axauth 2.1.0 → 3.1.0

package/dist/auth/registry.js

@@ -72,12 +72,11 @@ function checkAllAuth() {
     return getAllAdapters().map((adapter) => adapter.checkAuth());
 }
 /**
- * Extract raw credentials for an agent.
+ * Find credentials for an agent.
  *
- * Checks credentials from all available sources:
- * - Environment variables
- * - Keychain (macOS)
- * - File storage
+ * Checks environment variables first (e.g., ANTHROPIC_API_KEY), then falls
+ * back to local storage (keychain or file) if no environment credentials
+ * are found. This allows easy overrides in CI/CD environments.
  *
  * Note: The `data` field format is agent-specific and not standardized.
  * Use {@link getAccessToken} to extract the token in a uniform way.
@@ -85,12 +84,22 @@ function checkAllAuth() {
  * For vault credentials, use {@link fetchVaultCredentials} from the vault module
  * or the `axauth vault fetch` CLI command.
  *
+ * **Multi-provider agents** (OpenCode):
+ * - `options.provider` is required - throws if not specified
+ *
  * @example
- * const creds = extractRawCredentials("codex");
- * if (creds) { await exportCredentials(creds); }
+ * const creds = findCredentials("codex");
+ * const creds = findCredentials("opencode", { provider: "anthropic" });
  */
-function extractRawCredentials(agentId) {
-    return ADAPTERS[agentId].extractRawCredentials();
+function findCredentials(agentId, options) {
+    const adapter = ADAPTERS[agentId];
+    // Check environment credentials first (allows easy overrides in CI/CD)
+    const environmentCredentials = adapter.getEnvironmentCredentials?.();
+    if (environmentCredentials)
+        return environmentCredentials;
+    // Fall back to stored credentials (keychain/file)
+    const stored = adapter.findStoredCredentials(options);
+    return stored?.credentials;
 }
 /**
  * Extract raw credentials from custom directories.
@@ -100,17 +109,17 @@ function extractRawCredentials(agentId) {
  *
  * @example
  * // For agents without separation (Claude, Codex, Gemini, Copilot)
- * const creds = extractRawCredentialsFromDirectory("claude", { configDir: "/tmp/config" });
+ * const creds = findCredentialsFromDirectory("claude", { configDir: "/tmp/config" });
  *
  * // For agents with separation (OpenCode)
- * const creds = extractRawCredentialsFromDirectory("opencode", {
+ * const creds = findCredentialsFromDirectory("opencode", {
  *   configDir: "/tmp/config",
  *   dataDir: "/tmp/data",
  * });
  */
-function extractRawCredentialsFromDirectory(agentId, options) {
+function findCredentialsFromDirectory(agentId, options) {
     const adapter = ADAPTERS[agentId];
-    return adapter.extractRawCredentialsFromDirectory?.(options);
+    return adapter.loadCredentialsFromDirectory?.(options);
 }
 /**
  * Install credentials for an agent.
@@ -171,6 +180,7 @@ async function getAccessToken(creds, options) {
     const result = await refreshAndPersist(creds, installCredentials, {
         timeout: options?.refreshTimeout,
         provider: options?.provider,
+        storage: options?.storage,
     });
     const finalCreds = result.ok ? result.credentials : result.staleCredentials;
     return ADAPTERS[creds.agent].getAccessToken(finalCreds, options);
@@ -179,16 +189,23 @@ async function getAccessToken(creds, options) {
  * Get access token for an agent by ID.
  *
  * Convenience function that extracts credentials and gets the token.
- * Automatically refreshes expired OAuth tokens.
+ * Automatically refreshes expired OAuth tokens, preserving the original
+ * storage location (keychain or file).
  *
  * @example
  * const token = await getAgentAccessToken("claude");
  */
 async function getAgentAccessToken(agentId, options) {
-    const creds = extractRawCredentials(agentId);
-    if (!creds)
+    const stored = ADAPTERS[agentId].findStoredCredentials({
+        provider: options?.provider,
+    });
+    if (!stored)
         return undefined;
-    return getAccessToken(creds, options);
+    // Pass the source to getAccessToken so refresh preserves storage location
+    return getAccessToken(stored.credentials, {
+        ...options,
+        storage: options?.storage ?? stored.source,
+    });
 }
 /**
  * Convert credentials to environment variables.
@@ -239,4 +256,4 @@ function installCredentialsFromEnvironmentVariable(agent, options) {
         dataDir: options?.dataDir,
     });
 }
-export { checkAllAuth, checkAuth, credentialsToEnvironment, extractRawCredentials, extractRawCredentialsFromDirectory, getAccessToken, getAdapter, getAgentAccessToken, getAllAdapters, getCapabilities, getCredentialsEnvironmentVariableName, installCredentials, installCredentialsFromEnvironmentVariable, removeCredentials, };
+export { checkAllAuth, checkAuth, credentialsToEnvironment, findCredentials, findCredentialsFromDirectory, getAccessToken, getAdapter, getAgentAccessToken, getAllAdapters, getCapabilities, getCredentialsEnvironmentVariableName, installCredentials, installCredentialsFromEnvironmentVariable, removeCredentials, };

package/dist/auth/resolve-refresh-credentials.d.ts

@@ -1,18 +1,21 @@
 /**
- * Resolve which credentials to use for refresh and how to merge results.
+ * Resolve which credentials to use for refresh.
+ *
+ * OpenCode credentials are always per-provider (bundled format removed).
  */
 import type { Credentials } from "./types.js";
-interface RefreshProviderOptions {
-    provider?: string;
-}
 type RefreshResolution = {
     ok: true;
     credentials: Credentials;
-    mergeProvider?: string;
 } | {
     ok: false;
     error: string;
 };
-declare function resolveRefreshCredentials(creds: Credentials, options?: RefreshProviderOptions): RefreshResolution;
-declare function mergeOpenCodeBundle(original: Credentials, refreshed: Credentials, mergeProvider?: string): Credentials;
-export { mergeOpenCodeBundle, resolveRefreshCredentials };
+/**
+ * Resolve credentials for refresh.
+ *
+ * All credential types are passed through directly since OpenCode
+ * credentials are always per-provider format.
+ */
+declare function resolveRefreshCredentials(creds: Credentials): RefreshResolution;
+export { resolveRefreshCredentials };

package/dist/auth/resolve-refresh-credentials.js

@@ -1,51 +1,15 @@
 /**
- * Resolve which credentials to use for refresh and how to merge results.
+ * Resolve which credentials to use for refresh.
+ *
+ * OpenCode credentials are always per-provider (bundled format removed).
  */
-import { extractProviderCredentials, splitToPerProviderCredentials, } from "./agents/opencode-credentials.js";
-function resolveRefreshCredentials(creds, options) {
-    if (creds.agent !== "opencode") {
-        return { ok: true, credentials: creds };
-    }
-    if (creds.provider) {
-        return { ok: true, credentials: creds };
-    }
-    if (options?.provider) {
-        const providerCreds = extractProviderCredentials(creds, options.provider);
-        if (!providerCreds) {
-            return {
-                ok: false,
-                error: `No credentials found for provider '${options.provider}'`,
-            };
-        }
-        return {
-            ok: true,
-            credentials: providerCreds,
-            mergeProvider: providerCreds.provider,
-        };
-    }
-    const perProvider = splitToPerProviderCredentials(creds);
-    const refreshCreds = perProvider.find((cred) => cred.type === "oauth-credentials") ??
-        perProvider.at(0);
-    if (!refreshCreds) {
-        return { ok: false, error: "No provider credentials found for opencode" };
-    }
-    return {
-        ok: true,
-        credentials: refreshCreds,
-        mergeProvider: refreshCreds.provider,
-    };
-}
-function mergeOpenCodeBundle(original, refreshed, mergeProvider) {
-    if (original.agent !== "opencode")
-        return refreshed;
-    if (original.provider)
-        return refreshed;
-    if (!mergeProvider)
-        return refreshed;
-    const mergedData = { ...original.data, ...refreshed.data };
-    if ("_source" in original.data) {
-        mergedData._source = original.data._source;
-    }
-    return { ...refreshed, data: mergedData };
+/**
+ * Resolve credentials for refresh.
+ *
+ * All credential types are passed through directly since OpenCode
+ * credentials are always per-provider format.
+ */
+function resolveRefreshCredentials(creds) {
+    return { ok: true, credentials: creds };
 }
-export { mergeOpenCodeBundle, resolveRefreshCredentials };
+export { resolveRefreshCredentials };

package/dist/auth/types.d.ts

@@ -1,8 +1,9 @@
 /**
  * Shared types for auth module.
  */
-import { type AgentCli } from "axshared";
-import { z } from "zod";
+import type { AgentCli } from "axshared";
+export { parseCredentials, parseCredentialsOrArray } from "axshared";
+export type { Credentials } from "axshared";
 /** Auth status for an agent */
 interface AuthStatus {
     agentId: AgentCli;
@@ -11,37 +12,4 @@ interface AuthStatus {
     /** Additional details (e.g., provider list for opencode) */
     details?: Record<string, unknown>;
 }
-/** Extracted credential data schema */
-declare const Credentials: z.ZodObject<{
-    agent: z.ZodEnum<{
-        claude: "claude";
-        codex: "codex";
-        gemini: "gemini";
-        opencode: "opencode";
-        copilot: "copilot";
-    }>;
-    type: z.ZodEnum<{
-        "api-key": "api-key";
-        "oauth-token": "oauth-token";
-        "oauth-credentials": "oauth-credentials";
-    }>;
-    provider: z.ZodOptional<z.ZodString>;
-    data: z.ZodRecord<z.ZodString, z.ZodUnknown>;
-}, z.core.$strip>;
-type Credentials = z.infer<typeof Credentials>;
-/**
- * Parse and validate credentials from unknown input.
- *
- * @returns Validated Credentials or undefined if invalid
- */
-declare function parseCredentials(input: unknown): Credentials | undefined;
-/**
- * Parse and validate credentials that may be a single object or an array.
- *
- * Used by encrypt/decrypt commands to handle OpenCode's multi-provider export format.
- *
- * @returns Validated Credentials or Credentials[] or undefined if invalid
- */
-declare function parseCredentialsOrArray(input: unknown): Credentials | Credentials[] | undefined;
 export type { AuthStatus };
-export { Credentials, parseCredentials, parseCredentialsOrArray };

package/dist/auth/types.js

@@ -1,50 +1,5 @@
 /**
  * Shared types for auth module.
  */
-import { AGENT_CLIS, CredentialType } from "axshared";
-import { z } from "zod";
-/** Zod schema for AgentCli */
-const AgentCliSchema = z.enum(AGENT_CLIS);
-/** Extracted credential data schema */
-const Credentials = z.object({
-    agent: AgentCliSchema,
-    type: CredentialType,
-    /** Provider identifier for multi-provider agents like OpenCode (trimmed, non-empty if present) */
-    provider: z.string().trim().min(1).optional(),
-    data: z.record(z.string(), z.unknown()),
-});
-/**
- * Parse and validate credentials from unknown input.
- *
- * @returns Validated Credentials or undefined if invalid
- */
-function parseCredentials(input) {
-    const result = Credentials.safeParse(input);
-    return result.success ? result.data : undefined;
-}
-/**
- * Parse and validate credentials that may be a single object or an array.
- *
- * Used by encrypt/decrypt commands to handle OpenCode's multi-provider export format.
- *
- * @returns Validated Credentials or Credentials[] or undefined if invalid
- */
-function parseCredentialsOrArray(input) {
-    // Try single credential first
-    const singleResult = Credentials.safeParse(input);
-    if (singleResult.success)
-        return singleResult.data;
-    // Try array of credentials
-    if (Array.isArray(input)) {
-        const parsed = [];
-        for (const item of input) {
-            const result = Credentials.safeParse(item);
-            if (!result.success)
-                return undefined;
-            parsed.push(result.data);
-        }
-        return parsed;
-    }
-    return undefined;
-}
-export { Credentials, parseCredentials, parseCredentialsOrArray };
+// Re-export credential types from axshared for convenience
+export { parseCredentials, parseCredentialsOrArray } from "axshared";

package/dist/auth/wait-for-refreshed-credentials.d.ts

@@ -3,5 +3,9 @@
  */
 import type { ExecutionDirectories } from "axexec";
 import type { Credentials } from "./types.js";
-declare function waitForRefreshedCredentials(agent: Credentials["agent"], directories: ExecutionDirectories, deadlineMs: number): Promise<Credentials | undefined>;
+interface WaitOptions {
+    /** Provider ID for multi-provider agents (OpenCode) */
+    provider?: string;
+}
+declare function waitForRefreshedCredentials(agent: Credentials["agent"], directories: ExecutionDirectories, deadlineMs: number, options?: WaitOptions): Promise<Credentials | undefined>;
 export { waitForRefreshedCredentials };

package/dist/auth/wait-for-refreshed-credentials.js

@@ -3,14 +3,17 @@
  */
 const CREDENTIAL_POLL_INTERVAL_MS = 200;
 function delay(ms) {
-    return new Promise((resolve) => setTimeout(resolve, ms));
+    return new Promise((resolve) => {
+        setTimeout(resolve, ms);
+    });
 }
-async function waitForRefreshedCredentials(agent, directories, deadlineMs) {
-    const { extractRawCredentialsFromDirectory } = await import("./registry.js");
+async function waitForRefreshedCredentials(agent, directories, deadlineMs, options) {
+    const { findCredentialsFromDirectory } = await import("./registry.js");
     for (;;) {
-        const refreshedCredentials = extractRawCredentialsFromDirectory(agent, {
+        const refreshedCredentials = findCredentialsFromDirectory(agent, {
             configDir: directories.config,
             dataDir: directories.data,
+            provider: options?.provider,
         });
         if (refreshedCredentials)
             return refreshedCredentials;

package/dist/commands/auth-export.js

@@ -1,12 +1,12 @@
 /**
  * Auth export command handler.
  */
-import { execFileSync } from "node:child_process";
 import { renameSync, unlinkSync, writeFileSync } from "node:fs";
 import promptPassword from "@inquirer/password";
-import { extractRawCredentials } from "../auth/registry.js";
-import { extractProviderCredentials, splitToPerProviderCredentials, } from "../auth/agents/opencode.js";
+import { findCredentials } from "../auth/registry.js";
+import { getAllStoredCredentials, getStoredCredentialsForProvider, } from "../auth/agents/opencode.js";
 import { DEFAULT_PASSWORD, encrypt, toBase64 } from "../crypto.js";
+import { copyToClipboard } from "./copy-to-clipboard.js";
 import { validateAgent } from "./validate-agent.js";
 /** Handle auth export command */
 async function handleAuthExport(options) {
@@ -19,13 +19,16 @@ async function handleAuthExport(options) {
     const agentId = validateAgent(options.agent);
     if (!agentId)
         return;
-    const rawCreds = extractRawCredentials(agentId);
-    if (!rawCreds) {
+    // OpenCode handles credential fetching separately in resolveExportData
+    // (it reads from disk with its own functions)
+    // For other agents, fetch credentials here
+    const rawCreds = agentId === "opencode" ? undefined : findCredentials(agentId);
+    if (agentId !== "opencode" && !rawCreds) {
         console.error(`Error: No credentials found for ${agentId}`);
         process.exitCode = 1;
         return;
     }
-    // Handle per-provider export for OpenCode
+    // Handle per-provider export for OpenCode, or use rawCreds for others
     const exportData = resolveExportData(agentId, rawCreds, options.provider);
     if (!exportData)
         return;
@@ -44,24 +47,30 @@ async function handleAuthExport(options) {
 /** Resolve export data based on agent and provider options */
 function resolveExportData(agentId, rawCreds, provider) {
     if (agentId === "opencode") {
-        if (provider) {
-            // Export single provider
-            const providerCreds = extractProviderCredentials(rawCreds, provider);
-            if (!providerCreds) {
+        // Validate if provider was specified (check undefined, not falsy - empty string is an error)
+        if (provider !== undefined) {
+            if (provider.trim().length === 0) {
+                console.error("Error: Provider cannot be empty");
+                process.exitCode = 2;
+                return undefined;
+            }
+            // Export single provider (reads from disk)
+            const creds = getStoredCredentialsForProvider(provider);
+            if (!creds) {
                 console.error(`Error: No credentials found for provider '${provider}'`);
                 process.exitCode = 1;
                 return undefined;
             }
-            return providerCreds;
+            return creds;
         }
-        // Export all providers as array
-        const allCreds = splitToPerProviderCredentials(rawCreds);
-        if (allCreds.length === 0) {
+        // Export all providers as array (reads from disk)
+        const creds = getAllStoredCredentials();
+        if (creds.length === 0) {
             console.error(`Error: No valid credentials found for ${agentId}`);
             process.exitCode = 1;
             return undefined;
         }
-        return allCreds;
+        return creds;
     }
     // Non-OpenCode agents: export single credential
     if (provider) {
@@ -118,35 +127,4 @@ function writeOutput(output, isStdout, json) {
         return false;
     }
 }
-/** Copy text to system clipboard */
-function copyToClipboard(text) {
-    try {
-        switch (process.platform) {
-            case "darwin": {
-                execFileSync("pbcopy", [], { input: text });
-                break;
-            }
-            case "linux": {
-                execFileSync("xclip", ["-selection", "clipboard"], { input: text });
-                break;
-            }
-            case "win32": {
-                execFileSync("clip", [], { input: text });
-                break;
-            }
-            default: {
-                throw new Error(`Clipboard not supported on ${process.platform}. ` +
-                    `Use --output to write to a file instead.`);
-            }
-        }
-        console.error(`Credentials copied to clipboard`);
-    }
-    catch (error) {
-        console.error(`Failed to copy to clipboard: ${error.message}`);
-        if (process.platform === "linux") {
-            console.error("Hint: Ensure 'xclip' is installed.");
-        }
-        process.exitCode = 1;
-    }
-}
 export { handleAuthExport };

package/dist/commands/auth.js

@@ -1,7 +1,7 @@
 /**
  * Auth commands - manage agent credentials.
  */
-import { checkAllAuth, extractRawCredentials, getAccessToken, removeCredentials, } from "../auth/registry.js";
+import { checkAllAuth, findCredentials, getAccessToken, removeCredentials, } from "../auth/registry.js";
 import { removeProviderCredentials } from "../auth/agents/opencode.js";
 import { validateAgent } from "./validate-agent.js";
 export { handleAuthInstall } from "./install-credentials.js";
@@ -20,9 +20,19 @@ async function handleAuthToken(options) {
     const agentId = validateAgent(options.agent);
     if (!agentId)
         return;
-    const creds = extractRawCredentials(agentId);
+    // OpenCode requires --provider
+    if (agentId === "opencode" && !options.provider) {
+        console.error("Error: --provider is required for opencode");
+        console.error("Hint: Use 'axauth auth list' to see available providers");
+        process.exitCode = 1;
+        return;
+    }
+    const creds = findCredentials(agentId, { provider: options.provider });
     if (!creds) {
-        console.error(`Error: No credentials found for ${agentId}`);
+        const providerHint = agentId === "opencode" && options.provider
+            ? ` for provider '${options.provider}'`
+            : "";
+        console.error(`Error: No credentials found for ${agentId}${providerHint}`);
         process.exitCode = 1;
         return;
     }

package/dist/commands/copy-to-clipboard.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Clipboard utility for copying text to system clipboard.
+ */
+/** Copy text to system clipboard */
+declare function copyToClipboard(text: string): void;
+export { copyToClipboard };

package/dist/commands/copy-to-clipboard.js

@@ -0,0 +1,48 @@
+/**
+ * Clipboard utility for copying text to system clipboard.
+ */
+import { execFileSync } from "node:child_process";
+/** Copy text to system clipboard */
+function copyToClipboard(text) {
+    try {
+        switch (process.platform) {
+            case "darwin": {
+                execFileSync("pbcopy", [], { input: text });
+                break;
+            }
+            case "linux": {
+                execFileSync("xclip", ["-selection", "clipboard"], { input: text });
+                break;
+            }
+            case "win32": {
+                execFileSync("clip", [], { input: text });
+                break;
+            }
+            case "aix":
+            case "android":
+            case "freebsd":
+            case "haiku":
+            case "openbsd":
+            case "sunos":
+            case "cygwin":
+            case "netbsd": {
+                throw new Error(`Clipboard not supported on ${process.platform}. ` +
+                    `Use --output to write to a file instead.`);
+            }
+            // Default case for any unknown/future platforms not in Node.js type definition
+            default: {
+                throw new Error(`Clipboard not supported on ${process.platform}. ` +
+                    `Use --output to write to a file instead.`);
+            }
+        }
+        console.error(`Credentials copied to clipboard`);
+    }
+    catch (error) {
+        console.error(`Failed to copy to clipboard: ${error.message}`);
+        if (process.platform === "linux") {
+            console.error("Hint: Ensure 'xclip' is installed.");
+        }
+        process.exitCode = 1;
+    }
+}
+export { copyToClipboard };

package/dist/commands/vault.js

@@ -1,8 +1,8 @@
 /**
  * Vault commands - fetch and push credentials to axvault server.
  */
-import { credentialsToEnvironment, extractRawCredentials, installCredentials, } from "../auth/registry.js";
-import { extractProviderCredentials } from "../auth/agents/opencode.js";
+import { credentialsToEnvironment, findCredentials, installCredentials, } from "../auth/registry.js";
+import { getStoredCredentialsForProvider } from "../auth/agents/opencode.js";
 import { fetchVaultCredentials, pushVaultCredentials, } from "../vault/vault-client.js";
 import { getVaultConfig } from "../vault/vault-config.js";
 import { validateAgent } from "./validate-agent.js";
@@ -133,12 +133,18 @@ async function handleVaultPush(options) {
     const agentId = validateAgent(options.agent);
     if (!agentId)
         return;
-    // Validate --provider is only used with opencode
+    // Validate provider flag usage
     if (options.provider && agentId !== "opencode") {
         console.error("Error: --provider flag is only supported for opencode agent");
         process.exitCode = 2;
         return;
     }
+    if (agentId === "opencode" && !options.provider) {
+        console.error("Error: --provider is required for opencode");
+        console.error("Hint: Use 'axauth auth list' to see available providers");
+        process.exitCode = 1;
+        return;
+    }
     // Check vault is configured
     const vaultConfig = getVaultConfig();
     if (!vaultConfig) {
@@ -147,19 +153,14 @@ async function handleVaultPush(options) {
         return;
     }
     // Extract local credentials
-    const rawCredentials = extractRawCredentials(agentId);
-    if (!rawCredentials) {
-        console.error(`Error: No credentials found for ${agentId}`);
-        console.error("Hint: Authenticate with the agent first, or use 'axauth list' to check status");
-        process.exitCode = 1;
-        return;
-    }
-    // Handle per-provider extraction for OpenCode
-    const credentials = options.provider
-        ? extractProviderCredentials(rawCredentials, options.provider)
-        : rawCredentials;
+    const credentials = agentId === "opencode" && options.provider
+        ? getStoredCredentialsForProvider(options.provider)
+        : findCredentials(agentId);
     if (!credentials) {
-        console.error(`Error: No credentials found for provider '${options.provider}'`);
+        const hint = agentId === "opencode"
+            ? `No credentials found for provider '${options.provider}'`
+            : `No credentials found for ${agentId}\nHint: Authenticate with the agent first, or use 'axauth auth list' to check status`;
+        console.error(`Error: ${hint}`);
         process.exitCode = 1;
         return;
     }

package/dist/index.d.ts

@@ -34,8 +34,8 @@ export type { AgentCli } from "axshared";
 export { AGENT_CLIS } from "axshared";
 export type { AdapterCapabilities, AuthAdapter, InstallOptions, OperationResult, RemoveOptions, } from "./auth/adapter.js";
 export type { AuthStatus, Credentials } from "./auth/types.js";
-export { checkAllAuth, checkAuth, credentialsToEnvironment, extractRawCredentials, extractRawCredentialsFromDirectory, getAccessToken, getAgentAccessToken, getCredentialsEnvironmentVariableName, installCredentials, installCredentialsFromEnvironmentVariable, removeCredentials, getAdapter, getAllAdapters, getCapabilities, type ExtractOptions, type InstallFromEnvironmentOptions, } from "./auth/registry.js";
+export { checkAllAuth, checkAuth, credentialsToEnvironment, findCredentials, findCredentialsFromDirectory, getAccessToken, getAgentAccessToken, getCredentialsEnvironmentVariableName, installCredentials, installCredentialsFromEnvironmentVariable, removeCredentials, getAdapter, getAllAdapters, getCapabilities, type ExtractOptions, type FindStoredCredentialsOptions, type InstallFromEnvironmentOptions, } from "./auth/registry.js";
 export { getVaultConfig, isVaultConfigured, type VaultConfig, } from "./vault/vault-config.js";
 export { fetchVaultCredentials, type VaultFailureReason, type VaultFetchOptions, type VaultResult, } from "./vault/vault-client.js";
 export { extractExpiryDate, extractExpiryTimestamp, isCredentialExpired, isRefreshable, isTokenExpired, type RefreshableCredentials, } from "./auth/is-token-expired.js";
-export { refreshAndPersist, refreshCredentials, type RefreshAndPersistResult, type RefreshOptions, type RefreshResult, } from "./auth/refresh-credentials.js";
+export { refreshAndPersist, refreshBlob, refreshCredentials, type RefreshAndPersistResult, type RefreshBlobResult, type RefreshOptions, type RefreshResult, } from "./auth/refresh-credentials.js";

package/dist/index.js

@@ -34,7 +34,7 @@ export { AGENT_CLIS } from "axshared";
 // Registry - unified entry point for all operations
 export { 
 // Core operations
-checkAllAuth, checkAuth, credentialsToEnvironment, extractRawCredentials, extractRawCredentialsFromDirectory, getAccessToken, getAgentAccessToken, getCredentialsEnvironmentVariableName, installCredentials, installCredentialsFromEnvironmentVariable, removeCredentials, 
+checkAllAuth, checkAuth, credentialsToEnvironment, findCredentials, findCredentialsFromDirectory, getAccessToken, getAgentAccessToken, getCredentialsEnvironmentVariableName, installCredentials, installCredentialsFromEnvironmentVariable, removeCredentials, 
 // Adapter access
 getAdapter, getAllAdapters, getCapabilities, } from "./auth/registry.js";
 // Vault utilities
@@ -42,4 +42,4 @@ export { getVaultConfig, isVaultConfigured, } from "./vault/vault-config.js";
 export { fetchVaultCredentials, } from "./vault/vault-client.js";
 // Token/credential utilities
 export { extractExpiryDate, extractExpiryTimestamp, isCredentialExpired, isRefreshable, isTokenExpired, } from "./auth/is-token-expired.js";
-export { refreshAndPersist, refreshCredentials, } from "./auth/refresh-credentials.js";
+export { refreshAndPersist, refreshBlob, refreshCredentials, } from "./auth/refresh-credentials.js";