@xdarkicex/openclaw-memory-libravdb 1.5.0 → 1.5.1

package/README.md

@@ -187,7 +187,7 @@ All keys are optional. For the full reference, see [Configuration](./docs/config
 
 - New install: [Install](./docs/install.md), [Installation reference](./docs/installation.md)
 - Understand the design: [Problem](./docs/problem.md), [Architecture](./docs/architecture.md), [ADRs](./docs/architecture-decisions/README.md)
-- Configure: [Configuration](./docs/configuration.md), [TLS configuration](./docs/TLS_configuration.md), [Features](./docs/features.md), [Embedding profiles](./docs/embedding-profiles.md), [Models](./docs/models.md)
+- Configure: [Configuration](./docs/configuration.md), [TLS configuration](./docs/TLS_configuration.md), [mTLS configuration](./docs/mTLS_configuration.md), [Features](./docs/features.md), [Embedding profiles](./docs/embedding-profiles.md), [Models](./docs/models.md)
 - Operate safely: [Security](./docs/security.md), [Uninstall](./docs/uninstall.md)
 - Advanced operations: [Performance and tuning](./docs/performance-and-tuning.md)
 - Work from source: [Development](./docs/development.md), [Contributing](./docs/contributing.md)

package/dist/grpc-client.d.ts

@@ -5,6 +5,8 @@ export interface GrpcClientOptions {
     timeoutMs?: number;
     tlsCaPath?: string;
     tlsMode?: "auto" | "tls" | "insecure";
+    tlsClientCertPath?: string;
+    tlsClientKeyPath?: string;
 }
 export declare function resolveGrpcTarget(endpoint: string): string;
 /**
@@ -21,7 +23,7 @@ export declare function resolveGrpcTarget(endpoint: string): string;
  * (Let's Encrypt, cert-manager) — the system CA pool is used.
  */
 export declare function resolveGrpcCredentialMode(endpoint: string, tlsMode?: "auto" | "tls" | "insecure"): "insecure" | "tls";
-export declare function resolveGrpcCredentials(endpoint: string, tlsCaPath?: string, tlsMode?: "auto" | "tls" | "insecure"): grpc.ChannelCredentials;
+export declare function resolveGrpcCredentials(endpoint: string, tlsCaPath?: string, tlsMode?: "auto" | "tls" | "insecure", tlsClientCertPath?: string, tlsClientKeyPath?: string): grpc.ChannelCredentials;
 export declare class GrpcKernelClient {
     private client;
     private readonly secret;

package/dist/grpc-client.js

@@ -1,7 +1,7 @@
 import { createHmac } from "node:crypto";
 import path from "node:path";
 import { fileURLToPath } from "node:url";
-import * as fs from "fs";
+import fs from "node:fs";
 import * as grpc from "@grpc/grpc-js";
 import * as protoLoader from "@grpc/proto-loader";
 const __dirname = path.dirname(fileURLToPath(import.meta.url));
@@ -36,12 +36,13 @@ export function resolveGrpcCredentialMode(endpoint, tlsMode) {
     const host = extractGrpcHost(target);
     return isLoopbackHost(host) ? "insecure" : "tls";
 }
-export function resolveGrpcCredentials(endpoint, tlsCaPath, tlsMode) {
+export function resolveGrpcCredentials(endpoint, tlsCaPath, tlsMode, tlsClientCertPath, tlsClientKeyPath) {
     if (resolveGrpcCredentialMode(endpoint, tlsMode) === "insecure") {
         return grpc.credentials.createInsecure();
     }
+    // tlsMode is "tls" or "auto"/undefined resolved to "tls"
+    let rootCerts = null;
     if (tlsCaPath) {
-        let rootCerts;
         try {
             rootCerts = fs.readFileSync(tlsCaPath);
         }
@@ -49,9 +50,33 @@ export function resolveGrpcCredentials(endpoint, tlsCaPath, tlsMode) {
             const msg = err instanceof Error ? err.message : String(err);
             throw new Error(`LibraVDB: failed to load TLS CA certificate from "${tlsCaPath}": ${msg}`);
         }
-        return grpc.credentials.createSsl(rootCerts, null, null);
     }
-    return grpc.credentials.createSsl();
+    // Client certificate and key must both be present or both absent
+    const hasCert = tlsClientCertPath !== undefined;
+    const hasKey = tlsClientKeyPath !== undefined;
+    if (hasCert !== hasKey) {
+        throw new Error("LibraVDB: grpcEndpointTlsClientCert and grpcEndpointTlsClientKey " +
+            "must both be set or both be omitted");
+    }
+    let clientKey = null;
+    let clientCert = null;
+    if (tlsClientCertPath && tlsClientKeyPath) {
+        try {
+            clientCert = fs.readFileSync(tlsClientCertPath);
+        }
+        catch (err) {
+            const msg = err instanceof Error ? err.message : String(err);
+            throw new Error(`LibraVDB: failed to load TLS client certificate from "${tlsClientCertPath}": ${msg}`);
+        }
+        try {
+            clientKey = fs.readFileSync(tlsClientKeyPath);
+        }
+        catch (err) {
+            const msg = err instanceof Error ? err.message : String(err);
+            throw new Error(`LibraVDB: failed to load TLS client key from "${tlsClientKeyPath}": ${msg}`);
+        }
+    }
+    return grpc.credentials.createSsl(rootCerts, clientKey, clientCert);
 }
 function extractGrpcHost(target) {
     const withoutDnsPrefix = target.startsWith("dns:///") ? target.slice("dns:///".length) : target;
@@ -84,7 +109,7 @@ export class GrpcKernelClient {
         const protoDescriptor = grpc.loadPackageDefinition(packageDefinition);
         const kernelService = protoDescriptor.intelligence_kernel.v1.IntelligenceKernel;
         const target = resolveGrpcTarget(options.endpoint);
-        this.client = new kernelService(target, resolveGrpcCredentials(options.endpoint, options.tlsCaPath, options.tlsMode));
+        this.client = new kernelService(target, resolveGrpcCredentials(options.endpoint, options.tlsCaPath, options.tlsMode, options.tlsClientCertPath, options.tlsClientKeyPath));
     }
     getMetadata(signed = true) {
         const md = new grpc.Metadata();

package/dist/index.js

@@ -39661,7 +39661,7 @@ var protoLoader = __toESM(require_src2(), 1);
 import { createHmac } from "node:crypto";
 import path3 from "node:path";
 import { fileURLToPath } from "node:url";
-import * as fs3 from "fs";
+import fs3 from "node:fs";
 var __dirname2 = path3.dirname(fileURLToPath(import.meta.url));
 var PROTO_PATH = path3.resolve(__dirname2, "./proto/intelligence_kernel/v1/kernel.proto");
 function resolveGrpcTarget(endpoint) {
@@ -39675,12 +39675,12 @@ function resolveGrpcCredentialMode(endpoint, tlsMode) {
   const host = extractGrpcHost(target);
   return isLoopbackHost(host) ? "insecure" : "tls";
 }
-function resolveGrpcCredentials(endpoint, tlsCaPath, tlsMode) {
+function resolveGrpcCredentials(endpoint, tlsCaPath, tlsMode, tlsClientCertPath, tlsClientKeyPath) {
   if (resolveGrpcCredentialMode(endpoint, tlsMode) === "insecure") {
     return grpc.credentials.createInsecure();
   }
+  let rootCerts = null;
   if (tlsCaPath) {
-    let rootCerts;
     try {
       rootCerts = fs3.readFileSync(tlsCaPath);
     } catch (err) {
@@ -39689,9 +39689,35 @@ function resolveGrpcCredentials(endpoint, tlsCaPath, tlsMode) {
         `LibraVDB: failed to load TLS CA certificate from "${tlsCaPath}": ${msg}`
       );
     }
-    return grpc.credentials.createSsl(rootCerts, null, null);
   }
-  return grpc.credentials.createSsl();
+  const hasCert = tlsClientCertPath !== void 0;
+  const hasKey = tlsClientKeyPath !== void 0;
+  if (hasCert !== hasKey) {
+    throw new Error(
+      "LibraVDB: grpcEndpointTlsClientCert and grpcEndpointTlsClientKey must both be set or both be omitted"
+    );
+  }
+  let clientKey = null;
+  let clientCert = null;
+  if (tlsClientCertPath && tlsClientKeyPath) {
+    try {
+      clientCert = fs3.readFileSync(tlsClientCertPath);
+    } catch (err) {
+      const msg = err instanceof Error ? err.message : String(err);
+      throw new Error(
+        `LibraVDB: failed to load TLS client certificate from "${tlsClientCertPath}": ${msg}`
+      );
+    }
+    try {
+      clientKey = fs3.readFileSync(tlsClientKeyPath);
+    } catch (err) {
+      const msg = err instanceof Error ? err.message : String(err);
+      throw new Error(
+        `LibraVDB: failed to load TLS client key from "${tlsClientKeyPath}": ${msg}`
+      );
+    }
+  }
+  return grpc.credentials.createSsl(rootCerts, clientKey, clientCert);
 }
 function extractGrpcHost(target) {
   const withoutDnsPrefix = target.startsWith("dns:///") ? target.slice("dns:///".length) : target;
@@ -39724,7 +39750,13 @@ var GrpcKernelClient = class {
     const protoDescriptor = grpc.loadPackageDefinition(packageDefinition);
     const kernelService = protoDescriptor.intelligence_kernel.v1.IntelligenceKernel;
     const target = resolveGrpcTarget(options.endpoint);
-    this.client = new kernelService(target, resolveGrpcCredentials(options.endpoint, options.tlsCaPath, options.tlsMode));
+    this.client = new kernelService(target, resolveGrpcCredentials(
+      options.endpoint,
+      options.tlsCaPath,
+      options.tlsMode,
+      options.tlsClientCertPath,
+      options.tlsClientKeyPath
+    ));
   }
   getMetadata(signed = true) {
     const md = new grpc.Metadata();
@@ -40191,7 +40223,7 @@ function sleep2(delayMs) {
 }
 
 // src/plugin-runtime.ts
-import { readFileSync as readFileSync3 } from "node:fs";
+import { readFileSync as readFileSync2 } from "node:fs";
 var DEFAULT_RPC_TIMEOUT_MS = 3e4;
 var STARTUP_HEALTH_TIMEOUT_MS = 2e3;
 var VALID_TLS_MODES = ["auto", "tls", "insecure"];
@@ -40210,6 +40242,32 @@ function createPluginRuntime(cfg, logger = console) {
     }
     if (!started) {
       started = (async () => {
+        if (cfg.grpcEndpoint) {
+          if (cfg.grpcEndpointTlsMode !== void 0 && !isTlsModeValid(cfg.grpcEndpointTlsMode)) {
+            throw new Error(
+              `LibraVDB: invalid grpcEndpointTlsMode "${cfg.grpcEndpointTlsMode}" \u2014 must be "auto", "tls", or "insecure"`
+            );
+          }
+          const hasClientCert = cfg.grpcEndpointTlsClientCert !== void 0;
+          const hasClientKey = cfg.grpcEndpointTlsClientKey !== void 0;
+          if (hasClientCert !== hasClientKey) {
+            throw new Error(
+              "LibraVDB: grpcEndpointTlsClientCert and grpcEndpointTlsClientKey must both be set or both be omitted"
+            );
+          }
+          if (cfg.grpcEndpointTlsMode === "insecure") {
+            if (cfg.grpcEndpointTlsCa) {
+              logger.warn?.(
+                `LibraVDB: grpcEndpointTlsCa is set but grpcEndpointTlsMode is "insecure" \u2014 the CA file will not be used`
+              );
+            }
+            if (cfg.grpcEndpointTlsClientCert) {
+              logger.warn?.(
+                `LibraVDB: grpcEndpointTlsClientCert is set but grpcEndpointTlsMode is "insecure" \u2014 client certificate will not be sent`
+              );
+            }
+          }
+        }
         const sidecar = await startSidecar(cfg, logger);
         const rpc = new RpcClient(sidecar.socket, {
           timeoutMs: cfg.rpcTimeoutMs ?? DEFAULT_RPC_TIMEOUT_MS
@@ -40226,24 +40284,16 @@ function createPluginRuntime(cfg, logger = console) {
         }
         let kernel = null;
         if (cfg.grpcEndpoint) {
+          const secret = loadSecretFromEnv();
           try {
-            const secret = loadSecretFromEnv();
-            if (cfg.grpcEndpointTlsMode !== void 0 && !isTlsModeValid(cfg.grpcEndpointTlsMode)) {
-              throw new Error(
-                `LibraVDB: invalid grpcEndpointTlsMode "${cfg.grpcEndpointTlsMode}" \u2014 must be "auto", "tls", or "insecure"`
-              );
-            }
-            if (cfg.grpcEndpointTlsMode === "insecure" && cfg.grpcEndpointTlsCa) {
-              logger.warn?.(
-                `LibraVDB: grpcEndpointTlsCa is set but grpcEndpointTlsMode is "insecure" \u2014 the CA file will not be used`
-              );
-            }
             kernel = new GrpcKernelClient({
               endpoint: cfg.grpcEndpoint,
               secret,
               timeoutMs: cfg.rpcTimeoutMs ?? DEFAULT_RPC_TIMEOUT_MS,
               tlsCaPath: cfg.grpcEndpointTlsCa,
-              tlsMode: cfg.grpcEndpointTlsMode
+              tlsMode: cfg.grpcEndpointTlsMode,
+              tlsClientCertPath: cfg.grpcEndpointTlsClientCert,
+              tlsClientKeyPath: cfg.grpcEndpointTlsClientKey
             });
           } catch (error) {
             logger.warn?.(`LibraVDB: failed to initialize gRPC kernel client: ${formatError(error)}`);
@@ -40312,7 +40362,7 @@ function loadSecretFromEnv() {
   const path5 = process.env.LIBRAVDB_AUTH_SECRET_FILE;
   if (path5) {
     try {
-      return readFileSync3(path5, "utf8").trim();
+      return readFileSync2(path5, "utf8").trim();
     } catch {
       return void 0;
     }

package/dist/plugin-runtime.js

@@ -21,6 +21,30 @@ export function createPluginRuntime(cfg, logger = console) {
         }
         if (!started) {
             started = (async () => {
+                if (cfg.grpcEndpoint) {
+                    if (cfg.grpcEndpointTlsMode !== undefined &&
+                        !isTlsModeValid(cfg.grpcEndpointTlsMode)) {
+                        throw new Error(`LibraVDB: invalid grpcEndpointTlsMode "${cfg.grpcEndpointTlsMode}" — ` +
+                            `must be "auto", "tls", or "insecure"`);
+                    }
+                    const hasClientCert = cfg.grpcEndpointTlsClientCert !== undefined;
+                    const hasClientKey = cfg.grpcEndpointTlsClientKey !== undefined;
+                    if (hasClientCert !== hasClientKey) {
+                        throw new Error("LibraVDB: grpcEndpointTlsClientCert and " +
+                            "grpcEndpointTlsClientKey must both be set or both be omitted");
+                    }
+                    if (cfg.grpcEndpointTlsMode === "insecure") {
+                        if (cfg.grpcEndpointTlsCa) {
+                            logger.warn?.(`LibraVDB: grpcEndpointTlsCa is set but grpcEndpointTlsMode ` +
+                                `is "insecure" — the CA file will not be used`);
+                        }
+                        if (cfg.grpcEndpointTlsClientCert) {
+                            logger.warn?.(`LibraVDB: grpcEndpointTlsClientCert is set but ` +
+                                `grpcEndpointTlsMode is "insecure" — client certificate ` +
+                                `will not be sent`);
+                        }
+                    }
+                }
                 const sidecar = await startSidecar(cfg, logger);
                 const rpc = new RpcClient(sidecar.socket, {
                     timeoutMs: cfg.rpcTimeoutMs ?? DEFAULT_RPC_TIMEOUT_MS,
@@ -39,28 +63,20 @@ export function createPluginRuntime(cfg, logger = console) {
                 }
                 let kernel = null;
                 if (cfg.grpcEndpoint) {
+                    const secret = loadSecretFromEnv();
                     try {
-                        const secret = loadSecretFromEnv();
-                        if (cfg.grpcEndpointTlsMode !== undefined &&
-                            !isTlsModeValid(cfg.grpcEndpointTlsMode)) {
-                            throw new Error(`LibraVDB: invalid grpcEndpointTlsMode "${cfg.grpcEndpointTlsMode}" — ` +
-                                `must be "auto", "tls", or "insecure"`);
-                        }
-                        if (cfg.grpcEndpointTlsMode === "insecure" &&
-                            cfg.grpcEndpointTlsCa) {
-                            // logger is provided by the host and may not have all methods
-                            logger.warn?.(`LibraVDB: grpcEndpointTlsCa is set but grpcEndpointTlsMode ` +
-                                `is "insecure" — the CA file will not be used`);
-                        }
                         kernel = new GrpcKernelClient({
                             endpoint: cfg.grpcEndpoint,
                             secret,
                             timeoutMs: cfg.rpcTimeoutMs ?? DEFAULT_RPC_TIMEOUT_MS,
                             tlsCaPath: cfg.grpcEndpointTlsCa,
                             tlsMode: cfg.grpcEndpointTlsMode,
+                            tlsClientCertPath: cfg.grpcEndpointTlsClientCert,
+                            tlsClientKeyPath: cfg.grpcEndpointTlsClientKey,
                         });
                     }
                     catch (error) {
+                        // Only gRPC init errors land here — config validation already threw above
                         logger.warn?.(`LibraVDB: failed to initialize gRPC kernel client: ${formatError(error)}`);
                     }
                 }

package/dist/types.d.ts

@@ -91,6 +91,17 @@ export interface PluginConfig {
     logLevel?: "debug" | "info" | "warn" | "error";
     grpcEndpoint?: string;
     grpcEndpointTlsCa?: string;
+    /** Path to a client certificate PEM file for mTLS.
+     * The file must contain a PEM-encoded X.509 certificate. Leaf first;
+     * intermediates may follow in the same file. Required when the daemon
+     * requires a client certificate (mTLS). Must be paired with
+     * grpcEndpointTlsClientKey. */
+    grpcEndpointTlsClientCert?: string;
+    /** Path to the client private key PEM file.
+     * Must correspond to the leaf certificate in grpcEndpointTlsClientCert.
+     * Accepts RSA (PKCS#1/PKCS#8), ECDSA (P-256/P-384/P-521), Ed25519.
+     * Required when grpcEndpointTlsClientCert is set. */
+    grpcEndpointTlsClientKey?: string;
     /** Controls gRPC credential mode.
      * "auto" (default) — loopback and unix → plaintext, remote → TLS.
      * "tls"            — always use TLS regardless of address.

package/docs/mTLS_configuration.md

@@ -0,0 +1,78 @@
+# mTLS Configuration
+
+The plugin supports mutual TLS (mTLS) for gRPC connections to the Vector Service. In mTLS, both the client and the server present X.509 certificates, and each side verifies the other's certificate against a trusted CA. When the Vector Service is configured with a client CA, it will reject any client that does not present a valid certificate signed by that CA.
+
+## When mTLS is required
+
+The Vector Service operator enables mTLS by configuring a client CA on the service side. When this is enabled, the Vector Service requires every connecting client to present a certificate signed by that CA. If the plugin is configured to use TLS but does not present a client certificate, the TLS handshake will fail and the connection will be rejected.
+
+The plugin cannot detect whether the daemon requires mTLS — it must be configured explicitly. If connections fail with a "client did not provide a certificate" error, the plugin likely needs a client certificate configured.
+
+## Configuration fields
+
+| Field | Type | When to use |
+|---|---|---|
+| `grpcEndpointTlsClientCert` | string (file path) | Path to a PEM-encoded X.509 client certificate. Required when the Vector Service requires a client certificate. |
+| `grpcEndpointTlsClientKey` | string (file path) | Path to the PEM-encoded private key that corresponds to the certificate. Required when `grpcEndpointTlsClientCert` is set. |
+
+Both fields must be set together or not at all. Setting one without the other will cause a configuration error at startup.
+
+These fields only take effect when the connection uses TLS — that is, when `grpcEndpointTlsMode` is not `"insecure"` and the endpoint is not a loopback address or Unix socket. See [TLS configuration](./TLS_configuration.md) for the full TLS behavior reference.
+
+## Certificate requirements
+
+- **Format**: PEM-encoded X.509 certificate (-----BEGIN CERTIFICATE-----)
+- **Chain order**: Leaf certificate must be first in the file; intermediate certificates may follow in the same file
+- **Signing**: The certificate must be signed by the CA that the Vector Service operator configured as the client CA
+- **Key types accepted**:
+  - RSA (any key size)
+  - ECDSA (P-256, P-384, P-521)
+  - Ed25519
+- **Key file format**: PEM-encoded private key (-----BEGIN PRIVATE KEY----- or -----BEGIN RSA PRIVATE KEY----- etc.)
+- **Key/cert match**: The private key must correspond to the leaf certificate's public key
+- **Revocation**: The Vector Service does not perform revocation checking. Expired certificates are rejected (`NotAfter` boundary). Revoked but unexpired certificates are not detected. Keep certificate lifetimes short.
+
+## Example configuration
+
+```json
+{
+  "grpcEndpoint": "tcp:libravdb.internal:9090",
+  "grpcEndpointTlsCa": "/etc/certs/company-ca.pem",
+  "grpcEndpointTlsClientCert": "/etc/certs/plugin-client.crt",
+  "grpcEndpointTlsClientKey": "/etc/certs/plugin-client.key"
+}
+```
+
+This example shows all four gRPC TLS fields configured together for a remote Vector Service that uses a private CA and requires mTLS.
+
+## Generating a client certificate (quick reference)
+
+The following example shows OpenSSL commands to generate a client key, create a CSR, and sign it with a private CA. This is for illustration only — operators may use cert-manager, Vault, step, or other PKI tooling instead.
+
+**1. Create a client private key:**
+```bash
+openssl genpkey -algorithm ED25519 -out client.key
+```
+
+**2. Create a certificate signing request (CSR):**
+```bash
+openssl req -new -key client.key -out client.csr -subj "/CN=openclaw-plugin/O=LibraVDB"
+```
+
+**3. Sign the CSR with the private CA:**
+```bash
+openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key \
+  -CAcreateserial -out client.crt -days 365
+```
+
+Replace `ca.crt` and `ca.key` with the CA certificate and key that the daemon operator provided.
+
+## Error reference
+
+| Error | Likely cause | Fix |
+|---|---|---|
+| `tls: client did not provide a certificate` | mTLS is required by the Vector Service, but no client certificate is configured in the plugin | Set `grpcEndpointTlsClientCert` and `grpcEndpointTlsClientKey` in the plugin config |
+| `tls: failed to verify client certificate: x509: certificate signed by unknown authority` | The client certificate is not signed by the Vector Service's client CA | Obtain a certificate signed by the CA the Vector Service operator configured as the client CA |
+| `LibraVDB: failed to load TLS client certificate from "...": ENOENT: no such file or directory` | The certificate file path does not exist or is not readable | Verify the path set in `grpcEndpointTlsClientCert` exists and has correct permissions |
+| `LibraVDB: failed to load TLS client key from "...": ENOENT: no such file or directory` | The key file path does not exist or is not readable | Verify the path set in `grpcEndpointTlsClientKey` exists and has correct permissions |
+| `LibraVDB: grpcEndpointTlsClientCert and grpcEndpointTlsClientKey must both be set or both be omitted` | Only one of the two fields is set | Set both fields or remove both from the configuration |

package/openclaw.plugin.json

@@ -2,7 +2,7 @@
   "id": "libravdb-memory",
   "name": "LibraVDB Memory",
   "description": "Persistent vector memory with three-tier hybrid scoring",
-  "version": "1.5.0",
+  "version": "1.5.1",
   "kind": [
     "memory",
     "context-engine"
@@ -50,6 +50,14 @@
         "type": "string",
         "description": "Path to a CA certificate PEM file for verifying the daemon's TLS certificate. Only needed for self-signed or private CA certificates. Not required when using a publicly trusted certificate (Let's Encrypt, cert-manager, etc)."
       },
+      "grpcEndpointTlsClientCert": {
+        "type": "string",
+        "description": "Path to a PEM-encoded X.509 client certificate for mTLS. Required when the daemon requires a client certificate. Must be paired with grpcEndpointTlsClientKey."
+      },
+      "grpcEndpointTlsClientKey": {
+        "type": "string",
+        "description": "Path to the client private key PEM file. Required when grpcEndpointTlsClientCert is set. Accepts RSA, ECDSA (P-256/P-384/P-521), Ed25519 keys."
+      },
       "grpcEndpointTlsMode": {
         "type": "string",
         "enum": [

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@xdarkicex/openclaw-memory-libravdb",
-  "version": "1.5.0",
+  "version": "1.5.1",
   "type": "module",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",