easy_creds 1.0.1

data/lib/easy_creds/providers/one_password.rb

@@ -0,0 +1,187 @@
+# frozen_string_literal: true
+
+require 'json'
+require 'logger' # stdlib
+require 'pathname'
+require 'tempfile'
+
+module EasyCreds
+  module Providers
+    class OnePassword < Base
+      Result = Data.define(:ok, :stdout, :stderr)
+
+      attr_reader :vault
+
+      def initialize(vault:, runner: nil, log_dir: nil, **)
+        super()
+        @vault  = vault
+        @runner = runner || method(:shell_run)
+        @logger = build_logger(log_dir)
+      end
+
+      def signed_in?
+        result = run('op', 'whoami', '--format=json')
+        return false unless result.ok
+
+        data = JSON.parse(result.stdout)
+        data.key?('account_uuid') || data.key?('email')
+      rescue JSON::ParserError
+        false
+      end
+
+      def account_email
+        result = run('op', 'whoami', '--format=json')
+        return nil unless result.ok
+
+        JSON.parse(result.stdout)['email']
+      rescue JSON::ParserError
+        nil
+      end
+
+      def vault_exists?
+        result = run('op', 'vault', 'list', '--format=json')
+        return false unless result.ok
+
+        vaults = JSON.parse(result.stdout)
+        vaults.any? { |v| v['name'] == @vault }
+      rescue JSON::ParserError
+        false
+      end
+
+      def create_vault(name)
+        run('op', 'vault', 'create', name).ok
+      end
+
+      def item(env)
+        result = run('op', 'item', 'get', env_item(env), "--vault=#{@vault}", '--format=json')
+        return nil unless result.ok
+
+        fields_from_json(result.stdout)
+      rescue JSON::ParserError
+        nil
+      end
+
+      def item_exists?(env)
+        run('op', 'item', 'get', env_item(env), "--vault=#{@vault}", '--format=json').ok
+      end
+
+      def create_item(env, fields)
+        with_template_file(build_template(env_item(env), fields)) do |path|
+          run('op', 'item', 'create', "--vault=#{@vault}", "--template=#{path}")
+        end.ok
+      end
+
+      def update_item(env, all_fields)
+        update_named_item(env_item(env), all_fields)
+      end
+
+      def read_credentials_key(env, credentials_item)
+        result = run('op', 'read', "op://#{@vault}/#{credentials_item}/#{env}")
+        result.ok ? result.stdout.strip : nil
+      end
+
+      def write_credentials_key(env, key_value, credentials_item)
+        existing = run('op', 'item', 'get', credentials_item, "--vault=#{@vault}", '--format=json')
+
+        if existing.ok
+          all_fields = fields_from_json(existing.stdout).merge(env => key_value)
+          update_named_item(credentials_item, all_fields)
+        else
+          with_template_file(build_template(credentials_item, { env => key_value })) do |path|
+            run('op', 'item', 'create', "--vault=#{@vault}", "--template=#{path}")
+          end.ok
+        end
+      rescue JSON::ParserError => e
+        log(:error, "JSON parse error in write_credentials_key: #{e.message}")
+        false
+      end
+
+      private
+
+      def env_item(env) = env.to_s
+
+      def run(*cmd)
+        @runner.call(*cmd)
+      end
+
+      def shell_run(*cmd)
+        log(:debug, "$ #{cmd.join(' ')}")
+        stdout_r, stdout_w = IO.pipe
+        stderr_r, stderr_w = IO.pipe
+        pid = spawn(*cmd, out: stdout_w, err: stderr_w)
+        stdout_w.close
+        stderr_w.close
+        stdout_str = stdout_r.read
+        stderr_str = stderr_r.read
+        stdout_r.close
+        stderr_r.close
+        _, status = Process.wait2(pid)
+        log_shell_result(status, stdout_str, stderr_str)
+        Result.new(ok: status.success?, stdout: stdout_str, stderr: stderr_str)
+      end
+
+      def log_shell_result(status, stdout_str, stderr_str)
+        if status.success?
+          log(:debug, '  exit 0')
+        else
+          log(:error, "  exit #{status.exitstatus}")
+          log(:error, "  stderr: #{stderr_str.strip}") unless stderr_str.strip.empty?
+          log(:error, "  stdout: #{stdout_str[0, 500].strip}") unless stdout_str.strip.empty?
+        end
+      end
+
+      def update_named_item(name, all_fields)
+        log(:debug, "update_named_item: deleting '#{name}' then recreating")
+        del = run('op', 'item', 'delete', name, "--vault=#{@vault}")
+        log(:warn, "delete '#{name}' failed: #{del.stderr.strip}") unless del.ok
+        with_template_file(build_template(name, all_fields)) do |path|
+          run('op', 'item', 'create', "--vault=#{@vault}", "--template=#{path}")
+        end.ok
+      end
+
+      def fields_from_json(json_str)
+        data   = JSON.parse(json_str)
+        fields = data['fields'] || []
+        fields.each_with_object({}) do |field, acc|
+          label = field['label']
+          value = field['value']
+          acc[label] = value if label.present?
+        end
+      end
+
+      def build_template(title, fields)
+        {
+          'title' => title,
+          'category' => 'SECURE_NOTE',
+          'fields' => fields.map do |label, value|
+            { 'label' => label.to_s, 'type' => 'CONCEALED', 'value' => value.to_s }
+          end
+        }
+      end
+
+      def with_template_file(template)
+        Tempfile.create(['op_template', '.json']) do |f|
+          f.write(template.to_json)
+          f.flush
+          File.chmod(0o600, f.path)
+          yield f.path
+        end
+      end
+
+      def build_logger(log_dir)
+        return nil unless log_dir
+
+        dir = Pathname.new(log_dir)
+        dir.mkpath
+        l = ::Logger.new(dir.join('easy_creds.log'), 'daily')
+        l.level = ::Logger::DEBUG
+        l.formatter = proc { |sev, time, _, msg| "[#{time.strftime('%F %T')}] #{sev}: #{msg}\n" }
+        l
+      end
+
+      def log(level, msg)
+        @logger&.public_send(level, msg)
+      end
+    end
+  end
+end

data/lib/easy_creds/railtie.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+module EasyCreds
+  # Rails integration — loaded automatically when Rails::Railtie is defined.
+  # Registers the credentials:sync, easy_creds:install, and easy_creds:onboard
+  # rake tasks without booting the full Rails environment upfront.
+  class Railtie < ::Rails::Railtie
+    rake_tasks { load File.expand_path('../../tasks/easy_creds.rake', __dir__) }
+  end
+end

data/lib/easy_creds/templates/files/default-beastmode.yml

@@ -0,0 +1,33 @@
+# Application domain
+app:
+  host: example.com
+  # cdn_host: cdn.example.com    # set for staging/prod
+  allowed_hosts:
+    - example.com
+    - www.example.com
+    # - staging.example.com      # set for staging
+
+# CORS / API access
+cors:
+  origins:
+    - https://example.com
+    - https://www.example.com
+    # - https://staging.example.com   # staging only
+
+# Database (rails fullstack)
+database:
+  url: postgres://localhost:5432/__APP_NAME___development
+  # url: postgres://prod-host:5432/__APP_NAME___production   # production
+
+# Secrets — fill via TUI on first sync
+secret_key_base:
+active_record_encryption:
+  primary_key:
+  deterministic_key:
+  key_derivation_salt:
+
+# Third-party (examples)
+stripe:
+  publishable_key:
+  secret_key:
+  webhook_secret:

data/lib/easy_creds/templates/files/microservice-minimal.yml

@@ -0,0 +1,7 @@
+secret_key_base: <CHANGE_ME>
+
+databases:
+  primary:
+    url: postgres://service:password@localhost/service_production
+
+api_key: <CHANGE_ME>

data/lib/easy_creds/templates/files/rails-api.yml

@@ -0,0 +1,20 @@
+secret_key_base: <CHANGE_ME>
+
+databases:
+  primary:
+    url: postgres://myapp:password@localhost/myapp_production
+
+app:
+  host: api.myapp.example.com
+
+active_record_encryption:
+  primary_key: <CHANGE_ME>
+  deterministic_key: <CHANGE_ME>
+  key_derivation_salt: <CHANGE_ME>
+
+crypt_secret: <CHANGE_ME>
+
+oauth:
+  google:
+    client_id: <CHANGE_ME>
+    client_secret: <CHANGE_ME>

data/lib/easy_creds/templates/files/rails-fullstack.yml

@@ -0,0 +1,37 @@
+secret_key_base: <CHANGE_ME>
+
+databases:
+  primary:
+    host: localhost
+    port: 5432
+    name: myapp_production
+    username: myapp
+    password: <CHANGE_ME>
+
+active_record_encryption:
+  primary_key: <CHANGE_ME>
+  deterministic_key: <CHANGE_ME>
+  key_derivation_salt: <CHANGE_ME>
+
+crypt_secret: <CHANGE_ME>
+
+app:
+  host: myapp.example.com
+  name: MyApp
+
+mailer:
+  from: noreply@myapp.example.com
+
+oauth:
+  google:
+    client_id: <CHANGE_ME>
+    client_secret: <CHANGE_ME>
+
+storage:
+  access_key_id: <CHANGE_ME>
+  secret_access_key: <CHANGE_ME>
+  region: us-east-1
+  bucket: myapp-production
+
+redis:
+  url: redis://localhost:6379/0

data/lib/easy_creds/templates/registry.rb

@@ -0,0 +1,62 @@
+# frozen_string_literal: true
+
+module EasyCreds
+  module Templates
+    class Registry
+      BUNDLED_DIR = File.expand_path('files', __dir__).freeze
+
+      def initialize(global_dir: nil)
+        @global_dir = global_dir
+      end
+
+      def list
+        (bundled_names + user_names).uniq
+      end
+
+      def load(name)
+        path = user_path(name) || bundled_path(name)
+        raise ArgumentError, "Template '#{name}' not found" unless path
+
+        YAML.safe_load_file(path) || {}
+      end
+
+      def user_defined?(name)
+        user_path(name) ? true : false
+      end
+
+      def path_for(name)
+        user_path(name) || bundled_path(name)
+      end
+
+      def delete(name)
+        raise ArgumentError, "Cannot delete bundled template '#{name}'" unless user_defined?(name)
+
+        File.delete(user_path(name))
+      end
+
+      private
+
+      def bundled_names
+        Dir[File.join(BUNDLED_DIR, '*.yml')].map { |p| File.basename(p, '.yml').to_sym }
+      end
+
+      def user_names
+        return [] unless @global_dir
+
+        Dir[File.join(@global_dir, 'templates', '*.yml')].map { |p| File.basename(p, '.yml').to_sym }
+      end
+
+      def user_path(name)
+        return unless @global_dir
+
+        path = File.join(@global_dir, 'templates', "#{name}.yml")
+        File.exist?(path) ? path : nil
+      end
+
+      def bundled_path(name)
+        path = File.join(BUNDLED_DIR, "#{name}.yml")
+        File.exist?(path) ? path : nil
+      end
+    end
+  end
+end

data/lib/easy_creds/templates/renderer.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+module EasyCreds
+  module Templates
+    class Renderer
+      def initialize(template)
+        @template = template
+      end
+
+      def customise(prompt)
+        return @template if @template.empty?
+
+        result = {}
+        @template.each do |section, value|
+          next unless prompt.yes?("Include section '#{section}'?", default: true)
+
+          result[section] = value.is_a?(Hash) ? customise_section(section, value, prompt) : value
+        end
+        result
+      end
+
+      private
+
+      def customise_section(section, hash, prompt)
+        hash.transform_values do |val|
+          val.is_a?(String) ? maybe_placeholder(section, val, prompt) : val
+        end
+      end
+
+      def maybe_placeholder(section, val, prompt)
+        return val unless val.to_s.start_with?('<', 'CHANGE_')
+
+        prompt.yes?("Keep placeholder for '#{section}'?", default: true) ? val : nil
+      end
+    end
+  end
+end

data/lib/easy_creds/theme.rb

@@ -0,0 +1,129 @@
+# frozen_string_literal: true
+
+require 'pastel'
+require 'tty-screen'
+
+module EasyCreds
+  module Theme
+    module_function
+
+    # Calvin S figlet — "easy_creds" in 3 rows × 29 cols
+    BANNER_ART = [
+      '┌─┐┌─┐┌─┐┬ ┬  ┌─┐┬─┐┌─┐ ┬ ┌─┐',
+      '├─ ├─┤└─┐└┬┘  │  ├┬ ├─ ┌─┤└─┐',
+      '└─┘└─┘└─┘ ┴   └─┘┴  └─┘└─┘└─┘'
+    ].freeze
+
+    ICONS = {
+      ok: '✔',
+      warn: '⚠',
+      error: '✖',
+      info: 'ℹ',
+      push: '↑',
+      pull: '↓',
+      modified: '⇅',
+      added: '↗',
+      removed: '↙',
+      lock: '⚙',
+      vault: '▪',
+      key: '◆',
+      sync: '↔'
+    }.freeze
+
+    SPINNERS = %w[⠋ ⠙ ⠸ ⠴ ⠦ ⠧ ⠇ ⠏].freeze
+
+    def pastel
+      @pastel ||= Pastel.new
+    end
+
+    # 24-bit true-color helpers — Midnight design system
+    def ok(str)      = "\e[38;2;140;227;156m#{str}\e[0m"   # #8ce39c green
+    def warn(str)    = "\e[38;2;245;207;123m#{str}\e[0m"   # #f5cf7b amber
+    def error(str)   = "\e[38;2;255;122;139m#{str}\e[0m"   # #ff7a8b red
+    def accent(str)  = "\e[38;2;122;162;255m#{str}\e[0m"   # #7aa2ff blue
+    def info(str)    = accent(str)
+    def dim(str)     = pastel.dim(str)
+    def bold(str)    = pastel.bold(str)
+    def header(str)  = "\e[1m\e[38;2;122;162;255m#{str}\e[0m"
+    def env_tag(str) = accent(str)
+    def key_tag(str) = accent(str)
+
+    def change_color(kind)
+      case kind
+      when :added    then ok(ICONS[:added])
+      when :removed  then error(ICONS[:removed])
+      when :modified then warn(ICONS[:modified])
+      end
+    end
+
+    # ── Rounded box-drawing helpers ────────────────────────────────────────
+    def box_top(width)    = dim("╭#{'─' * [width - 2, 0].max}╮")
+    def box_bottom(width) = dim("╰#{'─' * [width - 2, 0].max}╯")
+    def box_h(width)      = dim('─' * width)
+    def box_side          = dim('│')
+
+    # Kbd-cap key hint: [k] desc
+    def kbd(key) = "#{dim('[')}" + accent(key) + "#{dim(']')}"
+
+    # Traffic-light title bar: ● ● ●   title   status
+    def title_bar(env_label, width, status: nil)
+      lights     = "#{error('●')} #{warn('●')} #{ok('●')}"
+      lights_vis = 5
+      right_str  = status ? dim(status) : ''
+      right_vis  = status ? strip_ansi(right_str).length : 0
+      title_str  = "\e[1m\e[38;2;122;162;255m#{env_label}\e[0m"
+      title_vis  = env_label.length
+      pad_total  = [width - lights_vis - 2 - right_vis - title_vis - 2, 0].max
+      pad_left   = pad_total / 2
+      pad_right  = pad_total - pad_left
+      "  #{lights}#{' ' * pad_left}#{title_str}#{' ' * pad_right}#{right_str}"
+    end
+
+    def banner(vault, envs)
+      width   = [TTY::Screen.width, 78].min
+      inner_w = width - 4  # '│ ' on left + ' │' on right
+
+      lines = [
+        "  #{header("#{ICONS[:lock]}  easy_creds")}  #{dim('credentials ↔ 1Password sync')}",
+        '',
+        "  #{dim('vault')}    #{vault ? bold(vault) : dim('(not set)')}",
+        "  #{dim('envs')}     #{envs.any? ? envs.map { |e| env_tag(e) }.join(dim(' · ')) : dim('—')}"
+      ]
+
+      rows = lines.map { |l| "#{box_side} #{rpad(l, inner_w)} #{box_side}" }
+      ([box_top(width)] + rows + [box_bottom(width)]).join("\n")
+    end
+
+    def section(title)
+      puts ''
+      puts bold(title)
+      puts dim('─' * [TTY::Screen.width, 60].min)
+    end
+
+    # Shell-prompt line: user@host ~/cwd [git-branch]
+    def tprompt_line
+      user   = ENV.fetch('USER', ENV.fetch('USERNAME', 'user'))
+      host   = ENV.fetch('HOSTNAME', `hostname -s 2>/dev/null`.strip)
+      host   = host.split('.').first
+      host   = 'localhost' if host.to_s.empty?
+      cwd    = Dir.pwd.gsub(Dir.home, '~')
+      branch = `git rev-parse --abbrev-ref HEAD 2>/dev/null`.strip
+      out    = "#{ok(user)}#{dim('@')}#{accent(host)} #{dim(cwd)}"
+      out   += " #{dim("[#{branch}]")}" unless branch.empty?
+      out
+    end
+
+    def success(msg) = puts("  #{ok(ICONS[:ok])}  #{msg}")
+    def failure(msg) = puts("  #{error(ICONS[:error])}  #{msg}")
+    def notice(msg)  = puts("  #{accent(ICONS[:info])}  #{msg}")
+    def warning(msg) = puts("  #{warn(ICONS[:warn])}  #{msg}")
+
+    def strip_ansi(str)
+      str.gsub(/\e\[[0-9;]*[mJHABCDsuK]/, '')
+    end
+
+    def rpad(str, width)
+      str + (' ' * [width - strip_ansi(str).length, 0].max)
+    end
+  end
+end