@i4ctime/q-ring 0.2.9 → 0.3.1

package/README.md

@@ -185,6 +185,23 @@ qring agent --auto-rotate
 qring agent --once
 ```
 
+### Quantum Status Dashboard — Live Monitoring
+
+Launch a real-time dashboard in your browser that visualizes every quantum subsystem at a glance: health summary, decay timers, superposition states, entanglement pairs, active tunnels, anomaly alerts, audit log, and environment detection.
+
+The dashboard is a self-contained HTML page served locally. Data streams in via Server-Sent Events and updates every 5 seconds — no dependencies, no cloud, no config.
+
+```bash
+# Open the dashboard (auto-launches your browser)
+qring status
+
+# Specify a custom port
+qring status --port 4200
+
+# Don't auto-open the browser
+qring status --no-open
+```
+
 ## MCP Server
 
 q-ring includes a full MCP server with 20 tools for AI agent integration.
@@ -305,7 +322,8 @@ MCP Server ────┘       │
                        ├── Entanglement (cross-secret linking)
                        ├── Tunnel (ephemeral in-memory)
                        ├── Teleport (encrypted sharing)
-                       └── Agent (autonomous monitor)
+                       ├── Agent (autonomous monitor)
+                       └── Dashboard (live status via SSE)
 ```
 
 ## Project Config (`.q-ring.json`)

package/dist/chunk-3WTTWJYU.js

@@ -0,0 +1,653 @@
+#!/usr/bin/env node
+
+// src/core/envelope.ts
+function createEnvelope(value, opts) {
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  let expiresAt = opts?.expiresAt;
+  if (!expiresAt && opts?.ttlSeconds) {
+    expiresAt = new Date(Date.now() + opts.ttlSeconds * 1e3).toISOString();
+  }
+  return {
+    v: 1,
+    value: opts?.states ? void 0 : value,
+    states: opts?.states,
+    defaultEnv: opts?.defaultEnv,
+    meta: {
+      createdAt: now,
+      updatedAt: now,
+      expiresAt,
+      ttlSeconds: opts?.ttlSeconds,
+      description: opts?.description,
+      tags: opts?.tags,
+      entangled: opts?.entangled,
+      accessCount: 0
+    }
+  };
+}
+function parseEnvelope(raw) {
+  try {
+    const parsed = JSON.parse(raw);
+    if (parsed && typeof parsed === "object" && parsed.v === 1) {
+      return parsed;
+    }
+  } catch {
+  }
+  return null;
+}
+function wrapLegacy(rawValue) {
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  return {
+    v: 1,
+    value: rawValue,
+    meta: {
+      createdAt: now,
+      updatedAt: now,
+      accessCount: 0
+    }
+  };
+}
+function serializeEnvelope(envelope) {
+  return JSON.stringify(envelope);
+}
+function collapseValue(envelope, env) {
+  if (envelope.states) {
+    const targetEnv = env ?? envelope.defaultEnv;
+    if (targetEnv && envelope.states[targetEnv]) {
+      return envelope.states[targetEnv];
+    }
+    if (envelope.defaultEnv && envelope.states[envelope.defaultEnv]) {
+      return envelope.states[envelope.defaultEnv];
+    }
+    const keys = Object.keys(envelope.states);
+    if (keys.length > 0) {
+      return envelope.states[keys[0]];
+    }
+    return null;
+  }
+  return envelope.value ?? null;
+}
+function checkDecay(envelope) {
+  if (!envelope.meta.expiresAt) {
+    return {
+      isExpired: false,
+      isStale: false,
+      lifetimePercent: 0,
+      secondsRemaining: null,
+      timeRemaining: null
+    };
+  }
+  const now = Date.now();
+  const expires = new Date(envelope.meta.expiresAt).getTime();
+  const created = new Date(envelope.meta.createdAt).getTime();
+  const totalLifetime = expires - created;
+  const elapsed = now - created;
+  const remaining = expires - now;
+  const lifetimePercent = totalLifetime > 0 ? Math.round(elapsed / totalLifetime * 100) : 100;
+  const secondsRemaining = Math.floor(remaining / 1e3);
+  let timeRemaining = null;
+  if (remaining > 0) {
+    const days = Math.floor(remaining / 864e5);
+    const hours = Math.floor(remaining % 864e5 / 36e5);
+    const minutes = Math.floor(remaining % 36e5 / 6e4);
+    if (days > 0) timeRemaining = `${days}d ${hours}h`;
+    else if (hours > 0) timeRemaining = `${hours}h ${minutes}m`;
+    else timeRemaining = `${minutes}m`;
+  } else {
+    timeRemaining = "expired";
+  }
+  return {
+    isExpired: remaining <= 0,
+    isStale: lifetimePercent >= 75,
+    lifetimePercent,
+    secondsRemaining,
+    timeRemaining
+  };
+}
+function recordAccess(envelope) {
+  return {
+    ...envelope,
+    meta: {
+      ...envelope.meta,
+      accessCount: envelope.meta.accessCount + 1,
+      lastAccessedAt: (/* @__PURE__ */ new Date()).toISOString()
+    }
+  };
+}
+
+// src/core/collapse.ts
+import { execSync } from "child_process";
+import { existsSync, readFileSync } from "fs";
+import { join } from "path";
+var BRANCH_ENV_MAP = {
+  main: "prod",
+  master: "prod",
+  production: "prod",
+  develop: "dev",
+  development: "dev",
+  dev: "dev",
+  staging: "staging",
+  stage: "staging",
+  test: "test",
+  testing: "test"
+};
+function detectGitBranch(cwd) {
+  try {
+    const branch = execSync("git rev-parse --abbrev-ref HEAD", {
+      cwd: cwd ?? process.cwd(),
+      stdio: ["pipe", "pipe", "pipe"],
+      encoding: "utf8",
+      timeout: 3e3
+    }).trim();
+    return branch || null;
+  } catch {
+    return null;
+  }
+}
+function readProjectConfig(projectPath) {
+  const configPath = join(projectPath ?? process.cwd(), ".q-ring.json");
+  try {
+    if (existsSync(configPath)) {
+      return JSON.parse(readFileSync(configPath, "utf8"));
+    }
+  } catch {
+  }
+  return null;
+}
+function collapseEnvironment(ctx = {}) {
+  if (ctx.explicit) {
+    return { env: ctx.explicit, source: "explicit" };
+  }
+  const qringEnv = process.env.QRING_ENV;
+  if (qringEnv) {
+    return { env: qringEnv, source: "QRING_ENV" };
+  }
+  const nodeEnv = process.env.NODE_ENV;
+  if (nodeEnv) {
+    const mapped = mapEnvName(nodeEnv);
+    return { env: mapped, source: "NODE_ENV" };
+  }
+  const config = readProjectConfig(ctx.projectPath);
+  if (config?.env) {
+    return { env: config.env, source: "project-config" };
+  }
+  const branch = detectGitBranch(ctx.projectPath);
+  if (branch) {
+    const branchMap = { ...BRANCH_ENV_MAP, ...config?.branchMap };
+    const mapped = branchMap[branch];
+    if (mapped) {
+      return { env: mapped, source: "git-branch" };
+    }
+  }
+  if (config?.defaultEnv) {
+    return { env: config.defaultEnv, source: "project-config" };
+  }
+  return null;
+}
+function mapEnvName(raw) {
+  const lower = raw.toLowerCase();
+  if (lower === "production") return "prod";
+  if (lower === "development") return "dev";
+  return lower;
+}
+
+// src/core/observer.ts
+import { existsSync as existsSync2, mkdirSync, appendFileSync, readFileSync as readFileSync2 } from "fs";
+import { join as join2 } from "path";
+import { homedir } from "os";
+function getAuditDir() {
+  const dir = join2(homedir(), ".config", "q-ring");
+  if (!existsSync2(dir)) {
+    mkdirSync(dir, { recursive: true });
+  }
+  return dir;
+}
+function getAuditPath() {
+  return join2(getAuditDir(), "audit.jsonl");
+}
+function logAudit(event) {
+  const full = {
+    ...event,
+    timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+    pid: process.pid
+  };
+  try {
+    appendFileSync(getAuditPath(), JSON.stringify(full) + "\n");
+  } catch {
+  }
+}
+function queryAudit(query = {}) {
+  const path = getAuditPath();
+  if (!existsSync2(path)) return [];
+  try {
+    const lines = readFileSync2(path, "utf8").split("\n").filter((l) => l.trim());
+    let events = lines.map((line) => {
+      try {
+        return JSON.parse(line);
+      } catch {
+        return null;
+      }
+    }).filter((e) => e !== null);
+    if (query.key) {
+      events = events.filter((e) => e.key === query.key);
+    }
+    if (query.action) {
+      events = events.filter((e) => e.action === query.action);
+    }
+    if (query.since) {
+      const since = new Date(query.since).getTime();
+      events = events.filter(
+        (e) => new Date(e.timestamp).getTime() >= since
+      );
+    }
+    events.sort(
+      (a, b) => new Date(b.timestamp).getTime() - new Date(a.timestamp).getTime()
+    );
+    if (query.limit) {
+      events = events.slice(0, query.limit);
+    }
+    return events;
+  } catch {
+    return [];
+  }
+}
+function detectAnomalies(key) {
+  const recent = queryAudit({
+    key,
+    action: "read",
+    since: new Date(Date.now() - 36e5).toISOString()
+    // last hour
+  });
+  const anomalies = [];
+  if (key && recent.length > 50) {
+    anomalies.push({
+      type: "burst",
+      description: `${recent.length} reads of "${key}" in the last hour`,
+      events: recent.slice(0, 10)
+    });
+  }
+  const nightAccess = recent.filter((e) => {
+    const hour = new Date(e.timestamp).getHours();
+    return hour >= 1 && hour < 5;
+  });
+  if (nightAccess.length > 0) {
+    anomalies.push({
+      type: "unusual-hour",
+      description: `${nightAccess.length} access(es) during unusual hours (1am-5am)`,
+      events: nightAccess
+    });
+  }
+  return anomalies;
+}
+
+// src/core/entanglement.ts
+import { existsSync as existsSync3, readFileSync as readFileSync3, writeFileSync, mkdirSync as mkdirSync2 } from "fs";
+import { join as join3 } from "path";
+import { homedir as homedir2 } from "os";
+function getRegistryPath() {
+  const dir = join3(homedir2(), ".config", "q-ring");
+  if (!existsSync3(dir)) {
+    mkdirSync2(dir, { recursive: true });
+  }
+  return join3(dir, "entanglement.json");
+}
+function loadRegistry() {
+  const path = getRegistryPath();
+  if (!existsSync3(path)) {
+    return { pairs: [] };
+  }
+  try {
+    return JSON.parse(readFileSync3(path, "utf8"));
+  } catch {
+    return { pairs: [] };
+  }
+}
+function saveRegistry(registry) {
+  writeFileSync(getRegistryPath(), JSON.stringify(registry, null, 2));
+}
+function entangle(source, target) {
+  const registry = loadRegistry();
+  const exists = registry.pairs.some(
+    (p) => p.source.service === source.service && p.source.key === source.key && p.target.service === target.service && p.target.key === target.key
+  );
+  if (!exists) {
+    registry.pairs.push({
+      source,
+      target,
+      createdAt: (/* @__PURE__ */ new Date()).toISOString()
+    });
+    registry.pairs.push({
+      source: target,
+      target: source,
+      createdAt: (/* @__PURE__ */ new Date()).toISOString()
+    });
+    saveRegistry(registry);
+  }
+}
+function findEntangled(source) {
+  const registry = loadRegistry();
+  return registry.pairs.filter(
+    (p) => p.source.service === source.service && p.source.key === source.key
+  ).map((p) => p.target);
+}
+function listEntanglements() {
+  return loadRegistry().pairs;
+}
+
+// src/core/keyring.ts
+import { Entry, findCredentials } from "@napi-rs/keyring";
+
+// src/utils/hash.ts
+import { createHash } from "crypto";
+function hashProjectPath(projectPath) {
+  return createHash("sha256").update(projectPath).digest("hex").slice(0, 12);
+}
+
+// src/core/scope.ts
+var SERVICE_PREFIX = "q-ring";
+function globalService() {
+  return `${SERVICE_PREFIX}:global`;
+}
+function projectService(projectPath) {
+  const hash = hashProjectPath(projectPath);
+  return `${SERVICE_PREFIX}:project:${hash}`;
+}
+function resolveScope(opts) {
+  const { scope, projectPath } = opts;
+  if (scope === "global") {
+    return [{ scope: "global", service: globalService() }];
+  }
+  if (scope === "project") {
+    if (!projectPath) {
+      throw new Error("Project path is required for project scope");
+    }
+    return [
+      { scope: "project", service: projectService(projectPath), projectPath }
+    ];
+  }
+  if (projectPath) {
+    return [
+      { scope: "project", service: projectService(projectPath), projectPath },
+      { scope: "global", service: globalService() }
+    ];
+  }
+  return [{ scope: "global", service: globalService() }];
+}
+
+// src/core/keyring.ts
+function readEnvelope(service, key) {
+  const entry = new Entry(service, key);
+  const raw = entry.getPassword();
+  if (raw === null) return null;
+  const envelope = parseEnvelope(raw);
+  return envelope ?? wrapLegacy(raw);
+}
+function writeEnvelope(service, key, envelope) {
+  const entry = new Entry(service, key);
+  entry.setPassword(serializeEnvelope(envelope));
+}
+function resolveEnv(opts) {
+  if (opts.env) return opts.env;
+  const result = collapseEnvironment({ projectPath: opts.projectPath });
+  return result?.env;
+}
+function getSecret(key, opts = {}) {
+  const scopes = resolveScope(opts);
+  const env = resolveEnv(opts);
+  const source = opts.source ?? "cli";
+  for (const { service, scope } of scopes) {
+    const envelope = readEnvelope(service, key);
+    if (!envelope) continue;
+    const decay = checkDecay(envelope);
+    if (decay.isExpired) {
+      logAudit({
+        action: "read",
+        key,
+        scope,
+        source,
+        detail: "blocked: secret expired (quantum decay)"
+      });
+      continue;
+    }
+    const value = collapseValue(envelope, env);
+    if (value === null) continue;
+    const updated = recordAccess(envelope);
+    writeEnvelope(service, key, updated);
+    logAudit({ action: "read", key, scope, env, source });
+    return value;
+  }
+  return null;
+}
+function getEnvelope(key, opts = {}) {
+  const scopes = resolveScope(opts);
+  for (const { service, scope } of scopes) {
+    const envelope = readEnvelope(service, key);
+    if (envelope) return { envelope, scope };
+  }
+  return null;
+}
+function setSecret(key, value, opts = {}) {
+  const scope = opts.scope ?? "global";
+  const scopes = resolveScope({ ...opts, scope });
+  const { service } = scopes[0];
+  const source = opts.source ?? "cli";
+  const existing = readEnvelope(service, key);
+  let envelope;
+  if (opts.states) {
+    envelope = createEnvelope("", {
+      states: opts.states,
+      defaultEnv: opts.defaultEnv,
+      description: opts.description,
+      tags: opts.tags,
+      ttlSeconds: opts.ttlSeconds,
+      expiresAt: opts.expiresAt,
+      entangled: existing?.meta.entangled
+    });
+  } else {
+    envelope = createEnvelope(value, {
+      description: opts.description,
+      tags: opts.tags,
+      ttlSeconds: opts.ttlSeconds,
+      expiresAt: opts.expiresAt,
+      entangled: existing?.meta.entangled
+    });
+  }
+  if (existing) {
+    envelope.meta.createdAt = existing.meta.createdAt;
+    envelope.meta.accessCount = existing.meta.accessCount;
+  }
+  writeEnvelope(service, key, envelope);
+  logAudit({ action: "write", key, scope, source });
+  const entangled = findEntangled({ service, key });
+  for (const target of entangled) {
+    try {
+      const targetEnvelope = readEnvelope(target.service, target.key);
+      if (targetEnvelope) {
+        if (opts.states) {
+          targetEnvelope.states = opts.states;
+        } else {
+          targetEnvelope.value = value;
+        }
+        targetEnvelope.meta.updatedAt = (/* @__PURE__ */ new Date()).toISOString();
+        writeEnvelope(target.service, target.key, targetEnvelope);
+        logAudit({
+          action: "entangle",
+          key: target.key,
+          scope: "global",
+          source,
+          detail: `propagated from ${key}`
+        });
+      }
+    } catch {
+    }
+  }
+}
+function deleteSecret(key, opts = {}) {
+  const scopes = resolveScope(opts);
+  const source = opts.source ?? "cli";
+  let deleted = false;
+  for (const { service, scope } of scopes) {
+    const entry = new Entry(service, key);
+    try {
+      if (entry.deleteCredential()) {
+        deleted = true;
+        logAudit({ action: "delete", key, scope, source });
+      }
+    } catch {
+    }
+  }
+  return deleted;
+}
+function hasSecret(key, opts = {}) {
+  const scopes = resolveScope(opts);
+  for (const { service } of scopes) {
+    const envelope = readEnvelope(service, key);
+    if (envelope) {
+      const decay = checkDecay(envelope);
+      if (!decay.isExpired) return true;
+    }
+  }
+  return false;
+}
+function listSecrets(opts = {}) {
+  const source = opts.source ?? "cli";
+  const services = [];
+  if (!opts.scope || opts.scope === "global") {
+    services.push({ service: globalService(), scope: "global" });
+  }
+  if ((!opts.scope || opts.scope === "project") && opts.projectPath) {
+    services.push({
+      service: projectService(opts.projectPath),
+      scope: "project"
+    });
+  }
+  const results = [];
+  const seen = /* @__PURE__ */ new Set();
+  for (const { service, scope } of services) {
+    try {
+      const credentials = findCredentials(service);
+      for (const cred of credentials) {
+        const id = `${scope}:${cred.account}`;
+        if (seen.has(id)) continue;
+        seen.add(id);
+        const envelope = parseEnvelope(cred.password) ?? wrapLegacy(cred.password);
+        const decay = checkDecay(envelope);
+        results.push({
+          key: cred.account,
+          scope,
+          envelope,
+          decay
+        });
+      }
+    } catch {
+    }
+  }
+  if (!opts.silent) {
+    logAudit({ action: "list", source });
+  }
+  return results.sort((a, b) => a.key.localeCompare(b.key));
+}
+function entangleSecrets(sourceKey, sourceOpts, targetKey, targetOpts) {
+  const sourceScopes = resolveScope({ ...sourceOpts, scope: sourceOpts.scope ?? "global" });
+  const targetScopes = resolveScope({ ...targetOpts, scope: targetOpts.scope ?? "global" });
+  const source = { service: sourceScopes[0].service, key: sourceKey };
+  const target = { service: targetScopes[0].service, key: targetKey };
+  entangle(source, target);
+  logAudit({
+    action: "entangle",
+    key: sourceKey,
+    source: sourceOpts.source ?? "cli",
+    detail: `entangled with ${targetKey}`
+  });
+}
+
+// src/core/tunnel.ts
+var tunnelStore = /* @__PURE__ */ new Map();
+var cleanupInterval = null;
+function ensureCleanup() {
+  if (cleanupInterval) return;
+  cleanupInterval = setInterval(() => {
+    const now = Date.now();
+    for (const [id, entry] of tunnelStore) {
+      if (entry.expiresAt && now >= entry.expiresAt) {
+        tunnelStore.delete(id);
+      }
+    }
+    if (tunnelStore.size === 0 && cleanupInterval) {
+      clearInterval(cleanupInterval);
+      cleanupInterval = null;
+    }
+  }, 5e3);
+  if (cleanupInterval && typeof cleanupInterval === "object" && "unref" in cleanupInterval) {
+    cleanupInterval.unref();
+  }
+}
+function tunnelCreate(value, opts = {}) {
+  const id = `tun_${Date.now().toString(36)}_${Math.random().toString(36).slice(2, 8)}`;
+  const now = Date.now();
+  tunnelStore.set(id, {
+    value,
+    createdAt: now,
+    expiresAt: opts.ttlSeconds ? now + opts.ttlSeconds * 1e3 : void 0,
+    accessCount: 0,
+    maxReads: opts.maxReads
+  });
+  ensureCleanup();
+  return id;
+}
+function tunnelRead(id) {
+  const entry = tunnelStore.get(id);
+  if (!entry) return null;
+  if (entry.expiresAt && Date.now() >= entry.expiresAt) {
+    tunnelStore.delete(id);
+    return null;
+  }
+  entry.accessCount++;
+  if (entry.maxReads && entry.accessCount >= entry.maxReads) {
+    const value = entry.value;
+    tunnelStore.delete(id);
+    return value;
+  }
+  return entry.value;
+}
+function tunnelDestroy(id) {
+  return tunnelStore.delete(id);
+}
+function tunnelList() {
+  const now = Date.now();
+  const result = [];
+  for (const [id, entry] of tunnelStore) {
+    if (entry.expiresAt && now >= entry.expiresAt) {
+      tunnelStore.delete(id);
+      continue;
+    }
+    result.push({
+      id,
+      createdAt: entry.createdAt,
+      expiresAt: entry.expiresAt,
+      accessCount: entry.accessCount,
+      maxReads: entry.maxReads
+    });
+  }
+  return result;
+}
+
+export {
+  checkDecay,
+  collapseEnvironment,
+  logAudit,
+  queryAudit,
+  detectAnomalies,
+  listEntanglements,
+  getSecret,
+  getEnvelope,
+  setSecret,
+  deleteSecret,
+  hasSecret,
+  listSecrets,
+  entangleSecrets,
+  tunnelCreate,
+  tunnelRead,
+  tunnelDestroy,
+  tunnelList
+};
+//# sourceMappingURL=chunk-3WTTWJYU.js.map