@captainsafia/burrow 1.0.0-preview.0d335f8 → 1.0.0-preview.2be53e0

package/README.md

@@ -30,7 +30,7 @@ burrow set DATABASE_URL=postgres://localhost/mydb --path ~/projects
 ### Get a secret
 
 ```bash
-burrow get API_KEY --show
+burrow get API_KEY
 burrow get API_KEY --format json
 ```
 
@@ -44,8 +44,14 @@ burrow list --format json
 ### Export to your shell
 
 ```bash
+# Auto-detects your shell (bash, fish, powershell, cmd)
 eval "$(burrow export)"
-eval "$(burrow export --format shell)" && npm start
+
+# Or specify a format explicitly
+burrow export --format fish
+burrow export --format powershell
+burrow export --format dotenv
+burrow export --format json
 ```
 
 ### Block inheritance
@@ -84,13 +90,26 @@ import { BurrowClient } from '@captainsafia/burrow';
 
 const client = new BurrowClient();
 
-await client.set('API_KEY', 'secret123', { path: '/my/project' });
+try {
+  await client.set('API_KEY', 'secret123', { path: '/my/project' });
+
+  const secret = await client.get('API_KEY', { cwd: '/my/project/subdir' });
+  console.log(secret?.value); // 'secret123'
+  console.log(secret?.sourcePath); // '/my/project'
 
-const secret = await client.get('API_KEY', { cwd: '/my/project/subdir' });
-console.log(secret?.value); // 'secret123'
-console.log(secret?.sourcePath); // '/my/project'
+  const allSecrets = await client.list({ cwd: '/my/project' });
+} finally {
+  client.close(); // Clean up database connection
+}
+```
 
-const allSecrets = await client.list({ cwd: '/my/project' });
+Or with TypeScript's `using` declarations for automatic cleanup:
+
+```typescript
+{
+  using client = new BurrowClient();
+  await client.set('API_KEY', 'secret123');
+} // Automatically cleaned up
 ```
 
 ## Contributing

package/dist/api.d.ts

@@ -5,7 +5,7 @@ export interface ResolvedSecret {
 	value: string;
 	sourcePath: string;
 }
-export type ExportFormat = "shell" | "dotenv" | "json";
+export type ExportFormat = "shell" | "bash" | "fish" | "powershell" | "cmd" | "dotenv" | "json";
 /**
  * Configuration options for creating a BurrowClient instance.
  */
@@ -21,7 +21,7 @@ export interface BurrowClientOptions {
 	configDir?: string;
 	/**
 	 * Custom filename for the secrets store.
-	 * Defaults to `store.json`.
+	 * Defaults to `store.db`.
 	 */
 	storeFileName?: string;
 	/**
@@ -99,10 +99,6 @@ export interface ExportOptions {
 	 * - `json`: Exports as a JSON object
 	 */
 	format?: ExportFormat;
-	/**
-	 * Whether to show actual values (currently unused, reserved for future use).
-	 */
-	showValues?: boolean;
 	/**
 	 * Whether to include source paths in JSON output.
 	 * When true, JSON output includes `{ key: { value, sourcePath } }` format.
@@ -151,7 +147,7 @@ export declare class BurrowClient {
 	 * The secret will be available to the specified directory and all its
 	 * subdirectories, unless overridden or blocked at a deeper level.
 	 *
-	 * @param key - Environment variable name. Must match `^[A-Z_][A-Z0-9_]*$`
+	 * @param key - Environment variable name. Must match `^[A-Za-z_][A-Za-z0-9_]*$`
 	 * @param value - Secret value to store
 	 * @param options - Set options including target path
 	 * @throws Error if the key format is invalid
@@ -215,7 +211,7 @@ export declare class BurrowClient {
 	 *
 	 * A blocked key can be re-enabled by calling `set` at the same or deeper path.
 	 *
-	 * @param key - Environment variable name to block. Must match `^[A-Z_][A-Z0-9_]*$`
+	 * @param key - Environment variable name to block. Must match `^[A-Za-z_][A-Za-z0-9_]*$`
 	 * @param options - Block options including target path
 	 * @throws Error if the key format is invalid
 	 *
@@ -240,7 +236,7 @@ export declare class BurrowClient {
 	 * `remove` completely deletes the secret entry. After removal, the key
 	 * may still be inherited from parent directories if defined there.
 	 *
-	 * @param key - Environment variable name to remove. Must match `^[A-Z_][A-Z0-9_]*$`
+	 * @param key - Environment variable name to remove. Must match `^[A-Za-z_][A-Za-z0-9_]*$`
 	 * @param options - Remove options including target path
 	 * @returns true if the secret was found and removed, false if it didn't exist
 	 * @throws Error if the key format is invalid

package/dist/api.js

@@ -66,10 +66,10 @@ class Storage {
       await chmod(this.configDir, 448);
     }
     this.db = new Database(this.storePath);
-    this.db.run("PRAGMA journal_mode = WAL");
     if (!isWindows()) {
       await chmod(this.storePath, 384);
     }
+    this.db.run("PRAGMA journal_mode = WAL");
     this.db.run(`
       CREATE TABLE IF NOT EXISTS secrets (
         path TEXT NOT NULL,
@@ -122,7 +122,12 @@ class Storage {
   }
   async getAncestorPaths(canonicalPath) {
     const db = await this.ensureDb();
-    const rows = db.query("SELECT DISTINCT path FROM secrets WHERE ? = path OR ? LIKE path || '/' || '%' OR path = '/'").all(canonicalPath, canonicalPath);
+    let rows;
+    if (isWindows()) {
+      rows = db.query("SELECT DISTINCT path FROM secrets WHERE ? = path OR ? LIKE path || '\\' || '%' OR (length(path) = 3 AND path LIKE '_:\\' AND ? LIKE path || '%')").all(canonicalPath, canonicalPath, canonicalPath);
+    } else {
+      rows = db.query("SELECT DISTINCT path FROM secrets WHERE ? = path OR ? LIKE path || '/' || '%' OR path = '/'").all(canonicalPath, canonicalPath);
+    }
     return rows.map((row) => row.path);
   }
   async removeKey(canonicalPath, key) {
@@ -246,6 +251,9 @@ function escapeShellValue(value) {
 function escapeDoubleQuotes(value) {
   return value.replace(/\\/g, "\\\\").replace(/"/g, "\\\"");
 }
+function escapePowerShellValue(value) {
+  return value.replace(/'/g, "''");
+}
 function formatShell(secrets) {
   const lines = [];
   const sortedKeys = Array.from(secrets.keys()).sort();
@@ -258,6 +266,42 @@ function formatShell(secrets) {
   return lines.join(`
 `);
 }
+function formatFish(secrets) {
+  const lines = [];
+  const sortedKeys = Array.from(secrets.keys()).sort();
+  for (const key of sortedKeys) {
+    const secret = secrets.get(key);
+    assertValidEnvKey(key);
+    const escapedValue = escapeShellValue(secret.value);
+    lines.push(`set -gx ${key} '${escapedValue}'`);
+  }
+  return lines.join(`
+`);
+}
+function formatPowerShell(secrets) {
+  const lines = [];
+  const sortedKeys = Array.from(secrets.keys()).sort();
+  for (const key of sortedKeys) {
+    const secret = secrets.get(key);
+    assertValidEnvKey(key);
+    const escapedValue = escapePowerShellValue(secret.value);
+    lines.push(`$env:${key} = '${escapedValue}'`);
+  }
+  return lines.join(`
+`);
+}
+function formatCmd(secrets) {
+  const lines = [];
+  const sortedKeys = Array.from(secrets.keys()).sort();
+  for (const key of sortedKeys) {
+    const secret = secrets.get(key);
+    assertValidEnvKey(key);
+    const escapedValue = secret.value.replace(/([&|<>^])/g, "^$1");
+    lines.push(`set ${key}=${escapedValue}`);
+  }
+  return lines.join(`
+`);
+}
 function formatDotenv(secrets) {
   const lines = [];
   const sortedKeys = Array.from(secrets.keys()).sort();
@@ -295,7 +339,14 @@ function formatJson(secrets, includeSources = false) {
 function format(secrets, fmt, options = {}) {
   switch (fmt) {
     case "shell":
+    case "bash":
       return formatShell(secrets);
+    case "fish":
+      return formatFish(secrets);
+    case "powershell":
+      return formatPowerShell(secrets);
+    case "cmd":
+      return formatCmd(secrets);
     case "dotenv":
       return formatDotenv(secrets);
     case "json":

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@captainsafia/burrow",
-  "version": "1.0.0-preview.0d335f8",
+  "version": "1.0.0-preview.2be53e0",
   "description": "Platform-agnostic, directory-scoped secrets manager",
   "type": "module",
   "main": "dist/api.js",