@qui-cli/env 4.0.1 → 5.0.0

package/CHANGELOG.md

@@ -2,6 +2,32 @@
 
 All notable changes to this project will be documented in this file. See [commit-and-tag-version](https://github.com/absolute-version/commit-and-tag-version) for commit guidelines.
 
+## [5.0.0](https://github.com/battis/qui-cli/compare/env/4.1.0...env/5.0.0) (2025-11-07)
+
+
+### ⚠ BREAKING CHANGES
+
+* expose env-1password as a separate plugin
+* separate 1Password without requiring knowledge of module structure
+* no longer accepting 1Password service account token as environment variable
+
+### Features
+
+* expose env-1password as a separate plugin ([90ecb79](https://github.com/battis/qui-cli/commit/90ecb7900b85ade45113fc5a5999f2a2ff87f580))
+
+
+### Bug Fixes
+
+* no longer accepting 1Password service account token as environment variable ([db7ae6a](https://github.com/battis/qui-cli/commit/db7ae6ac615c51a9966f201c85a8388bf4ebd76a))
+* separate 1Password without requiring knowledge of module structure ([c21fe44](https://github.com/battis/qui-cli/commit/c21fe44d7d72d5d6bc4d092cb869164117378ab2))
+
+## [4.1.0](https://github.com/battis/qui-cli/compare/env/4.0.1...env/4.1.0) (2025-11-04)
+
+
+### Features
+
+* standardize on modules labeling the options that they add to the usage man page ([eba86cd](https://github.com/battis/qui-cli/commit/eba86cd8a22a93aa6b6f19a3979272d87fe59274))
+
 ## [4.0.1](https://github.com/battis/qui-cli/compare/env/4.0.0...env/4.0.1) (2025-08-04)
 
 

package/README.md

@@ -31,15 +31,7 @@ Any plugin that depends on this plugin can assume that the `.env` file environem
 
 ### 1Password integration
 
-If desired, this package has an implementation that integrates with [@1password/sdk](https://www.npmjs.com/package/@1password/sdk) to inject values from 1Password vaults into the environment for use by the script.
-
-1. Follow [the 1Password CLI directions to create a service account](https://developer.1password.com/docs/service-accounts/get-started/).
-2. Install [@1password/sdk](https://www.npmjs.com/package/@1password/sdk) as a peer of `@qui-cli/env`.
-3. Update environment variables to be [secret references](https://developer.1password.com/docs/cli/secret-references)
-4. Inject the Service Account Token into the environment with the name `OP_SERVICE_ACCOUNT_TOKEN`.
-5. Run!
-
-See [dev-1password-env](https://github.com/battis/qui-cli/tree/main/examples/dev-1password-env#readme) for an example using the 1Password implementation of this package.
+For 1Password integration supporting secret references in `.env`, use [@qui-cli/env-1password](https://npmjs.com/package/@qui-cli/env-1password) in place of this package.
 
 ## Configuration
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@qui-cli/env",
-  "version": "4.0.1",
+  "version": "5.0.0",
   "description": "@qui-cli Plugin: Standardized environment configuration",
   "homepage": "https://github.com/battis/qui-cli/tree/main/packages/env#readme",
   "repository": {
@@ -19,15 +19,15 @@
   "dependencies": {
     "@1password/sdk": "^0.3.1",
     "@battis/import-package-json": "^0.1.7",
-    "dotenv": "^17.2.1"
+    "dotenv": "^17.2.3"
   },
   "devDependencies": {
     "@tsconfig/node20": "^20.1.6",
-    "@types/node": "^24.1.0",
-    "commit-and-tag-version": "^12.5.2",
+    "@types/node": "^24.10.0",
+    "commit-and-tag-version": "^12.6.0",
     "del-cli": "^6.0.0",
     "npm-run-all": "^4.1.5",
-    "typescript": "^5.9.2",
+    "typescript": "^5.9.3",
     "@qui-cli/plugin": "3.0.0",
     "@qui-cli/root": "3.0.1"
   },

package/1Password.d.ts

@@ -1,2 +0,0 @@
-import * as OP from './dist/1Password.js';
-export { OP };

package/1Password.js

@@ -1,6 +0,0 @@
-import { register } from '@qui-cli/plugin';
-import * as OP from './dist/1Password.js';
-
-await register(OP);
-
-export { OP };

package/dist/1Password.d.ts

@@ -1,15 +0,0 @@
-import * as Plugin from '@qui-cli/plugin';
-import * as Env from './Env.js';
-export type Configuration = Plugin.Configuration & Env.Configuration & {
-    serviceAccountToken?: string;
-};
-export declare const name = "env";
-export declare function configure(config?: Configuration): Promise<void>;
-export declare function options(): Plugin.Options;
-export declare function init({ values }: Plugin.ExpectedArguments<typeof options>): Promise<void>;
-export declare function parse(file?: string): Promise<import("dotenv").DotenvParseOutput>;
-export declare function get({ key, file }: Env.GetOptions): Promise<string>;
-export declare function exists({ key, file }: Parameters<(typeof Env)['exists']>[0]): Promise<boolean>;
-/** Requires a service account with write privileges */
-export declare function set({ key, value, file, ...rest }: Env.SetOptions): Promise<void>;
-export declare const remove: typeof Env.remove;

package/dist/1Password.js

@@ -1,129 +0,0 @@
-import { createClient } from '@1password/sdk';
-import { importLocal } from '@battis/import-package-json';
-import path from 'node:path';
-import * as Env from './Env.js';
-const OP_SERVICE_ACCOUNT_TOKEN = 'OP_SERVICE_ACCOUNT_TOKEN';
-export const name = Env.name;
-let client = undefined;
-export async function configure(config = {}) {
-    const { serviceAccountToken, load = true, ...rest } = config;
-    await Env.configure({ ...rest, load: false });
-    const auth = serviceAccountToken || process.env[OP_SERVICE_ACCOUNT_TOKEN];
-    if (auth) {
-        const pkg = await importLocal(path.join(import.meta.dirname, '../package.json'));
-        client = await createClient({
-            auth,
-            integrationName: pkg.name.replace(/^(\/|@)/, '').replace(/[/@]+/g, '-'),
-            integrationVersion: pkg.version
-        });
-        if (load) {
-            await parse();
-        }
-    }
-    else if (load) {
-        await Env.parse();
-    }
-}
-export function options() {
-    return {
-        opt: {
-            serviceAccountToken: {
-                description: `1Password service account token (defaults to ${OP_SERVICE_ACCOUNT_TOKEN}} environment variable, if present)`
-            }
-        }
-    };
-}
-export async function init({ values }) {
-    await configure(values);
-    parse();
-}
-function isSecretReference(value) {
-    return (value &&
-        value !== null &&
-        typeof value === 'string' &&
-        /^op:\/\//.test(value));
-}
-function secretReferences(parsed) {
-    return Object.fromEntries(Object.entries(parsed).filter((entry) => isSecretReference(entry[1])));
-}
-export async function parse(file) {
-    const parsed = await Env.parse(file);
-    if (client) {
-        for (const key in secretReferences(parsed)) {
-            parsed[key] = await client.secrets.resolve(parsed[key]);
-            process.env[key] = parsed[key];
-        }
-    }
-    else if (Object.keys(secretReferences(parsed)).length) {
-        throw new Error('Attempt to parse .env file containing secret reference without a 1Password client');
-    }
-    return parsed;
-}
-export async function get({ key, file }) {
-    return (await parse(file))[key];
-}
-export async function exists({ key, file }) {
-    return Env.exists({ key, file });
-}
-function secretFrom(secretReference) {
-    const [vault, item, section, field] = secretReference
-        .replace('op://', '')
-        .split('/');
-    return { vault, item, section, field };
-}
-async function itemFrom(secret) {
-    if (client) {
-        const vault = (await client.vaults.list())
-            .filter((vault) => vault.title == secret.vault)
-            .shift();
-        if (vault) {
-            const item = (await client.items.list(vault.id))
-                .filter((item) => item.title === secret.item || item.id === secret.item)
-                .shift();
-            if (item) {
-                return await client.items.get(vault.id, item.id);
-            }
-        }
-    }
-    return undefined;
-}
-/** Requires a service account with write privileges */
-export async function set({ key, value, file, ...rest }) {
-    const prev = await Env.get({ key, file });
-    if (prev && isSecretReference(prev)) {
-        if (client) {
-            const secret = secretFrom(prev);
-            const item = await itemFrom(secret);
-            if (item) {
-                const updated = {
-                    ...item,
-                    fields: item.fields.map((field) => {
-                        if (field.title === secret.field &&
-                            ((/^Section_.+/.test(secret.section) &&
-                                field.sectionId == secret.section.replace(/^Section_/, '')) ||
-                                field.sectionId ==
-                                    item.sections
-                                        .filter((section) => section.title === secret.section)
-                                        .shift()?.id)) {
-                            return { ...field, value };
-                        }
-                        return field;
-                    })
-                };
-                await client.items.put(updated);
-            }
-            else {
-                throw new Error('1Password item could not be found');
-            }
-        }
-        else {
-            throw new Error('Attempt to update .env file value that is currently a secret reference without a 1Password client');
-        }
-    }
-    else {
-        // FIXME handle creating a new secret reference
-        // Issue URL: https://github.com/battis/qui-cli/issues/63
-        return await Env.set({ key, value, file, ...rest });
-    }
-}
-export const remove = Env.remove;