@passwd/passwd-lib 1.1.0

package/dist/api.d.ts

@@ -0,0 +1,23 @@
+import type { Secret, SecretListItem, TOTPResponse, ShareResponse, UserProfile, GroupInfo, ContactInfo } from "./types.js";
+export interface ListSecretsParams {
+    query?: string;
+    secretType?: string;
+    offset?: number;
+    limit?: number;
+}
+export interface ListSecretsResult {
+    secrets: SecretListItem[];
+    totalCount: number;
+}
+export declare function listSecrets(params?: ListSecretsParams): Promise<ListSecretsResult>;
+export declare function getSecret(id: string): Promise<Secret>;
+export declare function createSecret(secret: Partial<Secret>): Promise<Secret>;
+export declare function updateSecret(id: string, updates: Partial<Secret>): Promise<Secret>;
+export declare function deleteSecret(id: string): Promise<void>;
+export declare function getTotpCode(id: string): Promise<TOTPResponse>;
+export declare function enableSharing(id: string): Promise<ShareResponse>;
+export declare function revokeSharing(id: string): Promise<void>;
+export declare function listGroups(): Promise<GroupInfo[]>;
+export declare function listContacts(): Promise<ContactInfo[]>;
+export declare function getCurrentUser(): Promise<UserProfile>;
+//# sourceMappingURL=api.d.ts.map

package/dist/api.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"api.d.ts","sourceRoot":"","sources":["../src/api.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EACV,MAAM,EACN,cAAc,EACd,YAAY,EACZ,aAAa,EACb,WAAW,EACX,SAAS,EACT,WAAW,EACZ,MAAM,YAAY,CAAC;AAoDpB,MAAM,WAAW,iBAAiB;IAChC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE,cAAc,EAAE,CAAC;IAC1B,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,wBAAsB,WAAW,CAAC,MAAM,GAAE,iBAAsB,GAAG,OAAO,CAAC,iBAAiB,CAAC,CA2C5F;AAED,wBAAsB,SAAS,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAG3D;AAED,wBAAsB,YAAY,CAAC,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,GAAG,OAAO,CAAC,MAAM,CAAC,CAO3E;AAED,wBAAsB,YAAY,CAAC,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,GAAG,OAAO,CAAC,MAAM,CAAC,CAOxF;AAED,wBAAsB,YAAY,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAQ5D;AAID,wBAAsB,WAAW,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC,CAGnE;AAID,wBAAsB,aAAa,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC,CAKtE;AAED,wBAAsB,aAAa,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAQ7D;AAID,wBAAsB,UAAU,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC,CAIvD;AAED,wBAAsB,YAAY,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC,CAI3D;AAID,wBAAsB,cAAc,IAAI,OAAO,CAAC,WAAW,CAAC,CAG3D"}

package/dist/api.js

@@ -0,0 +1,146 @@
+import { getApiUrl, getAccessToken, refreshToken, loadTokens } from "./auth.js";
+async function authFetch(path, options = {}, baseVersion = "v2", retry = true) {
+    const apiUrl = await getApiUrl();
+    const token = await getAccessToken();
+    const url = `${apiUrl}/${baseVersion}${path}`;
+    const response = await fetch(url, {
+        ...options,
+        headers: {
+            ...options.headers,
+            Authorization: `Bearer ${token}`,
+        },
+    });
+    if (response.status === 401 && retry) {
+        // Try refreshing the token
+        try {
+            const tokens = await loadTokens();
+            if (!tokens)
+                throw new Error("No tokens");
+            const newTokens = await refreshToken(tokens);
+            const retryResponse = await fetch(url, {
+                ...options,
+                headers: {
+                    ...options.headers,
+                    Authorization: `Bearer ${newTokens.access_token}`,
+                },
+            });
+            return retryResponse;
+        }
+        catch {
+            throw new Error("Authentication expired. Please re-authenticate.");
+        }
+    }
+    return response;
+}
+async function handleResponse(response) {
+    if (!response.ok) {
+        const text = await response.text();
+        throw new Error(`API error (${response.status}): ${text}`);
+    }
+    return response.json();
+}
+export async function listSecrets(params = {}) {
+    // The API does not support query parameters for filtering/pagination,
+    // so we fetch all secrets and filter/paginate client-side.
+    const response = await authFetch("/secrets", {}, "v3");
+    const data = await handleResponse(response);
+    // API may return object keyed by id or array
+    let secrets;
+    if (Array.isArray(data)) {
+        secrets = data;
+    }
+    else if (data && typeof data === "object") {
+        secrets = Object.values(data);
+    }
+    else {
+        secrets = [];
+    }
+    // Client-side filtering by secret type
+    if (params.secretType) {
+        secrets = secrets.filter((s) => s.type === params.secretType);
+    }
+    // Client-side filtering by query (case-insensitive match on name, username, or web)
+    if (params.query) {
+        const q = params.query.toLowerCase();
+        secrets = secrets.filter((s) => s.name?.toLowerCase().includes(q) ||
+            s.username?.toLowerCase().includes(q) ||
+            s.web?.toLowerCase().includes(q));
+    }
+    const totalCount = secrets.length;
+    // Client-side pagination
+    const offset = params.offset ?? 0;
+    if (params.limit !== undefined) {
+        secrets = secrets.slice(offset, offset + params.limit);
+    }
+    else if (offset > 0) {
+        secrets = secrets.slice(offset);
+    }
+    return { secrets, totalCount };
+}
+export async function getSecret(id) {
+    const response = await authFetch(`/secrets/${encodeURIComponent(id)}`);
+    return handleResponse(response);
+}
+export async function createSecret(secret) {
+    const response = await authFetch("/secrets", {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify(secret),
+    });
+    return handleResponse(response);
+}
+export async function updateSecret(id, updates) {
+    const response = await authFetch(`/secrets/${encodeURIComponent(id)}`, {
+        method: "PUT",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify(updates),
+    });
+    return handleResponse(response);
+}
+export async function deleteSecret(id) {
+    const response = await authFetch(`/secrets/${encodeURIComponent(id)}`, {
+        method: "DELETE",
+    });
+    if (!response.ok) {
+        const text = await response.text();
+        throw new Error(`Delete failed (${response.status}): ${text}`);
+    }
+}
+// --- TOTP ---
+export async function getTotpCode(id) {
+    const response = await authFetch(`/secrets/${encodeURIComponent(id)}/TOTP`);
+    return handleResponse(response);
+}
+// --- Sharing ---
+export async function enableSharing(id) {
+    const response = await authFetch(`/secrets/${encodeURIComponent(id)}/share`, {
+        method: "POST",
+    });
+    return handleResponse(response);
+}
+export async function revokeSharing(id) {
+    const response = await authFetch(`/secrets/${encodeURIComponent(id)}/share`, {
+        method: "DELETE",
+    });
+    if (!response.ok) {
+        const text = await response.text();
+        throw new Error(`Revoke sharing failed (${response.status}): ${text}`);
+    }
+}
+// --- Groups & Contacts ---
+export async function listGroups() {
+    const response = await authFetch("/groups-query");
+    const data = await handleResponse(response);
+    return data.data;
+}
+export async function listContacts() {
+    const response = await authFetch("/contacts-query");
+    const data = await handleResponse(response);
+    return data.data;
+}
+// --- User ---
+export async function getCurrentUser() {
+    const response = await authFetch("/me");
+    return handleResponse(response);
+}
+//# sourceMappingURL=api.js.map

package/dist/api.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"api.js","sourceRoot":"","sources":["../src/api.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,cAAc,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAWhF,KAAK,UAAU,SAAS,CACtB,IAAY,EACZ,UAAuB,EAAE,EACzB,cAA2B,IAAI,EAC/B,KAAK,GAAG,IAAI;IAEZ,MAAM,MAAM,GAAG,MAAM,SAAS,EAAE,CAAC;IACjC,MAAM,KAAK,GAAG,MAAM,cAAc,EAAE,CAAC;IACrC,MAAM,GAAG,GAAG,GAAG,MAAM,IAAI,WAAW,GAAG,IAAI,EAAE,CAAC;IAE9C,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;QAChC,GAAG,OAAO;QACV,OAAO,EAAE;YACP,GAAG,OAAO,CAAC,OAAO;YAClB,aAAa,EAAE,UAAU,KAAK,EAAE;SACjC;KACF,CAAC,CAAC;IAEH,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,KAAK,EAAE,CAAC;QACrC,2BAA2B;QAC3B,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,UAAU,EAAE,CAAC;YAClC,IAAI,CAAC,MAAM;gBAAE,MAAM,IAAI,KAAK,CAAC,WAAW,CAAC,CAAC;YAC1C,MAAM,SAAS,GAAG,MAAM,YAAY,CAAC,MAAM,CAAC,CAAC;YAC7C,MAAM,aAAa,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;gBACrC,GAAG,OAAO;gBACV,OAAO,EAAE;oBACP,GAAG,OAAO,CAAC,OAAO;oBAClB,aAAa,EAAE,UAAU,SAAS,CAAC,YAAY,EAAE;iBAClD;aACF,CAAC,CAAC;YACH,OAAO,aAAa,CAAC;QACvB,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;QACrE,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,KAAK,UAAU,cAAc,CAAI,QAAkB;IACjD,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACnC,MAAM,IAAI,KAAK,CAAC,cAAc,QAAQ,CAAC,MAAM,MAAM,IAAI,EAAE,CAAC,CAAC;IAC7D,CAAC;IACD,OAAO,QAAQ,CAAC,IAAI,EAAgB,CAAC;AACvC,CAAC;AAgBD,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,SAA4B,EAAE;IAC9D,sEAAsE;IACtE,2DAA2D;IAC3D,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,UAAU,EAAE,EAAE,EAAE,IAAI,CAAC,CAAC;IACvD,MAAM,IAAI,GAAG,MAAM,cAAc,CAAoD,QAAQ,CAAC,CAAC;IAE/F,6CAA6C;IAC7C,IAAI,OAAyB,CAAC;IAC9B,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QACxB,OAAO,GAAG,IAAI,CAAC;IACjB,CAAC;SAAM,IAAI,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC5C,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IAChC,CAAC;SAAM,CAAC;QACN,OAAO,GAAG,EAAE,CAAC;IACf,CAAC;IAED,uCAAuC;IACvC,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;QACtB,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC,UAAU,CAAC,CAAC;IAChE,CAAC;IAED,oFAAoF;IACpF,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,MAAM,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC;QACrC,OAAO,GAAG,OAAO,CAAC,MAAM,CACtB,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,IAAI,EAAE,WAAW,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC;YACjC,CAAC,CAAC,QAAQ,EAAE,WAAW,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC;YACrC,CAAC,CAAC,GAAG,EAAE,WAAW,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CACnC,CAAC;IACJ,CAAC;IAED,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC;IAElC,yBAAyB;IACzB,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,IAAI,CAAC,CAAC;IAClC,IAAI,MAAM,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;QAC/B,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;IACzD,CAAC;SAAM,IAAI,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IAClC,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,CAAC;AACjC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,EAAU;IACxC,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,YAAY,kBAAkB,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;IACvE,OAAO,cAAc,CAAS,QAAQ,CAAC,CAAC;AAC1C,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,MAAuB;IACxD,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,UAAU,EAAE;QAC3C,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;QAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC;KAC7B,CAAC,CAAC;IACH,OAAO,cAAc,CAAS,QAAQ,CAAC,CAAC;AAC1C,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,EAAU,EAAE,OAAwB;IACrE,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,YAAY,kBAAkB,CAAC,EAAE,CAAC,EAAE,EAAE;QACrE,MAAM,EAAE,KAAK;QACb,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;QAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;KAC9B,CAAC,CAAC;IACH,OAAO,cAAc,CAAS,QAAQ,CAAC,CAAC;AAC1C,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,EAAU;IAC3C,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,YAAY,kBAAkB,CAAC,EAAE,CAAC,EAAE,EAAE;QACrE,MAAM,EAAE,QAAQ;KACjB,CAAC,CAAC;IACH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACnC,MAAM,IAAI,KAAK,CAAC,kBAAkB,QAAQ,CAAC,MAAM,MAAM,IAAI,EAAE,CAAC,CAAC;IACjE,CAAC;AACH,CAAC;AAED,eAAe;AAEf,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,EAAU;IAC1C,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,YAAY,kBAAkB,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC;IAC5E,OAAO,cAAc,CAAe,QAAQ,CAAC,CAAC;AAChD,CAAC;AAED,kBAAkB;AAElB,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,EAAU;IAC5C,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,YAAY,kBAAkB,CAAC,EAAE,CAAC,QAAQ,EAAE;QAC3E,MAAM,EAAE,MAAM;KACf,CAAC,CAAC;IACH,OAAO,cAAc,CAAgB,QAAQ,CAAC,CAAC;AACjD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,EAAU;IAC5C,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,YAAY,kBAAkB,CAAC,EAAE,CAAC,QAAQ,EAAE;QAC3E,MAAM,EAAE,QAAQ;KACjB,CAAC,CAAC;IACH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACnC,MAAM,IAAI,KAAK,CAAC,0BAA0B,QAAQ,CAAC,MAAM,MAAM,IAAI,EAAE,CAAC,CAAC;IACzE,CAAC;AACH,CAAC;AAED,4BAA4B;AAE5B,MAAM,CAAC,KAAK,UAAU,UAAU;IAC9B,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,eAAe,CAAC,CAAC;IAClD,MAAM,IAAI,GAAG,MAAM,cAAc,CAAwB,QAAQ,CAAC,CAAC;IACnE,OAAO,IAAI,CAAC,IAAI,CAAC;AACnB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,YAAY;IAChC,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,iBAAiB,CAAC,CAAC;IACpD,MAAM,IAAI,GAAG,MAAM,cAAc,CAA0B,QAAQ,CAAC,CAAC;IACrE,OAAO,IAAI,CAAC,IAAI,CAAC;AACnB,CAAC;AAED,eAAe;AAEf,MAAM,CAAC,KAAK,UAAU,cAAc;IAClC,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,KAAK,CAAC,CAAC;IACxC,OAAO,cAAc,CAAc,QAAQ,CAAC,CAAC;AAC/C,CAAC"}

package/dist/auth.d.ts

@@ -0,0 +1,11 @@
+import type { AuthTokens } from "./types.js";
+export declare function getApiUrl(): Promise<string>;
+export declare function buildOAuthUrl(): Promise<string>;
+export declare function extractCodeFromRedirectUrl(redirectUrl: string): string;
+export declare function exchangeCode(code: string): Promise<AuthTokens>;
+export declare function refreshToken(tokens: AuthTokens): Promise<AuthTokens>;
+export declare function resetDiscoveryCache(): void;
+export declare function getTokenDir(): string;
+export declare function loadTokens(): Promise<AuthTokens | null>;
+export declare function getAccessToken(): Promise<string>;
+//# sourceMappingURL=auth.d.ts.map

package/dist/auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAgF7C,wBAAsB,SAAS,IAAI,OAAO,CAAC,MAAM,CAAC,CAUjD;AAQD,wBAAsB,aAAa,IAAI,OAAO,CAAC,MAAM,CAAC,CAcrD;AAED,wBAAgB,0BAA0B,CAAC,WAAW,EAAE,MAAM,GAAG,MAAM,CAkBtE;AAED,wBAAsB,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC,CA0BpE;AAED,wBAAsB,YAAY,CAAC,MAAM,EAAE,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC,CAmC1E;AAaD,wBAAgB,mBAAmB,IAAI,IAAI,CAI1C;AAED,wBAAgB,WAAW,IAAI,MAAM,CAEpC;AAED,wBAAsB,UAAU,IAAI,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,CAa7D;AAED,wBAAsB,cAAc,IAAI,OAAO,CAAC,MAAM,CAAC,CAiBtD"}

package/dist/auth.js

@@ -0,0 +1,218 @@
+import { readFile, writeFile, mkdir, chmod } from "node:fs/promises";
+import { randomUUID, createHash } from "node:crypto";
+import { join } from "node:path";
+import { homedir } from "node:os";
+const GOOGLE_AUTH_ORIGIN = "https://accounts.google.com/o/oauth2/v2/auth";
+const SCOPES = "https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email";
+const TOKEN_DIR = join(homedir(), ".passwd");
+function getTokenFile() {
+    const origin = getOrigin();
+    const hash = createHash("sha256").update(origin).digest("hex").slice(0, 12);
+    return join(TOKEN_DIR, `tokens-${hash}.json`);
+}
+function requireHttps(url, label) {
+    if (!url.startsWith("https://") &&
+        !url.startsWith("http://localhost") &&
+        !url.startsWith("http://127.0.0.1")) {
+        throw new Error(`${label} must use HTTPS (or http://localhost for development), got: ${url}`);
+    }
+}
+function getOrigin() {
+    const origin = process.env.PASSWD_ORIGIN;
+    if (!origin) {
+        throw new Error("PASSWD_ORIGIN environment variable is required (e.g. https://your-company.passwd.team)");
+    }
+    const normalized = origin.replace(/\/+$/, "");
+    requireHttps(normalized, "PASSWD_ORIGIN");
+    return normalized;
+}
+let _discoveredApiUrl = null;
+let _discoveredClientId = null;
+let _discoveryDone = false;
+async function discoverFromOrigin(origin) {
+    if (_discoveryDone)
+        return;
+    _discoveryDone = true;
+    try {
+        const response = await fetch(origin, { headers: { Accept: "text/html" } });
+        const html = await response.text();
+        // Discover API URL from <meta name="app-api" content="...">
+        const apiMatch = html.match(/<meta\s+name=["']app-api["']\s+content=["']([^"']+)["']/i);
+        if (apiMatch?.[1]) {
+            const discovered = apiMatch[1].replace(/\/+$/, "");
+            requireHttps(discovered, "Discovered API URL");
+            _discoveredApiUrl = discovered;
+        }
+        // Discover client ID from the JS bundle
+        const scriptMatch = html.match(/src=["']([^"']*index[^"']*\.js)["']/i);
+        if (scriptMatch?.[1]) {
+            const scriptUrl = new URL(scriptMatch[1], origin).href;
+            const jsResponse = await fetch(scriptUrl);
+            const js = await jsResponse.text();
+            const clientIdMatch = js.match(/(\d+-[a-z0-9]+\.apps\.googleusercontent\.com)/);
+            if (clientIdMatch?.[1]) {
+                _discoveredClientId = clientIdMatch[1];
+            }
+        }
+    }
+    catch {
+        // Fall through to defaults/env vars
+    }
+}
+async function getClientId() {
+    if (process.env.PASSWD_CLIENT_ID)
+        return process.env.PASSWD_CLIENT_ID;
+    await discoverFromOrigin(getOrigin());
+    if (_discoveredClientId)
+        return _discoveredClientId;
+    throw new Error("Could not discover Google OAuth client ID from the deployment. Set PASSWD_CLIENT_ID env var manually.");
+}
+export async function getApiUrl() {
+    const envUrl = process.env.PASSWD_API_URL;
+    if (envUrl) {
+        const normalized = envUrl.replace(/\/+$/, "");
+        requireHttps(normalized, "PASSWD_API_URL");
+        return normalized;
+    }
+    await discoverFromOrigin(getOrigin());
+    return _discoveredApiUrl || `${getOrigin()}/api`;
+}
+function getRedirectUri() {
+    return `${getOrigin()}/oauth/redirect`;
+}
+let _pendingOAuthState = null;
+export async function buildOAuthUrl() {
+    const state = randomUUID();
+    _pendingOAuthState = state;
+    const clientId = await getClientId();
+    const url = new URL(GOOGLE_AUTH_ORIGIN);
+    url.searchParams.set("client_id", clientId);
+    url.searchParams.set("redirect_uri", getRedirectUri());
+    url.searchParams.set("state", state);
+    url.searchParams.set("prompt", "consent");
+    url.searchParams.set("scope", SCOPES);
+    url.searchParams.set("response_type", "code");
+    url.searchParams.set("access_type", "offline");
+    return url.toString();
+}
+export function extractCodeFromRedirectUrl(redirectUrl) {
+    const url = new URL(redirectUrl);
+    // Validate state parameter to prevent CSRF (login CSRF defense)
+    const returnedState = url.searchParams.get("state");
+    if (!_pendingOAuthState) {
+        throw new Error("No pending OAuth state. Please call passwd_login (or `login`) first to start the login flow.");
+    }
+    if (returnedState !== _pendingOAuthState) {
+        throw new Error("OAuth state mismatch — possible CSRF attack. Please restart the login flow.");
+    }
+    _pendingOAuthState = null;
+    const code = url.searchParams.get("code");
+    if (!code) {
+        throw new Error("No 'code' parameter found in the redirect URL");
+    }
+    return code;
+}
+export async function exchangeCode(code) {
+    const apiUrl = await getApiUrl();
+    const url = `${apiUrl}/v2/oauth/callback?code=${encodeURIComponent(code)}`;
+    const response = await fetch(url, {
+        method: "POST",
+        headers: {
+            "Content-Type": "application/json",
+            "x-islocalhost": "false",
+        },
+        body: JSON.stringify({}),
+    });
+    if (!response.ok) {
+        const text = await response.text();
+        throw new Error(`OAuth code exchange failed (${response.status}): ${text}`);
+    }
+    const data = await response.json();
+    if (!data.access_token) {
+        throw new Error("No access_token in OAuth response");
+    }
+    data.saved_at = Date.now();
+    await saveTokens(data);
+    return data;
+}
+export async function refreshToken(tokens) {
+    if (!tokens.refresh_token) {
+        throw new Error("No refresh token available. Please re-authenticate.");
+    }
+    const apiUrl = await getApiUrl();
+    const url = `${apiUrl}/v2/oauth/refresh-token`;
+    const response = await fetch(url, {
+        method: "POST",
+        headers: {
+            "Content-Type": "application/json",
+            "x-islocalhost": "false",
+        },
+        body: JSON.stringify({ refreshToken: tokens.refresh_token }),
+    });
+    if (!response.ok) {
+        const text = await response.text();
+        throw new Error(`Token refresh failed (${response.status}): ${text}`);
+    }
+    const data = await response.json();
+    if (!data.accessToken) {
+        throw new Error("No accessToken in refresh response");
+    }
+    const refreshed = {
+        access_token: data.accessToken,
+        refresh_token: tokens.refresh_token,
+        expiry_date: data.expiration,
+        saved_at: Date.now(),
+    };
+    await saveTokens(refreshed);
+    return refreshed;
+}
+async function saveTokens(tokens) {
+    const tokenFile = getTokenFile();
+    const data = { ...tokens, origin: getOrigin() };
+    await mkdir(TOKEN_DIR, { recursive: true, mode: 0o700 });
+    await writeFile(tokenFile, JSON.stringify(data, null, 2), {
+        encoding: "utf-8",
+        mode: 0o600,
+    });
+    await chmod(tokenFile, 0o600);
+}
+export function resetDiscoveryCache() {
+    _discoveredApiUrl = null;
+    _discoveredClientId = null;
+    _discoveryDone = false;
+}
+export function getTokenDir() {
+    return TOKEN_DIR;
+}
+export async function loadTokens() {
+    // Check env var first
+    const envToken = process.env.PASSWD_ACCESS_TOKEN;
+    if (envToken) {
+        return { access_token: envToken };
+    }
+    try {
+        const content = await readFile(getTokenFile(), "utf-8");
+        return JSON.parse(content);
+    }
+    catch {
+        return null;
+    }
+}
+export async function getAccessToken() {
+    const tokens = await loadTokens();
+    if (!tokens) {
+        throw new Error("Not authenticated. Use the passwd_login tool or set PASSWD_ACCESS_TOKEN.");
+    }
+    // Proactively refresh if token expires within 5 minutes
+    if (tokens.expiry_date && Date.now() > tokens.expiry_date - 5 * 60 * 1000) {
+        try {
+            const refreshed = await refreshToken(tokens);
+            return refreshed.access_token;
+        }
+        catch {
+            return tokens.access_token; // let 401 retry handle it
+        }
+    }
+    return tokens.access_token;
+}
+//# sourceMappingURL=auth.js.map

package/dist/auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.js","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAC;AACrE,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACrD,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAGlC,MAAM,kBAAkB,GAAG,8CAA8C,CAAC;AAC1E,MAAM,MAAM,GAAG,iGAAiG,CAAC;AAEjH,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,SAAS,CAAC,CAAC;AAE7C,SAAS,YAAY;IACnB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,IAAI,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAC5E,OAAO,IAAI,CAAC,SAAS,EAAE,UAAU,IAAI,OAAO,CAAC,CAAC;AAChD,CAAC;AAED,SAAS,YAAY,CAAC,GAAW,EAAE,KAAa;IAC9C,IACE,CAAC,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC;QAC3B,CAAC,GAAG,CAAC,UAAU,CAAC,kBAAkB,CAAC;QACnC,CAAC,GAAG,CAAC,UAAU,CAAC,kBAAkB,CAAC,EACnC,CAAC;QACD,MAAM,IAAI,KAAK,CACb,GAAG,KAAK,+DAA+D,GAAG,EAAE,CAC7E,CAAC;IACJ,CAAC;AACH,CAAC;AAED,SAAS,SAAS;IAChB,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC;IACzC,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CACb,wFAAwF,CACzF,CAAC;IACJ,CAAC;IACD,MAAM,UAAU,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IAC9C,YAAY,CAAC,UAAU,EAAE,eAAe,CAAC,CAAC;IAC1C,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,IAAI,iBAAiB,GAAkB,IAAI,CAAC;AAC5C,IAAI,mBAAmB,GAAkB,IAAI,CAAC;AAC9C,IAAI,cAAc,GAAG,KAAK,CAAC;AAE3B,KAAK,UAAU,kBAAkB,CAAC,MAAc;IAC9C,IAAI,cAAc;QAAE,OAAO;IAC3B,cAAc,GAAG,IAAI,CAAC;IAEtB,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,MAAM,EAAE,EAAE,OAAO,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE,EAAE,CAAC,CAAC;QAC3E,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAEnC,4DAA4D;QAC5D,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,0DAA0D,CAAC,CAAC;QACxF,IAAI,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAClB,MAAM,UAAU,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;YACnD,YAAY,CAAC,UAAU,EAAE,oBAAoB,CAAC,CAAC;YAC/C,iBAAiB,GAAG,UAAU,CAAC;QACjC,CAAC;QAED,wCAAwC;QACxC,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,sCAAsC,CAAC,CAAC;QACvE,IAAI,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACrB,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,IAAI,CAAC;YACvD,MAAM,UAAU,GAAG,MAAM,KAAK,CAAC,SAAS,CAAC,CAAC;YAC1C,MAAM,EAAE,GAAG,MAAM,UAAU,CAAC,IAAI,EAAE,CAAC;YACnC,MAAM,aAAa,GAAG,EAAE,CAAC,KAAK,CAAC,+CAA+C,CAAC,CAAC;YAChF,IAAI,aAAa,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBACvB,mBAAmB,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC;YACzC,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,oCAAoC;IACtC,CAAC;AACH,CAAC;AAED,KAAK,UAAU,WAAW;IACxB,IAAI,OAAO,CAAC,GAAG,CAAC,gBAAgB;QAAE,OAAO,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC;IACtE,MAAM,kBAAkB,CAAC,SAAS,EAAE,CAAC,CAAC;IACtC,IAAI,mBAAmB;QAAE,OAAO,mBAAmB,CAAC;IACpD,MAAM,IAAI,KAAK,CAAC,uGAAuG,CAAC,CAAC;AAC3H,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,SAAS;IAC7B,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;IAC1C,IAAI,MAAM,EAAE,CAAC;QACX,MAAM,UAAU,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QAC9C,YAAY,CAAC,UAAU,EAAE,gBAAgB,CAAC,CAAC;QAC3C,OAAO,UAAU,CAAC;IACpB,CAAC;IAED,MAAM,kBAAkB,CAAC,SAAS,EAAE,CAAC,CAAC;IACtC,OAAO,iBAAiB,IAAI,GAAG,SAAS,EAAE,MAAM,CAAC;AACnD,CAAC;AAED,SAAS,cAAc;IACrB,OAAO,GAAG,SAAS,EAAE,iBAAiB,CAAC;AACzC,CAAC;AAED,IAAI,kBAAkB,GAAkB,IAAI,CAAC;AAE7C,MAAM,CAAC,KAAK,UAAU,aAAa;IACjC,MAAM,KAAK,GAAG,UAAU,EAAE,CAAC;IAC3B,kBAAkB,GAAG,KAAK,CAAC;IAE3B,MAAM,QAAQ,GAAG,MAAM,WAAW,EAAE,CAAC;IACrC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,kBAAkB,CAAC,CAAC;IACxC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;IAC5C,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,cAAc,EAAE,CAAC,CAAC;IACvD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IACrC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;IAC1C,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IACtC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;IAC9C,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,EAAE,SAAS,CAAC,CAAC;IAC/C,OAAO,GAAG,CAAC,QAAQ,EAAE,CAAC;AACxB,CAAC;AAED,MAAM,UAAU,0BAA0B,CAAC,WAAmB;IAC5D,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,CAAC;IAEjC,gEAAgE;IAChE,MAAM,aAAa,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IACpD,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CAAC,8FAA8F,CAAC,CAAC;IAClH,CAAC;IACD,IAAI,aAAa,KAAK,kBAAkB,EAAE,CAAC;QACzC,MAAM,IAAI,KAAK,CAAC,6EAA6E,CAAC,CAAC;IACjG,CAAC;IACD,kBAAkB,GAAG,IAAI,CAAC;IAE1B,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IAC1C,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;IACnE,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,IAAY;IAC7C,MAAM,MAAM,GAAG,MAAM,SAAS,EAAE,CAAC;IACjC,MAAM,GAAG,GAAG,GAAG,MAAM,2BAA2B,kBAAkB,CAAC,IAAI,CAAC,EAAE,CAAC;IAE3E,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;QAChC,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,cAAc,EAAE,kBAAkB;YAClC,eAAe,EAAE,OAAO;SACzB;QACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;KACzB,CAAC,CAAC;IAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACnC,MAAM,IAAI,KAAK,CAAC,+BAA+B,QAAQ,CAAC,MAAM,MAAM,IAAI,EAAE,CAAC,CAAC;IAC9E,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAgB,CAAC;IACjD,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;IACvD,CAAC;IAED,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC3B,MAAM,UAAU,CAAC,IAAI,CAAC,CAAC;IACvB,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,MAAkB;IACnD,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC;QAC1B,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;IACzE,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,SAAS,EAAE,CAAC;IACjC,MAAM,GAAG,GAAG,GAAG,MAAM,yBAAyB,CAAC;IAE/C,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;QAChC,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,cAAc,EAAE,kBAAkB;YAClC,eAAe,EAAE,OAAO;SACzB;QACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,YAAY,EAAE,MAAM,CAAC,aAAa,EAAE,CAAC;KAC7D,CAAC,CAAC;IAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACnC,MAAM,IAAI,KAAK,CAAC,yBAAyB,QAAQ,CAAC,MAAM,MAAM,IAAI,EAAE,CAAC,CAAC;IACxE,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAiD,CAAC;IAClF,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;IACxD,CAAC;IAED,MAAM,SAAS,GAAe;QAC5B,YAAY,EAAE,IAAI,CAAC,WAAW;QAC9B,aAAa,EAAE,MAAM,CAAC,aAAa;QACnC,WAAW,EAAE,IAAI,CAAC,UAAU;QAC5B,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE;KACrB,CAAC;IACF,MAAM,UAAU,CAAC,SAAS,CAAC,CAAC;IAC5B,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,KAAK,UAAU,UAAU,CAAC,MAAkB;IAC1C,MAAM,SAAS,GAAG,YAAY,EAAE,CAAC;IACjC,MAAM,IAAI,GAAG,EAAE,GAAG,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,EAAE,CAAC;IAChD,MAAM,KAAK,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACzD,MAAM,SAAS,CAAC,SAAS,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE;QACxD,QAAQ,EAAE,OAAO;QACjB,IAAI,EAAE,KAAK;KACZ,CAAC,CAAC;IACH,MAAM,KAAK,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;AAChC,CAAC;AAED,MAAM,UAAU,mBAAmB;IACjC,iBAAiB,GAAG,IAAI,CAAC;IACzB,mBAAmB,GAAG,IAAI,CAAC;IAC3B,cAAc,GAAG,KAAK,CAAC;AACzB,CAAC;AAED,MAAM,UAAU,WAAW;IACzB,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,UAAU;IAC9B,sBAAsB;IACtB,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;IACjD,IAAI,QAAQ,EAAE,CAAC;QACb,OAAO,EAAE,YAAY,EAAE,QAAQ,EAAE,CAAC;IACpC,CAAC;IAED,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,YAAY,EAAE,EAAE,OAAO,CAAC,CAAC;QACxD,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAe,CAAC;IAC3C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc;IAClC,MAAM,MAAM,GAAG,MAAM,UAAU,EAAE,CAAC;IAClC,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CAAC,0EAA0E,CAAC,CAAC;IAC9F,CAAC;IAED,wDAAwD;IACxD,IAAI,MAAM,CAAC,WAAW,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,WAAW,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,EAAE,CAAC;QAC1E,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,MAAM,YAAY,CAAC,MAAM,CAAC,CAAC;YAC7C,OAAO,SAAS,CAAC,YAAY,CAAC;QAChC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,MAAM,CAAC,YAAY,CAAC,CAAC,0BAA0B;QACxD,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC,YAAY,CAAC;AAC7B,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,5 @@
+export type { AuthTokens, UserProfile, SecretType, SecretBase, AccessPermission, GroupRef, UserRef, SecretFile, GroupInfo, ContactInfo, PasswordSecret, PaymentCardSecret, ApiCredentialsSecret, DatabaseCredentialsSecret, SshKeySecret, SecureNoteSecret, Secret, SecretListItem, ListSecretsResponse, TOTPCode, TOTPResponse, ShareResponse, } from "./types.js";
+export { getApiUrl, buildOAuthUrl, extractCodeFromRedirectUrl, exchangeCode, refreshToken, loadTokens, getAccessToken, resetDiscoveryCache, getTokenDir, } from "./auth.js";
+export type { ListSecretsParams, ListSecretsResult } from "./api.js";
+export { listSecrets, getSecret, createSecret, updateSecret, deleteSecret, getTotpCode, enableSharing, revokeSharing, listGroups, listContacts, getCurrentUser, } from "./api.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,YAAY,EACV,UAAU,EACV,WAAW,EACX,UAAU,EACV,UAAU,EACV,gBAAgB,EAChB,QAAQ,EACR,OAAO,EACP,UAAU,EACV,SAAS,EACT,WAAW,EACX,cAAc,EACd,iBAAiB,EACjB,oBAAoB,EACpB,yBAAyB,EACzB,YAAY,EACZ,gBAAgB,EAChB,MAAM,EACN,cAAc,EACd,mBAAmB,EACnB,QAAQ,EACR,YAAY,EACZ,aAAa,GACd,MAAM,YAAY,CAAC;AAEpB,OAAO,EACL,SAAS,EACT,aAAa,EACb,0BAA0B,EAC1B,YAAY,EACZ,YAAY,EACZ,UAAU,EACV,cAAc,EACd,mBAAmB,EACnB,WAAW,GACZ,MAAM,WAAW,CAAC;AAEnB,YAAY,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;AAErE,OAAO,EACL,WAAW,EACX,SAAS,EACT,YAAY,EACZ,YAAY,EACZ,YAAY,EACZ,WAAW,EACX,aAAa,EACb,aAAa,EACb,UAAU,EACV,YAAY,EACZ,cAAc,GACf,MAAM,UAAU,CAAC"}

package/dist/index.js

@@ -0,0 +1,3 @@
+export { getApiUrl, buildOAuthUrl, extractCodeFromRedirectUrl, exchangeCode, refreshToken, loadTokens, getAccessToken, resetDiscoveryCache, getTokenDir, } from "./auth.js";
+export { listSecrets, getSecret, createSecret, updateSecret, deleteSecret, getTotpCode, enableSharing, revokeSharing, listGroups, listContacts, getCurrentUser, } from "./api.js";
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAyBA,OAAO,EACL,SAAS,EACT,aAAa,EACb,0BAA0B,EAC1B,YAAY,EACZ,YAAY,EACZ,UAAU,EACV,cAAc,EACd,mBAAmB,EACnB,WAAW,GACZ,MAAM,WAAW,CAAC;AAInB,OAAO,EACL,WAAW,EACX,SAAS,EACT,YAAY,EACZ,YAAY,EACZ,YAAY,EACZ,WAAW,EACX,aAAa,EACb,aAAa,EACb,UAAU,EACV,YAAY,EACZ,cAAc,GACf,MAAM,UAAU,CAAC"}

package/dist/types.d.ts

@@ -0,0 +1,116 @@
+export interface AuthTokens {
+    access_token: string;
+    refresh_token?: string;
+    expiry_date?: number;
+    saved_at?: number;
+    origin?: string;
+}
+export interface UserProfile {
+    id: string;
+    email: string;
+    name: string;
+    picture?: string;
+    [key: string]: unknown;
+}
+export type SecretType = "password" | "paymentCard" | "apiCredentials" | "databaseCredentials" | "sshKey" | "secureNote";
+export type AccessPermission = "read" | "write" | "autofillOnly" | "passkeyOnly";
+export interface GroupRef {
+    id: string;
+    accessPermissions: AccessPermission[];
+}
+export interface UserRef {
+    id: string;
+    accessPermissions: AccessPermission[];
+}
+export interface SecretFile {
+    name: string;
+    data: string;
+}
+export interface GroupInfo {
+    id: string;
+    name: string;
+    email: string;
+    visible: boolean;
+}
+export interface ContactInfo {
+    id: string;
+    email: string;
+    name: string;
+    isAdmin: boolean;
+    isWorkspaceAdmin: boolean;
+}
+export interface SecretBase {
+    id?: string;
+    type: SecretType;
+    name: string;
+    username?: string;
+    web?: string;
+    note?: string;
+    tags?: string[];
+    groups?: GroupRef[];
+    whitelistUsers?: UserRef[];
+    file?: SecretFile | null;
+    visibleToAll?: boolean;
+    hasTOTP?: boolean;
+    TOTP?: string | null;
+    passwordUpdatedAt?: string;
+    shareId?: string | null;
+    securityLevel?: string;
+    securityLeaks?: string;
+    ignoreSecurityReport?: boolean;
+    duplicities?: number;
+}
+export interface PasswordSecret extends SecretBase {
+    type: "password";
+    password?: string;
+}
+export interface PaymentCardSecret extends SecretBase {
+    type: "paymentCard";
+    cardNumber?: string;
+    cvvCode?: string;
+}
+export interface ApiCredentialsSecret extends SecretBase {
+    type: "apiCredentials";
+    password?: string;
+}
+export interface DatabaseCredentialsSecret extends SecretBase {
+    type: "databaseCredentials";
+    credentials?: string;
+}
+export interface SshKeySecret extends SecretBase {
+    type: "sshKey";
+    privateKey?: string;
+}
+export interface SecureNoteSecret extends SecretBase {
+    type: "secureNote";
+    secureNote?: string;
+}
+export type Secret = PasswordSecret | PaymentCardSecret | ApiCredentialsSecret | DatabaseCredentialsSecret | SshKeySecret | SecureNoteSecret;
+export interface SecretListItem {
+    id: string;
+    name: string;
+    type: SecretType;
+    username?: string;
+    web?: string;
+    tags?: string[];
+    hasTOTP?: boolean;
+    securityLevel?: string;
+    securityLeaks?: string;
+    duplicities?: number;
+    [key: string]: unknown;
+}
+export interface ListSecretsResponse {
+    secrets: Record<string, SecretListItem> | SecretListItem[];
+    totalCount?: number;
+}
+export interface TOTPCode {
+    code: string;
+    validityStart: number;
+    validityEnd: number;
+}
+export type TOTPResponse = TOTPCode[];
+export interface ShareResponse {
+    shareId?: string;
+    [key: string]: unknown;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,UAAU;IACzB,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,WAAW;IAC1B,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,MAAM,MAAM,UAAU,GAClB,UAAU,GACV,aAAa,GACb,gBAAgB,GAChB,qBAAqB,GACrB,QAAQ,GACR,YAAY,CAAC;AAEjB,MAAM,MAAM,gBAAgB,GAAG,MAAM,GAAG,OAAO,GAAG,cAAc,GAAG,aAAa,CAAC;AAEjF,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAC;IACX,iBAAiB,EAAE,gBAAgB,EAAE,CAAC;CACvC;AAED,MAAM,WAAW,OAAO;IACtB,EAAE,EAAE,MAAM,CAAC;IACX,iBAAiB,EAAE,gBAAgB,EAAE,CAAC;CACvC;AAED,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,SAAS;IACxB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,OAAO,CAAC;CAClB;AAED,MAAM,WAAW,WAAW;IAC1B,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,OAAO,CAAC;IACjB,gBAAgB,EAAE,OAAO,CAAC;CAC3B;AAED,MAAM,WAAW,UAAU;IACzB,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,UAAU,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,MAAM,CAAC,EAAE,QAAQ,EAAE,CAAC;IACpB,cAAc,CAAC,EAAE,OAAO,EAAE,CAAC;IAC3B,IAAI,CAAC,EAAE,UAAU,GAAG,IAAI,CAAC;IACzB,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAC/B,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,cAAe,SAAQ,UAAU;IAChD,IAAI,EAAE,UAAU,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,iBAAkB,SAAQ,UAAU;IACnD,IAAI,EAAE,aAAa,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,oBAAqB,SAAQ,UAAU;IACtD,IAAI,EAAE,gBAAgB,CAAC;IACvB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,yBAA0B,SAAQ,UAAU;IAC3D,IAAI,EAAE,qBAAqB,CAAC;IAC5B,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,YAAa,SAAQ,UAAU;IAC9C,IAAI,EAAE,QAAQ,CAAC;IACf,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,gBAAiB,SAAQ,UAAU;IAClD,IAAI,EAAE,YAAY,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,MAAM,MAAM,GACd,cAAc,GACd,iBAAiB,GACjB,oBAAoB,GACpB,yBAAyB,GACzB,YAAY,GACZ,gBAAgB,CAAC;AAErB,MAAM,WAAW,cAAc;IAC7B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,UAAU,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,mBAAmB;IAClC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,GAAG,cAAc,EAAE,CAAC;IAC3D,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,QAAQ;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,aAAa,EAAE,MAAM,CAAC;IACtB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,MAAM,YAAY,GAAG,QAAQ,EAAE,CAAC;AAEtC,MAAM,WAAW,aAAa;IAC5B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB"}

package/dist/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":""}

package/package.json

@@ -0,0 +1,34 @@
+{
+  "name": "@passwd/passwd-lib",
+  "version": "1.1.0",
+  "description": "Core library for passwd.team — auth, API client, and types",
+  "type": "module",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "default": "./dist/index.js"
+    }
+  },
+  "files": [
+    "dist"
+  ],
+  "scripts": {
+    "build": "tsc -b"
+  },
+  "keywords": [
+    "passwd",
+    "password-manager",
+    "passwd-team"
+  ],
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/pepuscz/passwd.git",
+    "directory": "packages/passwd-lib"
+  },
+  "publishConfig": {
+    "access": "public"
+  }
+}