@dinanathdash/envault 1.0.0 → 1.1.0

package/.env

@@ -0,0 +1,20 @@
+# Environment Variables Example
+
+Copy this file to `.env.local` and fill in your values.
+
+## Supabase Configuration
+NEXT_PUBLIC_SUPABASE_URL=your_supabase_url_here
+NEXT_PUBLIC_SUPABASE_ANON_KEY=your_supabase_anon_key_here
+
+## Encryption Key (Required)
+# Generate a new key with: node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"
+# IMPORTANT: Keep this secret and never commit it to version control
+# If you lose this key, all encrypted data becomes unrecoverable
+ENCRYPTION_KEY=your_64_character_hex_encryption_key_here
+
+## Supabase Service Role Key (Required)
+SUPABASE_SERVICE_ROLE_KEY=your_supabase_service_role_key_here
+
+# Redis (Upstash)
+UPSTASH_REDIS_REST_URL=your_upstash_redis_rest_url_here
+UPSTASH_REDIS_REST_TOKEN=your_upstash_redis_rest_token_here

package/CHANGELOG.md

@@ -0,0 +1,38 @@
+# [1.1.0](https://github.com/DinanathDash/Envault/compare/v1.0.2...v1.1.0) (2026-02-01)
+
+
+### Features
+
+* Implement CLI device authentication, add new CLI API routes for projects and secrets, and enhance CLI commands with improved warnings. ([e4871c4](https://github.com/DinanathDash/Envault/commit/e4871c453d7e3974e94505e1f65014350a15a53a))
+
+## [1.0.2](https://github.com/DinanathDash/Envault/compare/v1.0.1...v1.0.2) (2026-02-01)
+
+
+### Bug Fixes
+
+* sync version and verify automated release ([ab54ab2](https://github.com/DinanathDash/Envault/commit/ab54ab2b4a9ac045ea986d34d9187ab4c705c76e))
+
+# 1.0.0 (2026-02-01)
+
+
+### Bug Fixes
+
+* **ci:** upgrade node to v22 for semantic-release ([fcdd294](https://github.com/DinanathDash/Envault/commit/fcdd29467dad11ddbe33190df04afd6ba03bfde0))
+
+
+### Features
+
+* Add comprehensive authentication flows including password reset, email confirmation, and update password with new UI components and email templates. ([c1da2ed](https://github.com/DinanathDash/Envault/commit/c1da2ed12a5669e76ad2d28d1c37564e55c3aeee))
+* add landing page animations and update auth pages ([3c04f52](https://github.com/DinanathDash/Envault/commit/3c04f529ffa6dc2cf3e0bfdadb95fa5491a810f0))
+* Add Open Graph and Twitter image metadata, including a new `open-graph.png` asset. ([3291026](https://github.com/DinanathDash/Envault/commit/3291026e2311b5d1f80016a769ba8c0fab2171d5))
+* Add project governance documents, update README, and implement async secret decryption and user sign-out. ([380c88a](https://github.com/DinanathDash/Envault/commit/380c88accae92a7c0583c0bdd28963f55fc523f1))
+* Add variable value visibility toggle, implement Tooltip component, and refine UI spacing and responsiveness. ([25fd618](https://github.com/DinanathDash/Envault/commit/25fd618f58977f8ef128105ac3d59466498c0637))
+* document Upstash Redis integration and add rounded corners to favicon. ([7d68a5d](https://github.com/DinanathDash/Envault/commit/7d68a5d944b66547199268bfc5a93dc16fc0cfa6))
+* Implement .env file download functionality and update application icons. ([81db44b](https://github.com/DinanathDash/Envault/commit/81db44b9094c21a5bbc314cd427b049fbdaff580))
+* Implement amber theme for landing page and optimize session monitoring for public routes. ([e8634f2](https://github.com/DinanathDash/Envault/commit/e8634f2ac4d3e2561fc27c2d466ace91dcee0b00))
+* implement CLI authentication and device flow ([85f794f](https://github.com/DinanathDash/Envault/commit/85f794feffa3256c1bb9f40fd37de28962fe045c))
+* Implement core application structure with user authentication, project and environment variable management, and a comprehensive UI component library. ([1990916](https://github.com/DinanathDash/Envault/commit/1990916e90d2277b503c69363a4409e2c6d34db3))
+* Implement key wrapping and rotation, add GitHub authentication, and enhance variable dialog with upsert logic and status indicators. ([a73783e](https://github.com/DinanathDash/Envault/commit/a73783ecedbd36d947fdd9b7ab39e7e38ea4edb1))
+* Implement user authentication, project management, and bulk .env variable import with encryption. ([aa890cf](https://github.com/DinanathDash/Envault/commit/aa890cf9c4eee958648e5c82a8af4e0234cd5026))
+* Introduce preloader component, global loading state, and skeleton UIs for dashboard and project views. ([3f052d6](https://github.com/DinanathDash/Envault/commit/3f052d6300133398505e43748a97e7aac2f29624))
+* Refactor key rotation to use chunked processing and job management, integrate Upstash Redis for caching, and add Vercel Analytics. ([17ba173](https://github.com/DinanathDash/Envault/commit/17ba173e03c8f139f98069b6b04a0b77c9dea428))

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Dinanath Dash
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,62 @@
+# Envault CLI
+
+<p align="center">
+  <b>Secure Environment Variable Management for Modern Teams</b>
+</p>
+
+<p align="center">
+  Securely push, pull, and manage your secrets directly from your terminal with the same ease as `git push`.
+</p>
+
+---
+
+## Features
+
+- 🔒 **End-to-End Encryption**: Secrets are encrypted before they leave your machine.
+- 🔑 **Device Flow Authentication**: Secure, browser-based login mechanism.
+- 🚀 **Zero-Config**: Works with your existing `.env` files.
+- ⚡ **Framework Agnostic**: Works with Next.js, Node.js, Python, Go, etc.
+
+## Installation
+
+You can run Envault directly using `npx` (recommended) or install it globally.
+
+### Using Number (Zero Install)
+```bash
+npx @dinanathdash/envault login
+```
+
+### Global Install
+```bash
+npm install -g @dinanathdash/envault
+```
+
+## Quick Start
+
+### 1. Login
+Authenticate your machine securely.
+```bash
+envault login
+```
+
+### 2. Initialize Project
+Link your current folder to an Envault project.
+```bash
+envault init
+```
+
+### 3. Deploy Secrets
+Push your local `.env` variables to the secure cloud vault.
+```bash
+envault deploy
+```
+
+### 4. Pull Secrets
+Fetch the latest secrets from the cloud and update your `.env` file.
+```bash
+envault pull
+```
+
+## License
+
+MIT © [Envault](https://envault.tech)

package/bin/envault.js

@@ -7,6 +7,10 @@ import { login } from '../src/commands/login.js';
 import { init } from '../src/commands/init.js';
 import { deploy } from '../src/commands/deploy.js';
 import { pull } from '../src/commands/pull.js';
+import { createRequire } from 'module';
+
+const require = createRequire(import.meta.url);
+const pkg = require('../package.json');
 
 const program = new Command();
 
@@ -26,7 +30,7 @@ const showLogo = () => {
 program
     .name('envault')
     .description('Cliff-side security for your environment variables')
-    .version('1.0.0')
+    .version(pkg.version)
     .hook('preAction', (thisCommand) => {
         // Show logo on all commands? Maybe too noisy.
         // Let's show it only on help or specific ones.
@@ -50,6 +54,7 @@ program.command('deploy')
     .description('Deploy local .env to Envault (Encrypt & Push)')
     .option('-p, --project <id>', 'Project ID')
     .option('--dry-run', 'Show what would change without pushing')
+    .option('-f, --force', 'Skip confirmation prompts')
     .action(async (options) => {
         await deploy(options);
     });

package/package.json

@@ -1,7 +1,11 @@
 {
     "name": "@dinanathdash/envault",
-    "version": "1.0.0",
+    "version": "1.1.0",
     "description": "Envault CLI - Securely manage your environment variables",
+    "repository": {
+        "type": "git",
+        "url": "https://github.com/DinanathDash/Envault.git"
+    },
     "main": "src/index.js",
     "bin": {
         "envault": "./bin/envault.js"
@@ -25,7 +29,16 @@
         "conf": "^12.0.0",
         "dotenv": "^16.3.1",
         "inquirer": "^9.2.11",
-        "ora": "^7.0.1",
-        "open": "^10.0.3"
+        "open": "^10.0.3",
+        "ora": "^7.0.1"
+    },
+    "devDependencies": {
+        "@semantic-release/changelog": "^6.0.3",
+        "@semantic-release/exec": "^7.1.0",
+        "@semantic-release/git": "^10.0.1",
+        "semantic-release": "^25.0.3"
+    },
+    "overrides": {
+        "tar": "^7.5.7"
     }
-}
+}

package/release.config.js

@@ -0,0 +1,24 @@
+const config = {
+    branches: ['main'],
+    plugins: [
+        '@semantic-release/commit-analyzer',
+        '@semantic-release/release-notes-generator',
+        [
+            '@semantic-release/changelog',
+            {
+                changelogFile: 'CHANGELOG.md',
+            },
+        ],
+        '@semantic-release/npm', // Updates package.json and publishes
+        [
+            '@semantic-release/git',
+            {
+                assets: ['package.json', 'package-lock.json', 'CHANGELOG.md', 'README.md'],
+                message: 'chore(release): ${nextRelease.version} [skip ci]\n\n${nextRelease.notes}',
+            },
+        ],
+        '@semantic-release/github',
+    ],
+};
+
+export default config;

package/src/commands/deploy.js

@@ -1,3 +1,5 @@
+import boxen from 'boxen';
+import inquirer from 'inquirer';
 
 import fs from 'fs';
 import dotenv from 'dotenv';
@@ -41,6 +43,57 @@ export async function deploy(options) {
         return;
     }
 
+    if (!options.force) {
+        let projectName = 'Envault';
+        try {
+            // Attempt to fetch project name. If fails, fallback to 'Envault'
+            // We use the list endpoint as we know it exists from init.js
+            const { data } = await api.get('/projects');
+            const projects = data.projects || data.data || [];
+            const project = projects.find(p => p.id === projectId);
+            if (project) {
+                projectName = project.name;
+            }
+        } catch (e) {
+            // Ignore error and use default
+        }
+
+        const appUrl = process.env.NEXT_PUBLIC_APP_URL || 'https://envault.tech';
+
+        console.log(boxen(
+            chalk.red.bold('WARNING: OVERWRITING REMOTE SECRETS') +
+            '\n\n' +
+            chalk.white('You are about to ') + chalk.red.bold('DEPLOY') + chalk.white(' local variables to your project:') +
+            '\n' +
+            chalk.cyan.bold(projectName) +
+            '\n\n' +
+            chalk.white('Existing secrets in the project will be ') + chalk.red.bold('OVERWRITTEN') + chalk.white(' by values in your .env.') +
+            '\n\n' +
+            chalk.dim('We recommend checking the dashboard for differences:') +
+            '\n' +
+            chalk.cyan(`${appUrl}/projects/${projectId}`),
+            {
+                padding: 1,
+                margin: 1,
+                borderStyle: 'double',
+                borderColor: 'red',
+                title: 'Deploy Warning',
+                titleAlignment: 'center'
+            }
+        ));
+
+        const { confirm } = await inquirer.prompt([{
+            type: 'confirm',
+            name: 'confirm',
+            message: `Are you sure you want to deploy ${secrets.length} secrets to the project?`,
+            default: false
+        }]);
+        if (!confirm) {
+            console.log(chalk.yellow('Operation cancelled.'));
+            return;
+        }
+    }
+
     const spinner = ora('Encrypting and deploying secrets...').start();
 
     try {

package/src/commands/init.js

@@ -43,17 +43,46 @@ export async function init() {
     }
 
     if (projects.length === 0) {
-        console.log(chalk.yellow('No projects found. Create one in the dashboard first.'));
-        return;
+        console.log(chalk.yellow('No existing projects found.'));
     }
 
-    const { projectId } = await inquirer.prompt([{
+    const { selectedProjectId } = await inquirer.prompt([{
         type: 'list',
-        name: 'projectId',
+        name: 'selectedProjectId',
         message: 'Select the project to link:',
-        choices: projects.map(p => ({ name: p.name, value: p.id }))
+        choices: [
+            new inquirer.Separator(),
+            { name: '+ Create New Project', value: 'CREATE_NEW' },
+            new inquirer.Separator(),
+            ...projects.map(p => ({ name: p.name, value: p.id }))
+        ]
     }]);
 
-    fs.writeFileSync('envault.json', JSON.stringify({ projectId }, null, 2));
-    console.log(chalk.green(`\n✔ Project linked! (ID: ${projectId})`));
+    let projectId = selectedProjectId;
+
+    if (selectedProjectId === 'CREATE_NEW') {
+        const { newProjectName } = await inquirer.prompt([{
+            type: 'input',
+            name: 'newProjectName',
+            message: 'Enter name for the new project:',
+            validate: input => input.trim().length > 0 ? true : 'Project name cannot be empty'
+        }]);
+
+        const createSpinner = ora('Creating project...').start();
+        try {
+            const { data } = await api.post('/projects', { name: newProjectName });
+            projectId = data.project.id;
+            createSpinner.succeed(chalk.green(`Project "${data.project.name}" created!`));
+        } catch (error) {
+            createSpinner.fail('Failed to create project.');
+            console.error(chalk.red(handleApiError(error)));
+            return; // Exit if creation fails
+        }
+    }
+
+    // Only write config if we have a valid projectId
+    if (projectId) {
+        fs.writeFileSync('envault.json', JSON.stringify({ projectId }, null, 2));
+        console.log(chalk.green(`\n✔ Project linked! (ID: ${projectId})`));
+    }
 }

package/src/commands/login.js

@@ -5,6 +5,7 @@ import ora from 'ora';
 import open from 'open';
 import { api, handleApiError } from '../lib/api.js';
 import { setToken } from '../lib/config.js';
+import os from 'os';
 
 export async function login() {
     console.log(chalk.blue('  Starting Device Authentication Flow...\n'));
@@ -13,8 +14,16 @@ export async function login() {
     const spinner = ora('Contacting Envault servers...').start();
     let deviceCode, userCode, verificationUri, interval;
 
+    const deviceInfo = {
+        hostname: os.hostname(),
+        platform: os.platform(),
+        release: os.release(),
+        type: os.type(),
+        arch: os.arch()
+    };
+
     try {
-        const { data } = await api.post('/auth/device/code');
+        const { data } = await api.post('/auth/device/code', { device_info: deviceInfo });
         deviceCode = data.device_code;
         userCode = data.user_code; // 8-char
         verificationUri = data.verification_uri;

package/src/commands/pull.js

@@ -2,6 +2,8 @@
 import fs from 'fs';
 import chalk from 'chalk';
 import ora from 'ora';
+import boxen from 'boxen';
+
 import inquirer from 'inquirer';
 import { api, handleApiError } from '../lib/api.js';
 
@@ -22,13 +24,50 @@ export async function pull(options) {
     }
 
     if (fs.existsSync('.env') && !options.force) {
+        let projectName = 'Envault';
+        try {
+            const { data } = await api.get('/projects');
+            const projects = data.projects || data.data || [];
+            const project = projects.find(p => p.id === projectId);
+            if (project) {
+                projectName = project.name;
+            }
+        } catch (e) {
+            // Ignore
+        }
+
+        const appUrl = process.env.NEXT_PUBLIC_APP_URL || 'https://envault.tech';
+
+        console.log(boxen(
+            chalk.red.bold('WARNING: POTENTIAL DATA LOSS') +
+            '\n\n' +
+            chalk.white('You are about to ') + chalk.red.bold('OVERWRITE') + chalk.white(' your local ') + chalk.yellow('.env') + chalk.white(' file.') +
+            '\n\n' +
+            chalk.white('Any local changes not synced to ') + chalk.cyan.bold(projectName) + chalk.white(' will be ') + chalk.red.bold('PERMANENTLY LOST.') +
+            '\n\n' +
+            chalk.dim('We recommend checking the dashboard for differences:') +
+            '\n' +
+            chalk.cyan(`${appUrl}/projects/${projectId}`),
+            {
+                padding: 1,
+                margin: 1,
+                borderStyle: 'double',
+                borderColor: 'red',
+                title: 'Sync Warning',
+                titleAlignment: 'center'
+            }
+        ));
+
         const { confirm } = await inquirer.prompt([{
             type: 'confirm',
             name: 'confirm',
-            message: 'This will overwrite your current .env file. Continue?',
+            message: 'Are you sure you want to overwrite your local .env file?',
             default: false
         }]);
-        if (!confirm) return;
+        if (!confirm) {
+            console.log(chalk.yellow('Operation cancelled.'));
+            return;
+        }
     }
 
     const spinner = ora('Fetching secrets...').start();

package/src/lib/api.js

@@ -1,6 +1,6 @@
 
 import axios from 'axios';
-import { getToken, getApiUrl } from './config.js';
+import { getToken, getApiUrl, clearToken } from './config.js';
 
 export const api = axios.create({
     baseURL: getApiUrl(),
@@ -17,6 +17,28 @@ api.interceptors.request.use((config) => {
     return config;
 });
 
+// Handle token expiration
+api.interceptors.response.use(
+    (response) => response,
+    (error) => {
+        if (error.response?.status === 401) {
+            const errorMsg = error.response?.data?.error;
+            if (errorMsg === 'token_expired') {
+                console.error('\n❌ Your session has expired (tokens are valid for 3 days).');
+                console.error('Please run "envault login" to authenticate again.\n');
+                clearToken();
+                process.exit(1);
+            } else if (errorMsg === 'Invalid token' || errorMsg === 'Missing or invalid authorization header') {
+                console.error('\n❌ Authentication required.');
+                console.error('Please run "envault login" to authenticate.\n');
+                clearToken();
+                process.exit(1);
+            }
+        }
+        return Promise.reject(error);
+    }
+);
+
 export function handleApiError(error) {
     if (error.response) {
         return error.response.data.error || error.response.statusText;

package/src/lib/config.js

@@ -26,6 +26,10 @@ export function clearToken() {
 }
 
 export function getApiUrl() {
-    // Default to localhost for dev, but should check env
-    return process.env.ENVAULT_API_URL || 'http://localhost:3000/api/cli';
+    // Check for developer override first
+    if (process.env.ENVAULT_API_URL) {
+        return process.env.ENVAULT_API_URL;
+    }
+    // Default to production for the published package
+    return 'https://envault.tech/api/cli';
 }