@keywaysh/cli 0.1.3 → 0.1.5

package/dist/cli.js

@@ -102,7 +102,7 @@ var INTERNAL_POSTHOG_HOST = "https://eu.i.posthog.com";
 // package.json
 var package_default = {
   name: "@keywaysh/cli",
-  version: "0.1.3",
+  version: "0.1.5",
   description: "One link to all your secrets",
   type: "module",
   bin: {
@@ -146,6 +146,7 @@ var package_default = {
     node: ">=18.0.0"
   },
   dependencies: {
+    "balanced-match": "^3.0.1",
     commander: "^14.0.0",
     conf: "^15.0.2",
     open: "^11.0.0",
@@ -154,6 +155,7 @@ var package_default = {
     prompts: "^2.4.2"
   },
   devDependencies: {
+    "@types/balanced-match": "^3.0.2",
     "@types/node": "^24.2.0",
     "@types/prompts": "^2.4.9",
     tsup: "^8.5.0",
@@ -491,6 +493,37 @@ async function executeSync(accessToken, repoFullName, options) {
   const wrapped = await handleResponse(response);
   return wrapped.data;
 }
+async function connectWithToken(accessToken, provider, providerToken) {
+  const response = await fetchWithTimeout(`${API_BASE_URL}/v1/integrations/${provider}/connect`, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+      "User-Agent": USER_AGENT,
+      Authorization: `Bearer ${accessToken}`
+    },
+    body: JSON.stringify({ token: providerToken })
+  });
+  const wrapped = await handleResponse(response);
+  return wrapped.data;
+}
+async function checkVaultExists(accessToken, repoFullName) {
+  const [owner, repo] = repoFullName.split("/");
+  try {
+    const response = await fetchWithTimeout(
+      `${API_BASE_URL}/v1/vaults/${owner}/${repo}`,
+      {
+        method: "GET",
+        headers: {
+          "User-Agent": USER_AGENT,
+          Authorization: `Bearer ${accessToken}`
+        }
+      }
+    );
+    return response.ok;
+  } catch {
+    return false;
+  }
+}
 async function getVaultEnvironments(accessToken, repoFullName) {
   const [owner, repo] = repoFullName.split("/");
   try {
@@ -655,23 +688,76 @@ import fs3 from "fs";
 import path3 from "path";
 import prompts from "prompts";
 import pc2 from "picocolors";
+import balanced from "balanced-match";
 function generateBadge(repo) {
   return `[![Keyway Secrets](https://www.keyway.sh/badge.svg?repo=${repo})](https://www.keyway.sh/vaults/${repo})`;
 }
+var BADGE_PREFIX = /\[!\[[^\]]*\]\([^)]*\)\]\(/g;
+var H1_PATTERN = /^#\s+/;
+var CODE_FENCE = /^```/;
+function findLastBadgeEnd(line) {
+  let lastEnd = -1;
+  let match;
+  BADGE_PREFIX.lastIndex = 0;
+  while ((match = BADGE_PREFIX.exec(line)) !== null) {
+    const prefixEnd = match.index + match[0].length - 1;
+    const remainder = line.substring(prefixEnd);
+    const balancedMatch = balanced("(", ")", remainder);
+    if (balancedMatch) {
+      lastEnd = prefixEnd + balancedMatch.end + 1;
+    }
+  }
+  return lastEnd;
+}
 function insertBadgeIntoReadme(readmeContent, badge) {
   if (readmeContent.includes("keyway.sh/badge.svg")) {
     return readmeContent;
   }
   const lines = readmeContent.split(/\r?\n/);
-  const titleIndex = lines.findIndex((line) => /^#(?!#)\s+/.test(line.trim()));
-  if (titleIndex !== -1) {
-    const before = lines.slice(0, titleIndex + 1);
-    const after = lines.slice(titleIndex + 1);
+  let inCodeBlock = false;
+  let inHtmlComment = false;
+  let lastBadgeLine = -1;
+  let lastBadgeEndIndex = -1;
+  let firstH1Line = -1;
+  for (let i = 0; i < lines.length; i++) {
+    const line = lines[i];
+    const trimmed = line.trim();
+    if (CODE_FENCE.test(trimmed)) {
+      inCodeBlock = !inCodeBlock;
+      continue;
+    }
+    if (inCodeBlock) continue;
+    if (trimmed.includes("<!--")) inHtmlComment = true;
+    if (trimmed.includes("-->")) {
+      inHtmlComment = false;
+      continue;
+    }
+    if (inHtmlComment) continue;
+    BADGE_PREFIX.lastIndex = 0;
+    if (BADGE_PREFIX.test(line)) {
+      lastBadgeLine = i;
+      lastBadgeEndIndex = findLastBadgeEnd(line);
+    }
+    if (firstH1Line === -1 && H1_PATTERN.test(line)) {
+      firstH1Line = i;
+    }
+  }
+  if (lastBadgeLine >= 0 && lastBadgeEndIndex > 0) {
+    const line = lines[lastBadgeLine];
+    lines[lastBadgeLine] = line.slice(0, lastBadgeEndIndex) + " " + badge + line.slice(lastBadgeEndIndex);
+    return lines.join("\n");
+  }
+  if (firstH1Line >= 0) {
+    const before = lines.slice(0, firstH1Line + 1);
+    const after = lines.slice(firstH1Line + 1);
     while (after.length > 0 && after[0].trim() === "") {
       after.shift();
     }
-    const newLines = [...before, "", badge, "", ...after];
-    return newLines.join("\n");
+    if (after.length > 0) {
+      return [...before, "", badge, "", ...after].join("\n");
+    } else {
+      return [...before, "", badge, ""].join("\n");
+    }
   }
   return `${badge}
 
@@ -1315,6 +1401,15 @@ async function initCommand(options = {}) {
       allowPrompt: options.loginPrompt !== false
     });
     trackEvent(AnalyticsEvents.CLI_INIT, { repoFullName, githubAppInstalled: true });
+    const vaultExists = await checkVaultExists(accessToken, repoFullName);
+    if (vaultExists) {
+      console.log(pc5.green("\n\u2713 Already initialized!\n"));
+      console.log(`  ${pc5.yellow("\u2192")} Run ${pc5.cyan("keyway push")} to sync your secrets`);
+      console.log(`  ${pc5.blue("\u2394")} Dashboard: ${pc5.underline(dashboardLink)}`);
+      console.log("");
+      await shutdownAnalytics();
+      return;
+    }
     await initVault(repoFullName, accessToken);
     console.log(pc5.green("\u2713 Vault created!"));
     try {
@@ -1785,6 +1880,86 @@ Summary: ${formatSummary(results)}`);
 import pc8 from "picocolors";
 import open3 from "open";
 import prompts6 from "prompts";
+var TOKEN_AUTH_PROVIDERS = ["railway"];
+function getTokenCreationUrl(provider) {
+  switch (provider) {
+    case "railway":
+      return "https://railway.com/account/tokens";
+    default:
+      return "";
+  }
+}
+async function connectWithTokenFlow(accessToken, provider, displayName) {
+  const tokenUrl = getTokenCreationUrl(provider);
+  console.log(pc8.gray(`Create a ${displayName} API Token at:`));
+  console.log(pc8.cyan(`\u2192 ${tokenUrl}
+`));
+  if (provider === "railway") {
+    console.log(pc8.yellow("Tip: Select the workspace containing your projects."));
+    console.log(pc8.yellow(`     Do NOT use "No workspace" - it won't have access to your projects.
+`));
+  }
+  const { token } = await prompts6({
+    type: "password",
+    name: "token",
+    message: `${displayName} API Token:`
+  });
+  if (!token) {
+    console.log(pc8.gray("Cancelled."));
+    return false;
+  }
+  console.log(pc8.gray("\nValidating token..."));
+  try {
+    const result = await connectWithToken(accessToken, provider, token);
+    if (result.success) {
+      console.log(pc8.green(`
+\u2713 Connected to ${displayName}!`));
+      console.log(pc8.gray(`  Account: ${result.user.username}`));
+      if (result.user.teamName) {
+        console.log(pc8.gray(`  Team: ${result.user.teamName}`));
+      }
+      return true;
+    } else {
+      console.log(pc8.red("\n\u2717 Connection failed."));
+      return false;
+    }
+  } catch (error) {
+    const message = error instanceof Error ? error.message : "Token validation failed";
+    console.log(pc8.red(`
+\u2717 ${message}`));
+    return false;
+  }
+}
+async function connectWithOAuthFlow(accessToken, provider, displayName) {
+  const authUrl = getProviderAuthUrl(provider);
+  const startTime = /* @__PURE__ */ new Date();
+  console.log(pc8.gray("Opening browser for authorization..."));
+  console.log(pc8.gray(`If the browser doesn't open, visit: ${authUrl}`));
+  await open3(authUrl).catch(() => {
+  });
+  console.log(pc8.gray("Waiting for authorization..."));
+  const maxAttempts = 60;
+  let attempts = 0;
+  while (attempts < maxAttempts) {
+    await new Promise((resolve) => setTimeout(resolve, 5e3));
+    attempts++;
+    try {
+      const { connections } = await getConnections(accessToken);
+      const newConn = connections.find(
+        (c) => c.provider === provider && new Date(c.createdAt) > startTime
+      );
+      if (newConn) {
+        console.log(pc8.green(`
+\u2713 Connected to ${displayName}!`));
+        return true;
+      }
+    } catch {
+    }
+  }
+  console.log(pc8.red("\n\u2717 Authorization timeout."));
+  console.log(pc8.gray("Run `keyway connections` to check if the connection was established."));
+  return false;
+}
 async function connectCommand(provider, options = {}) {
   try {
     const accessToken = await ensureLogin({ allowPrompt: options.loginPrompt !== false });
@@ -1818,36 +1993,11 @@ async function connectCommand(provider, options = {}) {
     console.log(pc8.blue(`
 Connecting to ${providerInfo.displayName}...
 `));
-    const authUrl = getProviderAuthUrl(provider.toLowerCase());
-    const startTime = /* @__PURE__ */ new Date();
-    console.log(pc8.gray("Opening browser for authorization..."));
-    console.log(pc8.gray(`If the browser doesn't open, visit: ${authUrl}`));
-    await open3(authUrl).catch(() => {
-    });
-    console.log(pc8.gray("Waiting for authorization..."));
-    const maxAttempts = 60;
-    let attempts = 0;
     let connected = false;
-    while (attempts < maxAttempts) {
-      await new Promise((resolve) => setTimeout(resolve, 5e3));
-      attempts++;
-      try {
-        const { connections: connections2 } = await getConnections(accessToken);
-        const newConn = connections2.find(
-          (c) => c.provider === provider.toLowerCase() && new Date(c.createdAt) > startTime
-        );
-        if (newConn) {
-          connected = true;
-          console.log(pc8.green(`
-\u2713 Connected to ${providerInfo.displayName}!`));
-          break;
-        }
-      } catch {
-      }
-    }
-    if (!connected) {
-      console.log(pc8.red("\n\u2717 Authorization timeout."));
-      console.log(pc8.gray("Run `keyway connections` to check if the connection was established."));
+    if (TOKEN_AUTH_PROVIDERS.includes(provider.toLowerCase())) {
+      connected = await connectWithTokenFlow(accessToken, provider.toLowerCase(), providerInfo.displayName);
+    } else {
+      connected = await connectWithOAuthFlow(accessToken, provider.toLowerCase(), providerInfo.displayName);
     }
     trackEvent(AnalyticsEvents.CLI_CONNECT, {
       provider: provider.toLowerCase(),
@@ -1871,7 +2021,7 @@ async function connectionsCommand(options = {}) {
     if (connections.length === 0) {
       console.log(pc8.gray("No provider connections found."));
       console.log(pc8.gray("\nConnect to a provider with: keyway connect <provider>"));
-      console.log(pc8.gray("Available providers: vercel"));
+      console.log(pc8.gray("Available providers: vercel, railway"));
       return;
     }
     console.log(pc8.blue("\n\u{1F4E1} Provider Connections\n"));
@@ -1941,6 +2091,25 @@ function mapToVercelEnvironment(keywayEnv) {
   };
   return mapping[keywayEnv.toLowerCase()] || "production";
 }
+function mapToRailwayEnvironment(keywayEnv) {
+  const mapping = {
+    production: "production",
+    staging: "staging",
+    dev: "development",
+    development: "development"
+  };
+  return mapping[keywayEnv.toLowerCase()] || "production";
+}
+function mapToProviderEnvironment(provider, keywayEnv) {
+  switch (provider.toLowerCase()) {
+    case "vercel":
+      return mapToVercelEnvironment(keywayEnv);
+    case "railway":
+      return mapToRailwayEnvironment(keywayEnv);
+    default:
+      return keywayEnv;
+  }
+}
 function findMatchingProject(projects, repoFullName) {
   const repoFullNameLower = repoFullName.toLowerCase();
   const repoName = repoFullName.split("/")[1]?.toLowerCase();
@@ -2018,12 +2187,32 @@ async function syncCommand(provider, options = {}) {
       process.exit(1);
     }
     console.log(pc9.gray(`Repository: ${repoFullName}`));
-    const { connections } = await getConnections(accessToken);
-    const connection = connections.find((c) => c.provider === provider.toLowerCase());
+    let { connections } = await getConnections(accessToken);
+    let connection = connections.find((c) => c.provider === provider.toLowerCase());
     if (!connection) {
-      console.error(pc9.red(`Not connected to ${provider}.`));
-      console.log(pc9.gray(`Run: keyway connect ${provider}`));
-      process.exit(1);
+      const providerDisplayName = provider.charAt(0).toUpperCase() + provider.slice(1);
+      console.log(pc9.yellow(`
+Not connected to ${providerDisplayName}.`));
+      const { shouldConnect } = await prompts7({
+        type: "confirm",
+        name: "shouldConnect",
+        message: `Connect to ${providerDisplayName} now?`,
+        initial: true
+      });
+      if (!shouldConnect) {
+        console.log(pc9.gray("Cancelled."));
+        process.exit(0);
+      }
+      await connectCommand(provider, { loginPrompt: false });
+      const refreshed = await getConnections(accessToken);
+      connections = refreshed.connections;
+      connection = connections.find((c) => c.provider === provider.toLowerCase());
+      if (!connection) {
+        console.error(pc9.red(`
+Connection to ${providerDisplayName} failed.`));
+        process.exit(1);
+      }
+      console.log("");
     }
     const { projects } = await getConnectionProjects(accessToken, connection.id);
     if (projects.length === 0) {
@@ -2151,7 +2340,7 @@ async function syncCommand(provider, options = {}) {
         }
         keywayEnv = selectedEnv;
         if (!options.providerEnv) {
-          providerEnv = mapToVercelEnvironment(keywayEnv);
+          providerEnv = mapToProviderEnvironment(provider, keywayEnv);
         }
       }
       if (needsDirectionPrompt) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@keywaysh/cli",
-  "version": "0.1.3",
+  "version": "0.1.5",
   "description": "One link to all your secrets",
   "type": "module",
   "bin": {
@@ -10,6 +10,18 @@
   "files": [
     "dist"
   ],
+  "scripts": {
+    "dev": "pnpm exec tsx src/cli.ts",
+    "dev:local": "NODE_TLS_REJECT_UNAUTHORIZED=0 KEYWAY_API_URL=https://localhost/api pnpm exec tsx src/cli.ts",
+    "build": "pnpm exec tsup",
+    "build:watch": "pnpm exec tsup --watch",
+    "prepublishOnly": "pnpm run build",
+    "test": "pnpm exec vitest run",
+    "test:watch": "pnpm exec vitest",
+    "release": "npm version patch && git push && git push --tags",
+    "release:minor": "npm version minor && git push && git push --tags",
+    "release:major": "npm version major && git push && git push --tags"
+  },
   "keywords": [
     "secrets",
     "env",
@@ -27,10 +39,12 @@
   "bugs": {
     "url": "https://github.com/keywaysh/cli/issues"
   },
+  "packageManager": "pnpm@10.6.1",
   "engines": {
     "node": ">=18.0.0"
   },
   "dependencies": {
+    "balanced-match": "^3.0.1",
     "commander": "^14.0.0",
     "conf": "^15.0.2",
     "open": "^11.0.0",
@@ -39,22 +53,12 @@
     "prompts": "^2.4.2"
   },
   "devDependencies": {
+    "@types/balanced-match": "^3.0.2",
     "@types/node": "^24.2.0",
     "@types/prompts": "^2.4.9",
     "tsup": "^8.5.0",
     "tsx": "^4.20.3",
     "typescript": "^5.9.2",
     "vitest": "^3.2.4"
-  },
-  "scripts": {
-    "dev": "pnpm exec tsx src/cli.ts",
-    "dev:local": "NODE_TLS_REJECT_UNAUTHORIZED=0 KEYWAY_API_URL=https://localhost/api pnpm exec tsx src/cli.ts",
-    "build": "pnpm exec tsup",
-    "build:watch": "pnpm exec tsup --watch",
-    "test": "pnpm exec vitest run",
-    "test:watch": "pnpm exec vitest",
-    "release": "npm version patch && git push && git push --tags",
-    "release:minor": "npm version minor && git push && git push --tags",
-    "release:major": "npm version major && git push && git push --tags"
   }
-}
+}