@nightlybuildgroup/vault 1.5.0 → 1.7.0

package/README.md

@@ -20,6 +20,9 @@ nbg-pw setup
 
 You'll be asked for your server URL, email, API-key client id/secret, and master
 password. Credentials are verified against the server before anything is saved.
+If your account belongs to an organization, setup then offers to pick a default
+**collection** to share newly added items into (or keep them in your personal
+vault) — you can change this any time with [`nbg-pw config`](#sharing-new-items-with-an-organization-config).
 
 > Get your API key from your Vaultwarden web vault: **Settings → Security →
 > Keys → API Key** (`client_id` / `client_secret`).
@@ -181,8 +184,22 @@ nbg-pw items --search git         # filtered by search
 nbg-pw items --folder "Agents"    # filtered by folder
 nbg-pw folders                    # folder names
 nbg-pw collections                # collection names
+nbg-pw organizations              # organization names
 ```
 
+Add `--ids` to any of them to print ids alongside names — useful for `config set`
+or scripting. `collections --ids` also shows each collection's org id:
+
+```sh
+$ nbg-pw organizations --ids
+dfff…  Acme Inc
+$ nbg-pw collections --ids
+bf2b…  Shared  (org dfff…)
+```
+
+(You can pass either a **name or an id** to `config set` / `add --collection`, so
+ids are optional — handy mainly when names are ambiguous.)
+
 ### Generating secrets (`generate`)
 
 Pure generator — needs no vault session.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nightlybuildgroup/vault",
-  "version": "1.5.0",
+  "version": "1.7.0",
   "description": "Store Vaultwarden/Bitwarden credentials in the macOS Keychain and read secrets back for local agents.",
   "type": "module",
   "bin": {

package/src/cli.js

@@ -10,9 +10,10 @@ Commands:
   delete      Delete an item or folder (alias: rm; --permanent skips trash)
   attach      Manage an item's attachments (--file/--list/--get/--delete)
   list        Show an item's field names + types, no values (nbg-pw list "My Visa")
-  items       List item names (--search, --folder, --collection)
-  folders     List folder names
-  collections List collection names
+  items       List item names (--search, --folder, --collection; --ids)
+  folders     List folder names (--ids)
+  collections List collection names (--ids shows collection + org ids)
+  organizations List organization names (--ids)
   generate    Generate a password or passphrase (bw generate)
   config      Show/set defaults, e.g. the org collection new items share into
   serve       Start a local bw API daemon (unlocked) for fast repeated reads
@@ -55,7 +56,7 @@ export async function runCli(argv, deps = {}) {
 }
 
 async function loadCommands() {
-  const [setup, get, add, edit, del, attach, list, items, folders, collections, generate, config, status, doctor, serve, reset] =
+  const [setup, get, add, edit, del, attach, list, items, folders, collections, organizations, generate, config, status, doctor, serve, reset] =
     await Promise.all([
       import('./commands/setup.js'),
       import('./commands/get.js'),
@@ -67,6 +68,7 @@ async function loadCommands() {
       import('./commands/items.js'),
       import('./commands/folders.js'),
       import('./commands/collections.js'),
+      import('./commands/organizations.js'),
       import('./commands/generate.js'),
       import('./commands/config.js'),
       import('./commands/status.js'),
@@ -86,6 +88,7 @@ async function loadCommands() {
     items: items.default,
     folders: folders.default,
     collections: collections.default,
+    organizations: organizations.default,
     generate: generate.default,
     config: config.default,
     status: status.default,

package/src/commands/collections.js

@@ -2,13 +2,17 @@ import * as bwModule from '../bw.js';
 import * as keychainModule from '../keychain.js';
 
 export function parseCollectionsArgs(args) {
-  if (args.length > 0) throw new Error(`unexpected argument: ${args[0]}`);
-  return {};
+  let ids = false;
+  for (const a of args) {
+    if (a === '--ids') ids = true;
+    else throw new Error(`unexpected argument: ${a}`);
+  }
+  return { ids };
 }
 
 export async function runCollections(args, deps) {
   const { keychain, bw, out, err } = deps;
-  parseCollectionsArgs(args);
+  const { ids } = parseCollectionsArgs(args);
 
   const config = await keychain.readConfig();
   if (!config) {
@@ -17,11 +21,11 @@ export async function runCollections(args, deps) {
   }
 
   const session = await bw.ensureSession(config);
-  const collections = await bw.listCollections({ session });
-  const names = collections
-    .map((c) => c.name)
-    .sort((a, b) => a.toLowerCase().localeCompare(b.toLowerCase()));
-  for (const name of names) out(name + '\n');
+  const collections = (await bw.listCollections({ session }))
+    .sort((a, b) => a.name.toLowerCase().localeCompare(b.name.toLowerCase()));
+  for (const c of collections) {
+    out(ids ? `${c.id}  ${c.name}  (org ${c.organizationId})\n` : c.name + '\n');
+  }
   return 0;
 }
 

package/src/commands/folders.js

@@ -2,13 +2,17 @@ import * as bwModule from '../bw.js';
 import * as keychainModule from '../keychain.js';
 
 export function parseFoldersArgs(args) {
-  if (args.length > 0) throw new Error(`unexpected argument: ${args[0]}`);
-  return {};
+  let ids = false;
+  for (const a of args) {
+    if (a === '--ids') ids = true;
+    else throw new Error(`unexpected argument: ${a}`);
+  }
+  return { ids };
 }
 
 export async function runFolders(args, deps) {
   const { keychain, bw, out, err } = deps;
-  parseFoldersArgs(args);
+  const { ids } = parseFoldersArgs(args);
 
   const config = await keychain.readConfig();
   if (!config) {
@@ -17,11 +21,11 @@ export async function runFolders(args, deps) {
   }
 
   const session = await bw.ensureSession(config);
-  const folders = await bw.listFolders({ session });
-  const names = folders
-    .map((f) => f.name)
-    .sort((a, b) => a.toLowerCase().localeCompare(b.toLowerCase()));
-  for (const name of names) out(name + '\n');
+  const folders = (await bw.listFolders({ session }))
+    .sort((a, b) => a.name.toLowerCase().localeCompare(b.name.toLowerCase()));
+  for (const f of folders) {
+    out(ids ? `${f.id ?? '-'}  ${f.name}\n` : f.name + '\n');
+  }
   return 0;
 }
 

package/src/commands/items.js

@@ -5,6 +5,7 @@ export function parseItemsArgs(args) {
   let search = null;
   let folder = null;
   let collection = null;
+  let ids = false;
   for (let i = 0; i < args.length; i++) {
     if (args[i] === '--search') {
       const v = args[++i];
@@ -18,16 +19,18 @@ export function parseItemsArgs(args) {
       const v = args[++i];
       if (v === undefined) throw new Error('--collection requires a value');
       collection = v;
+    } else if (args[i] === '--ids') {
+      ids = true;
     } else {
       throw new Error(`unknown option: ${args[i]}`);
     }
   }
-  return { search, folder, collection };
+  return { search, folder, collection, ids };
 }
 
 export async function runItems(args, deps) {
   const { keychain, bw, out, err } = deps;
-  const { search, folder, collection } = parseItemsArgs(args);
+  const { search, folder, collection, ids } = parseItemsArgs(args);
 
   const config = await keychain.readConfig();
   if (!config) {
@@ -58,11 +61,11 @@ export async function runItems(args, deps) {
   if (folderId !== undefined) filters.folderId = folderId;
   if (collectionId !== undefined) filters.collectionId = collectionId;
 
-  const items = await bw.listItems(filters);
-  const names = items
-    .map((i) => i.name)
-    .sort((a, b) => a.toLowerCase().localeCompare(b.toLowerCase()));
-  for (const name of names) out(name + '\n');
+  const items = (await bw.listItems(filters))
+    .sort((a, b) => a.name.toLowerCase().localeCompare(b.name.toLowerCase()));
+  for (const i of items) {
+    out(ids ? `${i.id}  ${i.name}\n` : i.name + '\n');
+  }
   return 0;
 }
 

package/src/commands/organizations.js

@@ -0,0 +1,39 @@
+import * as bwModule from '../bw.js';
+import * as keychainModule from '../keychain.js';
+
+export function parseOrganizationsArgs(args) {
+  let ids = false;
+  for (const a of args) {
+    if (a === '--ids') ids = true;
+    else throw new Error(`unexpected argument: ${a}`);
+  }
+  return { ids };
+}
+
+export async function runOrganizations(args, deps) {
+  const { keychain, bw, out, err } = deps;
+  const { ids } = parseOrganizationsArgs(args);
+
+  const config = await keychain.readConfig();
+  if (!config) {
+    err('No stored credentials. Run "nbg-pw setup" first.\n');
+    return 1;
+  }
+
+  const session = await bw.ensureSession(config);
+  const orgs = (await bw.listOrganizations({ session }))
+    .sort((a, b) => a.name.toLowerCase().localeCompare(b.name.toLowerCase()));
+  for (const o of orgs) {
+    out(ids ? `${o.id}  ${o.name}\n` : o.name + '\n');
+  }
+  return 0;
+}
+
+export default async function organizations(args) {
+  return runOrganizations(args, {
+    keychain: keychainModule,
+    bw: bwModule,
+    out: (s) => process.stdout.write(s),
+    err: (s) => process.stderr.write(s),
+  });
+}

package/src/commands/setup.js

@@ -15,6 +15,42 @@ export async function validateCredentials(input, deps) {
   }
 }
 
+// After credentials verify, offer to share new items into an org collection by
+// default. Returns { defaultOrganization, defaultCollection } (by name) or {}.
+// Stays optional: no orgs, a cancel, or "personal vault" all yield {}.
+export async function chooseDefaultSharing(deps) {
+  const { prompts, bw, verified } = deps;
+  const session = await bw.ensureSession(verified);
+  try {
+    const orgs = await bw.listOrganizations({ session });
+    if (!orgs || orgs.length === 0) return {};
+
+    const orgChoice = await prompts.select({
+      message: 'Default: share newly added items into an organization?',
+      options: [
+        { value: '__personal__', label: 'No — keep new items in my personal vault' },
+        ...orgs.map((o) => ({ value: o.id, label: o.name })),
+      ],
+    });
+    if (prompts.isCancel(orgChoice) || orgChoice === '__personal__') return {};
+    const org = orgs.find((o) => o.id === orgChoice);
+
+    const cols = (await bw.listCollections({ session })).filter((c) => c.organizationId === org.id);
+    if (cols.length === 0) return {};
+
+    const colChoice = await prompts.select({
+      message: `Which collection in "${org.name}"?`,
+      options: cols.map((c) => ({ value: c.id, label: c.name })),
+    });
+    if (prompts.isCancel(colChoice)) return {};
+    const col = cols.find((c) => c.id === colChoice);
+
+    return { defaultOrganization: org.name, defaultCollection: col.name };
+  } finally {
+    await bw.logout();
+  }
+}
+
 export async function runSetup(deps) {
   const { prompts, bw, keychain, buildConfig, nowIso, out } = deps;
 
@@ -74,10 +110,20 @@ export async function runSetup(deps) {
   }
   spin.stop('Credentials verified.');
 
-  const config = buildConfig(input, nowIso);
+  let sharing = {};
+  try {
+    sharing = await chooseDefaultSharing({ prompts, bw, verified: input });
+  } catch {
+    out('Skipped organization setup — set a default later with "nbg-pw config set collection <name>".\n');
+  }
+
+  const config = buildConfig({ ...input, ...sharing }, nowIso);
   await keychain.writeConfig(config);
 
-  prompts.outro('Saved to your macOS Keychain. Try:  nbg-pw status');
+  const where = sharing.defaultCollection
+    ? `New items will be shared into "${sharing.defaultCollection}".`
+    : 'New items go to your personal vault (configure sharing with "nbg-pw config set").';
+  prompts.outro(`Saved to your macOS Keychain. ${where} Try:  nbg-pw status`);
   return 0;
 }
 

package/src/config.js

@@ -45,5 +45,7 @@ export function buildConfig(input, nowIso) {
     masterPassword: input.masterPassword,
     savedAt: nowIso,
   };
+  if (input.defaultOrganization) c.defaultOrganization = input.defaultOrganization;
+  if (input.defaultCollection) c.defaultCollection = input.defaultCollection;
   return c;
 }