npm - envpkt - Versions diffs - 0.7.1 → 0.7.3 - Mend

envpkt 0.7.1 → 0.7.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/cli.js CHANGED Viewed

@@ -14,7 +14,6 @@ import { Server } from "@modelcontextprotocol/sdk/server/index.js";
 import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
 import { CallToolRequestSchema, ListResourcesRequestSchema, ListToolsRequestSchema, ReadResourceRequestSchema } from "@modelcontextprotocol/sdk/types.js";
 import { createInterface } from "node:readline";
 //#region src/core/audit.ts
 const MS_PER_DAY = 864e5;
 const WARN_BEFORE_DAYS = 30;
@@ -112,7 +111,6 @@ const computeEnvAudit = (config, env = process.env) => {
 		missing: entries.filter((e) => e.status === "missing").length
 	};
 };
 //#endregion
 //#region src/core/schema.ts
 const DATE_RE$1 = /^\d{4}-\d{2}-\d{2}$/;
@@ -207,7 +205,6 @@ const EnvpktConfigSchema = Type.Object({
 	title: "envpkt configuration",
 	description: "Credential lifecycle and fleet management configuration for AI agents"
 });
 //#endregion
 //#region src/core/config.ts
 const CONFIG_FILENAME$2 = "envpkt.toml";
@@ -368,7 +365,6 @@ const resolveConfigPath = (flagPath, envVar, cwd) => {
 		source
 	}));
 };
 //#endregion
 //#region src/core/catalog.ts
 /** Load and validate a catalog file, mapping ConfigError → CatalogError */
@@ -445,7 +441,6 @@ const resolveConfig = (agentConfig, agentConfigDir) => {
 		};
 	}));
 };
 //#endregion
 //#region src/cli/output.ts
 const RESET = "\x1B[0m";
@@ -652,7 +647,6 @@ const formatConfigSource = (path, source) => {
 	if (source === "cwd") return "";
 	return `${DIM}envpkt: loaded ${path}${RESET}`;
 };
 //#endregion
 //#region src/cli/commands/audit.ts
 const runAudit = (options) => {
@@ -731,7 +725,6 @@ const runAuditOnConfig = (config, options) => {
 	const code = options.strict ? exitCodeForAudit(audit) : audit.status === "critical" ? 2 : 0;
 	process.exit(code);
 };
 //#endregion
 //#region src/fnox/cli.ts
 /** Export all secrets from fnox as key=value pairs for a given profile */
@@ -764,7 +757,6 @@ const fnoxExport = (profile, agentKey) => {
 		return Right(entries);
 	});
 };
 //#endregion
 //#region src/fnox/detect.ts
 const FNOX_CONFIG = "fnox.toml";
@@ -778,7 +770,6 @@ const fnoxAvailable = () => Try(() => {
 	execFileSync("fnox", ["--version"], { stdio: "pipe" });
 	return true;
 }).fold(() => false, (v) => v);
 //#endregion
 //#region src/fnox/identity.ts
 /** Check if the age CLI is available on PATH */
@@ -808,7 +799,6 @@ const unwrapAgentKey = (identityPath) => {
 		message: `age decrypt failed: ${err}`
 	}), (output) => Right(output.trim()));
 };
 //#endregion
 //#region src/fnox/parse.ts
 /** Read and parse fnox.toml, extracting secret keys and profiles */
@@ -829,7 +819,6 @@ const readFnoxConfig = (path) => Try(() => readFileSync(path, "utf-8")).fold((er
 }));
 /** Extract the set of secret key names from a parsed fnox config */
 const extractFnoxKeys = (config) => new Set(Object.keys(config.secrets));
 //#endregion
 //#region src/core/keygen.ts
 /** Resolve the age identity file path: ENVPKT_AGE_KEY_FILE env var > ~/.envpkt/age-key.txt */
@@ -929,7 +918,6 @@ const updateConfigRecipient = (configPath, recipient) => {
 		}), () => Right(true));
 	});
 };
 //#endregion
 //#region src/core/seal.ts
 /** Encrypt a plaintext string using age with the given recipient public key (armored output) */
@@ -1029,7 +1017,6 @@ const unsealSecrets = (meta, identityPath) => {
 	}
 	return Right(result);
 };
 //#endregion
 //#region src/core/boot.ts
 const resolveAndLoad = (opts) => resolveConfigPath(opts.configPath).fold((err) => Left(err), ({ path: configPath, source: configSource }) => loadConfig(configPath).fold((err) => Left(err), (config) => {
@@ -1153,7 +1140,6 @@ const bootSafe = (options) => {
 		});
 	});
 };
 //#endregion
 //#region src/core/patterns.ts
 const EXCLUDED_VARS = new Set([
@@ -1852,7 +1838,6 @@ const scanEnv = (env) => {
 	});
 	return results;
 };
 //#endregion
 //#region src/core/env.ts
 /** Scan env for credentials, returning structured results */
@@ -1935,7 +1920,6 @@ created = "${todayIso$1()}"
 	}
 	return blocks.join("\n");
 };
 //#endregion
 //#region src/core/toml-edit.ts
 const SECTION_RE = /^\[.+\]\s*$/;
@@ -2085,7 +2069,6 @@ const updateSectionFields = (raw, sectionHeader, updates) => {
 * Ensures proper spacing (double newline before the block).
 */
 const appendSection = (raw, block) => `${raw.trimEnd()}\n\n${block}`;
 //#endregion
 //#region src/cli/commands/env.ts
 const printPostWriteGuidance = () => {
@@ -2175,6 +2158,10 @@ const runEnvExport = (options) => {
 		if (sourceMsg) console.error(sourceMsg);
 		for (const warning of boot.warnings) console.error(`${YELLOW}Warning:${RESET} ${warning}`);
 		for (const [key, value] of Object.entries(boot.envDefaults)) console.log(`export ${key}='${shellEscape(value)}'`);
+		if (boot.overridden.length > 0) loadConfig(boot.configPath).fold(() => {}, (config) => {
+			const envEntries = config.env ?? {};
+			for (const key of boot.overridden) if (key in envEntries) console.log(`export ${key}='${shellEscape(envEntries[key].value)}'`);
+		});
 		for (const [key, value] of Object.entries(boot.secrets)) console.log(`export ${key}='${shellEscape(value)}'`);
 	});
 };
@@ -2320,7 +2307,6 @@ const registerEnvCommands = (program) => {
 		runEnvRename(oldName, newName, options);
 	});
 };
 //#endregion
 //#region src/cli/commands/exec.ts
 const runExec = (args, options) => {
@@ -2374,7 +2360,6 @@ const runExec = (args, options) => {
 		process.exit(exitCode);
 	}
 };
 //#endregion
 //#region src/core/fleet.ts
 const CONFIG_FILENAME$1 = "envpkt.toml";
@@ -2439,7 +2424,6 @@ const scanFleet = (rootDir, options) => {
 		expiring_soon
 	};
 };
 //#endregion
 //#region src/cli/commands/fleet.ts
 const statusIcon = (status) => {
@@ -2469,7 +2453,6 @@ const runFleet = (options) => {
 	}
 	process.exit(fleet.status === "critical" ? 2 : 0);
 };
 //#endregion
 //#region src/cli/commands/init.ts
 const CONFIG_FILENAME = "envpkt.toml";
@@ -2580,14 +2563,12 @@ const runInit = (dir, options) => {
 		console.log(`  ${BOLD}Next:${RESET} Fill in metadata for each secret`);
 	});
 };
 //#endregion
 //#region src/core/format.ts
 const maskValue = (value) => {
 	if (value.length > 8) return `${value.slice(0, 3)}${"•".repeat(5)}${value.slice(-4)}`;
 	return "•".repeat(5);
 };
 //#endregion
 //#region src/cli/commands/inspect.ts
 const printSecretMeta = (meta, indent) => {
@@ -2707,7 +2688,6 @@ const runInspect = (options) => {
 		});
 	});
 };
 //#endregion
 //#region src/cli/commands/keygen.ts
 const runKeygen = (options) => {
@@ -2744,7 +2724,6 @@ const runKeygen = (options) => {
 		}
 	});
 };
 //#endregion
 //#region src/mcp/resources.ts
 const loadConfigSafe = () => {
@@ -2822,7 +2801,6 @@ const readResource = (uri) => {
 	const handler = resourceHandlers[uri];
 	return handler?.();
 };
 //#endregion
 //#region src/mcp/tools.ts
 const textResult = (text) => ({ content: [{
@@ -3013,7 +2991,6 @@ const callTool = (name, args) => {
 	if (!handler) return errorResult(`Unknown tool: ${name}`);
 	return handler(args);
 };
 //#endregion
 //#region src/mcp/server.ts
 const createServer = () => {
@@ -3054,7 +3031,6 @@ const startServer = async () => {
 	const transport = new StdioServerTransport();
 	await server.connect(transport);
 };
 //#endregion
 //#region src/cli/commands/mcp.ts
 const runMcp = (_options) => {
@@ -3063,7 +3039,6 @@ const runMcp = (_options) => {
 		process.exit(1);
 	});
 };
 //#endregion
 //#region src/cli/commands/resolve.ts
 const runResolve = (options) => {
@@ -3098,7 +3073,6 @@ const runResolve = (options) => {
 		});
 	});
 };
 //#endregion
 //#region src/core/resolve-values.ts
 /** Resolve plaintext values for the given keys via cascade: fnox → env → interactive prompt */
@@ -3134,7 +3108,6 @@ const resolveValues = async (keys, profile, agentKey) => {
 	}
 	return result;
 };
 //#endregion
 //#region src/cli/commands/seal.ts
 /** Write sealed values back into the TOML file, preserving structure */
@@ -3359,7 +3332,6 @@ const runSeal = async (options) => {
 		console.log(`${GREEN}Sealed${RESET} ${sealedCount} secret(s) into ${DIM}${configPath}${RESET}${summary}`);
 	});
 };
 //#endregion
 //#region src/cli/commands/secret.ts
 const DATE_RE = /^\d{4}-\d{2}-\d{2}$/;
@@ -3531,7 +3503,6 @@ const registerSecretCommands = (program) => {
 		runSecretRename(oldName, newName, options);
 	});
 };
 //#endregion
 //#region src/cli/commands/shell-hook.ts
 const ZSH_HOOK = `# envpkt shell hook — add to your .zshrc
@@ -3573,7 +3544,6 @@ const runShellHook = (shell) => {
 			process.exit(1);
 	}
 };
 //#endregion
 //#region src/cli/commands/upgrade.ts
 const getCurrentVersion = () => {
@@ -3635,7 +3605,6 @@ const runUpgrade = () => {
 	if (before === after && before !== "unknown") console.log(`\n${GREEN}✓${RESET} Already on latest version ${BOLD}${after}${RESET}`);
 	else console.log(`\n${GREEN}✓${RESET} Upgraded ${YELLOW}${before}${RESET} → ${BOLD}${after}${RESET}`);
 };
 //#endregion
 //#region src/cli/index.ts
 const program = new Command();
@@ -3684,6 +3653,5 @@ program.command("shell-hook").description("Output shell function for ambient cre
 	runShellHook(shell);
 });
 program.parse();
 //#endregion
-export {  };
+export {};

package/dist/index.d.ts CHANGED Viewed

@@ -1,121 +1,121 @@
-import * as _sinclair_typebox0 from "@sinclair/typebox";
+import * as _$_sinclair_typebox0 from "@sinclair/typebox";
 import { Static } from "@sinclair/typebox";
 import { Either, List, Option } from "functype";
 import { Server } from "@modelcontextprotocol/sdk/server/index.js";
 import { CallToolResult, ReadResourceResult, Resource } from "@modelcontextprotocol/sdk/types.js";
 //#region src/core/schema.d.ts
-declare const ConsumerType: _sinclair_typebox0.TUnion<[_sinclair_typebox0.TLiteral<"agent">, _sinclair_typebox0.TLiteral<"service">, _sinclair_typebox0.TLiteral<"developer">, _sinclair_typebox0.TLiteral<"ci">]>;
+declare const ConsumerType: _$_sinclair_typebox0.TUnion<[_$_sinclair_typebox0.TLiteral<"agent">, _$_sinclair_typebox0.TLiteral<"service">, _$_sinclair_typebox0.TLiteral<"developer">, _$_sinclair_typebox0.TLiteral<"ci">]>;
 type ConsumerType = Static<typeof ConsumerType>;
-declare const IdentitySchema: _sinclair_typebox0.TObject<{
-  name: _sinclair_typebox0.TString;
-  consumer: _sinclair_typebox0.TOptional<_sinclair_typebox0.TUnion<[_sinclair_typebox0.TLiteral<"agent">, _sinclair_typebox0.TLiteral<"service">, _sinclair_typebox0.TLiteral<"developer">, _sinclair_typebox0.TLiteral<"ci">]>>;
-  description: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
-  capabilities: _sinclair_typebox0.TOptional<_sinclair_typebox0.TArray<_sinclair_typebox0.TString>>;
-  expires: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
-  services: _sinclair_typebox0.TOptional<_sinclair_typebox0.TArray<_sinclair_typebox0.TString>>;
-  key_file: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
-  recipient: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
-  secrets: _sinclair_typebox0.TOptional<_sinclair_typebox0.TArray<_sinclair_typebox0.TString>>;
+declare const IdentitySchema: _$_sinclair_typebox0.TObject<{
+  name: _$_sinclair_typebox0.TString;
+  consumer: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TUnion<[_$_sinclair_typebox0.TLiteral<"agent">, _$_sinclair_typebox0.TLiteral<"service">, _$_sinclair_typebox0.TLiteral<"developer">, _$_sinclair_typebox0.TLiteral<"ci">]>>;
+  description: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TString>;
+  capabilities: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TArray<_$_sinclair_typebox0.TString>>;
+  expires: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TString>;
+  services: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TArray<_$_sinclair_typebox0.TString>>;
+  key_file: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TString>;
+  recipient: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TString>;
+  secrets: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TArray<_$_sinclair_typebox0.TString>>;
 }>;
 type Identity = Static<typeof IdentitySchema>;
 /** @deprecated Use `IdentitySchema` instead */
-declare const AgentIdentitySchema: _sinclair_typebox0.TObject<{
-  name: _sinclair_typebox0.TString;
-  consumer: _sinclair_typebox0.TOptional<_sinclair_typebox0.TUnion<[_sinclair_typebox0.TLiteral<"agent">, _sinclair_typebox0.TLiteral<"service">, _sinclair_typebox0.TLiteral<"developer">, _sinclair_typebox0.TLiteral<"ci">]>>;
-  description: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
-  capabilities: _sinclair_typebox0.TOptional<_sinclair_typebox0.TArray<_sinclair_typebox0.TString>>;
-  expires: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
-  services: _sinclair_typebox0.TOptional<_sinclair_typebox0.TArray<_sinclair_typebox0.TString>>;
-  key_file: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
-  recipient: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
-  secrets: _sinclair_typebox0.TOptional<_sinclair_typebox0.TArray<_sinclair_typebox0.TString>>;
+declare const AgentIdentitySchema: _$_sinclair_typebox0.TObject<{
+  name: _$_sinclair_typebox0.TString;
+  consumer: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TUnion<[_$_sinclair_typebox0.TLiteral<"agent">, _$_sinclair_typebox0.TLiteral<"service">, _$_sinclair_typebox0.TLiteral<"developer">, _$_sinclair_typebox0.TLiteral<"ci">]>>;
+  description: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TString>;
+  capabilities: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TArray<_$_sinclair_typebox0.TString>>;
+  expires: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TString>;
+  services: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TArray<_$_sinclair_typebox0.TString>>;
+  key_file: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TString>;
+  recipient: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TString>;
+  secrets: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TArray<_$_sinclair_typebox0.TString>>;
 }>;
-declare const SecretMetaSchema: _sinclair_typebox0.TObject<{
-  service: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
-  expires: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
-  rotation_url: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
-  purpose: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
-  comment: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
-  capabilities: _sinclair_typebox0.TOptional<_sinclair_typebox0.TArray<_sinclair_typebox0.TString>>;
-  created: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
-  rotates: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
-  rate_limit: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
-  model_hint: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
-  source: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
-  encrypted_value: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
-  required: _sinclair_typebox0.TOptional<_sinclair_typebox0.TBoolean>;
-  tags: _sinclair_typebox0.TOptional<_sinclair_typebox0.TRecord<_sinclair_typebox0.TString, _sinclair_typebox0.TString>>;
+declare const SecretMetaSchema: _$_sinclair_typebox0.TObject<{
+  service: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TString>;
+  expires: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TString>;
+  rotation_url: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TString>;
+  purpose: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TString>;
+  comment: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TString>;
+  capabilities: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TArray<_$_sinclair_typebox0.TString>>;
+  created: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TString>;
+  rotates: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TString>;
+  rate_limit: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TString>;
+  model_hint: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TString>;
+  source: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TString>;
+  encrypted_value: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TString>;
+  required: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TBoolean>;
+  tags: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TRecord<_$_sinclair_typebox0.TString, _$_sinclair_typebox0.TString>>;
 }>;
 type SecretMeta = Static<typeof SecretMetaSchema>;
-declare const LifecycleConfigSchema: _sinclair_typebox0.TObject<{
-  stale_warning_days: _sinclair_typebox0.TOptional<_sinclair_typebox0.TNumber>;
-  require_expiration: _sinclair_typebox0.TOptional<_sinclair_typebox0.TBoolean>;
-  require_service: _sinclair_typebox0.TOptional<_sinclair_typebox0.TBoolean>;
+declare const LifecycleConfigSchema: _$_sinclair_typebox0.TObject<{
+  stale_warning_days: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TNumber>;
+  require_expiration: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TBoolean>;
+  require_service: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TBoolean>;
 }>;
 type LifecycleConfig = Static<typeof LifecycleConfigSchema>;
-declare const CallbackConfigSchema: _sinclair_typebox0.TObject<{
-  on_expiring: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
-  on_expired: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
-  on_audit_fail: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
+declare const CallbackConfigSchema: _$_sinclair_typebox0.TObject<{
+  on_expiring: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TString>;
+  on_expired: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TString>;
+  on_audit_fail: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TString>;
 }>;
 type CallbackConfig = Static<typeof CallbackConfigSchema>;
-declare const ToolsConfigSchema: _sinclair_typebox0.TRecord<_sinclair_typebox0.TString, _sinclair_typebox0.TUnknown>;
+declare const ToolsConfigSchema: _$_sinclair_typebox0.TRecord<_$_sinclair_typebox0.TString, _$_sinclair_typebox0.TUnknown>;
 type ToolsConfig = Static<typeof ToolsConfigSchema>;
-declare const EnvMetaSchema: _sinclair_typebox0.TObject<{
-  value: _sinclair_typebox0.TString;
-  purpose: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
-  comment: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
-  tags: _sinclair_typebox0.TOptional<_sinclair_typebox0.TRecord<_sinclair_typebox0.TString, _sinclair_typebox0.TString>>;
+declare const EnvMetaSchema: _$_sinclair_typebox0.TObject<{
+  value: _$_sinclair_typebox0.TString;
+  purpose: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TString>;
+  comment: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TString>;
+  tags: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TRecord<_$_sinclair_typebox0.TString, _$_sinclair_typebox0.TString>>;
 }>;
 type EnvMeta = Static<typeof EnvMetaSchema>;
-declare const EnvpktConfigSchema: _sinclair_typebox0.TObject<{
-  version: _sinclair_typebox0.TNumber;
-  catalog: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
-  identity: _sinclair_typebox0.TOptional<_sinclair_typebox0.TObject<{
-    name: _sinclair_typebox0.TString;
-    consumer: _sinclair_typebox0.TOptional<_sinclair_typebox0.TUnion<[_sinclair_typebox0.TLiteral<"agent">, _sinclair_typebox0.TLiteral<"service">, _sinclair_typebox0.TLiteral<"developer">, _sinclair_typebox0.TLiteral<"ci">]>>;
-    description: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
-    capabilities: _sinclair_typebox0.TOptional<_sinclair_typebox0.TArray<_sinclair_typebox0.TString>>;
-    expires: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
-    services: _sinclair_typebox0.TOptional<_sinclair_typebox0.TArray<_sinclair_typebox0.TString>>;
-    key_file: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
-    recipient: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
-    secrets: _sinclair_typebox0.TOptional<_sinclair_typebox0.TArray<_sinclair_typebox0.TString>>;
+declare const EnvpktConfigSchema: _$_sinclair_typebox0.TObject<{
+  version: _$_sinclair_typebox0.TNumber;
+  catalog: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TString>;
+  identity: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TObject<{
+    name: _$_sinclair_typebox0.TString;
+    consumer: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TUnion<[_$_sinclair_typebox0.TLiteral<"agent">, _$_sinclair_typebox0.TLiteral<"service">, _$_sinclair_typebox0.TLiteral<"developer">, _$_sinclair_typebox0.TLiteral<"ci">]>>;
+    description: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TString>;
+    capabilities: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TArray<_$_sinclair_typebox0.TString>>;
+    expires: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TString>;
+    services: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TArray<_$_sinclair_typebox0.TString>>;
+    key_file: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TString>;
+    recipient: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TString>;
+    secrets: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TArray<_$_sinclair_typebox0.TString>>;
   }>>;
-  secret: _sinclair_typebox0.TOptional<_sinclair_typebox0.TRecord<_sinclair_typebox0.TString, _sinclair_typebox0.TObject<{
-    service: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
-    expires: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
-    rotation_url: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
-    purpose: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
-    comment: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
-    capabilities: _sinclair_typebox0.TOptional<_sinclair_typebox0.TArray<_sinclair_typebox0.TString>>;
-    created: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
-    rotates: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
-    rate_limit: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
-    model_hint: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
-    source: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
-    encrypted_value: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
-    required: _sinclair_typebox0.TOptional<_sinclair_typebox0.TBoolean>;
-    tags: _sinclair_typebox0.TOptional<_sinclair_typebox0.TRecord<_sinclair_typebox0.TString, _sinclair_typebox0.TString>>;
+  secret: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TRecord<_$_sinclair_typebox0.TString, _$_sinclair_typebox0.TObject<{
+    service: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TString>;
+    expires: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TString>;
+    rotation_url: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TString>;
+    purpose: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TString>;
+    comment: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TString>;
+    capabilities: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TArray<_$_sinclair_typebox0.TString>>;
+    created: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TString>;
+    rotates: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TString>;
+    rate_limit: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TString>;
+    model_hint: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TString>;
+    source: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TString>;
+    encrypted_value: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TString>;
+    required: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TBoolean>;
+    tags: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TRecord<_$_sinclair_typebox0.TString, _$_sinclair_typebox0.TString>>;
   }>>>;
-  env: _sinclair_typebox0.TOptional<_sinclair_typebox0.TRecord<_sinclair_typebox0.TString, _sinclair_typebox0.TObject<{
-    value: _sinclair_typebox0.TString;
-    purpose: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
-    comment: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
-    tags: _sinclair_typebox0.TOptional<_sinclair_typebox0.TRecord<_sinclair_typebox0.TString, _sinclair_typebox0.TString>>;
+  env: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TRecord<_$_sinclair_typebox0.TString, _$_sinclair_typebox0.TObject<{
+    value: _$_sinclair_typebox0.TString;
+    purpose: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TString>;
+    comment: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TString>;
+    tags: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TRecord<_$_sinclair_typebox0.TString, _$_sinclair_typebox0.TString>>;
   }>>>;
-  lifecycle: _sinclair_typebox0.TOptional<_sinclair_typebox0.TObject<{
-    stale_warning_days: _sinclair_typebox0.TOptional<_sinclair_typebox0.TNumber>;
-    require_expiration: _sinclair_typebox0.TOptional<_sinclair_typebox0.TBoolean>;
-    require_service: _sinclair_typebox0.TOptional<_sinclair_typebox0.TBoolean>;
+  lifecycle: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TObject<{
+    stale_warning_days: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TNumber>;
+    require_expiration: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TBoolean>;
+    require_service: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TBoolean>;
   }>>;
-  callbacks: _sinclair_typebox0.TOptional<_sinclair_typebox0.TObject<{
-    on_expiring: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
-    on_expired: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
-    on_audit_fail: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
+  callbacks: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TObject<{
+    on_expiring: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TString>;
+    on_expired: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TString>;
+    on_audit_fail: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TString>;
   }>>;
-  tools: _sinclair_typebox0.TOptional<_sinclair_typebox0.TRecord<_sinclair_typebox0.TString, _sinclair_typebox0.TUnknown>>;
+  tools: _$_sinclair_typebox0.TOptional<_$_sinclair_typebox0.TRecord<_$_sinclair_typebox0.TString, _$_sinclair_typebox0.TUnknown>>;
 }>;
 type EnvpktConfig = Static<typeof EnvpktConfigSchema>;
 //#endregion

package/dist/index.js CHANGED Viewed

@@ -11,7 +11,6 @@ import { createInterface } from "node:readline";
 import { Server } from "@modelcontextprotocol/sdk/server/index.js";
 import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
 import { CallToolRequestSchema, ListResourcesRequestSchema, ListToolsRequestSchema, ReadResourceRequestSchema } from "@modelcontextprotocol/sdk/types.js";
 //#region src/core/schema.ts
 const DATE_RE = /^\d{4}-\d{2}-\d{2}$/;
 const URI_RE = /^https?:\/\/.+/;
@@ -107,7 +106,6 @@ const EnvpktConfigSchema = Type.Object({
 	title: "envpkt configuration",
 	description: "Credential lifecycle and fleet management configuration for AI agents"
 });
 //#endregion
 //#region src/core/config.ts
 const CONFIG_FILENAME$1 = "envpkt.toml";
@@ -282,7 +280,6 @@ const resolveConfigPath = (flagPath, envVar, cwd) => {
 		source
 	}));
 };
 //#endregion
 //#region src/core/catalog.ts
 /** Load and validate a catalog file, mapping ConfigError → CatalogError */
@@ -359,7 +356,6 @@ const resolveConfig = (agentConfig, agentConfigDir) => {
 		};
 	}));
 };
 //#endregion
 //#region src/core/format.ts
 const maskValue = (value) => {
@@ -432,7 +428,6 @@ const formatPacket = (result, options) => {
 	}
 	return sections.join("\n\n");
 };
 //#endregion
 //#region src/core/audit.ts
 const MS_PER_DAY = 864e5;
@@ -531,7 +526,6 @@ const computeEnvAudit = (config, env = process.env) => {
 		missing: entries.filter((e) => e.status === "missing").length
 	};
 };
 //#endregion
 //#region src/core/patterns.ts
 const EXCLUDED_VARS = new Set([
@@ -1230,7 +1224,6 @@ const scanEnv = (env) => {
 	});
 	return results;
 };
 //#endregion
 //#region src/core/env.ts
 /** Scan env for credentials, returning structured results */
@@ -1313,7 +1306,6 @@ created = "${todayIso()}"
 	}
 	return blocks.join("\n");
 };
 //#endregion
 //#region src/fnox/cli.ts
 /** Export all secrets from fnox as key=value pairs for a given profile */
@@ -1367,7 +1359,6 @@ const fnoxGet = (key, profile, agentKey) => {
 		message: `fnox get ${key} failed: ${err}`
 	}), (output) => Right(output.trim()));
 };
 //#endregion
 //#region src/fnox/detect.ts
 const FNOX_CONFIG = "fnox.toml";
@@ -1381,7 +1372,6 @@ const fnoxAvailable = () => Try(() => {
 	execFileSync("fnox", ["--version"], { stdio: "pipe" });
 	return true;
 }).fold(() => false, (v) => v);
 //#endregion
 //#region src/fnox/identity.ts
 /** Check if the age CLI is available on PATH */
@@ -1411,7 +1401,6 @@ const unwrapAgentKey = (identityPath) => {
 		message: `age decrypt failed: ${err}`
 	}), (output) => Right(output.trim()));
 };
 //#endregion
 //#region src/fnox/parse.ts
 /** Read and parse fnox.toml, extracting secret keys and profiles */
@@ -1432,7 +1421,6 @@ const readFnoxConfig = (path) => Try(() => readFileSync(path, "utf-8")).fold((er
 }));
 /** Extract the set of secret key names from a parsed fnox config */
 const extractFnoxKeys = (config) => new Set(Object.keys(config.secrets));
 //#endregion
 //#region src/core/keygen.ts
 /** Resolve the age identity file path: ENVPKT_AGE_KEY_FILE env var > ~/.envpkt/age-key.txt */
@@ -1537,7 +1525,6 @@ const updateConfigRecipient = (configPath, recipient) => {
 		}), () => Right(true));
 	});
 };
 //#endregion
 //#region src/core/seal.ts
 /** Encrypt a plaintext string using age with the given recipient public key (armored output) */
@@ -1637,7 +1624,6 @@ const unsealSecrets = (meta, identityPath) => {
 	}
 	return Right(result);
 };
 //#endregion
 //#region src/core/boot.ts
 const resolveAndLoad = (opts) => resolveConfigPath(opts.configPath).fold((err) => Left(err), ({ path: configPath, source: configSource }) => loadConfig(configPath).fold((err) => Left(err), (config) => {
@@ -1794,7 +1780,6 @@ const formatBootError = (error) => {
 		default: return `Boot error: ${JSON.stringify(error)}`;
 	}
 };
 //#endregion
 //#region src/core/resolve-values.ts
 /** Resolve plaintext values for the given keys via cascade: fnox → env → interactive prompt */
@@ -1830,7 +1815,6 @@ const resolveValues = async (keys, profile, agentKey) => {
 	}
 	return result;
 };
 //#endregion
 //#region src/core/toml-edit.ts
 const SECTION_RE = /^\[.+\]\s*$/;
@@ -1980,7 +1964,6 @@ const updateSectionFields = (raw, sectionHeader, updates) => {
 * Ensures proper spacing (double newline before the block).
 */
 const appendSection = (raw, block) => `${raw.trimEnd()}\n\n${block}`;
 //#endregion
 //#region src/core/fleet.ts
 const CONFIG_FILENAME = "envpkt.toml";
@@ -2045,7 +2028,6 @@ const scanFleet = (rootDir, options) => {
 		expiring_soon
 	};
 };
 //#endregion
 //#region src/fnox/sync.ts
 /** Compare fnox keys and envpkt meta keys to find mismatches */
@@ -2055,7 +2037,6 @@ const compareFnoxAndEnvpkt = (fnoxKeys, envpktKeys) => {
 		orphaned: List([...envpktKeys].filter((k) => !fnoxKeys.has(k)))
 	};
 };
 //#endregion
 //#region src/mcp/resources.ts
 const loadConfigSafe = () => {
@@ -2133,7 +2114,6 @@ const readResource = (uri) => {
 	const handler = resourceHandlers[uri];
 	return handler?.();
 };
 //#endregion
 //#region src/mcp/tools.ts
 const textResult = (text) => ({ content: [{
@@ -2324,7 +2304,6 @@ const callTool = (name, args) => {
 	if (!handler) return errorResult(`Unknown tool: ${name}`);
 	return handler(args);
 };
 //#endregion
 //#region src/mcp/server.ts
 const createServer = () => {
@@ -2365,6 +2344,5 @@ const startServer = async () => {
 	const transport = new StdioServerTransport();
 	await server.connect(transport);
 };
 //#endregion
-export { AgentIdentitySchema, CallbackConfigSchema, ConsumerType, EnvMetaSchema, EnvpktBootError, EnvpktConfigSchema, IdentitySchema, LifecycleConfigSchema, SecretMetaSchema, ToolsConfigSchema, ageAvailable, ageDecrypt, ageEncrypt, appendSection, boot, bootSafe, callTool, compareFnoxAndEnvpkt, computeAudit, computeEnvAudit, createServer, deriveServiceFromName, detectFnox, discoverConfig, envCheck, envScan, extractFnoxKeys, findConfigPath, fnoxAvailable, fnoxExport, fnoxGet, formatPacket, generateKeypair, generateTomlFromScan, loadCatalog, loadConfig, loadConfigFromCwd, maskValue, matchEnvVar, matchValueShape, parseToml, readConfigFile, readFnoxConfig, readResource, removeSection, renameSection, resolveConfig, resolveConfigPath, resolveInlineKey, resolveKeyPath, resolveSecrets, resolveValues, resourceDefinitions, scanEnv, scanFleet, sealSecrets, startServer, toolDefinitions, unsealSecrets, unwrapAgentKey, updateConfigRecipient, updateSectionFields, validateConfig };
+export { AgentIdentitySchema, CallbackConfigSchema, ConsumerType, EnvMetaSchema, EnvpktBootError, EnvpktConfigSchema, IdentitySchema, LifecycleConfigSchema, SecretMetaSchema, ToolsConfigSchema, ageAvailable, ageDecrypt, ageEncrypt, appendSection, boot, bootSafe, callTool, compareFnoxAndEnvpkt, computeAudit, computeEnvAudit, createServer, deriveServiceFromName, detectFnox, discoverConfig, envCheck, envScan, extractFnoxKeys, findConfigPath, fnoxAvailable, fnoxExport, fnoxGet, formatPacket, generateKeypair, generateTomlFromScan, loadCatalog, loadConfig, loadConfigFromCwd, maskValue, matchEnvVar, matchValueShape, parseToml, readConfigFile, readFnoxConfig, readResource, removeSection, renameSection, resolveConfig, resolveConfigPath, resolveInlineKey, resolveKeyPath, resolveSecrets, resolveValues, resourceDefinitions, scanEnv, scanFleet, sealSecrets, startServer, toolDefinitions, unsealSecrets, unwrapAgentKey, updateConfigRecipient, updateSectionFields, validateConfig };

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "envpkt",
-  "version": "0.7.1",
+  "version": "0.7.3",
   "description": "Credential lifecycle and fleet management for AI agents",
   "keywords": [
     "credentials",
@@ -20,36 +20,18 @@
   "bin": {
     "envpkt": "dist/cli.js"
   },
-  "scripts": {
-    "validate": "ts-builds validate",
-    "format": "ts-builds format",
-    "format:check": "ts-builds format:check",
-    "lint": "ts-builds lint",
-    "lint:check": "ts-builds lint:check",
-    "typecheck": "ts-builds typecheck",
-    "test": "ts-builds test",
-    "test:watch": "ts-builds test:watch",
-    "test:coverage": "ts-builds test:coverage",
-    "build": "ts-builds build",
-    "build:schema": "tsx scripts/build-schema.ts",
-    "demo": "tsx scripts/generate-demo-html.ts",
-    "dev": "ts-builds dev",
-    "docs:dev": "pnpm --dir site dev",
-    "docs:build": "pnpm --dir site build",
-    "prepublishOnly": "pnpm validate"
-  },
   "dependencies": {
-    "@modelcontextprotocol/sdk": "^1.27.1",
-    "@sinclair/typebox": "^0.34.48",
+    "@modelcontextprotocol/sdk": "^1.29.0",
+    "@sinclair/typebox": "^0.34.49",
     "commander": "^14.0.3",
-    "functype": "^0.49.0",
-    "functype-os": "^0.3.0",
-    "smol-toml": "^1.6.0"
+    "functype": "^0.56.0",
+    "functype-os": "^0.4.2",
+    "smol-toml": "^1.6.1"
   },
   "devDependencies": {
-    "@types/node": "^24.12.0",
-    "ts-builds": "^2.5.0",
-    "tsdown": "^0.20.3",
+    "@types/node": "^24.12.2",
+    "ts-builds": "^2.6.3",
+    "tsdown": "^0.21.7",
     "tsx": "^4.21.0"
   },
   "type": "module",
@@ -70,5 +52,21 @@
     "schemas"
   ],
   "prettier": "ts-builds/prettier",
-  "packageManager": "pnpm@10.30.3+sha512.c961d1e0a2d8e354ecaa5166b822516668b7f44cb5bd95122d590dd81922f606f5473b6d23ec4a5be05e7fcd18e8488d47d978bbe981872f1145d06e9a740017"
-}
+  "scripts": {
+    "validate": "ts-builds validate",
+    "format": "ts-builds format",
+    "format:check": "ts-builds format:check",
+    "lint": "ts-builds lint",
+    "lint:check": "ts-builds lint:check",
+    "typecheck": "ts-builds typecheck",
+    "test": "ts-builds test",
+    "test:watch": "ts-builds test:watch",
+    "test:coverage": "ts-builds test:coverage",
+    "build": "ts-builds build",
+    "build:schema": "tsx scripts/build-schema.ts",
+    "demo": "tsx scripts/generate-demo-html.ts",
+    "dev": "ts-builds dev",
+    "docs:dev": "pnpm --dir site dev",
+    "docs:build": "pnpm --dir site build"
+  }
+}