npm - opencode-varlock - Versions diffs - 0.0.7 → 0.0.9 - Mend

opencode-varlock 0.0.7 → 0.0.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/README.md +29 -326
package/assets/varlock.config.json +1 -1
package/dist/config.d.ts +6 -1
package/dist/config.d.ts.map +1 -1
package/dist/config.js +14 -3
package/dist/config.js.map +1 -1
package/dist/plugin.d.ts.map +1 -1
package/dist/plugin.js +25 -4
package/dist/plugin.js.map +1 -1
package/package.json +1 -1

package/README.md CHANGED Viewed

@@ -1,86 +1,39 @@
 # opencode-varlock
-OpenCode plugin that gives agents access to environment variables **without revealing secret values**.
+OpenCode plugin that gives agents access to environment variables without revealing secret values.
-## The Problem
+> Warning
+> This plugin is still early in development, and there is active work underway to improve its security model and edge-case protections. PRs, issue reports, and security feedback are very welcome.
-When an AI agent needs secrets (database URLs, API keys, tokens) to run your code, the obvious approach — letting it read `.env` — puts every secret directly into its context window. It can then echo them, log them, or hallucinate them into committed code.
+## What it does
-## How It Works
-Three layers enforce the boundary:
-```
-┌──────────────────────────────────────────────────┐
-│  Agent context window                            │
-│                                                  │
-│  "Loaded 3 vars: DB_URL, API_KEY, REDIS_HOST"   │
-│   ↑ names only, never values                     │
-│                                                  │
-├──────────────────────────────────────────────────┤
-│  Layer 1 — Custom tools (load_env / load_secrets)│
-│  Reads files or calls Varlock CLI, injects into  │
-│  process.env, returns only key names.            │
-├──────────────────────────────────────────────────┤
-│  Layer 2 — Permission rules                      │
-│  Glob-based deny rules block `cat .env`,         │
-│  `printenv`, `echo $SECRET`, etc.                │
-├──────────────────────────────────────────────────┤
-│  Layer 3 — EnvGuard hook                         │
-│  tool.execute.before intercept catches anything  │
-│  the glob rules miss (python -c, scripting       │
-│  escapes, indirect reads).                       │
-└──────────────────────────────────────────────────┘
-```
+- provides `load_env` so agents can use `.env` values without seeing them directly
+- provides `load_secrets` and `secret_status` when the Varlock CLI is available
+- blocks direct secret reads with permission presets plus a `tool.execute.before` guard
+- tries to catch common workarounds like interpreter-based env reads
 ## Install
-### As an npm plugin
-```bash
-npm install opencode-varlock
-```
+Add the package to your `opencode.json` file:
 ```json
-// opencode.json
 {
-  "plugin": ["opencode-varlock"]
-}
-```
-The published package ships compiled ESM in `dist/`, and the root entry exports only the plugin itself so OpenCode can load it cleanly through the normal npm plugin resolution flow.
-### As a local plugin
-Reference the package directory locally after building it:
-```json
-{
-  "plugin": ["./path/to/opencode-varlock"]
+  "$schema": "https://opencode.ai/config.json",
+  "plugin": ["opencode-varlock@latest"]
 }
 ```
 ## Configuration
-All configuration lives in a single `varlock.config.json` file. The plugin searches for it in two locations (merged in order):
-1. `./varlock.config.json` (project root)
-2. `.opencode/varlock.config.json`
+`varlock.config.json` is optional.
-Programmatic overrides passed to `createVarlockPlugin()` take highest priority.
+If you do not provide one, the plugin uses its built-in defaults from [assets/varlock.config.json](assets/varlock.config.json). Create a local config only when you want to override those defaults.
-### Quick start
-Copy the default config into your project:
-```bash
-cp node_modules/opencode-varlock/assets/varlock.config.json ./varlock.config.json
-```
-Or create a minimal one — only the fields you want to change:
+Quick example:
 ```json
 {
+  "$schema": "https://raw.githubusercontent.com/itlackey/opencode-varlock/main/assets/varlock.schema.json",
   "varlock": {
     "enabled": true,
     "namespace": "myapp"
@@ -88,276 +41,26 @@ Or create a minimal one — only the fields you want to change:
 }
 ```
-Everything else inherits from the built-in defaults.
+Useful files:
+- default config: `assets/varlock.config.json`
+- JSON schema: `assets/varlock.schema.json`
+- recommended permission configurations: `assets/permissions.json`
-The bundled template and permission presets now live in `assets/`:
+## Docs
-```text
-assets/varlock.config.json
-assets/varlock.schema.json
-assets/permissions.json
-```
-The copied config template points its `$schema` at `./node_modules/opencode-varlock/assets/varlock.schema.json`, so editors can validate and autocomplete it after install.
+- setup and overrides: `docs/configuration.md`
+- security model and limitations: `docs/security.md`
+- tests and validation: `docs/testing.md`
+- exported APIs and tools: `docs/api.md`
+- Docker + pass guide: `docs/docker-pass-guide.md`
 ## Repo layout
 ```text
-src/   TypeScript source for the plugin entry, config, guard, and tools
-assets/ JSON assets shipped with the npm package
-docs/  Setup and integration guides
-```
-## Testing
-```bash
-npm run test:unit
-npm run test:integration
-npm run test:coverage
-```
-- `test:unit` covers config, guard, tools, and plugin registration
-- `test:integration` starts a real OpenCode server through `@opencode-ai/sdk` and verifies the plugin inside real sessions
-- `test:coverage` emits text, HTML, and LCOV coverage reports under `coverage/`
-### Full config reference
-```json
-{
-  "guard": {
-    "enabled": true,
-    "sensitivePatterns": [
-      ".env", ".secret", ".pem", ".key", "credentials", ".pgpass"
-    ],
-    "sensitiveGlobs": [
-      "**/.env",
-      "**/.env.*",
-      "**/.env.local",
-      "**/.env.production",
-      "**/*.pem",
-      "**/*.key",
-      "**/credentials",
-      "**/credentials.*",
-      "**/.pgpass",
-      "secrets/**"
-    ],
-    "bashDenyPatterns": [],
-    "blockedReadTools": ["read", "grep", "glob", "view"],
-    "blockedWriteTools": ["write", "edit"]
-  },
-  "env": {
-    "enabled": true,
-    "allowedRoot": "."
-  },
-  "varlock": {
-    "enabled": false,
-    "autoDetect": true,
-    "command": "varlock",
-    "namespace": "app"
-  }
-}
-```
-### Config sections
-#### `guard` — EnvGuard hook
-| Field | Type | Default | Description |
-|---|---|---|---|
-| `enabled` | `boolean` | `true` | Master switch for the `tool.execute.before` hook |
-| `sensitivePatterns` | `string[]` | see above | Substring patterns — a path containing any of these is blocked |
-| `sensitiveGlobs` | `string[]` | see above | Glob patterns — matched against full paths using `*`, `**`, `?` |
-| `bashDenyPatterns` | `string[]` | `[]` | Extra bash substrings to deny (merged with ~30 built-ins) |
-| `blockedReadTools` | `string[]` | `["read","grep","glob","view"]` | Tool names that trigger the file-read check |
-| `blockedWriteTools` | `string[]` | `["write","edit"]` | Tool names that trigger the file-write check |
-#### `env` — .env file loader
-| Field | Type | Default | Description |
-|---|---|---|---|
-| `enabled` | `boolean` | `true` | Register the `load_env` tool |
-| `allowedRoot` | `string` | `"."` | Path containment boundary (resolved relative to cwd) |
-#### `varlock` — Varlock integration
-| Field | Type | Default | Description |
-|---|---|---|---|
-| `enabled` | `boolean` | `false` | Explicitly enable Varlock tools |
-| `autoDetect` | `boolean` | `true` | Probe for the CLI at startup and enable if found |
-| `command` | `string` | `"varlock"` | Path or name of the Varlock binary |
-| `namespace` | `string` | `"app"` | Default namespace for `load_secrets` / `secret_status` |
-**Varlock resolution logic:**
-- `enabled: true` → tools are registered (fails at runtime if CLI is missing)
-- `enabled: false, autoDetect: true` → probes `which <command>`, enables if found
-- `enabled: false, autoDetect: false` → Varlock is fully disabled
-### Config merge behavior
-Arrays are **replaced**, not concatenated. This means you can fully override the default glob list in your config file without inheriting the defaults:
-```json
-{
-  "guard": {
-    "sensitiveGlobs": ["secrets/**", "config/.env.*"]
-  }
-}
-```
-Object sections are deep-merged. Scalar values overwrite.
-### Programmatic overrides
-For project-specific customization beyond what JSON can express:
-```typescript
-// .opencode/plugin/secrets.ts
-import { createVarlockPlugin } from "opencode-varlock/plugin"
-export default createVarlockPlugin({
-  guard: {
-    sensitiveGlobs: [
-      "**/.env",
-      "**/.env.*",
-      "infra/secrets/**",
-      "deploy/*.key",
-    ],
-    bashDenyPatterns: ["vault read", "aws secretsmanager"],
-  },
-  varlock: {
-    enabled: true,
-    command: "/usr/local/bin/varlock",
-    namespace: "prod",
-  },
-})
-```
-## Glob patterns
-The guard supports glob patterns alongside the existing substring patterns. Both are checked — a match on either blocks the access.
-### Supported syntax
-| Pattern | Matches | Example |
-|---|---|---|
-| `*` | Any characters except `/` | `*.pem` matches `server.pem` |
-| `**` | Any characters including `/` | `secrets/**` matches `secrets/prod/db.key` |
-| `**/` | Zero or more directory levels | `**/.env` matches `.env` and `config/.env` |
-| `?` | Single character except `/` | `?.key` matches `a.key` |
-### When to use which
-**Substring patterns** are fast and filename-oriented. Use them for extensions and file names that should be blocked everywhere regardless of path:
-```json
-"sensitivePatterns": [".env", ".pem", "credentials"]
-```
-**Glob patterns** are structural and path-aware. Use them for directory-scoped rules and more precise matching:
-```json
-"sensitiveGlobs": [
-  "secrets/**",
-  "config/.env.*",
-  "deploy/**/*.key",
-  "**/node_modules/**/.env"
-]
-```
-### How globs are checked
-For file tool calls (`read`, `write`, `edit`, etc.), the glob is matched against the path argument directly.
-For bash commands, the guard extracts file-path-like tokens from the command string and checks each one against the compiled globs. This catches things like `jq . secrets/config.json` even when the substring patterns wouldn't flag it.
-## Tools
-### `load_env`
-Parses a `.env` file and sets `process.env`. Returns only variable **names**.
-```
-Agent → load_env(path: ".env")
-     ← { loaded: ["DATABASE_URL", "REDIS_HOST"], skipped: ["NODE_ENV"] }
-```
-### `load_secrets` (Varlock)
-Pulls secrets from Varlock and injects into `process.env`.
-```
-Agent → load_secrets(namespace: "prod", keys: ["db_url", "api_key"])
-     ← { loaded: ["DB_URL", "API_KEY"], source: "varlock/prod" }
-```
-### `secret_status` (Varlock)
-Read-only check of which secrets exist and which are loaded.
-```
-Agent → secret_status(namespace: "app")
-     ← { total: 5, loaded: 3, unloaded: 2, keys: [...] }
-```
-## Permission sets
-The `assets/permissions.json` file contains three tiers (standard, strict, lockdown) plus an example agent definition. Copy the tier that fits your threat model into `opencode.json`.
-These permission rules complement the EnvGuard hook — the rules handle fast-path blocking while the hook catches edge cases the glob-based rules miss.
-## Architecture
-### Why three layers?
-**Permissions alone aren't enough.** An agent can try `python3 -c "print(open('.env').read())"` or `python -c "import os; print(os.getenv('API_KEY'))"` - the obvious glob rules won't catch every runtime exfiltration path.
-**Prompt instructions alone aren't enough.** Telling an agent "never read .env" is a soft boundary the model can reason past.
-**The plugin hook is the hard boundary.** `tool.execute.before` runs before every built-in tool call, inspects actual arguments, and throws an error the agent cannot suppress. The error message redirects it to the approved tools.
-### What the agent sees
-```
-✓ "Loaded 5 variables: DATABASE_URL, API_KEY, REDIS_HOST, JWT_SECRET, SMTP_PASS"
-✓ Writes code: const db = new Client(process.env.DATABASE_URL)
-✗ cat .env              → Blocked: deny pattern
-✗ echo $API_KEY         → Blocked: deny pattern
-✗ python -c "os.getenv" → Blocked: runtime env read
-✗ python -c "open..."   → Blocked: sensitive file
-✗ jq . secrets/app.json → Blocked: matches glob "secrets/**"
-```
-## Advanced: composing individual pieces
-Every component is exported for use in custom plugins:
-```typescript
-import { loadConfig, DEFAULT_CONFIG } from "opencode-varlock/config"
-import { createVarlockPlugin } from "opencode-varlock/plugin"
-import { createEnvGuard, globToRegex } from "opencode-varlock/guard"
-import { createLoadEnvTool } from "opencode-varlock/tools"
-// Load config with custom overrides
-const config = loadConfig(process.cwd(), {
-  guard: { sensitiveGlobs: ["my-secrets/**"] },
-})
-// Use just the guard
-const guard = createEnvGuard(config.guard)
-// Use just the tool
-const loadEnv = createLoadEnvTool(config.env)
-// Test a glob pattern
-const regex = globToRegex("**/.env.*")
-regex.test("config/.env.production") // true
+src/    TypeScript source
+assets/ Packaged JSON assets
+docs/   Guides and reference docs
+tests/  Unit and integration tests
 ```
 ## License

package/assets/varlock.config.json CHANGED Viewed

@@ -1,5 +1,5 @@
 {
-  "$schema": "./node_modules/opencode-varlock/assets/varlock.schema.json",
+  "$schema": "https://raw.githubusercontent.com/itlackey/opencode-varlock/main/assets/varlock.schema.json",
   "$comment": "opencode-varlock configuration. Place in project root or .opencode/",
   "guard": {

package/dist/config.d.ts CHANGED Viewed

@@ -7,6 +7,11 @@
  *   3. .opencode/varlock.config.json
  *   4. Programmatic options passed to createVarlockPlugin()
  */
+export type ConfigLogger = (input: {
+    level: "debug" | "info" | "warn" | "error";
+    message: string;
+    extra?: Record<string, unknown>;
+}) => void | Promise<void>;
 export type GuardConfig = {
     enabled: boolean;
     sensitivePatterns: string[];
@@ -31,7 +36,7 @@ export type PluginConfig = {
     varlock: VarlockConfig;
 };
 export declare const DEFAULT_CONFIG: PluginConfig;
-export declare function loadConfig(cwd: string, overrides?: DeepPartial<PluginConfig>): PluginConfig;
+export declare function loadConfig(cwd: string, overrides?: DeepPartial<PluginConfig>, logger?: ConfigLogger): PluginConfig;
 type DeepPartial<T> = {
     [K in keyof T]?: T[K] extends object ? DeepPartial<T[K]> : T[K];
 };

package/dist/config.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAKH,MAAM,MAAM,WAAW,GAAG;IACxB,OAAO,EAAE,OAAO,CAAA;IAChB,iBAAiB,EAAE,MAAM,EAAE,CAAA;IAC3B,cAAc,EAAE,MAAM,EAAE,CAAA;IACxB,gBAAgB,EAAE,MAAM,EAAE,CAAA;IAC1B,gBAAgB,EAAE,MAAM,EAAE,CAAA;IAC1B,iBAAiB,EAAE,MAAM,EAAE,CAAA;CAC5B,CAAA;AAED,MAAM,MAAM,SAAS,GAAG;IACtB,OAAO,EAAE,OAAO,CAAA;IAChB,WAAW,EAAE,MAAM,CAAA;CACpB,CAAA;AAED,MAAM,MAAM,aAAa,GAAG;IAC1B,OAAO,EAAE,OAAO,CAAA;IAChB,UAAU,EAAE,OAAO,CAAA;IACnB,OAAO,EAAE,MAAM,CAAA;IACf,SAAS,EAAE,MAAM,CAAA;CAClB,CAAA;AAED,MAAM,MAAM,YAAY,GAAG;IACzB,KAAK,EAAE,WAAW,CAAA;IAClB,GAAG,EAAE,SAAS,CAAA;IACd,OAAO,EAAE,aAAa,CAAA;CACvB,CAAA;AAED,eAAO,MAAM,cAAc,EAAE,YAqC5B,CAAA;AAOD,wBAAgB,UAAU,CACxB,GAAG,EAAE,MAAM,EACX,SAAS,GAAE,WAAW,CAAC,YAAY,CAAM,~~GACxC~~,YAAY,~~CA8Bd~~;AAED,KAAK,WAAW,CAAC,CAAC,IAAI;KACnB,CAAC,IAAI,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,MAAM,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;CAChE,CAAA;AAED,wBAAgB,SAAS,CAAC,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EACrD,MAAM,EAAE,CAAC,EACT,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC,GACrB,CAAC,CAyBH;AAED,YAAY,EAAE,WAAW,EAAE,CAAA"}
1	+ {"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAKH,MAAM,MAAM,YAAY,GAAG,CAAC,KAAK,EAAE;IACjC,KAAK,EAAE,OAAO,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,CAAA;IAC1C,OAAO,EAAE,MAAM,CAAA;IACf,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;CAChC,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;AAE1B,MAAM,MAAM,WAAW,GAAG;IACxB,OAAO,EAAE,OAAO,CAAA;IAChB,iBAAiB,EAAE,MAAM,EAAE,CAAA;IAC3B,cAAc,EAAE,MAAM,EAAE,CAAA;IACxB,gBAAgB,EAAE,MAAM,EAAE,CAAA;IAC1B,gBAAgB,EAAE,MAAM,EAAE,CAAA;IAC1B,iBAAiB,EAAE,MAAM,EAAE,CAAA;CAC5B,CAAA;AAED,MAAM,MAAM,SAAS,GAAG;IACtB,OAAO,EAAE,OAAO,CAAA;IAChB,WAAW,EAAE,MAAM,CAAA;CACpB,CAAA;AAED,MAAM,MAAM,aAAa,GAAG;IAC1B,OAAO,EAAE,OAAO,CAAA;IAChB,UAAU,EAAE,OAAO,CAAA;IACnB,OAAO,EAAE,MAAM,CAAA;IACf,SAAS,EAAE,MAAM,CAAA;CAClB,CAAA;AAED,MAAM,MAAM,YAAY,GAAG;IACzB,KAAK,EAAE,WAAW,CAAA;IAClB,GAAG,EAAE,SAAS,CAAA;IACd,OAAO,EAAE,aAAa,CAAA;CACvB,CAAA;AAED,eAAO,MAAM,cAAc,EAAE,YAqC5B,CAAA;AAOD,wBAAgB,UAAU,CACxB,GAAG,EAAE,MAAM,EACX,SAAS,GAAE,WAAW,CAAC,YAAY,CAAM,EACzC,MAAM,CAAC,EAAE,YAAY,GACpB,YAAY,CAyCd;AAED,KAAK,WAAW,CAAC,CAAC,IAAI;KACnB,CAAC,IAAI,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,MAAM,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;CAChE,CAAA;AAED,wBAAgB,SAAS,CAAC,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EACrD,MAAM,EAAE,CAAC,EACT,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC,GACrB,CAAC,CAyBH;AAED,YAAY,EAAE,WAAW,EAAE,CAAA"}

package/dist/config.js CHANGED Viewed

@@ -51,7 +51,7 @@ const CONFIG_FILENAMES = [
     "varlock.config.json",
     ".opencode/varlock.config.json",
 ];
-export function loadConfig(cwd, overrides = {}) {
+export function loadConfig(cwd, overrides = {}, logger) {
     let merged = structuredClone(DEFAULT_CONFIG);
     for (const filename of CONFIG_FILENAMES) {
         const filepath = resolve(cwd, filename);
@@ -62,10 +62,21 @@ export function loadConfig(cwd, overrides = {}) {
                 delete parsed.$schema;
                 delete parsed.$comment;
                 merged = deepMerge(merged, parsed);
-                console.log(`[varlock] Loaded config from ${filepath}`);
+                logger?.({
+                    level: "info",
+                    message: "loaded config",
+                    extra: { filepath },
+                });
             }
             catch (err) {
-                console.warn(`[varlock] Failed to parse ${filepath}: ${err.message}`);
+                logger?.({
+                    level: "warn",
+                    message: "failed to parse config",
+                    extra: {
+                        filepath,
+                        error: err instanceof Error ? err.message : String(err),
+                    },
+                });
             }
         }
     }

package/dist/config.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,IAAI,CAAA;AAC7C,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,MAAM,CAAA;~~AA6B1C~~,MAAM,CAAC,MAAM,cAAc,GAAiB;IAC1C,KAAK,EAAE;QACL,OAAO,EAAE,IAAI;QACb,iBAAiB,EAAE;YACjB,MAAM;YACN,SAAS;YACT,MAAM;YACN,MAAM;YACN,aAAa;YACb,SAAS;SACV;QACD,cAAc,EAAE;YACd,SAAS;YACT,WAAW;YACX,eAAe;YACf,oBAAoB;YACpB,UAAU;YACV,UAAU;YACV,gBAAgB;YAChB,kBAAkB;YAClB,YAAY;YACZ,YAAY;SACb;QACD,gBAAgB,EAAE,EAAE;QACpB,gBAAgB,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;QAClD,iBAAiB,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC;KACrC;IACD,GAAG,EAAE;QACH,OAAO,EAAE,IAAI;QACb,WAAW,EAAE,GAAG;KACjB;IACD,OAAO,EAAE;QACP,OAAO,EAAE,KAAK;QACd,UAAU,EAAE,IAAI;QAChB,OAAO,EAAE,SAAS;QAClB,SAAS,EAAE,KAAK;KACjB;CACF,CAAA;AAED,MAAM,gBAAgB,GAAG;IACvB,qBAAqB;IACrB,+BAA+B;CAChC,CAAA;AAED,MAAM,UAAU,UAAU,CACxB,GAAW,EACX,YAAuC,EAAE;~~IAEzC~~,IAAI,MAAM,GAAG,eAAe,CAAC,cAAc,CAAC,CAAA;IAE5C,KAAK,MAAM,QAAQ,IAAI,gBAAgB,EAAE,CAAC;QACxC,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAA;QACvC,IAAI,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YACzB,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAA;gBAC3C,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;gBAE9B,OAAO,MAAM,CAAC,OAAO,CAAA;gBACrB,OAAO,MAAM,CAAC,QAAQ,CAAA;gBAEtB,MAAM,GAAG,SAAS,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;gBAClC,~~OAAO~~,CAAC,~~GAAG~~,~~CAAC~~,~~gCAAgC~~,QAAQ,EAAE,CAAC,CAAA;~~YACzD~~,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,~~OAAO~~,CAAC,~~IAAI~~,~~CAAC~~,~~6BAA6B~~,QAAQ,KAAK,GAAG,CAAC,OAAO,~~EAAE~~,CAAC,CAAA;~~YACvE~~,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,GAAG,SAAS,CAAC,MAAM,EAAE,SAAgB,CAAC,CAAA;IAE5C,IAAI,MAAM,CAAC,GAAG,CAAC,WAAW,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;QAClE,MAAM,CAAC,GAAG,CAAC,WAAW,GAAG,OAAO,CAAC,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC,CAAA;IAC/D,CAAC;SAAM,IAAI,MAAM,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;QAClC,MAAM,CAAC,GAAG,CAAC,WAAW,GAAG,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC,CAAA;IAC1D,CAAC;IAED,OAAO,MAAM,CAAA;AACf,CAAC;AAMD,MAAM,UAAU,SAAS,CACvB,MAAS,EACT,MAAsB;IAEtB,MAAM,MAAM,GAAG,EAAE,GAAG,MAAM,EAAE,CAAA;IAE5B,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAmB,EAAE,CAAC;QACxD,MAAM,MAAM,GAAG,MAAM,CAAC,GAAG,CAAC,CAAA;QAC1B,IAAI,MAAM,KAAK,SAAS,IAAI,MAAM,KAAK,IAAI;YAAE,SAAQ;QAErD,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YAC1B,CAAC;YAAC,MAAc,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC,CAAA;QACrC,CAAC;aAAM,IACL,OAAO,MAAM,KAAK,QAAQ;YAC1B,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC;YACtB,OAAO,MAAM,CAAC,GAAG,CAAC,KAAK,QAAQ;YAC/B,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,EAC3B,CAAC;YACD,CAAC;YAAC,MAAc,CAAC,GAAG,CAAC,GAAG,SAAS,CAC/B,MAAM,CAAC,GAAG,CAAwB,EAClC,MAA6B,CAC9B,CAAA;QACH,CAAC;aAAM,CAAC;YACN,CAAC;YAAC,MAAc,CAAC,GAAG,CAAC,GAAG,MAAM,CAAA;QAChC,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAA;AACf,CAAC"}
1	+ {"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,IAAI,CAAA;AAC7C,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,MAAM,CAAA;AAmC1C,MAAM,CAAC,MAAM,cAAc,GAAiB;IAC1C,KAAK,EAAE;QACL,OAAO,EAAE,IAAI;QACb,iBAAiB,EAAE;YACjB,MAAM;YACN,SAAS;YACT,MAAM;YACN,MAAM;YACN,aAAa;YACb,SAAS;SACV;QACD,cAAc,EAAE;YACd,SAAS;YACT,WAAW;YACX,eAAe;YACf,oBAAoB;YACpB,UAAU;YACV,UAAU;YACV,gBAAgB;YAChB,kBAAkB;YAClB,YAAY;YACZ,YAAY;SACb;QACD,gBAAgB,EAAE,EAAE;QACpB,gBAAgB,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;QAClD,iBAAiB,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC;KACrC;IACD,GAAG,EAAE;QACH,OAAO,EAAE,IAAI;QACb,WAAW,EAAE,GAAG;KACjB;IACD,OAAO,EAAE;QACP,OAAO,EAAE,KAAK;QACd,UAAU,EAAE,IAAI;QAChB,OAAO,EAAE,SAAS;QAClB,SAAS,EAAE,KAAK;KACjB;CACF,CAAA;AAED,MAAM,gBAAgB,GAAG;IACvB,qBAAqB;IACrB,+BAA+B;CAChC,CAAA;AAED,MAAM,UAAU,UAAU,CACxB,GAAW,EACX,YAAuC,EAAE,EACzC,MAAqB;IAErB,IAAI,MAAM,GAAG,eAAe,CAAC,cAAc,CAAC,CAAA;IAE5C,KAAK,MAAM,QAAQ,IAAI,gBAAgB,EAAE,CAAC;QACxC,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAA;QACvC,IAAI,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YACzB,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAA;gBAC3C,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;gBAE9B,OAAO,MAAM,CAAC,OAAO,CAAA;gBACrB,OAAO,MAAM,CAAC,QAAQ,CAAA;gBAEtB,MAAM,GAAG,SAAS,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;gBAClC,MAAM,EAAE,CAAC;oBACP,KAAK,EAAE,MAAM;oBACb,OAAO,EAAE,eAAe;oBACxB,KAAK,EAAE,EAAE,QAAQ,EAAE;iBACpB,CAAC,CAAA;YACJ,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,MAAM,EAAE,CAAC;oBACP,KAAK,EAAE,MAAM;oBACb,OAAO,EAAE,wBAAwB;oBACjC,KAAK,EAAE;wBACL,QAAQ;wBACR,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;qBACxD;iBACF,CAAC,CAAA;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,GAAG,SAAS,CAAC,MAAM,EAAE,SAAgB,CAAC,CAAA;IAE5C,IAAI,MAAM,CAAC,GAAG,CAAC,WAAW,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;QAClE,MAAM,CAAC,GAAG,CAAC,WAAW,GAAG,OAAO,CAAC,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC,CAAA;IAC/D,CAAC;SAAM,IAAI,MAAM,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;QAClC,MAAM,CAAC,GAAG,CAAC,WAAW,GAAG,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC,CAAA;IAC1D,CAAC;IAED,OAAO,MAAM,CAAA;AACf,CAAC;AAMD,MAAM,UAAU,SAAS,CACvB,MAAS,EACT,MAAsB;IAEtB,MAAM,MAAM,GAAG,EAAE,GAAG,MAAM,EAAE,CAAA;IAE5B,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAmB,EAAE,CAAC;QACxD,MAAM,MAAM,GAAG,MAAM,CAAC,GAAG,CAAC,CAAA;QAC1B,IAAI,MAAM,KAAK,SAAS,IAAI,MAAM,KAAK,IAAI;YAAE,SAAQ;QAErD,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YAC1B,CAAC;YAAC,MAAc,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC,CAAA;QACrC,CAAC;aAAM,IACL,OAAO,MAAM,KAAK,QAAQ;YAC1B,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC;YACtB,OAAO,MAAM,CAAC,GAAG,CAAC,KAAK,QAAQ;YAC/B,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,EAC3B,CAAC;YACD,CAAC;YAAC,MAAc,CAAC,GAAG,CAAC,GAAG,SAAS,CAC/B,MAAM,CAAC,GAAG,CAAwB,EAClC,MAA6B,CAC9B,CAAA;QACH,CAAC;aAAM,CAAC;YACN,CAAC;YAAC,MAAc,CAAC,GAAG,CAAC,GAAG,MAAM,CAAA;QAChC,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAA;AACf,CAAC"}

package/dist/plugin.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"plugin.d.ts","sourceRoot":"","sources":["../src/plugin.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,MAAM,EAAQ,MAAM,qBAAqB,CAAA;AACvD,OAAO,EAAc,KAAK,YAAY,EAAE,KAAK,WAAW,~~EAAE~~,MAAM,aAAa,CAAA;~~AAQ7E~~,eAAO,MAAM,aAAa,EAAE,MAE3B,CAAA;AAED,wBAAgB,mBAAmB,CACjC,SAAS,GAAE,WAAW,CAAC,YAAY,CAAM,GACxC,MAAM,~~CA0DR~~;AAED,eAAe,aAAa,CAAA"}
1	+ {"version":3,"file":"plugin.d.ts","sourceRoot":"","sources":["../src/plugin.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,MAAM,EAAQ,MAAM,qBAAqB,CAAA;AACvD,OAAO,EAAc,KAAK,YAAY,EAAE,KAAK,WAAW,EAAqB,MAAM,aAAa,CAAA;AAQhG,eAAO,MAAM,aAAa,EAAE,MAE3B,CAAA;AAED,wBAAgB,mBAAmB,CACjC,SAAS,GAAE,WAAW,CAAC,YAAY,CAAM,GACxC,MAAM,CA4ER;AAED,eAAe,aAAa,CAAA"}

package/dist/plugin.js CHANGED Viewed

@@ -6,16 +6,30 @@ export const VarlockPlugin = async (ctx) => {
     return createVarlockPlugin()(ctx);
 };
 export function createVarlockPlugin(overrides = {}) {
-    return async ({ $, project, directory }) => {
+    return async ({ $, client, project, directory }) => {
         const cwd = directory ?? process.cwd();
-        const config = loadConfig(cwd, overrides);
+        const log = async ({ level, message, extra }) => {
+            await client.app.log({
+                body: {
+                    service: "opencode-varlock",
+                    level,
+                    message,
+                    extra,
+                },
+            });
+        };
+        const config = loadConfig(cwd, overrides, log);
         let varlockAvailable = config.varlock.enabled;
         if (!varlockAvailable && config.varlock.autoDetect) {
             try {
                 const result = await $ `which ${config.varlock.command}`.quiet();
                 varlockAvailable = result.exitCode === 0;
                 if (varlockAvailable) {
-                    console.log(`[varlock] Auto-detected "${config.varlock.command}" CLI`);
+                    await log({
+                        level: "info",
+                        message: "auto-detected varlock cli",
+                        extra: { command: config.varlock.command },
+                    });
                 }
             }
             catch {
@@ -42,7 +56,14 @@ export function createVarlockPlugin(overrides = {}) {
                     const guardStatus = config.guard.enabled
                         ? `${config.guard.sensitivePatterns.length} patterns, ${config.guard.sensitiveGlobs.length} globs`
                         : "disabled";
-                    console.log(`[varlock] Sources: ${sources.join(", ") || "none"} | Guard: ${guardStatus}`);
+                    await log({
+                        level: "info",
+                        message: "session created",
+                        extra: {
+                            sources: sources.join(", ") || "none",
+                            guard: guardStatus,
+                        },
+                    });
                 }
             },
         };

package/dist/plugin.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"plugin.js","sourceRoot":"","sources":["../src/plugin.ts"],"names":[],"mappings":"AAAA,OAAO,EAAe,IAAI,EAAE,MAAM,qBAAqB,CAAA;AACvD,OAAO,EAAE,UAAU,~~EAAuC~~,MAAM,aAAa,CAAA;~~AAC7E~~,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAA;AAC3C,OAAO,EACL,iBAAiB,EACjB,qBAAqB,EACrB,sBAAsB,GACvB,MAAM,YAAY,CAAA;AAEnB,MAAM,CAAC,MAAM,aAAa,GAAW,KAAK,EAAE,GAAG,EAAE,EAAE;IACjD,OAAO,mBAAmB,EAAE,CAAC,GAAG,CAAC,CAAA;AACnC,CAAC,CAAA;AAED,MAAM,UAAU,mBAAmB,CACjC,YAAuC,EAAE;IAEzC,OAAO,KAAK,EAAE,EAAE,CAAC,EAAE,OAAO,EAAE,SAAS,EAAE,EAAE,EAAE;~~QACzC~~,MAAM,GAAG,GAAG,SAAS,IAAI,OAAO,CAAC,GAAG,EAAE,CAAA;QAEtC,MAAM,MAAM,GAAG,UAAU,CAAC,GAAG,EAAE,SAAS,CAAC,CAAA;~~QAEzC~~,IAAI,gBAAgB,GAAG,MAAM,CAAC,OAAO,CAAC,OAAO,CAAA;QAC7C,IAAI,CAAC,gBAAgB,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,EAAE,CAAC;YACnD,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,CAAC,CAAA,SAAS,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,KAAK,EAAE,CAAA;gBAC/D,gBAAgB,GAAG,MAAM,CAAC,QAAQ,KAAK,CAAC,CAAA;gBACxC,IAAI,gBAAgB,EAAE,CAAC;oBACrB,~~OAAO~~,CAAC,~~GAAG~~,~~CACT~~,~~4BAA4B~~,MAAM,CAAC,OAAO,CAAC,OAAO,~~OAAO~~,~~CAC1D~~,CAAA;~~gBACH~~,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,gBAAgB,GAAG,KAAK,CAAA;YAC1B,CAAC;QACH,CAAC;QAED,MAAM,KAAK,GAA4C,EAAE,CAAA;QAEzD,IAAI,MAAM,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;YACvB,KAAK,CAAC,QAAQ,GAAG,iBAAiB,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;QAChD,CAAC;QAED,IAAI,gBAAgB,EAAE,CAAC;YACrB,KAAK,CAAC,YAAY,GAAG,qBAAqB,CAAC,CAAC,EAAE,MAAM,CAAC,OAAO,CAAC,CAAA;YAC7D,KAAK,CAAC,aAAa,GAAG,sBAAsB,CAAC,CAAC,EAAE,MAAM,CAAC,OAAO,CAAC,CAAA;QACjE,CAAC;QAED,MAAM,UAAU,GAAwB;YACtC,IAAI,EAAE,KAAK;YAEX,KAAK,EAAE,KAAK,EAAE,EAAE,KAAK,EAA+B,EAAE,EAAE;gBACtD,IAAI,KAAK,CAAC,IAAI,KAAK,iBAAiB,EAAE,CAAC;oBACrC,MAAM,OAAO,GAAa,EAAE,CAAA;oBAC5B,IAAI,MAAM,CAAC,GAAG,CAAC,OAAO;wBAAE,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;oBAC5C,IAAI,gBAAgB;wBAAE,OAAO,CAAC,IAAI,CAAC,YAAY,MAAM,CAAC,OAAO,CAAC,OAAO,GAAG,CAAC,CAAA;oBAEzE,MAAM,WAAW,GAAG,MAAM,CAAC,KAAK,CAAC,OAAO;wBACtC,CAAC,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,iBAAiB,CAAC,MAAM,cAAc,MAAM,CAAC,KAAK,CAAC,cAAc,CAAC,MAAM,QAAQ;wBAClG,CAAC,CAAC,UAAU,CAAA;oBAEd,~~OAAO~~,CAAC,~~GAAG~~,~~CACT~~,~~sBAAsB~~,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,MAAM,~~aAAa~~,WAAW,~~EAAE~~,~~CAC7E,~~CAAA;~~gBACH~~,CAAC;YACH,CAAC;SACF,CAAA;QAED,IAAI,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;YACzB,UAAU,CAAC,qBAAqB,CAAC,GAAG,cAAc,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;QAClE,CAAC;QAED,OAAO,UAAU,CAAA;IACnB,CAAC,CAAA;AACH,CAAC;AAED,eAAe,aAAa,CAAA"}
1	+ {"version":3,"file":"plugin.js","sourceRoot":"","sources":["../src/plugin.ts"],"names":[],"mappings":"AAAA,OAAO,EAAe,IAAI,EAAE,MAAM,qBAAqB,CAAA;AACvD,OAAO,EAAE,UAAU,EAA0D,MAAM,aAAa,CAAA;AAChG,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAA;AAC3C,OAAO,EACL,iBAAiB,EACjB,qBAAqB,EACrB,sBAAsB,GACvB,MAAM,YAAY,CAAA;AAEnB,MAAM,CAAC,MAAM,aAAa,GAAW,KAAK,EAAE,GAAG,EAAE,EAAE;IACjD,OAAO,mBAAmB,EAAE,CAAC,GAAG,CAAC,CAAA;AACnC,CAAC,CAAA;AAED,MAAM,UAAU,mBAAmB,CACjC,YAAuC,EAAE;IAEzC,OAAO,KAAK,EAAE,EAAE,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,EAAE,EAAE;QACjD,MAAM,GAAG,GAAG,SAAS,IAAI,OAAO,CAAC,GAAG,EAAE,CAAA;QAEtC,MAAM,GAAG,GAAiB,KAAK,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE;YAC5D,MAAM,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;gBACnB,IAAI,EAAE;oBACJ,OAAO,EAAE,kBAAkB;oBAC3B,KAAK;oBACL,OAAO;oBACP,KAAK;iBACN;aACF,CAAC,CAAA;QACJ,CAAC,CAAA;QAED,MAAM,MAAM,GAAG,UAAU,CAAC,GAAG,EAAE,SAAS,EAAE,GAAG,CAAC,CAAA;QAE9C,IAAI,gBAAgB,GAAG,MAAM,CAAC,OAAO,CAAC,OAAO,CAAA;QAC7C,IAAI,CAAC,gBAAgB,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,EAAE,CAAC;YACnD,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,CAAC,CAAA,SAAS,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,KAAK,EAAE,CAAA;gBAC/D,gBAAgB,GAAG,MAAM,CAAC,QAAQ,KAAK,CAAC,CAAA;gBACxC,IAAI,gBAAgB,EAAE,CAAC;oBACrB,MAAM,GAAG,CAAC;wBACR,KAAK,EAAE,MAAM;wBACb,OAAO,EAAE,2BAA2B;wBACpC,KAAK,EAAE,EAAE,OAAO,EAAE,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE;qBAC3C,CAAC,CAAA;gBACJ,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,gBAAgB,GAAG,KAAK,CAAA;YAC1B,CAAC;QACH,CAAC;QAED,MAAM,KAAK,GAA4C,EAAE,CAAA;QAEzD,IAAI,MAAM,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;YACvB,KAAK,CAAC,QAAQ,GAAG,iBAAiB,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;QAChD,CAAC;QAED,IAAI,gBAAgB,EAAE,CAAC;YACrB,KAAK,CAAC,YAAY,GAAG,qBAAqB,CAAC,CAAC,EAAE,MAAM,CAAC,OAAO,CAAC,CAAA;YAC7D,KAAK,CAAC,aAAa,GAAG,sBAAsB,CAAC,CAAC,EAAE,MAAM,CAAC,OAAO,CAAC,CAAA;QACjE,CAAC;QAED,MAAM,UAAU,GAAwB;YACtC,IAAI,EAAE,KAAK;YAEX,KAAK,EAAE,KAAK,EAAE,EAAE,KAAK,EAA+B,EAAE,EAAE;gBACtD,IAAI,KAAK,CAAC,IAAI,KAAK,iBAAiB,EAAE,CAAC;oBACrC,MAAM,OAAO,GAAa,EAAE,CAAA;oBAC5B,IAAI,MAAM,CAAC,GAAG,CAAC,OAAO;wBAAE,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;oBAC5C,IAAI,gBAAgB;wBAAE,OAAO,CAAC,IAAI,CAAC,YAAY,MAAM,CAAC,OAAO,CAAC,OAAO,GAAG,CAAC,CAAA;oBAEzE,MAAM,WAAW,GAAG,MAAM,CAAC,KAAK,CAAC,OAAO;wBACtC,CAAC,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,iBAAiB,CAAC,MAAM,cAAc,MAAM,CAAC,KAAK,CAAC,cAAc,CAAC,MAAM,QAAQ;wBAClG,CAAC,CAAC,UAAU,CAAA;oBAEd,MAAM,GAAG,CAAC;wBACR,KAAK,EAAE,MAAM;wBACb,OAAO,EAAE,iBAAiB;wBAC1B,KAAK,EAAE;4BACL,OAAO,EAAE,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,MAAM;4BACrC,KAAK,EAAE,WAAW;yBACnB;qBACF,CAAC,CAAA;gBACJ,CAAC;YACH,CAAC;SACF,CAAA;QAED,IAAI,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;YACzB,UAAU,CAAC,qBAAqB,CAAC,GAAG,cAAc,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;QAClE,CAAC;QAED,OAAO,UAAU,CAAA;IACnB,CAAC,CAAA;AACH,CAAC;AAED,eAAe,aAAa,CAAA"}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "opencode-varlock",
-  "version": "0.0.7",
+  "version": "0.0.9",
   "type": "module",
   "description": "OpenCode plugin for secret management via Varlock with configurable env guard protection",
   "main": "./dist/index.js",