@pikku/inspector 0.12.4 → 0.12.6

package/CHANGELOG.md

@@ -1,5 +1,23 @@
 ## 0.12.0
 
+## 0.12.6
+
+### Patch Changes
+
+- 84f01ad: Add credentialOverrides to wireAddon for remapping credential names, fix credential services template to pass variables argument.
+- Updated dependencies [84f01ad]
+  - @pikku/core@0.12.12
+
+## 0.12.5
+
+### Patch Changes
+
+- 65eccc6: Cache Zod schema generation between re-inspection passes and batch imports by source file. Schemas are cached using a fingerprint of schemaLookup entries + file mtimes, so reinspections skip Zod generation entirely when schemas haven't changed. Source file imports are grouped so each file is imported once instead of per-schema. Reduces `pikku all` from ~5 minutes to ~13 seconds on projects with many Zod schemas.
+- 0f59432: Add per-user credential system with CredentialService, OAuth2 route handlers, and KyselyCredentialService with envelope encryption
+- Updated dependencies [0f59432]
+- Updated dependencies [52b64d1]
+  - @pikku/core@0.12.10
+
 ## 0.12.4
 
 ### Patch Changes

package/dist/add/add-credential.d.ts

@@ -0,0 +1,2 @@
+import type { AddWiring } from '../types.js';
+export declare const addCredential: AddWiring;

package/dist/add/add-credential.js

@@ -0,0 +1,118 @@
+import * as ts from 'typescript';
+import { getPropertyValue, getArrayPropertyValue, } from '../utils/get-property-value.js';
+import { ErrorCode } from '../error-codes.js';
+import { detectSchemaVendorOrError } from '../utils/detect-schema-vendor.js';
+export const addCredential = (logger, node, checker, state, _options) => {
+    if (!ts.isCallExpression(node)) {
+        return;
+    }
+    const args = node.arguments;
+    const firstArg = args[0];
+    const expression = node.expression;
+    if (!ts.isIdentifier(expression) || expression.text !== 'wireCredential') {
+        return;
+    }
+    if (!firstArg) {
+        return;
+    }
+    if (ts.isObjectLiteralExpression(firstArg)) {
+        const obj = firstArg;
+        const nameValue = getPropertyValue(obj, 'name');
+        const displayNameValue = getPropertyValue(obj, 'displayName');
+        const descriptionValue = getPropertyValue(obj, 'description');
+        const typeValue = getPropertyValue(obj, 'type');
+        if (!nameValue) {
+            logger.critical(ErrorCode.MISSING_NAME, "Credential is missing the required 'name' property.");
+            return;
+        }
+        if (!displayNameValue) {
+            logger.critical(ErrorCode.MISSING_NAME, `Credential '${nameValue}' is missing the required 'displayName' property.`);
+            return;
+        }
+        if (!typeValue || (typeValue !== 'singleton' && typeValue !== 'wire')) {
+            logger.critical(ErrorCode.MISSING_NAME, `Credential '${nameValue}' is missing or has invalid 'type' property. Must be 'singleton' or 'wire'.`);
+            return;
+        }
+        let schemaVariableName = null;
+        let schemaSourceFile = null;
+        let schemaIdentifier = null;
+        for (const prop of obj.properties) {
+            if (ts.isPropertyAssignment(prop) &&
+                ts.isIdentifier(prop.name) &&
+                prop.name.text === 'schema') {
+                if (ts.isIdentifier(prop.initializer)) {
+                    schemaVariableName = prop.initializer.text;
+                    schemaIdentifier = prop.initializer;
+                    const symbol = checker.getSymbolAtLocation(prop.initializer);
+                    if (symbol) {
+                        const decl = symbol.valueDeclaration || symbol.declarations?.[0];
+                        if (decl) {
+                            if (ts.isImportSpecifier(decl)) {
+                                const aliasedSymbol = checker.getAliasedSymbol(symbol);
+                                if (aliasedSymbol) {
+                                    const aliasedDecl = aliasedSymbol.valueDeclaration ||
+                                        aliasedSymbol.declarations?.[0];
+                                    if (aliasedDecl) {
+                                        schemaSourceFile = aliasedDecl.getSourceFile().fileName;
+                                    }
+                                }
+                            }
+                            else {
+                                schemaSourceFile = decl.getSourceFile().fileName;
+                            }
+                        }
+                    }
+                }
+                break;
+            }
+        }
+        let oauth2 = undefined;
+        const oauth2Prop = obj.properties.find((p) => ts.isPropertyAssignment(p) &&
+            ts.isIdentifier(p.name) &&
+            p.name.text === 'oauth2');
+        if (oauth2Prop &&
+            ts.isPropertyAssignment(oauth2Prop) &&
+            ts.isObjectLiteralExpression(oauth2Prop.initializer)) {
+            const oauth2Obj = oauth2Prop.initializer;
+            const appCredentialSecretId = getPropertyValue(oauth2Obj, 'appCredentialSecretId');
+            const tokenSecretId = getPropertyValue(oauth2Obj, 'tokenSecretId');
+            const authorizationUrl = getPropertyValue(oauth2Obj, 'authorizationUrl');
+            const tokenUrl = getPropertyValue(oauth2Obj, 'tokenUrl');
+            const scopes = getArrayPropertyValue(oauth2Obj, 'scopes');
+            const pkce = getPropertyValue(oauth2Obj, 'pkce');
+            if (appCredentialSecretId && authorizationUrl && tokenUrl && scopes) {
+                oauth2 = {
+                    appCredentialSecretId,
+                    tokenSecretId: tokenSecretId || undefined,
+                    authorizationUrl,
+                    tokenUrl,
+                    scopes,
+                    pkce: pkce || undefined,
+                };
+            }
+        }
+        const sourceFile = node.getSourceFile().fileName;
+        state.credentials.files.add(sourceFile);
+        let schemaLookupName;
+        if (schemaVariableName && schemaSourceFile && schemaIdentifier) {
+            const vendor = detectSchemaVendorOrError(schemaIdentifier, checker, logger, `Credential '${nameValue}'`, schemaSourceFile);
+            if (vendor) {
+                schemaLookupName = `CredentialSchema_${nameValue}`;
+                state.schemaLookup.set(schemaLookupName, {
+                    variableName: schemaVariableName,
+                    sourceFile: schemaSourceFile,
+                    vendor,
+                });
+            }
+        }
+        state.credentials.definitions.push({
+            name: nameValue,
+            displayName: displayNameValue,
+            description: descriptionValue || undefined,
+            type: typeValue,
+            schema: schemaLookupName,
+            oauth2,
+            sourceFile,
+        });
+    }
+};

package/dist/add/add-secret.d.ts

@@ -1,3 +1 @@
-import type { AddWiring } from '../types.js';
-export declare const addSecret: AddWiring;
-export declare const addOAuth2Credential: AddWiring;
+export declare const addSecret: import("../types.js").AddWiring;

package/dist/add/add-secret.js

@@ -1,6 +1,3 @@
-import * as ts from 'typescript';
-import { getPropertyValue, getArrayPropertyValue, } from '../utils/get-property-value.js';
-import { ErrorCode } from '../error-codes.js';
 import { createAddKeyedWiring } from './add-keyed-wiring.js';
 export const addSecret = createAddKeyedWiring({
     functionName: 'wireSecret',
@@ -9,74 +6,3 @@ export const addSecret = createAddKeyedWiring({
     schemaPrefix: 'SecretSchema',
     getState: (state) => state.secrets,
 });
-export const addOAuth2Credential = (logger, node, _checker, state, _options) => {
-    if (!ts.isCallExpression(node)) {
-        return;
-    }
-    const args = node.arguments;
-    const firstArg = args[0];
-    const expression = node.expression;
-    if (!ts.isIdentifier(expression) ||
-        expression.text !== 'wireOAuth2Credential') {
-        return;
-    }
-    if (!firstArg) {
-        return;
-    }
-    if (ts.isObjectLiteralExpression(firstArg)) {
-        const obj = firstArg;
-        const nameValue = getPropertyValue(obj, 'name');
-        const displayNameValue = getPropertyValue(obj, 'displayName');
-        const descriptionValue = getPropertyValue(obj, 'description');
-        const secretIdValue = getPropertyValue(obj, 'secretId');
-        const tokenSecretIdValue = getPropertyValue(obj, 'tokenSecretId');
-        const authorizationUrlValue = getPropertyValue(obj, 'authorizationUrl');
-        const tokenUrlValue = getPropertyValue(obj, 'tokenUrl');
-        const scopesValue = getArrayPropertyValue(obj, 'scopes');
-        const pkceValue = getPropertyValue(obj, 'pkce');
-        if (!nameValue) {
-            logger.critical(ErrorCode.MISSING_NAME, "OAuth2 Credential is missing the required 'name' property.");
-            return;
-        }
-        if (!displayNameValue) {
-            logger.critical(ErrorCode.MISSING_NAME, `OAuth2 Credential '${nameValue}' is missing the required 'displayName' property.`);
-            return;
-        }
-        if (!secretIdValue) {
-            logger.critical(ErrorCode.MISSING_NAME, `OAuth2 Credential '${nameValue}' is missing the required 'secretId' property.`);
-            return;
-        }
-        if (!tokenSecretIdValue) {
-            logger.critical(ErrorCode.MISSING_NAME, `OAuth2 Credential '${nameValue}' is missing the required 'tokenSecretId' property.`);
-            return;
-        }
-        if (!authorizationUrlValue) {
-            logger.critical(ErrorCode.MISSING_NAME, `OAuth2 Credential '${nameValue}' is missing the required 'authorizationUrl' property.`);
-            return;
-        }
-        if (!tokenUrlValue) {
-            logger.critical(ErrorCode.MISSING_NAME, `OAuth2 Credential '${nameValue}' is missing the required 'tokenUrl' property.`);
-            return;
-        }
-        if (!scopesValue || scopesValue.length === 0) {
-            logger.critical(ErrorCode.MISSING_NAME, `OAuth2 Credential '${nameValue}' is missing the required 'scopes' property.`);
-            return;
-        }
-        const sourceFile = node.getSourceFile().fileName;
-        state.secrets.files.add(sourceFile);
-        state.secrets.definitions.push({
-            name: nameValue,
-            displayName: displayNameValue,
-            description: descriptionValue || undefined,
-            secretId: secretIdValue,
-            oauth2: {
-                tokenSecretId: tokenSecretIdValue,
-                authorizationUrl: authorizationUrlValue,
-                tokenUrl: tokenUrlValue,
-                scopes: scopesValue,
-                pkce: pkceValue || undefined,
-            },
-            sourceFile,
-        });
-    }
-};

package/dist/add/add-wire-addon.js

@@ -35,6 +35,7 @@ export function addWireAddon(node, state, logger) {
     let mcp;
     let secretOverrides;
     let variableOverrides;
+    let credentialOverrides;
     for (const prop of firstArg.properties) {
         if (!ts.isPropertyAssignment(prop) || !ts.isIdentifier(prop.name))
             continue;
@@ -61,6 +62,10 @@ export function addWireAddon(node, state, logger) {
             ts.isObjectLiteralExpression(prop.initializer)) {
             variableOverrides = parseStringRecord(prop.initializer);
         }
+        else if (key === 'credentialOverrides' &&
+            ts.isObjectLiteralExpression(prop.initializer)) {
+            credentialOverrides = parseStringRecord(prop.initializer);
+        }
     }
     if (!name || !pkg)
         return;
@@ -71,6 +76,7 @@ export function addWireAddon(node, state, logger) {
         mcp,
         secretOverrides,
         variableOverrides,
+        credentialOverrides,
     });
     state.rpc.usedAddons.add(name);
     state.rpc.wireAddonFiles.add(node.getSourceFile().fileName);

package/dist/inspector.js

@@ -4,7 +4,7 @@ import { visitSetup, visitRoutes } from './visit.js';
 import { TypesMap } from './types-map.js';
 import { getFilesAndMethods } from './utils/get-files-and-methods.js';
 import { findCommonAncestor } from './utils/find-root-dir.js';
-import { aggregateRequiredServices, validateAgentModels, validateAgentOverrides, validateSecretOverrides, validateVariableOverrides, computeResolvedIOTypes, computeMiddlewareGroupsMeta, computePermissionsGroupsMeta, computeRequiredSchemas, computeDiagnostics, validateSchemaWiringSeparation, } from './utils/post-process.js';
+import { aggregateRequiredServices, validateAgentModels, validateAgentOverrides, validateSecretOverrides, validateVariableOverrides, validateCredentialOverrides, computeResolvedIOTypes, computeMiddlewareGroupsMeta, computePermissionsGroupsMeta, computeRequiredSchemas, computeDiagnostics, validateSchemaWiringSeparation, } from './utils/post-process.js';
 import { generateOpenAPISpec } from './utils/serialize-openapi-json.js';
 import { pikkuState } from '@pikku/core/internal';
 import { resolveLatestVersions } from './utils/resolve-versions.js';
@@ -118,6 +118,10 @@ export function getInitialInspectorState(rootDir) {
             definitions: [],
             files: new Set(),
         },
+        credentials: {
+            definitions: [],
+            files: new Set(),
+        },
         variables: {
             definitions: [],
             files: new Set(),
@@ -261,6 +265,7 @@ export const inspect = async (logger, routeFiles, options = {}) => {
         validateAgentOverrides(logger, state, options.modelConfig);
         validateSecretOverrides(logger, state);
         validateVariableOverrides(logger, state);
+        validateCredentialOverrides(logger, state);
     }
     state.program = program;
     return state;

package/dist/types.d.ts

@@ -11,6 +11,7 @@ import type { AIAgentMeta } from '@pikku/core/ai-agent';
 import type { CLIMeta } from '@pikku/core/cli';
 import type { NodesMeta } from '@pikku/core/node';
 import type { SecretDefinitions } from '@pikku/core/secret';
+import type { CredentialDefinitions } from '@pikku/core/credential';
 import type { VariableDefinitions } from '@pikku/core/variable';
 import type { TypesMap } from './types-map.js';
 import type { FunctionsMeta, FunctionServicesMeta, FunctionWiresMeta, JSONValue } from '@pikku/core';
@@ -321,6 +322,7 @@ export interface InspectorState {
             mcp?: boolean;
             secretOverrides?: Record<string, string>;
             variableOverrides?: Record<string, string>;
+            credentialOverrides?: Record<string, string>;
         }>;
         wireAddonFiles: Set<string>;
     };
@@ -349,6 +351,10 @@ export interface InspectorState {
         definitions: SecretDefinitions;
         files: Set<string>;
     };
+    credentials: {
+        definitions: CredentialDefinitions;
+        files: Set<string>;
+    };
     variables: {
         definitions: VariableDefinitions;
         files: Set<string>;

package/dist/utils/post-process.d.ts

@@ -15,6 +15,7 @@ export declare function extractWireNames(list?: MiddlewareMetadata[] | Permissio
  */
 export declare function aggregateRequiredServices(state: InspectorState | Omit<InspectorState, 'typesLookup'>): void;
 export declare function validateSecretOverrides(logger: InspectorLogger, state: InspectorState | Omit<InspectorState, 'typesLookup'>): void;
+export declare function validateCredentialOverrides(logger: InspectorLogger, state: InspectorState | Omit<InspectorState, 'typesLookup'>): void;
 export declare function validateVariableOverrides(logger: InspectorLogger, state: InspectorState | Omit<InspectorState, 'typesLookup'>): void;
 export declare function computeResolvedIOTypes(state: InspectorState): void;
 export declare function computeMiddlewareGroupsMeta(state: InspectorState): void;

package/dist/utils/post-process.js

@@ -177,6 +177,22 @@ export function validateSecretOverrides(logger, state) {
         }
     }
 }
+export function validateCredentialOverrides(logger, state) {
+    const { wireAddonDeclarations } = state.rpc;
+    if (!wireAddonDeclarations || wireAddonDeclarations.size === 0)
+        return;
+    const credentialNames = new Set(state.credentials?.definitions.map((d) => d.name) ?? []);
+    for (const [namespace, addonDecl] of wireAddonDeclarations.entries()) {
+        if (!addonDecl.credentialOverrides)
+            continue;
+        for (const credentialKey of Object.keys(addonDecl.credentialOverrides)) {
+            if (!credentialNames.has(credentialKey)) {
+                const availableCredentials = Array.from(credentialNames);
+                logger.critical(ErrorCode.INVALID_VALUE, `Credential override '${credentialKey}' in addon '${namespace}' (${addonDecl.package}) does not exist. Available credentials: ${availableCredentials.join(', ') || 'none'}`);
+            }
+        }
+    }
+}
 export function validateVariableOverrides(logger, state) {
     const { wireAddonDeclarations } = state.rpc;
     if (!wireAddonDeclarations || wireAddonDeclarations.size === 0)

package/dist/utils/resolve-addon-package.d.ts

@@ -13,4 +13,5 @@ export declare const resolveAddonName: (identifier: ts.Identifier, checker: ts.T
     rpcEndpoint?: string;
     secretOverrides?: Record<string, string>;
     variableOverrides?: Record<string, string>;
+    credentialOverrides?: Record<string, string>;
 }>) => string | null;

package/dist/utils/serialize-inspector-state.d.ts

@@ -176,6 +176,7 @@ export interface SerializableInspectorState {
                 rpcEndpoint?: string;
                 secretOverrides?: Record<string, string>;
                 variableOverrides?: Record<string, string>;
+                credentialOverrides?: Record<string, string>;
             }
         ]>;
         wireAddonFiles: string[];
@@ -205,6 +206,10 @@ export interface SerializableInspectorState {
         definitions: InspectorState['secrets']['definitions'];
         files: string[];
     };
+    credentials: {
+        definitions: InspectorState['credentials']['definitions'];
+        files: string[];
+    };
     variables: {
         definitions: InspectorState['variables']['definitions'];
         files: string[];

package/dist/utils/serialize-inspector-state.js

@@ -101,6 +101,10 @@ export function serializeInspectorState(state) {
             definitions: state.secrets.definitions,
             files: Array.from(state.secrets.files),
         },
+        credentials: {
+            definitions: state.credentials.definitions,
+            files: Array.from(state.credentials.files),
+        },
         variables: {
             definitions: state.variables.definitions,
             files: Array.from(state.variables.files),
@@ -244,6 +248,10 @@ export function deserializeInspectorState(data) {
             definitions: data.secrets?.definitions || [],
             files: new Set(data.secrets?.files || []),
         },
+        credentials: {
+            definitions: data.credentials?.definitions || [],
+            files: new Set(data.credentials?.files || []),
+        },
         variables: {
             definitions: data.variables?.definitions || [],
             files: new Set(data.variables?.files || []),

package/dist/visit.js

@@ -17,7 +17,8 @@ import { addWireAddon } from './add/add-wire-addon.js';
 import { addMiddleware } from './add/add-middleware.js';
 import { addPermission } from './add/add-permission.js';
 import { addCLI, addCLIRenderers } from './add/add-cli.js';
-import { addSecret, addOAuth2Credential } from './add/add-secret.js';
+import { addSecret } from './add/add-secret.js';
+import { addCredential } from './add/add-credential.js';
 import { addVariable } from './add/add-variable.js';
 import { addWorkflowGraph } from './add/add-workflow-graph.js';
 import { addAIAgent } from './add/add-ai-agent.js';
@@ -41,7 +42,7 @@ export const visitSetup = (logger, checker, node, state, options) => {
 export const visitRoutes = (logger, checker, node, state, options) => {
     addFunctions(logger, node, checker, state, options);
     addSecret(logger, node, checker, state, options);
-    addOAuth2Credential(logger, node, checker, state, options);
+    addCredential(logger, node, checker, state, options);
     addVariable(logger, node, checker, state, options);
     addHTTPRoute(logger, node, checker, state, options);
     addHTTPRoutes(logger, node, checker, state, options);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pikku/inspector",
-  "version": "0.12.4",
+  "version": "0.12.6",
   "author": "yasser.fadl@gmail.com",
   "license": "BUSL-1.1",
   "type": "module",
@@ -35,7 +35,7 @@
   },
   "dependencies": {
     "@openapi-contrib/json-schema-to-openapi-schema": "^4.3.1",
-    "@pikku/core": "^0.12.9",
+    "@pikku/core": "^0.12.12",
     "path-to-regexp": "^8.3.0",
     "ts-json-schema-generator": "^2.5.0",
     "tsx": "^4.21.0",

package/src/add/add-credential.ts

@@ -0,0 +1,178 @@
+import * as ts from 'typescript'
+import {
+  getPropertyValue,
+  getArrayPropertyValue,
+} from '../utils/get-property-value.js'
+import type { AddWiring } from '../types.js'
+import { ErrorCode } from '../error-codes.js'
+import { detectSchemaVendorOrError } from '../utils/detect-schema-vendor.js'
+
+export const addCredential: AddWiring = (
+  logger,
+  node,
+  checker,
+  state,
+  _options
+) => {
+  if (!ts.isCallExpression(node)) {
+    return
+  }
+
+  const args = node.arguments
+  const firstArg = args[0]
+  const expression = node.expression
+
+  if (!ts.isIdentifier(expression) || expression.text !== 'wireCredential') {
+    return
+  }
+
+  if (!firstArg) {
+    return
+  }
+
+  if (ts.isObjectLiteralExpression(firstArg)) {
+    const obj = firstArg
+
+    const nameValue = getPropertyValue(obj, 'name') as string | null
+    const displayNameValue = getPropertyValue(obj, 'displayName') as
+      | string
+      | null
+    const descriptionValue = getPropertyValue(obj, 'description') as
+      | string
+      | null
+    const typeValue = getPropertyValue(obj, 'type') as string | null
+
+    if (!nameValue) {
+      logger.critical(
+        ErrorCode.MISSING_NAME,
+        "Credential is missing the required 'name' property."
+      )
+      return
+    }
+
+    if (!displayNameValue) {
+      logger.critical(
+        ErrorCode.MISSING_NAME,
+        `Credential '${nameValue}' is missing the required 'displayName' property.`
+      )
+      return
+    }
+
+    if (!typeValue || (typeValue !== 'singleton' && typeValue !== 'wire')) {
+      logger.critical(
+        ErrorCode.MISSING_NAME,
+        `Credential '${nameValue}' is missing or has invalid 'type' property. Must be 'singleton' or 'wire'.`
+      )
+      return
+    }
+
+    let schemaVariableName: string | null = null
+    let schemaSourceFile: string | null = null
+    let schemaIdentifier: ts.Identifier | null = null
+    for (const prop of obj.properties) {
+      if (
+        ts.isPropertyAssignment(prop) &&
+        ts.isIdentifier(prop.name) &&
+        prop.name.text === 'schema'
+      ) {
+        if (ts.isIdentifier(prop.initializer)) {
+          schemaVariableName = prop.initializer.text
+          schemaIdentifier = prop.initializer
+
+          const symbol = checker.getSymbolAtLocation(prop.initializer)
+          if (symbol) {
+            const decl = symbol.valueDeclaration || symbol.declarations?.[0]
+            if (decl) {
+              if (ts.isImportSpecifier(decl)) {
+                const aliasedSymbol = checker.getAliasedSymbol(symbol)
+                if (aliasedSymbol) {
+                  const aliasedDecl =
+                    aliasedSymbol.valueDeclaration ||
+                    aliasedSymbol.declarations?.[0]
+                  if (aliasedDecl) {
+                    schemaSourceFile = aliasedDecl.getSourceFile().fileName
+                  }
+                }
+              } else {
+                schemaSourceFile = decl.getSourceFile().fileName
+              }
+            }
+          }
+        }
+        break
+      }
+    }
+
+    let oauth2: any = undefined
+    const oauth2Prop = obj.properties.find(
+      (p) =>
+        ts.isPropertyAssignment(p) &&
+        ts.isIdentifier(p.name) &&
+        p.name.text === 'oauth2'
+    )
+    if (
+      oauth2Prop &&
+      ts.isPropertyAssignment(oauth2Prop) &&
+      ts.isObjectLiteralExpression(oauth2Prop.initializer)
+    ) {
+      const oauth2Obj = oauth2Prop.initializer
+      const appCredentialSecretId = getPropertyValue(
+        oauth2Obj,
+        'appCredentialSecretId'
+      ) as string | null
+      const tokenSecretId = getPropertyValue(oauth2Obj, 'tokenSecretId') as
+        | string
+        | null
+      const authorizationUrl = getPropertyValue(
+        oauth2Obj,
+        'authorizationUrl'
+      ) as string | null
+      const tokenUrl = getPropertyValue(oauth2Obj, 'tokenUrl') as string | null
+      const scopes = getArrayPropertyValue(oauth2Obj, 'scopes')
+      const pkce = getPropertyValue(oauth2Obj, 'pkce') as boolean | null
+
+      if (appCredentialSecretId && authorizationUrl && tokenUrl && scopes) {
+        oauth2 = {
+          appCredentialSecretId,
+          tokenSecretId: tokenSecretId || undefined,
+          authorizationUrl,
+          tokenUrl,
+          scopes,
+          pkce: pkce || undefined,
+        }
+      }
+    }
+
+    const sourceFile = node.getSourceFile().fileName
+    state.credentials.files.add(sourceFile)
+
+    let schemaLookupName: string | undefined
+    if (schemaVariableName && schemaSourceFile && schemaIdentifier) {
+      const vendor = detectSchemaVendorOrError(
+        schemaIdentifier,
+        checker,
+        logger,
+        `Credential '${nameValue}'`,
+        schemaSourceFile
+      )
+      if (vendor) {
+        schemaLookupName = `CredentialSchema_${nameValue}`
+        state.schemaLookup.set(schemaLookupName, {
+          variableName: schemaVariableName,
+          sourceFile: schemaSourceFile,
+          vendor,
+        })
+      }
+    }
+
+    state.credentials.definitions.push({
+      name: nameValue,
+      displayName: displayNameValue,
+      description: descriptionValue || undefined,
+      type: typeValue as 'singleton' | 'wire',
+      schema: schemaLookupName,
+      oauth2,
+      sourceFile,
+    })
+  }
+}