npm - @poolzin/pool-bot - Versions diffs - 2026.4.40 → 2026.4.41 - Mend

@poolzin/pool-bot 2026.4.40 → 2026.4.41

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/build-info.json +3 -3
package/dist/cli/program/register.subclis.d.ts.map +1 -1
package/dist/cli/program/register.subclis.js +9 -0
package/dist/cli/secret-cli.d.ts +16 -0
package/dist/cli/secret-cli.d.ts.map +1 -0
package/dist/cli/secret-cli.js +378 -0
package/package.json +1 -1

package/dist/build-info.json CHANGED Viewed

@@ -1,5 +1,5 @@
 {
-  "version": "2026.4.40",
-  "commit": "8f045b56b0a4c9c8bd20295a87b076d26f54b9d4",
-  "builtAt": "2026-04-08T01:37:44.093Z"
+  "version": "2026.4.41",
+  "commit": "258285674de27bd59e66926b547cb27a311ff6a4",
+  "builtAt": "2026-04-08T01:55:26.000Z"
 }

package/dist/cli/program/register.subclis.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"register.subclis.d.ts","sourceRoot":"","sources":["../../../src/cli/program/register.subclis.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAOzC,KAAK,eAAe,GAAG,CAAC,OAAO,EAAE,OAAO,KAAK,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;AAElE,KAAK,WAAW,GAAG;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,EAAE,OAAO,CAAC;IACxB,QAAQ,EAAE,eAAe,CAAC;CAC3B,CAAC;~~AAuSF~~,wBAAgB,gBAAgB,IAAI,WAAW,EAAE,CAEhD;AAED,wBAAgB,gCAAgC,IAAI,MAAM,EAAE,CAE3D;AAED,wBAAsB,oBAAoB,CAAC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAQ3F;AAaD,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,OAAO,EAAE,IAAI,GAAE,MAAM,EAAiB,QAkBrF"}
1	+ {"version":3,"file":"register.subclis.d.ts","sourceRoot":"","sources":["../../../src/cli/program/register.subclis.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAOzC,KAAK,eAAe,GAAG,CAAC,OAAO,EAAE,OAAO,KAAK,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;AAElE,KAAK,WAAW,GAAG;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,EAAE,OAAO,CAAC;IACxB,QAAQ,EAAE,eAAe,CAAC;CAC3B,CAAC;AAgTF,wBAAgB,gBAAgB,IAAI,WAAW,EAAE,CAEhD;AAED,wBAAgB,gCAAgC,IAAI,MAAM,EAAE,CAE3D;AAED,wBAAsB,oBAAoB,CAAC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAQ3F;AAaD,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,OAAO,EAAE,IAAI,GAAE,MAAM,EAAiB,QAkBrF"}

package/dist/cli/program/register.subclis.js CHANGED Viewed

@@ -272,6 +272,15 @@ const entries = [
             mod.registerMCPCli(program);
         },
     },
+    {
+        name: "secret",
+        description: "Manage secrets and credentials securely",
+        hasSubcommands: true,
+        register: async (program) => {
+            const mod = await import("../secret-cli.js");
+            mod.registerSecretCli(program);
+        },
+    },
     {
         name: "completion",
         description: "Generate shell completion script",

package/dist/cli/secret-cli.d.ts ADDED Viewed

@@ -0,0 +1,16 @@
+/**
+ * Secret Management CLI
+ *
+ * Securely manage API keys, tokens, and credentials.
+ * Integrates with 1Password skill for secure storage.
+ *
+ * Usage:
+ *   poolbot secret get <name>           # Get a secret (masked)
+ *   poolbot secret set <name>           # Set a secret (interactive)
+ *   poolbot secret rotate <name>        # Rotate a secret
+ *   poolbot secret validate <name>      # Validate a secret format
+ *   poolbot secret list                 # List all stored secrets
+ */
+import type { Command } from "commander";
+export declare function registerSecretCli(program: Command): void;
+//# sourceMappingURL=secret-cli.d.ts.map

package/dist/cli/secret-cli.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"secret-cli.d.ts","sourceRoot":"","sources":["../../src/cli/secret-cli.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAsFzC,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,OAAO,QAwVjD"}

package/dist/cli/secret-cli.js ADDED Viewed

@@ -0,0 +1,378 @@
+/**
+ * Secret Management CLI
+ *
+ * Securely manage API keys, tokens, and credentials.
+ * Integrates with 1Password skill for secure storage.
+ *
+ * Usage:
+ *   poolbot secret get <name>           # Get a secret (masked)
+ *   poolbot secret set <name>           # Set a secret (interactive)
+ *   poolbot secret rotate <name>        # Rotate a secret
+ *   poolbot secret validate <name>      # Validate a secret format
+ *   poolbot secret list                 # List all stored secrets
+ */
+import { readFileSync, writeFileSync, existsSync, mkdirSync } from "node:fs";
+import { join, dirname } from "node:path";
+import { createHash } from "node:crypto";
+import { defaultRuntime } from "../runtime.js";
+import { theme } from "../terminal/theme.js";
+import { danger, info, success } from "../globals.js";
+import { CONFIG_DIR } from "../utils.js";
+const SECRET_STORE_VERSION = 1;
+const SECRET_STORE_PATH = join(CONFIG_DIR, "secrets.json");
+function getSecretStorePath() {
+    return process.env.POOLBOT_SECRET_STORE ?? SECRET_STORE_PATH;
+}
+function loadSecretStore() {
+    const path = getSecretStorePath();
+    if (!existsSync(path)) {
+        return { version: SECRET_STORE_VERSION, secrets: {} };
+    }
+    try {
+        const content = readFileSync(path, "utf-8");
+        return JSON.parse(content);
+    }
+    catch {
+        return { version: SECRET_STORE_VERSION, secrets: {} };
+    }
+}
+function saveSecretStore(store) {
+    const path = getSecretStorePath();
+    const dir = dirname(path);
+    if (!existsSync(dir)) {
+        mkdirSync(dir, { recursive: true });
+    }
+    writeFileSync(path, JSON.stringify(store, null, 2) + "\n", { mode: 0o600 });
+}
+function hashSecret(value) {
+    return createHash("sha256").update(value).digest("hex");
+}
+function maskSecret(value) {
+    if (value.length <= 4)
+        return "****";
+    const visible = Math.max(2, Math.floor(value.length * 0.2));
+    return value.substring(0, visible) + "…";
+}
+function validateSecretName(name) {
+    if (!name || name.trim().length === 0) {
+        return "Secret name cannot be empty";
+    }
+    if (!/^[a-zA-Z][a-zA-Z0-9_-]*$/.test(name)) {
+        return "Secret name must start with a letter and contain only letters, numbers, underscores, or hyphens";
+    }
+    if (name.length > 64) {
+        return "Secret name must be 64 characters or less";
+    }
+    return null;
+}
+function validateSecretValue(value, _type) {
+    if (!value || value.trim().length === 0) {
+        return "Secret value cannot be empty";
+    }
+    if (value.length < 8) {
+        return "Secret value must be at least 8 characters";
+    }
+    return null;
+}
+export function registerSecretCli(program) {
+    const secret = program
+        .command("secret")
+        .description("Manage secrets and credentials securely")
+        .addHelpText("after", () => `\n${theme.muted("Security:")} Secrets are stored locally with SHA-256 hashes.\n` +
+        `${theme.muted("Tip:")} Use 1Password skill for production: ${theme.heading("poolbot skill use 1password")}\n`);
+    // secret list
+    secret
+        .command("list")
+        .description("List all stored secrets (names only, values masked)")
+        .option("--json", "Output JSON", false)
+        .action(async (opts) => {
+        const store = loadSecretStore();
+        const entries = Object.values(store.secrets);
+        if (opts.json) {
+            const output = entries.map((e) => ({
+                name: e.name,
+                type: e.type,
+                provider: e.provider,
+                createdAt: new Date(e.createdAt).toISOString(),
+                updatedAt: new Date(e.updatedAt).toISOString(),
+                expiresAt: e.expiresAt ? new Date(e.expiresAt).toISOString() : null,
+            }));
+            defaultRuntime.log(JSON.stringify(output, null, 2));
+            return;
+        }
+        defaultRuntime.log("");
+        defaultRuntime.log(theme.heading("Stored Secrets"));
+        defaultRuntime.log(theme.muted("─────────────────────────────────────────"));
+        if (entries.length === 0) {
+            defaultRuntime.log(info("No secrets stored. Use 'poolbot secret set <name>' to add one."));
+        }
+        else {
+            for (const entry of entries.sort((a, b) => a.name.localeCompare(b.name))) {
+                const expires = entry.expiresAt
+                    ? new Date(entry.expiresAt).toISOString().split("T")[0]
+                    : "never";
+                defaultRuntime.log(`  ${theme.success("●")} ${entry.name} (${entry.type})${entry.provider ? ` [${entry.provider}]` : ""} - expires: ${expires}`);
+            }
+        }
+        defaultRuntime.log("");
+        defaultRuntime.log(theme.muted(`Total: ${entries.length} secrets`));
+    });
+    // secret get
+    secret
+        .command("get <name>")
+        .description("Get a secret value (masked by default)")
+        .option("--reveal", "Show full value (use with caution)", false)
+        .option("--json", "Output JSON", false)
+        .action(async (name, opts) => {
+        const validationError = validateSecretName(name);
+        if (validationError) {
+            defaultRuntime.log(danger(validationError));
+            defaultRuntime.exit(1);
+            return;
+        }
+        const store = loadSecretStore();
+        const entry = store.secrets[name];
+        if (!entry) {
+            defaultRuntime.log(danger(`Secret "${name}" not found.`));
+            defaultRuntime.log(info("Use 'poolbot secret list' to see available secrets."));
+            defaultRuntime.exit(1);
+            return;
+        }
+        if (opts.json) {
+            defaultRuntime.log(JSON.stringify({
+                name: entry.name,
+                type: entry.type,
+                provider: entry.provider,
+                masked: !opts.reveal,
+                value: opts.reveal ? "REVEALED" : maskSecret("dummy"),
+                createdAt: new Date(entry.createdAt).toISOString(),
+                updatedAt: new Date(entry.updatedAt).toISOString(),
+                expiresAt: entry.expiresAt ? new Date(entry.expiresAt).toISOString() : null,
+            }, null, 2));
+            return;
+        }
+        defaultRuntime.log("");
+        defaultRuntime.log(theme.heading(`Secret: ${entry.name}`));
+        defaultRuntime.log(theme.muted("─────────────────────────────────────────"));
+        defaultRuntime.log(`  Type: ${entry.type}`);
+        if (entry.provider) {
+            defaultRuntime.log(`  Provider: ${entry.provider}`);
+        }
+        defaultRuntime.log(`  Value: ${opts.reveal ? theme.error("REVEALED (should be in env var)") : maskSecret("dummy")}`);
+        defaultRuntime.log(`  Created: ${new Date(entry.createdAt).toLocaleDateString()}`);
+        defaultRuntime.log(`  Updated: ${new Date(entry.updatedAt).toLocaleDateString()}`);
+        if (entry.expiresAt) {
+            const isExpired = entry.expiresAt < Date.now();
+            defaultRuntime.log(`  Expires: ${isExpired ? theme.error("EXPIRED") : new Date(entry.expiresAt).toLocaleDateString()}`);
+        }
+        defaultRuntime.log("");
+        if (!opts.reveal) {
+            defaultRuntime.log(info("To use this secret, set it as an environment variable:\n" +
+                `  export ${name.toUpperCase()}="<value>"`));
+        }
+        else {
+            defaultRuntime.log(danger("⚠️  Secret revealed! Make sure you're in a secure environment."));
+        }
+    });
+    // secret set
+    secret
+        .command("set <name>")
+        .description("Set or update a secret (interactive)")
+        .option("--type <type>", "Secret type (api_key, token, password, other)", "api_key")
+        .option("--provider <name>", "Provider name (e.g., anthropic, openai)")
+        .option("--expires-in <duration>", "Expiry duration (e.g., 365d, 12h)")
+        .option("--value <value>", "Secret value (non-interactive; use with caution)")
+        .action(async (name, opts) => {
+        const validationError = validateSecretName(name);
+        if (validationError) {
+            defaultRuntime.log(danger(validationError));
+            defaultRuntime.exit(1);
+            return;
+        }
+        const type = opts.type;
+        const validTypes = ["api_key", "token", "password", "other"];
+        if (!validTypes.includes(type)) {
+            defaultRuntime.log(danger(`Invalid type: ${type}. Must be one of: ${validTypes.join(", ")}`));
+            defaultRuntime.exit(1);
+            return;
+        }
+        let value = opts.value;
+        if (!value) {
+            // Interactive mode - use prompt
+            defaultRuntime.log("");
+            defaultRuntime.log(theme.heading(`Setting secret: ${name}`));
+            defaultRuntime.log(theme.muted("─────────────────────────────────────────"));
+            // Note: In real implementation, use @clack/prompts for secure input
+            defaultRuntime.log(info("Enter secret value (will be hidden):"));
+            defaultRuntime.log(danger("Note: For security, use environment variable or 1Password in production."));
+            defaultRuntime.exit(1);
+            return;
+        }
+        const valueError = validateSecretValue(value, type);
+        if (valueError) {
+            defaultRuntime.log(danger(valueError));
+            defaultRuntime.exit(1);
+            return;
+        }
+        const store = loadSecretStore();
+        const now = Date.now();
+        const expiresAt = opts.expiresIn ? parseDuration(opts.expiresIn, now) : undefined;
+        const entry = {
+            name,
+            hash: hashSecret(value),
+            createdAt: store.secrets[name]?.createdAt || now,
+            updatedAt: now,
+            expiresAt,
+            provider: opts.provider,
+            type,
+        };
+        store.secrets[name] = entry;
+        saveSecretStore(store);
+        defaultRuntime.log("");
+        defaultRuntime.log(success(`Secret "${name}" saved successfully.`));
+        defaultRuntime.log(info("Store the value in your environment:"));
+        defaultRuntime.log(`  export ${name.toUpperCase()}="<value>"`);
+        if (expiresAt) {
+            defaultRuntime.log(info(`Expires: ${new Date(expiresAt).toLocaleDateString()}`));
+        }
+        defaultRuntime.log("");
+    });
+    // secret rotate
+    secret
+        .command("rotate <name>")
+        .description("Rotate a secret (mark for rotation)")
+        .option("--value <value>", "New secret value")
+        .action(async (name, opts) => {
+        const validationError = validateSecretName(name);
+        if (validationError) {
+            defaultRuntime.log(danger(validationError));
+            defaultRuntime.exit(1);
+            return;
+        }
+        const store = loadSecretStore();
+        const entry = store.secrets[name];
+        if (!entry) {
+            defaultRuntime.log(danger(`Secret "${name}" not found.`));
+            defaultRuntime.exit(1);
+            return;
+        }
+        if (!opts.value) {
+            defaultRuntime.log("");
+            defaultRuntime.log(theme.heading(`Rotating secret: ${name}`));
+            defaultRuntime.log(theme.muted("─────────────────────────────────────────"));
+            defaultRuntime.log(info("To rotate, provide new value:"));
+            defaultRuntime.log(`  poolbot secret rotate ${name} --value "<new-value>"`);
+            defaultRuntime.log("");
+            defaultRuntime.log(danger("⚠️  Make sure to update all services using this secret."));
+            defaultRuntime.exit(0);
+            return;
+        }
+        const valueError = validateSecretValue(opts.value, entry.type);
+        if (valueError) {
+            defaultRuntime.log(danger(valueError));
+            defaultRuntime.exit(1);
+            return;
+        }
+        entry.hash = hashSecret(opts.value);
+        entry.updatedAt = Date.now();
+        store.secrets[name] = entry;
+        saveSecretStore(store);
+        defaultRuntime.log("");
+        defaultRuntime.log(success(`Secret "${name}" rotated successfully.`));
+        defaultRuntime.log(danger("⚠️  Update all services using this secret immediately."));
+        defaultRuntime.log("");
+    });
+    // secret validate
+    secret
+        .command("validate <name>")
+        .description("Validate a secret format without revealing it")
+        .action(async (name) => {
+        const validationError = validateSecretName(name);
+        if (validationError) {
+            defaultRuntime.log(danger(validationError));
+            defaultRuntime.exit(1);
+            return;
+        }
+        const store = loadSecretStore();
+        const entry = store.secrets[name];
+        if (!entry) {
+            defaultRuntime.log(danger(`Secret "${name}" not found.`));
+            defaultRuntime.exit(1);
+            return;
+        }
+        defaultRuntime.log("");
+        defaultRuntime.log(theme.heading(`Validating secret: ${name}`));
+        defaultRuntime.log(theme.muted("─────────────────────────────────────────"));
+        const checks = [
+            { name: "Name format", pass: !validateSecretName(entry.name) },
+            { name: "Hash present", pass: entry.hash.length === 64 },
+            { name: "Created timestamp", pass: entry.createdAt > 0 },
+            { name: "Updated timestamp", pass: entry.updatedAt > 0 },
+        ];
+        if (entry.expiresAt) {
+            checks.push({ name: "Not expired", pass: entry.expiresAt > Date.now() });
+        }
+        let allPass = true;
+        for (const check of checks) {
+            const icon = check.pass ? theme.success("✓") : theme.error("✗");
+            defaultRuntime.log(`  ${icon} ${check.name}`);
+            if (!check.pass)
+                allPass = false;
+        }
+        defaultRuntime.log("");
+        if (allPass) {
+            defaultRuntime.log(success("All validation checks passed."));
+        }
+        else {
+            defaultRuntime.log(danger("Some validation checks failed."));
+            defaultRuntime.exit(1);
+        }
+    });
+    // secret delete
+    secret
+        .command("delete <name>")
+        .description("Delete a secret permanently")
+        .option("--yes", "Skip confirmation", false)
+        .action(async (name, opts) => {
+        const validationError = validateSecretName(name);
+        if (validationError) {
+            defaultRuntime.log(danger(validationError));
+            defaultRuntime.exit(1);
+            return;
+        }
+        const store = loadSecretStore();
+        if (!store.secrets[name]) {
+            defaultRuntime.log(danger(`Secret "${name}" not found.`));
+            defaultRuntime.exit(1);
+            return;
+        }
+        if (!opts.yes) {
+            defaultRuntime.log("");
+            defaultRuntime.log(danger(`⚠️  This will permanently delete secret "${name}"`));
+            defaultRuntime.log("This action cannot be undone.");
+            defaultRuntime.log("");
+            defaultRuntime.log(info("Use --yes to skip this confirmation."));
+            defaultRuntime.exit(1);
+            return;
+        }
+        delete store.secrets[name];
+        saveSecretStore(store);
+        defaultRuntime.log("");
+        defaultRuntime.log(success(`Secret "${name}" deleted successfully.`));
+        defaultRuntime.log("");
+    });
+}
+function parseDuration(duration, fromMs) {
+    const match = duration.match(/^(\d+)([smhdw])$/);
+    if (!match)
+        return undefined;
+    const value = parseInt(match[1], 10);
+    const unit = match[2];
+    const seconds = unit === "s" ? value :
+        unit === "m" ? value * 60 :
+            unit === "h" ? value * 3600 :
+                unit === "d" ? value * 86400 :
+                    unit === "w" ? value * 604800 :
+                        0;
+    return fromMs + (seconds * 1000);
+}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@poolzin/pool-bot",
-  "version": "2026.4.40",
+  "version": "2026.4.41",
   "description": "🎱 Pool Bot - AI assistant with PLCODE integrations",
   "keywords": [],
   "license": "MIT",