@lifestreamdynamics/vault-cli 1.0.0

package/dist/client.d.ts

@@ -0,0 +1,12 @@
+import { LifestreamVaultClient } from '@lifestreamdynamics/vault-sdk';
+/**
+ * Create an SDK client from CLI configuration.
+ * Supports both API key and JWT (access + refresh token) authentication.
+ * When using JWT tokens, auto-refresh is enabled and new tokens are persisted.
+ */
+export declare function getClient(): LifestreamVaultClient;
+/**
+ * Create an SDK client from async config resolution (secure credential manager).
+ * This resolves credentials from keychain/encrypted storage.
+ */
+export declare function getClientAsync(): Promise<LifestreamVaultClient>;

package/dist/client.js

@@ -0,0 +1,79 @@
+import { LifestreamVaultClient } from '@lifestreamdynamics/vault-sdk';
+import { loadConfig, loadConfigAsync, getCredentialManager } from './config.js';
+import chalk from 'chalk';
+/**
+ * Create an SDK client from CLI configuration.
+ * Supports both API key and JWT (access + refresh token) authentication.
+ * When using JWT tokens, auto-refresh is enabled and new tokens are persisted.
+ */
+export function getClient() {
+    const config = loadConfig();
+    // JWT auth mode: use access + refresh tokens
+    if (config.accessToken) {
+        return new LifestreamVaultClient({
+            baseUrl: config.apiUrl,
+            accessToken: config.accessToken,
+            refreshToken: config.refreshToken,
+            onTokenRefresh: async (tokens) => {
+                // Persist refreshed tokens to secure storage
+                try {
+                    const cm = getCredentialManager();
+                    await cm.saveCredentials({
+                        accessToken: tokens.accessToken,
+                    });
+                }
+                catch {
+                    // Best-effort persistence; don't break the request
+                }
+            },
+        });
+    }
+    // API key auth mode
+    if (config.apiKey) {
+        return new LifestreamVaultClient({
+            baseUrl: config.apiUrl,
+            apiKey: config.apiKey,
+        });
+    }
+    console.error(chalk.red('No credentials configured.'));
+    console.error('Run: lsvault auth login --api-key <key>');
+    console.error('  or: lsvault auth login --email <email>');
+    console.error('Or set LSVAULT_API_KEY environment variable');
+    process.exit(1);
+}
+/**
+ * Create an SDK client from async config resolution (secure credential manager).
+ * This resolves credentials from keychain/encrypted storage.
+ */
+export async function getClientAsync() {
+    const config = await loadConfigAsync();
+    if (config.accessToken) {
+        return new LifestreamVaultClient({
+            baseUrl: config.apiUrl,
+            accessToken: config.accessToken,
+            refreshToken: config.refreshToken,
+            onTokenRefresh: async (tokens) => {
+                try {
+                    const cm = getCredentialManager();
+                    await cm.saveCredentials({
+                        accessToken: tokens.accessToken,
+                    });
+                }
+                catch {
+                    // Best-effort
+                }
+            },
+        });
+    }
+    if (config.apiKey) {
+        return new LifestreamVaultClient({
+            baseUrl: config.apiUrl,
+            apiKey: config.apiKey,
+        });
+    }
+    console.error(chalk.red('No credentials configured.'));
+    console.error('Run: lsvault auth login --api-key <key>');
+    console.error('  or: lsvault auth login --email <email>');
+    console.error('Or set LSVAULT_API_KEY environment variable');
+    process.exit(1);
+}

package/dist/commands/admin.d.ts

@@ -0,0 +1,2 @@
+import type { Command } from 'commander';
+export declare function registerAdminCommands(program: Command): void;

package/dist/commands/admin.js

@@ -0,0 +1,263 @@
+import chalk from 'chalk';
+import { getClient } from '../client.js';
+import { addGlobalFlags, resolveFlags } from '../utils/flags.js';
+import { createOutput, handleError } from '../utils/output.js';
+import { formatBytes, formatUptime } from '../utils/format.js';
+export function registerAdminCommands(program) {
+    const admin = program.command('admin').description('System administration (requires admin role)');
+    // ── System Stats ────────────────────────────────────────────────────
+    const stats = admin.command('stats').description('View system-wide statistics and metrics');
+    const statsAction = async (_opts) => {
+        const flags = resolveFlags(_opts);
+        const out = createOutput(flags);
+        out.startSpinner('Fetching system stats...');
+        try {
+            const client = getClient();
+            const data = await client.admin.getStats();
+            out.stopSpinner();
+            out.record({
+                totalUsers: data.totalUsers,
+                activeUsers: data.activeUsers,
+                totalVaults: data.totalVaults,
+                totalDocuments: data.totalDocuments,
+                totalStorageBytes: flags.output === 'text' ? formatBytes(data.totalStorageBytes) : data.totalStorageBytes,
+            });
+        }
+        catch (err) {
+            handleError(out, err, 'Failed to fetch system stats');
+        }
+    };
+    addGlobalFlags(stats.command('overview')
+        .description('Show system-wide statistics'))
+        .action(statsAction);
+    addGlobalFlags(stats)
+        .action(statsAction);
+    addGlobalFlags(stats.command('timeseries')
+        .description('Show timeseries data for a metric')
+        .requiredOption('--metric <metric>', 'Metric: signups, documents, or storage')
+        .requiredOption('--period <period>', 'Period: 7d, 30d, or 90d'))
+        .action(async (_opts) => {
+        const flags = resolveFlags(_opts);
+        const out = createOutput(flags);
+        out.startSpinner('Fetching timeseries data...');
+        try {
+            const client = getClient();
+            const data = await client.admin.getTimeseries(String(_opts.metric), String(_opts.period));
+            out.stopSpinner();
+            if (flags.output === 'text') {
+                out.status(`${chalk.dim('Metric:')} ${data.metric}  ${chalk.dim('Period:')} ${data.period}`);
+            }
+            out.list(data.data.map((point) => ({
+                date: point.date,
+                value: point.value,
+            })), {
+                emptyMessage: 'No data points found.',
+                columns: [
+                    { key: 'date', header: 'Date' },
+                    { key: 'value', header: 'Value' },
+                ],
+                textFn: (p) => {
+                    const bar = '#'.repeat(Math.min(Number(p.value), 50));
+                    return `  ${String(p.date)}  ${String(p.value).padStart(6)}  ${chalk.cyan(bar)}`;
+                },
+            });
+        }
+        catch (err) {
+            handleError(out, err, 'Failed to fetch timeseries data');
+        }
+    });
+    // ── User Management ─────────────────────────────────────────────────
+    const users = admin.command('users').description('List, inspect, and update user accounts');
+    addGlobalFlags(users.command('list')
+        .description('List users')
+        .option('--page <number>', 'Page number', parseInt)
+        .option('--limit <number>', 'Results per page', parseInt)
+        .option('--search <query>', 'Search by name or email')
+        .option('--tier <tier>', 'Filter by tier (free, pro, business)'))
+        .action(async (_opts) => {
+        const flags = resolveFlags(_opts);
+        const out = createOutput(flags);
+        out.startSpinner('Fetching users...');
+        try {
+            const client = getClient();
+            const result = await client.admin.listUsers({
+                page: _opts.page,
+                limit: _opts.limit,
+                search: _opts.search,
+                tier: _opts.tier,
+            });
+            out.stopSpinner();
+            if (flags.output === 'text') {
+                out.status(`${chalk.dim('Total:')} ${result.total}  ${chalk.dim('Page:')} ${result.page}  ${chalk.dim('Limit:')} ${result.limit}`);
+            }
+            out.list(result.users.map(u => ({
+                email: u.email,
+                id: u.id,
+                name: u.name || '',
+                role: u.role,
+                subscriptionTier: u.subscriptionTier,
+                isActive: u.isActive,
+            })), {
+                emptyMessage: 'No users found.',
+                columns: [
+                    { key: 'email', header: 'Email' },
+                    { key: 'name', header: 'Name' },
+                    { key: 'role', header: 'Role' },
+                    { key: 'subscriptionTier', header: 'Tier' },
+                    { key: 'isActive', header: 'Active' },
+                ],
+                textFn: (u) => {
+                    const active = u.isActive ? chalk.green('active') : chalk.red('inactive');
+                    const name = u.name || chalk.dim('no name');
+                    return `  ${chalk.cyan(String(u.email))} ${chalk.dim(`(${String(u.id)})`)} -- ${name} -- ${chalk.magenta(String(u.role))} -- ${String(u.subscriptionTier)} -- ${active}`;
+                },
+            });
+        }
+        catch (err) {
+            handleError(out, err, 'Failed to fetch users');
+        }
+    });
+    addGlobalFlags(users.command('get')
+        .description('Get user details')
+        .argument('<userId>', 'User ID'))
+        .action(async (userId, _opts) => {
+        const flags = resolveFlags(_opts);
+        const out = createOutput(flags);
+        out.startSpinner('Fetching user...');
+        try {
+            const client = getClient();
+            const user = await client.admin.getUser(userId);
+            out.stopSpinner();
+            out.record({
+                email: user.email,
+                id: user.id,
+                name: user.name,
+                role: user.role,
+                isActive: user.isActive,
+                subscriptionTier: user.subscriptionTier,
+                vaultCount: user.vaultCount,
+                documentCount: user.documentCount,
+                storageBytes: flags.output === 'text' ? formatBytes(user.storageBytes) : user.storageBytes,
+                createdAt: user.createdAt,
+                updatedAt: user.updatedAt,
+            });
+        }
+        catch (err) {
+            handleError(out, err, 'Failed to fetch user');
+        }
+    });
+    addGlobalFlags(users.command('update')
+        .description('Update a user')
+        .argument('<userId>', 'User ID')
+        .option('--role <role>', 'Set role (user or admin)')
+        .option('--active', 'Set user as active')
+        .option('--inactive', 'Set user as inactive'))
+        .action(async (userId, _opts) => {
+        const flags = resolveFlags(_opts);
+        const out = createOutput(flags);
+        const params = {};
+        if (_opts.role)
+            params.role = _opts.role;
+        if (_opts.active)
+            params.isActive = true;
+        if (_opts.inactive)
+            params.isActive = false;
+        if (Object.keys(params).length === 0) {
+            out.error('No updates specified. Use --role, --active, or --inactive.');
+            process.exitCode = 2;
+            return;
+        }
+        out.startSpinner('Updating user...');
+        try {
+            const client = getClient();
+            const updated = await client.admin.updateUser(userId, params);
+            out.success(`User updated: ${chalk.cyan(updated.email)} -- ${chalk.magenta(updated.role)} -- ${updated.isActive ? chalk.green('active') : chalk.red('inactive')}`, {
+                email: updated.email,
+                role: updated.role,
+                isActive: updated.isActive,
+            });
+        }
+        catch (err) {
+            handleError(out, err, 'Failed to update user');
+        }
+    });
+    // ── Activity ────────────────────────────────────────────────────────
+    addGlobalFlags(admin.command('activity')
+        .description('Show recent system-wide activity events')
+        .option('--limit <number>', 'Number of entries (default: 20)', parseInt))
+        .action(async (_opts) => {
+        const flags = resolveFlags(_opts);
+        const out = createOutput(flags);
+        out.startSpinner('Fetching activity...');
+        try {
+            const client = getClient();
+            const activity = await client.admin.getActivity(_opts.limit);
+            out.stopSpinner();
+            out.list(activity.map(a => ({
+                createdAt: a.createdAt,
+                type: a.type,
+                userId: a.userId,
+                path: a.path || null,
+            })), {
+                emptyMessage: 'No recent activity.',
+                columns: [
+                    { key: 'createdAt', header: 'Time' },
+                    { key: 'type', header: 'Type' },
+                    { key: 'userId', header: 'User' },
+                    { key: 'path', header: 'Path' },
+                ],
+                textFn: (a) => {
+                    const pathStr = a.path || chalk.dim('n/a');
+                    return `  ${String(a.createdAt)}  ${chalk.magenta(String(a.type).padEnd(8))}  ${chalk.dim(String(a.userId))}  ${pathStr}`;
+                },
+            });
+        }
+        catch (err) {
+            handleError(out, err, 'Failed to fetch activity');
+        }
+    });
+    // ── Subscriptions ───────────────────────────────────────────────────
+    addGlobalFlags(admin.command('subscriptions')
+        .description('Show subscription tier distribution across all users'))
+        .action(async (_opts) => {
+        const flags = resolveFlags(_opts);
+        const out = createOutput(flags);
+        out.startSpinner('Fetching subscription summary...');
+        try {
+            const client = getClient();
+            const summary = await client.admin.getSubscriptionSummary();
+            out.stopSpinner();
+            out.record({
+                free: summary.free,
+                pro: summary.pro,
+                business: summary.business,
+                total: summary.total,
+            });
+        }
+        catch (err) {
+            handleError(out, err, 'Failed to fetch subscription summary');
+        }
+    });
+    // ── Health ──────────────────────────────────────────────────────────
+    addGlobalFlags(admin.command('health')
+        .description('Check database, Redis, and overall system health'))
+        .action(async (_opts) => {
+        const flags = resolveFlags(_opts);
+        const out = createOutput(flags);
+        out.startSpinner('Checking system health...');
+        try {
+            const client = getClient();
+            const health = await client.admin.getHealth();
+            out.stopSpinner();
+            out.record({
+                status: health.status,
+                database: health.database,
+                redis: health.redis,
+                uptime: flags.output === 'text' ? formatUptime(health.uptime) : health.uptime,
+            });
+        }
+        catch (err) {
+            handleError(out, err, 'Failed to check system health');
+        }
+    });
+}

package/dist/commands/audit.d.ts

@@ -0,0 +1,2 @@
+import type { Command } from 'commander';
+export declare function registerAuditCommands(program: Command): void;

package/dist/commands/audit.js

@@ -0,0 +1,119 @@
+import chalk from 'chalk';
+import fs from 'node:fs';
+import path from 'node:path';
+import os from 'node:os';
+import { AuditLogger } from '@lifestreamdynamics/vault-sdk';
+import { addGlobalFlags, resolveFlags } from '../utils/flags.js';
+import { createOutput, handleError } from '../utils/output.js';
+const DEFAULT_LOG_PATH = path.join(os.homedir(), '.lsvault', 'audit.log');
+export function registerAuditCommands(program) {
+    const audit = program.command('audit').description('View and export local API request audit logs');
+    addGlobalFlags(audit.command('log')
+        .description('View recent audit log entries with optional filters')
+        .option('--tail <n>', 'Show last N entries', parseInt)
+        .option('--status <code>', 'Filter by HTTP status code', parseInt)
+        .option('--since <date>', 'Show entries since date (ISO 8601)')
+        .option('--until <date>', 'Show entries until date (ISO 8601)')
+        .option('--log-path <path>', 'Path to audit log file')
+        .addHelpText('after', `
+EXAMPLES
+  lsvault audit log --tail 20
+  lsvault audit log --status 401 --since 2025-01-01
+  lsvault audit log --since 2025-01-01 --until 2025-01-31`))
+        .action(async (_opts) => {
+        const flags = resolveFlags(_opts);
+        const out = createOutput(flags);
+        try {
+            const logger = new AuditLogger({ logPath: String(_opts.logPath || DEFAULT_LOG_PATH) });
+            const entries = logger.readEntries({
+                tail: _opts.tail,
+                status: _opts.status,
+                since: _opts.since,
+                until: _opts.until,
+            });
+            out.list(entries.map(e => ({
+                timestamp: e.timestamp,
+                method: e.method,
+                path: e.path,
+                status: e.status,
+                durationMs: e.durationMs,
+            })), {
+                emptyMessage: 'No audit log entries found.',
+                columns: [
+                    { key: 'timestamp', header: 'Timestamp' },
+                    { key: 'method', header: 'Method' },
+                    { key: 'path', header: 'Path' },
+                    { key: 'status', header: 'Status' },
+                    { key: 'durationMs', header: 'Duration (ms)' },
+                ],
+                textFn: (e) => {
+                    const statusColor = getStatusColor(Number(e.status));
+                    return `${chalk.dim(String(e.timestamp))} ${chalk.bold(String(e.method).padEnd(7))} ${String(e.path)} ${statusColor(String(e.status))} ${chalk.dim(`${String(e.durationMs)}ms`)}`;
+                },
+            });
+            if (flags.output === 'text' && entries.length > 0) {
+                out.status(chalk.dim(`\n${entries.length} entries shown`));
+            }
+        }
+        catch (err) {
+            handleError(out, err, 'Failed to read audit log');
+        }
+    });
+    addGlobalFlags(audit.command('export')
+        .description('Export audit log entries to a CSV file or stdout')
+        .option('--format <format>', 'Export format (csv)', 'csv')
+        .option('--file <file>', 'Output file path')
+        .option('--status <code>', 'Filter by HTTP status code', parseInt)
+        .option('--since <date>', 'Show entries since date (ISO 8601)')
+        .option('--until <date>', 'Show entries until date (ISO 8601)')
+        .option('--log-path <path>', 'Path to audit log file'))
+        .action(async (_opts) => {
+        const flags = resolveFlags(_opts);
+        const out = createOutput(flags);
+        try {
+            if (_opts.format !== 'csv') {
+                out.error(`Unsupported format: ${String(_opts.format)}. Only 'csv' is supported.`);
+                process.exitCode = 2;
+                return;
+            }
+            const logger = new AuditLogger({ logPath: String(_opts.logPath || DEFAULT_LOG_PATH) });
+            const entries = logger.readEntries({
+                status: _opts.status,
+                since: _opts.since,
+                until: _opts.until,
+            });
+            if (entries.length === 0) {
+                out.status('No audit log entries to export.');
+                return;
+            }
+            const csv = logger.exportCsv(entries);
+            if (_opts.file) {
+                const outputPath = String(_opts.file);
+                const outputDir = path.dirname(outputPath);
+                if (!fs.existsSync(outputDir)) {
+                    fs.mkdirSync(outputDir, { recursive: true });
+                }
+                fs.writeFileSync(outputPath, csv, 'utf-8');
+                out.success(`Exported ${entries.length} entries to ${outputPath}`, {
+                    entries: entries.length,
+                    path: outputPath,
+                });
+            }
+            else {
+                out.raw(csv);
+            }
+        }
+        catch (err) {
+            handleError(out, err, 'Failed to export audit log');
+        }
+    });
+}
+function getStatusColor(status) {
+    if (status >= 500)
+        return chalk.red;
+    if (status >= 400)
+        return chalk.yellow;
+    if (status >= 300)
+        return chalk.cyan;
+    return chalk.green;
+}

package/dist/commands/auth.d.ts

@@ -0,0 +1,2 @@
+import type { Command } from 'commander';
+export declare function registerAuthCommands(program: Command): void;