@captainsafia/burrow 0.1.0

package/README.md

@@ -0,0 +1,15 @@
+# burrow
+
+To install dependencies:
+
+```bash
+bun install
+```
+
+To run:
+
+```bash
+bun run index.ts
+```
+
+This project was created using `bun init` in bun v1.3.4. [Bun](https://bun.com) is a fast all-in-one JavaScript runtime.

package/dist/api.d.ts

@@ -0,0 +1,46 @@
+// Generated by dts-bundle-generator v9.5.1
+
+export interface ResolvedSecret {
+	key: string;
+	value: string;
+	sourcePath: string;
+}
+export type ExportFormat = "shell" | "dotenv" | "json";
+export interface BurrowClientOptions {
+	configDir?: string;
+	storeFileName?: string;
+	followSymlinks?: boolean;
+}
+export interface SetOptions {
+	path?: string;
+}
+export interface GetOptions {
+	cwd?: string;
+}
+export interface ListOptions {
+	cwd?: string;
+}
+export interface BlockOptions {
+	path?: string;
+}
+export interface ExportOptions {
+	cwd?: string;
+	format?: ExportFormat;
+	showValues?: boolean;
+	includeSources?: boolean;
+}
+export declare class BurrowClient {
+	private readonly storage;
+	private readonly resolver;
+	private readonly pathOptions;
+	constructor(options?: BurrowClientOptions);
+	set(key: string, value: string, options?: SetOptions): Promise<void>;
+	get(key: string, options?: GetOptions): Promise<ResolvedSecret | undefined>;
+	list(options?: ListOptions): Promise<ResolvedSecret[]>;
+	block(key: string, options?: BlockOptions): Promise<void>;
+	export(options?: ExportOptions): Promise<string>;
+	resolve(cwd?: string): Promise<Map<string, ResolvedSecret>>;
+}
+export declare function createClient(options?: BurrowClientOptions): BurrowClient;
+
+export {};

package/dist/api.js

@@ -0,0 +1,352 @@
+// src/storage/index.ts
+import { mkdir, rename, readFile, unlink } from "node:fs/promises";
+import { join as join2 } from "node:path";
+import { randomBytes } from "node:crypto";
+
+// src/platform/index.ts
+import { homedir } from "node:os";
+import { join } from "node:path";
+var APP_NAME = "burrow";
+function getConfigDir() {
+  const platform = process.platform;
+  if (platform === "win32") {
+    return getWindowsConfigDir();
+  }
+  return getUnixConfigDir();
+}
+function getUnixConfigDir() {
+  const xdgConfigHome = process.env["XDG_CONFIG_HOME"];
+  if (xdgConfigHome) {
+    return join(xdgConfigHome, APP_NAME);
+  }
+  const home = homedir();
+  return join(home, ".config", APP_NAME);
+}
+function getWindowsConfigDir() {
+  const appData = process.env["APPDATA"];
+  if (appData) {
+    return join(appData, APP_NAME);
+  }
+  const localAppData = process.env["LOCALAPPDATA"];
+  if (localAppData) {
+    return join(localAppData, APP_NAME);
+  }
+  const home = homedir();
+  return join(home, APP_NAME);
+}
+function isWindows() {
+  return process.platform === "win32";
+}
+
+// src/storage/index.ts
+var STORE_VERSION = 1;
+var DEFAULT_STORE_FILE = "store.json";
+function createEmptyStore() {
+  return {
+    version: STORE_VERSION,
+    paths: {}
+  };
+}
+
+class Storage {
+  configDir;
+  storeFileName;
+  constructor(options = {}) {
+    this.configDir = options.configDir ?? getConfigDir();
+    this.storeFileName = options.storeFileName ?? DEFAULT_STORE_FILE;
+  }
+  get storePath() {
+    return join2(this.configDir, this.storeFileName);
+  }
+  async read() {
+    try {
+      const content = await readFile(this.storePath, "utf-8");
+      const store = JSON.parse(content);
+      if (store.version !== STORE_VERSION) {
+        throw new Error(`Unsupported store version: ${store.version}. Expected: ${STORE_VERSION}`);
+      }
+      return store;
+    } catch (error) {
+      if (error.code === "ENOENT") {
+        return createEmptyStore();
+      }
+      throw error;
+    }
+  }
+  async write(store) {
+    await mkdir(this.configDir, { recursive: true });
+    const tempFileName = `.store-${randomBytes(8).toString("hex")}.tmp`;
+    const tempPath = join2(this.configDir, tempFileName);
+    const content = JSON.stringify(store, null, 2);
+    try {
+      const file = Bun.file(tempPath);
+      await Bun.write(file, content);
+      await rename(tempPath, this.storePath);
+    } catch (error) {
+      try {
+        await unlink(tempPath);
+      } catch {}
+      throw error;
+    }
+  }
+  async setSecret(canonicalPath, key, value) {
+    const store = await this.read();
+    if (!store.paths[canonicalPath]) {
+      store.paths[canonicalPath] = {};
+    }
+    store.paths[canonicalPath][key] = {
+      value,
+      updatedAt: new Date().toISOString()
+    };
+    await this.write(store);
+  }
+  async getPathSecrets(canonicalPath) {
+    const store = await this.read();
+    return store.paths[canonicalPath];
+  }
+  async getAllPaths() {
+    const store = await this.read();
+    return Object.keys(store.paths);
+  }
+  async removeKey(canonicalPath, key) {
+    const store = await this.read();
+    if (!store.paths[canonicalPath]?.[key]) {
+      return false;
+    }
+    delete store.paths[canonicalPath][key];
+    if (Object.keys(store.paths[canonicalPath]).length === 0) {
+      delete store.paths[canonicalPath];
+    }
+    await this.write(store);
+    return true;
+  }
+}
+
+// src/core/path.ts
+import { realpath } from "node:fs/promises";
+import { resolve, sep, normalize } from "node:path";
+async function canonicalize(inputPath, options = {}) {
+  const { followSymlinks = true } = options;
+  let canonical;
+  if (followSymlinks) {
+    try {
+      canonical = await realpath(inputPath);
+    } catch (error) {
+      if (error.code === "ENOENT") {
+        canonical = resolve(inputPath);
+      } else {
+        throw error;
+      }
+    }
+  } else {
+    canonical = resolve(inputPath);
+  }
+  if (isWindows()) {
+    canonical = normalizePath(canonical);
+  }
+  return canonical;
+}
+function normalizePath(path) {
+  let normalized = normalize(path);
+  if (isWindows()) {
+    normalized = normalized.replace(/\//g, "\\");
+    if (normalized.length >= 2 && normalized[1] === ":") {
+      normalized = normalized[0].toUpperCase() + normalized.slice(1);
+    }
+  }
+  return normalized;
+}
+function isAncestorOf(ancestorPath, descendantPath) {
+  if (ancestorPath === descendantPath) {
+    return true;
+  }
+  const ancestorWithSep = ancestorPath.endsWith(sep) ? ancestorPath : ancestorPath + sep;
+  if (isWindows()) {
+    return descendantPath.toLowerCase().startsWith(ancestorWithSep.toLowerCase());
+  }
+  return descendantPath.startsWith(ancestorWithSep);
+}
+// src/core/resolver.ts
+class Resolver {
+  storage;
+  pathOptions;
+  constructor(options = {}) {
+    this.storage = new Storage({
+      configDir: options.configDir,
+      storeFileName: options.storeFileName
+    });
+    this.pathOptions = {
+      followSymlinks: options.followSymlinks
+    };
+  }
+  async resolve(cwd) {
+    const workingDir = cwd ?? process.cwd();
+    const canonicalCwd = await canonicalize(workingDir, this.pathOptions);
+    const allPaths = await this.storage.getAllPaths();
+    const ancestorPaths = allPaths.filter((storedPath) => isAncestorOf(storedPath, canonicalCwd));
+    ancestorPaths.sort((a, b) => {
+      if (isWindows()) {
+        return a.toLowerCase().localeCompare(b.toLowerCase());
+      }
+      return a.localeCompare(b);
+    });
+    const resolved = new Map;
+    for (const scopePath of ancestorPaths) {
+      const secrets = await this.storage.getPathSecrets(scopePath);
+      if (!secrets)
+        continue;
+      for (const [key, entry] of Object.entries(secrets)) {
+        if (entry.value === null) {
+          resolved.delete(key);
+        } else {
+          resolved.set(key, {
+            key,
+            value: entry.value,
+            sourcePath: scopePath
+          });
+        }
+      }
+    }
+    return resolved;
+  }
+  async get(key, cwd) {
+    const resolved = await this.resolve(cwd);
+    return resolved.get(key);
+  }
+  async list(cwd) {
+    const resolved = await this.resolve(cwd);
+    return Array.from(resolved.values()).sort((a, b) => a.key.localeCompare(b.key));
+  }
+  get storageInstance() {
+    return this.storage;
+  }
+}
+// src/core/formatter.ts
+var ENV_KEY_PATTERN = /^[A-Z_][A-Z0-9_]*$/;
+function validateEnvKey(key) {
+  return ENV_KEY_PATTERN.test(key);
+}
+function assertValidEnvKey(key) {
+  if (!validateEnvKey(key)) {
+    throw new Error(`Invalid environment variable key: "${key}". ` + `Keys must match ${ENV_KEY_PATTERN.toString()}`);
+  }
+}
+function escapeShellValue(value) {
+  return value.replace(/'/g, `'"'"'`);
+}
+function escapeDoubleQuotes(value) {
+  return value.replace(/\\/g, "\\\\").replace(/"/g, "\\\"");
+}
+function formatShell(secrets) {
+  const lines = [];
+  const sortedKeys = Array.from(secrets.keys()).sort();
+  for (const key of sortedKeys) {
+    const secret = secrets.get(key);
+    assertValidEnvKey(key);
+    const escapedValue = escapeShellValue(secret.value);
+    lines.push(`export ${key}='${escapedValue}'`);
+  }
+  return lines.join(`
+`);
+}
+function formatDotenv(secrets) {
+  const lines = [];
+  const sortedKeys = Array.from(secrets.keys()).sort();
+  for (const key of sortedKeys) {
+    const secret = secrets.get(key);
+    assertValidEnvKey(key);
+    if (secret.value.includes(`
+`)) {
+      throw new Error(`Cannot export key "${key}" to dotenv format: value contains newlines. ` + `Use --format json or --format shell instead.`);
+    }
+    const escapedValue = escapeDoubleQuotes(secret.value);
+    lines.push(`${key}="${escapedValue}"`);
+  }
+  return lines.join(`
+`);
+}
+function formatJson(secrets, includeSources = false) {
+  if (includeSources) {
+    const result = {};
+    for (const [key, secret] of secrets) {
+      result[key] = {
+        value: secret.value,
+        sourcePath: secret.sourcePath
+      };
+    }
+    return JSON.stringify(result, null, 2);
+  } else {
+    const result = {};
+    for (const [key, secret] of secrets) {
+      result[key] = secret.value;
+    }
+    return JSON.stringify(result, null, 2);
+  }
+}
+function format(secrets, fmt, options = {}) {
+  switch (fmt) {
+    case "shell":
+      return formatShell(secrets);
+    case "dotenv":
+      return formatDotenv(secrets);
+    case "json":
+      return formatJson(secrets, options.includeSources);
+    default:
+      throw new Error(`Unknown format: ${fmt}`);
+  }
+}
+// src/api.ts
+class BurrowClient {
+  storage;
+  resolver;
+  pathOptions;
+  constructor(options = {}) {
+    this.storage = new Storage({
+      configDir: options.configDir,
+      storeFileName: options.storeFileName
+    });
+    this.resolver = new Resolver({
+      configDir: options.configDir,
+      storeFileName: options.storeFileName,
+      followSymlinks: options.followSymlinks
+    });
+    this.pathOptions = {
+      followSymlinks: options.followSymlinks
+    };
+  }
+  async set(key, value, options = {}) {
+    assertValidEnvKey(key);
+    const targetPath = options.path ?? process.cwd();
+    const canonicalPath = await canonicalize(targetPath, this.pathOptions);
+    await this.storage.setSecret(canonicalPath, key, value);
+  }
+  async get(key, options = {}) {
+    return this.resolver.get(key, options.cwd);
+  }
+  async list(options = {}) {
+    return this.resolver.list(options.cwd);
+  }
+  async block(key, options = {}) {
+    assertValidEnvKey(key);
+    const targetPath = options.path ?? process.cwd();
+    const canonicalPath = await canonicalize(targetPath, this.pathOptions);
+    await this.storage.setSecret(canonicalPath, key, null);
+  }
+  async export(options = {}) {
+    const secrets = await this.resolver.resolve(options.cwd);
+    const fmt = options.format ?? "shell";
+    return format(secrets, fmt, {
+      includeSources: options.includeSources
+    });
+  }
+  async resolve(cwd) {
+    return this.resolver.resolve(cwd);
+  }
+}
+function createClient(options) {
+  return new BurrowClient(options);
+}
+export {
+  createClient,
+  BurrowClient
+};

package/package.json

@@ -0,0 +1,53 @@
+{
+  "name": "@captainsafia/burrow",
+  "version": "0.1.0",
+  "description": "Platform-agnostic, directory-scoped secrets manager",
+  "type": "module",
+  "main": "dist/api.js",
+  "types": "dist/api.d.ts",
+  "bin": {
+    "burrow": "dist/cli.js"
+  },
+  "files": [
+    "dist"
+  ],
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/captainsafia/burrow.git"
+  },
+  "bugs": {
+    "url": "https://github.com/captainsafia/burrow/issues"
+  },
+  "homepage": "https://github.com/captainsafia/burrow#readme",
+  "scripts": {
+    "build": "bun build src/api.ts --outdir dist --target node && dts-bundle-generator -o dist/api.d.ts src/api.ts",
+    "build:cli": "bun build src/cli.ts --outdir dist --target bun",
+    "compile": "bun build src/cli.ts --compile --outfile burrow",
+    "compile:linux-x64": "bun build src/cli.ts --compile --target=bun-linux-x64 --outfile burrow-linux-x64",
+    "compile:linux-arm64": "bun build src/cli.ts --compile --target=bun-linux-arm64 --outfile burrow-linux-arm64",
+    "compile:darwin-x64": "bun build src/cli.ts --compile --target=bun-darwin-x64 --outfile burrow-darwin-x64",
+    "compile:darwin-arm64": "bun build src/cli.ts --compile --target=bun-darwin-arm64 --outfile burrow-darwin-arm64",
+    "compile:windows-x64": "bun build src/cli.ts --compile --target=bun-windows-x64 --outfile burrow-windows-x64.exe",
+    "test": "bun test",
+    "typecheck": "tsc --noEmit"
+  },
+  "devDependencies": {
+    "@types/bun": "latest",
+    "dts-bundle-generator": "^9.5.1",
+    "typescript": "^5"
+  },
+  "exports": {
+    ".": {
+      "types": "./dist/api.d.ts",
+      "import": "./dist/api.js"
+    }
+  },
+  "keywords": [
+    "secrets",
+    "environment",
+    "dotenv",
+    "direnv",
+    "configuration"
+  ],
+  "license": "MIT"
+}