latchkey 0.1.4 → 1.0.0

package/LICENSE

@@ -1,4 +1,4 @@
-Copyright 2026 Imbue (Generally Intelligent, Inc.)
+Copyright 2026 Imbue, Inc.
 
 Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
 

package/README.md

@@ -1,6 +1,6 @@
 # Latchkey
 
-Turn browser logins into usable credentials for local agents.
+Inject API credentials into local agent requests.
 
 ## Quick example
 
@@ -12,75 +12,88 @@ latchkey curl -X POST 'https://slack.com/api/conversations.create' \
 
 ## Overview
 
-Latchkey is a command-line tool that injects credentials to curl requests to known public APIs.
+Latchkey is a command-line tool that injects credentials into curl
+requests to known public APIs.
 
-- `latchkey services`
-	- Get a list of known and supported third-party services (Slack, Discord, Linear, GitHub, etc.).
+- `latchkey services list`
+	- Get a list of supported third-party services (Slack, Google Workspace, Linear, GitHub, etc.).
 - `latchkey curl <arguments>`
 	- Automatically inject credentials to your otherwise standard curl calls to public APIs.
-	- (The first time you access a service, a browser pop-up with a login screen appears.)
-
-Latchkey is primarily designed for AI agents. By invoking Latchkey, agents can
-prompt the user to authenticate when needed, then continue interacting with
-third-party APIs using standard curl syntax - no custom integrations or embedded
-credentials required.
-
-Unlike OAuth-based flows or typical MCP-style integrations, Latchkey does not
-introduce an intermediary between the agent and the service. Requests are made
-directly on the user’s behalf, which enables greater flexibility at the cost of
-formal delegation: agents authenticate as the user.
-
-If a service you need isn’t supported yet, contributions are welcome. Adding
-support typically involves writing a small browser automation class that
-extracts API credentials after login. See the [development docs](docs/development.md)
-for details.
+	- Credentials must already exist (see below).
+- `latchkey auth set <service_name> <curl_arguments>`
+	- Manually store credentials for a service in the form of arbitrary curl arguments.
+- `latchkey auth browser <service_name>`
+	- Open a browser login pop-up window and store the resulting API credentials.
+    - Only some services support this option.
+
+Latchkey is primarily designed for AI agents. By invoking
+Latchkey, agents can prompt the user to authenticate when needed,
+then continue interacting with third-party APIs using standard
+curl syntax - no custom integrations or embedded credentials
+required.
+
+Unlike OAuth-based flows or typical MCP-style integrations,
+Latchkey does not introduce an intermediary between the agent
+and the service. When `browser` is used, requests are made
+directly on the user’s behalf, which enables greater flexibility
+at the cost of formal delegation: agents authenticate as the
+user.
+
+If a service you need isn’t supported yet, contributions are welcome!
+See the [development docs](docs/development.md) for details.
 
 ## Installation
 
 ### Prerequisites
 
 - `curl`, `node` and `npm` need to be present on your system in reasonably recent versions.
-- The browser requires a graphical environment.
+- The `latchkey auth browser` subcommand requires a graphical environment.
 
 ### Steps
 
 ```
 npm install -g latchkey
+
+# Optionally, if you intend to use `latchkey auth browser`:
 latchkey ensure-browser
 ```
 
-The `ensure-browser` command discovers and configures a browser for Latchkey to use. It searches for Chrome, Chromium, or Edge on your system. If none is found, it downloads Chromium via Playwright.
-
-**nvm users**: Global packages are per node version. If you switch versions, reinstall with `npm install -g latchkey`
+The `ensure-browser` command discovers and configures a browser
+for Latchkey to use. It searches for Chrome, Chromium, or Edge
+on your system. If none is found, it downloads Chromium via
+Playwright.
 
 ## Integrations
 
-Warning: giving AI agents access to your API credentials is potentially
-dangerous. They will be able to perform most of the actions you can. Only do this if
-you're willing to accept the risks.
+Warning: giving AI agents access to your API credentials is
+potentially dangerous, especially when using the `auth browser`
+feature. They will be able to perform most of the actions you
+can. Only do this if you're willing to accept the risks.
 
 
 ### OpenCode
 ```
 mkdir -p ~/.opencode/skills/latchkey
-cp integrations/SKILL.md ~/.opencode/skills/latchkey/SKILL.md
+latchkey skill-md > ~/.opencode/skills/latchkey/SKILL.md
 ```
 
 ### Claude Code
 ```
 mkdir -p ~/.claude/skills/latchkey
-cp integrations/SKILL.md ~/.claude/skills/latchkey/SKILL.md
+latchkey skill-md > ~/.claude/skills/latchkey/SKILL.md
 ```
 
 ### Codex
 ```
 mkdir -p ~/.codex/skills/latchkey
-cp integrations/SKILL.md ~/.codex/skills/latchkey/SKILL.md
+latchkey skill-md > ~/.codex/skills/latchkey/SKILL.md
 ```
 
 ### Passepartout
 
-Check out our [Passepartout demo app](https://github.com/imbue-ai/passepartout) for an idea of how to build AI assistants for non-technical users on top of Latchkey.
+Check out our [Passepartout demo app](https://github.com/imbue-ai/passepartout)
+for an idea of how to build AI assistants for non-technical
+users on top of Latchkey.
 
 
 ## Demo
@@ -98,17 +111,28 @@ latchkey curl -X POST 'https://slack.com/api/conversations.create' \
   -d '{"name":"something-urgent"}'
 ```
 
-Notice that `-H 'Authorization: Bearer ...'` is absent. This is because Latchkey:
+Notice that `-H 'Authorization: Bearer ...'` is absent. This is
+because Latchkey injects stored credentials automatically. To
+set up credentials for a service (Slack in this example), run:
 
-- Opens the browser with a login screen.
-- After the user logs in, Latchkey extracts the necessary API credentials from the browser session.
-- The browser is closed, the credentials are injected into the arguments, and `curl` is invoked.
-- The credentials are stored so that they can be reused the next time.
+```
+latchkey auth browser slack
+```
+
+This opens the browser with a login screen. After you log in, Latchkey extracts
+the necessary API credentials from the browser session, closes the browser, and
+stores the credentials so that they can be reused.
+
+Alternatively, you can provide credentials manually:
+
+```
+latchkey auth set slack -H "Authorization: Bearer xoxb-your-token"
+```
 
-Otherwise, `latchkey curl` passes your arguments straight
-through to `curl` so you can use the same interface you are used
-to. The return code, stdin and stdout are passed back from curl
-to the caller of `latchkey`.
+`latchkey curl` passes your arguments straight through to `curl`
+so you can use the same interface you are used to. The return
+code, stdout and stderr are passed back from curl to the caller
+of `latchkey`.
 
 ### Remembering API credentials
 
@@ -120,9 +144,9 @@ encrypted.
 
 ### Inspecting the status of stored credentials
 
-Calling `latchkey status <service_name>` will give you
-information about the status of remembered credentials for the
-given service. Possible results are:
+Calling `latchkey services info <service_name>` will show information
+about the service, including the credentials status. The
+credentials status line will show one of:
 
 - `missing`
 - `invalid`
@@ -132,30 +156,42 @@ given service. Possible results are:
 
 Remembered API credentials can expire. The caller of `latchkey
 curl` will typically notice this because the calls will start returning
-HTTP 401 or 403. To verify that, first call `latchkey status`, e.g.:
+HTTP 401 or 403. To verify that, first call `latchkey services info`, e.g.:
+
+```
+latchkey services info discord
+```
+
+If the credentials status is `invalid`, it means the Unauthorized/Forbidden
+responses are caused by invalid or expired credentials rather than insufficient
+permissions. In that case, log in again:
 
 ```
-latchkey status discord
+latchkey auth browser discord
 ```
 
-If the result is `invalid` , meaning the Unauthorized/Forbidden responses are
-caused by invalid or expired credentials rather than insufficient permissions,
-force a new login in the next `latchkey curl` call by clearing the remembered
-API credentials for the service in question, e.g.:
+Or alternatively:
 
 ```
-latchkey clear discord
+latchkey auth set discord -H "Authorization: ..."
 ```
 
-The next `latchkey curl` call will then trigger a new login flow.
 
-To clear all stored data (both the credentials store and browser
-state file), run:
+### Clearing credentials and logins
+
+In case you want to remove stored API credentials, use the `auth clear` subcommand.
 
 ```
-latchkey clear
+latchkey auth clear discord
 ```
 
+To clear all stored data (both the credential store and browser state file), run:
+
+```
+latchkey auth clear
+```
+
+
 ### Advanced configuration
 
 You can set these environment variables to override certain
@@ -166,17 +202,18 @@ containing stored API credentials
 - `LATCHKEY_BROWSER_STATE`: path to the (typically encrypted) file
 containing the state (cookies, local storage, etc.) of
 the browser used for the login popup
-- `LATCHKEY_CURL_PATH`: path to the curl binary
+- `LATCHKEY_CURL`: path to the curl binary
 - `LATCHKEY_CONFIG`: path to the configuration file
 (defaults to `~/.latchkey/config.json`)
 - `LATCHKEY_KEYRING_SERVICE_NAME`, `LATCHKEY_KEYRING_ACCOUNT_NAME`: identifiers that are used to store the encryption password in your keyring
+- `LATCHKEY_DISABLE_BROWSER`: when set (to any non-empty value), disables the browser login flow; commands that would trigger a browser login (`auth browser`, `auth browser-prepare`) will fail with an error instead
 
 
 ## Disclaimers
 
 - This is still a work in progress.
 - Latchkey has been created with the help of AI-assisted coding tools with careful human curation.
-- Invoking `latchkey curl ...` can sometimes have side effects in the form of
+- Invoking `latchkey auth browser ...` can sometimes have side effects in the form of
   new API keys being created in your accounts (through browser automation).
 - Using agents for automated access may be prohibited by some services' ToS.
 - We reserve the right to change the license of future releases of Latchkey.

package/dist/integrations/SKILL.md

@@ -0,0 +1,77 @@
+---
+name: latchkey
+description: Interact with third-party services (Slack, Google Workspace, Dropbox, GitHub, Linear...) on the user's behalf using their public APIs.
+compatibility: Requires node.js, curl and latchkey (npm install -g latchkey). A desktop/GUI environment is required for the browser functionality.
+---
+
+# Latchkey
+
+## Instructions
+
+Latchkey is a CLI tool that automatically injects credentials into curl commands for supported public APIs. Credentials (mostly API tokens) can be either manually managed or, for some services, Latchkey can open a browser login pop-up window and extract API credentials from the session.
+
+Use this skill when the user asks you to work with third-party services like Slack, Discord, Dropbox, GitHub, Linear and others on their behalf.
+
+Usage:
+
+1. **Use `latchkey curl`** instead of regular `curl` for supported services.
+2. **Pass through all regular curl arguments** - latchkey is a transparent wrapper.
+3. **Use `latchkey services list`** to get a list of supported services.
+4. **Use `latchkey services info <service_name>`** to get information about a specific service (auth options, credentials status, API docs links, special requirements, etc.).
+5. **If necessary, get or renew credentials first.** Run `latchkey auth browser <service_name>` to open a browser login pop-up window if supported.
+6. **Look for the newest documentation of the desired public API online.** If using the `browser` auth command, avoid bot-only endpoints.
+7. **Do not initiate a new login if the credentials status is `valid`** - the user might just not have the necessary permissions for the action you're trying to do.
+
+
+## Examples
+
+### Make an authenticated curl request
+```bash
+latchkey curl [curl arguments]
+```
+
+### Creating a Slack channel
+```bash
+latchkey curl -X POST 'https://slack.com/api/conversations.create' \
+  -H 'Content-Type: application/json' \
+  -d '{"name":"my-channel"}'
+```
+
+(Notice that `-H 'Authorization: Bearer` is not present in the invocation.)
+
+### Getting Discord user info
+```bash
+latchkey curl 'https://discord.com/api/v10/users/@me'
+```
+
+### Detect expired credentials and force a new login to Discord
+```bash
+latchkey services info discord  # Check the "credentialStatus" field - shows "invalid"
+latchkey auth browser discord
+latchkey curl 'https://discord.com/api/v10/users/@me'
+```
+
+Only do this when you notice that your previous call ended up not being authenticated (HTTP 401 or 403).
+
+### List available services
+```bash
+latchkey services list
+```
+
+Lists all services that latchkey knows about.
+
+### Get service-specific info
+```bash
+latchkey services info slack
+```
+
+Returns auth options, credentials status, and developer notes
+about the service. If `browser` is not present in the
+`authOptions` field, the service requires the user to directly
+set API credentials via `latchkey auth set` before making
+requests.
+
+## Notes
+
+- All curl arguments are passed through unchanged
+- Return code, stdout and stderr are passed back from curl

package/dist/package.json

@@ -0,0 +1,67 @@
+{
+    "name": "latchkey",
+    "version": "1.0.0",
+    "description": "A CLI tool that injects API credentials into curl requests for known third-party services",
+    "author": "Imbue <hynek@imbue.com>",
+    "repository": {
+        "type": "git",
+        "url": "git+https://github.com/imbue-ai/latchkey.git"
+    },
+    "homepage": "https://github.com/imbue-ai/latchkey#readme",
+    "bugs": {
+        "url": "https://github.com/imbue-ai/latchkey/issues"
+    },
+    "type": "module",
+    "main": "dist/src/index.js",
+    "types": "dist/src/index.d.ts",
+    "bin": {
+        "latchkey": "./dist/src/cli.js"
+    },
+    "files": [
+        "dist",
+        "README.md",
+        "LICENSE"
+    ],
+    "scripts": {
+        "prepublishOnly": "npm run build",
+        "build": "tsc && node -e \"require('fs').cpSync('integrations', 'dist/integrations', {recursive:true})\" ",
+        "dev": "tsc --watch",
+        "lint": "eslint src tests scripts",
+        "lint:fix": "eslint src tests scripts --fix",
+        "format": "prettier --write \"src/**/*.ts\" \"tests/**/*.ts\" \"scripts/**/*.ts\"",
+        "format:check": "prettier --check \"src/**/*.ts\" \"tests/**/*.ts\" \"scripts/**/*.ts\"",
+        "typecheck": "tsc --noEmit",
+        "test": "vitest run",
+        "test:watch": "vitest",
+        "start": "node dist/cli.js",
+        "bun-compile": "bun build ./src/cli.ts --compile --external chromium-bidi --external electron --outfile latchkey"
+    },
+    "keywords": [
+        "cli",
+        "curl",
+        "api",
+        "credentials",
+        "authentication",
+        "agents",
+        "imbue"
+    ],
+    "license": "MIT",
+    "engines": {
+        "node": ">=20"
+    },
+    "dependencies": {
+        "@napi-rs/keyring": "^1.2.0",
+        "commander": "^12.0.0",
+        "playwright": "^1.58.2",
+        "zod": "^3.22.0"
+    },
+    "devDependencies": {
+        "@eslint/js": "^9.39.2",
+        "@types/node": "^20.0.0",
+        "eslint": "^9.39.2",
+        "prettier": "^3.8.1",
+        "typescript": "^5.3.0",
+        "typescript-eslint": "^8.53.1",
+        "vitest": "^2.0.0"
+    }
+}

package/dist/scripts/encryptFile.d.ts

@@ -0,0 +1,21 @@
+#!/usr/bin/env npx tsx
+/**
+ * CLI tool for encrypting and decrypting latchkey files.
+ *
+ * This is a developer utility for inspecting and modifying encrypted
+ * credential and browser state files.
+ *
+ * Usage:
+ *   npx tsx scripts/encryptFile.ts decrypt <file>     # Decrypt file to stdout
+ *   npx tsx scripts/encryptFile.ts encrypt <file>     # Encrypt file in place
+ *
+ * The encryption key is sourced from:
+ *   1. LATCHKEY_ENCRYPTION_KEY environment variable
+ *   2. System keychain
+ *
+ * Examples:
+ *   npx tsx scripts/encryptFile.ts decrypt ~/.latchkey/credentials.json
+ *   npx tsx scripts/encryptFile.ts encrypt ~/.latchkey/credentials.json
+ */
+export {};
+//# sourceMappingURL=encryptFile.d.ts.map

package/dist/scripts/encryptFile.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"encryptFile.d.ts","sourceRoot":"","sources":["../../scripts/encryptFile.ts"],"names":[],"mappings":";AACA;;;;;;;;;;;;;;;;;GAiBG"}

package/dist/scripts/encryptFile.js

@@ -0,0 +1,101 @@
+#!/usr/bin/env npx tsx
+/**
+ * CLI tool for encrypting and decrypting latchkey files.
+ *
+ * This is a developer utility for inspecting and modifying encrypted
+ * credential and browser state files.
+ *
+ * Usage:
+ *   npx tsx scripts/encryptFile.ts decrypt <file>     # Decrypt file to stdout
+ *   npx tsx scripts/encryptFile.ts encrypt <file>     # Encrypt file in place
+ *
+ * The encryption key is sourced from:
+ *   1. LATCHKEY_ENCRYPTION_KEY environment variable
+ *   2. System keychain
+ *
+ * Examples:
+ *   npx tsx scripts/encryptFile.ts decrypt ~/.latchkey/credentials.json
+ *   npx tsx scripts/encryptFile.ts encrypt ~/.latchkey/credentials.json
+ */
+import { program } from 'commander';
+import { existsSync, readFileSync, writeFileSync } from 'node:fs';
+import { CONFIG } from '../src/config.js';
+import { EncryptedStorage } from '../src/encryptedStorage.js';
+import { encrypt, generateKey } from '../src/encryption.js';
+import { isKeychainAvailable, retrieveFromKeychain } from '../src/keychain.js';
+const ENCRYPTED_FILE_PREFIX = 'LATCHKEY_ENCRYPTED:';
+function getEncryptionKey() {
+    // 1. Check environment variable via Config
+    if (CONFIG.encryptionKeyOverride) {
+        return CONFIG.encryptionKeyOverride;
+    }
+    // 2. Check keychain
+    if (isKeychainAvailable(CONFIG.serviceName, CONFIG.accountName)) {
+        const keychainKey = retrieveFromKeychain(CONFIG.serviceName, CONFIG.accountName);
+        if (keychainKey) {
+            return keychainKey;
+        }
+    }
+    console.error(`\
+Error: No encryption key available.
+Set LATCHKEY_ENCRYPTION_KEY or ensure the system keychain has a stored key.
+
+To generate a new key:
+  export LATCHKEY_ENCRYPTION_KEY="${generateKey()}"`);
+    process.exit(1);
+}
+function decryptCommand(filePath) {
+    if (!existsSync(filePath)) {
+        console.error(`Error: File not found: ${filePath}`);
+        process.exit(1);
+    }
+    const storage = new EncryptedStorage({
+        serviceName: CONFIG.serviceName,
+        accountName: CONFIG.accountName,
+    });
+    const content = storage.readFile(filePath);
+    if (content === null) {
+        console.error(`Error: Could not read file: ${filePath}`);
+        process.exit(1);
+    }
+    // Output to stdout
+    process.stdout.write(content);
+}
+function encryptCommand(filePath) {
+    if (!existsSync(filePath)) {
+        console.error(`Error: File not found: ${filePath}`);
+        process.exit(1);
+    }
+    const content = readFileSync(filePath, 'utf-8');
+    if (content.startsWith(ENCRYPTED_FILE_PREFIX)) {
+        console.error(`Error: File is already encrypted: ${filePath}`);
+        process.exit(1);
+    }
+    const key = getEncryptionKey();
+    const encryptedData = encrypt(content, key);
+    const dataToWrite = ENCRYPTED_FILE_PREFIX + encryptedData;
+    writeFileSync(filePath, dataToWrite, { encoding: 'utf-8', mode: 0o600 });
+    console.error(`Encrypted: ${filePath}`);
+}
+program.name('encryptFile').description(`\
+CLI tool for encrypting and decrypting latchkey files.
+
+The encryption key is sourced from:
+  1. LATCHKEY_ENCRYPTION_KEY environment variable
+  2. System keychain`);
+program
+    .command('decrypt')
+    .description('Decrypt file and print to stdout')
+    .argument('<file>', 'Path to the encrypted file')
+    .action((filePath) => {
+    decryptCommand(filePath);
+});
+program
+    .command('encrypt')
+    .description('Encrypt an unencrypted file in place')
+    .argument('<file>', 'Path to the file to encrypt')
+    .action((filePath) => {
+    encryptCommand(filePath);
+});
+program.parse();
+//# sourceMappingURL=encryptFile.js.map

package/dist/scripts/encryptFile.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"encryptFile.js","sourceRoot":"","sources":["../../scripts/encryptFile.ts"],"names":[],"mappings":";AACA;;;;;;;;;;;;;;;;;GAiBG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAClE,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAC1C,OAAO,EAAE,gBAAgB,EAAE,MAAM,4BAA4B,CAAC;AAC9D,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AAC5D,OAAO,EAAE,mBAAmB,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AAE/E,MAAM,qBAAqB,GAAG,qBAAqB,CAAC;AAEpD,SAAS,gBAAgB;IACvB,2CAA2C;IAC3C,IAAI,MAAM,CAAC,qBAAqB,EAAE,CAAC;QACjC,OAAO,MAAM,CAAC,qBAAqB,CAAC;IACtC,CAAC;IAED,oBAAoB;IACpB,IAAI,mBAAmB,CAAC,MAAM,CAAC,WAAW,EAAE,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC;QAChE,MAAM,WAAW,GAAG,oBAAoB,CAAC,MAAM,CAAC,WAAW,EAAE,MAAM,CAAC,WAAW,CAAC,CAAC;QACjF,IAAI,WAAW,EAAE,CAAC;YAChB,OAAO,WAAW,CAAC;QACrB,CAAC;IACH,CAAC;IAED,OAAO,CAAC,KAAK,CAAC;;;;;oCAKoB,WAAW,EAAE,GAAG,CAAC,CAAC;IACpD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC;AAED,SAAS,cAAc,CAAC,QAAgB;IACtC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC1B,OAAO,CAAC,KAAK,CAAC,0BAA0B,QAAQ,EAAE,CAAC,CAAC;QACpD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,gBAAgB,CAAC;QACnC,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,WAAW,EAAE,MAAM,CAAC,WAAW;KAChC,CAAC,CAAC;IACH,MAAM,OAAO,GAAG,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAE3C,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;QACrB,OAAO,CAAC,KAAK,CAAC,+BAA+B,QAAQ,EAAE,CAAC,CAAC;QACzD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,mBAAmB;IACnB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;AAChC,CAAC;AAED,SAAS,cAAc,CAAC,QAAgB;IACtC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC1B,OAAO,CAAC,KAAK,CAAC,0BAA0B,QAAQ,EAAE,CAAC,CAAC;QACpD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,OAAO,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAChD,IAAI,OAAO,CAAC,UAAU,CAAC,qBAAqB,CAAC,EAAE,CAAC;QAC9C,OAAO,CAAC,KAAK,CAAC,qCAAqC,QAAQ,EAAE,CAAC,CAAC;QAC/D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,GAAG,GAAG,gBAAgB,EAAE,CAAC;IAC/B,MAAM,aAAa,GAAG,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IAC5C,MAAM,WAAW,GAAG,qBAAqB,GAAG,aAAa,CAAC;IAE1D,aAAa,CAAC,QAAQ,EAAE,WAAW,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACzE,OAAO,CAAC,KAAK,CAAC,cAAc,QAAQ,EAAE,CAAC,CAAC;AAC1C,CAAC;AAED,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,WAAW,CAAC;;;;;qBAKnB,CAAC,CAAC;AAEvB,OAAO;KACJ,OAAO,CAAC,SAAS,CAAC;KAClB,WAAW,CAAC,kCAAkC,CAAC;KAC/C,QAAQ,CAAC,QAAQ,EAAE,4BAA4B,CAAC;KAChD,MAAM,CAAC,CAAC,QAAgB,EAAE,EAAE;IAC3B,cAAc,CAAC,QAAQ,CAAC,CAAC;AAC3B,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,SAAS,CAAC;KAClB,WAAW,CAAC,sCAAsC,CAAC;KACnD,QAAQ,CAAC,QAAQ,EAAE,6BAA6B,CAAC;KACjD,MAAM,CAAC,CAAC,QAAgB,EAAE,EAAE;IAC3B,cAAc,CAAC,QAAQ,CAAC,CAAC;AAC3B,CAAC,CAAC,CAAC;AAEL,OAAO,CAAC,KAAK,EAAE,CAAC"}

package/dist/src/apiCredentialStore.d.ts

@@ -14,6 +14,7 @@ export declare class ApiCredentialStore {
     private saveStoreData;
     get(serviceName: string): ApiCredentials | null;
     save(serviceName: string, apiCredentials: ApiCredentials): void;
+    getAll(): ReadonlyMap<string, ApiCredentials>;
     delete(serviceName: string): boolean;
 }
 //# sourceMappingURL=apiCredentialStore.d.ts.map

package/dist/src/apiCredentialStore.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"apiCredentialStore.d.ts","sourceRoot":"","sources":["../../src/apiCredentialStore.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EACL,cAAc,EAIf,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAEzD,qBAAa,uBAAwB,SAAQ,KAAK;gBACpC,OAAO,EAAE,MAAM;CAI5B;AAID,qBAAa,kBAAkB;IAC7B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAmB;gBAExC,IAAI,EAAE,MAAM,EAAE,gBAAgB,EAAE,gBAAgB;IAK5D,OAAO,CAAC,aAAa;IAcrB,OAAO,CAAC,aAAa;IAUrB,GAAG,CAAC,WAAW,EAAE,MAAM,GAAG,cAAc,GAAG,IAAI;IAiB/C,IAAI,CAAC,WAAW,EAAE,MAAM,EAAE,cAAc,EAAE,cAAc,GAAG,IAAI;IAM/D,MAAM,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO;CASrC"}
+{"version":3,"file":"apiCredentialStore.d.ts","sourceRoot":"","sources":["../../src/apiCredentialStore.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EACL,cAAc,EAIf,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAEzD,qBAAa,uBAAwB,SAAQ,KAAK;gBACpC,OAAO,EAAE,MAAM;CAI5B;AAID,qBAAa,kBAAkB;IAC7B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAmB;gBAExC,IAAI,EAAE,MAAM,EAAE,gBAAgB,EAAE,gBAAgB;IAK5D,OAAO,CAAC,aAAa;IAcrB,OAAO,CAAC,aAAa;IAUrB,GAAG,CAAC,WAAW,EAAE,MAAM,GAAG,cAAc,GAAG,IAAI;IAiB/C,IAAI,CAAC,WAAW,EAAE,MAAM,EAAE,cAAc,EAAE,cAAc,GAAG,IAAI;IAM/D,MAAM,IAAI,WAAW,CAAC,MAAM,EAAE,cAAc,CAAC;IAe7C,MAAM,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO;CASrC"}

package/dist/src/apiCredentialStore.js

@@ -52,6 +52,18 @@ export class ApiCredentialStore {
         data[serviceName] = serializeCredentials(apiCredentials);
         this.saveStoreData(data);
     }
+    getAll() {
+        const data = this.loadStoreData();
+        const result = new Map();
+        for (const [serviceName, credentialData] of Object.entries(data)) {
+            const parseResult = ApiCredentialsSchema.safeParse(credentialData);
+            if (!parseResult.success) {
+                throw new ApiCredentialStoreError(`Invalid credential data for service ${serviceName}: ${parseResult.error.message}`);
+            }
+            result.set(serviceName, deserializeCredentials(parseResult.data));
+        }
+        return result;
+    }
     delete(serviceName) {
         const data = this.loadStoreData();
         if (!(serviceName in data)) {

package/dist/src/apiCredentialStore.js.map

@@ -1 +1 @@
-{"version":3,"file":"apiCredentialStore.js","sourceRoot":"","sources":["../../src/apiCredentialStore.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAEL,oBAAoB,EACpB,sBAAsB,EACtB,oBAAoB,GACrB,MAAM,qBAAqB,CAAC;AAG7B,MAAM,OAAO,uBAAwB,SAAQ,KAAK;IAChD,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,yBAAyB,CAAC;IACxC,CAAC;CACF;AAID,MAAM,OAAO,kBAAkB;IACpB,IAAI,CAAS;IACL,gBAAgB,CAAmB;IAEpD,YAAY,IAAY,EAAE,gBAAkC;QAC1D,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,gBAAgB,GAAG,gBAAgB,CAAC;IAC3C,CAAC;IAEO,aAAa;QACnB,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC1D,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;gBACrB,OAAO,EAAE,CAAC;YACZ,CAAC;YACD,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAc,CAAC;QAC1C,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,uBAAuB,CAC/B,oCAAoC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAC7F,CAAC;QACJ,CAAC;IACH,CAAC;IAEO,aAAa,CAAC,IAAe;QACnC,IAAI,CAAC;YACH,IAAI,CAAC,gBAAgB,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QAC5E,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,uBAAuB,CAC/B,qCAAqC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAC9F,CAAC;QACJ,CAAC;IACH,CAAC;IAED,GAAG,CAAC,WAAmB;QACrB,MAAM,IAAI,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;QAClC,MAAM,cAAc,GAAG,IAAI,CAAC,WAAW,CAAC,CAAC;QACzC,IAAI,cAAc,KAAK,SAAS,EAAE,CAAC;YACjC,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,WAAW,GAAG,oBAAoB,CAAC,SAAS,CAAC,cAAc,CAAC,CAAC;QACnE,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;YACzB,MAAM,IAAI,uBAAuB,CAC/B,uCAAuC,WAAW,KAAK,WAAW,CAAC,KAAK,CAAC,OAAO,EAAE,CACnF,CAAC;QACJ,CAAC;QAED,OAAO,sBAAsB,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;IAClD,CAAC;IAED,IAAI,CAAC,WAAmB,EAAE,cAA8B;QACtD,MAAM,IAAI,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;QAClC,IAAI,CAAC,WAAW,CAAC,GAAG,oBAAoB,CAAC,cAAc,CAAC,CAAC;QACzD,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;IAC3B,CAAC;IAED,MAAM,CAAC,WAAmB;QACxB,MAAM,IAAI,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;QAClC,IAAI,CAAC,CAAC,WAAW,IAAI,IAAI,CAAC,EAAE,CAAC;YAC3B,OAAO,KAAK,CAAC;QACf,CAAC;QACD,MAAM,EAAE,CAAC,WAAW,CAAC,EAAE,CAAC,EAAE,GAAG,IAAI,EAAE,GAAG,IAAI,CAAC;QAC3C,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;QACzB,OAAO,IAAI,CAAC;IACd,CAAC;CACF"}
+{"version":3,"file":"apiCredentialStore.js","sourceRoot":"","sources":["../../src/apiCredentialStore.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAEL,oBAAoB,EACpB,sBAAsB,EACtB,oBAAoB,GACrB,MAAM,qBAAqB,CAAC;AAG7B,MAAM,OAAO,uBAAwB,SAAQ,KAAK;IAChD,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,yBAAyB,CAAC;IACxC,CAAC;CACF;AAID,MAAM,OAAO,kBAAkB;IACpB,IAAI,CAAS;IACL,gBAAgB,CAAmB;IAEpD,YAAY,IAAY,EAAE,gBAAkC;QAC1D,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,gBAAgB,GAAG,gBAAgB,CAAC;IAC3C,CAAC;IAEO,aAAa;QACnB,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC1D,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;gBACrB,OAAO,EAAE,CAAC;YACZ,CAAC;YACD,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAc,CAAC;QAC1C,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,uBAAuB,CAC/B,oCAAoC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAC7F,CAAC;QACJ,CAAC;IACH,CAAC;IAEO,aAAa,CAAC,IAAe;QACnC,IAAI,CAAC;YACH,IAAI,CAAC,gBAAgB,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QAC5E,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,uBAAuB,CAC/B,qCAAqC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAC9F,CAAC;QACJ,CAAC;IACH,CAAC;IAED,GAAG,CAAC,WAAmB;QACrB,MAAM,IAAI,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;QAClC,MAAM,cAAc,GAAG,IAAI,CAAC,WAAW,CAAC,CAAC;QACzC,IAAI,cAAc,KAAK,SAAS,EAAE,CAAC;YACjC,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,WAAW,GAAG,oBAAoB,CAAC,SAAS,CAAC,cAAc,CAAC,CAAC;QACnE,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;YACzB,MAAM,IAAI,uBAAuB,CAC/B,uCAAuC,WAAW,KAAK,WAAW,CAAC,KAAK,CAAC,OAAO,EAAE,CACnF,CAAC;QACJ,CAAC;QAED,OAAO,sBAAsB,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;IAClD,CAAC;IAED,IAAI,CAAC,WAAmB,EAAE,cAA8B;QACtD,MAAM,IAAI,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;QAClC,IAAI,CAAC,WAAW,CAAC,GAAG,oBAAoB,CAAC,cAAc,CAAC,CAAC;QACzD,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;IAC3B,CAAC;IAED,MAAM;QACJ,MAAM,IAAI,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;QAClC,MAAM,MAAM,GAAG,IAAI,GAAG,EAA0B,CAAC;QACjD,KAAK,MAAM,CAAC,WAAW,EAAE,cAAc,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;YACjE,MAAM,WAAW,GAAG,oBAAoB,CAAC,SAAS,CAAC,cAAc,CAAC,CAAC;YACnE,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;gBACzB,MAAM,IAAI,uBAAuB,CAC/B,uCAAuC,WAAW,KAAK,WAAW,CAAC,KAAK,CAAC,OAAO,EAAE,CACnF,CAAC;YACJ,CAAC;YACD,MAAM,CAAC,GAAG,CAAC,WAAW,EAAE,sBAAsB,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC;QACpE,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,MAAM,CAAC,WAAmB;QACxB,MAAM,IAAI,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;QAClC,IAAI,CAAC,CAAC,WAAW,IAAI,IAAI,CAAC,EAAE,CAAC;YAC3B,OAAO,KAAK,CAAC;QACf,CAAC;QACD,MAAM,EAAE,CAAC,WAAW,CAAC,EAAE,CAAC,EAAE,GAAG,IAAI,EAAE,GAAG,IAAI,CAAC;QAC3C,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;QACzB,OAAO,IAAI,CAAC;IACd,CAAC;CACF"}