@reegaviljoen/eldlock 0.1.0

package/eldlock-server/vendor/github.com/pkg/errors/stack.go

@@ -0,0 +1,177 @@
+package errors
+
+import (
+	"fmt"
+	"io"
+	"path"
+	"runtime"
+	"strconv"
+	"strings"
+)
+
+// Frame represents a program counter inside a stack frame.
+// For historical reasons if Frame is interpreted as a uintptr
+// its value represents the program counter + 1.
+type Frame uintptr
+
+// pc returns the program counter for this frame;
+// multiple frames may have the same PC value.
+func (f Frame) pc() uintptr { return uintptr(f) - 1 }
+
+// file returns the full path to the file that contains the
+// function for this Frame's pc.
+func (f Frame) file() string {
+	fn := runtime.FuncForPC(f.pc())
+	if fn == nil {
+		return "unknown"
+	}
+	file, _ := fn.FileLine(f.pc())
+	return file
+}
+
+// line returns the line number of source code of the
+// function for this Frame's pc.
+func (f Frame) line() int {
+	fn := runtime.FuncForPC(f.pc())
+	if fn == nil {
+		return 0
+	}
+	_, line := fn.FileLine(f.pc())
+	return line
+}
+
+// name returns the name of this function, if known.
+func (f Frame) name() string {
+	fn := runtime.FuncForPC(f.pc())
+	if fn == nil {
+		return "unknown"
+	}
+	return fn.Name()
+}
+
+// Format formats the frame according to the fmt.Formatter interface.
+//
+//    %s    source file
+//    %d    source line
+//    %n    function name
+//    %v    equivalent to %s:%d
+//
+// Format accepts flags that alter the printing of some verbs, as follows:
+//
+//    %+s   function name and path of source file relative to the compile time
+//          GOPATH separated by \n\t (<funcname>\n\t<path>)
+//    %+v   equivalent to %+s:%d
+func (f Frame) Format(s fmt.State, verb rune) {
+	switch verb {
+	case 's':
+		switch {
+		case s.Flag('+'):
+			io.WriteString(s, f.name())
+			io.WriteString(s, "\n\t")
+			io.WriteString(s, f.file())
+		default:
+			io.WriteString(s, path.Base(f.file()))
+		}
+	case 'd':
+		io.WriteString(s, strconv.Itoa(f.line()))
+	case 'n':
+		io.WriteString(s, funcname(f.name()))
+	case 'v':
+		f.Format(s, 's')
+		io.WriteString(s, ":")
+		f.Format(s, 'd')
+	}
+}
+
+// MarshalText formats a stacktrace Frame as a text string. The output is the
+// same as that of fmt.Sprintf("%+v", f), but without newlines or tabs.
+func (f Frame) MarshalText() ([]byte, error) {
+	name := f.name()
+	if name == "unknown" {
+		return []byte(name), nil
+	}
+	return []byte(fmt.Sprintf("%s %s:%d", name, f.file(), f.line())), nil
+}
+
+// StackTrace is stack of Frames from innermost (newest) to outermost (oldest).
+type StackTrace []Frame
+
+// Format formats the stack of Frames according to the fmt.Formatter interface.
+//
+//    %s	lists source files for each Frame in the stack
+//    %v	lists the source file and line number for each Frame in the stack
+//
+// Format accepts flags that alter the printing of some verbs, as follows:
+//
+//    %+v   Prints filename, function, and line number for each Frame in the stack.
+func (st StackTrace) Format(s fmt.State, verb rune) {
+	switch verb {
+	case 'v':
+		switch {
+		case s.Flag('+'):
+			for _, f := range st {
+				io.WriteString(s, "\n")
+				f.Format(s, verb)
+			}
+		case s.Flag('#'):
+			fmt.Fprintf(s, "%#v", []Frame(st))
+		default:
+			st.formatSlice(s, verb)
+		}
+	case 's':
+		st.formatSlice(s, verb)
+	}
+}
+
+// formatSlice will format this StackTrace into the given buffer as a slice of
+// Frame, only valid when called with '%s' or '%v'.
+func (st StackTrace) formatSlice(s fmt.State, verb rune) {
+	io.WriteString(s, "[")
+	for i, f := range st {
+		if i > 0 {
+			io.WriteString(s, " ")
+		}
+		f.Format(s, verb)
+	}
+	io.WriteString(s, "]")
+}
+
+// stack represents a stack of program counters.
+type stack []uintptr
+
+func (s *stack) Format(st fmt.State, verb rune) {
+	switch verb {
+	case 'v':
+		switch {
+		case st.Flag('+'):
+			for _, pc := range *s {
+				f := Frame(pc)
+				fmt.Fprintf(st, "\n%+v", f)
+			}
+		}
+	}
+}
+
+func (s *stack) StackTrace() StackTrace {
+	f := make([]Frame, len(*s))
+	for i := 0; i < len(f); i++ {
+		f[i] = Frame((*s)[i])
+	}
+	return f
+}
+
+func callers() *stack {
+	const depth = 32
+	var pcs [depth]uintptr
+	n := runtime.Callers(3, pcs[:])
+	var st stack = pcs[0:n]
+	return &st
+}
+
+// funcname removes the path prefix component of a function's name reported by func.Name().
+func funcname(name string) string {
+	i := strings.LastIndex(name, "/")
+	name = name[i+1:]
+	i = strings.Index(name, ".")
+	return name[i+1:]
+}

package/eldlock-server/vendor/modules.txt

@@ -0,0 +1,7 @@
+# github.com/keys-pub/go-libfido2 v1.5.3 => ./internal/libfido2
+## explicit; go 1.13
+github.com/keys-pub/go-libfido2
+# github.com/pkg/errors v0.9.1
+## explicit
+github.com/pkg/errors
+# github.com/keys-pub/go-libfido2 => ./internal/libfido2

package/examples/eldlock.toml

@@ -0,0 +1,17 @@
+# Example per-project Eldlock config.
+# This file maps normal env var names to secrets stored in the local vault.
+
+[env]
+OPENAI_API_KEY = "personal/openai/api_key"
+GITHUB_TOKEN = "personal/github/token"
+DATABASE_URL = "work/project/database_url"
+
+[policy]
+approval = "per-session"
+ttl = "15m"
+require_yubikey = true
+
+[allow]
+cwd = "."
+processes = ["bin/dev", "rails", "bundle", "npm", "node", "python"]
+

package/install.sh

@@ -0,0 +1,66 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+repo="${ELDLOCK_REPO:-reeganviljoen/eldlock}"
+ref="${ELDLOCK_REF:-main}"
+install_dir="${ELDLOCK_INSTALL_DIR:-$HOME/.local/share/eldlock}"
+bin_dir="${ELDLOCK_BIN_DIR:-$HOME/.local/bin}"
+
+need() {
+  if ! command -v "$1" >/dev/null 2>&1; then
+    echo "eldlock install: missing required command: $1" >&2
+    exit 1
+  fi
+}
+
+need curl
+need tar
+need node
+need npm
+if ! command -v go >/dev/null 2>&1 && [ -z "${ELDLOCK_GO_PATH:-}" ]; then
+  echo "eldlock install: missing required command: go" >&2
+  echo "Set ELDLOCK_GO_PATH=/path/to/go if Go is installed outside PATH." >&2
+  exit 1
+fi
+
+case "$(uname -s)" in
+  Darwin|Linux) ;;
+  *)
+    echo "eldlock install: only macOS and Linux are supported right now" >&2
+    exit 1
+    ;;
+esac
+
+tmp="$(mktemp -d)"
+cleanup() {
+  rm -rf "$tmp"
+}
+trap cleanup EXIT
+
+archive="$tmp/eldlock.tar.gz"
+src="$tmp/src"
+mkdir -p "$src"
+
+url="https://api.github.com/repos/$repo/tarball/$ref"
+echo "Downloading eldlock from $repo@$ref"
+
+if [ -n "${GITHUB_TOKEN:-}" ]; then
+  curl -fsSL -H "Authorization: Bearer $GITHUB_TOKEN" "$url" -o "$archive"
+else
+  curl -fsSL "$url" -o "$archive"
+fi
+
+tar -xzf "$archive" -C "$src" --strip-components=1
+
+cd "$src"
+node scripts/build-production.mjs --install-dir "$install_dir" --bin-dir "$bin_dir"
+
+echo ""
+echo "Eldlock installed."
+echo ""
+echo "Add this to your shell profile if it is not already there:"
+echo "  export PATH=\"$bin_dir:\$PATH\""
+echo ""
+echo "Then run:"
+echo "  eldlock start"
+echo "  eldlock init"

package/package.json

@@ -0,0 +1,66 @@
+{
+  "name": "@reegaviljoen/eldlock",
+  "version": "0.1.0",
+  "private": false,
+  "bin": {
+    "eldlock": "bin/eldlock"
+  },
+  "files": [
+    "README.md",
+    "install.sh",
+    "bin/",
+    "docs/",
+    "examples/",
+    "scripts/build-production.mjs",
+    "scripts/postinstall-production.mjs",
+    "eldlock-cli/bin/",
+    "eldlock-cli/package.json",
+    "eldlock-cli/package-lock.json",
+    "eldlock-cli/src/",
+    "eldlock-cli/tsconfig.json",
+    "eldlock-cli/vendor/npm/ansi-regex-6.2.2.tgz",
+    "eldlock-cli/vendor/npm/bun-ffi-structs-0.2.2.tgz",
+    "eldlock-cli/vendor/npm/diff-9.0.0.tgz",
+    "eldlock-cli/vendor/npm/emoji-regex-10.6.0.tgz",
+    "eldlock-cli/vendor/npm/esbuild-0.28.0.tgz",
+    "eldlock-cli/vendor/npm/esbuild-darwin-arm64-0.28.0.tgz",
+    "eldlock-cli/vendor/npm/esbuild-darwin-x64-0.28.0.tgz",
+    "eldlock-cli/vendor/npm/esbuild-linux-arm64-0.28.0.tgz",
+    "eldlock-cli/vendor/npm/esbuild-linux-x64-0.28.0.tgz",
+    "eldlock-cli/vendor/npm/fsevents-2.3.3.tgz",
+    "eldlock-cli/vendor/npm/get-east-asian-width-1.6.0.tgz",
+    "eldlock-cli/vendor/npm/marked-17.0.1.tgz",
+    "eldlock-cli/vendor/npm/opentui-core-0.3.1.tgz",
+    "eldlock-cli/vendor/npm/opentui-core-darwin-arm64-0.3.1.tgz",
+    "eldlock-cli/vendor/npm/opentui-core-darwin-x64-0.3.1.tgz",
+    "eldlock-cli/vendor/npm/opentui-core-linux-arm64-0.3.1.tgz",
+    "eldlock-cli/vendor/npm/opentui-core-linux-x64-0.3.1.tgz",
+    "eldlock-cli/vendor/npm/string-width-7.2.0.tgz",
+    "eldlock-cli/vendor/npm/strip-ansi-7.1.2.tgz",
+    "eldlock-cli/vendor/npm/tsx-4.22.4.tgz",
+    "eldlock-cli/vendor/npm/types-node-22.19.19.tgz",
+    "eldlock-cli/vendor/npm/typescript-5.9.3.tgz",
+    "eldlock-cli/vendor/npm/undici-types-6.21.0.tgz",
+    "eldlock-cli/vendor/npm/web-tree-sitter-0.25.10.tgz",
+    "eldlock-cli/vendor/npm/yoga-layout-3.2.1.tgz",
+    "eldlock-server/cmd/",
+    "eldlock-server/go.mod",
+    "eldlock-server/go.sum",
+    "eldlock-server/internal/",
+    "eldlock-server/vendor/"
+  ],
+  "publishConfig": {
+    "access": "public"
+  },
+  "scripts": {
+    "build": "npm --prefix eldlock-cli run build --",
+    "build:prod": "node scripts/build-production.mjs",
+    "build:dev": "npm --prefix eldlock-cli run build:dev --",
+    "dev": "npm --prefix eldlock-cli run dev --",
+    "install:local": "node scripts/build-production.mjs --install-dir \"$HOME/.local/share/eldlock\" --bin-dir \"$HOME/.local/bin\"",
+    "install:vendored": "npm --prefix eldlock-cli run install:vendored",
+    "postinstall": "node scripts/postinstall-production.mjs",
+    "release": "node scripts/release.mjs",
+    "typecheck": "npm --prefix eldlock-cli run typecheck"
+  }
+}

package/scripts/build-production.mjs

@@ -0,0 +1,177 @@
+#!/usr/bin/env node
+
+import { spawnSync } from "node:child_process";
+import fs from "node:fs";
+import path from "node:path";
+import process from "node:process";
+
+const repoDir = path.resolve(import.meta.dirname, "..");
+const serverDir = path.join(repoDir, "eldlock-server");
+const cliDir = path.join(repoDir, "eldlock-cli");
+const installDir = path.resolve(valueAfter("--install-dir") ?? path.join(repoDir, "dist", "eldlock"));
+const binDir = path.resolve(valueAfter("--bin-dir") ?? path.join(installDir, "bin"));
+const runtimeDir = path.join(installDir, "lib", "eldlock-cli");
+const serverBin = path.join(installDir, "bin", "eldlock-server");
+const commandPath = path.join(binDir, "eldlock");
+
+assertPlatform();
+const goBin = resolveCommand("go", process.env.ELDLOCK_GO_PATH);
+resolveCommand("node", process.env.ELDLOCK_NODE_PATH);
+const npmBin = resolveCommand("npm", process.env.ELDLOCK_NPM_PATH);
+const env = buildEnv();
+
+console.log("==> installing vendored npm dependencies");
+run(npmBin, ["ci", "--offline"], { cwd: cliDir, env });
+
+console.log("==> building eldlock-cli");
+run(path.join(cliDir, "node_modules", ".bin", "tsc"), [], { cwd: cliDir, env });
+
+console.log("==> building eldlock-server");
+fs.mkdirSync(path.dirname(serverBin), { recursive: true });
+run(goBin, ["build", "-mod=vendor", "-o", serverBin, "./cmd/eldlock-server"], { cwd: serverDir, env });
+
+console.log("==> installing runtime files");
+fs.rmSync(runtimeDir, { recursive: true, force: true });
+fs.mkdirSync(runtimeDir, { recursive: true });
+copyDir(path.join(cliDir, "dist"), path.join(runtimeDir, "dist"));
+copyDir(path.join(cliDir, "node_modules"), path.join(runtimeDir, "node_modules"));
+fs.copyFileSync(path.join(cliDir, "package.json"), path.join(runtimeDir, "package.json"));
+
+console.log("==> installing eldlock command");
+fs.mkdirSync(binDir, { recursive: true });
+fs.writeFileSync(commandPath, commandScript({ installDir }), { mode: 0o755 });
+fs.chmodSync(serverBin, 0o755);
+
+console.log("");
+console.log(`Installed eldlock to ${commandPath}`);
+console.log(`Installed eldlock-server to ${serverBin}`);
+console.log("");
+console.log("Make sure this is on PATH:");
+console.log(`  export PATH="${binDir}:$PATH"`);
+
+function valueAfter(flag) {
+  const index = process.argv.indexOf(flag);
+  if (index < 0) return undefined;
+  const value = process.argv[index + 1];
+  if (!value || value.startsWith("--")) {
+    throw new Error(`${flag} requires a value`);
+  }
+  return value;
+}
+
+function assertPlatform() {
+  if (!["darwin", "linux"].includes(process.platform)) {
+    throw new Error(`production install supports macOS and Linux, got ${process.platform}`);
+  }
+}
+
+function buildEnv() {
+  const env = { ...process.env };
+  if (!env.ELDLOCK_PASSKEY_PROVIDER) {
+    env.ELDLOCK_PASSKEY_PROVIDER = env.ELDLOCK_STUB_PASSKEY ? "stub" : "fido";
+  }
+  if (env.ELDLOCK_PASSKEY_PROVIDER === "fido") {
+    requireLibfido2();
+    env.GOFLAGS = addGoBuildTag(env.GOFLAGS, "fido2");
+    env.PKG_CONFIG_PATH = [
+      env.PKG_CONFIG_PATH,
+      "/opt/homebrew/opt/libfido2/lib/pkgconfig",
+      "/opt/homebrew/opt/openssl@3/lib/pkgconfig",
+    ].filter(Boolean).join(":");
+  }
+  return env;
+}
+
+function requireLibfido2() {
+  const result = spawnSync("pkg-config", ["--exists", "libfido2"], { encoding: "utf8" });
+  if (result.status !== 0) {
+    const hint = process.platform === "darwin"
+      ? "Install libfido2 with: brew install keys-pub/tap/libfido2"
+      : "Install libfido2 development headers with your package manager, for example: sudo apt install libfido2-dev pkg-config";
+    throw new Error(`libfido2 was not found by pkg-config. ${hint}`);
+  }
+}
+
+function resolveCommand(name, configured) {
+  if (configured) {
+    if (isExecutable(configured)) return configured;
+    throw new Error(`${name} path is not executable: ${configured}`);
+  }
+  for (const dir of (process.env.PATH ?? "").split(path.delimiter)) {
+    if (!dir) continue;
+    const candidate = path.join(dir, name);
+    if (isExecutable(candidate)) return candidate;
+  }
+  if (name === "go") {
+    const miseGo = findMiseGo();
+    if (miseGo) return miseGo;
+  }
+  throw new Error(`could not find ${name} on PATH`);
+}
+
+function findMiseGo() {
+  const installsDir = path.join(process.env.HOME ?? "", ".local", "share", "mise", "installs", "go");
+  if (!fs.existsSync(installsDir)) {
+    return undefined;
+  }
+  const versions = fs.readdirSync(installsDir).sort().reverse();
+  for (const version of versions) {
+    const candidate = path.join(installsDir, version, "bin", "go");
+    if (isExecutable(candidate)) {
+      return candidate;
+    }
+  }
+  return undefined;
+}
+
+function isExecutable(candidate) {
+  try {
+    fs.accessSync(candidate, fs.constants.X_OK);
+    return fs.statSync(candidate).isFile();
+  } catch {
+    return false;
+  }
+}
+
+function addGoBuildTag(goFlags = "", tag) {
+  if (goFlags.includes(`-tags=${tag}`) || goFlags.includes(`-tags ${tag}`)) {
+    return goFlags;
+  }
+  return `${goFlags} -tags=${tag}`.trim();
+}
+
+function run(command, args, options) {
+  const result = spawnSync(command, args, {
+    cwd: options.cwd,
+    env: options.env,
+    stdio: "inherit",
+  });
+  if (result.status !== 0) {
+    throw new Error(`${command} ${args.join(" ")} exited with ${result.status}`);
+  }
+}
+
+function copyDir(from, to) {
+  fs.rmSync(to, { recursive: true, force: true });
+  fs.cpSync(from, to, { recursive: true });
+}
+
+function commandScript({ installDir }) {
+  return `#!/usr/bin/env sh
+set -eu
+export ELDLOCK_SERVER_PATH="${installDir}/bin/eldlock-server"
+export ELDLOCK_STATE_DIR="\${ELDLOCK_STATE_DIR:-$HOME/.eldlock}"
+if [ "\${1:-}" = "" ] || [ "\${1:-}" = "tui" ]; then
+  if [ -n "\${ELDLOCK_TUI_RUNTIME:-}" ]; then
+    exec "\$ELDLOCK_TUI_RUNTIME" "${installDir}/lib/eldlock-cli/dist/main.js" "\$@"
+  fi
+  if command -v bun >/dev/null 2>&1; then
+    exec bun "${installDir}/lib/eldlock-cli/dist/main.js" "\$@"
+  fi
+fi
+if [ -n "\${ELDLOCK_NODE_PATH:-}" ]; then
+  exec "\$ELDLOCK_NODE_PATH" "${installDir}/lib/eldlock-cli/dist/main.js" "\$@"
+fi
+exec node "${installDir}/lib/eldlock-cli/dist/main.js" "\$@"
+`;
+}

package/scripts/postinstall-production.mjs

@@ -0,0 +1,23 @@
+#!/usr/bin/env node
+
+import { spawnSync } from "node:child_process";
+import path from "node:path";
+import process from "node:process";
+
+const packageDir = path.resolve(import.meta.dirname, "..");
+const installDir = path.join(packageDir, ".eldlock-runtime");
+const binDir = path.join(packageDir, "bin");
+
+const result = spawnSync(
+  "node",
+  ["scripts/build-production.mjs", "--install-dir", installDir, "--bin-dir", binDir],
+  {
+    cwd: packageDir,
+    env: process.env,
+    stdio: "inherit",
+  },
+);
+
+if (result.status !== 0) {
+  throw new Error(`build production runtime exited with ${result.status}`);
+}