@kill-switch/cli 0.1.0

package/dist/api-client.d.ts

@@ -0,0 +1,15 @@
+/**
+ * API Client — fetch wrapper with auth and error handling
+ */
+export declare class ApiError extends Error {
+    status: number;
+    body: any;
+    constructor(status: number, body: any, message: string);
+}
+export declare function apiRequest<T = any>(path: string, opts?: {
+    method?: string;
+    body?: any;
+    apiKey?: string;
+    apiUrl?: string;
+    public?: boolean;
+}): Promise<T>;

package/dist/api-client.js

@@ -0,0 +1,46 @@
+/**
+ * API Client — fetch wrapper with auth and error handling
+ */
+import { resolveApiKey, resolveApiUrl } from "./config.js";
+export class ApiError extends Error {
+    status;
+    body;
+    constructor(status, body, message) {
+        super(message);
+        this.status = status;
+        this.body = body;
+        this.name = "ApiError";
+    }
+}
+export async function apiRequest(path, opts = {}) {
+    const apiKey = resolveApiKey(opts.apiKey);
+    const apiUrl = resolveApiUrl(opts.apiUrl);
+    if (!apiKey && !opts.public) {
+        throw new ApiError(0, null, "Not authenticated. Run: kill-switch auth login --api-key YOUR_KEY");
+    }
+    const url = `${apiUrl}${path}`;
+    const headers = {
+        "Content-Type": "application/json",
+    };
+    if (apiKey)
+        headers["Authorization"] = `Bearer ${apiKey}`;
+    const res = await fetch(url, {
+        method: opts.method || "GET",
+        headers,
+        body: opts.body ? JSON.stringify(opts.body) : undefined,
+    });
+    const text = await res.text();
+    let data;
+    try {
+        data = JSON.parse(text);
+    }
+    catch {
+        if (!res.ok)
+            throw new ApiError(res.status, null, `API error ${res.status}: ${text.slice(0, 200)}`);
+        return text;
+    }
+    if (!res.ok) {
+        throw new ApiError(res.status, data, data.error || `API error: ${res.status}`);
+    }
+    return data;
+}

package/dist/commands/accounts.d.ts

@@ -0,0 +1,2 @@
+import { Command } from "commander";
+export declare function registerAccountCommands(program: Command): void;

package/dist/commands/accounts.js

@@ -0,0 +1,133 @@
+import { apiRequest } from "../api-client.js";
+import { outputJson, formatTable, formatObject, outputError } from "../output.js";
+export function registerAccountCommands(program) {
+    const accounts = program.command("accounts").description("Manage cloud accounts");
+    accounts
+        .command("list")
+        .alias("ls")
+        .description("List connected cloud accounts")
+        .action(async () => {
+        const json = program.opts().json;
+        try {
+            const data = await apiRequest("/cloud-accounts");
+            const list = data.accounts || data;
+            if (json) {
+                outputJson(list);
+            }
+            else {
+                formatTable(Array.isArray(list) ? list : [], [
+                    { key: "_id", header: "ID" },
+                    { key: "provider", header: "Provider" },
+                    { key: "name", header: "Name" },
+                    { key: "status", header: "Status" },
+                ]);
+            }
+        }
+        catch (err) {
+            outputError(err.message, json);
+            process.exit(1);
+        }
+    });
+    accounts
+        .command("get <id>")
+        .description("Get cloud account details")
+        .action(async (id) => {
+        const json = program.opts().json;
+        try {
+            const data = await apiRequest(`/cloud-accounts/${id}`);
+            if (json) {
+                outputJson(data);
+            }
+            else {
+                formatObject(data);
+            }
+        }
+        catch (err) {
+            outputError(err.message, json);
+            process.exit(1);
+        }
+    });
+    accounts
+        .command("add <provider>")
+        .description("Connect a cloud provider (cloudflare, gcp, aws)")
+        .requiredOption("--name <name>", "Account name")
+        .option("--token <token>", "API token (Cloudflare)")
+        .option("--account-id <id>", "Account ID (Cloudflare)")
+        .option("--project-id <id>", "Project ID (GCP)")
+        .option("--service-account <json>", "Service Account JSON (GCP)")
+        .action(async (provider, opts) => {
+        const json = program.opts().json;
+        const credential = {};
+        if (opts.token)
+            credential.apiToken = opts.token;
+        if (opts.accountId)
+            credential.accountId = opts.accountId;
+        if (opts.projectId)
+            credential.projectId = opts.projectId;
+        if (opts.serviceAccount)
+            credential.serviceAccountJson = opts.serviceAccount;
+        try {
+            const data = await apiRequest("/cloud-accounts", {
+                method: "POST",
+                body: { provider, name: opts.name, credential },
+            });
+            if (json) {
+                outputJson(data);
+            }
+            else {
+                console.log(`Connected ${provider} account: ${data.name || data._id}`);
+            }
+        }
+        catch (err) {
+            outputError(err.message, json);
+            process.exit(1);
+        }
+    });
+    accounts
+        .command("delete <id>")
+        .alias("rm")
+        .description("Disconnect and delete a cloud account")
+        .action(async (id) => {
+        const json = program.opts().json;
+        try {
+            await apiRequest(`/cloud-accounts/${id}`, { method: "DELETE" });
+            if (json) {
+                outputJson({ deleted: true, id });
+            }
+            else {
+                console.log(`Account ${id} disconnected.`);
+            }
+        }
+        catch (err) {
+            outputError(err.message, json);
+            process.exit(1);
+        }
+    });
+    accounts
+        .command("check <id>")
+        .description("Run manual monitoring check on an account")
+        .action(async (id) => {
+        const json = program.opts().json;
+        try {
+            const data = await apiRequest(`/cloud-accounts/${id}/check`, { method: "POST" });
+            if (json) {
+                outputJson(data);
+            }
+            else {
+                console.log(`Check complete: ${data.violations?.length || 0} violations`);
+                if (data.violations?.length) {
+                    formatTable(data.violations, [
+                        { key: "metric", header: "Metric" },
+                        { key: "value", header: "Value" },
+                        { key: "threshold", header: "Threshold" },
+                        { key: "action", header: "Action" },
+                    ]);
+                }
+            }
+        }
+        catch (err) {
+            outputError(err.message, json);
+            process.exit(1);
+        }
+    });
+}

package/dist/commands/alerts.d.ts

@@ -0,0 +1,2 @@
+import { Command } from "commander";
+export declare function registerAlertCommands(program: Command): void;

package/dist/commands/alerts.js

@@ -0,0 +1,49 @@
+import { apiRequest } from "../api-client.js";
+import { outputJson, formatTable, outputError } from "../output.js";
+export function registerAlertCommands(program) {
+    const alerts = program.command("alerts").description("Manage alert channels");
+    alerts
+        .command("list")
+        .alias("ls")
+        .description("List configured alert channels")
+        .action(async () => {
+        const json = program.opts().json;
+        try {
+            const data = await apiRequest("/alerts/channels");
+            const channels = data.channels || data;
+            if (json) {
+                outputJson(channels);
+            }
+            else {
+                formatTable(Array.isArray(channels) ? channels : [], [
+                    { key: "type", header: "Type" },
+                    { key: "name", header: "Name" },
+                    { key: "enabled", header: "Enabled" },
+                ]);
+            }
+        }
+        catch (err) {
+            outputError(err.message, json);
+            process.exit(1);
+        }
+    });
+    alerts
+        .command("test")
+        .description("Send a test alert to all channels")
+        .action(async () => {
+        const json = program.opts().json;
+        try {
+            const data = await apiRequest("/alerts/test", { method: "POST" });
+            if (json) {
+                outputJson(data);
+            }
+            else {
+                console.log("Test alert sent to all configured channels.");
+            }
+        }
+        catch (err) {
+            outputError(err.message, json);
+            process.exit(1);
+        }
+    });
+}

package/dist/commands/analytics.d.ts

@@ -0,0 +1,2 @@
+import { Command } from "commander";
+export declare function registerAnalyticsCommands(program: Command): void;

package/dist/commands/analytics.js

@@ -0,0 +1,35 @@
+import { apiRequest } from "../api-client.js";
+import { outputJson, formatTable, outputError } from "../output.js";
+export function registerAnalyticsCommands(program) {
+    program
+        .command("analytics")
+        .description("FinOps analytics overview")
+        .option("--days <n>", "Days to analyze", "30")
+        .action(async (opts) => {
+        const json = program.opts().json;
+        try {
+            const data = await apiRequest(`/analytics/overview?days=${opts.days}`);
+            if (json) {
+                outputJson(data);
+            }
+            else {
+                console.log(`Analytics (last ${opts.days} days)\n`);
+                if (data.dailyCosts) {
+                    formatTable(data.dailyCosts.slice(-7), [
+                        { key: "date", header: "Date" },
+                        { key: "totalUsd", header: "Cost (USD)" },
+                        { key: "violations", header: "Violations" },
+                        { key: "actions", header: "Actions" },
+                    ]);
+                }
+                if (data.totalSavingsUsd !== undefined) {
+                    console.log(`\nEstimated savings: $${data.totalSavingsUsd}`);
+                }
+            }
+        }
+        catch (err) {
+            outputError(err.message, json);
+            process.exit(1);
+        }
+    });
+}

package/dist/commands/auth.d.ts

@@ -0,0 +1,2 @@
+import { Command } from "commander";
+export declare function registerAuthCommands(program: Command): void;

package/dist/commands/auth.js

@@ -0,0 +1,85 @@
+import { saveConfig, deleteConfig, resolveApiKey, resolveApiUrl } from "../config.js";
+import { apiRequest } from "../api-client.js";
+import { outputJson, formatObject, outputError } from "../output.js";
+export function registerAuthCommands(program) {
+    const auth = program.command("auth").description("Manage authentication");
+    auth
+        .command("login")
+        .description("Authenticate with an API key")
+        .requiredOption("--api-key <key>", "Personal API key (starts with ks_)")
+        .action(async (opts) => {
+        const json = program.opts().json;
+        const key = opts.apiKey;
+        if (!key.startsWith("ks_")) {
+            outputError("API key must start with 'ks_'. Create one at app.kill-switch.net.", json);
+            process.exit(1);
+        }
+        // Validate the key by calling the API
+        try {
+            const result = await apiRequest("/accounts/me", { apiKey: key });
+            saveConfig({ apiKey: key, apiUrl: resolveApiUrl() });
+            if (json) {
+                outputJson({ authenticated: true, account: result.name || result._id });
+            }
+            else {
+                console.log(`Authenticated as ${result.name || result._id}`);
+                console.log("API key saved to ~/.kill-switch/config.json");
+            }
+        }
+        catch (err) {
+            outputError(`Authentication failed: ${err.message}`, json);
+            process.exit(2);
+        }
+    });
+    auth
+        .command("logout")
+        .description("Clear stored credentials")
+        .action(() => {
+        const json = program.opts().json;
+        deleteConfig();
+        if (json) {
+            outputJson({ loggedOut: true });
+        }
+        else {
+            console.log("Credentials cleared.");
+        }
+    });
+    auth
+        .command("status")
+        .description("Show current auth status")
+        .action(async () => {
+        const json = program.opts().json;
+        const key = resolveApiKey();
+        if (!key) {
+            if (json) {
+                outputJson({ authenticated: false });
+            }
+            else {
+                console.log("Not authenticated. Run: kill-switch auth login --api-key YOUR_KEY");
+            }
+            return;
+        }
+        try {
+            const result = await apiRequest("/accounts/me");
+            if (json) {
+                outputJson({ authenticated: true, ...result });
+            }
+            else {
+                formatObject({
+                    authenticated: "yes",
+                    account: result.name || result._id,
+                    tier: result.tier,
+                    keyPrefix: key.substring(0, 16) + "...",
+                });
+            }
+        }
+        catch {
+            if (json) {
+                outputJson({ authenticated: false, keyPresent: true, error: "Key is invalid or expired" });
+            }
+            else {
+                console.log("API key present but invalid. Run: kill-switch auth login --api-key NEW_KEY");
+            }
+        }
+    });
+}

package/dist/commands/check.d.ts

@@ -0,0 +1,2 @@
+import { Command } from "commander";
+export declare function registerCheckCommands(program: Command): void;

package/dist/commands/check.js

@@ -0,0 +1,37 @@
+import { apiRequest } from "../api-client.js";
+import { outputJson, formatTable, outputError } from "../output.js";
+export function registerCheckCommands(program) {
+    program
+        .command("check")
+        .description("Run monitoring check on all connected accounts")
+        .action(async () => {
+        const json = program.opts().json;
+        try {
+            const data = await apiRequest("/check", { method: "POST" });
+            if (json) {
+                outputJson(data);
+            }
+            else {
+                const results = data.results || [];
+                console.log(`Checked ${results.length} account(s)\n`);
+                for (const r of results) {
+                    console.log(`${r.provider || "unknown"}: ${r.name || r.cloudAccountId}`);
+                    if (r.violations?.length) {
+                        formatTable(r.violations, [
+                            { key: "metric", header: "Metric" },
+                            { key: "value", header: "Value" },
+                            { key: "threshold", header: "Threshold" },
+                        ]);
+                    }
+                    else {
+                        console.log("  All clear\n");
+                    }
+                }
+            }
+        }
+        catch (err) {
+            outputError(err.message, json);
+            process.exit(1);
+        }
+    });
+}

package/dist/commands/config-cmd.d.ts

@@ -0,0 +1,2 @@
+import { Command } from "commander";
+export declare function registerConfigCommands(program: Command): void;

package/dist/commands/config-cmd.js

@@ -0,0 +1,72 @@
+import { loadConfig, saveConfig, CONFIG_FILE, DEFAULT_API_URL } from "../config.js";
+import { outputJson } from "../output.js";
+export function registerConfigCommands(program) {
+    const config = program.command("config").description("Manage CLI configuration");
+    config
+        .command("init")
+        .description("Create config file with defaults")
+        .action(() => {
+        const json = program.opts().json;
+        const existing = loadConfig();
+        saveConfig({ apiUrl: DEFAULT_API_URL, ...existing });
+        if (json) {
+            outputJson({ configFile: CONFIG_FILE, created: true });
+        }
+        else {
+            console.log(`Config saved to ${CONFIG_FILE}`);
+        }
+    });
+    config
+        .command("get <key>")
+        .description("Get a config value")
+        .action((key) => {
+        const json = program.opts().json;
+        const cfg = loadConfig();
+        const value = cfg[key];
+        if (json) {
+            outputJson({ [key]: value ?? null });
+        }
+        else {
+            console.log(value ?? "(not set)");
+        }
+    });
+    config
+        .command("set <key> <value>")
+        .description("Set a config value")
+        .action((key, value) => {
+        const json = program.opts().json;
+        const cfg = loadConfig();
+        cfg[key] = value;
+        saveConfig(cfg);
+        if (json) {
+            outputJson({ [key]: value });
+        }
+        else {
+            console.log(`${key} = ${value}`);
+        }
+    });
+    config
+        .command("list")
+        .alias("ls")
+        .description("Show all config values")
+        .action(() => {
+        const json = program.opts().json;
+        const cfg = loadConfig();
+        if (json) {
+            outputJson(cfg);
+        }
+        else {
+            const entries = Object.entries(cfg);
+            if (entries.length === 0) {
+                console.log("No config set. Run: kill-switch config init");
+            }
+            else {
+                for (const [k, v] of entries) {
+                    const display = k === "apiKey" ? String(v).substring(0, 16) + "..." : String(v);
+                    console.log(`${k.padEnd(12)} ${display}`);
+                }
+            }
+            console.log(`\nConfig file: ${CONFIG_FILE}`);
+        }
+    });
+}

package/dist/commands/kill.d.ts

@@ -0,0 +1,2 @@
+import { Command } from "commander";
+export declare function registerKillCommands(program: Command): void;

package/dist/commands/kill.js

@@ -0,0 +1,125 @@
+import { apiRequest } from "../api-client.js";
+import { outputJson, formatTable, formatObject, outputError } from "../output.js";
+export function registerKillCommands(program) {
+    const kill = program.command("kill").description("Database kill switch sequences");
+    kill
+        .command("init")
+        .description("Initiate a database kill sequence")
+        .requiredOption("--credential-id <id>", "Stored credential ID")
+        .requiredOption("--trigger <reason>", "Kill trigger reason")
+        .action(async (opts) => {
+        const json = program.opts().json;
+        try {
+            const data = await apiRequest("/database/kill", {
+                method: "POST",
+                body: { credentialId: opts.credentialId, trigger: opts.trigger },
+            });
+            if (json) {
+                outputJson(data);
+            }
+            else {
+                console.log(`Kill sequence initiated: ${data.sequenceId}`);
+                console.log(`Status: ${data.status}`);
+                console.log(`Steps: ${data.steps?.map((s) => s.action).join(" -> ")}`);
+                console.log(`\nAdvance: kill-switch kill advance ${data.sequenceId} --credential-id ${opts.credentialId}`);
+            }
+        }
+        catch (err) {
+            outputError(err.message, json);
+            process.exit(1);
+        }
+    });
+    kill
+        .command("status [id]")
+        .description("Get kill sequence status (or list all active)")
+        .action(async (id) => {
+        const json = program.opts().json;
+        try {
+            if (id) {
+                const data = await apiRequest(`/database/kill/${id}`);
+                if (json) {
+                    outputJson(data);
+                }
+                else {
+                    formatObject(data, ["id", "status", "currentStep", "snapshotVerified"]);
+                    if (data.steps) {
+                        console.log("\nSteps:");
+                        formatTable(data.steps, [
+                            { key: "action", header: "Action" },
+                            { key: "status", header: "Status" },
+                            { key: "timestamp", header: "Timestamp" },
+                        ]);
+                    }
+                }
+            }
+            else {
+                const data = await apiRequest("/database/kill");
+                const sequences = data.sequences || data;
+                if (json) {
+                    outputJson(sequences);
+                }
+                else {
+                    formatTable(Array.isArray(sequences) ? sequences : [], [
+                        { key: "id", header: "Sequence ID" },
+                        { key: "status", header: "Status" },
+                        { key: "currentStep", header: "Step" },
+                    ]);
+                }
+            }
+        }
+        catch (err) {
+            outputError(err.message, json);
+            process.exit(1);
+        }
+    });
+    kill
+        .command("advance <id>")
+        .description("Execute the next step in a kill sequence")
+        .requiredOption("--credential-id <credId>", "Stored credential ID")
+        .option("--human-approval", "Confirm human approval (required for nuke step)")
+        .action(async (id, opts) => {
+        const json = program.opts().json;
+        try {
+            const data = await apiRequest(`/database/kill/${id}/advance`, {
+                method: "POST",
+                body: {
+                    credentialId: opts.credentialId,
+                    humanApproval: opts.humanApproval || false,
+                },
+            });
+            if (json) {
+                outputJson(data);
+            }
+            else {
+                console.log(`Step executed: ${data.steps?.[data.currentStep - 1]?.action || "?"}`);
+                console.log(`Status: ${data.status}`);
+                if (data.status !== "completed") {
+                    console.log(`Next: kill-switch kill advance ${id} --credential-id ${opts.credentialId}`);
+                }
+            }
+        }
+        catch (err) {
+            outputError(err.message, json);
+            process.exit(1);
+        }
+    });
+    kill
+        .command("abort <id>")
+        .description("Abort a kill sequence")
+        .action(async (id) => {
+        const json = program.opts().json;
+        try {
+            const data = await apiRequest(`/database/kill/${id}/abort`, { method: "POST" });
+            if (json) {
+                outputJson(data);
+            }
+            else {
+                console.log(`Kill sequence ${id} aborted.`);
+            }
+        }
+        catch (err) {
+            outputError(err.message, json);
+            process.exit(1);
+        }
+    });
+}

package/dist/commands/onboard.d.ts

@@ -0,0 +1,24 @@
+/**
+ * Onboard Command
+ *
+ * One-command setup for connecting cloud providers, applying protection rules,
+ * and configuring alerts. Designed for both human use and AI agent automation.
+ *
+ * Human use (interactive prompts):
+ *   kill-switch onboard
+ *
+ * AI agent use (non-interactive):
+ *   kill-switch onboard \
+ *     --provider cloudflare \
+ *     --account-id YOUR_CF_ACCOUNT_ID \
+ *     --token YOUR_CF_API_TOKEN \
+ *     --name "Production" \
+ *     --shields cost-runaway,ddos \
+ *     --alert-email you@example.com
+ *
+ * Multi-provider (run multiple times or comma-separate):
+ *   kill-switch onboard --provider cloudflare --token ... --account-id ...
+ *   kill-switch onboard --provider aws --access-key ... --secret-key ... --region us-east-1
+ */
+import { Command } from "commander";
+export declare function registerOnboardCommands(program: Command): void;