@dinanathdash/envault 1.0.2 → 1.1.0

package/.env

@@ -0,0 +1,20 @@
+# Environment Variables Example
+
+Copy this file to `.env.local` and fill in your values.
+
+## Supabase Configuration
+NEXT_PUBLIC_SUPABASE_URL=your_supabase_url_here
+NEXT_PUBLIC_SUPABASE_ANON_KEY=your_supabase_anon_key_here
+
+## Encryption Key (Required)
+# Generate a new key with: node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"
+# IMPORTANT: Keep this secret and never commit it to version control
+# If you lose this key, all encrypted data becomes unrecoverable
+ENCRYPTION_KEY=your_64_character_hex_encryption_key_here
+
+## Supabase Service Role Key (Required)
+SUPABASE_SERVICE_ROLE_KEY=your_supabase_service_role_key_here
+
+# Redis (Upstash)
+UPSTASH_REDIS_REST_URL=your_upstash_redis_rest_url_here
+UPSTASH_REDIS_REST_TOKEN=your_upstash_redis_rest_token_here

package/CHANGELOG.md

@@ -1,3 +1,10 @@
+# [1.1.0](https://github.com/DinanathDash/Envault/compare/v1.0.2...v1.1.0) (2026-02-01)
+
+
+### Features
+
+* Implement CLI device authentication, add new CLI API routes for projects and secrets, and enhance CLI commands with improved warnings. ([e4871c4](https://github.com/DinanathDash/Envault/commit/e4871c453d7e3974e94505e1f65014350a15a53a))
+
 ## [1.0.2](https://github.com/DinanathDash/Envault/compare/v1.0.1...v1.0.2) (2026-02-01)
 
 

package/README.md

@@ -1,9 +1,5 @@
 # Envault CLI
 
-<p align="center">
-  <img src="https://envault.tech/logo.png" alt="Envault Logo" width="100" />
-</p>
-
 <p align="center">
   <b>Secure Environment Variable Management for Modern Teams</b>
 </p>

package/bin/envault.js

@@ -7,6 +7,10 @@ import { login } from '../src/commands/login.js';
 import { init } from '../src/commands/init.js';
 import { deploy } from '../src/commands/deploy.js';
 import { pull } from '../src/commands/pull.js';
+import { createRequire } from 'module';
+
+const require = createRequire(import.meta.url);
+const pkg = require('../package.json');
 
 const program = new Command();
 
@@ -26,7 +30,7 @@ const showLogo = () => {
 program
     .name('envault')
     .description('Cliff-side security for your environment variables')
-    .version('1.0.0')
+    .version(pkg.version)
     .hook('preAction', (thisCommand) => {
         // Show logo on all commands? Maybe too noisy.
         // Let's show it only on help or specific ones.
@@ -50,6 +54,7 @@ program.command('deploy')
     .description('Deploy local .env to Envault (Encrypt & Push)')
     .option('-p, --project <id>', 'Project ID')
     .option('--dry-run', 'Show what would change without pushing')
+    .option('-f, --force', 'Skip confirmation prompts')
     .action(async (options) => {
         await deploy(options);
     });

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@dinanathdash/envault",
-    "version": "1.0.2",
+    "version": "1.1.0",
     "description": "Envault CLI - Securely manage your environment variables",
     "repository": {
         "type": "git",
@@ -37,5 +37,8 @@
         "@semantic-release/exec": "^7.1.0",
         "@semantic-release/git": "^10.0.1",
         "semantic-release": "^25.0.3"
+    },
+    "overrides": {
+        "tar": "^7.5.7"
     }
 }

package/release.config.js

@@ -13,7 +13,7 @@ const config = {
         [
             '@semantic-release/git',
             {
-                assets: ['package.json', 'CHANGELOG.md', 'README.md'],
+                assets: ['package.json', 'package-lock.json', 'CHANGELOG.md', 'README.md'],
                 message: 'chore(release): ${nextRelease.version} [skip ci]\n\n${nextRelease.notes}',
             },
         ],

package/src/commands/deploy.js

@@ -1,3 +1,5 @@
+import boxen from 'boxen';
+import inquirer from 'inquirer';
 
 import fs from 'fs';
 import dotenv from 'dotenv';
@@ -41,6 +43,57 @@ export async function deploy(options) {
         return;
     }
 
+    if (!options.force) {
+        let projectName = 'Envault';
+        try {
+            // Attempt to fetch project name. If fails, fallback to 'Envault'
+            // We use the list endpoint as we know it exists from init.js
+            const { data } = await api.get('/projects');
+            const projects = data.projects || data.data || [];
+            const project = projects.find(p => p.id === projectId);
+            if (project) {
+                projectName = project.name;
+            }
+        } catch (e) {
+            // Ignore error and use default
+        }
+
+        const appUrl = process.env.NEXT_PUBLIC_APP_URL || 'https://envault.tech';
+
+        console.log(boxen(
+            chalk.red.bold('WARNING: OVERWRITING REMOTE SECRETS') +
+            '\n\n' +
+            chalk.white('You are about to ') + chalk.red.bold('DEPLOY') + chalk.white(' local variables to your project:') +
+            '\n' +
+            chalk.cyan.bold(projectName) +
+            '\n\n' +
+            chalk.white('Existing secrets in the project will be ') + chalk.red.bold('OVERWRITTEN') + chalk.white(' by values in your .env.') +
+            '\n\n' +
+            chalk.dim('We recommend checking the dashboard for differences:') +
+            '\n' +
+            chalk.cyan(`${appUrl}/projects/${projectId}`),
+            {
+                padding: 1,
+                margin: 1,
+                borderStyle: 'double',
+                borderColor: 'red',
+                title: 'Deploy Warning',
+                titleAlignment: 'center'
+            }
+        ));
+
+        const { confirm } = await inquirer.prompt([{
+            type: 'confirm',
+            name: 'confirm',
+            message: `Are you sure you want to deploy ${secrets.length} secrets to the project?`,
+            default: false
+        }]);
+        if (!confirm) {
+            console.log(chalk.yellow('Operation cancelled.'));
+            return;
+        }
+    }
+
     const spinner = ora('Encrypting and deploying secrets...').start();
 
     try {

package/src/commands/init.js

@@ -43,17 +43,46 @@ export async function init() {
     }
 
     if (projects.length === 0) {
-        console.log(chalk.yellow('No projects found. Create one in the dashboard first.'));
-        return;
+        console.log(chalk.yellow('No existing projects found.'));
     }
 
-    const { projectId } = await inquirer.prompt([{
+    const { selectedProjectId } = await inquirer.prompt([{
         type: 'list',
-        name: 'projectId',
+        name: 'selectedProjectId',
         message: 'Select the project to link:',
-        choices: projects.map(p => ({ name: p.name, value: p.id }))
+        choices: [
+            new inquirer.Separator(),
+            { name: '+ Create New Project', value: 'CREATE_NEW' },
+            new inquirer.Separator(),
+            ...projects.map(p => ({ name: p.name, value: p.id }))
+        ]
     }]);
 
-    fs.writeFileSync('envault.json', JSON.stringify({ projectId }, null, 2));
-    console.log(chalk.green(`\n✔ Project linked! (ID: ${projectId})`));
+    let projectId = selectedProjectId;
+
+    if (selectedProjectId === 'CREATE_NEW') {
+        const { newProjectName } = await inquirer.prompt([{
+            type: 'input',
+            name: 'newProjectName',
+            message: 'Enter name for the new project:',
+            validate: input => input.trim().length > 0 ? true : 'Project name cannot be empty'
+        }]);
+
+        const createSpinner = ora('Creating project...').start();
+        try {
+            const { data } = await api.post('/projects', { name: newProjectName });
+            projectId = data.project.id;
+            createSpinner.succeed(chalk.green(`Project "${data.project.name}" created!`));
+        } catch (error) {
+            createSpinner.fail('Failed to create project.');
+            console.error(chalk.red(handleApiError(error)));
+            return; // Exit if creation fails
+        }
+    }
+
+    // Only write config if we have a valid projectId
+    if (projectId) {
+        fs.writeFileSync('envault.json', JSON.stringify({ projectId }, null, 2));
+        console.log(chalk.green(`\n✔ Project linked! (ID: ${projectId})`));
+    }
 }

package/src/commands/login.js

@@ -5,6 +5,7 @@ import ora from 'ora';
 import open from 'open';
 import { api, handleApiError } from '../lib/api.js';
 import { setToken } from '../lib/config.js';
+import os from 'os';
 
 export async function login() {
     console.log(chalk.blue('  Starting Device Authentication Flow...\n'));
@@ -13,8 +14,16 @@ export async function login() {
     const spinner = ora('Contacting Envault servers...').start();
     let deviceCode, userCode, verificationUri, interval;
 
+    const deviceInfo = {
+        hostname: os.hostname(),
+        platform: os.platform(),
+        release: os.release(),
+        type: os.type(),
+        arch: os.arch()
+    };
+
     try {
-        const { data } = await api.post('/auth/device/code');
+        const { data } = await api.post('/auth/device/code', { device_info: deviceInfo });
         deviceCode = data.device_code;
         userCode = data.user_code; // 8-char
         verificationUri = data.verification_uri;

package/src/commands/pull.js

@@ -2,6 +2,8 @@
 import fs from 'fs';
 import chalk from 'chalk';
 import ora from 'ora';
+import boxen from 'boxen';
+
 import inquirer from 'inquirer';
 import { api, handleApiError } from '../lib/api.js';
 
@@ -22,13 +24,50 @@ export async function pull(options) {
     }
 
     if (fs.existsSync('.env') && !options.force) {
+        let projectName = 'Envault';
+        try {
+            const { data } = await api.get('/projects');
+            const projects = data.projects || data.data || [];
+            const project = projects.find(p => p.id === projectId);
+            if (project) {
+                projectName = project.name;
+            }
+        } catch (e) {
+            // Ignore
+        }
+
+        const appUrl = process.env.NEXT_PUBLIC_APP_URL || 'https://envault.tech';
+
+        console.log(boxen(
+            chalk.red.bold('WARNING: POTENTIAL DATA LOSS') +
+            '\n\n' +
+            chalk.white('You are about to ') + chalk.red.bold('OVERWRITE') + chalk.white(' your local ') + chalk.yellow('.env') + chalk.white(' file.') +
+            '\n\n' +
+            chalk.white('Any local changes not synced to ') + chalk.cyan.bold(projectName) + chalk.white(' will be ') + chalk.red.bold('PERMANENTLY LOST.') +
+            '\n\n' +
+            chalk.dim('We recommend checking the dashboard for differences:') +
+            '\n' +
+            chalk.cyan(`${appUrl}/projects/${projectId}`),
+            {
+                padding: 1,
+                margin: 1,
+                borderStyle: 'double',
+                borderColor: 'red',
+                title: 'Sync Warning',
+                titleAlignment: 'center'
+            }
+        ));
+
         const { confirm } = await inquirer.prompt([{
             type: 'confirm',
             name: 'confirm',
-            message: 'This will overwrite your current .env file. Continue?',
+            message: 'Are you sure you want to overwrite your local .env file?',
             default: false
         }]);
-        if (!confirm) return;
+        if (!confirm) {
+            console.log(chalk.yellow('Operation cancelled.'));
+            return;
+        }
     }
 
     const spinner = ora('Fetching secrets...').start();

package/src/lib/api.js

@@ -1,6 +1,6 @@
 
 import axios from 'axios';
-import { getToken, getApiUrl } from './config.js';
+import { getToken, getApiUrl, clearToken } from './config.js';
 
 export const api = axios.create({
     baseURL: getApiUrl(),
@@ -17,6 +17,28 @@ api.interceptors.request.use((config) => {
     return config;
 });
 
+// Handle token expiration
+api.interceptors.response.use(
+    (response) => response,
+    (error) => {
+        if (error.response?.status === 401) {
+            const errorMsg = error.response?.data?.error;
+            if (errorMsg === 'token_expired') {
+                console.error('\n❌ Your session has expired (tokens are valid for 3 days).');
+                console.error('Please run "envault login" to authenticate again.\n');
+                clearToken();
+                process.exit(1);
+            } else if (errorMsg === 'Invalid token' || errorMsg === 'Missing or invalid authorization header') {
+                console.error('\n❌ Authentication required.');
+                console.error('Please run "envault login" to authenticate.\n');
+                clearToken();
+                process.exit(1);
+            }
+        }
+        return Promise.reject(error);
+    }
+);
+
 export function handleApiError(error) {
     if (error.response) {
         return error.response.data.error || error.response.statusText;