK,CAAC,GAAG,EAAE,OAAO,EAAE;QAChC,GAAG;QACH,KAAK,EAAE,SAAS;KACjB,CAAC,CAAC;IAEH,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE;QACzB,OAAO,CAAC,QAAQ,GAAG,IAAI,IAAI,CAAC,CAAC;IAC/B,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/commands/get.d.ts

@@ -0,0 +1,4 @@
+export declare function getCommand(id: string, opts: {
+    field?: string;
+    json?: boolean;
+}): Promise<void>;

package/dist/commands/get.js

@@ -0,0 +1,23 @@
+import { getSecret } from "@passwd/passwd-lib";
+import { formatJson } from "../util/format.js";
+export async function getCommand(id, opts) {
+    const secret = await getSecret(id);
+    if (opts.field) {
+        const value = secret[opts.field];
+        if (value === undefined) {
+            process.stderr.write(`Field '${opts.field}' not found\n`);
+            process.exitCode = 1;
+            return;
+        }
+        // Raw value, no trailing newline — designed for $() and piping
+        process.stdout.write(String(value));
+        return;
+    }
+    if (opts.json) {
+        console.log(formatJson(secret));
+    }
+    else {
+        console.log(formatJson(secret));
+    }
+}
+//# sourceMappingURL=get.js.map

package/dist/commands/get.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"get.js","sourceRoot":"","sources":["../../src/commands/get.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAC/C,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAE/C,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,EAAU,EACV,IAAwC;IAExC,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,EAAE,CAAC,CAAC;IAEnC,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;QACf,MAAM,KAAK,GAAI,MAA6C,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACzE,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;YACxB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,UAAU,IAAI,CAAC,KAAK,eAAe,CAAC,CAAC;YAC1D,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;YACrB,OAAO;QACT,CAAC;QACD,+DAA+D;QAC/D,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;QACpC,OAAO;IACT,CAAC;IAED,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QACd,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;IAClC,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;IAClC,CAAC;AACH,CAAC"}

package/dist/commands/groups.d.ts

@@ -0,0 +1,3 @@
+export declare function groupsCommand(opts: {
+    json?: boolean;
+}): Promise<void>;

package/dist/commands/groups.js

@@ -0,0 +1,14 @@
+import { listGroups } from "@passwd/passwd-lib";
+import { formatJson } from "../util/format.js";
+export async function groupsCommand(opts) {
+    const groups = await listGroups();
+    if (opts.json) {
+        console.log(formatJson(groups));
+    }
+    else {
+        for (const g of groups) {
+            console.log(`${g.id}\t${g.name}\t${g.email}`);
+        }
+    }
+}
+//# sourceMappingURL=groups.js.map

package/dist/commands/groups.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"groups.js","sourceRoot":"","sources":["../../src/commands/groups.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAChD,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAE/C,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,IAAwB;IAC1D,MAAM,MAAM,GAAG,MAAM,UAAU,EAAE,CAAC;IAClC,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QACd,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;IAClC,CAAC;SAAM,CAAC;QACN,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;YACvB,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;QAChD,CAAC;IACH,CAAC;AACH,CAAC"}

package/dist/commands/list.d.ts

@@ -0,0 +1,7 @@
+export declare function listCommand(opts: {
+    query?: string;
+    type?: string;
+    limit?: string;
+    offset?: string;
+    json?: boolean;
+}): Promise<void>;

package/dist/commands/list.js

@@ -0,0 +1,20 @@
+import { listSecrets } from "@passwd/passwd-lib";
+import { formatJson, formatSecretRow } from "../util/format.js";
+export async function listCommand(opts) {
+    const result = await listSecrets({
+        query: opts.query,
+        secretType: opts.type,
+        limit: opts.limit !== undefined ? Number(opts.limit) : undefined,
+        offset: opts.offset !== undefined ? Number(opts.offset) : undefined,
+    });
+    if (opts.json) {
+        console.log(formatJson(result));
+    }
+    else {
+        console.log(`Total: ${result.totalCount}`);
+        for (const s of result.secrets) {
+            console.log(formatSecretRow(s));
+        }
+    }
+}
+//# sourceMappingURL=list.js.map

package/dist/commands/list.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"list.js","sourceRoot":"","sources":["../../src/commands/list.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAEhE,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,IAMjC;IACC,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC;QAC/B,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,UAAU,EAAE,IAAI,CAAC,IAAI;QACrB,KAAK,EAAE,IAAI,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS;QAChE,MAAM,EAAE,IAAI,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,SAAS;KACpE,CAAC,CAAC;IAEH,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QACd,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;IAClC,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,UAAU,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC;QAC3C,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YAC/B,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,CAAC;QAClC,CAAC;IACH,CAAC;AACH,CAAC"}

package/dist/commands/login.d.ts

@@ -0,0 +1 @@
+export declare function loginCommand(): Promise<void>;

package/dist/commands/login.js

@@ -0,0 +1,20 @@
+import { createInterface } from "node:readline/promises";
+import { stdin, stdout } from "node:process";
+import { buildOAuthUrl, extractCodeFromRedirectUrl, exchangeCode } from "@passwd/passwd-lib";
+export async function loginCommand() {
+    const oauthUrl = await buildOAuthUrl();
+    console.log("Open this URL in your browser to authenticate:\n");
+    console.log(oauthUrl);
+    console.log();
+    const rl = createInterface({ input: stdin, output: stdout });
+    try {
+        const redirectUrl = await rl.question("Paste the redirect URL here: ");
+        const code = extractCodeFromRedirectUrl(redirectUrl.trim());
+        await exchangeCode(code);
+        console.log("Authenticated successfully. Token saved to ~/.passwd/");
+    }
+    finally {
+        rl.close();
+    }
+}
+//# sourceMappingURL=login.js.map

package/dist/commands/login.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"login.js","sourceRoot":"","sources":["../../src/commands/login.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AACzD,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AAC7C,OAAO,EAAE,aAAa,EAAE,0BAA0B,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAE7F,MAAM,CAAC,KAAK,UAAU,YAAY;IAChC,MAAM,QAAQ,GAAG,MAAM,aAAa,EAAE,CAAC;IAEvC,OAAO,CAAC,GAAG,CAAC,kDAAkD,CAAC,CAAC;IAChE,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACtB,OAAO,CAAC,GAAG,EAAE,CAAC;IAEd,MAAM,EAAE,GAAG,eAAe,CAAC,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;IAC7D,IAAI,CAAC;QACH,MAAM,WAAW,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,+BAA+B,CAAC,CAAC;QACvE,MAAM,IAAI,GAAG,0BAA0B,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC,CAAC;QAC5D,MAAM,YAAY,CAAC,IAAI,CAAC,CAAC;QACzB,OAAO,CAAC,GAAG,CAAC,uDAAuD,CAAC,CAAC;IACvE,CAAC;YAAS,CAAC;QACT,EAAE,CAAC,KAAK,EAAE,CAAC;IACb,CAAC;AACH,CAAC"}

package/dist/commands/resolve.d.ts

@@ -0,0 +1,10 @@
+/**
+ * OpenClaw exec secrets provider protocol.
+ *
+ * Reads a JSON request from stdin:
+ *   { "protocolVersion": 1, "provider": "passwd", "ids": ["secretId:field", ...] }
+ *
+ * Writes a JSON response to stdout:
+ *   { "protocolVersion": 1, "values": { "secretId:field": "value", ... }, "errors": { "id": "msg", ... } }
+ */
+export declare function resolveCommand(): Promise<void>;

package/dist/commands/resolve.js

@@ -0,0 +1,81 @@
+import { getSecret } from "@passwd/passwd-lib";
+/**
+ * OpenClaw exec secrets provider protocol.
+ *
+ * Reads a JSON request from stdin:
+ *   { "protocolVersion": 1, "provider": "passwd", "ids": ["secretId:field", ...] }
+ *
+ * Writes a JSON response to stdout:
+ *   { "protocolVersion": 1, "values": { "secretId:field": "value", ... }, "errors": { "id": "msg", ... } }
+ */
+export async function resolveCommand() {
+    const input = await readStdin();
+    let request;
+    try {
+        request = JSON.parse(input);
+    }
+    catch {
+        writeResponse({}, { _parse: "Invalid JSON on stdin" });
+        return;
+    }
+    const ids = request.ids ?? [];
+    if (!Array.isArray(ids) || ids.length === 0) {
+        writeResponse({}, {});
+        return;
+    }
+    // Deduplicate secret IDs to minimize API calls
+    const secretIds = [...new Set(ids.map((id) => id.split(":")[0]))];
+    const secrets = new Map();
+    const fetchErrors = new Map();
+    const results = await Promise.allSettled(secretIds.map(async (sid) => {
+        const secret = await getSecret(sid);
+        return { sid, secret };
+    }));
+    for (const result of results) {
+        if (result.status === "fulfilled") {
+            secrets.set(result.value.sid, result.value.secret);
+        }
+        else {
+            const sid = secretIds[results.indexOf(result)];
+            fetchErrors.set(sid, String(result.reason));
+        }
+    }
+    const values = {};
+    const errors = {};
+    for (const id of ids) {
+        const [secretId, field = "password"] = id.split(":");
+        const fetchError = fetchErrors.get(secretId);
+        if (fetchError) {
+            errors[id] = fetchError;
+            continue;
+        }
+        const secret = secrets.get(secretId);
+        if (!secret) {
+            errors[id] = "Secret not found";
+            continue;
+        }
+        const value = secret[field];
+        if (value === undefined || value === null) {
+            errors[id] = `Field '${field}' not found`;
+            continue;
+        }
+        values[id] = String(value);
+    }
+    writeResponse(values, errors);
+}
+function writeResponse(values, errors) {
+    const response = { protocolVersion: 1, values };
+    if (Object.keys(errors).length > 0) {
+        response.errors = errors;
+    }
+    process.stdout.write(JSON.stringify(response) + "\n");
+}
+function readStdin() {
+    return new Promise((resolve, reject) => {
+        const chunks = [];
+        process.stdin.on("data", (chunk) => chunks.push(chunk));
+        process.stdin.on("end", () => resolve(Buffer.concat(chunks).toString("utf-8")));
+        process.stdin.on("error", reject);
+    });
+}
+//# sourceMappingURL=resolve.js.map

package/dist/commands/resolve.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"resolve.js","sourceRoot":"","sources":["../../src/commands/resolve.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAE/C;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc;IAClC,MAAM,KAAK,GAAG,MAAM,SAAS,EAAE,CAAC;IAEhC,IAAI,OAAqD,CAAC;IAC1D,IAAI,CAAC;QACH,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAC9B,CAAC;IAAC,MAAM,CAAC;QACP,aAAa,CAAC,EAAE,EAAE,EAAE,MAAM,EAAE,uBAAuB,EAAE,CAAC,CAAC;QACvD,OAAO;IACT,CAAC;IAED,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,IAAI,EAAE,CAAC;IAC9B,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5C,aAAa,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;QACtB,OAAO;IACT,CAAC;IAED,+CAA+C;IAC/C,MAAM,SAAS,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAClE,MAAM,OAAO,GAAG,IAAI,GAAG,EAAmC,CAAC;IAC3D,MAAM,WAAW,GAAG,IAAI,GAAG,EAAkB,CAAC;IAE9C,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,UAAU,CACtC,SAAS,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;QAC1B,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,GAAG,CAAC,CAAC;QACpC,OAAO,EAAE,GAAG,EAAE,MAAM,EAAE,CAAC;IACzB,CAAC,CAAC,CACH,CAAC;IAEF,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,IAAI,MAAM,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;YAClC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE,MAAM,CAAC,KAAK,CAAC,MAA4C,CAAC,CAAC;QAC3F,CAAC;aAAM,CAAC;YACN,MAAM,GAAG,GAAG,SAAS,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC;YAC/C,WAAW,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAED,MAAM,MAAM,GAA2B,EAAE,CAAC;IAC1C,MAAM,MAAM,GAA2B,EAAE,CAAC;IAE1C,KAAK,MAAM,EAAE,IAAI,GAAG,EAAE,CAAC;QACrB,MAAM,CAAC,QAAQ,EAAE,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACrD,MAAM,UAAU,GAAG,WAAW,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC7C,IAAI,UAAU,EAAE,CAAC;YACf,MAAM,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC;YACxB,SAAS;QACX,CAAC;QACD,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QACrC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,CAAC,EAAE,CAAC,GAAG,kBAAkB,CAAC;YAChC,SAAS;QACX,CAAC;QACD,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;QAC5B,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;YAC1C,MAAM,CAAC,EAAE,CAAC,GAAG,UAAU,KAAK,aAAa,CAAC;YAC1C,SAAS;QACX,CAAC;QACD,MAAM,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;IAC7B,CAAC;IAED,aAAa,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AAChC,CAAC;AAED,SAAS,aAAa,CAAC,MAA8B,EAAE,MAA8B;IACnF,MAAM,QAAQ,GAA4B,EAAE,eAAe,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC;IACzE,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACnC,QAAQ,CAAC,MAAM,GAAG,MAAM,CAAC;IAC3B,CAAC;IACD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,CAAC;AACxD,CAAC;AAED,SAAS,SAAS;IAChB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,MAAM,GAAa,EAAE,CAAC;QAC5B,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;QACxD,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;QAChF,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IACpC,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/commands/share.d.ts

@@ -0,0 +1,4 @@
+export declare function shareCommand(id: string, opts: {
+    revoke?: boolean;
+    json?: boolean;
+}): Promise<void>;

package/dist/commands/share.js

@@ -0,0 +1,21 @@
+import { enableSharing, revokeSharing } from "@passwd/passwd-lib";
+import { formatJson } from "../util/format.js";
+export async function shareCommand(id, opts) {
+    if (opts.revoke) {
+        await revokeSharing(id);
+        console.log(`Sharing revoked for secret ${id}.`);
+    }
+    else {
+        const result = await enableSharing(id);
+        if (opts.json) {
+            console.log(formatJson(result));
+        }
+        else {
+            console.log(`Sharing enabled for secret ${id}.`);
+            if (result.shareId) {
+                console.log(`Share ID: ${result.shareId}`);
+            }
+        }
+    }
+}
+//# sourceMappingURL=share.js.map

package/dist/commands/share.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"share.js","sourceRoot":"","sources":["../../src/commands/share.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAClE,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAE/C,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,EAAU,EACV,IAA0C;IAE1C,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;QAChB,MAAM,aAAa,CAAC,EAAE,CAAC,CAAC;QACxB,OAAO,CAAC,GAAG,CAAC,8BAA8B,EAAE,GAAG,CAAC,CAAC;IACnD,CAAC;SAAM,CAAC;QACN,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,EAAE,CAAC,CAAC;QACvC,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;YACd,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;QAClC,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,8BAA8B,EAAE,GAAG,CAAC,CAAC;YACjD,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;gBACnB,OAAO,CAAC,GAAG,CAAC,aAAa,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC;YAC7C,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC"}

package/dist/commands/totp.d.ts

@@ -0,0 +1,3 @@
+export declare function totpCommand(id: string, opts: {
+    json?: boolean;
+}): Promise<void>;

package/dist/commands/totp.js

@@ -0,0 +1,26 @@
+import { getTotpCode } from "@passwd/passwd-lib";
+import { formatJson } from "../util/format.js";
+export async function totpCommand(id, opts) {
+    const codes = await getTotpCode(id);
+    if (opts.json) {
+        console.log(formatJson(codes));
+    }
+    else {
+        // Find the currently valid code
+        const now = Math.floor(Date.now() / 1000);
+        const current = codes.find((c) => now >= c.validityStart && now < c.validityEnd);
+        if (current) {
+            const remaining = current.validityEnd - now;
+            console.log(`${current.code} (${remaining}s remaining)`);
+        }
+        else if (codes.length > 0) {
+            // Fallback: show the first code
+            console.log(codes[0].code);
+        }
+        else {
+            console.error("No TOTP codes returned");
+            process.exitCode = 1;
+        }
+    }
+}
+//# sourceMappingURL=totp.js.map

package/dist/commands/totp.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"totp.js","sourceRoot":"","sources":["../../src/commands/totp.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAE/C,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,EAAU,EACV,IAAwB;IAExB,MAAM,KAAK,GAAG,MAAM,WAAW,CAAC,EAAE,CAAC,CAAC;IACpC,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QACd,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC;IACjC,CAAC;SAAM,CAAC;QACN,gCAAgC;QAChC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAC1C,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC,aAAa,IAAI,GAAG,GAAG,CAAC,CAAC,WAAW,CAAC,CAAC;QACjF,IAAI,OAAO,EAAE,CAAC;YACZ,MAAM,SAAS,GAAG,OAAO,CAAC,WAAW,GAAG,GAAG,CAAC;YAC5C,OAAO,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC,IAAI,KAAK,SAAS,cAAc,CAAC,CAAC;QAC3D,CAAC;aAAM,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC5B,gCAAgC;YAChC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QAC7B,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC;YACxC,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACvB,CAAC;IACH,CAAC;AACH,CAAC"}

package/dist/commands/update.d.ts

@@ -0,0 +1,19 @@
+export declare function updateCommand(id: string, opts: {
+    name?: string;
+    username?: string;
+    password?: string;
+    web?: string;
+    note?: string;
+    tags?: string[];
+    group?: string[];
+    user?: string[];
+    file?: string;
+    removeFile?: boolean;
+    visibleToAll?: boolean;
+    totp?: string;
+    cardNumber?: string;
+    cvvCode?: string;
+    credentials?: string;
+    privateKey?: string;
+    secureNote?: string;
+}): Promise<void>;

package/dist/commands/update.js

@@ -0,0 +1,68 @@
+import { readFileSync } from "node:fs";
+import { basename } from "node:path";
+import { updateSecret } from "@passwd/passwd-lib";
+import { formatJson } from "../util/format.js";
+import { parseRefFlag } from "../util/parse-ref.js";
+export async function updateCommand(id, opts) {
+    const updates = {};
+    if (opts.name !== undefined)
+        updates.name = opts.name;
+    if (opts.username !== undefined)
+        updates.username = opts.username;
+    if (opts.password !== undefined)
+        updates.password = opts.password;
+    if (opts.web !== undefined)
+        updates.web = opts.web;
+    if (opts.note !== undefined)
+        updates.note = opts.note;
+    if (opts.tags !== undefined)
+        updates.tags = opts.tags;
+    if (opts.group !== undefined) {
+        updates.groups = opts.group.map(parseRefFlag);
+    }
+    if (opts.user !== undefined) {
+        updates.whitelistUsers = opts.user.map(parseRefFlag);
+    }
+    if (opts.removeFile) {
+        updates.file = null;
+    }
+    else if (opts.file !== undefined) {
+        const buf = readFileSync(opts.file);
+        const name = basename(opts.file);
+        const ext = name.split(".").pop() ?? "";
+        const mime = guessMime(ext);
+        updates.file = { name, data: `data:${mime};base64,${buf.toString("base64")}` };
+    }
+    if (opts.visibleToAll !== undefined)
+        updates.visibleToAll = opts.visibleToAll;
+    if (opts.totp !== undefined)
+        updates.TOTP = opts.totp;
+    if (opts.cardNumber !== undefined)
+        updates.cardNumber = opts.cardNumber;
+    if (opts.cvvCode !== undefined)
+        updates.cvvCode = opts.cvvCode;
+    if (opts.credentials !== undefined)
+        updates.credentials = opts.credentials;
+    if (opts.privateKey !== undefined)
+        updates.privateKey = opts.privateKey;
+    if (opts.secureNote !== undefined)
+        updates.secureNote = opts.secureNote;
+    const secret = await updateSecret(id, updates);
+    console.log(formatJson(secret));
+}
+function guessMime(ext) {
+    const map = {
+        txt: "text/plain",
+        pdf: "application/pdf",
+        png: "image/png",
+        jpg: "image/jpeg",
+        jpeg: "image/jpeg",
+        gif: "image/gif",
+        json: "application/json",
+        xml: "application/xml",
+        csv: "text/csv",
+        zip: "application/zip",
+    };
+    return map[ext.toLowerCase()] ?? "application/octet-stream";
+}
+//# sourceMappingURL=update.js.map

package/dist/commands/update.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"update.js","sourceRoot":"","sources":["../../src/commands/update.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AACrC,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAC/C,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AAEpD,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,EAAU,EACV,IAkBC;IAED,MAAM,OAAO,GAA4B,EAAE,CAAC;IAE5C,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS;QAAE,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;IACtD,IAAI,IAAI,CAAC,QAAQ,KAAK,SAAS;QAAE,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;IAClE,IAAI,IAAI,CAAC,QAAQ,KAAK,SAAS;QAAE,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;IAClE,IAAI,IAAI,CAAC,GAAG,KAAK,SAAS;QAAE,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC;IACnD,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS;QAAE,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;IACtD,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS;QAAE,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;IACtD,IAAI,IAAI,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;QAC7B,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IAChD,CAAC;IACD,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;QAC5B,OAAO,CAAC,cAAc,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IACvD,CAAC;IACD,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;QACpB,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;IACtB,CAAC;SAAM,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;QACnC,MAAM,GAAG,GAAG,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpC,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACjC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC;QACxC,MAAM,IAAI,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC;QAC5B,OAAO,CAAC,IAAI,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,IAAI,WAAW,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;IACjF,CAAC;IACD,IAAI,IAAI,CAAC,YAAY,KAAK,SAAS;QAAE,OAAO,CAAC,YAAY,GAAG,IAAI,CAAC,YAAY,CAAC;IAC9E,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS;QAAE,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;IACtD,IAAI,IAAI,CAAC,UAAU,KAAK,SAAS;QAAE,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC;IACxE,IAAI,IAAI,CAAC,OAAO,KAAK,SAAS;QAAE,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC;IAC/D,IAAI,IAAI,CAAC,WAAW,KAAK,SAAS;QAAE,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,WAAW,CAAC;IAC3E,IAAI,IAAI,CAAC,UAAU,KAAK,SAAS;QAAE,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC;IACxE,IAAI,IAAI,CAAC,UAAU,KAAK,SAAS;QAAE,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC;IAExE,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;IAC/C,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;AAClC,CAAC;AAED,SAAS,SAAS,CAAC,GAAW;IAC5B,MAAM,GAAG,GAA2B;QAClC,GAAG,EAAE,YAAY;QACjB,GAAG,EAAE,iBAAiB;QACtB,GAAG,EAAE,WAAW;QAChB,GAAG,EAAE,YAAY;QACjB,IAAI,EAAE,YAAY;QAClB,GAAG,EAAE,WAAW;QAChB,IAAI,EAAE,kBAAkB;QACxB,GAAG,EAAE,iBAAiB;QACtB,GAAG,EAAE,UAAU;QACf,GAAG,EAAE,iBAAiB;KACvB,CAAC;IACF,OAAO,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,IAAI,0BAA0B,CAAC;AAC9D,CAAC"}

package/dist/commands/whoami.d.ts

@@ -0,0 +1,3 @@
+export declare function whoamiCommand(opts: {
+    json?: boolean;
+}): Promise<void>;

package/dist/commands/whoami.js

@@ -0,0 +1,12 @@
+import { getCurrentUser } from "@passwd/passwd-lib";
+import { formatJson } from "../util/format.js";
+export async function whoamiCommand(opts) {
+    const user = await getCurrentUser();
+    if (opts.json) {
+        console.log(formatJson(user));
+    }
+    else {
+        console.log(`${user.name} <${user.email}>`);
+    }
+}
+//# sourceMappingURL=whoami.js.map

package/dist/commands/whoami.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"whoami.js","sourceRoot":"","sources":["../../src/commands/whoami.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACpD,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAE/C,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,IAAwB;IAC1D,MAAM,IAAI,GAAG,MAAM,cAAc,EAAE,CAAC;IACpC,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QACd,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC;IAChC,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,IAAI,KAAK,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC;IAC9C,CAAC;AACH,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};

package/dist/index.js

@@ -0,0 +1,154 @@
+#!/usr/bin/env node
+import { Command } from "commander";
+import { loginCommand } from "./commands/login.js";
+import { whoamiCommand } from "./commands/whoami.js";
+import { listCommand } from "./commands/list.js";
+import { getCommand } from "./commands/get.js";
+import { createCommand } from "./commands/create.js";
+import { updateCommand } from "./commands/update.js";
+import { deleteCommand } from "./commands/delete.js";
+import { totpCommand } from "./commands/totp.js";
+import { shareCommand } from "./commands/share.js";
+import { execCommand } from "./commands/exec.js";
+import { groupsCommand } from "./commands/groups.js";
+import { contactsCommand } from "./commands/contacts.js";
+import { envsCommand } from "./commands/envs.js";
+import { resolveCommand } from "./commands/resolve.js";
+import { formatError } from "./util/format.js";
+import { resolveEnv } from "./util/envs.js";
+import { resetDiscoveryCache, getTokenDir } from "@passwd/passwd-lib";
+const program = new Command();
+program
+    .name("passwd")
+    .description("CLI for passwd.team password manager")
+    .version("1.1.0")
+    .enablePositionalOptions()
+    .option("--env <name>", "Target a specific environment (substring match against known origins)");
+program.hook("preAction", async (thisCommand) => {
+    const envName = thisCommand.opts().env;
+    if (envName) {
+        const origin = await resolveEnv(envName, getTokenDir());
+        process.env.PASSWD_ORIGIN = origin;
+        resetDiscoveryCache();
+    }
+});
+program
+    .command("login")
+    .description("Authenticate with Google OAuth")
+    .action(() => loginCommand().catch(die));
+program
+    .command("whoami")
+    .description("Show current user")
+    .option("--json", "Output as JSON")
+    .action((opts) => whoamiCommand(opts).catch(die));
+program
+    .command("list")
+    .description("List secrets")
+    .option("-q, --query <text>", "Search by name, username, or URL")
+    .option("-t, --type <type>", "Filter by secret type")
+    .option("-l, --limit <n>", "Maximum results")
+    .option("-o, --offset <n>", "Skip first N results")
+    .option("--json", "Output as JSON")
+    .action((opts) => listCommand(opts).catch(die));
+program
+    .command("get <id>")
+    .description("Get a secret")
+    .option("-f, --field <name>", "Output a single field (raw, no newline)")
+    .option("--json", "Output as JSON")
+    .action((id, opts) => getCommand(id, opts).catch(die));
+program
+    .command("create")
+    .description("Create a new secret")
+    .requiredOption("-t, --type <type>", "Secret type (password, paymentCard, apiCredentials, databaseCredentials, sshKey, secureNote)")
+    .requiredOption("-n, --name <name>", "Secret name")
+    .option("-u, --username <user>", "Username")
+    .option("-p, --password <pass>", "Password")
+    .option("-w, --web <url>", "Website URL")
+    .option("--note <text>", "Note")
+    .option("--tags <tags...>", "Tags")
+    .option("--group <id:perms>", "Share with group (ID:read,write — repeatable)", collect, undefined)
+    .option("--user <id:perms>", "Share with user (ID:read,write — repeatable)", collect, undefined)
+    .option("--file <path>", "Attach a file")
+    .option("--visible-to-all", "Make visible to all workspace users")
+    .option("--totp <secret>", "TOTP secret key")
+    .option("--card-number <num>", "Card number")
+    .option("--cvv-code <code>", "CVV code")
+    .option("--credentials <creds>", "Database credentials")
+    .option("--private-key <key>", "SSH private key")
+    .option("--secure-note <text>", "Secure note content")
+    .action((opts) => createCommand(opts).catch(die));
+program
+    .command("update <id>")
+    .description("Update a secret")
+    .option("-n, --name <name>", "Name")
+    .option("-u, --username <user>", "Username")
+    .option("-p, --password <pass>", "Password")
+    .option("-w, --web <url>", "Website URL")
+    .option("--note <text>", "Note")
+    .option("--tags <tags...>", "Tags")
+    .option("--group <id:perms>", "Share with group (ID:read,write — repeatable)", collect, undefined)
+    .option("--user <id:perms>", "Share with user (ID:read,write — repeatable)", collect, undefined)
+    .option("--file <path>", "Attach a file")
+    .option("--remove-file", "Remove existing file attachment")
+    .option("--visible-to-all", "Make visible to all workspace users")
+    .option("--totp <secret>", "TOTP secret key")
+    .option("--card-number <num>", "Card number")
+    .option("--cvv-code <code>", "CVV code")
+    .option("--credentials <creds>", "Database credentials")
+    .option("--private-key <key>", "SSH private key")
+    .option("--secure-note <text>", "Secure note content")
+    .action((id, opts) => updateCommand(id, opts).catch(die));
+program
+    .command("delete <id>")
+    .description("Delete a secret (irreversible)")
+    .option("-y, --yes", "Skip confirmation prompt")
+    .action((id, opts) => deleteCommand(id, opts).catch(die));
+program
+    .command("totp <id>")
+    .description("Get current TOTP code")
+    .option("--json", "Output as JSON (includes remaining seconds)")
+    .action((id, opts) => totpCommand(id, opts).catch(die));
+program
+    .command("share <id>")
+    .description("Enable or revoke sharing")
+    .option("--revoke", "Revoke sharing instead of enabling")
+    .option("--json", "Output as JSON")
+    .action((id, opts) => shareCommand(id, opts).catch(die));
+program
+    .command("groups")
+    .description("List available groups")
+    .option("--json", "Output as JSON")
+    .action((opts) => groupsCommand(opts).catch(die));
+program
+    .command("contacts")
+    .description("List available contacts")
+    .option("--json", "Output as JSON")
+    .action((opts) => contactsCommand(opts).catch(die));
+program
+    .command("envs")
+    .description("List known environments")
+    .option("--json", "Output as JSON")
+    .action((opts) => envsCommand(opts).catch(die));
+program
+    .command("resolve", { hidden: true })
+    .description("Resolve secrets for exec secrets provider (reads JSON from stdin)")
+    .action(() => resolveCommand().catch(die));
+program
+    .command("exec")
+    .description("Run a command with secrets injected as environment variables")
+    .option("--inject <mapping...>", "VAR=SECRET_ID:FIELD (repeatable)")
+    .argument("[args...]", "Command to execute (after --)")
+    .passThroughOptions()
+    .action((args, opts) => {
+    execCommand(args, opts).catch(die);
+});
+/** Commander repeatable-option accumulator. */
+function collect(val, prev) {
+    return prev ? [...prev, val] : [val];
+}
+function die(err) {
+    console.error(`Error: ${formatError(err)}`);
+    process.exitCode = 1;
+}
+program.parse();
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACnD,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAC/C,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACnD,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AACzD,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAC/C,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAC5C,OAAO,EAAE,mBAAmB,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAEtE,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,QAAQ,CAAC;KACd,WAAW,CAAC,sCAAsC,CAAC;KACnD,OAAO,CAAC,OAAO,CAAC;KAChB,uBAAuB,EAAE;KACzB,MAAM,CAAC,cAAc,EAAE,uEAAuE,CAAC,CAAC;AAEnG,OAAO,CAAC,IAAI,CAAC,WAAW,EAAE,KAAK,EAAE,WAAW,EAAE,EAAE;IAC9C,MAAM,OAAO,GAAG,WAAW,CAAC,IAAI,EAAE,CAAC,GAAyB,CAAC;IAC7D,IAAI,OAAO,EAAE,CAAC;QACZ,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,OAAO,EAAE,WAAW,EAAE,CAAC,CAAC;QACxD,OAAO,CAAC,GAAG,CAAC,aAAa,GAAG,MAAM,CAAC;QACnC,mBAAmB,EAAE,CAAC;IACxB,CAAC;AACH,CAAC,CAAC,CAAC;AAEH,OAAO;KACJ,OAAO,CAAC,OAAO,CAAC;KAChB,WAAW,CAAC,gCAAgC,CAAC;KAC7C,MAAM,CAAC,GAAG,EAAE,CAAC,YAAY,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC;AAE3C,OAAO;KACJ,OAAO,CAAC,QAAQ,CAAC;KACjB,WAAW,CAAC,mBAAmB,CAAC;KAChC,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;KAClC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC;AAEpD,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,cAAc,CAAC;KAC3B,MAAM,CAAC,oBAAoB,EAAE,kCAAkC,CAAC;KAChE,MAAM,CAAC,mBAAmB,EAAE,uBAAuB,CAAC;KACpD,MAAM,CAAC,iBAAiB,EAAE,iBAAiB,CAAC;KAC5C,MAAM,CAAC,kBAAkB,EAAE,sBAAsB,CAAC;KAClD,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;KAClC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC;AAElD,OAAO;KACJ,OAAO,CAAC,UAAU,CAAC;KACnB,WAAW,CAAC,cAAc,CAAC;KAC3B,MAAM,CAAC,oBAAoB,EAAE,yCAAyC,CAAC;KACvE,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;KAClC,MAAM,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,EAAE,CAAC,UAAU,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC;AAEzD,OAAO;KACJ,OAAO,CAAC,QAAQ,CAAC;KACjB,WAAW,CAAC,qBAAqB,CAAC;KAClC,cAAc,CAAC,mBAAmB,EAAE,8FAA8F,CAAC;KACnI,cAAc,CAAC,mBAAmB,EAAE,aAAa,CAAC;KAClD,MAAM,CAAC,uBAAuB,EAAE,UAAU,CAAC;KAC3C,MAAM,CAAC,uBAAuB,EAAE,UAAU,CAAC;KAC3C,MAAM,CAAC,iBAAiB,EAAE,aAAa,CAAC;KACxC,MAAM,CAAC,eAAe,EAAE,MAAM,CAAC;KAC/B,MAAM,CAAC,kBAAkB,EAAE,MAAM,CAAC;KAClC,MAAM,CAAC,oBAAoB,EAAE,+CAA+C,EAAE,OAAO,EAAE,SAAS,CAAC;KACjG,MAAM,CAAC,mBAAmB,EAAE,8CAA8C,EAAE,OAAO,EAAE,SAAS,CAAC;KAC/F,MAAM,CAAC,eAAe,EAAE,eAAe,CAAC;KACxC,MAAM,CAAC,kBAAkB,EAAE,qCAAqC,CAAC;KACjE,MAAM,CAAC,iBAAiB,EAAE,iBAAiB,CAAC;KAC5C,MAAM,CAAC,qBAAqB,EAAE,aAAa,CAAC;KAC5C,MAAM,CAAC,mBAAmB,EAAE,UAAU,CAAC;KACvC,MAAM,CAAC,uBAAuB,EAAE,sBAAsB,CAAC;KACvD,MAAM,CAAC,qBAAqB,EAAE,iBAAiB,CAAC;KAChD,MAAM,CAAC,sBAAsB,EAAE,qBAAqB,CAAC;KACrD,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC;AAEpD,OAAO;KACJ,OAAO,CAAC,aAAa,CAAC;KACtB,WAAW,CAAC,iBAAiB,CAAC;KAC9B,MAAM,CAAC,mBAAmB,EAAE,MAAM,CAAC;KACnC,MAAM,CAAC,uBAAuB,EAAE,UAAU,CAAC;KAC3C,MAAM,CAAC,uBAAuB,EAAE,UAAU,CAAC;KAC3C,MAAM,CAAC,iBAAiB,EAAE,aAAa,CAAC;KACxC,MAAM,CAAC,eAAe,EAAE,MAAM,CAAC;KAC/B,MAAM,CAAC,kBAAkB,EAAE,MAAM,CAAC;KAClC,MAAM,CAAC,oBAAoB,EAAE,+CAA+C,EAAE,OAAO,EAAE,SAAS,CAAC;KACjG,MAAM,CAAC,mBAAmB,EAAE,8CAA8C,EAAE,OAAO,EAAE,SAAS,CAAC;KAC/F,MAAM,CAAC,eAAe,EAAE,eAAe,CAAC;KACxC,MAAM,CAAC,eAAe,EAAE,iCAAiC,CAAC;KAC1D,MAAM,CAAC,kBAAkB,EAAE,qCAAqC,CAAC;KACjE,MAAM,CAAC,iBAAiB,EAAE,iBAAiB,CAAC;KAC5C,MAAM,CAAC,qBAAqB,EAAE,aAAa,CAAC;KAC5C,MAAM,CAAC,mBAAmB,EAAE,UAAU,CAAC;KACvC,MAAM,CAAC,uBAAuB,EAAE,sBAAsB,CAAC;KACvD,MAAM,CAAC,qBAAqB,EAAE,iBAAiB,CAAC;KAChD,MAAM,CAAC,sBAAsB,EAAE,qBAAqB,CAAC;KACrD,MAAM,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,EAAE,CAAC,aAAa,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC;AAE5D,OAAO;KACJ,OAAO,CAAC,aAAa,CAAC;KACtB,WAAW,CAAC,gCAAgC,CAAC;KAC7C,MAAM,CAAC,WAAW,EAAE,0BAA0B,CAAC;KAC/C,MAAM,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,EAAE,CAAC,aAAa,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC;AAE5D,OAAO;KACJ,OAAO,CAAC,WAAW,CAAC;KACpB,WAAW,CAAC,uBAAuB,CAAC;KACpC,MAAM,CAAC,QAAQ,EAAE,6CAA6C,CAAC;KAC/D,MAAM,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,EAAE,CAAC,WAAW,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC;AAE1D,OAAO;KACJ,OAAO,CAAC,YAAY,CAAC;KACrB,WAAW,CAAC,0BAA0B,CAAC;KACvC,MAAM,CAAC,UAAU,EAAE,oCAAoC,CAAC;KACxD,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;KAClC,MAAM,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,EAAE,CAAC,YAAY,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC;AAE3D,OAAO;KACJ,OAAO,CAAC,QAAQ,CAAC;KACjB,WAAW,CAAC,uBAAuB,CAAC;KACpC,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;KAClC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC;AAEpD,OAAO;KACJ,OAAO,CAAC,UAAU,CAAC;KACnB,WAAW,CAAC,yBAAyB,CAAC;KACtC,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;KAClC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC;AAEtD,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,yBAAyB,CAAC;KACtC,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;KAClC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC;AAElD,OAAO;KACJ,OAAO,CAAC,SAAS,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;KACpC,WAAW,CAAC,mEAAmE,CAAC;KAChF,MAAM,CAAC,GAAG,EAAE,CAAC,cAAc,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC;AAE7C,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,8DAA8D,CAAC;KAC3E,MAAM,CAAC,uBAAuB,EAAE,kCAAkC,CAAC;KACnE,QAAQ,CAAC,WAAW,EAAE,+BAA+B,CAAC;KACtD,kBAAkB,EAAE;KACpB,MAAM,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,EAAE;IACrB,WAAW,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;AACrC,CAAC,CAAC,CAAC;AAEL,+CAA+C;AAC/C,SAAS,OAAO,CAAC,GAAW,EAAE,IAA0B;IACtD,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,IAAI,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;AACvC,CAAC;AAED,SAAS,GAAG,CAAC,GAAY;IACvB,OAAO,CAAC,KAAK,CAAC,UAAU,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAC5C,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;AACvB,CAAC;AAED,OAAO,CAAC,KAAK,EAAE,CAAC"}

package/dist/util/envs.d.ts

@@ -0,0 +1,7 @@
+export interface EnvInfo {
+    origin: string;
+    file: string;
+    savedAt?: number;
+}
+export declare function scanTokenFiles(tokenDir: string): Promise<EnvInfo[]>;
+export declare function resolveEnv(name: string, tokenDir: string): Promise<string>;

package/dist/util/envs.js

@@ -0,0 +1,49 @@
+import { readdir, readFile } from "node:fs/promises";
+import { join } from "node:path";
+export async function scanTokenFiles(tokenDir) {
+    let files;
+    try {
+        files = await readdir(tokenDir);
+    }
+    catch {
+        return [];
+    }
+    const results = [];
+    for (const file of files) {
+        if (!file.startsWith("tokens-") || !file.endsWith(".json"))
+            continue;
+        try {
+            const content = await readFile(join(tokenDir, file), "utf-8");
+            const tokens = JSON.parse(content);
+            if (tokens.origin) {
+                results.push({
+                    origin: tokens.origin,
+                    file,
+                    savedAt: tokens.saved_at,
+                });
+            }
+        }
+        catch {
+            // skip unreadable/corrupt files
+        }
+    }
+    return results;
+}
+export async function resolveEnv(name, tokenDir) {
+    const envs = await scanTokenFiles(tokenDir);
+    if (envs.length === 0) {
+        throw new Error("No known environments. Log in with PASSWD_ORIGIN set first.");
+    }
+    const lower = name.toLowerCase();
+    const matches = envs.filter((e) => e.origin.toLowerCase().includes(lower));
+    if (matches.length === 0) {
+        const known = envs.map((e) => `  ${e.origin}`).join("\n");
+        throw new Error(`No environment matching "${name}". Known environments:\n${known}`);
+    }
+    if (matches.length > 1) {
+        const list = matches.map((e) => `  ${e.origin}`).join("\n");
+        throw new Error(`Ambiguous match for "${name}". Matching environments:\n${list}\nBe more specific.`);
+    }
+    return matches[0].origin;
+}
+//# sourceMappingURL=envs.js.map

package/dist/util/envs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"envs.js","sourceRoot":"","sources":["../../src/util/envs.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AACrD,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AASjC,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,QAAgB;IACnD,IAAI,KAAe,CAAC;IACpB,IAAI,CAAC;QACH,KAAK,GAAG,MAAM,OAAO,CAAC,QAAQ,CAAC,CAAC;IAClC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,MAAM,OAAO,GAAc,EAAE,CAAC;IAC9B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC;YAAE,SAAS;QACrE,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,EAAE,OAAO,CAAC,CAAC;YAC9D,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAe,CAAC;YACjD,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;gBAClB,OAAO,CAAC,IAAI,CAAC;oBACX,MAAM,EAAE,MAAM,CAAC,MAAM;oBACrB,IAAI;oBACJ,OAAO,EAAE,MAAM,CAAC,QAAQ;iBACzB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,gCAAgC;QAClC,CAAC;IACH,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,IAAY,EACZ,QAAgB;IAEhB,MAAM,IAAI,GAAG,MAAM,cAAc,CAAC,QAAQ,CAAC,CAAC;IAC5C,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CACb,6DAA6D,CAC9D,CAAC;IACJ,CAAC;IAED,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;IACjC,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC;IAE3E,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1D,MAAM,IAAI,KAAK,CACb,4BAA4B,IAAI,2BAA2B,KAAK,EAAE,CACnE,CAAC;IACJ,CAAC;IACD,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvB,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC5D,MAAM,IAAI,KAAK,CACb,wBAAwB,IAAI,8BAA8B,IAAI,qBAAqB,CACpF,CAAC;IACJ,CAAC;IACD,OAAO,OAAO,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;AAC3B,CAAC"}

package/dist/util/format.d.ts

@@ -0,0 +1,4 @@
+import type { SecretListItem } from "@passwd/passwd-lib";
+export declare function formatError(error: unknown): string;
+export declare function formatJson(data: unknown): string;
+export declare function formatSecretRow(s: SecretListItem): string;

package/dist/util/format.js

@@ -0,0 +1,15 @@
+export function formatError(error) {
+    return error instanceof Error ? error.message : String(error);
+}
+export function formatJson(data) {
+    return JSON.stringify(data, null, 2);
+}
+export function formatSecretRow(s) {
+    const parts = [s.id, s.type, s.name];
+    if (s.username)
+        parts.push(s.username);
+    if (s.web)
+        parts.push(s.web);
+    return parts.join("\t");
+}
+//# sourceMappingURL=format.js.map

package/dist/util/format.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"format.js","sourceRoot":"","sources":["../../src/util/format.ts"],"names":[],"mappings":"AAEA,MAAM,UAAU,WAAW,CAAC,KAAc;IACxC,OAAO,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAChE,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,IAAa;IACtC,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;AACvC,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,CAAiB;IAC/C,MAAM,KAAK,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC;IACrC,IAAI,CAAC,CAAC,QAAQ;QAAE,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;IACvC,IAAI,CAAC,CAAC,GAAG;QAAE,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IAC7B,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}

package/dist/util/parse-ref.d.ts

@@ -0,0 +1,7 @@
+import type { GroupRef, UserRef } from "@passwd/passwd-lib";
+/**
+ * Parse a CLI flag value like "ID:read,write" into a ref object.
+ * Format: <id>:<perm1>,<perm2>,...
+ * Example: "028h4q:read,write" → { id: "028h4q", accessPermissions: ["read", "write"] }
+ */
+export declare function parseRefFlag(value: string): GroupRef | UserRef;

package/dist/util/parse-ref.js

@@ -0,0 +1,21 @@
+/**
+ * Parse a CLI flag value like "ID:read,write" into a ref object.
+ * Format: <id>:<perm1>,<perm2>,...
+ * Example: "028h4q:read,write" → { id: "028h4q", accessPermissions: ["read", "write"] }
+ */
+export function parseRefFlag(value) {
+    const colonIdx = value.indexOf(":");
+    if (colonIdx === -1) {
+        throw new Error(`Invalid ref format "${value}". Expected ID:permissions (e.g. "abc123:read,write")`);
+    }
+    const id = value.slice(0, colonIdx);
+    const perms = value.slice(colonIdx + 1).split(",").map((p) => p.trim());
+    const valid = new Set(["read", "write", "autofillOnly", "passkeyOnly"]);
+    for (const p of perms) {
+        if (!valid.has(p)) {
+            throw new Error(`Invalid permission "${p}". Valid: ${[...valid].join(", ")}`);
+        }
+    }
+    return { id, accessPermissions: perms };
+}
+//# sourceMappingURL=parse-ref.js.map

package/dist/util/parse-ref.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"parse-ref.js","sourceRoot":"","sources":["../../src/util/parse-ref.ts"],"names":[],"mappings":"AAEA;;;;GAIG;AACH,MAAM,UAAU,YAAY,CAAC,KAAa;IACxC,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACpC,IAAI,QAAQ,KAAK,CAAC,CAAC,EAAE,CAAC;QACpB,MAAM,IAAI,KAAK,CACb,uBAAuB,KAAK,uDAAuD,CACpF,CAAC;IACJ,CAAC;IACD,MAAM,EAAE,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;IACpC,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IACxE,MAAM,KAAK,GAAG,IAAI,GAAG,CAAC,CAAC,MAAM,EAAE,OAAO,EAAE,cAAc,EAAE,aAAa,CAAC,CAAC,CAAC;IACxE,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;QACtB,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;YAClB,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAChF,CAAC;IACH,CAAC;IACD,OAAO,EAAE,EAAE,EAAE,iBAAiB,EAAE,KAA8D,EAAE,CAAC;AACnG,CAAC"}

package/package.json

@@ -0,0 +1,35 @@
+{
+  "name": "@passwd/passwd-cli",
+  "version": "1.1.0",
+  "description": "CLI for passwd.team password manager",
+  "type": "module",
+  "main": "dist/index.js",
+  "bin": {
+    "passwd": "dist/index.js"
+  },
+  "files": [
+    "dist"
+  ],
+  "scripts": {
+    "build": "tsc -b"
+  },
+  "keywords": [
+    "passwd",
+    "password-manager",
+    "cli",
+    "passwd-team"
+  ],
+  "license": "MIT",
+  "dependencies": {
+    "@passwd/passwd-lib": "1.1.0",
+    "commander": "^13.1.0"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/pepuscz/passwd.git",
+    "directory": "packages/passwd-cli"
+  },
+  "publishConfig": {
+    "access": "public"
+  }
+}