npm - @wlfi-agent/cli - Versions diffs - 1.4.12 → 1.4.14 - Mend

@wlfi-agent/cli 1.4.12 → 1.4.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (289) hide show

package/Cargo.lock +3968 -0
package/Cargo.toml +50 -0
package/README.md +426 -6
package/crates/vault-cli-admin/Cargo.toml +26 -0
package/crates/vault-cli-admin/src/io_utils.rs +500 -0
package/crates/vault-cli-admin/src/main.rs +3990 -0
package/crates/vault-cli-admin/src/shared_config.rs +624 -0
package/crates/vault-cli-admin/src/tui/amounts.rs +180 -0
package/crates/vault-cli-admin/src/tui/token_rpc.rs +250 -0
package/crates/vault-cli-admin/src/tui/utils.rs +82 -0
package/crates/vault-cli-admin/src/tui.rs +3410 -0
package/crates/vault-cli-agent/Cargo.toml +24 -0
package/crates/vault-cli-agent/src/io_utils.rs +576 -0
package/crates/vault-cli-agent/src/main.rs +833 -0
package/crates/vault-cli-daemon/Cargo.toml +28 -0
package/crates/vault-cli-daemon/src/bin/wlfi-agent-system-keychain.rs +216 -0
package/crates/vault-cli-daemon/src/main.rs +644 -0
package/crates/vault-cli-daemon/src/relay_sync.rs +894 -0
package/crates/vault-cli-daemon/tests/system_keychain_helper_acl.rs +167 -0
package/crates/vault-daemon/Cargo.toml +32 -0
package/crates/vault-daemon/src/daemon_parts/api_impl_and_utils.rs +1041 -0
package/crates/vault-daemon/src/daemon_parts/core_helpers.rs +1256 -0
package/crates/vault-daemon/src/daemon_parts/types_api_rpc.rs +622 -0
package/crates/vault-daemon/src/lib.rs +54 -0
package/crates/vault-daemon/src/persistence.rs +441 -0
package/crates/vault-daemon/src/tests.rs +237 -0
package/crates/vault-daemon/src/tests_parts/part1.rs +1224 -0
package/crates/vault-daemon/src/tests_parts/part2.rs +1021 -0
package/crates/vault-daemon/src/tests_parts/part3.rs +835 -0
package/crates/vault-daemon/src/tests_parts/part4.rs +604 -0
package/crates/vault-domain/Cargo.toml +20 -0
package/crates/vault-domain/src/action.rs +849 -0
package/crates/vault-domain/src/address.rs +51 -0
package/crates/vault-domain/src/approval.rs +90 -0
package/crates/vault-domain/src/constants.rs +4 -0
package/crates/vault-domain/src/error.rs +54 -0
package/crates/vault-domain/src/keys.rs +71 -0
package/crates/vault-domain/src/lib.rs +42 -0
package/crates/vault-domain/src/nonce.rs +102 -0
package/crates/vault-domain/src/policy.rs +172 -0
package/crates/vault-domain/src/request.rs +53 -0
package/crates/vault-domain/src/scope.rs +24 -0
package/crates/vault-domain/src/session.rs +50 -0
package/crates/vault-domain/src/signature.rs +34 -0
package/crates/vault-domain/src/tests.rs +651 -0
package/crates/vault-domain/src/u128_as_decimal_string.rs +44 -0
package/crates/vault-policy/Cargo.toml +17 -0
package/crates/vault-policy/src/engine.rs +301 -0
package/crates/vault-policy/src/error.rs +81 -0
package/crates/vault-policy/src/lib.rs +17 -0
package/crates/vault-policy/src/report.rs +34 -0
package/crates/vault-policy/src/tests.rs +891 -0
package/crates/vault-policy/src/tests_explain.rs +78 -0
package/crates/vault-sdk-agent/Cargo.toml +21 -0
package/crates/vault-sdk-agent/src/lib.rs +711 -0
package/crates/vault-signer/Cargo.toml +25 -0
package/crates/vault-signer/src/lib.rs +731 -0
package/crates/vault-signer/tests/secure_enclave_acl.rs +54 -0
package/crates/vault-transport-unix/Cargo.toml +24 -0
package/crates/vault-transport-unix/src/lib.rs +1640 -0
package/crates/vault-transport-xpc/Cargo.toml +25 -0
package/crates/vault-transport-xpc/src/client_codec_api.rs +635 -0
package/crates/vault-transport-xpc/src/lib.rs +680 -0
package/crates/vault-transport-xpc/src/tests.rs +818 -0
package/crates/vault-transport-xpc/tests/e2e_flow.rs +773 -0
package/dist/cli.cjs +35088 -0
package/dist/cli.cjs.map +1 -0
package/package.json +49 -43
package/packages/cache/.turbo/turbo-build.log +52 -0
package/packages/cache/dist/chunk-2QFWMUXT.cjs +43 -0
package/packages/cache/dist/chunk-2QFWMUXT.cjs.map +1 -0
package/packages/cache/dist/chunk-4U63TZTQ.js +43 -0
package/packages/cache/dist/chunk-4U63TZTQ.js.map +1 -0
package/packages/cache/dist/chunk-ALQ6H7KG.cjs +404 -0
package/packages/cache/dist/chunk-ALQ6H7KG.cjs.map +1 -0
package/packages/cache/dist/chunk-FGJEEF5N.js +404 -0
package/packages/cache/dist/chunk-FGJEEF5N.js.map +1 -0
package/packages/cache/dist/chunk-UYNEHZHB.cjs +45 -0
package/packages/cache/dist/chunk-UYNEHZHB.cjs.map +1 -0
package/packages/cache/dist/chunk-VXVMPG3W.js +45 -0
package/packages/cache/dist/chunk-VXVMPG3W.js.map +1 -0
package/packages/cache/dist/client/index.cjs +11 -0
package/packages/cache/dist/client/index.cjs.map +1 -0
package/packages/cache/dist/client/index.d.cts +15 -0
package/packages/cache/dist/client/index.d.ts +15 -0
package/packages/cache/dist/client/index.js +11 -0
package/packages/cache/dist/client/index.js.map +1 -0
package/packages/cache/dist/errors/index.cjs +11 -0
package/packages/cache/dist/errors/index.cjs.map +1 -0
package/packages/cache/dist/errors/index.d.cts +26 -0
package/packages/cache/dist/errors/index.d.ts +26 -0
package/packages/cache/dist/errors/index.js +11 -0
package/packages/cache/dist/errors/index.js.map +1 -0
package/packages/cache/dist/index.cjs +29 -0
package/packages/cache/dist/index.cjs.map +1 -0
package/packages/cache/dist/index.d.cts +4 -0
package/packages/cache/dist/index.d.ts +4 -0
package/packages/cache/dist/index.js +29 -0
package/packages/cache/dist/index.js.map +1 -0
package/packages/cache/dist/service/index.cjs +15 -0
package/packages/cache/dist/service/index.cjs.map +1 -0
package/packages/cache/dist/service/index.d.cts +184 -0
package/packages/cache/dist/service/index.d.ts +184 -0
package/packages/cache/dist/service/index.js +15 -0
package/packages/cache/dist/service/index.js.map +1 -0
package/packages/cache/node_modules/.bin/jiti +17 -0
package/packages/cache/node_modules/.bin/tsc +17 -0
package/packages/cache/node_modules/.bin/tsserver +17 -0
package/packages/cache/node_modules/.bin/tsup +17 -0
package/packages/cache/node_modules/.bin/tsup-node +17 -0
package/packages/cache/node_modules/.bin/tsx +17 -0
package/packages/cache/node_modules/.bin/vitest +17 -0
package/packages/cache/package.json +48 -0
package/packages/cache/src/client/index.ts +56 -0
package/packages/cache/src/errors/index.ts +53 -0
package/packages/cache/src/index.ts +3 -0
package/packages/cache/src/service/index.test.ts +263 -0
package/packages/cache/src/service/index.ts +678 -0
package/packages/cache/tsconfig.json +13 -0
package/packages/cache/tsup.config.ts +13 -0
package/packages/cache/vitest.config.ts +16 -0
package/packages/config/.turbo/turbo-build.log +18 -0
package/packages/config/dist/index.cjs +1037 -0
package/packages/config/dist/index.cjs.map +1 -0
package/packages/config/dist/index.d.ts +131 -0
package/packages/config/node_modules/.bin/jiti +17 -0
package/packages/config/node_modules/.bin/tsc +17 -0
package/packages/config/node_modules/.bin/tsserver +17 -0
package/packages/config/node_modules/.bin/tsup +17 -0
package/packages/config/node_modules/.bin/tsup-node +17 -0
package/packages/config/node_modules/.bin/tsx +17 -0
package/packages/config/package.json +21 -0
package/packages/config/src/index.js +1 -0
package/packages/config/src/index.ts +1282 -0
package/packages/config/tsconfig.json +4 -0
package/packages/rpc/.turbo/turbo-build.log +32 -0
package/packages/rpc/dist/_esm-BCLXDO2R.cjs +3660 -0
package/packages/rpc/dist/_esm-BCLXDO2R.cjs.map +1 -0
package/packages/rpc/dist/ccip-OWJLAW55.cjs +16 -0
package/packages/rpc/dist/ccip-OWJLAW55.cjs.map +1 -0
package/packages/rpc/dist/chunk-APQIFZ3B.cjs +6247 -0
package/packages/rpc/dist/chunk-APQIFZ3B.cjs.map +1 -0
package/packages/rpc/dist/chunk-CDO2GWRD.cjs +410 -0
package/packages/rpc/dist/chunk-CDO2GWRD.cjs.map +1 -0
package/packages/rpc/dist/chunk-QGTNTFJ7.cjs +2249 -0
package/packages/rpc/dist/chunk-QGTNTFJ7.cjs.map +1 -0
package/packages/rpc/dist/chunk-TZDTAHWR.cjs +44 -0
package/packages/rpc/dist/chunk-TZDTAHWR.cjs.map +1 -0
package/packages/rpc/dist/index.cjs +7342 -0
package/packages/rpc/dist/index.cjs.map +1 -0
package/packages/rpc/dist/index.d.ts +3857 -0
package/packages/rpc/dist/secp256k1-WCNM675D.cjs +18 -0
package/packages/rpc/dist/secp256k1-WCNM675D.cjs.map +1 -0
package/packages/rpc/node_modules/.bin/jiti +17 -0
package/packages/rpc/node_modules/.bin/tsc +17 -0
package/packages/rpc/node_modules/.bin/tsserver +17 -0
package/packages/rpc/node_modules/.bin/tsup +17 -0
package/packages/rpc/node_modules/.bin/tsup-node +17 -0
package/packages/rpc/node_modules/.bin/tsx +17 -0
package/packages/rpc/package.json +25 -0
package/packages/rpc/src/index.ts +206 -0
package/packages/rpc/tsconfig.json +4 -0
package/packages/typescript/base.json +36 -0
package/packages/typescript/nextjs.json +17 -0
package/packages/typescript/package.json +10 -0
package/packages/ui/.turbo/turbo-build.log +44 -0
package/packages/ui/dist/chunk-MOAFBKSA.js +11 -0
package/packages/ui/dist/chunk-MOAFBKSA.js.map +1 -0
package/packages/ui/dist/components/badge.d.ts +12 -0
package/packages/ui/dist/components/badge.js +31 -0
package/packages/ui/dist/components/badge.js.map +1 -0
package/packages/ui/dist/components/button.d.ts +13 -0
package/packages/ui/dist/components/button.js +40 -0
package/packages/ui/dist/components/button.js.map +1 -0
package/packages/ui/dist/components/card.d.ts +10 -0
package/packages/ui/dist/components/card.js +39 -0
package/packages/ui/dist/components/card.js.map +1 -0
package/packages/ui/dist/components/input.d.ts +5 -0
package/packages/ui/dist/components/input.js +28 -0
package/packages/ui/dist/components/input.js.map +1 -0
package/packages/ui/dist/components/label.d.ts +5 -0
package/packages/ui/dist/components/label.js +13 -0
package/packages/ui/dist/components/label.js.map +1 -0
package/packages/ui/dist/components/separator.d.ts +5 -0
package/packages/ui/dist/components/separator.js +13 -0
package/packages/ui/dist/components/separator.js.map +1 -0
package/packages/ui/dist/components/textarea.d.ts +5 -0
package/packages/ui/dist/components/textarea.js +27 -0
package/packages/ui/dist/components/textarea.js.map +1 -0
package/packages/ui/dist/tailwind.d.ts +56 -0
package/packages/ui/dist/tailwind.js +60 -0
package/packages/ui/dist/tailwind.js.map +1 -0
package/packages/ui/dist/utils/cn.d.ts +5 -0
package/packages/ui/dist/utils/cn.js +7 -0
package/packages/ui/dist/utils/cn.js.map +1 -0
package/packages/ui/node_modules/.bin/jiti +17 -0
package/packages/ui/node_modules/.bin/tsc +17 -0
package/packages/ui/node_modules/.bin/tsserver +17 -0
package/packages/ui/node_modules/.bin/tsup +17 -0
package/packages/ui/node_modules/.bin/tsup-node +17 -0
package/packages/ui/node_modules/.bin/tsx +17 -0
package/packages/ui/package.json +69 -0
package/packages/ui/src/components/badge.tsx +27 -0
package/packages/ui/src/components/button.tsx +40 -0
package/packages/ui/src/components/card.tsx +31 -0
package/packages/ui/src/components/input.tsx +21 -0
package/packages/ui/src/components/label.tsx +6 -0
package/packages/ui/src/components/separator.tsx +6 -0
package/packages/ui/src/components/textarea.tsx +20 -0
package/packages/ui/src/globals.css +70 -0
package/packages/ui/src/tailwind.ts +56 -0
package/packages/ui/src/utils/cn.ts +6 -0
package/packages/ui/tsconfig.json +20 -0
package/packages/ui/tsup.config.ts +20 -0
package/pnpm-workspace.yaml +4 -0
package/scripts/install-rust-binaries.mjs +84 -0
package/scripts/launchd/install-user-daemon.sh +358 -0
package/scripts/launchd/run-vault-daemon.sh +5 -0
package/scripts/launchd/run-wlfi-agent-daemon.sh +73 -0
package/scripts/launchd/uninstall-user-daemon.sh +103 -0
package/src/cli.ts +2121 -0
package/src/lib/admin-guard.js +1 -0
package/src/lib/admin-guard.ts +185 -0
package/src/lib/admin-passthrough.ts +33 -0
package/src/lib/admin-reset.ts +751 -0
package/src/lib/admin-setup.ts +1612 -0
package/src/lib/agent-auth-clear.js +1 -0
package/src/lib/agent-auth-clear.ts +58 -0
package/src/lib/agent-auth-forwarding.js +1 -0
package/src/lib/agent-auth-forwarding.ts +149 -0
package/src/lib/agent-auth-migrate.js +1 -0
package/src/lib/agent-auth-migrate.ts +150 -0
package/src/lib/agent-auth-revoke.ts +103 -0
package/src/lib/agent-auth-rotate.ts +107 -0
package/src/lib/agent-auth-token.js +1 -0
package/src/lib/agent-auth-token.ts +25 -0
package/src/lib/agent-auth.ts +89 -0
package/src/lib/asset-broadcast.js +1 -0
package/src/lib/asset-broadcast.ts +285 -0
package/src/lib/bootstrap-artifacts.js +1 -0
package/src/lib/bootstrap-artifacts.ts +205 -0
package/src/lib/bootstrap-credentials.js +1 -0
package/src/lib/bootstrap-credentials.ts +832 -0
package/src/lib/config-amounts.js +1 -0
package/src/lib/config-amounts.ts +189 -0
package/src/lib/config-mutation.ts +27 -0
package/src/lib/fs-trust.js +1 -0
package/src/lib/fs-trust.ts +537 -0
package/src/lib/keychain.js +1 -0
package/src/lib/keychain.ts +225 -0
package/src/lib/local-admin-access.ts +106 -0
package/src/lib/network-selection.js +1 -0
package/src/lib/network-selection.ts +71 -0
package/src/lib/passthrough-security.js +1 -0
package/src/lib/passthrough-security.ts +114 -0
package/src/lib/rpc-guard.js +1 -0
package/src/lib/rpc-guard.ts +7 -0
package/src/lib/rust-spawn-options.js +1 -0
package/src/lib/rust-spawn-options.ts +98 -0
package/src/lib/rust.js +1 -0
package/src/lib/rust.ts +143 -0
package/src/lib/signed-tx.js +1 -0
package/src/lib/signed-tx.ts +116 -0
package/src/lib/status-repair-cli.ts +116 -0
package/src/lib/sudo.js +1 -0
package/src/lib/sudo.ts +172 -0
package/src/lib/vault-password-forwarding.js +1 -0
package/src/lib/vault-password-forwarding.ts +155 -0
package/src/lib/wallet-profile.js +1 -0
package/src/lib/wallet-profile.ts +332 -0
package/src/lib/wallet-repair.js +1 -0
package/src/lib/wallet-repair.ts +304 -0
package/src/lib/wallet-setup.js +1 -0
package/src/lib/wallet-setup.ts +1466 -0
package/src/lib/wallet-status.js +1 -0
package/src/lib/wallet-status.ts +640 -0
package/tsconfig.base.json +17 -0
package/tsconfig.json +10 -0
package/tsup.config.ts +25 -0
package/turbo.json +41 -0
package/LICENSE.md +0 -1
package/dist/wlfa/index.cjs +0 -250
package/dist/wlfa/index.d.cts +0 -1
package/dist/wlfa/index.d.ts +0 -1
package/dist/wlfa/index.js +0 -250
package/dist/wlfc/index.cjs +0 -1894
package/dist/wlfc/index.d.cts +0 -1
package/dist/wlfc/index.d.ts +0 -1
package/dist/wlfc/index.js +0 -1894

package/crates/vault-cli-daemon/Cargo.toml ADDED Viewed

@@ -0,0 +1,28 @@
+[package]
+name = "wlfi-agent-daemon"
+version.workspace = true
+edition.workspace = true
+license.workspace = true
+authors.workspace = true
+[dependencies]
+anyhow.workspace = true
+clap.workspace = true
+libc.workspace = true
+nix = { version = "0.30", features = ["user"] }
+rpassword.workspace = true
+reqwest.workspace = true
+serde.workspace = true
+serde_json.workspace = true
+time.workspace = true
+tokio.workspace = true
+uuid.workspace = true
+zeroize.workspace = true
+vault-daemon = { path = "../vault-daemon" }
+vault-domain = { path = "../vault-domain" }
+vault-signer = { path = "../vault-signer" }
+vault-transport-unix = { path = "../vault-transport-unix" }
+[target.'cfg(target_os = "macos")'.dependencies]
+security-framework.workspace = true
+security-framework-sys.workspace = true

package/crates/vault-cli-daemon/src/bin/wlfi-agent-system-keychain.rs ADDED Viewed

@@ -0,0 +1,216 @@
+use std::io::{Read, Write};
+use std::path::PathBuf;
+use anyhow::{bail, Context, Result};
+use clap::{Parser, Subcommand};
+use zeroize::Zeroize;
+const MAX_SECRET_STDIN_BYTES: usize = 16 * 1024;
+#[derive(Debug, Parser)]
+#[command(
+    name = "wlfi-agent-system-keychain",
+    about = "Read and replace WLFI generic-password items in a specific macOS keychain"
+)]
+struct Cli {
+    #[command(subcommand)]
+    command: Command,
+}
+#[derive(Debug, Subcommand)]
+enum Command {
+    ReadGenericPassword {
+        #[arg(long, value_name = "PATH")]
+        keychain: PathBuf,
+        #[arg(long, value_name = "NAME")]
+        service: String,
+        #[arg(long, value_name = "NAME")]
+        account: String,
+    },
+    ReplaceGenericPassword {
+        #[arg(long, value_name = "PATH")]
+        keychain: PathBuf,
+        #[arg(long, value_name = "NAME")]
+        service: String,
+        #[arg(long, value_name = "NAME")]
+        account: String,
+        #[arg(
+            long,
+            default_value_t = false,
+            help = "Read the replacement password from stdin"
+        )]
+        password_stdin: bool,
+    },
+}
+fn main() -> Result<()> {
+    let cli = Cli::parse();
+    match cli.command {
+        Command::ReadGenericPassword {
+            keychain,
+            service,
+            account,
+        } => read_generic_password(keychain, service, account),
+        Command::ReplaceGenericPassword {
+            keychain,
+            service,
+            account,
+            password_stdin,
+        } => replace_generic_password(keychain, service, account, password_stdin),
+    }
+}
+fn required_trimmed(value: String, label: &str) -> Result<String> {
+    let normalized = value.trim().to_owned();
+    if normalized.is_empty() {
+        bail!("{label} is required");
+    }
+    if normalized.chars().any(|character| character.is_control()) {
+        bail!("{label} must not contain control characters");
+    }
+    Ok(normalized)
+}
+fn read_secret_from_stdin(label: &str) -> Result<String> {
+    let mut raw = String::new();
+    std::io::stdin()
+        .read_to_string(&mut raw)
+        .with_context(|| format!("failed to read {label} from stdin"))?;
+    if raw.as_bytes().len() > MAX_SECRET_STDIN_BYTES {
+        raw.zeroize();
+        bail!("{label} must not exceed {MAX_SECRET_STDIN_BYTES} bytes");
+    }
+    let trimmed = raw.trim_end_matches(['\r', '\n']).to_owned();
+    raw.zeroize();
+    if trimmed.trim().is_empty() {
+        bail!("{label} must not be empty or whitespace");
+    }
+    Ok(trimmed)
+}
+#[cfg(target_os = "macos")]
+fn read_generic_password(keychain: PathBuf, service: String, account: String) -> Result<()> {
+    use security_framework::os::macos::keychain::SecKeychain;
+    let service = required_trimmed(service, "service")?;
+    let account = required_trimmed(account, "account")?;
+    let _interaction_guard =
+        SecKeychain::disable_user_interaction().context("failed to disable keychain UI")?;
+    let keychain = SecKeychain::open(&keychain)
+        .with_context(|| format!("failed to open keychain {}", keychain.display()))?;
+    let (password, _) = keychain
+        .find_generic_password(&service, &account)
+        .with_context(|| {
+            format!(
+                "failed to read generic password for service '{}' and account '{}'",
+                service, account
+            )
+        })?;
+    let mut secret = String::from_utf8(password.as_ref().to_vec())
+        .context("generic password data is not valid UTF-8")?;
+    std::io::stdout()
+        .write_all(secret.as_bytes())
+        .context("failed to write generic password to stdout")?;
+    std::io::stdout()
+        .write_all(b"\n")
+        .context("failed to terminate stdout output")?;
+    secret.zeroize();
+    Ok(())
+}
+#[cfg(not(target_os = "macos"))]
+fn read_generic_password(_keychain: PathBuf, _service: String, _account: String) -> Result<()> {
+    bail!("wlfi-agent-system-keychain is available only on macOS");
+}
+#[cfg(target_os = "macos")]
+fn replace_generic_password(
+    keychain: PathBuf,
+    service: String,
+    account: String,
+    password_stdin: bool,
+) -> Result<()> {
+    use security_framework::os::macos::keychain::SecKeychain;
+    use security_framework_sys::base::errSecItemNotFound;
+    if !password_stdin {
+        bail!("replace-generic-password requires --password-stdin");
+    }
+    let service = required_trimmed(service, "service")?;
+    let account = required_trimmed(account, "account")?;
+    let mut password = read_secret_from_stdin("password")?;
+    let result = (|| {
+        let _interaction_guard =
+            SecKeychain::disable_user_interaction().context("failed to disable keychain UI")?;
+        let keychain = SecKeychain::open(&keychain)
+            .with_context(|| format!("failed to open keychain {}", keychain.display()))?;
+        match keychain.find_generic_password(&service, &account) {
+            Ok((_existing_password, item)) => item.delete(),
+            Err(error) if error.code() == errSecItemNotFound => {}
+            Err(error) => {
+                return Err(error).with_context(|| {
+                    format!(
+                        "failed to inspect existing generic password for service '{}' and account '{}'",
+                        service, account
+                    )
+                });
+            }
+        }
+        keychain
+            .add_generic_password(&service, &account, password.as_bytes())
+            .with_context(|| {
+                format!(
+                    "failed to store generic password for service '{}' and account '{}'",
+                    service, account
+                )
+            })?;
+        Ok(())
+    })();
+    password.zeroize();
+    result
+}
+#[cfg(not(target_os = "macos"))]
+fn replace_generic_password(
+    _keychain: PathBuf,
+    _service: String,
+    _account: String,
+    _password_stdin: bool,
+) -> Result<()> {
+    bail!("wlfi-agent-system-keychain is available only on macOS");
+}
+#[cfg(test)]
+mod tests {
+    use super::required_trimmed;
+    #[test]
+    fn required_trimmed_accepts_spaces_inside_identifiers() {
+        let value = required_trimmed("Jane Doe".to_string(), "account").unwrap();
+        assert_eq!(value, "Jane Doe");
+    }
+    #[test]
+    fn required_trimmed_rejects_blank_identifiers() {
+        let error = required_trimmed("   ".to_string(), "service").unwrap_err();
+        assert!(error.to_string().contains("service is required"));
+    }
+    #[test]
+    fn required_trimmed_rejects_control_characters() {
+        let error = required_trimmed("bad\naccount".to_string(), "account").unwrap_err();
+        assert!(error
+            .to_string()
+            .contains("account must not contain control characters"));
+    }
+}