aquaman-proxy 0.7.1 → 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (29) hide show
  1. package/README.md +1 -1
  2. package/dist/cli/index.js +113 -25
  3. package/dist/cli/index.js.map +1 -1
  4. package/dist/core/credentials/backends/bitwarden.d.ts +63 -0
  5. package/dist/core/credentials/backends/bitwarden.d.ts.map +1 -0
  6. package/dist/core/credentials/backends/bitwarden.js +395 -0
  7. package/dist/core/credentials/backends/bitwarden.js.map +1 -0
  8. package/dist/core/credentials/backends/systemd-creds.d.ts +66 -0
  9. package/dist/core/credentials/backends/systemd-creds.d.ts.map +1 -0
  10. package/dist/core/credentials/backends/systemd-creds.js +213 -0
  11. package/dist/core/credentials/backends/systemd-creds.js.map +1 -0
  12. package/dist/core/credentials/index.d.ts +1 -0
  13. package/dist/core/credentials/index.d.ts.map +1 -1
  14. package/dist/core/credentials/index.js +1 -0
  15. package/dist/core/credentials/index.js.map +1 -1
  16. package/dist/core/credentials/store.d.ts +5 -1
  17. package/dist/core/credentials/store.d.ts.map +1 -1
  18. package/dist/core/credentials/store.js +16 -1
  19. package/dist/core/credentials/store.js.map +1 -1
  20. package/dist/core/index.d.ts +1 -1
  21. package/dist/core/index.d.ts.map +1 -1
  22. package/dist/core/index.js +1 -1
  23. package/dist/core/index.js.map +1 -1
  24. package/dist/core/types.d.ts +6 -2
  25. package/dist/core/types.d.ts.map +1 -1
  26. package/dist/core/utils/config.d.ts.map +1 -1
  27. package/dist/core/utils/config.js +10 -1
  28. package/dist/core/utils/config.js.map +1 -1
  29. package/package.json +1 -1
package/README.md CHANGED
@@ -44,7 +44,7 @@ openclaw # proxy starts automatically via plugi
44
44
  > `aquaman setup` auto-detects your credential backend. macOS defaults to Keychain,
45
45
  > Linux defaults to encrypted file. Override with `--backend`:
46
46
  > `aquaman setup --backend keepassxc`
47
- > Options: `keychain`, `encrypted-file`, `keepassxc`, `1password`, `vault`
47
+ > Options: `keychain`, `encrypted-file`, `keepassxc`, `1password`, `vault`, `systemd-creds`, `bitwarden`
48
48
 
49
49
  Existing plaintext credentials are migrated automatically during setup.
50
50
  Run again anytime to migrate new credentials: `aquaman migrate openclaw --auto`
package/dist/cli/index.js CHANGED
@@ -147,7 +147,7 @@ program
147
147
  // Initialize credential store
148
148
  let credentialStore;
149
149
  try {
150
- credentialStore = createCredentialStore({
150
+ credentialStore = await createCredentialStore({
151
151
  backend: config.credentials.backend,
152
152
  encryptionPassword: config.credentials.encryptionPassword,
153
153
  vaultAddress: config.credentials.vaultAddress,
@@ -157,7 +157,10 @@ program
157
157
  onePasswordVault: config.credentials.onePasswordVault,
158
158
  onePasswordAccount: config.credentials.onePasswordAccount,
159
159
  keepassxcDatabasePath: config.credentials.keepassxcDatabasePath,
160
- keepassxcKeyFilePath: config.credentials.keepassxcKeyFilePath
160
+ keepassxcKeyFilePath: config.credentials.keepassxcKeyFilePath,
161
+ bitwardenFolder: config.credentials.bitwardenFolder,
162
+ bitwardenOrganizationId: config.credentials.bitwardenOrganizationId,
163
+ bitwardenCollectionId: config.credentials.bitwardenCollectionId
161
164
  });
162
165
  }
163
166
  catch (err) {
@@ -297,7 +300,7 @@ program
297
300
  // Initialize credential store
298
301
  let credentialStore;
299
302
  try {
300
- credentialStore = createCredentialStore({
303
+ credentialStore = await createCredentialStore({
301
304
  backend: config.credentials.backend,
302
305
  encryptionPassword: config.credentials.encryptionPassword,
303
306
  vaultAddress: config.credentials.vaultAddress,
@@ -307,7 +310,10 @@ program
307
310
  onePasswordVault: config.credentials.onePasswordVault,
308
311
  onePasswordAccount: config.credentials.onePasswordAccount,
309
312
  keepassxcDatabasePath: config.credentials.keepassxcDatabasePath,
310
- keepassxcKeyFilePath: config.credentials.keepassxcKeyFilePath
313
+ keepassxcKeyFilePath: config.credentials.keepassxcKeyFilePath,
314
+ bitwardenFolder: config.credentials.bitwardenFolder,
315
+ bitwardenOrganizationId: config.credentials.bitwardenOrganizationId,
316
+ bitwardenCollectionId: config.credentials.bitwardenCollectionId
311
317
  });
312
318
  }
313
319
  catch (err) {
@@ -365,7 +371,7 @@ program
365
371
  // Initialize credential store
366
372
  let credentialStore;
367
373
  try {
368
- credentialStore = createCredentialStore({
374
+ credentialStore = await createCredentialStore({
369
375
  backend: config.credentials.backend,
370
376
  encryptionPassword: config.credentials.encryptionPassword,
371
377
  vaultAddress: config.credentials.vaultAddress,
@@ -375,7 +381,10 @@ program
375
381
  onePasswordVault: config.credentials.onePasswordVault,
376
382
  onePasswordAccount: config.credentials.onePasswordAccount,
377
383
  keepassxcDatabasePath: config.credentials.keepassxcDatabasePath,
378
- keepassxcKeyFilePath: config.credentials.keepassxcKeyFilePath
384
+ keepassxcKeyFilePath: config.credentials.keepassxcKeyFilePath,
385
+ bitwardenFolder: config.credentials.bitwardenFolder,
386
+ bitwardenOrganizationId: config.credentials.bitwardenOrganizationId,
387
+ bitwardenCollectionId: config.credentials.bitwardenCollectionId
379
388
  });
380
389
  }
381
390
  catch (err) {
@@ -487,7 +496,7 @@ program
487
496
  program
488
497
  .command('setup')
489
498
  .description('All-in-one setup wizard — creates config, stores credentials, installs plugin')
490
- .option('--backend <backend>', 'Credential backend (keychain, encrypted-file, keepassxc, 1password, vault)')
499
+ .option('--backend <backend>', 'Credential backend (keychain, encrypted-file, keepassxc, 1password, vault, systemd-creds, bitwarden)')
491
500
  .option('--no-openclaw', 'Skip OpenClaw plugin installation')
492
501
  .option('--non-interactive', 'Use environment variables instead of prompts (for CI)')
493
502
  .action(async (options) => {
@@ -520,19 +529,20 @@ program
520
529
  backend = 'keychain';
521
530
  }
522
531
  else {
523
- // Linux: check for libsecret
532
+ // Linux: check for libsecret first, then systemd-creds, then encrypted-file
524
533
  try {
525
534
  const { execSync } = await import('node:child_process');
526
535
  execSync('pkg-config --exists libsecret-1', { stdio: 'pipe' });
527
536
  backend = 'keychain';
528
537
  }
529
538
  catch {
530
- backend = 'encrypted-file';
539
+ const { isSystemdCredsAvailable } = await import('../core/credentials/backends/systemd-creds.js');
540
+ backend = isSystemdCredsAvailable() ? 'systemd-creds' : 'encrypted-file';
531
541
  }
532
542
  }
533
543
  }
534
544
  // Validate backend
535
- const validBackends = ['keychain', 'encrypted-file', 'keepassxc', '1password', 'vault'];
545
+ const validBackends = ['keychain', 'encrypted-file', 'keepassxc', '1password', 'vault', 'systemd-creds', 'bitwarden'];
536
546
  if (!validBackends.includes(backend)) {
537
547
  console.error(` Invalid backend: ${backend}`);
538
548
  console.error(` Valid options: ${validBackends.join(', ')}`);
@@ -605,6 +615,51 @@ program
605
615
  }
606
616
  }
607
617
  }
618
+ else if (backend === 'systemd-creds') {
619
+ const { isSystemdCredsAvailable } = await import('../core/credentials/backends/systemd-creds.js');
620
+ if (!isSystemdCredsAvailable()) {
621
+ console.error(' systemd-creds backend requires systemd-creds with --user support (systemd >= 256).');
622
+ console.error(' Try: systemd-creds --version');
623
+ process.exit(1);
624
+ }
625
+ }
626
+ else if (backend === 'bitwarden') {
627
+ try {
628
+ const { execSync } = await import('node:child_process');
629
+ execSync('which bw', { stdio: 'pipe' });
630
+ // Check status
631
+ const statusJson = execSync('bw status', { stdio: 'pipe', encoding: 'utf-8' });
632
+ const status = JSON.parse(statusJson);
633
+ if (status.status === 'unauthenticated') {
634
+ console.error(' Bitwarden CLI is installed but not logged in.');
635
+ console.error(' Run: bw login');
636
+ process.exit(1);
637
+ }
638
+ if (status.status === 'locked') {
639
+ const session = process.env['BW_SESSION'];
640
+ if (!session) {
641
+ console.error(' Bitwarden vault is locked.');
642
+ console.error(' Run: export BW_SESSION=$(bw unlock --raw)');
643
+ process.exit(1);
644
+ }
645
+ // Verify session works
646
+ try {
647
+ execSync('bw sync', { stdio: 'pipe', env: { ...process.env, BW_SESSION: session } });
648
+ }
649
+ catch {
650
+ console.error(' BW_SESSION is invalid or expired.');
651
+ console.error(' Run: export BW_SESSION=$(bw unlock --raw)');
652
+ process.exit(1);
653
+ }
654
+ }
655
+ }
656
+ catch {
657
+ console.error(' Bitwarden CLI not found.');
658
+ console.error(' Install: https://bitwarden.com/help/cli/');
659
+ console.error(' Then: bw login && export BW_SESSION=$(bw unlock --raw)');
660
+ process.exit(1);
661
+ }
662
+ }
608
663
  // 2. Run init internally (create dirs, config)
609
664
  ensureConfigDir();
610
665
  const config = getDefaultConfig();
@@ -616,7 +671,7 @@ program
616
671
  // 3. Prompt for API keys (or read from env in non-interactive mode)
617
672
  let store;
618
673
  try {
619
- store = createCredentialStore({
674
+ store = await createCredentialStore({
620
675
  backend: config.credentials.backend,
621
676
  encryptionPassword: config.credentials.encryptionPassword || process.env['AQUAMAN_ENCRYPTION_PASSWORD'] || process.env['AQUAMAN_KEEPASS_PASSWORD'],
622
677
  vaultAddress: config.credentials.vaultAddress || process.env['VAULT_ADDR'],
@@ -624,7 +679,10 @@ program
624
679
  onePasswordVault: config.credentials.onePasswordVault,
625
680
  onePasswordAccount: config.credentials.onePasswordAccount,
626
681
  keepassxcDatabasePath: config.credentials.keepassxcDatabasePath,
627
- keepassxcKeyFilePath: config.credentials.keepassxcKeyFilePath
682
+ keepassxcKeyFilePath: config.credentials.keepassxcKeyFilePath,
683
+ bitwardenFolder: config.credentials.bitwardenFolder,
684
+ bitwardenOrganizationId: config.credentials.bitwardenOrganizationId,
685
+ bitwardenCollectionId: config.credentials.bitwardenCollectionId
628
686
  });
629
687
  }
630
688
  catch (err) {
@@ -883,7 +941,22 @@ program
883
941
  let store = null;
884
942
  try {
885
943
  config = loadConfig();
886
- store = createCredentialStore({
944
+ if (config.credentials.backend === 'systemd-creds') {
945
+ const { isSystemdCredsAvailable } = await import('../core/credentials/backends/systemd-creds.js');
946
+ if (!isSystemdCredsAvailable()) {
947
+ throw new Error('systemd-creds backend requires systemd >= 256 with --user support');
948
+ }
949
+ }
950
+ if (config.credentials.backend === 'bitwarden') {
951
+ const { BitwardenStore } = await import('../core/credentials/backends/bitwarden.js');
952
+ if (!BitwardenStore.isAvailable()) {
953
+ throw new Error('Bitwarden CLI (bw) not found. Install: https://bitwarden.com/help/cli/');
954
+ }
955
+ if (!BitwardenStore.isUnlocked()) {
956
+ throw new Error('Bitwarden vault is locked. Run: export BW_SESSION=$(bw unlock --raw)');
957
+ }
958
+ }
959
+ store = await createCredentialStore({
887
960
  backend: config.credentials.backend,
888
961
  encryptionPassword: config.credentials.encryptionPassword,
889
962
  vaultAddress: config.credentials.vaultAddress,
@@ -891,7 +964,10 @@ program
891
964
  onePasswordVault: config.credentials.onePasswordVault,
892
965
  onePasswordAccount: config.credentials.onePasswordAccount,
893
966
  keepassxcDatabasePath: config.credentials.keepassxcDatabasePath,
894
- keepassxcKeyFilePath: config.credentials.keepassxcKeyFilePath
967
+ keepassxcKeyFilePath: config.credentials.keepassxcKeyFilePath,
968
+ bitwardenFolder: config.credentials.bitwardenFolder,
969
+ bitwardenOrganizationId: config.credentials.bitwardenOrganizationId,
970
+ bitwardenCollectionId: config.credentials.bitwardenCollectionId
895
971
  });
896
972
  // 3. Count credentials
897
973
  const creds = await store.list();
@@ -1251,7 +1327,7 @@ credentials
1251
1327
  const backend = options.backend || config.credentials.backend;
1252
1328
  let store;
1253
1329
  try {
1254
- store = createCredentialStore({
1330
+ store = await createCredentialStore({
1255
1331
  backend,
1256
1332
  encryptionPassword: config.credentials.encryptionPassword,
1257
1333
  vaultAddress: config.credentials.vaultAddress,
@@ -1261,7 +1337,10 @@ credentials
1261
1337
  onePasswordVault: config.credentials.onePasswordVault,
1262
1338
  onePasswordAccount: config.credentials.onePasswordAccount,
1263
1339
  keepassxcDatabasePath: config.credentials.keepassxcDatabasePath,
1264
- keepassxcKeyFilePath: config.credentials.keepassxcKeyFilePath
1340
+ keepassxcKeyFilePath: config.credentials.keepassxcKeyFilePath,
1341
+ bitwardenFolder: config.credentials.bitwardenFolder,
1342
+ bitwardenOrganizationId: config.credentials.bitwardenOrganizationId,
1343
+ bitwardenCollectionId: config.credentials.bitwardenCollectionId
1265
1344
  });
1266
1345
  }
1267
1346
  catch (error) {
@@ -1307,7 +1386,7 @@ credentials
1307
1386
  const config = loadConfig();
1308
1387
  let store;
1309
1388
  try {
1310
- store = createCredentialStore({
1389
+ store = await createCredentialStore({
1311
1390
  backend: config.credentials.backend,
1312
1391
  encryptionPassword: config.credentials.encryptionPassword,
1313
1392
  vaultAddress: config.credentials.vaultAddress,
@@ -1315,7 +1394,10 @@ credentials
1315
1394
  onePasswordVault: config.credentials.onePasswordVault,
1316
1395
  onePasswordAccount: config.credentials.onePasswordAccount,
1317
1396
  keepassxcDatabasePath: config.credentials.keepassxcDatabasePath,
1318
- keepassxcKeyFilePath: config.credentials.keepassxcKeyFilePath
1397
+ keepassxcKeyFilePath: config.credentials.keepassxcKeyFilePath,
1398
+ bitwardenFolder: config.credentials.bitwardenFolder,
1399
+ bitwardenOrganizationId: config.credentials.bitwardenOrganizationId,
1400
+ bitwardenCollectionId: config.credentials.bitwardenCollectionId
1319
1401
  });
1320
1402
  }
1321
1403
  catch {
@@ -1339,7 +1421,7 @@ credentials
1339
1421
  const config = loadConfig();
1340
1422
  let store;
1341
1423
  try {
1342
- store = createCredentialStore({
1424
+ store = await createCredentialStore({
1343
1425
  backend: config.credentials.backend,
1344
1426
  encryptionPassword: config.credentials.encryptionPassword,
1345
1427
  vaultAddress: config.credentials.vaultAddress,
@@ -1347,7 +1429,10 @@ credentials
1347
1429
  onePasswordVault: config.credentials.onePasswordVault,
1348
1430
  onePasswordAccount: config.credentials.onePasswordAccount,
1349
1431
  keepassxcDatabasePath: config.credentials.keepassxcDatabasePath,
1350
- keepassxcKeyFilePath: config.credentials.keepassxcKeyFilePath
1432
+ keepassxcKeyFilePath: config.credentials.keepassxcKeyFilePath,
1433
+ bitwardenFolder: config.credentials.bitwardenFolder,
1434
+ bitwardenOrganizationId: config.credentials.bitwardenOrganizationId,
1435
+ bitwardenCollectionId: config.credentials.bitwardenCollectionId
1351
1436
  });
1352
1437
  }
1353
1438
  catch {
@@ -1365,7 +1450,7 @@ credentials
1365
1450
  credentials
1366
1451
  .command('guide')
1367
1452
  .description('Show setup commands for seeding credentials based on your backend')
1368
- .option('--backend <backend>', 'Override backend (keychain, encrypted-file, vault, 1password)')
1453
+ .option('--backend <backend>', 'Override backend (keychain, encrypted-file, vault, 1password, bitwarden)')
1369
1454
  .option('--service <name>', 'Show commands for a single service only')
1370
1455
  .action(async (options) => {
1371
1456
  const config = loadConfig();
@@ -1686,7 +1771,7 @@ migrate
1686
1771
  // Migrate
1687
1772
  let store;
1688
1773
  try {
1689
- store = createCredentialStore({
1774
+ store = await createCredentialStore({
1690
1775
  backend: appConfig.credentials.backend,
1691
1776
  encryptionPassword: appConfig.credentials.encryptionPassword,
1692
1777
  vaultAddress: appConfig.credentials.vaultAddress,
@@ -1840,7 +1925,7 @@ migrate
1840
1925
  if (opts.dryRun) {
1841
1926
  console.log('(dry run - no credentials will be written)\n');
1842
1927
  }
1843
- const store = createCredentialStore({
1928
+ const store = await createCredentialStore({
1844
1929
  backend: appConfig.credentials.backend,
1845
1930
  encryptionPassword: appConfig.credentials.encryptionPassword,
1846
1931
  vaultAddress: appConfig.credentials.vaultAddress,
@@ -1896,7 +1981,7 @@ program
1896
1981
  }
1897
1982
  // Check for stored credentials
1898
1983
  try {
1899
- const store = createCredentialStore({
1984
+ const store = await createCredentialStore({
1900
1985
  backend: config.credentials.backend,
1901
1986
  encryptionPassword: config.credentials.encryptionPassword,
1902
1987
  vaultAddress: config.credentials.vaultAddress,
@@ -1904,7 +1989,10 @@ program
1904
1989
  onePasswordVault: config.credentials.onePasswordVault,
1905
1990
  onePasswordAccount: config.credentials.onePasswordAccount,
1906
1991
  keepassxcDatabasePath: config.credentials.keepassxcDatabasePath,
1907
- keepassxcKeyFilePath: config.credentials.keepassxcKeyFilePath
1992
+ keepassxcKeyFilePath: config.credentials.keepassxcKeyFilePath,
1993
+ bitwardenFolder: config.credentials.bitwardenFolder,
1994
+ bitwardenOrganizationId: config.credentials.bitwardenOrganizationId,
1995
+ bitwardenCollectionId: config.credentials.bitwardenCollectionId
1908
1996
  });
1909
1997
  const creds = await store.list();
1910
1998
  console.log(`\nStored credentials: ${creds.length}`);