secretless-ai 0.9.2 → 0.10.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +146 -8
- package/dist/backends/config.d.ts +1 -1
- package/dist/backends/config.d.ts.map +1 -1
- package/dist/backends/config.js +2 -2
- package/dist/backends/config.js.map +1 -1
- package/dist/backends/factory.d.ts.map +1 -1
- package/dist/backends/factory.js +4 -0
- package/dist/backends/factory.js.map +1 -1
- package/dist/backends/index.d.ts +1 -0
- package/dist/backends/index.d.ts.map +1 -1
- package/dist/backends/index.js +3 -1
- package/dist/backends/index.js.map +1 -1
- package/dist/backends/keychain-linux.d.ts +1 -0
- package/dist/backends/keychain-linux.d.ts.map +1 -1
- package/dist/backends/keychain-linux.js +63 -21
- package/dist/backends/keychain-linux.js.map +1 -1
- package/dist/backends/keychain-macos.d.ts +1 -0
- package/dist/backends/keychain-macos.d.ts.map +1 -1
- package/dist/backends/keychain-macos.js +69 -22
- package/dist/backends/keychain-macos.js.map +1 -1
- package/dist/backends/onepassword.d.ts +6 -0
- package/dist/backends/onepassword.d.ts.map +1 -1
- package/dist/backends/onepassword.js +53 -16
- package/dist/backends/onepassword.js.map +1 -1
- package/dist/backends/vault.d.ts +44 -0
- package/dist/backends/vault.d.ts.map +1 -0
- package/dist/backends/vault.js +195 -0
- package/dist/backends/vault.js.map +1 -0
- package/dist/broker/policy.d.ts.map +1 -1
- package/dist/broker/policy.js +15 -0
- package/dist/broker/policy.js.map +1 -1
- package/dist/broker/types.d.ts +2 -0
- package/dist/broker/types.d.ts.map +1 -1
- package/dist/cli.js +252 -4
- package/dist/cli.js.map +1 -1
- package/dist/history.d.ts +47 -0
- package/dist/history.d.ts.map +1 -0
- package/dist/history.js +221 -0
- package/dist/history.js.map +1 -0
- package/dist/index.d.ts +3 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +20 -2
- package/dist/index.js.map +1 -1
- package/dist/scan-staged.d.ts.map +1 -1
- package/dist/scan-staged.js +4 -0
- package/dist/scan-staged.js.map +1 -1
- package/dist/scope/aws.d.ts +41 -0
- package/dist/scope/aws.d.ts.map +1 -0
- package/dist/scope/aws.js +434 -0
- package/dist/scope/aws.js.map +1 -0
- package/dist/scope/baselines.d.ts +33 -0
- package/dist/scope/baselines.d.ts.map +1 -0
- package/dist/scope/baselines.js +137 -0
- package/dist/scope/baselines.js.map +1 -0
- package/dist/scope/gcp.d.ts +48 -0
- package/dist/scope/gcp.d.ts.map +1 -0
- package/dist/scope/gcp.js +262 -0
- package/dist/scope/gcp.js.map +1 -0
- package/dist/scope/index.d.ts +39 -0
- package/dist/scope/index.d.ts.map +1 -0
- package/dist/scope/index.js +109 -0
- package/dist/scope/index.js.map +1 -0
- package/dist/scope/types.d.ts +53 -0
- package/dist/scope/types.d.ts.map +1 -0
- package/dist/scope/types.js +9 -0
- package/dist/scope/types.js.map +1 -0
- package/dist/scope/vault.d.ts +25 -0
- package/dist/scope/vault.d.ts.map +1 -0
- package/dist/scope/vault.js +128 -0
- package/dist/scope/vault.js.map +1 -0
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -1,10 +1,12 @@
|
|
|
1
|
-
> **[OpenA2A](https://github.com/opena2a-org
|
|
1
|
+
> **[OpenA2A](https://github.com/opena2a-org)**: [CLI](https://github.com/opena2a-org/opena2a) · [HackMyAgent](https://github.com/opena2a-org/hackmyagent) · [AIM](https://github.com/opena2a-org/agent-identity-management) · [Browser Guard](https://github.com/opena2a-org/AI-BrowserGuard) · [DVAA](https://github.com/opena2a-org/damn-vulnerable-ai-agent) · [Registry](https://registry.opena2a.org)
|
|
2
2
|
|
|
3
3
|
# Secretless AI
|
|
4
4
|
|
|
5
5
|
[](https://www.npmjs.com/package/secretless-ai)
|
|
6
6
|
[](https://opensource.org/licenses/Apache-2.0)
|
|
7
7
|
|
|
8
|
+
Every AI coding assistant in your terminal can read `~/.aws/credentials`, `echo $OPENAI_API_KEY`, and access any secret on your machine. Secretless makes secrets invisible to AI context without changing your workflow.
|
|
9
|
+
|
|
8
10
|
One command to keep secrets out of AI LLMs. Works with Claude Code, Cursor, Copilot, Windsurf, Cline, and Aider.
|
|
9
11
|
|
|
10
12
|
```bash
|
|
@@ -24,6 +26,7 @@ Secretless stores secrets in your choice of backend. Secrets are never in enviro
|
|
|
24
26
|
| `local` | AES-256-GCM encrypted file | None (single machine) | Filesystem | Quick start, simple setups |
|
|
25
27
|
| `keychain` | macOS Keychain / Linux Secret Service | Device-local | OS login | Native OS integration |
|
|
26
28
|
| `1password` | 1Password vault | Cross-device | Biometric (Touch ID) / Service Account | Teams, CI/CD, multi-device |
|
|
29
|
+
| `vault` | HashiCorp Vault KV v2 | Cross-device / cluster | Vault token | Enterprise, self-hosted, team secrets |
|
|
27
30
|
|
|
28
31
|
```bash
|
|
29
32
|
npx secretless-ai backend # Show available backends
|
|
@@ -51,6 +54,56 @@ npx secretless-ai backend set 1password # Switch backend
|
|
|
51
54
|
|
|
52
55
|
**CI/CD:** Set `OP_SERVICE_ACCOUNT_TOKEN` — same secrets, no code changes. No desktop app needed.
|
|
53
56
|
|
|
57
|
+
### HashiCorp Vault Backend
|
|
58
|
+
|
|
59
|
+
Stores secrets in a Vault KV v2 engine using the HTTP API. Zero SDK dependency — raw `fetch` calls.
|
|
60
|
+
|
|
61
|
+
**Setup:**
|
|
62
|
+
|
|
63
|
+
```bash
|
|
64
|
+
brew install vault # Install Vault CLI
|
|
65
|
+
vault server -dev # Start dev server (for testing)
|
|
66
|
+
```
|
|
67
|
+
|
|
68
|
+
```bash
|
|
69
|
+
export VAULT_ADDR=http://127.0.0.1:8200
|
|
70
|
+
export VAULT_TOKEN=<your-token>
|
|
71
|
+
npx secretless-ai backend set vault # Switch backend
|
|
72
|
+
npx secretless-ai secret set DB_PASSWORD=... # Stored in Vault KV v2
|
|
73
|
+
```
|
|
74
|
+
|
|
75
|
+
Supports custom mount paths via backend config. Default mount: `secret`.
|
|
76
|
+
|
|
77
|
+
## Credential Scope Discovery
|
|
78
|
+
|
|
79
|
+
Credentials are not static — their effective permissions change when platforms evolve. Secretless detects when a credential's scope expands beyond its baseline, catching privilege escalation before it becomes a breach.
|
|
80
|
+
|
|
81
|
+
```bash
|
|
82
|
+
npx secretless-ai scope discover MY_CREDENTIAL # Discover current permissions, save baseline
|
|
83
|
+
npx secretless-ai scope check MY_CREDENTIAL # Compare to baseline, report drift
|
|
84
|
+
npx secretless-ai scope list # Show all baselines
|
|
85
|
+
npx secretless-ai scope reset MY_CREDENTIAL # Clear baseline
|
|
86
|
+
```
|
|
87
|
+
|
|
88
|
+
### Supported Providers
|
|
89
|
+
|
|
90
|
+
| Provider | Detection | API Used | Permissions Needed |
|
|
91
|
+
|----------|-----------|----------|-------------------|
|
|
92
|
+
| **GCP** | Service account key JSON | `testIamPermissions` (Cloud Resource Manager) | None (self-inspection) |
|
|
93
|
+
| **Vault** | Token prefix (`hvs.`, `s.`) | `capabilities-self` (Sys) | None (self-inspection) |
|
|
94
|
+
| **AWS** | Access key prefix (`AKIA`) | Planned | — |
|
|
95
|
+
|
|
96
|
+
### How It Works
|
|
97
|
+
|
|
98
|
+
1. Auto-detects the provider from credential format
|
|
99
|
+
2. Calls the provider's self-inspection API to discover current permissions
|
|
100
|
+
3. Compares against the stored baseline (`~/.secretless-ai/scope-baselines.json`)
|
|
101
|
+
4. Reports added/removed permissions and flags scope expansion
|
|
102
|
+
|
|
103
|
+
### Broker Integration
|
|
104
|
+
|
|
105
|
+
Add `scopeCheck: true` to any broker policy rule. The broker will block credential access if the credential's scope has expanded beyond its baseline.
|
|
106
|
+
|
|
54
107
|
## Secret Management
|
|
55
108
|
|
|
56
109
|
Store, list, and inject secrets without exposing them to AI tools.
|
|
@@ -289,10 +342,21 @@ npx secretless-ai hook uninstall # Remove pre-commit hook
|
|
|
289
342
|
| `mcp-unprotect` | Restore original MCP configs |
|
|
290
343
|
| **Backend Management** | |
|
|
291
344
|
| `backend` | Show current backend status |
|
|
292
|
-
| `backend set <TYPE>` | Set backend (local, keychain, 1password) |
|
|
345
|
+
| `backend set <TYPE>` | Set backend (local, keychain, 1password, vault) |
|
|
293
346
|
| `backend list` | List all stored entries |
|
|
294
347
|
| `backend purge [--prefix] [--yes]` | Delete entries from backend |
|
|
295
348
|
| `migrate --from TYPE --to TYPE` | Migrate secrets between backends |
|
|
349
|
+
| **Scope Discovery** | |
|
|
350
|
+
| `scope discover <NAME>` | Discover credential permissions and save baseline |
|
|
351
|
+
| `scope check <NAME>` | Compare current permissions to baseline |
|
|
352
|
+
| `scope list` | Show all scope baselines |
|
|
353
|
+
| `scope reset <NAME>` | Clear a scope baseline |
|
|
354
|
+
| **Shell Integration** | |
|
|
355
|
+
| `env [--only K1,K2]` | Output export statements for stored secrets (use with `eval`) |
|
|
356
|
+
| `scan-staged` | Scan git staged files for secrets (used by pre-commit hook) |
|
|
357
|
+
| **Cache Management** | |
|
|
358
|
+
| `cache clear` | Clear the encrypted secret cache |
|
|
359
|
+
| `cache ttl [DURATION]` | Show or set cache TTL (e.g., `5m`, `1h`, `off`) |
|
|
296
360
|
|
|
297
361
|
## Usage via OpenA2A CLI
|
|
298
362
|
|
|
@@ -316,6 +380,44 @@ opena2a broker start # Start the credential broker daemon
|
|
|
316
380
|
opena2a broker status # Check broker daemon status and connected agents
|
|
317
381
|
```
|
|
318
382
|
|
|
383
|
+
**Policy example** -- define rules in `~/.secretless-ai/broker-policies.json`:
|
|
384
|
+
|
|
385
|
+
```json
|
|
386
|
+
{
|
|
387
|
+
"rules": [
|
|
388
|
+
{
|
|
389
|
+
"id": "scan-agents-read-github",
|
|
390
|
+
"agentSelector": "scan-*",
|
|
391
|
+
"credentialSelector": "GITHUB_*",
|
|
392
|
+
"effect": "allow",
|
|
393
|
+
"constraints": {
|
|
394
|
+
"minTrustScore": 0.7,
|
|
395
|
+
"rateLimit": { "maxPerMinute": 10 },
|
|
396
|
+
"scopeCheck": true
|
|
397
|
+
}
|
|
398
|
+
},
|
|
399
|
+
{
|
|
400
|
+
"id": "deny-all-production-keys",
|
|
401
|
+
"agentSelector": "*",
|
|
402
|
+
"credentialSelector": "PROD_*",
|
|
403
|
+
"effect": "deny",
|
|
404
|
+
"constraints": {}
|
|
405
|
+
}
|
|
406
|
+
]
|
|
407
|
+
}
|
|
408
|
+
```
|
|
409
|
+
|
|
410
|
+
The policy engine is default-deny: deny rules are evaluated first, then allow rules. All constraints must pass for an allow rule to grant access. Supported constraints include `minTrustScore` (AIM trust score), `rateLimit`, `timeWindow`, `requireCapability`, and `scopeCheck` (blocks access if a credential's scope has expanded beyond its baseline).
|
|
411
|
+
|
|
412
|
+
**Request flow:**
|
|
413
|
+
|
|
414
|
+
1. `opena2a broker start` -- starts the broker daemon on a local socket
|
|
415
|
+
2. An agent requests a credential (e.g., `GITHUB_TOKEN`)
|
|
416
|
+
3. The broker verifies the agent's AIM identity token
|
|
417
|
+
4. The policy engine evaluates the request against loaded rules
|
|
418
|
+
5. If allowed, the broker resolves the secret from the configured backend and returns it
|
|
419
|
+
6. If denied, the broker returns an error and logs the attempt to the audit log
|
|
420
|
+
|
|
319
421
|
### Data Loss Prevention (DLP)
|
|
320
422
|
|
|
321
423
|
DLP commands scan AI tool transcripts (conversation logs, shell history, tool output) for accidentally leaked credentials. If an API key, token, or connection string appears in a transcript, DLP flags it so you can rotate the exposed credential.
|
|
@@ -325,6 +427,41 @@ opena2a dlp scan # Scan AI tool transcripts for leaked credentials
|
|
|
325
427
|
opena2a dlp report # Generate a DLP report with findings and remediation steps
|
|
326
428
|
```
|
|
327
429
|
|
|
430
|
+
**Example output from `opena2a dlp scan`:**
|
|
431
|
+
|
|
432
|
+
```
|
|
433
|
+
DLP Transcript Scan
|
|
434
|
+
|
|
435
|
+
Scanning 3 transcript(s)...
|
|
436
|
+
|
|
437
|
+
! claude-code/2026-03-01-project-setup.jsonl
|
|
438
|
+
Line 142: AWS Access Key (AKIA...) — AKIA2EXAMPLE7XRQWZ
|
|
439
|
+
Line 307: Stripe Secret Key (sk_live_...) — sk_live_51J3Example
|
|
440
|
+
|
|
441
|
+
! cursor/composer-history.json
|
|
442
|
+
Line 89: GitHub PAT (ghp_...) — ghp_A1b2C3ExampleToken
|
|
443
|
+
|
|
444
|
+
3 leaked credential(s) found in 2 transcript(s).
|
|
445
|
+
|
|
446
|
+
Rotate these credentials immediately — they have been sent to
|
|
447
|
+
an external API as part of the AI conversation context.
|
|
448
|
+
```
|
|
449
|
+
|
|
450
|
+
Each finding shows the transcript file, line number, credential type, and a truncated value preview. The `opena2a dlp report` command generates a structured report with remediation steps for each finding.
|
|
451
|
+
|
|
452
|
+
### Cross-Product Integration
|
|
453
|
+
|
|
454
|
+
Secretless connects to the wider OpenA2A ecosystem at multiple levels:
|
|
455
|
+
|
|
456
|
+
| Entry Point | Command | What It Does |
|
|
457
|
+
|-------------|---------|--------------|
|
|
458
|
+
| Standalone | `npx secretless-ai init` | Protect AI tool context, manage secrets, encrypt MCP configs |
|
|
459
|
+
| Credential drift | `opena2a protect` | Detect when credential scopes expand beyond their baselines |
|
|
460
|
+
| Credential brokering | `opena2a broker start` | Identity-aware secret injection for AI agents via AIM tokens |
|
|
461
|
+
| Leak detection | `opena2a dlp scan` | Scan transcripts and shell history for exposed credentials |
|
|
462
|
+
|
|
463
|
+
Each layer builds on the previous one. Start with `secretless-ai init` for immediate protection, then add drift detection, brokering, and DLP as your agent deployment grows.
|
|
464
|
+
|
|
328
465
|
### When to Use Which Interface
|
|
329
466
|
|
|
330
467
|
| Use Case | Command |
|
|
@@ -356,7 +493,7 @@ For Claude Code, Secretless installs a PreToolUse hook that intercepts every `Re
|
|
|
356
493
|
|
|
357
494
|
```bash
|
|
358
495
|
npm run build # Compile TypeScript to dist/
|
|
359
|
-
npm test # Run tests (vitest,
|
|
496
|
+
npm test # Run tests (vitest, 638 tests)
|
|
360
497
|
npm run dev # Watch mode — recompile on file changes
|
|
361
498
|
npm run clean # Remove dist/ directory
|
|
362
499
|
```
|
|
@@ -376,11 +513,12 @@ Secretless has zero runtime dependencies.
|
|
|
376
513
|
|
|
377
514
|
| Project | Description | Install |
|
|
378
515
|
|---------|-------------|---------|
|
|
379
|
-
| [**
|
|
380
|
-
| [**HackMyAgent**](https://github.com/opena2a-org/hackmyagent) | Security scanner --
|
|
381
|
-
| [**
|
|
382
|
-
| [**
|
|
383
|
-
| [**DVAA**](https://github.com/opena2a-org/damn-vulnerable-ai-agent) | Damn Vulnerable AI Agent -- security training
|
|
516
|
+
| [**OpenA2A CLI**](https://github.com/opena2a-org/opena2a) | Unified security CLI -- orchestrates all OpenA2A tools | `npx opena2a` |
|
|
517
|
+
| [**HackMyAgent**](https://github.com/opena2a-org/hackmyagent) | Security scanner and red-team toolkit -- checks, attack mode, benchmarks, runtime protection | `npx hackmyagent secure` |
|
|
518
|
+
| [**AIM**](https://github.com/opena2a-org/agent-identity-management) | Agent Identity Management -- identity, access control, and trust scoring for AI agents | Self-hosted |
|
|
519
|
+
| [**AI Browser Guard**](https://github.com/opena2a-org/AI-BrowserGuard) | Browser agent detection and control -- 4-layer detection, delegation engine | Chrome Web Store |
|
|
520
|
+
| [**DVAA**](https://github.com/opena2a-org/damn-vulnerable-ai-agent) | Damn Vulnerable AI Agent -- security training target | `docker pull opena2a/dvaa` |
|
|
521
|
+
| [**Registry**](https://registry.opena2a.org) | Trust registry -- agent discovery, trust scores, supply chain verification | `registry.opena2a.org` |
|
|
384
522
|
|
|
385
523
|
## License
|
|
386
524
|
|
|
@@ -5,7 +5,7 @@
|
|
|
5
5
|
* Resolution priority: explicit CLI flag > config file > default ('local').
|
|
6
6
|
*/
|
|
7
7
|
/** Writable backend types that can be selected by the user. */
|
|
8
|
-
export type SelectableBackendType = 'local' | 'keychain' | '1password';
|
|
8
|
+
export type SelectableBackendType = 'local' | 'keychain' | '1password' | 'vault';
|
|
9
9
|
/** Default cache TTL: 5 minutes (in seconds). */
|
|
10
10
|
export declare const DEFAULT_CACHE_TTL_SECONDS = 300;
|
|
11
11
|
/** Read the current backend configuration. Returns undefined if no config file exists. */
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/backends/config.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAMH,+DAA+D;AAC/D,MAAM,MAAM,qBAAqB,GAAG,OAAO,GAAG,UAAU,GAAG,WAAW,CAAC;
|
|
1
|
+
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/backends/config.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAMH,+DAA+D;AAC/D,MAAM,MAAM,qBAAqB,GAAG,OAAO,GAAG,UAAU,GAAG,WAAW,GAAG,OAAO,CAAC;AAKjF,iDAAiD;AACjD,eAAO,MAAM,yBAAyB,MAAM,CAAC;AAiB7C,0FAA0F;AAC1F,wBAAgB,iBAAiB,IAAI,qBAAqB,GAAG,SAAS,CAWrE;AAED,uDAAuD;AACvD,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,qBAAqB,GAAG,IAAI,CAiBvE;AAED;;;;GAIG;AACH,wBAAgB,kBAAkB,CAAC,YAAY,CAAC,EAAE,MAAM,GAAG,qBAAqB,CAK/E;AAED,+EAA+E;AAC/E,wBAAgB,YAAY,IAAI,MAAM,CAWrC;AAED,yEAAyE;AACzE,wBAAgB,aAAa,CAAC,UAAU,EAAE,MAAM,GAAG,IAAI,CAiBtD;AAED;;;;GAIG;AACH,wBAAgB,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAmBnD;AAED;;GAEG;AACH,wBAAgB,SAAS,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAMjD"}
|
package/dist/backends/config.js
CHANGED
|
@@ -65,7 +65,7 @@ function readBackendConfig() {
|
|
|
65
65
|
try {
|
|
66
66
|
const raw = fs.readFileSync(configPath(), 'utf-8');
|
|
67
67
|
const config = JSON.parse(raw);
|
|
68
|
-
if (config.backend === 'local' || config.backend === 'keychain' || config.backend === '1password') {
|
|
68
|
+
if (config.backend === 'local' || config.backend === 'keychain' || config.backend === '1password' || config.backend === 'vault') {
|
|
69
69
|
return config.backend;
|
|
70
70
|
}
|
|
71
71
|
return undefined;
|
|
@@ -98,7 +98,7 @@ function writeBackendConfig(backend) {
|
|
|
98
98
|
* Priority: explicit flag > config file > default ('local').
|
|
99
99
|
*/
|
|
100
100
|
function resolveBackendType(explicitFlag) {
|
|
101
|
-
if (explicitFlag === 'local' || explicitFlag === 'keychain' || explicitFlag === '1password') {
|
|
101
|
+
if (explicitFlag === 'local' || explicitFlag === 'keychain' || explicitFlag === '1password' || explicitFlag === 'vault') {
|
|
102
102
|
return explicitFlag;
|
|
103
103
|
}
|
|
104
104
|
return readBackendConfig() ?? DEFAULT_BACKEND;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/backends/config.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA+BH,8CAWC;AAGD,gDAiBC;AAOD,gDAKC;AAGD,oCAWC;AAGD,sCAiBC;AAOD,sCAmBC;AAKD,8BAMC;AA/ID,uCAAyB;AACzB,2CAA6B;AAM7B,MAAM,eAAe,GAAG,aAAa,CAAC;AACtC,MAAM,eAAe,GAA0B,OAAO,CAAC;AAEvD,iDAAiD;AACpC,QAAA,yBAAyB,GAAG,GAAG,CAAC;AAQ7C,SAAS,SAAS;IAChB,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,MAAM,CAAC;IACnE,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,gBAAgB,CAAC,CAAC;AAC3C,CAAC;AAED,SAAS,UAAU;IACjB,OAAO,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,EAAE,eAAe,CAAC,CAAC;AACjD,CAAC;AAED,0FAA0F;AAC1F,SAAgB,iBAAiB;IAC/B,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,EAAE,OAAO,CAAC,CAAC;QACnD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAqB,CAAC;QACnD,IAAI,MAAM,CAAC,OAAO,KAAK,OAAO,IAAI,MAAM,CAAC,OAAO,KAAK,UAAU,IAAI,MAAM,CAAC,OAAO,KAAK,WAAW,EAAE,CAAC;
|
|
1
|
+
{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/backends/config.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA+BH,8CAWC;AAGD,gDAiBC;AAOD,gDAKC;AAGD,oCAWC;AAGD,sCAiBC;AAOD,sCAmBC;AAKD,8BAMC;AA/ID,uCAAyB;AACzB,2CAA6B;AAM7B,MAAM,eAAe,GAAG,aAAa,CAAC;AACtC,MAAM,eAAe,GAA0B,OAAO,CAAC;AAEvD,iDAAiD;AACpC,QAAA,yBAAyB,GAAG,GAAG,CAAC;AAQ7C,SAAS,SAAS;IAChB,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,MAAM,CAAC;IACnE,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,gBAAgB,CAAC,CAAC;AAC3C,CAAC;AAED,SAAS,UAAU;IACjB,OAAO,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,EAAE,eAAe,CAAC,CAAC;AACjD,CAAC;AAED,0FAA0F;AAC1F,SAAgB,iBAAiB;IAC/B,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,EAAE,OAAO,CAAC,CAAC;QACnD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAqB,CAAC;QACnD,IAAI,MAAM,CAAC,OAAO,KAAK,OAAO,IAAI,MAAM,CAAC,OAAO,KAAK,UAAU,IAAI,MAAM,CAAC,OAAO,KAAK,WAAW,IAAI,MAAM,CAAC,OAAO,KAAK,OAAO,EAAE,CAAC;YAChI,OAAO,MAAM,CAAC,OAAO,CAAC;QACxB,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED,uDAAuD;AACvD,SAAgB,kBAAkB,CAAC,OAA8B;IAC/D,MAAM,GAAG,GAAG,SAAS,EAAE,CAAC;IACxB,EAAE,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAEpD,MAAM,EAAE,GAAG,UAAU,EAAE,CAAC;IACxB,IAAI,MAAM,GAAqB,EAAE,CAAC;IAClC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;QACzC,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAqB,CAAC;IAC/C,CAAC;IAAC,MAAM,CAAC;QACP,mDAAmD;IACrD,CAAC;IAED,MAAM,CAAC,OAAO,GAAG,OAAO,CAAC;IACzB,MAAM,OAAO,GAAG,EAAE,GAAG,MAAM,CAAC;IAC5B,EAAE,CAAC,aAAa,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACnF,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;AAC7B,CAAC;AAED;;;;GAIG;AACH,SAAgB,kBAAkB,CAAC,YAAqB;IACtD,IAAI,YAAY,KAAK,OAAO,IAAI,YAAY,KAAK,UAAU,IAAI,YAAY,KAAK,WAAW,IAAI,YAAY,KAAK,OAAO,EAAE,CAAC;QACxH,OAAO,YAAY,CAAC;IACtB,CAAC;IACD,OAAO,iBAAiB,EAAE,IAAI,eAAe,CAAC;AAChD,CAAC;AAED,+EAA+E;AAC/E,SAAgB,YAAY;IAC1B,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,EAAE,OAAO,CAAC,CAAC;QACnD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAqB,CAAC;QACnD,IAAI,OAAO,MAAM,CAAC,QAAQ,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,IAAI,CAAC,EAAE,CAAC;YAChE,OAAO,MAAM,CAAC,QAAQ,CAAC;QACzB,CAAC;QACD,OAAO,iCAAyB,CAAC;IACnC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,iCAAyB,CAAC;IACnC,CAAC;AACH,CAAC;AAED,yEAAyE;AACzE,SAAgB,aAAa,CAAC,UAAkB;IAC9C,MAAM,GAAG,GAAG,SAAS,EAAE,CAAC;IACxB,EAAE,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAEpD,MAAM,EAAE,GAAG,UAAU,EAAE,CAAC;IACxB,IAAI,MAAM,GAAqB,EAAE,CAAC;IAClC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;QACzC,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAqB,CAAC;IAC/C,CAAC;IAAC,MAAM,CAAC;QACP,mDAAmD;IACrD,CAAC;IAED,MAAM,CAAC,QAAQ,GAAG,UAAU,CAAC;IAC7B,MAAM,OAAO,GAAG,EAAE,GAAG,MAAM,CAAC;IAC5B,EAAE,CAAC,aAAa,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACnF,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;AAC7B,CAAC;AAED;;;;GAIG;AACH,SAAgB,aAAa,CAAC,KAAa;IACzC,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC3C,IAAI,OAAO,KAAK,KAAK,IAAI,OAAO,KAAK,GAAG;QAAE,OAAO,CAAC,CAAC;IAEnD,wBAAwB;IACxB,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC;QAAE,OAAO,QAAQ,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;IAExD,gBAAgB;IAChB,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;IACnD,IAAI,CAAC,KAAK;QAAE,OAAO,CAAC,CAAC,CAAC;IAEtB,MAAM,MAAM,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACtC,QAAQ,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;QACjB,KAAK,GAAG,CAAC,CAAC,OAAO,MAAM,CAAC;QACxB,KAAK,GAAG,CAAC,CAAC,OAAO,MAAM,GAAG,EAAE,CAAC;QAC7B,KAAK,GAAG,CAAC,CAAC,OAAO,MAAM,GAAG,IAAI,CAAC;QAC/B,KAAK,GAAG,CAAC,CAAC,OAAO,MAAM,GAAG,KAAK,CAAC;QAChC,OAAO,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;IACrB,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAgB,SAAS,CAAC,OAAe;IACvC,IAAI,OAAO,IAAI,CAAC;QAAE,OAAO,KAAK,CAAC;IAC/B,IAAI,OAAO,GAAG,EAAE;QAAE,OAAO,GAAG,OAAO,GAAG,CAAC;IACvC,IAAI,OAAO,GAAG,IAAI;QAAE,OAAO,GAAG,OAAO,GAAG,EAAE,GAAG,CAAC;IAC9C,IAAI,OAAO,GAAG,KAAK;QAAE,OAAO,GAAG,OAAO,GAAG,IAAI,GAAG,CAAC;IACjD,OAAO,GAAG,OAAO,GAAG,KAAK,GAAG,CAAC;AAC/B,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"factory.d.ts","sourceRoot":"","sources":["../../src/backends/factory.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;
|
|
1
|
+
{"version":3,"file":"factory.d.ts","sourceRoot":"","sources":["../../src/backends/factory.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AASH,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,SAAS,CAAC;AACrD,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,UAAU,CAAC;AAEtD;;;;;GAKG;AACH,wBAAgB,aAAa,CAC3B,IAAI,EAAE,qBAAqB,EAC3B,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC/B,qBAAqB,CA4BvB;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,IAAI;IAAE,SAAS,EAAE,OAAO,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAgC/F;AAED;;;GAGG;AACH,wBAAgB,sBAAsB,IAAI;IAAE,SAAS,EAAE,OAAO,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAwBhF"}
|
package/dist/backends/factory.js
CHANGED
|
@@ -14,6 +14,7 @@ const local_1 = require("./local");
|
|
|
14
14
|
const keychain_macos_1 = require("./keychain-macos");
|
|
15
15
|
const keychain_linux_1 = require("./keychain-linux");
|
|
16
16
|
const onepassword_1 = require("./onepassword");
|
|
17
|
+
const vault_1 = require("./vault");
|
|
17
18
|
const cache_1 = require("./cache");
|
|
18
19
|
const config_1 = require("./config");
|
|
19
20
|
/**
|
|
@@ -31,6 +32,9 @@ function createBackend(type, config) {
|
|
|
31
32
|
case '1password':
|
|
32
33
|
backend = new onepassword_1.OnePasswordBackend(config);
|
|
33
34
|
break;
|
|
35
|
+
case 'vault':
|
|
36
|
+
backend = new vault_1.VaultBackend(config);
|
|
37
|
+
break;
|
|
34
38
|
case 'local':
|
|
35
39
|
default:
|
|
36
40
|
// Local backend uses file-based encryption — no OS prompts, no cache needed
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"factory.js","sourceRoot":"","sources":["../../src/backends/factory.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;
|
|
1
|
+
{"version":3,"file":"factory.js","sourceRoot":"","sources":["../../src/backends/factory.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;AAkBH,sCA+BC;AAMD,kDAgCC;AAMD,wDAwBC;AAnHD,mCAAuC;AACvC,qDAAwD;AACxD,qDAAwD;AACxD,+CAAmD;AACnD,mCAAuC;AACvC,mCAAwC;AACxC,qCAAwC;AAIxC;;;;;GAKG;AACH,SAAgB,aAAa,CAC3B,IAA2B,EAC3B,MAAgC;IAEhC,IAAI,OAA8B,CAAC;IAEnC,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,UAAU;YACb,OAAO,GAAG,qBAAqB,CAAC,MAAM,CAAC,CAAC;YACxC,MAAM;QAER,KAAK,WAAW;YACd,OAAO,GAAG,IAAI,gCAAkB,CAAC,MAAM,CAAC,CAAC;YACzC,MAAM;QAER,KAAK,OAAO;YACV,OAAO,GAAG,IAAI,oBAAY,CAAC,MAAM,CAAC,CAAC;YACnC,MAAM;QAER,KAAK,OAAO,CAAC;QACb;YACE,4EAA4E;YAC5E,OAAO,IAAI,oBAAY,CAAC,MAAM,CAAC,CAAC;IACpC,CAAC;IAED,kFAAkF;IAClF,MAAM,UAAU,GAAG,IAAA,qBAAY,GAAE,CAAC;IAClC,IAAI,UAAU,GAAG,CAAC,EAAE,CAAC;QACnB,OAAO,IAAI,qBAAa,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,UAAU,GAAG,IAAI,EAAE,CAAC,CAAC;IAClE,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;GAGG;AACH,SAAgB,mBAAmB;IACjC,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IAElC,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC1B,IAAI,CAAC;YACH,MAAM,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC;YAClD,YAAY,CAAC,UAAU,EAAE,CAAC,kBAAkB,CAAC,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;YAClE,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,6BAA6B,EAAE,CAAC;QACxF,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,kCAAkC,EAAE,CAAC;QAC9F,CAAC;IACH,CAAC;IAED,IAAI,QAAQ,KAAK,OAAO,EAAE,CAAC;QACzB,IAAI,CAAC;YACH,MAAM,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC;YAClD,YAAY,CAAC,OAAO,EAAE,CAAC,aAAa,CAAC,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;YAC1D,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,iDAAiD,EAAE,CAAC;QAC5G,CAAC;QAAC,MAAM,CAAC;YACP,OAAO;gBACL,SAAS,EAAE,KAAK;gBAChB,QAAQ,EAAE,OAAO;gBACjB,OAAO,EAAE,4FAA4F;aACtG,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO;QACL,SAAS,EAAE,KAAK;QAChB,QAAQ,EAAE,QAAQ;QAClB,OAAO,EAAE,mCAAmC,QAAQ,kCAAkC;KACvF,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,SAAgB,sBAAsB;IACpC,IAAI,CAAC;QACH,MAAM,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC;QAClD,YAAY,CAAC,IAAI,EAAE,CAAC,WAAW,CAAC,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;IACvD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;YACL,SAAS,EAAE,KAAK;YAChB,OAAO,EAAE,qFAAqF;SAC/F,CAAC;IACJ,CAAC;IAED,IAAI,CAAC;QACH,MAAM,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC;QAClD,YAAY,CAAC,IAAI,EAAE,CAAC,SAAS,EAAE,KAAK,EAAE,UAAU,EAAE,MAAM,CAAC,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;QAC9E,OAAO;YACL,SAAS,EAAE,IAAI;YACf,OAAO,EAAE,2CAA2C;SACrD,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;YACL,SAAS,EAAE,KAAK;YAChB,OAAO,EAAE,6FAA6F;SACvG,CAAC;IACJ,CAAC;AACH,CAAC;AAED,SAAS,qBAAqB,CAAC,MAAgC;IAC7D,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IAElC,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC1B,OAAO,IAAI,qCAAoB,CAAC,MAAM,CAAC,CAAC;IAC1C,CAAC;IAED,IAAI,QAAQ,KAAK,OAAO,EAAE,CAAC;QACzB,OAAO,IAAI,qCAAoB,CAAC,MAAM,CAAC,CAAC;IAC1C,CAAC;IAED,2DAA2D;IAC3D,OAAO,CAAC,KAAK,CACX,4CAA4C,QAAQ,4CAA4C,CACjG,CAAC;IACF,OAAO,IAAI,oBAAY,CAAC,MAAM,CAAC,CAAC;AAClC,CAAC"}
|
package/dist/backends/index.d.ts
CHANGED
|
@@ -2,6 +2,7 @@ export type { SecretBackend, WritableSecretBackend, BackendHealth, BackendConfig
|
|
|
2
2
|
export { LocalBackend } from './local';
|
|
3
3
|
export { MacOSKeychainBackend } from './keychain-macos';
|
|
4
4
|
export { LinuxKeychainBackend } from './keychain-linux';
|
|
5
|
+
export { VaultBackend, type VaultBackendConfig } from './vault';
|
|
5
6
|
export { createBackend, isKeychainAvailable } from './factory';
|
|
6
7
|
export { readBackendConfig, writeBackendConfig, resolveBackendType, readCacheTtl, writeCacheTtl, parseDuration, formatTtl, DEFAULT_CACHE_TTL_SECONDS, type SelectableBackendType } from './config';
|
|
7
8
|
export { CachedBackend, clearCacheFile } from './cache';
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/backends/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,aAAa,EAAE,qBAAqB,EAAE,aAAa,EAAE,aAAa,EAAE,WAAW,EAAE,gBAAgB,EAAE,MAAM,SAAS,CAAC;AACjI,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EAAE,oBAAoB,EAAE,MAAM,kBAAkB,CAAC;AACxD,OAAO,EAAE,oBAAoB,EAAE,MAAM,kBAAkB,CAAC;AACxD,OAAO,EAAE,aAAa,EAAE,mBAAmB,EAAE,MAAM,WAAW,CAAC;AAC/D,OAAO,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,YAAY,EAAE,aAAa,EAAE,aAAa,EAAE,SAAS,EAAE,yBAAyB,EAAE,KAAK,qBAAqB,EAAE,MAAM,UAAU,CAAC;AACnM,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AACxD,OAAO,EAAE,cAAc,EAAE,KAAK,cAAc,EAAE,KAAK,aAAa,EAAE,MAAM,WAAW,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/backends/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,aAAa,EAAE,qBAAqB,EAAE,aAAa,EAAE,aAAa,EAAE,WAAW,EAAE,gBAAgB,EAAE,MAAM,SAAS,CAAC;AACjI,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EAAE,oBAAoB,EAAE,MAAM,kBAAkB,CAAC;AACxD,OAAO,EAAE,oBAAoB,EAAE,MAAM,kBAAkB,CAAC;AACxD,OAAO,EAAE,YAAY,EAAE,KAAK,kBAAkB,EAAE,MAAM,SAAS,CAAC;AAChE,OAAO,EAAE,aAAa,EAAE,mBAAmB,EAAE,MAAM,WAAW,CAAC;AAC/D,OAAO,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,YAAY,EAAE,aAAa,EAAE,aAAa,EAAE,SAAS,EAAE,yBAAyB,EAAE,KAAK,qBAAqB,EAAE,MAAM,UAAU,CAAC;AACnM,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AACxD,OAAO,EAAE,cAAc,EAAE,KAAK,cAAc,EAAE,KAAK,aAAa,EAAE,MAAM,WAAW,CAAC"}
|
package/dist/backends/index.js
CHANGED
|
@@ -1,12 +1,14 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.migrateSecrets = exports.clearCacheFile = exports.CachedBackend = exports.DEFAULT_CACHE_TTL_SECONDS = exports.formatTtl = exports.parseDuration = exports.writeCacheTtl = exports.readCacheTtl = exports.resolveBackendType = exports.writeBackendConfig = exports.readBackendConfig = exports.isKeychainAvailable = exports.createBackend = exports.LinuxKeychainBackend = exports.MacOSKeychainBackend = exports.LocalBackend = void 0;
|
|
3
|
+
exports.migrateSecrets = exports.clearCacheFile = exports.CachedBackend = exports.DEFAULT_CACHE_TTL_SECONDS = exports.formatTtl = exports.parseDuration = exports.writeCacheTtl = exports.readCacheTtl = exports.resolveBackendType = exports.writeBackendConfig = exports.readBackendConfig = exports.isKeychainAvailable = exports.createBackend = exports.VaultBackend = exports.LinuxKeychainBackend = exports.MacOSKeychainBackend = exports.LocalBackend = void 0;
|
|
4
4
|
var local_1 = require("./local");
|
|
5
5
|
Object.defineProperty(exports, "LocalBackend", { enumerable: true, get: function () { return local_1.LocalBackend; } });
|
|
6
6
|
var keychain_macos_1 = require("./keychain-macos");
|
|
7
7
|
Object.defineProperty(exports, "MacOSKeychainBackend", { enumerable: true, get: function () { return keychain_macos_1.MacOSKeychainBackend; } });
|
|
8
8
|
var keychain_linux_1 = require("./keychain-linux");
|
|
9
9
|
Object.defineProperty(exports, "LinuxKeychainBackend", { enumerable: true, get: function () { return keychain_linux_1.LinuxKeychainBackend; } });
|
|
10
|
+
var vault_1 = require("./vault");
|
|
11
|
+
Object.defineProperty(exports, "VaultBackend", { enumerable: true, get: function () { return vault_1.VaultBackend; } });
|
|
10
12
|
var factory_1 = require("./factory");
|
|
11
13
|
Object.defineProperty(exports, "createBackend", { enumerable: true, get: function () { return factory_1.createBackend; } });
|
|
12
14
|
Object.defineProperty(exports, "isKeychainAvailable", { enumerable: true, get: function () { return factory_1.isKeychainAvailable; } });
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/backends/index.ts"],"names":[],"mappings":";;;AACA,iCAAuC;AAA9B,qGAAA,YAAY,OAAA;AACrB,mDAAwD;AAA/C,sHAAA,oBAAoB,OAAA;AAC7B,mDAAwD;AAA/C,sHAAA,oBAAoB,OAAA;AAC7B,qCAA+D;AAAtD,wGAAA,aAAa,OAAA;AAAE,8GAAA,mBAAmB,OAAA;AAC3C,mCAAmM;AAA1L,2GAAA,iBAAiB,OAAA;AAAE,4GAAA,kBAAkB,OAAA;AAAE,4GAAA,kBAAkB,OAAA;AAAE,sGAAA,YAAY,OAAA;AAAE,uGAAA,aAAa,OAAA;AAAE,uGAAA,aAAa,OAAA;AAAE,mGAAA,SAAS,OAAA;AAAE,mHAAA,yBAAyB,OAAA;AACpJ,iCAAwD;AAA/C,sGAAA,aAAa,OAAA;AAAE,uGAAA,cAAc,OAAA;AACtC,qCAAoF;AAA3E,yGAAA,cAAc,OAAA"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/backends/index.ts"],"names":[],"mappings":";;;AACA,iCAAuC;AAA9B,qGAAA,YAAY,OAAA;AACrB,mDAAwD;AAA/C,sHAAA,oBAAoB,OAAA;AAC7B,mDAAwD;AAA/C,sHAAA,oBAAoB,OAAA;AAC7B,iCAAgE;AAAvD,qGAAA,YAAY,OAAA;AACrB,qCAA+D;AAAtD,wGAAA,aAAa,OAAA;AAAE,8GAAA,mBAAmB,OAAA;AAC3C,mCAAmM;AAA1L,2GAAA,iBAAiB,OAAA;AAAE,4GAAA,kBAAkB,OAAA;AAAE,4GAAA,kBAAkB,OAAA;AAAE,sGAAA,YAAY,OAAA;AAAE,uGAAA,aAAa,OAAA;AAAE,uGAAA,aAAa,OAAA;AAAE,mGAAA,SAAS,OAAA;AAAE,mHAAA,yBAAyB,OAAA;AACpJ,iCAAwD;AAA/C,sGAAA,aAAa,OAAA;AAAE,uGAAA,cAAc,OAAA;AACtC,qCAAoF;AAA3E,yGAAA,cAAc,OAAA"}
|
|
@@ -21,6 +21,7 @@ export declare class LinuxKeychainBackend implements WritableSecretBackend {
|
|
|
21
21
|
resolve(secretPath: string): Promise<Record<string, string>>;
|
|
22
22
|
delete(key: string): Promise<boolean>;
|
|
23
23
|
healthCheck(): Promise<BackendHealth>;
|
|
24
|
+
private lookupSecret;
|
|
24
25
|
private readIndex;
|
|
25
26
|
private writeIndex;
|
|
26
27
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"keychain-linux.d.ts","sourceRoot":"","sources":["../../src/backends/keychain-linux.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAKH,OAAO,KAAK,EAAE,qBAAqB,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;
|
|
1
|
+
{"version":3,"file":"keychain-linux.d.ts","sourceRoot":"","sources":["../../src/backends/keychain-linux.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAKH,OAAO,KAAK,EAAE,qBAAqB,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAcpE,qBAAa,oBAAqB,YAAW,qBAAqB;IAChE,QAAQ,CAAC,IAAI,oBAAoB;IACjC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAS;gBAEvB,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;IAOtC,KAAK,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAiChD,OAAO,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAkB5D,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAoCrC,WAAW,IAAI,OAAO,CAAC,aAAa,CAAC;IAkB3C,OAAO,CAAC,YAAY;IAapB,OAAO,CAAC,SAAS;IAUjB,OAAO,CAAC,UAAU;CAKnB"}
|
|
@@ -51,8 +51,16 @@ exports.LinuxKeychainBackend = void 0;
|
|
|
51
51
|
const child_process_1 = require("child_process");
|
|
52
52
|
const fs = __importStar(require("fs"));
|
|
53
53
|
const path = __importStar(require("path"));
|
|
54
|
-
const
|
|
54
|
+
const LEGACY_SERVICE_NAME = 'secretless';
|
|
55
55
|
const INDEX_FILENAME = 'keychain-index.json';
|
|
56
|
+
/**
|
|
57
|
+
* Derive a per-key service name so password managers show a descriptive
|
|
58
|
+
* name instead of "secretless" for every entry.
|
|
59
|
+
*/
|
|
60
|
+
function serviceNameFor(key) {
|
|
61
|
+
const lastSegment = key.split('/').pop() ?? key;
|
|
62
|
+
return `Secretless: ${lastSegment}`;
|
|
63
|
+
}
|
|
56
64
|
class LinuxKeychainBackend {
|
|
57
65
|
constructor(config) {
|
|
58
66
|
this.name = 'keychain-linux';
|
|
@@ -62,11 +70,23 @@ class LinuxKeychainBackend {
|
|
|
62
70
|
this.indexPath = path.join(storeDir, INDEX_FILENAME);
|
|
63
71
|
}
|
|
64
72
|
async store(key, value) {
|
|
73
|
+
const svc = serviceNameFor(key);
|
|
74
|
+
// Delete legacy entry to prevent duplicates
|
|
75
|
+
try {
|
|
76
|
+
(0, child_process_1.execFileSync)('secret-tool', [
|
|
77
|
+
'clear',
|
|
78
|
+
'service', LEGACY_SERVICE_NAME,
|
|
79
|
+
'account', key,
|
|
80
|
+
], { stdio: 'pipe' });
|
|
81
|
+
}
|
|
82
|
+
catch {
|
|
83
|
+
// No legacy entry — that's fine
|
|
84
|
+
}
|
|
65
85
|
// secret-tool store reads the value from stdin
|
|
66
86
|
(0, child_process_1.execFileSync)('secret-tool', [
|
|
67
87
|
'store',
|
|
68
|
-
|
|
69
|
-
'service',
|
|
88
|
+
`--label=Secretless: ${key}`,
|
|
89
|
+
'service', svc,
|
|
70
90
|
'account', key,
|
|
71
91
|
], {
|
|
72
92
|
input: value,
|
|
@@ -84,38 +104,47 @@ class LinuxKeychainBackend {
|
|
|
84
104
|
const matchingKeys = index.filter(k => k === secretPath || k.startsWith(secretPath + '/'));
|
|
85
105
|
const results = {};
|
|
86
106
|
for (const key of matchingKeys) {
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
], { stdio: ['pipe', 'pipe', 'pipe'], encoding: 'utf-8' }).trimEnd();
|
|
93
|
-
if (value) {
|
|
94
|
-
results[key] = value;
|
|
95
|
-
}
|
|
96
|
-
}
|
|
97
|
-
catch {
|
|
98
|
-
// Key was in index but not in keyring — skip
|
|
107
|
+
// Try new per-key service name first, fall back to legacy
|
|
108
|
+
const value = this.lookupSecret(serviceNameFor(key), key)
|
|
109
|
+
?? this.lookupSecret(LEGACY_SERVICE_NAME, key);
|
|
110
|
+
if (value) {
|
|
111
|
+
results[key] = value;
|
|
99
112
|
}
|
|
100
113
|
}
|
|
101
114
|
return results;
|
|
102
115
|
}
|
|
103
116
|
async delete(key) {
|
|
117
|
+
let deleted = false;
|
|
118
|
+
// Delete new-format entry
|
|
119
|
+
try {
|
|
120
|
+
(0, child_process_1.execFileSync)('secret-tool', [
|
|
121
|
+
'clear',
|
|
122
|
+
'service', serviceNameFor(key),
|
|
123
|
+
'account', key,
|
|
124
|
+
], { stdio: 'pipe' });
|
|
125
|
+
deleted = true;
|
|
126
|
+
}
|
|
127
|
+
catch {
|
|
128
|
+
// Not found with new service name
|
|
129
|
+
}
|
|
130
|
+
// Also delete legacy entry if it exists
|
|
104
131
|
try {
|
|
105
132
|
(0, child_process_1.execFileSync)('secret-tool', [
|
|
106
133
|
'clear',
|
|
107
|
-
'service',
|
|
134
|
+
'service', LEGACY_SERVICE_NAME,
|
|
108
135
|
'account', key,
|
|
109
136
|
], { stdio: 'pipe' });
|
|
110
|
-
|
|
137
|
+
deleted = true;
|
|
138
|
+
}
|
|
139
|
+
catch {
|
|
140
|
+
// No legacy entry
|
|
141
|
+
}
|
|
142
|
+
if (deleted) {
|
|
111
143
|
const index = this.readIndex();
|
|
112
144
|
const filtered = index.filter(k => k !== key);
|
|
113
145
|
this.writeIndex(filtered);
|
|
114
|
-
return true;
|
|
115
|
-
}
|
|
116
|
-
catch {
|
|
117
|
-
return false;
|
|
118
146
|
}
|
|
147
|
+
return deleted;
|
|
119
148
|
}
|
|
120
149
|
async healthCheck() {
|
|
121
150
|
const start = Date.now();
|
|
@@ -135,6 +164,19 @@ class LinuxKeychainBackend {
|
|
|
135
164
|
};
|
|
136
165
|
}
|
|
137
166
|
}
|
|
167
|
+
lookupSecret(service, account) {
|
|
168
|
+
try {
|
|
169
|
+
const value = (0, child_process_1.execFileSync)('secret-tool', [
|
|
170
|
+
'lookup',
|
|
171
|
+
'service', service,
|
|
172
|
+
'account', account,
|
|
173
|
+
], { stdio: ['pipe', 'pipe', 'pipe'], encoding: 'utf-8' }).trimEnd();
|
|
174
|
+
return value || null;
|
|
175
|
+
}
|
|
176
|
+
catch {
|
|
177
|
+
return null;
|
|
178
|
+
}
|
|
179
|
+
}
|
|
138
180
|
readIndex() {
|
|
139
181
|
try {
|
|
140
182
|
const raw = fs.readFileSync(this.indexPath, 'utf-8');
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"keychain-linux.js","sourceRoot":"","sources":["../../src/backends/keychain-linux.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;GAaG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,iDAA6C;AAC7C,uCAAyB;AACzB,2CAA6B;AAG7B,MAAM,
|
|
1
|
+
{"version":3,"file":"keychain-linux.js","sourceRoot":"","sources":["../../src/backends/keychain-linux.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;GAaG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,iDAA6C;AAC7C,uCAAyB;AACzB,2CAA6B;AAG7B,MAAM,mBAAmB,GAAG,YAAY,CAAC;AACzC,MAAM,cAAc,GAAG,qBAAqB,CAAC;AAE7C;;;GAGG;AACH,SAAS,cAAc,CAAC,GAAW;IACjC,MAAM,WAAW,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,GAAG,CAAC;IAChD,OAAO,eAAe,WAAW,EAAE,CAAC;AACtC,CAAC;AAED,MAAa,oBAAoB;IAI/B,YAAY,MAAgC;QAHnC,SAAI,GAAG,gBAAgB,CAAC;QAI/B,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,MAAM,CAAC;QACxC,MAAM,QAAQ,GAAI,MAAM,EAAE,QAAmB,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,gBAAgB,EAAE,OAAO,CAAC,CAAC;QAC5F,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QACzD,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;IACvD,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,GAAW,EAAE,KAAa;QACpC,MAAM,GAAG,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC;QAEhC,4CAA4C;QAC5C,IAAI,CAAC;YACH,IAAA,4BAAY,EAAC,aAAa,EAAE;gBAC1B,OAAO;gBACP,SAAS,EAAE,mBAAmB;gBAC9B,SAAS,EAAE,GAAG;aACf,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;QACxB,CAAC;QAAC,MAAM,CAAC;YACP,gCAAgC;QAClC,CAAC;QAED,+CAA+C;QAC/C,IAAA,4BAAY,EAAC,aAAa,EAAE;YAC1B,OAAO;YACP,uBAAuB,GAAG,EAAE;YAC5B,SAAS,EAAE,GAAG;YACd,SAAS,EAAE,GAAG;SACf,EAAE;YACD,KAAK,EAAE,KAAK;YACZ,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;SAChC,CAAC,CAAC;QAEH,eAAe;QACf,MAAM,KAAK,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;QAC/B,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YACzB,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAChB,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;QACzB,CAAC;IACH,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,UAAkB;QAC9B,MAAM,KAAK,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;QAC/B,MAAM,YAAY,GAAG,KAAK,CAAC,MAAM,CAC/B,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,UAAU,IAAI,CAAC,CAAC,UAAU,CAAC,UAAU,GAAG,GAAG,CAAC,CACxD,CAAC;QAEF,MAAM,OAAO,GAA2B,EAAE,CAAC;QAC3C,KAAK,MAAM,GAAG,IAAI,YAAY,EAAE,CAAC;YAC/B,0DAA0D;YAC1D,MAAM,KAAK,GAAG,IAAI,CAAC,YAAY,CAAC,cAAc,CAAC,GAAG,CAAC,EAAE,GAAG,CAAC;mBACpD,IAAI,CAAC,YAAY,CAAC,mBAAmB,EAAE,GAAG,CAAC,CAAC;YACjD,IAAI,KAAK,EAAE,CAAC;gBACV,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;YACvB,CAAC;QACH,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,GAAW;QACtB,IAAI,OAAO,GAAG,KAAK,CAAC;QAEpB,0BAA0B;QAC1B,IAAI,CAAC;YACH,IAAA,4BAAY,EAAC,aAAa,EAAE;gBAC1B,OAAO;gBACP,SAAS,EAAE,cAAc,CAAC,GAAG,CAAC;gBAC9B,SAAS,EAAE,GAAG;aACf,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;YACtB,OAAO,GAAG,IAAI,CAAC;QACjB,CAAC;QAAC,MAAM,CAAC;YACP,kCAAkC;QACpC,CAAC;QAED,wCAAwC;QACxC,IAAI,CAAC;YACH,IAAA,4BAAY,EAAC,aAAa,EAAE;gBAC1B,OAAO;gBACP,SAAS,EAAE,mBAAmB;gBAC9B,SAAS,EAAE,GAAG;aACf,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;YACtB,OAAO,GAAG,IAAI,CAAC;QACjB,CAAC;QAAC,MAAM,CAAC;YACP,kBAAkB;QACpB,CAAC;QAED,IAAI,OAAO,EAAE,CAAC;YACZ,MAAM,KAAK,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;YAC/B,MAAM,QAAQ,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC;YAC9C,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;QAC5B,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,KAAK,CAAC,WAAW;QACf,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACzB,IAAI,CAAC;YACH,IAAA,4BAAY,EAAC,OAAO,EAAE,CAAC,aAAa,CAAC,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;YAC1D,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;gBAC7B,OAAO,EAAE,8CAA8C;aACxD,CAAC;QACJ,CAAC;QAAC,MAAM,CAAC;YACP,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;gBAC7B,OAAO,EAAE,4FAA4F;aACtG,CAAC;QACJ,CAAC;IACH,CAAC;IAEO,YAAY,CAAC,OAAe,EAAE,OAAe;QACnD,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,IAAA,4BAAY,EAAC,aAAa,EAAE;gBACxC,QAAQ;gBACR,SAAS,EAAE,OAAO;gBAClB,SAAS,EAAE,OAAO;aACnB,EAAE,EAAE,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC;YACrE,OAAO,KAAK,IAAI,IAAI,CAAC;QACvB,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAEO,SAAS;QACf,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;YACrD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAC/B,OAAO,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;QAC7C,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;IAEO,UAAU,CAAC,IAAc;QAC/B,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,GAAG,MAAM,CAAC;QACxC,EAAE,CAAC,aAAa,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QACjF,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;IACzC,CAAC;CACF;AAhJD,oDAgJC"}
|
|
@@ -19,6 +19,7 @@ export declare class MacOSKeychainBackend implements WritableSecretBackend {
|
|
|
19
19
|
resolve(secretPath: string): Promise<Record<string, string>>;
|
|
20
20
|
delete(key: string): Promise<boolean>;
|
|
21
21
|
healthCheck(): Promise<BackendHealth>;
|
|
22
|
+
private findPassword;
|
|
22
23
|
private readIndex;
|
|
23
24
|
private writeIndex;
|
|
24
25
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"keychain-macos.d.ts","sourceRoot":"","sources":["../../src/backends/keychain-macos.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAKH,OAAO,KAAK,EAAE,qBAAqB,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;
|
|
1
|
+
{"version":3,"file":"keychain-macos.d.ts","sourceRoot":"","sources":["../../src/backends/keychain-macos.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAKH,OAAO,KAAK,EAAE,qBAAqB,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAuCpE,qBAAa,oBAAqB,YAAW,qBAAqB;IAChE,QAAQ,CAAC,IAAI,oBAAoB;IACjC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAS;gBAEvB,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;IAOtC,KAAK,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IA0ChD,OAAO,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAkB5D,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAoCrC,WAAW,IAAI,OAAO,CAAC,aAAa,CAAC;IAkB3C,OAAO,CAAC,YAAY;IAapB,OAAO,CAAC,SAAS;IAUjB,OAAO,CAAC,UAAU;CAKnB"}
|