aquaman-proxy 0.6.0 → 0.7.0

package/dist/core/audit/logger.js

@@ -0,0 +1,262 @@
+/**
+ * Hash-chained audit logger with tamper-evident storage
+ *
+ * Provides cryptographic integrity verification for audit logs.
+ * Note: Credential redaction is handled by OpenClaw's built-in redaction.
+ */
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+import { computeChainedHash, generateId } from '../utils/hash.js';
+import { expandPath } from '../utils/config.js';
+const GENESIS_HASH = '0000000000000000000000000000000000000000000000000000000000000000';
+const SENSITIVE_KEY_PATTERNS = [
+    'key', 'token', 'secret', 'password', 'credential',
+    'authorization', 'api_key', 'apikey', 'access_token',
+    'refresh_token', 'client_secret',
+];
+/**
+ * Redact sensitive values from a params/result object.
+ * Shallow redaction only — replaces top-level keys matching sensitive patterns.
+ */
+export function redactSensitiveParams(obj) {
+    const result = {};
+    for (const [key, value] of Object.entries(obj)) {
+        const lower = key.toLowerCase();
+        if (SENSITIVE_KEY_PATTERNS.some(p => lower.includes(p))) {
+            result[key] = '[REDACTED]';
+        }
+        else {
+            result[key] = value;
+        }
+    }
+    return result;
+}
+export class AuditLogger {
+    logDir;
+    currentLogPath;
+    walPath;
+    enabled;
+    walEnabled;
+    lastHash = GENESIS_HASH;
+    entryCount = 0;
+    initialized = false;
+    constructor(options) {
+        this.logDir = expandPath(options.logDir);
+        this.currentLogPath = path.join(this.logDir, 'current.jsonl');
+        this.walPath = path.join(this.logDir, 'current.wal');
+        this.enabled = options.enabled ?? true;
+        this.walEnabled = options.walEnabled ?? true;
+    }
+    async initialize() {
+        if (this.initialized)
+            return;
+        if (!this.enabled) {
+            this.initialized = true;
+            return;
+        }
+        // Ensure directories exist
+        const archiveDir = path.join(this.logDir, 'archive');
+        const integrityDir = path.join(this.logDir, 'integrity');
+        fs.mkdirSync(this.logDir, { recursive: true });
+        fs.mkdirSync(archiveDir, { recursive: true });
+        fs.mkdirSync(integrityDir, { recursive: true });
+        // Recover state from existing log
+        await this.recoverState();
+        // Recover from WAL if present
+        if (this.walEnabled) {
+            await this.recoverFromWal();
+        }
+        this.initialized = true;
+    }
+    async recoverState() {
+        if (!fs.existsSync(this.currentLogPath)) {
+            return;
+        }
+        const content = fs.readFileSync(this.currentLogPath, 'utf-8');
+        const lines = content.trim().split('\n').filter(line => line.length > 0);
+        if (lines.length === 0) {
+            return;
+        }
+        this.entryCount = lines.length;
+        // Get the hash of the last entry
+        const lastLine = lines[lines.length - 1];
+        try {
+            const lastEntry = JSON.parse(lastLine);
+            this.lastHash = lastEntry.hash;
+        }
+        catch {
+            // If we can't parse the last line, start fresh with integrity warning
+            console.error('Warning: Could not parse last audit entry, integrity may be compromised');
+        }
+    }
+    async recoverFromWal() {
+        if (!fs.existsSync(this.walPath)) {
+            return;
+        }
+        const walContent = fs.readFileSync(this.walPath, 'utf-8');
+        const lines = walContent.trim().split('\n').filter(line => line.length > 0);
+        for (const line of lines) {
+            try {
+                const entry = JSON.parse(line);
+                // Write to main log
+                fs.appendFileSync(this.currentLogPath, JSON.stringify(entry) + '\n');
+                this.lastHash = entry.hash;
+                this.entryCount++;
+            }
+            catch {
+                console.error('Warning: Could not recover WAL entry');
+            }
+        }
+        // Clear WAL after recovery
+        fs.writeFileSync(this.walPath, '');
+    }
+    async logToolCall(sessionId, agentId, tool, params) {
+        if (!this.enabled)
+            return null;
+        const toolCall = {
+            id: generateId(),
+            sessionId,
+            agentId,
+            tool,
+            params: redactSensitiveParams(params),
+            timestamp: new Date()
+        };
+        return this.writeEntry('tool_call', sessionId, agentId, toolCall);
+    }
+    async logToolResult(sessionId, agentId, toolCallId, result, error) {
+        if (!this.enabled)
+            return null;
+        const redactedResult = (result && typeof result === 'object' && !Array.isArray(result))
+            ? redactSensitiveParams(result)
+            : result;
+        const toolResult = {
+            id: generateId(),
+            toolCallId,
+            result: redactedResult,
+            error,
+            timestamp: new Date()
+        };
+        return this.writeEntry('tool_result', sessionId, agentId, toolResult);
+    }
+    async logCredentialAccess(sessionId, agentId, access) {
+        if (!this.enabled)
+            return null;
+        return this.writeEntry('credential_access', sessionId, agentId, access);
+    }
+    async writeEntry(type, sessionId, agentId, data) {
+        if (!this.initialized) {
+            await this.initialize();
+        }
+        const entry = {
+            id: generateId(),
+            timestamp: new Date(),
+            type,
+            sessionId,
+            agentId,
+            data,
+            previousHash: this.lastHash,
+            hash: '' // Will be computed below
+        };
+        // Compute hash including previous hash for chain integrity
+        const entryData = JSON.stringify({
+            ...entry,
+            hash: undefined
+        });
+        entry.hash = computeChainedHash(entryData, this.lastHash);
+        const line = JSON.stringify(entry) + '\n';
+        // Write to WAL first (for crash recovery)
+        if (this.walEnabled) {
+            fs.appendFileSync(this.walPath, line);
+        }
+        // Write to main log
+        fs.appendFileSync(this.currentLogPath, line);
+        // Clear WAL entry after successful write
+        if (this.walEnabled) {
+            fs.writeFileSync(this.walPath, '');
+        }
+        this.lastHash = entry.hash;
+        this.entryCount++;
+        return entry;
+    }
+    async verifyIntegrity() {
+        const errors = [];
+        if (!fs.existsSync(this.currentLogPath)) {
+            return { valid: true, errors: [] };
+        }
+        const content = fs.readFileSync(this.currentLogPath, 'utf-8');
+        const lines = content.trim().split('\n').filter(line => line.length > 0);
+        let previousHash = GENESIS_HASH;
+        for (let i = 0; i < lines.length; i++) {
+            try {
+                const entry = JSON.parse(lines[i]);
+                // Verify previous hash reference
+                if (entry.previousHash !== previousHash) {
+                    errors.push(`Entry ${i}: previousHash mismatch (expected ${previousHash}, got ${entry.previousHash})`);
+                }
+                // Verify entry hash
+                const entryData = JSON.stringify({
+                    ...entry,
+                    hash: undefined
+                });
+                const expectedHash = computeChainedHash(entryData, entry.previousHash);
+                if (entry.hash !== expectedHash) {
+                    errors.push(`Entry ${i}: hash mismatch (expected ${expectedHash}, got ${entry.hash})`);
+                }
+                previousHash = entry.hash;
+            }
+            catch (parseError) {
+                errors.push(`Entry ${i}: failed to parse JSON`);
+            }
+        }
+        return {
+            valid: errors.length === 0,
+            errors
+        };
+    }
+    async getEntries(options) {
+        if (!fs.existsSync(this.currentLogPath)) {
+            return [];
+        }
+        const content = fs.readFileSync(this.currentLogPath, 'utf-8');
+        const lines = content.trim().split('\n').filter(line => line.length > 0);
+        let entries = lines.map(line => JSON.parse(line));
+        // Apply filters
+        if (options?.type) {
+            entries = entries.filter(e => e.type === options.type);
+        }
+        if (options?.sessionId) {
+            entries = entries.filter(e => e.sessionId === options.sessionId);
+        }
+        // Apply pagination
+        const offset = options?.offset ?? 0;
+        const limit = options?.limit ?? entries.length;
+        return entries.slice(offset, offset + limit);
+    }
+    async tail(count = 10) {
+        const entries = await this.getEntries();
+        return entries.slice(-count);
+    }
+    getStats() {
+        return {
+            entryCount: this.entryCount,
+            lastHash: this.lastHash
+        };
+    }
+    async rotateLog() {
+        if (!fs.existsSync(this.currentLogPath)) {
+            throw new Error('No log file to rotate');
+        }
+        const archiveDir = path.join(this.logDir, 'archive');
+        const timestamp = new Date().toISOString().replace(/[:.]/g, '-');
+        const archivePath = path.join(archiveDir, `audit-${timestamp}.jsonl`);
+        fs.renameSync(this.currentLogPath, archivePath);
+        // Reset state for new log
+        this.lastHash = GENESIS_HASH;
+        this.entryCount = 0;
+        return archivePath;
+    }
+}
+export function createAuditLogger(options) {
+    return new AuditLogger(options);
+}
+//# sourceMappingURL=logger.js.map

package/dist/core/audit/logger.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"logger.js","sourceRoot":"","sources":["../../../src/core/audit/logger.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,EAAE,kBAAkB,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAClE,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAQhD,MAAM,YAAY,GAAG,kEAAkE,CAAC;AAExF,MAAM,sBAAsB,GAAG;IAC7B,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,YAAY;IAClD,eAAe,EAAE,SAAS,EAAE,QAAQ,EAAE,cAAc;IACpD,eAAe,EAAE,eAAe;CACjC,CAAC;AAEF;;;GAGG;AACH,MAAM,UAAU,qBAAqB,CAAC,GAA4B;IAChE,MAAM,MAAM,GAA4B,EAAE,CAAC;IAC3C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAC/C,MAAM,KAAK,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;QAChC,IAAI,sBAAsB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACxD,MAAM,CAAC,GAAG,CAAC,GAAG,YAAY,CAAC;QAC7B,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;QACtB,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAQD,MAAM,OAAO,WAAW;IACd,MAAM,CAAS;IACf,cAAc,CAAS;IACvB,OAAO,CAAS;IAChB,OAAO,CAAU;IACjB,UAAU,CAAU;IACpB,QAAQ,GAAW,YAAY,CAAC;IAChC,UAAU,GAAW,CAAC,CAAC;IACvB,WAAW,GAAY,KAAK,CAAC;IAErC,YAAY,OAA2B;QACrC,IAAI,CAAC,MAAM,GAAG,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACzC,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;QAC9D,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;QACrD,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,IAAI,CAAC;QACvC,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,IAAI,CAAC;IAC/C,CAAC;IAED,KAAK,CAAC,UAAU;QACd,IAAI,IAAI,CAAC,WAAW;YAAE,OAAO;QAE7B,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YAClB,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;YACxB,OAAO;QACT,CAAC;QAED,2BAA2B;QAC3B,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;QACrD,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;QAEzD,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC/C,EAAE,CAAC,SAAS,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC9C,EAAE,CAAC,SAAS,CAAC,YAAY,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAEhD,kCAAkC;QAClC,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;QAE1B,8BAA8B;QAC9B,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACpB,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAC9B,CAAC;QAED,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;IAC1B,CAAC;IAEO,KAAK,CAAC,YAAY;QACxB,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,cAAc,CAAC,EAAE,CAAC;YACxC,OAAO;QACT,CAAC;QAED,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC;QAC9D,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QAEzE,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO;QACT,CAAC;QAED,IAAI,CAAC,UAAU,GAAG,KAAK,CAAC,MAAM,CAAC;QAE/B,iCAAiC;QACjC,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QACzC,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAe,CAAC;YACrD,IAAI,CAAC,QAAQ,GAAG,SAAS,CAAC,IAAI,CAAC;QACjC,CAAC;QAAC,MAAM,CAAC;YACP,sEAAsE;YACtE,OAAO,CAAC,KAAK,CAAC,yEAAyE,CAAC,CAAC;QAC3F,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,cAAc;QAC1B,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YACjC,OAAO;QACT,CAAC;QAED,MAAM,UAAU,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAC1D,MAAM,KAAK,GAAG,UAAU,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QAE5E,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,CAAC;gBACH,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAe,CAAC;gBAC7C,oBAAoB;gBACpB,EAAE,CAAC,cAAc,CAAC,IAAI,CAAC,cAAc,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,CAAC;gBACrE,IAAI,CAAC,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC;gBAC3B,IAAI,CAAC,UAAU,EAAE,CAAC;YACpB,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,CAAC,KAAK,CAAC,sCAAsC,CAAC,CAAC;YACxD,CAAC;QACH,CAAC;QAED,2BAA2B;QAC3B,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;IACrC,CAAC;IAED,KAAK,CAAC,WAAW,CACf,SAAiB,EACjB,OAAe,EACf,IAAY,EACZ,MAA+B;QAE/B,IAAI,CAAC,IAAI,CAAC,OAAO;YAAE,OAAO,IAAI,CAAC;QAE/B,MAAM,QAAQ,GAAa;YACzB,EAAE,EAAE,UAAU,EAAE;YAChB,SAAS;YACT,OAAO;YACP,IAAI;YACJ,MAAM,EAAE,qBAAqB,CAAC,MAAM,CAAC;YACrC,SAAS,EAAE,IAAI,IAAI,EAAE;SACtB,CAAC;QAEF,OAAO,IAAI,CAAC,UAAU,CAAC,WAAW,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;IACpE,CAAC;IAED,KAAK,CAAC,aAAa,CACjB,SAAiB,EACjB,OAAe,EACf,UAAkB,EAClB,MAAe,EACf,KAAc;QAEd,IAAI,CAAC,IAAI,CAAC,OAAO;YAAE,OAAO,IAAI,CAAC;QAE/B,MAAM,cAAc,GAAG,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;YACrF,CAAC,CAAC,qBAAqB,CAAC,MAAiC,CAAC;YAC1D,CAAC,CAAC,MAAM,CAAC;QAEX,MAAM,UAAU,GAAe;YAC7B,EAAE,EAAE,UAAU,EAAE;YAChB,UAAU;YACV,MAAM,EAAE,cAAc;YACtB,KAAK;YACL,SAAS,EAAE,IAAI,IAAI,EAAE;SACtB,CAAC;QAEF,OAAO,IAAI,CAAC,UAAU,CAAC,aAAa,EAAE,SAAS,EAAE,OAAO,EAAE,UAAU,CAAC,CAAC;IACxE,CAAC;IAED,KAAK,CAAC,mBAAmB,CACvB,SAAiB,EACjB,OAAe,EACf,MAAwB;QAExB,IAAI,CAAC,IAAI,CAAC,OAAO;YAAE,OAAO,IAAI,CAAC;QAC/B,OAAO,IAAI,CAAC,UAAU,CAAC,mBAAmB,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IAC1E,CAAC;IAEO,KAAK,CAAC,UAAU,CACtB,IAAwB,EACxB,SAAiB,EACjB,OAAe,EACf,IAAwB;QAExB,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;QAC1B,CAAC;QAED,MAAM,KAAK,GAAe;YACxB,EAAE,EAAE,UAAU,EAAE;YAChB,SAAS,EAAE,IAAI,IAAI,EAAE;YACrB,IAAI;YACJ,SAAS;YACT,OAAO;YACP,IAAI;YACJ,YAAY,EAAE,IAAI,CAAC,QAAQ;YAC3B,IAAI,EAAE,EAAE,CAAC,yBAAyB;SACnC,CAAC;QAEF,2DAA2D;QAC3D,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC;YAC/B,GAAG,KAAK;YACR,IAAI,EAAE,SAAS;SAChB,CAAC,CAAC;QACH,KAAK,CAAC,IAAI,GAAG,kBAAkB,CAAC,SAAS,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;QAE1D,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC;QAE1C,0CAA0C;QAC1C,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACpB,EAAE,CAAC,cAAc,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;QACxC,CAAC;QAED,oBAAoB;QACpB,EAAE,CAAC,cAAc,CAAC,IAAI,CAAC,cAAc,EAAE,IAAI,CAAC,CAAC;QAE7C,yCAAyC;QACzC,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACpB,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;QACrC,CAAC;QAED,IAAI,CAAC,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC;QAC3B,IAAI,CAAC,UAAU,EAAE,CAAC;QAElB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,KAAK,CAAC,eAAe;QACnB,MAAM,MAAM,GAAa,EAAE,CAAC;QAE5B,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,cAAc,CAAC,EAAE,CAAC;YACxC,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC;QACrC,CAAC;QAED,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC;QAC9D,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QAEzE,IAAI,YAAY,GAAG,YAAY,CAAC;QAEhC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,IAAI,CAAC;gBACH,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAe,CAAC;gBAEjD,iCAAiC;gBACjC,IAAI,KAAK,CAAC,YAAY,KAAK,YAAY,EAAE,CAAC;oBACxC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,qCAAqC,YAAY,SAAS,KAAK,CAAC,YAAY,GAAG,CAAC,CAAC;gBACzG,CAAC;gBAED,oBAAoB;gBACpB,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC;oBAC/B,GAAG,KAAK;oBACR,IAAI,EAAE,SAAS;iBAChB,CAAC,CAAC;gBACH,MAAM,YAAY,GAAG,kBAAkB,CAAC,SAAS,EAAE,KAAK,CAAC,YAAY,CAAC,CAAC;gBAEvE,IAAI,KAAK,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;oBAChC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,6BAA6B,YAAY,SAAS,KAAK,CAAC,IAAI,GAAG,CAAC,CAAC;gBACzF,CAAC;gBAED,YAAY,GAAG,KAAK,CAAC,IAAI,CAAC;YAC5B,CAAC;YAAC,OAAO,UAAU,EAAE,CAAC;gBACpB,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,wBAAwB,CAAC,CAAC;YAClD,CAAC;QACH,CAAC;QAED,OAAO;YACL,KAAK,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC;YAC1B,MAAM;SACP,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,OAKhB;QACC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,cAAc,CAAC,EAAE,CAAC;YACxC,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC;QAC9D,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QAEzE,IAAI,OAAO,GAAiB,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAe,CAAC,CAAC;QAE9E,gBAAgB;QAChB,IAAI,OAAO,EAAE,IAAI,EAAE,CAAC;YAClB,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;QACzD,CAAC;QACD,IAAI,OAAO,EAAE,SAAS,EAAE,CAAC;YACvB,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,OAAO,CAAC,SAAS,CAAC,CAAC;QACnE,CAAC;QAED,mBAAmB;QACnB,MAAM,MAAM,GAAG,OAAO,EAAE,MAAM,IAAI,CAAC,CAAC;QACpC,MAAM,KAAK,GAAG,OAAO,EAAE,KAAK,IAAI,OAAO,CAAC,MAAM,CAAC;QAE/C,OAAO,OAAO,CAAC,KAAK,CAAC,MAAM,EAAE,MAAM,GAAG,KAAK,CAAC,CAAC;IAC/C,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,QAAgB,EAAE;QAC3B,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;QACxC,OAAO,OAAO,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC;IAC/B,CAAC;IAED,QAAQ;QACN,OAAO;YACL,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,QAAQ,EAAE,IAAI,CAAC,QAAQ;SACxB,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,SAAS;QACb,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,cAAc,CAAC,EAAE,CAAC;YACxC,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;QAC3C,CAAC;QAED,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;QACrD,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;QACjE,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,SAAS,SAAS,QAAQ,CAAC,CAAC;QAEtE,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,cAAc,EAAE,WAAW,CAAC,CAAC;QAEhD,0BAA0B;QAC1B,IAAI,CAAC,QAAQ,GAAG,YAAY,CAAC;QAC7B,IAAI,CAAC,UAAU,GAAG,CAAC,CAAC;QAEpB,OAAO,WAAW,CAAC;IACrB,CAAC;CACF;AAED,MAAM,UAAU,iBAAiB,CAAC,OAA2B;IAC3D,OAAO,IAAI,WAAW,CAAC,OAAO,CAAC,CAAC;AAClC,CAAC"}

package/dist/core/credentials/backends/keepassxc.d.ts

@@ -0,0 +1,45 @@
+/**
+ * KeePassXC credential backend using kdbxweb
+ *
+ * Stores credentials in a KDBX database file, compatible with KeePassXC,
+ * KeePass, and other KDBX-compatible password managers.
+ */
+import type { CredentialStore } from '../store.js';
+export interface KeePassXCStoreOptions {
+    dbPath: string;
+    password?: string;
+    keyFilePath?: string;
+    group?: string;
+}
+export declare class KeePassXCStore implements CredentialStore {
+    private db;
+    private kdbxweb;
+    private dbPath;
+    private password?;
+    private keyFilePath?;
+    private groupName;
+    private watcher?;
+    constructor(options: KeePassXCStoreOptions);
+    private getKdbxweb;
+    private openDb;
+    private saveDb;
+    private startWatching;
+    private findGroup;
+    private findOrCreateGroup;
+    private getEntryTitle;
+    private findEntry;
+    get(service: string, key: string): Promise<string | null>;
+    set(service: string, key: string, value: string, _metadata?: Record<string, string>): Promise<void>;
+    delete(service: string, key: string): Promise<boolean>;
+    list(service?: string): Promise<Array<{
+        service: string;
+        key: string;
+    }>>;
+    exists(service: string, key: string): Promise<boolean>;
+    /**
+     * Close the database and stop watching for changes.
+     */
+    close(): void;
+}
+export declare function createKeePassXCStore(options: KeePassXCStoreOptions): KeePassXCStore;
+//# sourceMappingURL=keepassxc.d.ts.map

package/dist/core/credentials/backends/keepassxc.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"keepassxc.d.ts","sourceRoot":"","sources":["../../../../src/core/credentials/backends/keepassxc.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEnD,MAAM,WAAW,qBAAqB;IACpC,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,qBAAa,cAAe,YAAW,eAAe;IACpD,OAAO,CAAC,EAAE,CAAa;IACvB,OAAO,CAAC,OAAO,CAAa;IAC5B,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,QAAQ,CAAC,CAAS;IAC1B,OAAO,CAAC,WAAW,CAAC,CAAS;IAC7B,OAAO,CAAC,SAAS,CAAS;IAC1B,OAAO,CAAC,OAAO,CAAC,CAAe;gBAEnB,OAAO,EAAE,qBAAqB;YAa5B,UAAU;YA2CV,MAAM;YA4CN,MAAM;IAWpB,OAAO,CAAC,aAAa;IAYrB,OAAO,CAAC,SAAS;IAQjB,OAAO,CAAC,iBAAiB;IAQzB,OAAO,CAAC,aAAa;IAIrB,OAAO,CAAC,SAAS;IASX,GAAG,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAezD,GAAG,CACP,OAAO,EAAE,MAAM,EACf,GAAG,EAAE,MAAM,EACX,KAAK,EAAE,MAAM,EACb,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GACjC,OAAO,CAAC,IAAI,CAAC;IAqBV,MAAM,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAatD,IAAI,CAAC,OAAO,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAwBxE,MAAM,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAK5D;;OAEG;IACH,KAAK,IAAI,IAAI;CAOd;AAED,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,qBAAqB,GAAG,cAAc,CAEnF"}

package/dist/core/credentials/backends/keepassxc.js

@@ -0,0 +1,229 @@
+/**
+ * KeePassXC credential backend using kdbxweb
+ *
+ * Stores credentials in a KDBX database file, compatible with KeePassXC,
+ * KeePass, and other KDBX-compatible password managers.
+ */
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+export class KeePassXCStore {
+    db = null;
+    kdbxweb = null;
+    dbPath;
+    password;
+    keyFilePath;
+    groupName;
+    watcher;
+    constructor(options) {
+        this.dbPath = options.dbPath;
+        this.password = options.password;
+        this.keyFilePath = options.keyFilePath;
+        this.groupName = options.group || 'aquaman';
+        if (!this.password && !this.keyFilePath) {
+            throw new Error('KeePassXC backend requires a master password (AQUAMAN_KEEPASS_PASSWORD) or key file (keepassxcKeyFilePath)');
+        }
+    }
+    async getKdbxweb() {
+        if (!this.kdbxweb) {
+            try {
+                const mod = await import('kdbxweb');
+                this.kdbxweb = mod.default || mod;
+            }
+            catch {
+                throw new Error('kdbxweb not available - install with: npm install kdbxweb argon2');
+            }
+            // Wire up argon2 for KDBX 4 support
+            try {
+                const argon2Mod = await import('argon2');
+                const argon2 = argon2Mod.default || argon2Mod;
+                this.kdbxweb.CryptoEngine.setArgon2Impl(async (password, salt, memory, iterations, length, parallelism, type, version) => {
+                    const result = await argon2.hash(Buffer.from(password), {
+                        salt: Buffer.from(salt),
+                        hashLength: length,
+                        timeCost: iterations,
+                        memoryCost: memory,
+                        parallelism,
+                        type,
+                        version,
+                        raw: true
+                    });
+                    const buf = result;
+                    return new Uint8Array(buf).buffer;
+                });
+            }
+            catch {
+                // argon2 not available — KDBX 3 files will still work
+            }
+        }
+        return this.kdbxweb;
+    }
+    async openDb() {
+        if (this.db)
+            return this.db;
+        const kdbxweb = await this.getKdbxweb();
+        // Build credentials
+        const passwordValue = this.password
+            ? kdbxweb.ProtectedValue.fromString(this.password)
+            : null;
+        let keyFileData = null;
+        if (this.keyFilePath) {
+            const buf = fs.readFileSync(this.keyFilePath);
+            keyFileData = new Uint8Array(buf).buffer;
+        }
+        const credentials = new kdbxweb.Credentials(passwordValue, keyFileData);
+        if (!fs.existsSync(this.dbPath)) {
+            // Auto-create a new database
+            this.db = kdbxweb.Kdbx.create(credentials, 'aquaman');
+            // Ensure our group exists in the new db
+            this.db.createGroup(this.db.getDefaultGroup(), this.groupName);
+            // Use KDBX 3 format for saving (kdbxweb KDBX 4 write bug #49)
+            this.db.setVersion(3);
+            await this.saveDb();
+            this.startWatching();
+            return this.db;
+        }
+        // Open existing database
+        const fileBuf = fs.readFileSync(this.dbPath);
+        const arrayBuffer = new Uint8Array(fileBuf).buffer;
+        try {
+            this.db = await kdbxweb.Kdbx.load(arrayBuffer, credentials);
+        }
+        catch {
+            throw new Error('Failed to open KeePassXC database - wrong password or key file?');
+        }
+        this.startWatching();
+        return this.db;
+    }
+    async saveDb() {
+        if (!this.db)
+            return;
+        const arrayBuffer = await this.db.save();
+        const dir = path.dirname(this.dbPath);
+        if (!fs.existsSync(dir)) {
+            fs.mkdirSync(dir, { recursive: true });
+        }
+        fs.writeFileSync(this.dbPath, Buffer.from(arrayBuffer), { mode: 0o600 });
+    }
+    startWatching() {
+        if (this.watcher)
+            return;
+        try {
+            this.watcher = fs.watch(this.dbPath, () => {
+                // External modification — invalidate cache so next access reloads
+                this.db = null;
+            });
+        }
+        catch {
+            // Watch not supported on this filesystem — acceptable fallback
+        }
+    }
+    findGroup(db) {
+        const defaultGroup = db.getDefaultGroup();
+        for (const g of defaultGroup.allGroups()) {
+            if (g.name === this.groupName)
+                return g;
+        }
+        return null;
+    }
+    findOrCreateGroup(db) {
+        let group = this.findGroup(db);
+        if (!group) {
+            group = db.createGroup(db.getDefaultGroup(), this.groupName);
+        }
+        return group;
+    }
+    getEntryTitle(service, key) {
+        return `${service}/${key}`;
+    }
+    findEntry(group, service, key) {
+        const title = this.getEntryTitle(service, key);
+        for (const entry of group.entries) {
+            const entryTitle = entry.fields.get('Title');
+            if (entryTitle === title)
+                return entry;
+        }
+        return null;
+    }
+    async get(service, key) {
+        const db = await this.openDb();
+        const group = this.findGroup(db);
+        if (!group)
+            return null;
+        const entry = this.findEntry(group, service, key);
+        if (!entry)
+            return null;
+        const password = entry.fields.get('Password');
+        if (!password)
+            return null;
+        // ProtectedValue has .getText() for plaintext
+        return typeof password === 'string' ? password : password.getText();
+    }
+    async set(service, key, value, _metadata) {
+        const kdbxweb = await this.getKdbxweb();
+        const db = await this.openDb();
+        const group = this.findOrCreateGroup(db);
+        let entry = this.findEntry(group, service, key);
+        if (!entry) {
+            entry = db.createEntry(group);
+            entry.fields.set('Title', this.getEntryTitle(service, key));
+            entry.fields.set('UserName', `${service}/${key}`);
+        }
+        entry.fields.set('Password', kdbxweb.ProtectedValue.fromString(value));
+        // Use KDBX 3 format for saving (kdbxweb KDBX 4 write bug #49)
+        if (typeof db.setVersion === 'function') {
+            db.setVersion(3);
+        }
+        await this.saveDb();
+    }
+    async delete(service, key) {
+        const db = await this.openDb();
+        const group = this.findGroup(db);
+        if (!group)
+            return false;
+        const entry = this.findEntry(group, service, key);
+        if (!entry)
+            return false;
+        db.remove(entry);
+        await this.saveDb();
+        return true;
+    }
+    async list(service) {
+        const db = await this.openDb();
+        const group = this.findGroup(db);
+        if (!group)
+            return [];
+        const results = [];
+        for (const entry of group.entries) {
+            const title = entry.fields.get('Title');
+            if (typeof title !== 'string')
+                continue;
+            const slashIdx = title.indexOf('/');
+            if (slashIdx === -1)
+                continue;
+            const svc = title.substring(0, slashIdx);
+            const k = title.substring(slashIdx + 1);
+            if (!service || svc === service) {
+                results.push({ service: svc, key: k });
+            }
+        }
+        return results;
+    }
+    async exists(service, key) {
+        const value = await this.get(service, key);
+        return value !== null;
+    }
+    /**
+     * Close the database and stop watching for changes.
+     */
+    close() {
+        if (this.watcher) {
+            this.watcher.close();
+            this.watcher = undefined;
+        }
+        this.db = null;
+    }
+}
+export function createKeePassXCStore(options) {
+    return new KeePassXCStore(options);
+}
+//# sourceMappingURL=keepassxc.js.map

package/dist/core/credentials/backends/keepassxc.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"keepassxc.js","sourceRoot":"","sources":["../../../../src/core/credentials/backends/keepassxc.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAUlC,MAAM,OAAO,cAAc;IACjB,EAAE,GAAQ,IAAI,CAAC;IACf,OAAO,GAAQ,IAAI,CAAC;IACpB,MAAM,CAAS;IACf,QAAQ,CAAU;IAClB,WAAW,CAAU;IACrB,SAAS,CAAS;IAClB,OAAO,CAAgB;IAE/B,YAAY,OAA8B;QACxC,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;QACjC,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC;QACvC,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,KAAK,IAAI,SAAS,CAAC;QAE5C,IAAI,CAAC,IAAI,CAAC,QAAQ,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACxC,MAAM,IAAI,KAAK,CACb,4GAA4G,CAC7G,CAAC;QACJ,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,UAAU;QACtB,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YAClB,IAAI,CAAC;gBACH,MAAM,GAAG,GAAQ,MAAM,MAAM,CAAC,SAAS,CAAC,CAAC;gBACzC,IAAI,CAAC,OAAO,GAAG,GAAG,CAAC,OAAO,IAAI,GAAG,CAAC;YACpC,CAAC;YAAC,MAAM,CAAC;gBACP,MAAM,IAAI,KAAK,CAAC,kEAAkE,CAAC,CAAC;YACtF,CAAC;YAED,oCAAoC;YACpC,IAAI,CAAC;gBACH,MAAM,SAAS,GAAQ,MAAM,MAAM,CAAC,QAAQ,CAAC,CAAC;gBAC9C,MAAM,MAAM,GAAG,SAAS,CAAC,OAAO,IAAI,SAAS,CAAC;gBAC9C,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,aAAa,CAAC,KAAK,EAC3C,QAAqB,EACrB,IAAiB,EACjB,MAAc,EACd,UAAkB,EAClB,MAAc,EACd,WAAmB,EACnB,IAAY,EACZ,OAAe,EACO,EAAE;oBACxB,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE;wBACtD,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC;wBACvB,UAAU,EAAE,MAAM;wBAClB,QAAQ,EAAE,UAAU;wBACpB,UAAU,EAAE,MAAM;wBAClB,WAAW;wBACX,IAAI;wBACJ,OAAO;wBACP,GAAG,EAAE,IAAI;qBACV,CAAC,CAAC;oBACH,MAAM,GAAG,GAAG,MAAgB,CAAC;oBAC7B,OAAO,IAAI,UAAU,CAAC,GAAG,CAAC,CAAC,MAAqB,CAAC;gBACnD,CAAC,CAAC,CAAC;YACL,CAAC;YAAC,MAAM,CAAC;gBACP,sDAAsD;YACxD,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAEO,KAAK,CAAC,MAAM;QAClB,IAAI,IAAI,CAAC,EAAE;YAAE,OAAO,IAAI,CAAC,EAAE,CAAC;QAE5B,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;QAExC,oBAAoB;QACpB,MAAM,aAAa,GAAG,IAAI,CAAC,QAAQ;YACjC,CAAC,CAAC,OAAO,CAAC,cAAc,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC;YAClD,CAAC,CAAC,IAAI,CAAC;QAET,IAAI,WAAW,GAAuB,IAAI,CAAC;QAC3C,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACrB,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YAC9C,WAAW,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,CAAC,MAAqB,CAAC;QAC1D,CAAC;QAED,MAAM,WAAW,GAAG,IAAI,OAAO,CAAC,WAAW,CAAC,aAAa,EAAE,WAAW,CAAC,CAAC;QAExE,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;YAChC,6BAA6B;YAC7B,IAAI,CAAC,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC;YACtD,wCAAwC;YACxC,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC,eAAe,EAAE,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;YAC/D,8DAA8D;YAC9D,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;YACtB,MAAM,IAAI,CAAC,MAAM,EAAE,CAAC;YACpB,IAAI,CAAC,aAAa,EAAE,CAAC;YACrB,OAAO,IAAI,CAAC,EAAE,CAAC;QACjB,CAAC;QAED,yBAAyB;QACzB,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC7C,MAAM,WAAW,GAAG,IAAI,UAAU,CAAC,OAAO,CAAC,CAAC,MAAqB,CAAC;QAElE,IAAI,CAAC;YACH,IAAI,CAAC,EAAE,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC;QAC9D,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,KAAK,CAAC,iEAAiE,CAAC,CAAC;QACrF,CAAC;QAED,IAAI,CAAC,aAAa,EAAE,CAAC;QACrB,OAAO,IAAI,CAAC,EAAE,CAAC;IACjB,CAAC;IAEO,KAAK,CAAC,MAAM;QAClB,IAAI,CAAC,IAAI,CAAC,EAAE;YAAE,OAAO;QAErB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC;QACzC,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACtC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YACxB,EAAE,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACzC,CAAC;QACD,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAC3E,CAAC;IAEO,aAAa;QACnB,IAAI,IAAI,CAAC,OAAO;YAAE,OAAO;QACzB,IAAI,CAAC;YACH,IAAI,CAAC,OAAO,GAAG,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE;gBACxC,kEAAkE;gBAClE,IAAI,CAAC,EAAE,GAAG,IAAI,CAAC;YACjB,CAAC,CAAC,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;YACP,+DAA+D;QACjE,CAAC;IACH,CAAC;IAEO,SAAS,CAAC,EAAO;QACvB,MAAM,YAAY,GAAG,EAAE,CAAC,eAAe,EAAE,CAAC;QAC1C,KAAK,MAAM,CAAC,IAAI,YAAY,CAAC,SAAS,EAAE,EAAE,CAAC;YACzC,IAAI,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,SAAS;gBAAE,OAAO,CAAC,CAAC;QAC1C,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,iBAAiB,CAAC,EAAO;QAC/B,IAAI,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;QAC/B,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,KAAK,GAAG,EAAE,CAAC,WAAW,CAAC,EAAE,CAAC,eAAe,EAAE,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;QAC/D,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAEO,aAAa,CAAC,OAAe,EAAE,GAAW;QAChD,OAAO,GAAG,OAAO,IAAI,GAAG,EAAE,CAAC;IAC7B,CAAC;IAEO,SAAS,CAAC,KAAU,EAAE,OAAe,EAAE,GAAW;QACxD,MAAM,KAAK,GAAG,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;QAC/C,KAAK,MAAM,KAAK,IAAI,KAAK,CAAC,OAAO,EAAE,CAAC;YAClC,MAAM,UAAU,GAAG,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YAC7C,IAAI,UAAU,KAAK,KAAK;gBAAE,OAAO,KAAK,CAAC;QACzC,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,OAAe,EAAE,GAAW;QACpC,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,MAAM,EAAE,CAAC;QAC/B,MAAM,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;QACjC,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAC;QAExB,MAAM,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,OAAO,EAAE,GAAG,CAAC,CAAC;QAClD,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAC;QAExB,MAAM,QAAQ,GAAG,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAC9C,IAAI,CAAC,QAAQ;YAAE,OAAO,IAAI,CAAC;QAE3B,8CAA8C;QAC9C,OAAO,OAAO,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;IACtE,CAAC;IAED,KAAK,CAAC,GAAG,CACP,OAAe,EACf,GAAW,EACX,KAAa,EACb,SAAkC;QAElC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;QACxC,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,MAAM,EAAE,CAAC;QAC/B,MAAM,KAAK,GAAG,IAAI,CAAC,iBAAiB,CAAC,EAAE,CAAC,CAAC;QAEzC,IAAI,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,OAAO,EAAE,GAAG,CAAC,CAAC;QAChD,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,KAAK,GAAG,EAAE,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;YAC9B,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC,CAAC;YAC5D,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,UAAU,EAAE,GAAG,OAAO,IAAI,GAAG,EAAE,CAAC,CAAC;QACpD,CAAC;QAED,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,UAAU,EAAE,OAAO,CAAC,cAAc,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC;QAEvE,8DAA8D;QAC9D,IAAI,OAAO,EAAE,CAAC,UAAU,KAAK,UAAU,EAAE,CAAC;YACxC,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;QACnB,CAAC;QACD,MAAM,IAAI,CAAC,MAAM,EAAE,CAAC;IACtB,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,OAAe,EAAE,GAAW;QACvC,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,MAAM,EAAE,CAAC;QAC/B,MAAM,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;QACjC,IAAI,CAAC,KAAK;YAAE,OAAO,KAAK,CAAC;QAEzB,MAAM,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,OAAO,EAAE,GAAG,CAAC,CAAC;QAClD,IAAI,CAAC,KAAK;YAAE,OAAO,KAAK,CAAC;QAEzB,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACjB,MAAM,IAAI,CAAC,MAAM,EAAE,CAAC;QACpB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,OAAgB;QACzB,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,MAAM,EAAE,CAAC;QAC/B,MAAM,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;QACjC,IAAI,CAAC,KAAK;YAAE,OAAO,EAAE,CAAC;QAEtB,MAAM,OAAO,GAA4C,EAAE,CAAC;QAC5D,KAAK,MAAM,KAAK,IAAI,KAAK,CAAC,OAAO,EAAE,CAAC;YAClC,MAAM,KAAK,GAAG,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YACxC,IAAI,OAAO,KAAK,KAAK,QAAQ;gBAAE,SAAS;YAExC,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACpC,IAAI,QAAQ,KAAK,CAAC,CAAC;gBAAE,SAAS;YAE9B,MAAM,GAAG,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;YACzC,MAAM,CAAC,GAAG,KAAK,CAAC,SAAS,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC;YAExC,IAAI,CAAC,OAAO,IAAI,GAAG,KAAK,OAAO,EAAE,CAAC;gBAChC,OAAO,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;YACzC,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,OAAe,EAAE,GAAW;QACvC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;QAC3C,OAAO,KAAK,KAAK,IAAI,CAAC;IACxB,CAAC;IAED;;OAEG;IACH,KAAK;QACH,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjB,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;YACrB,IAAI,CAAC,OAAO,GAAG,SAAS,CAAC;QAC3B,CAAC;QACD,IAAI,CAAC,EAAE,GAAG,IAAI,CAAC;IACjB,CAAC;CACF;AAED,MAAM,UAAU,oBAAoB,CAAC,OAA8B;IACjE,OAAO,IAAI,cAAc,CAAC,OAAO,CAAC,CAAC;AACrC,CAAC"}

package/dist/core/credentials/backends/onepassword.d.ts

@@ -0,0 +1,38 @@
+/**
+ * 1Password credential backend using the `op` CLI
+ * Requires: 1Password CLI installed and signed in
+ */
+import type { CredentialStore } from '../store.js';
+export interface OnePasswordStoreOptions {
+    vault?: string;
+    account?: string;
+}
+export declare class OnePasswordStore implements CredentialStore {
+    private vault;
+    private account?;
+    private opPath;
+    constructor(options?: OnePasswordStoreOptions);
+    private validateOpCli;
+    private runOp;
+    private getItemName;
+    private parseItemName;
+    private ensureVaultExists;
+    get(service: string, key: string): Promise<string | null>;
+    set(service: string, key: string, value: string, metadata?: Record<string, string>): Promise<void>;
+    delete(service: string, key: string): Promise<boolean>;
+    list(service?: string): Promise<Array<{
+        service: string;
+        key: string;
+    }>>;
+    exists(service: string, key: string): Promise<boolean>;
+    /**
+     * Get the vault name being used
+     */
+    getVault(): string;
+    /**
+     * Check if 1Password CLI is available and signed in
+     */
+    static isAvailable(): boolean;
+}
+export declare function createOnePasswordStore(options?: OnePasswordStoreOptions): OnePasswordStore;
+//# sourceMappingURL=onepassword.d.ts.map

package/dist/core/credentials/backends/onepassword.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"onepassword.d.ts","sourceRoot":"","sources":["../../../../src/core/credentials/backends/onepassword.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEnD,MAAM,WAAW,uBAAuB;IACtC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAKD,qBAAa,gBAAiB,YAAW,eAAe;IACtD,OAAO,CAAC,KAAK,CAAS;IACtB,OAAO,CAAC,OAAO,CAAC,CAAS;IACzB,OAAO,CAAC,MAAM,CAAuB;gBAEzB,OAAO,CAAC,EAAE,uBAAuB;IAM7C,OAAO,CAAC,aAAa;IAoBrB,OAAO,CAAC,KAAK;IAyBb,OAAO,CAAC,WAAW;IAInB,OAAO,CAAC,aAAa;IAcrB,OAAO,CAAC,iBAAiB;IAcnB,GAAG,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAsBzD,GAAG,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC;IAsClG,MAAM,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAiBtD,IAAI,CAAC,OAAO,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAiCxE,MAAM,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAK5D;;OAEG;IACH,QAAQ,IAAI,MAAM;IAIlB;;OAEG;IACH,MAAM,CAAC,WAAW,IAAI,OAAO;CAa9B;AAED,wBAAgB,sBAAsB,CAAC,OAAO,CAAC,EAAE,uBAAuB,GAAG,gBAAgB,CAE1F"}