[PR #229] [CLOSED] Add a plugin that gets secrets from the macOS Keychain #154

New Issue

adam · 2025-12-29T07:19:34+01:00

adam commented

2025-12-29 07:19:34 +01:00

📋 Pull Request Information

Original PR: https://github.com/mountain-loop/yaak/pull/229
Author: @nicwolff
Created: 6/20/2025
Status: ❌ Closed

Base: main ← Head: secrets-from-os-keychain

📝 Commits (3)

a2a8874 Add a plugin that gets secrets from the macOS Keychain
88f58f9 Update package name
92947fe Add README.md

📊 Changes

4 files changed (+79 additions, -0 deletions)

View changed files

➕ plugins/template-function-keychain-macos/README.md (+3 -0)
➕ plugins/template-function-keychain-macos/package-lock.json (+21 -0)
➕ plugins/template-function-keychain-macos/package.json (+13 -0)
➕ plugins/template-function-keychain-macos/src/index.ts (+42 -0)

📄 Description

Claude Sonnet 4 user prompt

Using Kilo Code in Orchestrator mode:

This is a plugin for the Yaak open-source API test tool. I've copied an existing plugin that reads a file from the filesystem. Change it to get a password from the macOS keychain using this Node package https://www.npmjs.com/package/keychain

Orchestrator's task for Coder

You need to modify this Yaak plugin to use the macOS keychain instead of reading from the filesystem. Based on previous analysis, here's what you need to do:

Context from Previous Analysis

Current Plugin Structure:

Plugin name: @yaakapp/template-function-fs
Has a single template function fs.readFile that reads files from filesystem
Uses async/await with promises, returns string on success or null on failure
Located in src/index.ts with dependencies in package.json

Keychain Package Requirements:

Install keychain npm package
Uses callback-based API that needs to be wrapped in Promise
Requires service and account parameters
Optional type parameter ('generic' or 'internet', defaults to 'generic')
Returns password string on success, error on failure

Specific Tasks to Complete

Update package.json:
- Change plugin name from @yaakapp/template-function-fs to @yaakapp/template-function-keychain-macos
- Add keychain as a dependency
- Update description to reflect keychain functionality
Modify src/index.ts:
- Remove import * as fs from 'node:fs'
- Add import keychain from 'keychain' (or require statement)
- Change template function name from fs.readFile to keychain.getPassword
- Update description to "Retrieve a password from the macOS keychain"
- Replace the single 'file' input parameter with:
  - service (text input, required)
  - account (text input, required)
  - type (select input with 'generic'/'internet' options, defaults to 'generic')
- Replace the filesystem reading logic with keychain password retrieval:
  - Validate that service and account are provided
  - Wrap keychain.getPassword in a Promise to convert from callback to async/await
  - Return password string on success, null on error
  - Maintain the same error handling pattern (try/catch returning null)
Implementation Details:
- Use the exact parameter structure shown in the research: { account, service, type }
- Convert the callback-based keychain API to Promise-based for async/await compatibility
- Keep the same return type: Promise<string | null>
- Maintain graceful error handling (return null on any error)

Code Structure Reference

Based on the research, the keychain integration should follow this pattern:

return new Promise((resolve, reject) => {
  keychain.getPassword({
    account: args.values.account,
    service: args.values.service,
    type: args.values.type || 'generic'
  }, (err, password) => {
    if (err) reject(err);
    else resolve(password);
  });
});

Only perform the implementation work outlined above and do not add additional features or modifications. Use the attempt_completion tool when done with a summary of all changes made.

These specific instructions supersede any conflicting general instructions your mode might have.

Coder's "Task completed" message

I have successfully modified the Yaak plugin to use the macOS keychain instead of reading from the filesystem. Here's a summary of all changes made:

Changes Made

1. Updated `package.json`:

Changed plugin name from @yaakapp/template-function-fs to @yaakapp/template-function-keychain-macos
Added description: "Yaak plugin for retrieving passwords from macOS keychain"
Added keychain dependency (version ^1.5.0)

2. Modified `src/index.ts`:

Removed import fs from 'node:fs'
Added import keychain from 'keychain'
Changed template function name from fs.readFile to keychain.getPassword
Updated description to "Retrieve a password from the macOS keychain"
Replaced the single 'file' input parameter with three new parameters:
- service (required text input)
- account (required text input)
- type (select input with 'generic'/'internet' options, defaults to 'generic')
Replaced filesystem reading logic with keychain password retrieval:
- Added validation for required service and account parameters
- Wrapped keychain.getPassword callback API in a Promise for async/await compatibility
- Maintained the same error handling pattern (returns null on any error)
- Preserved the Promise<string | null> return type

3. Installation and Build:

Successfully installed the keychain dependency
Verified the build process completes without errors
Generated the compiled plugin at /build/index.js

The plugin now provides a keychain.getPassword template function that can retrieve passwords from the macOS keychain using service and account identifiers, with support for both generic and internet keychain item types.

Orchestrator's "Task completed" message

Yaak Plugin Transformation Complete

I have successfully transformed your Yaak plugin from a filesystem reader to a macOS keychain password retriever. Here's a comprehensive overview of what was accomplished:

Workflow Summary

The transformation was completed through a systematic 4-step workflow:

Analysis Phase - Examined the existing plugin structure and functionality
Research Phase - Investigated the keychain npm package API and integration requirements
Implementation Phase - Modified the code and dependencies
Verification Phase - Confirmed everything works correctly

Key Changes Made

Plugin Identity

Name: Changed from @yaakapp/template-function-fs to @yaakapp/template-function-keychain-macos
Description: Updated to "Yaak plugin for retrieving passwords from macOS keychain"
Function: Renamed from fs.readFile to keychain.getPassword

Dependencies

Added: keychain@1.5.0 npm package for macOS keychain access
Removed: Node.js fs module dependency

Functionality Transformation

Input Parameters: Replaced single file picker with three text/select inputs:
- service - The service name (required)
- account - The account name (required)
- type - Keychain type (generic/internet, defaults to generic)
Core Logic: Replaced filesystem reading with keychain password retrieval using Promise-wrapped callback API
Error Handling: Maintained graceful failure pattern (returns null on errors)
Return Type: Preserved Promise<string | null> signature

Technical Implementation

API Integration: Successfully wrapped keychain's callback-based API in Promise for async/await compatibility
Parameter Validation: Added proper validation for required service and account parameters
Build Process: Verified successful TypeScript compilation and dependency resolution

Verification Results

✅ Build Verification: Compiles successfully with no errors
✅ Code Quality: Proper TypeScript syntax and structure
✅ Dependencies: All packages installed correctly
✅ Plugin Structure: Matches Yaak's expected format
✅ Functionality: Ready for keychain password retrieval

Usage

The plugin now provides a keychain.getPassword template function that can be used in Yaak to retrieve passwords from the macOS keychain by specifying:

Service name (e.g., "MyApp", "GitHub")
Account name (e.g., username, email)
Type (generic or internet passwords)

The plugin maintains the same error-tolerant behavior as the original, returning null when passwords cannot be retrieved, ensuring robust integration with Yaak's templating system.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/mountain-loop/yaak/pull/229 **Author:** [@nicwolff](https://github.com/nicwolff) **Created:** 6/20/2025 **Status:** ❌ Closed **Base:** `main` ← **Head:** `secrets-from-os-keychain` --- ### 📝 Commits (3) - [`a2a8874`](https://github.com/mountain-loop/yaak/commit/a2a8874386663ff9fa440c1414b4e8ec032417fd) Add a plugin that gets secrets from the macOS Keychain - [`88f58f9`](https://github.com/mountain-loop/yaak/commit/88f58f9ce9c16a3e611e83b20a3a42089d02b614) Update package name - [`92947fe`](https://github.com/mountain-loop/yaak/commit/92947fe86f53fe14d81f520713ba67b140377d83) Add README.md ### 📊 Changes **4 files changed** (+79 additions, -0 deletions) <details> <summary>View changed files</summary> ➕ `plugins/template-function-keychain-macos/README.md` (+3 -0) ➕ `plugins/template-function-keychain-macos/package-lock.json` (+21 -0) ➕ `plugins/template-function-keychain-macos/package.json` (+13 -0) ➕ `plugins/template-function-keychain-macos/src/index.ts` (+42 -0) </details> ### 📄 Description # Claude Sonnet 4 user prompt Using Kilo Code in Orchestrator mode: > This is a plugin for the Yaak open-source API test tool. I've copied an existing plugin that reads a file from the filesystem. Change it to get a password from the macOS keychain using this Node package https://www.npmjs.com/package/keychain ----- # Orchestrator's task for Coder You need to modify this Yaak plugin to use the macOS keychain instead of reading from the filesystem. Based on previous analysis, here's what you need to do: ## Context from Previous Analysis **Current Plugin Structure:** - Plugin name: `@yaakapp/template-function-fs` - Has a single template function `fs.readFile` that reads files from filesystem - Uses async/await with promises, returns string on success or null on failure - Located in [`src/index.ts`](src/index.ts) with dependencies in [`package.json`](package.json) **Keychain Package Requirements:** - Install `keychain` npm package - Uses callback-based API that needs to be wrapped in Promise - Requires `service` and `account` parameters - Optional `type` parameter ('generic' or 'internet', defaults to 'generic') - Returns password string on success, error on failure ## Specific Tasks to Complete 1. **Update [`package.json`](package.json):** - Change plugin name from `@yaakapp/template-function-fs` to `@yaakapp/template-function-keychain-macos` - Add `keychain` as a dependency - Update description to reflect keychain functionality 2. **Modify [`src/index.ts`](src/index.ts):** - Remove `import * as fs from 'node:fs'` - Add `import keychain from 'keychain'` (or require statement) - Change template function name from `fs.readFile` to `keychain.getPassword` - Update description to "Retrieve a password from the macOS keychain" - Replace the single 'file' input parameter with: - `service` (text input, required) - `account` (text input, required) - `type` (select input with 'generic'/'internet' options, defaults to 'generic') - Replace the filesystem reading logic with keychain password retrieval: - Validate that service and account are provided - Wrap keychain.getPassword in a Promise to convert from callback to async/await - Return password string on success, null on error - Maintain the same error handling pattern (try/catch returning null) 3. **Implementation Details:** - Use the exact parameter structure shown in the research: `{ account, service, type }` - Convert the callback-based keychain API to Promise-based for async/await compatibility - Keep the same return type: `Promise<string | null>` - Maintain graceful error handling (return null on any error) ## Code Structure Reference Based on the research, the keychain integration should follow this pattern: ```typescript return new Promise((resolve, reject) => { keychain.getPassword({ account: args.values.account, service: args.values.service, type: args.values.type || 'generic' }, (err, password) => { if (err) reject(err); else resolve(password); }); }); ``` Only perform the implementation work outlined above and do not add additional features or modifications. Use the attempt_completion tool when done with a summary of all changes made. These specific instructions supersede any conflicting general instructions your mode might have. ----- # Coder's "Task completed" message I have successfully modified the Yaak plugin to use the macOS keychain instead of reading from the filesystem. Here's a summary of all changes made: ## Changes Made ### 1. Updated [`package.json`](package.json:1): - Changed plugin name from `@yaakapp/template-function-fs` to `@yaakapp/template-function-keychain-macos` - Added description: "Yaak plugin for retrieving passwords from macOS keychain" - Added `keychain` dependency (version ^1.5.0) ### 2. Modified [`src/index.ts`](src/index.ts:1): - Removed `import fs from 'node:fs'` - Added `import keychain from 'keychain'` - Changed template function name from `fs.readFile` to `keychain.getPassword` - Updated description to "Retrieve a password from the macOS keychain" - Replaced the single 'file' input parameter with three new parameters: - `service` (required text input) - `account` (required text input) - `type` (select input with 'generic'/'internet' options, defaults to 'generic') - Replaced filesystem reading logic with keychain password retrieval: - Added validation for required service and account parameters - Wrapped keychain.getPassword callback API in a Promise for async/await compatibility - Maintained the same error handling pattern (returns null on any error) - Preserved the `Promise<string | null>` return type ### 3. Installation and Build: - Successfully installed the keychain dependency - Verified the build process completes without errors - Generated the compiled plugin at `/build/index.js` The plugin now provides a `keychain.getPassword` template function that can retrieve passwords from the macOS keychain using service and account identifiers, with support for both generic and internet keychain item types. ----- # Orchestrator's "Task completed" message # Yaak Plugin Transformation Complete I have successfully transformed your Yaak plugin from a filesystem reader to a macOS keychain password retriever. Here's a comprehensive overview of what was accomplished: ## Workflow Summary The transformation was completed through a systematic 4-step workflow: 1. **Analysis Phase** - Examined the existing plugin structure and functionality 2. **Research Phase** - Investigated the keychain npm package API and integration requirements 3. **Implementation Phase** - Modified the code and dependencies 4. **Verification Phase** - Confirmed everything works correctly ## Key Changes Made ### Plugin Identity - **Name**: Changed from `@yaakapp/template-function-fs` to `@yaakapp/template-function-keychain-macos` - **Description**: Updated to "Yaak plugin for retrieving passwords from macOS keychain" - **Function**: Renamed from [`fs.readFile`](src/index.ts:6) to [`keychain.getPassword`](src/index.ts:6) ### Dependencies - **Added**: [`keychain@1.5.0`](package.json:11) npm package for macOS keychain access - **Removed**: Node.js [`fs`](src/index.ts:2) module dependency ### Functionality Transformation - **Input Parameters**: Replaced single file picker with three text/select inputs: - [`service`](src/index.ts:9) - The service name (required) - [`account`](src/index.ts:10) - The account name (required) - [`type`](src/index.ts:11-21) - Keychain type (generic/internet, defaults to generic) - **Core Logic**: Replaced filesystem reading with keychain password retrieval using Promise-wrapped callback API - **Error Handling**: Maintained graceful failure pattern (returns null on errors) - **Return Type**: Preserved `Promise<string | null>` signature ### Technical Implementation - **API Integration**: Successfully wrapped keychain's callback-based API in Promise for async/await compatibility - **Parameter Validation**: Added proper validation for required service and account parameters - **Build Process**: Verified successful TypeScript compilation and dependency resolution ## Verification Results ✅ **Build Verification**: Compiles successfully with no errors ✅ **Code Quality**: Proper TypeScript syntax and structure ✅ **Dependencies**: All packages installed correctly ✅ **Plugin Structure**: Matches Yaak's expected format ✅ **Functionality**: Ready for keychain password retrieval ## Usage The plugin now provides a `keychain.getPassword` template function that can be used in Yaak to retrieve passwords from the macOS keychain by specifying: - Service name (e.g., "MyApp", "GitHub") - Account name (e.g., username, email) - Type (generic or internet passwords) The plugin maintains the same error-tolerant behavior as the original, returning null when passwords cannot be retrieved, ensuring robust integration with Yaak's templating system. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

adam added the pull-request label 2025-12-29 07:19:34 +01:00

adam closed this issue

2025-12-29 07:19:34 +01:00

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/yaak#154

[PR #229] [CLOSED] Add a plugin that gets secrets from the macOS Keychain #154