@etree/cli 2.0.1 → 2.0.3

package/src/commands/shortcuts.ts

@@ -1,25 +0,0 @@
-import { Command } from "commander";
-import { pushSecret, pullSecrets } from "./secret";
-
-/**
- * Register top-level shortcut commands:
- *   et push <wallet> <key> <value>  →  secret set
- *   et pull <wallet>                →  secret pull --sync
- */
-export function registerShortcuts(program: Command): void {
-  // ── et push ──
-  program
-    .command("push <wallet> <key> <value>")
-    .description("Shortcut: Encrypt & store a secret (same as: secret set)")
-    .action(pushSecret);
-
-  // ── et pull ──
-  program
-    .command("pull <wallet>")
-    .description("Shortcut: Sync all secrets to local .env (same as: secret pull --sync)")
-    .option("-o, --output <file>", "Write to a file instead of syncing to .env")
-    .action(async (walletName: string, opts: { output?: string }) => {
-      // Default behavior: --sync (write to .env)
-      await pullSecrets(walletName, { sync: !opts.output, output: opts.output });
-    });
-}

package/src/commands/wallet.ts

@@ -1,97 +0,0 @@
-import { Command } from "commander";
-import chalk from "chalk";
-import ora from "ora";
-import { api } from "../lib/api";
-
-export function registerWalletCommands(program: Command): void {
-  const wallet = program.command("wallet").description("Manage key wallets");
-
-  // ── wallet create ──
-  wallet
-    .command("create <name>")
-    .description("Create a new key wallet")
-    .option("-d, --description <desc>", "Wallet description")
-    .action(async (name: string, opts: { description?: string }) => {
-      const spinner = ora("Creating wallet...").start();
-      try {
-        const result = await api.post("/wallets", {
-          name,
-          description: opts.description,
-        });
-        spinner.succeed(chalk.green(`Wallet "${name}" created`));
-        console.log(chalk.dim(`   ID: ${result.wallet.id}`));
-      } catch (err: any) {
-        spinner.fail(chalk.red(`Failed: ${err.message}`));
-      }
-    });
-
-  // ── wallet list ──
-  wallet
-    .command("list")
-    .alias("ls")
-    .description("List all your wallets")
-    .action(async () => {
-      const spinner = ora("Fetching wallets...").start();
-      try {
-        const result = await api.get("/wallets");
-        spinner.stop();
-
-        if (result.owned.length === 0 && result.shared.length === 0) {
-          console.log(
-            chalk.yellow(
-              "No wallets found. Create one with: envtree wallet create <name>",
-            ),
-          );
-          return;
-        }
-
-        if (result.owned.length > 0) {
-          console.log(chalk.bold("\nOwned Wallets"));
-          for (const w of result.owned) {
-            console.log(
-              `   ${chalk.cyan(w.name)} ${chalk.dim(`(${w.id.substring(0, 8)}...)`)}`,
-            );
-            if (w.description) console.log(`      ${chalk.dim(w.description)}`);
-          }
-        }
-
-        if (result.shared.length > 0) {
-          console.log(chalk.bold("\nShared Wallets"));
-          for (const w of result.shared) {
-            console.log(
-              `   ${chalk.cyan(w.name)} ${chalk.dim(`[${w.role}]`)} ${chalk.dim(`(${w.id?.substring(0, 8)}...)`)}`,
-            );
-          }
-        }
-        console.log("");
-      } catch (err: any) {
-        spinner.fail(chalk.red(`Failed: ${err.message}`));
-      }
-    });
-
-  // ── wallet delete ──
-  wallet
-    .command("delete <name>")
-    .description("Delete a wallet (owner only)")
-    .action(async (name: string) => {
-      const spinner = ora("Finding wallet...").start();
-      try {
-        // Find wallet by name
-        const listResult = await api.get("/wallets");
-        const target = listResult.owned.find((w: any) => w.name === name);
-
-        if (!target) {
-          spinner.fail(
-            chalk.red(`Wallet "${name}" not found or you are not the owner`),
-          );
-          return;
-        }
-
-        spinner.text = "Deleting wallet...";
-        await api.delete(`/wallets/${target.id}`);
-        spinner.succeed(chalk.green(`Wallet "${name}" deleted`));
-      } catch (err: any) {
-        spinner.fail(chalk.red(`Failed: ${err.message}`));
-      }
-    });
-}

package/src/index.ts

@@ -1,50 +0,0 @@
-#!/usr/bin/env node
-
-import { Command } from "commander";
-import { registerAuthCommands } from "./commands/auth";
-import { registerWalletCommands } from "./commands/wallet";
-import { registerMemberCommands } from "./commands/member";
-import { registerSecretCommands } from "./commands/secret";
-import { registerInitCommand } from "./commands/init";
-import { registerConfigCommands } from "./commands/config";
-import { registerShortcuts } from "./commands/shortcuts";
-
-const program = new Command();
-
-program
-  .name("et")
-  .description("EnvTree — Securely manage and share environment variables")
-  .version("1.0.0")
-  .addHelpText(
-    "after",
-    `
-Quick Start:
-  $ et init                              First-time setup (signup/login)
-  $ et push <wallet> <key> <value>       Encrypt & store a secret
-  $ et pull <wallet>                     Sync all secrets to local .env
-  $ et whoami                            Check current user
-
-Examples:
-  $ et init
-  $ et push production DB_URL "postgres://..."
-  $ et pull production
-  $ et pull production -o .env.production
-  $ et secret list production
-  $ et member add production alice --role write
-`,
-  );
-
-// Core commands
-registerAuthCommands(program);
-registerInitCommand(program);
-registerConfigCommands(program);
-
-// Resource commands
-registerWalletCommands(program);
-registerMemberCommands(program);
-registerSecretCommands(program);
-
-// Top-level shortcuts
-registerShortcuts(program);
-
-program.parse(process.argv);

package/src/lib/api.ts

@@ -1,57 +0,0 @@
-import { getConfig, requireSession } from "./config";
-
-interface ApiResponse {
-  [key: string]: any;
-}
-
-/**
- * Make an authenticated API request to the EnvTree server.
- */
-export async function apiRequest(
-  method: string,
-  path: string,
-  body?: Record<string, any>,
-  requireAuth = true,
-): Promise<ApiResponse> {
-  const config = getConfig();
-  const url = `${config.server_url}${path}`;
-
-  const headers: Record<string, string> = {
-    "Content-Type": "application/json",
-  };
-
-  if (requireAuth) {
-    const session = requireSession();
-    headers["Authorization"] = `Bearer ${session.access_token}`;
-  }
-
-  const options: RequestInit = {
-    method,
-    headers,
-  };
-
-  if (body && method !== "GET") {
-    options.body = JSON.stringify(body);
-  }
-
-  const response = await fetch(url, options);
-  const data = (await response.json()) as ApiResponse;
-
-  if (!response.ok) {
-    throw new Error(
-      data.error || `Request failed with status ${response.status}`,
-    );
-  }
-
-  return data;
-}
-
-/** Shorthand methods */
-export const api = {
-  get: (path: string) => apiRequest("GET", path),
-  post: (path: string, body: Record<string, any>, auth = true) =>
-    apiRequest("POST", path, body, auth),
-  put: (path: string, body: Record<string, any>) =>
-    apiRequest("PUT", path, body),
-  delete: (path: string) => apiRequest("DELETE", path),
-};

package/src/lib/config.ts

@@ -1,70 +0,0 @@
-import * as fs from "fs";
-import * as path from "path";
-import * as os from "os";
-
-const CONFIG_DIR = path.join(os.homedir(), ".envtree");
-const CONFIG_FILE = path.join(CONFIG_DIR, "config.json");
-
-export interface Session {
-  access_token: string;
-  refresh_token: string;
-  user_id: string;
-  email: string;
-  username: string;
-}
-
-export interface Config {
-  server_url: string;
-  session?: Session;
-}
-
-function ensureConfigDir(): void {
-  if (!fs.existsSync(CONFIG_DIR)) {
-    fs.mkdirSync(CONFIG_DIR, { recursive: true, mode: 0o700 });
-  }
-}
-
-export function getConfig(): Config {
-  ensureConfigDir();
-  if (!fs.existsSync(CONFIG_FILE)) {
-    const defaults: Config = { server_url: "http://localhost:3001" };
-    fs.writeFileSync(CONFIG_FILE, JSON.stringify(defaults, null, 2), {
-      mode: 0o600,
-    });
-    return defaults;
-  }
-  return JSON.parse(fs.readFileSync(CONFIG_FILE, "utf-8"));
-}
-
-export function saveConfig(config: Config): void {
-  ensureConfigDir();
-  fs.writeFileSync(CONFIG_FILE, JSON.stringify(config, null, 2), {
-    mode: 0o600,
-  });
-}
-
-export function getSession(): Session | null {
-  const config = getConfig();
-  return config.session || null;
-}
-
-export function saveSession(session: Session): void {
-  const config = getConfig();
-  config.session = session;
-  saveConfig(config);
-}
-
-export function clearSession(): void {
-  const config = getConfig();
-  delete config.session;
-  saveConfig(config);
-}
-
-export function requireSession(): Session {
-  const session = getSession();
-  if (!session) {
-    console.error("Not logged in. Run: envtree login");
-    process.exit(1);
-  }
-  return session;
-}

package/src/lib/crypto.ts

@@ -1,173 +0,0 @@
-import { spawn, ChildProcessWithoutNullStreams } from "child_process";
-import * as path from "path";
-
-const CRYPTO_ENGINE_PATH = path.resolve(
-  __dirname,
-  "../../../../packages/crypto/engine.py",
-);
-
-let engineProcess: ChildProcessWithoutNullStreams | null = null;
-
-interface CryptoRequest {
-  action: string;
-  data?: Record<string, any>;
-}
-
-interface CryptoResponse {
-  status: string;
-  [key: string]: any;
-}
-
-/**
- * Get or spawn the crypto engine Python process.
- */
-function getEngine(): ChildProcessWithoutNullStreams {
-  if (engineProcess && !engineProcess.killed) {
-    return engineProcess;
-  }
-
-  // Try venv python first, fall back to system python
-  const venvDir = path.resolve(__dirname, "../../../../packages/crypto/.venv");
-  const isWindows = process.platform === "win32";
-
-  // Potential Venv Paths
-  const potentialVenvPaths = isWindows
-    ? [
-        path.join(venvDir, "Scripts", "python.exe"),
-        path.join(venvDir, "bin", "python.exe"),
-      ]
-    : [path.join(venvDir, "bin", "python")];
-
-  let pythonCmd = isWindows ? "python" : "python3";
-
-  for (const venvPath of potentialVenvPaths) {
-    if (require("fs").existsSync(venvPath)) {
-      pythonCmd = venvPath;
-      break;
-    }
-  }
-
-  // If we haven't found a venv python, verify the system command exists
-  if (pythonCmd === "python" || pythonCmd === "python3") {
-    try {
-      // Use system python if it exists and works
-      require("child_process").execSync(`${pythonCmd} --version`, {
-        stdio: "ignore",
-      });
-    } catch {
-      // If the preferred one fails, try the fallback
-      pythonCmd = pythonCmd === "python3" ? "python" : "python3";
-    }
-  }
-
-  engineProcess = spawn(pythonCmd, [CRYPTO_ENGINE_PATH], {
-    stdio: ["pipe", "pipe", "pipe"],
-    cwd: path.resolve(__dirname, "../../../../packages/crypto"),
-  });
-
-  engineProcess.on("exit", () => {
-    engineProcess = null;
-  });
-
-  return engineProcess;
-}
-
-/**
- * Send a command to the crypto engine and get the response.
- */
-function sendCommand(request: CryptoRequest): Promise<CryptoResponse> {
-  return new Promise((resolve, reject) => {
-    const engine = getEngine();
-
-    const onData = (data: Buffer) => {
-      try {
-        const response = JSON.parse(data.toString().trim());
-        engine.stdout.removeListener("data", onData);
-        engine.stderr.removeListener("data", onError);
-
-        if (response.status === "error") {
-          reject(new Error(response.message));
-        } else {
-          resolve(response);
-        }
-      } catch (e) {
-        // partial data, wait for more
-      }
-    };
-
-    const onError = (data: Buffer) => {
-      engine.stdout.removeListener("data", onData);
-      engine.stderr.removeListener("data", onError);
-      reject(new Error(`Crypto engine error: ${data.toString()}`));
-    };
-
-    engine.stdout.on("data", onData);
-    engine.stderr.on("data", onError);
-
-    engine.stdin.write(JSON.stringify(request) + "\n");
-  });
-}
-
-/**
- * Generate a new X25519 key pair.
- */
-export async function generateKeys(): Promise<{
-  private_key: string;
-  public_key: string;
-}> {
-  const result = await sendCommand({ action: "generate_keys" });
-  return {
-    private_key: result.private_key,
-    public_key: result.public_key,
-  };
-}
-
-/**
- * Derive the public key from an existing private key.
- */
-export async function derivePublicKey(privateKey: string): Promise<string> {
-  const result = await sendCommand({
-    action: "derive_public_key",
-    data: { private_key: privateKey },
-  });
-  return result.public_key;
-}
-
-/**
- * Encrypt a plaintext value using the recipient's public key (SealedBox).
- */
-export async function encrypt(
-  plaintext: string,
-  publicKey: string,
-): Promise<string> {
-  const result = await sendCommand({
-    action: "encrypt",
-    data: { plaintext, public_key: publicKey },
-  });
-  return result.ciphertext;
-}
-
-/**
- * Decrypt a ciphertext using the recipient's private key (SealedBox).
- */
-export async function decrypt(
-  ciphertext: string,
-  privateKey: string,
-): Promise<string> {
-  const result = await sendCommand({
-    action: "decrypt",
-    data: { ciphertext, private_key: privateKey },
-  });
-  return result.plaintext;
-}
-
-/**
- * Shut down the crypto engine process.
- */
-export function shutdown(): void {
-  if (engineProcess && !engineProcess.killed) {
-    engineProcess.stdin.end();
-    engineProcess.kill();
-    engineProcess = null;
-  }
-}

package/src/lib/env-manager.ts

@@ -1,60 +0,0 @@
-import * as fs from "fs";
-import * as path from "path";
-
-/**
- * Updates a key=value pair in a .env file.
- * Creates the file if it doesn't exist.
- * If the key exists, it updates its value.
- * If the key doesn't exist, it appends to the end.
- */
-export function updateEnvFile(key: string, value: string): void {
-  const envPath = path.resolve(process.cwd(), ".env");
-  let content = "";
-
-  if (fs.existsSync(envPath)) {
-    content = fs.readFileSync(envPath, "utf-8");
-  }
-
-  const lines = content.split("\n");
-  const keyPattern = new RegExp(`^${key}=.*`);
-  let found = false;
-
-  const newLines = lines.map((line) => {
-    if (keyPattern.test(line.trim())) {
-      found = true;
-      return `${key}=${value}`;
-    }
-    return line;
-  });
-
-  if (!found) {
-    if (newLines.length > 0 && newLines[newLines.length - 1].trim() !== "") {
-      newLines.push("");
-    }
-    newLines.push(`${key}=${value}`);
-  }
-
-  fs.writeFileSync(envPath, newLines.join("\n"), "utf-8");
-}
-
-/**
- * Ensures that a .gitignore file exists and contains the specified entry.
- */
-export function ensureGitIgnore(entry: string = ".env"): void {
-  const gitIgnorePath = path.resolve(process.cwd(), ".gitignore");
-  let content = "";
-
-  if (fs.existsSync(gitIgnorePath)) {
-    content = fs.readFileSync(gitIgnorePath, "utf-8");
-  }
-
-  const lines = content.split("\n").map((l) => l.trim());
-
-  if (!lines.includes(entry)) {
-    if (content.length > 0 && !content.endsWith("\n")) {
-      content += "\n";
-    }
-    content += `${entry}\n`;
-    fs.writeFileSync(gitIgnorePath, content, "utf-8");
-  }
-}

package/src/lib/key-store.ts

@@ -1,51 +0,0 @@
-import * as fs from "fs";
-import * as path from "path";
-import * as os from "os";
-
-const KEY_DIR = path.join(os.homedir(), ".envtree");
-const KEY_FILE = path.join(KEY_DIR, "private_key");
-
-function ensureKeyDir(): void {
-  if (!fs.existsSync(KEY_DIR)) {
-    fs.mkdirSync(KEY_DIR, { recursive: true, mode: 0o700 });
-  }
-}
-
-/**
- * Save the private key to ~/.envtree/private_key
- */
-export function savePrivateKey(privateKey: string): void {
-  ensureKeyDir();
-  fs.writeFileSync(KEY_FILE, privateKey, { mode: 0o600 });
-}
-
-/**
- * Read the private key from ~/.envtree/private_key
- */
-export function getPrivateKey(): string | null {
-  if (!fs.existsSync(KEY_FILE)) {
-    return null;
-  }
-  return fs.readFileSync(KEY_FILE, "utf-8").trim();
-}
-
-/**
- * Get private key or exit with error.
- */
-export function requirePrivateKey(): string {
-  const key = getPrivateKey();
-  if (!key) {
-    console.error(
-      "Private key not found. Run: envtree signup (or envtree login)",
-    );
-    process.exit(1);
-  }
-  return key;
-}
-
-/**
- * Check if a private key exists locally.
- */
-export function hasPrivateKey(): boolean {
-  return fs.existsSync(KEY_FILE);
-}

package/src/test-e2e.ts

@@ -1,106 +0,0 @@
-import { apiRequest } from "./lib/api";
-import { saveSession } from "./lib/config";
-import { generateKeys, encrypt, decrypt, shutdown } from "./lib/crypto";
-import { savePrivateKey } from "./lib/key-store";
-import * as fs from "fs";
-import * as path from "os";
-
-async function testE2E() {
-  const email = `test-${Date.now()}@example.com`;
-  const username = `user-${Date.now()}`;
-  const password = "password123";
-
-  console.log("--- Phase 1: Signup ---");
-  try {
-    const signupResult = await apiRequest(
-      "POST",
-      "/auth/signup",
-      {
-        email,
-        password,
-        username,
-      },
-      false,
-    );
-
-    console.log("Signup response:", JSON.stringify(signupResult, null, 2));
-
-    if (signupResult.session) {
-      saveSession({
-        access_token: signupResult.session.access_token,
-        refresh_token: signupResult.session.refresh_token,
-        user_id: signupResult.user.id,
-        email,
-        username,
-      });
-      console.log(" Signup successful");
-    } else {
-      console.log(
-        " User created but NO session returned (possibly email verification required)",
-      );
-    }
-
-    if (!signupResult.session) {
-      console.warn(
-        "⚠️ Ending test early: No session available to continue authenticated requests.",
-      );
-      return;
-    }
-
-    console.log("--- Phase 2: Key Generation ---");
-    const { private_key, public_key } = await generateKeys();
-    savePrivateKey(private_key);
-    await apiRequest("PUT", "/profile/public-key", { public_key });
-    console.log(" Keypair generated and public key uploaded");
-
-    console.log("--- Phase 3: Wallet Creation ---");
-    const walletName = `test-wallet-${Date.now()}`;
-    const walletResult = await apiRequest("POST", "/wallets", {
-      name: walletName,
-    });
-    const walletId = walletResult.wallet.id;
-    console.log(` Wallet "${walletName}" created with ID: ${walletId}`);
-
-    console.log("--- Phase 4: Secret Encryption & Storage ---");
-    const secretKey = "MY_API_KEY";
-    const secretValue = "super-secret-value-123";
-    const encryptedValue = await encrypt(secretValue, public_key);
-
-    await apiRequest("POST", `/wallets/${walletId}/secrets`, {
-      secrets: [
-        {
-          key_name: secretKey,
-          encrypted_value: encryptedValue,
-          encrypted_for: public_key,
-        },
-      ],
-    });
-    console.log(" Secret encrypted and uploaded");
-
-    console.log("--- Phase 5: Secret Retrieval & Decryption ---");
-    const getResult = await apiRequest("GET", `/wallets/${walletId}/secrets`);
-    const foundSecret = getResult.secrets.find(
-      (s: any) => s.key_name === secretKey,
-    );
-
-    if (!foundSecret) throw new Error("Secret not found in response");
-
-    const decryptedValue = await decrypt(
-      foundSecret.encrypted_value,
-      private_key,
-    );
-    console.log(` Secret retrieved and decrypted: ${decryptedValue}`);
-
-    if (decryptedValue === secretValue) {
-      console.log(" E2E TRANSACTION SUCCESSFUL");
-    } else {
-      throw new Error("Decrypted value mismatch");
-    }
-  } catch (error) {
-    console.error(" E2E TEST FAILED:", error);
-  } finally {
-    shutdown();
-  }
-}
-
-testE2E();