opencode-varlock 0.0.5 → 0.0.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +14 -1
- package/assets/permissions.json +9 -0
- package/dist/config.js +2 -2
- package/dist/config.js.map +1 -1
- package/dist/guard.d.ts.map +1 -1
- package/dist/guard.js +25 -3
- package/dist/guard.js.map +1 -1
- package/package.json +10 -3
package/README.md
CHANGED
|
@@ -108,6 +108,18 @@ assets/ JSON assets shipped with the npm package
|
|
|
108
108
|
docs/ Setup and integration guides
|
|
109
109
|
```
|
|
110
110
|
|
|
111
|
+
## Testing
|
|
112
|
+
|
|
113
|
+
```bash
|
|
114
|
+
npm run test:unit
|
|
115
|
+
npm run test:integration
|
|
116
|
+
npm run test:coverage
|
|
117
|
+
```
|
|
118
|
+
|
|
119
|
+
- `test:unit` covers config, guard, tools, and plugin registration
|
|
120
|
+
- `test:integration` starts a real OpenCode server through `@opencode-ai/sdk` and verifies the plugin inside real sessions
|
|
121
|
+
- `test:coverage` emits text, HTML, and LCOV coverage reports under `coverage/`
|
|
122
|
+
|
|
111
123
|
### Full config reference
|
|
112
124
|
|
|
113
125
|
```json
|
|
@@ -304,7 +316,7 @@ These permission rules complement the EnvGuard hook — the rules handle fast-pa
|
|
|
304
316
|
|
|
305
317
|
### Why three layers?
|
|
306
318
|
|
|
307
|
-
**Permissions alone aren't enough.** An agent can try `python3 -c "print(open('.env').read())"`
|
|
319
|
+
**Permissions alone aren't enough.** An agent can try `python3 -c "print(open('.env').read())"` or `python -c "import os; print(os.getenv('API_KEY'))"` - the obvious glob rules won't catch every runtime exfiltration path.
|
|
308
320
|
|
|
309
321
|
**Prompt instructions alone aren't enough.** Telling an agent "never read .env" is a soft boundary the model can reason past.
|
|
310
322
|
|
|
@@ -317,6 +329,7 @@ These permission rules complement the EnvGuard hook — the rules handle fast-pa
|
|
|
317
329
|
✓ Writes code: const db = new Client(process.env.DATABASE_URL)
|
|
318
330
|
✗ cat .env → Blocked: deny pattern
|
|
319
331
|
✗ echo $API_KEY → Blocked: deny pattern
|
|
332
|
+
✗ python -c "os.getenv" → Blocked: runtime env read
|
|
320
333
|
✗ python -c "open..." → Blocked: sensitive file
|
|
321
334
|
✗ jq . secrets/app.json → Blocked: matches glob "secrets/**"
|
|
322
335
|
```
|
package/assets/permissions.json
CHANGED
|
@@ -19,6 +19,9 @@
|
|
|
19
19
|
"tail *.env*": "deny",
|
|
20
20
|
"grep * .env*": "deny",
|
|
21
21
|
"echo $*": "deny",
|
|
22
|
+
"python*getenv*": "deny",
|
|
23
|
+
"python*os.environ*": "deny",
|
|
24
|
+
"node*process.env*": "deny",
|
|
22
25
|
"printenv*": "deny",
|
|
23
26
|
"env": "deny",
|
|
24
27
|
"export -p": "deny",
|
|
@@ -65,6 +68,9 @@
|
|
|
65
68
|
"tail *.env*": "deny",
|
|
66
69
|
"grep * .env*": "deny",
|
|
67
70
|
"echo $*": "deny",
|
|
71
|
+
"python*getenv*": "deny",
|
|
72
|
+
"python*os.environ*": "deny",
|
|
73
|
+
"node*process.env*": "deny",
|
|
68
74
|
"printenv*": "deny",
|
|
69
75
|
"env": "deny",
|
|
70
76
|
"env *": "deny",
|
|
@@ -142,6 +148,9 @@
|
|
|
142
148
|
"cat *.env*": "deny",
|
|
143
149
|
"printenv*": "deny",
|
|
144
150
|
"echo $*": "deny",
|
|
151
|
+
"python*getenv*": "deny",
|
|
152
|
+
"python*os.environ*": "deny",
|
|
153
|
+
"node*process.env*": "deny",
|
|
145
154
|
"env": "deny",
|
|
146
155
|
"docker *": "allow",
|
|
147
156
|
"npm *": "allow",
|
package/dist/config.js
CHANGED
|
@@ -8,7 +8,7 @@
|
|
|
8
8
|
* 4. Programmatic options passed to createVarlockPlugin()
|
|
9
9
|
*/
|
|
10
10
|
import { existsSync, readFileSync } from "fs";
|
|
11
|
-
import { resolve } from "path";
|
|
11
|
+
import { isAbsolute, resolve } from "path";
|
|
12
12
|
export const DEFAULT_CONFIG = {
|
|
13
13
|
guard: {
|
|
14
14
|
enabled: true,
|
|
@@ -70,7 +70,7 @@ export function loadConfig(cwd, overrides = {}) {
|
|
|
70
70
|
}
|
|
71
71
|
}
|
|
72
72
|
merged = deepMerge(merged, overrides);
|
|
73
|
-
if (merged.env.allowedRoot && !
|
|
73
|
+
if (merged.env.allowedRoot && !isAbsolute(merged.env.allowedRoot)) {
|
|
74
74
|
merged.env.allowedRoot = resolve(cwd, merged.env.allowedRoot);
|
|
75
75
|
}
|
|
76
76
|
else if (merged.env.allowedRoot) {
|
package/dist/config.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,IAAI,CAAA;AAC7C,OAAO,EAAE,OAAO,EAAE,MAAM,MAAM,CAAA;
|
|
1
|
+
{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,IAAI,CAAA;AAC7C,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,MAAM,CAAA;AA6B1C,MAAM,CAAC,MAAM,cAAc,GAAiB;IAC1C,KAAK,EAAE;QACL,OAAO,EAAE,IAAI;QACb,iBAAiB,EAAE;YACjB,MAAM;YACN,SAAS;YACT,MAAM;YACN,MAAM;YACN,aAAa;YACb,SAAS;SACV;QACD,cAAc,EAAE;YACd,SAAS;YACT,WAAW;YACX,eAAe;YACf,oBAAoB;YACpB,UAAU;YACV,UAAU;YACV,gBAAgB;YAChB,kBAAkB;YAClB,YAAY;YACZ,YAAY;SACb;QACD,gBAAgB,EAAE,EAAE;QACpB,gBAAgB,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;QAClD,iBAAiB,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC;KACrC;IACD,GAAG,EAAE;QACH,OAAO,EAAE,IAAI;QACb,WAAW,EAAE,GAAG;KACjB;IACD,OAAO,EAAE;QACP,OAAO,EAAE,KAAK;QACd,UAAU,EAAE,IAAI;QAChB,OAAO,EAAE,SAAS;QAClB,SAAS,EAAE,KAAK;KACjB;CACF,CAAA;AAED,MAAM,gBAAgB,GAAG;IACvB,qBAAqB;IACrB,+BAA+B;CAChC,CAAA;AAED,MAAM,UAAU,UAAU,CACxB,GAAW,EACX,YAAuC,EAAE;IAEzC,IAAI,MAAM,GAAG,eAAe,CAAC,cAAc,CAAC,CAAA;IAE5C,KAAK,MAAM,QAAQ,IAAI,gBAAgB,EAAE,CAAC;QACxC,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAA;QACvC,IAAI,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YACzB,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAA;gBAC3C,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;gBAE9B,OAAO,MAAM,CAAC,OAAO,CAAA;gBACrB,OAAO,MAAM,CAAC,QAAQ,CAAA;gBAEtB,MAAM,GAAG,SAAS,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;gBAClC,OAAO,CAAC,GAAG,CAAC,gCAAgC,QAAQ,EAAE,CAAC,CAAA;YACzD,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,OAAO,CAAC,IAAI,CAAC,6BAA6B,QAAQ,KAAK,GAAG,CAAC,OAAO,EAAE,CAAC,CAAA;YACvE,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,GAAG,SAAS,CAAC,MAAM,EAAE,SAAgB,CAAC,CAAA;IAE5C,IAAI,MAAM,CAAC,GAAG,CAAC,WAAW,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;QAClE,MAAM,CAAC,GAAG,CAAC,WAAW,GAAG,OAAO,CAAC,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC,CAAA;IAC/D,CAAC;SAAM,IAAI,MAAM,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;QAClC,MAAM,CAAC,GAAG,CAAC,WAAW,GAAG,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC,CAAA;IAC1D,CAAC;IAED,OAAO,MAAM,CAAA;AACf,CAAC;AAMD,MAAM,UAAU,SAAS,CACvB,MAAS,EACT,MAAsB;IAEtB,MAAM,MAAM,GAAG,EAAE,GAAG,MAAM,EAAE,CAAA;IAE5B,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAmB,EAAE,CAAC;QACxD,MAAM,MAAM,GAAG,MAAM,CAAC,GAAG,CAAC,CAAA;QAC1B,IAAI,MAAM,KAAK,SAAS,IAAI,MAAM,KAAK,IAAI;YAAE,SAAQ;QAErD,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YAC1B,CAAC;YAAC,MAAc,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC,CAAA;QACrC,CAAC;aAAM,IACL,OAAO,MAAM,KAAK,QAAQ;YAC1B,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC;YACtB,OAAO,MAAM,CAAC,GAAG,CAAC,KAAK,QAAQ;YAC/B,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,EAC3B,CAAC;YACD,CAAC;YAAC,MAAc,CAAC,GAAG,CAAC,GAAG,SAAS,CAC/B,MAAM,CAAC,GAAG,CAAwB,EAClC,MAA6B,CAC9B,CAAA;QACH,CAAC;aAAM,CAAC;YACN,CAAC;YAAC,MAAc,CAAC,GAAG,CAAC,GAAG,MAAM,CAAA;QAChC,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAA;AACf,CAAC"}
|
package/dist/guard.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"guard.d.ts","sourceRoot":"","sources":["../src/guard.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AAE9C,YAAY,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;
|
|
1
|
+
{"version":3,"file":"guard.d.ts","sourceRoot":"","sources":["../src/guard.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AAE9C,YAAY,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AA0C9C,KAAK,SAAS,GAAG;IAAE,IAAI,EAAE,MAAM,CAAA;CAAE,CAAA;AACjC,KAAK,UAAU,GAAG;IAAE,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;CAAE,CAAA;AAe/C,wBAAgB,cAAc,CAC5B,MAAM,EAAE,WAAW,GAClB,CAAC,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,UAAU,KAAK,OAAO,CAAC,IAAI,CAAC,CAwFzD;AAsBD,wBAAgB,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAuChD"}
|
package/dist/guard.js
CHANGED
|
@@ -23,6 +23,10 @@ const BUILTIN_BASH_DENY = [
|
|
|
23
23
|
"declare -x",
|
|
24
24
|
"process.env",
|
|
25
25
|
"os.environ",
|
|
26
|
+
"os.getenv(",
|
|
27
|
+
"getenv(",
|
|
28
|
+
"system.getenv(",
|
|
29
|
+
"deno.env.get(",
|
|
26
30
|
"dotenv",
|
|
27
31
|
"source .env",
|
|
28
32
|
". .env",
|
|
@@ -37,6 +41,17 @@ const BUILTIN_BASH_DENY = [
|
|
|
37
41
|
"curl.*env",
|
|
38
42
|
"wget.*env",
|
|
39
43
|
];
|
|
44
|
+
const ENV_VALUE_READ_PATTERNS = [
|
|
45
|
+
/\bpython\d*\b[\s\S]*\bos\.getenv\s*\(/i,
|
|
46
|
+
/\bpython\d*\b[\s\S]*\bos\.environ(?:\s*\[|\s*\.get\s*\()/i,
|
|
47
|
+
/\bnode\b[\s\S]*\bprocess\.env(?:\.[a-zA-Z_][a-zA-Z0-9_]*|\s*\[)/i,
|
|
48
|
+
/\bbun\b[\s\S]*\bprocess\.env(?:\.[a-zA-Z_][a-zA-Z0-9_]*|\s*\[)/i,
|
|
49
|
+
/\bdeno\b[\s\S]*\bDeno\.env\.get\s*\(/i,
|
|
50
|
+
/\bruby\b[\s\S]*\bENV(?:\s*\[|\.fetch\s*\()/i,
|
|
51
|
+
/\bphp\b[\s\S]*\bgetenv\s*\(/i,
|
|
52
|
+
/\bjava\b[\s\S]*\bSystem\.getenv\s*\(/i,
|
|
53
|
+
/\bperl\b[\s\S]*\bENV\s*\{/i,
|
|
54
|
+
];
|
|
40
55
|
export function createEnvGuard(config) {
|
|
41
56
|
const { sensitivePatterns, sensitiveGlobs, bashDenyPatterns, blockedReadTools, blockedWriteTools, } = config;
|
|
42
57
|
const bashDeny = [...BUILTIN_BASH_DENY, ...bashDenyPatterns];
|
|
@@ -61,7 +76,14 @@ export function createEnvGuard(config) {
|
|
|
61
76
|
}
|
|
62
77
|
}
|
|
63
78
|
if (input.tool === "bash") {
|
|
64
|
-
const
|
|
79
|
+
const rawCommand = String(args.command ?? "");
|
|
80
|
+
const cmd = rawCommand.toLowerCase();
|
|
81
|
+
for (const pattern of ENV_VALUE_READ_PATTERNS) {
|
|
82
|
+
if (pattern.test(rawCommand)) {
|
|
83
|
+
throw new Error(`[varlock] Blocked: bash command appears to read environment variable values at runtime. ` +
|
|
84
|
+
`Use the load_env or load_secrets tool instead.`);
|
|
85
|
+
}
|
|
86
|
+
}
|
|
65
87
|
for (const pattern of bashDeny) {
|
|
66
88
|
if (cmd.includes(pattern.toLowerCase())) {
|
|
67
89
|
throw new Error(`[varlock] Blocked: bash command matches deny pattern "${pattern}". ` +
|
|
@@ -70,13 +92,13 @@ export function createEnvGuard(config) {
|
|
|
70
92
|
}
|
|
71
93
|
for (const sp of sensitivePatterns) {
|
|
72
94
|
const fileAccessRe = new RegExp(`(cat|less|more|head|tail|bat|vim?|nano|code|type|get-content|select-string)\\s+\\S*${escapeRegex(sp)}`, "i");
|
|
73
|
-
if (fileAccessRe.test(
|
|
95
|
+
if (fileAccessRe.test(rawCommand)) {
|
|
74
96
|
throw new Error(`[varlock] Blocked: bash command appears to read a sensitive file (*${sp}*). ` +
|
|
75
97
|
`Use the load_env or load_secrets tool instead.`);
|
|
76
98
|
}
|
|
77
99
|
}
|
|
78
100
|
if (compiledGlobs.length > 0) {
|
|
79
|
-
const tokens = extractPathTokens(
|
|
101
|
+
const tokens = extractPathTokens(rawCommand);
|
|
80
102
|
for (const token of tokens) {
|
|
81
103
|
for (const { source, regex } of compiledGlobs) {
|
|
82
104
|
if (regex.test(token)) {
|
package/dist/guard.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"guard.js","sourceRoot":"","sources":["../src/guard.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAMH,MAAM,iBAAiB,GAAG;IACxB,UAAU;IACV,WAAW;IACX,WAAW;IACX,WAAW;IACX,WAAW;IACX,UAAU;IACV,WAAW;IACX,UAAU;IACV,SAAS;IACT,WAAW;IACX,UAAU;IACV,QAAQ;IACR,SAAS;IACT,eAAe;IACf,OAAO;IACP,OAAO;IACP,WAAW;IACX,YAAY;IACZ,aAAa;IACb,YAAY;IACZ,QAAQ;IACR,aAAa;IACb,QAAQ;IACR,QAAQ;IACR,WAAW;IACX,SAAS;IACT,SAAS;IACT,UAAU;IACV,mBAAmB;IACnB,sBAAsB;IACtB,sBAAsB;IACtB,WAAW;IACX,WAAW;CACZ,CAAA;AAMD,MAAM,UAAU,cAAc,CAC5B,MAAmB;IAEnB,MAAM,EACJ,iBAAiB,EACjB,cAAc,EACd,gBAAgB,EAChB,gBAAgB,EAChB,iBAAiB,GAClB,GAAG,MAAM,CAAA;IAEV,MAAM,QAAQ,GAAG,CAAC,GAAG,iBAAiB,EAAE,GAAG,gBAAgB,CAAC,CAAA;IAC5D,MAAM,aAAa,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAC/C,MAAM,EAAE,CAAC;QACT,KAAK,EAAE,WAAW,CAAC,CAAC,CAAC;KACtB,CAAC,CAAC,CAAA;IAEH,OAAO,KAAK,EAAE,KAAgB,EAAE,MAAkB,EAAE,EAAE;QACpD,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAA;QAExB,IAAI,gBAAgB,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YAC1C,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,IAAI,IAAI,EAAE,CAAA;YAC5E,IAAI,MAAM,IAAI,WAAW,CAAC,MAAM,EAAE,iBAAiB,EAAE,aAAa,CAAC,EAAE,CAAC;gBACpE,MAAM,IAAI,KAAK,CACb,4CAA4C,MAAM,KAAK;oBACrD,gDAAgD,CACnD,CAAA;YACH,CAAC;QACH,CAAC;QAED,IAAI,iBAAiB,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3C,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,IAAI,EAAE,CAAA;YAC5D,IAAI,MAAM,IAAI,WAAW,CAAC,MAAM,EAAE,iBAAiB,EAAE,aAAa,CAAC,EAAE,CAAC;gBACpE,MAAM,IAAI,KAAK,CACb,uCAAuC,MAAM,KAAK;oBAChD,qDAAqD,CACxD,CAAA;YACH,CAAC;QACH,CAAC;QAED,IAAI,KAAK,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;YAC1B,MAAM,
|
|
1
|
+
{"version":3,"file":"guard.js","sourceRoot":"","sources":["../src/guard.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAMH,MAAM,iBAAiB,GAAG;IACxB,UAAU;IACV,WAAW;IACX,WAAW;IACX,WAAW;IACX,WAAW;IACX,UAAU;IACV,WAAW;IACX,UAAU;IACV,SAAS;IACT,WAAW;IACX,UAAU;IACV,QAAQ;IACR,SAAS;IACT,eAAe;IACf,OAAO;IACP,OAAO;IACP,WAAW;IACX,YAAY;IACZ,aAAa;IACb,YAAY;IACZ,YAAY;IACZ,SAAS;IACT,gBAAgB;IAChB,eAAe;IACf,QAAQ;IACR,aAAa;IACb,QAAQ;IACR,QAAQ;IACR,WAAW;IACX,SAAS;IACT,SAAS;IACT,UAAU;IACV,mBAAmB;IACnB,sBAAsB;IACtB,sBAAsB;IACtB,WAAW;IACX,WAAW;CACZ,CAAA;AAMD,MAAM,uBAAuB,GAAG;IAC9B,wCAAwC;IACxC,2DAA2D;IAC3D,kEAAkE;IAClE,iEAAiE;IACjE,uCAAuC;IACvC,6CAA6C;IAC7C,8BAA8B;IAC9B,uCAAuC;IACvC,4BAA4B;CAC7B,CAAA;AAED,MAAM,UAAU,cAAc,CAC5B,MAAmB;IAEnB,MAAM,EACJ,iBAAiB,EACjB,cAAc,EACd,gBAAgB,EAChB,gBAAgB,EAChB,iBAAiB,GAClB,GAAG,MAAM,CAAA;IAEV,MAAM,QAAQ,GAAG,CAAC,GAAG,iBAAiB,EAAE,GAAG,gBAAgB,CAAC,CAAA;IAC5D,MAAM,aAAa,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAC/C,MAAM,EAAE,CAAC;QACT,KAAK,EAAE,WAAW,CAAC,CAAC,CAAC;KACtB,CAAC,CAAC,CAAA;IAEH,OAAO,KAAK,EAAE,KAAgB,EAAE,MAAkB,EAAE,EAAE;QACpD,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAA;QAExB,IAAI,gBAAgB,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YAC1C,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,IAAI,IAAI,EAAE,CAAA;YAC5E,IAAI,MAAM,IAAI,WAAW,CAAC,MAAM,EAAE,iBAAiB,EAAE,aAAa,CAAC,EAAE,CAAC;gBACpE,MAAM,IAAI,KAAK,CACb,4CAA4C,MAAM,KAAK;oBACrD,gDAAgD,CACnD,CAAA;YACH,CAAC;QACH,CAAC;QAED,IAAI,iBAAiB,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3C,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,IAAI,EAAE,CAAA;YAC5D,IAAI,MAAM,IAAI,WAAW,CAAC,MAAM,EAAE,iBAAiB,EAAE,aAAa,CAAC,EAAE,CAAC;gBACpE,MAAM,IAAI,KAAK,CACb,uCAAuC,MAAM,KAAK;oBAChD,qDAAqD,CACxD,CAAA;YACH,CAAC;QACH,CAAC;QAED,IAAI,KAAK,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;YAC1B,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,IAAI,EAAE,CAAC,CAAA;YAC7C,MAAM,GAAG,GAAG,UAAU,CAAC,WAAW,EAAE,CAAA;YAEpC,KAAK,MAAM,OAAO,IAAI,uBAAuB,EAAE,CAAC;gBAC9C,IAAI,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;oBAC7B,MAAM,IAAI,KAAK,CACb,0FAA0F;wBACxF,gDAAgD,CACnD,CAAA;gBACH,CAAC;YACH,CAAC;YAED,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;gBAC/B,IAAI,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;oBACxC,MAAM,IAAI,KAAK,CACb,yDAAyD,OAAO,KAAK;wBACnE,0DAA0D,CAC7D,CAAA;gBACH,CAAC;YACH,CAAC;YAED,KAAK,MAAM,EAAE,IAAI,iBAAiB,EAAE,CAAC;gBACnC,MAAM,YAAY,GAAG,IAAI,MAAM,CAC7B,sFAAsF,WAAW,CAAC,EAAE,CAAC,EAAE,EACvG,GAAG,CACJ,CAAA;gBACD,IAAI,YAAY,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;oBAClC,MAAM,IAAI,KAAK,CACb,sEAAsE,EAAE,MAAM;wBAC5E,gDAAgD,CACnD,CAAA;gBACH,CAAC;YACH,CAAC;YAED,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC7B,MAAM,MAAM,GAAG,iBAAiB,CAAC,UAAU,CAAC,CAAA;gBAC5C,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;oBAC3B,KAAK,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,aAAa,EAAE,CAAC;wBAC9C,IAAI,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;4BACtB,MAAM,IAAI,KAAK,CACb,+CAA+C,KAAK,yBAAyB,MAAM,KAAK;gCACtF,gDAAgD,CACnD,CAAA;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC,CAAA;AACH,CAAC;AAED,SAAS,WAAW,CAClB,IAAY,EACZ,QAAkB,EAClB,KAAqB;IAErB,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,EAAE,CAAA;IAEhC,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,CAAC;QAC1D,OAAO,IAAI,CAAA;IACb,CAAC;IAED,KAAK,MAAM,EAAE,KAAK,EAAE,IAAI,KAAK,EAAE,CAAC;QAC9B,IAAI,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YAC1C,OAAO,IAAI,CAAA;QACb,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAA;AACd,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,IAAY;IACtC,IAAI,MAAM,GAAG,EAAE,CAAA;IACf,IAAI,CAAC,GAAG,CAAC,CAAA;IAET,OAAO,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC;QACvB,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,CAAA;QAElB,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;YACf,IAAI,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC;gBACxB,IAAI,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC;oBACxB,MAAM,IAAI,UAAU,CAAA;oBACpB,CAAC,IAAI,CAAC,CAAA;gBACR,CAAC;qBAAM,CAAC;oBACN,MAAM,IAAI,IAAI,CAAA;oBACd,CAAC,IAAI,CAAC,CAAA;gBACR,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,OAAO,CAAA;gBACjB,CAAC,EAAE,CAAA;YACL,CAAC;QACH,CAAC;aAAM,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;YACtB,MAAM,IAAI,MAAM,CAAA;YAChB,CAAC,EAAE,CAAA;QACL,CAAC;aAAM,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CAAA;YACf,CAAC,EAAE,CAAA;QACL,CAAC;aAAM,IAAI,EAAE,KAAK,GAAG,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC;YACrC,MAAM,IAAI,SAAS,CAAA;YACnB,CAAC,EAAE,CAAA;QACL,CAAC;aAAM,IAAI,YAAY,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE,CAAC;YACrC,MAAM,IAAI,IAAI,GAAG,EAAE,CAAA;YACnB,CAAC,EAAE,CAAA;QACL,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,EAAE,CAAA;YACZ,CAAC,EAAE,CAAA;QACL,CAAC;IACH,CAAC;IAED,OAAO,IAAI,MAAM,CAAC,IAAI,MAAM,GAAG,EAAE,GAAG,CAAC,CAAA;AACvC,CAAC;AAED,SAAS,iBAAiB,CAAC,GAAW;IACpC,MAAM,OAAO,GAAG,4DAA4D,CAAA;IAC5E,MAAM,MAAM,GAAa,EAAE,CAAA;IAC3B,IAAI,KAA6B,CAAA;IAEjC,OAAO,CAAC,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAC5C,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAA;QAC7B,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YAC/C,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QACpB,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAA;AACf,CAAC;AAED,SAAS,WAAW,CAAC,CAAS;IAC5B,OAAO,CAAC,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAA;AACjD,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "opencode-varlock",
|
|
3
|
-
"version": "0.0.
|
|
3
|
+
"version": "0.0.7",
|
|
4
4
|
"type": "module",
|
|
5
5
|
"description": "OpenCode plugin for secret management via Varlock with configurable env guard protection",
|
|
6
6
|
"main": "./dist/index.js",
|
|
@@ -56,8 +56,12 @@
|
|
|
56
56
|
"scripts": {
|
|
57
57
|
"build": "tsc --project ./tsconfig.json",
|
|
58
58
|
"clean": "rm -rf ./dist",
|
|
59
|
+
"test": "vitest run",
|
|
60
|
+
"test:unit": "vitest run tests/unit",
|
|
61
|
+
"test:coverage": "vitest run tests/unit --coverage",
|
|
62
|
+
"test:integration": "npm run build && vitest run tests/integration",
|
|
59
63
|
"typecheck": "tsc --project ./tsconfig.json --noEmit",
|
|
60
|
-
"validate": "npm run typecheck && npm run build && npm pack --dry-run",
|
|
64
|
+
"validate": "npm run typecheck && npm run build && npm run test:unit && npm pack --dry-run",
|
|
61
65
|
"prepublishOnly": "npm run clean && npm run validate"
|
|
62
66
|
},
|
|
63
67
|
"publishConfig": {
|
|
@@ -67,8 +71,11 @@
|
|
|
67
71
|
"@opencode-ai/plugin": "^1.2.20"
|
|
68
72
|
},
|
|
69
73
|
"devDependencies": {
|
|
74
|
+
"@opencode-ai/sdk": "^1.0.153",
|
|
70
75
|
"@types/node": "^22.13.10",
|
|
71
|
-
"
|
|
76
|
+
"@vitest/coverage-v8": "^3.2.4",
|
|
77
|
+
"typescript": "^5.9.3",
|
|
78
|
+
"vitest": "^3.2.4"
|
|
72
79
|
},
|
|
73
80
|
"license": "MPL-2.0",
|
|
74
81
|
"repository": {
|