diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 3bcb24d..acd1b96 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -14,7 +14,7 @@ jobs:
fail-fast: false
matrix:
vault: [1password, aws-sm, azure-kv]
- task: [check, lint, fmt]
+ task: [check, lint, fmt, test]
defaults:
run:
working-directory: vault/${{ matrix.vault }}
@@ -29,6 +29,8 @@ jobs:
deno fmt --check extensions/vaults/
elif [ "${{ matrix.task }}" = "lint" ]; then
deno lint extensions/vaults/
+ elif [ "${{ matrix.task }}" = "test" ]; then
+ deno test --allow-env extensions/vaults/
else
deno check extensions/vaults/*.ts
fi
diff --git a/vault/1password/.swamp.yaml b/vault/1password/.swamp.yaml
index 85fcf4c..be6e48a 100644
--- a/vault/1password/.swamp.yaml
+++ b/vault/1password/.swamp.yaml
@@ -1,5 +1,5 @@
swampVersion: 20260206.200442.0
-initializedAt: '2026-03-17T18:26:56.550Z'
+initializedAt: "2026-03-17T18:26:56.550Z"
repoId: 2db600a8-1df3-4e50-a855-ae339aa9c337
tool: claude
gitignoreManaged: true
diff --git a/vault/1password/deno.lock b/vault/1password/deno.lock
index 7743884..5c921da 100644
--- a/vault/1password/deno.lock
+++ b/vault/1password/deno.lock
@@ -1,8 +1,21 @@
{
"version": "5",
"specifiers": {
+ "jsr:@std/assert@*": "1.0.18",
+ "jsr:@std/internal@^1.0.12": "1.0.12",
"npm:zod@4.3.6": "4.3.6"
},
+ "jsr": {
+ "@std/assert@1.0.18": {
+ "integrity": "270245e9c2c13b446286de475131dc688ca9abcd94fc5db41d43a219b34d1c78",
+ "dependencies": [
+ "jsr:@std/internal"
+ ]
+ },
+ "@std/internal@1.0.12": {
+ "integrity": "972a634fd5bc34b242024402972cd5143eac68d8dffaca5eaa4dba30ce17b027"
+ }
+ },
"npm": {
"zod@4.3.6": {
"integrity": "sha512-rftlrkhHZOcjDwkGlnUtZZkvaPHCsDATp4pGpuOOMDaTdDDXF91wuVDJoWoPsKX/3YPQ5fHuF3STjcYyKr+Qhg=="
diff --git a/vault/1password/extensions/vaults/onepassword_test.ts b/vault/1password/extensions/vaults/onepassword_test.ts
new file mode 100644
index 0000000..68f6f5e
--- /dev/null
+++ b/vault/1password/extensions/vaults/onepassword_test.ts
@@ -0,0 +1,78 @@
+// Swamp, an Automation Framework
+// Copyright (C) 2026 System Initiative, Inc.
+//
+// This file is part of Swamp.
+//
+// Swamp is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License version 3
+// as published by the Free Software Foundation, with the Swamp
+// Extension and Definition Exception (found in the "COPYING-EXCEPTION"
+// file).
+//
+// Swamp is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with Swamp. If not, see .
+
+import {
+ assertEquals,
+ assertExists,
+ assertThrows,
+} from "jsr:@std/assert@1.0.19";
+import { vault } from "./onepassword.ts";
+
+Deno.test("vault export has correct metadata", () => {
+ assertEquals(vault.type, "@swamp/1password");
+ assertEquals(vault.name, "1Password");
+ assertExists(vault.description);
+ assertExists(vault.configSchema);
+ assertEquals(typeof vault.createProvider, "function");
+});
+
+Deno.test("configSchema validates valid config", () => {
+ const result = vault.configSchema.safeParse({ op_vault: "Engineering" });
+ assertEquals(result.success, true);
+});
+
+Deno.test("configSchema validates config with op_account", () => {
+ const result = vault.configSchema.safeParse({
+ op_vault: "Engineering",
+ op_account: "my-team.1password.com",
+ });
+ assertEquals(result.success, true);
+});
+
+Deno.test("configSchema rejects empty op_vault", () => {
+ const result = vault.configSchema.safeParse({ op_vault: "" });
+ assertEquals(result.success, false);
+});
+
+Deno.test("configSchema rejects missing op_vault", () => {
+ const result = vault.configSchema.safeParse({});
+ assertEquals(result.success, false);
+});
+
+Deno.test("createProvider returns a provider with getName", () => {
+ const provider = vault.createProvider("my-vault", {
+ op_vault: "Engineering",
+ });
+ assertEquals(provider.getName(), "my-vault");
+});
+
+Deno.test("createProvider accepts op_account", () => {
+ const provider = vault.createProvider("my-vault", {
+ op_vault: "Engineering",
+ op_account: "my-team.1password.com",
+ });
+ assertEquals(provider.getName(), "my-vault");
+});
+
+Deno.test("createProvider throws on invalid config", () => {
+ assertThrows(
+ () => vault.createProvider("bad-vault", {}),
+ Error,
+ );
+});
diff --git a/vault/aws-sm/.swamp.yaml b/vault/aws-sm/.swamp.yaml
index 727ef1f..99c07a9 100644
--- a/vault/aws-sm/.swamp.yaml
+++ b/vault/aws-sm/.swamp.yaml
@@ -1,5 +1,5 @@
swampVersion: 20260206.200442.0
-initializedAt: '2026-03-17T18:27:48.104Z'
+initializedAt: "2026-03-17T18:27:48.104Z"
repoId: 299d5c14-f171-4c04-9f42-ad837a77c05b
tool: claude
gitignoreManaged: true
diff --git a/vault/aws-sm/extensions/vaults/aws_sm_test.ts b/vault/aws-sm/extensions/vaults/aws_sm_test.ts
new file mode 100644
index 0000000..7323069
--- /dev/null
+++ b/vault/aws-sm/extensions/vaults/aws_sm_test.ts
@@ -0,0 +1,55 @@
+// Swamp, an Automation Framework
+// Copyright (C) 2026 System Initiative, Inc.
+//
+// This file is part of Swamp.
+//
+// Swamp is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License version 3
+// as published by the Free Software Foundation, with the Swamp
+// Extension and Definition Exception (found in the "COPYING-EXCEPTION"
+// file).
+//
+// Swamp is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with Swamp. If not, see .
+
+import {
+ assertEquals,
+ assertExists,
+ assertThrows,
+} from "jsr:@std/assert@1.0.19";
+import { vault } from "./aws_sm.ts";
+
+Deno.test("vault export has correct metadata", () => {
+ assertEquals(vault.type, "@swamp/aws-sm");
+ assertEquals(vault.name, "AWS Secrets Manager");
+ assertExists(vault.description);
+ assertExists(vault.configSchema);
+ assertEquals(typeof vault.createProvider, "function");
+});
+
+Deno.test("configSchema validates valid config", () => {
+ const result = vault.configSchema.safeParse({ region: "us-east-1" });
+ assertEquals(result.success, true);
+});
+
+Deno.test("configSchema rejects empty region", () => {
+ const result = vault.configSchema.safeParse({ region: "" });
+ assertEquals(result.success, false);
+});
+
+Deno.test("configSchema rejects missing region", () => {
+ const result = vault.configSchema.safeParse({});
+ assertEquals(result.success, false);
+});
+
+Deno.test("createProvider throws on invalid config", () => {
+ assertThrows(
+ () => vault.createProvider("bad-vault", {}),
+ Error,
+ );
+});
diff --git a/vault/azure-kv/.swamp.yaml b/vault/azure-kv/.swamp.yaml
index fa6d425..3cbea39 100644
--- a/vault/azure-kv/.swamp.yaml
+++ b/vault/azure-kv/.swamp.yaml
@@ -1,5 +1,5 @@
swampVersion: 20260206.200442.0
-initializedAt: '2026-03-17T18:28:02.387Z'
+initializedAt: "2026-03-17T18:28:02.387Z"
repoId: 19364e34-a63d-46c2-8836-ed8eefd9c53f
tool: claude
gitignoreManaged: true
diff --git a/vault/azure-kv/extensions/vaults/azure_kv_test.ts b/vault/azure-kv/extensions/vaults/azure_kv_test.ts
new file mode 100644
index 0000000..3e07df2
--- /dev/null
+++ b/vault/azure-kv/extensions/vaults/azure_kv_test.ts
@@ -0,0 +1,65 @@
+// Swamp, an Automation Framework
+// Copyright (C) 2026 System Initiative, Inc.
+//
+// This file is part of Swamp.
+//
+// Swamp is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License version 3
+// as published by the Free Software Foundation, with the Swamp
+// Extension and Definition Exception (found in the "COPYING-EXCEPTION"
+// file).
+//
+// Swamp is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with Swamp. If not, see .
+
+import {
+ assertEquals,
+ assertExists,
+ assertThrows,
+} from "jsr:@std/assert@1.0.19";
+import { vault } from "./azure_kv.ts";
+
+Deno.test("vault export has correct metadata", () => {
+ assertEquals(vault.type, "@swamp/azure-kv");
+ assertEquals(vault.name, "Azure Key Vault");
+ assertExists(vault.description);
+ assertExists(vault.configSchema);
+ assertEquals(typeof vault.createProvider, "function");
+});
+
+Deno.test("configSchema validates valid config", () => {
+ const result = vault.configSchema.safeParse({
+ vault_url: "https://myvault.vault.azure.net/",
+ });
+ assertEquals(result.success, true);
+});
+
+Deno.test("configSchema validates config with secret_prefix", () => {
+ const result = vault.configSchema.safeParse({
+ vault_url: "https://myvault.vault.azure.net/",
+ secret_prefix: "swamp/",
+ });
+ assertEquals(result.success, true);
+});
+
+Deno.test("configSchema rejects invalid vault_url", () => {
+ const result = vault.configSchema.safeParse({ vault_url: "not-a-url" });
+ assertEquals(result.success, false);
+});
+
+Deno.test("configSchema rejects missing vault_url", () => {
+ const result = vault.configSchema.safeParse({});
+ assertEquals(result.success, false);
+});
+
+Deno.test("createProvider throws on invalid config", () => {
+ assertThrows(
+ () => vault.createProvider("bad-vault", {}),
+ Error,
+ );
+});