vaultkeeper 0.4.0 → 0.5.0

package/dist/index.cjs

@@ -1,13 +1,15 @@
 'use strict';
 
-var child_process = require('child_process');
-var fs5 = require('fs/promises');
-var path5 = require('path');
+var fs = require('fs/promises');
+var path3 = require('path');
 var os4 = require('os');
-var crypto4 = require('crypto');
+var crypto = require('crypto');
+var child_process = require('child_process');
+var url = require('url');
 var fs4 = require('fs');
 var jose = require('jose');
 
+var _documentCurrentScript = typeof document !== 'undefined' ? document.currentScript : null;
 function _interopNamespace(e) {
   if (e && e.__esModule) return e;
   var n = Object.create(null);
@@ -26,10 +28,10 @@ function _interopNamespace(e) {
   return Object.freeze(n);
 }
 
-var fs5__namespace = /*#__PURE__*/_interopNamespace(fs5);
-var path5__namespace = /*#__PURE__*/_interopNamespace(path5);
+var fs__namespace = /*#__PURE__*/_interopNamespace(fs);
+var path3__namespace = /*#__PURE__*/_interopNamespace(path3);
 var os4__namespace = /*#__PURE__*/_interopNamespace(os4);
-var crypto4__namespace = /*#__PURE__*/_interopNamespace(crypto4);
+var crypto__namespace = /*#__PURE__*/_interopNamespace(crypto);
 var fs4__namespace = /*#__PURE__*/_interopNamespace(fs4);
 
 // src/errors.ts
@@ -162,6 +164,22 @@ var IdentityMismatchError = class extends VaultError {
     this.currentHash = currentHash;
   }
 };
+var InvalidAlgorithmError = class extends VaultError {
+  /**
+   * The algorithm that was requested.
+   */
+  algorithm;
+  /**
+   * The set of algorithms that are allowed.
+   */
+  allowed;
+  constructor(message, algorithm, allowed) {
+    super(message);
+    this.name = "InvalidAlgorithmError";
+    this.algorithm = algorithm;
+    this.allowed = allowed;
+  }
+};
 var SetupError = class extends VaultError {
   /**
    * The name of the dependency that caused the setup failure.
@@ -197,14 +215,10 @@ var RotationInProgressError = class extends VaultError {
   }
 };
 
-// src/backend/types.ts
-function isListableBackend(backend) {
-  return "list" in backend && typeof backend.list === "function";
-}
-
 // src/backend/registry.ts
 var BackendRegistry = class {
   static backends = /* @__PURE__ */ new Map();
+  static setups = /* @__PURE__ */ new Map();
   /**
    * Register a backend factory.
    * @param type - Backend type identifier
@@ -216,10 +230,11 @@ var BackendRegistry = class {
   /**
    * Create a backend instance by type.
    * @param type - Backend type identifier
+   * @param config - Optional backend configuration forwarded to the factory
    * @returns A SecretBackend instance
-   * @throws Error if the backend type is not registered
+   * @throws {@link BackendUnavailableError} if the backend type is not registered
    */
-  static create(type) {
+  static create(type, config) {
     const factory = this.backends.get(type);
     if (factory === void 0) {
       throw new BackendUnavailableError(
@@ -228,7 +243,7 @@ var BackendRegistry = class {
         Array.from(this.backends.keys())
       );
     }
-    return factory();
+    return factory(config);
   }
   /**
    * Get all registered backend type identifiers.
@@ -264,18 +279,199 @@ var BackendRegistry = class {
     );
     return results.filter((type) => type !== null);
   }
+  /**
+   * Register a setup factory for a backend type.
+   * @param type - Backend type identifier
+   * @param factory - Factory function that creates a setup generator
+   */
+  static registerSetup(type, factory) {
+    this.setups.set(type, factory);
+  }
+  /**
+   * Get the setup factory for a backend type, if one is registered.
+   * @param type - Backend type identifier
+   * @returns The setup factory, or `undefined` if none is registered
+   */
+  static getSetup(type) {
+    return this.setups.get(type);
+  }
+  /**
+   * Check whether a setup factory is registered for the given backend type.
+   * @param type - Backend type identifier
+   * @returns `true` if a setup factory is registered
+   */
+  static hasSetup(type) {
+    return this.setups.has(type);
+  }
+  /**
+   * Clear all registered backend factories.
+   * Intended for use in tests only.
+   * @internal
+   */
+  static clearBackends() {
+    this.backends.clear();
+  }
+  /**
+   * Clear all registered setup factories.
+   * Intended for use in tests only.
+   * @internal
+   */
+  static clearSetups() {
+    this.setups.clear();
+  }
+};
+var STORAGE_DIR_NAME = path3__namespace.join(".vaultkeeper", "file");
+var KEY_FILE = ".key";
+var GCM_IV_BYTES = 12;
+var GCM_KEY_BYTES = 32;
+var GCM_TAG_LENGTH = 128;
+function getStorageDir() {
+  return path3__namespace.join(os4__namespace.homedir(), STORAGE_DIR_NAME);
+}
+function getEntryPath(storageDir, id) {
+  const safeId = Buffer.from(id, "utf8").toString("hex");
+  return path3__namespace.join(storageDir, `${safeId}.enc`);
+}
+async function ensureStorageDir(storageDir) {
+  try {
+    await fs__namespace.mkdir(storageDir, { recursive: true, mode: 448 });
+  } catch (err) {
+    if (err instanceof Error && "code" in err && err.code !== "EEXIST") {
+      throw new FilesystemError(
+        `Failed to create storage directory: ${storageDir}`,
+        storageDir,
+        "rwx"
+      );
+    }
+  }
+}
+async function getOrCreateKey(storageDir) {
+  const keyPath = path3__namespace.join(storageDir, KEY_FILE);
+  try {
+    const data = await fs__namespace.readFile(keyPath);
+    return data;
+  } catch (err) {
+    if (err instanceof Error && "code" in err && err.code === "ENOENT") {
+      const key = crypto__namespace.randomBytes(GCM_KEY_BYTES);
+      await fs__namespace.writeFile(keyPath, key, { mode: 384 });
+      return key;
+    }
+    throw err;
+  }
+}
+function encryptGcm(key, plaintext) {
+  const iv = crypto__namespace.randomBytes(GCM_IV_BYTES);
+  const cipher = crypto__namespace.createCipheriv("aes-256-gcm", key, iv, {
+    authTagLength: GCM_TAG_LENGTH / 8
+  });
+  const encrypted = Buffer.concat([cipher.update(plaintext, "utf8"), cipher.final()]);
+  const authTag = cipher.getAuthTag();
+  return [iv.toString("base64"), authTag.toString("base64"), encrypted.toString("base64")].join(":");
+}
+function decryptGcm(key, encoded) {
+  const parts = encoded.split(":");
+  if (parts.length !== 3) {
+    throw new Error("Invalid encrypted file format: expected iv:authTag:ciphertext");
+  }
+  const [ivB64, authTagB64, ciphertextB64] = parts;
+  if (ivB64 === void 0 || authTagB64 === void 0 || ciphertextB64 === void 0) {
+    throw new Error("Invalid encrypted file format: missing part");
+  }
+  const iv = Buffer.from(ivB64, "base64");
+  const authTag = Buffer.from(authTagB64, "base64");
+  const ciphertext = Buffer.from(ciphertextB64, "base64");
+  const decipher = crypto__namespace.createDecipheriv("aes-256-gcm", key, iv, {
+    authTagLength: GCM_TAG_LENGTH / 8
+  });
+  decipher.setAuthTag(authTag);
+  const decrypted = Buffer.concat([decipher.update(ciphertext), decipher.final()]);
+  return decrypted.toString("utf8");
+}
+var FileBackend = class {
+  type = "file";
+  displayName = "Encrypted File Store";
+  async isAvailable() {
+    try {
+      const storageDir = getStorageDir();
+      await ensureStorageDir(storageDir);
+      return true;
+    } catch {
+      return false;
+    }
+  }
+  async store(id, secret) {
+    const storageDir = getStorageDir();
+    await ensureStorageDir(storageDir);
+    const key = await getOrCreateKey(storageDir);
+    const entryPath = getEntryPath(storageDir, id);
+    const encrypted = encryptGcm(key, secret);
+    await fs__namespace.writeFile(entryPath, encrypted, { mode: 384 });
+  }
+  async retrieve(id) {
+    const storageDir = getStorageDir();
+    const entryPath = getEntryPath(storageDir, id);
+    let encoded;
+    try {
+      encoded = await fs__namespace.readFile(entryPath, "utf8");
+    } catch (err) {
+      if (err instanceof Error && "code" in err && err.code === "ENOENT") {
+        throw new SecretNotFoundError(`Secret not found in file store: ${id}`);
+      }
+      throw err;
+    }
+    const key = await getOrCreateKey(storageDir);
+    try {
+      return decryptGcm(key, encoded);
+    } catch (err) {
+      throw new Error(
+        `Failed to decrypt secret: ${err instanceof Error ? err.message : String(err)}`
+      );
+    }
+  }
+  async delete(id) {
+    const storageDir = getStorageDir();
+    const entryPath = getEntryPath(storageDir, id);
+    try {
+      await fs__namespace.unlink(entryPath);
+    } catch (err) {
+      if (err instanceof Error && "code" in err && err.code === "ENOENT") {
+        throw new SecretNotFoundError(`Secret not found in file store: ${id}`);
+      }
+      throw err;
+    }
+  }
+  async exists(id) {
+    const storageDir = getStorageDir();
+    const entryPath = getEntryPath(storageDir, id);
+    try {
+      await fs__namespace.access(entryPath);
+      return true;
+    } catch {
+      return false;
+    }
+  }
+  async list() {
+    const storageDir = getStorageDir();
+    let entries;
+    try {
+      entries = await fs__namespace.readdir(storageDir);
+    } catch {
+      return [];
+    }
+    return entries.filter((f) => f.endsWith(".enc")).map((f) => Buffer.from(f.slice(0, -4), "hex").toString("utf8"));
+  }
 };
 async function execCommand(command, args, options) {
-  const result = await execCommandFull(command, args);
+  const result = await execCommandFull(command, args, options);
   if (result.exitCode !== 0) {
     throw new Error(`Command failed with exit code ${String(result.exitCode)}: ${result.stderr}`);
   }
   return result.stdout.trim();
 }
 function execCommandFull(command, args, options) {
-  return new Promise((resolve, reject) => {
+  return new Promise((resolve2, reject) => {
     const proc = child_process.spawn(command, args, {
-      stdio: ["ignore", "pipe", "pipe"]
+      stdio: [options?.stdin !== void 0 ? "pipe" : "ignore", "pipe", "pipe"]
     });
     let stdout = "";
     let stderr = "";
@@ -285,25 +481,887 @@ function execCommandFull(command, args, options) {
     proc.stderr?.on("data", (data) => {
       stderr += data.toString();
     });
+    if (options?.stdin !== void 0 && proc.stdin) {
+      proc.stdin.write(options.stdin);
+      proc.stdin.end();
+    }
+    if (options?.timeoutMs !== void 0) {
+      setTimeout(() => {
+        proc.kill("SIGTERM");
+        reject(new Error(`Command timed out after ${String(options.timeoutMs)}ms`));
+      }, options.timeoutMs);
+    }
     proc.on("close", (code) => {
-      resolve({ stdout, stderr, exitCode: code ?? 1 });
+      resolve2({ stdout, stderr, exitCode: code ?? 1 });
     });
     proc.on("error", (error) => {
       reject(error);
     });
   });
 }
-path5__namespace.join(".vaultkeeper", "file");
-path5__namespace.join(".vaultkeeper", "yubikey");
+
+// src/backend/keychain-backend.ts
+var ACCOUNT = "vaultkeeper";
+var SERVICE_PREFIX = "vaultkeeper:";
+var KeychainBackend = class {
+  type = "keychain";
+  displayName = "macOS Keychain";
+  async isAvailable() {
+    if (process.platform !== "darwin") {
+      return false;
+    }
+    try {
+      const result = await execCommandFull("security", ["version"]);
+      return result.exitCode === 0;
+    } catch {
+      return false;
+    }
+  }
+  async store(id, secret) {
+    const service = `${SERVICE_PREFIX}${id}`;
+    const encoded = Buffer.from(secret, "utf8").toString("base64");
+    await execCommandFull("security", [
+      "delete-generic-password",
+      "-a",
+      ACCOUNT,
+      "-s",
+      service
+    ]);
+    await execCommand("security", [
+      "add-generic-password",
+      "-a",
+      ACCOUNT,
+      "-s",
+      service,
+      "-w",
+      encoded
+    ]);
+  }
+  async retrieve(id) {
+    const service = `${SERVICE_PREFIX}${id}`;
+    const result = await execCommandFull("security", [
+      "find-generic-password",
+      "-a",
+      ACCOUNT,
+      "-s",
+      service,
+      "-w"
+    ]);
+    if (result.exitCode !== 0) {
+      throw new SecretNotFoundError(`Secret not found in macOS Keychain: ${id}`);
+    }
+    const encoded = result.stdout.trim();
+    return Buffer.from(encoded, "base64").toString("utf8");
+  }
+  async delete(id) {
+    const service = `${SERVICE_PREFIX}${id}`;
+    const result = await execCommandFull("security", [
+      "delete-generic-password",
+      "-a",
+      ACCOUNT,
+      "-s",
+      service
+    ]);
+    if (result.exitCode !== 0) {
+      throw new SecretNotFoundError(`Secret not found in macOS Keychain: ${id}`);
+    }
+  }
+  async exists(id) {
+    const service = `${SERVICE_PREFIX}${id}`;
+    const result = await execCommandFull("security", [
+      "find-generic-password",
+      "-a",
+      ACCOUNT,
+      "-s",
+      service
+    ]);
+    return result.exitCode === 0;
+  }
+  async list() {
+    const result = await execCommandFull("security", [
+      "dump-keychain"
+    ]);
+    if (result.exitCode !== 0) {
+      return [];
+    }
+    const ids = [];
+    const servicePattern = /0x00000007 <blob>="vaultkeeper:([^"]+)"/g;
+    let match = servicePattern.exec(result.stdout);
+    while (match !== null) {
+      const id = match[1];
+      if (id !== void 0) {
+        ids.push(id);
+      }
+      match = servicePattern.exec(result.stdout);
+    }
+    return ids;
+  }
+};
+function getStoragePath() {
+  return path3__namespace.join(os4__namespace.homedir(), ".vaultkeeper", "dpapi");
+}
+function getEntryPath2(storageDir, id) {
+  const safeId = Buffer.from(id, "utf8").toString("hex");
+  return path3__namespace.join(storageDir, `${safeId}.enc`);
+}
+var DpapiBackend = class {
+  type = "dpapi";
+  displayName = "Windows DPAPI";
+  async isAvailable() {
+    if (process.platform !== "win32") {
+      return false;
+    }
+    try {
+      const result = await execCommandFull("powershell", [
+        "-NoProfile",
+        "-Command",
+        "[System.Security.Cryptography.ProtectedData] | Out-Null; exit 0"
+      ]);
+      return result.exitCode === 0;
+    } catch {
+      return false;
+    }
+  }
+  async store(id, secret) {
+    const storageDir = getStoragePath();
+    await fs__namespace.mkdir(storageDir, { recursive: true });
+    const entryPath = getEntryPath2(storageDir, id);
+    const script = [
+      "Add-Type -AssemblyName System.Security",
+      `$bytes = [System.Text.Encoding]::UTF8.GetBytes(${JSON.stringify(secret)})`,
+      "$entropy = $null",
+      "$scope = [System.Security.Cryptography.DataProtectionScope]::CurrentUser",
+      "$encrypted = [System.Security.Cryptography.ProtectedData]::Protect($bytes, $entropy, $scope)",
+      `[System.IO.File]::WriteAllBytes(${JSON.stringify(entryPath)}, $encrypted)`
+    ].join("; ");
+    await execCommand("powershell", ["-NoProfile", "-Command", script]);
+  }
+  async retrieve(id) {
+    const storageDir = getStoragePath();
+    const entryPath = getEntryPath2(storageDir, id);
+    try {
+      await fs__namespace.access(entryPath);
+    } catch {
+      throw new SecretNotFoundError(`Secret not found in Windows DPAPI store: ${id}`);
+    }
+    const script = [
+      "Add-Type -AssemblyName System.Security",
+      `$encrypted = [System.IO.File]::ReadAllBytes(${JSON.stringify(entryPath)})`,
+      "$entropy = $null",
+      "$scope = [System.Security.Cryptography.DataProtectionScope]::CurrentUser",
+      "$bytes = [System.Security.Cryptography.ProtectedData]::Unprotect($encrypted, $entropy, $scope)",
+      "Write-Output ([System.Text.Encoding]::UTF8.GetString($bytes))"
+    ].join("; ");
+    return execCommand("powershell", ["-NoProfile", "-Command", script]);
+  }
+  async delete(id) {
+    const storageDir = getStoragePath();
+    const entryPath = getEntryPath2(storageDir, id);
+    try {
+      await fs__namespace.unlink(entryPath);
+    } catch (err) {
+      if (err instanceof Error && "code" in err && err.code === "ENOENT") {
+        throw new SecretNotFoundError(`Secret not found in Windows DPAPI store: ${id}`);
+      }
+      throw err;
+    }
+  }
+  async exists(id) {
+    const storageDir = getStoragePath();
+    const entryPath = getEntryPath2(storageDir, id);
+    try {
+      await fs__namespace.access(entryPath);
+      return true;
+    } catch {
+      return false;
+    }
+  }
+  async list() {
+    const storageDir = getStoragePath();
+    let entries;
+    try {
+      entries = await fs__namespace.readdir(storageDir);
+    } catch {
+      return [];
+    }
+    return entries.filter((f) => f.endsWith(".enc")).map((f) => Buffer.from(f.slice(0, -4), "hex").toString("utf8"));
+  }
+};
+
+// src/backend/secret-tool-backend.ts
+var ATTRIBUTE_KEY = "vaultkeeper-id";
+var LABEL_PREFIX = "vaultkeeper: ";
+var SecretToolBackend = class {
+  type = "secret-tool";
+  displayName = "Linux Secret Service (secret-tool)";
+  async isAvailable() {
+    if (process.platform !== "linux") {
+      return false;
+    }
+    try {
+      const result = await execCommandFull("secret-tool", ["--version"]);
+      return result.exitCode === 0;
+    } catch {
+      return false;
+    }
+  }
+  async store(id, secret) {
+    const label = `${LABEL_PREFIX}${id}`;
+    await execCommand(
+      "secret-tool",
+      ["store", "--label", label, ATTRIBUTE_KEY, id],
+      { stdin: secret }
+    );
+  }
+  async retrieve(id) {
+    const result = await execCommandFull("secret-tool", ["lookup", ATTRIBUTE_KEY, id]);
+    if (result.exitCode !== 0 || result.stdout.trim() === "") {
+      throw new SecretNotFoundError(`Secret not found in Secret Service: ${id}`);
+    }
+    return result.stdout.trim();
+  }
+  async delete(id) {
+    const result = await execCommandFull("secret-tool", ["clear", ATTRIBUTE_KEY, id]);
+    if (result.exitCode !== 0) {
+      throw new SecretNotFoundError(`Secret not found in Secret Service: ${id}`);
+    }
+  }
+  async exists(id) {
+    const result = await execCommandFull("secret-tool", ["lookup", ATTRIBUTE_KEY, id]);
+    return result.exitCode === 0 && result.stdout.trim() !== "";
+  }
+  async list() {
+    const result = await execCommandFull("secret-tool", [
+      "search",
+      ATTRIBUTE_KEY,
+      ""
+    ]);
+    if (result.exitCode !== 0) {
+      return [];
+    }
+    const ids = [];
+    const attrPattern = new RegExp(`attribute\\.${ATTRIBUTE_KEY} = (.+)`, "g");
+    let match = attrPattern.exec(result.stdout);
+    while (match !== null) {
+      const id = match[1];
+      if (id !== void 0) {
+        ids.push(id);
+      }
+      match = attrPattern.exec(result.stdout);
+    }
+    return ids;
+  }
+};
+var INTEGRATION_NAME = "vaultkeeper";
+var cachedVersion;
+function getIntegrationVersion() {
+  if (cachedVersion !== void 0) return cachedVersion;
+  const dir = path3.dirname(url.fileURLToPath((typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('index.cjs', document.baseURI).href))));
+  const candidates = [
+    path3.resolve(dir, "..", "..", "package.json"),
+    path3.resolve(dir, "..", "package.json")
+  ];
+  for (const candidate of candidates) {
+    if (!fs4.existsSync(candidate)) continue;
+    const raw = JSON.parse(fs4.readFileSync(candidate, "utf8"));
+    if (raw !== null && typeof raw === "object" && "version" in raw && typeof raw.version === "string") {
+      cachedVersion = raw.version;
+      return cachedVersion;
+    }
+  }
+  throw new Error(
+    `Could not read version from vaultkeeper package.json. Tried paths: ${candidates.join(", ")}`
+  );
+}
+
+// src/backend/one-password-backend.ts
+var SDK_INSTALL_URL = "https://developer.1password.com/docs/sdks/";
+var TAG = "vaultkeeper";
+var PASSWORD_FIELD_TITLE = "password";
+var SESSION_TIMEOUT_MS = 3e4;
+function isWorkerSuccess(res) {
+  return "value" in res;
+}
+function isWorkerResponse(value) {
+  if (value === null || typeof value !== "object") return false;
+  if ("value" in value && typeof value.value === "string") return true;
+  if ("error" in value && typeof value.error === "string" && "code" in value && typeof value.code === "string")
+    return true;
+  return false;
+}
+var OnePasswordBackend = class {
+  type = "1password";
+  displayName = "1Password";
+  vaultId;
+  account;
+  serviceAccountToken;
+  accessMode;
+  sessionTimeoutMs;
+  /** In-flight or resolved client promise — prevents duplicate createClient calls. */
+  clientPromise;
+  constructor(options) {
+    if (options.accessMode === "per-access" && options.serviceAccountToken !== void 0) {
+      throw new Error(
+        "per-access mode requires desktop biometric authentication and cannot be used with a service account token"
+      );
+    }
+    if (options.account !== void 0 && options.serviceAccountToken !== void 0) {
+      throw new Error(
+        "account and serviceAccountToken are mutually exclusive \u2014 provide one or the other, not both"
+      );
+    }
+    this.vaultId = options.vault;
+    this.sessionTimeoutMs = options.sessionTimeoutMs ?? SESSION_TIMEOUT_MS;
+    if (options.account !== void 0) {
+      this.account = options.account;
+    }
+    if (options.serviceAccountToken !== void 0) {
+      this.serviceAccountToken = options.serviceAccountToken;
+    }
+    this.accessMode = options.accessMode ?? "session";
+  }
+  async isAvailable() {
+    const sdk = await this.tryLoadSdk();
+    return sdk !== null;
+  }
+  // ---- Session client management ----
+  /**
+   * Dynamically import the SDK. Returns `null` if the SDK is not installed or
+   * the native library cannot be loaded.
+   */
+  async tryLoadSdk() {
+    try {
+      const sdk = await import('@1password/sdk');
+      return sdk;
+    } catch {
+      return null;
+    }
+  }
+  /**
+   * Acquire (or create) a cached SDK client.
+   * Wraps `createClient` with a configurable timeout (default 30 s) to handle
+   * the known beta SDK hang after session expiry.
+   */
+  acquireClient() {
+    this.clientPromise ??= this.createClientInternal().catch((err) => {
+      this.clientPromise = void 0;
+      throw err;
+    });
+    return this.clientPromise;
+  }
+  async createClientInternal() {
+    const sdk = await this.tryLoadSdk();
+    if (sdk === null) {
+      throw new PluginNotFoundError(
+        "1Password SDK (@1password/sdk) is not available. Install it to use this backend.",
+        "@1password/sdk",
+        SDK_INSTALL_URL
+      );
+    }
+    const auth = this.buildAuth(sdk);
+    let timerId;
+    const timeoutPromise = new Promise((_resolve, reject) => {
+      timerId = setTimeout(() => {
+        reject(new BackendLockedError("1Password session timed out waiting for authentication", true));
+      }, this.sessionTimeoutMs);
+    });
+    try {
+      const client = await Promise.race([
+        sdk.createClient({
+          auth,
+          integrationName: INTEGRATION_NAME,
+          integrationVersion: getIntegrationVersion()
+        }),
+        timeoutPromise
+      ]);
+      return client;
+    } catch (err) {
+      if (err instanceof BackendLockedError) {
+        throw err;
+      }
+      if (err instanceof sdk.DesktopSessionExpiredError) {
+        throw new BackendLockedError(
+          "1Password session has expired. Please unlock the app.",
+          true
+        );
+      }
+      throw new AuthorizationDeniedError(
+        `1Password authentication failed: ${String(err)}`
+      );
+    } finally {
+      if (timerId !== void 0) {
+        clearTimeout(timerId);
+      }
+    }
+  }
+  buildAuth(sdk) {
+    if (this.serviceAccountToken !== void 0) {
+      return this.serviceAccountToken;
+    }
+    const accountName = this.account ?? "";
+    return new sdk.DesktopAuth(accountName);
+  }
+  // ---- Helpers for item lookup by title ----
+  /**
+   * List all items in the vault tagged "vaultkeeper" and find one with the
+   * matching title (= secret ID). Returns `undefined` if not found.
+   */
+  async findItemOverview(client, id) {
+    const overviews = await client.items.list(this.vaultId);
+    for (const overview of overviews) {
+      if (overview.title === id && overview.tags.includes(TAG)) {
+        return overview;
+      }
+    }
+    return void 0;
+  }
+  /**
+   * Fetch the full item for a given secret id. Returns `undefined` if not found.
+   */
+  async findItem(client, id) {
+    const overview = await this.findItemOverview(client, id);
+    if (overview === void 0) return void 0;
+    return client.items.get(this.vaultId, overview.id);
+  }
+  /**
+   * Extract the concealed password field value from an item.
+   */
+  extractSecret(item, id) {
+    for (const field of item.fields) {
+      if (field.title === PASSWORD_FIELD_TITLE) {
+        return field.value;
+      }
+    }
+    throw new SecretNotFoundError(
+      `Secret found in 1Password but missing password field: ${id}`
+    );
+  }
+  // ---- SecretBackend / ListableBackend implementation ----
+  async store(id, secret) {
+    const { ItemCategory, ItemFieldType } = await this.requireSdk();
+    const client = await this.acquireClient();
+    const existing = await this.findItem(client, id);
+    if (existing !== void 0) {
+      const hasPasswordField = existing.fields.some((f) => f.title === PASSWORD_FIELD_TITLE);
+      const updatedFields = hasPasswordField ? existing.fields.map((f) => {
+        if (f.title === PASSWORD_FIELD_TITLE) {
+          return { ...f, value: secret };
+        }
+        return f;
+      }) : [
+        ...existing.fields,
+        {
+          id: "password",
+          title: PASSWORD_FIELD_TITLE,
+          fieldType: ItemFieldType.Concealed,
+          value: secret
+        }
+      ];
+      await client.items.put({ ...existing, fields: updatedFields });
+    } else {
+      await client.items.create({
+        category: ItemCategory.Password,
+        vaultId: this.vaultId,
+        title: id,
+        tags: [TAG],
+        fields: [
+          {
+            id: "password",
+            title: PASSWORD_FIELD_TITLE,
+            fieldType: ItemFieldType.Concealed,
+            value: secret
+          }
+        ]
+      });
+    }
+  }
+  async retrieve(id) {
+    if (this.accessMode === "per-access") {
+      return this.retrieveViaWorker(id);
+    }
+    return this.retrieveViaSession(id);
+  }
+  async retrieveViaSession(id) {
+    const client = await this.acquireClient();
+    const item = await this.findItem(client, id);
+    if (item === void 0) {
+      throw new SecretNotFoundError(`Secret not found in 1Password: ${id}`);
+    }
+    return this.extractSecret(item, id);
+  }
+  /**
+   * Spawn the per-access worker script that triggers a fresh biometric prompt
+   * for each retrieval, then returns the secret from its stdout.
+   */
+  retrieveViaWorker(id) {
+    return new Promise((resolve2, reject) => {
+      const workerPath = path3.join(
+        path3.dirname(url.fileURLToPath((typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('index.cjs', document.baseURI).href)))),
+        "one-password-worker.js"
+      );
+      const accountArg = this.account ?? "";
+      const child = child_process.spawn(
+        process.execPath,
+        [workerPath, accountArg, this.vaultId, id],
+        { stdio: ["ignore", "pipe", "pipe"] }
+      );
+      const stdoutChunks = [];
+      const stderrChunks = [];
+      child.stdout.on("data", (chunk) => {
+        stdoutChunks.push(chunk);
+      });
+      child.stderr.on("data", (chunk) => {
+        stderrChunks.push(chunk);
+      });
+      child.on("close", (code) => {
+        const raw = Buffer.concat(stdoutChunks).toString("utf8").trim();
+        if (raw === "") {
+          const stderr = Buffer.concat(stderrChunks).toString("utf8").trim();
+          const detail = stderr !== "" ? stderr : `exit code ${String(code)}`;
+          reject(new Error(`1Password per-access worker crashed for secret ${id}: ${detail}`));
+          return;
+        }
+        let parsed;
+        try {
+          parsed = JSON.parse(raw);
+        } catch {
+          reject(new SecretNotFoundError(`Worker returned unparseable output for secret: ${id}`));
+          return;
+        }
+        if (!isWorkerResponse(parsed)) {
+          reject(new SecretNotFoundError(`Worker returned unexpected response shape for secret: ${id}`));
+          return;
+        }
+        if (isWorkerSuccess(parsed)) {
+          resolve2(parsed.value);
+        } else {
+          switch (parsed.code) {
+            case "NOT_FOUND":
+              reject(new SecretNotFoundError(`Secret not found in 1Password: ${id}`));
+              break;
+            case "AUTH_DENIED":
+              reject(new AuthorizationDeniedError("1Password authentication was denied"));
+              break;
+            case "LOCKED":
+              reject(new BackendLockedError("1Password is locked. Please unlock and retry.", true));
+              break;
+            default:
+              reject(new SecretNotFoundError(`Worker failed for secret ${id}: ${parsed.error}`));
+          }
+        }
+      });
+      child.on("error", (err) => {
+        reject(new Error(
+          `Failed to spawn 1Password per-access worker at ${workerPath}: ${String(err)}`
+        ));
+      });
+    });
+  }
+  async delete(id) {
+    const client = await this.acquireClient();
+    const overview = await this.findItemOverview(client, id);
+    if (overview === void 0) {
+      throw new SecretNotFoundError(`Secret not found in 1Password: ${id}`);
+    }
+    await client.items.delete(this.vaultId, overview.id);
+  }
+  async exists(id) {
+    const client = await this.acquireClient();
+    const overview = await this.findItemOverview(client, id);
+    return overview !== void 0;
+  }
+  async list() {
+    const client = await this.acquireClient();
+    const overviews = await client.items.list(this.vaultId);
+    const ids = [];
+    for (const overview of overviews) {
+      if (overview.tags.includes(TAG)) {
+        ids.push(overview.title);
+      }
+    }
+    return ids;
+  }
+  // ---- Private helpers ----
+  /** Load SDK and throw PluginNotFoundError if unavailable. */
+  async requireSdk() {
+    const sdk = await this.tryLoadSdk();
+    if (sdk === null) {
+      throw new PluginNotFoundError(
+        "1Password SDK (@1password/sdk) is not available.",
+        "@1password/sdk",
+        SDK_INSTALL_URL
+      );
+    }
+    return sdk;
+  }
+};
+var YKMAN_INSTALL_URL = "https://developers.yubico.com/yubikey-manager/";
+var STORAGE_DIR_NAME2 = path3__namespace.join(".vaultkeeper", "yubikey");
+var METADATA_FILE = "metadata.json";
+var DEVICE_TIMEOUT_MS = 5e3;
+var GCM_IV_BYTES2 = 12;
+var GCM_KEY_BYTES2 = 32;
+var GCM_TAG_LENGTH_BITS = 128;
+var FORMAT_VERSION = "1";
+function getStorageDir2() {
+  return path3__namespace.join(os4__namespace.homedir(), STORAGE_DIR_NAME2);
+}
+function getEntryPath3(storageDir, id) {
+  const safeId = Buffer.from(id, "utf8").toString("hex");
+  return path3__namespace.join(storageDir, `${safeId}.enc`);
+}
+function isStringRecord(value) {
+  if (value === null || typeof value !== "object") {
+    return false;
+  }
+  return Object.values(value).every((v) => typeof v === "string");
+}
+async function loadMetadata(storageDir) {
+  const metaPath = path3__namespace.join(storageDir, METADATA_FILE);
+  try {
+    const raw = await fs__namespace.readFile(metaPath, "utf8");
+    const parsed = JSON.parse(raw);
+    if (parsed !== null && typeof parsed === "object" && "entries" in parsed && isStringRecord(parsed.entries)) {
+      return { entries: parsed.entries };
+    }
+    return { entries: {} };
+  } catch {
+    return { entries: {} };
+  }
+}
+async function saveMetadata(storageDir, metadata) {
+  const metaPath = path3__namespace.join(storageDir, METADATA_FILE);
+  await fs__namespace.writeFile(metaPath, JSON.stringify(metadata, null, 2), { mode: 384 });
+}
+var HMAC_RESPONSE_HEX_LENGTH = 40;
+var HMAC_RESPONSE_RE = /^[0-9a-fA-F]{40}$/;
+function deriveKey(hmacResponse, id) {
+  const trimmed = hmacResponse.trim();
+  if (!HMAC_RESPONSE_RE.test(trimmed)) {
+    throw new Error(
+      `Invalid YubiKey HMAC response: expected exactly ${String(HMAC_RESPONSE_HEX_LENGTH)} hex characters (20 bytes), got ${String(trimmed.length)} characters`
+    );
+  }
+  const ikm = Buffer.from(trimmed, "hex");
+  const info = Buffer.from(`vaultkeeper-yubikey:${id}`, "utf8");
+  const keyMaterial = crypto__namespace.hkdfSync("sha256", ikm, Buffer.alloc(0), info, GCM_KEY_BYTES2);
+  return Buffer.from(keyMaterial);
+}
+function encryptGcm2(key, plaintext) {
+  const iv = crypto__namespace.randomBytes(GCM_IV_BYTES2);
+  let encrypted;
+  let authTag;
+  try {
+    const cipher = crypto__namespace.createCipheriv("aes-256-gcm", key, iv, {
+      authTagLength: GCM_TAG_LENGTH_BITS / 8
+    });
+    encrypted = Buffer.concat([cipher.update(plaintext, "utf8"), cipher.final()]);
+    authTag = cipher.getAuthTag();
+    return [
+      FORMAT_VERSION,
+      iv.toString("base64"),
+      authTag.toString("base64"),
+      encrypted.toString("base64")
+    ].join(":");
+  } finally {
+    key.fill(0);
+    iv.fill(0);
+    encrypted?.fill(0);
+    authTag?.fill(0);
+  }
+}
+function decryptGcm2(key, encoded) {
+  const parts = encoded.split(":");
+  const versionSegment = parts[0] ?? "";
+  const parsedVersion = parseInt(versionSegment, 10);
+  const isNumericVersion = String(parsedVersion) === versionSegment && !Number.isNaN(parsedVersion);
+  if (!isNumericVersion) {
+    key.fill(0);
+    throw new Error(
+      "Encrypted file uses a legacy format (AES-256-CBC). Delete the secret and re-store it to migrate to AES-256-GCM."
+    );
+  }
+  if (versionSegment !== FORMAT_VERSION) {
+    key.fill(0);
+    throw new Error(
+      `Unsupported encrypted file version: ${versionSegment}. This vaultkeeper build only supports version ${FORMAT_VERSION}. Upgrade vaultkeeper to read this secret.`
+    );
+  }
+  if (parts.length !== 4) {
+    key.fill(0);
+    throw new Error(
+      `Invalid encrypted file format: expected ${FORMAT_VERSION}:iv:authTag:ciphertext`
+    );
+  }
+  const [_version, ivB64, authTagB64, ciphertextB64] = parts;
+  if (ivB64 === void 0 || authTagB64 === void 0 || ciphertextB64 === void 0) {
+    key.fill(0);
+    throw new Error("Invalid encrypted file format: missing part");
+  }
+  let decrypted;
+  try {
+    const iv = Buffer.from(ivB64, "base64");
+    const authTag = Buffer.from(authTagB64, "base64");
+    const ciphertext = Buffer.from(ciphertextB64, "base64");
+    const decipher = crypto__namespace.createDecipheriv("aes-256-gcm", key, iv, {
+      authTagLength: GCM_TAG_LENGTH_BITS / 8
+    });
+    decipher.setAuthTag(authTag);
+    try {
+      decrypted = Buffer.concat([decipher.update(ciphertext), decipher.final()]);
+    } catch (err) {
+      throw new Error(
+        `GCM authentication failed \u2014 ciphertext may be tampered: ${err instanceof Error ? err.message : String(err)}`
+      );
+    }
+    const plaintext = decrypted.toString("utf8");
+    return plaintext;
+  } finally {
+    key.fill(0);
+    decrypted?.fill(0);
+  }
+}
+var YubikeyBackend = class {
+  type = "yubikey";
+  displayName = "YubiKey";
+  async isAvailable() {
+    try {
+      const result = await execCommandFull("ykman", ["--version"]);
+      if (result.exitCode !== 0) {
+        return false;
+      }
+      const listResult = await execCommandFull("ykman", ["list"]);
+      return listResult.exitCode === 0 && listResult.stdout.trim() !== "";
+    } catch {
+      return false;
+    }
+  }
+  async requireDevice() {
+    const available = await this.isAvailable();
+    if (!available) {
+      const hasYkman = await execCommandFull("ykman", ["--version"]).then(
+        (r) => r.exitCode === 0,
+        () => false
+      );
+      if (!hasYkman) {
+        throw new PluginNotFoundError("ykman is not installed", "ykman", YKMAN_INSTALL_URL);
+      }
+      throw new DeviceNotPresentError("No YubiKey device detected", DEVICE_TIMEOUT_MS);
+    }
+  }
+  /**
+   * Perform the YubiKey HMAC-SHA1 challenge-response for `id` and return the
+   * raw hex response string. Throws on device failure.
+   */
+  async challengeResponse(id) {
+    const challenge = Buffer.from(`vaultkeeper:${id}`, "utf8").toString("hex");
+    const responseResult = await execCommandFull("ykman", ["otp", "calculate", "2", challenge]);
+    if (responseResult.exitCode !== 0) {
+      throw new Error(`YubiKey challenge-response failed: ${responseResult.stderr}`);
+    }
+    return responseResult.stdout.trim();
+  }
+  async store(id, secret) {
+    await this.requireDevice();
+    const storageDir = getStorageDir2();
+    await fs__namespace.mkdir(storageDir, { recursive: true, mode: 448 });
+    const hmacResponse = await this.challengeResponse(id);
+    const key = deriveKey(hmacResponse, id);
+    const encrypted = encryptGcm2(key, secret);
+    const entryPath = getEntryPath3(storageDir, id);
+    await fs__namespace.writeFile(entryPath, encrypted, { mode: 384 });
+    const metadata = await loadMetadata(storageDir);
+    metadata.entries[id] = entryPath;
+    await saveMetadata(storageDir, metadata);
+  }
+  async retrieve(id) {
+    await this.requireDevice();
+    const storageDir = getStorageDir2();
+    const entryPath = getEntryPath3(storageDir, id);
+    try {
+      await fs__namespace.access(entryPath);
+    } catch {
+      throw new SecretNotFoundError(`Secret not found in YubiKey store: ${id}`);
+    }
+    const encoded = await fs__namespace.readFile(entryPath, "utf8");
+    const hmacResponse = await this.challengeResponse(id);
+    const key = deriveKey(hmacResponse, id);
+    return decryptGcm2(key, encoded);
+  }
+  async delete(id) {
+    await this.requireDevice();
+    const storageDir = getStorageDir2();
+    const entryPath = getEntryPath3(storageDir, id);
+    try {
+      await fs__namespace.unlink(entryPath);
+    } catch (err) {
+      if (err instanceof Error && "code" in err && err.code === "ENOENT") {
+        throw new SecretNotFoundError(`Secret not found in YubiKey store: ${id}`);
+      }
+      throw err;
+    }
+    const metadata = await loadMetadata(storageDir);
+    delete metadata.entries[id];
+    await saveMetadata(storageDir, metadata);
+  }
+  async exists(id) {
+    const storageDir = getStorageDir2();
+    const entryPath = getEntryPath3(storageDir, id);
+    try {
+      await fs__namespace.access(entryPath);
+      return true;
+    } catch {
+      return false;
+    }
+  }
+  async list() {
+    const storageDir = getStorageDir2();
+    const metadata = await loadMetadata(storageDir);
+    return Object.keys(metadata.entries);
+  }
+};
+
+// src/backend/register-builtins.ts
+function registerBuiltinBackends() {
+  BackendRegistry.register("file", () => new FileBackend());
+  BackendRegistry.register("keychain", () => new KeychainBackend());
+  BackendRegistry.register("dpapi", () => new DpapiBackend());
+  BackendRegistry.register("secret-tool", () => new SecretToolBackend());
+  BackendRegistry.register("1password", (config) => {
+    const opts = config?.options;
+    const vaultId = opts?.vault ?? "";
+    const opOptions = {
+      vault: vaultId,
+      // 'session' is the safer default — 'per-access' re-prompts on every read.
+      accessMode: opts?.accessMode === "per-access" ? "per-access" : "session"
+    };
+    const account = opts?.account;
+    if (account !== void 0) {
+      opOptions.account = account;
+    }
+    const serviceAccountToken = opts?.serviceAccountToken;
+    if (serviceAccountToken !== void 0) {
+      opOptions.serviceAccountToken = serviceAccountToken;
+    }
+    return new OnePasswordBackend(opOptions);
+  });
+  BackendRegistry.register("yubikey", () => new YubikeyBackend());
+}
+registerBuiltinBackends();
+
+// src/backend/types.ts
+function isListableBackend(backend) {
+  return "list" in backend && typeof backend.list === "function";
+}
 function hashExecutable(filePath) {
-  return new Promise((resolve, reject) => {
-    const hash = crypto4__namespace.createHash("sha256");
+  return new Promise((resolve2, reject) => {
+    const hash = crypto__namespace.createHash("sha256");
     const stream = fs4__namespace.createReadStream(filePath);
     stream.on("data", (chunk) => {
       hash.update(chunk);
     });
     stream.on("end", () => {
-      resolve(hash.digest("hex"));
+      resolve2(hash.digest("hex"));
     });
     stream.on("error", (err) => {
       reject(err);
@@ -326,10 +1384,10 @@ function isTrustManifestEntry(value) {
   return true;
 }
 async function loadManifest(configDir) {
-  const manifestPath = path5__namespace.join(configDir, MANIFEST_FILENAME);
+  const manifestPath = path3__namespace.join(configDir, MANIFEST_FILENAME);
   let rawText;
   try {
-    rawText = await fs5__namespace.readFile(manifestPath, "utf8");
+    rawText = await fs__namespace.readFile(manifestPath, "utf8");
   } catch (err) {
     if (typeof err === "object" && err !== null && "code" in err && err.code === "ENOENT") {
       return /* @__PURE__ */ new Map();
@@ -349,14 +1407,14 @@ async function loadManifest(configDir) {
   return manifest;
 }
 async function saveManifest(configDir, manifest) {
-  await fs5__namespace.mkdir(configDir, { recursive: true });
+  await fs__namespace.mkdir(configDir, { recursive: true });
   const entries = {};
   for (const [namespace, entry] of manifest) {
     entries[namespace] = entry;
   }
   const raw = { version: 1, entries };
-  const manifestPath = path5__namespace.join(configDir, MANIFEST_FILENAME);
-  await fs5__namespace.writeFile(manifestPath, JSON.stringify(raw, null, 2), "utf8");
+  const manifestPath = path3__namespace.join(configDir, MANIFEST_FILENAME);
+  await fs__namespace.writeFile(manifestPath, JSON.stringify(raw, null, 2), "utf8");
 }
 function addTrustedHash(manifest, namespace, hash) {
   const next = new Map(manifest);
@@ -467,14 +1525,18 @@ function validateCapabilityToken(token) {
   return claims;
 }
 function getDefaultConfigDir() {
+  const envOverride = process.env.VAULTKEEPER_CONFIG_DIR;
+  if (envOverride !== void 0 && envOverride !== "") {
+    return envOverride;
+  }
   if (process.platform === "win32") {
     const appData = process.env.APPDATA;
     if (appData !== void 0) {
-      return path5__namespace.join(appData, "vaultkeeper");
+      return path3__namespace.join(appData, "vaultkeeper");
     }
-    return path5__namespace.join(os4__namespace.homedir(), "AppData", "Roaming", "vaultkeeper");
+    return path3__namespace.join(os4__namespace.homedir(), "AppData", "Roaming", "vaultkeeper");
   }
-  return path5__namespace.join(os4__namespace.homedir(), ".config", "vaultkeeper");
+  return path3__namespace.join(os4__namespace.homedir(), ".config", "vaultkeeper");
 }
 function defaultConfig() {
   return {
@@ -513,6 +1575,21 @@ function validateBackendEntry(entry, index) {
     }
     result.path = entry.path;
   }
+  if (entry.options !== void 0) {
+    if (!isObject(entry.options)) {
+      throw new Error(`backends[${String(index)}].options must be an object`);
+    }
+    const opts = {};
+    for (const [k, v] of Object.entries(entry.options)) {
+      if (typeof v !== "string") {
+        throw new Error(
+          `backends[${String(index)}].options["${k}"] must be a string`
+        );
+      }
+      opts[k] = v;
+    }
+    result.options = opts;
+  }
   return result;
 }
 function validateConfig(config) {
@@ -575,10 +1652,10 @@ function validateConfig(config) {
 }
 async function loadConfig(configDir) {
   const dir = configDir ?? getDefaultConfigDir();
-  const configPath = path5__namespace.join(dir, "config.json");
+  const configPath = path3__namespace.join(dir, "config.json");
   let raw;
   try {
-    raw = await fs5__namespace.readFile(configPath, "utf-8");
+    raw = await fs__namespace.readFile(configPath, "utf-8");
   } catch {
     return defaultConfig();
   }
@@ -597,10 +1674,10 @@ var KeyManager = class {
   #rotating = false;
   /** Generate a new 32-byte key with a timestamp-based id. */
   generateKey() {
-    const randomSuffix = crypto4__namespace.randomBytes(4).toString("hex");
+    const randomSuffix = crypto__namespace.randomBytes(4).toString("hex");
     return {
       id: `k-${String(Date.now())}-${randomSuffix}`,
-      key: new Uint8Array(crypto4__namespace.randomBytes(32)),
+      key: new Uint8Array(crypto__namespace.randomBytes(32)),
       createdAt: /* @__PURE__ */ new Date()
     };
   }
@@ -902,7 +1979,7 @@ function replaceInRecord2(record, secret) {
 function delegatedExec(secret, request) {
   const args = (request.args ?? []).map((arg) => replacePlaceholder2(arg, secret));
   const env = request.env !== void 0 ? replaceInRecord2(request.env, secret) : void 0;
-  return new Promise((resolve, reject) => {
+  return new Promise((resolve2, reject) => {
     const spawnOptions = {
       stdio: ["ignore", "pipe", "pipe"]
     };
@@ -922,7 +1999,7 @@ function delegatedExec(secret, request) {
       stderr += data.toString();
     });
     proc.on("close", (code) => {
-      resolve({ stdout, stderr, exitCode: code ?? 1 });
+      resolve2({ stdout, stderr, exitCode: code ?? 1 });
     });
     proc.on("error", (error) => {
       reject(error);
@@ -1023,10 +2100,12 @@ function resolveAlgorithmForKey(key, override) {
   if (keyType === "ed25519" || keyType === "ed448") {
     return { signAlg: null, label: keyType };
   }
-  const alg = override ?? "sha256";
+  const alg = (override ?? "sha256").toLowerCase();
   if (!ALLOWED_ALGORITHMS.has(alg)) {
-    throw new VaultError(
-      `Unsupported signing algorithm '${alg}'. Allowed: ${[...ALLOWED_ALGORITHMS].join(", ")}`
+    throw new InvalidAlgorithmError(
+      `Unsupported algorithm '${alg}'. Allowed: ${[...ALLOWED_ALGORITHMS].join(", ")}`,
+      alg,
+      [...ALLOWED_ALGORITHMS]
     );
   }
   return { signAlg: alg, label: alg };
@@ -1034,10 +2113,10 @@ function resolveAlgorithmForKey(key, override) {
 
 // src/access/delegated-sign.ts
 function delegatedSign(secretPem, request) {
-  const key = crypto4__namespace.createPrivateKey(secretPem);
+  const key = crypto__namespace.createPrivateKey(secretPem);
   const { signAlg, label } = resolveAlgorithmForKey(key, request.algorithm);
   const data = Buffer.isBuffer(request.data) ? request.data : Buffer.from(request.data);
-  const signature = crypto4__namespace.sign(signAlg, data, key);
+  const signature = crypto__namespace.sign(signAlg, data, key);
   return {
     signature: signature.toString("base64"),
     algorithm: label
@@ -1046,15 +2125,18 @@ function delegatedSign(secretPem, request) {
 function delegatedVerify(request) {
   let key;
   try {
-    key = crypto4__namespace.createPublicKey(request.publicKey);
+    key = crypto__namespace.createPublicKey(request.publicKey);
   } catch {
     return false;
   }
+  if (typeof request.publicKey === "string" && request.publicKey.includes("PRIVATE KEY")) {
+    return false;
+  }
   const { signAlg } = resolveAlgorithmForKey(key, request.algorithm);
   const sig = Buffer.from(request.signature, "base64");
   try {
     const data = Buffer.isBuffer(request.data) ? request.data : Buffer.from(request.data);
-    return crypto4__namespace.verify(signAlg, data, key, sig);
+    return crypto__namespace.verify(signAlg, data, key, sig);
   } catch {
     return false;
   }
@@ -1312,7 +2394,7 @@ var VaultKeeper = class _VaultKeeper {
     }
     const now = Math.floor(Date.now() / 1e3);
     const claims = {
-      jti: crypto4__namespace.randomUUID(),
+      jti: crypto__namespace.randomUUID(),
       exp: now + ttlMinutes * 60,
       iat: now,
       sub: secretName,
@@ -1431,6 +2513,8 @@ var VaultKeeper = class _VaultKeeper {
    *   with the vault metadata (`vaultResponse`).
    * @throws {VaultError} If `token` is invalid or was not created by this
    *   vault instance.
+   * @throws {InvalidAlgorithmError} If `request.algorithm` is not in the
+   *   allowed set (e.g. `'md5'`).
    */
   async sign(token, request) {
     const claims = validateCapabilityToken(token);
@@ -1448,8 +2532,11 @@ var VaultKeeper = class _VaultKeeper {
    * capability tokens are required. It is safe to call from CI or any
    * context that has access to public key material.
    *
-   * Never throws. Returns `false` for invalid key material, malformed
-   * signatures, or any verification failure.
+   * Returns `false` for invalid key material, malformed signatures, or
+   * any verification failure (except disallowed algorithms, which throw).
+   *
+   * @throws {InvalidAlgorithmError} If `request.algorithm` is not in the
+   *   allowed set (e.g. `'md5'`).
    *
    * @param request - The data, signature, public key, and optional
    *   algorithm override.
@@ -1533,7 +2620,7 @@ var VaultKeeper = class _VaultKeeper {
         []
       );
     }
-    return BackendRegistry.create(firstEnabled.type);
+    return BackendRegistry.create(firstEnabled.type, firstEnabled);
   }
   #requireBackend() {
     if (this.#backend === void 0) {
@@ -1582,6 +2669,7 @@ exports.CapabilityToken = CapabilityToken;
 exports.DeviceNotPresentError = DeviceNotPresentError;
 exports.FilesystemError = FilesystemError;
 exports.IdentityMismatchError = IdentityMismatchError;
+exports.InvalidAlgorithmError = InvalidAlgorithmError;
 exports.KeyRevokedError = KeyRevokedError;
 exports.KeyRotatedError = KeyRotatedError;
 exports.PluginNotFoundError = PluginNotFoundError;