@nightlybuildgroup/vault 1.1.2 → 1.2.0

package/README.md

@@ -30,6 +30,8 @@ password. Credentials are verified against the server before anything is saved.
 nbg-pw get "GitHub"                 # prints the password
 nbg-pw get "GitHub" --field username   # a built-in field
 nbg-pw get "GitHub" --custom apiToken  # a custom field, looked up by name
+nbg-pw get "My Visa" --field number    # a credit-card field (see below)
+nbg-pw list "My Visa"               # show an item's field names + types, no values
 nbg-pw serve --port 8087            # local bw REST API for fast repeated reads
 nbg-pw status                       # presence + auth state (no secrets)
 nbg-pw doctor                       # diagnose bw / Keychain / connectivity
@@ -37,6 +39,35 @@ nbg-pw logout                       # lock the session
 nbg-pw reset                        # log out and delete stored credentials
 ```
 
+### Credit-card items
+
+Credit cards have no username or password — just card data. `bw` has no native
+getter for those, so `nbg-pw` reads them from the item and exposes each as a
+`--field`:
+
+```sh
+nbg-pw get "My Visa" --field number       # card number
+nbg-pw get "My Visa" --field cvv           # security code (alias: code)
+nbg-pw get "My Visa" --field expiration    # "MM/YYYY" (alias: exp)
+nbg-pw get "My Visa" --field cardholder    # cardholder name
+nbg-pw get "My Visa" --field brand         # e.g. Visa
+```
+
+### Discovering fields with `list`
+
+Not sure what a custom field is called, or which fields an item has? `list`
+prints the item type, the built-in fields you can `get`, and every custom field
+name with its type — **never any values**:
+
+```sh
+$ nbg-pw list "My Visa"
+Type: card
+Built-in: number, cvv, expiration, cardholder, brand
+Custom fields:
+  billingZip  (text)
+  pin         (hidden)
+```
+
 ### Reading custom fields over `serve`
 
 `serve` is a thin wrapper around Bitwarden's own `bw serve` REST API, which has

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nightlybuildgroup/vault",
-  "version": "1.1.2",
+  "version": "1.2.0",
   "description": "Store Vaultwarden/Bitwarden credentials in the macOS Keychain and read secrets back for local agents.",
   "type": "module",
   "bin": {

package/src/bw.js

@@ -51,17 +51,57 @@ export async function getItem({ item, field, session }, deps = {}) {
   return stdout.replace(/\n$/, '');
 }
 
-export async function getCustomField({ item, name, session }, deps = {}) {
+export async function getItemJson({ item, session }, deps = {}) {
   const run = deps.run ?? realRun;
   const { stdout } = await run('bw', ['get', 'item', item], {
     env: { BW_SESSION: session },
   });
-  const parsed = JSON.parse(stdout);
+  return JSON.parse(stdout);
+}
+
+export async function getCustomField({ item, name, session }, deps = {}) {
+  const parsed = await getItemJson({ item, session }, deps);
   const match = (parsed.fields ?? []).find((f) => f.name === name);
   if (!match) throw new Error(`item "${item}" has no custom field "${name}"`);
   return match.value;
 }
 
+// Credit-card items have no native `bw get <field>` getter, so card fields are
+// read from the item's `card` object. Maps user-facing field names (and a few
+// aliases) onto the bw card-object keys; `expiration` is computed, not a key.
+const CARD_FIELD_ALIASES = {
+  number: 'number',
+  cvv: 'code',
+  code: 'code',
+  securitycode: 'code',
+  expiration: 'expiration',
+  exp: 'expiration',
+  cardholder: 'cardholderName',
+  cardholdername: 'cardholderName',
+  brand: 'brand',
+};
+
+export function isCardField(field) {
+  return Object.prototype.hasOwnProperty.call(CARD_FIELD_ALIASES, String(field).toLowerCase());
+}
+
+export async function getCardField({ item, field, session }, deps = {}) {
+  const parsed = await getItemJson({ item, session }, deps);
+  const card = parsed.card;
+  if (!card) throw new Error(`item "${item}" is not a credit card`);
+  const key = CARD_FIELD_ALIASES[String(field).toLowerCase()];
+  if (key === 'expiration') {
+    if (!card.expMonth && !card.expYear) throw new Error(`item "${item}" has no expiration date`);
+    const mm = String(card.expMonth ?? '').padStart(2, '0');
+    return `${mm}/${card.expYear ?? ''}`;
+  }
+  const value = card[key];
+  if (value === undefined || value === null || value === '') {
+    throw new Error(`item "${item}" has no ${field}`);
+  }
+  return String(value);
+}
+
 export async function status(deps = {}) {
   const run = deps.run ?? realRun;
   const { stdout } = await run('bw', ['status']);

package/src/cli.js

@@ -5,6 +5,7 @@ Usage: nbg-pw <command> [options]
 Commands:
   setup     Interactive wizard: store your Vaultwarden credentials in the Keychain
   get       Fetch a secret value (e.g. nbg-pw get "GitHub" --field password)
+  list      Show an item's field names + types, no values (nbg-pw list "My Visa")
   serve     Start a local bw API daemon (unlocked) for fast repeated reads
   status    Show config + auth state (no secret values)
   doctor    Diagnose bw / Keychain / server connectivity (--fix resets a wedged bw session)
@@ -45,9 +46,10 @@ export async function runCli(argv, deps = {}) {
 }
 
 async function loadCommands() {
-  const [setup, get, status, doctor, serve, reset] = await Promise.all([
+  const [setup, get, list, status, doctor, serve, reset] = await Promise.all([
     import('./commands/setup.js'),
     import('./commands/get.js'),
+    import('./commands/list.js'),
     import('./commands/status.js'),
     import('./commands/doctor.js'),
     import('./commands/serve.js'),
@@ -56,6 +58,7 @@ async function loadCommands() {
   return {
     setup: setup.default,
     get: get.default,
+    list: list.default,
     status: status.default,
     doctor: doctor.default,
     serve: serve.default,

package/src/commands/get.js

@@ -20,7 +20,7 @@ export function parseGetArgs(args) {
     }
     else if (!item) { item = args[i]; }
   }
-  if (!item) throw new Error('usage: nbg-pw get <item> [--field password|username|uri|notes] [--custom <name>]');
+  if (!item) throw new Error('usage: nbg-pw get <item> [--field password|username|uri|notes|number|cvv|expiration|cardholder|brand] [--custom <name>]');
   if (fieldGiven && custom !== null) throw new Error('--field and --custom are mutually exclusive');
   const result = { item, field };
   if (custom !== null) result.custom = custom;
@@ -38,9 +38,14 @@ export async function runGet(args, deps) {
   }
 
   const session = await bw.ensureSession(config);
-  const value = custom !== undefined
-    ? await bw.getCustomField({ item, name: custom, session })
-    : await bw.getItem({ item, field, session });
+  let value;
+  if (custom !== undefined) {
+    value = await bw.getCustomField({ item, name: custom, session });
+  } else if (bw.isCardField?.(field)) {
+    value = await bw.getCardField({ item, field, session });
+  } else {
+    value = await bw.getItem({ item, field, session });
+  }
   out(value + '\n');
   return 0;
 }

package/src/commands/list.js

@@ -0,0 +1,85 @@
+import * as bwModule from '../bw.js';
+import * as keychainModule from '../keychain.js';
+
+const ITEM_TYPES = { 1: 'login', 2: 'note', 3: 'card', 4: 'identity' };
+const FIELD_TYPE_LABELS = { 0: 'text', 1: 'hidden', 2: 'boolean', 3: 'linked' };
+
+export function parseListArgs(args) {
+  let item = null;
+  for (const a of args) {
+    if (!item) item = a;
+  }
+  if (!item) throw new Error('usage: nbg-pw list <item>');
+  return { item };
+}
+
+// The built-in (non-custom) fields you can `nbg-pw get` for this item — only the
+// ones actually populated, so the list mirrors what a `get` would return.
+function builtinFields(parsed) {
+  if (parsed.type === 3 && parsed.card) {
+    const c = parsed.card;
+    return [
+      c.number && 'number',
+      c.code && 'cvv',
+      (c.expMonth || c.expYear) && 'expiration',
+      c.cardholderName && 'cardholder',
+      c.brand && 'brand',
+    ].filter(Boolean);
+  }
+  if (parsed.type === 1 && parsed.login) {
+    const l = parsed.login;
+    return [
+      l.username && 'username',
+      l.password && 'password',
+      l.uris && l.uris.length && 'uri',
+      l.totp && 'totp',
+      parsed.notes && 'notes',
+    ].filter(Boolean);
+  }
+  return parsed.notes ? ['notes'] : [];
+}
+
+export function formatItem(parsed) {
+  const lines = [`Type: ${ITEM_TYPES[parsed.type] ?? `unknown (${parsed.type})`}`];
+
+  const builtin = builtinFields(parsed);
+  if (builtin.length) lines.push(`Built-in: ${builtin.join(', ')}`);
+
+  const fields = parsed.fields ?? [];
+  if (fields.length === 0) {
+    lines.push('Custom fields: (none)');
+  } else {
+    lines.push('Custom fields:');
+    const width = Math.max(...fields.map((f) => f.name.length));
+    for (const f of fields) {
+      const label = FIELD_TYPE_LABELS[f.type] ?? `type ${f.type}`;
+      lines.push(`  ${f.name.padEnd(width)}  (${label})`);
+    }
+  }
+  return lines.join('\n') + '\n';
+}
+
+export async function runList(args, deps) {
+  const { keychain, bw, out, err } = deps;
+  const { item } = parseListArgs(args);
+
+  const config = await keychain.readConfig();
+  if (!config) {
+    err('No stored credentials. Run "nbg-pw setup" first.\n');
+    return 1;
+  }
+
+  const session = await bw.ensureSession(config);
+  const parsed = await bw.getItemJson({ item, session });
+  out(formatItem(parsed));
+  return 0;
+}
+
+export default async function list(args) {
+  return runList(args, {
+    keychain: keychainModule,
+    bw: bwModule,
+    out: (s) => process.stdout.write(s),
+    err: (s) => process.stderr.write(s),
+  });
+}