@elding/cli 0.1.0

package/dist/commands/init.d.ts

@@ -0,0 +1 @@
+export declare function init(): Promise<void>;

package/dist/commands/init.js

@@ -0,0 +1,49 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.init = init;
+const config_js_1 = require("../lib/config.js");
+const api_js_1 = require("../lib/api.js");
+async function init() {
+    const { default: chalk } = await import("chalk");
+    const { default: ora } = await import("ora");
+    const { default: inquirer } = await import("inquirer");
+    const config = (0, config_js_1.readConfig)();
+    if (!config) {
+        console.error(chalk.red("Non connecté. Lancez `elding login` d'abord."));
+        process.exit(1);
+    }
+    const spinner = ora("Récupération des sets...").start();
+    let accessToken;
+    try {
+        accessToken = await (0, api_js_1.exchangeToken)(config.refreshToken);
+    }
+    catch (err) {
+        spinner.fail(chalk.red("Impossible d'obtenir un access token. Relancez `elding login`."));
+        process.exit(1);
+    }
+    let sets;
+    try {
+        sets = await (0, api_js_1.listSets)(accessToken);
+        spinner.stop();
+    }
+    catch (err) {
+        spinner.fail(chalk.red("Impossible de récupérer les sets."));
+        process.exit(1);
+    }
+    if (sets.length === 0) {
+        console.log(chalk.yellow("Aucun set trouvé. Créez-en un sur app.elding.io."));
+        process.exit(0);
+    }
+    const { setId } = await inquirer.prompt([
+        {
+            type: "list",
+            name: "setId",
+            message: "Quel set utiliser pour ce projet ?",
+            choices: sets.map((s) => ({ name: s.name, value: s.id })),
+        },
+    ]);
+    const selected = sets.find((s) => s.id === setId);
+    (0, config_js_1.writeProject)({ setId: selected.id, setName: selected.name });
+    console.log(chalk.green(`✓ Set "${selected.name}" configuré dans .elding.json`));
+    console.log(chalk.dim("Ajoutez .elding.json à votre .gitignore si besoin."));
+}

package/dist/commands/login.d.ts

@@ -0,0 +1 @@
+export declare function login(): Promise<void>;

package/dist/commands/login.js

@@ -0,0 +1,65 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.login = login;
+const http_1 = __importDefault(require("http"));
+const crypto_1 = __importDefault(require("crypto"));
+const config_js_1 = require("../lib/config.js");
+const BASE_URL = process.env.ELDING_API_URL ?? "https://app.elding.io";
+const TIMEOUT_MS = 5 * 60 * 1000;
+function randomPort() {
+    return Math.floor(Math.random() * (65535 - 49152 + 1)) + 49152;
+}
+async function login() {
+    const { default: chalk } = await import("chalk");
+    const { default: open } = await import("open");
+    const { default: ora } = await import("ora");
+    const state = crypto_1.default.randomBytes(16).toString("hex");
+    const port = randomPort();
+    const callbackUrl = `http://localhost:${port}`;
+    const authUrl = `${BASE_URL}/cli` +
+        `?state=${encodeURIComponent(state)}` +
+        `&callback=${encodeURIComponent(callbackUrl)}`;
+    const spinner = ora("En attente d'autorisation dans le navigateur...").start();
+    const token = await new Promise((resolve, reject) => {
+        const timeout = setTimeout(() => {
+            server.close();
+            reject(new Error("Timeout — aucune réponse après 5 minutes"));
+        }, TIMEOUT_MS);
+        const server = http_1.default.createServer((req, res) => {
+            const url = new URL(req.url ?? "/", `http://localhost:${port}`);
+            const receivedToken = url.searchParams.get("token");
+            const receivedState = url.searchParams.get("state");
+            const tokenValid = typeof receivedToken === "string" &&
+                receivedToken.startsWith("eld_rt_") &&
+                receivedToken.length === 7 + 64; // "eld_rt_" + 32 bytes hex
+            if (receivedState !== state || !tokenValid) {
+                res.writeHead(400, { "Content-Type": "text/html; charset=utf-8" });
+                res.end("<p>Paramètres invalides. Fermez cet onglet.</p>");
+                return;
+            }
+            res.writeHead(200, { "Content-Type": "text/html; charset=utf-8" });
+            res.end(`<!DOCTYPE html><html><head><meta charset="utf-8"></head><body style="font-family:sans-serif;padding:2rem">
+        <p>✅ <strong>Authentification réussie.</strong> Vous pouvez fermer cet onglet.</p>
+      </body></html>`);
+            clearTimeout(timeout);
+            server.close();
+            resolve(receivedToken);
+        });
+        server.on("error", (err) => {
+            clearTimeout(timeout);
+            reject(err);
+        });
+        server.listen(port, "127.0.0.1", () => {
+            open(authUrl).catch((err) => {
+                spinner.warn(`Impossible d'ouvrir le navigateur automatiquement.`);
+                console.log(chalk.cyan(`Ouvrez manuellement : ${authUrl}`));
+            });
+        });
+    });
+    (0, config_js_1.writeConfig)({ refreshToken: token });
+    spinner.succeed(chalk.green("Connecté avec succès."));
+    console.log(chalk.dim("Token sauvegardé dans ~/.elding/config.json"));
+}

package/dist/commands/run.d.ts

@@ -0,0 +1 @@
+export declare function run(cmd: string, args: string[]): Promise<void>;

package/dist/commands/run.js

@@ -0,0 +1,42 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.run = run;
+const child_process_1 = require("child_process");
+const config_js_1 = require("../lib/config.js");
+const api_js_1 = require("../lib/api.js");
+async function run(cmd, args) {
+    const { default: chalk } = await import("chalk");
+    const { default: ora } = await import("ora");
+    const config = (0, config_js_1.readConfig)();
+    if (!config) {
+        console.error(chalk.red("Non connecté. Lancez `elding login` d'abord."));
+        process.exit(1);
+    }
+    const project = (0, config_js_1.readProject)();
+    if (!project) {
+        console.error(chalk.red("Projet non initialisé. Lancez `elding init` d'abord."));
+        process.exit(1);
+    }
+    const spinner = ora("Récupération des secrets...").start();
+    let secrets;
+    try {
+        const accessToken = await (0, api_js_1.exchangeToken)(config.refreshToken);
+        secrets = await (0, api_js_1.fetchSecrets)(accessToken, project.setId);
+        spinner.succeed(chalk.green(`${Object.keys(secrets).length} secret(s) chargé(s).`));
+    }
+    catch (err) {
+        spinner.fail(chalk.red(err instanceof Error ? err.message : "Erreur inconnue"));
+        process.exit(1);
+    }
+    const env = { ...process.env, ...secrets };
+    const result = (0, child_process_1.spawnSync)(cmd, args, {
+        env,
+        stdio: "inherit",
+        shell: true,
+    });
+    if (result.error) {
+        console.error(chalk.red(`Impossible de lancer la commande : ${result.error.message}`));
+        process.exit(1);
+    }
+    process.exit(result.status ?? 0);
+}

package/dist/index.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};

package/dist/index.js

@@ -0,0 +1,42 @@
+#!/usr/bin/env node
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const commander_1 = require("commander");
+const login_js_1 = require("./commands/login.js");
+const init_js_1 = require("./commands/init.js");
+const run_js_1 = require("./commands/run.js");
+const program = new commander_1.Command();
+program
+    .name("elding")
+    .description("Elding CLI — secrets depuis le vault, zéro .env")
+    .version("0.1.0");
+program
+    .command("login")
+    .description("Authentifier le CLI via le navigateur")
+    .action(async () => {
+    await (0, login_js_1.login)().catch((err) => {
+        console.error(err.message);
+        process.exit(1);
+    });
+});
+program
+    .command("init")
+    .description("Associer ce projet à un set de secrets")
+    .action(async () => {
+    await (0, init_js_1.init)().catch((err) => {
+        console.error(err.message);
+        process.exit(1);
+    });
+});
+program
+    .command("run <cmd>")
+    .description("Lancer une commande avec les secrets injectés en variables d'environnement")
+    .allowUnknownOption()
+    .action(async (cmd, options, command) => {
+    const args = command.args.slice(1);
+    await (0, run_js_1.run)(cmd, args).catch((err) => {
+        console.error(err.message);
+        process.exit(1);
+    });
+});
+program.parse();

package/dist/lib/api.d.ts

@@ -0,0 +1,7 @@
+export type ApiKeySetItem = {
+    id: string;
+    name: string;
+};
+export declare function exchangeToken(refreshToken: string): Promise<string>;
+export declare function listSets(accessToken: string): Promise<ApiKeySetItem[]>;
+export declare function fetchSecrets(accessToken: string, setId: string): Promise<Record<string, string>>;

package/dist/lib/api.js

@@ -0,0 +1,52 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.exchangeToken = exchangeToken;
+exports.listSets = listSets;
+exports.fetchSecrets = fetchSecrets;
+const BASE_URL = process.env.ELDING_API_URL ?? "https://app.elding.io";
+async function exchangeToken(refreshToken) {
+    const res = await fetch(`${BASE_URL}/api/cli/auth/token`, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ refreshToken }),
+    });
+    const body = (await res.json());
+    if (!body.success || !body.accessToken)
+        throw new Error(body.error ?? "Impossible d'obtenir un access token");
+    return body.accessToken;
+}
+async function listSets(accessToken) {
+    const res = await fetch(`${BASE_URL}/api/cli/sets`, {
+        headers: { Authorization: `Bearer ${accessToken}` },
+    });
+    if (!res.ok)
+        throw new Error("Impossible de récupérer les sets");
+    const body = (await res.json());
+    return Array.isArray(body.sets) ? body.sets : [];
+}
+async function fetchSecrets(accessToken, setId) {
+    const res = await fetch(`${BASE_URL}/api/cli/secrets?setId=${encodeURIComponent(setId)}`, {
+        headers: { Authorization: `Bearer ${accessToken}` },
+    });
+    if (!res.ok) {
+        const body = (await res.json().catch(() => ({})));
+        throw new Error(body.error ?? `Erreur ${res.status}`);
+    }
+    const body = (await res.json());
+    if (!body.success || !body.secrets || typeof body.secrets !== "object")
+        throw new Error("Réponse invalide");
+    return sanitizeSecrets(body.secrets);
+}
+const DANGEROUS_KEYS = new Set(["__proto__", "constructor", "prototype"]);
+// Garde seulement les paires clé/valeur string sûres — évite injection d'objets ou pollution de prototype dans process.env
+function sanitizeSecrets(raw) {
+    const out = Object.create(null);
+    for (const [name, value] of Object.entries(raw)) {
+        if (DANGEROUS_KEYS.has(name))
+            continue;
+        if (typeof value !== "string")
+            continue;
+        out[name] = value;
+    }
+    return out;
+}

package/dist/lib/config.d.ts

@@ -0,0 +1,13 @@
+export type EldingConfig = {
+    refreshToken: string;
+    workspaceId?: string;
+};
+export declare function readConfig(): EldingConfig | null;
+export declare function writeConfig(config: EldingConfig): void;
+export declare function clearConfig(): void;
+export type ProjectConfig = {
+    setId: string;
+    setName: string;
+};
+export declare function readProject(): ProjectConfig | null;
+export declare function writeProject(cfg: ProjectConfig): void;

package/dist/lib/config.js

@@ -0,0 +1,48 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.readConfig = readConfig;
+exports.writeConfig = writeConfig;
+exports.clearConfig = clearConfig;
+exports.readProject = readProject;
+exports.writeProject = writeProject;
+const fs_1 = __importDefault(require("fs"));
+const os_1 = __importDefault(require("os"));
+const path_1 = __importDefault(require("path"));
+const CONFIG_DIR = path_1.default.join(os_1.default.homedir(), ".elding");
+const CONFIG_FILE = path_1.default.join(CONFIG_DIR, "config.json");
+function readConfig() {
+    try {
+        const raw = fs_1.default.readFileSync(CONFIG_FILE, "utf-8");
+        return JSON.parse(raw);
+    }
+    catch {
+        return null;
+    }
+}
+function writeConfig(config) {
+    fs_1.default.mkdirSync(CONFIG_DIR, { recursive: true });
+    fs_1.default.chmodSync(CONFIG_DIR, 0o700);
+    fs_1.default.writeFileSync(CONFIG_FILE, JSON.stringify(config, null, 2), { mode: 0o600 });
+}
+function clearConfig() {
+    try {
+        fs_1.default.unlinkSync(CONFIG_FILE);
+    }
+    catch { /* already gone */ }
+}
+const PROJECT_FILE = ".elding.json";
+function readProject() {
+    try {
+        const raw = fs_1.default.readFileSync(PROJECT_FILE, "utf-8");
+        return JSON.parse(raw);
+    }
+    catch {
+        return null;
+    }
+}
+function writeProject(cfg) {
+    fs_1.default.writeFileSync(PROJECT_FILE, JSON.stringify(cfg, null, 2));
+}

package/package.json

@@ -0,0 +1,36 @@
+{
+  "name": "@elding/cli",
+  "version": "0.1.0",
+  "description": "Elding CLI — zero .env, secrets from vault",
+  "bin": {
+    "elding": "./dist/index.js"
+  },
+  "main": "./dist/index.js",
+  "files": [
+    "dist"
+  ],
+  "publishConfig": {
+    "access": "public"
+  },
+  "scripts": {
+    "build": "tsc",
+    "dev": "tsc --watch",
+    "prepublishOnly": "npm run build"
+  },
+  "dependencies": {
+    "commander": "^12.1.0",
+    "open": "^10.1.0",
+    "ora": "^8.1.1",
+    "chalk": "^5.3.0",
+    "inquirer": "^10.2.2"
+  },
+  "devDependencies": {
+    "@types/node": "^22.0.0",
+    "@types/inquirer": "^9.0.7",
+    "typescript": "^5.5.0"
+  },
+  "engines": {
+    "node": ">=18"
+  },
+  "license": "MIT"
+}