@rafay99/cvx 0.30.0 → 0.35.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +54 -4
- package/cvx.1 +31 -4
- package/package.json +6 -6
package/README.md
CHANGED
|
@@ -117,6 +117,14 @@ cd ~/Code/project-b && cvx link work
|
|
|
117
117
|
cd ~/Code/project-c && cvx link personal # one account → many projects
|
|
118
118
|
```
|
|
119
119
|
|
|
120
|
+
## Safety net: the wrong-account guard
|
|
121
|
+
|
|
122
|
+
The Convex CLI stamps a `# team: …` note on the `CONVEX_DEPLOYMENT` line of
|
|
123
|
+
`.env.local`. On every activation (including the automatic cd-hook), cvx
|
|
124
|
+
cross-checks that team against the linked account's teams and warns loudly on
|
|
125
|
+
a mismatch — catching "about to deploy with the wrong account" *before* it
|
|
126
|
+
happens. `cvx status` shows the same warning.
|
|
127
|
+
|
|
120
128
|
## Daily use
|
|
121
129
|
|
|
122
130
|
```bash
|
|
@@ -134,21 +142,24 @@ bun run dev # runs as work — both live simultaneously
|
|
|
134
142
|
| --- | --- |
|
|
135
143
|
| `cvx add [name]` | Store the current `~/.convex` login as an account |
|
|
136
144
|
| `cvx login <name>` | `npx convex login`, then store it as `<name>` |
|
|
137
|
-
| `cvx refresh <account>` | Re-authenticate
|
|
145
|
+
| `cvx refresh <account>` / `--all` | Re-authenticate one account — or every account in one sitting |
|
|
138
146
|
| `cvx link <account> [path]` | Link a project dir (default cwd) to an account |
|
|
139
147
|
| `cvx unlink [path]` | Remove a link |
|
|
140
148
|
| `cvx rename <old> <new>` | Rename an account, keeping its links |
|
|
141
149
|
| `cvx rm <account>` | Forget an account and its links |
|
|
142
|
-
| `cvx use` | Activate this dir's account
|
|
150
|
+
| `cvx use [account]` | Activate by name from anywhere — or this dir's account / an interactive pick |
|
|
143
151
|
| `cvx run <account> -- <cmd>` | Run one command as `<account>` without changing the global login |
|
|
144
152
|
| `cvx open` | Open the Convex dashboard for this project's deployment |
|
|
145
153
|
| `cvx activate [-q]` | Activate this dir's account (the hook calls this) |
|
|
146
154
|
| `cvx status [--json]` | Show the active account and this dir's link |
|
|
147
|
-
| `cvx accounts` | List stored accounts |
|
|
155
|
+
| `cvx accounts` | List stored accounts (with when each token was last verified) |
|
|
148
156
|
| `cvx ls` | List linked projects |
|
|
149
157
|
| `cvx which [path]` | Print the account name for a dir (scripting) |
|
|
150
158
|
| `cvx prompt` | Print the active account name (for a shell prompt segment) |
|
|
151
159
|
| `cvx keychain <status\|enable\|disable>` | Store tokens in the OS keychain instead of a file |
|
|
160
|
+
| `cvx vault <status\|encrypt\|decrypt\|unlock\|lock>` | Passphrase-encrypt stored tokens (unlock once per session) |
|
|
161
|
+
| `cvx export [file]` / `cvx import <file>` | Encrypted vault backup / restore — new-machine setup in one command |
|
|
162
|
+
| `cvx upgrade` | Check for a newer release and print the exact upgrade command |
|
|
152
163
|
| `cvx doctor` | Check setup + per-account token health |
|
|
153
164
|
| `cvx completions <shell>` | Print a completion script (zsh/bash/fish/powershell) |
|
|
154
165
|
| `cvx hook [--install] [--shell …]` | Install the cd-hook (zsh/bash/fish/nu/powershell) |
|
|
@@ -199,11 +210,17 @@ a single binary, so the split costs nothing at build time.
|
|
|
199
210
|
|
|
200
211
|
```
|
|
201
212
|
bin/cvx.ts entry point + command dispatch
|
|
202
|
-
src/
|
|
213
|
+
src/paths.ts the ONE place HOME is resolved (CVX_HOME sandbox support)
|
|
214
|
+
src/store.ts data layer: vault I/O, the config swap, token verify
|
|
203
215
|
src/ui.ts the logo banner, first-run welcome, help
|
|
204
216
|
src/colors.ts the palette (edit here to re-theme)
|
|
205
217
|
src/commands.ts one function per subcommand
|
|
206
218
|
src/hooks.ts zsh / bash / PowerShell shell-hook snippets
|
|
219
|
+
src/keychain.ts OS keychain / DPAPI token backends
|
|
220
|
+
src/crypto.ts scrypt + AES-256-GCM (vault encryption, export files)
|
|
221
|
+
src/vault.ts passphrase-encrypted vault + session unlock
|
|
222
|
+
src/transfer.ts cvx export / import (encrypted backups)
|
|
223
|
+
src/upgrade.ts cvx upgrade (release check)
|
|
207
224
|
src/system.ts external-tool checks (node/npx)
|
|
208
225
|
src/args.ts flag parsing
|
|
209
226
|
man/cvx.1 man page (installed by Homebrew/npm → `man cvx`)
|
|
@@ -212,6 +229,39 @@ man/cvx.1 man page (installed by Homebrew/npm → `man cvx`)
|
|
|
212
229
|
First run of a bare `cvx` shows a welcome screen; `cvx welcome` shows it again,
|
|
213
230
|
and `man cvx` opens the manual.
|
|
214
231
|
|
|
232
|
+
## Testing
|
|
233
|
+
|
|
234
|
+
```sh
|
|
235
|
+
bun test # full suite: parser + store units, and an e2e matrix that
|
|
236
|
+
# drives every command against a throwaway CVX_HOME
|
|
237
|
+
```
|
|
238
|
+
|
|
239
|
+
The suite runs in ~2s, needs no setup, and never touches your real vault —
|
|
240
|
+
CI (`.github/workflows/test.yml`) runs it on every PR. Three flows can't run
|
|
241
|
+
headless and stay manual (use the sandbox below): real `cvx login` (browser),
|
|
242
|
+
the interactive migration prompt (needs a PTY), and `cvx keychain enable`
|
|
243
|
+
(the OS keychain is per-user).
|
|
244
|
+
|
|
245
|
+
## Testing safely (sandbox)
|
|
246
|
+
|
|
247
|
+
Never test a build against your real vault. Everything cvx touches — the vault,
|
|
248
|
+
the global `~/.convex/config.json` it swaps, the rc files `hook --install`
|
|
249
|
+
edits — resolves from one base directory, and setting `CVX_HOME` relocates all
|
|
250
|
+
of it:
|
|
251
|
+
|
|
252
|
+
```sh
|
|
253
|
+
scripts/sandbox.sh # build + drop into a shell with an EMPTY sandbox vault
|
|
254
|
+
scripts/sandbox.sh --copy-vault # same, but seeded with a COPY of your real vault
|
|
255
|
+
```
|
|
256
|
+
|
|
257
|
+
Inside that shell `cvx` is the fresh build and every command — `link`,
|
|
258
|
+
`activate`, `rm`, even the migration prompt and `hook --install` — reads and
|
|
259
|
+
writes only the sandbox. `exit` to leave; your real setup is never touched.
|
|
260
|
+
Works without the script too: `CVX_HOME=/tmp/try cvx status`.
|
|
261
|
+
|
|
262
|
+
One exception can't be sandboxed: the OS keychain is per-user, so skip
|
|
263
|
+
`cvx keychain enable` in a sandbox (the default file backend is used anyway).
|
|
264
|
+
|
|
215
265
|
## Releasing
|
|
216
266
|
|
|
217
267
|
Pushing to `main` (touching `bin/**` or `package.json`) triggers
|
package/cvx.1
CHANGED
|
@@ -52,10 +52,12 @@ PowerShell \fB$PROFILE\fR). The shell is auto-detected when \fB--shell\fR is omi
|
|
|
52
52
|
Print a shell completion script (completes commands and account names).
|
|
53
53
|
.SS Everyday
|
|
54
54
|
.TP
|
|
55
|
-
.B cvx use \fR[\fIpath\fR]
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
55
|
+
.B cvx use \fR[\fIaccount\fR|\fIpath\fR]
|
|
56
|
+
With an account name: activate that account globally, from anywhere. With a
|
|
57
|
+
path (or nothing): activate the directory's linked account; if unlinked and
|
|
58
|
+
the terminal is interactive, pick from a list (uses \fBfzf\fR if installed)
|
|
59
|
+
and optionally link the directory. A name wins over a same-named directory
|
|
60
|
+
\(em use \fI./dir\fR to force the path meaning.
|
|
59
61
|
.TP
|
|
60
62
|
.B cvx run \fIaccount\fR \fR[\fB--\fR] \fIcommand\fR ...
|
|
61
63
|
Run \fIcommand\fR with the given account active for that process only, by
|
|
@@ -97,6 +99,24 @@ Show or change where account tokens are stored. \fBenable\fR moves them into the
|
|
|
97
99
|
OS keychain (macOS Keychain, libsecret on Linux, DPAPI on Windows); \fBdisable\fR
|
|
98
100
|
moves them back to the chmod-600 file vault.
|
|
99
101
|
.TP
|
|
102
|
+
.B cvx vault \fR<\fBstatus\fR|\fBencrypt\fR|\fBdecrypt\fR|\fBunlock\fR|\fBlock\fR>
|
|
103
|
+
Passphrase-encrypt the stored tokens (AES-256-GCM, scrypt-derived key).
|
|
104
|
+
\fBunlock\fR caches the key for the session (cleared by \fBlock\fR or a
|
|
105
|
+
reboot); while locked, tokens are unreadable and commands point at
|
|
106
|
+
\fBcvx vault unlock\fR. Scripts can set \fBCVX_PASSPHRASE\fR instead.
|
|
107
|
+
.TP
|
|
108
|
+
.B cvx export \fR[\fIfile\fR] / \fBcvx import \fR\fIfile\fR [\fB--force\fR]
|
|
109
|
+
Write a passphrase-encrypted backup of the vault (accounts + links), and
|
|
110
|
+
restore it on another machine. Import merges; existing names are kept unless
|
|
111
|
+
\fB--force\fR.
|
|
112
|
+
.TP
|
|
113
|
+
.B cvx refresh --all
|
|
114
|
+
Re-authenticate every stored account in one sitting (a browser sign-in each).
|
|
115
|
+
.TP
|
|
116
|
+
.B cvx upgrade
|
|
117
|
+
Check for a newer cvx release and print the exact upgrade command for how it
|
|
118
|
+
was installed (Homebrew, npm/bun, or GitHub tarball).
|
|
119
|
+
.TP
|
|
100
120
|
.B cvx doctor \fR[\fB--no-tokens\fR]
|
|
101
121
|
Check your setup and report problems: Node/npx availability, whether you have a
|
|
102
122
|
Convex login, vault integrity, the token storage backend, the active account,
|
|
@@ -125,6 +145,13 @@ The Convex CLI's global login, which \fBcvx\fR rewrites.
|
|
|
125
145
|
.TP
|
|
126
146
|
.B NO_COLOR
|
|
127
147
|
Disable colored output.
|
|
148
|
+
.TP
|
|
149
|
+
.B CVX_HOME
|
|
150
|
+
Relocate everything cvx touches (vault, global Convex config, hook rc files)
|
|
151
|
+
under this directory \(em a fully isolated sandbox for testing.
|
|
152
|
+
.TP
|
|
153
|
+
.B CVX_PASSPHRASE
|
|
154
|
+
Non-interactive passphrase for \fBcvx vault\fR and \fBcvx export\fR/\fBimport\fR.
|
|
128
155
|
.SH EXAMPLES
|
|
129
156
|
.PP
|
|
130
157
|
Add two accounts and wire up projects:
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@rafay99/cvx",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.35.0",
|
|
4
4
|
"description": "Switch Convex accounts per project automatically — run many Convex accounts across projects at once, no login/logout churn, no deploy keys, no tokens in your repos",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"convex", "convex-dev", "convex-cli", "cli", "command-line",
|
|
@@ -19,10 +19,10 @@
|
|
|
19
19
|
"files": ["launcher.cjs", "cvx.1", "README.md", "LICENSE"],
|
|
20
20
|
"engines": { "node": ">=16" },
|
|
21
21
|
"optionalDependencies": {
|
|
22
|
-
"@rafay99/cvx-darwin-arm64": "0.
|
|
23
|
-
"@rafay99/cvx-darwin-x64": "0.
|
|
24
|
-
"@rafay99/cvx-linux-x64": "0.
|
|
25
|
-
"@rafay99/cvx-linux-arm64": "0.
|
|
26
|
-
"@rafay99/cvx-win32-x64": "0.
|
|
22
|
+
"@rafay99/cvx-darwin-arm64": "0.35.0",
|
|
23
|
+
"@rafay99/cvx-darwin-x64": "0.35.0",
|
|
24
|
+
"@rafay99/cvx-linux-x64": "0.35.0",
|
|
25
|
+
"@rafay99/cvx-linux-arm64": "0.35.0",
|
|
26
|
+
"@rafay99/cvx-win32-x64": "0.35.0"
|
|
27
27
|
}
|
|
28
28
|
}
|