@fentz26/envcp 1.0.2 → 1.0.4

package/src/types.ts

@@ -1,183 +0,0 @@
-import { z } from 'zod';
-
-export const EnvCPConfigSchema = z.object({
-  version: z.string().default('1.0'),
-  project: z.string().optional(),
-  
-  storage: z.object({
-    path: z.string().default('.envcp/store.enc'),
-    encrypted: z.boolean().default(true),
-    algorithm: z.enum(['aes-256-gcm', 'aes-256-cbc']).default('aes-256-gcm'),
-    compression: z.boolean().default(false),
-  }).default({}),
-  
-  access: z.object({
-    allow_ai_read: z.boolean().default(false),
-    allow_ai_write: z.boolean().default(false),
-    allow_ai_delete: z.boolean().default(false),
-    allow_ai_export: z.boolean().default(false),
-    allow_ai_execute: z.boolean().default(false),
-    allow_ai_active_check: z.boolean().default(false),
-    require_user_reference: z.boolean().default(true),
-    allowed_commands: z.array(z.string()).optional(),
-    require_confirmation: z.boolean().default(true),
-    mask_values: z.boolean().default(true),
-    audit_log: z.boolean().default(true),
-    allowed_patterns: z.array(z.string()).optional(),
-    denied_patterns: z.array(z.string()).optional(),
-    blacklist_patterns: z.array(z.string()).default([]),
-  }).default({}),
-  
-  sync: z.object({
-    enabled: z.boolean().default(false),
-    target: z.string().default('.env'),
-    exclude: z.array(z.string()).default([]),
-    include: z.array(z.string()).optional(),
-    format: z.enum(['dotenv', 'json', 'yaml']).default('dotenv'),
-    header: z.string().optional(),
-  }).default({}),
-  
-  session: z.object({
-    enabled: z.boolean().default(true),
-    timeout_minutes: z.number().default(30),
-    max_extensions: z.number().default(5),
-    path: z.string().default('.envcp/.session'),
-  }).default({}),
-  
-  password: z.object({
-    min_length: z.number().default(1),
-    require_complexity: z.boolean().default(false),
-    allow_numeric_only: z.boolean().default(true),
-    allow_single_char: z.boolean().default(true),
-  }).default({}),
-
-  variables: z.record(z.object({
-    value: z.string(),
-    encrypted: z.boolean().default(false),
-    tags: z.array(z.string()).optional(),
-    description: z.string().optional(),
-    created: z.string().optional(),
-    updated: z.string().optional(),
-    accessed: z.string().optional(),
-    sync_to_env: z.boolean().default(true),
-  })).optional(),
-});
-
-export type EnvCPConfig = z.infer<typeof EnvCPConfigSchema>;
-
-export const VariableSchema = z.object({
-  name: z.string(),
-  value: z.string(),
-  encrypted: z.boolean().default(false),
-  tags: z.array(z.string()).optional(),
-  description: z.string().optional(),
-  created: z.string(),
-  updated: z.string(),
-  accessed: z.string().optional(),
-  sync_to_env: z.boolean().default(true),
-});
-
-export type Variable = z.infer<typeof VariableSchema>;
-
-export const OperationLogSchema = z.object({
-  timestamp: z.string(),
-  operation: z.enum(['add', 'get', 'update', 'delete', 'list', 'sync', 'export', 'unlock', 'lock', 'check_access']),
-  variable: z.string().optional(),
-  source: z.enum(['cli', 'mcp', 'api']),
-  success: z.boolean(),
-  message: z.string().optional(),
-});
-
-export type OperationLog = z.infer<typeof OperationLogSchema>;
-
-export const SessionSchema = z.object({
-  id: z.string(),
-  created: z.string(),
-  expires: z.string(),
-  extensions: z.number().default(0),
-  last_access: z.string(),
-});
-
-export type Session = z.infer<typeof SessionSchema>;
-
-// Server mode types
-export const ServerModeSchema = z.enum(['mcp', 'rest', 'openai', 'gemini', 'all', 'auto']);
-export type ServerMode = z.infer<typeof ServerModeSchema>;
-
-export const ServerConfigSchema = z.object({
-  mode: ServerModeSchema.default('auto'),
-  port: z.number().default(3456),
-  host: z.string().default('127.0.0.1'),
-  cors: z.boolean().default(true),
-  api_key: z.string().optional(),
-  auto_detect: z.boolean().default(true),
-});
-
-export type ServerConfig = z.infer<typeof ServerConfigSchema>;
-
-// Tool definition for adapters
-export interface ToolDefinition {
-  name: string;
-  description: string;
-  parameters: Record<string, unknown>;
-  handler: (params: Record<string, unknown>) => Promise<unknown>;
-}
-
-// OpenAI function calling format
-export interface OpenAIFunction {
-  name: string;
-  description: string;
-  parameters: {
-    type: 'object';
-    properties: Record<string, unknown>;
-    required?: string[];
-  };
-}
-
-export interface OpenAIToolCall {
-  id: string;
-  type: 'function';
-  function: {
-    name: string;
-    arguments: string;
-  };
-}
-
-export interface OpenAIMessage {
-  role: 'system' | 'user' | 'assistant' | 'tool';
-  content: string | null;
-  tool_calls?: OpenAIToolCall[];
-  tool_call_id?: string;
-}
-
-// Gemini function calling format
-export interface GeminiFunctionDeclaration {
-  name: string;
-  description: string;
-  parameters: {
-    type: 'object';
-    properties: Record<string, unknown>;
-    required?: string[];
-  };
-}
-
-export interface GeminiFunctionCall {
-  name: string;
-  args: Record<string, unknown>;
-}
-
-export interface GeminiFunctionResponse {
-  name: string;
-  response: Record<string, unknown>;
-}
-
-// REST API types
-export interface RESTResponse<T = unknown> {
-  success: boolean;
-  data?: T;
-  error?: string;
-  timestamp: string;
-}
-
-// Detected client type
-export type ClientType = 'mcp' | 'openai' | 'gemini' | 'rest' | 'unknown';

package/src/utils/crypto.ts

@@ -1,100 +0,0 @@
-import * as crypto from 'crypto';
-
-const ALGORITHM = 'aes-256-gcm';
-const IV_LENGTH = 16;
-const AUTH_TAG_LENGTH = 16;
-const SALT_LENGTH = 64;
-const ITERATIONS = 100000;
-
-export function deriveKey(password: string, salt: Buffer): Buffer {
-  return crypto.pbkdf2Sync(password, salt, ITERATIONS, 32, 'sha512');
-}
-
-export function encrypt(text: string, password: string): string {
-  const salt = crypto.randomBytes(SALT_LENGTH);
-  const key = deriveKey(password, salt);
-  const iv = crypto.randomBytes(IV_LENGTH);
-  
-  const cipher = crypto.createCipheriv(ALGORITHM, key, iv);
-  let encrypted = cipher.update(text, 'utf8', 'hex');
-  encrypted += cipher.final('hex');
-  
-  const authTag = cipher.getAuthTag();
-  
-  return salt.toString('hex') + iv.toString('hex') + authTag.toString('hex') + encrypted;
-}
-
-export function decrypt(encryptedData: string, password: string): string {
-  const salt = Buffer.from(encryptedData.slice(0, SALT_LENGTH * 2), 'hex');
-  const iv = Buffer.from(encryptedData.slice(SALT_LENGTH * 2, SALT_LENGTH * 2 + IV_LENGTH * 2), 'hex');
-  const authTag = Buffer.from(encryptedData.slice(SALT_LENGTH * 2 + IV_LENGTH * 2, SALT_LENGTH * 2 + IV_LENGTH * 2 + AUTH_TAG_LENGTH * 2), 'hex');
-  const encrypted = encryptedData.slice(SALT_LENGTH * 2 + IV_LENGTH * 2 + AUTH_TAG_LENGTH * 2);
-  
-  const key = deriveKey(password, salt);
-  
-  const decipher = crypto.createDecipheriv(ALGORITHM, key, iv);
-  decipher.setAuthTag(authTag);
-  
-  let decrypted = decipher.update(encrypted, 'hex', 'utf8');
-  decrypted += decipher.final('utf8');
-  
-  return decrypted;
-}
-
-export function generateId(): string {
-  return crypto.randomBytes(16).toString('hex');
-}
-
-export function generateSessionToken(): string {
-  return crypto.randomBytes(32).toString('hex');
-}
-
-export function maskValue(value: string, showLength: number = 4): string {
-  if (value.length <= showLength * 2) {
-    return '*'.repeat(value.length);
-  }
-  return value.slice(0, showLength) + '*'.repeat(value.length - showLength * 2) + value.slice(-showLength);
-}
-
-export function validatePassword(password: string, config: {
-  min_length?: number;
-  require_complexity?: boolean;
-  allow_numeric_only?: boolean;
-  allow_single_char?: boolean;
-}): { valid: boolean; error?: string } {
-  const minLength = config.min_length ?? 1;
-  const requireComplexity = config.require_complexity ?? false;
-  const allowNumericOnly = config.allow_numeric_only ?? true;
-  const allowSingleChar = config.allow_single_char ?? true;
-
-  if (password.length < minLength) {
-    return { valid: false, error: `Password must be at least ${minLength} character(s)` };
-  }
-
-  if (!allowSingleChar && password.length === 1) {
-    return { valid: false, error: 'Single character passwords are not allowed' };
-  }
-
-  if (!allowNumericOnly && /^\d+$/.test(password)) {
-    return { valid: false, error: 'Numeric-only passwords are not allowed' };
-  }
-
-  if (requireComplexity) {
-    const hasLower = /[a-z]/.test(password);
-    const hasUpper = /[A-Z]/.test(password);
-    const hasNumber = /[0-9]/.test(password);
-    const hasSpecial = /[!@#$%^&*(),.?":{}|<>]/.test(password);
-    
-    const complexityCount = [hasLower, hasUpper, hasNumber, hasSpecial].filter(Boolean).length;
-    
-    if (complexityCount < 3) {
-      return { valid: false, error: 'Password must contain at least 3 of: lowercase, uppercase, numbers, special characters' };
-    }
-  }
-
-  return { valid: true };
-}
-
-export function quickHash(input: string): string {
-  return crypto.createHash('sha256').update(input).digest('hex').slice(0, 16);
-}

package/src/utils/http.ts

@@ -1,119 +0,0 @@
-import * as crypto from 'crypto';
-import * as http from 'http';
-
-const MAX_BODY_SIZE = 1024 * 1024; // 1MB
-
-export function setCorsHeaders(res: http.ServerResponse, allowedOrigin?: string, requestOrigin?: string): void {
-  const localOrigins = ['http://127.0.0.1', 'http://localhost', 'http://[::1]'];
-  let origin = allowedOrigin || '*';
-  if (!allowedOrigin && requestOrigin) {
-    const matches = localOrigins.some(lo => requestOrigin.startsWith(lo));
-    origin = matches ? requestOrigin : '';
-  }
-  res.setHeader('Access-Control-Allow-Origin', origin);
-  res.setHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
-  res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization, X-API-Key, X-Goog-Api-Key, OpenAI-Organization');
-}
-
-export function sendJson(res: http.ServerResponse, status: number, data: unknown): void {
-  res.writeHead(status, { 'Content-Type': 'application/json' });
-  res.end(JSON.stringify(data));
-}
-
-export function parseBody(req: http.IncomingMessage): Promise<Record<string, unknown>> {
-  return new Promise((resolve, reject) => {
-    let body = '';
-    let size = 0;
-    req.on('data', (chunk: Buffer) => {
-      size += chunk.length;
-      if (size > MAX_BODY_SIZE) {
-        req.destroy();
-        reject(new Error('Request body too large'));
-        return;
-      }
-      body += chunk;
-    });
-    req.on('end', () => {
-      try {
-        resolve(body ? JSON.parse(body) : {});
-      } catch {
-        reject(new Error('Invalid JSON body'));
-      }
-    });
-    req.on('error', reject);
-  });
-}
-
-export function validateApiKey(provided: string | undefined, expected: string): boolean {
-  if (!provided) return false;
-  if (provided.length !== expected.length) return false;
-  return crypto.timingSafeEqual(Buffer.from(provided), Buffer.from(expected));
-}
-
-export class RateLimiter {
-  private requests: Map<string, number[]> = new Map();
-  private maxRequests: number;
-  private windowMs: number;
-  private cleanupTimer: ReturnType<typeof setInterval>;
-
-  constructor(maxRequests: number = 60, windowMs: number = 60000) {
-    this.maxRequests = maxRequests;
-    this.windowMs = windowMs;
-    // Periodically clean up stale entries
-    this.cleanupTimer = setInterval(() => this.cleanup(), windowMs * 2);
-    if (this.cleanupTimer.unref) this.cleanupTimer.unref();
-  }
-
-  isAllowed(key: string): boolean {
-    const now = Date.now();
-    const timestamps = this.requests.get(key) || [];
-    const recent = timestamps.filter(t => now - t < this.windowMs);
-
-    if (recent.length >= this.maxRequests) {
-      this.requests.set(key, recent);
-      return false;
-    }
-
-    recent.push(now);
-    this.requests.set(key, recent);
-    return true;
-  }
-
-  getRemainingRequests(key: string): number {
-    const now = Date.now();
-    const timestamps = this.requests.get(key) || [];
-    const recent = timestamps.filter(t => now - t < this.windowMs);
-    return Math.max(0, this.maxRequests - recent.length);
-  }
-
-  private cleanup(): void {
-    const now = Date.now();
-    for (const [key, timestamps] of this.requests) {
-      const recent = timestamps.filter(t => now - t < this.windowMs);
-      if (recent.length === 0) {
-        this.requests.delete(key);
-      } else {
-        this.requests.set(key, recent);
-      }
-    }
-  }
-
-  destroy(): void {
-    clearInterval(this.cleanupTimer);
-  }
-}
-
-export function rateLimitMiddleware(
-  limiter: RateLimiter,
-  req: http.IncomingMessage,
-  res: http.ServerResponse
-): boolean {
-  const key = req.socket.remoteAddress || 'unknown';
-  if (!limiter.isAllowed(key)) {
-    res.setHeader('Retry-After', '60');
-    sendJson(res, 429, { error: 'Too many requests' });
-    return false;
-  }
-  res.setHeader('X-RateLimit-Remaining', String(limiter.getRemainingRequests(key)));
-  return true;
-}

package/src/utils/session.ts

@@ -1,146 +0,0 @@
-import * as fs from 'fs-extra';
-import * as path from 'path';
-import { Session, SessionSchema } from '../types.js';
-import { generateId, encrypt, decrypt } from './crypto.js';
-import * as crypto from 'crypto';
-
-export class SessionManager {
-  private sessionPath: string;
-  private session: Session | null = null;
-  private password: string | null = null;
-  private timeoutMinutes: number;
-  private maxExtensions: number;
-
-  constructor(sessionPath: string, timeoutMinutes: number = 30, maxExtensions: number = 5) {
-    this.sessionPath = sessionPath;
-    this.timeoutMinutes = timeoutMinutes;
-    this.maxExtensions = maxExtensions;
-  }
-
-  async init(): Promise<void> {
-    await fs.ensureDir(path.dirname(this.sessionPath));
-  }
-
-  async create(password: string): Promise<Session> {
-    const now = new Date();
-    const expires = new Date(now.getTime() + this.timeoutMinutes * 60 * 1000);
-
-    this.session = {
-      id: generateId(),
-      created: now.toISOString(),
-      expires: expires.toISOString(),
-      extensions: 0,
-      last_access: now.toISOString(),
-    };
-
-    this.password = password;
-
-    // Store a verification hash instead of the raw password
-    const passwordHash = crypto.createHash('sha256').update(password).digest('hex');
-    const sessionData = JSON.stringify({
-      session: this.session,
-      passwordHash,
-    });
-
-    const encrypted = encrypt(sessionData, password);
-    await fs.writeFile(this.sessionPath, encrypted, 'utf8');
-
-    return this.session;
-  }
-
-  async load(password?: string): Promise<Session | null> {
-    if (!await fs.pathExists(this.sessionPath)) {
-      return null;
-    }
-
-    try {
-      const encrypted = await fs.readFile(this.sessionPath, 'utf8');
-      
-      const pwd = password || this.password;
-      if (!pwd) {
-        return null;
-      }
-
-      const decrypted = decrypt(encrypted, pwd);
-      const data = JSON.parse(decrypted);
-      this.session = SessionSchema.parse(data.session);
-      // Password is verified by successful decryption — no longer stored in file
-      this.password = pwd;
-      
-      if (new Date() > new Date(this.session.expires)) {
-        await this.destroy();
-        return null;
-      }
-      
-      return this.session;
-    } catch (error) {
-      return null;
-    }
-  }
-
-  async isValid(): Promise<boolean> {
-    if (!this.session) {
-      return false;
-    }
-    
-    return new Date() < new Date(this.session.expires);
-  }
-
-  async extend(): Promise<Session | null> {
-    if (!this.session || !this.password) {
-      return null;
-    }
-
-    if (this.session.extensions >= this.maxExtensions) {
-      return null;
-    }
-
-    if (!await this.isValid()) {
-      return null;
-    }
-
-    const now = new Date();
-    const expires = new Date(now.getTime() + this.timeoutMinutes * 60 * 1000);
-    
-    this.session.expires = expires.toISOString();
-    this.session.extensions += 1;
-    this.session.last_access = now.toISOString();
-
-    const passwordHash = crypto.createHash('sha256').update(this.password).digest('hex');
-    const sessionData = JSON.stringify({
-      session: this.session,
-      passwordHash,
-    });
-
-    const encrypted = encrypt(sessionData, this.password);
-    await fs.writeFile(this.sessionPath, encrypted, 'utf8');
-
-    return this.session;
-  }
-
-  async destroy(): Promise<void> {
-    this.session = null;
-    this.password = null;
-    
-    if (await fs.pathExists(this.sessionPath)) {
-      await fs.unlink(this.sessionPath);
-    }
-  }
-
-  getPassword(): string | null {
-    return this.password;
-  }
-
-  getSession(): Session | null {
-    return this.session;
-  }
-
-  getRemainingTime(): number {
-    if (!this.session) {
-      return 0;
-    }
-    
-    const remaining = new Date(this.session.expires).getTime() - Date.now();
-    return Math.max(0, Math.floor(remaining / 1000 / 60));
-  }
-}

package/tsconfig.json

@@ -1,20 +0,0 @@
-{
-  "compilerOptions": {
-    "target": "ES2022",
-    "module": "Node16",
-    "moduleResolution": "Node16",
-    "lib": ["ES2022"],
-    "outDir": "./dist",
-    "rootDir": "./src",
-    "strict": true,
-    "esModuleInterop": true,
-    "skipLibCheck": true,
-    "forceConsistentCasingInFileNames": true,
-    "resolveJsonModule": true,
-    "declaration": true,
-    "declarationMap": true,
-    "sourceMap": true
-  },
-  "include": ["src/**/*"],
-  "exclude": ["node_modules", "dist"]
-}