oneclaw 0.1.0

package/dist/core/schema.d.ts

@@ -0,0 +1,330 @@
+import { z } from "zod";
+import { TARGETS, type IdentityPack } from "./types.js";
+export declare const identityPackSchema: z.ZodObject<{
+    schema: z.ZodLiteral<"one-identity/v1">;
+    packId: z.ZodString;
+    createdAt: z.ZodString;
+    updatedAt: z.ZodString;
+    accounts: z.ZodObject<{
+        email: z.ZodOptional<z.ZodObject<{
+            provider: z.ZodLiteral<"agentmail">;
+            inboxId: z.ZodString;
+            address: z.ZodString;
+            apiKeyRef: z.ZodString;
+            webhookSecretRef: z.ZodOptional<z.ZodString>;
+        }, "strip", z.ZodTypeAny, {
+            provider: "agentmail";
+            inboxId: string;
+            address: string;
+            apiKeyRef: string;
+            webhookSecretRef?: string | undefined;
+        }, {
+            provider: "agentmail";
+            inboxId: string;
+            address: string;
+            apiKeyRef: string;
+            webhookSecretRef?: string | undefined;
+        }>>;
+        telegram: z.ZodOptional<z.ZodObject<{
+            provider: z.ZodLiteral<"telegram">;
+            identityId: z.ZodString;
+            botUsername: z.ZodString;
+            tokenRef: z.ZodString;
+        }, "strip", z.ZodTypeAny, {
+            identityId: string;
+            provider: "telegram";
+            botUsername: string;
+            tokenRef: string;
+        }, {
+            identityId: string;
+            provider: "telegram";
+            botUsername: string;
+            tokenRef: string;
+        }>>;
+        slack: z.ZodOptional<z.ZodObject<{
+            provider: z.ZodLiteral<"slack">;
+            identityId: z.ZodString;
+            botTokenRef: z.ZodString;
+            appTokenRef: z.ZodString;
+        }, "strip", z.ZodTypeAny, {
+            identityId: string;
+            provider: "slack";
+            botTokenRef: string;
+            appTokenRef: string;
+        }, {
+            identityId: string;
+            provider: "slack";
+            botTokenRef: string;
+            appTokenRef: string;
+        }>>;
+        bitwarden: z.ZodOptional<z.ZodObject<{
+            provider: z.ZodLiteral<"bitwarden">;
+            accountEmail: z.ZodString;
+            vault: z.ZodString;
+            itemRefs: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
+            sessionRef: z.ZodOptional<z.ZodString>;
+            masterPasswordRef: z.ZodOptional<z.ZodString>;
+        }, "strip", z.ZodTypeAny, {
+            vault: string;
+            itemRefs: string[];
+            provider: "bitwarden";
+            accountEmail: string;
+            sessionRef?: string | undefined;
+            masterPasswordRef?: string | undefined;
+        }, {
+            vault: string;
+            provider: "bitwarden";
+            accountEmail: string;
+            sessionRef?: string | undefined;
+            itemRefs?: string[] | undefined;
+            masterPasswordRef?: string | undefined;
+        }>>;
+    }, "strip", z.ZodTypeAny, {
+        telegram?: {
+            identityId: string;
+            provider: "telegram";
+            botUsername: string;
+            tokenRef: string;
+        } | undefined;
+        slack?: {
+            identityId: string;
+            provider: "slack";
+            botTokenRef: string;
+            appTokenRef: string;
+        } | undefined;
+        bitwarden?: {
+            vault: string;
+            itemRefs: string[];
+            provider: "bitwarden";
+            accountEmail: string;
+            sessionRef?: string | undefined;
+            masterPasswordRef?: string | undefined;
+        } | undefined;
+        email?: {
+            provider: "agentmail";
+            inboxId: string;
+            address: string;
+            apiKeyRef: string;
+            webhookSecretRef?: string | undefined;
+        } | undefined;
+    }, {
+        telegram?: {
+            identityId: string;
+            provider: "telegram";
+            botUsername: string;
+            tokenRef: string;
+        } | undefined;
+        slack?: {
+            identityId: string;
+            provider: "slack";
+            botTokenRef: string;
+            appTokenRef: string;
+        } | undefined;
+        bitwarden?: {
+            vault: string;
+            provider: "bitwarden";
+            accountEmail: string;
+            sessionRef?: string | undefined;
+            itemRefs?: string[] | undefined;
+            masterPasswordRef?: string | undefined;
+        } | undefined;
+        email?: {
+            provider: "agentmail";
+            inboxId: string;
+            address: string;
+            apiKeyRef: string;
+            webhookSecretRef?: string | undefined;
+        } | undefined;
+    }>;
+    targets: z.ZodDefault<z.ZodArray<z.ZodEnum<["owpenbot", "openclaw", "nanoclaw"]>, "many">>;
+    provisioning: z.ZodOptional<z.ZodObject<{
+        runs: z.ZodArray<z.ZodObject<{
+            runId: z.ZodString;
+            startedAt: z.ZodString;
+            updatedAt: z.ZodString;
+            completed: z.ZodBoolean;
+            steps: z.ZodArray<z.ZodObject<{
+                provider: z.ZodString;
+                stepId: z.ZodString;
+                kind: z.ZodEnum<["api_call", "browser_task", "manual_checkpoint", "verify", "persist_secret"]>;
+                status: z.ZodEnum<["completed", "blocked"]>;
+                detail: z.ZodString;
+                updatedAt: z.ZodString;
+            }, "strip", z.ZodTypeAny, {
+                provider: string;
+                status: "completed" | "blocked";
+                stepId: string;
+                kind: "api_call" | "browser_task" | "manual_checkpoint" | "verify" | "persist_secret";
+                detail: string;
+                updatedAt: string;
+            }, {
+                provider: string;
+                status: "completed" | "blocked";
+                stepId: string;
+                kind: "api_call" | "browser_task" | "manual_checkpoint" | "verify" | "persist_secret";
+                detail: string;
+                updatedAt: string;
+            }>, "many">;
+        }, "strip", z.ZodTypeAny, {
+            completed: boolean;
+            updatedAt: string;
+            runId: string;
+            startedAt: string;
+            steps: {
+                provider: string;
+                status: "completed" | "blocked";
+                stepId: string;
+                kind: "api_call" | "browser_task" | "manual_checkpoint" | "verify" | "persist_secret";
+                detail: string;
+                updatedAt: string;
+            }[];
+        }, {
+            completed: boolean;
+            updatedAt: string;
+            runId: string;
+            startedAt: string;
+            steps: {
+                provider: string;
+                status: "completed" | "blocked";
+                stepId: string;
+                kind: "api_call" | "browser_task" | "manual_checkpoint" | "verify" | "persist_secret";
+                detail: string;
+                updatedAt: string;
+            }[];
+        }>, "many">;
+    }, "strip", z.ZodTypeAny, {
+        runs: {
+            completed: boolean;
+            updatedAt: string;
+            runId: string;
+            startedAt: string;
+            steps: {
+                provider: string;
+                status: "completed" | "blocked";
+                stepId: string;
+                kind: "api_call" | "browser_task" | "manual_checkpoint" | "verify" | "persist_secret";
+                detail: string;
+                updatedAt: string;
+            }[];
+        }[];
+    }, {
+        runs: {
+            completed: boolean;
+            updatedAt: string;
+            runId: string;
+            startedAt: string;
+            steps: {
+                provider: string;
+                status: "completed" | "blocked";
+                stepId: string;
+                kind: "api_call" | "browser_task" | "manual_checkpoint" | "verify" | "persist_secret";
+                detail: string;
+                updatedAt: string;
+            }[];
+        }[];
+    }>>;
+}, "strip", z.ZodTypeAny, {
+    updatedAt: string;
+    schema: "one-identity/v1";
+    packId: string;
+    createdAt: string;
+    accounts: {
+        telegram?: {
+            identityId: string;
+            provider: "telegram";
+            botUsername: string;
+            tokenRef: string;
+        } | undefined;
+        slack?: {
+            identityId: string;
+            provider: "slack";
+            botTokenRef: string;
+            appTokenRef: string;
+        } | undefined;
+        bitwarden?: {
+            vault: string;
+            itemRefs: string[];
+            provider: "bitwarden";
+            accountEmail: string;
+            sessionRef?: string | undefined;
+            masterPasswordRef?: string | undefined;
+        } | undefined;
+        email?: {
+            provider: "agentmail";
+            inboxId: string;
+            address: string;
+            apiKeyRef: string;
+            webhookSecretRef?: string | undefined;
+        } | undefined;
+    };
+    targets: ("owpenbot" | "openclaw" | "nanoclaw")[];
+    provisioning?: {
+        runs: {
+            completed: boolean;
+            updatedAt: string;
+            runId: string;
+            startedAt: string;
+            steps: {
+                provider: string;
+                status: "completed" | "blocked";
+                stepId: string;
+                kind: "api_call" | "browser_task" | "manual_checkpoint" | "verify" | "persist_secret";
+                detail: string;
+                updatedAt: string;
+            }[];
+        }[];
+    } | undefined;
+}, {
+    updatedAt: string;
+    schema: "one-identity/v1";
+    packId: string;
+    createdAt: string;
+    accounts: {
+        telegram?: {
+            identityId: string;
+            provider: "telegram";
+            botUsername: string;
+            tokenRef: string;
+        } | undefined;
+        slack?: {
+            identityId: string;
+            provider: "slack";
+            botTokenRef: string;
+            appTokenRef: string;
+        } | undefined;
+        bitwarden?: {
+            vault: string;
+            provider: "bitwarden";
+            accountEmail: string;
+            sessionRef?: string | undefined;
+            itemRefs?: string[] | undefined;
+            masterPasswordRef?: string | undefined;
+        } | undefined;
+        email?: {
+            provider: "agentmail";
+            inboxId: string;
+            address: string;
+            apiKeyRef: string;
+            webhookSecretRef?: string | undefined;
+        } | undefined;
+    };
+    targets?: ("owpenbot" | "openclaw" | "nanoclaw")[] | undefined;
+    provisioning?: {
+        runs: {
+            completed: boolean;
+            updatedAt: string;
+            runId: string;
+            startedAt: string;
+            steps: {
+                provider: string;
+                status: "completed" | "blocked";
+                stepId: string;
+                kind: "api_call" | "browser_task" | "manual_checkpoint" | "verify" | "persist_secret";
+                detail: string;
+                updatedAt: string;
+            }[];
+        }[];
+    } | undefined;
+}>;
+export declare function validatePack(input: unknown): IdentityPack;
+export declare function isTargetId(value: string): value is (typeof TARGETS)[number];

package/dist/core/schema.js

@@ -0,0 +1,72 @@
+import { z } from "zod";
+import { PACK_SCHEMA_VERSION, TARGETS } from "./types.js";
+const secretRef = z.string().regex(/^secret:\/\/[a-zA-Z0-9_.-]+\/[a-zA-Z0-9_.-]+\/[a-zA-Z0-9_.-]+$/, {
+    message: "Invalid secret reference. Expected secret://pack/provider/key",
+});
+const emailAccount = z.object({
+    provider: z.literal("agentmail"),
+    inboxId: z.string().min(1),
+    address: z.string().email(),
+    apiKeyRef: secretRef,
+    webhookSecretRef: secretRef.optional(),
+});
+const telegramAccount = z.object({
+    provider: z.literal("telegram"),
+    identityId: z.string().min(1),
+    botUsername: z.string().min(1),
+    tokenRef: secretRef,
+});
+const slackAccount = z.object({
+    provider: z.literal("slack"),
+    identityId: z.string().min(1),
+    botTokenRef: secretRef,
+    appTokenRef: secretRef,
+});
+const bitwardenAccount = z.object({
+    provider: z.literal("bitwarden"),
+    accountEmail: z.string().email(),
+    vault: z.string().min(1),
+    itemRefs: z.array(z.string().min(1)).default([]),
+    sessionRef: secretRef.optional(),
+    masterPasswordRef: secretRef.optional(),
+});
+const provisioningStepSchema = z.object({
+    provider: z.string().min(1),
+    stepId: z.string().min(1),
+    kind: z.enum(["api_call", "browser_task", "manual_checkpoint", "verify", "persist_secret"]),
+    status: z.enum(["completed", "blocked"]),
+    detail: z.string().min(1),
+    updatedAt: z.string().datetime(),
+});
+const provisioningRunSchema = z.object({
+    runId: z.string().min(1),
+    startedAt: z.string().datetime(),
+    updatedAt: z.string().datetime(),
+    completed: z.boolean(),
+    steps: z.array(provisioningStepSchema),
+});
+export const identityPackSchema = z.object({
+    schema: z.literal(PACK_SCHEMA_VERSION),
+    packId: z.string().regex(/^[a-zA-Z0-9_.-]+$/),
+    createdAt: z.string().datetime(),
+    updatedAt: z.string().datetime(),
+    accounts: z.object({
+        email: emailAccount.optional(),
+        telegram: telegramAccount.optional(),
+        slack: slackAccount.optional(),
+        bitwarden: bitwardenAccount.optional(),
+    }),
+    targets: z.array(z.enum(TARGETS)).default([]),
+    provisioning: z
+        .object({
+        runs: z.array(provisioningRunSchema),
+    })
+        .optional(),
+});
+export function validatePack(input) {
+    return identityPackSchema.parse(input);
+}
+export function isTargetId(value) {
+    return TARGETS.includes(value);
+}
+//# sourceMappingURL=schema.js.map

package/dist/core/schema.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"schema.js","sourceRoot":"","sources":["../../src/core/schema.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EAAE,mBAAmB,EAAE,OAAO,EAAqB,MAAM,YAAY,CAAC;AAE7E,MAAM,SAAS,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,gEAAgE,EAAE;IACnG,OAAO,EAAE,+DAA+D;CACzE,CAAC,CAAC;AAEH,MAAM,YAAY,GAAG,CAAC,CAAC,MAAM,CAAC;IAC5B,QAAQ,EAAE,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC;IAChC,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC1B,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE;IAC3B,SAAS,EAAE,SAAS;IACpB,gBAAgB,EAAE,SAAS,CAAC,QAAQ,EAAE;CACvC,CAAC,CAAC;AAEH,MAAM,eAAe,GAAG,CAAC,CAAC,MAAM,CAAC;IAC/B,QAAQ,EAAE,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC;IAC/B,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC7B,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC9B,QAAQ,EAAE,SAAS;CACpB,CAAC,CAAC;AAEH,MAAM,YAAY,GAAG,CAAC,CAAC,MAAM,CAAC;IAC5B,QAAQ,EAAE,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC;IAC5B,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC7B,WAAW,EAAE,SAAS;IACtB,WAAW,EAAE,SAAS;CACvB,CAAC,CAAC;AAEH,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IAChC,QAAQ,EAAE,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC;IAChC,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE;IAChC,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACxB,QAAQ,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;IAChD,UAAU,EAAE,SAAS,CAAC,QAAQ,EAAE;IAChC,iBAAiB,EAAE,SAAS,CAAC,QAAQ,EAAE;CACxC,CAAC,CAAC;AAEH,MAAM,sBAAsB,GAAG,CAAC,CAAC,MAAM,CAAC;IACtC,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC3B,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACzB,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,cAAc,EAAE,mBAAmB,EAAE,QAAQ,EAAE,gBAAgB,CAAC,CAAC;IAC3F,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC;IACxC,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACzB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACjC,CAAC,CAAC;AAEH,MAAM,qBAAqB,GAAG,CAAC,CAAC,MAAM,CAAC;IACrC,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACxB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAChC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAChC,SAAS,EAAE,CAAC,CAAC,OAAO,EAAE;IACtB,KAAK,EAAE,CAAC,CAAC,KAAK,CAAC,sBAAsB,CAAC;CACvC,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC,CAAC,MAAM,CAAC;IACzC,MAAM,EAAE,CAAC,CAAC,OAAO,CAAC,mBAAmB,CAAC;IACtC,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,mBAAmB,CAAC;IAC7C,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAChC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAChC,QAAQ,EAAE,CAAC,CAAC,MAAM,CAAC;QACjB,KAAK,EAAE,YAAY,CAAC,QAAQ,EAAE;QAC9B,QAAQ,EAAE,eAAe,CAAC,QAAQ,EAAE;QACpC,KAAK,EAAE,YAAY,CAAC,QAAQ,EAAE;QAC9B,SAAS,EAAE,gBAAgB,CAAC,QAAQ,EAAE;KACvC,CAAC;IACF,OAAO,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;IAC7C,YAAY,EAAE,CAAC;SACZ,MAAM,CAAC;QACN,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,qBAAqB,CAAC;KACrC,CAAC;SACD,QAAQ,EAAE;CACd,CAAC,CAAC;AAEH,MAAM,UAAU,YAAY,CAAC,KAAc;IACzC,OAAO,kBAAkB,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;AACzC,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,KAAa;IACtC,OAAO,OAAO,CAAC,QAAQ,CAAC,KAAiC,CAAC,CAAC;AAC7D,CAAC"}

package/dist/core/secrets.d.ts

@@ -0,0 +1,9 @@
+export declare function buildSecretRef(packId: string, provider: string, key: string): string;
+export declare function parseSecretRef(ref: string): {
+    packId: string;
+    provider: string;
+    key: string;
+} | undefined;
+export declare function setSecret(packId: string, provider: string, key: string, value: string): string;
+export declare function resolveSecret(ref: string): string | undefined;
+export declare function redactString(input: string): string;

package/dist/core/secrets.js

@@ -0,0 +1,65 @@
+import fs from "node:fs";
+import path from "node:path";
+import { readJsonFile } from "./fs.js";
+import { getPaths } from "./paths.js";
+const BUNDLE_VERSION = 1;
+function secretFilePath(packId) {
+    return path.join(getPaths().secretsDir, `${packId}.json`);
+}
+function bundleTemplate() {
+    return {
+        version: BUNDLE_VERSION,
+        updatedAt: new Date().toISOString(),
+        values: {},
+    };
+}
+function loadBundle(packId) {
+    const loaded = readJsonFile(secretFilePath(packId));
+    if (!loaded)
+        return bundleTemplate();
+    return {
+        version: BUNDLE_VERSION,
+        updatedAt: loaded.updatedAt || new Date().toISOString(),
+        values: loaded.values || {},
+    };
+}
+function saveBundle(packId, bundle) {
+    const filePath = secretFilePath(packId);
+    fs.mkdirSync(path.dirname(filePath), { recursive: true });
+    fs.writeFileSync(filePath, `${JSON.stringify(bundle, null, 2)}\n`, { encoding: "utf8", mode: 0o600 });
+    try {
+        fs.chmodSync(filePath, 0o600);
+    }
+    catch {
+        // best-effort permissions hardening
+    }
+}
+export function buildSecretRef(packId, provider, key) {
+    return `secret://${packId}/${provider}/${key}`;
+}
+export function parseSecretRef(ref) {
+    const m = /^secret:\/\/([a-zA-Z0-9_.-]+)\/([a-zA-Z0-9_.-]+)\/([a-zA-Z0-9_.-]+)$/.exec(ref);
+    if (!m)
+        return undefined;
+    return { packId: m[1], provider: m[2], key: m[3] };
+}
+export function setSecret(packId, provider, key, value) {
+    const bundle = loadBundle(packId);
+    bundle.values[`${provider}.${key}`] = value;
+    bundle.updatedAt = new Date().toISOString();
+    saveBundle(packId, bundle);
+    return buildSecretRef(packId, provider, key);
+}
+export function resolveSecret(ref) {
+    const parsed = parseSecretRef(ref);
+    if (!parsed)
+        return undefined;
+    const bundle = loadBundle(parsed.packId);
+    return bundle.values[`${parsed.provider}.${parsed.key}`];
+}
+export function redactString(input) {
+    if (input.length <= 8)
+        return "********";
+    return `${input.slice(0, 4)}...${input.slice(-4)}`;
+}
+//# sourceMappingURL=secrets.js.map

package/dist/core/secrets.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"secrets.js","sourceRoot":"","sources":["../../src/core/secrets.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AAGtC,MAAM,cAAc,GAAG,CAAU,CAAC;AAElC,SAAS,cAAc,CAAC,MAAc;IACpC,OAAO,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC,UAAU,EAAE,GAAG,MAAM,OAAO,CAAC,CAAC;AAC5D,CAAC;AAED,SAAS,cAAc;IACrB,OAAO;QACL,OAAO,EAAE,cAAc;QACvB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,MAAM,EAAE,EAAE;KACX,CAAC;AACJ,CAAC;AAED,SAAS,UAAU,CAAC,MAAc;IAChC,MAAM,MAAM,GAAG,YAAY,CAAe,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC;IAClE,IAAI,CAAC,MAAM;QAAE,OAAO,cAAc,EAAE,CAAC;IACrC,OAAO;QACL,OAAO,EAAE,cAAc;QACvB,SAAS,EAAE,MAAM,CAAC,SAAS,IAAI,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACvD,MAAM,EAAE,MAAM,CAAC,MAAM,IAAI,EAAE;KAC5B,CAAC;AACJ,CAAC;AAED,SAAS,UAAU,CAAC,MAAc,EAAE,MAAoB;IACtD,MAAM,QAAQ,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC1D,EAAE,CAAC,aAAa,CAAC,QAAQ,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACtG,IAAI,CAAC;QACH,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;IAChC,CAAC;IAAC,MAAM,CAAC;QACP,oCAAoC;IACtC,CAAC;AACH,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,MAAc,EAAE,QAAgB,EAAE,GAAW;IAC1E,OAAO,YAAY,MAAM,IAAI,QAAQ,IAAI,GAAG,EAAE,CAAC;AACjD,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,GAAW;IACxC,MAAM,CAAC,GAAG,sEAAsE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC3F,IAAI,CAAC,CAAC;QAAE,OAAO,SAAS,CAAC;IACzB,OAAO,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;AACrD,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,MAAc,EAAE,QAAgB,EAAE,GAAW,EAAE,KAAa;IACpF,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;IAClC,MAAM,CAAC,MAAM,CAAC,GAAG,QAAQ,IAAI,GAAG,EAAE,CAAC,GAAG,KAAK,CAAC;IAC5C,MAAM,CAAC,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC5C,UAAU,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC3B,OAAO,cAAc,CAAC,MAAM,EAAE,QAAQ,EAAE,GAAG,CAAC,CAAC;AAC/C,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,GAAW;IACvC,MAAM,MAAM,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC;IACnC,IAAI,CAAC,MAAM;QAAE,OAAO,SAAS,CAAC;IAC9B,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IACzC,OAAO,MAAM,CAAC,MAAM,CAAC,GAAG,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC;AAC3D,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,KAAa;IACxC,IAAI,KAAK,CAAC,MAAM,IAAI,CAAC;QAAE,OAAO,UAAU,CAAC;IACzC,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,MAAM,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;AACrD,CAAC"}

package/dist/core/types.d.ts

@@ -0,0 +1,69 @@
+export declare const PACK_SCHEMA_VERSION: "one-identity/v1";
+export declare const TARGETS: readonly ["owpenbot", "openclaw", "nanoclaw"];
+export type TargetId = (typeof TARGETS)[number];
+export type AgentmailEmailAccount = {
+    provider: "agentmail";
+    inboxId: string;
+    address: string;
+    apiKeyRef: string;
+    webhookSecretRef?: string;
+};
+export type TelegramAccount = {
+    provider: "telegram";
+    identityId: string;
+    botUsername: string;
+    tokenRef: string;
+};
+export type SlackAccount = {
+    provider: "slack";
+    identityId: string;
+    botTokenRef: string;
+    appTokenRef: string;
+};
+export type BitwardenAccount = {
+    provider: "bitwarden";
+    accountEmail: string;
+    vault: string;
+    itemRefs: string[];
+    sessionRef?: string;
+    masterPasswordRef?: string;
+};
+export type ProvisioningStepLog = {
+    provider: string;
+    stepId: string;
+    kind: "api_call" | "browser_task" | "manual_checkpoint" | "verify" | "persist_secret";
+    status: "completed" | "blocked";
+    detail: string;
+    updatedAt: string;
+};
+export type ProvisioningRunLog = {
+    runId: string;
+    startedAt: string;
+    updatedAt: string;
+    completed: boolean;
+    steps: ProvisioningStepLog[];
+};
+export type IdentityPack = {
+    schema: typeof PACK_SCHEMA_VERSION;
+    packId: string;
+    createdAt: string;
+    updatedAt: string;
+    accounts: {
+        email?: AgentmailEmailAccount;
+        telegram?: TelegramAccount;
+        slack?: SlackAccount;
+        bitwarden?: BitwardenAccount;
+    };
+    targets: TargetId[];
+    provisioning?: {
+        runs: ProvisioningRunLog[];
+    };
+};
+export type SecretBundle = {
+    version: 1;
+    updatedAt: string;
+    values: Record<string, string>;
+};
+export type AdapterContext = {
+    resolveSecret: (ref: string) => string | undefined;
+};

package/dist/core/types.js

@@ -0,0 +1,3 @@
+export const PACK_SCHEMA_VERSION = "one-identity/v1";
+export const TARGETS = ["owpenbot", "openclaw", "nanoclaw"];
+//# sourceMappingURL=types.js.map

package/dist/core/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/core/types.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,mBAAmB,GAAG,iBAA0B,CAAC;AAE9D,MAAM,CAAC,MAAM,OAAO,GAAG,CAAC,UAAU,EAAE,UAAU,EAAE,UAAU,CAAU,CAAC"}

package/dist/core/workflow.d.ts

@@ -0,0 +1,48 @@
+import type { IdentityPack } from "./types.js";
+import type { ProvisionRunState, StepKind } from "./run-state.js";
+export type WorkflowStepResult = {
+    status: "completed";
+    detail?: string;
+} | {
+    status: "blocked";
+    detail: string;
+};
+export type WorkflowStepContext = {
+    pack: IdentityPack;
+    nonInteractive: boolean;
+    options: Record<string, string | boolean | undefined>;
+    state: Record<string, string>;
+    getOption: (key: string) => string | undefined;
+    getFlag: (key: string) => boolean;
+    ask: (prompt: string) => Promise<string | undefined>;
+    setData: (key: string, value: string) => void;
+    getData: (key: string) => string | undefined;
+    putSecret: (provider: string, key: string, value: string) => string;
+    resolveSecret: (ref: string) => string | undefined;
+    updatePack: (next: IdentityPack) => void;
+    log: (message: string) => void;
+};
+export type WorkflowStep = {
+    id: string;
+    kind: StepKind;
+    detail: string;
+    run: (ctx: WorkflowStepContext) => Promise<WorkflowStepResult>;
+};
+export type ProviderWorkflow = {
+    provider: string;
+    steps: WorkflowStep[];
+};
+export type WorkflowRunResult = {
+    status: "completed" | "blocked";
+    blockedStepId?: string;
+    blockedReason?: string;
+};
+export declare function runProviderWorkflow(input: {
+    workflow: ProviderWorkflow;
+    run: ProvisionRunState;
+    pack: IdentityPack;
+    options: Record<string, string | boolean | undefined>;
+    nonInteractive: boolean;
+    ask: (prompt: string) => Promise<string | undefined>;
+    log: (message: string) => void;
+}): Promise<WorkflowRunResult>;