@lockr-dev/cli 1.0.0

package/README.md

@@ -0,0 +1,129 @@
+# Lockr CLI
+
+A command-line interface for managing secrets with Lockr.
+
+## Installation
+
+```bash
+npm install -g @lockr/cli
+# or
+npx @lockr/cli
+```
+
+## Authentication
+
+First, create an API token in the Lockr dashboard:
+1. Go to **Integrations** → **API Tokens (Pull)**
+2. Click **Create API Token**
+3. Copy your token
+
+Then authenticate:
+
+```bash
+lockr auth login --token YOUR_API_TOKEN
+# or set the environment variable
+export LOCKR_API_TOKEN=YOUR_API_TOKEN
+```
+
+## Commands
+
+### Pull Secrets
+
+Pull secrets from Lockr to your local environment:
+
+```bash
+# Pull all secrets for production
+lockr pull --env production
+
+# Pull to a specific file
+lockr pull --env production --output .env
+
+# Pull specific keys only
+lockr pull --env production --keys API_KEY,DATABASE_URL
+
+# Output as JSON
+lockr pull --env production --format json
+```
+
+### Run with Secrets
+
+Run a command with secrets injected as environment variables:
+
+```bash
+# Run your app with production secrets
+lockr run --env production -- npm start
+
+# Run with staging secrets
+lockr run --env staging -- docker-compose up
+```
+
+### List Environments
+
+```bash
+lockr envs list
+```
+
+### Whoami
+
+Check your current authentication:
+
+```bash
+lockr whoami
+```
+
+## Configuration
+
+Create a `.lockrrc` file in your project root:
+
+```json
+{
+  "project": "my-project",
+  "defaultEnv": "development"
+}
+```
+
+## CI/CD Usage
+
+### GitHub Actions
+
+```yaml
+steps:
+  - name: Pull secrets
+    run: npx @lockr/cli pull --env production --output .env
+    env:
+      LOCKR_API_TOKEN: ${{ secrets.LOCKR_API_TOKEN }}
+```
+
+### GitLab CI
+
+```yaml
+deploy:
+  script:
+    - npx @lockr/cli pull --env production --output .env
+    - docker build -t myapp .
+  variables:
+    LOCKR_API_TOKEN: $LOCKR_API_TOKEN
+```
+
+### CircleCI
+
+```yaml
+jobs:
+  build:
+    steps:
+      - run:
+          name: Pull secrets
+          command: npx @lockr/cli pull --env production --output .env
+```
+
+## Environment Variables
+
+| Variable | Description |
+|----------|-------------|
+| `LOCKR_API_TOKEN` | Your API token for authentication |
+| `LOCKR_API_URL` | Custom API URL (default: production) |
+| `LOCKR_PROJECT` | Default project to use |
+
+## License
+
+MIT

package/dist/api.d.ts

@@ -0,0 +1,9 @@
+interface PullOptions {
+    environment?: string;
+    keys?: string[];
+    format?: 'json' | 'env' | 'dotenv';
+}
+export declare function fetchSecrets(options: PullOptions): Promise<Record<string, string>>;
+export declare function formatAsEnv(secrets: Record<string, string>): string;
+export declare function formatAsJson(secrets: Record<string, string>): string;
+export {};

package/dist/api.js

@@ -0,0 +1,54 @@
+import { getApiToken, getApiUrl } from './config.js';
+export async function fetchSecrets(options) {
+    const token = getApiToken();
+    if (!token) {
+        throw new Error('Not authenticated. Run `lockr auth login --token YOUR_TOKEN` or set LOCKR_API_TOKEN environment variable.');
+    }
+    const apiUrl = getApiUrl();
+    const url = new URL(`${apiUrl}/pull-secrets`);
+    if (options.environment) {
+        url.searchParams.set('environment', options.environment);
+    }
+    if (options.format) {
+        url.searchParams.set('format', options.format);
+    }
+    if (options.keys && options.keys.length > 0) {
+        url.searchParams.set('keys', options.keys.join(','));
+    }
+    const response = await fetch(url.toString(), {
+        method: 'GET',
+        headers: {
+            'X-API-Key': token,
+            'Content-Type': 'application/json',
+        },
+    });
+    if (!response.ok) {
+        const error = await response.json().catch(() => ({ error: 'Unknown error' }));
+        throw new Error(error.error || error.message || `HTTP ${response.status}`);
+    }
+    // Handle different response formats
+    const contentType = response.headers.get('content-type');
+    if (contentType?.includes('text/plain')) {
+        // .env format - parse it
+        const text = await response.text();
+        const secrets = {};
+        for (const line of text.split('\n')) {
+            const match = line.match(/^([^=]+)="(.*)"/);
+            if (match) {
+                secrets[match[1]] = match[2].replace(/\\"/g, '"');
+            }
+        }
+        return secrets;
+    }
+    // JSON format
+    const data = await response.json();
+    return data.secrets;
+}
+export function formatAsEnv(secrets) {
+    return Object.entries(secrets)
+        .map(([key, value]) => `${key}="${value.replace(/"/g, '\\"')}"`)
+        .join('\n');
+}
+export function formatAsJson(secrets) {
+    return JSON.stringify(secrets, null, 2);
+}

package/dist/commands/auth.d.ts

@@ -0,0 +1,10 @@
+interface LoginOptions {
+    token?: string;
+}
+declare function login(options: LoginOptions): Promise<void>;
+declare function logout(): Promise<void>;
+export declare const authCommand: {
+    login: typeof login;
+    logout: typeof logout;
+};
+export {};

package/dist/commands/auth.js

@@ -0,0 +1,50 @@
+import chalk from 'chalk';
+import ora from 'ora';
+import { setApiToken, clearApiToken, getApiToken, getApiUrl } from '../config.js';
+async function login(options) {
+    const token = options.token || process.env.LOCKR_API_TOKEN;
+    if (!token) {
+        console.error(chalk.red('No token provided.'));
+        console.log('\nUsage:');
+        console.log('  lockr auth login --token YOUR_API_TOKEN');
+        console.log('  # or');
+        console.log('  export LOCKR_API_TOKEN=YOUR_API_TOKEN && lockr auth login');
+        process.exit(1);
+    }
+    const spinner = ora('Validating token...').start();
+    try {
+        // Validate the token by making a request
+        const response = await fetch(`${getApiUrl()}/pull-secrets`, {
+            method: 'GET',
+            headers: {
+                'X-API-Key': token,
+            },
+        });
+        // 404 is OK (no environment specified), 401/403 means bad token
+        if (response.status === 401 || response.status === 403) {
+            throw new Error('Invalid API token');
+        }
+        // Store the token
+        setApiToken(token);
+        spinner.succeed(chalk.green('Successfully authenticated!'));
+        console.log(chalk.dim('\nYour token has been saved. You can now use lockr commands.'));
+    }
+    catch (error) {
+        spinner.fail('Authentication failed');
+        console.error(chalk.red(error.message));
+        process.exit(1);
+    }
+}
+async function logout() {
+    const token = getApiToken();
+    if (!token) {
+        console.log(chalk.yellow('Not currently authenticated.'));
+        return;
+    }
+    clearApiToken();
+    console.log(chalk.green('Successfully logged out.'));
+}
+export const authCommand = {
+    login,
+    logout,
+};

package/dist/commands/envs.d.ts

@@ -0,0 +1 @@
+export declare function envsCommand(): Promise<void>;

package/dist/commands/envs.js

@@ -0,0 +1,10 @@
+import chalk from 'chalk';
+export async function envsCommand() {
+    console.log(chalk.yellow('This command requires project context.'));
+    console.log(chalk.dim('\nEnvironments are fetched from your Lockr project.'));
+    console.log(chalk.dim('Common environments: development, staging, production'));
+    console.log('\nUsage:');
+    console.log('  lockr pull --env development');
+    console.log('  lockr pull --env staging');
+    console.log('  lockr pull --env production');
+}

package/dist/commands/pull.d.ts

@@ -0,0 +1,8 @@
+interface PullCommandOptions {
+    env: string;
+    output?: string;
+    format: 'env' | 'json' | 'dotenv';
+    keys?: string;
+}
+export declare function pullCommand(options: PullCommandOptions): Promise<void>;
+export {};

package/dist/commands/pull.js

@@ -0,0 +1,37 @@
+import chalk from 'chalk';
+import ora from 'ora';
+import fs from 'fs';
+import { fetchSecrets, formatAsEnv, formatAsJson } from '../api.js';
+export async function pullCommand(options) {
+    const spinner = ora(`Pulling secrets from ${chalk.cyan(options.env)}...`).start();
+    try {
+        const keys = options.keys?.split(',').map(k => k.trim()).filter(Boolean);
+        const secrets = await fetchSecrets({
+            environment: options.env,
+            keys,
+            format: options.format === 'json' ? 'json' : 'env',
+        });
+        spinner.succeed(`Pulled ${chalk.green(Object.keys(secrets).length)} secrets`);
+        // Format output
+        let output;
+        if (options.format === 'json') {
+            output = formatAsJson(secrets);
+        }
+        else {
+            output = formatAsEnv(secrets);
+        }
+        // Write to file or stdout
+        if (options.output) {
+            fs.writeFileSync(options.output, output + '\n');
+            console.log(chalk.dim(`Written to ${options.output}`));
+        }
+        else {
+            console.log('\n' + output);
+        }
+    }
+    catch (error) {
+        spinner.fail('Failed to pull secrets');
+        console.error(chalk.red(error.message));
+        process.exit(1);
+    }
+}

package/dist/commands/run.d.ts

@@ -0,0 +1,5 @@
+interface RunCommandOptions {
+    env: string;
+}
+export declare function runCommand(command: string[], options: RunCommandOptions): Promise<void>;
+export {};

package/dist/commands/run.js

@@ -0,0 +1,41 @@
+import chalk from 'chalk';
+import ora from 'ora';
+import { spawn } from 'child_process';
+import { fetchSecrets } from '../api.js';
+export async function runCommand(command, options) {
+    const spinner = ora(`Loading secrets from ${chalk.cyan(options.env)}...`).start();
+    try {
+        const secrets = await fetchSecrets({
+            environment: options.env,
+        });
+        spinner.succeed(`Loaded ${chalk.green(Object.keys(secrets).length)} secrets`);
+        // Get the command and args
+        const [cmd, ...args] = command;
+        if (!cmd) {
+            console.error(chalk.red('No command specified'));
+            process.exit(1);
+        }
+        console.log(chalk.dim(`Running: ${cmd} ${args.join(' ')}\n`));
+        // Spawn the process with secrets as environment variables
+        const child = spawn(cmd, args, {
+            env: {
+                ...process.env,
+                ...secrets,
+            },
+            stdio: 'inherit',
+            shell: true,
+        });
+        child.on('error', (error) => {
+            console.error(chalk.red(`Failed to start process: ${error.message}`));
+            process.exit(1);
+        });
+        child.on('exit', (code) => {
+            process.exit(code ?? 0);
+        });
+    }
+    catch (error) {
+        spinner.fail('Failed to load secrets');
+        console.error(chalk.red(error.message));
+        process.exit(1);
+    }
+}

package/dist/commands/sync.d.ts

@@ -0,0 +1,9 @@
+interface SyncOptions {
+    env?: string;
+    integration?: string;
+    all?: boolean;
+    dryRun?: boolean;
+}
+export declare function syncCommand(options: SyncOptions): Promise<void>;
+export declare function listIntegrationsCommand(): Promise<void>;
+export {};

package/dist/commands/sync.js

@@ -0,0 +1,164 @@
+import chalk from 'chalk';
+import ora from 'ora';
+import { getApiToken, getApiUrl } from '../config.js';
+async function fetchIntegrations() {
+    const token = getApiToken();
+    const apiUrl = getApiUrl();
+    const response = await fetch(`${apiUrl}/integrations`, {
+        method: 'GET',
+        headers: {
+            'X-API-Key': token,
+            'Content-Type': 'application/json',
+        },
+    });
+    if (!response.ok) {
+        const error = await response.json().catch(() => ({ error: 'Unknown error' }));
+        throw new Error(error.error || `HTTP ${response.status}`);
+    }
+    return response.json();
+}
+async function syncIntegration(integrationId, environment) {
+    const token = getApiToken();
+    const apiUrl = getApiUrl();
+    const url = new URL(`${apiUrl}/sync-integration`);
+    url.searchParams.set('integration_id', integrationId);
+    if (environment) {
+        url.searchParams.set('environment', environment);
+    }
+    const response = await fetch(url.toString(), {
+        method: 'POST',
+        headers: {
+            'X-API-Key': token,
+            'Content-Type': 'application/json',
+        },
+    });
+    if (!response.ok) {
+        const error = await response.json().catch(() => ({ error: 'Unknown error' }));
+        return {
+            integration_id: integrationId,
+            integration_name: 'Unknown',
+            status: 'error',
+            error: error.error || `HTTP ${response.status}`,
+        };
+    }
+    return response.json();
+}
+export async function syncCommand(options) {
+    const token = getApiToken();
+    if (!token) {
+        console.error(chalk.red('✗ Not authenticated.'));
+        console.error(chalk.dim('Run `lockr auth login --token YOUR_TOKEN` or set LOCKR_API_TOKEN'));
+        process.exit(1);
+    }
+    const spinner = ora('Fetching integrations...').start();
+    try {
+        const integrations = await fetchIntegrations();
+        if (integrations.length === 0) {
+            spinner.fail('No integrations found');
+            console.log(chalk.dim('\nConnect integrations at https://lockrdev.com/integrations'));
+            process.exit(1);
+        }
+        // Filter integrations if specific one requested
+        let targetIntegrations = integrations.filter(i => i.status === 'connected');
+        if (options.integration) {
+            targetIntegrations = targetIntegrations.filter(i => i.name.toLowerCase().includes(options.integration.toLowerCase()) ||
+                i.provider.toLowerCase() === options.integration.toLowerCase());
+            if (targetIntegrations.length === 0) {
+                spinner.fail(`No matching integration found: ${options.integration}`);
+                console.log(chalk.dim('\nAvailable integrations:'));
+                integrations.forEach(i => {
+                    console.log(chalk.dim(`  - ${i.name} (${i.provider})`));
+                });
+                process.exit(1);
+            }
+        }
+        if (!options.all && targetIntegrations.length > 1 && !options.integration) {
+            spinner.stop();
+            console.log(chalk.yellow('⚠ Multiple integrations found. Use --all to sync all, or --integration to specify one.\n'));
+            console.log('Available integrations:');
+            targetIntegrations.forEach(i => {
+                console.log(`  ${chalk.cyan(i.name)} ${chalk.dim(`(${i.provider})`)}`);
+            });
+            process.exit(1);
+        }
+        if (options.dryRun) {
+            spinner.stop();
+            console.log(chalk.blue('ℹ Dry run mode - no changes will be made\n'));
+            console.log('Would sync to:');
+            targetIntegrations.forEach(i => {
+                console.log(`  ${chalk.cyan(i.name)} ${chalk.dim(`(${i.provider})`)}`);
+            });
+            if (options.env) {
+                console.log(chalk.dim(`\nEnvironment: ${options.env}`));
+            }
+            return;
+        }
+        spinner.text = `Syncing secrets to ${targetIntegrations.length} integration(s)...`;
+        const results = [];
+        for (const integration of targetIntegrations) {
+            spinner.text = `Syncing to ${integration.name}...`;
+            const result = await syncIntegration(integration.id, options.env);
+            result.integration_name = integration.name;
+            results.push(result);
+        }
+        spinner.stop();
+        // Print results
+        console.log(chalk.bold('\nSync Results:\n'));
+        let successCount = 0;
+        let errorCount = 0;
+        for (const result of results) {
+            if (result.status === 'success') {
+                successCount++;
+                console.log(chalk.green('✓'), chalk.bold(result.integration_name), chalk.dim(`- ${result.secrets_synced || 0} secrets synced`));
+            }
+            else {
+                errorCount++;
+                console.log(chalk.red('✗'), chalk.bold(result.integration_name), chalk.red(`- ${result.error}`));
+            }
+        }
+        console.log('');
+        if (errorCount > 0) {
+            console.log(chalk.yellow(`⚠ ${successCount} succeeded, ${errorCount} failed`));
+            process.exit(1);
+        }
+        else {
+            console.log(chalk.green(`✓ Successfully synced to ${successCount} integration(s)`));
+        }
+    }
+    catch (error) {
+        spinner.fail('Sync failed');
+        console.error(chalk.red(error instanceof Error ? error.message : 'Unknown error'));
+        process.exit(1);
+    }
+}
+// List available integrations
+export async function listIntegrationsCommand() {
+    const token = getApiToken();
+    if (!token) {
+        console.error(chalk.red('✗ Not authenticated.'));
+        process.exit(1);
+    }
+    const spinner = ora('Fetching integrations...').start();
+    try {
+        const integrations = await fetchIntegrations();
+        spinner.stop();
+        if (integrations.length === 0) {
+            console.log(chalk.yellow('No integrations configured'));
+            console.log(chalk.dim('\nConnect integrations at https://lockrdev.com/integrations'));
+            return;
+        }
+        console.log(chalk.bold('\nConfigured Integrations:\n'));
+        for (const integration of integrations) {
+            const statusIcon = integration.status === 'connected'
+                ? chalk.green('●')
+                : chalk.yellow('○');
+            console.log(`  ${statusIcon} ${chalk.bold(integration.name)}`, chalk.dim(`(${integration.provider})`), chalk.dim(`- ${integration.status}`));
+        }
+        console.log('');
+    }
+    catch (error) {
+        spinner.fail('Failed to fetch integrations');
+        console.error(chalk.red(error instanceof Error ? error.message : 'Unknown error'));
+        process.exit(1);
+    }
+}

package/dist/commands/whoami.d.ts

@@ -0,0 +1 @@
+export declare function whoamiCommand(): Promise<void>;

package/dist/commands/whoami.js

@@ -0,0 +1,13 @@
+import chalk from 'chalk';
+import { getApiToken, getApiUrl } from '../config.js';
+export async function whoamiCommand() {
+    const token = getApiToken();
+    if (!token) {
+        console.log(chalk.yellow('Not authenticated.'));
+        console.log(chalk.dim('\nRun `lockr auth login --token YOUR_TOKEN` to authenticate.'));
+        return;
+    }
+    console.log(chalk.green('✓ Authenticated'));
+    console.log(chalk.dim(`Token: ${token.substring(0, 8)}...`));
+    console.log(chalk.dim(`API URL: ${getApiUrl()}`));
+}

package/dist/config.d.ts

@@ -0,0 +1,13 @@
+import Conf from 'conf';
+interface Config {
+    apiToken?: string;
+    apiUrl: string;
+    project?: string;
+}
+declare const config: Conf<Config>;
+export declare function getApiToken(): string | undefined;
+export declare function setApiToken(token: string): void;
+export declare function clearApiToken(): void;
+export declare function getApiUrl(): string;
+export declare function getProject(): string | undefined;
+export { config };

package/dist/config.js

@@ -0,0 +1,23 @@
+import Conf from 'conf';
+const config = new Conf({
+    projectName: 'lockr-cli',
+    defaults: {
+        apiUrl: 'https://cqtzvcifscaqxuieqhsn.supabase.co/functions/v1',
+    },
+});
+export function getApiToken() {
+    return process.env.LOCKR_API_TOKEN || config.get('apiToken');
+}
+export function setApiToken(token) {
+    config.set('apiToken', token);
+}
+export function clearApiToken() {
+    config.delete('apiToken');
+}
+export function getApiUrl() {
+    return process.env.LOCKR_API_URL || config.get('apiUrl');
+}
+export function getProject() {
+    return process.env.LOCKR_PROJECT || config.get('project');
+}
+export { config };

package/dist/index.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};

package/dist/index.js

@@ -0,0 +1,67 @@
+#!/usr/bin/env node
+import { Command } from 'commander';
+import { pullCommand } from './commands/pull.js';
+import { runCommand } from './commands/run.js';
+import { authCommand } from './commands/auth.js';
+import { envsCommand } from './commands/envs.js';
+import { whoamiCommand } from './commands/whoami.js';
+import { syncCommand, listIntegrationsCommand } from './commands/sync.js';
+const program = new Command();
+program
+    .name('lockr')
+    .description('CLI for managing secrets with Lockr')
+    .version('1.0.0');
+// Pull secrets command
+program
+    .command('pull')
+    .description('Pull secrets from Lockr')
+    .option('-e, --env <environment>', 'Environment to pull from', 'development')
+    .option('-o, --output <file>', 'Output file path (default: stdout)')
+    .option('-f, --format <format>', 'Output format: env, json, dotenv', 'env')
+    .option('-k, --keys <keys>', 'Comma-separated list of specific keys to pull')
+    .action(pullCommand);
+// Run with secrets command
+program
+    .command('run')
+    .description('Run a command with secrets injected as environment variables')
+    .option('-e, --env <environment>', 'Environment to use', 'development')
+    .argument('<command...>', 'Command to run')
+    .action(runCommand);
+// Auth commands
+const auth = program
+    .command('auth')
+    .description('Authentication commands');
+auth
+    .command('login')
+    .description('Authenticate with Lockr')
+    .option('-t, --token <token>', 'API token')
+    .action(authCommand.login);
+auth
+    .command('logout')
+    .description('Remove stored credentials')
+    .action(authCommand.logout);
+// Environments command
+program
+    .command('envs')
+    .description('List available environments')
+    .action(envsCommand);
+// Whoami command
+program
+    .command('whoami')
+    .description('Show current authentication status')
+    .action(whoamiCommand);
+// Sync command
+program
+    .command('sync')
+    .description('Sync secrets to connected integrations (for CI/CD)')
+    .option('-e, --env <environment>', 'Environment to sync from', 'production')
+    .option('-i, --integration <name>', 'Specific integration to sync to')
+    .option('-a, --all', 'Sync to all connected integrations')
+    .option('--dry-run', 'Show what would be synced without making changes')
+    .action(syncCommand);
+// Integrations command
+program
+    .command('integrations')
+    .description('List configured integrations')
+    .action(listIntegrationsCommand);
+program.parse();

package/package.json

@@ -0,0 +1,59 @@
+{
+  "name": "@lockr-dev/cli",
+  "version": "1.0.0",
+  "description": "Command-line interface for Lockr secrets management - securely pull, sync, and inject environment variables",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "type": "module",
+  "bin": {
+    "lockr": "./dist/index.js"
+  },
+  "files": [
+    "dist",
+    "README.md"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "dev": "ts-node src/index.ts",
+    "prepublishOnly": "npm run build",
+    "test": "echo \"No tests yet\" && exit 0"
+  },
+  "keywords": [
+    "secrets",
+    "environment",
+    "cli",
+    "lockr",
+    "env",
+    "configuration",
+    "dotenv",
+    "secrets-management",
+    "environment-variables",
+    "devops",
+    "ci-cd"
+  ],
+  "author": "LockrDev <hello@lockrdev.com>",
+  "license": "MIT",
+  "homepage": "https://lockrdev.com",
+  "bugs": {
+    "url": "https://github.com/lockrdev/cli/issues"
+  },
+  "dependencies": {
+    "commander": "^11.1.0",
+    "chalk": "^5.3.0",
+    "ora": "^8.0.1",
+    "conf": "^12.0.0",
+    "dotenv": "^16.3.1"
+  },
+  "devDependencies": {
+    "@types/node": "^20.10.0",
+    "typescript": "^5.3.0",
+    "ts-node": "^10.9.2"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/lockrdev/cli.git"
+  }
+}