@griv/env2 0.0.1

package/dist/index.d.ts

@@ -0,0 +1 @@
+#!/usr/bin/env node

package/dist/index.js

@@ -0,0 +1,521 @@
+#!/usr/bin/env node
+
+// src/index.ts
+import { Command } from "commander";
+
+// src/commands/config.ts
+import * as p from "@clack/prompts";
+
+// src/lib/config.ts
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from "fs";
+import { homedir } from "os";
+import { join } from "path";
+var CONFIG_DIR = join(homedir(), ".env2");
+var CONFIG_FILE = join(CONFIG_DIR, "config.json");
+var DEFAULT_HOST = "https://env2-worker.charoing-lucas.workers.dev";
+function getConfig() {
+  if (!existsSync(CONFIG_FILE)) {
+    return { host: DEFAULT_HOST };
+  }
+  const raw = readFileSync(CONFIG_FILE, "utf-8");
+  return JSON.parse(raw);
+}
+function resetConfig() {
+  ensureDir();
+  writeFileSync(CONFIG_FILE, JSON.stringify({ host: DEFAULT_HOST }, null, 2) + "\n");
+}
+function setConfig(key, value) {
+  ensureDir();
+  const config2 = getConfig();
+  config2[key] = value;
+  writeFileSync(CONFIG_FILE, JSON.stringify(config2, null, 2) + "\n");
+}
+function ensureDir() {
+  if (!existsSync(CONFIG_DIR)) {
+    mkdirSync(CONFIG_DIR, { recursive: true });
+  }
+}
+
+// src/commands/config.ts
+function configGet(key) {
+  const config2 = getConfig();
+  if (key in config2) {
+    console.log(config2[key]);
+  } else {
+    p.log.error(`Unknown config key: ${key}`);
+    process.exit(1);
+  }
+}
+function configReset() {
+  resetConfig();
+  p.log.success("Config reset to defaults.");
+}
+function configSet(key, value) {
+  if (key !== "host") {
+    p.log.error(`Unknown config key: ${key}`);
+    process.exit(1);
+  }
+  setConfig(key, value);
+  p.log.success(`Set ${key} = ${value}`);
+}
+
+// src/commands/receive.ts
+import * as p2 from "@clack/prompts";
+import { existsSync as existsSync2, mkdirSync as mkdirSync2, readFileSync as readFileSync2, writeFileSync as writeFileSync2 } from "fs";
+import { dirname, join as join2, resolve } from "path";
+
+// src/lib/crypto.ts
+import { createCipheriv, createDecipheriv, randomBytes } from "crypto";
+var ALGORITHM = "aes-256-gcm";
+var IV_LENGTH = 12;
+var TAG_LENGTH = 16;
+function decryptManifest(ciphertext, keyBase64url) {
+  const key = Buffer.from(keyBase64url, "base64url");
+  const data = Buffer.from(ciphertext, "base64");
+  const iv = data.subarray(0, IV_LENGTH);
+  const tag = data.subarray(data.length - TAG_LENGTH);
+  const encrypted = data.subarray(IV_LENGTH, data.length - TAG_LENGTH);
+  const decipher = createDecipheriv(ALGORITHM, key, iv);
+  decipher.setAuthTag(tag);
+  const decrypted = Buffer.concat([
+    decipher.update(encrypted),
+    decipher.final()
+  ]);
+  return decrypted.toString("utf8");
+}
+function encryptManifest(plaintext) {
+  const key = randomBytes(32);
+  const iv = randomBytes(IV_LENGTH);
+  const cipher = createCipheriv(ALGORITHM, key, iv);
+  const encrypted = Buffer.concat([
+    cipher.update(plaintext, "utf8"),
+    cipher.final()
+  ]);
+  const tag = cipher.getAuthTag();
+  const blob = Buffer.concat([iv, encrypted, tag]);
+  return {
+    ciphertext: blob.toString("base64"),
+    key: key.toString("base64url")
+  };
+}
+
+// src/lib/env-parser.ts
+function mergeEnvContent(existingContent, selectedGroups) {
+  const existingLines = existingContent.split("\n");
+  const selectedVars = /* @__PURE__ */ new Map();
+  for (const group of selectedGroups) {
+    for (const v of group.vars) {
+      selectedVars.set(v.key, { group, value: v.value });
+    }
+  }
+  const found = /* @__PURE__ */ new Set();
+  const updatedLines = [];
+  for (const line of existingLines) {
+    const trimmed = line.trim();
+    if (trimmed && !trimmed.startsWith("#")) {
+      const eqIndex = trimmed.indexOf("=");
+      if (eqIndex > 0) {
+        const key = trimmed.slice(0, eqIndex);
+        const selected = selectedVars.get(key);
+        if (selected) {
+          updatedLines.push(`${key}=${selected.value}`);
+          found.add(key);
+          continue;
+        }
+      }
+    }
+    updatedLines.push(line);
+  }
+  const newGroups = [];
+  for (const group of selectedGroups) {
+    const newVars = group.vars.filter((v) => !found.has(v.key));
+    if (newVars.length > 0) {
+      newGroups.push({ comment: group.comment, vars: newVars });
+    }
+  }
+  if (newGroups.length > 0) {
+    const lastLine = updatedLines[updatedLines.length - 1]?.trim();
+    if (lastLine !== "") {
+      updatedLines.push("");
+    }
+    updatedLines.push(serializeEnvGroups(newGroups).trimEnd());
+  }
+  return updatedLines.join("\n").trimEnd() + "\n";
+}
+function parseEnvContent(content) {
+  const lines = content.split("\n");
+  const groups = [];
+  let currentComment = [];
+  let currentVars = [];
+  for (const line of lines) {
+    const trimmed = line.trim();
+    if (!trimmed) {
+      if (currentVars.length > 0) {
+        groups.push({
+          comment: currentComment.length > 0 ? currentComment.join("\n") : void 0,
+          vars: currentVars
+        });
+        currentComment = [];
+        currentVars = [];
+      }
+      continue;
+    }
+    if (trimmed.startsWith("#")) {
+      if (currentVars.length > 0) {
+        groups.push({
+          comment: currentComment.length > 0 ? currentComment.join("\n") : void 0,
+          vars: currentVars
+        });
+        currentComment = [];
+        currentVars = [];
+      }
+      currentComment.push(line);
+      continue;
+    }
+    const eqIndex = trimmed.indexOf("=");
+    if (eqIndex > 0) {
+      const key = trimmed.slice(0, eqIndex);
+      const value = trimmed.slice(eqIndex + 1);
+      currentVars.push({ key, value });
+    }
+  }
+  if (currentVars.length > 0 || currentComment.length > 0) {
+    groups.push({
+      comment: currentComment.length > 0 ? currentComment.join("\n") : void 0,
+      vars: currentVars
+    });
+  }
+  return groups;
+}
+function serializeEnvGroups(groups) {
+  const parts = [];
+  for (const group of groups) {
+    if (group.vars.length === 0) continue;
+    if (group.comment) {
+      parts.push(group.comment);
+    }
+    for (const v of group.vars) {
+      parts.push(`${v.key}=${v.value}`);
+    }
+    parts.push("");
+  }
+  return parts.join("\n").trimEnd() + "\n";
+}
+
+// src/commands/receive.ts
+async function receive(url, options) {
+  const root = resolve(options.root || ".");
+  p2.intro("env2 receive");
+  const parsed = new URL(url);
+  const key = parsed.hash.slice(1);
+  parsed.hash = "";
+  const fetchUrl = parsed.toString();
+  if (!key) {
+    p2.log.error("Invalid URL \u2014 missing encryption key (fragment).");
+    process.exit(1);
+  }
+  const s = p2.spinner();
+  s.start("Fetching...");
+  const res = await fetch(fetchUrl);
+  if (!res.ok) {
+    s.stop("Failed.");
+    if (res.status === 404) {
+      p2.log.error("Share not found or expired.");
+    } else {
+      p2.log.error(`Server error: ${res.status}`);
+    }
+    process.exit(1);
+  }
+  const { ciphertext } = await res.json();
+  let manifest;
+  try {
+    const plaintext = decryptManifest(ciphertext, key);
+    manifest = JSON.parse(plaintext);
+  } catch {
+    s.stop("Failed.");
+    p2.log.error("Decryption failed \u2014 invalid key or corrupted data.");
+    process.exit(1);
+  }
+  s.stop(`Decrypted ${manifest.files.length} file(s).`);
+  const fileSelections = [];
+  for (const file of manifest.files) {
+    const groups = parseEnvContent(file.content);
+    const allKeys = groups.flatMap((g) => g.vars.map((v) => v.key));
+    let selectedKeys;
+    if (options.noInteractive || options.stdout) {
+      selectedKeys = new Set(allKeys);
+    } else {
+      const selectOptions = [];
+      for (const group of groups) {
+        for (const v of group.vars) {
+          selectOptions.push({
+            hint: group.comment?.replace(/^#\s*/, "") ?? void 0,
+            label: v.key,
+            value: v.key
+          });
+        }
+      }
+      const selected = await p2.multiselect({
+        initialValues: allKeys,
+        message: `${file.path} (${allKeys.length} vars)`,
+        options: selectOptions
+      });
+      if (p2.isCancel(selected)) {
+        p2.cancel("Cancelled.");
+        process.exit(0);
+      }
+      selectedKeys = new Set(selected);
+    }
+    fileSelections.push({ content: file.content, groups, path: file.path, selectedKeys });
+  }
+  const filesToWrite = [];
+  for (const { groups, path, selectedKeys } of fileSelections) {
+    const selectedGroups = groups.map((g) => ({
+      comment: g.comment,
+      vars: g.vars.filter((v) => selectedKeys.has(v.key))
+    })).filter((g) => g.vars.length > 0);
+    if (selectedGroups.length === 0) continue;
+    const fullPath = join2(root, path);
+    let content;
+    if (!options.overwrite && existsSync2(fullPath)) {
+      const existing = readFileSync2(fullPath, "utf-8");
+      content = mergeEnvContent(existing, selectedGroups);
+    } else {
+      content = serializeEnvGroups(selectedGroups);
+    }
+    filesToWrite.push({ content, path });
+  }
+  if (filesToWrite.length === 0) {
+    p2.outro("No vars selected \u2014 nothing to write.");
+    return;
+  }
+  if (options.stdout) {
+    for (const f of filesToWrite) {
+      console.log(`# ${f.path}`);
+      console.log(f.content);
+    }
+    p2.outro("Done.");
+    return;
+  }
+  if (options.dryRun) {
+    for (const f of filesToWrite) {
+      const fullPath = join2(root, f.path);
+      const exists = existsSync2(fullPath);
+      const icon = exists ? options.overwrite ? "\u26A0 overwrite" : "\u26A0 merge" : "\u2190 new";
+      p2.log.info(`${f.path}  ${icon}`);
+    }
+    p2.outro("Dry run \u2014 no files written.");
+    return;
+  }
+  for (const f of filesToWrite) {
+    const fullPath = join2(root, f.path);
+    const exists = existsSync2(fullPath);
+    const icon = exists ? options.overwrite ? "\u26A0 overwrite" : "\u26A0 merge" : "\u2190 new";
+    p2.log.info(`${f.path}  ${icon}`);
+  }
+  if (!options.force) {
+    const confirm3 = await p2.confirm({ message: "Proceed?" });
+    if (p2.isCancel(confirm3) || !confirm3) {
+      p2.cancel("Cancelled.");
+      process.exit(0);
+    }
+  }
+  for (const f of filesToWrite) {
+    const fullPath = join2(root, f.path);
+    const dir = dirname(fullPath);
+    if (!existsSync2(dir)) {
+      mkdirSync2(dir, { recursive: true });
+    }
+    writeFileSync2(fullPath, f.content);
+  }
+  p2.outro(`Wrote ${filesToWrite.length} file(s).`);
+}
+
+// src/commands/share.ts
+import * as p3 from "@clack/prompts";
+import { DEFAULT_MAX_DOWNLOADS, DEFAULT_TTL } from "@env2/types";
+import { readFileSync as readFileSync4 } from "fs";
+import { join as join4, resolve as resolve2 } from "path";
+
+// src/lib/scanner.ts
+import { existsSync as existsSync3, readdirSync, readFileSync as readFileSync3 } from "fs";
+import { join as join3, relative } from "path";
+function scanEnvFiles(root) {
+  const gitignorePatterns = loadGitignore(root);
+  const results = [];
+  function walk(dir) {
+    const entries = readdirSync(dir, { withFileTypes: true });
+    for (const entry of entries) {
+      const fullPath = join3(dir, entry.name);
+      const relPath = relative(root, fullPath);
+      if (entry.name === "node_modules" || entry.name === ".git" || entry.name === ".turbo") {
+        continue;
+      }
+      if (isGitignored(relPath, gitignorePatterns)) {
+        continue;
+      }
+      if (entry.isDirectory()) {
+        walk(fullPath);
+      } else if (isEnvFile(entry.name)) {
+        const content = readFileSync3(fullPath, "utf-8");
+        const varCount = countVars(content);
+        results.push({ path: relPath, varCount });
+      }
+    }
+  }
+  walk(root);
+  return results.sort((a, b) => a.path.localeCompare(b.path));
+}
+function countVars(content) {
+  return content.split("\n").filter(
+    (line) => line.trim() && !line.trim().startsWith("#")
+  ).length;
+}
+function isEnvFile(name) {
+  return name === ".env" || name.startsWith(".env.") && name !== ".env.example";
+}
+function isGitignored(relPath, patterns) {
+  for (const pattern of patterns) {
+    const clean = pattern.replace(/\/$/, "");
+    if (relPath === clean || relPath.startsWith(clean + "/")) {
+      return true;
+    }
+  }
+  return false;
+}
+function loadGitignore(root) {
+  const gitignorePath = join3(root, ".gitignore");
+  if (!existsSync3(gitignorePath)) return [];
+  return readFileSync3(gitignorePath, "utf-8").split("\n").map((l) => l.trim()).filter((l) => l && !l.startsWith("#"));
+}
+
+// src/commands/share.ts
+async function share(options) {
+  const root = resolve2(options.root || ".");
+  const host = options.host || getConfig().host;
+  p3.intro("env2 share");
+  const files = scanEnvFiles(root);
+  if (files.length === 0) {
+    p3.log.warn("No .env files found.");
+    p3.outro("Nothing to share.");
+    return;
+  }
+  let selectedPaths;
+  if (options.noInteractive) {
+    selectedPaths = files.map((f) => f.path);
+  } else {
+    const selected = await p3.multiselect({
+      initialValues: files.map((f) => f.path),
+      message: "Select files to share",
+      options: files.map((f) => ({
+        hint: `${f.varCount} vars`,
+        label: f.path,
+        value: f.path
+      }))
+    });
+    if (p3.isCancel(selected)) {
+      p3.cancel("Cancelled.");
+      process.exit(0);
+    }
+    selectedPaths = selected;
+  }
+  if (selectedPaths.length === 0) {
+    p3.log.warn("No files selected.");
+    p3.outro("Nothing to share.");
+    return;
+  }
+  const manifestFiles = [];
+  for (const path of selectedPaths) {
+    const raw = readFileSync4(join4(root, path), "utf-8");
+    const groups = parseEnvContent(raw);
+    const allKeys = groups.flatMap((g) => g.vars.map((v) => v.key));
+    if (options.noInteractive || allKeys.length === 0) {
+      manifestFiles.push({ content: raw, path });
+      continue;
+    }
+    const selectOptions = groups.flatMap(
+      (g) => g.vars.map((v) => ({
+        hint: g.comment?.replace(/^#\s*/, "") ?? void 0,
+        label: v.key,
+        value: v.key
+      }))
+    );
+    const selected = await p3.multiselect({
+      initialValues: allKeys,
+      message: `${path} (${allKeys.length} vars)`,
+      options: selectOptions
+    });
+    if (p3.isCancel(selected)) {
+      p3.cancel("Cancelled.");
+      process.exit(0);
+    }
+    const selectedSet = new Set(selected);
+    const filteredGroups = groups.map((g) => ({
+      comment: g.comment,
+      vars: g.vars.filter((v) => selectedSet.has(v.key))
+    })).filter((g) => g.vars.length > 0);
+    if (filteredGroups.length > 0) {
+      manifestFiles.push({ content: serializeEnvGroups(filteredGroups), path });
+    }
+  }
+  if (manifestFiles.length === 0) {
+    p3.log.warn("No vars selected.");
+    p3.outro("Nothing to share.");
+    return;
+  }
+  const manifest = {
+    files: manifestFiles,
+    version: 1
+  };
+  const s = p3.spinner();
+  s.start("Encrypting and uploading...");
+  const { ciphertext, key } = encryptManifest(JSON.stringify(manifest));
+  const ttl = parseTtl(options.ttl);
+  const maxDownloads = Number(options.downloads) || DEFAULT_MAX_DOWNLOADS;
+  const res = await fetch(`${host}/s`, {
+    body: JSON.stringify({ ciphertext, maxDownloads, ttl }),
+    headers: { "Content-Type": "application/json" },
+    method: "POST"
+  });
+  if (!res.ok) {
+    s.stop("Upload failed.");
+    p3.log.error(`Server error: ${res.status} ${await res.text()}`);
+    process.exit(1);
+  }
+  const { id } = await res.json();
+  s.stop("Done!");
+  const ttlMin = Math.round(ttl / 60);
+  const shareUrl = `${host}/s/${id}#${key}`;
+  p3.log.success(`Encrypted ${selectedPaths.length} file(s) \u2014 expires ${ttlMin}min, ${maxDownloads} download(s)`);
+  p3.log.message(shareUrl);
+  const copy = await p3.confirm({ message: "Copy URL to clipboard?" });
+  if (!p3.isCancel(copy) && copy) {
+    try {
+      const { default: clipboardy } = await import("clipboardy");
+      await clipboardy.write(shareUrl);
+      p3.outro("Copied! Share it with your teammate.");
+    } catch {
+      p3.outro("Could not copy \u2014 share the URL above.");
+    }
+  } else {
+    p3.outro("Share this URL with your teammate.");
+  }
+}
+function parseTtl(ttl) {
+  const match = ttl.match(/^(\d+)(s|m|h)$/);
+  if (!match) return DEFAULT_TTL;
+  const [, value, unit] = match;
+  const multiplier = { h: 3600, m: 60, s: 1 }[unit];
+  return Number(value) * multiplier;
+}
+
+// src/index.ts
+var program = new Command();
+program.name("env2").description("Ephemeral encrypted .env sharing").version("0.0.0");
+program.command("share").description("Encrypt and share .env files").option("--ttl <duration>", "Expiry duration (e.g. 5m, 15m, 1h)", "15m").option("--downloads <count>", "Max downloads", "1").option("--root <path>", "Working directory").option("--host <url>", "Custom server URL").option("--no-interactive", "Skip interactive picker").action(share);
+program.command("receive <url>").description("Fetch and decrypt shared .env files").option("--root <path>", "Write files relative to this directory").option("--dry-run", "Preview without writing files").option("--force", "Skip overwrite confirmation").option("--overwrite", "Replace existing files instead of merging").option("--no-interactive", "Accept all vars without picker").option("--stdout", "Print to stdout instead of writing files").action(receive);
+var config = program.command("config").description("Manage CLI configuration");
+config.command("get <key>").description("Get a config value").action(configGet);
+config.command("set <key> <value>").description("Set a config value").action(configSet);
+config.command("reset").description("Reset config to defaults").action(configReset);
+program.parse();

package/package.json

@@ -0,0 +1,35 @@
+{
+  "name": "@griv/env2",
+  "version": "0.0.1",
+  "description": "Ephemeral encrypted .env sharing",
+  "type": "module",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/lucaschrng/env2"
+  },
+  "bin": {
+    "env2": "./dist/index.js"
+  },
+  "files": [
+    "dist"
+  ],
+  "dependencies": {
+    "@clack/prompts": "^0.10",
+    "clipboardy": "^5.3.1",
+    "commander": "^13",
+    "@env2/types": "0.0.0",
+    "@env2/crypto": "0.0.0"
+  },
+  "devDependencies": {
+    "@types/node": "^22",
+    "tsup": "^8.5.1",
+    "typescript": "^5"
+  },
+  "scripts": {
+    "build": "tsup src/index.ts --format esm --dts --clean",
+    "lint": "eslint .",
+    "lint:fix": "eslint . --fix",
+    "typecheck": "tsc --noEmit"
+  }
+}