@i4ctime/q-ring 0.2.8 → 0.3.0

package/dist/index.js

@@ -1,585 +1,26 @@
 #!/usr/bin/env node
+import {
+  checkDecay,
+  collapseEnvironment,
+  deleteSecret,
+  detectAnomalies,
+  entangleSecrets,
+  exportSecrets,
+  getEnvelope,
+  getSecret,
+  listSecrets,
+  logAudit,
+  queryAudit,
+  setSecret,
+  tunnelCreate,
+  tunnelDestroy,
+  tunnelList,
+  tunnelRead
+} from "./chunk-WQPJ2FTM.js";
 
 // src/cli/commands.ts
 import { Command } from "commander";
 
-// src/core/keyring.ts
-import { Entry, findCredentials } from "@napi-rs/keyring";
-
-// src/utils/hash.ts
-import { createHash } from "crypto";
-function hashProjectPath(projectPath) {
-  return createHash("sha256").update(projectPath).digest("hex").slice(0, 12);
-}
-
-// src/core/scope.ts
-var SERVICE_PREFIX = "q-ring";
-function globalService() {
-  return `${SERVICE_PREFIX}:global`;
-}
-function projectService(projectPath) {
-  const hash = hashProjectPath(projectPath);
-  return `${SERVICE_PREFIX}:project:${hash}`;
-}
-function resolveScope(opts) {
-  const { scope, projectPath } = opts;
-  if (scope === "global") {
-    return [{ scope: "global", service: globalService() }];
-  }
-  if (scope === "project") {
-    if (!projectPath) {
-      throw new Error("Project path is required for project scope");
-    }
-    return [
-      { scope: "project", service: projectService(projectPath), projectPath }
-    ];
-  }
-  if (projectPath) {
-    return [
-      { scope: "project", service: projectService(projectPath), projectPath },
-      { scope: "global", service: globalService() }
-    ];
-  }
-  return [{ scope: "global", service: globalService() }];
-}
-
-// src/core/envelope.ts
-function createEnvelope(value, opts) {
-  const now = (/* @__PURE__ */ new Date()).toISOString();
-  let expiresAt = opts?.expiresAt;
-  if (!expiresAt && opts?.ttlSeconds) {
-    expiresAt = new Date(Date.now() + opts.ttlSeconds * 1e3).toISOString();
-  }
-  return {
-    v: 1,
-    value: opts?.states ? void 0 : value,
-    states: opts?.states,
-    defaultEnv: opts?.defaultEnv,
-    meta: {
-      createdAt: now,
-      updatedAt: now,
-      expiresAt,
-      ttlSeconds: opts?.ttlSeconds,
-      description: opts?.description,
-      tags: opts?.tags,
-      entangled: opts?.entangled,
-      accessCount: 0
-    }
-  };
-}
-function parseEnvelope(raw) {
-  try {
-    const parsed = JSON.parse(raw);
-    if (parsed && typeof parsed === "object" && parsed.v === 1) {
-      return parsed;
-    }
-  } catch {
-  }
-  return null;
-}
-function wrapLegacy(rawValue) {
-  const now = (/* @__PURE__ */ new Date()).toISOString();
-  return {
-    v: 1,
-    value: rawValue,
-    meta: {
-      createdAt: now,
-      updatedAt: now,
-      accessCount: 0
-    }
-  };
-}
-function serializeEnvelope(envelope) {
-  return JSON.stringify(envelope);
-}
-function collapseValue(envelope, env) {
-  if (envelope.states) {
-    const targetEnv = env ?? envelope.defaultEnv;
-    if (targetEnv && envelope.states[targetEnv]) {
-      return envelope.states[targetEnv];
-    }
-    if (envelope.defaultEnv && envelope.states[envelope.defaultEnv]) {
-      return envelope.states[envelope.defaultEnv];
-    }
-    const keys = Object.keys(envelope.states);
-    if (keys.length > 0) {
-      return envelope.states[keys[0]];
-    }
-    return null;
-  }
-  return envelope.value ?? null;
-}
-function checkDecay(envelope) {
-  if (!envelope.meta.expiresAt) {
-    return {
-      isExpired: false,
-      isStale: false,
-      lifetimePercent: 0,
-      secondsRemaining: null,
-      timeRemaining: null
-    };
-  }
-  const now = Date.now();
-  const expires = new Date(envelope.meta.expiresAt).getTime();
-  const created = new Date(envelope.meta.createdAt).getTime();
-  const totalLifetime = expires - created;
-  const elapsed = now - created;
-  const remaining = expires - now;
-  const lifetimePercent = totalLifetime > 0 ? Math.round(elapsed / totalLifetime * 100) : 100;
-  const secondsRemaining = Math.floor(remaining / 1e3);
-  let timeRemaining = null;
-  if (remaining > 0) {
-    const days = Math.floor(remaining / 864e5);
-    const hours = Math.floor(remaining % 864e5 / 36e5);
-    const minutes = Math.floor(remaining % 36e5 / 6e4);
-    if (days > 0) timeRemaining = `${days}d ${hours}h`;
-    else if (hours > 0) timeRemaining = `${hours}h ${minutes}m`;
-    else timeRemaining = `${minutes}m`;
-  } else {
-    timeRemaining = "expired";
-  }
-  return {
-    isExpired: remaining <= 0,
-    isStale: lifetimePercent >= 75,
-    lifetimePercent,
-    secondsRemaining,
-    timeRemaining
-  };
-}
-function recordAccess(envelope) {
-  return {
-    ...envelope,
-    meta: {
-      ...envelope.meta,
-      accessCount: envelope.meta.accessCount + 1,
-      lastAccessedAt: (/* @__PURE__ */ new Date()).toISOString()
-    }
-  };
-}
-
-// src/core/collapse.ts
-import { execSync } from "child_process";
-import { existsSync, readFileSync } from "fs";
-import { join } from "path";
-var BRANCH_ENV_MAP = {
-  main: "prod",
-  master: "prod",
-  production: "prod",
-  develop: "dev",
-  development: "dev",
-  dev: "dev",
-  staging: "staging",
-  stage: "staging",
-  test: "test",
-  testing: "test"
-};
-function detectGitBranch(cwd) {
-  try {
-    const branch = execSync("git rev-parse --abbrev-ref HEAD", {
-      cwd: cwd ?? process.cwd(),
-      stdio: ["pipe", "pipe", "pipe"],
-      encoding: "utf8",
-      timeout: 3e3
-    }).trim();
-    return branch || null;
-  } catch {
-    return null;
-  }
-}
-function readProjectConfig(projectPath) {
-  const configPath = join(projectPath ?? process.cwd(), ".q-ring.json");
-  try {
-    if (existsSync(configPath)) {
-      return JSON.parse(readFileSync(configPath, "utf8"));
-    }
-  } catch {
-  }
-  return null;
-}
-function collapseEnvironment(ctx = {}) {
-  if (ctx.explicit) {
-    return { env: ctx.explicit, source: "explicit" };
-  }
-  const qringEnv = process.env.QRING_ENV;
-  if (qringEnv) {
-    return { env: qringEnv, source: "QRING_ENV" };
-  }
-  const nodeEnv = process.env.NODE_ENV;
-  if (nodeEnv) {
-    const mapped = mapEnvName(nodeEnv);
-    return { env: mapped, source: "NODE_ENV" };
-  }
-  const config = readProjectConfig(ctx.projectPath);
-  if (config?.env) {
-    return { env: config.env, source: "project-config" };
-  }
-  const branch = detectGitBranch(ctx.projectPath);
-  if (branch) {
-    const branchMap = { ...BRANCH_ENV_MAP, ...config?.branchMap };
-    const mapped = branchMap[branch];
-    if (mapped) {
-      return { env: mapped, source: "git-branch" };
-    }
-  }
-  if (config?.defaultEnv) {
-    return { env: config.defaultEnv, source: "project-config" };
-  }
-  return null;
-}
-function mapEnvName(raw) {
-  const lower = raw.toLowerCase();
-  if (lower === "production") return "prod";
-  if (lower === "development") return "dev";
-  return lower;
-}
-
-// src/core/observer.ts
-import { existsSync as existsSync2, mkdirSync, appendFileSync, readFileSync as readFileSync2 } from "fs";
-import { join as join2 } from "path";
-import { homedir } from "os";
-function getAuditDir() {
-  const dir = join2(homedir(), ".config", "q-ring");
-  if (!existsSync2(dir)) {
-    mkdirSync(dir, { recursive: true });
-  }
-  return dir;
-}
-function getAuditPath() {
-  return join2(getAuditDir(), "audit.jsonl");
-}
-function logAudit(event) {
-  const full = {
-    ...event,
-    timestamp: (/* @__PURE__ */ new Date()).toISOString(),
-    pid: process.pid
-  };
-  try {
-    appendFileSync(getAuditPath(), JSON.stringify(full) + "\n");
-  } catch {
-  }
-}
-function queryAudit(query = {}) {
-  const path = getAuditPath();
-  if (!existsSync2(path)) return [];
-  try {
-    const lines = readFileSync2(path, "utf8").split("\n").filter((l) => l.trim());
-    let events = lines.map((line) => {
-      try {
-        return JSON.parse(line);
-      } catch {
-        return null;
-      }
-    }).filter((e) => e !== null);
-    if (query.key) {
-      events = events.filter((e) => e.key === query.key);
-    }
-    if (query.action) {
-      events = events.filter((e) => e.action === query.action);
-    }
-    if (query.since) {
-      const since = new Date(query.since).getTime();
-      events = events.filter(
-        (e) => new Date(e.timestamp).getTime() >= since
-      );
-    }
-    events.sort(
-      (a, b) => new Date(b.timestamp).getTime() - new Date(a.timestamp).getTime()
-    );
-    if (query.limit) {
-      events = events.slice(0, query.limit);
-    }
-    return events;
-  } catch {
-    return [];
-  }
-}
-function detectAnomalies(key) {
-  const recent = queryAudit({
-    key,
-    action: "read",
-    since: new Date(Date.now() - 36e5).toISOString()
-    // last hour
-  });
-  const anomalies = [];
-  if (key && recent.length > 50) {
-    anomalies.push({
-      type: "burst",
-      description: `${recent.length} reads of "${key}" in the last hour`,
-      events: recent.slice(0, 10)
-    });
-  }
-  const nightAccess = recent.filter((e) => {
-    const hour = new Date(e.timestamp).getHours();
-    return hour >= 1 && hour < 5;
-  });
-  if (nightAccess.length > 0) {
-    anomalies.push({
-      type: "unusual-hour",
-      description: `${nightAccess.length} access(es) during unusual hours (1am-5am)`,
-      events: nightAccess
-    });
-  }
-  return anomalies;
-}
-
-// src/core/entanglement.ts
-import { existsSync as existsSync3, readFileSync as readFileSync3, writeFileSync, mkdirSync as mkdirSync2 } from "fs";
-import { join as join3 } from "path";
-import { homedir as homedir2 } from "os";
-function getRegistryPath() {
-  const dir = join3(homedir2(), ".config", "q-ring");
-  if (!existsSync3(dir)) {
-    mkdirSync2(dir, { recursive: true });
-  }
-  return join3(dir, "entanglement.json");
-}
-function loadRegistry() {
-  const path = getRegistryPath();
-  if (!existsSync3(path)) {
-    return { pairs: [] };
-  }
-  try {
-    return JSON.parse(readFileSync3(path, "utf8"));
-  } catch {
-    return { pairs: [] };
-  }
-}
-function saveRegistry(registry) {
-  writeFileSync(getRegistryPath(), JSON.stringify(registry, null, 2));
-}
-function entangle(source, target) {
-  const registry = loadRegistry();
-  const exists = registry.pairs.some(
-    (p) => p.source.service === source.service && p.source.key === source.key && p.target.service === target.service && p.target.key === target.key
-  );
-  if (!exists) {
-    registry.pairs.push({
-      source,
-      target,
-      createdAt: (/* @__PURE__ */ new Date()).toISOString()
-    });
-    registry.pairs.push({
-      source: target,
-      target: source,
-      createdAt: (/* @__PURE__ */ new Date()).toISOString()
-    });
-    saveRegistry(registry);
-  }
-}
-function findEntangled(source) {
-  const registry = loadRegistry();
-  return registry.pairs.filter(
-    (p) => p.source.service === source.service && p.source.key === source.key
-  ).map((p) => p.target);
-}
-
-// src/core/keyring.ts
-function readEnvelope(service, key) {
-  const entry = new Entry(service, key);
-  const raw = entry.getPassword();
-  if (raw === null) return null;
-  const envelope = parseEnvelope(raw);
-  return envelope ?? wrapLegacy(raw);
-}
-function writeEnvelope(service, key, envelope) {
-  const entry = new Entry(service, key);
-  entry.setPassword(serializeEnvelope(envelope));
-}
-function resolveEnv(opts) {
-  if (opts.env) return opts.env;
-  const result = collapseEnvironment({ projectPath: opts.projectPath });
-  return result?.env;
-}
-function getSecret(key, opts = {}) {
-  const scopes = resolveScope(opts);
-  const env = resolveEnv(opts);
-  const source = opts.source ?? "cli";
-  for (const { service, scope } of scopes) {
-    const envelope = readEnvelope(service, key);
-    if (!envelope) continue;
-    const decay = checkDecay(envelope);
-    if (decay.isExpired) {
-      logAudit({
-        action: "read",
-        key,
-        scope,
-        source,
-        detail: "blocked: secret expired (quantum decay)"
-      });
-      continue;
-    }
-    const value = collapseValue(envelope, env);
-    if (value === null) continue;
-    const updated = recordAccess(envelope);
-    writeEnvelope(service, key, updated);
-    logAudit({ action: "read", key, scope, env, source });
-    return value;
-  }
-  return null;
-}
-function getEnvelope(key, opts = {}) {
-  const scopes = resolveScope(opts);
-  for (const { service, scope } of scopes) {
-    const envelope = readEnvelope(service, key);
-    if (envelope) return { envelope, scope };
-  }
-  return null;
-}
-function setSecret(key, value, opts = {}) {
-  const scope = opts.scope ?? "global";
-  const scopes = resolveScope({ ...opts, scope });
-  const { service } = scopes[0];
-  const source = opts.source ?? "cli";
-  const existing = readEnvelope(service, key);
-  let envelope;
-  if (opts.states) {
-    envelope = createEnvelope("", {
-      states: opts.states,
-      defaultEnv: opts.defaultEnv,
-      description: opts.description,
-      tags: opts.tags,
-      ttlSeconds: opts.ttlSeconds,
-      expiresAt: opts.expiresAt,
-      entangled: existing?.meta.entangled
-    });
-  } else {
-    envelope = createEnvelope(value, {
-      description: opts.description,
-      tags: opts.tags,
-      ttlSeconds: opts.ttlSeconds,
-      expiresAt: opts.expiresAt,
-      entangled: existing?.meta.entangled
-    });
-  }
-  if (existing) {
-    envelope.meta.createdAt = existing.meta.createdAt;
-    envelope.meta.accessCount = existing.meta.accessCount;
-  }
-  writeEnvelope(service, key, envelope);
-  logAudit({ action: "write", key, scope, source });
-  const entangled = findEntangled({ service, key });
-  for (const target of entangled) {
-    try {
-      const targetEnvelope = readEnvelope(target.service, target.key);
-      if (targetEnvelope) {
-        if (opts.states) {
-          targetEnvelope.states = opts.states;
-        } else {
-          targetEnvelope.value = value;
-        }
-        targetEnvelope.meta.updatedAt = (/* @__PURE__ */ new Date()).toISOString();
-        writeEnvelope(target.service, target.key, targetEnvelope);
-        logAudit({
-          action: "entangle",
-          key: target.key,
-          scope: "global",
-          source,
-          detail: `propagated from ${key}`
-        });
-      }
-    } catch {
-    }
-  }
-}
-function deleteSecret(key, opts = {}) {
-  const scopes = resolveScope(opts);
-  const source = opts.source ?? "cli";
-  let deleted = false;
-  for (const { service, scope } of scopes) {
-    const entry = new Entry(service, key);
-    try {
-      if (entry.deleteCredential()) {
-        deleted = true;
-        logAudit({ action: "delete", key, scope, source });
-      }
-    } catch {
-    }
-  }
-  return deleted;
-}
-function listSecrets(opts = {}) {
-  const source = opts.source ?? "cli";
-  const services = [];
-  if (!opts.scope || opts.scope === "global") {
-    services.push({ service: globalService(), scope: "global" });
-  }
-  if ((!opts.scope || opts.scope === "project") && opts.projectPath) {
-    services.push({
-      service: projectService(opts.projectPath),
-      scope: "project"
-    });
-  }
-  const results = [];
-  const seen = /* @__PURE__ */ new Set();
-  for (const { service, scope } of services) {
-    try {
-      const credentials = findCredentials(service);
-      for (const cred of credentials) {
-        const id = `${scope}:${cred.account}`;
-        if (seen.has(id)) continue;
-        seen.add(id);
-        const envelope = parseEnvelope(cred.password) ?? wrapLegacy(cred.password);
-        const decay = checkDecay(envelope);
-        results.push({
-          key: cred.account,
-          scope,
-          envelope,
-          decay
-        });
-      }
-    } catch {
-    }
-  }
-  logAudit({ action: "list", source });
-  return results.sort((a, b) => a.key.localeCompare(b.key));
-}
-function exportSecrets(opts = {}) {
-  const format = opts.format ?? "env";
-  const env = resolveEnv(opts);
-  const entries = listSecrets(opts);
-  const source = opts.source ?? "cli";
-  const merged = /* @__PURE__ */ new Map();
-  const globalEntries = entries.filter((e) => e.scope === "global");
-  const projectEntries = entries.filter((e) => e.scope === "project");
-  for (const entry of [...globalEntries, ...projectEntries]) {
-    if (entry.envelope) {
-      const decay = checkDecay(entry.envelope);
-      if (decay.isExpired) continue;
-      const value = collapseValue(entry.envelope, env);
-      if (value !== null) {
-        merged.set(entry.key, value);
-      }
-    }
-  }
-  logAudit({ action: "export", source, detail: `format=${format}` });
-  if (format === "json") {
-    const obj = {};
-    for (const [key, value] of merged) {
-      obj[key] = value;
-    }
-    return JSON.stringify(obj, null, 2);
-  }
-  const lines = [];
-  for (const [key, value] of merged) {
-    const escaped = value.replace(/\\/g, "\\\\").replace(/"/g, '\\"').replace(/\n/g, "\\n");
-    lines.push(`${key}="${escaped}"`);
-  }
-  return lines.join("\n");
-}
-function entangleSecrets(sourceKey, sourceOpts, targetKey, targetOpts) {
-  const sourceScopes = resolveScope({ ...sourceOpts, scope: sourceOpts.scope ?? "global" });
-  const targetScopes = resolveScope({ ...targetOpts, scope: targetOpts.scope ?? "global" });
-  const source = { service: sourceScopes[0].service, key: sourceKey };
-  const target = { service: targetScopes[0].service, key: targetKey };
-  entangle(source, target);
-  logAudit({
-    action: "entangle",
-    key: sourceKey,
-    source: sourceOpts.source ?? "cli",
-    detail: `entangled with ${targetKey}`
-  });
-}
-
 // src/core/noise.ts
 import { randomBytes, randomInt } from "crypto";
 var ALPHA_NUM = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
@@ -851,77 +292,6 @@ ${c.dim("q-ring agent stopped")}`);
   });
 }
 
-// src/core/tunnel.ts
-var tunnelStore = /* @__PURE__ */ new Map();
-var cleanupInterval = null;
-function ensureCleanup() {
-  if (cleanupInterval) return;
-  cleanupInterval = setInterval(() => {
-    const now = Date.now();
-    for (const [id, entry] of tunnelStore) {
-      if (entry.expiresAt && now >= entry.expiresAt) {
-        tunnelStore.delete(id);
-      }
-    }
-    if (tunnelStore.size === 0 && cleanupInterval) {
-      clearInterval(cleanupInterval);
-      cleanupInterval = null;
-    }
-  }, 5e3);
-  if (cleanupInterval && typeof cleanupInterval === "object" && "unref" in cleanupInterval) {
-    cleanupInterval.unref();
-  }
-}
-function tunnelCreate(value, opts = {}) {
-  const id = `tun_${Date.now().toString(36)}_${Math.random().toString(36).slice(2, 8)}`;
-  const now = Date.now();
-  tunnelStore.set(id, {
-    value,
-    createdAt: now,
-    expiresAt: opts.ttlSeconds ? now + opts.ttlSeconds * 1e3 : void 0,
-    accessCount: 0,
-    maxReads: opts.maxReads
-  });
-  ensureCleanup();
-  return id;
-}
-function tunnelRead(id) {
-  const entry = tunnelStore.get(id);
-  if (!entry) return null;
-  if (entry.expiresAt && Date.now() >= entry.expiresAt) {
-    tunnelStore.delete(id);
-    return null;
-  }
-  entry.accessCount++;
-  if (entry.maxReads && entry.accessCount >= entry.maxReads) {
-    const value = entry.value;
-    tunnelStore.delete(id);
-    return value;
-  }
-  return entry.value;
-}
-function tunnelDestroy(id) {
-  return tunnelStore.delete(id);
-}
-function tunnelList() {
-  const now = Date.now();
-  const result = [];
-  for (const [id, entry] of tunnelStore) {
-    if (entry.expiresAt && now >= entry.expiresAt) {
-      tunnelStore.delete(id);
-      continue;
-    }
-    result.push({
-      id,
-      createdAt: entry.createdAt,
-      expiresAt: entry.expiresAt,
-      accessCount: entry.accessCount,
-      maxReads: entry.maxReads
-    });
-  }
-  return result;
-}
-
 // src/core/teleport.ts
 import {
   randomBytes as randomBytes2,
@@ -1493,6 +863,36 @@ ${SYMBOLS.warning} ${c.bold(c.yellow(`${anomalies.length} anomaly/anomalies dete
     }
     console.log();
   });
+  program2.command("status").description("Launch the quantum status dashboard in your browser").option("--port <port>", "Port to serve on", "9876").option("--no-open", "Don't auto-open the browser").action(async (cmd) => {
+    const { startDashboardServer } = await import("./dashboard-JTALLJM6.js");
+    const { exec } = await import("child_process");
+    const { platform } = await import("os");
+    const port = Number(cmd.port);
+    const { close } = startDashboardServer({ port });
+    const url = `http://127.0.0.1:${port}`;
+    console.log(
+      `
+  ${SYMBOLS.zap} ${c.bold("q-ring quantum status dashboard")}
+`
+    );
+    console.log(`  ${c.cyan(url)}
+`);
+    console.log(c.dim("  Press Ctrl+C to stop\n"));
+    if (cmd.open !== false) {
+      const openCmd = platform() === "darwin" ? "open" : platform() === "win32" ? "start" : "xdg-open";
+      exec(`${openCmd} ${url}`);
+    }
+    const shutdown = () => {
+      console.log(`
+${c.dim("  dashboard stopped")}`);
+      close();
+      process.exit(0);
+    };
+    process.on("SIGINT", shutdown);
+    process.on("SIGTERM", shutdown);
+    await new Promise(() => {
+    });
+  });
   program2.command("agent").description("Start the autonomous agent (background monitor)").option(
     "-i, --interval <seconds>",
     "Scan interval in seconds",