npm - @switchbot/openapi-cli - Versions diffs - 3.2.1 → 3.2.2 - Mend

@switchbot/openapi-cli 3.2.1 → 3.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (332) hide show

package/README.md +3 -1
package/dist/index.js +57349 -170
package/package.json +9 -5
package/dist/api/client.d.ts +0 -31
package/dist/api/client.js +0 -236
package/dist/api/client.js.map +0 -1
package/dist/auth.d.ts +0 -1
package/dist/auth.js +0 -21
package/dist/auth.js.map +0 -1
package/dist/commands/agent-bootstrap.d.ts +0 -10
package/dist/commands/agent-bootstrap.js +0 -200
package/dist/commands/agent-bootstrap.js.map +0 -1
package/dist/commands/auth.d.ts +0 -18
package/dist/commands/auth.js +0 -355
package/dist/commands/auth.js.map +0 -1
package/dist/commands/batch.d.ts +0 -2
package/dist/commands/batch.js +0 -414
package/dist/commands/batch.js.map +0 -1
package/dist/commands/cache.d.ts +0 -2
package/dist/commands/cache.js +0 -127
package/dist/commands/cache.js.map +0 -1
package/dist/commands/capabilities.d.ts +0 -31
package/dist/commands/capabilities.js +0 -383
package/dist/commands/capabilities.js.map +0 -1
package/dist/commands/catalog.d.ts +0 -2
package/dist/commands/catalog.js +0 -360
package/dist/commands/catalog.js.map +0 -1
package/dist/commands/completion.d.ts +0 -2
package/dist/commands/completion.js +0 -386
package/dist/commands/completion.js.map +0 -1
package/dist/commands/config.d.ts +0 -21
package/dist/commands/config.js +0 -377
package/dist/commands/config.js.map +0 -1
package/dist/commands/daemon.d.ts +0 -2
package/dist/commands/daemon.js +0 -411
package/dist/commands/daemon.js.map +0 -1
package/dist/commands/device-meta.d.ts +0 -2
package/dist/commands/device-meta.js +0 -160
package/dist/commands/device-meta.js.map +0 -1
package/dist/commands/devices.d.ts +0 -2
package/dist/commands/devices.js +0 -949
package/dist/commands/devices.js.map +0 -1
package/dist/commands/doctor.d.ts +0 -3
package/dist/commands/doctor.js +0 -1016
package/dist/commands/doctor.js.map +0 -1
package/dist/commands/events.d.ts +0 -31
package/dist/commands/events.js +0 -564
package/dist/commands/events.js.map +0 -1
package/dist/commands/expand.d.ts +0 -2
package/dist/commands/expand.js +0 -131
package/dist/commands/expand.js.map +0 -1
package/dist/commands/explain.d.ts +0 -2
package/dist/commands/explain.js +0 -140
package/dist/commands/explain.js.map +0 -1
package/dist/commands/health.d.ts +0 -8
package/dist/commands/health.js +0 -114
package/dist/commands/health.js.map +0 -1
package/dist/commands/history.d.ts +0 -2
package/dist/commands/history.js +0 -321
package/dist/commands/history.js.map +0 -1
package/dist/commands/identity.d.ts +0 -45
package/dist/commands/identity.js +0 -60
package/dist/commands/identity.js.map +0 -1
package/dist/commands/install.d.ts +0 -20
package/dist/commands/install.js +0 -247
package/dist/commands/install.js.map +0 -1
package/dist/commands/mcp.d.ts +0 -14
package/dist/commands/mcp.js +0 -2018
package/dist/commands/mcp.js.map +0 -1
package/dist/commands/plan.d.ts +0 -51
package/dist/commands/plan.js +0 -654
package/dist/commands/plan.js.map +0 -1
package/dist/commands/policy.d.ts +0 -24
package/dist/commands/policy.js +0 -587
package/dist/commands/policy.js.map +0 -1
package/dist/commands/quota.d.ts +0 -2
package/dist/commands/quota.js +0 -79
package/dist/commands/quota.js.map +0 -1
package/dist/commands/rules.d.ts +0 -2
package/dist/commands/rules.js +0 -876
package/dist/commands/rules.js.map +0 -1
package/dist/commands/scenes.d.ts +0 -2
package/dist/commands/scenes.js +0 -265
package/dist/commands/scenes.js.map +0 -1
package/dist/commands/schema.d.ts +0 -2
package/dist/commands/schema.js +0 -185
package/dist/commands/schema.js.map +0 -1
package/dist/commands/status-sync.d.ts +0 -2
package/dist/commands/status-sync.js +0 -132
package/dist/commands/status-sync.js.map +0 -1
package/dist/commands/uninstall.d.ts +0 -20
package/dist/commands/uninstall.js +0 -238
package/dist/commands/uninstall.js.map +0 -1
package/dist/commands/upgrade-check.d.ts +0 -2
package/dist/commands/upgrade-check.js +0 -107
package/dist/commands/upgrade-check.js.map +0 -1
package/dist/commands/watch.d.ts +0 -2
package/dist/commands/watch.js +0 -195
package/dist/commands/watch.js.map +0 -1
package/dist/commands/webhook.d.ts +0 -2
package/dist/commands/webhook.js +0 -183
package/dist/commands/webhook.js.map +0 -1
package/dist/config.d.ts +0 -57
package/dist/config.js +0 -259
package/dist/config.js.map +0 -1
package/dist/credentials/backends/file.d.ts +0 -18
package/dist/credentials/backends/file.js +0 -102
package/dist/credentials/backends/file.js.map +0 -1
package/dist/credentials/backends/linux.d.ts +0 -16
package/dist/credentials/backends/linux.js +0 -130
package/dist/credentials/backends/linux.js.map +0 -1
package/dist/credentials/backends/macos.d.ts +0 -18
package/dist/credentials/backends/macos.js +0 -130
package/dist/credentials/backends/macos.js.map +0 -1
package/dist/credentials/backends/windows.d.ts +0 -23
package/dist/credentials/backends/windows.js +0 -216
package/dist/credentials/backends/windows.js.map +0 -1
package/dist/credentials/keychain.d.ts +0 -83
package/dist/credentials/keychain.js +0 -89
package/dist/credentials/keychain.js.map +0 -1
package/dist/credentials/prime.d.ts +0 -32
package/dist/credentials/prime.js +0 -53
package/dist/credentials/prime.js.map +0 -1
package/dist/devices/cache.d.ts +0 -79
package/dist/devices/cache.js +0 -294
package/dist/devices/cache.js.map +0 -1
package/dist/devices/catalog.d.ts +0 -138
package/dist/devices/catalog.js +0 -768
package/dist/devices/catalog.js.map +0 -1
package/dist/devices/device-meta.d.ts +0 -15
package/dist/devices/device-meta.js +0 -57
package/dist/devices/device-meta.js.map +0 -1
package/dist/devices/history-agg.d.ts +0 -37
package/dist/devices/history-agg.js +0 -139
package/dist/devices/history-agg.js.map +0 -1
package/dist/devices/history-query.d.ts +0 -45
package/dist/devices/history-query.js +0 -182
package/dist/devices/history-query.js.map +0 -1
package/dist/devices/param-validator.d.ts +0 -40
package/dist/devices/param-validator.js +0 -434
package/dist/devices/param-validator.js.map +0 -1
package/dist/devices/resources.d.ts +0 -74
package/dist/devices/resources.js +0 -271
package/dist/devices/resources.js.map +0 -1
package/dist/index.d.ts +0 -1
package/dist/index.js.map +0 -1
package/dist/install/default-steps.d.ts +0 -66
package/dist/install/default-steps.js +0 -258
package/dist/install/default-steps.js.map +0 -1
package/dist/install/preflight.d.ts +0 -60
package/dist/install/preflight.js +0 -213
package/dist/install/preflight.js.map +0 -1
package/dist/install/steps.d.ts +0 -61
package/dist/install/steps.js +0 -68
package/dist/install/steps.js.map +0 -1
package/dist/lib/command-keywords.d.ts +0 -5
package/dist/lib/command-keywords.js +0 -18
package/dist/lib/command-keywords.js.map +0 -1
package/dist/lib/daemon-state.d.ts +0 -24
package/dist/lib/daemon-state.js +0 -47
package/dist/lib/daemon-state.js.map +0 -1
package/dist/lib/destructive-mode.d.ts +0 -2
package/dist/lib/destructive-mode.js +0 -13
package/dist/lib/destructive-mode.js.map +0 -1
package/dist/lib/devices.d.ts +0 -151
package/dist/lib/devices.js +0 -383
package/dist/lib/devices.js.map +0 -1
package/dist/lib/idempotency.d.ts +0 -46
package/dist/lib/idempotency.js +0 -107
package/dist/lib/idempotency.js.map +0 -1
package/dist/lib/plan-store.d.ts +0 -19
package/dist/lib/plan-store.js +0 -69
package/dist/lib/plan-store.js.map +0 -1
package/dist/lib/request-context.d.ts +0 -7
package/dist/lib/request-context.js +0 -13
package/dist/lib/request-context.js.map +0 -1
package/dist/lib/scenes.d.ts +0 -7
package/dist/lib/scenes.js +0 -11
package/dist/lib/scenes.js.map +0 -1
package/dist/logger.d.ts +0 -4
package/dist/logger.js +0 -17
package/dist/logger.js.map +0 -1
package/dist/mcp/device-history.d.ts +0 -36
package/dist/mcp/device-history.js +0 -146
package/dist/mcp/device-history.js.map +0 -1
package/dist/mcp/events-subscription.d.ts +0 -45
package/dist/mcp/events-subscription.js +0 -214
package/dist/mcp/events-subscription.js.map +0 -1
package/dist/mqtt/client.d.ts +0 -25
package/dist/mqtt/client.js +0 -181
package/dist/mqtt/client.js.map +0 -1
package/dist/mqtt/credential.d.ts +0 -16
package/dist/mqtt/credential.js +0 -31
package/dist/mqtt/credential.js.map +0 -1
package/dist/policy/add-rule.d.ts +0 -21
package/dist/policy/add-rule.js +0 -125
package/dist/policy/add-rule.js.map +0 -1
package/dist/policy/diff.d.ts +0 -21
package/dist/policy/diff.js +0 -92
package/dist/policy/diff.js.map +0 -1
package/dist/policy/format.d.ts +0 -6
package/dist/policy/format.js +0 -58
package/dist/policy/format.js.map +0 -1
package/dist/policy/load.d.ts +0 -32
package/dist/policy/load.js +0 -62
package/dist/policy/load.js.map +0 -1
package/dist/policy/migrate.d.ts +0 -21
package/dist/policy/migrate.js +0 -68
package/dist/policy/migrate.js.map +0 -1
package/dist/policy/schema.d.ts +0 -5
package/dist/policy/schema.js +0 -19
package/dist/policy/schema.js.map +0 -1
package/dist/policy/validate.d.ts +0 -19
package/dist/policy/validate.js +0 -263
package/dist/policy/validate.js.map +0 -1
package/dist/rules/action.d.ts +0 -65
package/dist/rules/action.js +0 -217
package/dist/rules/action.js.map +0 -1
package/dist/rules/audit-query.d.ts +0 -51
package/dist/rules/audit-query.js +0 -90
package/dist/rules/audit-query.js.map +0 -1
package/dist/rules/conflict-analyzer.d.ts +0 -57
package/dist/rules/conflict-analyzer.js +0 -215
package/dist/rules/conflict-analyzer.js.map +0 -1
package/dist/rules/cron-scheduler.d.ts +0 -62
package/dist/rules/cron-scheduler.js +0 -187
package/dist/rules/cron-scheduler.js.map +0 -1
package/dist/rules/destructive.d.ts +0 -20
package/dist/rules/destructive.js +0 -53
package/dist/rules/destructive.js.map +0 -1
package/dist/rules/engine.d.ts +0 -193
package/dist/rules/engine.js +0 -758
package/dist/rules/engine.js.map +0 -1
package/dist/rules/matcher.d.ts +0 -56
package/dist/rules/matcher.js +0 -231
package/dist/rules/matcher.js.map +0 -1
package/dist/rules/pid-file.d.ts +0 -43
package/dist/rules/pid-file.js +0 -96
package/dist/rules/pid-file.js.map +0 -1
package/dist/rules/quiet-hours.d.ts +0 -26
package/dist/rules/quiet-hours.js +0 -46
package/dist/rules/quiet-hours.js.map +0 -1
package/dist/rules/suggest.d.ts +0 -20
package/dist/rules/suggest.js +0 -96
package/dist/rules/suggest.js.map +0 -1
package/dist/rules/throttle.d.ts +0 -61
package/dist/rules/throttle.js +0 -117
package/dist/rules/throttle.js.map +0 -1
package/dist/rules/types.d.ts +0 -117
package/dist/rules/types.js +0 -35
package/dist/rules/types.js.map +0 -1
package/dist/rules/webhook-listener.d.ts +0 -63
package/dist/rules/webhook-listener.js +0 -224
package/dist/rules/webhook-listener.js.map +0 -1
package/dist/rules/webhook-token.d.ts +0 -50
package/dist/rules/webhook-token.js +0 -91
package/dist/rules/webhook-token.js.map +0 -1
package/dist/schema/field-aliases.d.ts +0 -34
package/dist/schema/field-aliases.js +0 -132
package/dist/schema/field-aliases.js.map +0 -1
package/dist/sinks/dispatcher.d.ts +0 -7
package/dist/sinks/dispatcher.js +0 -13
package/dist/sinks/dispatcher.js.map +0 -1
package/dist/sinks/file.d.ts +0 -6
package/dist/sinks/file.js +0 -20
package/dist/sinks/file.js.map +0 -1
package/dist/sinks/format.d.ts +0 -20
package/dist/sinks/format.js +0 -57
package/dist/sinks/format.js.map +0 -1
package/dist/sinks/homeassistant.d.ts +0 -18
package/dist/sinks/homeassistant.js +0 -45
package/dist/sinks/homeassistant.js.map +0 -1
package/dist/sinks/openclaw.d.ts +0 -13
package/dist/sinks/openclaw.js +0 -34
package/dist/sinks/openclaw.js.map +0 -1
package/dist/sinks/stdout.d.ts +0 -4
package/dist/sinks/stdout.js +0 -6
package/dist/sinks/stdout.js.map +0 -1
package/dist/sinks/telegram.d.ts +0 -11
package/dist/sinks/telegram.js +0 -29
package/dist/sinks/telegram.js.map +0 -1
package/dist/sinks/types.d.ts +0 -13
package/dist/sinks/types.js +0 -2
package/dist/sinks/types.js.map +0 -1
package/dist/sinks/webhook.d.ts +0 -6
package/dist/sinks/webhook.js +0 -23
package/dist/sinks/webhook.js.map +0 -1
package/dist/status-sync/manager.d.ts +0 -48
package/dist/status-sync/manager.js +0 -269
package/dist/status-sync/manager.js.map +0 -1
package/dist/utils/arg-parsers.d.ts +0 -16
package/dist/utils/arg-parsers.js +0 -67
package/dist/utils/arg-parsers.js.map +0 -1
package/dist/utils/audit.d.ts +0 -69
package/dist/utils/audit.js +0 -122
package/dist/utils/audit.js.map +0 -1
package/dist/utils/filter.d.ts +0 -81
package/dist/utils/filter.js +0 -190
package/dist/utils/filter.js.map +0 -1
package/dist/utils/flags.d.ts +0 -72
package/dist/utils/flags.js +0 -187
package/dist/utils/flags.js.map +0 -1
package/dist/utils/format.d.ts +0 -9
package/dist/utils/format.js +0 -118
package/dist/utils/format.js.map +0 -1
package/dist/utils/health.d.ts +0 -48
package/dist/utils/health.js +0 -102
package/dist/utils/health.js.map +0 -1
package/dist/utils/help-json.d.ts +0 -39
package/dist/utils/help-json.js +0 -55
package/dist/utils/help-json.js.map +0 -1
package/dist/utils/name-resolver.d.ts +0 -26
package/dist/utils/name-resolver.js +0 -138
package/dist/utils/name-resolver.js.map +0 -1
package/dist/utils/output.d.ts +0 -73
package/dist/utils/output.js +0 -405
package/dist/utils/output.js.map +0 -1
package/dist/utils/quota.d.ts +0 -61
package/dist/utils/quota.js +0 -228
package/dist/utils/quota.js.map +0 -1
package/dist/utils/redact.d.ts +0 -23
package/dist/utils/redact.js +0 -69
package/dist/utils/redact.js.map +0 -1
package/dist/utils/retry.d.ts +0 -72
package/dist/utils/retry.js +0 -141
package/dist/utils/retry.js.map +0 -1
package/dist/utils/string.d.ts +0 -2
package/dist/utils/string.js +0 -23
package/dist/utils/string.js.map +0 -1
package/dist/version.d.ts +0 -2
package/dist/version.js +0 -5
package/dist/version.js.map +0 -1

package/dist/credentials/backends/macos.js DELETED Viewed

@@ -1,130 +0,0 @@
-/**
- * macOS Keychain backend.
- *
- * Wraps the built-in `security(1)` CLI so `npm install` stays free of
- * native compile steps. Service name is shared with the Linux and
- * Windows backends (`com.openclaw.switchbot`), so a user migrating a
- * config between machines sees the same lookup shape.
- *
- * Errors never leak credential material — `add-generic-password`
- * receives the password via `-w <value>` on argv, which is visible in
- * `ps` to the current user but not persisted anywhere, and any stderr
- * we surface back up is bounded to the library's own messages
- * (`password not found`, `could not be added`, etc.) rather than our
- * input values.
- */
-import { spawn } from 'node:child_process';
-import { accountFor, CREDENTIAL_SERVICE, KeychainError, } from '../keychain.js';
-function run(cmd, args, stdin) {
-    return new Promise((resolve) => {
-        const proc = spawn(cmd, args, { stdio: ['pipe', 'pipe', 'pipe'] });
-        let stdout = '';
-        let stderr = '';
-        proc.stdout.on('data', (buf) => {
-            stdout += buf.toString('utf-8');
-        });
-        proc.stderr.on('data', (buf) => {
-            stderr += buf.toString('utf-8');
-        });
-        proc.on('error', () => resolve({ code: 127, stdout, stderr }));
-        proc.on('close', (code) => resolve({ code: code ?? 0, stdout, stderr }));
-        if (stdin !== undefined) {
-            proc.stdin.write(stdin);
-        }
-        proc.stdin.end();
-    });
-}
-export async function macOsAvailable() {
-    if (process.platform !== 'darwin')
-        return false;
-    const res = await run('which', ['security']);
-    return res.code === 0 && res.stdout.trim().length > 0;
-}
-async function readField(profile, field) {
-    const account = accountFor(profile, field);
-    const res = await run('security', [
-        'find-generic-password',
-        '-s', CREDENTIAL_SERVICE,
-        '-a', account,
-        '-w',
-    ]);
-    if (res.code !== 0)
-        return null;
-    const value = res.stdout.replace(/\n$/, '');
-    return value.length > 0 ? value : null;
-}
-async function writeField(profile, field, value) {
-    const account = accountFor(profile, field);
-    const res = await run('security', [
-        'add-generic-password',
-        '-U', // update if exists
-        '-s', CREDENTIAL_SERVICE,
-        '-a', account,
-        '-w', value,
-    ]);
-    if (res.code !== 0) {
-        throw new KeychainError('keychain', 'set', `security(1) exit ${res.code}`);
-    }
-}
-async function deleteField(profile, field) {
-    const account = accountFor(profile, field);
-    const res = await run('security', [
-        'delete-generic-password',
-        '-s', CREDENTIAL_SERVICE,
-        '-a', account,
-    ]);
-    // exit 44 = "The specified item could not be found" — tolerate as idempotent delete.
-    if (res.code !== 0 && res.code !== 44) {
-        throw new KeychainError('keychain', 'delete', `security(1) exit ${res.code}`);
-    }
-}
-async function restoreField(profile, field, value) {
-    try {
-        if (value === null) {
-            await deleteField(profile, field);
-            return;
-        }
-        await writeField(profile, field, value);
-    }
-    catch {
-        // Best effort only. Preserve the original write failure.
-    }
-}
-export function createMacOsBackend() {
-    return {
-        name: 'keychain',
-        async get(profile) {
-            const token = await readField(profile, 'token');
-            const secret = await readField(profile, 'secret');
-            if (!token || !secret)
-                return null;
-            return { token, secret };
-        },
-        async set(profile, creds) {
-            const previousToken = await readField(profile, 'token');
-            const previousSecret = await readField(profile, 'secret');
-            try {
-                await writeField(profile, 'token', creds.token);
-                await writeField(profile, 'secret', creds.secret);
-            }
-            catch (err) {
-                await restoreField(profile, 'token', previousToken);
-                await restoreField(profile, 'secret', previousSecret);
-                throw err;
-            }
-        },
-        async delete(profile) {
-            await deleteField(profile, 'token');
-            await deleteField(profile, 'secret');
-        },
-        describe() {
-            return {
-                backend: 'macOS Keychain',
-                tag: 'keychain',
-                writable: true,
-                notes: `Stored under service "${CREDENTIAL_SERVICE}" via security(1).`,
-            };
-        },
-    };
-}
-//# sourceMappingURL=macos.js.map

package/dist/credentials/backends/macos.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"macos.js","sourceRoot":"","sources":["../../../src/credentials/backends/macos.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAC3C,OAAO,EACL,UAAU,EACV,kBAAkB,EAIlB,aAAa,GACd,MAAM,gBAAgB,CAAC;AAQxB,SAAS,GAAG,CAAC,GAAW,EAAE,IAAc,EAAE,KAAc;IACtD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC7B,MAAM,IAAI,GAAG,KAAK,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;QACnE,IAAI,MAAM,GAAG,EAAE,CAAC;QAChB,IAAI,MAAM,GAAG,EAAE,CAAC;QAChB,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,EAAE;YAC7B,MAAM,IAAI,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QAClC,CAAC,CAAC,CAAC;QACH,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,EAAE;YAC7B,MAAM,IAAI,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QAClC,CAAC,CAAC,CAAC;QACH,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;QAC/D,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,IAAI,IAAI,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;QACzE,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;YACxB,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAC1B,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC;IACnB,CAAC,CAAC,CAAC;AACL,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc;IAClC,IAAI,OAAO,CAAC,QAAQ,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAChD,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,OAAO,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC;IAC7C,OAAO,GAAG,CAAC,IAAI,KAAK,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,CAAC;AACxD,CAAC;AAED,KAAK,UAAU,SAAS,CAAC,OAAe,EAAE,KAAyB;IACjE,MAAM,OAAO,GAAG,UAAU,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IAC3C,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,UAAU,EAAE;QAChC,uBAAuB;QACvB,IAAI,EAAE,kBAAkB;QACxB,IAAI,EAAE,OAAO;QACb,IAAI;KACL,CAAC,CAAC;IACH,IAAI,GAAG,CAAC,IAAI,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAChC,MAAM,KAAK,GAAG,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IAC5C,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;AACzC,CAAC;AAED,KAAK,UAAU,UAAU,CAAC,OAAe,EAAE,KAAyB,EAAE,KAAa;IACjF,MAAM,OAAO,GAAG,UAAU,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IAC3C,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,UAAU,EAAE;QAChC,sBAAsB;QACtB,IAAI,EAAE,mBAAmB;QACzB,IAAI,EAAE,kBAAkB;QACxB,IAAI,EAAE,OAAO;QACb,IAAI,EAAE,KAAK;KACZ,CAAC,CAAC;IACH,IAAI,GAAG,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;QACnB,MAAM,IAAI,aAAa,CAAC,UAAU,EAAE,KAAK,EAAE,oBAAoB,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;IAC7E,CAAC;AACH,CAAC;AAED,KAAK,UAAU,WAAW,CAAC,OAAe,EAAE,KAAyB;IACnE,MAAM,OAAO,GAAG,UAAU,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IAC3C,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,UAAU,EAAE;QAChC,yBAAyB;QACzB,IAAI,EAAE,kBAAkB;QACxB,IAAI,EAAE,OAAO;KACd,CAAC,CAAC;IACH,qFAAqF;IACrF,IAAI,GAAG,CAAC,IAAI,KAAK,CAAC,IAAI,GAAG,CAAC,IAAI,KAAK,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,aAAa,CAAC,UAAU,EAAE,QAAQ,EAAE,oBAAoB,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;IAChF,CAAC;AACH,CAAC;AAED,KAAK,UAAU,YAAY,CAAC,OAAe,EAAE,KAAyB,EAAE,KAAoB;IAC1F,IAAI,CAAC;QACH,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;YACnB,MAAM,WAAW,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;YAClC,OAAO;QACT,CAAC;QACD,MAAM,UAAU,CAAC,OAAO,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC;IAC1C,CAAC;IAAC,MAAM,CAAC;QACP,yDAAyD;IAC3D,CAAC;AACH,CAAC;AAED,MAAM,UAAU,kBAAkB;IAChC,OAAO;QACL,IAAI,EAAE,UAAU;QAChB,KAAK,CAAC,GAAG,CAAC,OAAe;YACvB,MAAM,KAAK,GAAG,MAAM,SAAS,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAChD,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;YAClD,IAAI,CAAC,KAAK,IAAI,CAAC,MAAM;gBAAE,OAAO,IAAI,CAAC;YACnC,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC;QAC3B,CAAC;QACD,KAAK,CAAC,GAAG,CAAC,OAAe,EAAE,KAAuB;YAChD,MAAM,aAAa,GAAG,MAAM,SAAS,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YACxD,MAAM,cAAc,GAAG,MAAM,SAAS,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;YAC1D,IAAI,CAAC;gBACH,MAAM,UAAU,CAAC,OAAO,EAAE,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;gBAChD,MAAM,UAAU,CAAC,OAAO,EAAE,QAAQ,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;YACpD,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,YAAY,CAAC,OAAO,EAAE,OAAO,EAAE,aAAa,CAAC,CAAC;gBACpD,MAAM,YAAY,CAAC,OAAO,EAAE,QAAQ,EAAE,cAAc,CAAC,CAAC;gBACtD,MAAM,GAAG,CAAC;YACZ,CAAC;QACH,CAAC;QACD,KAAK,CAAC,MAAM,CAAC,OAAe;YAC1B,MAAM,WAAW,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YACpC,MAAM,WAAW,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QACvC,CAAC;QACD,QAAQ;YACN,OAAO;gBACL,OAAO,EAAE,gBAAgB;gBACzB,GAAG,EAAE,UAAU;gBACf,QAAQ,EAAE,IAAI;gBACd,KAAK,EAAE,yBAAyB,kBAAkB,oBAAoB;aACvE,CAAC;QACJ,CAAC;KACF,CAAC;AACJ,CAAC"}

package/dist/credentials/backends/windows.d.ts DELETED Viewed

@@ -1,23 +0,0 @@
-/**
- * Windows Credential Manager backend.
- *
- * Uses PowerShell + Win32 P/Invoke (`CredReadW` / `CredWriteW` /
- * `CredDeleteW`) instead of a native binding so `npm install` stays
- * toolchain-free on Windows runners. `cmdkey.exe` could create and
- * delete credentials but can't read the password back — reading is the
- * whole point, so PowerShell is mandatory.
- *
- * Target-name shape is `com.openclaw.switchbot:<profile>:<field>` so
- * `rundll32.exe keymgr.dll,KRShowKeyMgr` displays our entries in a
- * clear, groupable list.
- *
- * Credential values are passed to the child process via environment
- * variables, not argv — this keeps them out of any process listing
- * and out of the PowerShell command history. Env blocks on Windows
- * are only visible to the current user (and admins), so this is a
- * reasonable trade versus the alternatives (stdin requires a second
- * round-trip; temp files leave disk residue).
- */
-import { CredentialStore } from '../keychain.js';
-export declare function windowsAvailable(): Promise<boolean>;
-export declare function createWindowsBackend(): CredentialStore;

package/dist/credentials/backends/windows.js DELETED Viewed

@@ -1,216 +0,0 @@
-/**
- * Windows Credential Manager backend.
- *
- * Uses PowerShell + Win32 P/Invoke (`CredReadW` / `CredWriteW` /
- * `CredDeleteW`) instead of a native binding so `npm install` stays
- * toolchain-free on Windows runners. `cmdkey.exe` could create and
- * delete credentials but can't read the password back — reading is the
- * whole point, so PowerShell is mandatory.
- *
- * Target-name shape is `com.openclaw.switchbot:<profile>:<field>` so
- * `rundll32.exe keymgr.dll,KRShowKeyMgr` displays our entries in a
- * clear, groupable list.
- *
- * Credential values are passed to the child process via environment
- * variables, not argv — this keeps them out of any process listing
- * and out of the PowerShell command history. Env blocks on Windows
- * are only visible to the current user (and admins), so this is a
- * reasonable trade versus the alternatives (stdin requires a second
- * round-trip; temp files leave disk residue).
- */
-import { spawn } from 'node:child_process';
-import { accountFor, CREDENTIAL_SERVICE, KeychainError, } from '../keychain.js';
-const PS_HEADER = `$ErrorActionPreference = 'Stop'
-Add-Type -MemberDefinition @'
-[DllImport("Advapi32.dll", SetLastError=true, CharSet=CharSet.Unicode)]
-public static extern bool CredReadW(string target, int type, int flags, out System.IntPtr credentialPtr);
-[DllImport("Advapi32.dll", SetLastError=true, CharSet=CharSet.Unicode)]
-public static extern bool CredWriteW(ref CREDENTIAL cred, int flags);
-[DllImport("Advapi32.dll", SetLastError=true, CharSet=CharSet.Unicode)]
-public static extern bool CredDeleteW(string target, int type, int flags);
-[DllImport("Advapi32.dll", SetLastError=true)]
-public static extern void CredFree(System.IntPtr buffer);
-[System.Runtime.InteropServices.StructLayout(System.Runtime.InteropServices.LayoutKind.Sequential)]
-public struct CREDENTIAL {
-    public int Flags;
-    public int Type;
-    public System.IntPtr TargetName;
-    public System.IntPtr Comment;
-    public System.Runtime.InteropServices.ComTypes.FILETIME LastWritten;
-    public int CredentialBlobSize;
-    public System.IntPtr CredentialBlob;
-    public int Persist;
-    public int AttributeCount;
-    public System.IntPtr Attributes;
-    public System.IntPtr TargetAlias;
-    public System.IntPtr UserName;
-}
-'@ -Name CredApi -Namespace Win32 | Out-Null
-`;
-const PS_GET = `${PS_HEADER}
-$target = $env:SWITCHBOT_CRED_TARGET
-$ptr = [System.IntPtr]::Zero
-$ok = [Win32.CredApi]::CredReadW($target, 1, 0, [ref]$ptr)
-if (-not $ok) { exit 2 }
-$cred = [System.Runtime.InteropServices.Marshal]::PtrToStructure($ptr, [type][Win32.CredApi+CREDENTIAL])
-$bytes = New-Object byte[] $cred.CredentialBlobSize
-[System.Runtime.InteropServices.Marshal]::Copy($cred.CredentialBlob, $bytes, 0, $cred.CredentialBlobSize)
-[Win32.CredApi]::CredFree($ptr) | Out-Null
-$password = [System.Text.Encoding]::Unicode.GetString($bytes)
-[Console]::Out.Write([Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($password)))
-`;
-const PS_SET = `${PS_HEADER}
-$target = $env:SWITCHBOT_CRED_TARGET
-$user = $env:SWITCHBOT_CRED_USER
-$value = $env:SWITCHBOT_CRED_VALUE
-$bytes = [System.Text.Encoding]::Unicode.GetBytes($value)
-$blob = [System.Runtime.InteropServices.Marshal]::AllocHGlobal($bytes.Length)
-[System.Runtime.InteropServices.Marshal]::Copy($bytes, 0, $blob, $bytes.Length)
-$cred = New-Object Win32.CredApi+CREDENTIAL
-$cred.Flags = 0
-$cred.Type = 1
-$cred.TargetName = [System.Runtime.InteropServices.Marshal]::StringToCoTaskMemUni($target)
-$cred.UserName = [System.Runtime.InteropServices.Marshal]::StringToCoTaskMemUni($user)
-$cred.CredentialBlob = $blob
-$cred.CredentialBlobSize = $bytes.Length
-$cred.Persist = 2
-$cred.AttributeCount = 0
-$ok = [Win32.CredApi]::CredWriteW([ref]$cred, 0)
-[System.Runtime.InteropServices.Marshal]::FreeCoTaskMem($cred.TargetName)
-[System.Runtime.InteropServices.Marshal]::FreeCoTaskMem($cred.UserName)
-[System.Runtime.InteropServices.Marshal]::FreeHGlobal($blob)
-if (-not $ok) { exit 3 }
-`;
-const PS_DELETE = `${PS_HEADER}
-$target = $env:SWITCHBOT_CRED_TARGET
-$ok = [Win32.CredApi]::CredDeleteW($target, 1, 0)
-if (-not $ok) {
-  $errno = [System.Runtime.InteropServices.Marshal]::GetLastWin32Error()
-  # 1168 = ERROR_NOT_FOUND — tolerate as idempotent delete.
-  if ($errno -ne 1168) { exit 4 }
-}
-`;
-function encodePs(script) {
-    return Buffer.from(script, 'utf16le').toString('base64');
-}
-function runPowerShell(script, env) {
-    return new Promise((resolve) => {
-        const proc = spawn('powershell.exe', ['-NoProfile', '-NonInteractive', '-EncodedCommand', encodePs(script)], {
-            stdio: ['ignore', 'pipe', 'pipe'],
-            env: { ...process.env, ...env },
-        });
-        let stdout = '';
-        let stderr = '';
-        proc.stdout.on('data', (buf) => {
-            stdout += buf.toString('utf-8');
-        });
-        proc.stderr.on('data', (buf) => {
-            stderr += buf.toString('utf-8');
-        });
-        proc.on('error', () => resolve({ code: 127, stdout, stderr }));
-        proc.on('close', (code) => resolve({ code: code ?? 0, stdout, stderr }));
-    });
-}
-function targetFor(profile, field) {
-    return `${CREDENTIAL_SERVICE}:${accountFor(profile, field)}`;
-}
-export async function windowsAvailable() {
-    if (process.platform !== 'win32')
-        return false;
-    return new Promise((resolve) => {
-        const proc = spawn('where', ['powershell.exe'], { stdio: ['ignore', 'pipe', 'pipe'] });
-        let ok = false;
-        proc.stdout.on('data', (buf) => {
-            if (buf.toString().trim().length > 0)
-                ok = true;
-        });
-        proc.on('error', () => resolve(false));
-        proc.on('close', (code) => resolve(ok && (code ?? 0) === 0));
-    });
-}
-async function readField(profile, field) {
-    const res = await runPowerShell(PS_GET, {
-        SWITCHBOT_CRED_TARGET: targetFor(profile, field),
-    });
-    if (res.code !== 0)
-        return null;
-    try {
-        const decoded = Buffer.from(res.stdout, 'base64').toString('utf-8');
-        return decoded.length > 0 ? decoded : null;
-    }
-    catch {
-        return null;
-    }
-}
-async function writeField(profile, field, value) {
-    const res = await runPowerShell(PS_SET, {
-        SWITCHBOT_CRED_TARGET: targetFor(profile, field),
-        SWITCHBOT_CRED_USER: accountFor(profile, field),
-        SWITCHBOT_CRED_VALUE: value,
-    });
-    if (res.code !== 0) {
-        throw new KeychainError('credman', 'set', `CredWrite exit ${res.code}`);
-    }
-}
-async function deleteField(profile, field) {
-    const res = await runPowerShell(PS_DELETE, {
-        SWITCHBOT_CRED_TARGET: targetFor(profile, field),
-    });
-    if (res.code !== 0) {
-        throw new KeychainError('credman', 'delete', `CredDelete exit ${res.code}`);
-    }
-}
-async function restoreField(profile, field, value) {
-    try {
-        if (value === null) {
-            await deleteField(profile, field);
-            return;
-        }
-        await writeField(profile, field, value);
-    }
-    catch {
-        // Best effort only. Preserve the original write failure.
-    }
-}
-export function createWindowsBackend() {
-    return {
-        name: 'credman',
-        async get(profile) {
-            const token = await readField(profile, 'token');
-            const secret = await readField(profile, 'secret');
-            if (!token || !secret)
-                return null;
-            return { token, secret };
-        },
-        async set(profile, creds) {
-            const previousToken = await readField(profile, 'token');
-            const previousSecret = await readField(profile, 'secret');
-            try {
-                await writeField(profile, 'token', creds.token);
-                await writeField(profile, 'secret', creds.secret);
-            }
-            catch (err) {
-                await restoreField(profile, 'token', previousToken);
-                await restoreField(profile, 'secret', previousSecret);
-                throw err;
-            }
-        },
-        async delete(profile) {
-            await deleteField(profile, 'token');
-            await deleteField(profile, 'secret');
-        },
-        describe() {
-            return {
-                backend: 'Credential Manager (Windows)',
-                tag: 'credman',
-                writable: true,
-                notes: `Stored under target "${CREDENTIAL_SERVICE}:*" via Win32 CredRead/CredWrite.`,
-            };
-        },
-    };
-}
-//# sourceMappingURL=windows.js.map

package/dist/credentials/backends/windows.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"windows.js","sourceRoot":"","sources":["../../../src/credentials/backends/windows.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAEH,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAC3C,OAAO,EACL,UAAU,EACV,kBAAkB,EAIlB,aAAa,GACd,MAAM,gBAAgB,CAAC;AAExB,MAAM,SAAS,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA8BjB,CAAC;AAEF,MAAM,MAAM,GAAG,GAAG,SAAS;;;;;;;;;;;CAW1B,CAAC;AAEF,MAAM,MAAM,GAAG,GAAG,SAAS;;;;;;;;;;;;;;;;;;;;;CAqB1B,CAAC;AAEF,MAAM,SAAS,GAAG,GAAG,SAAS;;;;;;;;CAQ7B,CAAC;AAQF,SAAS,QAAQ,CAAC,MAAc;IAC9B,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;AAC3D,CAAC;AAED,SAAS,aAAa,CAAC,MAAc,EAAE,GAA2B;IAChE,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC7B,MAAM,IAAI,GAAG,KAAK,CAChB,gBAAgB,EAChB,CAAC,YAAY,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,EACtE;YACE,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC;YACjC,GAAG,EAAE,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,GAAG,GAAG,EAAE;SAChC,CACF,CAAC;QACF,IAAI,MAAM,GAAG,EAAE,CAAC;QAChB,IAAI,MAAM,GAAG,EAAE,CAAC;QAChB,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,EAAE;YAC7B,MAAM,IAAI,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QAClC,CAAC,CAAC,CAAC;QACH,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,EAAE;YAC7B,MAAM,IAAI,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QAClC,CAAC,CAAC,CAAC;QACH,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;QAC/D,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,IAAI,IAAI,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;IAC3E,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,SAAS,CAAC,OAAe,EAAE,KAAyB;IAC3D,OAAO,GAAG,kBAAkB,IAAI,UAAU,CAAC,OAAO,EAAE,KAAK,CAAC,EAAE,CAAC;AAC/D,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,gBAAgB;IACpC,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO;QAAE,OAAO,KAAK,CAAC;IAC/C,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC7B,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,EAAE,CAAC,gBAAgB,CAAC,EAAE,EAAE,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;QACvF,IAAI,EAAE,GAAG,KAAK,CAAC;QACf,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,EAAE;YAC7B,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC;gBAAE,EAAE,GAAG,IAAI,CAAC;QAClD,CAAC,CAAC,CAAC;QACH,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC;QACvC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,OAAO,CAAC,EAAE,IAAI,CAAC,IAAI,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAC/D,CAAC,CAAC,CAAC;AACL,CAAC;AAED,KAAK,UAAU,SAAS,CAAC,OAAe,EAAE,KAAyB;IACjE,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,MAAM,EAAE;QACtC,qBAAqB,EAAE,SAAS,CAAC,OAAO,EAAE,KAAK,CAAC;KACjD,CAAC,CAAC;IACH,IAAI,GAAG,CAAC,IAAI,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAChC,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QACpE,OAAO,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC;IAC7C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,KAAK,UAAU,UAAU,CAAC,OAAe,EAAE,KAAyB,EAAE,KAAa;IACjF,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,MAAM,EAAE;QACtC,qBAAqB,EAAE,SAAS,CAAC,OAAO,EAAE,KAAK,CAAC;QAChD,mBAAmB,EAAE,UAAU,CAAC,OAAO,EAAE,KAAK,CAAC;QAC/C,oBAAoB,EAAE,KAAK;KAC5B,CAAC,CAAC;IACH,IAAI,GAAG,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;QACnB,MAAM,IAAI,aAAa,CAAC,SAAS,EAAE,KAAK,EAAE,kBAAkB,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;IAC1E,CAAC;AACH,CAAC;AAED,KAAK,UAAU,WAAW,CAAC,OAAe,EAAE,KAAyB;IACnE,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,SAAS,EAAE;QACzC,qBAAqB,EAAE,SAAS,CAAC,OAAO,EAAE,KAAK,CAAC;KACjD,CAAC,CAAC;IACH,IAAI,GAAG,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;QACnB,MAAM,IAAI,aAAa,CAAC,SAAS,EAAE,QAAQ,EAAE,mBAAmB,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;IAC9E,CAAC;AACH,CAAC;AAED,KAAK,UAAU,YAAY,CAAC,OAAe,EAAE,KAAyB,EAAE,KAAoB;IAC1F,IAAI,CAAC;QACH,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;YACnB,MAAM,WAAW,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;YAClC,OAAO;QACT,CAAC;QACD,MAAM,UAAU,CAAC,OAAO,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC;IAC1C,CAAC;IAAC,MAAM,CAAC;QACP,yDAAyD;IAC3D,CAAC;AACH,CAAC;AAED,MAAM,UAAU,oBAAoB;IAClC,OAAO;QACL,IAAI,EAAE,SAAS;QACf,KAAK,CAAC,GAAG,CAAC,OAAe;YACvB,MAAM,KAAK,GAAG,MAAM,SAAS,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAChD,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;YAClD,IAAI,CAAC,KAAK,IAAI,CAAC,MAAM;gBAAE,OAAO,IAAI,CAAC;YACnC,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC;QAC3B,CAAC;QACD,KAAK,CAAC,GAAG,CAAC,OAAe,EAAE,KAAuB;YAChD,MAAM,aAAa,GAAG,MAAM,SAAS,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YACxD,MAAM,cAAc,GAAG,MAAM,SAAS,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;YAC1D,IAAI,CAAC;gBACH,MAAM,UAAU,CAAC,OAAO,EAAE,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;gBAChD,MAAM,UAAU,CAAC,OAAO,EAAE,QAAQ,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;YACpD,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,YAAY,CAAC,OAAO,EAAE,OAAO,EAAE,aAAa,CAAC,CAAC;gBACpD,MAAM,YAAY,CAAC,OAAO,EAAE,QAAQ,EAAE,cAAc,CAAC,CAAC;gBACtD,MAAM,GAAG,CAAC;YACZ,CAAC;QACH,CAAC;QACD,KAAK,CAAC,MAAM,CAAC,OAAe;YAC1B,MAAM,WAAW,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YACpC,MAAM,WAAW,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QACvC,CAAC;QACD,QAAQ;YACN,OAAO;gBACL,OAAO,EAAE,8BAA8B;gBACvC,GAAG,EAAE,SAAS;gBACd,QAAQ,EAAE,IAAI;gBACd,KAAK,EAAE,wBAAwB,kBAAkB,mCAAmC;aACrF,CAAC;QACJ,CAAC;KACF,CAAC;AACJ,CAAC"}

package/dist/credentials/keychain.d.ts DELETED Viewed

@@ -1,83 +0,0 @@
-/**
- * OS-keychain credential store abstraction.
- *
- * F1 scope (plan: `feat/v2.8-policy-tooling`):
- *   - Defines the `CredentialStore` contract the rest of the CLI can
- *     depend on (token/secret per profile, auditable describe(), best-
- *     effort delete()).
- *   - Ships four backends: `macos` (security(1)), `linux`
- *     (secret-tool), `windows` (PowerShell + Win32 CredRead/CredWrite)
- *     and `file` (the existing `~/.switchbot/config.json` shape as
- *     last-resort fallback).
- *   - `selectCredentialStore()` picks the OS-native backend first and
- *     silently degrades to `file` whenever a backend is absent or
- *     non-writable — so a fresh Linux box without libsecret installed
- *     still Just Works.
- *
- * Out of scope here: migrating existing users off `~/.switchbot/config.json`
- * into the keychain. F3's `switchbot auth keychain migrate` subcommand
- * handles the explicit opt-in; F2 only wires the *read* path.
- *
- * Design choices:
- *   - No native bindings. Every native backend shells out to an
- *     OS-provided CLI / interpreter, which keeps `npm install` free of
- *     compile steps on CI machines.
- *   - Errors never leak credential material to logs or stderr. On any
- *     subprocess failure backends return `null` (read) or throw a
- *     `KeychainError` without the input token/secret in the message.
- *   - Service / account namespacing is identical across backends
- *     (`com.openclaw.switchbot` / `<profile>:<field>`) so a user can
- *     move between machines and expect `switchbot auth keychain get`
- *     to produce the same lookup shape.
- */
-export declare const CREDENTIAL_SERVICE = "com.openclaw.switchbot";
-export declare const CREDENTIAL_FIELDS: readonly ["token", "secret"];
-export type CredentialField = (typeof CREDENTIAL_FIELDS)[number];
-export interface CredentialBundle {
-    token: string;
-    secret: string;
-}
-export type CredentialBackendName = 'keychain' | 'credman' | 'secret-service' | 'file';
-export interface CredentialStoreDescribe {
-    /** User-facing short name, e.g. "macOS Keychain" or "Credential Manager (Windows)". */
-    backend: string;
-    /** Implementation tag; what `CredentialStore.name` returns. */
-    tag: CredentialBackendName;
-    /** Whether `set()`/`delete()` are expected to succeed. */
-    writable: boolean;
-    /** Optional one-line note surfaced by doctor and `auth keychain describe`. */
-    notes?: string;
-}
-export interface CredentialStore {
-    readonly name: CredentialBackendName;
-    get(profile: string): Promise<CredentialBundle | null>;
-    set(profile: string, creds: CredentialBundle): Promise<void>;
-    delete(profile: string): Promise<void>;
-    describe(): CredentialStoreDescribe;
-}
-/**
- * Thrown when a backend cannot service a `set`/`delete` request even
- * though it reported itself as writable. Never includes the
- * credential material in the message.
- */
-export declare class KeychainError extends Error {
-    readonly backend: CredentialBackendName;
-    readonly operation: 'get' | 'set' | 'delete';
-    constructor(backend: CredentialBackendName, operation: 'get' | 'set' | 'delete', message: string);
-}
-/** Encode the account string used by every native backend. Kept public
- * so F3's CLI can show what the underlying keychain will see. */
-export declare function accountFor(profile: string, field: CredentialField): string;
-/**
- * Select the best backend for the current platform. The caller does
- * not need to handle "no keychain available" — this function always
- * returns a store, falling back to the file backend if necessary.
- *
- * Detection is done eagerly at call time (cheap `which` probe) so a
- * long-running process reflects environment changes (e.g. user
- * installs secret-tool after first run). Selection does NOT mutate
- * any state; calling it twice returns fresh instances.
- */
-export declare function selectCredentialStore(opts?: {
-    preferFile?: boolean;
-}): Promise<CredentialStore>;

package/dist/credentials/keychain.js DELETED Viewed

@@ -1,89 +0,0 @@
-/**
- * OS-keychain credential store abstraction.
- *
- * F1 scope (plan: `feat/v2.8-policy-tooling`):
- *   - Defines the `CredentialStore` contract the rest of the CLI can
- *     depend on (token/secret per profile, auditable describe(), best-
- *     effort delete()).
- *   - Ships four backends: `macos` (security(1)), `linux`
- *     (secret-tool), `windows` (PowerShell + Win32 CredRead/CredWrite)
- *     and `file` (the existing `~/.switchbot/config.json` shape as
- *     last-resort fallback).
- *   - `selectCredentialStore()` picks the OS-native backend first and
- *     silently degrades to `file` whenever a backend is absent or
- *     non-writable — so a fresh Linux box without libsecret installed
- *     still Just Works.
- *
- * Out of scope here: migrating existing users off `~/.switchbot/config.json`
- * into the keychain. F3's `switchbot auth keychain migrate` subcommand
- * handles the explicit opt-in; F2 only wires the *read* path.
- *
- * Design choices:
- *   - No native bindings. Every native backend shells out to an
- *     OS-provided CLI / interpreter, which keeps `npm install` free of
- *     compile steps on CI machines.
- *   - Errors never leak credential material to logs or stderr. On any
- *     subprocess failure backends return `null` (read) or throw a
- *     `KeychainError` without the input token/secret in the message.
- *   - Service / account namespacing is identical across backends
- *     (`com.openclaw.switchbot` / `<profile>:<field>`) so a user can
- *     move between machines and expect `switchbot auth keychain get`
- *     to produce the same lookup shape.
- */
-export const CREDENTIAL_SERVICE = 'com.openclaw.switchbot';
-export const CREDENTIAL_FIELDS = ['token', 'secret'];
-/**
- * Thrown when a backend cannot service a `set`/`delete` request even
- * though it reported itself as writable. Never includes the
- * credential material in the message.
- */
-export class KeychainError extends Error {
-    backend;
-    operation;
-    constructor(backend, operation, message) {
-        super(`[${backend}] ${operation} failed: ${message}`);
-        this.backend = backend;
-        this.operation = operation;
-        this.name = 'KeychainError';
-    }
-}
-/** Encode the account string used by every native backend. Kept public
- * so F3's CLI can show what the underlying keychain will see. */
-export function accountFor(profile, field) {
-    return `${profile}:${field}`;
-}
-/**
- * Select the best backend for the current platform. The caller does
- * not need to handle "no keychain available" — this function always
- * returns a store, falling back to the file backend if necessary.
- *
- * Detection is done eagerly at call time (cheap `which` probe) so a
- * long-running process reflects environment changes (e.g. user
- * installs secret-tool after first run). Selection does NOT mutate
- * any state; calling it twice returns fresh instances.
- */
-export async function selectCredentialStore(opts = {}) {
-    if (opts.preferFile) {
-        const { createFileBackend } = await import('./backends/file.js');
-        return createFileBackend();
-    }
-    const platform = process.platform;
-    if (platform === 'darwin') {
-        const { createMacOsBackend, macOsAvailable } = await import('./backends/macos.js');
-        if (await macOsAvailable())
-            return createMacOsBackend();
-    }
-    else if (platform === 'linux') {
-        const { createLinuxBackend, linuxAvailable } = await import('./backends/linux.js');
-        if (await linuxAvailable())
-            return createLinuxBackend();
-    }
-    else if (platform === 'win32') {
-        const { createWindowsBackend, windowsAvailable } = await import('./backends/windows.js');
-        if (await windowsAvailable())
-            return createWindowsBackend();
-    }
-    const { createFileBackend } = await import('./backends/file.js');
-    return createFileBackend();
-}
-//# sourceMappingURL=keychain.js.map

package/dist/credentials/keychain.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"keychain.js","sourceRoot":"","sources":["../../src/credentials/keychain.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AAEH,MAAM,CAAC,MAAM,kBAAkB,GAAG,wBAAwB,CAAC;AAC3D,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,OAAO,EAAE,QAAQ,CAAU,CAAC;AA6B9D;;;;GAIG;AACH,MAAM,OAAO,aAAc,SAAQ,KAAK;IAEpB;IACA;IAFlB,YACkB,OAA8B,EAC9B,SAAmC,EACnD,OAAe;QAEf,KAAK,CAAC,IAAI,OAAO,KAAK,SAAS,YAAY,OAAO,EAAE,CAAC,CAAC;QAJtC,YAAO,GAAP,OAAO,CAAuB;QAC9B,cAAS,GAAT,SAAS,CAA0B;QAInD,IAAI,CAAC,IAAI,GAAG,eAAe,CAAC;IAC9B,CAAC;CACF;AAED;iEACiE;AACjE,MAAM,UAAU,UAAU,CAAC,OAAe,EAAE,KAAsB;IAChE,OAAO,GAAG,OAAO,IAAI,KAAK,EAAE,CAAC;AAC/B,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAC,OAAiC,EAAE;IAC7E,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;QACpB,MAAM,EAAE,iBAAiB,EAAE,GAAG,MAAM,MAAM,CAAC,oBAAoB,CAAC,CAAC;QACjE,OAAO,iBAAiB,EAAE,CAAC;IAC7B,CAAC;IAED,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IAClC,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC1B,MAAM,EAAE,kBAAkB,EAAE,cAAc,EAAE,GAAG,MAAM,MAAM,CAAC,qBAAqB,CAAC,CAAC;QACnF,IAAI,MAAM,cAAc,EAAE;YAAE,OAAO,kBAAkB,EAAE,CAAC;IAC1D,CAAC;SAAM,IAAI,QAAQ,KAAK,OAAO,EAAE,CAAC;QAChC,MAAM,EAAE,kBAAkB,EAAE,cAAc,EAAE,GAAG,MAAM,MAAM,CAAC,qBAAqB,CAAC,CAAC;QACnF,IAAI,MAAM,cAAc,EAAE;YAAE,OAAO,kBAAkB,EAAE,CAAC;IAC1D,CAAC;SAAM,IAAI,QAAQ,KAAK,OAAO,EAAE,CAAC;QAChC,MAAM,EAAE,oBAAoB,EAAE,gBAAgB,EAAE,GAAG,MAAM,MAAM,CAAC,uBAAuB,CAAC,CAAC;QACzF,IAAI,MAAM,gBAAgB,EAAE;YAAE,OAAO,oBAAoB,EAAE,CAAC;IAC9D,CAAC;IAED,MAAM,EAAE,iBAAiB,EAAE,GAAG,MAAM,MAAM,CAAC,oBAAoB,CAAC,CAAC;IACjE,OAAO,iBAAiB,EAAE,CAAC;AAC7B,CAAC"}

package/dist/credentials/prime.d.ts DELETED Viewed

@@ -1,32 +0,0 @@
-/**
- * Credential priming cache.
- *
- * `loadConfig()` runs synchronously, but every OS keychain backend is
- * async (subprocess-based). We bridge the two by priming credentials
- * once per command, early in the `preAction` hook, and keeping the
- * result in a tiny in-process cache keyed by profile name.
- *
- * After priming, sync callers can consult `getPrimedCredentials()` to
- * pick up keychain-stored token/secret without any await.
- *
- * This module intentionally swallows errors — a flaky keychain
- * probe must never block the CLI from running. When the probe fails
- * we behave as "nothing primed" and the existing file path is used.
- */
-import { CredentialBundle } from './keychain.js';
-/**
- * Look up the given profile in the active credential store and cache
- * the result. Safe to call multiple times — subsequent calls with the
- * same profile short-circuit against the cache. Swallows all errors.
- */
-export declare function primeCredentials(profile: string): Promise<void>;
-/**
- * Sync accessor for code paths that cannot be made async. Returns
- * null when the cache is empty or keyed against a different profile,
- * so existing file-based fallback stays the authoritative source.
- */
-export declare function getPrimedCredentials(profile: string): CredentialBundle | null;
-/**
- * Test helper. Not used by production code.
- */
-export declare function __resetPrimedCredentials(): void;

package/dist/credentials/prime.js DELETED Viewed

@@ -1,53 +0,0 @@
-/**
- * Credential priming cache.
- *
- * `loadConfig()` runs synchronously, but every OS keychain backend is
- * async (subprocess-based). We bridge the two by priming credentials
- * once per command, early in the `preAction` hook, and keeping the
- * result in a tiny in-process cache keyed by profile name.
- *
- * After priming, sync callers can consult `getPrimedCredentials()` to
- * pick up keychain-stored token/secret without any await.
- *
- * This module intentionally swallows errors — a flaky keychain
- * probe must never block the CLI from running. When the probe fails
- * we behave as "nothing primed" and the existing file path is used.
- */
-import { selectCredentialStore } from './keychain.js';
-let cache = null;
-/**
- * Look up the given profile in the active credential store and cache
- * the result. Safe to call multiple times — subsequent calls with the
- * same profile short-circuit against the cache. Swallows all errors.
- */
-export async function primeCredentials(profile) {
-    if (cache?.profile === profile)
-        return;
-    try {
-        const store = await selectCredentialStore();
-        const creds = await store.get(profile);
-        cache = { profile, creds };
-    }
-    catch {
-        cache = { profile, creds: null };
-    }
-}
-/**
- * Sync accessor for code paths that cannot be made async. Returns
- * null when the cache is empty or keyed against a different profile,
- * so existing file-based fallback stays the authoritative source.
- */
-export function getPrimedCredentials(profile) {
-    if (!cache)
-        return null;
-    if (cache.profile !== profile)
-        return null;
-    return cache.creds;
-}
-/**
- * Test helper. Not used by production code.
- */
-export function __resetPrimedCredentials() {
-    cache = null;
-}
-//# sourceMappingURL=prime.js.map

package/dist/credentials/prime.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"prime.js","sourceRoot":"","sources":["../../src/credentials/prime.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAoB,qBAAqB,EAAE,MAAM,eAAe,CAAC;AAOxE,IAAI,KAAK,GAAsB,IAAI,CAAC;AAEpC;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,OAAe;IACpD,IAAI,KAAK,EAAE,OAAO,KAAK,OAAO;QAAE,OAAO;IACvC,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,MAAM,qBAAqB,EAAE,CAAC;QAC5C,MAAM,KAAK,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACvC,KAAK,GAAG,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;IAC7B,CAAC;IAAC,MAAM,CAAC;QACP,KAAK,GAAG,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IACnC,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,oBAAoB,CAAC,OAAe;IAClD,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IACxB,IAAI,KAAK,CAAC,OAAO,KAAK,OAAO;QAAE,OAAO,IAAI,CAAC;IAC3C,OAAO,KAAK,CAAC,KAAK,CAAC;AACrB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,wBAAwB;IACtC,KAAK,GAAG,IAAI,CAAC;AACf,CAAC"}