latchkey 2.5.1 → 2.5.3

package/dist/src/keychain.js

@@ -2,8 +2,12 @@
  * System keychain integration for secure password storage.
  * Uses @napi-rs/keyring for cross-platform support (macOS Keychain, Windows Credential Manager,
  * Linux Secret Service via keyutils/kernel keyring).
+ *
+ * All operations have a timeout to prevent hanging when the keyring is locked.
  */
-import { Entry } from '@napi-rs/keyring';
+import { AsyncEntry } from '@napi-rs/keyring';
+import { platform } from 'node:os';
+const KEYRING_TIMEOUT_MILLISECONDS = 30_000;
 export class KeychainError extends Error {
     constructor(message) {
         super(message);
@@ -16,37 +20,64 @@ export class KeychainNotAvailableError extends KeychainError {
         this.name = 'KeychainNotAvailableError';
     }
 }
+export class KeychainTimeoutError extends KeychainError {
+    constructor() {
+        const linuxHint = platform() === 'linux'
+            ? '\n\nOn Linux, you can try:\n' +
+                '  - Unlocking your keyring: run a GUI app that accesses it, or use `gnome-keyring-daemon --unlock`\n' +
+                '  - Bypassing the keyring entirely by setting LATCHKEY_ENCRYPTION_KEY:\n' +
+                '      export LATCHKEY_ENCRYPTION_KEY="$(openssl rand -base64 32)"\n' +
+                '    Add this to your shell profile to persist it across sessions.\n' +
+                '    You may need to first delete any existing .enc files in your LATCHKEY_DIRECTORY\n' +
+                '    (~/.latchkey by default) to reset any previously stored credentials.'
+            : '';
+        const timeoutSeconds = String(KEYRING_TIMEOUT_MILLISECONDS / 1000);
+        super(`Could not access the system keyring within ${timeoutSeconds} seconds — it may be locked or unavailable.${linuxHint}`);
+        this.name = 'KeychainTimeoutError';
+    }
+}
 /**
- * Get a keyring entry.
+ * Get an async keyring entry.
  */
 function getEntry(serviceName, accountName) {
-    return new Entry(serviceName, accountName);
+    return new AsyncEntry(serviceName, accountName);
+}
+function isTimeoutError(error) {
+    return error instanceof Error && (error.name === 'TimeoutError' || error.name === 'AbortError');
 }
 /**
  * Store a password in the system keychain.
+ * Throws KeychainTimeoutError if the keychain does not respond in time.
  * Throws KeychainNotAvailableError if the keychain is not accessible.
  */
-export function storeInKeychain(serviceName, accountName, password) {
+export async function storeInKeychain(serviceName, accountName, password) {
     try {
         const entry = getEntry(serviceName, accountName);
-        entry.setPassword(password);
+        await entry.setPassword(password, AbortSignal.timeout(KEYRING_TIMEOUT_MILLISECONDS));
     }
     catch (error) {
+        if (isTimeoutError(error)) {
+            throw new KeychainTimeoutError();
+        }
         throw new KeychainNotAvailableError(`Failed to store password in keychain: ${error instanceof Error ? error.message : String(error)}`);
     }
 }
 /**
  * Retrieve a password from the system keychain.
  * Returns null if the password is not found.
+ * Throws KeychainTimeoutError if the keychain does not respond in time.
  * Throws KeychainNotAvailableError if the keychain is not accessible.
  */
-export function retrieveFromKeychain(serviceName, accountName) {
+export async function retrieveFromKeychain(serviceName, accountName) {
     try {
         const entry = getEntry(serviceName, accountName);
-        const password = entry.getPassword();
+        const password = await entry.getPassword(AbortSignal.timeout(KEYRING_TIMEOUT_MILLISECONDS));
         return password ?? null;
     }
     catch (error) {
+        if (isTimeoutError(error)) {
+            throw new KeychainTimeoutError();
+        }
         const errorMessage = error instanceof Error ? error.message : String(error);
         // Check if it's a "not found" error
         if (errorMessage.includes('not found') ||
@@ -60,15 +91,19 @@ export function retrieveFromKeychain(serviceName, accountName) {
 /**
  * Delete a password from the system keychain.
  * Returns true if deleted, false if not found.
+ * Throws KeychainTimeoutError if the keychain does not respond in time.
  * Throws KeychainNotAvailableError if the keychain is not accessible.
  */
-export function deleteFromKeychain(serviceName, accountName) {
+export async function deleteFromKeychain(serviceName, accountName) {
     try {
         const entry = getEntry(serviceName, accountName);
-        entry.deletePassword();
+        await entry.deletePassword(AbortSignal.timeout(KEYRING_TIMEOUT_MILLISECONDS));
         return true;
     }
     catch (error) {
+        if (isTimeoutError(error)) {
+            throw new KeychainTimeoutError();
+        }
         const errorMessage = error instanceof Error ? error.message : String(error);
         if (errorMessage.includes('not found') ||
             errorMessage.includes('No password') ||

package/dist/src/keychain.js.map

@@ -1 +1 @@
-{"version":3,"file":"keychain.js","sourceRoot":"","sources":["../../src/keychain.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAC;AAEzC,MAAM,OAAO,aAAc,SAAQ,KAAK;IACtC,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,eAAe,CAAC;IAC9B,CAAC;CACF;AAED,MAAM,OAAO,yBAA0B,SAAQ,aAAa;IAC1D,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,2BAA2B,CAAC;IAC1C,CAAC;CACF;AAED;;GAEG;AACH,SAAS,QAAQ,CAAC,WAAmB,EAAE,WAAmB;IACxD,OAAO,IAAI,KAAK,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC;AAC7C,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,eAAe,CAAC,WAAmB,EAAE,WAAmB,EAAE,QAAgB;IACxF,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,QAAQ,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC;QACjD,KAAK,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;IAC9B,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,IAAI,yBAAyB,CACjC,yCAAyC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAClG,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,oBAAoB,CAAC,WAAmB,EAAE,WAAmB;IAC3E,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,QAAQ,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC;QACjD,MAAM,QAAQ,GAAG,KAAK,CAAC,WAAW,EAAE,CAAC;QACrC,OAAO,QAAQ,IAAI,IAAI,CAAC;IAC1B,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,YAAY,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAC5E,oCAAoC;QACpC,IACE,YAAY,CAAC,QAAQ,CAAC,WAAW,CAAC;YAClC,YAAY,CAAC,QAAQ,CAAC,aAAa,CAAC;YACpC,YAAY,CAAC,QAAQ,CAAC,cAAc,CAAC,EACrC,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;QACD,MAAM,IAAI,yBAAyB,CACjC,8CAA8C,YAAY,EAAE,CAC7D,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,kBAAkB,CAAC,WAAmB,EAAE,WAAmB;IACzE,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,QAAQ,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC;QACjD,KAAK,CAAC,cAAc,EAAE,CAAC;QACvB,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,YAAY,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAC5E,IACE,YAAY,CAAC,QAAQ,CAAC,WAAW,CAAC;YAClC,YAAY,CAAC,QAAQ,CAAC,aAAa,CAAC;YACpC,YAAY,CAAC,QAAQ,CAAC,cAAc,CAAC,EACrC,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC;QACD,MAAM,IAAI,yBAAyB,CAAC,4CAA4C,YAAY,EAAE,CAAC,CAAC;IAClG,CAAC;AACH,CAAC"}
+{"version":3,"file":"keychain.js","sourceRoot":"","sources":["../../src/keychain.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAEnC,MAAM,4BAA4B,GAAG,MAAM,CAAC;AAE5C,MAAM,OAAO,aAAc,SAAQ,KAAK;IACtC,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,eAAe,CAAC;IAC9B,CAAC;CACF;AAED,MAAM,OAAO,yBAA0B,SAAQ,aAAa;IAC1D,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,2BAA2B,CAAC;IAC1C,CAAC;CACF;AAED,MAAM,OAAO,oBAAqB,SAAQ,aAAa;IACrD;QACE,MAAM,SAAS,GACb,QAAQ,EAAE,KAAK,OAAO;YACpB,CAAC,CAAC,8BAA8B;gBAC9B,sGAAsG;gBACtG,0EAA0E;gBAC1E,qEAAqE;gBACrE,qEAAqE;gBACrE,uFAAuF;gBACvF,0EAA0E;YAC5E,CAAC,CAAC,EAAE,CAAC;QACT,MAAM,cAAc,GAAG,MAAM,CAAC,4BAA4B,GAAG,IAAI,CAAC,CAAC;QACnE,KAAK,CACH,8CAA8C,cAAc,8CAA8C,SAAS,EAAE,CACtH,CAAC;QACF,IAAI,CAAC,IAAI,GAAG,sBAAsB,CAAC;IACrC,CAAC;CACF;AAED;;GAEG;AACH,SAAS,QAAQ,CAAC,WAAmB,EAAE,WAAmB;IACxD,OAAO,IAAI,UAAU,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC;AAClD,CAAC;AAED,SAAS,cAAc,CAAC,KAAc;IACpC,OAAO,KAAK,YAAY,KAAK,IAAI,CAAC,KAAK,CAAC,IAAI,KAAK,cAAc,IAAI,KAAK,CAAC,IAAI,KAAK,YAAY,CAAC,CAAC;AAClG,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,WAAmB,EACnB,WAAmB,EACnB,QAAgB;IAEhB,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,QAAQ,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC;QACjD,MAAM,KAAK,CAAC,WAAW,CAAC,QAAQ,EAAE,WAAW,CAAC,OAAO,CAAC,4BAA4B,CAAC,CAAC,CAAC;IACvF,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,cAAc,CAAC,KAAK,CAAC,EAAE,CAAC;YAC1B,MAAM,IAAI,oBAAoB,EAAE,CAAC;QACnC,CAAC;QACD,MAAM,IAAI,yBAAyB,CACjC,yCAAyC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAClG,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,WAAmB,EACnB,WAAmB;IAEnB,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,QAAQ,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC;QACjD,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,WAAW,CAAC,WAAW,CAAC,OAAO,CAAC,4BAA4B,CAAC,CAAC,CAAC;QAC5F,OAAO,QAAQ,IAAI,IAAI,CAAC;IAC1B,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,cAAc,CAAC,KAAK,CAAC,EAAE,CAAC;YAC1B,MAAM,IAAI,oBAAoB,EAAE,CAAC;QACnC,CAAC;QACD,MAAM,YAAY,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAC5E,oCAAoC;QACpC,IACE,YAAY,CAAC,QAAQ,CAAC,WAAW,CAAC;YAClC,YAAY,CAAC,QAAQ,CAAC,aAAa,CAAC;YACpC,YAAY,CAAC,QAAQ,CAAC,cAAc,CAAC,EACrC,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;QACD,MAAM,IAAI,yBAAyB,CACjC,8CAA8C,YAAY,EAAE,CAC7D,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,WAAmB,EACnB,WAAmB;IAEnB,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,QAAQ,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC;QACjD,MAAM,KAAK,CAAC,cAAc,CAAC,WAAW,CAAC,OAAO,CAAC,4BAA4B,CAAC,CAAC,CAAC;QAC9E,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,cAAc,CAAC,KAAK,CAAC,EAAE,CAAC;YAC1B,MAAM,IAAI,oBAAoB,EAAE,CAAC;QACnC,CAAC;QACD,MAAM,YAAY,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAC5E,IACE,YAAY,CAAC,QAAQ,CAAC,WAAW,CAAC;YAClC,YAAY,CAAC,QAAQ,CAAC,aAAa,CAAC;YACpC,YAAY,CAAC,QAAQ,CAAC,cAAc,CAAC,EACrC,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC;QACD,MAAM,IAAI,yBAAyB,CAAC,4CAA4C,YAAY,EAAE,CAAC,CAAC;IAClG,CAAC;AACH,CAAC"}

package/dist/tests/apiCredentialStore.test.js

@@ -11,10 +11,10 @@ describe('ApiCredentialStore', () => {
     let tempDir;
     let storePath;
     let encryptedStorage;
-    beforeEach(() => {
+    beforeEach(async () => {
         tempDir = mkdtempSync(join(tmpdir(), 'latchkey-test-'));
         storePath = join(tempDir, 'credentials.json');
-        encryptedStorage = new EncryptedStorage({ encryptionKeyOverride: generateKey() });
+        encryptedStorage = await EncryptedStorage.create({ encryptionKeyOverride: generateKey() });
     });
     afterEach(() => {
         rmSync(tempDir, { recursive: true, force: true });

package/dist/tests/apiCredentialStore.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"apiCredentialStore.test.js","sourceRoot":"","sources":["../../tests/apiCredentialStore.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAC;AACrE,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACxE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AACjC,OAAO,EAAE,kBAAkB,EAAE,MAAM,8BAA8B,CAAC;AAClE,OAAO,EAAE,mBAAmB,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAClF,OAAO,EAAE,mBAAmB,EAAE,MAAM,0BAA0B,CAAC;AAC/D,OAAO,EAAE,gBAAgB,EAAE,MAAM,4BAA4B,CAAC;AAC9D,OAAO,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AAEnD,QAAQ,CAAC,oBAAoB,EAAE,GAAG,EAAE;IAClC,IAAI,OAAe,CAAC;IACpB,IAAI,SAAiB,CAAC;IACtB,IAAI,gBAAkC,CAAC;IAEvC,UAAU,CAAC,GAAG,EAAE;QACd,OAAO,GAAG,WAAW,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,gBAAgB,CAAC,CAAC,CAAC;QACxD,SAAS,GAAG,IAAI,CAAC,OAAO,EAAE,kBAAkB,CAAC,CAAC;QAC9C,gBAAgB,GAAG,IAAI,gBAAgB,CAAC,EAAE,qBAAqB,EAAE,WAAW,EAAE,EAAE,CAAC,CAAC;IACpF,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,GAAG,EAAE;QACb,MAAM,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IACpD,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,KAAK,EAAE,GAAG,EAAE;QACnB,EAAE,CAAC,gDAAgD,EAAE,GAAG,EAAE;YACxD,MAAM,KAAK,GAAG,IAAI,kBAAkB,CAAC,SAAS,EAAE,gBAAgB,CAAC,CAAC;YAClE,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;QACxC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,6CAA6C,EAAE,GAAG,EAAE;YACrD,MAAM,KAAK,GAAG,IAAI,kBAAkB,CAAC,SAAS,EAAE,gBAAgB,CAAC,CAAC;YAClE,KAAK,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,iBAAiB,CAAC,OAAO,CAAC,CAAC,CAAC;YACtD,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;QACxC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,uDAAuD,EAAE,GAAG,EAAE;YAC/D,MAAM,KAAK,GAAG,IAAI,kBAAkB,CAAC,SAAS,EAAE,gBAAgB,CAAC,CAAC;YAClE,MAAM,WAAW,GAAG,IAAI,mBAAmB,CAAC,YAAY,CAAC,CAAC;YAC1D,KAAK,CAAC,IAAI,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;YAElC,MAAM,SAAS,GAAG,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YACtC,MAAM,CAAC,SAAS,CAAC,CAAC,cAAc,CAAC,mBAAmB,CAAC,CAAC;YACtD,MAAM,CAAE,SAAiC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACtE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,qDAAqD,EAAE,GAAG,EAAE;YAC7D,MAAM,KAAK,GAAG,IAAI,kBAAkB,CAAC,SAAS,EAAE,gBAAgB,CAAC,CAAC;YAClE,MAAM,WAAW,GAAG,IAAI,iBAAiB,CAAC,eAAe,CAAC,CAAC;YAC3D,KAAK,CAAC,IAAI,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC;YAEnC,MAAM,SAAS,GAAG,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YACvC,MAAM,CAAC,SAAS,CAAC,CAAC,cAAc,CAAC,iBAAiB,CAAC,CAAC;YACpD,MAAM,CAAE,SAA+B,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QACvE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,2CAA2C,EAAE,GAAG,EAAE;YACnD,MAAM,KAAK,GAAG,IAAI,kBAAkB,CAAC,SAAS,EAAE,gBAAgB,CAAC,CAAC;YAClE,MAAM,WAAW,GAAG,IAAI,mBAAmB,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC;YACtE,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;YAEjC,MAAM,SAAS,GAAG,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YACrC,MAAM,CAAC,SAAS,CAAC,CAAC,cAAc,CAAC,mBAAmB,CAAC,CAAC;YACtD,MAAM,CAAE,SAAiC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YACpE,MAAM,CAAE,SAAiC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACtE,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,MAAM,EAAE,GAAG,EAAE;QACpB,EAAE,CAAC,mDAAmD,EAAE,GAAG,EAAE;YAC3D,MAAM,KAAK,GAAG,IAAI,kBAAkB,CAAC,SAAS,EAAE,gBAAgB,CAAC,CAAC;YAClE,KAAK,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,mBAAmB,CAAC,OAAO,CAAC,CAAC,CAAC;YACvD,MAAM,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC3C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,uDAAuD,EAAE,GAAG,EAAE;YAC/D,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,kBAAkB,CAAC,CAAC;YACvE,MAAM,KAAK,GAAG,IAAI,kBAAkB,CAAC,UAAU,EAAE,gBAAgB,CAAC,CAAC;YACnE,KAAK,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,mBAAmB,CAAC,OAAO,CAAC,CAAC,CAAC;YACvD,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC5C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,4DAA4D,EAAE,GAAG,EAAE;YACpE,MAAM,KAAK,GAAG,IAAI,kBAAkB,CAAC,SAAS,EAAE,gBAAgB,CAAC,CAAC;YAClE,KAAK,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,mBAAmB,CAAC,WAAW,CAAC,CAAC,CAAC;YAC3D,KAAK,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,mBAAmB,CAAC,WAAW,CAAC,CAAC,CAAC;YAE3D,MAAM,SAAS,GAAG,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YACtC,MAAM,CAAE,SAAiC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACrE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,4CAA4C,EAAE,GAAG,EAAE;YACpD,MAAM,KAAK,GAAG,IAAI,kBAAkB,CAAC,SAAS,EAAE,gBAAgB,CAAC,CAAC;YAClE,KAAK,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,mBAAmB,CAAC,cAAc,CAAC,CAAC,CAAC;YAC9D,KAAK,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,iBAAiB,CAAC,eAAe,CAAC,CAAC,CAAC;YAE9D,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;YAC3C,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;QAC9C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,qCAAqC,EAAE,GAAG,EAAE;YAC7C,MAAM,KAAK,GAAG,IAAI,kBAAkB,CAAC,SAAS,EAAE,gBAAgB,CAAC,CAAC;YAClE,KAAK,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,mBAAmB,CAAC,OAAO,CAAC,CAAC,CAAC;YAEvD,MAAM,OAAO,GAAG,YAAY,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;YACjD,yEAAyE;YACzE,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,qBAAqB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC/D,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE;QACtB,EAAE,CAAC,8CAA8C,EAAE,GAAG,EAAE;YACtD,MAAM,KAAK,GAAG,IAAI,kBAAkB,CAAC,SAAS,EAAE,gBAAgB,CAAC,CAAC;YAClE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC7C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,oDAAoD,EAAE,GAAG,EAAE;YAC5D,MAAM,KAAK,GAAG,IAAI,kBAAkB,CAAC,SAAS,EAAE,gBAAgB,CAAC,CAAC;YAClE,KAAK,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,mBAAmB,CAAC,OAAO,CAAC,CAAC,CAAC;YACvD,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC1C,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;QACzC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,8CAA8C,EAAE,GAAG,EAAE;YACtD,MAAM,KAAK,GAAG,IAAI,kBAAkB,CAAC,SAAS,EAAE,gBAAgB,CAAC,CAAC;YAClE,KAAK,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,mBAAmB,CAAC,cAAc,CAAC,CAAC,CAAC;YAC9D,KAAK,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,iBAAiB,CAAC,eAAe,CAAC,CAAC,CAAC;YAE9D,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YAEvB,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;YACvC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;QAC9C,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
+{"version":3,"file":"apiCredentialStore.test.js","sourceRoot":"","sources":["../../tests/apiCredentialStore.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAC;AACrE,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACxE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AACjC,OAAO,EAAE,kBAAkB,EAAE,MAAM,8BAA8B,CAAC;AAClE,OAAO,EAAE,mBAAmB,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAClF,OAAO,EAAE,mBAAmB,EAAE,MAAM,0BAA0B,CAAC;AAC/D,OAAO,EAAE,gBAAgB,EAAE,MAAM,4BAA4B,CAAC;AAC9D,OAAO,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AAEnD,QAAQ,CAAC,oBAAoB,EAAE,GAAG,EAAE;IAClC,IAAI,OAAe,CAAC;IACpB,IAAI,SAAiB,CAAC;IACtB,IAAI,gBAAkC,CAAC;IAEvC,UAAU,CAAC,KAAK,IAAI,EAAE;QACpB,OAAO,GAAG,WAAW,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,gBAAgB,CAAC,CAAC,CAAC;QACxD,SAAS,GAAG,IAAI,CAAC,OAAO,EAAE,kBAAkB,CAAC,CAAC;QAC9C,gBAAgB,GAAG,MAAM,gBAAgB,CAAC,MAAM,CAAC,EAAE,qBAAqB,EAAE,WAAW,EAAE,EAAE,CAAC,CAAC;IAC7F,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,GAAG,EAAE;QACb,MAAM,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IACpD,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,KAAK,EAAE,GAAG,EAAE;QACnB,EAAE,CAAC,gDAAgD,EAAE,GAAG,EAAE;YACxD,MAAM,KAAK,GAAG,IAAI,kBAAkB,CAAC,SAAS,EAAE,gBAAgB,CAAC,CAAC;YAClE,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;QACxC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,6CAA6C,EAAE,GAAG,EAAE;YACrD,MAAM,KAAK,GAAG,IAAI,kBAAkB,CAAC,SAAS,EAAE,gBAAgB,CAAC,CAAC;YAClE,KAAK,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,iBAAiB,CAAC,OAAO,CAAC,CAAC,CAAC;YACtD,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;QACxC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,uDAAuD,EAAE,GAAG,EAAE;YAC/D,MAAM,KAAK,GAAG,IAAI,kBAAkB,CAAC,SAAS,EAAE,gBAAgB,CAAC,CAAC;YAClE,MAAM,WAAW,GAAG,IAAI,mBAAmB,CAAC,YAAY,CAAC,CAAC;YAC1D,KAAK,CAAC,IAAI,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;YAElC,MAAM,SAAS,GAAG,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YACtC,MAAM,CAAC,SAAS,CAAC,CAAC,cAAc,CAAC,mBAAmB,CAAC,CAAC;YACtD,MAAM,CAAE,SAAiC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACtE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,qDAAqD,EAAE,GAAG,EAAE;YAC7D,MAAM,KAAK,GAAG,IAAI,kBAAkB,CAAC,SAAS,EAAE,gBAAgB,CAAC,CAAC;YAClE,MAAM,WAAW,GAAG,IAAI,iBAAiB,CAAC,eAAe,CAAC,CAAC;YAC3D,KAAK,CAAC,IAAI,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC;YAEnC,MAAM,SAAS,GAAG,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YACvC,MAAM,CAAC,SAAS,CAAC,CAAC,cAAc,CAAC,iBAAiB,CAAC,CAAC;YACpD,MAAM,CAAE,SAA+B,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QACvE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,2CAA2C,EAAE,GAAG,EAAE;YACnD,MAAM,KAAK,GAAG,IAAI,kBAAkB,CAAC,SAAS,EAAE,gBAAgB,CAAC,CAAC;YAClE,MAAM,WAAW,GAAG,IAAI,mBAAmB,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC;YACtE,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;YAEjC,MAAM,SAAS,GAAG,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YACrC,MAAM,CAAC,SAAS,CAAC,CAAC,cAAc,CAAC,mBAAmB,CAAC,CAAC;YACtD,MAAM,CAAE,SAAiC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YACpE,MAAM,CAAE,SAAiC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACtE,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,MAAM,EAAE,GAAG,EAAE;QACpB,EAAE,CAAC,mDAAmD,EAAE,GAAG,EAAE;YAC3D,MAAM,KAAK,GAAG,IAAI,kBAAkB,CAAC,SAAS,EAAE,gBAAgB,CAAC,CAAC;YAClE,KAAK,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,mBAAmB,CAAC,OAAO,CAAC,CAAC,CAAC;YACvD,MAAM,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC3C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,uDAAuD,EAAE,GAAG,EAAE;YAC/D,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,kBAAkB,CAAC,CAAC;YACvE,MAAM,KAAK,GAAG,IAAI,kBAAkB,CAAC,UAAU,EAAE,gBAAgB,CAAC,CAAC;YACnE,KAAK,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,mBAAmB,CAAC,OAAO,CAAC,CAAC,CAAC;YACvD,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC5C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,4DAA4D,EAAE,GAAG,EAAE;YACpE,MAAM,KAAK,GAAG,IAAI,kBAAkB,CAAC,SAAS,EAAE,gBAAgB,CAAC,CAAC;YAClE,KAAK,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,mBAAmB,CAAC,WAAW,CAAC,CAAC,CAAC;YAC3D,KAAK,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,mBAAmB,CAAC,WAAW,CAAC,CAAC,CAAC;YAE3D,MAAM,SAAS,GAAG,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YACtC,MAAM,CAAE,SAAiC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACrE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,4CAA4C,EAAE,GAAG,EAAE;YACpD,MAAM,KAAK,GAAG,IAAI,kBAAkB,CAAC,SAAS,EAAE,gBAAgB,CAAC,CAAC;YAClE,KAAK,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,mBAAmB,CAAC,cAAc,CAAC,CAAC,CAAC;YAC9D,KAAK,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,iBAAiB,CAAC,eAAe,CAAC,CAAC,CAAC;YAE9D,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;YAC3C,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;QAC9C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,qCAAqC,EAAE,GAAG,EAAE;YAC7C,MAAM,KAAK,GAAG,IAAI,kBAAkB,CAAC,SAAS,EAAE,gBAAgB,CAAC,CAAC;YAClE,KAAK,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,mBAAmB,CAAC,OAAO,CAAC,CAAC,CAAC;YAEvD,MAAM,OAAO,GAAG,YAAY,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;YACjD,yEAAyE;YACzE,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,qBAAqB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC/D,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE;QACtB,EAAE,CAAC,8CAA8C,EAAE,GAAG,EAAE;YACtD,MAAM,KAAK,GAAG,IAAI,kBAAkB,CAAC,SAAS,EAAE,gBAAgB,CAAC,CAAC;YAClE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC7C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,oDAAoD,EAAE,GAAG,EAAE;YAC5D,MAAM,KAAK,GAAG,IAAI,kBAAkB,CAAC,SAAS,EAAE,gBAAgB,CAAC,CAAC;YAClE,KAAK,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,mBAAmB,CAAC,OAAO,CAAC,CAAC,CAAC;YACvD,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC1C,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;QACzC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,8CAA8C,EAAE,GAAG,EAAE;YACtD,MAAM,KAAK,GAAG,IAAI,kBAAkB,CAAC,SAAS,EAAE,gBAAgB,CAAC,CAAC;YAClE,KAAK,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,mBAAmB,CAAC,cAAc,CAAC,CAAC,CAAC;YAC9D,KAAK,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,iBAAiB,CAAC,eAAe,CAAC,CAAC,CAAC;YAE9D,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YAEvB,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;YACvC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;QAC9C,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/tests/cli.test.js

@@ -21,12 +21,12 @@ import { deleteRegisteredService, loadRegisteredServices, saveRegisteredService,
 import { loadRegisteredServicesIntoRegistry } from '../src/registry.js';
 // Use a fixed test key for deterministic test behavior (32 bytes = 256 bits, base64 encoded)
 const TEST_ENCRYPTION_KEY = 'dGVzdGtleXRlc3RrZXl0ZXN0a2V5dGVzdGtleXRlc3Q=';
-function writeSecureFile(path, content) {
-    const storage = new EncryptedStorage({ encryptionKeyOverride: TEST_ENCRYPTION_KEY });
+async function writeSecureFile(path, content) {
+    const storage = await EncryptedStorage.create({ encryptionKeyOverride: TEST_ENCRYPTION_KEY });
     storage.writeFile(path, content);
 }
-function readSecureFile(path) {
-    const storage = new EncryptedStorage({ encryptionKeyOverride: TEST_ENCRYPTION_KEY });
+async function readSecureFile(path) {
+    const storage = await EncryptedStorage.create({ encryptionKeyOverride: TEST_ENCRYPTION_KEY });
     return storage.readFile(path);
 }
 function getCliPath() {
@@ -352,7 +352,7 @@ describe('CLI commands with dependency injection', () => {
         });
         it('should include services with stored credentials when using --viable', async () => {
             const storePath = join(tempDir, 'credentials.json');
-            writeSecureFile(storePath, JSON.stringify({
+            await writeSecureFile(storePath, JSON.stringify({
                 slack: { objectType: 'slack', token: 'test-token', dCookie: 'test-cookie' },
             }));
             const deps = createMockDependencies();
@@ -363,7 +363,7 @@ describe('CLI commands with dependency injection', () => {
         });
         it('should include services with browser auth when using --viable', async () => {
             const storePath = join(tempDir, 'credentials.json');
-            writeSecureFile(storePath, '{}');
+            await writeSecureFile(storePath, '{}');
             // The default mock slack service has getSession defined, so it supports browser auth
             // Ensure a graphical environment is available so browser auth is considered viable
             const originalDisplay = process.env.DISPLAY;
@@ -386,7 +386,7 @@ describe('CLI commands with dependency injection', () => {
         });
         it('should exclude services without credentials or browser auth when using --viable', async () => {
             const storePath = join(tempDir, 'credentials.json');
-            writeSecureFile(storePath, '{}');
+            await writeSecureFile(storePath, '{}');
             const noLoginService = {
                 name: 'nologin',
                 displayName: 'No Login Service',
@@ -412,7 +412,7 @@ describe('CLI commands with dependency injection', () => {
         });
         it('should exclude browser-capable services when browser is disabled and no credentials with --viable', async () => {
             const storePath = join(tempDir, 'credentials.json');
-            writeSecureFile(storePath, '{}');
+            await writeSecureFile(storePath, '{}');
             const deps = createMockDependencies({
                 config: createMockConfig({ browserDisabled: true }),
             });
@@ -423,7 +423,7 @@ describe('CLI commands with dependency injection', () => {
         });
         it('should exclude browser-capable services when no graphical environment and no credentials with --viable', async () => {
             const storePath = join(tempDir, 'credentials.json');
-            writeSecureFile(storePath, '{}');
+            await writeSecureFile(storePath, '{}');
             const originalPlatform = process.platform;
             const originalDisplay = process.env.DISPLAY;
             const originalWayland = process.env.WAYLAND_DISPLAY;
@@ -455,7 +455,7 @@ describe('CLI commands with dependency injection', () => {
         });
         it('should include services with credentials even when no graphical environment with --viable', async () => {
             const storePath = join(tempDir, 'credentials.json');
-            writeSecureFile(storePath, JSON.stringify({
+            await writeSecureFile(storePath, JSON.stringify({
                 slack: { objectType: 'slack', token: 'test-token', dCookie: 'test-cookie' },
             }));
             const originalPlatform = process.platform;
@@ -489,7 +489,7 @@ describe('CLI commands with dependency injection', () => {
         });
         it('should include services with credentials even when browser is disabled with --viable', async () => {
             const storePath = join(tempDir, 'credentials.json');
-            writeSecureFile(storePath, JSON.stringify({
+            await writeSecureFile(storePath, JSON.stringify({
                 slack: { objectType: 'slack', token: 'test-token', dCookie: 'test-cookie' },
             }));
             const deps = createMockDependencies({
@@ -502,7 +502,7 @@ describe('CLI commands with dependency injection', () => {
         });
         it('should combine --builtin and --viable filters', async () => {
             const storePath = join(tempDir, 'credentials.json');
-            writeSecureFile(storePath, JSON.stringify({
+            await writeSecureFile(storePath, JSON.stringify({
                 'my-gitlab': {
                     objectType: 'rawCurl',
                     curlArguments: ['-H', 'PRIVATE-TOKEN: token'],
@@ -536,7 +536,7 @@ describe('CLI commands with dependency injection', () => {
     describe('services info command', () => {
         it('should show login options, credentials status, and developer notes', async () => {
             const storePath = join(tempDir, 'credentials.json');
-            writeSecureFile(storePath, '{}');
+            await writeSecureFile(storePath, '{}');
             const deps = createMockDependencies();
             await runCommand(['services', 'info', 'slack'], deps);
             expect(logs).toHaveLength(1);
@@ -550,7 +550,7 @@ describe('CLI commands with dependency injection', () => {
         });
         it('should show auth set only for services without browser login', async () => {
             const storePath = join(tempDir, 'credentials.json');
-            writeSecureFile(storePath, '{}');
+            await writeSecureFile(storePath, '{}');
             const noLoginService = {
                 name: 'nologin',
                 displayName: 'No Login Service',
@@ -575,7 +575,7 @@ describe('CLI commands with dependency injection', () => {
         });
         it('should not list browser in authOptions when LATCHKEY_DISABLE_BROWSER is in effect', async () => {
             const storePath = join(tempDir, 'credentials.json');
-            writeSecureFile(storePath, '{}');
+            await writeSecureFile(storePath, '{}');
             const deps = createMockDependencies({
                 config: createMockConfig({ browserDisabled: true }),
             });
@@ -585,7 +585,7 @@ describe('CLI commands with dependency injection', () => {
         });
         it('should show valid credentials status when credentials are valid', async () => {
             const storePath = join(tempDir, 'credentials.json');
-            writeSecureFile(storePath, JSON.stringify({
+            await writeSecureFile(storePath, JSON.stringify({
                 slack: { objectType: 'slack', token: 'test-token', dCookie: 'test-cookie' },
             }));
             const deps = createMockDependencies();
@@ -601,7 +601,7 @@ describe('CLI commands with dependency injection', () => {
         });
         it('should show type as registered for registered services', async () => {
             const storePath = join(tempDir, 'credentials.json');
-            writeSecureFile(storePath, '{}');
+            await writeSecureFile(storePath, '{}');
             const registeredService = new RegisteredService('my-gitlab', 'https://gitlab.example.com');
             const deps = createMockDependencies();
             deps.registry.addService(registeredService);
@@ -613,12 +613,12 @@ describe('CLI commands with dependency injection', () => {
     describe('clear command', () => {
         it('should delete credentials for a service', async () => {
             const storePath = join(tempDir, 'credentials.json');
-            writeSecureFile(storePath, JSON.stringify({
+            await writeSecureFile(storePath, JSON.stringify({
                 slack: { objectType: 'slack', token: 'test-token', dCookie: 'test-cookie' },
             }));
             const deps = createMockDependencies();
             await runCommand(['auth', 'clear', 'slack'], deps);
-            const storedData = JSON.parse(readSecureFile(storePath) ?? '{}');
+            const storedData = JSON.parse((await readSecureFile(storePath)) ?? '{}');
             expect(storedData.slack).toBeUndefined();
         });
         it('should return error for unknown service', async () => {
@@ -629,13 +629,13 @@ describe('CLI commands with dependency injection', () => {
         });
         it('should preserve other services when clearing one', async () => {
             const storePath = join(tempDir, 'credentials.json');
-            writeSecureFile(storePath, JSON.stringify({
+            await writeSecureFile(storePath, JSON.stringify({
                 slack: { objectType: 'slack', token: 'slack-token', dCookie: 'slack-cookie' },
                 discord: { objectType: 'authorizationBare', token: 'discord-token' },
             }));
             const deps = createMockDependencies();
             await runCommand(['auth', 'clear', 'slack'], deps);
-            const storedData = JSON.parse(readSecureFile(storePath) ?? '{}');
+            const storedData = JSON.parse((await readSecureFile(storePath)) ?? '{}');
             expect(storedData.slack).toBeUndefined();
             expect(storedData.discord).toBeDefined();
             expect(storedData.discord?.token).toBe('discord-token');
@@ -643,8 +643,8 @@ describe('CLI commands with dependency injection', () => {
         it('should delete both store and browser state with -y flag', async () => {
             const storePath = join(tempDir, 'credentials.json');
             const browserStatePath = join(tempDir, 'browser_state.json');
-            writeSecureFile(storePath, JSON.stringify({ slack: { objectType: 'slack', token: 'test', dCookie: 'test' } }));
-            writeSecureFile(browserStatePath, '{}');
+            await writeSecureFile(storePath, JSON.stringify({ slack: { objectType: 'slack', token: 'test', dCookie: 'test' } }));
+            await writeSecureFile(browserStatePath, '{}');
             const deps = createMockDependencies();
             await runCommand(['auth', 'clear', '-y'], deps);
             expect(existsSync(storePath)).toBe(false);
@@ -654,7 +654,7 @@ describe('CLI commands with dependency injection', () => {
     describe('auth list command', () => {
         it('should list stored credentials with their status', async () => {
             const storePath = join(tempDir, 'credentials.json');
-            writeSecureFile(storePath, JSON.stringify({
+            await writeSecureFile(storePath, JSON.stringify({
                 slack: { objectType: 'slack', token: 'test-token', dCookie: 'test-cookie' },
             }));
             const deps = createMockDependencies();
@@ -668,7 +668,7 @@ describe('CLI commands with dependency injection', () => {
         });
         it('should output empty object when no credentials are stored', async () => {
             const storePath = join(tempDir, 'credentials.json');
-            writeSecureFile(storePath, '{}');
+            await writeSecureFile(storePath, '{}');
             const deps = createMockDependencies();
             await runCommand(['auth', 'list'], deps);
             expect(logs).toHaveLength(1);
@@ -677,7 +677,7 @@ describe('CLI commands with dependency injection', () => {
         });
         it('should treat unknown services as valid', async () => {
             const storePath = join(tempDir, 'credentials.json');
-            writeSecureFile(storePath, JSON.stringify({
+            await writeSecureFile(storePath, JSON.stringify({
                 unknown: { objectType: 'rawCurl', curlArguments: ['-H', 'X-Token: secret'] },
             }));
             const deps = createMockDependencies();
@@ -693,11 +693,11 @@ describe('CLI commands with dependency injection', () => {
     describe('auth set command', () => {
         it('should store raw curl credentials', async () => {
             const storePath = join(tempDir, 'credentials.json');
-            writeSecureFile(storePath, '{}');
+            await writeSecureFile(storePath, '{}');
             const deps = createMockDependencies();
             await runCommand(['auth', 'set', 'slack', '-H', 'X-Token: secret', '-H', 'X-Other: value'], deps);
             expect(logs).toContain('Credentials stored.');
-            const storedData = JSON.parse(readSecureFile(storePath) ?? '{}');
+            const storedData = JSON.parse((await readSecureFile(storePath)) ?? '{}');
             expect(storedData.slack).toEqual({
                 objectType: 'rawCurl',
                 curlArguments: ['-H', 'X-Token: secret', '-H', 'X-Other: value'],
@@ -720,13 +720,13 @@ describe('CLI commands with dependency injection', () => {
         });
         it('should overwrite existing credentials', async () => {
             const storePath = join(tempDir, 'credentials.json');
-            writeSecureFile(storePath, JSON.stringify({
+            await writeSecureFile(storePath, JSON.stringify({
                 slack: { objectType: 'slack', token: 'old-token', dCookie: 'old-cookie' },
             }));
             const deps = createMockDependencies();
             await runCommand(['auth', 'set', 'slack', '-H', 'X-Token: new-secret'], deps);
             expect(logs).toContain('Credentials stored.');
-            const storedData = JSON.parse(readSecureFile(storePath) ?? '{}');
+            const storedData = JSON.parse((await readSecureFile(storePath)) ?? '{}');
             expect(storedData.slack).toEqual({
                 objectType: 'rawCurl',
                 curlArguments: ['-H', 'X-Token: new-secret'],
@@ -736,13 +736,13 @@ describe('CLI commands with dependency injection', () => {
     describe('auth set-nocurl command', () => {
         it('should store telegram bot credentials', async () => {
             const storePath = join(tempDir, 'credentials.json');
-            writeSecureFile(storePath, '{}');
+            await writeSecureFile(storePath, '{}');
             const deps = createMockDependencies({
                 registry: new Registry([TELEGRAM]),
             });
             await runCommand(['auth', 'set-nocurl', 'telegram', '123456:ABC-DEF'], deps);
             expect(logs).toContain('Credentials stored.');
-            const storedData = JSON.parse(readSecureFile(storePath) ?? '{}');
+            const storedData = JSON.parse((await readSecureFile(storePath)) ?? '{}');
             expect(storedData.telegram).toEqual({
                 objectType: 'telegramBot',
                 token: '123456:ABC-DEF',
@@ -776,7 +776,7 @@ describe('CLI commands with dependency injection', () => {
     describe('curl command', () => {
         it('should pass arguments to subprocess', async () => {
             const storePath = join(tempDir, 'credentials.json');
-            writeSecureFile(storePath, JSON.stringify({
+            await writeSecureFile(storePath, JSON.stringify({
                 slack: { objectType: 'slack', token: 'stored-token', dCookie: 'stored-cookie' },
             }));
             const deps = createMockDependencies();
@@ -792,7 +792,7 @@ describe('CLI commands with dependency injection', () => {
         });
         it('should pass raw curl credentials to subprocess', async () => {
             const storePath = join(tempDir, 'credentials.json');
-            writeSecureFile(storePath, JSON.stringify({
+            await writeSecureFile(storePath, JSON.stringify({
                 slack: { objectType: 'rawCurl', curlArguments: ['-H', 'X-Custom: header'] },
             }));
             const deps = createMockDependencies();
@@ -802,7 +802,7 @@ describe('CLI commands with dependency injection', () => {
         });
         it('should pass multiple arguments correctly', async () => {
             const storePath = join(tempDir, 'credentials.json');
-            writeSecureFile(storePath, JSON.stringify({
+            await writeSecureFile(storePath, JSON.stringify({
                 slack: { objectType: 'slack', token: 'stored-token', dCookie: 'stored-cookie' },
             }));
             const deps = createMockDependencies();
@@ -824,7 +824,7 @@ describe('CLI commands with dependency injection', () => {
         });
         it('should return subprocess exit code', async () => {
             const storePath = join(tempDir, 'credentials.json');
-            writeSecureFile(storePath, JSON.stringify({
+            await writeSecureFile(storePath, JSON.stringify({
                 slack: { objectType: 'slack', token: 'stored-token', dCookie: 'stored-cookie' },
             }));
             const deps = createMockDependencies({
@@ -845,7 +845,7 @@ describe('CLI commands with dependency injection', () => {
         });
         it('should read credentials from store and not call login', async () => {
             const storePath = join(tempDir, 'credentials.json');
-            writeSecureFile(storePath, JSON.stringify({
+            await writeSecureFile(storePath, JSON.stringify({
                 slack: { objectType: 'slack', token: 'stored-token', dCookie: 'stored-cookie' },
             }));
             const mockLogin = vi.fn();
@@ -874,14 +874,14 @@ describe('CLI commands with dependency injection', () => {
         });
         it('should return error when no credentials in store', async () => {
             const storePath = join(tempDir, 'credentials.json');
-            writeSecureFile(storePath, '{}');
+            await writeSecureFile(storePath, '{}');
             const deps = createMockDependencies();
             await runCommand(['curl', 'https://slack.com/api/test'], deps);
             expect(exitCode).toBe(1);
         });
         it('should inject telegram bot token into URL path', async () => {
             const storePath = join(tempDir, 'credentials.json');
-            writeSecureFile(storePath, JSON.stringify({
+            await writeSecureFile(storePath, JSON.stringify({
                 telegram: { objectType: 'telegramBot', token: '123456:ABC-DEF' },
             }));
             const deps = createMockDependencies({
@@ -893,7 +893,7 @@ describe('CLI commands with dependency injection', () => {
         });
         it('should work when service does not have getSession but credentials exist', async () => {
             const storePath = join(tempDir, 'credentials.json');
-            writeSecureFile(storePath, JSON.stringify({
+            await writeSecureFile(storePath, JSON.stringify({
                 nologin: { objectType: 'rawCurl', curlArguments: ['-H', 'X-API-Key: secret'] },
             }));
             const noLoginService = {
@@ -946,7 +946,7 @@ describe('CLI commands with dependency injection', () => {
         });
         it('should return error when no graphical environment is available', async () => {
             const storePath = join(tempDir, 'credentials.json');
-            writeSecureFile(storePath, '{}');
+            await writeSecureFile(storePath, '{}');
             const originalPlatform = process.platform;
             const originalDisplay = process.env.DISPLAY;
             const originalWayland = process.env.WAYLAND_DISPLAY;
@@ -1111,7 +1111,7 @@ describe('CLI commands with dependency injection', () => {
         });
         it('should not expose browser auth without --login-url', async () => {
             const storePath = join(tempDir, 'credentials.json');
-            writeSecureFile(storePath, '{}');
+            await writeSecureFile(storePath, '{}');
             const deps = createMockDependencies({
                 registry: new Registry([GITLAB]),
             });
@@ -1214,7 +1214,7 @@ describe('CLI commands with dependency injection', () => {
             ], deps);
             // Now store credentials for it
             const storePath = join(tempDir, 'credentials.json');
-            writeSecureFile(storePath, '{}');
+            await writeSecureFile(storePath, '{}');
             logs = [];
             exitCode = null;
             await runCommand(['auth', 'set', 'my-gitlab', '-H', 'PRIVATE-TOKEN: my-secret-token'], deps);
@@ -1246,7 +1246,7 @@ describe('CLI commands with dependency injection', () => {
         });
         it('should not expose browser auth for service without family', async () => {
             const storePath = join(tempDir, 'credentials.json');
-            writeSecureFile(storePath, '{}');
+            await writeSecureFile(storePath, '{}');
             const deps = createMockDependencies({
                 registry: new Registry([GITLAB]),
             });
@@ -1265,7 +1265,7 @@ describe('CLI commands with dependency injection', () => {
             await runCommand(['services', 'register', 'my-api', '--base-api-url', 'https://api.example.com/'], deps);
             // Store credentials
             const storePath = join(tempDir, 'credentials.json');
-            writeSecureFile(storePath, JSON.stringify({
+            await writeSecureFile(storePath, JSON.stringify({
                 'my-api': {
                     objectType: 'rawCurl',
                     curlArguments: ['-H', 'Authorization: Bearer my-token'],
@@ -1319,7 +1319,7 @@ describe('CLI commands with dependency injection', () => {
             ], deps);
             // Store credentials
             const storePath = join(tempDir, 'credentials.json');
-            writeSecureFile(storePath, JSON.stringify({
+            await writeSecureFile(storePath, JSON.stringify({
                 'my-gitlab': {
                     objectType: 'rawCurl',
                     curlArguments: ['-H', 'PRIVATE-TOKEN: my-secret-token'],
@@ -1402,7 +1402,7 @@ describe('CLI commands with dependency injection', () => {
             ], deps);
             // Store credentials for it
             const storePath = join(tempDir, 'credentials.json');
-            writeSecureFile(storePath, JSON.stringify({
+            await writeSecureFile(storePath, JSON.stringify({
                 'my-gitlab': {
                     objectType: 'rawCurl',
                     curlArguments: ['-H', 'PRIVATE-TOKEN: my-secret-token'],
@@ -1435,7 +1435,7 @@ describe('CLI commands with dependency injection', () => {
             ], deps);
             // Store and then clear credentials
             const storePath = join(tempDir, 'credentials.json');
-            writeSecureFile(storePath, JSON.stringify({
+            await writeSecureFile(storePath, JSON.stringify({
                 'my-gitlab': {
                     objectType: 'rawCurl',
                     curlArguments: ['-H', 'PRIVATE-TOKEN: my-secret-token'],