@sweny-ai/providers 0.2.0

package/dist/auth/types.d.ts

@@ -0,0 +1,58 @@
+/** Represents an authenticated user's identity. */
+export interface UserIdentity {
+    /** Unique user identifier. */
+    userId: string;
+    /** Tenant identifier for multi-tenant deployments. */
+    tenantId?: string;
+    /** Human-readable display name. */
+    displayName: string;
+    /** User's email address. */
+    email?: string;
+    /** Roles assigned to the user (e.g., "admin", "viewer"). */
+    roles: string[];
+    /** Additional provider-specific metadata. */
+    metadata: Record<string, unknown>;
+}
+/** Describes a single field in a login form. */
+export interface LoginField {
+    /** Field key used in the credentials record. */
+    key: string;
+    /** Human-readable label shown in the UI. */
+    label: string;
+    /** HTML input type for the field. */
+    type: "text" | "email" | "password";
+    /** Placeholder text for the input field. */
+    placeholder?: string;
+}
+/** Provider interface for authentication and session management. */
+export interface AuthProvider {
+    /** Human-readable name of the auth provider (e.g., "Google", "GitHub"). */
+    readonly displayName: string;
+    /** Login form field definitions; omit if the provider uses external OAuth. */
+    readonly loginFields?: LoginField[];
+    /**
+     * Authenticate a user by their ID (e.g., from a session token).
+     * @param userId - User identifier to authenticate.
+     * @returns The user's identity, or null if authentication fails.
+     */
+    authenticate(userId: string): Promise<UserIdentity | null>;
+    /**
+     * Log in a user with explicit credentials.
+     * @param userId - User identifier.
+     * @param credentials - Key-value credential pairs matching loginFields.
+     * @returns The authenticated user's identity.
+     */
+    login?(userId: string, credentials: Record<string, string>): Promise<UserIdentity>;
+    /**
+     * Check whether a user has a valid active session.
+     * @param userId - User identifier.
+     * @returns True if the session is valid.
+     */
+    hasValidSession(userId: string): Promise<boolean>;
+    /**
+     * Clear / invalidate a user's session.
+     * @param userId - User identifier.
+     */
+    clearSession(userId: string): Promise<void>;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/auth/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/auth/types.ts"],"names":[],"mappings":"AAAA,mDAAmD;AACnD,MAAM,WAAW,YAAY;IAC3B,8BAA8B;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,sDAAsD;IACtD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,mCAAmC;IACnC,WAAW,EAAE,MAAM,CAAC;IACpB,4BAA4B;IAC5B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,4DAA4D;IAC5D,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,6CAA6C;IAC7C,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACnC;AAED,gDAAgD;AAChD,MAAM,WAAW,UAAU;IACzB,gDAAgD;IAChD,GAAG,EAAE,MAAM,CAAC;IACZ,4CAA4C;IAC5C,KAAK,EAAE,MAAM,CAAC;IACd,qCAAqC;IACrC,IAAI,EAAE,MAAM,GAAG,OAAO,GAAG,UAAU,CAAC;IACpC,4CAA4C;IAC5C,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,oEAAoE;AACpE,MAAM,WAAW,YAAY;IAC3B,2EAA2E;IAC3E,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,8EAA8E;IAC9E,QAAQ,CAAC,WAAW,CAAC,EAAE,UAAU,EAAE,CAAC;IAEpC;;;;OAIG;IACH,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,GAAG,IAAI,CAAC,CAAC;IAE3D;;;;;OAKG;IACH,KAAK,CAAC,CAAC,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;IAEnF;;;;OAIG;IACH,eAAe,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAElD;;;OAGG;IACH,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAC7C"}

package/dist/auth/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/auth/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/auth/types.ts"],"names":[],"mappings":""}

package/dist/coding-agent/claude-code.d.ts

@@ -0,0 +1,10 @@
+import type { CodingAgent } from "./types.js";
+import type { Logger } from "../logger.js";
+export interface ClaudeCodeConfig {
+    cliFlags?: string[];
+    logger?: Logger;
+    /** Suppress agent stdout; forward stderr through logger */
+    quiet?: boolean;
+}
+export declare function claudeCode(config?: ClaudeCodeConfig): CodingAgent;
+//# sourceMappingURL=claude-code.d.ts.map

package/dist/coding-agent/claude-code.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"claude-code.d.ts","sourceRoot":"","sources":["../../src/coding-agent/claude-code.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAyB,MAAM,YAAY,CAAC;AACrE,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AAI3C,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,2DAA2D;IAC3D,KAAK,CAAC,EAAE,OAAO,CAAC;CACjB;AAED,wBAAgB,UAAU,CAAC,MAAM,CAAC,EAAE,gBAAgB,GAAG,WAAW,CAsCjE"}

package/dist/coding-agent/claude-code.js

@@ -0,0 +1,38 @@
+import { consoleLogger } from "../logger.js";
+import { execCommand, isCliInstalled } from "./shared.js";
+export function claudeCode(config) {
+    const log = config?.logger ?? consoleLogger;
+    const extraFlags = config?.cliFlags ?? [];
+    const quiet = config?.quiet ?? false;
+    return {
+        async install() {
+            if (isCliInstalled("claude")) {
+                log.info("Claude Code CLI already installed, skipping");
+                return;
+            }
+            log.info("Installing Claude Code CLI...");
+            await execCommand("npm", ["install", "-g", "@anthropic-ai/claude-code"], { quiet });
+            log.info("Claude Code CLI installed");
+        },
+        async run(opts) {
+            log.info("Running Claude Code agent...");
+            const args = [
+                "-p",
+                opts.prompt,
+                "--allowedTools",
+                "*",
+                "--dangerously-skip-permissions",
+                "--max-turns",
+                String(opts.maxTurns),
+                ...extraFlags,
+            ];
+            return await execCommand("claude", args, {
+                env: { ...process.env, ...opts.env },
+                ignoreReturnCode: true,
+                quiet,
+                onStderr: quiet ? (line) => log.debug(line) : undefined,
+            });
+        },
+    };
+}
+//# sourceMappingURL=claude-code.js.map

package/dist/coding-agent/claude-code.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"claude-code.js","sourceRoot":"","sources":["../../src/coding-agent/claude-code.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAC7C,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAS1D,MAAM,UAAU,UAAU,CAAC,MAAyB;IAClD,MAAM,GAAG,GAAG,MAAM,EAAE,MAAM,IAAI,aAAa,CAAC;IAC5C,MAAM,UAAU,GAAG,MAAM,EAAE,QAAQ,IAAI,EAAE,CAAC;IAC1C,MAAM,KAAK,GAAG,MAAM,EAAE,KAAK,IAAI,KAAK,CAAC;IAErC,OAAO;QACL,KAAK,CAAC,OAAO;YACX,IAAI,cAAc,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC7B,GAAG,CAAC,IAAI,CAAC,6CAA6C,CAAC,CAAC;gBACxD,OAAO;YACT,CAAC;YACD,GAAG,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;YAC1C,MAAM,WAAW,CAAC,KAAK,EAAE,CAAC,SAAS,EAAE,IAAI,EAAE,2BAA2B,CAAC,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;YACpF,GAAG,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;QACxC,CAAC;QAED,KAAK,CAAC,GAAG,CAAC,IAA2B;YACnC,GAAG,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;YAEzC,MAAM,IAAI,GAAG;gBACX,IAAI;gBACJ,IAAI,CAAC,MAAM;gBACX,gBAAgB;gBAChB,GAAG;gBACH,gCAAgC;gBAChC,aAAa;gBACb,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC;gBACrB,GAAG,UAAU;aACd,CAAC;YAEF,OAAO,MAAM,WAAW,CAAC,QAAQ,EAAE,IAAI,EAAE;gBACvC,GAAG,EAAE,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,EAA4B;gBAC9D,gBAAgB,EAAE,IAAI;gBACtB,KAAK;gBACL,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;aACxD,CAAC,CAAC;QACL,CAAC;KACF,CAAC;AACJ,CAAC"}

package/dist/coding-agent/google-gemini.d.ts

@@ -0,0 +1,10 @@
+import type { CodingAgent } from "./types.js";
+import type { Logger } from "../logger.js";
+export interface GoogleGeminiConfig {
+    cliFlags?: string[];
+    logger?: Logger;
+    /** Suppress agent stdout; forward stderr through logger */
+    quiet?: boolean;
+}
+export declare function googleGemini(config?: GoogleGeminiConfig): CodingAgent;
+//# sourceMappingURL=google-gemini.d.ts.map

package/dist/coding-agent/google-gemini.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"google-gemini.d.ts","sourceRoot":"","sources":["../../src/coding-agent/google-gemini.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAyB,MAAM,YAAY,CAAC;AACrE,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AAI3C,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,2DAA2D;IAC3D,KAAK,CAAC,EAAE,OAAO,CAAC;CACjB;AAED,wBAAgB,YAAY,CAAC,MAAM,CAAC,EAAE,kBAAkB,GAAG,WAAW,CA6BrE"}

package/dist/coding-agent/google-gemini.js

@@ -0,0 +1,29 @@
+import { consoleLogger } from "../logger.js";
+import { execCommand, isCliInstalled } from "./shared.js";
+export function googleGemini(config) {
+    const log = config?.logger ?? consoleLogger;
+    const extraFlags = config?.cliFlags ?? [];
+    const quiet = config?.quiet ?? false;
+    return {
+        async install() {
+            if (isCliInstalled("gemini")) {
+                log.info("Google Gemini CLI already installed, skipping");
+                return;
+            }
+            log.info("Installing Google Gemini CLI...");
+            await execCommand("npm", ["install", "-g", "@google/gemini-cli"], { quiet });
+            log.info("Google Gemini CLI installed");
+        },
+        async run(opts) {
+            log.info("Running Google Gemini agent...");
+            const args = ["-y", "-p", opts.prompt, ...extraFlags];
+            return execCommand("gemini", args, {
+                env: { ...process.env, ...opts.env },
+                ignoreReturnCode: true,
+                quiet,
+                onStderr: quiet ? (line) => log.debug(line) : undefined,
+            });
+        },
+    };
+}
+//# sourceMappingURL=google-gemini.js.map

package/dist/coding-agent/google-gemini.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"google-gemini.js","sourceRoot":"","sources":["../../src/coding-agent/google-gemini.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAC7C,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAS1D,MAAM,UAAU,YAAY,CAAC,MAA2B;IACtD,MAAM,GAAG,GAAG,MAAM,EAAE,MAAM,IAAI,aAAa,CAAC;IAC5C,MAAM,UAAU,GAAG,MAAM,EAAE,QAAQ,IAAI,EAAE,CAAC;IAC1C,MAAM,KAAK,GAAG,MAAM,EAAE,KAAK,IAAI,KAAK,CAAC;IAErC,OAAO;QACL,KAAK,CAAC,OAAO;YACX,IAAI,cAAc,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC7B,GAAG,CAAC,IAAI,CAAC,+CAA+C,CAAC,CAAC;gBAC1D,OAAO;YACT,CAAC;YACD,GAAG,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAC;YAC5C,MAAM,WAAW,CAAC,KAAK,EAAE,CAAC,SAAS,EAAE,IAAI,EAAE,oBAAoB,CAAC,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;YAC7E,GAAG,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC;QAC1C,CAAC;QAED,KAAK,CAAC,GAAG,CAAC,IAA2B;YACnC,GAAG,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC;YAE3C,MAAM,IAAI,GAAG,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,MAAM,EAAE,GAAG,UAAU,CAAC,CAAC;YAEtD,OAAO,WAAW,CAAC,QAAQ,EAAE,IAAI,EAAE;gBACjC,GAAG,EAAE,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,EAA4B;gBAC9D,gBAAgB,EAAE,IAAI;gBACtB,KAAK;gBACL,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;aACxD,CAAC,CAAC;QACL,CAAC;KACF,CAAC;AACJ,CAAC"}

package/dist/coding-agent/index.d.ts

@@ -0,0 +1,8 @@
+export type { CodingAgent, CodingAgentRunOptions } from "./types.js";
+export type { ClaudeCodeConfig } from "./claude-code.js";
+export type { OpenAICodexConfig } from "./openai-codex.js";
+export type { GoogleGeminiConfig } from "./google-gemini.js";
+export { claudeCode } from "./claude-code.js";
+export { openaiCodex } from "./openai-codex.js";
+export { googleGemini } from "./google-gemini.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/coding-agent/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/coding-agent/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,WAAW,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AACrE,YAAY,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACzD,YAAY,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAC3D,YAAY,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAC7D,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC"}

package/dist/coding-agent/index.js

@@ -0,0 +1,4 @@
+export { claudeCode } from "./claude-code.js";
+export { openaiCodex } from "./openai-codex.js";
+export { googleGemini } from "./google-gemini.js";
+//# sourceMappingURL=index.js.map

package/dist/coding-agent/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/coding-agent/index.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC"}

package/dist/coding-agent/openai-codex.d.ts

@@ -0,0 +1,10 @@
+import type { CodingAgent } from "./types.js";
+import type { Logger } from "../logger.js";
+export interface OpenAICodexConfig {
+    cliFlags?: string[];
+    logger?: Logger;
+    /** Suppress agent stdout; forward stderr through logger */
+    quiet?: boolean;
+}
+export declare function openaiCodex(config?: OpenAICodexConfig): CodingAgent;
+//# sourceMappingURL=openai-codex.d.ts.map

package/dist/coding-agent/openai-codex.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"openai-codex.d.ts","sourceRoot":"","sources":["../../src/coding-agent/openai-codex.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAyB,MAAM,YAAY,CAAC;AACrE,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AAI3C,MAAM,WAAW,iBAAiB;IAChC,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,2DAA2D;IAC3D,KAAK,CAAC,EAAE,OAAO,CAAC;CACjB;AAED,wBAAgB,WAAW,CAAC,MAAM,CAAC,EAAE,iBAAiB,GAAG,WAAW,CA6BnE"}

package/dist/coding-agent/openai-codex.js

@@ -0,0 +1,29 @@
+import { consoleLogger } from "../logger.js";
+import { execCommand, isCliInstalled } from "./shared.js";
+export function openaiCodex(config) {
+    const log = config?.logger ?? consoleLogger;
+    const extraFlags = config?.cliFlags ?? [];
+    const quiet = config?.quiet ?? false;
+    return {
+        async install() {
+            if (isCliInstalled("codex")) {
+                log.info("OpenAI Codex CLI already installed, skipping");
+                return;
+            }
+            log.info("Installing OpenAI Codex CLI...");
+            await execCommand("npm", ["install", "-g", "@openai/codex"], { quiet });
+            log.info("OpenAI Codex CLI installed");
+        },
+        async run(opts) {
+            log.info("Running OpenAI Codex agent...");
+            const args = ["exec", "--full-auto", opts.prompt, ...extraFlags];
+            return execCommand("codex", args, {
+                env: { ...process.env, ...opts.env },
+                ignoreReturnCode: true,
+                quiet,
+                onStderr: quiet ? (line) => log.debug(line) : undefined,
+            });
+        },
+    };
+}
+//# sourceMappingURL=openai-codex.js.map

package/dist/coding-agent/openai-codex.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"openai-codex.js","sourceRoot":"","sources":["../../src/coding-agent/openai-codex.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAC7C,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAS1D,MAAM,UAAU,WAAW,CAAC,MAA0B;IACpD,MAAM,GAAG,GAAG,MAAM,EAAE,MAAM,IAAI,aAAa,CAAC;IAC5C,MAAM,UAAU,GAAG,MAAM,EAAE,QAAQ,IAAI,EAAE,CAAC;IAC1C,MAAM,KAAK,GAAG,MAAM,EAAE,KAAK,IAAI,KAAK,CAAC;IAErC,OAAO;QACL,KAAK,CAAC,OAAO;YACX,IAAI,cAAc,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC5B,GAAG,CAAC,IAAI,CAAC,8CAA8C,CAAC,CAAC;gBACzD,OAAO;YACT,CAAC;YACD,GAAG,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC;YAC3C,MAAM,WAAW,CAAC,KAAK,EAAE,CAAC,SAAS,EAAE,IAAI,EAAE,eAAe,CAAC,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;YACxE,GAAG,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;QACzC,CAAC;QAED,KAAK,CAAC,GAAG,CAAC,IAA2B;YACnC,GAAG,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;YAE1C,MAAM,IAAI,GAAG,CAAC,MAAM,EAAE,aAAa,EAAE,IAAI,CAAC,MAAM,EAAE,GAAG,UAAU,CAAC,CAAC;YAEjE,OAAO,WAAW,CAAC,OAAO,EAAE,IAAI,EAAE;gBAChC,GAAG,EAAE,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,EAA4B;gBAC9D,gBAAgB,EAAE,IAAI;gBACtB,KAAK;gBACL,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;aACxD,CAAC,CAAC;QACL,CAAC;KACF,CAAC;AACJ,CAAC"}

package/dist/coding-agent/shared.d.ts

@@ -0,0 +1,10 @@
+export interface ExecOptions {
+    env?: Record<string, string>;
+    ignoreReturnCode?: boolean;
+    /** Suppress stdout; pipe stderr through onStderr callback */
+    quiet?: boolean;
+    onStderr?: (line: string) => void;
+}
+export declare function execCommand(cmd: string, args: string[], opts?: ExecOptions): Promise<number>;
+export declare function isCliInstalled(cmd: string): boolean;
+//# sourceMappingURL=shared.d.ts.map

package/dist/coding-agent/shared.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"shared.d.ts","sourceRoot":"","sources":["../../src/coding-agent/shared.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,WAAW;IAC1B,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC7B,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,6DAA6D;IAC7D,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,QAAQ,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,IAAI,CAAC;CACnC;AAED,wBAAgB,WAAW,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,IAAI,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,MAAM,CAAC,CA+B5F;AAED,wBAAgB,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAOnD"}

package/dist/coding-agent/shared.js

@@ -0,0 +1,44 @@
+import { spawn, execSync } from "node:child_process";
+export function execCommand(cmd, args, opts) {
+    return new Promise((resolve, reject) => {
+        const child = spawn(cmd, args, {
+            env: opts?.env ?? process.env,
+            stdio: opts?.quiet ? ["ignore", "ignore", "pipe"] : "inherit",
+        });
+        if (opts?.quiet && child.stderr) {
+            let buf = "";
+            child.stderr.on("data", (chunk) => {
+                buf += chunk.toString();
+                const lines = buf.split("\n");
+                buf = lines.pop() ?? "";
+                for (const line of lines) {
+                    if (line.trim())
+                        opts.onStderr?.(line.trim());
+                }
+            });
+            child.stderr.on("end", () => {
+                if (buf.trim())
+                    opts.onStderr?.(buf.trim());
+            });
+        }
+        child.on("error", (err) => reject(err));
+        child.on("close", (code) => {
+            if (code !== 0 && !opts?.ignoreReturnCode) {
+                reject(new Error(`${cmd} exited with code ${code}`));
+            }
+            else {
+                resolve(code ?? 0);
+            }
+        });
+    });
+}
+export function isCliInstalled(cmd) {
+    try {
+        execSync(`${cmd} --version`, { stdio: "ignore" });
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+//# sourceMappingURL=shared.js.map

package/dist/coding-agent/shared.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"shared.js","sourceRoot":"","sources":["../../src/coding-agent/shared.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAUrD,MAAM,UAAU,WAAW,CAAC,GAAW,EAAE,IAAc,EAAE,IAAkB;IACzE,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,KAAK,GAAG,KAAK,CAAC,GAAG,EAAE,IAAI,EAAE;YAC7B,GAAG,EAAE,IAAI,EAAE,GAAG,IAAI,OAAO,CAAC,GAAG;YAC7B,KAAK,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,SAAS;SAC9D,CAAC,CAAC;QAEH,IAAI,IAAI,EAAE,KAAK,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;YAChC,IAAI,GAAG,GAAG,EAAE,CAAC;YACb,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;gBACxC,GAAG,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;gBACxB,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;gBAC9B,GAAG,GAAG,KAAK,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC;gBACxB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;oBACzB,IAAI,IAAI,CAAC,IAAI,EAAE;wBAAE,IAAI,CAAC,QAAQ,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;gBAChD,CAAC;YACH,CAAC,CAAC,CAAC;YACH,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;gBAC1B,IAAI,GAAG,CAAC,IAAI,EAAE;oBAAE,IAAI,CAAC,QAAQ,EAAE,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;YAC9C,CAAC,CAAC,CAAC;QACL,CAAC;QAED,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;QACxC,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE;YACzB,IAAI,IAAI,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,gBAAgB,EAAE,CAAC;gBAC1C,MAAM,CAAC,IAAI,KAAK,CAAC,GAAG,GAAG,qBAAqB,IAAI,EAAE,CAAC,CAAC,CAAC;YACvD,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC;YACrB,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,GAAW;IACxC,IAAI,CAAC;QACH,QAAQ,CAAC,GAAG,GAAG,YAAY,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC;QAClD,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC"}

package/dist/coding-agent/types.d.ts

@@ -0,0 +1,10 @@
+export interface CodingAgentRunOptions {
+    prompt: string;
+    maxTurns: number;
+    env?: Record<string, string>;
+}
+export interface CodingAgent {
+    install(): Promise<void>;
+    run(opts: CodingAgentRunOptions): Promise<number>;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/coding-agent/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/coding-agent/types.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,qBAAqB;IACpC,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC9B;AAED,MAAM,WAAW,WAAW;IAC1B,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IACzB,GAAG,CAAC,IAAI,EAAE,qBAAqB,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;CACnD"}

package/dist/coding-agent/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/coding-agent/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/coding-agent/types.ts"],"names":[],"mappings":""}

package/dist/credential-vault/aws-secrets-manager.d.ts

@@ -0,0 +1,19 @@
+import { z } from "zod";
+import type { Logger } from "../logger.js";
+import type { CredentialVaultProvider } from "./types.js";
+export declare const awsSecretsManagerConfigSchema: z.ZodObject<{
+    region: z.ZodDefault<z.ZodString>;
+    prefix: z.ZodDefault<z.ZodString>;
+    logger: z.ZodOptional<z.ZodType<Logger, z.ZodTypeDef, Logger>>;
+}, "strip", z.ZodTypeAny, {
+    region: string;
+    prefix: string;
+    logger?: Logger | undefined;
+}, {
+    logger?: Logger | undefined;
+    region?: string | undefined;
+    prefix?: string | undefined;
+}>;
+export type AwsSecretsManagerConfig = z.infer<typeof awsSecretsManagerConfigSchema>;
+export declare function awsSecretsManager(config?: AwsSecretsManagerConfig): CredentialVaultProvider;
+//# sourceMappingURL=aws-secrets-manager.d.ts.map

package/dist/credential-vault/aws-secrets-manager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"aws-secrets-manager.d.ts","sourceRoot":"","sources":["../../src/credential-vault/aws-secrets-manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AAE3C,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,YAAY,CAAC;AAE1D,eAAO,MAAM,6BAA6B;;;;;;;;;;;;EAIxC,CAAC;AAEH,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,6BAA6B,CAAC,CAAC;AAEpF,wBAAgB,iBAAiB,CAAC,MAAM,CAAC,EAAE,uBAAuB,GAAG,uBAAuB,CAG3F"}

package/dist/credential-vault/aws-secrets-manager.js

@@ -0,0 +1,96 @@
+import { z } from "zod";
+import { consoleLogger } from "../logger.js";
+export const awsSecretsManagerConfigSchema = z.object({
+    region: z.string().default("us-east-1"),
+    prefix: z.string().default("sweny"),
+    logger: z.custom().optional(),
+});
+export function awsSecretsManager(config) {
+    const parsed = awsSecretsManagerConfigSchema.parse(config ?? {});
+    return new AwsSecretsManagerProvider(parsed);
+}
+class AwsSecretsManagerProvider {
+    region;
+    prefix;
+    log;
+    client = null;
+    constructor(config) {
+        this.region = config.region ?? "us-east-1";
+        this.prefix = config.prefix ?? "sweny";
+        this.log = config.logger ?? consoleLogger;
+    }
+    async getClient() {
+        if (!this.client) {
+            const { SecretsManagerClient } = await import("@aws-sdk/client-secrets-manager");
+            this.client = new SecretsManagerClient({ region: this.region });
+        }
+        return this.client;
+    }
+    secretName(tenantId, key) {
+        return `${this.prefix}/${tenantId}/${key}`;
+    }
+    async getSecret(tenantId, key) {
+        const client = await this.getClient();
+        const { GetSecretValueCommand } = await import("@aws-sdk/client-secrets-manager");
+        try {
+            const result = await client.send(new GetSecretValueCommand({ SecretId: this.secretName(tenantId, key) }));
+            this.log.info(`Retrieved secret ${this.secretName(tenantId, key)}`);
+            return result.SecretString ?? null;
+        }
+        catch (err) {
+            if (err instanceof Error && err.name === "ResourceNotFoundException") {
+                return null;
+            }
+            throw err;
+        }
+    }
+    async setSecret(tenantId, key, value) {
+        const client = await this.getClient();
+        const { CreateSecretCommand, PutSecretValueCommand } = await import("@aws-sdk/client-secrets-manager");
+        const name = this.secretName(tenantId, key);
+        try {
+            await client.send(new CreateSecretCommand({ Name: name, SecretString: value }));
+        }
+        catch (err) {
+            if (err instanceof Error && err.name === "ResourceExistsException") {
+                await client.send(new PutSecretValueCommand({ SecretId: name, SecretString: value }));
+            }
+            else {
+                throw err;
+            }
+        }
+        this.log.info(`Set secret ${name}`);
+    }
+    async deleteSecret(tenantId, key) {
+        const client = await this.getClient();
+        const { DeleteSecretCommand } = await import("@aws-sdk/client-secrets-manager");
+        const name = this.secretName(tenantId, key);
+        await client.send(new DeleteSecretCommand({
+            SecretId: name,
+            ForceDeleteWithoutRecovery: true,
+        }));
+        this.log.info(`Deleted secret ${name}`);
+    }
+    async listKeys(tenantId) {
+        const client = await this.getClient();
+        const { ListSecretsCommand } = await import("@aws-sdk/client-secrets-manager");
+        const namePrefix = `${this.prefix}/${tenantId}/`;
+        const keys = [];
+        let nextToken;
+        do {
+            const result = await client.send(new ListSecretsCommand({
+                Filters: [{ Key: "name", Values: [namePrefix] }],
+                NextToken: nextToken,
+            }));
+            for (const secret of result.SecretList ?? []) {
+                if (secret.Name?.startsWith(namePrefix)) {
+                    keys.push(secret.Name.slice(namePrefix.length));
+                }
+            }
+            nextToken = result.NextToken;
+        } while (nextToken);
+        this.log.info(`Listed ${keys.length} keys for tenant ${tenantId}`);
+        return keys;
+    }
+}
+//# sourceMappingURL=aws-secrets-manager.js.map

package/dist/credential-vault/aws-secrets-manager.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"aws-secrets-manager.js","sourceRoot":"","sources":["../../src/credential-vault/aws-secrets-manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAG7C,MAAM,CAAC,MAAM,6BAA6B,GAAG,CAAC,CAAC,MAAM,CAAC;IACpD,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,WAAW,CAAC;IACvC,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC;IACnC,MAAM,EAAE,CAAC,CAAC,MAAM,EAAU,CAAC,QAAQ,EAAE;CACtC,CAAC,CAAC;AAIH,MAAM,UAAU,iBAAiB,CAAC,MAAgC;IAChE,MAAM,MAAM,GAAG,6BAA6B,CAAC,KAAK,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC;IACjE,OAAO,IAAI,yBAAyB,CAAC,MAAM,CAAC,CAAC;AAC/C,CAAC;AAED,MAAM,yBAAyB;IACZ,MAAM,CAAS;IACf,MAAM,CAAS;IACf,GAAG,CAAS;IACrB,MAAM,GAA0E,IAAI,CAAC;IAE7F,YAAY,MAA+B;QACzC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,IAAI,WAAW,CAAC;QAC3C,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,IAAI,OAAO,CAAC;QACvC,IAAI,CAAC,GAAG,GAAG,MAAM,CAAC,MAAM,IAAI,aAAa,CAAC;IAC5C,CAAC;IAEO,KAAK,CAAC,SAAS;QACrB,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACjB,MAAM,EAAE,oBAAoB,EAAE,GAAG,MAAM,MAAM,CAAC,iCAAiC,CAAC,CAAC;YACjF,IAAI,CAAC,MAAM,GAAG,IAAI,oBAAoB,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;QAClE,CAAC;QACD,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAEO,UAAU,CAAC,QAAgB,EAAE,GAAW;QAC9C,OAAO,GAAG,IAAI,CAAC,MAAM,IAAI,QAAQ,IAAI,GAAG,EAAE,CAAC;IAC7C,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,QAAgB,EAAE,GAAW;QAC3C,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;QACtC,MAAM,EAAE,qBAAqB,EAAE,GAAG,MAAM,MAAM,CAAC,iCAAiC,CAAC,CAAC;QAElF,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,IAAI,qBAAqB,CAAC,EAAE,QAAQ,EAAE,IAAI,CAAC,UAAU,CAAC,QAAQ,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;YAC1G,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,oBAAoB,IAAI,CAAC,UAAU,CAAC,QAAQ,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC;YACpE,OAAO,MAAM,CAAC,YAAY,IAAI,IAAI,CAAC;QACrC,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,IAAI,GAAG,YAAY,KAAK,IAAI,GAAG,CAAC,IAAI,KAAK,2BAA2B,EAAE,CAAC;gBACrE,OAAO,IAAI,CAAC;YACd,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,QAAgB,EAAE,GAAW,EAAE,KAAa;QAC1D,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;QACtC,MAAM,EAAE,mBAAmB,EAAE,qBAAqB,EAAE,GAAG,MAAM,MAAM,CAAC,iCAAiC,CAAC,CAAC;QAEvG,MAAM,IAAI,GAAG,IAAI,CAAC,UAAU,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;QAE5C,IAAI,CAAC;YACH,MAAM,MAAM,CAAC,IAAI,CAAC,IAAI,mBAAmB,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;QAClF,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,IAAI,GAAG,YAAY,KAAK,IAAI,GAAG,CAAC,IAAI,KAAK,yBAAyB,EAAE,CAAC;gBACnE,MAAM,MAAM,CAAC,IAAI,CAAC,IAAI,qBAAqB,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;YACxF,CAAC;iBAAM,CAAC;gBACN,MAAM,GAAG,CAAC;YACZ,CAAC;QACH,CAAC;QACD,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,cAAc,IAAI,EAAE,CAAC,CAAC;IACtC,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,QAAgB,EAAE,GAAW;QAC9C,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;QACtC,MAAM,EAAE,mBAAmB,EAAE,GAAG,MAAM,MAAM,CAAC,iCAAiC,CAAC,CAAC;QAEhF,MAAM,IAAI,GAAG,IAAI,CAAC,UAAU,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;QAC5C,MAAM,MAAM,CAAC,IAAI,CACf,IAAI,mBAAmB,CAAC;YACtB,QAAQ,EAAE,IAAI;YACd,0BAA0B,EAAE,IAAI;SACjC,CAAC,CACH,CAAC;QACF,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,kBAAkB,IAAI,EAAE,CAAC,CAAC;IAC1C,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,QAAgB;QAC7B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;QACtC,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,MAAM,CAAC,iCAAiC,CAAC,CAAC;QAE/E,MAAM,UAAU,GAAG,GAAG,IAAI,CAAC,MAAM,IAAI,QAAQ,GAAG,CAAC;QACjD,MAAM,IAAI,GAAa,EAAE,CAAC;QAC1B,IAAI,SAA6B,CAAC;QAElC,GAAG,CAAC;YACF,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,IAAI,CAC9B,IAAI,kBAAkB,CAAC;gBACrB,OAAO,EAAE,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,UAAU,CAAC,EAAE,CAAC;gBAChD,SAAS,EAAE,SAAS;aACrB,CAAC,CACH,CAAC;YAEF,KAAK,MAAM,MAAM,IAAI,MAAM,CAAC,UAAU,IAAI,EAAE,EAAE,CAAC;gBAC7C,IAAI,MAAM,CAAC,IAAI,EAAE,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;oBACxC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;gBAClD,CAAC;YACH,CAAC;YAED,SAAS,GAAG,MAAM,CAAC,SAAS,CAAC;QAC/B,CAAC,QAAQ,SAAS,EAAE;QAEpB,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,IAAI,CAAC,MAAM,oBAAoB,QAAQ,EAAE,CAAC,CAAC;QACnE,OAAO,IAAI,CAAC;IACd,CAAC;CACF"}

package/dist/credential-vault/env-vault.d.ts

@@ -0,0 +1,15 @@
+import type { CredentialVaultProvider } from "./types.js";
+/**
+ * Reads secrets from environment variables.
+ *
+ * Key lookup: `{PREFIX}_{TENANT_ID}_{KEY}` (uppercased, hyphens → underscores).
+ * Falls back to `{PREFIX}_{KEY}` if the tenant-scoped var is not set.
+ *
+ * This is useful for local development and the open-source GitHub Action
+ * where secrets come from env vars rather than a database.
+ */
+export interface EnvVaultConfig {
+    prefix?: string;
+}
+export declare function envVault(config?: EnvVaultConfig): CredentialVaultProvider;
+//# sourceMappingURL=env-vault.d.ts.map

package/dist/credential-vault/env-vault.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"env-vault.d.ts","sourceRoot":"","sources":["../../src/credential-vault/env-vault.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,YAAY,CAAC;AAE1D;;;;;;;;GAQG;AACH,MAAM,WAAW,cAAc;IAC7B,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,wBAAgB,QAAQ,CAAC,MAAM,CAAC,EAAE,cAAc,GAAG,uBAAuB,CA6BzE"}

package/dist/credential-vault/env-vault.js

@@ -0,0 +1,25 @@
+export function envVault(config) {
+    const prefix = config?.prefix ?? "SWENY";
+    function envKey(tenantId, key) {
+        const normalized = `${prefix}_${tenantId}_${key}`.toUpperCase().replace(/-/g, "_");
+        return normalized;
+    }
+    function fallbackKey(key) {
+        return `${prefix}_${key}`.toUpperCase().replace(/-/g, "_");
+    }
+    return {
+        async getSecret(tenantId, key) {
+            return process.env[envKey(tenantId, key)] ?? process.env[fallbackKey(key)] ?? null;
+        },
+        async setSecret(_tenantId, _key, _value) {
+            throw new Error("envVault is read-only. Use a database-backed vault for writes.");
+        },
+        async deleteSecret(_tenantId, _key) {
+            throw new Error("envVault is read-only. Use a database-backed vault for deletes.");
+        },
+        async listKeys(_tenantId) {
+            throw new Error("envVault does not support listing keys. Use a database-backed vault.");
+        },
+    };
+}
+//# sourceMappingURL=env-vault.js.map

package/dist/credential-vault/env-vault.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"env-vault.js","sourceRoot":"","sources":["../../src/credential-vault/env-vault.ts"],"names":[],"mappings":"AAeA,MAAM,UAAU,QAAQ,CAAC,MAAuB;IAC9C,MAAM,MAAM,GAAG,MAAM,EAAE,MAAM,IAAI,OAAO,CAAC;IAEzC,SAAS,MAAM,CAAC,QAAgB,EAAE,GAAW;QAC3C,MAAM,UAAU,GAAG,GAAG,MAAM,IAAI,QAAQ,IAAI,GAAG,EAAE,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QACnF,OAAO,UAAU,CAAC;IACpB,CAAC;IAED,SAAS,WAAW,CAAC,GAAW;QAC9B,OAAO,GAAG,MAAM,IAAI,GAAG,EAAE,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IAC7D,CAAC;IAED,OAAO;QACL,KAAK,CAAC,SAAS,CAAC,QAAgB,EAAE,GAAW;YAC3C,OAAO,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC,IAAI,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC;QACrF,CAAC;QAED,KAAK,CAAC,SAAS,CAAC,SAAiB,EAAE,IAAY,EAAE,MAAc;YAC7D,MAAM,IAAI,KAAK,CAAC,gEAAgE,CAAC,CAAC;QACpF,CAAC;QAED,KAAK,CAAC,YAAY,CAAC,SAAiB,EAAE,IAAY;YAChD,MAAM,IAAI,KAAK,CAAC,iEAAiE,CAAC,CAAC;QACrF,CAAC;QAED,KAAK,CAAC,QAAQ,CAAC,SAAiB;YAC9B,MAAM,IAAI,KAAK,CAAC,sEAAsE,CAAC,CAAC;QAC1F,CAAC;KACF,CAAC;AACJ,CAAC"}

package/dist/credential-vault/index.d.ts

@@ -0,0 +1,6 @@
+export type { CredentialVaultProvider } from "./types.js";
+export type { EnvVaultConfig } from "./env-vault.js";
+export { envVault } from "./env-vault.js";
+export type { AwsSecretsManagerConfig } from "./aws-secrets-manager.js";
+export { awsSecretsManager, awsSecretsManagerConfigSchema } from "./aws-secrets-manager.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/credential-vault/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/credential-vault/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,uBAAuB,EAAE,MAAM,YAAY,CAAC;AAC1D,YAAY,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AACrD,OAAO,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AAC1C,YAAY,EAAE,uBAAuB,EAAE,MAAM,0BAA0B,CAAC;AACxE,OAAO,EAAE,iBAAiB,EAAE,6BAA6B,EAAE,MAAM,0BAA0B,CAAC"}

package/dist/credential-vault/index.js

@@ -0,0 +1,3 @@
+export { envVault } from "./env-vault.js";
+export { awsSecretsManager, awsSecretsManagerConfigSchema } from "./aws-secrets-manager.js";
+//# sourceMappingURL=index.js.map

package/dist/credential-vault/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/credential-vault/index.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AAE1C,OAAO,EAAE,iBAAiB,EAAE,6BAA6B,EAAE,MAAM,0BAA0B,CAAC"}

package/dist/credential-vault/types.d.ts

@@ -0,0 +1,30 @@
+/** Provider interface for securely storing and retrieving tenant secrets. */
+export interface CredentialVaultProvider {
+    /**
+     * Retrieve a secret value.
+     * @param tenantId - Tenant identifier.
+     * @param key - Secret key name.
+     * @returns The secret value, or null if not found.
+     */
+    getSecret(tenantId: string, key: string): Promise<string | null>;
+    /**
+     * Store or update a secret value.
+     * @param tenantId - Tenant identifier.
+     * @param key - Secret key name.
+     * @param value - Secret value to store.
+     */
+    setSecret(tenantId: string, key: string, value: string): Promise<void>;
+    /**
+     * Delete a secret.
+     * @param tenantId - Tenant identifier.
+     * @param key - Secret key name.
+     */
+    deleteSecret(tenantId: string, key: string): Promise<void>;
+    /**
+     * List all secret key names for a tenant.
+     * @param tenantId - Tenant identifier.
+     * @returns Array of secret key names.
+     */
+    listKeys(tenantId: string): Promise<string[]>;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/credential-vault/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/credential-vault/types.ts"],"names":[],"mappings":"AAAA,6EAA6E;AAC7E,MAAM,WAAW,uBAAuB;IACtC;;;;;OAKG;IACH,SAAS,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAEjE;;;;;OAKG;IACH,SAAS,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEvE;;;;OAIG;IACH,YAAY,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE3D;;;;OAIG;IACH,QAAQ,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;CAC/C"}

package/dist/credential-vault/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/credential-vault/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/credential-vault/types.ts"],"names":[],"mappings":""}

package/dist/errors.d.ts

@@ -0,0 +1,18 @@
+export declare class ProviderError extends Error {
+    readonly provider: string;
+    readonly cause?: unknown | undefined;
+    constructor(message: string, provider: string, cause?: unknown | undefined);
+}
+export declare class ProviderAuthError extends ProviderError {
+    constructor(provider: string, message?: string, cause?: unknown);
+}
+export declare class ProviderApiError extends ProviderError {
+    readonly statusCode: number;
+    readonly statusText: string;
+    readonly responseBody?: string | undefined;
+    constructor(provider: string, statusCode: number, statusText: string, responseBody?: string | undefined);
+}
+export declare class ProviderConfigError extends ProviderError {
+    constructor(provider: string, message: string);
+}
+//# sourceMappingURL=errors.d.ts.map

package/dist/errors.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA,qBAAa,aAAc,SAAQ,KAAK;aAGpB,QAAQ,EAAE,MAAM;aAChB,KAAK,CAAC,EAAE,OAAO;gBAF/B,OAAO,EAAE,MAAM,EACC,QAAQ,EAAE,MAAM,EAChB,KAAK,CAAC,EAAE,OAAO,YAAA;CAKlC;AAED,qBAAa,iBAAkB,SAAQ,aAAa;gBACtC,QAAQ,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,OAAO;CAIhE;AAED,qBAAa,gBAAiB,SAAQ,aAAa;aAG/B,UAAU,EAAE,MAAM;aAClB,UAAU,EAAE,MAAM;aAClB,YAAY,CAAC,EAAE,MAAM;gBAHrC,QAAQ,EAAE,MAAM,EACA,UAAU,EAAE,MAAM,EAClB,UAAU,EAAE,MAAM,EAClB,YAAY,CAAC,EAAE,MAAM,YAAA;CAKxC;AAED,qBAAa,mBAAoB,SAAQ,aAAa;gBACxC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM;CAI9C"}