@elding/cli 0.2.0 → 0.8.0

package/dist/commands/doctor.d.ts

@@ -0,0 +1 @@
+export declare function doctor(): Promise<void>;

package/dist/commands/doctor.js

@@ -0,0 +1,58 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.doctor = doctor;
+const config_js_1 = require("../lib/config.js");
+const api_js_1 = require("../lib/api.js");
+const terminal_js_1 = require("../lib/terminal.js");
+async function doctor() {
+    const { default: chalk } = await import("chalk");
+    const ok = (m) => console.log(`${chalk.green("✓")} ${m}`);
+    const warn = (m) => console.log(`${chalk.yellow("!")} ${m}`);
+    const fail = (m) => console.log(`${chalk.red("✗")} ${m}`);
+    console.log(chalk.dim(`API : ${api_js_1.BASE_URL}\n`));
+    // 1. Token local
+    const config = (0, config_js_1.readConfig)();
+    if (!config) {
+        fail("Non connecté — lancez `elding login`");
+        return;
+    }
+    ok("Token local présent (trousseau OS)");
+    // 2. Token valide + utilisateur
+    let accessToken;
+    try {
+        accessToken = await (0, api_js_1.exchangeToken)(config.refreshToken);
+        const me = await (0, api_js_1.getMe)(accessToken);
+        ok(`Authentifié : ${(0, terminal_js_1.safeText)(me.email)}`);
+    }
+    catch {
+        fail("Token expiré ou révoqué — relancez `elding login`");
+        return;
+    }
+    // 3. Set du projet
+    const project = (0, config_js_1.readProject)();
+    if (!project) {
+        warn("Aucun set configuré — lancez `elding init` ou `elding use <set>`");
+        return;
+    }
+    ok(`Set actif : ${(0, terminal_js_1.safeText)(project.setName)}`);
+    // 4. Clés + verrouillage host
+    try {
+        const keys = await (0, api_js_1.listKeys)(accessToken, project.setId);
+        if (keys.length === 0)
+            warn("Le set ne contient aucune clé");
+        else {
+            const locked = keys.filter((k) => k.allowedHost).length;
+            ok(`${keys.length} clé(s) — ${locked} verrouillée(s) sur un domaine`);
+            if (locked < keys.length)
+                warn(`${keys.length - locked} clé(s) sans domaine : exfiltrables via le proxy`);
+        }
+    }
+    catch {
+        fail("Impossible de lire les clés du set");
+    }
+    // 5. Proxy
+    if (process.env.ELDING_PROXY_URL)
+        ok(`Proxy actif : ${process.env.ELDING_PROXY_URL}`);
+    else
+        console.log(chalk.dim("○ Proxy inactif (normal hors `elding proxy`)"));
+}

package/dist/commands/init.js

@@ -3,6 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.init = init;
 const config_js_1 = require("../lib/config.js");
 const api_js_1 = require("../lib/api.js");
+const terminal_js_1 = require("../lib/terminal.js");
 async function init() {
     const { default: chalk } = await import("chalk");
     const { default: ora } = await import("ora");
@@ -31,19 +32,42 @@ async function init() {
         process.exit(1);
     }
     if (sets.length === 0) {
-        console.log(chalk.yellow("Aucun set trouvé. Créez-en un sur app.elding.io."));
+        console.log(chalk.yellow("Aucun set trouvé. Créez-en un sur le vault."));
         process.exit(0);
     }
+    // Étape 1 : choisir l'organisation (sauf s'il n'y en a qu'une)
+    const orgs = [...new Map(sets.map((s) => [s.workspaceId, s.workspaceName])).entries()];
+    let workspaceId = orgs[0][0];
+    if (orgs.length > 1) {
+        const ans = await inquirer.prompt([
+            {
+                type: "list",
+                name: "workspaceId",
+                message: "Quelle organisation ?",
+                choices: orgs.map(([id, name]) => ({ name: (0, terminal_js_1.safeText)(name), value: id })),
+            },
+        ]);
+        workspaceId = ans.workspaceId;
+    }
+    // Étape 2 : choisir le set parmi ceux de l'org
+    const orgSets = sets.filter((s) => s.workspaceId === workspaceId);
     const { setId } = await inquirer.prompt([
         {
             type: "list",
             name: "setId",
             message: "Quel set utiliser pour ce projet ?",
-            choices: sets.map((s) => ({ name: s.name, value: s.id })),
+            choices: orgSets.map((s) => ({ name: (0, terminal_js_1.safeText)(s.name), value: s.id })),
         },
     ]);
-    const selected = sets.find((s) => s.id === setId);
-    (0, config_js_1.writeProject)({ setId: selected.id, setName: selected.name });
-    console.log(chalk.green(`✓ Set "${selected.name}" configuré dans .elding.json`));
+    const selected = orgSets.find((s) => s.id === setId);
+    const project = {
+        setId: selected.id,
+        setName: selected.name,
+        workspaceId: selected.workspaceId,
+        workspaceName: selected.workspaceName,
+    };
+    (0, config_js_1.writeProject)(project);
+    (0, config_js_1.trustProject)(project);
+    console.log(chalk.green(`✓ Set "${(0, terminal_js_1.safeText)(selected.name)}" (${(0, terminal_js_1.safeText)(selected.workspaceName)}) configuré dans .elding.json`));
     console.log(chalk.dim("Ajoutez .elding.json à votre .gitignore si besoin."));
 }

package/dist/commands/keys.d.ts

@@ -0,0 +1 @@
+export declare function keys(): Promise<void>;

package/dist/commands/keys.js

@@ -0,0 +1,31 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.keys = keys;
+const api_js_1 = require("../lib/api.js");
+const config_js_1 = require("../lib/config.js");
+const session_js_1 = require("../lib/session.js");
+const terminal_js_1 = require("../lib/terminal.js");
+async function keys() {
+    const { default: chalk } = await import("chalk");
+    const { default: ora } = await import("ora");
+    const project = (0, config_js_1.readProject)();
+    if (!project) {
+        console.error(chalk.red("Projet non initialisé. Lancez `elding init` ou `elding use <set>`."));
+        process.exit(1);
+    }
+    const spinner = ora("Récupération des clés...").start();
+    const accessToken = await (0, session_js_1.requireAccessToken)();
+    const list = await (0, api_js_1.listKeys)(accessToken, project.setId);
+    spinner.stop();
+    console.log(chalk.dim(`Set : ${(0, terminal_js_1.safeText)(project.setName)}`));
+    if (list.length === 0) {
+        console.log(chalk.yellow("Aucune clé dans ce set."));
+        return;
+    }
+    for (const k of list) {
+        const host = k.allowedHost
+            ? chalk.dim(` → ${(0, terminal_js_1.safeText)(k.allowedHost)}`)
+            : chalk.yellow(" → aucun domaine (non verrouillé)");
+        console.log(`  ${(0, terminal_js_1.safeText)(k.name)}${host}`);
+    }
+}

package/dist/commands/login.js

@@ -7,52 +7,67 @@ exports.login = login;
 const http_1 = __importDefault(require("http"));
 const crypto_1 = __importDefault(require("crypto"));
 const config_js_1 = require("../lib/config.js");
-const BASE_URL = process.env.ELDING_API_URL ?? "https://app.elding.io";
+const api_js_1 = require("../lib/api.js");
+const terminal_js_1 = require("../lib/terminal.js");
 const TIMEOUT_MS = 5 * 60 * 1000;
-function randomPort() {
-    return Math.floor(Math.random() * (65535 - 49152 + 1)) + 49152;
-}
 async function login() {
     const { default: chalk } = await import("chalk");
     const { default: open } = await import("open");
     const { default: ora } = await import("ora");
     const state = crypto_1.default.randomBytes(16).toString("hex");
-    const port = randomPort();
-    const callbackUrl = `http://localhost:${port}`;
-    const authUrl = `${BASE_URL}/cli` +
-        `?state=${encodeURIComponent(state)}` +
-        `&callback=${encodeURIComponent(callbackUrl)}`;
     const spinner = ora("En attente d'autorisation dans le navigateur...").start();
     const token = await new Promise((resolve, reject) => {
         const timeout = setTimeout(() => {
             server.close();
             reject(new Error("Timeout — aucune réponse après 5 minutes"));
         }, TIMEOUT_MS);
-        const server = http_1.default.createServer((req, res) => {
-            const url = new URL(req.url ?? "/", `http://localhost:${port}`);
-            const receivedToken = url.searchParams.get("token");
+        const server = http_1.default.createServer(async (req, res) => {
+            const addr = server.address();
+            const port = typeof addr === "object" && addr ? addr.port : 0;
+            const callbackUrl = `http://127.0.0.1:${port}`;
+            const url = new URL(req.url ?? "/", callbackUrl);
+            const receivedCode = url.searchParams.get("code");
             const receivedState = url.searchParams.get("state");
-            const tokenValid = typeof receivedToken === "string" &&
-                receivedToken.startsWith("eld_rt_") &&
-                receivedToken.length === 7 + 64; // "eld_rt_" + 32 bytes hex
-            if (receivedState !== state || !tokenValid) {
+            const codeValid = typeof receivedCode === "string" &&
+                /^[A-Za-z0-9._~-]{16,512}$/.test(receivedCode);
+            if (receivedState !== state || !codeValid) {
                 res.writeHead(400, { "Content-Type": "text/html; charset=utf-8" });
                 res.end("<p>Paramètres invalides. Fermez cet onglet.</p>");
                 return;
             }
-            res.writeHead(200, { "Content-Type": "text/html; charset=utf-8" });
-            res.end(`<!DOCTYPE html><html><head><meta charset="utf-8"></head><body style="font-family:sans-serif;padding:2rem">
-        <p>✅ <strong>Authentification réussie.</strong> Vous pouvez fermer cet onglet.</p>
-      </body></html>`);
-            clearTimeout(timeout);
-            server.close();
-            resolve(receivedToken);
+            try {
+                const refreshToken = await (0, api_js_1.exchangeLoginCode)(receivedCode, state, callbackUrl);
+                res.writeHead(200, {
+                    "Content-Type": "text/html; charset=utf-8",
+                    "Referrer-Policy": "no-referrer",
+                    "Cache-Control": "no-store",
+                });
+                res.end(`<!DOCTYPE html><html><head><meta charset="utf-8"><script>history.replaceState(null,"","/")</script></head><body style="font-family:sans-serif;padding:2rem">
+          <p><strong>Authentification réussie.</strong> Vous pouvez fermer cet onglet.</p>
+        </body></html>`);
+                clearTimeout(timeout);
+                server.close();
+                resolve(refreshToken);
+            }
+            catch (err) {
+                res.writeHead(502, { "Content-Type": "text/html; charset=utf-8" });
+                res.end("<p>Impossible de finaliser l'authentification. Fermez cet onglet et relancez le login.</p>");
+                clearTimeout(timeout);
+                server.close();
+                reject(new Error((0, terminal_js_1.safeError)(err)));
+            }
         });
         server.on("error", (err) => {
             clearTimeout(timeout);
             reject(err);
         });
-        server.listen(port, "127.0.0.1", () => {
+        server.listen(0, "127.0.0.1", () => {
+            const addr = server.address();
+            const port = typeof addr === "object" && addr ? addr.port : 0;
+            const callbackUrl = `http://127.0.0.1:${port}`;
+            const authUrl = `${api_js_1.BASE_URL}/cli` +
+                `?state=${encodeURIComponent(state)}` +
+                `&callback=${encodeURIComponent(callbackUrl)}`;
             open(authUrl).catch((err) => {
                 spinner.warn(`Impossible d'ouvrir le navigateur automatiquement.`);
                 console.log(chalk.cyan(`Ouvrez manuellement : ${authUrl}`));
@@ -61,5 +76,5 @@ async function login() {
     });
     (0, config_js_1.writeConfig)({ refreshToken: token });
     spinner.succeed(chalk.green("Connecté avec succès."));
-    console.log(chalk.dim("Token sauvegardé dans ~/.elding/config.json"));
+    console.log(chalk.dim("Token sauvegardé dans le trousseau de votre OS."));
 }

package/dist/commands/open.d.ts

@@ -0,0 +1 @@
+export declare function open(): Promise<void>;

package/dist/commands/open.js

@@ -0,0 +1,13 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.open = open;
+const api_js_1 = require("../lib/api.js");
+async function open() {
+    const { default: chalk } = await import("chalk");
+    const { default: openUrl } = await import("open");
+    const url = `${api_js_1.BASE_URL}/vault`;
+    await openUrl(url).catch(() => {
+        console.log(chalk.cyan(`Ouvrez manuellement : ${url}`));
+    });
+    console.log(chalk.dim(`Vault ouvert : ${url}`));
+}

package/dist/commands/proxy.d.ts

@@ -1 +1,6 @@
-export declare function proxy(cmd: string, args: string[]): Promise<void>;
+export type ProxyOptions = {
+    verbose?: boolean;
+    reportLogs?: boolean;
+    shell?: boolean;
+};
+export declare function proxy(cmd: string, args: string[], options?: ProxyOptions): Promise<void>;

package/dist/commands/proxy.js

@@ -5,7 +5,10 @@ const child_process_1 = require("child_process");
 const config_js_1 = require("../lib/config.js");
 const api_js_1 = require("../lib/api.js");
 const proxyServer_js_1 = require("../lib/proxyServer.js");
-async function proxy(cmd, args) {
+const logBatcher_js_1 = require("../lib/logBatcher.js");
+const trust_js_1 = require("../lib/trust.js");
+const terminal_js_1 = require("../lib/terminal.js");
+async function proxy(cmd, args, options = {}) {
     const { default: chalk } = await import("chalk");
     const { default: ora } = await import("ora");
     const config = (0, config_js_1.readConfig)();
@@ -18,6 +21,10 @@ async function proxy(cmd, args) {
         console.error(chalk.red("Projet non initialisé. Lancez `elding init` d'abord."));
         process.exit(1);
     }
+    await (0, trust_js_1.ensureProjectTrusted)(project);
+    if (!options.shell && /\s/.test(cmd)) {
+        throw new Error("Commande invalide sans --shell. Passez le binaire et ses arguments separement, ou ajoutez --shell explicitement.");
+    }
     const spinner = ora("Démarrage du proxy...").start();
     let secrets;
     let hosts;
@@ -26,12 +33,17 @@ async function proxy(cmd, args) {
         ({ secrets, hosts } = await (0, api_js_1.fetchSecrets)(accessToken, project.setId));
     }
     catch (err) {
-        spinner.fail(chalk.red(err instanceof Error ? err.message : "Erreur inconnue"));
+        spinner.fail(chalk.red((0, terminal_js_1.safeError)(err)));
         process.exit(1);
     }
-    const server = await (0, proxyServer_js_1.startProxy)(secrets, hosts);
-    spinner.succeed(chalk.green(`Proxy actif sur ${server.url} — ${Object.keys(secrets).length} secret(s)`));
+    const batcher = options.reportLogs
+        ? (0, logBatcher_js_1.createLogBatcher)(config.refreshToken, project.setId, project.setName)
+        : null;
+    const server = await (0, proxyServer_js_1.startProxy)(secrets, hosts, !!options.verbose, batcher ? (e) => batcher.add(e) : undefined);
+    spinner.succeed(chalk.green(`Proxy actif sur ${server.url} — ${Object.keys(secrets).length} secret(s) pour ${(0, terminal_js_1.safeText)(project.setName)}`));
     console.log(chalk.dim("Les clés restent dans le proxy, jamais dans la mémoire de l'app."));
+    if (!options.reportLogs)
+        console.log(chalk.dim("Logs cloud proxy désactivés. Ajoutez --report-logs pour les envoyer."));
     const child = (0, child_process_1.spawn)(cmd, args, {
         env: {
             ...process.env,
@@ -39,13 +51,17 @@ async function proxy(cmd, args) {
             ELDING_PROXY_TOKEN: server.token,
         },
         stdio: "inherit",
-        shell: true,
+        shell: !!options.shell,
     });
-    const shutdown = () => server.close();
+    const shutdown = async () => {
+        server.close();
+        await batcher?.stop();
+    };
     process.on("SIGINT", shutdown);
     process.on("SIGTERM", shutdown);
-    child.on("exit", (code) => {
+    child.on("exit", async (code) => {
         server.close();
+        await batcher?.stop(); // flush les derniers logs
         process.exit(code ?? 0);
     });
 }

package/dist/commands/run.d.ts

@@ -1 +1,4 @@
-export declare function run(cmd: string, args: string[]): Promise<void>;
+export type RunOptions = {
+    shell?: boolean;
+};
+export declare function run(cmd: string, args: string[], options?: RunOptions): Promise<void>;

package/dist/commands/run.js

@@ -4,7 +4,10 @@ exports.run = run;
 const child_process_1 = require("child_process");
 const config_js_1 = require("../lib/config.js");
 const api_js_1 = require("../lib/api.js");
-async function run(cmd, args) {
+const env_js_1 = require("../lib/env.js");
+const trust_js_1 = require("../lib/trust.js");
+const terminal_js_1 = require("../lib/terminal.js");
+async function run(cmd, args, options = {}) {
     const { default: chalk } = await import("chalk");
     const { default: ora } = await import("ora");
     const config = (0, config_js_1.readConfig)();
@@ -17,22 +20,30 @@ async function run(cmd, args) {
         console.error(chalk.red("Projet non initialisé. Lancez `elding init` d'abord."));
         process.exit(1);
     }
+    await (0, trust_js_1.ensureProjectTrusted)(project);
+    if (!options.shell && /\s/.test(cmd)) {
+        throw new Error("Commande invalide sans --shell. Passez le binaire et ses arguments separement, ou ajoutez --shell explicitement.");
+    }
     const spinner = ora("Récupération des secrets...").start();
     let secrets;
     try {
         const accessToken = await (0, api_js_1.exchangeToken)(config.refreshToken);
-        ({ secrets } = await (0, api_js_1.fetchSecrets)(accessToken, project.setId));
-        spinner.succeed(chalk.green(`${Object.keys(secrets).length} secret(s) chargé(s).`));
+        ({ secrets } = await (0, api_js_1.fetchSecrets)(accessToken, project.setId, "run"));
+        spinner.succeed(chalk.green(`${Object.keys(secrets).length} secret(s) chargé(s) pour ${(0, terminal_js_1.safeText)(project.setName)}.`));
     }
     catch (err) {
-        spinner.fail(chalk.red(err instanceof Error ? err.message : "Erreur inconnue"));
+        spinner.fail(chalk.red((0, terminal_js_1.safeError)(err)));
         process.exit(1);
     }
-    const env = { ...process.env, ...secrets };
+    const { env: safeSecrets, rejected } = (0, env_js_1.filterSecretsForEnv)(secrets);
+    if (rejected.length > 0) {
+        throw new Error(`Secrets refuses car leurs noms sont dangereux pour l'environnement: ${rejected.map((name) => (0, terminal_js_1.safeText)(name, 80)).join(", ")}`);
+    }
+    const env = { ...process.env, ...safeSecrets };
     const result = (0, child_process_1.spawnSync)(cmd, args, {
         env,
         stdio: "inherit",
-        shell: true,
+        shell: !!options.shell,
     });
     if (result.error) {
         console.error(chalk.red(`Impossible de lancer la commande : ${result.error.message}`));

package/dist/commands/sets.d.ts

@@ -0,0 +1 @@
+export declare function sets(): Promise<void>;

package/dist/commands/sets.js

@@ -0,0 +1,26 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.sets = sets;
+const api_js_1 = require("../lib/api.js");
+const config_js_1 = require("../lib/config.js");
+const session_js_1 = require("../lib/session.js");
+const terminal_js_1 = require("../lib/terminal.js");
+async function sets() {
+    const { default: chalk } = await import("chalk");
+    const { default: ora } = await import("ora");
+    const spinner = ora("Récupération des sets...").start();
+    const accessToken = await (0, session_js_1.requireAccessToken)();
+    const list = await (0, api_js_1.listSets)(accessToken);
+    spinner.stop();
+    if (list.length === 0) {
+        console.log(chalk.yellow("Aucun set. Créez-en un sur le vault."));
+        return;
+    }
+    const activeId = (0, config_js_1.readProject)()?.setId;
+    for (const s of list) {
+        const marker = s.id === activeId ? chalk.green("●") : chalk.dim("○");
+        const cleanName = (0, terminal_js_1.safeText)(s.name);
+        const name = s.id === activeId ? chalk.green(cleanName) : cleanName;
+        console.log(`${marker} ${name} ${chalk.dim(`(${(0, terminal_js_1.safeText)(s.workspaceName)})`)}`);
+    }
+}

package/dist/commands/status.js

@@ -3,6 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.status = status;
 const config_js_1 = require("../lib/config.js");
 const api_js_1 = require("../lib/api.js");
+const terminal_js_1 = require("../lib/terminal.js");
 async function status() {
     const { default: chalk } = await import("chalk");
     const config = (0, config_js_1.readConfig)();
@@ -23,7 +24,7 @@ async function status() {
     const project = (0, config_js_1.readProject)();
     const proxyActive = !!process.env.ELDING_PROXY_URL;
     console.log(chalk.green("● Connecté"));
-    console.log(`  ${chalk.dim("Utilisateur")}  ${user.email}${user.name ? chalk.dim(` (${user.name})`) : ""}`);
-    console.log(`  ${chalk.dim("Set actif")}    ${project ? `${project.setName} ${chalk.dim(`(${project.setId})`)}` : chalk.yellow("aucun — `elding init`")}`);
+    console.log(`  ${chalk.dim("Utilisateur")}  ${(0, terminal_js_1.safeText)(user.email)}${user.name ? chalk.dim(` (${(0, terminal_js_1.safeText)(user.name)})`) : ""}`);
+    console.log(`  ${chalk.dim("Set actif")}    ${project ? `${(0, terminal_js_1.safeText)(project.setName)} ${chalk.dim(`(${(0, terminal_js_1.safeText)(project.setId)})`)}` : chalk.yellow("aucun — `elding init`")}`);
     console.log(`  ${chalk.dim("Proxy")}        ${proxyActive ? chalk.green("actif") : chalk.dim("inactif")}`);
 }

package/dist/commands/use.d.ts

@@ -0,0 +1 @@
+export declare function use(nameArg: string): Promise<void>;

package/dist/commands/use.js

@@ -0,0 +1,37 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.use = use;
+const api_js_1 = require("../lib/api.js");
+const config_js_1 = require("../lib/config.js");
+const session_js_1 = require("../lib/session.js");
+const terminal_js_1 = require("../lib/terminal.js");
+async function use(nameArg) {
+    const { default: chalk } = await import("chalk");
+    const { default: ora } = await import("ora");
+    const spinner = ora("Récupération des sets...").start();
+    const accessToken = await (0, session_js_1.requireAccessToken)();
+    const list = await (0, api_js_1.listSets)(accessToken);
+    spinner.stop();
+    const query = nameArg.trim().toLowerCase();
+    const matches = list.filter((s) => s.name.toLowerCase() === query);
+    const candidates = matches.length ? matches : list.filter((s) => s.name.toLowerCase().includes(query));
+    if (candidates.length === 0) {
+        console.error(chalk.red(`Aucun set nommé "${(0, terminal_js_1.safeText)(nameArg)}".`) + chalk.dim("  Voir `elding sets`."));
+        process.exit(1);
+    }
+    if (candidates.length > 1) {
+        console.error(chalk.red(`Plusieurs sets correspondent à "${(0, terminal_js_1.safeText)(nameArg)}" :`));
+        candidates.forEach((s) => console.error(chalk.dim(`  - ${(0, terminal_js_1.safeText)(s.name)}`)));
+        process.exit(1);
+    }
+    const set = candidates[0];
+    const project = {
+        setId: set.id,
+        setName: set.name,
+        workspaceId: set.workspaceId,
+        workspaceName: set.workspaceName,
+    };
+    (0, config_js_1.writeProject)(project);
+    (0, config_js_1.trustProject)(project);
+    console.log(chalk.green(`✓ Set actif : "${(0, terminal_js_1.safeText)(set.name)}"`));
+}

package/dist/commands/whoami.d.ts

@@ -0,0 +1 @@
+export declare function whoami(): Promise<void>;

package/dist/commands/whoami.js

@@ -0,0 +1,12 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.whoami = whoami;
+const api_js_1 = require("../lib/api.js");
+const session_js_1 = require("../lib/session.js");
+const terminal_js_1 = require("../lib/terminal.js");
+async function whoami() {
+    const { default: chalk } = await import("chalk");
+    const accessToken = await (0, session_js_1.requireAccessToken)();
+    const me = await (0, api_js_1.getMe)(accessToken);
+    console.log(`${(0, terminal_js_1.safeText)(me.email)}${me.name ? chalk.dim(` (${(0, terminal_js_1.safeText)(me.name)})`) : ""}`);
+}

package/dist/index.js

@@ -8,11 +8,17 @@ const run_js_1 = require("./commands/run.js");
 const proxy_js_1 = require("./commands/proxy.js");
 const logout_js_1 = require("./commands/logout.js");
 const status_js_1 = require("./commands/status.js");
+const sets_js_1 = require("./commands/sets.js");
+const use_js_1 = require("./commands/use.js");
+const keys_js_1 = require("./commands/keys.js");
+const doctor_js_1 = require("./commands/doctor.js");
+const open_js_1 = require("./commands/open.js");
+const whoami_js_1 = require("./commands/whoami.js");
 const program = new commander_1.Command();
 program
     .name("elding")
     .description("Elding CLI — secrets depuis le vault, zéro .env")
-    .version("0.1.0");
+    .version("0.3.0");
 program
     .command("login")
     .description("Authentifier le CLI via le navigateur")
@@ -32,23 +38,29 @@ program
     });
 });
 program
-    .command("run <cmd>")
+    .command("run <cmd> [args...]")
     .description("Lancer une commande avec les secrets injectés en variables d'environnement")
+    .option("--shell", "Executer via le shell systeme (a utiliser seulement si necessaire)")
     .allowUnknownOption()
-    .action(async (cmd, options, command) => {
-    const args = command.args.slice(1);
-    await (0, run_js_1.run)(cmd, args).catch((err) => {
+    .action(async (cmd, args = [], options) => {
+    await (0, run_js_1.run)(cmd, args, { shell: !!options.shell }).catch((err) => {
         console.error(err.message);
         process.exit(1);
     });
 });
 program
-    .command("proxy <cmd>")
+    .command("proxy <cmd> [args...]")
     .description("Lancer une commande derrière un proxy local qui injecte les clés — jamais en mémoire de l'app")
+    .option("-v, --verbose", "Logger chaque requête (méthode/host/status/latence)")
+    .option("--report-logs", "Envoyer les metadonnees de requetes proxy au vault")
+    .option("--shell", "Executer via le shell systeme (a utiliser seulement si necessaire)")
     .allowUnknownOption()
-    .action(async (cmd, options, command) => {
-    const args = command.args.slice(1);
-    await (0, proxy_js_1.proxy)(cmd, args).catch((err) => {
+    .action(async (cmd, args = [], options) => {
+    await (0, proxy_js_1.proxy)(cmd, args, {
+        verbose: !!options.verbose,
+        reportLogs: !!options.reportLogs,
+        shell: !!options.shell,
+    }).catch((err) => {
         console.error(err.message);
         process.exit(1);
     });
@@ -71,4 +83,58 @@ program
         process.exit(1);
     });
 });
+program
+    .command("sets")
+    .description("Lister les sets accessibles")
+    .action(async () => {
+    await (0, sets_js_1.sets)().catch((err) => {
+        console.error(err.message);
+        process.exit(1);
+    });
+});
+program
+    .command("use <name>")
+    .description("Changer le set actif du projet")
+    .action(async (name) => {
+    await (0, use_js_1.use)(name).catch((err) => {
+        console.error(err.message);
+        process.exit(1);
+    });
+});
+program
+    .command("keys")
+    .description("Lister les noms de clés du set actif (jamais les valeurs)")
+    .action(async () => {
+    await (0, keys_js_1.keys)().catch((err) => {
+        console.error(err.message);
+        process.exit(1);
+    });
+});
+program
+    .command("doctor")
+    .description("Diagnostiquer la configuration (connexion, set, clés, proxy)")
+    .action(async () => {
+    await (0, doctor_js_1.doctor)().catch((err) => {
+        console.error(err.message);
+        process.exit(1);
+    });
+});
+program
+    .command("open")
+    .description("Ouvrir le vault dans le navigateur")
+    .action(async () => {
+    await (0, open_js_1.open)().catch((err) => {
+        console.error(err.message);
+        process.exit(1);
+    });
+});
+program
+    .command("whoami")
+    .description("Afficher l'utilisateur connecté")
+    .action(async () => {
+    await (0, whoami_js_1.whoami)().catch((err) => {
+        console.error(err.message);
+        process.exit(1);
+    });
+});
 program.parse();

package/dist/lib/api.d.ts

@@ -1,8 +1,18 @@
+export declare const BASE_URL: string;
 export type ApiKeySetItem = {
     id: string;
     name: string;
+    workspaceId: string;
+    workspaceName: string;
 };
+export type KeyItem = {
+    name: string;
+    allowedHost: string | null;
+};
+export declare function listKeys(accessToken: string, setId: string): Promise<KeyItem[]>;
 export declare function exchangeToken(refreshToken: string): Promise<string>;
+export declare function exchangeLoginCode(code: string, state: string, callbackUrl: string): Promise<string>;
+export declare function reportProxyLogs(accessToken: string, setId: string, setName: string, entries: unknown[]): Promise<void>;
 export declare function revokeToken(refreshToken: string): Promise<void>;
 export declare function getMe(accessToken: string): Promise<{
     email: string;
@@ -13,4 +23,4 @@ export type SecretsResult = {
     secrets: Record<string, string>;
     hosts: Record<string, string>;
 };
-export declare function fetchSecrets(accessToken: string, setId: string): Promise<SecretsResult>;
+export declare function fetchSecrets(accessToken: string, setId: string, mode?: "run" | "proxy"): Promise<SecretsResult>;