npm - @etree/cli - Versions diffs - 2.0.1 - Mend

@etree/cli 2.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (60) hide show

package/README.md +199 -0
package/dist/commands/auth.d.ts +2 -0
package/dist/commands/auth.js +220 -0
package/dist/commands/auth.js.map +1 -0
package/dist/commands/config.d.ts +2 -0
package/dist/commands/config.js +42 -0
package/dist/commands/config.js.map +1 -0
package/dist/commands/init.d.ts +2 -0
package/dist/commands/init.js +159 -0
package/dist/commands/init.js.map +1 -0
package/dist/commands/member.d.ts +2 -0
package/dist/commands/member.js +119 -0
package/dist/commands/member.js.map +1 -0
package/dist/commands/secret.d.ts +13 -0
package/dist/commands/secret.js +307 -0
package/dist/commands/secret.js.map +1 -0
package/dist/commands/shortcuts.d.ts +7 -0
package/dist/commands/shortcuts.js +26 -0
package/dist/commands/shortcuts.js.map +1 -0
package/dist/commands/wallet.d.ts +2 -0
package/dist/commands/wallet.js +88 -0
package/dist/commands/wallet.js.map +1 -0
package/dist/index.d.ts +2 -0
package/dist/index.js +43 -0
package/dist/index.js.map +1 -0
package/dist/lib/api.d.ts +15 -0
package/dist/lib/api.js +40 -0
package/dist/lib/api.js.map +1 -0
package/dist/lib/config.d.ts +17 -0
package/dist/lib/config.js +91 -0
package/dist/lib/config.js.map +1 -0
package/dist/lib/crypto.d.ts +23 -0
package/dist/lib/crypto.js +173 -0
package/dist/lib/crypto.js.map +1 -0
package/dist/lib/env-manager.d.ts +11 -0
package/dist/lib/env-manager.js +88 -0
package/dist/lib/env-manager.js.map +1 -0
package/dist/lib/key-store.d.ts +16 -0
package/dist/lib/key-store.js +83 -0
package/dist/lib/key-store.js.map +1 -0
package/dist/test-e2e.d.ts +1 -0
package/dist/test-e2e.js +84 -0
package/dist/test-e2e.js.map +1 -0
package/eslint.config.mjs +4 -0
package/package.json +30 -0
package/src/commands/auth.ts +258 -0
package/src/commands/config.ts +47 -0
package/src/commands/init.ts +187 -0
package/src/commands/member.ts +146 -0
package/src/commands/secret.ts +381 -0
package/src/commands/shortcuts.ts +25 -0
package/src/commands/wallet.ts +97 -0
package/src/index.ts +50 -0
package/src/lib/api.ts +57 -0
package/src/lib/config.ts +70 -0
package/src/lib/crypto.ts +173 -0
package/src/lib/env-manager.ts +60 -0
package/src/lib/key-store.ts +51 -0
package/src/test-e2e.ts +106 -0
package/tsconfig.json +18 -0

package/dist/test-e2e.js ADDED Viewed

@@ -0,0 +1,84 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const api_1 = require("./lib/api");
+const config_1 = require("./lib/config");
+const crypto_1 = require("./lib/crypto");
+const key_store_1 = require("./lib/key-store");
+async function testE2E() {
+    const email = `test-${Date.now()}@example.com`;
+    const username = `user-${Date.now()}`;
+    const password = "password123";
+    console.log("--- Phase 1: Signup ---");
+    try {
+        const signupResult = await (0, api_1.apiRequest)("POST", "/auth/signup", {
+            email,
+            password,
+            username,
+        }, false);
+        console.log("Signup response:", JSON.stringify(signupResult, null, 2));
+        if (signupResult.session) {
+            (0, config_1.saveSession)({
+                access_token: signupResult.session.access_token,
+                refresh_token: signupResult.session.refresh_token,
+                user_id: signupResult.user.id,
+                email,
+                username,
+            });
+            console.log(" Signup successful");
+        }
+        else {
+            console.log(" User created but NO session returned (possibly email verification required)");
+        }
+        if (!signupResult.session) {
+            console.warn("⚠️ Ending test early: No session available to continue authenticated requests.");
+            return;
+        }
+        console.log("--- Phase 2: Key Generation ---");
+        const { private_key, public_key } = await (0, crypto_1.generateKeys)();
+        (0, key_store_1.savePrivateKey)(private_key);
+        await (0, api_1.apiRequest)("PUT", "/profile/public-key", { public_key });
+        console.log(" Keypair generated and public key uploaded");
+        console.log("--- Phase 3: Wallet Creation ---");
+        const walletName = `test-wallet-${Date.now()}`;
+        const walletResult = await (0, api_1.apiRequest)("POST", "/wallets", {
+            name: walletName,
+        });
+        const walletId = walletResult.wallet.id;
+        console.log(` Wallet "${walletName}" created with ID: ${walletId}`);
+        console.log("--- Phase 4: Secret Encryption & Storage ---");
+        const secretKey = "MY_API_KEY";
+        const secretValue = "super-secret-value-123";
+        const encryptedValue = await (0, crypto_1.encrypt)(secretValue, public_key);
+        await (0, api_1.apiRequest)("POST", `/wallets/${walletId}/secrets`, {
+            secrets: [
+                {
+                    key_name: secretKey,
+                    encrypted_value: encryptedValue,
+                    encrypted_for: public_key,
+                },
+            ],
+        });
+        console.log(" Secret encrypted and uploaded");
+        console.log("--- Phase 5: Secret Retrieval & Decryption ---");
+        const getResult = await (0, api_1.apiRequest)("GET", `/wallets/${walletId}/secrets`);
+        const foundSecret = getResult.secrets.find((s) => s.key_name === secretKey);
+        if (!foundSecret)
+            throw new Error("Secret not found in response");
+        const decryptedValue = await (0, crypto_1.decrypt)(foundSecret.encrypted_value, private_key);
+        console.log(` Secret retrieved and decrypted: ${decryptedValue}`);
+        if (decryptedValue === secretValue) {
+            console.log(" E2E TRANSACTION SUCCESSFUL");
+        }
+        else {
+            throw new Error("Decrypted value mismatch");
+        }
+    }
+    catch (error) {
+        console.error(" E2E TEST FAILED:", error);
+    }
+    finally {
+        (0, crypto_1.shutdown)();
+    }
+}
+testE2E();
+//# sourceMappingURL=test-e2e.js.map

package/dist/test-e2e.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"test-e2e.js","sourceRoot":"","sources":["../src/test-e2e.ts"],"names":[],"mappings":";;AAAA,mCAAuC;AACvC,yCAA2C;AAC3C,yCAAwE;AACxE,+CAAiD;AAIjD,KAAK,UAAU,OAAO;IACpB,MAAM,KAAK,GAAG,QAAQ,IAAI,CAAC,GAAG,EAAE,cAAc,CAAC;IAC/C,MAAM,QAAQ,GAAG,QAAQ,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;IACtC,MAAM,QAAQ,GAAG,aAAa,CAAC;IAE/B,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;IACvC,IAAI,CAAC;QACH,MAAM,YAAY,GAAG,MAAM,IAAA,gBAAU,EACnC,MAAM,EACN,cAAc,EACd;YACE,KAAK;YACL,QAAQ;YACR,QAAQ;SACT,EACD,KAAK,CACN,CAAC;QAEF,OAAO,CAAC,GAAG,CAAC,kBAAkB,EAAE,IAAI,CAAC,SAAS,CAAC,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QAEvE,IAAI,YAAY,CAAC,OAAO,EAAE,CAAC;YACzB,IAAA,oBAAW,EAAC;gBACV,YAAY,EAAE,YAAY,CAAC,OAAO,CAAC,YAAY;gBAC/C,aAAa,EAAE,YAAY,CAAC,OAAO,CAAC,aAAa;gBACjD,OAAO,EAAE,YAAY,CAAC,IAAI,CAAC,EAAE;gBAC7B,KAAK;gBACL,QAAQ;aACT,CAAC,CAAC;YACH,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC;QACpC,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CACT,8EAA8E,CAC/E,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,CAAC;YAC1B,OAAO,CAAC,IAAI,CACV,gFAAgF,CACjF,CAAC;YACF,OAAO;QACT,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,iCAAiC,CAAC,CAAC;QAC/C,MAAM,EAAE,WAAW,EAAE,UAAU,EAAE,GAAG,MAAM,IAAA,qBAAY,GAAE,CAAC;QACzD,IAAA,0BAAc,EAAC,WAAW,CAAC,CAAC;QAC5B,MAAM,IAAA,gBAAU,EAAC,KAAK,EAAE,qBAAqB,EAAE,EAAE,UAAU,EAAE,CAAC,CAAC;QAC/D,OAAO,CAAC,GAAG,CAAC,4CAA4C,CAAC,CAAC;QAE1D,OAAO,CAAC,GAAG,CAAC,kCAAkC,CAAC,CAAC;QAChD,MAAM,UAAU,GAAG,eAAe,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;QAC/C,MAAM,YAAY,GAAG,MAAM,IAAA,gBAAU,EAAC,MAAM,EAAE,UAAU,EAAE;YACxD,IAAI,EAAE,UAAU;SACjB,CAAC,CAAC;QACH,MAAM,QAAQ,GAAG,YAAY,CAAC,MAAM,CAAC,EAAE,CAAC;QACxC,OAAO,CAAC,GAAG,CAAC,YAAY,UAAU,sBAAsB,QAAQ,EAAE,CAAC,CAAC;QAEpE,OAAO,CAAC,GAAG,CAAC,8CAA8C,CAAC,CAAC;QAC5D,MAAM,SAAS,GAAG,YAAY,CAAC;QAC/B,MAAM,WAAW,GAAG,wBAAwB,CAAC;QAC7C,MAAM,cAAc,GAAG,MAAM,IAAA,gBAAO,EAAC,WAAW,EAAE,UAAU,CAAC,CAAC;QAE9D,MAAM,IAAA,gBAAU,EAAC,MAAM,EAAE,YAAY,QAAQ,UAAU,EAAE;YACvD,OAAO,EAAE;gBACP;oBACE,QAAQ,EAAE,SAAS;oBACnB,eAAe,EAAE,cAAc;oBAC/B,aAAa,EAAE,UAAU;iBAC1B;aACF;SACF,CAAC,CAAC;QACH,OAAO,CAAC,GAAG,CAAC,gCAAgC,CAAC,CAAC;QAE9C,OAAO,CAAC,GAAG,CAAC,gDAAgD,CAAC,CAAC;QAC9D,MAAM,SAAS,GAAG,MAAM,IAAA,gBAAU,EAAC,KAAK,EAAE,YAAY,QAAQ,UAAU,CAAC,CAAC;QAC1E,MAAM,WAAW,GAAG,SAAS,CAAC,OAAO,CAAC,IAAI,CACxC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,SAAS,CACrC,CAAC;QAEF,IAAI,CAAC,WAAW;YAAE,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;QAElE,MAAM,cAAc,GAAG,MAAM,IAAA,gBAAO,EAClC,WAAW,CAAC,eAAe,EAC3B,WAAW,CACZ,CAAC;QACF,OAAO,CAAC,GAAG,CAAC,oCAAoC,cAAc,EAAE,CAAC,CAAC;QAElE,IAAI,cAAc,KAAK,WAAW,EAAE,CAAC;YACnC,OAAO,CAAC,GAAG,CAAC,6BAA6B,CAAC,CAAC;QAC7C,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,mBAAmB,EAAE,KAAK,CAAC,CAAC;IAC5C,CAAC;YAAS,CAAC;QACT,IAAA,iBAAQ,GAAE,CAAC;IACb,CAAC;AACH,CAAC;AAED,OAAO,EAAE,CAAC"}

package/eslint.config.mjs ADDED Viewed

@@ -0,0 +1,4 @@
+import { config } from "@envtree/eslint-config/base";
+/** @type {import("eslint").Linter.Config[]} */
+export default config;

package/package.json ADDED Viewed

@@ -0,0 +1,30 @@
+{
+  "name": "@etree/cli",
+  "version": "2.0.1",
+  "private": false,
+  "bin": {
+    "et": "./dist/index.js",
+    "envtree": "./dist/index.js"
+  },
+  "scripts": {
+    "dev": "tsc --watch",
+    "build": "tsc",
+    "start": "node dist/index.js",
+    "lint": "eslint ."
+  },
+  "dependencies": {
+    "chalk": "^4.1.2",
+    "commander": "^13.1.0",
+    "conf": "^10.2.0",
+    "inquirer": "^8.2.6",
+    "ora": "^5.4.1"
+  },
+  "devDependencies": {
+    "@envtree/eslint-config": "workspace:*",
+    "@envtree/typescript-config": "workspace:*",
+    "@types/inquirer": "^8.2.10",
+    "@types/node": "^22.15.2",
+    "tsx": "^4.19.4",
+    "typescript": "5.9.2"
+  }
+}

package/src/commands/auth.ts ADDED Viewed

@@ -0,0 +1,258 @@
+import { Command } from "commander";
+import inquirer from "inquirer";
+import chalk from "chalk";
+import ora from "ora";
+import { apiRequest } from "../lib/api";
+import { saveSession, clearSession, getSession } from "../lib/config";
+import { generateKeys, derivePublicKey, shutdown } from "../lib/crypto";
+import { savePrivateKey, hasPrivateKey } from "../lib/key-store";
+export function registerAuthCommands(program: Command): void {
+  // ── signup ──
+  program
+    .command("signup")
+    .description("Create a new EnvTree account")
+    .action(async () => {
+      const answers = await inquirer.prompt([
+        { type: "input", name: "email", message: "Email:" },
+        { type: "input", name: "username", message: "Username:" },
+        {
+          type: "password",
+          name: "password",
+          message: "Password:",
+          mask: "*",
+        },
+        {
+          type: "password",
+          name: "confirmPassword",
+          message: "Confirm Password:",
+          mask: "*",
+        },
+      ]);
+      if (answers.password !== answers.confirmPassword) {
+        console.log(chalk.red("Passwords do not match"));
+        return;
+      }
+      const spinner = ora("Creating account...").start();
+      try {
+        const result = await apiRequest(
+          "POST",
+          "/auth/signup",
+          {
+            email: answers.email,
+            password: answers.password,
+            username: answers.username,
+          },
+          false,
+        );
+        if (!result.session) {
+          spinner.succeed(
+            "Account created! Please verify your email, then run: et login",
+          );
+          return;
+        }
+        saveSession({
+          access_token: result.session.access_token,
+          refresh_token: result.session.refresh_token,
+          user_id: result.user.id,
+          email: answers.email,
+          username: answers.username,
+        });
+        spinner.text = "Generating encryption keys...";
+        const keys = await generateKeys();
+        savePrivateKey(keys.private_key);
+        await apiRequest("PUT", "/profile/public-key", {
+          public_key: keys.public_key,
+        });
+        spinner.succeed(chalk.green("Account created & keys generated!"));
+        console.log(
+          chalk.dim(`   User: ${answers.username} (${answers.email})`),
+        );
+        console.log(
+          chalk.dim("   Private key saved to ~/.envtree/private_key"),
+        );
+      } catch (err: any) {
+        spinner.fail(chalk.red(`Signup failed: ${err.message}`));
+      } finally {
+        shutdown();
+      }
+    });
+  // ── login ──
+  program
+    .command("login")
+    .description("Log in to your EnvTree account")
+    .option("-e, --email <email>", "Email (non-interactive)")
+    .option("-p, --password <password>", "Password (non-interactive)")
+    .action(async (opts: { email?: string; password?: string }) => {
+      let email = opts.email;
+      let password = opts.password;
+      // Interactive mode if flags not provided
+      if (!email || !password) {
+        const answers = await inquirer.prompt([
+          ...(!email
+            ? [{ type: "input", name: "email", message: "Email:" }]
+            : []),
+          ...(!password
+            ? [
+                {
+                  type: "password",
+                  name: "password",
+                  message: "Password:",
+                  mask: "*",
+                },
+              ]
+            : []),
+        ]);
+        email = email || answers.email;
+        password = password || answers.password;
+      }
+      const spinner = ora("Logging in...").start();
+      try {
+        const result = await apiRequest(
+          "POST",
+          "/auth/login",
+          { email, password },
+          false,
+        );
+        saveSession({
+          access_token: result.session.access_token,
+          refresh_token: result.session.refresh_token,
+          user_id: result.user.id,
+          email: result.user.email,
+          username: email!,
+        });
+        // Fetch profile to get real username
+        const profileResult = await apiRequest(
+          "GET",
+          "/profile/me",
+          undefined,
+          true,
+        );
+        if (profileResult.profile?.username) {
+          saveSession({
+            access_token: result.session.access_token,
+            refresh_token: result.session.refresh_token,
+            user_id: result.user.id,
+            email: result.user.email,
+            username: profileResult.profile.username,
+          });
+        }
+        // Always sync public key with server
+        if (hasPrivateKey()) {
+          // Derive public key from existing private key and upload it
+          spinner.text = "Syncing encryption keys...";
+          const privateKey = require("../lib/key-store").getPrivateKey();
+          const publicKey = await derivePublicKey(privateKey);
+          await apiRequest("PUT", "/profile/public-key", {
+            public_key: publicKey,
+          });
+          spinner.succeed(chalk.green("Logged in!"));
+        } else {
+          // Generate a new keypair
+          spinner.text = "Generating encryption keys...";
+          const keys = await generateKeys();
+          savePrivateKey(keys.private_key);
+          await apiRequest("PUT", "/profile/public-key", {
+            public_key: keys.public_key,
+          });
+          spinner.succeed(chalk.green("Logged in & keys generated!"));
+          console.log(
+            chalk.dim("   Private key saved to ~/.envtree/private_key"),
+          );
+        }
+        console.log(chalk.dim(`   User: ${result.user.email}`));
+      } catch (err: any) {
+        spinner.fail(chalk.red(`Login failed: ${err.message}`));
+      } finally {
+        shutdown();
+      }
+    });
+  // ── logout ──
+  program
+    .command("logout")
+    .description("Log out of your EnvTree account")
+    .action(() => {
+      clearSession();
+      console.log(chalk.green("Logged out"));
+    });
+  // ── whoami ──
+  program
+    .command("whoami")
+    .description("Show the current logged-in user")
+    .action(async () => {
+      const session = getSession();
+      if (!session) {
+        console.log(chalk.yellow("Not logged in. Run: et login"));
+        return;
+      }
+      try {
+        const result = await apiRequest("GET", "/profile/me");
+        console.log(chalk.bold("EnvTree User"));
+        console.log(`   Username:   ${result.profile.username}`);
+        console.log(`   Email:      ${result.profile.email}`);
+        console.log(
+          `   Public Key: ${result.profile.public_key ? result.profile.public_key.substring(0, 20) + "..." : chalk.yellow("not set")}`,
+        );
+      } catch {
+        console.log(chalk.dim(`   Username: ${session.username}`));
+        console.log(chalk.dim(`   Email:    ${session.email}`));
+        console.log(chalk.yellow("   (offline — showing cached info)"));
+      }
+    });
+  // ── delete-account ──
+  program
+    .command("delete-account")
+    .description("Permanently delete your EnvTree account")
+    .action(async () => {
+      const session = getSession();
+      if (!session) {
+        console.log(chalk.yellow("Not logged in. Run: et login"));
+        return;
+      }
+      const { confirm } = await inquirer.prompt([
+        {
+          type: "confirm",
+          name: "confirm",
+          message: chalk.red(
+            "⚠ This will permanently delete your account and all your wallets. Are you sure?",
+          ),
+          default: false,
+        },
+      ]);
+      if (!confirm) {
+        console.log(chalk.dim("Cancelled."));
+        return;
+      }
+      const spinner = ora("Deleting account...").start();
+      try {
+        await apiRequest("DELETE", "/auth/account");
+        clearSession();
+        spinner.succeed(chalk.green("Account deleted. Goodbye!"));
+      } catch (err: any) {
+        spinner.fail(chalk.red(`Failed: ${err.message}`));
+      }
+    });
+}

package/src/commands/config.ts ADDED Viewed

@@ -0,0 +1,47 @@
+import { Command } from "commander";
+import chalk from "chalk";
+import { getConfig, saveConfig } from "../lib/config";
+export function registerConfigCommands(program: Command): void {
+  const config = program
+    .command("config")
+    .description("Manage CLI configuration");
+  // ── config show ──
+  config
+    .command("show")
+    .description("Display current configuration")
+    .action(() => {
+      const cfg = getConfig();
+      console.log(chalk.bold("\nEnvTree Config"));
+      console.log(`   Server:  ${chalk.cyan(cfg.server_url)}`);
+      console.log(
+        `   Session: ${cfg.session ? chalk.green("active") + chalk.dim(` (${cfg.session.email})`) : chalk.yellow("none")}`,
+      );
+      console.log(
+        chalk.dim(`   Config:  ~/.envtree/config.json`),
+      );
+      console.log(
+        chalk.dim(`   Keys:    ~/.envtree/private_key`),
+      );
+      console.log("");
+    });
+  // ── config set ──
+  config
+    .command("set <key> <value>")
+    .description("Set a configuration value (e.g. server URL)")
+    .action((key: string, value: string) => {
+      const cfg = getConfig();
+      if (key === "server" || key === "server_url") {
+        cfg.server_url = value;
+        saveConfig(cfg);
+        console.log(chalk.green(`Server URL set to: ${value}`));
+      } else {
+        console.log(
+          chalk.red(`Unknown config key: "${key}". Available: server`),
+        );
+      }
+    });
+}

package/src/commands/init.ts ADDED Viewed

@@ -0,0 +1,187 @@
+import { Command } from "commander";
+import inquirer from "inquirer";
+import chalk from "chalk";
+import ora from "ora";
+import { apiRequest } from "../lib/api";
+import { saveSession } from "../lib/config";
+import { generateKeys, derivePublicKey, shutdown } from "../lib/crypto";
+import { savePrivateKey, hasPrivateKey, getPrivateKey } from "../lib/key-store";
+export function registerInitCommand(program: Command): void {
+  program
+    .command("init")
+    .description("First-time setup — create an account or log in")
+    .action(async () => {
+      console.log(chalk.bold("\n🌲 Welcome to EnvTree!\n"));
+      const { action } = await inquirer.prompt([
+        {
+          type: "list",
+          name: "action",
+          message: "What would you like to do?",
+          choices: [
+            { name: "Create a new account", value: "signup" },
+            { name: "Log in to existing account", value: "login" },
+          ],
+        },
+      ]);
+      if (action === "signup") {
+        const answers = await inquirer.prompt([
+          { type: "input", name: "email", message: "Email:" },
+          { type: "input", name: "username", message: "Username:" },
+          {
+            type: "password",
+            name: "password",
+            message: "Password:",
+            mask: "*",
+          },
+          {
+            type: "password",
+            name: "confirmPassword",
+            message: "Confirm Password:",
+            mask: "*",
+          },
+        ]);
+        if (answers.password !== answers.confirmPassword) {
+          console.log(chalk.red("\n  Passwords do not match"));
+          return;
+        }
+        const spinner = ora("Creating account...").start();
+        try {
+          const result = await apiRequest(
+            "POST",
+            "/auth/signup",
+            {
+              email: answers.email,
+              password: answers.password,
+              username: answers.username,
+            },
+            false,
+          );
+          if (!result.session) {
+            spinner.succeed(
+              "Account created! Check your email, then run: et login",
+            );
+            return;
+          }
+          saveSession({
+            access_token: result.session.access_token,
+            refresh_token: result.session.refresh_token,
+            user_id: result.user.id,
+            email: answers.email,
+            username: answers.username,
+          });
+          spinner.text = "Generating encryption keys...";
+          const keys = await generateKeys();
+          savePrivateKey(keys.private_key);
+          await apiRequest("PUT", "/profile/public-key", {
+            public_key: keys.public_key,
+          });
+          spinner.succeed(chalk.green("All set! You're ready to go."));
+          console.log(
+            chalk.dim(`   User: ${answers.username} (${answers.email})`),
+          );
+          console.log("");
+          console.log(chalk.bold("  Next steps:"));
+          console.log(
+            chalk.cyan("    et wallet create my-project   ") +
+              chalk.dim("Create a wallet"),
+          );
+          console.log(
+            chalk.cyan('    et push my-project API_KEY "sk-..."  ') +
+              chalk.dim("Store a secret"),
+          );
+          console.log(
+            chalk.cyan("    et pull my-project            ") +
+              chalk.dim("Sync to .env"),
+          );
+          console.log("");
+        } catch (err: any) {
+          spinner.fail(chalk.red(`Signup failed: ${err.message}`));
+        } finally {
+          shutdown();
+        }
+      } else {
+        // Login flow
+        const answers = await inquirer.prompt([
+          { type: "input", name: "email", message: "Email:" },
+          {
+            type: "password",
+            name: "password",
+            message: "Password:",
+            mask: "*",
+          },
+        ]);
+        const spinner = ora("Logging in...").start();
+        try {
+          const result = await apiRequest(
+            "POST",
+            "/auth/login",
+            {
+              email: answers.email,
+              password: answers.password,
+            },
+            false,
+          );
+          saveSession({
+            access_token: result.session.access_token,
+            refresh_token: result.session.refresh_token,
+            user_id: result.user.id,
+            email: result.user.email,
+            username: answers.email,
+          });
+          const profileResult = await apiRequest(
+            "GET",
+            "/profile/me",
+            undefined,
+            true,
+          );
+          if (profileResult.profile?.username) {
+            saveSession({
+              access_token: result.session.access_token,
+              refresh_token: result.session.refresh_token,
+              user_id: result.user.id,
+              email: result.user.email,
+              username: profileResult.profile.username,
+            });
+          }
+          // Always sync public key with server
+          if (hasPrivateKey()) {
+            spinner.text = "Syncing encryption keys...";
+            const pk = getPrivateKey()!;
+            const publicKey = await derivePublicKey(pk);
+            await apiRequest("PUT", "/profile/public-key", {
+              public_key: publicKey,
+            });
+          } else {
+            spinner.text = "Generating encryption keys...";
+            const keys = await generateKeys();
+            savePrivateKey(keys.private_key);
+            await apiRequest("PUT", "/profile/public-key", {
+              public_key: keys.public_key,
+            });
+          }
+          spinner.succeed(chalk.green("Logged in! You're ready to go."));
+          console.log(chalk.dim(`   User: ${result.user.email}`));
+          console.log("");
+        } catch (err: any) {
+          spinner.fail(chalk.red(`Login failed: ${err.message}`));
+        } finally {
+          shutdown();
+        }
+      }
+    });
+}