@elding/cli 0.2.0 → 0.8.0

package/dist/lib/api.js

@@ -1,58 +1,88 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.BASE_URL = void 0;
+exports.listKeys = listKeys;
 exports.exchangeToken = exchangeToken;
+exports.exchangeLoginCode = exchangeLoginCode;
+exports.reportProxyLogs = reportProxyLogs;
 exports.revokeToken = revokeToken;
 exports.getMe = getMe;
 exports.listSets = listSets;
 exports.fetchSecrets = fetchSecrets;
-const BASE_URL = process.env.ELDING_API_URL ?? "https://app.elding.io";
+const apiUrl_js_1 = require("./apiUrl.js");
+const terminal_js_1 = require("./terminal.js");
+exports.BASE_URL = (0, apiUrl_js_1.resolveBaseUrl)();
+const REQUEST_TIMEOUT_MS = 15_000;
+const LOG_TIMEOUT_MS = 5_000;
+const REFRESH_TOKEN = /^eld_rt_[a-f0-9]{64}$/i;
+const LOGIN_CODE = /^[A-Za-z0-9._~-]{16,512}$/;
+async function listKeys(accessToken, setId) {
+    const body = await requestJson(`/api/cli/keys?setId=${encodeURIComponent(setId)}`, {
+        headers: { Authorization: `Bearer ${accessToken}` },
+    });
+    return Array.isArray(body.keys) ? body.keys : [];
+}
 async function exchangeToken(refreshToken) {
-    const res = await fetch(`${BASE_URL}/api/cli/auth/token`, {
+    if (!REFRESH_TOKEN.test(refreshToken))
+        throw new Error("Token local invalide. Relancez `elding login`.");
+    const body = await requestJson("/api/cli/auth/token", {
         method: "POST",
         headers: { "Content-Type": "application/json" },
         body: JSON.stringify({ refreshToken }),
     });
-    const body = (await res.json());
     if (!body.success || !body.accessToken)
-        throw new Error(body.error ?? "Impossible d'obtenir un access token");
+        throw new Error((0, terminal_js_1.safeText)(body.error, 200) || "Impossible d'obtenir un access token");
     return body.accessToken;
 }
+async function exchangeLoginCode(code, state, callbackUrl) {
+    if (!LOGIN_CODE.test(code))
+        throw new Error("Code d'autorisation invalide.");
+    const body = await requestJson("/api/cli/auth/exchange", {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ code, state, callbackUrl }),
+    });
+    if (!body.success || !body.refreshToken || !REFRESH_TOKEN.test(body.refreshToken)) {
+        throw new Error((0, terminal_js_1.safeText)(body.error, 200) || "Impossible de finaliser l'authentification.");
+    }
+    return body.refreshToken;
+}
+async function reportProxyLogs(accessToken, setId, setName, entries) {
+    await fetch(`${exports.BASE_URL}/api/cli/proxy-logs`, {
+        method: "POST",
+        headers: { "Content-Type": "application/json", Authorization: `Bearer ${accessToken}` },
+        body: JSON.stringify({ setId, setName, entries }),
+        signal: AbortSignal.timeout(LOG_TIMEOUT_MS),
+    }).catch(() => { });
+}
 async function revokeToken(refreshToken) {
-    await fetch(`${BASE_URL}/api/cli/auth/logout`, {
+    if (!REFRESH_TOKEN.test(refreshToken))
+        return;
+    await fetch(`${exports.BASE_URL}/api/cli/auth/logout`, {
         method: "POST",
         headers: { "Content-Type": "application/json" },
         body: JSON.stringify({ refreshToken }),
+        signal: AbortSignal.timeout(LOG_TIMEOUT_MS),
     }).catch(() => { });
 }
 async function getMe(accessToken) {
-    const res = await fetch(`${BASE_URL}/api/cli/me`, {
+    const body = await requestJson("/api/cli/me", {
         headers: { Authorization: `Bearer ${accessToken}` },
     });
-    if (!res.ok)
-        throw new Error("Impossible de récupérer l'utilisateur");
-    const body = (await res.json());
     if (!body.success || !body.user)
         throw new Error("Réponse invalide");
     return body.user;
 }
 async function listSets(accessToken) {
-    const res = await fetch(`${BASE_URL}/api/cli/sets`, {
+    const body = await requestJson("/api/cli/sets", {
         headers: { Authorization: `Bearer ${accessToken}` },
     });
-    if (!res.ok)
-        throw new Error("Impossible de récupérer les sets");
-    const body = (await res.json());
     return Array.isArray(body.sets) ? body.sets : [];
 }
-async function fetchSecrets(accessToken, setId) {
-    const res = await fetch(`${BASE_URL}/api/cli/secrets?setId=${encodeURIComponent(setId)}`, {
+async function fetchSecrets(accessToken, setId, mode = "proxy") {
+    const body = await requestJson(`/api/cli/secrets?setId=${encodeURIComponent(setId)}&mode=${mode}`, {
         headers: { Authorization: `Bearer ${accessToken}` },
     });
-    if (!res.ok) {
-        const body = (await res.json().catch(() => ({})));
-        throw new Error(body.error ?? `Erreur ${res.status}`);
-    }
-    const body = (await res.json());
     if (!body.success || !body.secrets || typeof body.secrets !== "object")
         throw new Error("Réponse invalide");
     return {
@@ -67,9 +97,24 @@ function sanitizeSecrets(raw) {
     for (const [name, value] of Object.entries(raw)) {
         if (DANGEROUS_KEYS.has(name))
             continue;
+        if (name.length > 128)
+            continue;
         if (typeof value !== "string")
             continue;
         out[name] = value;
     }
     return out;
 }
+async function requestJson(path, init) {
+    const res = await fetch(`${exports.BASE_URL}${path}`, {
+        ...init,
+        signal: AbortSignal.timeout(REQUEST_TIMEOUT_MS),
+    });
+    const body = (await res.json().catch(() => null));
+    if (!res.ok) {
+        throw new Error((0, terminal_js_1.safeText)(body?.error, 200) || `Erreur ${res.status}`);
+    }
+    if (!body || typeof body !== "object")
+        throw new Error("Réponse invalide");
+    return body;
+}

package/dist/lib/apiUrl.d.ts

@@ -0,0 +1 @@
+export declare function resolveBaseUrl(raw?: string | undefined): string;

package/dist/lib/apiUrl.js

@@ -0,0 +1,44 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.resolveBaseUrl = resolveBaseUrl;
+const net_1 = __importDefault(require("net"));
+const DEFAULT_BASE_URL = "https://app.elding.io";
+function stripBrackets(hostname) {
+    return hostname.startsWith("[") && hostname.endsWith("]")
+        ? hostname.slice(1, -1)
+        : hostname;
+}
+function isLoopbackHost(hostname) {
+    const host = stripBrackets(hostname.toLowerCase().replace(/\.$/, ""));
+    if (host === "localhost")
+        return true;
+    if (net_1.default.isIPv4(host))
+        return host.startsWith("127.");
+    if (net_1.default.isIPv6(host))
+        return host === "::1" || host === "0:0:0:0:0:0:0:1";
+    return false;
+}
+function resolveBaseUrl(raw = process.env.ELDING_API_URL) {
+    const input = raw?.trim() || DEFAULT_BASE_URL;
+    let url;
+    try {
+        url = new URL(input);
+    }
+    catch {
+        throw new Error("ELDING_API_URL invalide.");
+    }
+    if (url.username || url.password) {
+        throw new Error("ELDING_API_URL ne doit pas contenir d'identifiants.");
+    }
+    if (url.pathname !== "/" || url.search || url.hash) {
+        throw new Error("ELDING_API_URL doit etre une origine seule, par exemple https://app.elding.io.");
+    }
+    if (url.protocol === "https:")
+        return url.origin;
+    if (url.protocol === "http:" && isLoopbackHost(url.hostname))
+        return url.origin;
+    throw new Error("ELDING_API_URL doit utiliser HTTPS, sauf pour localhost en developpement.");
+}

package/dist/lib/config.d.ts

@@ -1,6 +1,12 @@
 export type EldingConfig = {
     refreshToken: string;
     workspaceId?: string;
+    trustedProjects?: Record<string, TrustedProject>;
+};
+export type TrustedProject = {
+    setId: string;
+    setName?: string;
+    trustedAt: string;
 };
 export declare function readConfig(): EldingConfig | null;
 export declare function writeConfig(config: EldingConfig): void;
@@ -8,6 +14,11 @@ export declare function clearConfig(): void;
 export type ProjectConfig = {
     setId: string;
     setName: string;
+    workspaceId?: string;
+    workspaceName?: string;
 };
 export declare function readProject(): ProjectConfig | null;
 export declare function writeProject(cfg: ProjectConfig): void;
+export declare function projectTrustKey(cwd?: string): string;
+export declare function isProjectTrusted(project: ProjectConfig, cwd?: string): boolean;
+export declare function trustProject(project: ProjectConfig, cwd?: string): void;

package/dist/lib/config.js

@@ -8,26 +8,79 @@ exports.writeConfig = writeConfig;
 exports.clearConfig = clearConfig;
 exports.readProject = readProject;
 exports.writeProject = writeProject;
+exports.projectTrustKey = projectTrustKey;
+exports.isProjectTrusted = isProjectTrusted;
+exports.trustProject = trustProject;
 const fs_1 = __importDefault(require("fs"));
 const os_1 = __importDefault(require("os"));
 const path_1 = __importDefault(require("path"));
+const keychain_js_1 = require("./keychain.js");
 const CONFIG_DIR = path_1.default.join(os_1.default.homedir(), ".elding");
 const CONFIG_FILE = path_1.default.join(CONFIG_DIR, "config.json");
-function readConfig() {
+const REFRESH_TOKEN = /^eld_rt_[a-f0-9]{64}$/i;
+function readMeta() {
     try {
-        const raw = fs_1.default.readFileSync(CONFIG_FILE, "utf-8");
-        return JSON.parse(raw);
+        const parsed = JSON.parse(fs_1.default.readFileSync(CONFIG_FILE, "utf-8"));
+        return {
+            refreshToken: typeof parsed.refreshToken === "string" && REFRESH_TOKEN.test(parsed.refreshToken)
+                ? parsed.refreshToken
+                : undefined,
+            workspaceId: typeof parsed.workspaceId === "string" ? parsed.workspaceId : undefined,
+            trustedProjects: parsed.trustedProjects && typeof parsed.trustedProjects === "object"
+                ? parsed.trustedProjects
+                : undefined,
+        };
     }
     catch {
         return null;
     }
 }
+function readConfig() {
+    const meta = readMeta();
+    const kcToken = (0, keychain_js_1.keychainGetToken)();
+    const token = kcToken && REFRESH_TOKEN.test(kcToken) ? kcToken : meta?.refreshToken ?? null;
+    if (!token)
+        return null;
+    // Migration : un token herite du fichier remonte dans le trousseau si possible.
+    if (!kcToken && meta?.refreshToken && (0, keychain_js_1.keychainSetToken)(meta.refreshToken)) {
+        writeConfig({ refreshToken: token, workspaceId: meta.workspaceId, trustedProjects: meta.trustedProjects });
+    }
+    return { refreshToken: token, workspaceId: meta?.workspaceId, trustedProjects: meta?.trustedProjects };
+}
 function writeConfig(config) {
-    fs_1.default.mkdirSync(CONFIG_DIR, { recursive: true });
+    ensureConfigDir();
+    const inKeychain = (0, keychain_js_1.keychainSetToken)(config.refreshToken);
+    const meta = {
+        workspaceId: config.workspaceId,
+        trustedProjects: config.trustedProjects,
+        refreshToken: inKeychain ? undefined : config.refreshToken,
+    };
+    atomicWriteJson(CONFIG_FILE, meta, 0o600);
+    fs_1.default.chmodSync(CONFIG_FILE, 0o600);
+}
+function ensureConfigDir() {
+    try {
+        const stat = fs_1.default.lstatSync(CONFIG_DIR);
+        if (stat.isSymbolicLink() || !stat.isDirectory()) {
+            throw new Error(`${CONFIG_DIR} doit etre un dossier non symbolique.`);
+        }
+    }
+    catch (err) {
+        if (err.code !== "ENOENT")
+            throw err;
+        fs_1.default.mkdirSync(CONFIG_DIR, { recursive: true, mode: 0o700 });
+    }
     fs_1.default.chmodSync(CONFIG_DIR, 0o700);
-    fs_1.default.writeFileSync(CONFIG_FILE, JSON.stringify(config, null, 2), { mode: 0o600 });
+}
+function atomicWriteJson(file, value, mode) {
+    const dir = path_1.default.dirname(file);
+    const tmp = path_1.default.join(dir, `.${path_1.default.basename(file)}.${process.pid}.${Date.now()}.tmp`);
+    fs_1.default.writeFileSync(tmp, `${JSON.stringify(value, null, 2)}\n`, { mode });
+    fs_1.default.chmodSync(tmp, mode);
+    fs_1.default.renameSync(tmp, file);
 }
 function clearConfig() {
+    (0, keychain_js_1.keychainDeleteToken)();
     try {
         fs_1.default.unlinkSync(CONFIG_FILE);
     }
@@ -37,12 +90,52 @@ const PROJECT_FILE = ".elding.json";
 function readProject() {
     try {
         const raw = fs_1.default.readFileSync(PROJECT_FILE, "utf-8");
-        return JSON.parse(raw);
+        const parsed = JSON.parse(raw);
+        if (!isNonEmptyString(parsed.setId) || !isNonEmptyString(parsed.setName))
+            return null;
+        return {
+            setId: parsed.setId,
+            setName: parsed.setName,
+            workspaceId: isNonEmptyString(parsed.workspaceId) ? parsed.workspaceId : undefined,
+            workspaceName: isNonEmptyString(parsed.workspaceName) ? parsed.workspaceName : undefined,
+        };
     }
     catch {
         return null;
     }
 }
 function writeProject(cfg) {
-    fs_1.default.writeFileSync(PROJECT_FILE, JSON.stringify(cfg, null, 2));
+    atomicWriteJson(PROJECT_FILE, cfg, 0o644);
+}
+function projectTrustKey(cwd = process.cwd()) {
+    try {
+        return fs_1.default.realpathSync(cwd);
+    }
+    catch {
+        return path_1.default.resolve(cwd);
+    }
+}
+function isProjectTrusted(project, cwd = process.cwd()) {
+    const config = readConfig();
+    const trusted = config?.trustedProjects?.[projectTrustKey(cwd)];
+    return trusted?.setId === project.setId;
+}
+function trustProject(project, cwd = process.cwd()) {
+    const config = readConfig();
+    if (!config)
+        throw new Error("Non connecté. Lancez `elding login` d'abord.");
+    writeConfig({
+        ...config,
+        trustedProjects: {
+            ...(config.trustedProjects ?? {}),
+            [projectTrustKey(cwd)]: {
+                setId: project.setId,
+                setName: project.setName,
+                trustedAt: new Date().toISOString(),
+            },
+        },
+    });
+}
+function isNonEmptyString(value) {
+    return typeof value === "string" && value.trim().length > 0 && value.length <= 500;
 }

package/dist/lib/env.d.ts

@@ -0,0 +1,5 @@
+export type SafeEnvResult = {
+    env: Record<string, string>;
+    rejected: string[];
+};
+export declare function filterSecretsForEnv(secrets: Record<string, string>): SafeEnvResult;

package/dist/lib/env.js

@@ -0,0 +1,49 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.filterSecretsForEnv = filterSecretsForEnv;
+const ENV_NAME = /^[A-Z_][A-Z0-9_]*$/;
+const DANGEROUS_ENV_NAMES = new Set([
+    "BASH_ENV",
+    "CDPATH",
+    "ENV",
+    "GIT_CONFIG",
+    "GIT_CONFIG_GLOBAL",
+    "GIT_CONFIG_NOSYSTEM",
+    "GIT_CONFIG_SYSTEM",
+    "HOME",
+    "IFS",
+    "LD_AUDIT",
+    "LD_LIBRARY_PATH",
+    "LD_PRELOAD",
+    "NODE_OPTIONS",
+    "NODE_PATH",
+    "NPM_CONFIG_USERCONFIG",
+    "PATH",
+    "PERL5LIB",
+    "PYTHONHOME",
+    "PYTHONPATH",
+    "RUBYOPT",
+    "SHELL",
+    "ZDOTDIR",
+]);
+const DANGEROUS_ENV_PREFIXES = [
+    "DYLD_",
+    "LD_",
+    "npm_config_",
+    "NPM_CONFIG_",
+];
+function filterSecretsForEnv(secrets) {
+    const env = Object.create(null);
+    const rejected = [];
+    for (const [name, value] of Object.entries(secrets)) {
+        const dangerous = !ENV_NAME.test(name) ||
+            DANGEROUS_ENV_NAMES.has(name) ||
+            DANGEROUS_ENV_PREFIXES.some((prefix) => name.startsWith(prefix));
+        if (dangerous) {
+            rejected.push(name);
+            continue;
+        }
+        env[name] = value;
+    }
+    return { env, rejected };
+}

package/dist/lib/keychain.d.ts

@@ -0,0 +1,3 @@
+export declare function keychainGetToken(): string | null;
+export declare function keychainSetToken(token: string): boolean;
+export declare function keychainDeleteToken(): void;

package/dist/lib/keychain.js

@@ -0,0 +1,39 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.keychainGetToken = keychainGetToken;
+exports.keychainSetToken = keychainSetToken;
+exports.keychainDeleteToken = keychainDeleteToken;
+const keyring_1 = require("@napi-rs/keyring");
+// Le refresh token vit dans le trousseau de l'OS (Keychain macOS, Credential
+// Manager Windows, Secret Service Linux) plutot qu'en clair sur disque : illisible
+// par un simple `cat`, donc invisible pour un agent IA ou une dependance verolee.
+const SERVICE = "elding";
+const ACCOUNT = "refresh-token";
+function entry() {
+    return new keyring_1.Entry(SERVICE, ACCOUNT);
+}
+function keychainGetToken() {
+    try {
+        return entry().getPassword();
+    }
+    catch {
+        return null; // absent ou trousseau indisponible
+    }
+}
+function keychainSetToken(token) {
+    try {
+        entry().setPassword(token);
+        return true;
+    }
+    catch {
+        return false; // trousseau indisponible -> l'appelant retombe sur le fichier
+    }
+}
+function keychainDeleteToken() {
+    try {
+        entry().deleteCredential();
+    }
+    catch {
+        /* deja absent ou indisponible */
+    }
+}

package/dist/lib/logBatcher.d.ts

@@ -0,0 +1,5 @@
+import type { ProxyLogEntry } from "./proxyServer.js";
+export declare function createLogBatcher(refreshToken: string, setId: string, setName: string): {
+    add(e: ProxyLogEntry): void;
+    stop(): Promise<void>;
+};

package/dist/lib/logBatcher.js

@@ -0,0 +1,42 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createLogBatcher = createLogBatcher;
+const api_js_1 = require("./api.js");
+// Bufferise les logs du proxy et les envoie au cloud par lots (best-effort, non bloquant).
+function createLogBatcher(refreshToken, setId, setName) {
+    let buffer = [];
+    let cachedToken = "";
+    let tokenExp = 0;
+    async function getToken() {
+        if (cachedToken && Date.now() < tokenExp)
+            return cachedToken;
+        cachedToken = await (0, api_js_1.exchangeToken)(refreshToken);
+        tokenExp = Date.now() + 14 * 60 * 1000; // l'access token vit 15min
+        return cachedToken;
+    }
+    async function flush() {
+        if (buffer.length === 0)
+            return;
+        const batch = buffer;
+        buffer = [];
+        try {
+            const token = await getToken();
+            await (0, api_js_1.reportProxyLogs)(token, setId, setName, batch);
+        }
+        catch {
+            /* best-effort — on ne réinjecte pas, pas de boucle d'erreur */
+        }
+    }
+    const timer = setInterval(() => void flush(), 10_000);
+    return {
+        add(e) {
+            buffer.push(e);
+            if (buffer.length >= 25)
+                void flush();
+        },
+        async stop() {
+            clearInterval(timer);
+            await flush();
+        },
+    };
+}

package/dist/lib/proxyServer.d.ts

@@ -3,4 +3,13 @@ export type ProxyServer = {
     token: string;
     close: () => void;
 };
-export declare function startProxy(secrets: Record<string, string>, hosts?: Record<string, string>): Promise<ProxyServer>;
+export type ProxyLogEntry = {
+    method: string;
+    host: string;
+    path: string;
+    status: number;
+    latencyMs: number;
+    blocked: boolean;
+    secretNames: string;
+};
+export declare function startProxy(secrets: Record<string, string>, hosts?: Record<string, string>, verbose?: boolean, onLog?: (e: ProxyLogEntry) => void): Promise<ProxyServer>;