npm - opencode-1password-auth - Versions diffs - 1.0.7 → 1.0.9 - Mend

opencode-1password-auth 1.0.7 → 1.0.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/index.ts DELETED Viewed

@@ -1,423 +0,0 @@
-import type { Plugin } from "@opencode-ai/plugin";
-import * as sdk from "@1password/sdk";
-// Debug logging to file
-const debugLog = (message: string) => {
-  const timestamp = new Date().toISOString();
-  const logMessage = `[${timestamp}] 1Password: ${message}\n`;
-  console.log(logMessage.trim());
-  try {
-    // Try to write to a debug log file
-    const fs = require('fs');
-    const path = require('path');
-    const home = process.env.HOME || process.env.USERPROFILE || '';
-    const logDir = path.join(home, '.opencode-1password-debug');
-    if (!fs.existsSync(logDir)) {
-      fs.mkdirSync(logDir, { recursive: true });
-    }
-    const logFile = path.join(logDir, 'debug.log');
-    fs.appendFileSync(logFile, logMessage);
-  } catch (err) {
-    // Ignore file logging errors
-  }
-};
-interface MCPServerConfig {
-  environment?: Record<string, string>;
-}
-interface OpenCodeConfig {
-  mcp?: Record<string, MCPServerConfig>;
-}
-interface ProviderAuth {
-  type: string;
-  key: string;
-}
-interface AuthJson {
-  [providerId: string]: ProviderAuth;
-}
-export const OnePasswordAuthPlugin: Plugin = async ({ client, $ }) => {
-  let opClient: Awaited<ReturnType<typeof sdk.createClient>> | null = null;
-  let mcpsEnvId: string | undefined;
-  debugLog("Plugin loaded");
-  const normalizeProviderId = (variableName: string): string => {
-    // Convert common patterns to match auth.json provider IDs
-    // e.g., "MINIMAX_CODING_PLAN" -> "minimax-coding-plan"
-    // e.g., "OPENCODE" -> "opencode"
-    // e.g., "DEEPSEEK" -> "deepseek"
-    let normalized = variableName.toLowerCase();
-    // Convert underscores to hyphens
-    normalized = normalized.replace(/_/g, '-');
-    debugLog(`Normalized ${variableName} -> ${normalized}`);
-    return normalized;
-  };
-  const getAlternativeEnvVarNames = (providerId: string): string[] => {
-    // Generate all possible env var names that might be used
-    const names = new Set<string>();
-    // Original providerId (e.g., "minimax-coding-plan")
-    names.add(providerId);
-    // Uppercase version (e.g., "MINIMAX-CODING-PLAN")
-    names.add(providerId.toUpperCase());
-    // With underscores instead of hyphens (e.g., "minimax_coding_plan")
-    names.add(providerId.replace(/-/g, '_'));
-    // Uppercase with underscores (e.g., "MINIMAX_CODING_PLAN")
-    names.add(providerId.replace(/-/g, '_').toUpperCase());
-    // Just the first part (e.g., "minimax")
-    const firstPart = providerId.split('-')[0];
-    if (firstPart && firstPart !== providerId) {
-      names.add(firstPart);
-      names.add(firstPart.toUpperCase());
-    }
-    return Array.from(names);
-  };
-  const getHomeDir = (): string => {
-    return process.env.HOME || process.env.USERPROFILE || "";
-  };
-  const getAuthJsonPath = (): string => {
-    const home = getHomeDir();
-    return `${home}/.local/share/opencode/auth.json`;
-  };
-  const getOpenCodeJsonPath = (): string => {
-    const home = getHomeDir();
-    return `${home}/.config/opencode/opencode.json`;
-  };
-  const initClient = async () => {
-    const token = process.env.OP_SERVICE_ACCOUNT_TOKEN;
-    if (!token) {
-      debugLog("Missing OP_SERVICE_ACCOUNT_TOKEN");
-      return null;
-    }
-    try {
-      return await sdk.createClient({
-        auth: token,
-        integrationName: "opencode-1password-env",
-        integrationVersion: "1.0.0",
-      });
-    } catch (err) {
-      debugLog(`Failed to create client: ${err}`);
-      return null;
-    }
-  };
-  const readEnvironmentVariables = async (envId: string) => {
-    if (!opClient) return [];
-    try {
-      const { variables } = await opClient.environments.getVariables(envId);
-      debugLog(`Read ${variables?.length || 0} variables from environment ${envId}`);
-      return variables || [];
-    } catch (err) {
-      debugLog(`Failed to read environment ${envId}: ${err}`);
-      return [];
-    }
-  };
-  const getSecretsFromEnvironment = async (envId: string): Promise<Record<string, string>> => {
-    const vars = await readEnvironmentVariables(envId);
-    const secrets: Record<string, string> = {};
-    for (const v of vars) {
-      if (v.value) {
-        secrets[v.name] = v.value;
-        debugLog(`Found secret: ${v.name} (${v.value.length} chars)`);
-      }
-    }
-    return secrets;
-  };
-  const updateAuthJson = async (providerEnvId: string): Promise<void> => {
-    const authJsonPath = getAuthJsonPath();
-    try {
-      // Read current auth.json using cat
-      const catResult = await $`cat "${authJsonPath}"`;
-      const content = catResult.stdout;
-      let auth: AuthJson;
-      try {
-        auth = JSON.parse(content);
-      } catch {
-        debugLog("auth.json is not valid JSON, skipping");
-        return;
-      }
-      let modified = false;
-      for (const [providerId, authConfig] of Object.entries(auth)) {
-        if (authConfig.key && !authConfig.key.startsWith("{env:")) {
-          // Replace hardcoded key with env var reference
-          authConfig.key = `{env:${providerId}}`;
-          modified = true;
-          debugLog(`Updated auth.json - ${providerId} -> {env:${providerId}}`);
-        }
-      }
-      if (modified) {
-        // Write updated content using a temp file and mv
-        const newContent = JSON.stringify(auth, null, 2);
-        // Use node to write the file since $ heredocs can be tricky
-        await $`node -e "const fs=require('fs'); fs.writeFileSync('${authJsonPath}', JSON.stringify(${JSON.stringify(auth)}, null, 2));"`;
-        debugLog("auth.json updated to use environment variables");
-      }
-    } catch (err) {
-      debugLog(`Failed to update auth.json: ${err}`);
-    }
-  };
-  const updateOpenCodeJsonMCP = async (mcpEnvId: string): Promise<void> => {
-    const openCodeJsonPath = getOpenCodeJsonPath();
-    try {
-      // Read current opencode.json using cat
-      const catResult = await $`cat "${openCodeJsonPath}"`;
-      const content = catResult.stdout;
-      let config: OpenCodeConfig;
-      try {
-        config = JSON.parse(content);
-      } catch {
-        debugLog("opencode.json is not valid JSON, skipping");
-        return;
-      }
-      if (!config.mcp) {
-        debugLog("No MCP configuration found, skipping");
-        return;
-      }
-      let modified = false;
-      for (const [serverName, serverConfig] of Object.entries(config.mcp)) {
-        if (serverConfig?.environment) {
-          for (const [key, value] of Object.entries(serverConfig.environment)) {
-            if (typeof value === "string" && !value.startsWith("{env:") && !value.startsWith("$")) {
-              // Replace hardcoded value with env var reference
-              serverConfig.environment[key] = `{env:${key}}`;
-              modified = true;
-              debugLog(`Updated opencode.json - ${serverName}.${key} -> {env:${key}}`);
-            }
-          }
-        }
-      }
-      if (modified) {
-        // Write updated content
-        await $`node -e "const fs=require('fs'); fs.writeFileSync('${openCodeJsonPath}', JSON.stringify(${JSON.stringify(config)}, null, 2));"`;
-        debugLog("opencode.json MCP config updated to use environment variables");
-      }
-    } catch (err) {
-      debugLog(`Failed to update opencode.json: ${err}`);
-    }
-  };
-  const authenticateProviders = async (providerEnvId: string): Promise<void> => {
-    if (!opClient) return;
-    debugLog(`Reading provider secrets from environment ${providerEnvId}`);
-    const secrets = await getSecretsFromEnvironment(providerEnvId);
-    debugLog(`Found ${Object.keys(secrets).length} provider secrets`);
-    for (const [variableName, apiKey] of Object.entries(secrets)) {
-      if (!apiKey) continue;
-      const providerId = normalizeProviderId(variableName);
-      debugLog(`Processing ${variableName} -> ${providerId} (key length: ${apiKey.length})`);
-      // Set environment variables in multiple formats
-      const envVarNames = getAlternativeEnvVarNames(providerId);
-      for (const envVarName of envVarNames) {
-        process.env[envVarName] = apiKey;
-        debugLog(`Set process.env.${envVarName} = ${apiKey.substring(0, 8)}...`);
-      }
-      try {
-        // Authenticate with OpenCode runtime
-        debugLog(`Calling client.auth.set for ${providerId} with key length ${apiKey.length}`);
-        const result = await client.auth.set({
-          path: { id: providerId },
-          body: { type: "api", key: apiKey },
-        });
-        debugLog(`✓ ${providerId} authenticated (from ${variableName}) - Result: ${JSON.stringify(result)}`);
-      } catch (err) {
-        debugLog(`Failed to authenticate ${providerId}: ${err}`);
-        if (err instanceof Error) {
-          debugLog(`Error message: ${err.message}`);
-          debugLog(`Error stack: ${err.stack}`);
-        }
-        // Also log to console for immediate visibility
-        console.error(`[1Password Plugin] Failed to authenticate ${providerId}: ${err}`);
-      }
-    }
-  };
-  const getConfiguredMCPVars = (): Set<string> => {
-    const vars = new Set<string>();
-    try {
-      const config = client.config as OpenCodeConfig;
-      if (config?.mcp) {
-        for (const [, serverConfig] of Object.entries(config.mcp)) {
-          if (serverConfig?.environment) {
-            for (const [key] of Object.entries(serverConfig.environment)) {
-              if (key.startsWith("{env:")) {
-                const envVar = key.slice(5, -1);
-                vars.add(envVar);
-              } else {
-                vars.add(key);
-              }
-            }
-          }
-        }
-      }
-    } catch (err) {
-      debugLog(`Failed to read MCP config: ${err}`);
-    }
-    return vars;
-  };
-  const injectMCPSecrets = async (mcpEnvId: string): Promise<Record<string, string>> => {
-    const neededVars = getConfiguredMCPVars();
-    if (neededVars.size === 0) {
-      return {};
-    }
-    const secrets = await getSecretsFromEnvironment(mcpEnvId);
-    const toInject: Record<string, string> = {};
-    for (const varName of neededVars) {
-      if (secrets[varName]) {
-        toInject[varName] = secrets[varName];
-      }
-    }
-    return toInject;
-  };
-  // Initialize as soon as plugin loads (config hook runs early)
-  const initializePlugin = async () => {
-    debugLog("Initializing plugin...");
-    opClient = await initClient();
-    if (!opClient) {
-      debugLog("No client available");
-      return;
-    }
-    const configEnvId = process.env.OP_CONFIG_ENV_ID;
-    if (!configEnvId) {
-      debugLog("Missing OP_CONFIG_ENV_ID");
-      return;
-    }
-    debugLog(`Reading config from environment ${configEnvId}`);
-    const vars = await readEnvironmentVariables(configEnvId);
-    const configEnvIds: Record<string, string> = {};
-    for (const v of vars) {
-      if (v.name.endsWith("_ENV_ID") && v.value) {
-        configEnvIds[v.name] = v.value;
-        debugLog(`Found ${v.name} = ${v.value.substring(0, 10)}...`);
-      }
-    }
-    const providersEnvId = configEnvIds.OPENCODE_PROVIDERS_ENV_ID;
-    if (providersEnvId) {
-      // First update the config files to use env var references
-      await updateAuthJson(providersEnvId);
-      await authenticateProviders(providersEnvId);
-    }
-    const mcpEnvIdFromConfig = configEnvIds.OPENCODE_MCPS_ENV_ID;
-    if (mcpEnvIdFromConfig) {
-      mcpsEnvId = mcpEnvIdFromConfig;
-      await updateOpenCodeJsonMCP(mcpEnvIdFromConfig);
-      const toInject = await injectMCPSecrets(mcpEnvIdFromConfig);
-      if (Object.keys(toInject).length > 0) {
-        debugLog(`Injected ${Object.keys(toInject).join(", ")} for MCP`);
-      }
-    }
-    debugLog("Plugin initialization complete");
-  };
-  // Start initialization immediately
-  initializePlugin().catch(err => {
-    debugLog(`Failed to initialize plugin: ${err}`);
-  });
-  return {
-    async config(config: any) {
-      debugLog("Config hook called");
-      // Config hook runs early, we could also initialize here
-      // but we're already initializing above
-    },
-    async event({ event }: { event: { type: string } }) {
-      debugLog(`Received event: ${event.type}`);
-      if (event.type === "server.connected") {
-        debugLog("Server connected - rechecking authentication");
-        // Re-authenticate providers in case they weren't set earlier
-        if (opClient) {
-          const configEnvId = process.env.OP_CONFIG_ENV_ID;
-          if (configEnvId) {
-            const vars = await readEnvironmentVariables(configEnvId);
-            const configEnvIds: Record<string, string> = {};
-            for (const v of vars) {
-              if (v.name.endsWith("_ENV_ID") && v.value) {
-                configEnvIds[v.name] = v.value;
-              }
-            }
-            const providersEnvId = configEnvIds.OPENCODE_PROVIDERS_ENV_ID;
-            if (providersEnvId) {
-              await authenticateProviders(providersEnvId);
-            }
-          }
-        }
-      }
-    },
-    async "shell.env"(input, output) {
-      if (!opClient || !mcpsEnvId) return;
-      const toInject = await injectMCPSecrets(mcpsEnvId);
-      for (const [varName, value] of Object.entries(toInject)) {
-        output.env[varName] = value;
-        debugLog(`Injected ${varName} into shell environment`);
-      }
-    },
-    async "tool.execute.before"(input) {
-      if (input.tool !== "read") return;
-      const fileArgs = input.args as { filePath?: string } | undefined;
-      if (fileArgs?.filePath && fileArgs.filePath.includes(".env")) {
-        debugLog(
-          "Warning - .env file access detected. Consider using 1Password for secrets management."
-        );
-      }
-    },
-  };
-};
-export default OnePasswordAuthPlugin;