shhh 1.4.1 → 1.5.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 8be044ac1a326bd26c343102e64650b364ca6825
-  data.tar.gz: ae67a04259e58203f3d6cf54a1f7e22ebfe61279
+  metadata.gz: a18f2fa8ab3ca75426c0eccec0ddb42ca59c71ee
+  data.tar.gz: 2459a7f861d35612ab3e607a87999e9c98e071a2
 SHA512:
-  metadata.gz: a334844785be58e522aa97add26d34961799885540dffcc5f584939cad872bab7f97a0229fcefcd4856c0123cd19bc15e12602784a6ac28fdf94b14cb6762510
-  data.tar.gz: 273554d3ce0ffb40c60b878761fd60255df7d00366d1627812600536e5cf9528d5878b145fc82ce51b858205d9b5d25688d54d0e8069d35383d17ab5b9df2735
+  metadata.gz: 031191a168e9e6aa553f3950c8a29c2dc26c15ae4f5b8baeb402b0da3a51036268e66aeb90d409c9ecad439ac259e1f04d54cd823f3d3cca380de196f2df392e
+  data.tar.gz: 76c711a907e9b97ef72c0ac83c30f8f47e24574c3398ec67d246a9fb8270db3c8761abeeed8d0737dbea89aff4d21fe1313da75603a9d92e215605057e8144dd

data/.gitignore

@@ -10,3 +10,4 @@
 /tmp/
 /data
 /spec/coverage/
+*.enc

data/README.md

@@ -1,44 +1,57 @@
-# Shhh 
+# Shhh — Your Encryption Best Friend
 
 [![Gem Version](https://badge.fury.io/rb/shhh.svg)](https://badge.fury.io/rb/shhh)
 [![Downloads](http://ruby-gem-downloads-badge.herokuapp.com/shhh?type=total)](https://rubygems.org/gems/shhh)
 
-
-[![Build Status](https://travis-ci.org/kigster/secrets-cipher-base64.svg?branch=master)](https://travis-ci.org/kigster/secrets-cipher-base64)
+[![Build Status](https://travis-ci.org/kigster/shhh.svg?branch=master)](https://travis-ci.org/kigster/shhh)
 [![Code Climate](https://codeclimate.com/github/kigster/secrets-cipher-base64/badges/gpa.svg)](https://codeclimate.com/github/kigster/secrets-cipher-base64)
 [![Test Coverage](https://codeclimate.com/github/kigster/secrets-cipher-base64/badges/coverage.svg)](https://codeclimate.com/github/kigster/secrets-cipher-base64/coverage)
 [![Issue Count](https://codeclimate.com/github/kigster/secrets-cipher-base64/badges/issue_count.svg)](https://codeclimate.com/github/kigster/secrets-cipher-base64)
 
-## Summary
+## Description
 
-What? *Another security gem?* —— Well, funny you should ask! 
+### Summary
 
-You see, security is an incredibly wide topic. The tools around security tend to fall into two classes: swiss army knife wrappers around `OpenSSL`, and more specialized tools. This gem falls in the second category. It wraps a very small part of `OpenSSL` library. 
+> __shhh__ is little program that makes it _trivial to encrypt and decrypt sensitive data_.  But, unlike many other existing tools, __shhh__'s goal is to dramatically simplify the command line interface (CLI), and make symmetric encryption as routine as listing directories in Terminal.
 
-> __Namely, `shhh` provides:__
->
-> * Symmetric data encryption with: 
->   * the cipher `AES-256-CBC` 
->   * 256-bit private key
->   * which can be optionally password-encrypted.
-> * Rich command line interface with some innovative features, such as inline encrypted file editing using your current `$EDITOR`
-> * Automatic compression of the data
-> * Rich Ruby API and highly extensible approach to encryption/decryption
-> * Automatic detection of password-protected keys, 
-> * and more...
+With this tool I wanted to make it easy to memorize the most common options, so that there is little no longer a barrier to the full power of encryption offered by [`OpenSSL`](https://www.openssl.org/) library.
 
-The main point behind this gem is to allow you to store sensitive application secrets in your source code repo as `AES-256-CBC`-encrypted files or strings (this is the same encryption algorithm that US Government uses internally). The output of the encryption is always a (urlsafe) `base64`-encoded string, without the linebreaks.
- 
-The private key (encrypted or not) is also a base64-encoded string, typically 45 characters long (unless it's password encrypted, in which case it is considerably longer). 
- 
-Using a single-line string that `urlsafe_encode64()` generates, makes this gem well suited for encrypting specific fields in the YAML file, or simply the entire file.  This also means that the private key can be easily exported as an environment variable (as it's value is a single-line string).  
- 
-> NOTE: The library leverages the code shown in the following discussion: http://stuff-things.net/2015/02/12/symmetric-encryption-with-ruby-and-rails/ I'd like to acknowledge the the author of the above thread for providing clear examples of a simple symmetric encryption with `OpenSSL`.
+And no tool works in isolation: this is just a stepping stone that could be part of your deployment or infrastructure code: don't rely on external services: minimize the risk of a "man-in-the-middle" attack, by dealing with the encryption and decryption locally. Ideal application of this gem, is the ability to store sensitive application _secrets_ protected on a file system, or in a repo, and use `shhh` to automaticaly decrypt the data when any changes are to be made, or when the data needs to be read by an application service.
+
+And finally, in addition to the rich CLI interface of the `shhh` executable, there is a rich and extensibe symmetric encryption API that can be easily used from any ruby project.
 
-## Symmetric Encryption
+### How It Works
 
-Symmetric encryption simply means that we are using the same private key to encrypt and decrypt. The secret can be generated by the tool and is a *base64-encoded* string which is 45 characters long. The *decoded* secret is always 32 characters long (or 256 bytes long).
+  1.  You start with a piece of sensitive data, say it's called _X_. 
+  2.  _X_ is  currently a file on your file system, unencrypted. 
+  2. You use __shhh__ (with `-g` — for "generate")  to make a new encryption key. The key is 256 bits, or 32 bytes, or 45 bytes when base64-encoded.
+  3. You must save this key somewhere safe. We'll talk about this further.
+  4. You use __shhh__ (with `-e`) to encrypt _X_ with the key, and save into _Y_.
+  5. You now delete _X_ from your file system. You now only have _Y_ and the _key_.
+  7. To read the data back, you use __shhh__ with the `-d` (for "decrypt") to decrypt _Y_ back. You can print the contents or save it again.
+  8. But, instead of just decrypting it, you can use the `-t` mode (for "ediT"), which would decrypt _Y_ into _X_, save _X_ into a temporary location, and allow you to edit the unencrypted file using `$EDITOR`. Once you save and exit the editor, a new version is automatically encrypted and replaces the old version, showing you the diff and, optionally, creating a backup.
 
+### Features
+
+The `shhh` executable as well as the Ruby API provide:
+
+ * Symmetric data encryption with: 
+   * the cipher `AES-256-CBC` used by the US Government
+   * 256-bit private key
+     *  which can be auto-generated, and is a *base64-encoded* string which is 45 characters long. The *decoded* secret is always 32 characters long (or 256 bytes long).
+     * which can be optionally password-encrypted using 128-bit key.
+       * which is automatically detected when the key is read
+ * Rich command line interface with some innovative features, such as inline  editing of an encrypted file, using your favorite `$EDITOR`.
+ * Data handling:
+   * Automatic compression of the data upon encryption
+   * Automatic base64 encryption to make all encrypted strings fit onto a single line. 
+   * This makes the format suitable for YAML or JSON configuration files, where only the values are encrypted.
+ * Rich Ruby API 
+ * (OS-X Only): Ability to create, add and delete generic password entries from the Mac OS-X KeyChain, and to leverage the KeyChain to store sensitive private keys.
+
+### Symmetric Encryption
+
+Symmetric encryption simply means that we are using the same private key to encrypt and decrypt. 
 In addition to the private key, the encryption uses an IV vector. The library completely hides `iv` from the user, generates one random `iv` per encryption, and stores it together with the field itself (*base64-encoded*).
 
 ## Installation
@@ -60,13 +73,21 @@ Or install it into the global namespace with `gem install` command:
 
 ### Private Keys
 
-This library relies on the existance of the 32-byte private key (aka, *a secret*), that must be stored somewhere safely if your encrypted data is to be persisted, for example it can be saved into the keychain on Mac OSX. 
+This library relies on the existance of the 32-byte private key (aka, *a secret*) to perform encryption and decryption.
 
-> In fact, we put together a separate file that discusses strategies for protecting your encryption keys, for example you can read about [how to use Mac OS-X Keychain Access application](https://github.com/kigster/shhh/blob/master/MANAGING-KEYS.md) and other methods. Additions and discussion are welcome. Please contribute!
+The key can be easily:
+ 
+ * generated by this gem and displayed, copied to the clipboard, or saved to the KeyChain
+ * one way or another must be kept very well protected and secure from attackers
+ * can be fetched from the the Keychain in subsequent encryption/decryption steps
+ * password-protected, which you can enable during the generation with the `-p` flag.
+   * NOTE: right now there is no way to add a password to an existing key, only generate a new one.
 
-You can use one key for all encrypted fields, or many keys – perhaps one per deployment environment, etc. While you can have per-field private key, it seems like an overkill.
+Unencrypted private key will be in the form of a base64-encoded string, 45 characters long.
 
-__NOTE: it is considered a bad practice to check in the private key into the version control.__  If you keep your secret out of your repo, you can check-in encrypted key file directly into the repo. As long as the private key itself is safe, the data in your encrypted  will be next to impossible to extract. 
+Encrypted private key will be considerably longer, perhaps 200-300 characters long.
+
+When the private key is encrypted, `shhh` will request the password every time it is used. We are looking at adding a caching layer with a configuerable timeout, so that the password is only re-entered once per given period.
 
 ### Command Line (CLI)
  
@@ -116,7 +137,7 @@ Now, whenever you need to encrypt something, in addition to the `-k` and `-K` yo
     
 Finally, you can delete a key from KeyChain access by running:
     
-    shhh -X staging
+    shhh --keychain-del staging
     
 #### KeyChain Key Management
     
@@ -136,33 +157,41 @@ This may be a good time to take a look at the full help message for the `shhh` t
 
 Usage:
     shhh [options]
+
 Modes:
-    -e, --encrypt                 encrypt mode
-    -d, --decrypt                 decrypt mode
-    -t, --edit                    decrypt, open an encr. file in vim
+  -e, --encrypt                 encrypt mode
+  -d, --decrypt                 decrypt mode
+  -t, --edit                    decrypt, open an encr. file in vim
+
 Create a private key:
-    -g, --generate                generate a new private key
-    -p, --password                encrypt the key with a password
-    -c, --copy                    copy the new key to the clipboard
+  -g, --generate                generate a new private key
+  -p, --password                encrypt the key with a password
+  -c, --copy                    copy the new key to the clipboard
+
 Provide a private key:
-    -i, --interactive             Paste or type the key interactively
-    -k, --private-key  [key]      private key as a string
-    -K, --keyfile      [key-file] private key from a file
+  -i, --interactive             Paste or type the key interactively
+  -k, --private-key  [key]      private key as a string
+  -K, --keyfile      [key-file] private key from a file
+
 Use your KeyChain password entry to store a private key:
-    -x, --keychain     [key-name] add to, or read the key from Keychain
-    --keychain-del     [key-name] delete keychain entry with that name
+  -x, --keychain     [key-name] add to, or read the key from Keychain
+  --keychain-del     [key-name] delete keychain entry with that name
+
 Data:
-    -s, --string       [string]   specify a string to encrypt/decrypt
-    -f, --file         [file]     filename to read from
-    -o, --output       [file]     filename to write to
-    -b, --backup                  create a backup file in the edit mode
+  -s, --string       [string]   specify a string to encrypt/decrypt
+  -f, --file         [file]     filename to read from
+  -o, --output       [file]     filename to write to
+  -b, --backup                  create a backup file in the edit mode
+
 Flags:
-    -v, --verbose                 show additional information
-    -T, --trace                   print a backtrace of any errors
-    -E, --examples                show several examples
-    -V, --version                 print library version
-    -N, --no-color                disable color output
-    -h, --help                    show help
+  -v, --verbose                 show additional information
+  -q, --quiet                   silence all output
+  -T, --trace                   print a backtrace of any errors
+  -E, --examples                show several examples
+  -L, --language                natural language examples
+  -V, --version                 print library version
+  -N, --no-color                disable color output
+  -h, --help                    show help
 ```
 
 ### CLI Usage Examples
@@ -213,7 +242,7 @@ Here is a full command that opens a file specified by `-f | --file`, using the k
 
 NOTE: while much effort has been made to ensure that the gem is bug free, the reality is that no software is bug free. Please make sure to backup your encrypted file before doing it for the first few times to get familiar with the command.
      
-To edit an encrypted file in $EDITOR, while asking for a key (`-i | --interactive`), creating a backup file (`-b | --backup`):
+To edit an encrypted file in $EDITOR, while asking to paste the key (`-i | --interactive`), while creating a backup file (`-b | --backup`):
 
     shhh -tibf data.enc
     # => Private Key: ••••••••••••••••••••••••••••••••••••••••••••
@@ -224,6 +253,72 @@ To edit an encrypted file in $EDITOR, while asking for a key (`-i | --interactiv
     # ---
     # # (c) 2016 Konstantin Gredeskoul.  All rights reserved.
 
+
+### Natural Language Processing
+
+When shhh is called, and when none of the arguments contain a dash, then the the NLP (natural language processing) Translator is invoked. The Translator is based on a very simple algorithm:
+
+ * ignore all of the ambiguous words, or words with duplicate meaning
+ * unambiguously map arguments to the regular options (the double-dash version)
+ * words that already match double-dash options are double-dashed
+ * the mapping of words into --options is performed
+ * the result is parsed
+
+When verbose is provided as an argument, you will additionally see the command line arguments that NLP system had produced following the mapping of the actual arguments. This may be helpful in diagnosis of why a particular sentence is not recognized.
+
+CURRENTLY IGNORED WORDS:
+
+    and, a, the, it, item, to, key, with, about, for, of, new, make
+
+CURRENTLY DICTIONARY
+
+                          clipboard >————————➤ copy
+                             unlock >————————➤ decrypt
+                               open >————————➤ edit
+                               lock >————————➤ encrypt
+                                    >————————➤ backup
+                                    >————————➤ keychain
+                               read >————————➤ file
+                             create >————————➤ generate
+                     ask enter type >————————➤ interactive
+                               from >————————➤ keyfile
+                         save write >————————➤ output
+                      using private >————————➤ private_key
+                              value >————————➤ string
+       silently quietly silent shhh >————————➤ quiet
+           secure secured protected >————————➤ password
+
+EXAMPLES
+
+```bash
+# generate a new private key and copy to the clipboard
+shhh make new key and copy it to the clipboard
+
+# generate and save to a file a password-protected key, silently
+shhh create a secure key and save it to "my.key"
+
+# encrypt a plain text string with a key, and save the output to a file
+shhh encrypt string "secret string" using $KEY save to file.enc
+
+# decrypt a previously encrypted string:
+shhh decrypt string $ENC using a $KEY
+
+# encrypt shhh.yml with key from $KEYFILE and save it to shhh.enc
+shhh encrypt shhh.yml with key from $KEYFILE and save it to shhh.enc
+
+# decrypt an encrypted file and print it to STDOUT:
+shhh decrypt file data.enc using $KEY
+
+# edit an encrypted file in $EDITOR, ask for key, create a backup
+shhh edit file ecrets.enc ask for a key and make a backup
+
+# generate a new password-encrypted key, save it to your Keychain:
+shhh generate key with a password to keychain "kyname"
+
+# use the new key to encrypt a file:
+shhh encrypt with keychain item "keyname" file password.txt save to passwords.enc
+```
+
 ### Ruby API
 
 To use this library you must include the main `Shhh` module into your library.
@@ -312,9 +407,10 @@ Bug reports and pull requests are welcome on GitHub at https://github.com/kigste
 
 This is the proposed mini-idea/specification for an alternative CLI that is at a feature parity with the standard flag-based CLI.
 
-    shhh encrypt with $key string 'hello' and save to output.enc 
-    shhh edit file 'passwords.enc' encrypted with $key
-    shhh decrypt file /etc/secrets encrypted with $key save to ./secrets
+    shhh generate key to the clipboard and keychain 
+    shhh encrypt file 'hello' using $key [to output.enc] 
+    shhh edit 'passwords.enc' using $key
+    shhh decrypt /etc/secrets encrypted with $key save to ./secrets
     shhh encrypt with keychain $item file $input   
 
 ## License

data/bin/shhh.bash-completion

@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+#
+# Shhh command line completion
+#
+# © 2015-2016, Konstantin Gredeskoul,  https://github.com/kigster/shhh
+# MIT LICENSE
+#
+
+_shhh() {
+    local SHHH_OPTS SHHH_POINTS cur prev
+
+    cur="${COMP_WORDS[COMP_CWORD]}"
+    prev="${COMP_WORDS[COMP_CWORD-1]}"
+
+    COMPREPLY=()
+
+    SHHH_COMP_OPTIONS=$(shhh --dictionary)
+    [[ $COMP_CWORD == 1 ]] && SHHH_COMP_OPTIONS="${SHHH_COMP_OPTIONS} ${SHHH_COMMANDS}"
+    COMPREPLY=( $(compgen -W "${SHHH_COMP_OPTIONS}" -- ${cur}) )
+    return 0
+}
+
+complete -F _shhh shhh
+

data/exe/shhh

@@ -5,4 +5,15 @@ $LOAD_PATH << lib_path if File.exist?(lib_path) && !$LOAD_PATH.include?(lib_path
 
 require 'shhh'
 
-Shhh::App::CLI.new(ARGV.dup).run
+#ARGV.any?{ |a| a =~ /^-/ } ?
+begin
+ARGV.first =~ /^-/  ?
+  ::Shhh::App::CLI.new(ARGV.dup).run :
+  ::Shhh::App::NLP::Translator.new(ARGV.dup).translate.and.run
+rescue Interrupt => e
+  STDERR.flush
+  STDERR.puts "Interrupt, #{e.message}, exiting."
+  STDERR.flush
+end
+
+

data/lib/shhh/app/args.rb

@@ -1,15 +1,24 @@
 module Shhh
   module App
-    class Args < Struct.new(:opts)
+    class Args < Struct.new(:opts, :argv)
       MODE = %i(encrypt decrypt generate edit keychain)
       KEY  = %i(private_key interactive keyfile keychain)
+      OUTPUT = %i(output quiet)
 
-      def mode?; is MODE; end
-      def key?; is KEY; end
+      def mode?; is(MODE); end
+      def key?; is(KEY); end
+
+      def output_class
+        output_type = OUTPUT.find{|o| opts[o] } # includes nil
+        Shhh::App::Output.outputs[output_type]
+      end
 
       private
       def is(list)
-        list.any?{ |o| opts[o] }
+        !options_for(list).empty?
+      end
+      def options_for(of)
+        of.map{ |o| opts[o] }.compact
       end
 
     end

data/lib/shhh/app/cli.rb

@@ -1,3 +1,4 @@
+
 #!/usr/bin/env ruby
 require 'slop'
 require 'shhh'
@@ -9,8 +10,10 @@ require 'shhh/errors'
 require 'shhh/app/commands'
 require 'shhh/app/keychain'
 require 'shhh/app/private_key/handler'
+require 'shhh/app/nlp/constants'
 require 'highline'
 
+require_relative 'output/file'
 require_relative 'output/file'
 require_relative 'output/stdout'
 
@@ -50,7 +53,7 @@ module Shhh
     # in a cross-platform way inside the {Shhh::App::Keychain} module.
 
     class CLI
-      attr_accessor :opts, :output_proc, :print_proc, :write_proc,
+      attr_accessor :opts, :args, :outputs, :output_proc,
                     :action, :password, :key, :input_handler, :key_handler
 
       def initialize(argv)
@@ -60,11 +63,15 @@ module Shhh
           error exception: e
           return
         end
+
+
+        self.args = ::Shhh::App::Args.new(opts, argv)
+
         configure_color(argv)
         select_output_stream
-
         initialize_input_handler
         initialize_key_handler
+
         self.action        = { opts[:encrypt] => :encr, opts[:decrypt] => :decr }[true]
       end
 
@@ -76,11 +83,12 @@ module Shhh
         end
 
         if command
+          STDERR.puts '   Running command: '.dark + "#{command.to_s}" if opts[:verbose]
           result = command.run
           output_proc.call(result)
         else
           # command was not found. Reset output to printing, and return an error.
-          self.output_proc = print_proc
+          self.output_proc = Args.new(Hash.new, []).output_class
           command_not_found_error!
         end
 
@@ -125,9 +133,11 @@ module Shhh
       private
 
       def select_output_stream
-        self.print_proc  = Shhh::App::Output::Stdout.new(self).output_proc
-        self.write_proc  = Shhh::App::Output::File.new(self).output_proc
-        self.output_proc = opts[:output] ? self.write_proc : self.print_proc
+        out_klass = self.args.output_class
+        raise "Can not determine output class from arguments #{opts.to_hash}" unless
+          out_klass && out_klass.is_a?(Class)
+
+        self.output_proc = out_klass.new(self).output_proc
       end
 
       def configure_color(argv)
@@ -137,7 +147,6 @@ module Shhh
         end
       end
 
-
       def initialize_input_handler(handler = Input::Handler.new)
         self.input_handler = handler
       end
@@ -153,8 +162,8 @@ module Shhh
           supplied_opts = h.keys.select { |k| h[k] }.join(', ')
           error type:    'Options Error',
                 details: 'Unable to determined what command to run',
-                reason:  "You provided the following options: #{supplied_opts.bold.yellow}"
-          output_proc.call(opts.to_s)
+                reason:  "You provided the following options: #{supplied_opts.bold.yellow}",
+                comments: opts.to_s
         else
           raise Shhh::Errors::NoPrivateKeyFound.new('Private key is required')
         end
@@ -163,37 +172,49 @@ module Shhh
       def parse(arguments)
         Slop.parse(arguments) do |o|
           o.banner = 'Usage:'.bold.yellow
-          o.separator '    shhh [options]'.bold.green
-          o.separator 'Modes:'.bold.yellow
+          o.separator '    shhh [options]'.green
+          o.separator ' '
+          o.separator 'Modes:'.yellow
           o.bool '-h', '--help', '           show help'
           o.bool '-d', '--decrypt', '           decrypt mode'
           o.bool '-t', '--edit', '           decrypt, open an encr. file in ' + editor
-          o.separator 'Create a private key:'.bold.yellow
+          o.separator ' '
+          o.separator 'Create a private key:'.yellow
           o.bool '-g', '--generate', '           generate a new private key'
           o.bool '-p', '--password', '           encrypt the key with a password'
           o.bool '-c', '--copy', '           copy the new key to the clipboard'
-          o.separator 'Provide a private key:'.bold.yellow
+          o.separator ' '
+          o.separator 'Provide a private key:'.yellow
           o.bool '-i', '--interactive', '           Paste or type the key interactively'
-          o.string '-k', '--private-key', '[key]   '.bold.blue + '   private key as a string'
-          o.string '-K', '--keyfile', '[key-file]'.bold.blue + ' private key from a file'
+          o.string '-k', '--private-key', '[key]   '.blue + '   private key as a string'
+          o.string '-K', '--keyfile', '[key-file]'.blue + ' private key from a file'
           if Shhh::App.is_osx?
-            o.separator 'Use your KeyChain password entry to store a private key:'.bold.yellow
-            o.string '-x', '--keychain', '[key-name] '.bold.blue + 'add to, or read the key from Keychain'
-            o.string '--keychain-del', '[key-name] '.bold.blue + 'delete keychain entry with that name'
+            o.separator ' '
+            o.separator 'Use your KeyChain password entry to store a private key:'.yellow
+            o.string '-x', '--keychain', '[key-name] '.blue + 'add to, or read the key from Keychain'
+            o.string '--keychain-del', '[key-name] '.blue + 'delete keychain entry with that name'
           end
-          o.separator 'Data:'.bold.yellow
-          o.string '-s', '--string', '[string]'.bold.blue + '   specify a string to encrypt/decrypt'
-          o.string '-f', '--file', '[file]  '.bold.blue + '   filename to read from'
-          o.string '-o', '--output', '[file]  '.bold.blue + '   filename to write to'
+          o.separator ' '
+          o.separator 'Data:'.yellow
+          o.string '-s', '--string', '[string]'.blue + '   specify a string to encrypt/decrypt'
+          o.string '-f', '--file', '[file]  '.blue + '   filename to read from'
+          o.string '-o', '--output', '[file]  '.blue + '   filename to write to'
           o.bool '-b',  '--backup',      '           create a backup file in the edit mode'
+          o.separator ' '
           o.separator 'Flags:'.bold.yellow
           o.bool '-v',  '--verbose',     '           show additional information'
+          o.bool '-q',  '--quiet',       '           silence all output'
           o.bool '-T',  '--trace',       '           print a backtrace of any errors'
           o.bool '-E',  '--examples',    '           show several examples'
+          o.bool '-L',  '--language',    '           natural language examples'
           o.bool '-V',  '--version',     '           print library version'
           o.bool '-N',  '--no-color',    '           disable color output'
           o.bool '-e',  '--encrypt',     '           encrypt mode'
           o.separator ''
+          o.on '--dictionary' do
+            puts o.to_a.map{ |w| "#{w.flags.reject{|f| f.to_s !~ /--/ }.first.to_s}" }.join(' ')
+            exit 0
+          end
         end
       rescue StandardError => e
         raise(e)

data/lib/shhh/app/commands/command.rb

@@ -9,6 +9,8 @@ module Shhh
             class << self
               attr_accessor :required, :incompatible
 
+              include Shhh::App::ShortName
+
               def try_after(*dependencies)
                 Shhh::App::Commands.order(self, dependencies)
               end
@@ -25,10 +27,6 @@ module Shhh
                 incompatible
               end
 
-              def short_name
-                name.split(/::/)[-1].underscore.to_sym
-              end
-
               def options_satisfied_by?(opts_hash)
                 proc = required_options.find { |option| option.is_a?(Proc) }
                 return true if proc && proc.call(opts_hash)
@@ -62,6 +60,10 @@ module Shhh
           raise Shhh::Errors::AbstractMethodCalled.new(:run)
         end
 
+        def to_s
+          "#{self.class.short_name.to_s.bold.yellow}, with options: #{cli.args.argv.join(' ').gsub(/--/, '').bold.green}"
+        end
+
       end
     end
   end

data/lib/shhh/app/commands/show_help.rb

@@ -8,7 +8,7 @@ module Shhh
         try_after :generate_key, :open_editor, :encrypt_decrypt
 
         def run
-          opts.to_s
+          opts.to_s(prefix: ' ' * 2)
         end
       end
     end

data/lib/shhh/app/commands/show_language_examples.rb

@@ -0,0 +1,81 @@
+require 'colored2'
+require_relative 'command'
+require_relative '../nlp'
+module Shhh
+  module App
+    module Commands
+      class ShowLanguageExamples < Command
+        required_options :language
+        try_after :show_help
+
+
+
+        def run
+          output = []
+
+          output << Shhh::App::NLP::Base.usage
+
+          output << example(comment: 'generate a new private key and copy to the clipboard but do not print to terminal',
+                            command: 'shhh create new key to clipboard quietly'
+          )
+
+          output << example(comment: 'generate and save to a file a password-protected key, silently',
+                            command: 'shhh create a secure key and save it to "my.key"',
+          )
+
+          output << example(comment: 'encrypt a plain text string with a key, and save the output to a file',
+                            command: 'shhh encrypt string "secret string" using $(cat my.key) save to file.enc')
+
+          output << example(comment: 'decrypt a previously encrypted string:',
+                            command: 'shhh decrypt string $ENC using $(cat my.key)')
+
+          output << example(comment: 'encrypt "file.txt" with key from my.key and save it to file.enc',
+                            command: 'shhh encrypt file file.txt with key from my.key and save it to file.enc')
+
+          output << example(comment: 'decrypt an encrypted file and print it to STDOUT:',
+                            command: 'shhh decrypt file file.enc with key from "my.key"')
+
+          output << example(comment: 'edit an encrypted file in $EDITOR, ask for key, and create a backup upon save',
+                            command: 'shhh edit file file.enc ask for a key and make a backup',
+          )
+
+          if Shhh::App.is_osx?
+            output << example(comment: 'generate a new password-encrypted key, save it to your Keychain:',
+                              command: 'shhh create a new protected key store in keychain "my-keychain-key"')
+
+            output << example(comment: 'print the key stored in the keychain item "my-keychain-key"',
+                              command: 'shhh print keychain "my-keychain-key"')
+
+            output << example(comment: 'use the new key to encrypt a file:',
+                              command: 'shhh encrypt with keychain "my-keychain-key" file "password.txt" and write to "passwords.enc"')
+
+          end
+
+          output.flatten.compact.join("\n")
+        end
+
+        def example(comment: nil, command: nil, echo: nil, result: nil)
+          @dict   ||= ::Shhh::App::NLP::Constants::DICTIONARY.to_a.flatten!
+          _command = command.split(' ').map do |w|
+            _w = w.to_sym
+            if w == 'shhh'
+              w.italic.yellow
+            elsif ::Shhh::App::NLP::Constants::STRIPPED.include?(_w)
+              w.italic.red
+            elsif @dict.include?(_w)
+              w.blue
+            else
+              w
+            end
+          end.join(' ') if command
+          out     = []
+          out << "# #{comment}".white.dark.italic if comment
+          out << "#{_command}" if command
+          out << "#{echo}" if echo
+          out << "#{result}" if result
+          out << (' '*80).dark
+        end
+      end
+    end
+  end
+end

data/lib/shhh/app/nlp/constants.rb

@@ -0,0 +1,32 @@
+module Shhh
+  module App
+    module NLP
+      module Constants
+        STRIPPED = %i(and a the it item to key with about for of new make store in print)
+
+        DICTIONARY = {
+          # option (Slop)
+          #               list of english words that map to it
+          :copy        => [:clipboard],
+          :decrypt     => [:unlock],
+          :edit        => [:open],
+          :encrypt     => [:lock],
+          :backup      => [],
+          :keychain    => [],
+          :file        => [:read],
+          :generate    => [:create],
+          :interactive => [:ask, :enter, :type],
+          :keyfile     => [:from],
+          :output      => [:save, :write],
+          :private_key => [:using, :private],
+          :string      => [:value],
+          :quiet       => [:silently, :quietly, :silent, :shhh],
+          :password    => [:secure, :secured, :protected]
+        }
+
+      end
+
+    end
+  end
+end
+

data/lib/shhh/app/nlp/translator.rb

@@ -0,0 +1,61 @@
+require_relative 'constants'
+module Shhh
+  module App
+    module NLP
+      class Translator
+
+        attr_accessor :argv, :translated_argv, :opts
+
+        def initialize(argv)
+          self.argv            = argv
+          self.opts            = CLI.new(%w(-E)).opts.to_hash
+          self.translated_argv = []
+        end
+
+        def dict
+          ::Shhh::App::NLP::Constants::DICTIONARY
+        end
+
+        def stripped
+          ::Shhh::App::NLP::Constants::STRIPPED
+        end
+
+        def translate
+          self.translated_argv = argv.map do |value|
+            nlp_argument = value.to_sym
+            arg = nil
+            arg ||= dict.keys.find do |key|
+              dict[key].include?(nlp_argument) || key == nlp_argument
+            end
+            arg ||= nlp_argument
+
+            if stripped.include?(arg)
+              # nada
+            elsif opts.to_hash.key?(arg)
+              '--' + "#{arg.to_s.gsub(/_/, '-')}"
+            else
+              arg.to_s
+            end
+          end.compact
+
+          counts = {}
+          translated_argv.each{ |arg| counts.key?(arg) ? counts[arg] += 1 : counts[arg] = 1 }
+          translated_argv.delete_if{ |arg| counts[arg] > 1 }
+          self
+        end
+
+        def and
+          translate if translated_argv.empty?
+          if self.translated_argv.include?('--verbose')
+            STDERR.puts 'Original arguments: '.dark + "#{argv.join(' ').green}"
+            STDERR.puts '   Translated argv: '.dark + "#{translated_argv.join(' ').blue}"
+          end
+          ::Shhh::App::CLI.new(self.translated_argv)
+        end
+
+        alias_method :cli, :and
+
+      end
+    end
+  end
+end

data/lib/shhh/app/nlp/usage.rb

@@ -0,0 +1,72 @@
+require 'pp'
+module Shhh
+  module App
+    #     shhh generate key to the clipboard and keychain
+    #     shhh encrypt file 'hello' using $key [to output.enc]
+    #     shhh edit 'passwords.enc' using $key
+    #     shhh decrypt /etc/secrets encrypted with $key save to ./secrets
+    #     shhh encrypt file $input with keychain $item
+    module NLP
+      module Usage
+
+        def usage
+          out = ''
+          out << %Q`
+#{header('Natural Language Processing')}
+
+#{'When '.dark.normal}#{'shhh'.bold.blue} #{'is invoked, and the first argument does not begin with a dash,
+then the the NLP (natural language processing) Translator is invoked.
+The Translator is based on a very simple algorithm:
+
+ * ignore any of the words tagged STRIPPED. These are the ambiguous words,
+   or words with duplicate meaning.
+
+ * map the remaining arguments to regular double-dashed options using the DICTIONARY
+
+ * words that are a direct match for a --option are automatically double-dashed
+
+ * remaining words are left as is (these would be file names, key names, etc).
+
+ * finally, the resulting "new" command line is parsed with regular options.
+
+ * When arguments include "verbose", NLP system will print "before" and "after"
+   of the arguments, so that any issues can be debugged and corrected.
+
+'.dark.normal}
+
+#{header('Currently ignored words:')}
+    #{Constants::STRIPPED.join(', ').red.italic}
+
+#{header('Regular Word Mapping')}
+#{Constants::DICTIONARY.pretty_inspect.split(/\n/).map do |line|
+            line.gsub(
+              /[\:\}\,\[\]]/, ''
+            ).gsub(
+              /[ {](\w+)=>([^\n]*)/, '\2|\1'
+            )
+          end.map { |line| convert_dictionary(*line.split('|')) }.join}
+
+#{header('Examples')}
+`
+          out
+        end
+
+        def convert_dictionary(left = '', right = '')
+          [
+            sprintf('%35.35s', left.gsub(/ /, ' ')).italic.yellow,
+            '   ───────➤   '.dark,
+            sprintf('--%-20.20s', right).blue,
+
+            "\n"
+          ].join
+        end
+
+        private
+        def header(title)
+          title.upcase.bold.underlined
+        end
+
+      end
+    end
+  end
+end

data/lib/shhh/app/nlp.rb

@@ -0,0 +1,18 @@
+require_relative 'cli'
+require_relative 'nlp/constants'
+require_relative 'nlp/usage'
+require_relative 'nlp/translator'
+module Shhh
+  module App
+    #     shhh generate key to the clipboard and keychain
+    #     shhh encrypt file 'hello' using $key [to output.enc]
+    #     shhh edit 'passwords.enc' using $key
+    #     shhh decrypt /etc/secrets encrypted with $key save to ./secrets
+    #     shhh encrypt file $input with keychain $item
+    module NLP
+      class Base
+        extend Usage
+      end
+    end
+  end
+end

data/lib/shhh/app/output/base.rb

@@ -0,0 +1,61 @@
+require 'shhh/app/short_name'
+module Shhh
+  module App
+    module Output
+      class Base
+
+        attr_accessor :cli
+
+        def initialize(cli)
+          self.cli = cli
+        end
+
+        def opts
+          cli.opts
+        end
+
+        @outputs = []
+        class << self
+          attr_accessor :outputs
+
+          def append(output_klass)
+            outputs << output_klass if outputs.is_a?(Array)
+            raise "Cannot append #{output_class} after #outputs has been converted to a Hash" \
+              unless outputs.is_a?(Array)
+          end
+
+          def map_outputs!
+            klasses      = self.outputs
+            self.outputs = Hash.new
+            klasses.each { |k| self.outputs[k.required_option] = k }
+            outputs
+          end
+
+          def options_to_outputs
+            map_outputs! if outputs.is_a?(Array)
+            outputs
+          end
+        end
+
+        def self.inherited(klass)
+          klass.instance_eval do
+            class << self
+              attr_writer :required_option
+            end
+
+            klass.required_option = nil
+
+            class << self
+              def required_option(_option = nil)
+                self.required_option = _option if _option
+                @required_option
+              end
+            end
+          end
+          klass.extend(Shhh::App::ShortName)
+          Shhh::App::Output::Base.append klass
+        end
+      end
+    end
+  end
+end

data/lib/shhh/app/output/file.rb

@@ -1,16 +1,11 @@
+require 'shhh/app/output/base'
 module Shhh
   module App
     module Output
-      class File
-        attr_accessor :cli
+      class File < ::Shhh::App::Output::Base
 
-        def initialize(cli)
-          self.cli = cli
-        end
+        required_option :output
 
-        def opts
-          cli.opts
-        end
 
         def output_proc
           ->(data) {

data/lib/shhh/app/output/noop.rb

@@ -0,0 +1,14 @@
+require_relative 'base'
+module Shhh
+  module App
+    module Output
+      class Noop < Shhh::App::Output::Base
+        required_option :quiet
+
+        def output_proc
+          ->(*) { ; }
+        end
+      end
+    end
+  end
+end

data/lib/shhh/app/output/stdout.rb

@@ -1,7 +1,9 @@
+require 'shhh/app/output/file'
 module Shhh
   module App
     module Output
-      class Stdout < File
+      class Stdout < ::Shhh::App::Output::Base
+        required_option nil
         def output_proc
           ->(argument) { puts argument }
         end

data/lib/shhh/app/output.rb

@@ -0,0 +1,15 @@
+require 'shhh/app/output/base'
+require 'shhh/app/output/file'
+require 'shhh/app/output/stdout'
+require 'shhh/app/output/noop'
+
+module Shhh
+  module App
+    module Output
+      def self.outputs
+        Shhh::App::Output::Base.options_to_outputs
+      end
+    end
+  end
+end
+

data/lib/shhh/app/short_name.rb

@@ -0,0 +1,10 @@
+require 'active_support/inflector'
+module Shhh
+  module App
+    module ShortName
+      def short_name
+        self.name.split(/::/)[-1].underscore.to_sym
+      end
+    end
+  end
+end

data/lib/shhh/app.rb

@@ -27,12 +27,14 @@ module Shhh
       exception: nil,
       type: nil,
       details: nil,
-      reason: nil)
+      reason: nil,
+      comments: nil)
 
       self.out.puts([\
                     "#{(type || exception.class.name).titleize}:".red.bold.underlined +
                     (sprintf '  %s', details || exception.message).red.italic,
-                    reason ? "\n#{reason.blue.bold.italic}" : nil].compact.join("\n"))
+                    (reason ? "\n#{reason.blue.bold.italic}" : nil),
+                    (comments ? "\n\n#{comments}" : nil)].compact.join("\n"))
       self.out.puts "\n" + exception.backtrace.join("\n").bold.red if exception && config && config[:trace]
       self.exit_code = 1
     end

data/lib/shhh/version.rb

@@ -1,3 +1,3 @@
 module Shhh
-  VERSION = '1.4.1'
+  VERSION = '1.5.4'
 end

data/shhh.gemspec

@@ -2,7 +2,7 @@
 lib = File.expand_path('../lib', __FILE__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 require 'shhh/version'
-
+BASH_COMPLETION = File.read("#{lib}/../bin/shhh.bash-completion")
 Gem::Specification.new do |spec|
   spec.name          = 'shhh'
   spec.version       = Shhh::VERSION
@@ -17,6 +17,17 @@ Gem::Specification.new do |spec|
   spec.bindir        = 'exe'
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ['lib']
+  spec.required_ruby_version = '>= 2.2'
+  spec.post_install_message = "
+
+Please copy and paste the following BASH function into your ~/.bashrc or
+equivalent, in order to enable command completion:
+
+#{BASH_COMPLETION}
+
+Thank you for installing Shhh!
+   -- KG (github.com/kigster)
+"
 
   spec.add_dependency 'require_dir', '~> 0.1'
   spec.add_dependency 'colored2', '~> 2.0'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: shhh
 version: !ruby/object:Gem::Version
-  version: 1.4.1
+  version: 1.5.4
 platform: ruby
 authors:
 - Konstantin Gredeskoul
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2016-08-12 00:00:00.000000000 Z
+date: 2016-08-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: require_dir
@@ -189,6 +189,7 @@ files:
 - Rakefile
 - bin/console
 - bin/setup
+- bin/shhh.bash-completion
 - exe/keychain
 - exe/shhh
 - lib/shhh.rb
@@ -204,15 +205,24 @@ files:
 - lib/shhh/app/commands/print_key.rb
 - lib/shhh/app/commands/show_examples.rb
 - lib/shhh/app/commands/show_help.rb
+- lib/shhh/app/commands/show_language_examples.rb
 - lib/shhh/app/commands/show_version.rb
 - lib/shhh/app/input/handler.rb
 - lib/shhh/app/keychain.rb
+- lib/shhh/app/nlp.rb
+- lib/shhh/app/nlp/constants.rb
+- lib/shhh/app/nlp/translator.rb
+- lib/shhh/app/nlp/usage.rb
+- lib/shhh/app/output.rb
+- lib/shhh/app/output/base.rb
 - lib/shhh/app/output/file.rb
+- lib/shhh/app/output/noop.rb
 - lib/shhh/app/output/stdout.rb
 - lib/shhh/app/private_key/base64_decoder.rb
 - lib/shhh/app/private_key/decryptor.rb
 - lib/shhh/app/private_key/detector.rb
 - lib/shhh/app/private_key/handler.rb
+- lib/shhh/app/short_name.rb
 - lib/shhh/cipher_handler.rb
 - lib/shhh/configuration.rb
 - lib/shhh/data.rb
@@ -227,7 +237,40 @@ files:
 homepage: https://github.com/kigster/shhh
 licenses: []
 metadata: {}
-post_install_message: 
+post_install_message: |2
+
+
+  Please copy and paste the following BASH function into your ~/.bashrc or
+  equivalent, in order to enable command completion:
+
+  #!/usr/bin/env bash
+  #
+  # Shhh command line completion
+  #
+  # © 2015-2016, Konstantin Gredeskoul,  https://github.com/kigster/shhh
+  # MIT LICENSE
+  #
+
+  _shhh() {
+      local SHHH_OPTS SHHH_POINTS cur prev
+
+      cur="${COMP_WORDS[COMP_CWORD]}"
+      prev="${COMP_WORDS[COMP_CWORD-1]}"
+
+      COMPREPLY=()
+
+      SHHH_COMP_OPTIONS=$(shhh --dictionary)
+      [[ $COMP_CWORD == 1 ]] && SHHH_COMP_OPTIONS="${SHHH_COMP_OPTIONS} ${SHHH_COMMANDS}"
+      COMPREPLY=( $(compgen -W "${SHHH_COMP_OPTIONS}" -- ${cur}) )
+      return 0
+  }
+
+  complete -F _shhh shhh
+
+
+
+  Thank you for installing Shhh!
+     -- KG (github.com/kigster)
 rdoc_options: []
 require_paths:
 - lib
@@ -235,7 +278,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: '2.2'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
@@ -243,7 +286,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.6
+rubygems_version: 2.5.1
 signing_key: 
 specification_version: 4
 summary: Simple tool to encrypt/decrypt data using symmetric aes-256-cbc encryption