npm - sandstream-kit - Versions diffs - 1.0.0 - Mend

sandstream-kit 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (519) hide show

package/LICENSE +21 -0
package/README.md +617 -0
package/dist/adapters/api-key-adapter.d.ts +35 -0
package/dist/adapters/api-key-adapter.js +46 -0
package/dist/adapters/api-key-adapter.js.map +1 -0
package/dist/adapters/clerk-auth.d.ts +6 -0
package/dist/adapters/clerk-auth.js +20 -0
package/dist/adapters/clerk-auth.js.map +1 -0
package/dist/adapters/cloudflare-r2.d.ts +6 -0
package/dist/adapters/cloudflare-r2.js +136 -0
package/dist/adapters/cloudflare-r2.js.map +1 -0
package/dist/adapters/expo-eas.d.ts +6 -0
package/dist/adapters/expo-eas.js +129 -0
package/dist/adapters/expo-eas.js.map +1 -0
package/dist/adapters/flagsmith-flags.d.ts +5 -0
package/dist/adapters/flagsmith-flags.js +20 -0
package/dist/adapters/flagsmith-flags.js.map +1 -0
package/dist/adapters/flyio-hosting.d.ts +2 -0
package/dist/adapters/flyio-hosting.js +143 -0
package/dist/adapters/flyio-hosting.js.map +1 -0
package/dist/adapters/index.d.ts +6 -0
package/dist/adapters/index.js +48 -0
package/dist/adapters/index.js.map +1 -0
package/dist/adapters/inngest-background.d.ts +5 -0
package/dist/adapters/inngest-background.js +19 -0
package/dist/adapters/inngest-background.js.map +1 -0
package/dist/adapters/liveblocks-realtime.d.ts +11 -0
package/dist/adapters/liveblocks-realtime.js +62 -0
package/dist/adapters/liveblocks-realtime.js.map +1 -0
package/dist/adapters/loops-email.d.ts +6 -0
package/dist/adapters/loops-email.js +18 -0
package/dist/adapters/loops-email.js.map +1 -0
package/dist/adapters/neon-db.d.ts +10 -0
package/dist/adapters/neon-db.js +94 -0
package/dist/adapters/neon-db.js.map +1 -0
package/dist/adapters/planetscale-db.d.ts +11 -0
package/dist/adapters/planetscale-db.js +134 -0
package/dist/adapters/planetscale-db.js.map +1 -0
package/dist/adapters/posthog-analytics.d.ts +6 -0
package/dist/adapters/posthog-analytics.js +22 -0
package/dist/adapters/posthog-analytics.js.map +1 -0
package/dist/adapters/railway-hosting.d.ts +2 -0
package/dist/adapters/railway-hosting.js +136 -0
package/dist/adapters/railway-hosting.js.map +1 -0
package/dist/adapters/resend-email.d.ts +35 -0
package/dist/adapters/resend-email.js +109 -0
package/dist/adapters/resend-email.js.map +1 -0
package/dist/adapters/searxng-instance.d.ts +6 -0
package/dist/adapters/searxng-instance.js +240 -0
package/dist/adapters/searxng-instance.js.map +1 -0
package/dist/adapters/sentry-monitoring.d.ts +7 -0
package/dist/adapters/sentry-monitoring.js +27 -0
package/dist/adapters/sentry-monitoring.js.map +1 -0
package/dist/adapters/stripe-payments.d.ts +6 -0
package/dist/adapters/stripe-payments.js +134 -0
package/dist/adapters/stripe-payments.js.map +1 -0
package/dist/adapters/supabase-db.d.ts +6 -0
package/dist/adapters/supabase-db.js +130 -0
package/dist/adapters/supabase-db.js.map +1 -0
package/dist/adapters/tinybird-analytics.d.ts +5 -0
package/dist/adapters/tinybird-analytics.js +20 -0
package/dist/adapters/tinybird-analytics.js.map +1 -0
package/dist/adapters/trigger-background.d.ts +6 -0
package/dist/adapters/trigger-background.js +20 -0
package/dist/adapters/trigger-background.js.map +1 -0
package/dist/adapters/types.d.ts +7 -0
package/dist/adapters/types.js +2 -0
package/dist/adapters/types.js.map +1 -0
package/dist/adapters/upstash-redis.d.ts +6 -0
package/dist/adapters/upstash-redis.js +88 -0
package/dist/adapters/upstash-redis.js.map +1 -0
package/dist/adapters/vercel-hosting.d.ts +6 -0
package/dist/adapters/vercel-hosting.js +112 -0
package/dist/adapters/vercel-hosting.js.map +1 -0
package/dist/agent-adapter-model.d.ts +108 -0
package/dist/agent-adapter-model.js +6 -0
package/dist/agent-adapter-model.js.map +1 -0
package/dist/agent-adapter-service.d.ts +67 -0
package/dist/agent-adapter-service.js +299 -0
package/dist/agent-adapter-service.js.map +1 -0
package/dist/agent-config.d.ts +56 -0
package/dist/agent-config.js +129 -0
package/dist/agent-config.js.map +1 -0
package/dist/agent-governance-model.d.ts +128 -0
package/dist/agent-governance-model.js +6 -0
package/dist/agent-governance-model.js.map +1 -0
package/dist/agent-governance-service.d.ts +101 -0
package/dist/agent-governance-service.js +319 -0
package/dist/agent-governance-service.js.map +1 -0
package/dist/alert-rules-engine.d.ts +102 -0
package/dist/alert-rules-engine.js +210 -0
package/dist/alert-rules-engine.js.map +1 -0
package/dist/analytics-service.d.ts +126 -0
package/dist/analytics-service.js +318 -0
package/dist/analytics-service.js.map +1 -0
package/dist/analyze.d.ts +19 -0
package/dist/analyze.js +311 -0
package/dist/analyze.js.map +1 -0
package/dist/apm-instrumentor.d.ts +119 -0
package/dist/apm-instrumentor.js +225 -0
package/dist/apm-instrumentor.js.map +1 -0
package/dist/approval-model.d.ts +82 -0
package/dist/approval-model.js +6 -0
package/dist/approval-model.js.map +1 -0
package/dist/approval-service.d.ts +39 -0
package/dist/approval-service.js +236 -0
package/dist/approval-service.js.map +1 -0
package/dist/approval.d.ts +22 -0
package/dist/approval.js +148 -0
package/dist/approval.js.map +1 -0
package/dist/audit-logging-model.d.ts +157 -0
package/dist/audit-logging-model.js +6 -0
package/dist/audit-logging-model.js.map +1 -0
package/dist/audit-logging-service.d.ts +89 -0
package/dist/audit-logging-service.js +367 -0
package/dist/audit-logging-service.js.map +1 -0
package/dist/audit-secrets.d.ts +42 -0
package/dist/audit-secrets.js +126 -0
package/dist/audit-secrets.js.map +1 -0
package/dist/audit.d.ts +43 -0
package/dist/audit.js +286 -0
package/dist/audit.js.map +1 -0
package/dist/author-dashboard.d.ts +84 -0
package/dist/author-dashboard.js +204 -0
package/dist/author-dashboard.js.map +1 -0
package/dist/author-notifications.d.ts +130 -0
package/dist/author-notifications.js +261 -0
package/dist/author-notifications.js.map +1 -0
package/dist/author-verification.d.ts +79 -0
package/dist/author-verification.js +257 -0
package/dist/author-verification.js.map +1 -0
package/dist/autonomous-setup-model.d.ts +117 -0
package/dist/autonomous-setup-model.js +6 -0
package/dist/autonomous-setup-model.js.map +1 -0
package/dist/autonomous-setup-service.d.ts +74 -0
package/dist/autonomous-setup-service.js +325 -0
package/dist/autonomous-setup-service.js.map +1 -0
package/dist/badge-system.d.ts +70 -0
package/dist/badge-system.js +210 -0
package/dist/badge-system.js.map +1 -0
package/dist/baseline.d.ts +34 -0
package/dist/baseline.js +78 -0
package/dist/baseline.js.map +1 -0
package/dist/beta-program-service.d.ts +112 -0
package/dist/beta-program-service.js +240 -0
package/dist/beta-program-service.js.map +1 -0
package/dist/budget.d.ts +34 -0
package/dist/budget.js +159 -0
package/dist/budget.js.map +1 -0
package/dist/bumblebee.d.ts +143 -0
package/dist/bumblebee.js +384 -0
package/dist/bumblebee.js.map +1 -0
package/dist/cache-manager.d.ts +97 -0
package/dist/cache-manager.js +244 -0
package/dist/cache-manager.js.map +1 -0
package/dist/cdn-adapter.d.ts +64 -0
package/dist/cdn-adapter.js +263 -0
package/dist/cdn-adapter.js.map +1 -0
package/dist/certification-workflow-model.d.ts +95 -0
package/dist/certification-workflow-model.js +6 -0
package/dist/certification-workflow-model.js.map +1 -0
package/dist/certification-workflow-service.d.ts +72 -0
package/dist/certification-workflow-service.js +305 -0
package/dist/certification-workflow-service.js.map +1 -0
package/dist/check-design.d.ts +38 -0
package/dist/check-design.js +256 -0
package/dist/check-design.js.map +1 -0
package/dist/check-gitignore.d.ts +39 -0
package/dist/check-gitignore.js +156 -0
package/dist/check-gitignore.js.map +1 -0
package/dist/check-hooks.d.ts +15 -0
package/dist/check-hooks.js +72 -0
package/dist/check-hooks.js.map +1 -0
package/dist/check-lock.d.ts +16 -0
package/dist/check-lock.js +94 -0
package/dist/check-lock.js.map +1 -0
package/dist/check-secrets.d.ts +11 -0
package/dist/check-secrets.js +320 -0
package/dist/check-secrets.js.map +1 -0
package/dist/check-security.d.ts +13 -0
package/dist/check-security.js +887 -0
package/dist/check-security.js.map +1 -0
package/dist/check-services.d.ts +10 -0
package/dist/check-services.js +44 -0
package/dist/check-services.js.map +1 -0
package/dist/check-skills.d.ts +8 -0
package/dist/check-skills.js +26 -0
package/dist/check-skills.js.map +1 -0
package/dist/check-tests.d.ts +43 -0
package/dist/check-tests.js +175 -0
package/dist/check-tests.js.map +1 -0
package/dist/check-tools.d.ts +8 -0
package/dist/check-tools.js +42 -0
package/dist/check-tools.js.map +1 -0
package/dist/check-web-search.d.ts +12 -0
package/dist/check-web-search.js +168 -0
package/dist/check-web-search.js.map +1 -0
package/dist/ci-cd-publisher.d.ts +162 -0
package/dist/ci-cd-publisher.js +319 -0
package/dist/ci-cd-publisher.js.map +1 -0
package/dist/cli.d.ts +2 -0
package/dist/cli.js +4074 -0
package/dist/cli.js.map +1 -0
package/dist/clone.d.ts +25 -0
package/dist/clone.js +73 -0
package/dist/clone.js.map +1 -0
package/dist/completions.d.ts +8 -0
package/dist/completions.js +250 -0
package/dist/completions.js.map +1 -0
package/dist/compression-manager.d.ts +107 -0
package/dist/compression-manager.js +250 -0
package/dist/compression-manager.js.map +1 -0
package/dist/config.d.ts +233 -0
package/dist/config.js +255 -0
package/dist/config.js.map +1 -0
package/dist/context.d.ts +38 -0
package/dist/context.js +86 -0
package/dist/context.js.map +1 -0
package/dist/cost-monitor.d.ts +72 -0
package/dist/cost-monitor.js +218 -0
package/dist/cost-monitor.js.map +1 -0
package/dist/create-plugin.d.ts +22 -0
package/dist/create-plugin.js +266 -0
package/dist/create-plugin.js.map +1 -0
package/dist/database.d.ts +123 -0
package/dist/database.js +354 -0
package/dist/database.js.map +1 -0
package/dist/datadog-adapter.d.ts +60 -0
package/dist/datadog-adapter.js +245 -0
package/dist/datadog-adapter.js.map +1 -0
package/dist/doctor.d.ts +15 -0
package/dist/doctor.js +131 -0
package/dist/doctor.js.map +1 -0
package/dist/documentation-generator.d.ts +226 -0
package/dist/documentation-generator.js +348 -0
package/dist/documentation-generator.js.map +1 -0
package/dist/elevation-scopes.d.ts +40 -0
package/dist/elevation-scopes.js +110 -0
package/dist/elevation-scopes.js.map +1 -0
package/dist/elevation.d.ts +102 -0
package/dist/elevation.js +449 -0
package/dist/elevation.js.map +1 -0
package/dist/env-diff.d.ts +27 -0
package/dist/env-diff.js +104 -0
package/dist/env-diff.js.map +1 -0
package/dist/env-inspect.d.ts +28 -0
package/dist/env-inspect.js +81 -0
package/dist/env-inspect.js.map +1 -0
package/dist/env-switch.d.ts +37 -0
package/dist/env-switch.js +102 -0
package/dist/env-switch.js.map +1 -0
package/dist/environment.d.ts +27 -0
package/dist/environment.js +148 -0
package/dist/environment.js.map +1 -0
package/dist/error-tracker.d.ts +92 -0
package/dist/error-tracker.js +206 -0
package/dist/error-tracker.js.map +1 -0
package/dist/escalate.d.ts +11 -0
package/dist/escalate.js +73 -0
package/dist/escalate.js.map +1 -0
package/dist/event-stream.d.ts +81 -0
package/dist/event-stream.js +161 -0
package/dist/event-stream.js.map +1 -0
package/dist/fix.d.ts +42 -0
package/dist/fix.js +419 -0
package/dist/fix.js.map +1 -0
package/dist/governance-middleware.d.ts +22 -0
package/dist/governance-middleware.js +173 -0
package/dist/governance-middleware.js.map +1 -0
package/dist/governance.d.ts +44 -0
package/dist/governance.js +236 -0
package/dist/governance.js.map +1 -0
package/dist/hooks.d.ts +25 -0
package/dist/hooks.js +281 -0
package/dist/hooks.js.map +1 -0
package/dist/id-generator.d.ts +43 -0
package/dist/id-generator.js +47 -0
package/dist/id-generator.js.map +1 -0
package/dist/image-optimizer.d.ts +92 -0
package/dist/image-optimizer.js +202 -0
package/dist/image-optimizer.js.map +1 -0
package/dist/install.d.ts +15 -0
package/dist/install.js +59 -0
package/dist/install.js.map +1 -0
package/dist/lock.d.ts +82 -0
package/dist/lock.js +264 -0
package/dist/lock.js.map +1 -0
package/dist/login.d.ts +23 -0
package/dist/login.js +132 -0
package/dist/login.js.map +1 -0
package/dist/mcp-kit-tools-model.d.ts +195 -0
package/dist/mcp-kit-tools-model.js +6 -0
package/dist/mcp-kit-tools-model.js.map +1 -0
package/dist/mcp-kit-tools-service.d.ts +127 -0
package/dist/mcp-kit-tools-service.js +943 -0
package/dist/mcp-kit-tools-service.js.map +1 -0
package/dist/mcp-orchestrator.d.ts +70 -0
package/dist/mcp-orchestrator.js +175 -0
package/dist/mcp-orchestrator.js.map +1 -0
package/dist/mcp-server.d.ts +3 -0
package/dist/mcp-server.js +722 -0
package/dist/mcp-server.js.map +1 -0
package/dist/middleware/rate-limiter.d.ts +74 -0
package/dist/middleware/rate-limiter.js +342 -0
package/dist/middleware/rate-limiter.js.map +1 -0
package/dist/migration-runner.d.ts +66 -0
package/dist/migration-runner.js +192 -0
package/dist/migration-runner.js.map +1 -0
package/dist/migrations.d.ts +25 -0
package/dist/migrations.js +530 -0
package/dist/migrations.js.map +1 -0
package/dist/moderation-system.d.ts +153 -0
package/dist/moderation-system.js +338 -0
package/dist/moderation-system.js.map +1 -0
package/dist/multi-agent-workflow-model.d.ts +125 -0
package/dist/multi-agent-workflow-model.js +6 -0
package/dist/multi-agent-workflow-model.js.map +1 -0
package/dist/multi-agent-workflow-service.d.ts +102 -0
package/dist/multi-agent-workflow-service.js +452 -0
package/dist/multi-agent-workflow-service.js.map +1 -0
package/dist/onepassword.d.ts +75 -0
package/dist/onepassword.js +140 -0
package/dist/onepassword.js.map +1 -0
package/dist/open.d.ts +30 -0
package/dist/open.js +166 -0
package/dist/open.js.map +1 -0
package/dist/output.d.ts +32 -0
package/dist/output.js +295 -0
package/dist/output.js.map +1 -0
package/dist/partner-service.d.ts +101 -0
package/dist/partner-service.js +191 -0
package/dist/partner-service.js.map +1 -0
package/dist/payout-service.d.ts +136 -0
package/dist/payout-service.js +293 -0
package/dist/payout-service.js.map +1 -0
package/dist/pkg.d.ts +30 -0
package/dist/pkg.js +162 -0
package/dist/pkg.js.map +1 -0
package/dist/plugin-loader.d.ts +16 -0
package/dist/plugin-loader.js +124 -0
package/dist/plugin-loader.js.map +1 -0
package/dist/plugin-registry-model.d.ts +133 -0
package/dist/plugin-registry-model.js +6 -0
package/dist/plugin-registry-model.js.map +1 -0
package/dist/plugin-registry-service.d.ts +109 -0
package/dist/plugin-registry-service.js +361 -0
package/dist/plugin-registry-service.js.map +1 -0
package/dist/plugin-registry.d.ts +58 -0
package/dist/plugin-registry.js +108 -0
package/dist/plugin-registry.js.map +1 -0
package/dist/plugin-updates.d.ts +135 -0
package/dist/plugin-updates.js +326 -0
package/dist/plugin-updates.js.map +1 -0
package/dist/plugins-cli.d.ts +7 -0
package/dist/plugins-cli.js +157 -0
package/dist/plugins-cli.js.map +1 -0
package/dist/plugins.d.ts +88 -0
package/dist/plugins.js +251 -0
package/dist/plugins.js.map +1 -0
package/dist/policy.d.ts +66 -0
package/dist/policy.js +160 -0
package/dist/policy.js.map +1 -0
package/dist/post-pull-audit.d.ts +39 -0
package/dist/post-pull-audit.js +151 -0
package/dist/post-pull-audit.js.map +1 -0
package/dist/provision.d.ts +17 -0
package/dist/provision.js +147 -0
package/dist/provision.js.map +1 -0
package/dist/query-optimizer.d.ts +102 -0
package/dist/query-optimizer.js +199 -0
package/dist/query-optimizer.js.map +1 -0
package/dist/read-only-mode.d.ts +46 -0
package/dist/read-only-mode.js +71 -0
package/dist/read-only-mode.js.map +1 -0
package/dist/redis-adapter.d.ts +71 -0
package/dist/redis-adapter.js +278 -0
package/dist/redis-adapter.js.map +1 -0
package/dist/resilience-tests.d.ts +120 -0
package/dist/resilience-tests.js +293 -0
package/dist/resilience-tests.js.map +1 -0
package/dist/revocation.d.ts +22 -0
package/dist/revocation.js +100 -0
package/dist/revocation.js.map +1 -0
package/dist/run.d.ts +21 -0
package/dist/run.js +80 -0
package/dist/run.js.map +1 -0
package/dist/scan-build.d.ts +18 -0
package/dist/scan-build.js +100 -0
package/dist/scan-build.js.map +1 -0
package/dist/scan-plaintext.d.ts +24 -0
package/dist/scan-plaintext.js +147 -0
package/dist/scan-plaintext.js.map +1 -0
package/dist/scan-staged.d.ts +15 -0
package/dist/scan-staged.js +70 -0
package/dist/scan-staged.js.map +1 -0
package/dist/scan-transcripts.d.ts +23 -0
package/dist/scan-transcripts.js +93 -0
package/dist/scan-transcripts.js.map +1 -0
package/dist/secret-backends.d.ts +50 -0
package/dist/secret-backends.js +510 -0
package/dist/secret-backends.js.map +1 -0
package/dist/secret-expiration.d.ts +46 -0
package/dist/secret-expiration.js +172 -0
package/dist/secret-expiration.js.map +1 -0
package/dist/secrets-migrate.d.ts +75 -0
package/dist/secrets-migrate.js +185 -0
package/dist/secrets-migrate.js.map +1 -0
package/dist/secrets-model.d.ts +77 -0
package/dist/secrets-model.js +6 -0
package/dist/secrets-model.js.map +1 -0
package/dist/secrets-onecli.d.ts +65 -0
package/dist/secrets-onecli.js +113 -0
package/dist/secrets-onecli.js.map +1 -0
package/dist/secrets-propagate.d.ts +48 -0
package/dist/secrets-propagate.js +201 -0
package/dist/secrets-propagate.js.map +1 -0
package/dist/secrets-pull.d.ts +34 -0
package/dist/secrets-pull.js +118 -0
package/dist/secrets-pull.js.map +1 -0
package/dist/secrets-purge-history.d.ts +53 -0
package/dist/secrets-purge-history.js +144 -0
package/dist/secrets-purge-history.js.map +1 -0
package/dist/secrets-rotate-cli.d.ts +54 -0
package/dist/secrets-rotate-cli.js +438 -0
package/dist/secrets-rotate-cli.js.map +1 -0
package/dist/secrets-rotate.d.ts +38 -0
package/dist/secrets-rotate.js +65 -0
package/dist/secrets-rotate.js.map +1 -0
package/dist/secrets-service.d.ts +73 -0
package/dist/secrets-service.js +283 -0
package/dist/secrets-service.js.map +1 -0
package/dist/secrets-set.d.ts +25 -0
package/dist/secrets-set.js +33 -0
package/dist/secrets-set.js.map +1 -0
package/dist/secrets-sync.d.ts +21 -0
package/dist/secrets-sync.js +215 -0
package/dist/secrets-sync.js.map +1 -0
package/dist/secrets-validate.d.ts +41 -0
package/dist/secrets-validate.js +126 -0
package/dist/secrets-validate.js.map +1 -0
package/dist/secrets-vault-migrate.d.ts +71 -0
package/dist/secrets-vault-migrate.js +258 -0
package/dist/secrets-vault-migrate.js.map +1 -0
package/dist/secrets.d.ts +16 -0
package/dist/secrets.js +72 -0
package/dist/secrets.js.map +1 -0
package/dist/security-hardening.d.ts +150 -0
package/dist/security-hardening.js +275 -0
package/dist/security-hardening.js.map +1 -0
package/dist/security-policy.d.ts +89 -0
package/dist/security-policy.js +174 -0
package/dist/security-policy.js.map +1 -0
package/dist/security-prescan.d.ts +117 -0
package/dist/security-prescan.js +566 -0
package/dist/security-prescan.js.map +1 -0
package/dist/sentry-adapter.d.ts +49 -0
package/dist/sentry-adapter.js +227 -0
package/dist/sentry-adapter.js.map +1 -0
package/dist/service-adapter.d.ts +94 -0
package/dist/service-adapter.js +162 -0
package/dist/service-adapter.js.map +1 -0
package/dist/skills.d.ts +13 -0
package/dist/skills.js +17 -0
package/dist/skills.js.map +1 -0
package/dist/sla-monitor.d.ts +107 -0
package/dist/sla-monitor.js +233 -0
package/dist/sla-monitor.js.map +1 -0
package/dist/stack-detector.d.ts +12 -0
package/dist/stack-detector.js +251 -0
package/dist/stack-detector.js.map +1 -0
package/dist/team-model.d.ts +58 -0
package/dist/team-model.js +83 -0
package/dist/team-model.js.map +1 -0
package/dist/team-service.d.ts +54 -0
package/dist/team-service.js +206 -0
package/dist/team-service.js.map +1 -0
package/dist/toml-generator.d.ts +8 -0
package/dist/toml-generator.js +223 -0
package/dist/toml-generator.js.map +1 -0
package/dist/triage-sandbox.d.ts +34 -0
package/dist/triage-sandbox.js +167 -0
package/dist/triage-sandbox.js.map +1 -0
package/dist/triage.d.ts +30 -0
package/dist/triage.js +79 -0
package/dist/triage.js.map +1 -0
package/dist/update-check.d.ts +13 -0
package/dist/update-check.js +91 -0
package/dist/update-check.js.map +1 -0
package/dist/utils/colors.d.ts +14 -0
package/dist/utils/colors.js +15 -0
package/dist/utils/colors.js.map +1 -0
package/dist/utils/didYouMean.d.ts +15 -0
package/dist/utils/didYouMean.js +47 -0
package/dist/utils/didYouMean.js.map +1 -0
package/dist/utils/exec.d.ts +21 -0
package/dist/utils/exec.js +23 -0
package/dist/utils/exec.js.map +1 -0
package/dist/utils/execFileNoThrow.d.ts +14 -0
package/dist/utils/execFileNoThrow.js +29 -0
package/dist/utils/execFileNoThrow.js.map +1 -0
package/dist/utils/flags.d.ts +19 -0
package/dist/utils/flags.js +36 -0
package/dist/utils/flags.js.map +1 -0
package/dist/utils/parseCommand.d.ts +16 -0
package/dist/utils/parseCommand.js +13 -0
package/dist/utils/parseCommand.js.map +1 -0
package/dist/utils/prompt.d.ts +13 -0
package/dist/utils/prompt.js +35 -0
package/dist/utils/prompt.js.map +1 -0
package/dist/utils/promptSelect.d.ts +19 -0
package/dist/utils/promptSelect.js +89 -0
package/dist/utils/promptSelect.js.map +1 -0
package/dist/utils/redactSecrets.d.ts +24 -0
package/dist/utils/redactSecrets.js +134 -0
package/dist/utils/redactSecrets.js.map +1 -0
package/dist/validation/dynamic-schema.d.ts +29 -0
package/dist/validation/dynamic-schema.js +76 -0
package/dist/validation/dynamic-schema.js.map +1 -0
package/package.json +52 -0

package/dist/utils/flags.d.ts ADDED Viewed

@@ -0,0 +1,19 @@
+/**
+ * Tiny argv flag helpers — one consistent way to read CLI flags instead of
+ * ad-hoc `argv.indexOf("--x")` / `argv.includes("--x")` scattered per command.
+ *
+ * Behavior matches the historical idioms (space-separated `--flag value`,
+ * boolean presence) and additionally accepts the `--flag=value` form.
+ */
+/** True if any of the given flag names is present in argv. */
+export declare function hasFlag(argv: readonly string[], ...names: string[]): boolean;
+/**
+ * Value for `--name value` or `--name=value`. Returns `undefined` when the flag
+ * is absent (or present as the final token with no following value).
+ */
+export declare function flagValue(argv: readonly string[], name: string): string | undefined;
+/**
+ * Integer value for a flag, or `fallback` when absent / non-numeric.
+ * Mirrors the common `const n = idx >= 0 ? parseInt(args[idx+1]) : default` idiom.
+ */
+export declare function flagInt(argv: readonly string[], name: string, fallback: number): number;

package/dist/utils/flags.js ADDED Viewed

@@ -0,0 +1,36 @@
+/**
+ * Tiny argv flag helpers — one consistent way to read CLI flags instead of
+ * ad-hoc `argv.indexOf("--x")` / `argv.includes("--x")` scattered per command.
+ *
+ * Behavior matches the historical idioms (space-separated `--flag value`,
+ * boolean presence) and additionally accepts the `--flag=value` form.
+ */
+/** True if any of the given flag names is present in argv. */
+export function hasFlag(argv, ...names) {
+    return names.some((n) => argv.includes(n));
+}
+/**
+ * Value for `--name value` or `--name=value`. Returns `undefined` when the flag
+ * is absent (or present as the final token with no following value).
+ */
+export function flagValue(argv, name) {
+    const inline = argv.find((a) => a.startsWith(`${name}=`));
+    if (inline !== undefined)
+        return inline.slice(name.length + 1);
+    const i = argv.indexOf(name);
+    if (i < 0)
+        return undefined;
+    return argv[i + 1];
+}
+/**
+ * Integer value for a flag, or `fallback` when absent / non-numeric.
+ * Mirrors the common `const n = idx >= 0 ? parseInt(args[idx+1]) : default` idiom.
+ */
+export function flagInt(argv, name, fallback) {
+    const raw = flagValue(argv, name);
+    if (raw === undefined)
+        return fallback;
+    const n = Number.parseInt(raw, 10);
+    return Number.isNaN(n) ? fallback : n;
+}
+//# sourceMappingURL=flags.js.map

package/dist/utils/flags.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"flags.js","sourceRoot":"","sources":["../../src/utils/flags.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,8DAA8D;AAC9D,MAAM,UAAU,OAAO,CAAC,IAAuB,EAAE,GAAG,KAAe;IACjE,OAAO,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;AAC7C,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,SAAS,CAAC,IAAuB,EAAE,IAAY;IAC7D,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,CAAC;IAC1D,IAAI,MAAM,KAAK,SAAS;QAAE,OAAO,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC/D,MAAM,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAC7B,IAAI,CAAC,GAAG,CAAC;QAAE,OAAO,SAAS,CAAC;IAC5B,OAAO,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;AACrB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,OAAO,CAAC,IAAuB,EAAE,IAAY,EAAE,QAAgB;IAC7E,MAAM,GAAG,GAAG,SAAS,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAClC,IAAI,GAAG,KAAK,SAAS;QAAE,OAAO,QAAQ,CAAC;IACvC,MAAM,CAAC,GAAG,MAAM,CAAC,QAAQ,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;IACnC,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;AACxC,CAAC"}

package/dist/utils/parseCommand.d.ts ADDED Viewed

@@ -0,0 +1,16 @@
+/**
+ * Parses a string from .kit.toml service config (login/check command).
+ *
+ * Adapters sometimes provide `#`-prefixed values as documentation when there
+ * is no CLI to invoke (e.g. `# resend — no CLI login; set RESEND_API_KEY`).
+ * Without this guard those strings get exec()'d and spawn fails with ENOENT.
+ */
+export type ParsedCommand = {
+    kind: "informational";
+    message: string;
+} | {
+    kind: "executable";
+    cmd: string;
+    args: string[];
+};
+export declare function parseCommand(command: string): ParsedCommand;

package/dist/utils/parseCommand.js ADDED Viewed

@@ -0,0 +1,13 @@
+export function parseCommand(command) {
+    const trimmed = command.trim();
+    if (trimmed.startsWith("#")) {
+        return {
+            kind: "informational",
+            message: trimmed.replace(/^#\s*/, ""),
+        };
+    }
+    const parts = trimmed.split(/\s+/);
+    const [cmd, ...args] = parts;
+    return { kind: "executable", cmd, args };
+}
+//# sourceMappingURL=parseCommand.js.map

package/dist/utils/parseCommand.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"parseCommand.js","sourceRoot":"","sources":["../../src/utils/parseCommand.ts"],"names":[],"mappings":"AAWA,MAAM,UAAU,YAAY,CAAC,OAAe;IAC1C,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;IAC/B,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QAC5B,OAAO;YACL,IAAI,EAAE,eAAe;YACrB,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC;SACtC,CAAC;IACJ,CAAC;IACD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IACnC,MAAM,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,KAAK,CAAC;IAC7B,OAAO,EAAE,IAAI,EAAE,YAAY,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC;AAC3C,CAAC"}

package/dist/utils/prompt.d.ts ADDED Viewed

@@ -0,0 +1,13 @@
+/**
+ * Prompt the user for Y/n confirmation.
+ *
+ * On no-TTY (piped / CI) and on timeout the result is `defaultValue`. It
+ * defaults to `true` (auto-yes) to preserve the historical "[Y/n] auto-yes"
+ * behavior — but DESTRUCTIVE/irreversible confirmations MUST pass
+ * `defaultValue = false` so a walk-away or a piped invocation fails closed
+ * (e.g. the jwt-secret-roll "auto-no in 15s" cutover).
+ *
+ * Extracted from cli.ts so command modules (secrets-rotate-cli etc.)
+ * can use it without a circular import back into the CLI entry point.
+ */
+export declare function promptConfirm(prompt: string, timeoutMs?: number, defaultValue?: boolean): Promise<boolean>;

package/dist/utils/prompt.js ADDED Viewed

@@ -0,0 +1,35 @@
+/**
+ * Prompt the user for Y/n confirmation.
+ *
+ * On no-TTY (piped / CI) and on timeout the result is `defaultValue`. It
+ * defaults to `true` (auto-yes) to preserve the historical "[Y/n] auto-yes"
+ * behavior — but DESTRUCTIVE/irreversible confirmations MUST pass
+ * `defaultValue = false` so a walk-away or a piped invocation fails closed
+ * (e.g. the jwt-secret-roll "auto-no in 15s" cutover).
+ *
+ * Extracted from cli.ts so command modules (secrets-rotate-cli etc.)
+ * can use it without a circular import back into the CLI entry point.
+ */
+export async function promptConfirm(prompt, timeoutMs = 5000, defaultValue = true) {
+    // Skip prompt when stdin is not a TTY (piped / CI) — fall back to the default.
+    if (!process.stdin.isTTY)
+        return defaultValue;
+    return new Promise((resolve) => {
+        process.stdout.write(prompt);
+        const timer = setTimeout(() => {
+            process.stdout.write("\n");
+            process.stdin.removeAllListeners("data");
+            process.stdin.pause();
+            resolve(defaultValue);
+        }, timeoutMs);
+        process.stdin.setEncoding("utf-8");
+        process.stdin.resume();
+        process.stdin.once("data", (data) => {
+            clearTimeout(timer);
+            process.stdin.pause();
+            const answer = data.toString().trim().toLowerCase();
+            resolve(answer !== "n" && answer !== "no");
+        });
+    });
+}
+//# sourceMappingURL=prompt.js.map

package/dist/utils/prompt.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"prompt.js","sourceRoot":"","sources":["../../src/utils/prompt.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,MAAc,EACd,SAAS,GAAG,IAAI,EAChB,YAAY,GAAG,IAAI;IAEnB,+EAA+E;IAC/E,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK;QAAE,OAAO,YAAY,CAAC;IAE9C,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC7B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAE7B,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;YAC5B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAC3B,OAAO,CAAC,KAAK,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAC;YACzC,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;YACtB,OAAO,CAAC,YAAY,CAAC,CAAC;QACxB,CAAC,EAAE,SAAS,CAAC,CAAC;QAEd,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QACnC,OAAO,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC;QACvB,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;YAC1C,YAAY,CAAC,KAAK,CAAC,CAAC;YACpB,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;YACtB,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;YACpD,OAAO,CAAC,MAAM,KAAK,GAAG,IAAI,MAAM,KAAK,IAAI,CAAC,CAAC;QAC7C,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/utils/promptSelect.d.ts ADDED Viewed

@@ -0,0 +1,19 @@
+export interface PromptOption {
+    value: string;
+    label: string;
+    /** Optional one-line description shown after the label */
+    hint?: string;
+    /** Mark this option as the recommended default */
+    recommended?: boolean;
+}
+/**
+ * Interactive single-choice prompt. Falls back to the recommended option
+ * (or the first option) when stdin is not a TTY — the same convention
+ * promptConfirm uses, so CI / piped invocations remain deterministic.
+ */
+export declare function promptSelect(question: string, options: PromptOption[]): Promise<string>;
+/**
+ * Multi-choice prompt — accepts a comma-separated list of indices or values.
+ * Defaults to all "recommended" options if any are flagged, otherwise empty.
+ */
+export declare function promptMultiSelect(question: string, options: PromptOption[]): Promise<string[]>;

package/dist/utils/promptSelect.js ADDED Viewed

@@ -0,0 +1,89 @@
+import * as readline from "node:readline/promises";
+/**
+ * Interactive single-choice prompt. Falls back to the recommended option
+ * (or the first option) when stdin is not a TTY — the same convention
+ * promptConfirm uses, so CI / piped invocations remain deterministic.
+ */
+export async function promptSelect(question, options) {
+    const fallback = options.find((o) => o.recommended)?.value ?? options[0]?.value ?? "";
+    if (!process.stdin.isTTY)
+        return fallback;
+    if (options.length === 0)
+        return "";
+    const rl = readline.createInterface({
+        input: process.stdin,
+        output: process.stdout,
+    });
+    try {
+        process.stdout.write(`\n${question}\n`);
+        options.forEach((opt, idx) => {
+            const star = opt.recommended ? " *" : "  ";
+            const hint = opt.hint ? `  — ${opt.hint}` : "";
+            process.stdout.write(`  [${idx + 1}]${star} ${opt.label}${hint}\n`);
+        });
+        const defaultLabel = options.findIndex((o) => o.recommended) + 1 || 1;
+        const answer = (await rl.question(`Choose [1-${options.length}] (default ${defaultLabel}): `)).trim();
+        if (!answer)
+            return fallback;
+        const numeric = Number.parseInt(answer, 10);
+        if (Number.isFinite(numeric) && numeric >= 1 && numeric <= options.length) {
+            return options[numeric - 1].value;
+        }
+        // Accept value-string match as well (e.g. user types "1password")
+        const direct = options.find((o) => o.value.toLowerCase() === answer.toLowerCase());
+        if (direct)
+            return direct.value;
+        process.stdout.write(`Invalid choice "${answer}" — using default.\n`);
+        return fallback;
+    }
+    finally {
+        rl.close();
+    }
+}
+/**
+ * Multi-choice prompt — accepts a comma-separated list of indices or values.
+ * Defaults to all "recommended" options if any are flagged, otherwise empty.
+ */
+export async function promptMultiSelect(question, options) {
+    const defaults = options.filter((o) => o.recommended).map((o) => o.value);
+    if (!process.stdin.isTTY)
+        return defaults;
+    if (options.length === 0)
+        return [];
+    const rl = readline.createInterface({
+        input: process.stdin,
+        output: process.stdout,
+    });
+    try {
+        process.stdout.write(`\n${question}\n`);
+        options.forEach((opt, idx) => {
+            const star = opt.recommended ? " *" : "  ";
+            const hint = opt.hint ? `  — ${opt.hint}` : "";
+            process.stdout.write(`  [${idx + 1}]${star} ${opt.label}${hint}\n`);
+        });
+        const defaultStr = defaults.length
+            ? defaults
+                .map((v) => options.findIndex((o) => o.value === v) + 1)
+                .join(",")
+            : "1";
+        const answer = (await rl.question(`Choose comma-separated (default ${defaultStr}): `)).trim();
+        if (!answer)
+            return defaults;
+        const picked = new Set();
+        for (const token of answer.split(",").map((s) => s.trim()).filter(Boolean)) {
+            const num = Number.parseInt(token, 10);
+            if (Number.isFinite(num) && num >= 1 && num <= options.length) {
+                picked.add(options[num - 1].value);
+                continue;
+            }
+            const direct = options.find((o) => o.value.toLowerCase() === token.toLowerCase());
+            if (direct)
+                picked.add(direct.value);
+        }
+        return [...picked];
+    }
+    finally {
+        rl.close();
+    }
+}
+//# sourceMappingURL=promptSelect.js.map

package/dist/utils/promptSelect.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"promptSelect.js","sourceRoot":"","sources":["../../src/utils/promptSelect.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,QAAQ,MAAM,wBAAwB,CAAC;AAWnD;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,QAAgB,EAChB,OAAuB;IAEvB,MAAM,QAAQ,GACZ,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC,EAAE,KAAK,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,KAAK,IAAI,EAAE,CAAC;IAEvE,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK;QAAE,OAAO,QAAQ,CAAC;IAC1C,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAEpC,MAAM,EAAE,GAAG,QAAQ,CAAC,eAAe,CAAC;QAClC,KAAK,EAAE,OAAO,CAAC,KAAK;QACpB,MAAM,EAAE,OAAO,CAAC,MAAM;KACvB,CAAC,CAAC;IAEH,IAAI,CAAC;QACH,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC;QACxC,OAAO,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;YAC3B,MAAM,IAAI,GAAG,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;YAC3C,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC/C,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,MAAM,GAAG,GAAG,CAAC,IAAI,IAAI,IAAI,GAAG,CAAC,KAAK,GAAG,IAAI,IAAI,CAC9C,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,MAAM,YAAY,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACtE,MAAM,MAAM,GAAG,CACb,MAAM,EAAE,CAAC,QAAQ,CAAC,aAAa,OAAO,CAAC,MAAM,cAAc,YAAY,KAAK,CAAC,CAC9E,CAAC,IAAI,EAAE,CAAC;QAET,IAAI,CAAC,MAAM;YAAE,OAAO,QAAQ,CAAC;QAE7B,MAAM,OAAO,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QAC5C,IAAI,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,OAAO,IAAI,CAAC,IAAI,OAAO,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YAC1E,OAAO,OAAO,CAAC,OAAO,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC;QACpC,CAAC;QAED,kEAAkE;QAClE,MAAM,MAAM,GAAG,OAAO,CAAC,IAAI,CACzB,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,EAAE,KAAK,MAAM,CAAC,WAAW,EAAE,CACtD,CAAC;QACF,IAAI,MAAM;YAAE,OAAO,MAAM,CAAC,KAAK,CAAC;QAEhC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,mBAAmB,MAAM,sBAAsB,CAAC,CAAC;QACtE,OAAO,QAAQ,CAAC;IAClB,CAAC;YAAS,CAAC;QACT,EAAE,CAAC,KAAK,EAAE,CAAC;IACb,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,QAAgB,EAChB,OAAuB;IAEvB,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;IAC1E,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK;QAAE,OAAO,QAAQ,CAAC;IAC1C,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAEpC,MAAM,EAAE,GAAG,QAAQ,CAAC,eAAe,CAAC;QAClC,KAAK,EAAE,OAAO,CAAC,KAAK;QACpB,MAAM,EAAE,OAAO,CAAC,MAAM;KACvB,CAAC,CAAC;IAEH,IAAI,CAAC;QACH,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC;QACxC,OAAO,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;YAC3B,MAAM,IAAI,GAAG,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;YAC3C,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC/C,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,MAAM,GAAG,GAAG,CAAC,IAAI,IAAI,IAAI,GAAG,CAAC,KAAK,GAAG,IAAI,IAAI,CAC9C,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,MAAM,UAAU,GAAG,QAAQ,CAAC,MAAM;YAChC,CAAC,CAAC,QAAQ;iBACL,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC;iBACvD,IAAI,CAAC,GAAG,CAAC;YACd,CAAC,CAAC,GAAG,CAAC;QACR,MAAM,MAAM,GAAG,CACb,MAAM,EAAE,CAAC,QAAQ,CAAC,mCAAmC,UAAU,KAAK,CAAC,CACtE,CAAC,IAAI,EAAE,CAAC;QAET,IAAI,CAAC,MAAM;YAAE,OAAO,QAAQ,CAAC;QAE7B,MAAM,MAAM,GAAG,IAAI,GAAG,EAAU,CAAC;QACjC,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;YAC3E,MAAM,GAAG,GAAG,MAAM,CAAC,QAAQ,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;YACvC,IAAI,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,GAAG,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;gBAC9D,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;gBACnC,SAAS;YACX,CAAC;YACD,MAAM,MAAM,GAAG,OAAO,CAAC,IAAI,CACzB,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,EAAE,KAAK,KAAK,CAAC,WAAW,EAAE,CACrD,CAAC;YACF,IAAI,MAAM;gBAAE,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACvC,CAAC;QACD,OAAO,CAAC,GAAG,MAAM,CAAC,CAAC;IACrB,CAAC;YAAS,CAAC;QACT,EAAE,CAAC,KAAK,EAAE,CAAC;IACb,CAAC;AACH,CAAC"}

package/dist/utils/redactSecrets.d.ts ADDED Viewed

@@ -0,0 +1,24 @@
+/**
+ * Redacts well-known secret patterns from text before it's stored or logged.
+ *
+ * CLI commands like `stripe config --list` happily print API keys to stdout.
+ * We need to surface auth status without persisting the credential itself —
+ * once it lands in ServiceStatus.output it can leak via audit logs,
+ * escalation messages, or `--json` dumps.
+ *
+ * Patterns are intentionally over-eager: better a false-positive redaction
+ * than a real secret in a log file.
+ */
+interface RedactPattern {
+    re: RegExp;
+    /** Optional label for the redaction (e.g. "stripe-key") for debugging. */
+    label: string;
+}
+export declare const SECRET_PATTERNS: RedactPattern[];
+export declare function redactSecrets(input: string): string;
+export interface SecretFinding {
+    label: string;
+    preview: string;
+}
+export declare function findSecrets(text: string): SecretFinding[];
+export {};

package/dist/utils/redactSecrets.js ADDED Viewed

@@ -0,0 +1,134 @@
+/**
+ * Redacts well-known secret patterns from text before it's stored or logged.
+ *
+ * CLI commands like `stripe config --list` happily print API keys to stdout.
+ * We need to surface auth status without persisting the credential itself —
+ * once it lands in ServiceStatus.output it can leak via audit logs,
+ * escalation messages, or `--json` dumps.
+ *
+ * Patterns are intentionally over-eager: better a false-positive redaction
+ * than a real secret in a log file.
+ */
+export const SECRET_PATTERNS = [
+    // Stripe — sk_test_, sk_live_, pk_test_, pk_live_, rk_test_, rk_live_,
+    // whsec_, sk_test_..., 24+ random chars
+    { re: /\b(sk|pk|rk)_(test|live)_[A-Za-z0-9]{20,}/g, label: "stripe-key" },
+    { re: /\bwhsec_[A-Za-z0-9]{20,}/g, label: "stripe-webhook-secret" },
+    // GitHub PATs and tokens
+    { re: /\bghp_[A-Za-z0-9]{30,}/g, label: "github-classic-pat" },
+    { re: /\bgho_[A-Za-z0-9]{30,}/g, label: "github-oauth" },
+    { re: /\b(ghs|ghu|ghr)_[A-Za-z0-9]{30,}/g, label: "github-server-token" },
+    { re: /\bgithub_pat_[A-Za-z0-9_]{60,}/g, label: "github-fine-pat" },
+    // AWS — AKIA + 16 uppercase, ASIA + 16 (STS), and 40-char secret keys
+    { re: /\b(AKIA|ASIA)[A-Z0-9]{16}\b/g, label: "aws-access-key" },
+    { re: /aws_secret_access_key\s*=\s*[A-Za-z0-9/+]{40}/gi, label: "aws-secret-key" },
+    // Google / GCP service-account JSON fragments
+    { re: /"private_key":\s*"-----BEGIN [^"]+-----[\s\S]+?-----END [^"]+-----\\n"/g, label: "gcp-private-key" },
+    { re: /\bAIza[0-9A-Za-z\-_]{35}\b/g, label: "google-api-key" },
+    // Slack
+    { re: /\bxox[abprs]-[A-Za-z0-9-]{10,}/g, label: "slack-token" },
+    // Generic JWT (3 dot-separated base64url segments)
+    { re: /\beyJ[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}\b/g, label: "jwt" },
+    // Supabase service-role JWT pattern (anon/service keys are JWTs; caught above)
+    // OpenAI / Anthropic API keys
+    { re: /\bsk-(proj-|ant-)[A-Za-z0-9_-]{30,}/g, label: "ai-api-key" },
+    { re: /\bsk-[A-Za-z0-9]{40,}/g, label: "openai-key" },
+    // Resend
+    { re: /\bre_[A-Za-z0-9_]{20,}/g, label: "resend-key" },
+    // Generic `KEY=high-entropy` — catches rotation values that get echoed
+    // back inside `op item create ... KEY=<value>` style error messages.
+    // Only triggers on uppercase-snake-case identifiers followed by `=`
+    // and a 20+ char base64url-ish blob, to avoid clobbering normal config.
+    //
+    // Negative lookahead excludes well-known non-credential env vars whose
+    // values are public identifiers or status strings (UUIDs, task statuses,
+    // wake reasons). These show up constantly in agent transcripts and would
+    // otherwise drown real credential findings.
+    //
+    // KIT_* — kit's own env vars (flags, policy hash) are runtime-injected, never
+    //               are credentials.
+    // GITHUB_RUN_ID / GITHUB_SHA — CI metadata.
+    {
+        re: /(?<!_)\b(?!(?:KIT|GITHUB|CI|RUNNER|VERCEL|RAILWAY|FLY|NEXT_RUNTIME)_)([A-Z][A-Z0-9_]{2,})=([A-Za-z0-9_\-+/]{20,})/g,
+        label: "kv-secret",
+    },
+    // Terraform — `sensitive = "..."` blocks in HCL leak the literal value
+    // unless the operator uses a vault-backed datasource. Catches both the
+    // unquoted and quoted forms.
+    {
+        re: /\bsensitive\s*=\s*"([^"\\]{20,}|[^"\\]*(?:\\.[^"\\]*)*)"/g,
+        label: "terraform-sensitive",
+    },
+    // Terraform state JSON — `.tfstate` files store resolved values, including
+    // database passwords and API tokens that originated from -var or env vars.
+    // Matches `"sensitive_value": "..."` and the more common `"value": "..."`
+    // entries that show up under `outputs.<name>.value`.
+    {
+        re: /"(sensitive_value|value)"\s*:\s*"([A-Za-z0-9_\-+/]{20,})"/g,
+        label: "tfstate-value",
+    },
+    // Generic high-entropy hex tokens (32+ hex chars) — last resort
+    // Skipped intentionally: too many false-positives against commit hashes.
+];
+export function redactSecrets(input) {
+    if (!input)
+        return input;
+    let out = input;
+    for (const { re } of SECRET_PATTERNS) {
+        out = out.replace(re, "[REDACTED]");
+    }
+    return out;
+}
+/**
+ * Scans `text` for the same SECRET_PATTERNS used by redactSecrets and
+ * returns per-match labels + a short masked preview. Useful for warning
+ * the user about plaintext credentials in `.env` files at init time
+ * without echoing the secret itself.
+ */
+/**
+ * Known-public JWT issuers that show up in dev environments and aren't
+ * credential leaks. `supabase-demo` is the issuer used by every `supabase
+ * start` local stack — the anon + service-role keys are public, identical
+ * across every developer's machine, and rotating them does nothing.
+ *
+ * If a JWT decodes with one of these issuers, we drop it from findings.
+ */
+const PUBLIC_JWT_ISSUERS = new Set(["supabase-demo"]);
+function isPublicDemoJwt(jwt) {
+    try {
+        const parts = jwt.split(".");
+        if (parts.length !== 3)
+            return false;
+        // base64url → base64 → decode
+        const payloadB64 = parts[1].replace(/-/g, "+").replace(/_/g, "/");
+        const padded = payloadB64 + "=".repeat((4 - (payloadB64.length % 4)) % 4);
+        const payload = Buffer.from(padded, "base64").toString("utf-8");
+        const parsed = JSON.parse(payload);
+        return !!parsed.iss && PUBLIC_JWT_ISSUERS.has(parsed.iss);
+    }
+    catch {
+        return false;
+    }
+}
+export function findSecrets(text) {
+    if (!text)
+        return [];
+    const findings = [];
+    for (const { re, label } of SECRET_PATTERNS) {
+        const matches = text.matchAll(new RegExp(re.source, re.flags));
+        for (const m of matches) {
+            const raw = m[0];
+            // Skip well-known public demo JWTs (e.g. `supabase start` anon key).
+            if (label === "jwt" && isPublicDemoJwt(raw))
+                continue;
+            const head = raw.slice(0, 6);
+            const tail = raw.length > 12 ? raw.slice(-4) : "";
+            findings.push({
+                label,
+                preview: tail ? `${head}…${tail}` : `${head}…`,
+            });
+        }
+    }
+    return findings;
+}
+//# sourceMappingURL=redactSecrets.js.map

package/dist/utils/redactSecrets.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"redactSecrets.js","sourceRoot":"","sources":["../../src/utils/redactSecrets.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAQH,MAAM,CAAC,MAAM,eAAe,GAAoB;IAC9C,uEAAuE;IACvE,wCAAwC;IACxC,EAAE,EAAE,EAAE,4CAA4C,EAAE,KAAK,EAAE,YAAY,EAAE;IACzE,EAAE,EAAE,EAAE,2BAA2B,EAAE,KAAK,EAAE,uBAAuB,EAAE;IACnE,yBAAyB;IACzB,EAAE,EAAE,EAAE,yBAAyB,EAAE,KAAK,EAAE,oBAAoB,EAAE;IAC9D,EAAE,EAAE,EAAE,yBAAyB,EAAE,KAAK,EAAE,cAAc,EAAE;IACxD,EAAE,EAAE,EAAE,mCAAmC,EAAE,KAAK,EAAE,qBAAqB,EAAE;IACzE,EAAE,EAAE,EAAE,iCAAiC,EAAE,KAAK,EAAE,iBAAiB,EAAE;IACnE,sEAAsE;IACtE,EAAE,EAAE,EAAE,8BAA8B,EAAE,KAAK,EAAE,gBAAgB,EAAE;IAC/D,EAAE,EAAE,EAAE,iDAAiD,EAAE,KAAK,EAAE,gBAAgB,EAAE;IAClF,8CAA8C;IAC9C,EAAE,EAAE,EAAE,yEAAyE,EAAE,KAAK,EAAE,iBAAiB,EAAE;IAC3G,EAAE,EAAE,EAAE,6BAA6B,EAAE,KAAK,EAAE,gBAAgB,EAAE;IAC9D,QAAQ;IACR,EAAE,EAAE,EAAE,iCAAiC,EAAE,KAAK,EAAE,aAAa,EAAE;IAC/D,mDAAmD;IACnD,EAAE,EAAE,EAAE,oEAAoE,EAAE,KAAK,EAAE,KAAK,EAAE;IAC1F,+EAA+E;IAC/E,8BAA8B;IAC9B,EAAE,EAAE,EAAE,sCAAsC,EAAE,KAAK,EAAE,YAAY,EAAE;IACnE,EAAE,EAAE,EAAE,wBAAwB,EAAE,KAAK,EAAE,YAAY,EAAE;IACrD,SAAS;IACT,EAAE,EAAE,EAAE,yBAAyB,EAAE,KAAK,EAAE,YAAY,EAAE;IACtD,uEAAuE;IACvE,qEAAqE;IACrE,oEAAoE;IACpE,wEAAwE;IACxE,EAAE;IACF,uEAAuE;IACvE,yEAAyE;IACzE,yEAAyE;IACzE,4CAA4C;IAC5C,EAAE;IACF,8EAA8E;IAC9E,iCAAiC;IACjC,4CAA4C;IAC5C;QACE,EAAE,EAAE,oHAAoH;QACxH,KAAK,EAAE,WAAW;KACnB;IACD,uEAAuE;IACvE,uEAAuE;IACvE,6BAA6B;IAC7B;QACE,EAAE,EAAE,2DAA2D;QAC/D,KAAK,EAAE,qBAAqB;KAC7B;IACD,2EAA2E;IAC3E,2EAA2E;IAC3E,0EAA0E;IAC1E,qDAAqD;IACrD;QACE,EAAE,EAAE,4DAA4D;QAChE,KAAK,EAAE,eAAe;KACvB;IACD,gEAAgE;IAChE,yEAAyE;CAC1E,CAAC;AAEF,MAAM,UAAU,aAAa,CAAC,KAAa;IACzC,IAAI,CAAC,KAAK;QAAE,OAAO,KAAK,CAAC;IACzB,IAAI,GAAG,GAAG,KAAK,CAAC;IAChB,KAAK,MAAM,EAAE,EAAE,EAAE,IAAI,eAAe,EAAE,CAAC;QACrC,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,EAAE,EAAE,YAAY,CAAC,CAAC;IACtC,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAOD;;;;;GAKG;AACH;;;;;;;GAOG;AACH,MAAM,kBAAkB,GAAG,IAAI,GAAG,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC;AAEtD,SAAS,eAAe,CAAC,GAAW;IAClC,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC7B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,KAAK,CAAC;QACrC,8BAA8B;QAC9B,MAAM,UAAU,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QAClE,MAAM,MAAM,GAAG,UAAU,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAC1E,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QAChE,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAqB,CAAC;QACvD,OAAO,CAAC,CAAC,MAAM,CAAC,GAAG,IAAI,kBAAkB,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC5D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,IAAY;IACtC,IAAI,CAAC,IAAI;QAAE,OAAO,EAAE,CAAC;IACrB,MAAM,QAAQ,GAAoB,EAAE,CAAC;IACrC,KAAK,MAAM,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,eAAe,EAAE,CAAC;QAC5C,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC;QAC/D,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;YACxB,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YACjB,qEAAqE;YACrE,IAAI,KAAK,KAAK,KAAK,IAAI,eAAe,CAAC,GAAG,CAAC;gBAAE,SAAS;YACtD,MAAM,IAAI,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;YAC7B,MAAM,IAAI,GAAG,GAAG,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAClD,QAAQ,CAAC,IAAI,CAAC;gBACZ,KAAK;gBACL,OAAO,EAAE,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,IAAI,IAAI,EAAE,CAAC,CAAC,CAAC,GAAG,IAAI,GAAG;aAC/C,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/validation/dynamic-schema.d.ts ADDED Viewed

@@ -0,0 +1,29 @@
+import { z } from "zod";
+import type { PluginRegistry } from "../plugin-registry.js";
+/**
+ * Create a dynamic Zod schema for web_search provider validation
+ * that includes both built-in and plugin-registered providers
+ */
+export declare function createWebSearchProviderSchema(registry?: PluginRegistry): z.ZodType<string>;
+/**
+ * Create a dynamic schema for web search configuration
+ * that validates provider names against registered plugins
+ */
+export declare function createWebSearchConfigSchema(registry?: PluginRegistry): z.ZodType<{
+    provider?: string;
+    url?: string;
+    apiKey?: string;
+}>;
+/**
+ * Validate web search configuration
+ * Returns validation result with error messages if validation fails
+ */
+export interface ValidationResult {
+    valid: boolean;
+    errors?: string[];
+}
+export declare function validateWebSearchConfig(config: unknown, registry?: PluginRegistry): ValidationResult;
+/**
+ * Get all valid provider names as a string list
+ */
+export declare function getValidProviderNames(registry?: PluginRegistry): string[];

package/dist/validation/dynamic-schema.js ADDED Viewed

@@ -0,0 +1,76 @@
+import { z } from "zod";
+/**
+ * Create a dynamic Zod schema for web_search provider validation
+ * that includes both built-in and plugin-registered providers
+ */
+export function createWebSearchProviderSchema(registry) {
+    const builtInProviders = ["brave", "google", "searxng", "custom"];
+    let providers = builtInProviders;
+    if (registry) {
+        const pluginProviders = Array.from(registry.getWebSearchProviders().keys());
+        providers = Array.from(new Set([...builtInProviders, ...pluginProviders]));
+    }
+    return z.enum(providers);
+}
+/**
+ * Create a dynamic schema for web search configuration
+ * that validates provider names against registered plugins
+ */
+export function createWebSearchConfigSchema(registry) {
+    const providerSchema = createWebSearchProviderSchema(registry);
+    return z
+        .object({
+        provider: providerSchema.optional(),
+        url: z.string().url().optional(),
+        apiKey: z.string().optional(),
+    })
+        .strict()
+        .refine((data) => {
+        // If provider is set, validate it makes sense
+        if (!data.provider) {
+            return true;
+        }
+        // SearXNG requires a URL
+        if (data.provider === "searxng" && !data.url) {
+            return false;
+        }
+        // Brave requires an API key
+        if (data.provider === "brave" && !data.apiKey) {
+            return false;
+        }
+        return true;
+    }, {
+        message: "SearXNG requires 'url' and Brave requires 'apiKey' configuration",
+    });
+}
+export function validateWebSearchConfig(config, registry) {
+    const schema = createWebSearchConfigSchema(registry);
+    try {
+        schema.parse(config);
+        return { valid: true };
+    }
+    catch (err) {
+        if (err instanceof z.ZodError) {
+            return {
+                valid: false,
+                errors: err.issues.map((issue) => `${issue.path.join(".")}: ${issue.message}`),
+            };
+        }
+        return {
+            valid: false,
+            errors: [err instanceof Error ? err.message : "Unknown validation error"],
+        };
+    }
+}
+/**
+ * Get all valid provider names as a string list
+ */
+export function getValidProviderNames(registry) {
+    const builtInProviders = ["brave", "google", "searxng", "custom"];
+    if (!registry) {
+        return builtInProviders;
+    }
+    const pluginProviders = Array.from(registry.getWebSearchProviders().keys());
+    return Array.from(new Set([...builtInProviders, ...pluginProviders]));
+}
+//# sourceMappingURL=dynamic-schema.js.map

package/dist/validation/dynamic-schema.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"dynamic-schema.js","sourceRoot":"","sources":["../../src/validation/dynamic-schema.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAGxB;;;GAGG;AACH,MAAM,UAAU,6BAA6B,CAC3C,QAAyB;IAEzB,MAAM,gBAAgB,GAAG,CAAC,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;IAElE,IAAI,SAAS,GAAG,gBAAgB,CAAC;IAEjC,IAAI,QAAQ,EAAE,CAAC;QACb,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,qBAAqB,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC;QAC5E,SAAS,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,CAAC,GAAG,gBAAgB,EAAE,GAAG,eAAe,CAAC,CAAC,CAAC,CAAC;IAC7E,CAAC;IAED,OAAO,CAAC,CAAC,IAAI,CAAC,SAAkC,CAAC,CAAC;AACpD,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,2BAA2B,CACzC,QAAyB;IAEzB,MAAM,cAAc,GAAG,6BAA6B,CAAC,QAAQ,CAAC,CAAC;IAE/D,OAAO,CAAC;SACL,MAAM,CAAC;QACN,QAAQ,EAAE,cAAc,CAAC,QAAQ,EAAE;QACnC,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;QAChC,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;KAC9B,CAAC;SACD,MAAM,EAAE;SACR,MAAM,CACL,CAAC,IAAI,EAAE,EAAE;QACP,8CAA8C;QAC9C,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACnB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,yBAAyB;QACzB,IAAI,IAAI,CAAC,QAAQ,KAAK,SAAS,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;YAC7C,OAAO,KAAK,CAAC;QACf,CAAC;QAED,4BAA4B;QAC5B,IAAI,IAAI,CAAC,QAAQ,KAAK,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YAC9C,OAAO,KAAK,CAAC;QACf,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC,EACD;QACE,OAAO,EACL,kEAAkE;KACrE,CACF,CAAC;AACN,CAAC;AAWD,MAAM,UAAU,uBAAuB,CACrC,MAAe,EACf,QAAyB;IAEzB,MAAM,MAAM,GAAG,2BAA2B,CAAC,QAAQ,CAAC,CAAC;IAErD,IAAI,CAAC;QACH,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACrB,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IACzB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,GAAG,YAAY,CAAC,CAAC,QAAQ,EAAE,CAAC;YAC9B,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,CACpB,CAAC,KAAK,EAAE,EAAE,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,OAAO,EAAE,CACvD;aACF,CAAC;QACJ,CAAC;QACD,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,MAAM,EAAE,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,0BAA0B,CAAC;SAC1E,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,qBAAqB,CAAC,QAAyB;IAC7D,MAAM,gBAAgB,GAAG,CAAC,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;IAElE,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,OAAO,gBAAgB,CAAC;IAC1B,CAAC;IAED,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,qBAAqB,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC;IAC5E,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,CAAC,GAAG,gBAAgB,EAAE,GAAG,eAAe,CAAC,CAAC,CAAC,CAAC;AACxE,CAAC"}

package/package.json ADDED Viewed

@@ -0,0 +1,52 @@
+{
+  "name": "sandstream-kit",
+  "version": "1.0.0",
+  "description": "developer kit. zero LLM, local-first, multi-vault. one command from git clone to working dev environment.",
+  "license": "MIT",
+  "type": "module",
+  "workspaces": [
+    "packages/*"
+  ],
+  "engines": {
+    "node": ">=22.0.0"
+  },
+  "bin": {
+    "kit": "dist/cli.js"
+  },
+  "exports": {
+    ".": "./dist/mcp-server.js"
+  },
+  "files": [
+    "dist",
+    "README.md"
+  ],
+  "publishConfig": {
+    "access": "public"
+  },
+  "scripts": {
+    "build": "npm run build --workspace=packages/adapter-sdk && npm run build --workspace=packages/kit-plugin-railway && npm run build --workspace=packages/kit-plugin-supabase && npm run build --workspace=packages/kit-plugin-vercel && npm run build --workspace=packages/kit-plugin-github && npm run build --workspace=packages/kit-plugin-stripe && npm run build --workspace=packages/kit-plugin-fly && npm run build --workspace=packages/kit-plugin-cloudflare && npm run build --workspace=packages/kit-plugin-snyk && npm run build --workspace=packages/kit-plugin-wiz && npm run build --workspace=packages/kit-plugin-sentry && tsc && chmod +x dist/cli.js",
+    "build:prod": "npm run build --workspace=packages/adapter-sdk && npm run build --workspace=packages/kit-plugin-railway && npm run build --workspace=packages/kit-plugin-supabase && npm run build --workspace=packages/kit-plugin-vercel && npm run build --workspace=packages/kit-plugin-github && npm run build --workspace=packages/kit-plugin-stripe && npm run build --workspace=packages/kit-plugin-fly && npm run build --workspace=packages/kit-plugin-cloudflare && npm run build --workspace=packages/kit-plugin-snyk && npm run build --workspace=packages/kit-plugin-wiz && npm run build --workspace=packages/kit-plugin-sentry && rm -rf dist && tsc -p tsconfig.prod.json && chmod +x dist/cli.js",
+    "prepublishOnly": "npm run build:prod",
+    "dev": "tsx src/cli.ts",
+    "test": "KIT_BUMBLEBEE=0 KIT_NO_FAILURE_SIM=1 KIT_NO_UPDATE_CHECK=1 node --test --test-timeout=180000 --test-concurrency=2 dist/*.test.js dist/**/*.test.js"
+  },
+  "dependencies": {
+    "@modelcontextprotocol/sdk": "1.29.0",
+    "@upstash/redis": "^1.37.0",
+    "smol-toml": "1.6.1",
+    "zod": "4.3.6"
+  },
+  "devDependencies": {
+    "@types/node": "22.19.15",
+    "tsx": "4.21.0",
+    "typescript": "5.9.3"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/sandstream/kit.git"
+  },
+  "homepage": "https://github.com/sandstream/kit#readme",
+  "bugs": {
+    "url": "https://github.com/sandstream/kit/issues"
+  }
+}