@captainsafia/burrow 1.3.0-preview.4437197 → 1.3.0-preview.c020b98

package/dist/api.d.ts

@@ -21,25 +21,11 @@ export interface LoadedSecret {
 	value: string;
 	sourcePath: string;
 }
-export interface HookState {
-	/** Currently loaded secret keys and their values */
-	secrets: LoadedSecret[];
-	/** The last directory that triggered loading */
-	lastDir: string;
-	/** Timestamp when secrets were loaded */
-	loadedAt: string;
-	/** Keys that were skipped due to conflicts */
-	skippedKeys: string[];
-}
 export interface HookDiff {
 	/** Keys to unset from the environment */
-	unset: string[];
+	toUnset: string[];
 	/** Secrets to set in the environment */
-	set: LoadedSecret[];
-	/** Keys that already exist in the environment and were skipped */
-	skipped: string[];
-	/** Keys that remain unchanged */
-	unchanged: string[];
+	toSet: LoadedSecret[];
 }
 /**
  * Configuration options for creating a BurrowClient instance.
@@ -173,6 +159,11 @@ export interface HookOptions {
 	 * Defaults to respecting NO_COLOR environment variable.
 	 */
 	useColor?: boolean;
+	/**
+	 * Keys that were previously loaded by the hook.
+	 * Used to compute which keys need to be unset.
+	 */
+	previousKeys?: string[];
 }
 /**
  * Result of the `hook` method.
@@ -187,9 +178,13 @@ export interface HookResult {
 	 */
 	message?: string;
 	/**
-	 * The diff that was computed.
+	 * The secrets that were loaded.
+	 */
+	secrets: LoadedSecret[];
+	/**
+	 * The keys that were unloaded.
 	 */
-	diff: HookDiff;
+	unloadedKeys: string[];
 	/**
 	 * Whether the directory is trusted.
 	 */
@@ -253,7 +248,6 @@ export declare class BurrowClient {
 	private readonly resolver;
 	private readonly pathOptions;
 	private readonly trustManager;
-	private readonly hookStateManager;
 	/**
 	 * Creates a new BurrowClient instance.
 	 *
@@ -498,41 +492,23 @@ export declare class BurrowClient {
 	 * ```
 	 */
 	listTrusted(): Promise<TrustedPath[]>;
-	/**
-	 * Gets the current hook state (loaded secrets).
-	 *
-	 * @returns The current hook state or undefined if no secrets are loaded
-	 *
-	 * @example
-	 * ```typescript
-	 * const state = await client.getHookState();
-	 * if (state) {
-	 *   console.log(`${state.secrets.length} secrets loaded from ${state.lastDir}`);
-	 * }
-	 * ```
-	 */
-	getHookState(): Promise<HookState | undefined>;
-	/**
-	 * Clears the hook state (unloads all secrets tracking).
-	 *
-	 * Note: This only clears the state file. The actual environment variables
-	 * remain set until the shell exits or they are explicitly unset.
-	 */
-	clearHookState(): Promise<void>;
 	/**
 	 * Processes a directory change for the shell hook.
 	 *
 	 * This is the main method called by shell hooks on directory change.
-	 * It checks trust, resolves secrets, computes the diff, and returns
-	 * the commands needed to update the environment.
+	 * It checks trust, resolves secrets, computes the diff from previous
+	 * state, and returns the commands needed to update the environment.
 	 *
 	 * @param cwd - The new working directory
-	 * @param options - Hook options including shell type
+	 * @param options - Hook options including shell type and previous keys
 	 * @returns Hook result with commands to execute and optional message
 	 *
 	 * @example
 	 * ```typescript
-	 * const result = await client.hook('/projects/myapp', { shell: 'bash' });
+	 * const result = await client.hook('/projects/myapp', {
+	 *   shell: 'bash',
+	 *   previousKeys: ['OLD_KEY'] // Keys from last hook call
+	 * });
 	 * if (result.trusted) {
 	 *   for (const cmd of result.commands) {
 	 *     console.log(cmd); // Execute in shell

package/dist/api.js

@@ -471,107 +471,33 @@ class TrustManager {
   }
 }
 // src/core/hook.ts
-import { readFile, writeFile, rm, mkdir as mkdir2 } from "node:fs/promises";
-import { join as join3 } from "node:path";
-var HOOK_STATE_FILE = "hook-state.json";
-
-class HookStateManager {
-  configDir;
-  stateFilePath;
-  constructor(options = {}) {
-    this.configDir = options.configDir ?? getConfigDir();
-    this.stateFilePath = join3(this.configDir, HOOK_STATE_FILE);
-  }
-  async load() {
-    try {
-      const content = await readFile(this.stateFilePath, "utf-8");
-      return JSON.parse(content);
-    } catch {
-      return;
-    }
-  }
-  async save(state) {
-    await mkdir2(this.configDir, { recursive: true });
-    await writeFile(this.stateFilePath, JSON.stringify(state, null, 2));
-  }
-  async clear() {
-    try {
-      await rm(this.stateFilePath, { force: true });
-    } catch {}
-  }
-  computeDiff(currentState, newSecrets, env = process.env) {
-    const currentKeys = new Map;
-    if (currentState) {
-      for (const secret of currentState.secrets) {
-        currentKeys.set(secret.key, secret);
-      }
-    }
-    const skippedFromState = new Set(currentState?.skippedKeys ?? []);
-    const unset = [];
-    const set = [];
-    const skipped = [];
-    const unchanged = [];
-    for (const [key] of currentKeys) {
-      if (!newSecrets.has(key)) {
-        unset.push(key);
-      }
-    }
-    for (const [key, secret] of newSecrets) {
-      const loadedSecret = {
-        key: secret.key,
-        value: secret.value,
-        sourcePath: secret.sourcePath
-      };
-      const current = currentKeys.get(key);
-      if (current) {
-        if (current.value === secret.value && current.sourcePath === secret.sourcePath) {
-          unchanged.push(key);
-        } else {
-          set.push(loadedSecret);
-        }
-      } else {
-        const envValue = env[key];
-        if (envValue !== undefined && !skippedFromState.has(key)) {
-          skipped.push(key);
-        } else {
-          set.push(loadedSecret);
-        }
-      }
-    }
-    return { unset, set, skipped, unchanged };
-  }
-  async applyDiff(currentState, diff, newDir) {
-    const secretsMap = new Map;
-    if (currentState) {
-      for (const secret of currentState.secrets) {
-        if (!diff.unset.includes(secret.key)) {
-          secretsMap.set(secret.key, secret);
-        }
-      }
-    }
-    for (const secret of diff.set) {
-      secretsMap.set(secret.key, secret);
-    }
-    const skippedKeys = [...currentState?.skippedKeys ?? []];
-    for (const key of diff.skipped) {
-      if (!skippedKeys.includes(key)) {
-        skippedKeys.push(key);
-      }
-    }
-    const newState = {
-      secrets: Array.from(secretsMap.values()),
-      lastDir: newDir,
-      loadedAt: new Date().toISOString(),
-      skippedKeys
-    };
-    await this.save(newState);
-    return newState;
+function resolveToLoadedSecrets(secrets) {
+  const result = [];
+  for (const [, secret] of secrets) {
+    result.push({
+      key: secret.key,
+      value: secret.value,
+      sourcePath: secret.sourcePath
+    });
   }
+  return result;
+}
+function computeHookDiff(previousKeys, newSecrets) {
+  const newKeys = new Set(newSecrets.map((s) => s.key));
+  const toUnset = [];
+  for (const key of previousKeys) {
+    if (!newKeys.has(key)) {
+      toUnset.push(key);
+    }
+  }
+  return {
+    toUnset,
+    toSet: newSecrets
+  };
 }
 function formatHookMessage(diff, useColor = true) {
-  const loaded = diff.set.length;
-  const unloaded = diff.unset.length;
-  const skippedCount = diff.skipped.length;
+  const loaded = diff.toSet.length;
+  const unloaded = diff.toUnset.length;
   if (loaded === 0 && unloaded === 0) {
     return;
   }
@@ -585,22 +511,19 @@ function formatHookMessage(diff, useColor = true) {
   } else {
     message += `unloaded ${unloaded} secret${unloaded === 1 ? "" : "s"}`;
   }
-  if (skippedCount > 0) {
-    message += ` (${skippedCount} skipped)`;
-  }
   message += reset;
   return message;
 }
 function generateShellCommands(diff, shell) {
   const commands = [];
-  for (const key of diff.unset) {
+  for (const key of diff.toUnset) {
     if (shell === "fish") {
       commands.push(`set -e ${key}`);
     } else {
       commands.push(`unset ${key}`);
     }
   }
-  for (const secret of diff.set) {
+  for (const secret of diff.toSet) {
     const escapedValue = escapeShellValue2(secret.value, shell);
     if (shell === "fish") {
       commands.push(`set -gx ${secret.key} ${escapedValue}`);
@@ -624,7 +547,6 @@ class BurrowClient {
   resolver;
   pathOptions;
   trustManager;
-  hookStateManager;
   constructor(options = {}) {
     this.storage = new Storage({
       configDir: options.configDir,
@@ -641,9 +563,6 @@ class BurrowClient {
       storage: this.storage,
       followSymlinks: options.followSymlinks
     });
-    this.hookStateManager = new HookStateManager({
-      configDir: options.configDir
-    });
   }
   async set(key, value, options = {}) {
     assertValidEnvKey(key);
@@ -694,43 +613,48 @@ class BurrowClient {
   async listTrusted() {
     return this.trustManager.list();
   }
-  async getHookState() {
-    return this.hookStateManager.load();
-  }
-  async clearHookState() {
-    return this.hookStateManager.clear();
-  }
   async hook(cwd, options) {
+    const previousKeys = new Set(options.previousKeys ?? []);
     if (process.env["BURROW_AUTOLOAD"] === "0") {
-      const emptyDiff = { unset: [], set: [], skipped: [], unchanged: [] };
+      const diff2 = computeHookDiff(previousKeys, []);
+      const commands2 = generateShellCommands(diff2, options.shell);
+      const useColor2 = options.useColor ?? !process.env["NO_COLOR"];
+      const message2 = diff2.toUnset.length > 0 ? formatHookMessage(diff2, useColor2) : undefined;
       return {
-        commands: [],
-        diff: emptyDiff,
+        commands: commands2,
+        message: message2,
+        secrets: [],
+        unloadedKeys: diff2.toUnset,
         trusted: false,
         notTrustedReason: "autoload-disabled"
       };
     }
     const trustResult = await this.isTrusted({ path: cwd });
     if (!trustResult.trusted) {
-      const emptyDiff = { unset: [], set: [], skipped: [], unchanged: [] };
+      const diff2 = computeHookDiff(previousKeys, []);
+      const commands2 = generateShellCommands(diff2, options.shell);
+      const useColor2 = options.useColor ?? !process.env["NO_COLOR"];
+      const message2 = diff2.toUnset.length > 0 ? formatHookMessage(diff2, useColor2) : undefined;
       return {
-        commands: [],
-        diff: emptyDiff,
+        commands: commands2,
+        message: message2,
+        secrets: [],
+        unloadedKeys: diff2.toUnset,
         trusted: false,
         notTrustedReason: trustResult.reason
       };
     }
-    const newSecrets = await this.resolve(cwd);
-    const currentState = await this.hookStateManager.load();
-    const diff = this.hookStateManager.computeDiff(currentState, newSecrets);
+    const resolvedSecrets = await this.resolve(cwd);
+    const secrets = resolveToLoadedSecrets(resolvedSecrets);
+    const diff = computeHookDiff(previousKeys, secrets);
     const commands = generateShellCommands(diff, options.shell);
-    await this.hookStateManager.applyDiff(currentState, diff, cwd);
     const useColor = options.useColor ?? !process.env["NO_COLOR"];
     const message = formatHookMessage(diff, useColor);
     return {
       commands,
       message,
-      diff,
+      secrets,
+      unloadedKeys: diff.toUnset,
       trusted: true
     };
   }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@captainsafia/burrow",
-  "version": "1.3.0-preview.4437197",
+  "version": "1.3.0-preview.c020b98",
   "description": "Platform-agnostic, directory-scoped secrets manager",
   "type": "module",
   "main": "dist/api.js",
@@ -54,6 +54,6 @@
     "@inquirer/password": "^5.0.3",
     "clipboardy": "^5.0.2",
     "commander": "^14.0.2",
-    "gh-release-update-notifier": "^1.0.0"
+    "gh-release-update-notifier": "^1.0.1"
   }
 }