aivault-mcp 0.1.0

package/dist/cli/commands/list.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"list.js","sourceRoot":"","sources":["../../../src/cli/commands/list.ts"],"names":[],"mappings":";;AAGA,kCAiBC;AApBD,6CAA+C;AAC/C,oCAAuC;AAEvC,SAAgB,WAAW,CAAC,GAAuB,EAAE,QAAgB;IACnE,MAAM,KAAK,GAAG,IAAI,kBAAU,CAAC,QAAQ,CAAC,CAAC;IAEvC,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,KAAK,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;QAEvC,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzB,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,8BAA8B,GAAG,IAAI,CAAC,CAAC,CAAC,sBAAsB,CAAC,CAAC;YAClF,OAAO;QACT,CAAC;QAED,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAC1E,OAAO,CAAC,GAAG,CAAC,IAAA,mBAAW,EAAC,IAAI,EAAE,CAAC,MAAM,EAAE,aAAa,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC;IAClE,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,OAAO,CAAC,KAAK,CAAC,UAAU,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;QACvC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC"}

package/dist/cli/commands/set.d.ts

@@ -0,0 +1,2 @@
+export declare function setCommand(name: string, description: string, tags: string[], password: string): Promise<void>;
+//# sourceMappingURL=set.d.ts.map

package/dist/cli/commands/set.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"set.d.ts","sourceRoot":"","sources":["../../../src/cli/commands/set.ts"],"names":[],"mappings":"AAGA,wBAAsB,UAAU,CAC9B,IAAI,EAAE,MAAM,EACZ,WAAW,EAAE,MAAM,EACnB,IAAI,EAAE,MAAM,EAAE,EACd,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,IAAI,CAAC,CA0Bf"}

package/dist/cli/commands/set.js

@@ -0,0 +1,31 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.setCommand = setCommand;
+const store_1 = require("../../vault/store");
+const utils_1 = require("../utils");
+async function setCommand(name, description, tags, password) {
+    const store = new store_1.VaultStore(password);
+    // Check if secret already exists
+    const existing = store.getSecret(name);
+    if (existing) {
+        const overwrite = await (0, utils_1.promptConfirm)(`Secret ${name} already exists. Overwrite? (y/N): `);
+        if (!overwrite) {
+            console.log('Aborted.');
+            return;
+        }
+    }
+    const value = await (0, utils_1.promptHidden)(`Enter value for ${name}: `);
+    if (!value) {
+        console.error('Error: Secret value cannot be empty.');
+        process.exit(1);
+    }
+    try {
+        store.setSecret(name, value, description, tags);
+        console.log(`\n✓ Secret ${name} saved`);
+    }
+    catch (err) {
+        console.error(`Error: ${err.message}`);
+        process.exit(1);
+    }
+}
+//# sourceMappingURL=set.js.map

package/dist/cli/commands/set.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"set.js","sourceRoot":"","sources":["../../../src/cli/commands/set.ts"],"names":[],"mappings":";;AAGA,gCA+BC;AAlCD,6CAA+C;AAC/C,oCAAuD;AAEhD,KAAK,UAAU,UAAU,CAC9B,IAAY,EACZ,WAAmB,EACnB,IAAc,EACd,QAAgB;IAEhB,MAAM,KAAK,GAAG,IAAI,kBAAU,CAAC,QAAQ,CAAC,CAAC;IAEvC,iCAAiC;IACjC,MAAM,QAAQ,GAAG,KAAK,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IACvC,IAAI,QAAQ,EAAE,CAAC;QACb,MAAM,SAAS,GAAG,MAAM,IAAA,qBAAa,EAAC,UAAU,IAAI,qCAAqC,CAAC,CAAC;QAC3F,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;YACxB,OAAO;QACT,CAAC;IACH,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,IAAA,oBAAY,EAAC,mBAAmB,IAAI,IAAI,CAAC,CAAC;IAC9D,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,CAAC,KAAK,CAAC,sCAAsC,CAAC,CAAC;QACtD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,IAAI,CAAC;QACH,KAAK,CAAC,SAAS,CAAC,IAAI,EAAE,KAAK,EAAE,WAAW,EAAE,IAAI,CAAC,CAAC;QAChD,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,QAAQ,CAAC,CAAC;IAC1C,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,OAAO,CAAC,KAAK,CAAC,UAAU,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;QACvC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC"}

package/dist/cli/utils.d.ts

@@ -0,0 +1,4 @@
+export declare function promptHidden(question: string): Promise<string>;
+export declare function promptConfirm(question: string): Promise<boolean>;
+export declare function formatTable(rows: string[][], headers: string[]): string;
+//# sourceMappingURL=utils.d.ts.map

package/dist/cli/utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../src/cli/utils.ts"],"names":[],"mappings":"AAEA,wBAAgB,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CA8B9D;AAED,wBAAgB,aAAa,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAYhE;AAED,wBAAgB,WAAW,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,MAAM,CAavE"}

package/dist/cli/utils.js

@@ -0,0 +1,57 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.promptHidden = promptHidden;
+exports.promptConfirm = promptConfirm;
+exports.formatTable = formatTable;
+const readline_1 = __importDefault(require("readline"));
+function promptHidden(question) {
+    return new Promise((resolve) => {
+        const rl = readline_1.default.createInterface({
+            input: process.stdin,
+            output: process.stdout,
+        });
+        // Mute output for hidden input
+        const stdout = process.stdout;
+        let muted = false;
+        const originalWrite = stdout.write.bind(stdout);
+        stdout.write = ((chunk, ...args) => {
+            if (muted) {
+                // Only suppress the echoed characters, not our prompt
+                return true;
+            }
+            return originalWrite(chunk, ...args);
+        });
+        rl.question(question, (answer) => {
+            muted = false;
+            stdout.write = originalWrite;
+            stdout.write('\n');
+            rl.close();
+            resolve(answer);
+        });
+        muted = true;
+    });
+}
+function promptConfirm(question) {
+    return new Promise((resolve) => {
+        const rl = readline_1.default.createInterface({
+            input: process.stdin,
+            output: process.stdout,
+        });
+        rl.question(question, (answer) => {
+            rl.close();
+            resolve(answer.toLowerCase() === 'y');
+        });
+    });
+}
+function formatTable(rows, headers) {
+    const allRows = [headers, ...rows];
+    const colWidths = headers.map((_, i) => Math.max(...allRows.map(row => (row[i] || '').length)));
+    const formatRow = (row) => row.map((cell, i) => (cell || '').padEnd(colWidths[i])).join('  ');
+    const headerLine = formatRow(headers);
+    const separator = colWidths.map(w => '-'.repeat(w)).join('  ');
+    return [headerLine, separator, ...rows.map(formatRow)].join('\n');
+}
+//# sourceMappingURL=utils.js.map

package/dist/cli/utils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../src/cli/utils.ts"],"names":[],"mappings":";;;;;AAEA,oCA8BC;AAED,sCAYC;AAED,kCAaC;AA7DD,wDAAgC;AAEhC,SAAgB,YAAY,CAAC,QAAgB;IAC3C,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC7B,MAAM,EAAE,GAAG,kBAAQ,CAAC,eAAe,CAAC;YAClC,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,MAAM,EAAE,OAAO,CAAC,MAAM;SACvB,CAAC,CAAC;QAEH,+BAA+B;QAC/B,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC9B,IAAI,KAAK,GAAG,KAAK,CAAC;QAElB,MAAM,aAAa,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAChD,MAAM,CAAC,KAAK,GAAG,CAAC,CAAC,KAAU,EAAE,GAAG,IAAW,EAAE,EAAE;YAC7C,IAAI,KAAK,EAAE,CAAC;gBACV,sDAAsD;gBACtD,OAAO,IAAI,CAAC;YACd,CAAC;YACD,OAAO,aAAa,CAAC,KAAK,EAAE,GAAG,IAAI,CAAC,CAAC;QACvC,CAAC,CAAQ,CAAC;QAEV,EAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC,MAAM,EAAE,EAAE;YAC/B,KAAK,GAAG,KAAK,CAAC;YACd,MAAM,CAAC,KAAK,GAAG,aAAa,CAAC;YAC7B,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YACnB,EAAE,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,CAAC,MAAM,CAAC,CAAC;QAClB,CAAC,CAAC,CAAC;QAEH,KAAK,GAAG,IAAI,CAAC;IACf,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAgB,aAAa,CAAC,QAAgB;IAC5C,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC7B,MAAM,EAAE,GAAG,kBAAQ,CAAC,eAAe,CAAC;YAClC,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,MAAM,EAAE,OAAO,CAAC,MAAM;SACvB,CAAC,CAAC;QAEH,EAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC,MAAM,EAAE,EAAE;YAC/B,EAAE,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE,KAAK,GAAG,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAgB,WAAW,CAAC,IAAgB,EAAE,OAAiB;IAC7D,MAAM,OAAO,GAAG,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC;IACnC,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CACrC,IAAI,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CACvD,CAAC;IAEF,MAAM,SAAS,GAAG,CAAC,GAAa,EAAE,EAAE,CAClC,GAAG,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAErE,MAAM,UAAU,GAAG,SAAS,CAAC,OAAO,CAAC,CAAC;IACtC,MAAM,SAAS,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAE/D,OAAO,CAAC,UAAU,EAAE,SAAS,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACpE,CAAC"}

package/dist/executor/parser.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Parse $SECRET_NAME references from a command string.
+ * Matches $UPPER_CASE_NAME patterns that follow env var naming conventions.
+ */
+export declare function parseSecretReferences(command: string): string[];
+//# sourceMappingURL=parser.d.ts.map

package/dist/executor/parser.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"parser.d.ts","sourceRoot":"","sources":["../../src/executor/parser.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,EAAE,CAU/D"}

package/dist/executor/parser.js

@@ -0,0 +1,17 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.parseSecretReferences = parseSecretReferences;
+/**
+ * Parse $SECRET_NAME references from a command string.
+ * Matches $UPPER_CASE_NAME patterns that follow env var naming conventions.
+ */
+function parseSecretReferences(command) {
+    const regex = /\$([A-Z][A-Z0-9_]*)\b/g;
+    const names = new Set();
+    let match;
+    while ((match = regex.exec(command)) !== null) {
+        names.add(match[1]);
+    }
+    return Array.from(names);
+}
+//# sourceMappingURL=parser.js.map

package/dist/executor/parser.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"parser.js","sourceRoot":"","sources":["../../src/executor/parser.ts"],"names":[],"mappings":";;AAIA,sDAUC;AAdD;;;GAGG;AACH,SAAgB,qBAAqB,CAAC,OAAe;IACnD,MAAM,KAAK,GAAG,wBAAwB,CAAC;IACvC,MAAM,KAAK,GAAG,IAAI,GAAG,EAAU,CAAC;IAChC,IAAI,KAA6B,CAAC;IAElC,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAC9C,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IACtB,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AAC3B,CAAC"}

package/dist/executor/runner.d.ts

@@ -0,0 +1,17 @@
+export interface RunCommandInput {
+    command: string;
+    working_directory?: string;
+    timeout_seconds?: number;
+}
+export interface RunCommandResult {
+    status: 'success' | 'missing_secrets' | 'error';
+    exit_code?: number;
+    stdout?: string;
+    stderr?: string;
+    missing?: Array<{
+        name: string;
+        message: string;
+    }>;
+}
+export declare function runCommand(input: RunCommandInput, secretValues: Map<string, string>): RunCommandResult;
+//# sourceMappingURL=runner.d.ts.map

package/dist/executor/runner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"runner.d.ts","sourceRoot":"","sources":["../../src/executor/runner.ts"],"names":[],"mappings":"AAQA,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,gBAAgB;IAC/B,MAAM,EAAE,SAAS,GAAG,iBAAiB,GAAG,OAAO,CAAC;IAChD,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CACpD;AAED,wBAAgB,UAAU,CACxB,KAAK,EAAE,eAAe,EACtB,YAAY,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,GAChC,gBAAgB,CAwDlB"}

package/dist/executor/runner.js

@@ -0,0 +1,63 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.runCommand = runCommand;
+const child_process_1 = require("child_process");
+const os_1 = __importDefault(require("os"));
+const parser_1 = require("./parser");
+const scrubber_1 = require("../scrubber/scrubber");
+const MAX_TIMEOUT = 300;
+const DEFAULT_TIMEOUT = 30;
+function runCommand(input, secretValues) {
+    const { command, working_directory, timeout_seconds } = input;
+    // Parse secret references from the command
+    const referencedSecrets = (0, parser_1.parseSecretReferences)(command);
+    // Check for missing secrets
+    const missing = referencedSecrets.filter(name => !secretValues.has(name));
+    if (missing.length > 0) {
+        return {
+            status: 'missing_secrets',
+            missing: missing.map(name => ({
+                name,
+                message: `This secret is not in the vault. Please ask the user to add it using: aivault set ${name} --desc "description of what this secret is for"`,
+            })),
+        };
+    }
+    // Build environment with secrets injected
+    const env = { ...process.env };
+    for (const [name, value] of secretValues) {
+        env[name] = value;
+    }
+    const timeout = Math.min(Math.max(1, timeout_seconds ?? DEFAULT_TIMEOUT), MAX_TIMEOUT) * 1000;
+    const cwd = working_directory || os_1.default.homedir();
+    try {
+        const stdout = (0, child_process_1.execSync)(command, {
+            cwd,
+            env,
+            timeout,
+            encoding: 'utf8',
+            stdio: ['pipe', 'pipe', 'pipe'],
+            shell: '/bin/sh',
+        });
+        const scrubbedStdout = (0, scrubber_1.scrubOutput)(stdout || '', secretValues);
+        return {
+            status: 'success',
+            exit_code: 0,
+            stdout: scrubbedStdout,
+            stderr: '',
+        };
+    }
+    catch (err) {
+        const stdout = (0, scrubber_1.scrubOutput)(err.stdout?.toString() || '', secretValues);
+        const stderr = (0, scrubber_1.scrubOutput)(err.stderr?.toString() || '', secretValues);
+        return {
+            status: 'error',
+            exit_code: err.status ?? 1,
+            stdout,
+            stderr: stderr || err.message,
+        };
+    }
+}
+//# sourceMappingURL=runner.js.map

package/dist/executor/runner.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"runner.js","sourceRoot":"","sources":["../../src/executor/runner.ts"],"names":[],"mappings":";;;;;AAsBA,gCA2DC;AAjFD,iDAAyC;AACzC,4CAAoB;AACpB,qCAAiD;AACjD,mDAAmD;AAEnD,MAAM,WAAW,GAAG,GAAG,CAAC;AACxB,MAAM,eAAe,GAAG,EAAE,CAAC;AAgB3B,SAAgB,UAAU,CACxB,KAAsB,EACtB,YAAiC;IAEjC,MAAM,EAAE,OAAO,EAAE,iBAAiB,EAAE,eAAe,EAAE,GAAG,KAAK,CAAC;IAE9D,2CAA2C;IAC3C,MAAM,iBAAiB,GAAG,IAAA,8BAAqB,EAAC,OAAO,CAAC,CAAC;IAEzD,4BAA4B;IAC5B,MAAM,OAAO,GAAG,iBAAiB,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC;IAC1E,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvB,OAAO;YACL,MAAM,EAAE,iBAAiB;YACzB,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBAC5B,IAAI;gBACJ,OAAO,EAAE,qFAAqF,IAAI,kDAAkD;aACrJ,CAAC,CAAC;SACJ,CAAC;IACJ,CAAC;IAED,0CAA0C;IAC1C,MAAM,GAAG,GAA2B,EAAE,GAAG,OAAO,CAAC,GAA6B,EAAE,CAAC;IACjF,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,YAAY,EAAE,CAAC;QACzC,GAAG,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC;IACpB,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,eAAe,IAAI,eAAe,CAAC,EAAE,WAAW,CAAC,GAAG,IAAI,CAAC;IAC9F,MAAM,GAAG,GAAG,iBAAiB,IAAI,YAAE,CAAC,OAAO,EAAE,CAAC;IAE9C,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAA,wBAAQ,EAAC,OAAO,EAAE;YAC/B,GAAG;YACH,GAAG;YACH,OAAO;YACP,QAAQ,EAAE,MAAM;YAChB,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;YAC/B,KAAK,EAAE,SAAS;SACjB,CAAC,CAAC;QAEH,MAAM,cAAc,GAAG,IAAA,sBAAW,EAAC,MAAM,IAAI,EAAE,EAAE,YAAY,CAAC,CAAC;QAE/D,OAAO;YACL,MAAM,EAAE,SAAS;YACjB,SAAS,EAAE,CAAC;YACZ,MAAM,EAAE,cAAc;YACtB,MAAM,EAAE,EAAE;SACX,CAAC;IACJ,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,MAAM,MAAM,GAAG,IAAA,sBAAW,EAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE,YAAY,CAAC,CAAC;QACvE,MAAM,MAAM,GAAG,IAAA,sBAAW,EAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE,YAAY,CAAC,CAAC;QAEvE,OAAO;YACL,MAAM,EAAE,OAAO;YACf,SAAS,EAAE,GAAG,CAAC,MAAM,IAAI,CAAC;YAC1B,MAAM;YACN,MAAM,EAAE,MAAM,IAAI,GAAG,CAAC,OAAO;SAC9B,CAAC;IACJ,CAAC;AACH,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,3 @@
+#!/usr/bin/env node
+export {};
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":""}

package/dist/index.js

@@ -0,0 +1,18 @@
+#!/usr/bin/env node
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const stdio_js_1 = require("@modelcontextprotocol/sdk/server/stdio.js");
+const store_1 = require("./vault/store");
+const server_1 = require("./server");
+async function main() {
+    const password = process.env.AIVAULT_MASTER_PASSWORD || undefined;
+    const store = password ? new store_1.VaultStore(password) : undefined;
+    const server = (0, server_1.createServer)(store);
+    const transport = new stdio_js_1.StdioServerTransport();
+    await server.connect(transport);
+}
+main().catch((err) => {
+    console.error('Fatal error:', err);
+    process.exit(1);
+});
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;AACA,wEAAiF;AACjF,yCAA2C;AAC3C,qCAAwC;AAExC,KAAK,UAAU,IAAI;IACjB,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,uBAAuB,IAAI,SAAS,CAAC;IAClE,MAAM,KAAK,GAAG,QAAQ,CAAC,CAAC,CAAC,IAAI,kBAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAE9D,MAAM,MAAM,GAAG,IAAA,qBAAY,EAAC,KAAK,CAAC,CAAC;IACnC,MAAM,SAAS,GAAG,IAAI,+BAAoB,EAAE,CAAC;IAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;AAClC,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;IACnB,OAAO,CAAC,KAAK,CAAC,cAAc,EAAE,GAAG,CAAC,CAAC;IACnC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}

package/dist/scrubber/scrubber.d.ts

@@ -0,0 +1,7 @@
+/**
+ * Scrub secret values from output text.
+ * Replaces any occurrence of a secret value (or common encodings) with [REDACTED:SECRET_NAME].
+ * Processes longest values first to prevent partial matches.
+ */
+export declare function scrubOutput(output: string, secretValues: Map<string, string>): string;
+//# sourceMappingURL=scrubber.d.ts.map

package/dist/scrubber/scrubber.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"scrubber.d.ts","sourceRoot":"","sources":["../../src/scrubber/scrubber.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,wBAAgB,WAAW,CAAC,MAAM,EAAE,MAAM,EAAE,YAAY,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,MAAM,CAkCrF"}

package/dist/scrubber/scrubber.js

@@ -0,0 +1,40 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.scrubOutput = scrubOutput;
+/**
+ * Scrub secret values from output text.
+ * Replaces any occurrence of a secret value (or common encodings) with [REDACTED:SECRET_NAME].
+ * Processes longest values first to prevent partial matches.
+ */
+function scrubOutput(output, secretValues) {
+    if (!output || secretValues.size === 0) {
+        return output;
+    }
+    // Sort by value length descending to prevent partial match issues
+    const entries = Array.from(secretValues.entries()).sort((a, b) => b[1].length - a[1].length);
+    let scrubbed = output;
+    for (const [name, value] of entries) {
+        if (!value)
+            continue;
+        const redacted = `[REDACTED:${name}]`;
+        // Replace raw value
+        scrubbed = replaceAll(scrubbed, value, redacted);
+        // Replace URL-encoded version
+        const urlEncoded = encodeURIComponent(value);
+        if (urlEncoded !== value) {
+            scrubbed = replaceAll(scrubbed, urlEncoded, redacted);
+        }
+        // Replace Base64-encoded version
+        const base64Encoded = Buffer.from(value).toString('base64');
+        if (base64Encoded !== value) {
+            scrubbed = replaceAll(scrubbed, base64Encoded, redacted);
+        }
+    }
+    return scrubbed;
+}
+function replaceAll(str, search, replacement) {
+    // Escape special regex characters in the search string
+    const escaped = search.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+    return str.replace(new RegExp(escaped, 'g'), replacement);
+}
+//# sourceMappingURL=scrubber.js.map

package/dist/scrubber/scrubber.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"scrubber.js","sourceRoot":"","sources":["../../src/scrubber/scrubber.ts"],"names":[],"mappings":";;AAKA,kCAkCC;AAvCD;;;;GAIG;AACH,SAAgB,WAAW,CAAC,MAAc,EAAE,YAAiC;IAC3E,IAAI,CAAC,MAAM,IAAI,YAAY,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;QACvC,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,kEAAkE;IAClE,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CACrD,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CACpC,CAAC;IAEF,IAAI,QAAQ,GAAG,MAAM,CAAC;IAEtB,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,OAAO,EAAE,CAAC;QACpC,IAAI,CAAC,KAAK;YAAE,SAAS;QAErB,MAAM,QAAQ,GAAG,aAAa,IAAI,GAAG,CAAC;QAEtC,oBAAoB;QACpB,QAAQ,GAAG,UAAU,CAAC,QAAQ,EAAE,KAAK,EAAE,QAAQ,CAAC,CAAC;QAEjD,8BAA8B;QAC9B,MAAM,UAAU,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;QAC7C,IAAI,UAAU,KAAK,KAAK,EAAE,CAAC;YACzB,QAAQ,GAAG,UAAU,CAAC,QAAQ,EAAE,UAAU,EAAE,QAAQ,CAAC,CAAC;QACxD,CAAC;QAED,iCAAiC;QACjC,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAC5D,IAAI,aAAa,KAAK,KAAK,EAAE,CAAC;YAC5B,QAAQ,GAAG,UAAU,CAAC,QAAQ,EAAE,aAAa,EAAE,QAAQ,CAAC,CAAC;QAC3D,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,UAAU,CAAC,GAAW,EAAE,MAAc,EAAE,WAAmB;IAClE,uDAAuD;IACvD,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC;IAC9D,OAAO,GAAG,CAAC,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC,EAAE,WAAW,CAAC,CAAC;AAC5D,CAAC"}

package/dist/server.d.ts

@@ -0,0 +1,4 @@
+import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+import { VaultStore } from './vault/store';
+export declare function createServer(store: VaultStore | undefined): McpServer;
+//# sourceMappingURL=server.d.ts.map

package/dist/server.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAEpE,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAc3C,wBAAgB,YAAY,CAAC,KAAK,EAAE,UAAU,GAAG,SAAS,GAAG,SAAS,CAwFrE"}

package/dist/server.js

@@ -0,0 +1,87 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createServer = createServer;
+const mcp_js_1 = require("@modelcontextprotocol/sdk/server/mcp.js");
+const zod_1 = require("zod");
+const runner_1 = require("./executor/runner");
+const types_1 = require("./vault/types");
+function vaultError(store) {
+    if (!store) {
+        return 'AIVAULT_MASTER_PASSWORD environment variable is not set. Please set it in your MCP server config.';
+    }
+    if (!store.isInitialized()) {
+        return 'Vault not initialized. Please run "aivault init" in your terminal first.';
+    }
+    return null;
+}
+function createServer(store) {
+    const server = new mcp_js_1.McpServer({
+        name: 'aivault',
+        version: '0.1.0',
+    });
+    // Tool 1: list_secrets
+    server.tool('list_secrets', 'List available secrets (names, descriptions, tags only — never values). Use this to discover what credentials are available.', { tag: zod_1.z.string().optional().describe('Optional tag to filter secrets by (e.g., "project-x")') }, async ({ tag }) => {
+        const err = vaultError(store);
+        if (err) {
+            return { content: [{ type: 'text', text: JSON.stringify({ status: 'error', message: err }) }], isError: true };
+        }
+        try {
+            const secrets = store.listSecrets(tag);
+            return { content: [{ type: 'text', text: JSON.stringify({ secrets }, null, 2) }] };
+        }
+        catch (e) {
+            return { content: [{ type: 'text', text: JSON.stringify({ status: 'error', message: e.message }) }], isError: true };
+        }
+    });
+    // Tool 2: run_command
+    server.tool('run_command', 'Execute a shell command with secrets injected as environment variables. Reference secrets using $SECRET_NAME syntax. Output is scrubbed of any secret values before returning.', {
+        command: zod_1.z.string().describe('The shell command to execute. Reference secrets using $SECRET_NAME syntax.'),
+        working_directory: zod_1.z.string().optional().describe('Optional working directory. Defaults to home directory.'),
+        timeout_seconds: zod_1.z.number().optional().default(30).describe('Optional timeout in seconds. Defaults to 30, max 300.'),
+    }, async ({ command, working_directory, timeout_seconds }) => {
+        const err = vaultError(store);
+        if (err) {
+            return { content: [{ type: 'text', text: JSON.stringify({ status: 'error', message: err }) }], isError: true };
+        }
+        try {
+            const secretValues = store.getAllSecretValues();
+            const result = (0, runner_1.runCommand)({ command, working_directory, timeout_seconds }, secretValues);
+            return {
+                content: [{ type: 'text', text: JSON.stringify(result, null, 2) }],
+                isError: result.status === 'error',
+            };
+        }
+        catch (e) {
+            return { content: [{ type: 'text', text: JSON.stringify({ status: 'error', message: e.message }) }], isError: true };
+        }
+    });
+    // Tool 3: request_secret
+    server.tool('request_secret', 'Request a secret that does not exist yet. Returns a user-friendly message the AI can relay to the user.', {
+        name: zod_1.z.string().describe('The proposed name for the secret (e.g., GITHUB_TOKEN)'),
+        reason: zod_1.z.string().describe('Why the AI needs this secret'),
+        suggested_description: zod_1.z.string().optional().describe('A suggested description for the secret'),
+    }, async ({ name, reason, suggested_description }) => {
+        if (!(0, types_1.isValidSecretName)(name)) {
+            return {
+                content: [{
+                        type: 'text',
+                        text: JSON.stringify({
+                            status: 'error',
+                            message: `Invalid secret name "${name}". Must be uppercase letters, numbers, and underscores only, starting with a letter.`,
+                        }),
+                    }],
+                isError: true,
+            };
+        }
+        const desc = suggested_description || reason;
+        const message = `Please add the secret by running:\n\n  aivault set ${name} --desc "${desc}"\n\nYou will be prompted to enter the value securely. Once added, I can continue with the task.`;
+        return {
+            content: [{
+                    type: 'text',
+                    text: JSON.stringify({ status: 'secret_requested', message, name, reason }, null, 2),
+                }],
+        };
+    });
+    return server;
+}
+//# sourceMappingURL=server.js.map

package/dist/server.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"server.js","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":";;AAgBA,oCAwFC;AAxGD,oEAAoE;AACpE,6BAAwB;AAExB,8CAA+C;AAC/C,yCAAkD;AAElD,SAAS,UAAU,CAAC,KAA6B;IAC/C,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,mGAAmG,CAAC;IAC7G,CAAC;IACD,IAAI,CAAC,KAAK,CAAC,aAAa,EAAE,EAAE,CAAC;QAC3B,OAAO,0EAA0E,CAAC;IACpF,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAgB,YAAY,CAAC,KAA6B;IACxD,MAAM,MAAM,GAAG,IAAI,kBAAS,CAAC;QAC3B,IAAI,EAAE,SAAS;QACf,OAAO,EAAE,OAAO;KACjB,CAAC,CAAC;IAEH,uBAAuB;IACvB,MAAM,CAAC,IAAI,CACT,cAAc,EACd,8HAA8H,EAC9H,EAAE,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,uDAAuD,CAAC,EAAE,EAChG,KAAK,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE;QAChB,MAAM,GAAG,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC;QAC9B,IAAI,GAAG,EAAE,CAAC;YACR,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QAC1H,CAAC;QACD,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,KAAM,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;YACxC,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC;QAC9F,CAAC;QAAC,OAAO,CAAM,EAAE,CAAC;YAChB,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QAChI,CAAC;IACH,CAAC,CACF,CAAC;IAEF,sBAAsB;IACtB,MAAM,CAAC,IAAI,CACT,aAAa,EACb,gLAAgL,EAChL;QACE,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,4EAA4E,CAAC;QAC1G,iBAAiB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,yDAAyD,CAAC;QAC5G,eAAe,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,uDAAuD,CAAC;KACrH,EACD,KAAK,EAAE,EAAE,OAAO,EAAE,iBAAiB,EAAE,eAAe,EAAE,EAAE,EAAE;QACxD,MAAM,GAAG,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC;QAC9B,IAAI,GAAG,EAAE,CAAC;YACR,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QAC1H,CAAC;QACD,IAAI,CAAC;YACH,MAAM,YAAY,GAAG,KAAM,CAAC,kBAAkB,EAAE,CAAC;YACjD,MAAM,MAAM,GAAG,IAAA,mBAAU,EAAC,EAAE,OAAO,EAAE,iBAAiB,EAAE,eAAe,EAAE,EAAE,YAAY,CAAC,CAAC;YACzF,OAAO;gBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;gBAC3E,OAAO,EAAE,MAAM,CAAC,MAAM,KAAK,OAAO;aACnC,CAAC;QACJ,CAAC;QAAC,OAAO,CAAM,EAAE,CAAC;YAChB,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QAChI,CAAC;IACH,CAAC,CACF,CAAC;IAEF,yBAAyB;IACzB,MAAM,CAAC,IAAI,CACT,gBAAgB,EAChB,yGAAyG,EACzG;QACE,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,uDAAuD,CAAC;QAClF,MAAM,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,8BAA8B,CAAC;QAC3D,qBAAqB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,wCAAwC,CAAC;KAChG,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,qBAAqB,EAAE,EAAE,EAAE;QAChD,IAAI,CAAC,IAAA,yBAAiB,EAAC,IAAI,CAAC,EAAE,CAAC;YAC7B,OAAO;gBACL,OAAO,EAAE,CAAC;wBACR,IAAI,EAAE,MAAe;wBACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;4BACnB,MAAM,EAAE,OAAO;4BACf,OAAO,EAAE,wBAAwB,IAAI,sFAAsF;yBAC5H,CAAC;qBACH,CAAC;gBACF,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;QAED,MAAM,IAAI,GAAG,qBAAqB,IAAI,MAAM,CAAC;QAC7C,MAAM,OAAO,GAAG,sDAAsD,IAAI,YAAY,IAAI,kGAAkG,CAAC;QAE7L,OAAO;YACL,OAAO,EAAE,CAAC;oBACR,IAAI,EAAE,MAAe;oBACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,kBAAkB,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;iBACrF,CAAC;SACH,CAAC;IACJ,CAAC,CACF,CAAC;IAEF,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/vault/crypto.d.ts

@@ -0,0 +1,4 @@
+export declare function deriveKey(password: string, salt: Buffer): Buffer;
+export declare function encrypt(data: string, password: string): Buffer;
+export declare function decrypt(payload: Buffer, password: string): string;
+//# sourceMappingURL=crypto.d.ts.map

package/dist/vault/crypto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"crypto.d.ts","sourceRoot":"","sources":["../../src/vault/crypto.ts"],"names":[],"mappings":"AAWA,wBAAgB,SAAS,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,MAAM,CAEhE;AAED,wBAAgB,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,MAAM,CAW9D;AAED,wBAAgB,OAAO,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,MAAM,CAiBjE"}

package/dist/vault/crypto.js

@@ -0,0 +1,44 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.deriveKey = deriveKey;
+exports.encrypt = encrypt;
+exports.decrypt = decrypt;
+const crypto_1 = __importDefault(require("crypto"));
+const ALGORITHM = 'aes-256-gcm';
+const KEY_LENGTH = 32;
+const IV_LENGTH = 12;
+const SALT_LENGTH = 32;
+const AUTH_TAG_LENGTH = 16;
+const PBKDF2_ITERATIONS = 100000;
+const PBKDF2_DIGEST = 'sha512';
+function deriveKey(password, salt) {
+    return crypto_1.default.pbkdf2Sync(password, salt, PBKDF2_ITERATIONS, KEY_LENGTH, PBKDF2_DIGEST);
+}
+function encrypt(data, password) {
+    const salt = crypto_1.default.randomBytes(SALT_LENGTH);
+    const iv = crypto_1.default.randomBytes(IV_LENGTH);
+    const key = deriveKey(password, salt);
+    const cipher = crypto_1.default.createCipheriv(ALGORITHM, key, iv);
+    const encrypted = Buffer.concat([cipher.update(data, 'utf8'), cipher.final()]);
+    const authTag = cipher.getAuthTag();
+    // Format: [32 salt][12 iv][16 auth tag][...encrypted data...]
+    return Buffer.concat([salt, iv, authTag, encrypted]);
+}
+function decrypt(payload, password) {
+    if (payload.length < SALT_LENGTH + IV_LENGTH + AUTH_TAG_LENGTH + 1) {
+        throw new Error('Invalid encrypted payload: too short');
+    }
+    const salt = payload.subarray(0, SALT_LENGTH);
+    const iv = payload.subarray(SALT_LENGTH, SALT_LENGTH + IV_LENGTH);
+    const authTag = payload.subarray(SALT_LENGTH + IV_LENGTH, SALT_LENGTH + IV_LENGTH + AUTH_TAG_LENGTH);
+    const encrypted = payload.subarray(SALT_LENGTH + IV_LENGTH + AUTH_TAG_LENGTH);
+    const key = deriveKey(password, salt);
+    const decipher = crypto_1.default.createDecipheriv(ALGORITHM, key, iv);
+    decipher.setAuthTag(authTag);
+    const decrypted = Buffer.concat([decipher.update(encrypted), decipher.final()]);
+    return decrypted.toString('utf8');
+}
+//# sourceMappingURL=crypto.js.map

package/dist/vault/crypto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"crypto.js","sourceRoot":"","sources":["../../src/vault/crypto.ts"],"names":[],"mappings":";;;;;AAWA,8BAEC;AAED,0BAWC;AAED,0BAiBC;AA7CD,oDAA4B;AAG5B,MAAM,SAAS,GAAG,aAAa,CAAC;AAChC,MAAM,UAAU,GAAG,EAAE,CAAC;AACtB,MAAM,SAAS,GAAG,EAAE,CAAC;AACrB,MAAM,WAAW,GAAG,EAAE,CAAC;AACvB,MAAM,eAAe,GAAG,EAAE,CAAC;AAC3B,MAAM,iBAAiB,GAAG,MAAO,CAAC;AAClC,MAAM,aAAa,GAAG,QAAQ,CAAC;AAE/B,SAAgB,SAAS,CAAC,QAAgB,EAAE,IAAY;IACtD,OAAO,gBAAM,CAAC,UAAU,CAAC,QAAQ,EAAE,IAAI,EAAE,iBAAiB,EAAE,UAAU,EAAE,aAAa,CAAC,CAAC;AACzF,CAAC;AAED,SAAgB,OAAO,CAAC,IAAY,EAAE,QAAgB;IACpD,MAAM,IAAI,GAAG,gBAAM,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;IAC7C,MAAM,EAAE,GAAG,gBAAM,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;IACzC,MAAM,GAAG,GAAG,SAAS,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;IAEtC,MAAM,MAAM,GAAG,gBAAM,CAAC,cAAc,CAAC,SAAS,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;IACzD,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IAC/E,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;IAEpC,8DAA8D;IAC9D,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC,CAAC;AACvD,CAAC;AAED,SAAgB,OAAO,CAAC,OAAe,EAAE,QAAgB;IACvD,IAAI,OAAO,CAAC,MAAM,GAAG,WAAW,GAAG,SAAS,GAAG,eAAe,GAAG,CAAC,EAAE,CAAC;QACnE,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;IAC1D,CAAC;IAED,MAAM,IAAI,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC;IAC9C,MAAM,EAAE,GAAG,OAAO,CAAC,QAAQ,CAAC,WAAW,EAAE,WAAW,GAAG,SAAS,CAAC,CAAC;IAClE,MAAM,OAAO,GAAG,OAAO,CAAC,QAAQ,CAAC,WAAW,GAAG,SAAS,EAAE,WAAW,GAAG,SAAS,GAAG,eAAe,CAAC,CAAC;IACrG,MAAM,SAAS,GAAG,OAAO,CAAC,QAAQ,CAAC,WAAW,GAAG,SAAS,GAAG,eAAe,CAAC,CAAC;IAE9E,MAAM,GAAG,GAAG,SAAS,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;IAEtC,MAAM,QAAQ,GAAG,gBAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;IAC7D,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IAE7B,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IAChF,OAAO,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;AACpC,CAAC"}

package/dist/vault/store.d.ts

@@ -0,0 +1,19 @@
+import { Secret, SecretMetadata } from './types';
+export declare class VaultStore {
+    private password;
+    private vaultDir;
+    private vaultFile;
+    private configFile;
+    constructor(password: string, vaultDir?: string);
+    isInitialized(): boolean;
+    init(): void;
+    private readVault;
+    private writeVault;
+    setSecret(name: string, value: string, description: string, tags?: string[]): void;
+    getSecret(name: string): Secret | undefined;
+    listSecrets(tag?: string): SecretMetadata[];
+    deleteSecret(name: string): boolean;
+    getAllSecrets(): Secret[];
+    getAllSecretValues(): Map<string, string>;
+}
+//# sourceMappingURL=store.d.ts.map

package/dist/vault/store.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"store.d.ts","sourceRoot":"","sources":["../../src/vault/store.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,MAAM,EAAE,cAAc,EAAgC,MAAM,SAAS,CAAC;AAM/E,qBAAa,UAAU;IACrB,OAAO,CAAC,QAAQ,CAAS;IACzB,OAAO,CAAC,QAAQ,CAAS;IACzB,OAAO,CAAC,SAAS,CAAS;IAC1B,OAAO,CAAC,UAAU,CAAS;gBAEf,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM;IAO/C,aAAa,IAAI,OAAO;IAIxB,IAAI,IAAI,IAAI;IAgBZ,OAAO,CAAC,SAAS;IASjB,OAAO,CAAC,UAAU;IAMlB,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,IAAI,GAAE,MAAM,EAAO,GAAG,IAAI;IA+BtF,SAAS,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS;IAK3C,WAAW,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,cAAc,EAAE;IAe3C,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO;IAanC,aAAa,IAAI,MAAM,EAAE;IAKzB,kBAAkB,IAAI,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC;CAQ1C"}