//! 1Password Connect Server HTTP client provider.
//!
//! Activates when both `OP_CONNECT_URL` and `OP_CONNECT_TOKEN` are set in the
//! environment. When activated, `cmd_op_pull_ns` delegates to this module
//! instead of shelling out to the `op` CLI.
//!
//! # Coexistence model
//!
//! ```
//! if OpConnectConfig::from_env().is_ok() { Connect HTTP path }
//! else { op CLI subprocess (unchanged) }
//! ```
//!
//! # Vault name resolution
//!
//! `GET /v1/vaults` returns all vaults visible to the token. The vault is
//! located by exact name match on the `name` field. When zero or more than
//! one vault matches, an explicit error is returned — the operator must either
//! rename the vault in 1Password or provide a unique name via `--op-vault`.