@kill-switch/cli 0.3.0 → 0.3.2

package/dist/commands/auth.js

@@ -101,8 +101,12 @@ export function registerAuthCommands(program, createClient) {
         .option("--api-key <key>", "Personal API key (starts with ks_) — skips browser flow")
         .action(async (opts) => {
         const json = program.opts().json;
-        const apiUrl = resolveApiUrl();
-        let key = opts.apiKey;
+        const apiUrl = resolveApiUrl(program.opts().apiUrl);
+        // The program also declares a global --api-key/--api-url; by commander's
+        // parent/child precedence the value lands on the PARENT even when passed
+        // after `login`, leaving opts.apiKey undefined. Read from either place so
+        // `ks auth login --api-key KEY` actually works.
+        let key = opts.apiKey ?? program.opts().apiKey;
         // Device flow when no --api-key. JSON mode requires --api-key (no browser).
         if (!key) {
             if (json) {

package/dist/commands/config-cmd.js

@@ -1,5 +1,16 @@
 import { loadConfig, saveConfig, CONFIG_FILE, DEFAULT_API_URL } from "../config.js";
 import { outputJson } from "../output.js";
+/** Mask a secret so it never lands in logs / CI output in full. */
+function maskKey(v) {
+    const s = String(v ?? "");
+    return s.length > 12 ? `${s.slice(0, 12)}…${s.slice(-2)}` : "****";
+}
+/** Return a copy of the config with secret values masked unless `reveal`. */
+function redactConfig(cfg, reveal) {
+    if (reveal || !cfg.apiKey)
+        return cfg;
+    return { ...cfg, apiKey: maskKey(cfg.apiKey) };
+}
 export function registerConfigCommands(program) {
     const config = program.command("config").description("Manage CLI configuration");
     config
@@ -19,10 +30,13 @@ export function registerConfigCommands(program) {
     config
         .command("get <key>")
         .description("Get a config value")
-        .action((key) => {
+        .option("--reveal", "Show secret values (e.g. apiKey) in full")
+        .action((key, opts) => {
         const json = program.opts().json;
         const cfg = loadConfig();
-        const value = cfg[key];
+        let value = cfg[key];
+        if (key === "apiKey" && value && !opts.reveal)
+            value = maskKey(value);
         if (json) {
             outputJson({ [key]: value ?? null });
         }
@@ -49,11 +63,12 @@ export function registerConfigCommands(program) {
         .command("list")
         .alias("ls")
         .description("Show all config values")
-        .action(() => {
+        .option("--reveal", "Show secret values (e.g. apiKey) in full")
+        .action((opts) => {
         const json = program.opts().json;
         const cfg = loadConfig();
         if (json) {
-            outputJson(cfg);
+            outputJson(redactConfig(cfg, !!opts?.reveal));
         }
         else {
             const entries = Object.entries(cfg);
@@ -62,7 +77,7 @@ export function registerConfigCommands(program) {
             }
             else {
                 for (const [k, v] of entries) {
-                    const display = k === "apiKey" ? String(v).substring(0, 16) + "..." : String(v);
+                    const display = k === "apiKey" && !opts?.reveal ? maskKey(v) : String(v);
                     console.log(`${k.padEnd(12)} ${display}`);
                 }
             }

package/dist/config.d.ts

@@ -19,7 +19,10 @@ export declare function deleteConfig(): void;
  */
 export declare function resolveApiKey(flagKey?: string): string | undefined;
 /**
- * Resolve the API URL.
+ * Resolve the API URL. The resolved endpoint receives the user's API key, so we
+ * refuse anything that isn't https:// (http:// allowed only for localhost) —
+ * this prevents a poisoned env var / config from redirecting the key over an
+ * insecure or unexpected channel (security: M-1).
  */
 export declare function resolveApiUrl(flagUrl?: string): string;
 export { CONFIG_DIR, CONFIG_FILE, DEFAULT_API_URL };

package/dist/config.js

@@ -40,10 +40,27 @@ export function deleteConfig() {
 export function resolveApiKey(flagKey) {
     return process.env.KILL_SWITCH_API_KEY || flagKey || loadConfig().apiKey;
 }
+const LOCAL_HOSTS = new Set(["localhost", "127.0.0.1", "::1", "[::1]"]);
 /**
- * Resolve the API URL.
+ * Resolve the API URL. The resolved endpoint receives the user's API key, so we
+ * refuse anything that isn't https:// (http:// allowed only for localhost) —
+ * this prevents a poisoned env var / config from redirecting the key over an
+ * insecure or unexpected channel (security: M-1).
  */
 export function resolveApiUrl(flagUrl) {
-    return process.env.KILL_SWITCH_API_URL || flagUrl || loadConfig().apiUrl || DEFAULT_API_URL;
+    const url = process.env.KILL_SWITCH_API_URL || flagUrl || loadConfig().apiUrl || DEFAULT_API_URL;
+    let parsed;
+    try {
+        parsed = new URL(url);
+    }
+    catch {
+        throw new Error(`Invalid API URL: "${url}". Set a valid https:// URL.`);
+    }
+    const localhost = LOCAL_HOSTS.has(parsed.hostname);
+    if (parsed.protocol !== "https:" && !(parsed.protocol === "http:" && localhost)) {
+        throw new Error(`Refusing to use API URL "${url}": it must be https:// (http:// allowed only for localhost). ` +
+            `This protects your API key from being sent over an insecure channel.`);
+    }
+    return url;
 }
 export { CONFIG_DIR, CONFIG_FILE, DEFAULT_API_URL };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@kill-switch/cli",
-  "version": "0.3.0",
+  "version": "0.3.2",
   "description": "Kill Switch CLI — monitor cloud spending, kill runaway services from the terminal",
   "type": "module",
   "bin": {
@@ -13,7 +13,7 @@
     "test": "vitest run"
   },
   "dependencies": {
-    "@kill-switch/agent-guard": "^0.1.0",
+    "@kill-switch/agent-guard": "^0.1.1",
     "@kill-switch/sdk": "^0.1.0",
     "chalk": "^5.6.2",
     "commander": "^12.1.0",