auramaxx 0.0.12 → 0.0.13

package/.next/types/app/yo/layout.ts

@@ -0,0 +1,84 @@
+// File: /Users/alyssa/src/aura/aurawallet/src/app/yo/layout.tsx
+import * as entry from '../../../../src/app/yo/layout.js'
+import type { ResolvingMetadata, ResolvingViewport } from 'next/dist/lib/metadata/types/metadata-interface.js'
+
+type TEntry = typeof import('../../../../src/app/yo/layout.js')
+
+type SegmentParams<T extends Object = any> = T extends Record<string, any>
+  ? { [K in keyof T]: T[K] extends string ? string | string[] | undefined : never }
+  : T
+
+// Check that the entry is a valid entry
+checkFields<Diff<{
+  default: Function
+  config?: {}
+  generateStaticParams?: Function
+  revalidate?: RevalidateRange<TEntry> | false
+  dynamic?: 'auto' | 'force-dynamic' | 'error' | 'force-static'
+  dynamicParams?: boolean
+  fetchCache?: 'auto' | 'force-no-store' | 'only-no-store' | 'default-no-store' | 'default-cache' | 'only-cache' | 'force-cache'
+  preferredRegion?: 'auto' | 'global' | 'home' | string | string[]
+  runtime?: 'nodejs' | 'experimental-edge' | 'edge'
+  maxDuration?: number
+  
+  metadata?: any
+  generateMetadata?: Function
+  viewport?: any
+  generateViewport?: Function
+  experimental_ppr?: boolean
+  
+}, TEntry, ''>>()
+
+
+// Check the prop type of the entry function
+checkFields<Diff<LayoutProps, FirstArg<TEntry['default']>, 'default'>>()
+
+// Check the arguments and return type of the generateMetadata function
+if ('generateMetadata' in entry) {
+  checkFields<Diff<LayoutProps, FirstArg<MaybeField<TEntry, 'generateMetadata'>>, 'generateMetadata'>>()
+  checkFields<Diff<ResolvingMetadata, SecondArg<MaybeField<TEntry, 'generateMetadata'>>, 'generateMetadata'>>()
+}
+
+// Check the arguments and return type of the generateViewport function
+if ('generateViewport' in entry) {
+  checkFields<Diff<LayoutProps, FirstArg<MaybeField<TEntry, 'generateViewport'>>, 'generateViewport'>>()
+  checkFields<Diff<ResolvingViewport, SecondArg<MaybeField<TEntry, 'generateViewport'>>, 'generateViewport'>>()
+}
+
+// Check the arguments and return type of the generateStaticParams function
+if ('generateStaticParams' in entry) {
+  checkFields<Diff<{ params: SegmentParams }, FirstArg<MaybeField<TEntry, 'generateStaticParams'>>, 'generateStaticParams'>>()
+  checkFields<Diff<{ __tag__: 'generateStaticParams', __return_type__: any[] | Promise<any[]> }, { __tag__: 'generateStaticParams', __return_type__: ReturnType<MaybeField<TEntry, 'generateStaticParams'>> }>>()
+}
+
+export interface PageProps {
+  params?: Promise<SegmentParams>
+  searchParams?: Promise<any>
+}
+export interface LayoutProps {
+  children?: React.ReactNode
+
+  params?: Promise<SegmentParams>
+}
+
+// =============
+// Utility types
+type RevalidateRange<T> = T extends { revalidate: any } ? NonNegative<T['revalidate']> : never
+
+// If T is unknown or any, it will be an empty {} type. Otherwise, it will be the same as Omit<T, keyof Base>.
+type OmitWithTag<T, K extends keyof any, _M> = Omit<T, K>
+type Diff<Base, T extends Base, Message extends string = ''> = 0 extends (1 & T) ? {} : OmitWithTag<T, keyof Base, Message>
+
+type FirstArg<T extends Function> = T extends (...args: [infer T, any]) => any ? unknown extends T ? any : T : never
+type SecondArg<T extends Function> = T extends (...args: [any, infer T]) => any ? unknown extends T ? any : T : never
+type MaybeField<T, K extends string> = T extends { [k in K]: infer G } ? G extends Function ? G : never : never
+
+
+
+function checkFields<_ extends { [k in keyof any]: never }>() {}
+
+// https://github.com/sindresorhus/type-fest
+type Numeric = number | bigint
+type Zero = 0 | 0n
+type Negative<T extends Numeric> = T extends Zero ? never : `${T}` extends `-${string}` ? T : never
+type NonNegative<T extends Numeric> = T extends Zero ? T : Negative<T> extends never ? T : '__invalid_negative_number__'

package/.next/types/app/yo/page.ts

@@ -0,0 +1,84 @@
+// File: /Users/alyssa/src/aura/aurawallet/src/app/yo/page.tsx
+import * as entry from '../../../../src/app/yo/page.js'
+import type { ResolvingMetadata, ResolvingViewport } from 'next/dist/lib/metadata/types/metadata-interface.js'
+
+type TEntry = typeof import('../../../../src/app/yo/page.js')
+
+type SegmentParams<T extends Object = any> = T extends Record<string, any>
+  ? { [K in keyof T]: T[K] extends string ? string | string[] | undefined : never }
+  : T
+
+// Check that the entry is a valid entry
+checkFields<Diff<{
+  default: Function
+  config?: {}
+  generateStaticParams?: Function
+  revalidate?: RevalidateRange<TEntry> | false
+  dynamic?: 'auto' | 'force-dynamic' | 'error' | 'force-static'
+  dynamicParams?: boolean
+  fetchCache?: 'auto' | 'force-no-store' | 'only-no-store' | 'default-no-store' | 'default-cache' | 'only-cache' | 'force-cache'
+  preferredRegion?: 'auto' | 'global' | 'home' | string | string[]
+  runtime?: 'nodejs' | 'experimental-edge' | 'edge'
+  maxDuration?: number
+  
+  metadata?: any
+  generateMetadata?: Function
+  viewport?: any
+  generateViewport?: Function
+  experimental_ppr?: boolean
+  
+}, TEntry, ''>>()
+
+
+// Check the prop type of the entry function
+checkFields<Diff<PageProps, FirstArg<TEntry['default']>, 'default'>>()
+
+// Check the arguments and return type of the generateMetadata function
+if ('generateMetadata' in entry) {
+  checkFields<Diff<PageProps, FirstArg<MaybeField<TEntry, 'generateMetadata'>>, 'generateMetadata'>>()
+  checkFields<Diff<ResolvingMetadata, SecondArg<MaybeField<TEntry, 'generateMetadata'>>, 'generateMetadata'>>()
+}
+
+// Check the arguments and return type of the generateViewport function
+if ('generateViewport' in entry) {
+  checkFields<Diff<PageProps, FirstArg<MaybeField<TEntry, 'generateViewport'>>, 'generateViewport'>>()
+  checkFields<Diff<ResolvingViewport, SecondArg<MaybeField<TEntry, 'generateViewport'>>, 'generateViewport'>>()
+}
+
+// Check the arguments and return type of the generateStaticParams function
+if ('generateStaticParams' in entry) {
+  checkFields<Diff<{ params: SegmentParams }, FirstArg<MaybeField<TEntry, 'generateStaticParams'>>, 'generateStaticParams'>>()
+  checkFields<Diff<{ __tag__: 'generateStaticParams', __return_type__: any[] | Promise<any[]> }, { __tag__: 'generateStaticParams', __return_type__: ReturnType<MaybeField<TEntry, 'generateStaticParams'>> }>>()
+}
+
+export interface PageProps {
+  params?: Promise<SegmentParams>
+  searchParams?: Promise<any>
+}
+export interface LayoutProps {
+  children?: React.ReactNode
+
+  params?: Promise<SegmentParams>
+}
+
+// =============
+// Utility types
+type RevalidateRange<T> = T extends { revalidate: any } ? NonNegative<T['revalidate']> : never
+
+// If T is unknown or any, it will be an empty {} type. Otherwise, it will be the same as Omit<T, keyof Base>.
+type OmitWithTag<T, K extends keyof any, _M> = Omit<T, K>
+type Diff<Base, T extends Base, Message extends string = ''> = 0 extends (1 & T) ? {} : OmitWithTag<T, keyof Base, Message>
+
+type FirstArg<T extends Function> = T extends (...args: [infer T, any]) => any ? unknown extends T ? any : T : never
+type SecondArg<T extends Function> = T extends (...args: [any, infer T]) => any ? unknown extends T ? any : T : never
+type MaybeField<T, K extends string> = T extends { [k in K]: infer G } ? G extends Function ? G : never : never
+
+
+
+function checkFields<_ extends { [k in keyof any]: never }>() {}
+
+// https://github.com/sindresorhus/type-fest
+type Numeric = number | bigint
+type Zero = 0 | 0n
+type Negative<T extends Numeric> = T extends Zero ? never : `${T}` extends `-${string}` ? T : never
+type NonNegative<T extends Numeric> = T extends Zero ? T : Negative<T> extends never ? T : '__invalid_negative_number__'

package/.next/types/routes.d.ts

@@ -1,10 +1,10 @@
 // This file is generated automatically by Next.js
 // Do not edit this file manually
 
-type AppRoutes = "/" | "/api" | "/api/[...doc]" | "/app-legacy-do-not-use" | "/approve/[actionId]" | "/docs" | "/docs/[...doc]" | "/health" | "/hello" | "/privacy" | "/share/[token]" | "/terms"
+type AppRoutes = "/" | "/api" | "/api/[...doc]" | "/app-legacy-do-not-use" | "/approve/[actionId]" | "/docs" | "/docs/[...doc]" | "/health" | "/hello" | "/privacy" | "/share/[token]" | "/terms" | "/yo"
 type AppRouteHandlerRoutes = "/api/agent-requests" | "/api/apps/install" | "/api/apps/manifests" | "/api/apps/static/[...path]" | "/api/docs/plain" | "/api/events" | "/api/import-from-openclaw" | "/api/import-from-openclaw/[channel]" | "/api/import-from-openclaw/validate/[channel]" | "/api/restart" | "/api/update" | "/api/version" | "/api/workspace" | "/api/workspace/[id]" | "/api/workspace/[id]/apps" | "/api/workspace/[id]/apps/[wid]" | "/api/workspace/[id]/export" | "/api/workspace/config" | "/api/workspace/import"
 type PageRoutes = never
-type LayoutRoutes = "/"
+type LayoutRoutes = "/" | "/yo"
 type RedirectRoutes = "/app/[[...path]]"
 type RewriteRoutes = never
 type Routes = AppRoutes | PageRoutes | LayoutRoutes | RedirectRoutes | RewriteRoutes | AppRouteHandlerRoutes
@@ -43,6 +43,7 @@ interface ParamMap {
   "/privacy": {}
   "/share/[token]": { "token": string; }
   "/terms": {}
+  "/yo": {}
 }
 
 
@@ -50,6 +51,7 @@ export type ParamsOf<Route extends Routes> = ParamMap[Route]
 
 interface LayoutSlotMap {
   "/": never
+  "/yo": never
 }
 
 

package/.next/types/validator.ts

@@ -155,6 +155,15 @@ type RouteHandlerConfig<Route extends AppRouteHandlerRoutes = AppRouteHandlerRou
   type __Unused = __Check
 }
 
+// Validate ../../src/app/yo/page.tsx
+{
+  type __IsExpected<Specific extends AppPageConfig<"/yo">> = Specific
+  const handler = {} as typeof import("../../src/app/yo/page.js")
+  type __Check = __IsExpected<typeof handler>
+  // @ts-ignore
+  type __Unused = __Check
+}
+
 // Validate ../../src/app/api/agent-requests/route.ts
 {
   type __IsExpected<Specific extends RouteHandlerConfig<"/api/agent-requests">> = Specific
@@ -338,3 +347,12 @@ type RouteHandlerConfig<Route extends AppRouteHandlerRoutes = AppRouteHandlerRou
   // @ts-ignore
   type __Unused = __Check
 }
+
+// Validate ../../src/app/yo/layout.tsx
+{
+  type __IsExpected<Specific extends LayoutConfig<"/yo">> = Specific
+  const handler = {} as typeof import("../../src/app/yo/layout.js")
+  type __Check = __IsExpected<typeof handler>
+  // @ts-ignore
+  type __Unused = __Check
+}

package/bin/auramaxx.js

@@ -15,6 +15,7 @@ const readline = require('readline');
 
 const root = path.join(__dirname, '..');
 let cmd = process.argv[2];
+const invokedCommand = process.argv[2];
 const args = process.argv.slice(3);
 let inferredCommand = false;
 
@@ -725,6 +726,12 @@ function shouldRunOnboardingAutoconfig() {
   return inferredInitOrStart || explicitInitOrStart;
 }
 
+function shouldRunBootstrapInstall() {
+  const inferredInitOrStart = inferredCommand && (cmd === 'init' || cmd === 'start');
+  const explicitStart = !inferredCommand && invokedCommand === 'start';
+  return inferredInitOrStart || explicitStart;
+}
+
 function shouldLogBootstrapDetails() {
   if (process.env.AURA_BOOTSTRAP_VERBOSE === '1') return true;
   return args.includes('--debug');
@@ -1094,11 +1101,7 @@ function maybeAutoInstallAuraAlias() {
 }
 
 function maybeAutoInstallSkills() {
-  if (process.env.AURA_AUTO_SKILL_INSTALL === '0') return;
-
-  const inferredInitOrStart = inferredCommand && (cmd === 'init' || cmd === 'start');
-  const explicitStart = !inferredCommand && cmd === 'start';
-  if (!inferredInitOrStart && !explicitStart) return;
+  if (!shouldRunBootstrapInstall()) return;
 
   // Delegate to skill.ts — single source of truth for install + heartbeat patching
   const verbose = shouldLogBootstrapDetails();
@@ -1151,27 +1154,9 @@ function maybeInitFeatureFlags() {
 }
 
 function maybeAutoInstallMcp() {
-  if (process.env.AURA_AUTO_MCP_INSTALL === '0') return;
+  if (!shouldRunBootstrapInstall()) return;
   const verbose = shouldLogBootstrapDetails();
 
-  // CLI agents should use direct CLI/socket and not auto-install MCP into CLI clients.
-  // Desktop users can still force auto-install with AURA_AUTO_MCP_INSTALL_FORCE=1.
-  const forceAutoInstall = process.env.AURA_AUTO_MCP_INSTALL_FORCE === '1';
-  const isCliAgent = Boolean(
-    process.env.CODEX_CI ||
-    process.env.CODEX_SANDBOX ||
-    process.env.CLAUDE_CODE ||
-    process.env.CLAUDECODE ||
-    process.env.AURA_CLI_AGENT
-  );
-  if (isCliAgent && !forceAutoInstall) return;
-
-  // Keep one-command onboarding for bare `npx auramaxx` (init/start),
-  // and make explicit `start` behave the same way.
-  const inferredInitOrStart = inferredCommand && (cmd === 'init' || cmd === 'start');
-  const explicitStart = !inferredCommand && cmd === 'start';
-  if (!inferredInitOrStart && !explicitStart) return;
-
   if (verbose) {
     console.log('Auto-configuring MCP integrations (best effort)...');
   }

package/docs/ARCHITECTURE.md

@@ -129,7 +129,7 @@ Every token issuance path requires human involvement:
 | `POST /auth` | Human must approve the pending request |
 | `POST /actions` | Human must resolve the action (`/actions/:id/resolve`) |
 | `POST /actions/token` | Caller must already have admin token |
-| Socket bootstrap | Trust-dependent (configurable, default: `localAutoApprove = false`) |
+| Socket bootstrap | Trust-dependent (configurable, default: `localAutoApprove = true`) |
 
 Agents cannot escalate their own permissions — `admin:*` and `action:create` are blocked from self-escalation via `POST /actions`.
 

package/docs/AUTH.md

@@ -295,8 +295,9 @@ Defaults:
 - API server: `http://localhost:4242`
 - Socket path: `/tmp/aura-cli-<uid>.sock`
 - Local socket perms: `0600`
-- Default trust profile: `dev`
-- `trust.localAutoApprove = false`
+- Default trust profile: `admin`
+- `trust.localAutoApprove = true`
+- `/auth` fallback profile resolution: explicit `--profile`/API value -> `trust.localProfile` -> `dev`
 
 Use admin auth for trust tuning:
 
@@ -421,11 +422,13 @@ CLI and MCP are canonical-only for escalation payloads. If a 403 escalation payl
   "retryAction": {
     "transport": "cli",
     "kind": "command",
-    "command": "<retry_original_command> --reqId req_123"
+    "command": "npx auramaxx get OURSECRET --json --reqId req_123"
   }
 }
 ```
 
+CLI projections now include the exact replay command when the original command context is available.
+
 ### MCP projection (typed action filled if missing)
 
 ```json

package/docs/CLI.md

@@ -69,6 +69,8 @@ Default `aura start` behavior:
 - If service install/bootstrap fails on first run, falls back to direct process start.
 - If service is already installed but cannot launch/health-check, `start` exits with guidance instead of manually spawning a competing runtime.
 - Explicit modes (`--debug`, `--dev`, `--headless`, `--background`) continue to use direct process startup.
+- On every `start`, AuraMaxx runs best-effort skill sync (`aura skill --all --yes`) and MCP config sync (`aura mcp --install`) so installed clients stay updated.
+- These startup syncs do not support env-based opt-out toggles.
 - `start` does not auto-start cron. Run `aura cron` explicitly when needed.
 
 Default `aura init` behavior:

package/docs/MCP.md

@@ -11,6 +11,8 @@ auramaxx mcp
 ```
 
 `auramaxx` starts the API server on `http://localhost:4242` and dashboard UI on `http://localhost:4747`.
+It also runs best-effort skill sync (`auramaxx skill --all --yes`) and MCP config sync (`auramaxx mcp --install`) on `start` so local agents stay current.
+These startup syncs are always-on (no env opt-out toggles).
 
 Auto-configure local IDE MCP files:
 

package/docs/credentials.md

@@ -8,6 +8,7 @@ Use this page to understand credential types, canonical fields, and access polic
 | Type | Description | Key Fields |
 |------|-------------|------------|
 | `login` | Website logins | username, password, URL, TOTP |
+| `sso` | SSO login references | website, provider, identifier |
 | `note` | Secure notes | freeform text |
 | `card` | Payment cards | card number, expiry, CVV |
 | `api` | API credentials | API key, secret, endpoint |
@@ -48,6 +49,7 @@ AuraMaxx uses canonical field keys for built-in credential types. Current baseli
 |------|----------------------|-------|
 | `login` | `url`, `username`, `password`, `notes`, `totp` | `otp` is accepted as legacy alias for `totp` |
 | `card` | `cardholder`, `brand`, `billing_zip`, `last4`, `number`, `cvv`, `expiry`, `notes` | `last4` is derived metadata; `number`/`cvv`/`expiry` are sensitive |
+| `sso` | `website`, `provider`, `identifier` | `website` + `provider` are required on create; `identifier` is optional |
 | `note` | `content` | `value` is accepted as legacy alias and normalized to `content` on read/write paths |
 | `apikey` | `key`, `value` | `key` is metadata/display, `value` is secret |
 | `oauth2` | `token_endpoint`, `scopes`, `auth_method`, `expires_at`, `access_token`, `refresh_token`, `client_id`, `client_secret` | `access_token`/`refresh_token`/`client_id`/`client_secret` are sensitive |

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "auramaxx",
-  "version": "0.0.12",
+  "version": "0.0.13",
   "description": "Securely share passwords, API keys and wallets with your agent.",
   "keywords": [
     "onepassword",

package/prisma/migrations/20260227214000_update_agent_action_ttl_defaults/migration.sql

@@ -0,0 +1,19 @@
+-- Raise default agent/action token TTLs.
+-- Preserve custom overrides by only migrating old default values.
+UPDATE "SystemDefault"
+SET
+  "value" = '604800',
+  "description" = 'Default time-to-live for agent tokens (7 days)',
+  "updatedAt" = datetime('now')
+WHERE
+  "key" = 'ttl.agent'
+  AND trim("value") IN ('3600', '"3600"');
+
+UPDATE "SystemDefault"
+SET
+  "value" = '3600',
+  "description" = 'Default time-to-live for action tokens (1 hour)',
+  "updatedAt" = datetime('now')
+WHERE
+  "key" = 'ttl.action'
+  AND trim("value") IN ('60', '"60"', '600', '"600"');

package/public/llm.txt

@@ -0,0 +1,2 @@
+Canonical index: https://auramaxx.sh/llms.txt
+

package/public/llms.txt

@@ -0,0 +1,39 @@
+# AuraMaxx
+> The Apple Keychain for AI agents.
+
+## Start Here
+- https://auramaxx.sh/
+- https://auramaxx.sh/yo
+- https://auramaxx.sh/docs
+- https://auramaxx.sh/api
+
+## Skills & MCP Setup
+- https://auramaxx.sh/docs/SKILLS.md
+- https://auramaxx.sh/docs/AGENT_SETUP.md
+- https://auramaxx.sh/docs/AGENT_SETUP.md#skills
+- https://auramaxx.sh/docs/AGENT_SETUP.md#mcp
+- https://auramaxx.sh/docs/MCP.md
+- https://auramaxx.sh/docs/CLI.md
+- https://github.com/Aura-Industry/auramaxx/blob/main/skills/auramaxx/SKILL.md
+
+## Legal
+- https://auramaxx.sh/privacy
+- https://auramaxx.sh/terms
+
+## Machine-Readable
+- https://auramaxx.sh/api/apps/manifests
+- https://auramaxx.sh/api/docs/plain
+- https://auramaxx.sh/api/version
+- https://auramaxx.sh/api/events
+
+## Repo Canonical Sources
+- skills/auramaxx/SKILL.md
+- docs/README.md
+- docs/AGENT_SETUP.md
+- docs/SKILLS.md
+- docs/CLI.md
+- docs/MCP.md
+- docs/AUTH.md
+- docs/security.md
+- docs/PROTOCOL.md
+- docs/ARCHITECTURE.md

package/shared/agent-profile-schema.ts

@@ -0,0 +1,81 @@
+export interface AgentProfileInput {
+  agentId: string;
+  email?: string;
+  phone?: string;
+  address?: string;
+  profileImage?: string;
+  attributes?: Record<string, string>;
+}
+
+export interface AgentProfileRecord extends AgentProfileInput {
+  createdAt: string;
+  updatedAt: string;
+}
+
+function readOptionalString(input: Record<string, unknown>, key: string, aliases: string[] = []): string | undefined {
+  const candidates = [key, ...aliases];
+  for (const candidate of candidates) {
+    const value = input[candidate];
+    if (value === undefined || value === null) continue;
+    if (typeof value !== 'string') {
+      throw new Error(`agent profile field "${key}" must be a string`);
+    }
+    const trimmed = value.trim();
+    if (!trimmed) return undefined;
+    return trimmed;
+  }
+  return undefined;
+}
+
+function readAttributes(input: Record<string, unknown>): Record<string, string> | undefined {
+  const raw = input.attributes ?? input.custom_attributes ?? input.customAttributes;
+  if (raw === undefined || raw === null) return undefined;
+  if (typeof raw !== 'object' || Array.isArray(raw)) {
+    throw new Error('agent profile field "attributes" must be an object');
+  }
+
+  const attributes: Record<string, string> = {};
+  for (const [rawKey, rawValue] of Object.entries(raw as Record<string, unknown>)) {
+    const key = rawKey.trim();
+    if (!key) {
+      throw new Error('agent profile attribute keys must be non-empty');
+    }
+    if (typeof rawValue !== 'string') {
+      throw new Error(`agent profile attribute "${key}" must be a string`);
+    }
+    attributes[key] = rawValue;
+  }
+
+  return Object.keys(attributes).length > 0 ? attributes : undefined;
+}
+
+export function normalizeAgentProfileInput(
+  value: unknown,
+  options: { fallbackAgentId?: string } = {},
+): AgentProfileInput {
+  if (!value || typeof value !== 'object' || Array.isArray(value)) {
+    throw new Error('agent profile payload must be an object');
+  }
+  const input = value as Record<string, unknown>;
+
+  const rawAgentId = input.agentId ?? input.agent_id ?? options.fallbackAgentId;
+  if (typeof rawAgentId !== 'string' || rawAgentId.trim().length === 0) {
+    throw new Error('agent profile requires non-empty agentId');
+  }
+  const agentId = rawAgentId.trim();
+
+  const email = readOptionalString(input, 'email');
+  const phone = readOptionalString(input, 'phone');
+  const address = readOptionalString(input, 'address');
+  const profileImage = readOptionalString(input, 'profileImage', ['profile_image']);
+  const attributes = readAttributes(input);
+
+  return {
+    agentId,
+    ...(email ? { email } : {}),
+    ...(phone ? { phone } : {}),
+    ...(address ? { address } : {}),
+    ...(profileImage ? { profileImage } : {}),
+    ...(attributes ? { attributes } : {}),
+  };
+}

package/shared/credential-field-schema.ts

@@ -3,6 +3,7 @@ export type CredentialFieldType = 'text' | 'secret' | 'url' | 'email' | 'number'
 export type CredentialType =
   | 'login'
   | 'card'
+  | 'sso'
   | 'note'
   | 'plain_note'
   | 'hot_wallet'
@@ -43,6 +44,11 @@ export const CREDENTIAL_FIELD_KEYS = {
     expiry: 'expiry',
     notes: 'notes',
   },
+  sso: {
+    website: 'website',
+    provider: 'provider',
+    identifier: 'identifier',
+  },
   note: {
     content: 'content',
   },
@@ -107,6 +113,11 @@ export const CREDENTIAL_FIELD_SCHEMA: FieldSchemaMap = {
     { key: CREDENTIAL_FIELD_KEYS.card.expiry, label: 'Expiry', type: 'text', sensitive: true, requiredOnCreate: true },
     { key: CREDENTIAL_FIELD_KEYS.card.notes, label: 'Notes', type: 'text', sensitive: true },
   ],
+  sso: [
+    { key: CREDENTIAL_FIELD_KEYS.sso.website, label: 'Website', type: 'text', sensitive: false, requiredOnCreate: true },
+    { key: CREDENTIAL_FIELD_KEYS.sso.provider, label: 'Provider', type: 'text', sensitive: false, requiredOnCreate: true },
+    { key: CREDENTIAL_FIELD_KEYS.sso.identifier, label: 'Identifier', type: 'text', sensitive: false },
+  ],
   note: [
     { key: CREDENTIAL_FIELD_KEYS.note.content, label: 'Content', type: 'text', sensitive: true, requiredOnCreate: true, aliases: ['value'] },
   ],
@@ -158,6 +169,7 @@ export const NOTE_CONTENT_KEY = CREDENTIAL_FIELD_KEYS.note.content;
 export const CREDENTIAL_PRIMARY_FIELD_KEY: Record<CredentialType, string> = {
   login: CREDENTIAL_FIELD_KEYS.login.password,
   card: CREDENTIAL_FIELD_KEYS.card.number,
+  sso: CREDENTIAL_FIELD_KEYS.sso.website,
   note: CREDENTIAL_FIELD_KEYS.note.content,
   plain_note: CREDENTIAL_FIELD_KEYS.plain_note.content,
   hot_wallet: CREDENTIAL_FIELD_KEYS.hot_wallet.privateKey,