npm - sync-cf-secrets - Versions diffs - 0.1.0 - Mend

sync-cf-secrets 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (45) hide show

package/LICENSE +21 -0
package/README.md +185 -0
package/dist/cli.d.ts +2 -0
package/dist/cli.js +116 -0
package/dist/cli.js.map +1 -0
package/dist/commands/copy.d.ts +9 -0
package/dist/commands/copy.js +84 -0
package/dist/commands/copy.js.map +1 -0
package/dist/commands/diff.d.ts +7 -0
package/dist/commands/diff.js +63 -0
package/dist/commands/diff.js.map +1 -0
package/dist/commands/init.d.ts +7 -0
package/dist/commands/init.js +128 -0
package/dist/commands/init.js.map +1 -0
package/dist/commands/list.d.ts +5 -0
package/dist/commands/list.js +21 -0
package/dist/commands/list.js.map +1 -0
package/dist/commands/pull.d.ts +8 -0
package/dist/commands/pull.js +42 -0
package/dist/commands/pull.js.map +1 -0
package/dist/commands/push.d.ts +8 -0
package/dist/commands/push.js +68 -0
package/dist/commands/push.js.map +1 -0
package/dist/config.d.ts +15 -0
package/dist/config.js +136 -0
package/dist/config.js.map +1 -0
package/dist/providers/bitwarden.d.ts +10 -0
package/dist/providers/bitwarden.js +98 -0
package/dist/providers/bitwarden.js.map +1 -0
package/dist/providers/index.d.ts +14 -0
package/dist/providers/index.js +47 -0
package/dist/providers/index.js.map +1 -0
package/dist/providers/onepassword.d.ts +15 -0
package/dist/providers/onepassword.js +84 -0
package/dist/providers/onepassword.js.map +1 -0
package/dist/providers/types.d.ts +25 -0
package/dist/providers/types.js +2 -0
package/dist/providers/types.js.map +1 -0
package/dist/utils.d.ts +8 -0
package/dist/utils.js +29 -0
package/dist/utils.js.map +1 -0
package/dist/wrangler.d.ts +19 -0
package/dist/wrangler.js +87 -0
package/dist/wrangler.js.map +1 -0
package/package.json +52 -0

package/dist/commands/list.js ADDED Viewed

@@ -0,0 +1,21 @@
+import { log, warn } from "../utils.js";
+import { listSecrets, validateWrangler } from "../wrangler.js";
+export async function list(config, opts) {
+    const envConfig = config.environments[opts.env];
+    if (!envConfig) {
+        throw new Error(`Unknown environment "${opts.env}". ` +
+            `Available: ${Object.keys(config.environments).join(", ")}`);
+    }
+    validateWrangler();
+    log(`Secrets deployed to ${opts.env}:\n`);
+    const names = listSecrets(opts.env, config.wranglerConfig);
+    if (names.length === 0) {
+        warn("No secrets found (or wrangler returned an unexpected format).");
+        return;
+    }
+    for (const name of names) {
+        log(`  ${name}`);
+    }
+    log(`\n${names.length} secret(s) total.`);
+}
+//# sourceMappingURL=list.js.map

package/dist/commands/list.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"list.js","sourceRoot":"","sources":["../../src/commands/list.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,GAAG,EAAE,IAAI,EAAE,MAAM,aAAa,CAAC;AACxC,OAAO,EAAE,WAAW,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAM/D,MAAM,CAAC,KAAK,UAAU,IAAI,CAAC,MAAc,EAAE,IAAiB;IAC1D,MAAM,SAAS,GAAG,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAChD,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CACb,wBAAwB,IAAI,CAAC,GAAG,KAAK;YACnC,cAAc,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAC9D,CAAC;IACJ,CAAC;IAED,gBAAgB,EAAE,CAAC;IAEnB,GAAG,CAAC,uBAAuB,IAAI,CAAC,GAAG,KAAK,CAAC,CAAC;IAC1C,MAAM,KAAK,GAAG,WAAW,CAAC,IAAI,CAAC,GAAG,EAAE,MAAM,CAAC,cAAc,CAAC,CAAC;IAE3D,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,IAAI,CAAC,+DAA+D,CAAC,CAAC;QACtE,OAAO;IACT,CAAC;IAED,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,GAAG,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC;IACnB,CAAC;IAED,GAAG,CAAC,KAAK,KAAK,CAAC,MAAM,mBAAmB,CAAC,CAAC;AAC5C,CAAC"}

package/dist/commands/pull.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+import type { Config } from "../config.js";
+import type { SecretProvider } from "../providers/types.js";
+export interface PullOptions {
+    env: string;
+    dryRun: boolean;
+    verbose: boolean;
+}
+export declare function pull(provider: SecretProvider, config: Config, opts: PullOptions): Promise<void>;

package/dist/commands/pull.js ADDED Viewed

@@ -0,0 +1,42 @@
+import { writeFileSync } from "node:fs";
+import { log, success, warn } from "../utils.js";
+export async function pull(provider, config, opts) {
+    const envConfig = config.environments[opts.env];
+    if (!envConfig) {
+        throw new Error(`Unknown environment "${opts.env}". ` +
+            `Available: ${Object.keys(config.environments).join(", ")}`);
+    }
+    log(`Fetching secrets from ${provider.name} (${envConfig.item})...`);
+    const secrets = await provider.fetch({
+        vault: config.vault,
+        item: envConfig.item,
+    });
+    if (secrets.size === 0) {
+        warn(`No secrets found in ${provider.name} item "${envConfig.item}".`);
+        return;
+    }
+    log(`Found ${secrets.size} secret(s).`);
+    // Build .dev.vars content
+    const timestamp = new Date().toISOString();
+    const lines = [
+        `# Generated by sync-cf-secrets from ${provider.name} at ${timestamp}`,
+        `# Source: vault="${config.vault}" item="${envConfig.item}"`,
+        "# Do not commit this file.",
+        "",
+    ];
+    for (const [name, value] of secrets) {
+        lines.push(`${name}=${value}`);
+    }
+    lines.push(""); // trailing newline
+    const content = lines.join("\n");
+    if (opts.dryRun) {
+        log(`\nDry run — would write to ${config.devVarsPath}:`);
+        for (const name of secrets.keys()) {
+            log(`  ${name}`);
+        }
+        return;
+    }
+    writeFileSync(config.devVarsPath, content, "utf-8");
+    success(`Wrote ${secrets.size} secret(s) to ${config.devVarsPath}`);
+}
+//# sourceMappingURL=pull.js.map

package/dist/commands/pull.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"pull.js","sourceRoot":"","sources":["../../src/commands/pull.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAGxC,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,aAAa,CAAC;AAQjD,MAAM,CAAC,KAAK,UAAU,IAAI,CACxB,QAAwB,EACxB,MAAc,EACd,IAAiB;IAEjB,MAAM,SAAS,GAAG,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAChD,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CACb,wBAAwB,IAAI,CAAC,GAAG,KAAK;YACnC,cAAc,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAC9D,CAAC;IACJ,CAAC;IAED,GAAG,CAAC,yBAAyB,QAAQ,CAAC,IAAI,KAAK,SAAS,CAAC,IAAI,MAAM,CAAC,CAAC;IACrE,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC;QACnC,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,IAAI,EAAE,SAAS,CAAC,IAAI;KACrB,CAAC,CAAC;IAEH,IAAI,OAAO,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;QACvB,IAAI,CAAC,uBAAuB,QAAQ,CAAC,IAAI,UAAU,SAAS,CAAC,IAAI,IAAI,CAAC,CAAC;QACvE,OAAO;IACT,CAAC;IAED,GAAG,CAAC,SAAS,OAAO,CAAC,IAAI,aAAa,CAAC,CAAC;IAExC,0BAA0B;IAC1B,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC3C,MAAM,KAAK,GAAG;QACZ,uCAAuC,QAAQ,CAAC,IAAI,OAAO,SAAS,EAAE;QACtE,oBAAoB,MAAM,CAAC,KAAK,WAAW,SAAS,CAAC,IAAI,GAAG;QAC5D,4BAA4B;QAC5B,EAAE;KACH,CAAC;IAEF,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,OAAO,EAAE,CAAC;QACpC,KAAK,CAAC,IAAI,CAAC,GAAG,IAAI,IAAI,KAAK,EAAE,CAAC,CAAC;IACjC,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,mBAAmB;IACnC,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAEjC,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;QAChB,GAAG,CAAC,8BAA8B,MAAM,CAAC,WAAW,GAAG,CAAC,CAAC;QACzD,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;YAClC,GAAG,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC;QACnB,CAAC;QACD,OAAO;IACT,CAAC;IAED,aAAa,CAAC,MAAM,CAAC,WAAW,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;IACpD,OAAO,CAAC,SAAS,OAAO,CAAC,IAAI,iBAAiB,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC;AACtE,CAAC"}

package/dist/commands/push.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+import type { Config } from "../config.js";
+import type { SecretProvider } from "../providers/types.js";
+export interface PushOptions {
+    env: string;
+    dryRun: boolean;
+    verbose: boolean;
+}
+export declare function push(provider: SecretProvider, config: Config, opts: PushOptions): Promise<void>;

package/dist/commands/push.js ADDED Viewed

@@ -0,0 +1,68 @@
+import { error, log, success, warn } from "../utils.js";
+import { getWranglerVars, putSecret, validateWrangler } from "../wrangler.js";
+export async function push(provider, config, opts) {
+    const envConfig = config.environments[opts.env];
+    if (!envConfig) {
+        throw new Error(`Unknown environment "${opts.env}". ` +
+            `Available: ${Object.keys(config.environments).join(", ")}`);
+    }
+    if (!opts.dryRun) {
+        validateWrangler();
+    }
+    log(`Fetching secrets from ${provider.name} (${envConfig.item})...`);
+    const secrets = await provider.fetch({
+        vault: config.vault,
+        item: envConfig.item,
+    });
+    if (secrets.size === 0) {
+        warn(`No secrets found in ${provider.name} item "${envConfig.item}".`);
+        return;
+    }
+    // Filter out names already defined as vars in wrangler config
+    const wranglerVars = getWranglerVars(opts.env, config.wranglerConfig);
+    const skipped = [];
+    for (const name of secrets.keys()) {
+        if (wranglerVars.has(name)) {
+            skipped.push(name);
+            secrets.delete(name);
+        }
+    }
+    if (skipped.length > 0) {
+        log(`Skipping ${skipped.length} var(s) already in wrangler config: ${skipped.join(", ")}`);
+    }
+    log(`Found ${secrets.size} secret(s) to push.`);
+    if (opts.dryRun) {
+        log("\nDry run — would push these secrets:");
+        for (const name of secrets.keys()) {
+            log(`  ${name}`);
+        }
+        return;
+    }
+    let succeeded = 0;
+    let failed = 0;
+    const total = secrets.size;
+    const failures = [];
+    for (const [name, value] of secrets) {
+        const index = succeeded + failed + 1;
+        try {
+            process.stdout.write(`[${index}/${total}] ${name} ... `);
+            putSecret(name, value, opts.env, config.wranglerConfig);
+            log("done");
+            succeeded++;
+        }
+        catch (err) {
+            log("FAILED");
+            const msg = err instanceof Error ? err.message : String(err);
+            error(`  ${msg}`);
+            failures.push(name);
+            failed++;
+        }
+    }
+    log("");
+    if (failed > 0) {
+        error(`${failed} secret(s) failed: ${failures.join(", ")}`);
+        process.exitCode = 1;
+    }
+    success(`${succeeded}/${total} secret(s) pushed to ${opts.env}.`);
+}
+//# sourceMappingURL=push.js.map

package/dist/commands/push.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"push.js","sourceRoot":"","sources":["../../src/commands/push.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,aAAa,CAAC;AACxD,OAAO,EAAE,eAAe,EAAE,SAAS,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAQ9E,MAAM,CAAC,KAAK,UAAU,IAAI,CACxB,QAAwB,EACxB,MAAc,EACd,IAAiB;IAEjB,MAAM,SAAS,GAAG,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAChD,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CACb,wBAAwB,IAAI,CAAC,GAAG,KAAK;YACnC,cAAc,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAC9D,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;QACjB,gBAAgB,EAAE,CAAC;IACrB,CAAC;IAED,GAAG,CAAC,yBAAyB,QAAQ,CAAC,IAAI,KAAK,SAAS,CAAC,IAAI,MAAM,CAAC,CAAC;IACrE,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC;QACnC,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,IAAI,EAAE,SAAS,CAAC,IAAI;KACrB,CAAC,CAAC;IAEH,IAAI,OAAO,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;QACvB,IAAI,CAAC,uBAAuB,QAAQ,CAAC,IAAI,UAAU,SAAS,CAAC,IAAI,IAAI,CAAC,CAAC;QACvE,OAAO;IACT,CAAC;IAED,8DAA8D;IAC9D,MAAM,YAAY,GAAG,eAAe,CAAC,IAAI,CAAC,GAAG,EAAE,MAAM,CAAC,cAAc,CAAC,CAAC;IACtE,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;QAClC,IAAI,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3B,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACnB,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QACvB,CAAC;IACH,CAAC;IAED,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvB,GAAG,CAAC,YAAY,OAAO,CAAC,MAAM,uCAAuC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC7F,CAAC;IAED,GAAG,CAAC,SAAS,OAAO,CAAC,IAAI,qBAAqB,CAAC,CAAC;IAEhD,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;QAChB,GAAG,CAAC,uCAAuC,CAAC,CAAC;QAC7C,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;YAClC,GAAG,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC;QACnB,CAAC;QACD,OAAO;IACT,CAAC;IAED,IAAI,SAAS,GAAG,CAAC,CAAC;IAClB,IAAI,MAAM,GAAG,CAAC,CAAC;IACf,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC;IAC3B,MAAM,QAAQ,GAAa,EAAE,CAAC;IAE9B,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,OAAO,EAAE,CAAC;QACpC,MAAM,KAAK,GAAG,SAAS,GAAG,MAAM,GAAG,CAAC,CAAC;QACrC,IAAI,CAAC;YACH,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,KAAK,IAAI,KAAK,KAAK,IAAI,OAAO,CAAC,CAAC;YACzD,SAAS,CAAC,IAAI,EAAE,KAAK,EAAE,IAAI,CAAC,GAAG,EAAE,MAAM,CAAC,cAAc,CAAC,CAAC;YACxD,GAAG,CAAC,MAAM,CAAC,CAAC;YACZ,SAAS,EAAE,CAAC;QACd,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,GAAG,CAAC,QAAQ,CAAC,CAAC;YACd,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAC7D,KAAK,CAAC,KAAK,GAAG,EAAE,CAAC,CAAC;YAClB,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACpB,MAAM,EAAE,CAAC;QACX,CAAC;IACH,CAAC;IAED,GAAG,CAAC,EAAE,CAAC,CAAC;IACR,IAAI,MAAM,GAAG,CAAC,EAAE,CAAC;QACf,KAAK,CAAC,GAAG,MAAM,sBAAsB,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAC5D,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;IACvB,CAAC;IACD,OAAO,CAAC,GAAG,SAAS,IAAI,KAAK,wBAAwB,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC;AACpE,CAAC"}

package/dist/config.d.ts ADDED Viewed

@@ -0,0 +1,15 @@
+export interface EnvironmentConfig {
+    item: string;
+}
+export interface Config {
+    provider?: string;
+    vault: string;
+    prefix: string;
+    wranglerConfig: string;
+    devVarsPath: string;
+    environments: Record<string, EnvironmentConfig>;
+}
+/**
+ * Load config from .sync-cf-secrets.json (if present) merged with defaults.
+ */
+export declare function loadConfig(overrides?: Partial<Config>): Config;

package/dist/config.js ADDED Viewed

@@ -0,0 +1,136 @@
+import { existsSync, readFileSync } from "node:fs";
+import { dirname, join, resolve } from "node:path";
+const CONFIG_FILENAME = ".sync-cf-secrets.json";
+const WRANGLER_FILENAMES = [
+    "wrangler.jsonc",
+    "wrangler.json",
+    "wrangler.toml",
+];
+/**
+ * Search upward from cwd for a file.
+ */
+function findUp(filename, from = process.cwd()) {
+    let dir = resolve(from);
+    while (true) {
+        const candidate = join(dir, filename);
+        if (existsSync(candidate))
+            return candidate;
+        const parent = dirname(dir);
+        if (parent === dir)
+            return null;
+        dir = parent;
+    }
+}
+/**
+ * Find the wrangler config file, searching common locations.
+ */
+function findWranglerConfig() {
+    // Direct in cwd
+    for (const name of WRANGLER_FILENAMES) {
+        const found = findUp(name);
+        if (found)
+            return found;
+    }
+    // Common monorepo patterns
+    const cwd = process.cwd();
+    const searchDirs = ["apps/web", "apps/worker", "worker", "workers"];
+    for (const dir of searchDirs) {
+        for (const name of WRANGLER_FILENAMES) {
+            const candidate = join(cwd, dir, name);
+            if (existsSync(candidate))
+                return candidate;
+        }
+    }
+    return null;
+}
+/**
+ * Read project name from nearest package.json.
+ */
+function getProjectName() {
+    const pkgPath = findUp("package.json");
+    if (!pkgPath)
+        return "project";
+    try {
+        const pkg = JSON.parse(readFileSync(pkgPath, "utf-8"));
+        // Strip scope (e.g. @org/name → name)
+        const name = pkg.name ?? "project";
+        return name.replace(/^@[^/]+\//, "");
+    }
+    catch {
+        return "project";
+    }
+}
+/**
+ * Parse wrangler config to discover environments.
+ */
+function discoverEnvironments(wranglerConfig, prefix) {
+    const envs = {
+        local: { item: `${prefix} local` },
+    };
+    try {
+        const raw = readFileSync(wranglerConfig, "utf-8");
+        if (wranglerConfig.endsWith(".toml")) {
+            // Basic TOML env detection: [env.staging], [env.production]
+            const matches = raw.matchAll(/\[env\.(\w+)\]/g);
+            for (const match of matches) {
+                envs[match[1]] = { item: `${prefix} ${match[1]}` };
+            }
+        }
+        else {
+            // JSON/JSONC: strip comments and trailing commas
+            const json = raw
+                .replace(/\/\*[\s\S]*?\*\//g, "")
+                .replace(/^(\s*)\/\/.*/gm, "$1")
+                .replace(/,(\s*[}\]])/g, "$1");
+            const config = JSON.parse(json);
+            if (config.env && typeof config.env === "object") {
+                for (const envName of Object.keys(config.env)) {
+                    envs[envName] = { item: `${prefix} ${envName}` };
+                }
+            }
+        }
+    }
+    catch {
+        // Fall back to just local
+    }
+    return envs;
+}
+/**
+ * Load config from .sync-cf-secrets.json (if present) merged with defaults.
+ */
+export function loadConfig(overrides) {
+    const configPath = findUp(CONFIG_FILENAME);
+    let fileConfig = {};
+    if (configPath) {
+        try {
+            fileConfig = JSON.parse(readFileSync(configPath, "utf-8"));
+        }
+        catch (err) {
+            throw new Error(`Invalid ${CONFIG_FILENAME}: ${err}`);
+        }
+    }
+    const projectName = getProjectName();
+    const prefix = overrides?.prefix ?? fileConfig.prefix ?? projectName;
+    const wranglerConfig = overrides?.wranglerConfig ??
+        fileConfig.wranglerConfig ??
+        findWranglerConfig() ??
+        "wrangler.toml";
+    const resolvedWranglerConfig = resolve(wranglerConfig);
+    const devVarsPath = overrides?.devVarsPath ??
+        fileConfig.devVarsPath ??
+        join(dirname(resolvedWranglerConfig), ".dev.vars");
+    const environments = overrides?.environments ??
+        fileConfig.environments ??
+        (existsSync(resolvedWranglerConfig)
+            ? discoverEnvironments(resolvedWranglerConfig, prefix)
+            : { local: { item: `${prefix} local` } });
+    return {
+        provider: overrides?.provider ?? fileConfig.provider,
+        vault: overrides?.vault ?? fileConfig.vault ?? prefix,
+        prefix,
+        wranglerConfig: resolvedWranglerConfig,
+        devVarsPath: resolve(devVarsPath),
+        environments,
+    };
+}
+//# sourceMappingURL=config.js.map

package/dist/config.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACnD,OAAO,EAAY,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAe7D,MAAM,eAAe,GAAG,uBAAuB,CAAC;AAEhD,MAAM,kBAAkB,GAAG;IACzB,gBAAgB;IAChB,eAAe;IACf,eAAe;CAChB,CAAC;AAEF;;GAEG;AACH,SAAS,MAAM,CAAC,QAAgB,EAAE,OAAe,OAAO,CAAC,GAAG,EAAE;IAC5D,IAAI,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACxB,OAAO,IAAI,EAAE,CAAC;QACZ,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;QACtC,IAAI,UAAU,CAAC,SAAS,CAAC;YAAE,OAAO,SAAS,CAAC;QAC5C,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC;QAC5B,IAAI,MAAM,KAAK,GAAG;YAAE,OAAO,IAAI,CAAC;QAChC,GAAG,GAAG,MAAM,CAAC;IACf,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,kBAAkB;IACzB,gBAAgB;IAChB,KAAK,MAAM,IAAI,IAAI,kBAAkB,EAAE,CAAC;QACtC,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC;QAC3B,IAAI,KAAK;YAAE,OAAO,KAAK,CAAC;IAC1B,CAAC;IAED,2BAA2B;IAC3B,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;IAC1B,MAAM,UAAU,GAAG,CAAC,UAAU,EAAE,aAAa,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;IACpE,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;QAC7B,KAAK,MAAM,IAAI,IAAI,kBAAkB,EAAE,CAAC;YACtC,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;YACvC,IAAI,UAAU,CAAC,SAAS,CAAC;gBAAE,OAAO,SAAS,CAAC;QAC9C,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,SAAS,cAAc;IACrB,MAAM,OAAO,GAAG,MAAM,CAAC,cAAc,CAAC,CAAC;IACvC,IAAI,CAAC,OAAO;QAAE,OAAO,SAAS,CAAC;IAC/B,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;QACvD,sCAAsC;QACtC,MAAM,IAAI,GAAW,GAAG,CAAC,IAAI,IAAI,SAAS,CAAC;QAC3C,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;IACvC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,oBAAoB,CAC3B,cAAsB,EACtB,MAAc;IAEd,MAAM,IAAI,GAAsC;QAC9C,KAAK,EAAE,EAAE,IAAI,EAAE,GAAG,MAAM,QAAQ,EAAE;KACnC,CAAC;IAEF,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,YAAY,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC;QAElD,IAAI,cAAc,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;YACrC,4DAA4D;YAC5D,MAAM,OAAO,GAAG,GAAG,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC;YAChD,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;gBAC5B,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,GAAG,MAAM,IAAI,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;YACrD,CAAC;QACH,CAAC;aAAM,CAAC;YACN,iDAAiD;YACjD,MAAM,IAAI,GAAG,GAAG;iBACb,OAAO,CAAC,mBAAmB,EAAE,EAAE,CAAC;iBAChC,OAAO,CAAC,gBAAgB,EAAE,IAAI,CAAC;iBAC/B,OAAO,CAAC,cAAc,EAAE,IAAI,CAAC,CAAC;YACjC,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAChC,IAAI,MAAM,CAAC,GAAG,IAAI,OAAO,MAAM,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;gBACjD,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;oBAC9C,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,IAAI,EAAE,GAAG,MAAM,IAAI,OAAO,EAAE,EAAE,CAAC;gBACnD,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,0BAA0B;IAC5B,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,UAAU,CAAC,SAA2B;IACpD,MAAM,UAAU,GAAG,MAAM,CAAC,eAAe,CAAC,CAAC;IAC3C,IAAI,UAAU,GAAoB,EAAE,CAAC;IAErC,IAAI,UAAU,EAAE,CAAC;QACf,IAAI,CAAC;YACH,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC,CAAC;QAC7D,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CAAC,WAAW,eAAe,KAAK,GAAG,EAAE,CAAC,CAAC;QACxD,CAAC;IACH,CAAC;IAED,MAAM,WAAW,GAAG,cAAc,EAAE,CAAC;IACrC,MAAM,MAAM,GAAG,SAAS,EAAE,MAAM,IAAI,UAAU,CAAC,MAAM,IAAI,WAAW,CAAC;IACrE,MAAM,cAAc,GAClB,SAAS,EAAE,cAAc;QACzB,UAAU,CAAC,cAAc;QACzB,kBAAkB,EAAE;QACpB,eAAe,CAAC;IAElB,MAAM,sBAAsB,GAAG,OAAO,CAAC,cAAc,CAAC,CAAC;IAEvD,MAAM,WAAW,GACf,SAAS,EAAE,WAAW;QACtB,UAAU,CAAC,WAAW;QACtB,IAAI,CAAC,OAAO,CAAC,sBAAsB,CAAC,EAAE,WAAW,CAAC,CAAC;IAErD,MAAM,YAAY,GAChB,SAAS,EAAE,YAAY;QACvB,UAAU,CAAC,YAAY;QACvB,CAAC,UAAU,CAAC,sBAAsB,CAAC;YACjC,CAAC,CAAC,oBAAoB,CAAC,sBAAsB,EAAE,MAAM,CAAC;YACtD,CAAC,CAAC,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,GAAG,MAAM,QAAQ,EAAE,EAAE,CAAC,CAAC;IAE9C,OAAO;QACL,QAAQ,EAAE,SAAS,EAAE,QAAQ,IAAI,UAAU,CAAC,QAAQ;QACpD,KAAK,EAAE,SAAS,EAAE,KAAK,IAAI,UAAU,CAAC,KAAK,IAAI,MAAM;QACrD,MAAM;QACN,cAAc,EAAE,sBAAsB;QACtC,WAAW,EAAE,OAAO,CAAC,WAAW,CAAC;QACjC,YAAY;KACb,CAAC;AACJ,CAAC"}

package/dist/providers/bitwarden.d.ts ADDED Viewed

@@ -0,0 +1,10 @@
+import type { FetchOpts, SaveOpts, SecretProvider } from "./types.js";
+export declare class BitwardenProvider implements SecretProvider {
+    name: string;
+    cli: string;
+    validate(): Promise<void>;
+    fetch(opts: FetchOpts): Promise<Map<string, string>>;
+    exists(opts: FetchOpts): Promise<boolean>;
+    save(opts: SaveOpts): Promise<void>;
+    listFields(opts: FetchOpts): Promise<string[]>;
+}

package/dist/providers/bitwarden.js ADDED Viewed

@@ -0,0 +1,98 @@
+import { execSync } from "node:child_process";
+import { cliExists, exec } from "../utils.js";
+export class BitwardenProvider {
+    name = "Bitwarden";
+    cli = "bw";
+    async validate() {
+        if (!cliExists("bw")) {
+            throw new Error("Bitwarden CLI (bw) not found.\n" +
+                "Install: https://bitwarden.com/help/cli/");
+        }
+        try {
+            const raw = exec("bw status", { stdio: ["pipe", "pipe", "pipe"] });
+            const status = JSON.parse(raw);
+            if (status.status !== "unlocked") {
+                throw new Error("locked");
+            }
+        }
+        catch (err) {
+            if (err instanceof Error && err.message.includes("locked")) {
+                throw new Error("Bitwarden vault is locked.\n" +
+                    'Run: export BW_SESSION=$(bw unlock --raw)\n' +
+                    "Or:  bw login (if not logged in yet)");
+            }
+            throw new Error("Not logged in to Bitwarden.\n" +
+                "Run: bw login");
+        }
+    }
+    async fetch(opts) {
+        // Bitwarden doesn't have per-vault item get; use search + filter
+        const json = exec(`bw get item "${opts.item}" --organizationid "${opts.vault}"`, { stdio: ["pipe", "pipe", "pipe"] });
+        const item = JSON.parse(json);
+        const secrets = new Map();
+        // Prefer custom fields
+        if (item.fields && item.fields.length > 0) {
+            for (const field of item.fields) {
+                if (field.name && field.value !== undefined) {
+                    secrets.set(field.name, field.value);
+                }
+            }
+        }
+        return secrets;
+    }
+    async exists(opts) {
+        try {
+            exec(`bw get item "${opts.item}"`, { stdio: ["pipe", "pipe", "pipe"] });
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+    async save(opts) {
+        // Build the item template
+        const fields = Array.from(opts.secrets.entries()).map(([name, value]) => ({
+            name,
+            value,
+            type: 1, // hidden field
+        }));
+        const template = {
+            type: 2, // Secure Note
+            name: opts.item,
+            notes: "",
+            secureNote: { type: 0 },
+            fields,
+            organizationId: opts.vault !== "null" ? opts.vault : undefined,
+        };
+        const encoded = Buffer.from(JSON.stringify(template)).toString("base64");
+        // Check if item exists
+        let existingId = null;
+        try {
+            const raw = exec(`bw get item "${opts.item}"`, { stdio: ["pipe", "pipe", "pipe"] });
+            const existing = JSON.parse(raw);
+            existingId = existing.id;
+        }
+        catch {
+            // Item doesn't exist
+        }
+        if (existingId) {
+            execSync(`echo '${encoded}' | bw edit item ${existingId}`, {
+                stdio: ["pipe", "pipe", "pipe"],
+                shell: "/bin/sh",
+            });
+        }
+        else {
+            execSync(`echo '${encoded}' | bw create item`, {
+                stdio: ["pipe", "pipe", "pipe"],
+                shell: "/bin/sh",
+            });
+        }
+        // Sync to server
+        execSync("bw sync", { stdio: ["pipe", "pipe", "pipe"] });
+    }
+    async listFields(opts) {
+        const secrets = await this.fetch(opts);
+        return Array.from(secrets.keys());
+    }
+}
+//# sourceMappingURL=bitwarden.js.map

package/dist/providers/bitwarden.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"bitwarden.js","sourceRoot":"","sources":["../../src/providers/bitwarden.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,MAAM,aAAa,CAAC;AAoB9C,MAAM,OAAO,iBAAiB;IAC5B,IAAI,GAAG,WAAW,CAAC;IACnB,GAAG,GAAG,IAAI,CAAC;IAEX,KAAK,CAAC,QAAQ;QACZ,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC;YACrB,MAAM,IAAI,KAAK,CACb,iCAAiC;gBAC/B,0CAA0C,CAC7C,CAAC;QACJ,CAAC;QAED,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,IAAI,CAAC,WAAW,EAAE,EAAE,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;YACnE,MAAM,MAAM,GAAa,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACzC,IAAI,MAAM,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;gBACjC,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,CAAC;YAC5B,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,KAAK,IAAI,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC3D,MAAM,IAAI,KAAK,CACb,8BAA8B;oBAC5B,6CAA6C;oBAC7C,sCAAsC,CACzC,CAAC;YACJ,CAAC;YACD,MAAM,IAAI,KAAK,CACb,+BAA+B;gBAC7B,eAAe,CAClB,CAAC;QACJ,CAAC;IACH,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,IAAe;QACzB,iEAAiE;QACjE,MAAM,IAAI,GAAG,IAAI,CACf,gBAAgB,IAAI,CAAC,IAAI,uBAAuB,IAAI,CAAC,KAAK,GAAG,EAC7D,EAAE,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,CACpC,CAAC;QAEF,MAAM,IAAI,GAAW,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACtC,MAAM,OAAO,GAAG,IAAI,GAAG,EAAkB,CAAC;QAE1C,uBAAuB;QACvB,IAAI,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC1C,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;gBAChC,IAAI,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;oBAC5C,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;gBACvC,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,IAAe;QAC1B,IAAI,CAAC;YACH,IAAI,CACF,gBAAgB,IAAI,CAAC,IAAI,GAAG,EAC5B,EAAE,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,CACpC,CAAC;YACF,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,IAAc;QACvB,0BAA0B;QAC1B,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC,GAAG,CACnD,CAAC,CAAC,IAAI,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC;YAClB,IAAI;YACJ,KAAK;YACL,IAAI,EAAE,CAAC,EAAE,eAAe;SACzB,CAAC,CACH,CAAC;QAEF,MAAM,QAAQ,GAAG;YACf,IAAI,EAAE,CAAC,EAAE,cAAc;YACvB,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,KAAK,EAAE,EAAE;YACT,UAAU,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE;YACvB,MAAM;YACN,cAAc,EAAE,IAAI,CAAC,KAAK,KAAK,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;SAC/D,CAAC;QAEF,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAEzE,uBAAuB;QACvB,IAAI,UAAU,GAAkB,IAAI,CAAC;QACrC,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,IAAI,CACd,gBAAgB,IAAI,CAAC,IAAI,GAAG,EAC5B,EAAE,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,CACpC,CAAC;YACF,MAAM,QAAQ,GAAW,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACzC,UAAU,GAAG,QAAQ,CAAC,EAAE,CAAC;QAC3B,CAAC;QAAC,MAAM,CAAC;YACP,qBAAqB;QACvB,CAAC;QAED,IAAI,UAAU,EAAE,CAAC;YACf,QAAQ,CAAC,SAAS,OAAO,oBAAoB,UAAU,EAAE,EAAE;gBACzD,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;gBAC/B,KAAK,EAAE,SAAS;aACjB,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,QAAQ,CAAC,SAAS,OAAO,oBAAoB,EAAE;gBAC7C,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;gBAC/B,KAAK,EAAE,SAAS;aACjB,CAAC,CAAC;QACL,CAAC;QAED,iBAAiB;QACjB,QAAQ,CAAC,SAAS,EAAE,EAAE,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;IAC3D,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,IAAe;QAC9B,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACvC,OAAO,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;IACpC,CAAC;CACF"}

package/dist/providers/index.d.ts ADDED Viewed

@@ -0,0 +1,14 @@
+import type { SecretProvider } from "./types.js";
+export type { SecretProvider } from "./types.js";
+/**
+ * Get a provider by explicit name (from config or CLI flag).
+ */
+export declare function getProvider(name: string): SecretProvider;
+/**
+ * Auto-detect which provider is available by checking for CLI tools.
+ */
+export declare function detectProvider(): SecretProvider;
+/**
+ * Resolve a provider from an optional name — explicit lookup or auto-detect.
+ */
+export declare function resolveProvider(name?: string): SecretProvider;

package/dist/providers/index.js ADDED Viewed

@@ -0,0 +1,47 @@
+import { cliExists } from "../utils.js";
+import { BitwardenProvider } from "./bitwarden.js";
+import { OnePasswordProvider } from "./onepassword.js";
+const PROVIDERS = [
+    () => new OnePasswordProvider(),
+    () => new BitwardenProvider(),
+];
+const PROVIDER_MAP = {
+    "1password": () => new OnePasswordProvider(),
+    onepassword: () => new OnePasswordProvider(),
+    op: () => new OnePasswordProvider(),
+    bitwarden: () => new BitwardenProvider(),
+    bw: () => new BitwardenProvider(),
+};
+/**
+ * Get a provider by explicit name (from config or CLI flag).
+ */
+export function getProvider(name) {
+    const factory = PROVIDER_MAP[name.toLowerCase()];
+    if (!factory) {
+        const valid = Object.keys(PROVIDER_MAP).join(", ");
+        throw new Error(`Unknown provider "${name}". Valid providers: ${valid}`);
+    }
+    return factory();
+}
+/**
+ * Auto-detect which provider is available by checking for CLI tools.
+ */
+export function detectProvider() {
+    for (const factory of PROVIDERS) {
+        const provider = factory();
+        if (cliExists(provider.cli)) {
+            return provider;
+        }
+    }
+    throw new Error("No supported password manager CLI found.\n" +
+        "Install one of:\n" +
+        "  - 1Password CLI (op): https://developer.1password.com/docs/cli/\n" +
+        "  - Bitwarden CLI (bw): https://bitwarden.com/help/cli/");
+}
+/**
+ * Resolve a provider from an optional name — explicit lookup or auto-detect.
+ */
+export function resolveProvider(name) {
+    return name ? getProvider(name) : detectProvider();
+}
+//# sourceMappingURL=index.js.map

package/dist/providers/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/providers/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACxC,OAAO,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AACnD,OAAO,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAC;AAKvD,MAAM,SAAS,GAAgC;IAC7C,GAAG,EAAE,CAAC,IAAI,mBAAmB,EAAE;IAC/B,GAAG,EAAE,CAAC,IAAI,iBAAiB,EAAE;CAC9B,CAAC;AAEF,MAAM,YAAY,GAAyC;IACzD,WAAW,EAAE,GAAG,EAAE,CAAC,IAAI,mBAAmB,EAAE;IAC5C,WAAW,EAAE,GAAG,EAAE,CAAC,IAAI,mBAAmB,EAAE;IAC5C,EAAE,EAAE,GAAG,EAAE,CAAC,IAAI,mBAAmB,EAAE;IACnC,SAAS,EAAE,GAAG,EAAE,CAAC,IAAI,iBAAiB,EAAE;IACxC,EAAE,EAAE,GAAG,EAAE,CAAC,IAAI,iBAAiB,EAAE;CAClC,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,IAAY;IACtC,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;IACjD,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACnD,MAAM,IAAI,KAAK,CAAC,qBAAqB,IAAI,uBAAuB,KAAK,EAAE,CAAC,CAAC;IAC3E,CAAC;IACD,OAAO,OAAO,EAAE,CAAC;AACnB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc;IAC5B,KAAK,MAAM,OAAO,IAAI,SAAS,EAAE,CAAC;QAChC,MAAM,QAAQ,GAAG,OAAO,EAAE,CAAC;QAC3B,IAAI,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YAC5B,OAAO,QAAQ,CAAC;QAClB,CAAC;IACH,CAAC;IAED,MAAM,IAAI,KAAK,CACb,4CAA4C;QAC1C,mBAAmB;QACnB,qEAAqE;QACrE,yDAAyD,CAC5D,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,IAAa;IAC3C,OAAO,IAAI,CAAC,CAAC,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,cAAc,EAAE,CAAC;AACrD,CAAC"}

package/dist/providers/onepassword.d.ts ADDED Viewed

@@ -0,0 +1,15 @@
+import type { FetchOpts, SaveOpts, SecretProvider } from "./types.js";
+export declare class OnePasswordProvider implements SecretProvider {
+    name: string;
+    cli: string;
+    validate(): Promise<void>;
+    fetch(opts: FetchOpts): Promise<Map<string, string>>;
+    /**
+     * Find all item IDs matching a title in a vault.
+     * Uses `op item list` to avoid ambiguity with duplicate names.
+     */
+    private findItemIds;
+    exists(opts: FetchOpts): Promise<boolean>;
+    save(opts: SaveOpts): Promise<void>;
+    listFields(opts: FetchOpts): Promise<string[]>;
+}

package/dist/providers/onepassword.js ADDED Viewed

@@ -0,0 +1,84 @@
+import { execFileSync } from "node:child_process";
+import { cliExists, exec } from "../utils.js";
+/** Built-in field IDs that 1Password adds automatically */
+const BUILTIN_FIELD_IDS = new Set([
+    "username",
+    "password",
+    "notesPlain",
+]);
+export class OnePasswordProvider {
+    name = "1Password";
+    cli = "op";
+    async validate() {
+        if (!cliExists("op")) {
+            throw new Error("1Password CLI (op) not found.\n" +
+                "Install: https://developer.1password.com/docs/cli/get-started/");
+        }
+        try {
+            exec("op whoami", { stdio: ["pipe", "pipe", "pipe"] });
+        }
+        catch {
+            throw new Error("Not signed in to 1Password.\n" +
+                "Run: eval $(op signin)");
+        }
+    }
+    async fetch(opts) {
+        const json = exec(`op item get "${opts.item}" --vault "${opts.vault}" --format json`, { stdio: ["pipe", "pipe", "pipe"] });
+        const item = JSON.parse(json);
+        const secrets = new Map();
+        for (const field of item.fields ?? []) {
+            if (BUILTIN_FIELD_IDS.has(field.id))
+                continue;
+            if (field.purpose === "NOTES")
+                continue;
+            if (!field.label || field.value === undefined)
+                continue;
+            secrets.set(field.label, field.value);
+        }
+        return secrets;
+    }
+    /**
+     * Find all item IDs matching a title in a vault.
+     * Uses `op item list` to avoid ambiguity with duplicate names.
+     */
+    findItemIds(opts) {
+        try {
+            const json = exec(`op item list --vault "${opts.vault}" --format json`, { stdio: ["pipe", "pipe", "pipe"] });
+            const items = JSON.parse(json);
+            return items
+                .filter((i) => i.title === opts.item)
+                .map((i) => i.id);
+        }
+        catch {
+            return [];
+        }
+    }
+    async exists(opts) {
+        return this.findItemIds(opts).length > 0;
+    }
+    async save(opts) {
+        // Delete ALL existing items with this name — caller is responsible for confirming
+        const existingIds = this.findItemIds(opts);
+        for (const id of existingIds) {
+            execFileSync("op", [
+                "item", "delete", id, "--vault", opts.vault,
+            ], { stdio: ["pipe", "pipe", "pipe"] });
+        }
+        // Create Secure Note with all fields as positional args (no shell escaping needed)
+        // Format: op item create --category "Secure Note" 'label[password]=value' ...
+        const fieldArgs = Array.from(opts.secrets.entries())
+            .map(([label, value]) => `${label}[password]=${value}`);
+        execFileSync("op", [
+            "item", "create",
+            "--category", "Secure Note",
+            "--vault", opts.vault,
+            "--title", opts.item,
+            ...fieldArgs,
+        ], { stdio: ["pipe", "pipe", "pipe"] });
+    }
+    async listFields(opts) {
+        const secrets = await this.fetch(opts);
+        return Array.from(secrets.keys());
+    }
+}
+//# sourceMappingURL=onepassword.js.map

package/dist/providers/onepassword.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"onepassword.js","sourceRoot":"","sources":["../../src/providers/onepassword.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAY,MAAM,oBAAoB,CAAC;AAC5D,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,MAAM,aAAa,CAAC;AAG9C,2DAA2D;AAC3D,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC;IAChC,UAAU;IACV,UAAU;IACV,YAAY;CACb,CAAC,CAAC;AAgBH,MAAM,OAAO,mBAAmB;IAC9B,IAAI,GAAG,WAAW,CAAC;IACnB,GAAG,GAAG,IAAI,CAAC;IAEX,KAAK,CAAC,QAAQ;QACZ,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC;YACrB,MAAM,IAAI,KAAK,CACb,iCAAiC;gBAC/B,gEAAgE,CACnE,CAAC;QACJ,CAAC;QAED,IAAI,CAAC;YACH,IAAI,CAAC,WAAW,EAAE,EAAE,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;QACzD,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,KAAK,CACb,+BAA+B;gBAC7B,wBAAwB,CAC3B,CAAC;QACJ,CAAC;IACH,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,IAAe;QACzB,MAAM,IAAI,GAAG,IAAI,CACf,gBAAgB,IAAI,CAAC,IAAI,cAAc,IAAI,CAAC,KAAK,iBAAiB,EAClE,EAAE,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,CACpC,CAAC;QAEF,MAAM,IAAI,GAAW,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACtC,MAAM,OAAO,GAAG,IAAI,GAAG,EAAkB,CAAC;QAE1C,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,MAAM,IAAI,EAAE,EAAE,CAAC;YACtC,IAAI,iBAAiB,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;gBAAE,SAAS;YAC9C,IAAI,KAAK,CAAC,OAAO,KAAK,OAAO;gBAAE,SAAS;YACxC,IAAI,CAAC,KAAK,CAAC,KAAK,IAAI,KAAK,CAAC,KAAK,KAAK,SAAS;gBAAE,SAAS;YACxD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;QACxC,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;;OAGG;IACK,WAAW,CAAC,IAAe;QACjC,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,IAAI,CACf,yBAAyB,IAAI,CAAC,KAAK,iBAAiB,EACpD,EAAE,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,CACpC,CAAC;YACF,MAAM,KAAK,GAAa,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YACzC,OAAO,KAAK;iBACT,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,IAAI,CAAC,IAAI,CAAC;iBACpC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QACtB,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,IAAe;QAC1B,OAAO,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC;IAC3C,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,IAAc;QACvB,kFAAkF;QAClF,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;QAC3C,KAAK,MAAM,EAAE,IAAI,WAAW,EAAE,CAAC;YAC7B,YAAY,CAAC,IAAI,EAAE;gBACjB,MAAM,EAAE,QAAQ,EAAE,EAAE,EAAE,SAAS,EAAE,IAAI,CAAC,KAAK;aAC5C,EAAE,EAAE,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;QAC1C,CAAC;QAED,mFAAmF;QACnF,8EAA8E;QAC9E,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;aACjD,GAAG,CAAC,CAAC,CAAC,KAAK,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK,cAAc,KAAK,EAAE,CAAC,CAAC;QAE1D,YAAY,CAAC,IAAI,EAAE;YACjB,MAAM,EAAE,QAAQ;YAChB,YAAY,EAAE,aAAa;YAC3B,SAAS,EAAE,IAAI,CAAC,KAAK;YACrB,SAAS,EAAE,IAAI,CAAC,IAAI;YACpB,GAAG,SAAS;SACb,EAAE,EAAE,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;IAC1C,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,IAAe;QAC9B,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACvC,OAAO,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;IACpC,CAAC;CACF"}

package/dist/providers/types.d.ts ADDED Viewed

@@ -0,0 +1,25 @@
+export interface FetchOpts {
+    vault: string;
+    item: string;
+}
+export interface SaveOpts {
+    vault: string;
+    item: string;
+    secrets: Map<string, string>;
+}
+export interface SecretProvider {
+    /** Human-readable name (e.g. "1Password") */
+    name: string;
+    /** CLI command name (e.g. "op") */
+    cli: string;
+    /** Check if the CLI is installed and the user is authenticated. Throws on failure. */
+    validate(): Promise<void>;
+    /** Fetch all secrets for an environment. Returns Map<envVarName, value>. */
+    fetch(opts: FetchOpts): Promise<Map<string, string>>;
+    /** Check if an item exists. */
+    exists(opts: FetchOpts): Promise<boolean>;
+    /** Create or replace an item with the given secrets. Deletes existing item first. */
+    save(opts: SaveOpts): Promise<void>;
+    /** List field names in an item (no values). */
+    listFields(opts: FetchOpts): Promise<string[]>;
+}

package/dist/providers/types.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export {};
2	+ //# sourceMappingURL=types.js.map