npm - @pokit/op - Versions diffs - 0.0.1 - Mend

@pokit/op 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (18) hide show

package/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2025 Daniel Grant
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/dist/checks.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+export declare const opInstalled: import("@pokit/core").CheckConfig;
+export declare const opAuthenticated: import("@pokit/core").CheckConfig;
+//# sourceMappingURL=checks.d.ts.map

package/dist/checks.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"checks.d.ts","sourceRoot":"","sources":["../src/checks.ts"],"names":[],"mappings":"AAGA,eAAO,MAAM,WAAW,mCAWtB,CAAC;AAEH,eAAO,MAAM,eAAe,mCAQ1B,CAAC"}

package/dist/checks.js ADDED Viewed

@@ -0,0 +1,21 @@
+import { defineCheck } from '@pokit/core';
+import { isInstalled, isAuthenticated, getAuthErrorMessage } from './op';
+export const opInstalled = defineCheck({
+    label: '1Password CLI installed',
+    check: async () => {
+        const installed = await isInstalled();
+        if (!installed) {
+            throw new Error('1Password CLI is not installed. ' +
+                'Install from: https://developer.1password.com/docs/cli/get-started/');
+        }
+    },
+});
+export const opAuthenticated = defineCheck({
+    label: '1Password authenticated',
+    check: async () => {
+        const authenticated = await isAuthenticated();
+        if (!authenticated) {
+            throw new Error(getAuthErrorMessage());
+        }
+    },
+});

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,16 @@
+export { defineOpVault, parseOpRef } from './vault';
+export type { OpVault, OpVaultRef, InferOpVaultKeys } from './vault';
+export { defineOpResolver } from './resolver';
+export type { OpResolverConfig } from './resolver';
+export * as opUtils from './op';
+export type { OpItem } from './op';
+/**
+ * Type exports for individual utility functions.
+ * These enable consumers to reference specific function signatures
+ * without accessing them through the opUtils namespace.
+ */
+export type IsInstalledFn = typeof import('./op').isInstalled;
+export type IsAuthenticatedFn = typeof import('./op').isAuthenticated;
+export type GetFieldFn = typeof import('./op').getField;
+export { opInstalled, opAuthenticated } from './checks';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACpD,YAAY,EAAE,OAAO,EAAE,UAAU,EAAE,gBAAgB,EAAE,MAAM,SAAS,CAAC;AAErE,OAAO,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAC9C,YAAY,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAMnD,OAAO,KAAK,OAAO,MAAM,MAAM,CAAC;AAEhC,YAAY,EAAE,MAAM,EAAE,MAAM,MAAM,CAAC;AAEnC;;;;GAIG;AACH,MAAM,MAAM,aAAa,GAAG,cAAc,MAAM,EAAE,WAAW,CAAC;AAC9D,MAAM,MAAM,iBAAiB,GAAG,cAAc,MAAM,EAAE,eAAe,CAAC;AACtE,MAAM,MAAM,UAAU,GAAG,cAAc,MAAM,EAAE,QAAQ,CAAC;AAMxD,OAAO,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC"}

package/dist/index.js ADDED Viewed

@@ -0,0 +1,10 @@
+export { defineOpVault, parseOpRef } from './vault';
+export { defineOpResolver } from './resolver';
+// =============================================================================
+// 1Password CLI utilities
+// =============================================================================
+export * as opUtils from './op';
+// =============================================================================
+// 1Password CLI checks
+// =============================================================================
+export { opInstalled, opAuthenticated } from './checks';

package/dist/op.d.ts ADDED Viewed

@@ -0,0 +1,68 @@
+/**
+ * Check if 1Password CLI is installed
+ */
+export declare function isInstalled(): Promise<boolean>;
+/**
+ * Check if authenticated with 1Password CLI
+ * Works for both desktop (app/signin) and CI (OP_SERVICE_ACCOUNT_TOKEN)
+ */
+export declare function isAuthenticated(): Promise<boolean>;
+/**
+ * Get helpful error message for authentication failure
+ */
+export declare function getAuthErrorMessage(): string;
+/**
+ * Check if a vault exists
+ */
+export declare function vaultExists(vault: string): Promise<boolean>;
+/**
+ * Create a vault
+ */
+export declare function createVault(vault: string): Promise<void>;
+/**
+ * List all vaults
+ */
+export declare function listVaults(): Promise<string[]>;
+/**
+ * Item structure
+ */
+export interface OpItem {
+    id: string;
+    title: string;
+    vault: {
+        id: string;
+        name: string;
+    };
+    fields: Record<string, string>;
+}
+/**
+ * Check if an item exists in a vault
+ */
+export declare function itemExists(vault: string, item: string): Promise<boolean>;
+/**
+ * Get a field value from a 1Password item
+ */
+export declare function getField(vault: string, item: string, field: string): Promise<string | null>;
+/**
+ * Get all fields from a 1Password item
+ */
+export declare function getItem(vault: string, item: string): Promise<OpItem | null>;
+/**
+ * Get multiple items from a vault in a single batch
+ * More efficient than calling getItem multiple times
+ */
+export declare function getItemsBatch(vault: string, itemNames: string[]): Promise<Map<string, OpItem>>;
+/**
+ * Set a field on a 1Password item, creating the item if it doesn't exist
+ */
+export declare function setField(vault: string, item: string, field: string, value: string): Promise<void>;
+/**
+ * Set multiple fields on a 1Password item in a single operation.
+ * Batches all field updates into a single CLI call for efficiency.
+ */
+export declare function setFieldsBatch(vault: string, item: string, fields: Record<string, string>): Promise<void>;
+/**
+ * Resolve a secret reference (op://vault/item/field)
+ */
+export declare function resolveSecret(reference: string): Promise<string | null>;
+//# sourceMappingURL=op.d.ts.map

package/dist/op.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"op.d.ts","sourceRoot":"","sources":["../src/op.ts"],"names":[],"mappings":"AA+BA;;GAEG;AACH,wBAAsB,WAAW,IAAI,OAAO,CAAC,OAAO,CAAC,CAGpD;AAED;;;GAGG;AACH,wBAAsB,eAAe,IAAI,OAAO,CAAC,OAAO,CAAC,CAGxD;AAED;;GAEG;AACH,wBAAgB,mBAAmB,IAAI,MAAM,CAW5C;AAED;;GAEG;AACH,wBAAsB,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAIjE;AAED;;GAEG;AACH,wBAAsB,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAG9D;AAED;;GAEG;AACH,wBAAsB,UAAU,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC,CAIpD;AAED;;GAEG;AACH,MAAM,WAAW,MAAM;IACrB,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC;IACpC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAChC;AAED;;GAEG;AACH,wBAAsB,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAK9E;AAED;;GAEG;AACH,wBAAsB,QAAQ,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CASjG;AAED;;GAEG;AACH,wBAAsB,OAAO,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CA6BjF;AAED;;;GAGG;AACH,wBAAsB,aAAa,CACjC,KAAK,EAAE,MAAM,EACb,SAAS,EAAE,MAAM,EAAE,GAClB,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAmB9B;AAED;;GAEG;AACH,wBAAsB,QAAQ,CAC5B,KAAK,EAAE,MAAM,EACb,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,MAAM,EACb,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,IAAI,CAAC,CAEf;AAED;;;GAGG;AACH,wBAAsB,cAAc,CAClC,KAAK,EAAE,MAAM,EACb,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAC7B,OAAO,CAAC,IAAI,CAAC,CAqBf;AAED;;GAEG;AACH,wBAAsB,aAAa,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAM7E"}

package/dist/op.js ADDED Viewed

@@ -0,0 +1,176 @@
+import { $ } from 'bun';
+// =============================================================================
+// Input Validation
+// =============================================================================
+/**
+ * Valid characters for 1Password identifiers (vault, item, field names).
+ * Allows alphanumeric, spaces, dashes, underscores, and periods.
+ */
+const VALID_IDENTIFIER_PATTERN = /^[a-zA-Z0-9 _.-]+$/;
+/**
+ * Validate a 1Password identifier (vault name, item name, or field name).
+ * Throws if the identifier contains invalid characters.
+ */
+function validateIdentifier(value, type) {
+    if (!value || value.trim().length === 0) {
+        throw new Error(`${type} name cannot be empty`);
+    }
+    if (!VALID_IDENTIFIER_PATTERN.test(value)) {
+        throw new Error(`Invalid ${type} name: "${value}". Only alphanumeric characters, spaces, dashes, underscores, and periods are allowed.`);
+    }
+}
+// =============================================================================
+// Authentication
+// =============================================================================
+/**
+ * Check if 1Password CLI is installed
+ */
+export async function isInstalled() {
+    const result = await $ `which op`.nothrow().quiet();
+    return result.exitCode === 0;
+}
+/**
+ * Check if authenticated with 1Password CLI
+ * Works for both desktop (app/signin) and CI (OP_SERVICE_ACCOUNT_TOKEN)
+ */
+export async function isAuthenticated() {
+    const result = await $ `op whoami`.nothrow().quiet();
+    return result.exitCode === 0;
+}
+/**
+ * Get helpful error message for authentication failure
+ */
+export function getAuthErrorMessage() {
+    if (process.env.OP_SERVICE_ACCOUNT_TOKEN) {
+        return ('1Password authentication failed. ' +
+            'The OP_SERVICE_ACCOUNT_TOKEN may be invalid or expired.');
+    }
+    return ('1Password authentication failed. ' +
+        'Either run `op signin` or ensure the 1Password app is running with CLI integration enabled.');
+}
+/**
+ * Check if a vault exists
+ */
+export async function vaultExists(vault) {
+    validateIdentifier(vault, 'vault');
+    const result = await $ `op vault get ${vault} --format=json`.nothrow().quiet();
+    return result.exitCode === 0;
+}
+/**
+ * Create a vault
+ */
+export async function createVault(vault) {
+    validateIdentifier(vault, 'vault');
+    await $ `op vault create ${vault}`.quiet();
+}
+/**
+ * List all vaults
+ */
+export async function listVaults() {
+    const result = await $ `op vault list --format=json`.quiet();
+    const vaults = JSON.parse(result.text());
+    return vaults.map((v) => v.name);
+}
+/**
+ * Check if an item exists in a vault
+ */
+export async function itemExists(vault, item) {
+    validateIdentifier(vault, 'vault');
+    validateIdentifier(item, 'item');
+    const result = await $ `op item get ${item} --vault=${vault} --format=json`.nothrow().quiet();
+    return result.exitCode === 0;
+}
+/**
+ * Get a field value from a 1Password item
+ */
+export async function getField(vault, item, field) {
+    validateIdentifier(vault, 'vault');
+    validateIdentifier(item, 'item');
+    validateIdentifier(field, 'field');
+    const result = await $ `op read op://${vault}/${item}/${field}`.nothrow().quiet();
+    if (result.exitCode !== 0) {
+        return null;
+    }
+    return result.text().trim();
+}
+/**
+ * Get all fields from a 1Password item
+ */
+export async function getItem(vault, item) {
+    validateIdentifier(vault, 'vault');
+    validateIdentifier(item, 'item');
+    const result = await $ `op item get ${item} --vault=${vault} --format=json`.nothrow().quiet();
+    if (result.exitCode !== 0) {
+        return null;
+    }
+    const data = JSON.parse(result.text());
+    const fields = {};
+    for (const f of data.fields) {
+        if (f.value) {
+            fields[f.label] = f.value;
+        }
+    }
+    return {
+        id: data.id,
+        title: data.title,
+        vault: data.vault,
+        fields,
+    };
+}
+/**
+ * Get multiple items from a vault in a single batch
+ * More efficient than calling getItem multiple times
+ */
+export async function getItemsBatch(vault, itemNames) {
+    validateIdentifier(vault, 'vault');
+    for (const itemName of itemNames) {
+        validateIdentifier(itemName, 'item');
+    }
+    const results = new Map();
+    // Fetch items in parallel
+    await Promise.all(itemNames.map(async (itemName) => {
+        const item = await getItem(vault, itemName);
+        if (item) {
+            results.set(itemName, item);
+        }
+    }));
+    return results;
+}
+/**
+ * Set a field on a 1Password item, creating the item if it doesn't exist
+ */
+export async function setField(vault, item, field, value) {
+    return setFieldsBatch(vault, item, { [field]: value });
+}
+/**
+ * Set multiple fields on a 1Password item in a single operation.
+ * Batches all field updates into a single CLI call for efficiency.
+ */
+export async function setFieldsBatch(vault, item, fields) {
+    validateIdentifier(vault, 'vault');
+    validateIdentifier(item, 'item');
+    for (const fieldName of Object.keys(fields)) {
+        validateIdentifier(fieldName, 'field');
+    }
+    const exists = await itemExists(vault, item);
+    // Build field arguments for all fields
+    const fieldArgs = Object.entries(fields).map(([fieldName, fieldValue]) => `${fieldName}[concealed]=${fieldValue}`);
+    if (exists) {
+        // Update existing item - edit all fields in a single command
+        await $ `op item edit ${item} --vault=${vault} ${fieldArgs}`.quiet();
+    }
+    else {
+        // Create new item with all fields
+        await $ `op item create --category=login --vault=${vault} --title=${item} ${fieldArgs}`.quiet();
+    }
+}
+/**
+ * Resolve a secret reference (op://vault/item/field)
+ */
+export async function resolveSecret(reference) {
+    const result = await $ `op read ${reference}`.nothrow().quiet();
+    if (result.exitCode !== 0) {
+        return null;
+    }
+    return result.text().trim();
+}

package/dist/resolver.d.ts ADDED Viewed

@@ -0,0 +1,28 @@
+import type { TypedEnvResolver } from '@pokit/core';
+import { type OpVault, type InferOpVaultKeys } from './vault';
+export type OpResolverConfig<TVault extends OpVault<any>, TEnvs extends string> = {
+    vault: TVault;
+    vaults: Record<TEnvs, string>;
+};
+/**
+ * Define a 1Password resolver that fetches and writes secrets to 1Password vaults.
+ *
+ * @example
+ * ```ts
+ * const vault = defineOpVault({
+ *   POSTGRES_URL: 'supabase:SUPABASE_SESSION_DSN',
+ *   SUPABASE_URL: 'supabase:SUPABASE_URL',
+ * });
+ *
+ * const opResolver = defineOpResolver({
+ *   vault,
+ *   vaults: {
+ *     dev: 'my-app-secrets-dev',
+ *     staging: 'my-app-secrets-staging',
+ *     prod: 'my-app-secrets-prod',
+ *   },
+ * });
+ * ```
+ */
+export declare function defineOpResolver<TVault extends OpVault<any>, const TEnvs extends string>(config: OpResolverConfig<TVault, TEnvs>): TypedEnvResolver<InferOpVaultKeys<TVault> & string>;
+//# sourceMappingURL=resolver.d.ts.map

package/dist/resolver.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"resolver.d.ts","sourceRoot":"","sources":["../src/resolver.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,gBAAgB,EAAkB,MAAM,aAAa,CAAC;AACpE,OAAO,EAAE,KAAK,OAAO,EAAE,KAAK,gBAAgB,EAAc,MAAM,SAAS,CAAC;AAS1E,MAAM,MAAM,gBAAgB,CAAC,MAAM,SAAS,OAAO,CAAC,GAAG,CAAC,EAAE,KAAK,SAAS,MAAM,IAAI;IAChF,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;CAC/B,CAAC;AAEF;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAgB,gBAAgB,CAAC,MAAM,SAAS,OAAO,CAAC,GAAG,CAAC,EAAE,KAAK,CAAC,KAAK,SAAS,MAAM,EACtF,MAAM,EAAE,gBAAgB,CAAC,MAAM,EAAE,KAAK,CAAC,GACtC,gBAAgB,CAAC,gBAAgB,CAAC,MAAM,CAAC,GAAG,MAAM,CAAC,CAwGrD"}

package/dist/resolver.js ADDED Viewed

@@ -0,0 +1,105 @@
+import { z } from 'zod';
+import { parseOpRef } from './vault';
+import * as op from './op';
+/**
+ * Define a 1Password resolver that fetches and writes secrets to 1Password vaults.
+ *
+ * @example
+ * ```ts
+ * const vault = defineOpVault({
+ *   POSTGRES_URL: 'supabase:SUPABASE_SESSION_DSN',
+ *   SUPABASE_URL: 'supabase:SUPABASE_URL',
+ * });
+ *
+ * const opResolver = defineOpResolver({
+ *   vault,
+ *   vaults: {
+ *     dev: 'my-app-secrets-dev',
+ *     staging: 'my-app-secrets-staging',
+ *     prod: 'my-app-secrets-prod',
+ *   },
+ * });
+ * ```
+ */
+export function defineOpResolver(config) {
+    const envValues = Object.keys(config.vaults);
+    const availableVars = Object.keys(config.vault.secrets);
+    return {
+        requiredContext: z.object({
+            env: z.enum(envValues),
+        }),
+        availableVars,
+        resolve: async (keys, context) => {
+            const ctx = z.object({ env: z.enum(envValues) }).parse(context);
+            const vaultName = config.vaults[ctx.env];
+            if (!vaultName) {
+                throw new Error(`No vault configured for environment: ${ctx.env}`);
+            }
+            // Build mapping of keys to their 1Password item/field locations
+            const keyMappings = [];
+            const unknownKeys = [];
+            for (const key of keys) {
+                const ref = config.vault.secrets[key];
+                if (!ref) {
+                    unknownKeys.push(key);
+                    continue;
+                }
+                const { item, field } = parseOpRef(ref);
+                keyMappings.push({ key, item, field });
+            }
+            if (unknownKeys.length > 0) {
+                throw new Error(`No secret config for keys: ${unknownKeys.join(', ')}`);
+            }
+            // Group by item name to minimize 1Password calls
+            const itemNames = [...new Set(keyMappings.map((m) => m.item))];
+            // Fetch all items in parallel
+            const items = await op.getItemsBatch(vaultName, itemNames);
+            // Extract requested fields from fetched items
+            const result = {};
+            const missingSecrets = [];
+            for (const { key, item, field } of keyMappings) {
+                const opItem = items.get(item);
+                if (!opItem) {
+                    missingSecrets.push(`op://${vaultName}/${item}/${field} (item not found)`);
+                    continue;
+                }
+                const value = opItem.fields[field];
+                if (value === undefined) {
+                    missingSecrets.push(`op://${vaultName}/${item}/${field} (field not found)`);
+                    continue;
+                }
+                result[key] = value;
+            }
+            if (missingSecrets.length > 0) {
+                throw new Error(`Failed to fetch secrets from 1Password:\n  - ${missingSecrets.join('\n  - ')}`);
+            }
+            return result;
+        },
+        write: async (values, context) => {
+            const ctx = z.object({ env: z.enum(envValues) }).parse(context);
+            const vaultName = config.vaults[ctx.env];
+            if (!vaultName) {
+                throw new Error(`No vault configured for environment: ${ctx.env}`);
+            }
+            // Group values by 1Password item for batch writes
+            const byItem = new Map();
+            for (const [key, value] of Object.entries(values)) {
+                if (value === undefined)
+                    continue;
+                const ref = config.vault.secrets[key];
+                if (!ref) {
+                    throw new Error(`Unknown variable "${key}". ` + `Ensure it is declared in the vault configuration.`);
+                }
+                const { item, field } = parseOpRef(ref);
+                if (!byItem.has(item)) {
+                    byItem.set(item, {});
+                }
+                byItem.get(item)[field] = value;
+            }
+            // Batch write each item (fail fast on error)
+            for (const [item, fields] of byItem) {
+                await op.setFieldsBatch(vaultName, item, fields);
+            }
+        },
+    };
+}

package/dist/vault.d.ts ADDED Viewed

@@ -0,0 +1,41 @@
+/**
+ * Vault definition for 1Password secrets.
+ *
+ * Each entry maps a variable name to an "item:field" reference.
+ * Format: `"itemName:fieldName"` where both are required.
+ *
+ * @example
+ * ```ts
+ * const vault = defineOpVault({
+ *   POSTGRES_URL: 'supabase:SUPABASE_SESSION_DSN',
+ *   SUPABASE_URL: 'supabase:SUPABASE_URL',
+ *   STRIPE_SECRET_KEY: 'stripe:STRIPE_SECRET_KEY',
+ * });
+ * ```
+ */
+export type OpVaultRef = `${string}:${string}`;
+export type OpVault<TSecrets extends Record<string, OpVaultRef>> = {
+    secrets: TSecrets;
+};
+export type InferOpVaultKeys<T> = T extends OpVault<infer S> ? keyof S : never;
+/**
+ * Parse an "item:field" reference into its components.
+ */
+export declare function parseOpRef(ref: OpVaultRef): {
+    item: string;
+    field: string;
+};
+/**
+ * Define a vault with typed secret declarations.
+ *
+ * @example
+ * ```ts
+ * const vault = defineOpVault({
+ *   POSTGRES_URL: 'supabase:SUPABASE_SESSION_DSN',
+ *   SUPABASE_URL: 'supabase:SUPABASE_URL',
+ *   VITE_SUPABASE_URL: 'supabase:SUPABASE_URL',
+ * });
+ * ```
+ */
+export declare function defineOpVault<const TSecrets extends Record<string, OpVaultRef>>(secrets: TSecrets): OpVault<TSecrets>;
+//# sourceMappingURL=vault.d.ts.map

package/dist/vault.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"vault.d.ts","sourceRoot":"","sources":["../src/vault.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,MAAM,MAAM,UAAU,GAAG,GAAG,MAAM,IAAI,MAAM,EAAE,CAAC;AAE/C,MAAM,MAAM,OAAO,CAAC,QAAQ,SAAS,MAAM,CAAC,MAAM,EAAE,UAAU,CAAC,IAAI;IACjE,OAAO,EAAE,QAAQ,CAAC;CACnB,CAAC;AAEF,MAAM,MAAM,gBAAgB,CAAC,CAAC,IAAI,CAAC,SAAS,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,MAAM,CAAC,GAAG,KAAK,CAAC;AAE/E;;GAEG;AACH,wBAAgB,UAAU,CAAC,GAAG,EAAE,UAAU,GAAG;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,CAS3E;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,aAAa,CAAC,KAAK,CAAC,QAAQ,SAAS,MAAM,CAAC,MAAM,EAAE,UAAU,CAAC,EAC7E,OAAO,EAAE,QAAQ,GAChB,OAAO,CAAC,QAAQ,CAAC,CAEnB"}

package/dist/vault.js ADDED Viewed

@@ -0,0 +1,43 @@
+/**
+ * Vault definition for 1Password secrets.
+ *
+ * Each entry maps a variable name to an "item:field" reference.
+ * Format: `"itemName:fieldName"` where both are required.
+ *
+ * @example
+ * ```ts
+ * const vault = defineOpVault({
+ *   POSTGRES_URL: 'supabase:SUPABASE_SESSION_DSN',
+ *   SUPABASE_URL: 'supabase:SUPABASE_URL',
+ *   STRIPE_SECRET_KEY: 'stripe:STRIPE_SECRET_KEY',
+ * });
+ * ```
+ */
+/**
+ * Parse an "item:field" reference into its components.
+ */
+export function parseOpRef(ref) {
+    const colonIndex = ref.indexOf(':');
+    if (colonIndex === -1) {
+        throw new Error(`Invalid vault reference: ${ref}. Expected "item:field".`);
+    }
+    return {
+        item: ref.slice(0, colonIndex),
+        field: ref.slice(colonIndex + 1),
+    };
+}
+/**
+ * Define a vault with typed secret declarations.
+ *
+ * @example
+ * ```ts
+ * const vault = defineOpVault({
+ *   POSTGRES_URL: 'supabase:SUPABASE_SESSION_DSN',
+ *   SUPABASE_URL: 'supabase:SUPABASE_URL',
+ *   VITE_SUPABASE_URL: 'supabase:SUPABASE_URL',
+ * });
+ * ```
+ */
+export function defineOpVault(secrets) {
+    return { secrets };
+}

package/package.json ADDED Viewed

@@ -0,0 +1,58 @@
+{
+  "name": "@pokit/op",
+  "version": "0.0.1",
+  "description": "Operation utilities for pok CLI applications",
+  "keywords": [
+    "cli",
+    "command-line",
+    "typescript",
+    "bun",
+    "terminal",
+    "pok",
+    "pokjs",
+    "operations",
+    "utilities",
+    "helpers"
+  ],
+  "type": "module",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/notation-dev/openpok.git",
+    "directory": "packages/op"
+  },
+  "homepage": "https://github.com/notation-dev/openpok#readme",
+  "bugs": {
+    "url": "https://github.com/notation-dev/openpok/issues"
+  },
+  "main": "./src/index.ts",
+  "module": "./src/index.ts",
+  "types": "./src/index.ts",
+  "exports": {
+    ".": {
+      "bun": "./src/index.ts",
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    }
+  },
+  "files": [
+    "dist",
+    "README.md",
+    "LICENSE"
+  ],
+  "publishConfig": {
+    "access": "public"
+  },
+  "dependencies": {
+    "@pokit/core": "0.0.1"
+  },
+  "devDependencies": {
+    "@types/bun": "latest"
+  },
+  "peerDependencies": {
+    "zod": "^4.0.0"
+  },
+  "engines": {
+    "bun": ">=1.0.0"
+  }
+}

package/src/index.ts ADDED Viewed

@@ -0,0 +1,28 @@
+export { defineOpVault, parseOpRef } from './vault';
+export type { OpVault, OpVaultRef, InferOpVaultKeys } from './vault';
+export { defineOpResolver } from './resolver';
+export type { OpResolverConfig } from './resolver';
+// =============================================================================
+// 1Password CLI utilities
+// =============================================================================
+export * as opUtils from './op';
+export type { OpItem } from './op';
+/**
+ * Type exports for individual utility functions.
+ * These enable consumers to reference specific function signatures
+ * without accessing them through the opUtils namespace.
+ */
+export type IsInstalledFn = typeof import('./op').isInstalled;
+export type IsAuthenticatedFn = typeof import('./op').isAuthenticated;
+export type GetFieldFn = typeof import('./op').getField;
+// =============================================================================
+// 1Password CLI checks
+// =============================================================================
+export { opInstalled, opAuthenticated } from './checks';