vaultkeeper 1.0.0 → 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +1048 -44
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +9 -10
- package/dist/index.d.ts +9 -10
- package/dist/index.js +1046 -41
- package/dist/index.js.map +1 -1
- package/dist/one-password-worker.js +27 -3
- package/dist/one-password-worker.js.map +1 -1
- package/package.json +2 -1
|
@@ -1,10 +1,34 @@
|
|
|
1
1
|
import { createClient, DesktopAuth, DesktopSessionExpiredError } from '@1password/sdk';
|
|
2
|
+
import { existsSync, readFileSync } from 'fs';
|
|
3
|
+
import { dirname, resolve } from 'path';
|
|
4
|
+
import { fileURLToPath } from 'url';
|
|
5
|
+
|
|
6
|
+
// src/backend/one-password-worker.ts
|
|
7
|
+
var INTEGRATION_NAME = "vaultkeeper";
|
|
8
|
+
var cachedVersion;
|
|
9
|
+
function getIntegrationVersion() {
|
|
10
|
+
if (cachedVersion !== void 0) return cachedVersion;
|
|
11
|
+
const dir = dirname(fileURLToPath(import.meta.url));
|
|
12
|
+
const candidates = [
|
|
13
|
+
resolve(dir, "..", "..", "package.json"),
|
|
14
|
+
resolve(dir, "..", "package.json")
|
|
15
|
+
];
|
|
16
|
+
for (const candidate of candidates) {
|
|
17
|
+
if (!existsSync(candidate)) continue;
|
|
18
|
+
const raw = JSON.parse(readFileSync(candidate, "utf8"));
|
|
19
|
+
if (raw !== null && typeof raw === "object" && "version" in raw && typeof raw.version === "string") {
|
|
20
|
+
cachedVersion = raw.version;
|
|
21
|
+
return cachedVersion;
|
|
22
|
+
}
|
|
23
|
+
}
|
|
24
|
+
throw new Error(
|
|
25
|
+
`Could not read version from vaultkeeper package.json. Tried paths: ${candidates.join(", ")}`
|
|
26
|
+
);
|
|
27
|
+
}
|
|
2
28
|
|
|
3
29
|
// src/backend/one-password-worker.ts
|
|
4
30
|
var TAG = "vaultkeeper";
|
|
5
31
|
var PASSWORD_FIELD_TITLE = "password";
|
|
6
|
-
var INTEGRATION_NAME = "vaultkeeper";
|
|
7
|
-
var INTEGRATION_VERSION = "0.4.0";
|
|
8
32
|
function writeSuccess(value) {
|
|
9
33
|
const response = { value };
|
|
10
34
|
process.stdout.write(JSON.stringify(response));
|
|
@@ -24,7 +48,7 @@ async function main() {
|
|
|
24
48
|
client = await createClient({
|
|
25
49
|
auth: new DesktopAuth(accountName),
|
|
26
50
|
integrationName: INTEGRATION_NAME,
|
|
27
|
-
integrationVersion:
|
|
51
|
+
integrationVersion: getIntegrationVersion()
|
|
28
52
|
});
|
|
29
53
|
} catch (err) {
|
|
30
54
|
if (err instanceof DesktopSessionExpiredError) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/backend/one-password-worker.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"sources":["../src/backend/one-password-constants.ts","../src/backend/one-password-worker.ts"],"names":[],"mappings":";;;;;;AAcO,IAAM,gBAAA,GAAmB,aAAA;AAEhC,IAAI,aAAA;AAYG,SAAS,qBAAA,GAAgC;AAC9C,EAAA,IAAI,aAAA,KAAkB,QAAW,OAAO,aAAA;AAExC,EAAA,MAAM,GAAA,GAAM,OAAA,CAAQ,aAAA,CAAc,MAAA,CAAA,IAAA,CAAY,GAAG,CAAC,CAAA;AAGlD,EAAA,MAAM,UAAA,GAAa;AAAA,IACjB,OAAA,CAAQ,GAAA,EAAK,IAAA,EAAM,IAAA,EAAM,cAAc,CAAA;AAAA,IACvC,OAAA,CAAQ,GAAA,EAAK,IAAA,EAAM,cAAc;AAAA,GACnC;AACA,EAAA,KAAA,MAAW,aAAa,UAAA,EAAY;AAClC,IAAA,IAAI,CAAC,UAAA,CAAW,SAAS,CAAA,EAAG;AAC5B,IAAA,MAAM,MAAe,IAAA,CAAK,KAAA,CAAM,YAAA,CAAa,SAAA,EAAW,MAAM,CAAC,CAAA;AAC/D,IAAA,IACE,GAAA,KAAQ,IAAA,IACR,OAAO,GAAA,KAAQ,QAAA,IACf,aAAa,GAAA,IACb,OAAO,GAAA,CAAI,OAAA,KAAY,QAAA,EACvB;AACA,MAAA,aAAA,GAAgB,GAAA,CAAI,OAAA;AACpB,MAAA,OAAO,aAAA;AAAA,IACT;AAAA,EACF;AACA,EAAA,MAAM,IAAI,KAAA;AAAA,IACR,CAAA,mEAAA,EAAsE,UAAA,CAAW,IAAA,CAAK,IAAI,CAAC,CAAA;AAAA,GAC7F;AACF;;;ACpCA,IAAM,GAAA,GAAM,aAAA;AACZ,IAAM,oBAAA,GAAuB,UAAA;AAY7B,SAAS,aAAa,KAAA,EAAqB;AACzC,EAAA,MAAM,QAAA,GAA4B,EAAE,KAAA,EAAM;AAC1C,EAAA,OAAA,CAAQ,MAAA,CAAO,KAAA,CAAM,IAAA,CAAK,SAAA,CAAU,QAAQ,CAAC,CAAA;AAC/C;AAEA,SAAS,YAAA,CAAa,OAAe,IAAA,EAAoB;AACvD,EAAA,MAAM,QAAA,GAA4B,EAAE,KAAA,EAAO,IAAA,EAAK;AAChD,EAAA,OAAA,CAAQ,MAAA,CAAO,KAAA,CAAM,IAAA,CAAK,SAAA,CAAU,QAAQ,CAAC,CAAA;AAC/C;AAEA,eAAe,IAAA,GAAsB;AACnC,EAAA,MAAM,KAAK,aAAa,OAAA,EAAS,QAAQ,IAAI,OAAA,CAAQ,IAAA;AAErD,EAAA,IAAI,WAAA,KAAgB,MAAA,IAAa,OAAA,KAAY,MAAA,IAAa,aAAa,MAAA,EAAW;AAChF,IAAA,YAAA,CAAa,yCAAyC,UAAU,CAAA;AAChE,IAAA,OAAA,CAAQ,KAAK,CAAC,CAAA;AAAA,EAChB;AAEA,EAAA,IAAI,MAAA;AACJ,EAAA,IAAI;AACF,IAAA,MAAA,GAAS,MAAM,YAAA,CAAa;AAAA,MAC1B,IAAA,EAAM,IAAI,WAAA,CAAY,WAAW,CAAA;AAAA,MACjC,eAAA,EAAiB,gBAAA;AAAA,MACjB,oBAAoB,qBAAA;AAAsB,KAC3C,CAAA;AAAA,EACH,SAAS,GAAA,EAAK;AACZ,IAAA,IAAI,eAAe,0BAAA,EAA4B;AAC7C,MAAA,YAAA,CAAa,iCAAiC,QAAQ,CAAA;AAAA,IACxD,CAAA,MAAO;AACL,MAAA,YAAA,CAAa,CAAA,uBAAA,EAA0B,MAAA,CAAO,GAAG,CAAC,IAAI,aAAa,CAAA;AAAA,IACrE;AACA,IAAA,OAAA,CAAQ,KAAK,CAAC,CAAA;AAAA,EAChB;AAEA,EAAA,IAAI,SAAA;AACJ,EAAA,IAAI;AACF,IAAA,SAAA,GAAY,MAAM,MAAA,CAAO,KAAA,CAAM,IAAA,CAAK,OAAO,CAAA;AAAA,EAC7C,SAAS,GAAA,EAAK;AACZ,IAAA,YAAA,CAAa,CAAA,sBAAA,EAAyB,MAAA,CAAO,GAAG,CAAC,IAAI,UAAU,CAAA;AAC/D,IAAA,OAAA,CAAQ,KAAK,CAAC,CAAA;AAAA,EAChB;AAEA,EAAA,IAAI,QAAA;AACJ,EAAA,KAAA,MAAW,YAAY,SAAA,EAAW;AAChC,IAAA,IAAI,SAAS,KAAA,KAAU,QAAA,IAAY,SAAS,IAAA,CAAK,QAAA,CAAS,GAAG,CAAA,EAAG;AAC9D,MAAA,QAAA,GAAW,QAAA,CAAS,EAAA;AACpB,MAAA;AAAA,IACF;AAAA,EACF;AAEA,EAAA,IAAI,aAAa,MAAA,EAAW;AAC1B,IAAA,YAAA,CAAa,CAAA,kBAAA,EAAqB,QAAQ,CAAA,CAAA,EAAI,WAAW,CAAA;AACzD,IAAA,OAAA,CAAQ,KAAK,CAAC,CAAA;AAAA,EAChB;AAEA,EAAA,IAAI,IAAA;AACJ,EAAA,IAAI;AACF,IAAA,IAAA,GAAO,MAAM,MAAA,CAAO,KAAA,CAAM,GAAA,CAAI,SAAS,QAAQ,CAAA;AAAA,EACjD,SAAS,GAAA,EAAK;AACZ,IAAA,YAAA,CAAa,CAAA,yBAAA,EAA4B,MAAA,CAAO,GAAG,CAAC,IAAI,WAAW,CAAA;AACnE,IAAA,OAAA,CAAQ,KAAK,CAAC,CAAA;AAAA,EAChB;AAEA,EAAA,IAAI,WAAA;AACJ,EAAA,KAAA,MAAW,KAAA,IAAS,KAAK,MAAA,EAAQ;AAC/B,IAAA,IAAI,KAAA,CAAM,UAAU,oBAAA,EAAsB;AACxC,MAAA,WAAA,GAAc,KAAA,CAAM,KAAA;AACpB,MAAA;AAAA,IACF;AAAA,EACF;AAEA,EAAA,IAAI,gBAAgB,MAAA,EAAW;AAC7B,IAAA,YAAA,CAAa,CAAA,uCAAA,EAA0C,QAAQ,CAAA,CAAA,EAAI,WAAW,CAAA;AAC9E,IAAA,OAAA,CAAQ,KAAK,CAAC,CAAA;AAAA,EAChB;AAEA,EAAA,YAAA,CAAa,WAAW,CAAA;AAC1B;AAEA,IAAA,EAAK,CAAE,KAAA,CAAM,CAAC,GAAA,KAAiB;AAC7B,EAAA,YAAA,CAAa,CAAA,yBAAA,EAA4B,MAAA,CAAO,GAAG,CAAC,IAAI,UAAU,CAAA;AAClE,EAAA,OAAA,CAAQ,KAAK,CAAC,CAAA;AAChB,CAAC,CAAA","file":"one-password-worker.js","sourcesContent":["/**\n * Shared constants for 1Password SDK integration.\n *\n * @remarks\n * Centralised here so the backend, worker, and discovery modules stay in sync.\n *\n * @internal\n */\n\nimport { readFileSync, existsSync } from 'node:fs'\nimport { dirname, resolve } from 'node:path'\nimport { fileURLToPath } from 'node:url'\n\n/** Name reported to the 1Password SDK for integration tracking. */\nexport const INTEGRATION_NAME = 'vaultkeeper'\n\nlet cachedVersion: string | undefined\n\n/**\n * Version reported to the 1Password SDK.\n *\n * @remarks\n * Lazily derived from packages/vaultkeeper/package.json on first call so that\n * consumers who never use the 1Password backend pay no I/O cost at import time.\n * The result is memoized for subsequent calls.\n *\n * @internal\n */\nexport function getIntegrationVersion(): string {\n if (cachedVersion !== undefined) return cachedVersion\n\n const dir = dirname(fileURLToPath(import.meta.url))\n // Source: src/backend/ → ../../package.json\n // Bundled: dist/ → ../package.json\n const candidates = [\n resolve(dir, '..', '..', 'package.json'),\n resolve(dir, '..', 'package.json'),\n ]\n for (const candidate of candidates) {\n if (!existsSync(candidate)) continue\n const raw: unknown = JSON.parse(readFileSync(candidate, 'utf8'))\n if (\n raw !== null &&\n typeof raw === 'object' &&\n 'version' in raw &&\n typeof raw.version === 'string'\n ) {\n cachedVersion = raw.version\n return cachedVersion\n }\n }\n throw new Error(\n `Could not read version from vaultkeeper package.json. Tried paths: ${candidates.join(', ')}`,\n )\n}\n","/**\n * Per-access worker script for the 1Password SDK backend.\n *\n * @remarks\n * This script is spawned as a child process by `OnePasswordBackend` when\n * `accessMode` is set to `'per-access'`. It creates a fresh SDK client\n * (which triggers a biometric prompt via the desktop app), retrieves a single\n * secret, writes the result to stdout as JSON, then exits immediately.\n *\n * argv layout:\n * node one-password-worker.js <accountName> <vaultId> <secretId>\n *\n * stdout on success: `{ \"value\": \"<secret>\" }`\n * stdout on failure: `{ \"error\": \"<message>\", \"code\": \"<code>\" }`\n */\n\nimport { createClient, DesktopAuth, DesktopSessionExpiredError } from '@1password/sdk'\n\nconst TAG = 'vaultkeeper'\nconst PASSWORD_FIELD_TITLE = 'password'\nimport { INTEGRATION_NAME, getIntegrationVersion } from './one-password-constants.js'\n\ninterface SuccessResponse {\n value: string\n}\n\ninterface FailureResponse {\n error: string\n code: string\n}\n\nfunction writeSuccess(value: string): void {\n const response: SuccessResponse = { value }\n process.stdout.write(JSON.stringify(response))\n}\n\nfunction writeFailure(error: string, code: string): void {\n const response: FailureResponse = { error, code }\n process.stdout.write(JSON.stringify(response))\n}\n\nasync function main(): Promise<void> {\n const [, , accountName, vaultId, secretId] = process.argv\n\n if (accountName === undefined || vaultId === undefined || secretId === undefined) {\n writeFailure('Worker invoked with missing arguments', 'INTERNAL')\n process.exit(1)\n }\n\n let client\n try {\n client = await createClient({\n auth: new DesktopAuth(accountName),\n integrationName: INTEGRATION_NAME,\n integrationVersion: getIntegrationVersion(),\n })\n } catch (err) {\n if (err instanceof DesktopSessionExpiredError) {\n writeFailure('1Password session has expired', 'LOCKED')\n } else {\n writeFailure(`Authentication failed: ${String(err)}`, 'AUTH_DENIED')\n }\n process.exit(1)\n }\n\n let overviews\n try {\n overviews = await client.items.list(vaultId)\n } catch (err) {\n writeFailure(`Failed to list items: ${String(err)}`, 'INTERNAL')\n process.exit(1)\n }\n\n let targetId: string | undefined\n for (const overview of overviews) {\n if (overview.title === secretId && overview.tags.includes(TAG)) {\n targetId = overview.id\n break\n }\n }\n\n if (targetId === undefined) {\n writeFailure(`Secret not found: ${secretId}`, 'NOT_FOUND')\n process.exit(1)\n }\n\n let item\n try {\n item = await client.items.get(vaultId, targetId)\n } catch (err) {\n writeFailure(`Failed to retrieve item: ${String(err)}`, 'NOT_FOUND')\n process.exit(1)\n }\n\n let secretValue: string | undefined\n for (const field of item.fields) {\n if (field.title === PASSWORD_FIELD_TITLE) {\n secretValue = field.value\n break\n }\n }\n\n if (secretValue === undefined) {\n writeFailure(`Item found but missing password field: ${secretId}`, 'NOT_FOUND')\n process.exit(1)\n }\n\n writeSuccess(secretValue)\n}\n\nmain().catch((err: unknown) => {\n writeFailure(`Unexpected worker error: ${String(err)}`, 'INTERNAL')\n process.exit(1)\n})\n"]}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "vaultkeeper",
|
|
3
|
-
"version": "1.0.
|
|
3
|
+
"version": "1.0.1",
|
|
4
4
|
"description": "Unified, policy-enforced secret storage across OS backends",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "./dist/index.cjs",
|
|
@@ -38,6 +38,7 @@
|
|
|
38
38
|
"@microsoft/api-documenter": "^7.0.0",
|
|
39
39
|
"@microsoft/api-extractor": "^7.57.2",
|
|
40
40
|
"@types/node": "^22.0.0",
|
|
41
|
+
"fixturify-project": "^7.1.3",
|
|
41
42
|
"tsup": "^8.0.0"
|
|
42
43
|
},
|
|
43
44
|
"scripts": {
|