kc 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: acd1a1a4d4b98a8f4972a7be12a56485af6364a446ad9cc0981b92c0bae38e3b
+  data.tar.gz: 510e50ff16ddf681620775f0a1488615b5c68bafb8345d10e1447571762d68c9
+SHA512:
+  metadata.gz: 70d120e84e72ef0c79c63c72eb69c21f1a14950c52a8cbc9d4765a6c555a4c163bf441668892a2f642c4dc3136c6466c7d577416352630ba7f912feed258f897
+  data.tar.gz: 5d05fae5c846ee424b5627b04770b4a3b3c4af5b1614985f48d18226ffab562a92366511ef61f4bea1f289993016f1920703978bf9e4e983ef7875385c31ac5a

data/.gitignore

@@ -0,0 +1,17 @@
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+/vendor/bundle/
+
+# rspec failure tracking
+.rspec_status
+
+# Test files
+.env
+*.gem
+Gemfile.lock

data/.mise.toml

@@ -0,0 +1,2 @@
+[tools]
+ruby = "3.4.8"

data/.rspec

@@ -0,0 +1,3 @@
+--format documentation
+--color
+--require spec_helper

data/.travis.yml

@@ -0,0 +1,7 @@
+---
+sudo: false
+language: ruby
+cache: bundler
+rvm:
+  - 2.6.10
+before_install: gem install bundler -v 1.17.2

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,74 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, gender identity and expression, level of experience,
+nationality, personal appearance, race, religion, or sexual identity and
+orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or
+advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic
+  address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community. Examples of
+representing a project or community include using an official project e-mail
+address, posting via an official social media account, or acting as an appointed
+representative at an online or offline event. Representation of a project may be
+further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the project team at masa@aileron.cc. All
+complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances. The project team is
+obligated to maintain confidentiality with regard to the reporter of an incident.
+Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good
+faith may face temporary or permanent repercussions as determined by other
+members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
+available at [http://contributor-covenant.org/version/1/4][version]
+
+[homepage]: http://contributor-covenant.org
+[version]: http://contributor-covenant.org/version/1/4/

data/Gemfile

@@ -0,0 +1,6 @@
+source "https://rubygems.org"
+
+git_source(:github) {|repo_name| "https://github.com/#{repo_name}" }
+
+# Specify your gem's dependencies in kc.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2025 AILERON
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,197 @@
+# kc - Keychain Manager for direnv
+
+A CLI tool to securely store and retrieve secrets from macOS Keychain with namespace support, designed to work seamlessly with direnv.
+
+## Features
+
+- 🔐 Securely store any secrets in macOS Keychain
+- 🏷️ **Namespace support** - organize secrets by type (env, ssh, token, etc.)
+- 🚀 Native implementation using FFI (no shell command overhead)
+- 🎯 Designed for direnv integration
+- 📦 Simple CLI interface
+- 📋 List and filter secrets by namespace
+
+## Installation
+
+```bash
+gem install kc
+```
+
+Or add to your Gemfile:
+
+```ruby
+gem 'kc'
+```
+
+## Usage
+
+All commands require a **namespace** in the format `<namespace>:<name>`. Namespaces help organize different types of secrets.
+
+### Save to Keychain
+
+Read from stdin and save to keychain with namespace:
+
+```bash
+# Environment variables
+kc save env:myproject < .env
+cat .env | kc save env:production
+
+# SSH keys
+kc save ssh:id_rsa < ~/.ssh/id_rsa
+kc save ssh:deploy-key < deploy_key
+
+# API tokens
+echo "ghp_xxxxxxxxxxxx" | kc save token:github
+kc save token:openai < api_token.txt
+
+# Certificates
+kc save cert:ssl-cert < certificate.pem
+
+# Custom namespaces
+kc save my-app:config < config.json
+```
+
+### Load from Keychain
+
+Output to stdout or redirect to file:
+
+```bash
+kc load env:myproject
+kc load env:myproject > .env
+kc load ssh:id_rsa > ~/.ssh/id_rsa
+```
+
+### List Entries
+
+```bash
+# List all entries
+kc list
+
+# List entries in specific namespace
+kc list env:
+kc list ssh:
+kc list token:
+```
+
+### Delete from Keychain
+
+```bash
+kc delete env:myproject
+kc delete ssh:id_rsa
+kc delete token:github
+```
+
+### Use with direnv
+
+In your `.envrc`:
+
+```bash
+# Load from keychain and export all variables
+eval "$(kc load env:myproject | sed 's/^/export /')"
+
+# Or restore .env file
+kc load env:myproject > .env
+source_env .env
+```
+
+## Commands
+
+- `kc save <namespace>:<name>` - Read from stdin and save to keychain
+- `kc load <namespace>:<name>` - Load from keychain and output to stdout  
+- `kc delete <namespace>:<name>` - Delete entry from keychain
+- `kc list [prefix]` - List all entries (optionally filter by prefix)
+
+## Namespaces
+
+Namespaces must contain only lowercase letters, numbers, and hyphens.
+
+**Common namespaces:**
+- `env:` - Environment variable files
+- `ssh:` - SSH keys
+- `token:` - API tokens
+- `cert:` - Certificates
+- `key:` - Encryption keys
+- `secret:` - General secrets
+
+You can create custom namespaces as needed.
+
+## How it works
+
+`kc` uses macOS Security framework via FFI to directly interact with the Keychain, avoiding shell command overhead. All entries are stored under:
+
+- Service name: `kc`
+- Account name: `<namespace>:<name>` (e.g., `env:myproject`)
+
+## Full Workflow Example
+
+```bash
+# Save environment variables for different environments
+kc save env:development < .env.development
+kc save env:staging < .env.staging
+kc save env:production < .env.production
+
+# Save SSH keys
+kc save ssh:personal < ~/.ssh/id_rsa
+kc save ssh:work < ~/.ssh/id_rsa_work
+
+# Save API tokens
+echo "ghp_xxxxxxxxxxxx" | kc save token:github
+echo "sk-xxxxxxxxxxxxxx" | kc save token:openai
+
+# List all secrets
+kc list
+# => env:development
+# => env:production
+# => env:staging
+# => ssh:personal
+# => ssh:work
+# => token:github
+# => token:openai
+
+# List only environment files
+kc list env:
+# => env:development
+# => env:production
+# => env:staging
+
+# Load and use in direnv
+# .envrc file:
+eval "$(kc load env:development | sed 's/^/export /')"
+
+# Or check if exists before loading
+if kc list env:production > /dev/null 2>&1; then
+  kc load env:production > .env
+else
+  echo "No production env found"
+fi
+
+# Clean up when done
+kc delete env:development
+kc delete ssh:personal
+```
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests.
+
+```bash
+bundle install
+bundle exec rspec
+```
+
+## Requirements
+
+- macOS (uses macOS Keychain)
+- Ruby 2.5 or later
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/aileron-inc/kc.
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
+
+## Code of Conduct
+
+Everyone interacting in the Kc project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/aileron-inc/kc/blob/master/CODE_OF_CONDUCT.md).

data/Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "kc"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/exe/kc

@@ -0,0 +1,5 @@
+#!/usr/bin/env ruby
+
+require "kc"
+
+Kc::CLI.start(ARGV)

data/kc.gemspec

@@ -0,0 +1,41 @@
+
+lib = File.expand_path("../lib", __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require "kc/version"
+
+Gem::Specification.new do |spec|
+  spec.name          = "kc"
+  spec.version       = Kc::VERSION
+  spec.authors       = ["AILERON"]
+  spec.email         = ["masa@aileron.cc"]
+
+  spec.summary       = %q{Manage .env files in Mac Keychain with direnv}
+  spec.description   = %q{A CLI tool to save and load .env files from Mac Keychain, designed to work seamlessly with direnv}
+  spec.homepage      = "https://github.com/aileron/kc"
+  spec.license       = "MIT"
+
+  # Prevent pushing this gem to RubyGems.org. To allow pushes either set the 'allowed_push_host'
+  # to allow pushing to a single host or delete this section to allow pushing to any host.
+  if spec.respond_to?(:metadata)
+    spec.metadata["homepage_uri"] = spec.homepage
+    spec.metadata["source_code_uri"] = "https://github.com/aileron/kc"
+  else
+    raise "RubyGems 2.0 or newer is required to protect against " \
+      "public gem pushes."
+  end
+
+  # Specify which files should be added to the gem when it is released.
+  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
+  spec.files         = Dir.chdir(File.expand_path('..', __FILE__)) do
+    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  end
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency "ffi", "~> 1.15"
+
+  spec.add_development_dependency "bundler"
+  spec.add_development_dependency "rake"
+  spec.add_development_dependency "rspec", "~> 3.0"
+end

data/lib/kc/cli.rb

@@ -0,0 +1,148 @@
+module Kc
+  class CLI
+    def self.start(argv)
+      new(argv).run
+    end
+
+    def initialize(argv)
+      @argv = argv
+    end
+
+    def run
+      command = @argv[0]
+      name = @argv[1]
+
+      case command
+      when "save"
+        handle_save(name)
+      when "load"
+        handle_load(name)
+      when "delete"
+        handle_delete(name)
+      when "list"
+        handle_list(name)
+      else
+        show_usage
+        exit 1
+      end
+    end
+
+    private
+
+    def validate_namespace(name)
+      unless name&.include?(":")
+        puts "Error: Namespace required. Format: <namespace>:<name>"
+        puts "Examples: env:myproject, ssh:id_rsa, token:github"
+        exit 1
+      end
+
+      namespace, key = name.split(":", 2)
+      
+      if namespace.empty? || key.empty?
+        puts "Error: Invalid format. Use <namespace>:<name>"
+        exit 1
+      end
+
+      # Validate namespace format (alphanumeric and hyphen only)
+      unless namespace.match?(/^[a-z0-9-]+$/)
+        puts "Error: Namespace must contain only lowercase letters, numbers, and hyphens"
+        exit 1
+      end
+    end
+
+    def handle_save(name)
+      unless name
+        puts "Error: name is required"
+        show_usage
+        exit 1
+      end
+
+      validate_namespace(name)
+
+      # Read from stdin
+      if STDIN.tty?
+        puts "Error: No input provided. Use: cat file | kc save <namespace>:<name>"
+        exit 1
+      end
+
+      content = STDIN.read
+      if content.empty?
+        puts "Error: Input is empty"
+        exit 1
+      end
+
+      Keychain.save(name, content)
+      puts "Successfully saved to keychain as '#{name}'"
+    rescue => e
+      puts "Error: #{e.message}"
+      exit 1
+    end
+
+    def handle_load(name)
+      unless name
+        puts "Error: name is required"
+        show_usage
+        exit 1
+      end
+
+      validate_namespace(name)
+
+      content = Keychain.load(name)
+      puts content
+    rescue => e
+      puts "Error: #{e.message}"
+      exit 1
+    end
+
+    def handle_delete(name)
+      unless name
+        puts "Error: name is required"
+        show_usage
+        exit 1
+      end
+
+      validate_namespace(name)
+
+      Keychain.delete(name)
+      puts "Successfully deleted '#{name}' from keychain"
+    rescue => e
+      puts "Error: #{e.message}"
+      exit 1
+    end
+
+    def handle_list(prefix)
+      items = Keychain.list(prefix)
+      
+      if items.empty?
+        if prefix
+          puts "No items found with prefix '#{prefix}'"
+        else
+          puts "No items found in keychain"
+        end
+      else
+        items.each { |item| puts item }
+      end
+    rescue => e
+      puts "Error: #{e.message}"
+      exit 1
+    end
+
+    def show_usage
+      puts <<~USAGE
+        Usage:
+          kc save <namespace>:<name>      Save from stdin to keychain
+          kc load <namespace>:<name>      Load from keychain to stdout
+          kc delete <namespace>:<name>    Delete from keychain
+          kc list [prefix]                List all items (optionally filter by prefix)
+
+        Examples:
+          cat .env | kc save env:myproject
+          kc load env:myproject > .env
+          kc save ssh:id_rsa < ~/.ssh/id_rsa
+          kc list                          # List all
+          kc list env:                     # List all env: items
+          kc delete env:myproject
+      USAGE
+    end
+  end
+end

data/lib/kc/keychain.rb

@@ -0,0 +1,228 @@
+require "ffi"
+
+module Kc
+  class Keychain
+    SERVICE_NAME = "kc"
+
+    module SecurityFramework
+      extend FFI::Library
+      ffi_lib "/System/Library/Frameworks/Security.framework/Security"
+
+      # OSStatus SecKeychainAddGenericPassword(
+      #   SecKeychainRef keychain,
+      #   UInt32 serviceNameLength,
+      #   const char *serviceName,
+      #   UInt32 accountNameLength,
+      #   const char *accountName,
+      #   UInt32 passwordLength,
+      #   const void *passwordData,
+      #   SecKeychainItemRef *itemRef
+      # )
+      attach_function :SecKeychainAddGenericPassword, [
+        :pointer,  # keychain (NULL for default)
+        :uint32,   # serviceNameLength
+        :string,   # serviceName
+        :uint32,   # accountNameLength
+        :string,   # accountName
+        :uint32,   # passwordLength
+        :pointer,  # passwordData
+        :pointer   # itemRef (can be NULL)
+      ], :int
+
+      # OSStatus SecKeychainFindGenericPassword(
+      #   CFTypeRef keychainOrArray,
+      #   UInt32 serviceNameLength,
+      #   const char *serviceName,
+      #   UInt32 accountNameLength,
+      #   const char *accountName,
+      #   UInt32 *passwordLength,
+      #   void **passwordData,
+      #   SecKeychainItemRef *itemRef
+      # )
+      attach_function :SecKeychainFindGenericPassword, [
+        :pointer,  # keychainOrArray (NULL for default)
+        :uint32,   # serviceNameLength
+        :string,   # serviceName
+        :uint32,   # accountNameLength
+        :string,   # accountName
+        :pointer,  # passwordLength (output)
+        :pointer,  # passwordData (output)
+        :pointer   # itemRef (output, can be NULL if not needed)
+      ], :int
+
+      # OSStatus SecKeychainItemDelete(SecKeychainItemRef itemRef)
+      attach_function :SecKeychainItemDelete, [:pointer], :int
+
+      # void SecKeychainItemFreeContent(SecKeychainAttributeList *attrList, void *data)
+      attach_function :SecKeychainItemFreeContent, [:pointer, :pointer], :int
+
+      # Constants for attribute tags
+      KSecAccountItemAttr = 0x61636374  # 'acct' in FourCC
+
+      # Attribute structure
+      class SecKeychainAttribute < FFI::Struct
+        layout :tag, :uint32,
+               :length, :uint32,
+               :data, :pointer
+      end
+
+      class SecKeychainAttributeList < FFI::Struct
+        layout :count, :uint32,
+               :attr, :pointer  # Array of SecKeychainAttribute
+      end
+
+      # OSStatus SecKeychainSearchCreateFromAttributes(
+      #   CFTypeRef keychainOrArray,
+      #   SecItemClass itemClass,
+      #   const SecKeychainAttributeList *attrList,
+      #   SecKeychainSearchRef *searchRef
+      # )
+      attach_function :SecKeychainSearchCreateFromAttributes, [
+        :pointer,  # keychainOrArray
+        :uint32,   # itemClass (kSecGenericPasswordItemClass = 'genp')
+        :pointer,  # attrList
+        :pointer   # searchRef (output)
+      ], :int
+
+      # OSStatus SecKeychainSearchCopyNext(
+      #   SecKeychainSearchRef searchRef,
+      #   SecKeychainItemRef *itemRef
+      # )
+      attach_function :SecKeychainSearchCopyNext, [
+        :pointer,  # searchRef
+        :pointer   # itemRef (output)
+      ], :int
+
+      # OSStatus SecKeychainItemCopyAttributesAndData(
+      #   SecKeychainItemRef itemRef,
+      #   SecKeychainAttributeInfo *info,
+      #   SecItemClass *itemClass,
+      #   SecKeychainAttributeList **attrList,
+      #   UInt32 *length,
+      #   void **outData
+      # )
+      attach_function :SecKeychainItemCopyAttributesAndData, [
+        :pointer,  # itemRef
+        :pointer,  # info (NULL for default keychain)
+        :pointer,  # itemClass (can be NULL)
+        :pointer,  # attrList (output)
+        :pointer,  # length (can be NULL)
+        :pointer   # outData (can be NULL)
+      ], :int
+
+      # OSStatus SecKeychainItemFreeAttributesAndData(
+      #   SecKeychainAttributeList *attrList,
+      #   void *data
+      # )
+      attach_function :SecKeychainItemFreeAttributesAndData, [:pointer, :pointer], :int
+
+      # void CFRelease(CFTypeRef cf)
+      attach_function :CFRelease, [:pointer], :void
+    end
+
+    class << self
+      def save(account_name, content)
+        # Try to delete existing entry first
+        delete(account_name) rescue nil
+
+        # Add new entry
+        status = SecurityFramework.SecKeychainAddGenericPassword(
+          nil,                        # default keychain
+          SERVICE_NAME.bytesize,      # service name length
+          SERVICE_NAME,               # service name
+          account_name.bytesize,      # account name length
+          account_name,               # account name
+          content.bytesize,           # password length
+          FFI::MemoryPointer.from_string(content),  # password data
+          nil                         # don't need item ref
+        )
+
+        unless status.zero?
+          raise Error, "Failed to save to keychain (status: #{status})"
+        end
+      end
+
+      def load(account_name)
+        password_length = FFI::MemoryPointer.new(:uint32)
+        password_data = FFI::MemoryPointer.new(:pointer)
+
+        status = SecurityFramework.SecKeychainFindGenericPassword(
+          nil,                        # default keychain
+          SERVICE_NAME.bytesize,      # service name length
+          SERVICE_NAME,               # service name
+          account_name.bytesize,      # account name length
+          account_name,               # account name
+          password_length,            # password length (output)
+          password_data,              # password data (output)
+          nil                         # don't need item ref
+        )
+
+        unless status.zero?
+          raise Error, "Failed to load from keychain (status: #{status})"
+        end
+
+        # Read the password data
+        length = password_length.read_uint32
+        data_ptr = password_data.read_pointer
+        password = data_ptr.read_string(length)
+
+        # Free the memory allocated by Security framework
+        SecurityFramework.SecKeychainItemFreeContent(nil, data_ptr)
+
+        password
+      end
+
+      def delete(account_name)
+        item_ref = FFI::MemoryPointer.new(:pointer)
+
+        status = SecurityFramework.SecKeychainFindGenericPassword(
+          nil,
+          SERVICE_NAME.bytesize,
+          SERVICE_NAME,
+          account_name.bytesize,
+          account_name,
+          nil,
+          nil,
+          item_ref
+        )
+
+        unless status.zero?
+          raise Error, "Entry '#{account_name}' not found in keychain"
+        end
+
+        delete_status = SecurityFramework.SecKeychainItemDelete(item_ref.read_pointer)
+        
+        unless delete_status.zero?
+          raise Error, "Failed to delete from keychain (status: #{delete_status})"
+        end
+      end
+
+      def list(prefix = nil)
+        accounts = []
+        
+        # Use security dump-keychain and parse output
+        # We need to look for entries with service="kc"
+        output = `security dump-keychain login.keychain-db 2>/dev/null`
+        
+        # Split by keychain entries
+        entries = output.split(/^keychain:/).drop(1)
+        
+        entries.each do |entry|
+          # Check if this entry has svce="kc"
+          if entry =~ /"svce"<blob>="#{SERVICE_NAME}"/
+            # Extract account name
+            if entry =~ /"acct"<blob>="([^"]+)"/
+              account_name = $1
+              # Filter by prefix if provided
+              if prefix.nil? || account_name.start_with?(prefix)
+                accounts << account_name
+              end
+            end
+          end
+        end
+
+        accounts.sort.uniq
+      end
+    end
+  end
+end

data/lib/kc/version.rb

@@ -0,0 +1,3 @@
+module Kc
+  VERSION = "0.1.0"
+end

data/lib/kc.rb

@@ -0,0 +1,7 @@
+require "kc/version"
+require "kc/cli"
+require "kc/keychain"
+
+module Kc
+  class Error < StandardError; end
+end

metadata

@@ -0,0 +1,117 @@
+--- !ruby/object:Gem::Specification
+name: kc
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- AILERON
+bindir: exe
+cert_chain: []
+date: 1980-01-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: ffi
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.15'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.15'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+description: A CLI tool to save and load .env files from Mac Keychain, designed to
+  work seamlessly with direnv
+email:
+- masa@aileron.cc
+executables:
+- kc
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".mise.toml"
+- ".rspec"
+- ".travis.yml"
+- CODE_OF_CONDUCT.md
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- exe/kc
+- kc.gemspec
+- lib/kc.rb
+- lib/kc/cli.rb
+- lib/kc/keychain.rb
+- lib/kc/version.rb
+homepage: https://github.com/aileron/kc
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/aileron/kc
+  source_code_uri: https://github.com/aileron/kc
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.6.9
+specification_version: 4
+summary: Manage .env files in Mac Keychain with direnv
+test_files: []