@cig-technology/cli 0.1.0

package/dist/commands/upgrade.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"upgrade.js","sourceRoot":"","sources":["../../src/commands/upgrade.ts"],"names":[],"mappings":";;AAEA,0BAUC;AAZD,mEAA4D;AAErD,KAAK,UAAU,OAAO;IAC3B,MAAM,YAAY,GAAG,IAAI,+BAAY,EAAE,CAAC;IACxC,MAAM,KAAK,GAAG,MAAM,YAAY,CAAC,IAAI,EAAE,CAAC;IAExC,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;IAC9E,CAAC;IAED,MAAM,YAAY,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC;IACjD,OAAO,CAAC,GAAG,CAAC,uFAAuF,CAAC,CAAC;AACvG,CAAC"}

package/dist/compose-generator.d.ts

@@ -0,0 +1,23 @@
+/**
+ * Docker Compose Generator for CIG Installation
+ *
+ * Generates docker-compose.yml and .env files from InstallManifest.
+ * Requirement 7: CLI Install Flow (Compose Generation)
+ */
+export interface InstallManifest {
+    profile: 'core' | 'full';
+    services: string[];
+    env_overrides?: Record<string, string>;
+    node_identity?: {
+        target_id: string;
+        private_key: string;
+        public_key: string;
+    };
+    generated_secrets?: Record<string, string>;
+}
+/**
+ * Generate docker-compose.yml and .env files from InstallManifest.
+ * Writes .env with permissions 0600 for security.
+ */
+export declare function generateCompose(manifest: InstallManifest, outputDir: string): Promise<void>;
+//# sourceMappingURL=compose-generator.d.ts.map

package/dist/compose-generator.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"compose-generator.d.ts","sourceRoot":"","sources":["../src/compose-generator.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAMH,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,GAAG,MAAM,CAAC;IACzB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,aAAa,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACvC,aAAa,CAAC,EAAE;QACd,SAAS,EAAE,MAAM,CAAC;QAClB,WAAW,EAAE,MAAM,CAAC;QACpB,UAAU,EAAE,MAAM,CAAC;KACpB,CAAC;IACF,iBAAiB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC5C;AAyLD;;;GAGG;AACH,wBAAsB,eAAe,CAAC,QAAQ,EAAE,eAAe,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAqBjG"}

package/dist/compose-generator.js

@@ -0,0 +1,214 @@
+"use strict";
+/**
+ * Docker Compose Generator for CIG Installation
+ *
+ * Generates docker-compose.yml and .env files from InstallManifest.
+ * Requirement 7: CLI Install Flow (Compose Generation)
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.generateCompose = generateCompose;
+const crypto = __importStar(require("crypto"));
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+/**
+ * Generate a cryptographically random secret of specified length.
+ * Uses crypto.randomBytes for secure random generation.
+ */
+function generateSecret(length = 32) {
+    return crypto.randomBytes(length).toString('hex');
+}
+/**
+ * Generate environment variables for services.
+ * Includes service-specific secrets and any overrides from manifest.
+ */
+function generateEnvVars(manifest) {
+    const env = {};
+    // Generate secrets for each service
+    for (const service of manifest.services) {
+        const secretKey = `${service.toUpperCase()}_SECRET`;
+        env[secretKey] = generateSecret(32);
+    }
+    // Add node identity if present
+    if (manifest.node_identity) {
+        env['NODE_TARGET_ID'] = manifest.node_identity.target_id;
+        env['NODE_PUBLIC_KEY'] = manifest.node_identity.public_key;
+        env['NODE_PRIVATE_KEY'] = manifest.node_identity.private_key;
+    }
+    // Apply any environment overrides
+    if (manifest.env_overrides) {
+        Object.assign(env, manifest.env_overrides);
+    }
+    return env;
+}
+/**
+ * Generate service configuration for docker-compose.yml.
+ */
+function generateServiceConfig(serviceName, profile) {
+    const configs = {
+        core: {
+            api: {
+                image: 'cig/api:latest',
+                ports: ['8000:8000'],
+                environment: {
+                    PORT: '8000',
+                    LOG_LEVEL: 'info',
+                },
+                healthcheck: {
+                    test: ['CMD', 'curl', '-f', 'http://localhost:8000/health'],
+                    interval: '10s',
+                    timeout: '5s',
+                    retries: 3,
+                },
+            },
+            neo4j: {
+                image: 'neo4j:5.0',
+                ports: ['7474:7474', '7687:7687'],
+                environment: {
+                    NEO4J_AUTH: 'neo4j/password',
+                },
+                volumes: ['neo4j_data:/data'],
+                healthcheck: {
+                    test: ['CMD', 'cypher-shell', '-u', 'neo4j', '-p', 'password', 'RETURN 1'],
+                    interval: '10s',
+                    timeout: '5s',
+                    retries: 3,
+                },
+            },
+        },
+        full: {
+            dashboard: {
+                image: 'cig/dashboard:latest',
+                ports: ['3000:3000'],
+                environment: {
+                    PORT: '3000',
+                },
+                healthcheck: {
+                    test: ['CMD', 'curl', '-f', 'http://localhost:3000/health'],
+                    interval: '10s',
+                    timeout: '5s',
+                    retries: 3,
+                },
+            },
+            discovery: {
+                image: 'cig/discovery:latest',
+                ports: ['8080:8080'],
+                environment: {
+                    PORT: '8080',
+                },
+                healthcheck: {
+                    test: ['CMD', 'curl', '-f', 'http://localhost:8080/health'],
+                    interval: '10s',
+                    timeout: '5s',
+                    retries: 3,
+                },
+            },
+            cartography: {
+                image: 'cig/cartography:latest',
+                environment: {
+                    LOG_LEVEL: 'info',
+                },
+                depends_on: {
+                    neo4j: { condition: 'service_healthy' },
+                },
+            },
+        },
+    };
+    // Return service config or a minimal default
+    const profileConfigs = configs[profile] || {};
+    return (profileConfigs[serviceName] || {
+        image: `cig/${serviceName}:latest`,
+        environment: {},
+    });
+}
+/**
+ * Generate docker-compose.yml content.
+ */
+function generateComposeYml(manifest) {
+    const services = {};
+    const volumes = {};
+    for (const service of manifest.services) {
+        const config = generateServiceConfig(service, manifest.profile);
+        services[service] = config;
+        // Collect volume definitions
+        if (config.volumes) {
+            for (const volume of config.volumes) {
+                const volumeName = volume.split(':')[0];
+                if (!volumeName.includes('/')) {
+                    volumes[volumeName] = {};
+                }
+            }
+        }
+    }
+    const compose = {
+        version: '3.8',
+        services,
+    };
+    if (Object.keys(volumes).length > 0) {
+        compose.volumes = volumes;
+    }
+    return compose;
+}
+/**
+ * Format environment variables as .env file content.
+ */
+function formatEnvFile(env) {
+    return Object.entries(env)
+        .map(([key, value]) => `${key}=${value}`)
+        .join('\n');
+}
+/**
+ * Generate docker-compose.yml and .env files from InstallManifest.
+ * Writes .env with permissions 0600 for security.
+ */
+async function generateCompose(manifest, outputDir) {
+    // Ensure output directory exists
+    if (!fs.existsSync(outputDir)) {
+        fs.mkdirSync(outputDir, { recursive: true, mode: 0o700 });
+    }
+    // Generate environment variables
+    const envVars = generateEnvVars(manifest);
+    // Generate docker-compose.yml
+    const composeConfig = generateComposeYml(manifest);
+    const composeYml = JSON.stringify(composeConfig, null, 2);
+    // Write docker-compose.yml
+    const composePath = path.join(outputDir, 'docker-compose.yml');
+    fs.writeFileSync(composePath, composeYml, { mode: 0o644 });
+    // Write .env with restricted permissions (0600)
+    const envPath = path.join(outputDir, '.env');
+    const envContent = formatEnvFile(envVars);
+    fs.writeFileSync(envPath, envContent, { mode: 0o600 });
+}
+//# sourceMappingURL=compose-generator.js.map

package/dist/compose-generator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"compose-generator.js","sourceRoot":"","sources":["../src/compose-generator.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA6MH,0CAqBC;AAhOD,+CAAiC;AACjC,uCAAyB;AACzB,2CAA6B;AAkC7B;;;GAGG;AACH,SAAS,cAAc,CAAC,SAAiB,EAAE;IACzC,OAAO,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AACpD,CAAC;AAED;;;GAGG;AACH,SAAS,eAAe,CAAC,QAAyB;IAChD,MAAM,GAAG,GAA2B,EAAE,CAAC;IAEvC,oCAAoC;IACpC,KAAK,MAAM,OAAO,IAAI,QAAQ,CAAC,QAAQ,EAAE,CAAC;QACxC,MAAM,SAAS,GAAG,GAAG,OAAO,CAAC,WAAW,EAAE,SAAS,CAAC;QACpD,GAAG,CAAC,SAAS,CAAC,GAAG,cAAc,CAAC,EAAE,CAAC,CAAC;IACtC,CAAC;IAED,+BAA+B;IAC/B,IAAI,QAAQ,CAAC,aAAa,EAAE,CAAC;QAC3B,GAAG,CAAC,gBAAgB,CAAC,GAAG,QAAQ,CAAC,aAAa,CAAC,SAAS,CAAC;QACzD,GAAG,CAAC,iBAAiB,CAAC,GAAG,QAAQ,CAAC,aAAa,CAAC,UAAU,CAAC;QAC3D,GAAG,CAAC,kBAAkB,CAAC,GAAG,QAAQ,CAAC,aAAa,CAAC,WAAW,CAAC;IAC/D,CAAC;IAED,kCAAkC;IAClC,IAAI,QAAQ,CAAC,aAAa,EAAE,CAAC;QAC3B,MAAM,CAAC,MAAM,CAAC,GAAG,EAAE,QAAQ,CAAC,aAAa,CAAC,CAAC;IAC7C,CAAC;IAED,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;GAEG;AACH,SAAS,qBAAqB,CAAC,WAAmB,EAAE,OAAe;IACjE,MAAM,OAAO,GAAkD;QAC7D,IAAI,EAAE;YACJ,GAAG,EAAE;gBACH,KAAK,EAAE,gBAAgB;gBACvB,KAAK,EAAE,CAAC,WAAW,CAAC;gBACpB,WAAW,EAAE;oBACX,IAAI,EAAE,MAAM;oBACZ,SAAS,EAAE,MAAM;iBAClB;gBACD,WAAW,EAAE;oBACX,IAAI,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,8BAA8B,CAAC;oBAC3D,QAAQ,EAAE,KAAK;oBACf,OAAO,EAAE,IAAI;oBACb,OAAO,EAAE,CAAC;iBACX;aACF;YACD,KAAK,EAAE;gBACL,KAAK,EAAE,WAAW;gBAClB,KAAK,EAAE,CAAC,WAAW,EAAE,WAAW,CAAC;gBACjC,WAAW,EAAE;oBACX,UAAU,EAAE,gBAAgB;iBAC7B;gBACD,OAAO,EAAE,CAAC,kBAAkB,CAAC;gBAC7B,WAAW,EAAE;oBACX,IAAI,EAAE,CAAC,KAAK,EAAE,cAAc,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,UAAU,CAAC;oBAC1E,QAAQ,EAAE,KAAK;oBACf,OAAO,EAAE,IAAI;oBACb,OAAO,EAAE,CAAC;iBACX;aACF;SACF;QACD,IAAI,EAAE;YACJ,SAAS,EAAE;gBACT,KAAK,EAAE,sBAAsB;gBAC7B,KAAK,EAAE,CAAC,WAAW,CAAC;gBACpB,WAAW,EAAE;oBACX,IAAI,EAAE,MAAM;iBACb;gBACD,WAAW,EAAE;oBACX,IAAI,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,8BAA8B,CAAC;oBAC3D,QAAQ,EAAE,KAAK;oBACf,OAAO,EAAE,IAAI;oBACb,OAAO,EAAE,CAAC;iBACX;aACF;YACD,SAAS,EAAE;gBACT,KAAK,EAAE,sBAAsB;gBAC7B,KAAK,EAAE,CAAC,WAAW,CAAC;gBACpB,WAAW,EAAE;oBACX,IAAI,EAAE,MAAM;iBACb;gBACD,WAAW,EAAE;oBACX,IAAI,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,8BAA8B,CAAC;oBAC3D,QAAQ,EAAE,KAAK;oBACf,OAAO,EAAE,IAAI;oBACb,OAAO,EAAE,CAAC;iBACX;aACF;YACD,WAAW,EAAE;gBACX,KAAK,EAAE,wBAAwB;gBAC/B,WAAW,EAAE;oBACX,SAAS,EAAE,MAAM;iBAClB;gBACD,UAAU,EAAE;oBACV,KAAK,EAAE,EAAE,SAAS,EAAE,iBAAiB,EAAE;iBACxC;aACF;SACF;KACF,CAAC;IAEF,6CAA6C;IAC7C,MAAM,cAAc,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;IAC9C,OAAO,CACL,cAAc,CAAC,WAAW,CAAC,IAAI;QAC7B,KAAK,EAAE,OAAO,WAAW,SAAS;QAClC,WAAW,EAAE,EAAE;KAChB,CACF,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,kBAAkB,CAAC,QAAyB;IACnD,MAAM,QAAQ,GAAkC,EAAE,CAAC;IACnD,MAAM,OAAO,GAA0C,EAAE,CAAC;IAE1D,KAAK,MAAM,OAAO,IAAI,QAAQ,CAAC,QAAQ,EAAE,CAAC;QACxC,MAAM,MAAM,GAAG,qBAAqB,CAAC,OAAO,EAAE,QAAQ,CAAC,OAAO,CAAC,CAAC;QAChE,QAAQ,CAAC,OAAO,CAAC,GAAG,MAAM,CAAC;QAE3B,6BAA6B;QAC7B,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACnB,KAAK,MAAM,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;gBACpC,MAAM,UAAU,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;gBACxC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;oBAC9B,OAAO,CAAC,UAAU,CAAC,GAAG,EAAE,CAAC;gBAC3B,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,OAAO,GAAkB;QAC7B,OAAO,EAAE,KAAK;QACd,QAAQ;KACT,CAAC;IAEF,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACpC,OAAO,CAAC,OAAO,GAAG,OAAO,CAAC;IAC5B,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CAAC,GAA2B;IAChD,OAAO,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC;SACvB,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,IAAI,KAAK,EAAE,CAAC;SACxC,IAAI,CAAC,IAAI,CAAC,CAAC;AAChB,CAAC;AAED;;;GAGG;AACI,KAAK,UAAU,eAAe,CAAC,QAAyB,EAAE,SAAiB;IAChF,iCAAiC;IACjC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAC9B,EAAE,CAAC,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAC5D,CAAC;IAED,iCAAiC;IACjC,MAAM,OAAO,GAAG,eAAe,CAAC,QAAQ,CAAC,CAAC;IAE1C,8BAA8B;IAC9B,MAAM,aAAa,GAAG,kBAAkB,CAAC,QAAQ,CAAC,CAAC;IACnD,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IAE1D,2BAA2B;IAC3B,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,oBAAoB,CAAC,CAAC;IAC/D,EAAE,CAAC,aAAa,CAAC,WAAW,EAAE,UAAU,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAE3D,gDAAgD;IAChD,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;IAC7C,MAAM,UAAU,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC;IAC1C,EAAE,CAAC,aAAa,CAAC,OAAO,EAAE,UAAU,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;AACzD,CAAC"}

package/dist/credentials.d.ts

@@ -0,0 +1,69 @@
+import { CliPathOptions } from './storage/paths.js';
+import { CliSecretStore } from './stores/cli-secret-store.js';
+export interface AuthTokens {
+    accessToken: string;
+    refreshToken: string;
+    expiresAt: number;
+    refreshExpiresAt: number;
+}
+export interface TargetIdentity {
+    targetId: string;
+    publicKey: string;
+    privateKey: string;
+    enrolledAt: string;
+}
+export interface BootstrapToken {
+    token: string;
+    createdAt: string;
+    expiresAt: string;
+}
+export interface Credential {
+    type: 'aws' | 'gcp';
+    value: string;
+    createdAt: string;
+    rotateAfterDays: number;
+}
+export interface EncryptedCredential {
+    iv: string;
+    tag: string;
+    data: string;
+    createdAt: string;
+    rotateAfterDays: number;
+    type: 'aws' | 'gcp';
+}
+export interface CredentialManagerOptions {
+    paths?: CliPathOptions;
+    encryptionSeed?: string;
+    secretStore?: CliSecretStore;
+}
+export declare class CredentialManager {
+    private readonly configDir;
+    private readonly configFile;
+    private readonly encryptionKey;
+    private readonly secretStore;
+    constructor(options?: CredentialManagerOptions);
+    private encrypt;
+    private decrypt;
+    private readConfig;
+    private writeConfig;
+    save(type: 'aws' | 'gcp', value: string, rotateAfterDays?: number): void;
+    load(type: 'aws' | 'gcp'): string | null;
+    isRotationDue(type: 'aws' | 'gcp'): boolean;
+    delete(type: 'aws' | 'gcp'): void;
+    list(): Array<{
+        type: string;
+        createdAt: string;
+        rotationDue: boolean;
+    }>;
+    saveTokens(tokens: AuthTokens): void;
+    loadTokens(): AuthTokens | null;
+    needsRefresh(tokens: AuthTokens): boolean;
+    isRefreshTokenValid(tokens: AuthTokens): boolean;
+    saveIdentity(identity: TargetIdentity): void;
+    loadIdentity(): TargetIdentity | null;
+    saveBootstrapToken(bootstrapToken: BootstrapToken): void;
+    loadBootstrapToken(): BootstrapToken | null;
+    clearAll(): void;
+}
+export declare function createTempCredentialManager(tmpDir: string): CredentialManager;
+//# sourceMappingURL=credentials.d.ts.map

package/dist/credentials.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"credentials.d.ts","sourceRoot":"","sources":["../src/credentials.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,cAAc,EAAmB,MAAM,oBAAoB,CAAC;AACrE,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAE9D,MAAM,WAAW,UAAU;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,gBAAgB,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,cAAc;IAC7B,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,KAAK,GAAG,KAAK,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,eAAe,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,mBAAmB;IAClC,EAAE,EAAE,MAAM,CAAC;IACX,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,eAAe,EAAE,MAAM,CAAC;IACxB,IAAI,EAAE,KAAK,GAAG,KAAK,CAAC;CACrB;AAMD,MAAM,WAAW,wBAAwB;IACvC,KAAK,CAAC,EAAE,cAAc,CAAC;IACvB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,WAAW,CAAC,EAAE,cAAc,CAAC;CAC9B;AAED,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAS;IACnC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAS;IACpC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAS;IACvC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAiB;gBAEjC,OAAO,GAAE,wBAA6B;IAUlD,OAAO,CAAC,OAAO;IAYf,OAAO,CAAC,OAAO;IASf,OAAO,CAAC,UAAU;IAQlB,OAAO,CAAC,WAAW;IAOnB,IAAI,CAAC,IAAI,EAAE,KAAK,GAAG,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,eAAe,SAAK,GAAG,IAAI;IAkBpE,IAAI,CAAC,IAAI,EAAE,KAAK,GAAG,KAAK,GAAG,MAAM,GAAG,IAAI;IAOxC,aAAa,CAAC,IAAI,EAAE,KAAK,GAAG,KAAK,GAAG,OAAO;IAU3C,MAAM,CAAC,IAAI,EAAE,KAAK,GAAG,KAAK,GAAG,IAAI;IAOjC,IAAI,IAAI,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAC;QAAC,WAAW,EAAE,OAAO,CAAA;KAAE,CAAC;IASxE,UAAU,CAAC,MAAM,EAAE,UAAU,GAAG,IAAI;IAIpC,UAAU,IAAI,UAAU,GAAG,IAAI;IAI/B,YAAY,CAAC,MAAM,EAAE,UAAU,GAAG,OAAO;IAIzC,mBAAmB,CAAC,MAAM,EAAE,UAAU,GAAG,OAAO;IAIhD,YAAY,CAAC,QAAQ,EAAE,cAAc,GAAG,IAAI;IAI5C,YAAY,IAAI,cAAc,GAAG,IAAI;IAIrC,kBAAkB,CAAC,cAAc,EAAE,cAAc,GAAG,IAAI;IAIxD,kBAAkB,IAAI,cAAc,GAAG,IAAI;IAI3C,QAAQ,IAAI,IAAI;CAIjB;AAED,wBAAgB,2BAA2B,CAAC,MAAM,EAAE,MAAM,GAAG,iBAAiB,CAQ7E"}

package/dist/credentials.js

@@ -0,0 +1,178 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CredentialManager = void 0;
+exports.createTempCredentialManager = createTempCredentialManager;
+const crypto = __importStar(require("node:crypto"));
+const fs = __importStar(require("node:fs"));
+const os = __importStar(require("node:os"));
+const path = __importStar(require("node:path"));
+const paths_js_1 = require("./storage/paths.js");
+const cli_secret_store_js_1 = require("./stores/cli-secret-store.js");
+class CredentialManager {
+    configDir;
+    configFile;
+    encryptionKey;
+    secretStore;
+    constructor(options = {}) {
+        const paths = (0, paths_js_1.resolveCliPaths)(options.paths);
+        this.configDir = paths.configDir;
+        this.configFile = paths.credentialsFile;
+        const seed = options.encryptionSeed ?? `${os.hostname()}:${os.userInfo().username}`;
+        this.encryptionKey = crypto.createHash('sha256').update(seed).digest();
+        this.secretStore =
+            options.secretStore ?? new cli_secret_store_js_1.CliSecretStore({ paths: options.paths, encryptionSeed: seed });
+    }
+    encrypt(plaintext) {
+        const iv = crypto.randomBytes(12);
+        const cipher = crypto.createCipheriv('aes-256-gcm', this.encryptionKey, iv);
+        const encrypted = Buffer.concat([cipher.update(plaintext, 'utf8'), cipher.final()]);
+        const tag = cipher.getAuthTag();
+        return {
+            iv: iv.toString('hex'),
+            tag: tag.toString('hex'),
+            data: encrypted.toString('hex'),
+        };
+    }
+    decrypt(encrypted) {
+        const iv = Buffer.from(encrypted.iv, 'hex');
+        const tag = Buffer.from(encrypted.tag, 'hex');
+        const data = Buffer.from(encrypted.data, 'hex');
+        const decipher = crypto.createDecipheriv('aes-256-gcm', this.encryptionKey, iv);
+        decipher.setAuthTag(tag);
+        return Buffer.concat([decipher.update(data), decipher.final()]).toString('utf8');
+    }
+    readConfig() {
+        if (!fs.existsSync(this.configFile)) {
+            return { credentials: {} };
+        }
+        const raw = fs.readFileSync(this.configFile, 'utf8');
+        return JSON.parse(raw);
+    }
+    writeConfig(config) {
+        if (!fs.existsSync(this.configDir)) {
+            fs.mkdirSync(this.configDir, { mode: 0o700, recursive: true });
+        }
+        fs.writeFileSync(this.configFile, JSON.stringify(config, null, 2), { mode: 0o600 });
+    }
+    save(type, value, rotateAfterDays = 90) {
+        if (!value || value.trim() === '') {
+            throw new Error('Credential value must not be empty');
+        }
+        const { iv, tag, data } = this.encrypt(value);
+        const config = this.readConfig();
+        config.credentials[type] = {
+            iv,
+            tag,
+            data,
+            createdAt: new Date().toISOString(),
+            rotateAfterDays,
+            type,
+        };
+        this.writeConfig(config);
+        console.log(`Credential saved for type: ${type}`);
+    }
+    load(type) {
+        const config = this.readConfig();
+        const entry = config.credentials[type];
+        if (!entry)
+            return null;
+        return this.decrypt({ iv: entry.iv, tag: entry.tag, data: entry.data });
+    }
+    isRotationDue(type) {
+        const config = this.readConfig();
+        const entry = config.credentials[type];
+        if (!entry)
+            return false;
+        const created = new Date(entry.createdAt).getTime();
+        const ageMs = Date.now() - created;
+        const thresholdMs = entry.rotateAfterDays * 24 * 60 * 60 * 1000;
+        return ageMs >= thresholdMs;
+    }
+    delete(type) {
+        const config = this.readConfig();
+        delete config.credentials[type];
+        this.writeConfig(config);
+        console.log(`Credential deleted for type: ${type}`);
+    }
+    list() {
+        const config = this.readConfig();
+        return Object.values(config.credentials).map((entry) => ({
+            type: entry.type,
+            createdAt: entry.createdAt,
+            rotationDue: this.isRotationDue(entry.type),
+        }));
+    }
+    saveTokens(tokens) {
+        this.secretStore.set('auth.tokens', tokens);
+    }
+    loadTokens() {
+        return this.secretStore.get('auth.tokens');
+    }
+    needsRefresh(tokens) {
+        return tokens.expiresAt < Date.now() + 5 * 60 * 1000;
+    }
+    isRefreshTokenValid(tokens) {
+        return tokens.refreshExpiresAt > Date.now();
+    }
+    saveIdentity(identity) {
+        this.secretStore.set('node.identity', identity);
+    }
+    loadIdentity() {
+        return this.secretStore.get('node.identity');
+    }
+    saveBootstrapToken(bootstrapToken) {
+        this.secretStore.set('bootstrap.token', bootstrapToken);
+    }
+    loadBootstrapToken() {
+        return this.secretStore.get('bootstrap.token');
+    }
+    clearAll() {
+        this.secretStore.clear();
+        if (fs.existsSync(this.configFile))
+            fs.unlinkSync(this.configFile);
+    }
+}
+exports.CredentialManager = CredentialManager;
+function createTempCredentialManager(tmpDir) {
+    return new CredentialManager({
+        paths: {
+            configDir: path.join(tmpDir, 'config'),
+            installDir: path.join(tmpDir, 'install'),
+        },
+        encryptionSeed: 'test-seed',
+    });
+}
+//# sourceMappingURL=credentials.js.map

package/dist/credentials.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"credentials.js","sourceRoot":"","sources":["../src/credentials.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAkMA,kEAQC;AA1MD,oDAAsC;AACtC,4CAA8B;AAC9B,4CAA8B;AAC9B,gDAAkC;AAClC,iDAAqE;AACrE,sEAA8D;AAgD9D,MAAa,iBAAiB;IACX,SAAS,CAAS;IAClB,UAAU,CAAS;IACnB,aAAa,CAAS;IACtB,WAAW,CAAiB;IAE7C,YAAY,UAAoC,EAAE;QAChD,MAAM,KAAK,GAAG,IAAA,0BAAe,EAAC,OAAO,CAAC,KAAK,CAAC,CAAC;QAC7C,IAAI,CAAC,SAAS,GAAG,KAAK,CAAC,SAAS,CAAC;QACjC,IAAI,CAAC,UAAU,GAAG,KAAK,CAAC,eAAe,CAAC;QACxC,MAAM,IAAI,GAAG,OAAO,CAAC,cAAc,IAAI,GAAG,EAAE,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE,CAAC;QACpF,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC;QACvE,IAAI,CAAC,WAAW;YACd,OAAO,CAAC,WAAW,IAAI,IAAI,oCAAc,CAAC,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,cAAc,EAAE,IAAI,EAAE,CAAC,CAAC;IAC9F,CAAC;IAEO,OAAO,CAAC,SAAiB;QAC/B,MAAM,EAAE,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;QAClC,MAAM,MAAM,GAAG,MAAM,CAAC,cAAc,CAAC,aAAa,EAAE,IAAI,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;QAC5E,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QACpF,MAAM,GAAG,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QAChC,OAAO;YACL,EAAE,EAAE,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC;YACtB,GAAG,EAAE,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC;YACxB,IAAI,EAAE,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC;SAChC,CAAC;IACJ,CAAC;IAEO,OAAO,CAAC,SAAoD;QAClE,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC;QAC5C,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QAC9C,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;QAChD,MAAM,QAAQ,GAAG,MAAM,CAAC,gBAAgB,CAAC,aAAa,EAAE,IAAI,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;QAChF,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;QACzB,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IACnF,CAAC;IAEO,UAAU;QAChB,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;YACpC,OAAO,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC;QAC7B,CAAC;QACD,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;QACrD,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAyB,CAAC;IACjD,CAAC;IAEO,WAAW,CAAC,MAA4B;QAC9C,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;YACnC,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,SAAS,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACjE,CAAC;QACD,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACtF,CAAC;IAED,IAAI,CAAC,IAAmB,EAAE,KAAa,EAAE,eAAe,GAAG,EAAE;QAC3D,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;YAClC,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;QACxD,CAAC;QACD,MAAM,EAAE,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;QAC9C,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;QACjC,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG;YACzB,EAAE;YACF,GAAG;YACH,IAAI;YACJ,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,eAAe;YACf,IAAI;SACL,CAAC;QACF,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QACzB,OAAO,CAAC,GAAG,CAAC,8BAA8B,IAAI,EAAE,CAAC,CAAC;IACpD,CAAC;IAED,IAAI,CAAC,IAAmB;QACtB,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;QACjC,MAAM,KAAK,GAAG,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;QACvC,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAC;QACxB,OAAO,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,EAAE,KAAK,CAAC,EAAE,EAAE,GAAG,EAAE,KAAK,CAAC,GAAG,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;IAC1E,CAAC;IAED,aAAa,CAAC,IAAmB;QAC/B,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;QACjC,MAAM,KAAK,GAAG,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;QACvC,IAAI,CAAC,KAAK;YAAE,OAAO,KAAK,CAAC;QACzB,MAAM,OAAO,GAAG,IAAI,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,CAAC;QACpD,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO,CAAC;QACnC,MAAM,WAAW,GAAG,KAAK,CAAC,eAAe,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;QAChE,OAAO,KAAK,IAAI,WAAW,CAAC;IAC9B,CAAC;IAED,MAAM,CAAC,IAAmB;QACxB,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;QACjC,OAAO,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;QAChC,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QACzB,OAAO,CAAC,GAAG,CAAC,gCAAgC,IAAI,EAAE,CAAC,CAAC;IACtD,CAAC;IAED,IAAI;QACF,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;QACjC,OAAO,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;YACvD,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,WAAW,EAAE,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,IAAI,CAAC;SAC5C,CAAC,CAAC,CAAC;IACN,CAAC;IAED,UAAU,CAAC,MAAkB;QAC3B,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC;IAC9C,CAAC;IAED,UAAU;QACR,OAAO,IAAI,CAAC,WAAW,CAAC,GAAG,CAAa,aAAa,CAAC,CAAC;IACzD,CAAC;IAED,YAAY,CAAC,MAAkB;QAC7B,OAAO,MAAM,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;IACvD,CAAC;IAED,mBAAmB,CAAC,MAAkB;QACpC,OAAO,MAAM,CAAC,gBAAgB,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC9C,CAAC;IAED,YAAY,CAAC,QAAwB;QACnC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,eAAe,EAAE,QAAQ,CAAC,CAAC;IAClD,CAAC;IAED,YAAY;QACV,OAAO,IAAI,CAAC,WAAW,CAAC,GAAG,CAAiB,eAAe,CAAC,CAAC;IAC/D,CAAC;IAED,kBAAkB,CAAC,cAA8B;QAC/C,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,iBAAiB,EAAE,cAAc,CAAC,CAAC;IAC1D,CAAC;IAED,kBAAkB;QAChB,OAAO,IAAI,CAAC,WAAW,CAAC,GAAG,CAAiB,iBAAiB,CAAC,CAAC;IACjE,CAAC;IAED,QAAQ;QACN,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,CAAC;QACzB,IAAI,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC;YAAE,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IACrE,CAAC;CACF;AA3ID,8CA2IC;AAED,SAAgB,2BAA2B,CAAC,MAAc;IACxD,OAAO,IAAI,iBAAiB,CAAC;QAC3B,KAAK,EAAE;YACL,SAAS,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC;YACtC,UAAU,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,SAAS,CAAC;SACzC;QACD,cAAc,EAAE,WAAW;KAC5B,CAAC,CAAC;AACL,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,3 @@
+#!/usr/bin/env node
+export {};
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":""}