@polpo-ai/drizzle 0.1.2 → 0.2.0

package/dist/stores/vault-store.js

@@ -0,0 +1,144 @@
+import { eq, and } from "drizzle-orm";
+import { resolveKey, encryptJson, decryptJson } from "@polpo-ai/vault-crypto";
+/**
+ * Drizzle ORM implementation of VaultStore with AES-256-GCM encryption at rest.
+ *
+ * Stores vault entries in a `vault` table with composite PK (agent, service).
+ * Credentials are encrypted before writing and decrypted on read using the
+ * same key material as EncryptedVaultStore (POLPO_VAULT_KEY env or ~/.polpo/vault.key).
+ *
+ * The `credentials` column stores a base64-encoded encrypted blob (always TEXT,
+ * regardless of dialect). Type and label are stored in cleartext for querying.
+ */
+export class DrizzleVaultStore {
+    db;
+    vault;
+    key;
+    constructor(db, vault) {
+        this.db = db;
+        this.vault = vault;
+        this.key = resolveKey();
+    }
+    async get(agent, service) {
+        const rows = await this.db.select().from(this.vault)
+            .where(and(eq(this.vault.agent, agent), eq(this.vault.service, service)));
+        if (rows.length === 0)
+            return undefined;
+        return this.rowToEntry(rows[0]);
+    }
+    async getAllForAgent(agent) {
+        const rows = await this.db.select().from(this.vault)
+            .where(eq(this.vault.agent, agent));
+        const result = {};
+        for (const row of rows) {
+            result[row.service] = this.rowToEntry(row);
+        }
+        return result;
+    }
+    async set(agent, service, entry) {
+        const now = new Date().toISOString();
+        const encCreds = encryptJson(entry.credentials, this.key);
+        const values = {
+            agent,
+            service,
+            type: entry.type,
+            label: entry.label ?? null,
+            credentials: encCreds,
+            createdAt: now,
+            updatedAt: now,
+        };
+        await this.db.insert(this.vault).values(values)
+            .onConflictDoUpdate({
+            target: [this.vault.agent, this.vault.service],
+            set: {
+                type: entry.type,
+                label: entry.label ?? null,
+                credentials: encCreds,
+                updatedAt: now,
+            },
+        });
+    }
+    async patch(agent, service, partial) {
+        const existing = await this.get(agent, service);
+        if (!existing && !partial.type) {
+            throw new Error(`No vault entry "${service}" for agent "${agent}" — type is required to create a new entry.`);
+        }
+        const merged = {
+            type: partial.type ?? existing?.type ?? "custom",
+            ...(partial.label !== undefined ? { label: partial.label } : existing?.label ? { label: existing.label } : {}),
+            credentials: { ...(existing?.credentials ?? {}), ...(partial.credentials ?? {}) },
+        };
+        await this.set(agent, service, merged);
+        return Object.keys(merged.credentials);
+    }
+    async remove(agent, service) {
+        const result = await this.db.delete(this.vault)
+            .where(and(eq(this.vault.agent, agent), eq(this.vault.service, service)));
+        // Drizzle returns { rowsAffected } for SQLite, { rowCount } for PG
+        const affected = result?.rowsAffected ?? result?.rowCount ?? result?.changes ?? 0;
+        return affected > 0;
+    }
+    async list(agent) {
+        const rows = await this.db.select().from(this.vault)
+            .where(eq(this.vault.agent, agent));
+        return rows.map((row) => {
+            const creds = decryptJson(row.credentials, this.key, {});
+            return {
+                service: row.service,
+                type: row.type,
+                label: row.label ?? undefined,
+                keys: Object.keys(creds),
+            };
+        });
+    }
+    async hasEntries(agent) {
+        const rows = await this.db.select({ service: this.vault.service }).from(this.vault)
+            .where(eq(this.vault.agent, agent))
+            .limit(1);
+        return rows.length > 0;
+    }
+    async renameAgent(oldName, newName) {
+        const now = new Date().toISOString();
+        await this.db.update(this.vault)
+            .set({ agent: newName, updatedAt: now })
+            .where(eq(this.vault.agent, oldName));
+    }
+    async removeAgent(agent) {
+        await this.db.delete(this.vault)
+            .where(eq(this.vault.agent, agent));
+    }
+    async migrateFromConfigs(agents) {
+        let migrated = 0;
+        for (const agent of agents) {
+            if (!agent.vault)
+                continue;
+            for (const [service, entry] of Object.entries(agent.vault)) {
+                // Skip if already in store
+                const existing = await this.get(agent.name, service);
+                if (existing)
+                    continue;
+                await this.set(agent.name, service, entry);
+                migrated++;
+            }
+            // Strip credential VALUES from the config (keep metadata)
+            for (const [service, entry] of Object.entries(agent.vault)) {
+                const stripped = {};
+                for (const key of Object.keys(entry.credentials)) {
+                    stripped[key] = ""; // Empty string signals "stored in vault"
+                }
+                agent.vault[service] = { ...entry, credentials: stripped };
+            }
+        }
+        return migrated;
+    }
+    // ── Internal ──
+    rowToEntry(row) {
+        const creds = decryptJson(row.credentials, this.key, {});
+        return {
+            type: row.type,
+            ...(row.label ? { label: row.label } : {}),
+            credentials: creds,
+        };
+    }
+}
+//# sourceMappingURL=vault-store.js.map

package/dist/stores/vault-store.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"vault-store.js","sourceRoot":"","sources":["../../src/stores/vault-store.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,EAAE,EAAE,GAAG,EAAE,MAAM,aAAa,CAAC;AAGtC,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAI9E;;;;;;;;;GASG;AACH,MAAM,OAAO,iBAAiB;IAIlB;IACA;IAJO,GAAG,CAAS;IAE7B,YACU,EAAO,EACP,KAAe;QADf,OAAE,GAAF,EAAE,CAAK;QACP,UAAK,GAAL,KAAK,CAAU;QAEvB,IAAI,CAAC,GAAG,GAAG,UAAU,EAAE,CAAC;IAC1B,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,KAAa,EAAE,OAAe;QACtC,MAAM,IAAI,GAAU,MAAM,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC;aACxD,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC;QAC5E,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,SAAS,CAAC;QACxC,OAAO,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;IAClC,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,KAAa;QAChC,MAAM,IAAI,GAAU,MAAM,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC;aACxD,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;QACtC,MAAM,MAAM,GAA+B,EAAE,CAAC;QAC9C,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;YACvB,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;QAC7C,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,KAAa,EAAE,OAAe,EAAE,KAAiB;QACzD,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACrC,MAAM,QAAQ,GAAG,WAAW,CAAC,KAAK,CAAC,WAAW,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;QAC1D,MAAM,MAAM,GAAG;YACb,KAAK;YACL,OAAO;YACP,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,KAAK,EAAE,KAAK,CAAC,KAAK,IAAI,IAAI;YAC1B,WAAW,EAAE,QAAQ;YACrB,SAAS,EAAE,GAAG;YACd,SAAS,EAAE,GAAG;SACf,CAAC;QAEF,MAAM,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC;aAC5C,kBAAkB,CAAC;YAClB,MAAM,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC;YAC9C,GAAG,EAAE;gBACH,IAAI,EAAE,KAAK,CAAC,IAAI;gBAChB,KAAK,EAAE,KAAK,CAAC,KAAK,IAAI,IAAI;gBAC1B,WAAW,EAAE,QAAQ;gBACrB,SAAS,EAAE,GAAG;aACf;SACF,CAAC,CAAC;IACP,CAAC;IAED,KAAK,CAAC,KAAK,CACT,KAAa,EACb,OAAe,EACf,OAA4F;QAE5F,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QAChD,IAAI,CAAC,QAAQ,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;YAC/B,MAAM,IAAI,KAAK,CAAC,mBAAmB,OAAO,gBAAgB,KAAK,6CAA6C,CAAC,CAAC;QAChH,CAAC;QACD,MAAM,MAAM,GAAe;YACzB,IAAI,EAAE,OAAO,CAAC,IAAI,IAAI,QAAQ,EAAE,IAAI,IAAI,QAAQ;YAChD,GAAG,CAAC,OAAO,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC9G,WAAW,EAAE,EAAE,GAAG,CAAC,QAAQ,EAAE,WAAW,IAAI,EAAE,CAAC,EAAE,GAAG,CAAC,OAAO,CAAC,WAAW,IAAI,EAAE,CAAC,EAAE;SAClF,CAAC;QACF,MAAM,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;QACvC,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;IACzC,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,KAAa,EAAE,OAAe;QACzC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC;aAC5C,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC;QAC5E,mEAAmE;QACnE,MAAM,QAAQ,GAAG,MAAM,EAAE,YAAY,IAAI,MAAM,EAAE,QAAQ,IAAI,MAAM,EAAE,OAAO,IAAI,CAAC,CAAC;QAClF,OAAO,QAAQ,GAAG,CAAC,CAAC;IACtB,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,KAAa;QAMtB,MAAM,IAAI,GAAU,MAAM,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC;aACxD,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;QACtC,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,GAAQ,EAAE,EAAE;YAC3B,MAAM,KAAK,GAAG,WAAW,CAAyB,GAAG,CAAC,WAAqB,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;YAC3F,OAAO;gBACL,OAAO,EAAE,GAAG,CAAC,OAAO;gBACpB,IAAI,EAAE,GAAG,CAAC,IAA0B;gBACpC,KAAK,EAAE,GAAG,CAAC,KAAK,IAAI,SAAS;gBAC7B,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC;aACzB,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,KAAa;QAC5B,MAAM,IAAI,GAAU,MAAM,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC;aACvF,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;aAClC,KAAK,CAAC,CAAC,CAAC,CAAC;QACZ,OAAO,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC;IACzB,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,OAAe,EAAE,OAAe;QAChD,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACrC,MAAM,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC;aAC7B,GAAG,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,EAAE,CAAC;aACvC,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC,CAAC;IAC1C,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,KAAa;QAC7B,MAAM,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC;aAC7B,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;IACxC,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,MAAmE;QAC1F,IAAI,QAAQ,GAAG,CAAC,CAAC;QACjB,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,IAAI,CAAC,KAAK,CAAC,KAAK;gBAAE,SAAS;YAC3B,KAAK,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC3D,2BAA2B;gBAC3B,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;gBACrD,IAAI,QAAQ;oBAAE,SAAS;gBACvB,MAAM,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;gBAC3C,QAAQ,EAAE,CAAC;YACb,CAAC;YACD,0DAA0D;YAC1D,KAAK,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC3D,MAAM,QAAQ,GAA2B,EAAE,CAAC;gBAC5C,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,EAAE,CAAC;oBACjD,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,yCAAyC;gBAC/D,CAAC;gBACD,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,EAAE,GAAG,KAAK,EAAE,WAAW,EAAE,QAAQ,EAAE,CAAC;YAC7D,CAAC;QACH,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,iBAAiB;IAET,UAAU,CAAC,GAAQ;QACzB,MAAM,KAAK,GAAG,WAAW,CAAyB,GAAG,CAAC,WAAqB,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAC3F,OAAO;YACL,IAAI,EAAE,GAAG,CAAC,IAA0B;YACpC,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC1C,WAAW,EAAE,KAAK;SACnB,CAAC;IACJ,CAAC;CACF"}

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@polpo-ai/drizzle",
-  "version": "0.1.2",
-  "description": "Drizzle ORM store implementations for the Polpo AI agent orchestration framework (PostgreSQL + SQLite)",
+  "version": "0.2.0",
+  "description": "Drizzle ORM store implementations for the Polpo AI agent orchestration platform (PostgreSQL + SQLite)",
   "type": "module",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -15,7 +15,8 @@
   "dependencies": {
     "drizzle-orm": "^0.44.0",
     "nanoid": "^5.1.2",
-    "@polpo-ai/core": "0.1.2"
+    "@polpo-ai/core": "0.2.0",
+    "@polpo-ai/vault-crypto": "0.2.0"
   },
   "peerDependencies": {
     "postgres": "^3.4.0",