@barekey/cli 0.1.0

package/dist/commands/env.js

@@ -0,0 +1,295 @@
+import { writeFile } from "node:fs/promises";
+import { cancel, confirm, isCancel } from "@clack/prompts";
+import { BarekeyClient } from "@barekey/sdk";
+import pc from "picocolors";
+import { createCliAuthProvider } from "../auth-provider.js";
+import { addTargetOptions, dotenvEscape, parseChance, requireLocalSession, resolveTarget, toJsonOutput, } from "../command-utils.js";
+import { postJson } from "../http.js";
+function createEnvClient(input) {
+    const organization = input.organization?.trim();
+    if (!organization) {
+        throw new Error("Organization slug is required.");
+    }
+    return new BarekeyClient({
+        organization,
+        project: input.project,
+        environment: input.environment,
+    });
+}
+async function runEnvGet(name, options) {
+    const local = await requireLocalSession();
+    const target = await resolveTarget(options, local);
+    const client = createEnvClient({
+        organization: target.orgSlug ?? local.credentials.orgSlug,
+        project: target.projectSlug,
+        environment: target.stageSlug,
+    });
+    const value = await client.get(name, {
+        seed: options.seed,
+        key: options.key,
+    });
+    if (options.json) {
+        toJsonOutput(true, {
+            name,
+            value,
+        });
+        return;
+    }
+    console.log(String(value));
+}
+async function runEnvGetMany(options) {
+    const local = await requireLocalSession();
+    const target = await resolveTarget(options, local);
+    const client = createEnvClient({
+        organization: target.orgSlug ?? local.credentials.orgSlug,
+        project: target.projectSlug,
+        environment: target.stageSlug,
+    });
+    const names = options.names
+        .split(",")
+        .map((value) => value.trim())
+        .filter((value) => value.length > 0);
+    const resolved = await Promise.all(names.map(async (resolvedName) => ({
+        name: resolvedName,
+        value: await client.get(resolvedName, {
+            seed: options.seed,
+            key: options.key,
+        }),
+    })));
+    if (options.json) {
+        toJsonOutput(true, resolved);
+        return;
+    }
+    for (const value of resolved.sort((left, right) => left.name.localeCompare(right.name))) {
+        if (value) {
+            console.log(`${value.name}=${String(value.value)}`);
+        }
+    }
+}
+async function runEnvList(options) {
+    const local = await requireLocalSession();
+    const target = await resolveTarget(options, local);
+    const authProvider = createCliAuthProvider();
+    const accessToken = await authProvider.getAccessToken();
+    const response = await postJson({
+        baseUrl: local.baseUrl,
+        path: "/v1/env/list",
+        accessToken,
+        payload: {
+            orgSlug: target.orgSlug,
+            projectSlug: target.projectSlug,
+            stageSlug: target.stageSlug,
+        },
+    });
+    if (options.json) {
+        toJsonOutput(true, response.variables);
+        return;
+    }
+    if (response.variables.length === 0) {
+        console.log("No variables found.");
+        return;
+    }
+    for (const row of response.variables) {
+        const chanceSuffix = row.kind === "ab_roll" ? ` chance=${row.chance ?? 0}` : "";
+        const rolloutSuffix = row.kind === "rollout"
+            ? ` ${pc.dim(`${row.rolloutFunction ?? "linear"}(${row.rolloutMilestones?.length ?? 0} milestones)`)}`
+            : "";
+        console.log(`${row.name}  ${pc.dim(row.kind)}  ${pc.dim(row.declaredType)}${chanceSuffix}${rolloutSuffix}`);
+    }
+}
+async function runEnvWrite(operation, name, value, options) {
+    const local = await requireLocalSession();
+    const target = await resolveTarget(options, local);
+    const authProvider = createCliAuthProvider();
+    const accessToken = await authProvider.getAccessToken();
+    const entry = options.ab !== undefined
+        ? {
+            name,
+            kind: "ab_roll",
+            declaredType: options.type ?? "string",
+            valueA: value,
+            valueB: options.ab,
+            chance: parseChance(options.chance),
+        }
+        : {
+            name,
+            kind: "secret",
+            declaredType: options.type ?? "string",
+            value,
+        };
+    const result = await postJson({
+        baseUrl: local.baseUrl,
+        path: "/v1/env/write",
+        accessToken,
+        payload: {
+            orgSlug: target.orgSlug,
+            projectSlug: target.projectSlug,
+            stageSlug: target.stageSlug,
+            mode: operation,
+            entries: [entry],
+            deletes: [],
+        },
+    });
+    if (options.json) {
+        toJsonOutput(true, result);
+        return;
+    }
+    console.log(`Created: ${result.createdCount}, Updated: ${result.updatedCount}, Deleted: ${result.deletedCount}`);
+}
+async function runEnvDelete(name, options) {
+    const local = await requireLocalSession();
+    const target = await resolveTarget(options, local);
+    const authProvider = createCliAuthProvider();
+    const accessToken = await authProvider.getAccessToken();
+    if (!options.ignoreMissing) {
+        const listed = await postJson({
+            baseUrl: local.baseUrl,
+            path: "/v1/env/list",
+            accessToken,
+            payload: {
+                orgSlug: target.orgSlug,
+                projectSlug: target.projectSlug,
+                stageSlug: target.stageSlug,
+            },
+        });
+        const exists = listed.variables.some((row) => row.name === name);
+        if (!exists) {
+            throw new Error(`Variable ${name} was not found in this stage.`);
+        }
+    }
+    if (!options.yes) {
+        if (!process.stdout.isTTY) {
+            throw new Error("Deletion requires --yes in non-interactive mode.");
+        }
+        const confirmed = await confirm({
+            message: `Delete variable ${name}?`,
+            initialValue: false,
+        });
+        if (isCancel(confirmed)) {
+            cancel("Delete canceled.");
+            return;
+        }
+        if (!confirmed) {
+            throw new Error("Delete canceled.");
+        }
+    }
+    const result = await postJson({
+        baseUrl: local.baseUrl,
+        path: "/v1/env/write",
+        accessToken,
+        payload: {
+            orgSlug: target.orgSlug,
+            projectSlug: target.projectSlug,
+            stageSlug: target.stageSlug,
+            mode: "upsert",
+            entries: [],
+            deletes: [name],
+        },
+    });
+    if (options.json) {
+        toJsonOutput(true, result);
+        return;
+    }
+    console.log(`Deleted: ${result.deletedCount}`);
+}
+async function runEnvPull(options) {
+    const local = await requireLocalSession();
+    const target = await resolveTarget(options, local);
+    const authProvider = createCliAuthProvider();
+    const accessToken = await authProvider.getAccessToken();
+    const response = await postJson({
+        baseUrl: local.baseUrl,
+        path: "/v1/env/pull",
+        accessToken,
+        payload: {
+            orgSlug: target.orgSlug,
+            projectSlug: target.projectSlug,
+            stageSlug: target.stageSlug,
+            seed: options.seed,
+            key: options.key,
+        },
+    });
+    const format = options.format ?? "dotenv";
+    const sortedKeys = Object.keys(response.byName).sort((left, right) => left.localeCompare(right));
+    const output = format === "json"
+        ? `${JSON.stringify(response.byName, null, 2)}\n`
+        : `${sortedKeys.map((keyName) => `${keyName}=${dotenvEscape(response.byName[keyName] ?? "")}`).join("\n")}\n`;
+    if (options.out) {
+        await writeFile(options.out, output, "utf8");
+        console.log(`Wrote ${options.out}`);
+        return;
+    }
+    if (options.redact && !process.stdout.isTTY) {
+        console.log(`Pulled ${response.values.length} variables.`);
+        return;
+    }
+    process.stdout.write(output);
+}
+export function registerEnvCommands(program) {
+    const env = program.command("env").description("Environment variable operations");
+    addTargetOptions(env
+        .command("get")
+        .description("Evaluate one variable")
+        .argument("<name>", "Variable name")
+        .option("--seed <value>", "Deterministic seed")
+        .option("--key <value>", "Deterministic key")
+        .option("--json", "Machine-readable output", false)).action(async (name, options) => {
+        await runEnvGet(name, options);
+    });
+    addTargetOptions(env
+        .command("get-many")
+        .description("Evaluate a batch of variables")
+        .requiredOption("--names <csv>", "Comma-separated variable names")
+        .option("--seed <value>", "Deterministic seed")
+        .option("--key <value>", "Deterministic key")
+        .option("--json", "Machine-readable output", false)).action(async (options) => {
+        await runEnvGetMany(options);
+    });
+    addTargetOptions(env
+        .command("list")
+        .description("List variables for a project stage")
+        .option("--json", "Machine-readable output", false)).action(async (options) => {
+        await runEnvList(options);
+    });
+    addTargetOptions(env
+        .command("new")
+        .description("Create one variable")
+        .argument("<name>", "Variable name")
+        .argument("<value>", "Variable value")
+        .option("--ab <value-b>", "Second value for ab_roll")
+        .option("--chance <number>", "A-branch probability between 0 and 1")
+        .option("--type <type>", "Declared value type", "string")
+        .option("--json", "Machine-readable output", false)).action(async (name, value, options) => {
+        await runEnvWrite("create_only", name, value, options);
+    });
+    addTargetOptions(env
+        .command("set")
+        .description("Upsert one variable")
+        .argument("<name>", "Variable name")
+        .argument("<value>", "Variable value")
+        .option("--ab <value-b>", "Second value for ab_roll")
+        .option("--chance <number>", "A-branch probability between 0 and 1")
+        .option("--type <type>", "Declared value type", "string")
+        .option("--json", "Machine-readable output", false)).action(async (name, value, options) => {
+        await runEnvWrite("upsert", name, value, options);
+    });
+    addTargetOptions(env
+        .command("delete")
+        .description("Delete one variable")
+        .argument("<name>", "Variable name")
+        .option("--yes", "Skip confirmation", false)
+        .option("--ignore-missing", "Do not fail when variable is missing", false)
+        .option("--json", "Machine-readable output", false)).action(async (name, options) => {
+        await runEnvDelete(name, options);
+    });
+    addTargetOptions(env
+        .command("pull")
+        .description("Pull resolved variables for a project stage")
+        .option("--format <type>", "Output format: dotenv|json", "dotenv")
+        .option("--out <path>", "Output file path")
+        .option("--seed <value>", "Deterministic seed")
+        .option("--key <value>", "Deterministic key")
+        .option("--redact", "Print only summary in non-file mode", false)).action(async (options) => {
+        await runEnvPull(options);
+    });
+}

package/dist/commands/typegen.d.ts

@@ -0,0 +1,2 @@
+import { Command } from "commander";
+export declare function registerTypegenCommand(program: Command): void;

package/dist/commands/typegen.js

@@ -0,0 +1,25 @@
+import { BarekeyClient } from "@barekey/sdk";
+import { addTargetOptions, requireLocalSession, resolveTarget, } from "../command-utils.js";
+async function runTypegen(options) {
+    const local = await requireLocalSession();
+    const target = await resolveTarget(options, local);
+    const organization = target.orgSlug ?? local.credentials.orgSlug;
+    if (!organization || organization.trim().length === 0) {
+        throw new Error("Organization slug is required.");
+    }
+    const client = new BarekeyClient({
+        organization,
+        project: target.projectSlug,
+        environment: target.stageSlug,
+        typegen: false,
+    });
+    const result = await client.typegen();
+    console.log(`${result.written ? "Updated" : "Unchanged"} ${result.path}`);
+}
+export function registerTypegenCommand(program) {
+    addTargetOptions(program
+        .command("typegen")
+        .description("Generate Barekey SDK types in the installed @barekey/sdk module")).action(async (options) => {
+        await runTypegen(options);
+    });
+}

package/dist/constants.d.ts

@@ -0,0 +1,4 @@
+export declare const CLI_NAME = "barekey";
+export declare const CLI_DESCRIPTION = "Barekey CLI";
+export declare const CLI_VERSION = "0.2.0";
+export declare const DEFAULT_BAREKEY_API_URL = "https://api.barekey.dev";

package/dist/constants.js

@@ -0,0 +1,4 @@
+export const CLI_NAME = "barekey";
+export const CLI_DESCRIPTION = "Barekey CLI";
+export const CLI_VERSION = "0.2.0";
+export const DEFAULT_BAREKEY_API_URL = "https://api.barekey.dev";

package/dist/credentials-store.d.ts

@@ -0,0 +1,7 @@
+import type { CliConfig, CliCredentials } from "./types.js";
+export declare function saveConfig(config: CliConfig): Promise<void>;
+export declare function loadConfig(): Promise<CliConfig | null>;
+export declare function clearConfig(): Promise<void>;
+export declare function saveCredentials(accountId: string, credentials: CliCredentials): Promise<void>;
+export declare function loadCredentials(accountId: string): Promise<CliCredentials | null>;
+export declare function deleteCredentials(accountId: string): Promise<void>;

package/dist/credentials-store.js

@@ -0,0 +1,199 @@
+import { mkdir, readFile, rm, writeFile } from "node:fs/promises";
+import { homedir } from "node:os";
+import path from "node:path";
+import { spawn } from "node:child_process";
+const SERVICE_NAME = "barekey-cli";
+const CONFIG_DIR = path.join(homedir(), ".config", "barekey");
+const CONFIG_PATH = path.join(CONFIG_DIR, "config.json");
+const CREDENTIALS_DIR = path.join(CONFIG_DIR, "credentials");
+function runCommand(command, args, input) {
+    return new Promise((resolve) => {
+        const child = spawn(command, args, {
+            stdio: "pipe",
+        });
+        let stdout = "";
+        let stderr = "";
+        child.stdout.on("data", (chunk) => {
+            stdout += chunk.toString("utf8");
+        });
+        child.stderr.on("data", (chunk) => {
+            stderr += chunk.toString("utf8");
+        });
+        child.on("error", () => {
+            resolve({ stdout: "", stderr: "", code: 127 });
+        });
+        child.on("close", (code) => {
+            resolve({ stdout, stderr, code: code ?? 1 });
+        });
+        if (input !== undefined) {
+            child.stdin.write(input);
+        }
+        child.stdin.end();
+    });
+}
+async function ensureConfigDir() {
+    await mkdir(CONFIG_DIR, {
+        recursive: true,
+        mode: 0o700,
+    });
+}
+async function ensureCredentialsDir() {
+    await ensureConfigDir();
+    await mkdir(CREDENTIALS_DIR, {
+        recursive: true,
+        mode: 0o700,
+    });
+}
+async function readJsonFile(filePath) {
+    try {
+        const value = await readFile(filePath, "utf8");
+        return JSON.parse(value);
+    }
+    catch {
+        return null;
+    }
+}
+async function writeJsonFile(filePath, value) {
+    await ensureConfigDir();
+    await writeFile(filePath, JSON.stringify(value, null, 2), {
+        encoding: "utf8",
+        mode: 0o600,
+    });
+}
+function credentialsPathForAccount(accountId) {
+    return path.join(CREDENTIALS_DIR, `${encodeURIComponent(accountId)}.json`);
+}
+async function canUseLinuxSecretTool() {
+    if (process.platform !== "linux") {
+        return false;
+    }
+    const result = await runCommand("which", ["secret-tool"]);
+    return result.code === 0;
+}
+async function canUseMacSecurity() {
+    if (process.platform !== "darwin") {
+        return false;
+    }
+    const result = await runCommand("which", ["security"]);
+    return result.code === 0;
+}
+async function setInKeychain(account, value) {
+    if (await canUseMacSecurity()) {
+        const result = await runCommand("security", [
+            "add-generic-password",
+            "-U",
+            "-s",
+            SERVICE_NAME,
+            "-a",
+            account,
+            "-w",
+            value,
+        ]);
+        return result.code === 0;
+    }
+    if (await canUseLinuxSecretTool()) {
+        const result = await runCommand("secret-tool", ["store", `--label=${SERVICE_NAME}`, "service", SERVICE_NAME, "account", account], value);
+        return result.code === 0;
+    }
+    return false;
+}
+async function getFromKeychain(account) {
+    if (await canUseMacSecurity()) {
+        const result = await runCommand("security", [
+            "find-generic-password",
+            "-s",
+            SERVICE_NAME,
+            "-a",
+            account,
+            "-w",
+        ]);
+        if (result.code !== 0) {
+            return null;
+        }
+        const value = result.stdout.trim();
+        return value.length > 0 ? value : null;
+    }
+    if (await canUseLinuxSecretTool()) {
+        const result = await runCommand("secret-tool", [
+            "lookup",
+            "service",
+            SERVICE_NAME,
+            "account",
+            account,
+        ]);
+        if (result.code !== 0) {
+            return null;
+        }
+        const value = result.stdout.trim();
+        return value.length > 0 ? value : null;
+    }
+    return null;
+}
+async function deleteFromKeychain(account) {
+    if (await canUseMacSecurity()) {
+        const result = await runCommand("security", [
+            "delete-generic-password",
+            "-s",
+            SERVICE_NAME,
+            "-a",
+            account,
+        ]);
+        return result.code === 0;
+    }
+    if (await canUseLinuxSecretTool()) {
+        const result = await runCommand("secret-tool", [
+            "clear",
+            "service",
+            SERVICE_NAME,
+            "account",
+            account,
+        ]);
+        return result.code === 0;
+    }
+    return false;
+}
+export async function saveConfig(config) {
+    await writeJsonFile(CONFIG_PATH, config);
+}
+export async function loadConfig() {
+    return readJsonFile(CONFIG_PATH);
+}
+export async function clearConfig() {
+    await rm(CONFIG_PATH, {
+        force: true,
+    });
+}
+export async function saveCredentials(accountId, credentials) {
+    const serialized = JSON.stringify(credentials);
+    const storedInKeychain = await setInKeychain(accountId, serialized);
+    if (storedInKeychain) {
+        await rm(credentialsPathForAccount(accountId), {
+            force: true,
+        });
+        return;
+    }
+    await ensureCredentialsDir();
+    await writeFile(credentialsPathForAccount(accountId), serialized, {
+        encoding: "utf8",
+        mode: 0o600,
+    });
+}
+export async function loadCredentials(accountId) {
+    const fromKeychain = await getFromKeychain(accountId);
+    if (fromKeychain !== null) {
+        try {
+            return JSON.parse(fromKeychain);
+        }
+        catch {
+            // Fall back to file credentials when keychain data is malformed.
+        }
+    }
+    const fromFile = await readJsonFile(credentialsPathForAccount(accountId));
+    return fromFile;
+}
+export async function deleteCredentials(accountId) {
+    await deleteFromKeychain(accountId);
+    await rm(credentialsPathForAccount(accountId), {
+        force: true,
+    });
+}

package/dist/http.d.ts

@@ -0,0 +1,22 @@
+export declare class CliHttpError extends Error {
+    readonly code: string;
+    readonly status: number;
+    readonly requestId: string | null;
+    constructor(input: {
+        code: string;
+        status: number;
+        message: string;
+        requestId?: string | null;
+    });
+}
+export declare function postJson<TResponse>(input: {
+    baseUrl: string;
+    path: string;
+    payload: unknown;
+    accessToken?: string | null;
+}): Promise<TResponse>;
+export declare function getJson<TResponse>(input: {
+    baseUrl: string;
+    path: string;
+    accessToken?: string | null;
+}): Promise<TResponse>;

package/dist/http.js

@@ -0,0 +1,66 @@
+export class CliHttpError extends Error {
+    code;
+    status;
+    requestId;
+    constructor(input) {
+        super(input.message);
+        this.name = "CliHttpError";
+        this.code = input.code;
+        this.status = input.status;
+        this.requestId = input.requestId ?? null;
+    }
+}
+async function parseJson(response) {
+    try {
+        return await response.json();
+    }
+    catch {
+        return null;
+    }
+}
+export async function postJson(input) {
+    const response = await fetch(`${input.baseUrl.replace(/\/$/, "")}${input.path}`, {
+        method: "POST",
+        headers: {
+            "content-type": "application/json",
+            ...(input.accessToken
+                ? {
+                    authorization: `Bearer ${input.accessToken}`,
+                }
+                : {}),
+        },
+        body: JSON.stringify(input.payload),
+    });
+    const parsed = await parseJson(response);
+    if (!response.ok) {
+        const payload = parsed;
+        throw new CliHttpError({
+            code: payload?.error?.code ?? "HTTP_ERROR",
+            status: response.status,
+            message: payload?.error?.message ?? `HTTP ${response.status}`,
+            requestId: payload?.error?.requestId ?? null,
+        });
+    }
+    return parsed;
+}
+export async function getJson(input) {
+    const response = await fetch(`${input.baseUrl.replace(/\/$/, "")}${input.path}`, {
+        method: "GET",
+        headers: input.accessToken
+            ? {
+                authorization: `Bearer ${input.accessToken}`,
+            }
+            : undefined,
+    });
+    const parsed = await parseJson(response);
+    if (!response.ok) {
+        const payload = parsed;
+        throw new CliHttpError({
+            code: payload?.error?.code ?? "HTTP_ERROR",
+            status: response.status,
+            message: payload?.error?.message ?? `HTTP ${response.status}`,
+            requestId: payload?.error?.requestId ?? null,
+        });
+    }
+    return parsed;
+}

package/dist/index.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};

package/dist/index.js

@@ -0,0 +1,17 @@
+#!/usr/bin/env node
+import { Command } from "commander";
+import pc from "picocolors";
+import { registerAuthCommands } from "./commands/auth.js";
+import { registerEnvCommands } from "./commands/env.js";
+import { registerTypegenCommand } from "./commands/typegen.js";
+import { CLI_DESCRIPTION, CLI_NAME, CLI_VERSION } from "./constants.js";
+const program = new Command();
+program.name(CLI_NAME).description(CLI_DESCRIPTION).version(CLI_VERSION);
+registerAuthCommands(program);
+registerEnvCommands(program);
+registerTypegenCommand(program);
+program.parseAsync(process.argv).catch((error) => {
+    const message = error instanceof Error ? error.message : "Command failed.";
+    console.error(pc.red(message));
+    process.exitCode = 1;
+});

package/dist/runtime-config.d.ts

@@ -0,0 +1,10 @@
+export type BarekeyRuntimeConfig = {
+    org?: string;
+    project?: string;
+    environment?: string;
+};
+export type BarekeyRuntimeConfigResult = {
+    config: BarekeyRuntimeConfig;
+    path: string;
+};
+export declare function loadRuntimeConfig(): Promise<BarekeyRuntimeConfigResult | null>;