@pocketenv/cli 0.2.0

package/src/cmd/start.ts

@@ -0,0 +1,25 @@
+import consola from "consola";
+import chalk from "chalk";
+import getAccessToken from "../lib/getAccessToken";
+import { client } from "../client";
+import { env } from "../lib/env";
+
+async function start(name: string) {
+  const token = await getAccessToken();
+
+  await client.post("/xrpc/io.pocketenv.sandbox.startSandbox", undefined, {
+    params: {
+      id: name,
+    },
+    headers: {
+      Authorization: `Bearer ${env.POCKETENV_TOKEN || token}`,
+    },
+  });
+
+  consola.success(`Sandbox ${chalk.greenBright(name)} started`);
+  consola.log(
+    `Run ${chalk.greenBright(`pocketenv console ${name}`)} to access the sandbox`,
+  );
+}
+
+export default start;

package/src/cmd/stop.ts

@@ -0,0 +1,22 @@
+import chalk from "chalk";
+import consola from "consola";
+import getAccessToken from "../lib/getAccessToken";
+import { client } from "../client";
+import { env } from "../lib/env";
+
+async function stop(name: string) {
+  const token = await getAccessToken();
+
+  await client.post("/xrpc/io.pocketenv.sandbox.stopSandbox", undefined, {
+    params: {
+      id: name,
+    },
+    headers: {
+      Authorization: `Bearer ${env.POCKETENV_TOKEN || token}`,
+    },
+  });
+
+  consola.success(`Sandbox ${chalk.greenBright(name)} stopped`);
+}
+
+export default stop;

package/src/cmd/tailscale.ts

@@ -0,0 +1,106 @@
+import { password } from "@inquirer/prompts";
+import getAccessToken from "../lib/getAccessToken";
+import { client } from "../client";
+import type { Sandbox } from "../types/sandbox";
+import consola from "consola";
+import chalk from "chalk";
+import type { TailscaleAuthKey } from "../types/tailscale-auth-key";
+import { env } from "../lib/env";
+import encrypt from "../lib/sodium";
+
+export async function putAuthKey(sandbox: string) {
+  const token = await getAccessToken();
+
+  const authKey = (
+    await password({ message: "Enter Tailscale Auth Key" })
+  ).trim();
+
+  if (!authKey.startsWith("tskey-auth-")) {
+    consola.error("Invalid Tailscale Auth Key");
+    process.exit(1);
+  }
+
+  const { data } = await client.get<{ sandbox: Sandbox }>(
+    "/xrpc/io.pocketenv.sandbox.getSandbox",
+    {
+      params: {
+        id: sandbox,
+      },
+      headers: {
+        Authorization: `Bearer ${token}`,
+      },
+    },
+  );
+
+  if (!data.sandbox) {
+    consola.error(`Sandbox not found: ${chalk.greenBright(sandbox)}`);
+    process.exit(1);
+  }
+
+  const redacted =
+    authKey.length > 14
+      ? authKey.slice(0, 11) +
+        "*".repeat(authKey.length - 14) +
+        authKey.slice(-3)
+      : authKey;
+
+  await client.post(
+    "/xrpc/io.pocketenv.sandbox.putTailscaleAuthKey",
+    {
+      id: data.sandbox.id,
+      authKey: await encrypt(authKey),
+      redacted,
+    },
+    {
+      headers: {
+        Authorization: `Bearer ${env.POCKETENV_TOKEN || token}`,
+      },
+    },
+  );
+
+  consola.success(redacted);
+  consola.success(
+    `Tailscale auth key saved for sandbox: ${chalk.greenBright(sandbox)}`,
+  );
+}
+
+export async function getTailscaleAuthKey(sandbox: string) {
+  const token = await getAccessToken();
+
+  const { data } = await client.get<{ sandbox: Sandbox }>(
+    "/xrpc/io.pocketenv.sandbox.getSandbox",
+    {
+      params: {
+        id: sandbox,
+      },
+      headers: {
+        Authorization: `Bearer ${token}`,
+      },
+    },
+  );
+
+  if (!data.sandbox) {
+    consola.error(`Sandbox not found: ${chalk.greenBright(sandbox)}`);
+    process.exit(1);
+  }
+
+  try {
+    const { data: tailscale } = await client.get<TailscaleAuthKey>(
+      "/xrpc/io.pocketenv.sandbox.getTailscaleAuthKey",
+      {
+        params: {
+          id: data.sandbox.id,
+        },
+        headers: {
+          Authorization: `Bearer ${env.POCKETENV_TOKEN || token}`,
+        },
+      },
+    );
+    consola.info(`Tailscale auth key: ${chalk.greenBright(tailscale.authKey)}`);
+  } catch {
+    consola.error(
+      `No Tailscale Auth Key found for sandbox: ${chalk.greenBright(sandbox)}`,
+    );
+    process.exit(1);
+  }
+}

package/src/cmd/whoami.ts

@@ -0,0 +1,24 @@
+import chalk from "chalk";
+import { client } from "../client";
+import { env } from "../lib/env";
+import consola from "consola";
+import getAccessToken from "../lib/getAccessToken";
+import type { Profile } from "../types/profile";
+
+async function whoami() {
+  const token = await getAccessToken();
+  const profile = await client.get<Profile>(
+    "/xrpc/io.pocketenv.actor.getProfile",
+    {
+      headers: {
+        Authorization: `Bearer ${env.POCKETENV_TOKEN || token}`,
+      },
+    },
+  );
+  const handle = `@${profile.data.handle}`;
+  consola.log(
+    `You are logged in as ${chalk.cyan(handle)} (${profile.data.displayName}).`,
+  );
+}
+
+export default whoami;

package/src/index.ts

@@ -0,0 +1,187 @@
+import chalk from "chalk";
+import { version } from "../package.json" assert { type: "json" };
+import { Command } from "commander";
+import start from "./cmd/start";
+import login from "./cmd/login";
+import whoami from "./cmd/whoami";
+import ssh from "./cmd/ssh";
+import listSandboxes from "./cmd/list";
+import stop from "./cmd/stop";
+import createSandbox from "./cmd/create";
+import logout from "./cmd/logout";
+import deleteSandbox from "./cmd/rm";
+import { deleteSecret, listSecrets, putSecret } from "./cmd/secret";
+import { deleteEnv, listEnvs, putEnv } from "./cmd/env";
+import { getSshKey, putKeys } from "./cmd/sshkeys";
+import { getTailscaleAuthKey, putAuthKey } from "./cmd/tailscale";
+
+const program = new Command();
+
+program
+  .name("pocketenv")
+  .description(
+    `
+    ___           __       __
+   / _ \\___  ____/ /_____ / /____ ___ _  __
+  / ___/ _ \\/ __/  '_/ -_) __/ -_) _ \\ |/ /
+ /_/   \\___/\\__/_/\\_\\__/\\__/\\__/_/ /_/___/
+
+ Open, interoperable sandbox platform for agents and humans 📦 ✨
+  `,
+  )
+  .version(version);
+
+program.configureHelp({
+  styleTitle: (str) => chalk.bold.cyan(str),
+  styleCommandText: (str) => chalk.yellow(str),
+  styleDescriptionText: (str) => chalk.white(str),
+  styleOptionText: (str) => chalk.green(str),
+  styleArgumentText: (str) => chalk.magenta(str),
+  styleSubcommandText: (str) => chalk.blue(str),
+});
+
+program.addHelpText(
+  "after",
+  `
+${chalk.bold("\nLearn more about Pocketenv:")}           ${chalk.magentaBright("https://docs.pocketenv.io")}
+${chalk.bold("Join our Discord community:")}           ${chalk.blueBright("https://discord.gg/9ada4pFUFS")}
+${chalk.bold("Report bugs:")}                          ${chalk.greenBright("https://github.com/pocketenv-io/pocketenv/issues")}
+`,
+);
+
+program
+  .command("login")
+  .argument("<handle>", "your AT Proto handle (e.g., <username>.bsky.social)")
+  .description("login with your AT Proto account and get a session token")
+  .action(login);
+
+program
+  .command("whoami")
+  .description("get the current logged-in user")
+  .action(whoami);
+
+program
+  .command("console")
+  .aliases(["shell", "ssh", "s"])
+  .argument("[sandbox]", "the sandbox to connect to")
+  .description("open an interactive shell for the given sandbox")
+  .action(ssh);
+
+program.command("ls").description("list sandboxes").action(listSandboxes);
+
+program
+  .command("start")
+  .argument("<sandbox>", "the sandbox to start")
+  .description("start the given sandbox")
+  .action(start);
+
+program
+  .command("stop")
+  .argument("<sandbox>", "the sandbox to stop")
+  .description("stop the given sandbox")
+  .action(stop);
+
+program
+  .command("create")
+  .aliases(["new"])
+  .option("--provider, -p <provider>", "the provider to use for the sandbox")
+  .option("--ssh, -s", "connect to the Sandbox and automatically open a shell")
+  .argument("[name]", "the name of the sandbox to create")
+  .description("create a new sandbox")
+  .action(createSandbox);
+
+program
+  .command("logout")
+  .description("logout (removes session token)")
+  .action(logout);
+
+program
+  .command("rm")
+  .aliases(["delete", "remove"])
+  .argument("<sandbox>", "the sandbox to delete")
+  .description("delete the given sandbox")
+  .action(deleteSandbox);
+
+const secret = program.command("secret").description("manage secrets");
+
+secret
+  .command("put")
+  .argument("<sandbox>", "the sandbox to put the secret in")
+  .argument("<key>", "the key of the secret")
+  .description("put a secret in the given sandbox")
+  .action(putSecret);
+
+secret
+  .command("list")
+  .aliases(["ls"])
+  .argument("<sandbox>", "the sandbox to list secrets for")
+  .description("list secrets in the given sandbox")
+  .action(listSecrets);
+
+secret
+  .command("delete")
+  .aliases(["rm", "remove"])
+  .argument("<secret_id>", "the ID of the secret to delete")
+  .description("delete a secret")
+  .action(deleteSecret);
+
+const env = program.command("env").description("manage environment variables");
+
+env
+  .command("put")
+  .argument("<sandbox>", "the sandbox to put the environment variable in")
+  .argument("<key>", "the key of the environment variable")
+  .argument("<value>", "the value of the environment variable")
+  .description("put an environment variable in the given sandbox")
+  .action(putEnv);
+
+env
+  .command("list")
+  .aliases(["ls"])
+  .argument("<sandbox>", "the sandbox to list environment variables for")
+  .description("list environment variables in the given sandbox")
+  .action(listEnvs);
+
+env
+  .command("delete")
+  .aliases(["rm", "remove"])
+  .argument("<variable_id>", "the ID of the environment variable to delete")
+  .description("delete an environment variable")
+  .action(deleteEnv);
+
+const sshkeys = program.command("sshkeys").description("manage SSH keys");
+
+sshkeys
+  .command("put")
+  .argument("<sandbox>", "the sandbox to put the SSH key in")
+  .option("--private-key <path>", "the path to the SSH private key")
+  .option("--public-key <path>", "the path to the SSH public key")
+  .option("--generate, -g", "generate a new SSH key pair")
+  .description("put an SSH key in the given sandbox")
+  .action(putKeys);
+
+sshkeys
+  .command("get")
+  .argument("<sandbox>", "the sandbox to get the SSH key from")
+  .description("get an SSH key (public key only) from the given sandbox")
+  .action(getSshKey);
+
+const tailscale = program.command("tailscale").description("manage Tailscale");
+
+tailscale
+  .command("put")
+  .argument("<sandbox>", "the sandbox to put the Tailscale Auth Key in")
+  .description("put a Tailscale Auth Key in the given sandbox")
+  .action(putAuthKey);
+
+tailscale
+  .command("get")
+  .argument("<sandbox>", "the sandbox to get the Tailscale Auth Key from")
+  .description("get a Tailscale Auth Key (redacted) from the given sandbox")
+  .action(getTailscaleAuthKey);
+
+if (process.argv.length <= 2) {
+  program.help();
+}
+
+program.parse(process.argv);

package/src/lib/env.ts

@@ -0,0 +1,11 @@
+import { cleanEnv, str } from "envalid";
+
+export const env = cleanEnv(process.env, {
+  POCKETENV_TOKEN: str({ default: "" }),
+  POCKETENV_API_URL: str({ default: "https://api.pocketenv.io" }),
+  POCKETENV_CF_URL: str({ default: "https://sbx.pocketenv.io" }),
+  POCKETENV_TTY_URL: str({ default: "https://api.pocketenv.io" }),
+  POCKETENV_PUBLIC_KEY: str({
+    default: "2bf96e12d109e6948046a7803ef1696e12c11f04f20a6ce64dbd4bcd93db9341",
+  }),
+});

package/src/lib/getAccessToken.ts

@@ -0,0 +1,36 @@
+import consola from "consola";
+import chalk from "chalk";
+import fs from "fs/promises";
+import path from "path";
+import os from "os";
+import { env } from "process";
+
+async function getAccessToken(): Promise<string> {
+  const tokenPath = path.join(os.homedir(), ".pocketenv", "token.json");
+  try {
+    await fs.access(tokenPath);
+  } catch (err) {
+    if (!env.POCKETENV_TOKEN) {
+      consola.error(
+        `You are not logged in. Please run ${chalk.greenBright(
+          "`pocketenv login <username>.bsky.social`",
+        )} first.`,
+      );
+      process.exit(1);
+    }
+  }
+
+  const tokenData = await fs.readFile(tokenPath, "utf-8");
+  const { token } = JSON.parse(tokenData);
+  if (!token) {
+    consola.error(
+      `You are not logged in. Please run ${chalk.greenBright(
+        "`rocksky login <username>.bsky.social`",
+      )} first.`,
+    );
+    process.exit(1);
+  }
+  return token;
+}
+
+export default getAccessToken;

package/src/lib/sodium.ts

@@ -0,0 +1,15 @@
+import sodium from "libsodium-wrappers";
+import { env } from "./env";
+
+async function encrypt(message: string): Promise<string> {
+  await sodium.ready;
+
+  const sealed = sodium.crypto_box_seal(
+    sodium.from_string(message),
+    sodium.from_hex(env.POCKETENV_PUBLIC_KEY),
+  );
+
+  return sodium.to_base64(sealed, sodium.base64_variants.URLSAFE_NO_PADDING);
+}
+
+export default encrypt;

package/src/lib/sshKeys.ts

@@ -0,0 +1,122 @@
+import sodium from "libsodium-wrappers";
+
+export type SSHKeyPair = {
+  publicKey: string;
+  privateKey: string;
+  seedBase64: string;
+};
+
+function u32(n: number): Uint8Array {
+  return new Uint8Array([
+    (n >>> 24) & 0xff,
+    (n >>> 16) & 0xff,
+    (n >>> 8) & 0xff,
+    n & 0xff,
+  ]);
+}
+
+function concatBytes(...arrays: Uint8Array[]): Uint8Array {
+  const total = arrays.reduce((sum, arr) => sum + arr.length, 0);
+  const out = new Uint8Array(total);
+  let offset = 0;
+  for (const arr of arrays) {
+    out.set(arr, offset);
+    offset += arr.length;
+  }
+  return out;
+}
+
+function sshString(bytes: Uint8Array): Uint8Array {
+  return concatBytes(u32(bytes.length), bytes);
+}
+
+function text(value: string): Uint8Array {
+  return new TextEncoder().encode(value);
+}
+
+function wrapPem(label: string, bytes: Uint8Array): string {
+  const base64 = sodium.to_base64(bytes, sodium.base64_variants.ORIGINAL);
+  const lines = base64.match(/.{1,70}/g)?.join("\n") ?? base64;
+  return `-----BEGIN ${label}-----\n${lines}\n-----END ${label}-----\n`;
+}
+
+function buildEd25519PublicKeyBlob(publicKey: Uint8Array): Uint8Array {
+  return concatBytes(sshString(text("ssh-ed25519")), sshString(publicKey));
+}
+
+function publicLineFromPublicKey(
+  publicKey: Uint8Array,
+  comment: string,
+): string {
+  const blob = buildEd25519PublicKeyBlob(publicKey);
+  return `ssh-ed25519 ${sodium.to_base64(blob, sodium.base64_variants.ORIGINAL)} ${comment}`;
+}
+
+function buildOpenSSHEd25519PrivateKey(
+  publicKey: Uint8Array,
+  seed: Uint8Array,
+  comment: string,
+): string {
+  if (publicKey.length !== 32) throw new Error("Invalid public key length");
+  if (seed.length !== 32) throw new Error("Invalid seed length");
+
+  const privateKey64 = concatBytes(seed, publicKey);
+  const publicBlob = buildEd25519PublicKeyBlob(publicKey);
+  const checkint = crypto.getRandomValues(new Uint32Array(1))[0]!;
+  const commentBytes = text(comment);
+
+  const privateSectionWithoutPadding = concatBytes(
+    u32(checkint),
+    u32(checkint),
+    sshString(text("ssh-ed25519")),
+    sshString(publicKey),
+    sshString(privateKey64),
+    sshString(commentBytes),
+  );
+
+  const blockSize = 8;
+  const remainder = privateSectionWithoutPadding.length % blockSize;
+  const padLen = remainder === 0 ? 0 : blockSize - remainder;
+
+  const padding = new Uint8Array(padLen);
+  for (let i = 0; i < padLen; i++) padding[i] = i + 1;
+
+  const privateSection = concatBytes(privateSectionWithoutPadding, padding);
+
+  const opensshKey = concatBytes(
+    text("openssh-key-v1\0"),
+    sshString(text("none")),
+    sshString(text("none")),
+    sshString(new Uint8Array()),
+    u32(1),
+    sshString(publicBlob),
+    sshString(privateSection),
+  );
+
+  return wrapPem("OPENSSH PRIVATE KEY", opensshKey);
+}
+
+export async function generateEd25519SSHKeyPair(
+  comment = "user@browser",
+): Promise<SSHKeyPair> {
+  await sodium.ready;
+
+  const seed = new Uint8Array(32);
+  crypto.getRandomValues(seed);
+
+  const kp = sodium.crypto_sign_seed_keypair(seed);
+  const publicKey = new Uint8Array(kp.publicKey);
+
+  const publicKeyOpenSSH = publicLineFromPublicKey(publicKey, comment);
+  const privateKeyOpenSSH = buildOpenSSHEd25519PrivateKey(
+    publicKey,
+    seed,
+    comment,
+  );
+
+  return {
+    publicKey: publicKeyOpenSSH,
+    privateKey: privateKeyOpenSSH,
+    seedBase64: sodium.to_base64(seed, sodium.base64_variants.ORIGINAL),
+  };
+}

package/src/types/file.ts

@@ -0,0 +1,5 @@
+export type File = {
+  id: string;
+  path: string;
+  createdAt: string;
+};

package/src/types/profile.ts

@@ -0,0 +1,9 @@
+export type Profile = {
+  id: string;
+  did: string;
+  handle: string;
+  displayName: string;
+  avatar: string;
+  createdAt: string;
+  updatedAt: string;
+};

package/src/types/providers.ts

@@ -0,0 +1 @@
+export type Provider = "daytona" | "deno" | "cloudflare" | "vercel" | "sprites";

package/src/types/sandbox.ts

@@ -0,0 +1,23 @@
+import type { Profile } from "./profile";
+import type { Provider } from "./providers";
+
+export type Sandbox = {
+  id: string;
+  name: string;
+  provider: Provider;
+  baseSandbox: string;
+  displayName: string;
+  uri: string;
+  description?: string;
+  topics?: string[];
+  logo?: string;
+  readme?: string;
+  repo?: string;
+  vcpus?: number;
+  memory?: number;
+  installs: number;
+  status: "RUNNING" | "STOPPED";
+  startedAt?: string;
+  createdAt: string;
+  owner: Profile | null;
+};

package/src/types/secret.ts

@@ -0,0 +1,5 @@
+export type Secret = {
+  id: string;
+  name: string;
+  createdAt: string;
+};

package/src/types/sshkeys.ts

@@ -0,0 +1,6 @@
+export type SshKeys = {
+  id: string;
+  privateKey: string;
+  publicKey: string;
+  createdAt: string;
+};

package/src/types/tailscale-auth-key.ts

@@ -0,0 +1,5 @@
+export type TailscaleAuthKey = {
+  id: string;
+  authKey: string;
+  createdAt: string;
+};

package/src/types/variable.ts

@@ -0,0 +1,6 @@
+export type Variable = {
+  id: string;
+  name: string;
+  value: string;
+  createdAt: string;
+};

package/src/types/volume.ts

@@ -0,0 +1,6 @@
+export type Volume = {
+  id: string;
+  name: string;
+  path: string;
+  createdAt: string;
+};

package/tsconfig.json

@@ -0,0 +1,29 @@
+{
+  "compilerOptions": {
+    // Environment setup & latest features
+    "lib": ["ESNext"],
+    "target": "ESNext",
+    "module": "Preserve",
+    "moduleDetection": "force",
+    "jsx": "react-jsx",
+    "allowJs": true,
+
+    // Bundler mode
+    "moduleResolution": "bundler",
+    "allowImportingTsExtensions": true,
+    "verbatimModuleSyntax": true,
+    "noEmit": true,
+
+    // Best practices
+    "strict": true,
+    "skipLibCheck": true,
+    "noFallthroughCasesInSwitch": true,
+    "noUncheckedIndexedAccess": true,
+    "noImplicitOverride": true,
+
+    // Some stricter flags (disabled by default)
+    "noUnusedLocals": false,
+    "noUnusedParameters": false,
+    "noPropertyAccessFromIndexSignature": false
+  }
+}