@etree/cli 2.0.1 → 2.0.2

package/src/commands/secret.ts

@@ -1,381 +0,0 @@
-import { Command } from "commander";
-import chalk from "chalk";
-import ora from "ora";
-import { api } from "../lib/api";
-import { encrypt, decrypt, shutdown } from "../lib/crypto";
-import { requirePrivateKey } from "../lib/key-store";
-import { updateEnvFile, ensureGitIgnore } from "../lib/env-manager";
-
-/**
- * Helper: find a wallet ID by name.
- */
-async function findWalletId(name: string): Promise<string | null> {
-  const result = await api.get("/wallets");
-  const owned = result.owned.find((w: any) => w.name === name);
-  if (owned) return owned.id;
-  const shared = result.shared.find((w: any) => w.name === name);
-  if (shared) return shared.id;
-  return null;
-}
-
-/**
- * Get all public keys of wallet members (owner + members).
- */
-async function getWalletPublicKeys(walletId: string): Promise<string[]> {
-  const result = await api.get(`/wallets/${walletId}/members`);
-  const keys: string[] = [];
-
-  if (result.owner?.public_key) {
-    keys.push(result.owner.public_key);
-  }
-
-  if (result.members) {
-    for (const m of result.members) {
-      if (m.user?.public_key) {
-        keys.push(m.user.public_key);
-      }
-    }
-  }
-
-  return keys;
-}
-
-/**
- * Shared logic for pushing a secret (used by `secret set` and top-level `push`).
- */
-export async function pushSecret(
-  walletName: string,
-  keyName: string,
-  value: string,
-): Promise<void> {
-  const spinner = ora("Encrypting and saving secret...").start();
-  try {
-    const walletId = await findWalletId(walletName);
-    if (!walletId) {
-      spinner.fail(chalk.red(`Wallet "${walletName}" not found`));
-      return;
-    }
-
-    spinner.text = "Fetching member public keys...";
-    const publicKeys = await getWalletPublicKeys(walletId);
-
-    if (publicKeys.length === 0) {
-      spinner.fail(chalk.red("No members with public keys found"));
-      return;
-    }
-
-    spinner.text = `Encrypting for ${publicKeys.length} member(s)...`;
-    const secrets = [];
-    for (const pk of publicKeys) {
-      const ciphertext = await encrypt(value, pk);
-      secrets.push({
-        key_name: keyName,
-        encrypted_value: ciphertext,
-        encrypted_for: pk,
-      });
-    }
-
-    spinner.text = "Uploading encrypted secrets...";
-    await api.post(`/wallets/${walletId}/secrets`, { secrets });
-
-    spinner.succeed(
-      chalk.green(
-        `Secret "${keyName}" saved (encrypted for ${publicKeys.length} member(s))`,
-      ),
-    );
-  } catch (err: any) {
-    spinner.fail(chalk.red(`Failed: ${err.message}`));
-  } finally {
-    shutdown();
-  }
-}
-
-/**
- * Shared logic for pulling secrets (used by `secret pull` and top-level `pull`).
- */
-export async function pullSecrets(
-  walletName: string,
-  opts: { output?: string; sync?: boolean },
-): Promise<void> {
-  const privateKey = requirePrivateKey();
-  const spinner = ora("Pulling secrets...").start();
-  try {
-    const walletId = await findWalletId(walletName);
-    if (!walletId) {
-      spinner.fail(chalk.red(`Wallet "${walletName}" not found`));
-      return;
-    }
-
-    const result = await api.get(`/wallets/${walletId}/secrets`);
-
-    if (result.secrets.length === 0) {
-      spinner.warn(chalk.yellow(`No secrets found in wallet "${walletName}"`));
-      return;
-    }
-
-    spinner.text = `Decrypting ${result.secrets.length} secret(s)...`;
-
-    const lines: string[] = [];
-    lines.push(`# EnvTree — ${walletName}`);
-    lines.push(`# Generated at ${new Date().toISOString()}`);
-    lines.push("");
-
-    const decrypted: { key: string; value: string }[] = [];
-    for (const secret of result.secrets) {
-      try {
-        const plaintext = await decrypt(secret.encrypted_value, privateKey);
-        lines.push(`${secret.key_name}=${plaintext}`);
-        decrypted.push({ key: secret.key_name, value: plaintext });
-      } catch {
-        lines.push(`# FAILED TO DECRYPT: ${secret.key_name}`);
-      }
-    }
-
-    const outputStr = lines.join("\n") + "\n";
-
-    if (opts.sync) {
-      // Sync directly into the local .env
-      spinner.text = "Syncing secrets to .env...";
-      for (const { key, value } of decrypted) {
-        updateEnvFile(key, value);
-      }
-      ensureGitIgnore(".env");
-      spinner.succeed(
-        chalk.green(
-          `${decrypted.length} secret(s) synced to .env`,
-        ),
-      );
-    } else if (opts.output) {
-      const fs = require("fs");
-      fs.writeFileSync(opts.output, outputStr);
-      spinner.succeed(
-        chalk.green(
-          `${result.secrets.length} secret(s) written to ${opts.output}`,
-        ),
-      );
-    } else {
-      spinner.stop();
-      console.log(outputStr);
-    }
-  } catch (err: any) {
-    spinner.fail(chalk.red(`Failed: ${err.message}`));
-  } finally {
-    shutdown();
-  }
-}
-
-export function registerSecretCommands(program: Command): void {
-  const secret = program
-    .command("secret")
-    .description("Manage encrypted secrets");
-
-  // ── secret set ──
-  secret
-    .command("set <wallet> <key> <value>")
-    .description("Encrypt & store a secret for all wallet members")
-    .action(pushSecret);
-
-  // ── secret update ──
-  secret
-    .command("update <wallet> <key> <value>")
-    .description("Update an existing secret's value (re-encrypts for all members)")
-    .action(pushSecret);
-
-  // ── secret get ──
-  secret
-    .command("get <wallet> <key>")
-    .description("Decrypt and display a specific secret")
-    .option("-s, --save", "Save the value to your local .env file")
-    .action(
-      async (
-        walletName: string,
-        keyName: string,
-        opts: { save?: boolean },
-      ) => {
-        const privateKey = requirePrivateKey();
-        const spinner = ora("Fetching and decrypting...").start();
-        try {
-          const walletId = await findWalletId(walletName);
-          if (!walletId) {
-            spinner.fail(chalk.red(`Wallet "${walletName}" not found`));
-            return;
-          }
-
-          const result = await api.get(`/wallets/${walletId}/secrets`);
-          const secret = result.secrets.find(
-            (s: any) => s.key_name === keyName,
-          );
-
-          if (!secret) {
-            spinner.fail(
-              chalk.red(
-                `Secret "${keyName}" not found in wallet "${walletName}"`,
-              ),
-            );
-            return;
-          }
-
-          spinner.text = "Decrypting...";
-          const plaintext = await decrypt(
-            secret.encrypted_value,
-            privateKey,
-          );
-
-          if (opts.save) {
-            spinner.text = "Saving to .env...";
-            updateEnvFile(keyName, plaintext);
-            ensureGitIgnore(".env");
-            spinner.succeed(
-              chalk.green(`Secret "${keyName}" saved to .env`),
-            );
-          } else {
-            spinner.stop();
-            console.log(`${chalk.cyan(keyName)}=${plaintext}`);
-          }
-        } catch (err: any) {
-          spinner.fail(chalk.red(`Failed: ${err.message}`));
-        } finally {
-          shutdown();
-        }
-      },
-    );
-
-  // ── secret list ──
-  secret
-    .command("list <wallet>")
-    .alias("ls")
-    .description("List all secret keys in a wallet")
-    .action(async (walletName: string) => {
-      const spinner = ora("Fetching secrets...").start();
-      try {
-        const walletId = await findWalletId(walletName);
-        if (!walletId) {
-          spinner.fail(chalk.red(`Wallet "${walletName}" not found`));
-          return;
-        }
-
-        const result = await api.get(`/wallets/${walletId}/secrets/all`);
-        spinner.stop();
-
-        if (result.keys.length === 0) {
-          console.log(chalk.yellow(`No secrets in wallet "${walletName}"`));
-          return;
-        }
-
-        console.log(chalk.bold(`\nSecrets in "${walletName}"`));
-        for (const key of result.keys) {
-          console.log(`   ${chalk.cyan(key)}`);
-        }
-        console.log(chalk.dim(`\n   ${result.keys.length} secret(s) total\n`));
-      } catch (err: any) {
-        spinner.fail(chalk.red(`Failed: ${err.message}`));
-      }
-    });
-
-  // ── secret pull ──
-  secret
-    .command("pull <wallet>")
-    .description("Pull and decrypt all secrets")
-    .option("-o, --output <file>", "Write to a file instead of stdout")
-    .option("--sync", "Sync all secrets directly to your local .env")
-    .action(
-      async (
-        walletName: string,
-        opts: { output?: string; sync?: boolean },
-      ) => {
-        await pullSecrets(walletName, opts);
-      },
-    );
-
-  // ── secret delete ──
-  secret
-    .command("delete <wallet> <key>")
-    .alias("rm")
-    .description("Delete a secret from a wallet")
-    .action(async (walletName: string, keyName: string) => {
-      const spinner = ora("Deleting secret...").start();
-      try {
-        const walletId = await findWalletId(walletName);
-        if (!walletId) {
-          spinner.fail(chalk.red(`Wallet "${walletName}" not found`));
-          return;
-        }
-
-        const result = await api.get(`/wallets/${walletId}/secrets`);
-        const secret = result.secrets.find(
-          (s: any) => s.key_name === keyName,
-        );
-
-        if (!secret) {
-          spinner.fail(chalk.red(`Secret "${keyName}" not found`));
-          return;
-        }
-
-        await api.delete(`/wallets/${walletId}/secrets/${secret.id}`);
-        spinner.succeed(
-          chalk.green(`Secret "${keyName}" deleted from "${walletName}"`),
-        );
-      } catch (err: any) {
-        spinner.fail(chalk.red(`Failed: ${err.message}`));
-      }
-    });
-
-  // ── secret share ──
-  secret
-    .command("share <wallet>")
-    .description("Re-encrypt all secrets for all current wallet members")
-    .action(async (walletName: string) => {
-      const privateKey = requirePrivateKey();
-      const spinner = ora(
-        "Re-encrypting secrets for all members...",
-      ).start();
-      try {
-        const walletId = await findWalletId(walletName);
-        if (!walletId) {
-          spinner.fail(chalk.red(`Wallet "${walletName}" not found`));
-          return;
-        }
-
-        const mySecrets = await api.get(`/wallets/${walletId}/secrets`);
-        if (mySecrets.secrets.length === 0) {
-          spinner.warn(chalk.yellow("No secrets to share"));
-          return;
-        }
-
-        const publicKeys = await getWalletPublicKeys(walletId);
-
-        spinner.text = `Re-encrypting ${mySecrets.secrets.length} secret(s) for ${publicKeys.length} member(s)...`;
-
-        const allSecrets = [];
-        for (const secret of mySecrets.secrets) {
-          const plaintext = await decrypt(
-            secret.encrypted_value,
-            privateKey,
-          );
-
-          for (const pk of publicKeys) {
-            const ciphertext = await encrypt(plaintext, pk);
-            allSecrets.push({
-              key_name: secret.key_name,
-              encrypted_value: ciphertext,
-              encrypted_for: pk,
-            });
-          }
-        }
-
-        await api.post(`/wallets/${walletId}/secrets`, {
-          secrets: allSecrets,
-        });
-
-        spinner.succeed(
-          chalk.green(
-            `${mySecrets.secrets.length} secret(s) re-encrypted for ${publicKeys.length} member(s)`,
-          ),
-        );
-      } catch (err: any) {
-        spinner.fail(chalk.red(`Failed: ${err.message}`));
-      } finally {
-        shutdown();
-      }
-    });
-}

package/src/commands/shortcuts.ts

@@ -1,25 +0,0 @@
-import { Command } from "commander";
-import { pushSecret, pullSecrets } from "./secret";
-
-/**
- * Register top-level shortcut commands:
- *   et push <wallet> <key> <value>  →  secret set
- *   et pull <wallet>                →  secret pull --sync
- */
-export function registerShortcuts(program: Command): void {
-  // ── et push ──
-  program
-    .command("push <wallet> <key> <value>")
-    .description("Shortcut: Encrypt & store a secret (same as: secret set)")
-    .action(pushSecret);
-
-  // ── et pull ──
-  program
-    .command("pull <wallet>")
-    .description("Shortcut: Sync all secrets to local .env (same as: secret pull --sync)")
-    .option("-o, --output <file>", "Write to a file instead of syncing to .env")
-    .action(async (walletName: string, opts: { output?: string }) => {
-      // Default behavior: --sync (write to .env)
-      await pullSecrets(walletName, { sync: !opts.output, output: opts.output });
-    });
-}

package/src/commands/wallet.ts

@@ -1,97 +0,0 @@
-import { Command } from "commander";
-import chalk from "chalk";
-import ora from "ora";
-import { api } from "../lib/api";
-
-export function registerWalletCommands(program: Command): void {
-  const wallet = program.command("wallet").description("Manage key wallets");
-
-  // ── wallet create ──
-  wallet
-    .command("create <name>")
-    .description("Create a new key wallet")
-    .option("-d, --description <desc>", "Wallet description")
-    .action(async (name: string, opts: { description?: string }) => {
-      const spinner = ora("Creating wallet...").start();
-      try {
-        const result = await api.post("/wallets", {
-          name,
-          description: opts.description,
-        });
-        spinner.succeed(chalk.green(`Wallet "${name}" created`));
-        console.log(chalk.dim(`   ID: ${result.wallet.id}`));
-      } catch (err: any) {
-        spinner.fail(chalk.red(`Failed: ${err.message}`));
-      }
-    });
-
-  // ── wallet list ──
-  wallet
-    .command("list")
-    .alias("ls")
-    .description("List all your wallets")
-    .action(async () => {
-      const spinner = ora("Fetching wallets...").start();
-      try {
-        const result = await api.get("/wallets");
-        spinner.stop();
-
-        if (result.owned.length === 0 && result.shared.length === 0) {
-          console.log(
-            chalk.yellow(
-              "No wallets found. Create one with: envtree wallet create <name>",
-            ),
-          );
-          return;
-        }
-
-        if (result.owned.length > 0) {
-          console.log(chalk.bold("\nOwned Wallets"));
-          for (const w of result.owned) {
-            console.log(
-              `   ${chalk.cyan(w.name)} ${chalk.dim(`(${w.id.substring(0, 8)}...)`)}`,
-            );
-            if (w.description) console.log(`      ${chalk.dim(w.description)}`);
-          }
-        }
-
-        if (result.shared.length > 0) {
-          console.log(chalk.bold("\nShared Wallets"));
-          for (const w of result.shared) {
-            console.log(
-              `   ${chalk.cyan(w.name)} ${chalk.dim(`[${w.role}]`)} ${chalk.dim(`(${w.id?.substring(0, 8)}...)`)}`,
-            );
-          }
-        }
-        console.log("");
-      } catch (err: any) {
-        spinner.fail(chalk.red(`Failed: ${err.message}`));
-      }
-    });
-
-  // ── wallet delete ──
-  wallet
-    .command("delete <name>")
-    .description("Delete a wallet (owner only)")
-    .action(async (name: string) => {
-      const spinner = ora("Finding wallet...").start();
-      try {
-        // Find wallet by name
-        const listResult = await api.get("/wallets");
-        const target = listResult.owned.find((w: any) => w.name === name);
-
-        if (!target) {
-          spinner.fail(
-            chalk.red(`Wallet "${name}" not found or you are not the owner`),
-          );
-          return;
-        }
-
-        spinner.text = "Deleting wallet...";
-        await api.delete(`/wallets/${target.id}`);
-        spinner.succeed(chalk.green(`Wallet "${name}" deleted`));
-      } catch (err: any) {
-        spinner.fail(chalk.red(`Failed: ${err.message}`));
-      }
-    });
-}

package/src/index.ts

@@ -1,50 +0,0 @@
-#!/usr/bin/env node
-
-import { Command } from "commander";
-import { registerAuthCommands } from "./commands/auth";
-import { registerWalletCommands } from "./commands/wallet";
-import { registerMemberCommands } from "./commands/member";
-import { registerSecretCommands } from "./commands/secret";
-import { registerInitCommand } from "./commands/init";
-import { registerConfigCommands } from "./commands/config";
-import { registerShortcuts } from "./commands/shortcuts";
-
-const program = new Command();
-
-program
-  .name("et")
-  .description("EnvTree — Securely manage and share environment variables")
-  .version("1.0.0")
-  .addHelpText(
-    "after",
-    `
-Quick Start:
-  $ et init                              First-time setup (signup/login)
-  $ et push <wallet> <key> <value>       Encrypt & store a secret
-  $ et pull <wallet>                     Sync all secrets to local .env
-  $ et whoami                            Check current user
-
-Examples:
-  $ et init
-  $ et push production DB_URL "postgres://..."
-  $ et pull production
-  $ et pull production -o .env.production
-  $ et secret list production
-  $ et member add production alice --role write
-`,
-  );
-
-// Core commands
-registerAuthCommands(program);
-registerInitCommand(program);
-registerConfigCommands(program);
-
-// Resource commands
-registerWalletCommands(program);
-registerMemberCommands(program);
-registerSecretCommands(program);
-
-// Top-level shortcuts
-registerShortcuts(program);
-
-program.parse(process.argv);

package/src/lib/api.ts

@@ -1,57 +0,0 @@
-import { getConfig, requireSession } from "./config";
-
-interface ApiResponse {
-  [key: string]: any;
-}
-
-/**
- * Make an authenticated API request to the EnvTree server.
- */
-export async function apiRequest(
-  method: string,
-  path: string,
-  body?: Record<string, any>,
-  requireAuth = true,
-): Promise<ApiResponse> {
-  const config = getConfig();
-  const url = `${config.server_url}${path}`;
-
-  const headers: Record<string, string> = {
-    "Content-Type": "application/json",
-  };
-
-  if (requireAuth) {
-    const session = requireSession();
-    headers["Authorization"] = `Bearer ${session.access_token}`;
-  }
-
-  const options: RequestInit = {
-    method,
-    headers,
-  };
-
-  if (body && method !== "GET") {
-    options.body = JSON.stringify(body);
-  }
-
-  const response = await fetch(url, options);
-  const data = (await response.json()) as ApiResponse;
-
-  if (!response.ok) {
-    throw new Error(
-      data.error || `Request failed with status ${response.status}`,
-    );
-  }
-
-  return data;
-}
-
-/** Shorthand methods */
-export const api = {
-  get: (path: string) => apiRequest("GET", path),
-  post: (path: string, body: Record<string, any>, auth = true) =>
-    apiRequest("POST", path, body, auth),
-  put: (path: string, body: Record<string, any>) =>
-    apiRequest("PUT", path, body),
-  delete: (path: string) => apiRequest("DELETE", path),
-};

package/src/lib/config.ts

@@ -1,70 +0,0 @@
-import * as fs from "fs";
-import * as path from "path";
-import * as os from "os";
-
-const CONFIG_DIR = path.join(os.homedir(), ".envtree");
-const CONFIG_FILE = path.join(CONFIG_DIR, "config.json");
-
-export interface Session {
-  access_token: string;
-  refresh_token: string;
-  user_id: string;
-  email: string;
-  username: string;
-}
-
-export interface Config {
-  server_url: string;
-  session?: Session;
-}
-
-function ensureConfigDir(): void {
-  if (!fs.existsSync(CONFIG_DIR)) {
-    fs.mkdirSync(CONFIG_DIR, { recursive: true, mode: 0o700 });
-  }
-}
-
-export function getConfig(): Config {
-  ensureConfigDir();
-  if (!fs.existsSync(CONFIG_FILE)) {
-    const defaults: Config = { server_url: "http://localhost:3001" };
-    fs.writeFileSync(CONFIG_FILE, JSON.stringify(defaults, null, 2), {
-      mode: 0o600,
-    });
-    return defaults;
-  }
-  return JSON.parse(fs.readFileSync(CONFIG_FILE, "utf-8"));
-}
-
-export function saveConfig(config: Config): void {
-  ensureConfigDir();
-  fs.writeFileSync(CONFIG_FILE, JSON.stringify(config, null, 2), {
-    mode: 0o600,
-  });
-}
-
-export function getSession(): Session | null {
-  const config = getConfig();
-  return config.session || null;
-}
-
-export function saveSession(session: Session): void {
-  const config = getConfig();
-  config.session = session;
-  saveConfig(config);
-}
-
-export function clearSession(): void {
-  const config = getConfig();
-  delete config.session;
-  saveConfig(config);
-}
-
-export function requireSession(): Session {
-  const session = getSession();
-  if (!session) {
-    console.error("Not logged in. Run: envtree login");
-    process.exit(1);
-  }
-  return session;
-}