signet-auth 1.0.0-beta.0

package/dist/cli/formatters.js

@@ -0,0 +1,25 @@
+export function formatJson(data) {
+    return JSON.stringify(data, null, 2);
+}
+export function formatTable(rows) {
+    if (rows.length === 0)
+        return '';
+    const columns = Object.keys(rows[0]);
+    const widths = new Map();
+    for (const col of columns) {
+        let max = col.length;
+        for (const row of rows) {
+            const len = (row[col] ?? '').length;
+            if (len > max)
+                max = len;
+        }
+        widths.set(col, max);
+    }
+    const header = columns.map(c => c.toUpperCase().padEnd(widths.get(c))).join('  ');
+    const separator = columns.map(c => '-'.repeat(widths.get(c))).join('  ');
+    const body = rows.map(row => columns.map(c => (row[c] ?? '').padEnd(widths.get(c))).join('  '));
+    return [header, separator, ...body].join('\n');
+}
+export function formatCredentialHeaders(headers) {
+    return Object.entries(headers).map(([k, v]) => `${k}: ${v}`).join('\n');
+}

package/dist/cli/main.d.ts

@@ -0,0 +1,8 @@
+interface ParsedArgs {
+    command: string;
+    positionals: string[];
+    flags: Record<string, string | boolean>;
+}
+export declare function parseArgs(args: string[]): ParsedArgs;
+export declare function run(args: string[]): Promise<void>;
+export {};

package/dist/cli/main.js

@@ -0,0 +1,125 @@
+import { existsSync } from 'node:fs';
+import { loadConfig, getConfigPath } from '../config/loader.js';
+import { createAuthDeps } from '../deps.js';
+import { isOk } from '../core/result.js';
+import { runGet } from './commands/get.js';
+import { runLogin } from './commands/login.js';
+import { runStatus } from './commands/status.js';
+import { runLogout } from './commands/logout.js';
+import { runProviders } from './commands/providers.js';
+import { runRequest } from './commands/request.js';
+import { runRemote } from './commands/remote.js';
+import { runSync } from './commands/sync.js';
+import { runInit } from './commands/init.js';
+import { runDoctor } from './commands/doctor.js';
+export function parseArgs(args) {
+    const firstIsFlag = args[0]?.startsWith('--');
+    const command = firstIsFlag ? 'help' : (args[0] ?? 'help');
+    const positionals = [];
+    const flags = {};
+    let i = firstIsFlag ? 0 : 1;
+    while (i < args.length) {
+        const arg = args[i];
+        if (arg.startsWith('--')) {
+            const key = arg.slice(2);
+            const next = args[i + 1];
+            if (next !== undefined && !next.startsWith('--')) {
+                flags[key] = next;
+                i += 2;
+            }
+            else {
+                flags[key] = true;
+                i += 1;
+            }
+        }
+        else {
+            positionals.push(arg);
+            i += 1;
+        }
+    }
+    return { command, positionals, flags };
+}
+const HELP = `Usage: sig <command> [options]
+
+Commands:
+  init                   Set up Signet configuration (interactive)
+  get <provider|url>     Get credential headers for a provider or URL
+  login <url>            Authenticate with a system (browser or token)
+  request <url>          Make an authenticated HTTP request
+  status [provider]      Show authentication status
+  logout [provider]      Clear stored credentials
+  providers              List configured providers
+  remote                 Manage remote credential stores
+  sync                   Sync credentials with a remote
+  doctor                 Check environment and configuration
+
+Global options:
+  --format <json|table|header|value|body>   Output format
+  --help                                    Show this help message
+`;
+const DEPS_COMMANDS = new Set(['get', 'login', 'status', 'logout', 'providers', 'request', 'sync']);
+export async function run(args) {
+    const { command, positionals, flags } = parseArgs(args);
+    if (command === 'help' || flags.help === true) {
+        process.stdout.write(HELP);
+        return;
+    }
+    // Commands that don't need deps (run before config exists)
+    if (command === 'init') {
+        await runInit(positionals, flags);
+        return;
+    }
+    if (command === 'doctor') {
+        await runDoctor(positionals, flags);
+        return;
+    }
+    let deps;
+    if (DEPS_COMMANDS.has(command)) {
+        // First-run detection: check if config file exists before loading
+        const configPath = getConfigPath();
+        if (!existsSync(configPath)) {
+            process.stderr.write('\nWelcome to Signet!\n\n' +
+                `  No config file found at ${configPath}\n` +
+                '  Run "sig init" to set up your configuration.\n\n');
+            process.exitCode = 1;
+            return;
+        }
+        const configResult = await loadConfig();
+        if (!isOk(configResult)) {
+            process.stderr.write(`Config error: ${configResult.error.message}\n`);
+            process.exitCode = 1;
+            return;
+        }
+        deps = createAuthDeps(configResult.value);
+    }
+    switch (command) {
+        case 'get':
+            await runGet(positionals, flags, deps);
+            break;
+        case 'login':
+            await runLogin(positionals, flags, deps);
+            break;
+        case 'request':
+            await runRequest(positionals, flags, deps);
+            break;
+        case 'status':
+            await runStatus(positionals, flags, deps);
+            break;
+        case 'logout':
+            await runLogout(positionals, flags, deps);
+            break;
+        case 'providers':
+            await runProviders(positionals, flags, deps);
+            break;
+        case 'remote':
+            await runRemote(positionals, flags);
+            break;
+        case 'sync':
+            await runSync(positionals, flags, deps);
+            break;
+        default:
+            process.stderr.write(`Unknown command: ${command}\n\n`);
+            process.stdout.write(HELP);
+            process.exitCode = 1;
+    }
+}

package/dist/config/generator.d.ts

@@ -0,0 +1,24 @@
+/**
+ * Config YAML generator for signet.
+ * Uses template literals (NOT YAML.stringify) to preserve comments.
+ */
+export interface InitOptions {
+    channel: string;
+    browserDataDir: string;
+    credentialsDir: string;
+    headlessTimeout: number;
+    visibleTimeout: number;
+    waitUntil: string;
+    providers?: Array<{
+        id: string;
+        domains: string[];
+        strategy: string;
+        entryUrl?: string;
+        config?: Record<string, unknown>;
+    }>;
+}
+/**
+ * Generate a commented YAML config string from the given options.
+ * Uses template literals to preserve comments and formatting.
+ */
+export declare function generateConfigYaml(options: InitOptions): string;

package/dist/config/generator.js

@@ -0,0 +1,97 @@
+/**
+ * Config YAML generator for signet.
+ * Uses template literals (NOT YAML.stringify) to preserve comments.
+ */
+function yamlArray(items) {
+    return `[${items.map(d => `"${d}"`).join(', ')}]`;
+}
+function renderProviderConfig(config, indent) {
+    const spaces = ' '.repeat(indent);
+    const lines = [];
+    for (const [key, value] of Object.entries(config)) {
+        if (Array.isArray(value)) {
+            lines.push(`${spaces}${key}: ${yamlArray(value)}`);
+        }
+        else if (typeof value === 'string') {
+            lines.push(`${spaces}${key}: ${value}`);
+        }
+        else if (typeof value === 'number' || typeof value === 'boolean') {
+            lines.push(`${spaces}${key}: ${String(value)}`);
+        }
+    }
+    return lines.join('\n');
+}
+function renderProvider(provider) {
+    const lines = [];
+    lines.push(`  ${provider.id}:`);
+    lines.push(`    domains: ${yamlArray(provider.domains)}`);
+    lines.push(`    strategy: ${provider.strategy}`);
+    if (provider.entryUrl) {
+        lines.push(`    entryUrl: ${provider.entryUrl}`);
+    }
+    if (provider.config && Object.keys(provider.config).length > 0) {
+        lines.push('    config:');
+        lines.push(renderProviderConfig(provider.config, 6));
+    }
+    return lines.join('\n');
+}
+/**
+ * Generate a commented YAML config string from the given options.
+ * Uses template literals to preserve comments and formatting.
+ */
+export function generateConfigYaml(options) {
+    const providerSection = options.providers && options.providers.length > 0
+        ? options.providers.map(p => renderProvider(p)).join('\n\n')
+        : `  # No providers configured yet.
+  # Add providers here or use "sig login <url>" for auto-provisioning.
+  #
+  # Example — cookie-based (SSO):
+  #   my-jira:
+  #     domains: ["jira.example.com"]
+  #     strategy: cookie
+  #     config:
+  #       ttl: "12h"
+  #
+  # Example — API token:
+  #   github:
+  #     domains: ["github.com", "api.github.com"]
+  #     strategy: api-token
+  #     config:
+  #       headerName: Authorization
+  #       headerPrefix: Bearer`;
+    return `# Signet unified configuration
+# Generated by "sig init". All configuration lives in this single file.
+# Documentation: https://github.com/pylon/signet
+
+# Browser settings (required)
+# Controls browser automation for cookie and OAuth2 authentication.
+browser:
+  browserDataDir: ${options.browserDataDir}   # Persistent browser profile directory
+  channel: ${options.channel}                        # Browser channel (chrome, msedge, chromium)
+  headlessTimeout: ${options.headlessTimeout}                 # Timeout for headless auth attempt (ms)
+  visibleTimeout: ${options.visibleTimeout}                # Timeout for visible/user-assisted auth (ms)
+  waitUntil: ${options.waitUntil}                       # Page load condition (load, networkidle, domcontentloaded, commit)
+
+# Storage settings (required)
+# Where per-provider credential files are stored.
+storage:
+  credentialsDir: ${options.credentialsDir}   # Per-provider credential files directory
+
+# Remote credential stores (optional)
+# Sync credentials to/from remote machines via SSH.
+# remotes:
+#   dev-server:
+#     type: ssh
+#     host: dev.example.com
+#     user: deploy
+#     path: ~/.signet/credentials
+#     sshKey: ~/.ssh/id_ed25519
+
+# Provider configurations
+# Cookie-based providers (most SSO systems) don't need config at all —
+# just call "sig login https://jira.example.com" and it auto-provisions.
+# Only create entries here for OAuth2, API tokens, or advanced settings.
+providers:
+${providerSection}
+`;
+}

package/dist/config/loader.d.ts

@@ -0,0 +1,21 @@
+/**
+ * Single config file loader for signet.
+ * Reads ONLY ~/.signet/config.yaml — no cascade, no env vars.
+ */
+import type { Result } from '../core/result.js';
+import { type AuthError } from '../core/errors.js';
+import type { SignetConfig } from './schema.js';
+/**
+ * Load and validate the unified config from ~/.signet/config.yaml.
+ * Returns Result<SignetConfig, AuthError>.
+ */
+export declare function loadConfig(): Promise<Result<SignetConfig, AuthError>>;
+/**
+ * Save the full config back to ~/.signet/config.yaml.
+ * Used by remote add/remove commands to persist changes.
+ */
+export declare function saveConfig(config: SignetConfig): Promise<void>;
+/**
+ * Get the config file path (for error messages).
+ */
+export declare function getConfigPath(): string;

package/dist/config/loader.js

@@ -0,0 +1,54 @@
+/**
+ * Single config file loader for signet.
+ * Reads ONLY ~/.signet/config.yaml — no cascade, no env vars.
+ */
+import fs from 'node:fs/promises';
+import path from 'node:path';
+import os from 'node:os';
+import YAML from 'yaml';
+import { err } from '../core/result.js';
+import { ConfigError } from '../core/errors.js';
+import { validateConfig } from './validator.js';
+const CONFIG_PATH = path.join(os.homedir(), '.signet', 'config.yaml');
+/**
+ * Load and validate the unified config from ~/.signet/config.yaml.
+ * Returns Result<SignetConfig, AuthError>.
+ */
+export async function loadConfig() {
+    let content;
+    try {
+        content = await fs.readFile(CONFIG_PATH, 'utf-8');
+    }
+    catch (e) {
+        if (e.code === 'ENOENT') {
+            return err(new ConfigError(`Config file not found: ${CONFIG_PATH}. ` +
+                'Create it with browser.browserDataDir, storage.credentialsDir, and providers sections.'));
+        }
+        return err(new ConfigError(`Failed to read config from ${CONFIG_PATH}: ${e.message}`));
+    }
+    let raw;
+    try {
+        raw = YAML.parse(content);
+    }
+    catch (e) {
+        return err(new ConfigError(`Invalid YAML in ${CONFIG_PATH}: ${e.message}`));
+    }
+    if (!raw || typeof raw !== 'object') {
+        return err(new ConfigError(`Config file ${CONFIG_PATH} is empty or not an object.`));
+    }
+    return validateConfig(raw);
+}
+/**
+ * Save the full config back to ~/.signet/config.yaml.
+ * Used by remote add/remove commands to persist changes.
+ */
+export async function saveConfig(config) {
+    await fs.mkdir(path.dirname(CONFIG_PATH), { recursive: true });
+    await fs.writeFile(CONFIG_PATH, YAML.stringify(config), 'utf-8');
+}
+/**
+ * Get the config file path (for error messages).
+ */
+export function getConfigPath() {
+    return CONFIG_PATH;
+}

package/dist/config/schema.d.ts

@@ -0,0 +1,44 @@
+/**
+ * Unified configuration schema for signet.
+ * All config lives in ~/.signet/config.yaml — no cascade, no env vars.
+ *
+ * Strategy config types are defined in core/types.ts (shared vocabulary)
+ * and re-exported here for convenience.
+ */
+import type { CredentialType, XHeaderConfig, StrategyName } from '../core/types.js';
+export type { CookieStrategyConfig, OAuth2StrategyConfig, ApiTokenStrategyConfig, BasicStrategyConfig, StrategyConfig, StrategyName, } from '../core/types.js';
+export interface BrowserConfig {
+    browserDataDir: string;
+    channel: string;
+    headlessTimeout: number;
+    visibleTimeout: number;
+    waitUntil: 'load' | 'networkidle' | 'domcontentloaded' | 'commit';
+}
+export interface StorageConfig {
+    credentialsDir: string;
+}
+export interface RemoteEntry {
+    type: 'ssh';
+    host: string;
+    user?: string;
+    path?: string;
+    sshKey?: string;
+}
+export interface SignetConfig {
+    browser: BrowserConfig;
+    storage: StorageConfig;
+    remotes?: Record<string, RemoteEntry>;
+    providers: Record<string, ProviderEntry>;
+}
+export interface ProviderEntry {
+    name?: string;
+    domains: string[];
+    entryUrl?: string;
+    strategy: StrategyName;
+    config?: Record<string, unknown>;
+    acceptedCredentialTypes?: CredentialType[];
+    setupInstructions?: string;
+    credentialFile?: string;
+    xHeaders?: XHeaderConfig[];
+    forceVisible?: boolean;
+}

package/dist/config/schema.js

@@ -0,0 +1,8 @@
+/**
+ * Unified configuration schema for signet.
+ * All config lives in ~/.signet/config.yaml — no cascade, no env vars.
+ *
+ * Strategy config types are defined in core/types.ts (shared vocabulary)
+ * and re-exported here for convenience.
+ */
+export {};

package/dist/config/validator.d.ts

@@ -0,0 +1,15 @@
+/**
+ * Runtime validation for the unified signet config.
+ * Returns Result<SignetConfig, AuthError>.
+ */
+import type { Result } from '../core/result.js';
+import { type AuthError } from '../core/errors.js';
+import type { SignetConfig, StrategyName, StrategyConfig } from './schema.js';
+/**
+ * Validate a raw config object parsed from YAML.
+ */
+export declare function validateConfig(raw: Record<string, unknown>): Result<SignetConfig, AuthError>;
+/**
+ * Merge a provider entry's strategy + config into a typed StrategyConfig.
+ */
+export declare function buildStrategyConfig(strategy: StrategyName, config?: Record<string, unknown>): StrategyConfig;

package/dist/config/validator.js

@@ -0,0 +1,228 @@
+/**
+ * Runtime validation for the unified signet config.
+ * Returns Result<SignetConfig, AuthError>.
+ */
+import { ok, err } from '../core/result.js';
+import { ConfigError } from '../core/errors.js';
+const VALID_STRATEGIES = ['cookie', 'oauth2', 'api-token', 'basic'];
+const VALID_WAIT_UNTIL = ['load', 'networkidle', 'domcontentloaded', 'commit'];
+/**
+ * Validate a raw config object parsed from YAML.
+ */
+export function validateConfig(raw) {
+    const errors = [];
+    // --- browser section ---
+    if (!raw.browser || typeof raw.browser !== 'object') {
+        errors.push('Missing required section: "browser"');
+    }
+    else {
+        const browser = raw.browser;
+        if (typeof browser.browserDataDir !== 'string' || browser.browserDataDir.trim() === '') {
+            errors.push('Missing required field: browser.browserDataDir');
+        }
+        if (typeof browser.channel !== 'string' || browser.channel.trim() === '') {
+            errors.push('Missing required field: browser.channel');
+        }
+        if (browser.headlessTimeout !== undefined && typeof browser.headlessTimeout !== 'number') {
+            errors.push('browser.headlessTimeout must be a number');
+        }
+        if (browser.visibleTimeout !== undefined && typeof browser.visibleTimeout !== 'number') {
+            errors.push('browser.visibleTimeout must be a number');
+        }
+        if (browser.waitUntil !== undefined && !VALID_WAIT_UNTIL.includes(browser.waitUntil)) {
+            errors.push(`browser.waitUntil must be one of: ${VALID_WAIT_UNTIL.join(', ')}`);
+        }
+    }
+    // --- storage section ---
+    if (!raw.storage || typeof raw.storage !== 'object') {
+        errors.push('Missing required section: "storage"');
+    }
+    else {
+        const storage = raw.storage;
+        if (typeof storage.credentialsDir !== 'string' || storage.credentialsDir.trim() === '') {
+            errors.push('Missing required field: storage.credentialsDir');
+        }
+    }
+    // --- providers section (optional — null/missing means zero providers) ---
+    if (raw.providers !== undefined && raw.providers !== null) {
+        if (typeof raw.providers !== 'object') {
+            errors.push('"providers" must be an object (or omitted)');
+        }
+        else {
+            const providers = raw.providers;
+            for (const [id, entry] of Object.entries(providers)) {
+                if (!entry || typeof entry !== 'object') {
+                    errors.push(`Provider "${id}": must be an object`);
+                    continue;
+                }
+                const providerErrors = validateProviderEntry(id, entry);
+                errors.push(...providerErrors);
+            }
+        }
+    }
+    // --- remotes section (optional) ---
+    if (raw.remotes !== undefined) {
+        if (typeof raw.remotes !== 'object' || raw.remotes === null) {
+            errors.push('"remotes" must be an object');
+        }
+        else {
+            const remotes = raw.remotes;
+            for (const [name, entry] of Object.entries(remotes)) {
+                if (!entry || typeof entry !== 'object') {
+                    errors.push(`Remote "${name}": must be an object`);
+                    continue;
+                }
+                const r = entry;
+                if (r.type !== 'ssh') {
+                    errors.push(`Remote "${name}": only type "ssh" is supported`);
+                }
+                if (typeof r.host !== 'string' || r.host.trim() === '') {
+                    errors.push(`Remote "${name}": missing required field "host"`);
+                }
+            }
+        }
+    }
+    if (errors.length > 0) {
+        return err(new ConfigError(`Config validation failed:\n  - ${errors.join('\n  - ')}`));
+    }
+    // Build the validated config
+    const browserRaw = raw.browser;
+    const browser = {
+        browserDataDir: browserRaw.browserDataDir,
+        channel: browserRaw.channel,
+        headlessTimeout: typeof browserRaw.headlessTimeout === 'number' ? browserRaw.headlessTimeout : 30_000,
+        visibleTimeout: typeof browserRaw.visibleTimeout === 'number' ? browserRaw.visibleTimeout : 120_000,
+        waitUntil: typeof browserRaw.waitUntil === 'string' ? browserRaw.waitUntil : 'load',
+    };
+    const storageRaw = raw.storage;
+    const storage = {
+        credentialsDir: storageRaw.credentialsDir,
+    };
+    const providers = {};
+    if (raw.providers && typeof raw.providers === 'object') {
+        for (const [id, entry] of Object.entries(raw.providers)) {
+            providers[id] = parseProviderEntry(entry);
+        }
+    }
+    let remotes;
+    if (raw.remotes && typeof raw.remotes === 'object') {
+        remotes = {};
+        for (const [name, entry] of Object.entries(raw.remotes)) {
+            const r = entry;
+            remotes[name] = {
+                type: 'ssh',
+                host: r.host,
+                ...(typeof r.user === 'string' ? { user: r.user } : {}),
+                ...(typeof r.path === 'string' ? { path: r.path } : {}),
+                ...(typeof r.sshKey === 'string' ? { sshKey: r.sshKey } : {}),
+            };
+        }
+    }
+    const config = {
+        browser,
+        storage,
+        providers,
+        ...(remotes ? { remotes } : {}),
+    };
+    return ok(config);
+}
+function validateProviderEntry(id, raw) {
+    const errors = [];
+    if (!Array.isArray(raw.domains) || raw.domains.length === 0) {
+        errors.push(`Provider "${id}": missing required field "domains" (non-empty array)`);
+    }
+    else {
+        for (const d of raw.domains) {
+            if (typeof d !== 'string') {
+                errors.push(`Provider "${id}": domains must be strings`);
+                break;
+            }
+        }
+    }
+    if (typeof raw.strategy !== 'string') {
+        errors.push(`Provider "${id}": missing required field "strategy"`);
+    }
+    else if (!VALID_STRATEGIES.includes(raw.strategy)) {
+        errors.push(`Provider "${id}": invalid strategy "${raw.strategy}". ` +
+            `Valid strategies: ${VALID_STRATEGIES.join(', ')}`);
+    }
+    // Validate forceVisible at provider level
+    if (raw.forceVisible !== undefined && typeof raw.forceVisible !== 'boolean') {
+        errors.push(`Provider "${id}": forceVisible must be a boolean`);
+    }
+    // Validate strategy-specific config shape
+    if (typeof raw.strategy === 'string' && raw.config && typeof raw.config === 'object') {
+        const strategyErrors = validateStrategyConfig(id, raw.strategy, raw.config);
+        errors.push(...strategyErrors);
+    }
+    return errors;
+}
+function validateStrategyConfig(id, strategy, config) {
+    const errors = [];
+    // Cross-strategy field checks: warn about fields that don't belong
+    if (strategy === 'cookie') {
+        const oauthFields = ['audiences', 'tokenEndpoint', 'clientId', 'scopes'];
+        for (const field of oauthFields) {
+            if (config[field] !== undefined) {
+                errors.push(`Provider "${id}": config.${field} is not valid for strategy "cookie"`);
+            }
+        }
+    }
+    if (strategy === 'oauth2') {
+        const cookieFields = ['ttl', 'requiredCookies'];
+        for (const field of cookieFields) {
+            if (config[field] !== undefined) {
+                errors.push(`Provider "${id}": config.${field} is not valid for strategy "oauth2"`);
+            }
+        }
+    }
+    return errors;
+}
+/**
+ * Merge a provider entry's strategy + config into a typed StrategyConfig.
+ */
+export function buildStrategyConfig(strategy, config) {
+    const c = config ?? {};
+    switch (strategy) {
+        case 'cookie':
+            return {
+                strategy: 'cookie',
+                ...(typeof c.ttl === 'string' ? { ttl: c.ttl } : {}),
+                ...(Array.isArray(c.requiredCookies) ? { requiredCookies: c.requiredCookies } : {}),
+            };
+        case 'oauth2':
+            return {
+                strategy: 'oauth2',
+                ...(Array.isArray(c.audiences) ? { audiences: c.audiences } : {}),
+                ...(typeof c.tokenEndpoint === 'string' ? { tokenEndpoint: c.tokenEndpoint } : {}),
+                ...(typeof c.clientId === 'string' ? { clientId: c.clientId } : {}),
+                ...(Array.isArray(c.scopes) ? { scopes: c.scopes } : {}),
+            };
+        case 'api-token':
+            return {
+                strategy: 'api-token',
+                ...(typeof c.headerName === 'string' ? { headerName: c.headerName } : {}),
+                ...(typeof c.headerPrefix === 'string' ? { headerPrefix: c.headerPrefix } : {}),
+                ...(typeof c.setupInstructions === 'string' ? { setupInstructions: c.setupInstructions } : {}),
+            };
+        case 'basic':
+            return {
+                strategy: 'basic',
+                ...(typeof c.setupInstructions === 'string' ? { setupInstructions: c.setupInstructions } : {}),
+            };
+    }
+}
+function parseProviderEntry(raw) {
+    return {
+        ...(typeof raw.name === 'string' ? { name: raw.name } : {}),
+        domains: raw.domains,
+        ...(typeof raw.entryUrl === 'string' ? { entryUrl: raw.entryUrl } : {}),
+        strategy: raw.strategy,
+        ...(raw.config && typeof raw.config === 'object' ? { config: raw.config } : {}),
+        ...(Array.isArray(raw.acceptedCredentialTypes) ? { acceptedCredentialTypes: raw.acceptedCredentialTypes } : {}),
+        ...(typeof raw.setupInstructions === 'string' ? { setupInstructions: raw.setupInstructions } : {}),
+        ...(typeof raw.credentialFile === 'string' ? { credentialFile: raw.credentialFile } : {}),
+        ...(Array.isArray(raw.xHeaders) ? { xHeaders: raw.xHeaders } : {}),
+        ...(typeof raw.forceVisible === 'boolean' ? { forceVisible: raw.forceVisible } : {}),
+    };
+}