@reegaviljoen/eldlock 0.1.0

package/eldlock-cli/package.json

@@ -0,0 +1,71 @@
+{
+  "name": "eldlock-cli",
+  "version": "0.0.0",
+  "private": true,
+  "type": "module",
+  "bin": {
+    "eldlock": "./dist/main.js"
+  },
+  "scripts": {
+    "build": "node scripts/build.mjs",
+    "build:dev": "node scripts/build.mjs --dev",
+    "dev": "tsx src/main.ts",
+    "install:vendored": "npm ci --offline",
+    "typecheck": "tsc --noEmit"
+  },
+  "dependencies": {
+    "@opentui/core": "file:vendor/npm/opentui-core-0.3.1.tgz",
+    "ansi-regex": "file:vendor/npm/ansi-regex-6.2.2.tgz",
+    "bun-ffi-structs": "file:vendor/npm/bun-ffi-structs-0.2.2.tgz",
+    "diff": "file:vendor/npm/diff-9.0.0.tgz",
+    "emoji-regex": "file:vendor/npm/emoji-regex-10.6.0.tgz",
+    "get-east-asian-width": "file:vendor/npm/get-east-asian-width-1.6.0.tgz",
+    "marked": "file:vendor/npm/marked-17.0.1.tgz",
+    "string-width": "file:vendor/npm/string-width-7.2.0.tgz",
+    "strip-ansi": "file:vendor/npm/strip-ansi-7.1.2.tgz",
+    "web-tree-sitter": "file:vendor/npm/web-tree-sitter-0.25.10.tgz",
+    "yoga-layout": "file:vendor/npm/yoga-layout-3.2.1.tgz"
+  },
+  "devDependencies": {
+    "@types/node": "file:vendor/npm/types-node-22.19.19.tgz",
+    "esbuild": "file:vendor/npm/esbuild-0.28.0.tgz",
+    "tsx": "file:vendor/npm/tsx-4.22.4.tgz",
+    "typescript": "file:vendor/npm/typescript-5.9.3.tgz",
+    "undici-types": "file:vendor/npm/undici-types-6.21.0.tgz"
+  },
+  "optionalDependencies": {
+    "@esbuild/aix-ppc64": "file:vendor/npm/esbuild-aix-ppc64-0.28.0.tgz",
+    "@esbuild/android-arm": "file:vendor/npm/esbuild-android-arm-0.28.0.tgz",
+    "@esbuild/android-arm64": "file:vendor/npm/esbuild-android-arm64-0.28.0.tgz",
+    "@esbuild/android-x64": "file:vendor/npm/esbuild-android-x64-0.28.0.tgz",
+    "@esbuild/darwin-arm64": "file:vendor/npm/esbuild-darwin-arm64-0.28.0.tgz",
+    "@esbuild/darwin-x64": "file:vendor/npm/esbuild-darwin-x64-0.28.0.tgz",
+    "@esbuild/freebsd-arm64": "file:vendor/npm/esbuild-freebsd-arm64-0.28.0.tgz",
+    "@esbuild/freebsd-x64": "file:vendor/npm/esbuild-freebsd-x64-0.28.0.tgz",
+    "@esbuild/linux-arm": "file:vendor/npm/esbuild-linux-arm-0.28.0.tgz",
+    "@esbuild/linux-arm64": "file:vendor/npm/esbuild-linux-arm64-0.28.0.tgz",
+    "@esbuild/linux-ia32": "file:vendor/npm/esbuild-linux-ia32-0.28.0.tgz",
+    "@esbuild/linux-loong64": "file:vendor/npm/esbuild-linux-loong64-0.28.0.tgz",
+    "@esbuild/linux-mips64el": "file:vendor/npm/esbuild-linux-mips64el-0.28.0.tgz",
+    "@esbuild/linux-ppc64": "file:vendor/npm/esbuild-linux-ppc64-0.28.0.tgz",
+    "@esbuild/linux-riscv64": "file:vendor/npm/esbuild-linux-riscv64-0.28.0.tgz",
+    "@esbuild/linux-s390x": "file:vendor/npm/esbuild-linux-s390x-0.28.0.tgz",
+    "@esbuild/linux-x64": "file:vendor/npm/esbuild-linux-x64-0.28.0.tgz",
+    "@esbuild/netbsd-arm64": "file:vendor/npm/esbuild-netbsd-arm64-0.28.0.tgz",
+    "@esbuild/netbsd-x64": "file:vendor/npm/esbuild-netbsd-x64-0.28.0.tgz",
+    "@esbuild/openbsd-arm64": "file:vendor/npm/esbuild-openbsd-arm64-0.28.0.tgz",
+    "@esbuild/openbsd-x64": "file:vendor/npm/esbuild-openbsd-x64-0.28.0.tgz",
+    "@esbuild/openharmony-arm64": "file:vendor/npm/esbuild-openharmony-arm64-0.28.0.tgz",
+    "@esbuild/sunos-x64": "file:vendor/npm/esbuild-sunos-x64-0.28.0.tgz",
+    "@esbuild/win32-arm64": "file:vendor/npm/esbuild-win32-arm64-0.28.0.tgz",
+    "@esbuild/win32-ia32": "file:vendor/npm/esbuild-win32-ia32-0.28.0.tgz",
+    "@esbuild/win32-x64": "file:vendor/npm/esbuild-win32-x64-0.28.0.tgz",
+    "@opentui/core-darwin-arm64": "file:vendor/npm/opentui-core-darwin-arm64-0.3.1.tgz",
+    "@opentui/core-darwin-x64": "file:vendor/npm/opentui-core-darwin-x64-0.3.1.tgz",
+    "@opentui/core-linux-arm64": "file:vendor/npm/opentui-core-linux-arm64-0.3.1.tgz",
+    "@opentui/core-linux-x64": "file:vendor/npm/opentui-core-linux-x64-0.3.1.tgz",
+    "@opentui/core-win32-arm64": "file:vendor/npm/opentui-core-win32-arm64-0.3.1.tgz",
+    "@opentui/core-win32-x64": "file:vendor/npm/opentui-core-win32-x64-0.3.1.tgz",
+    "fsevents": "file:vendor/npm/fsevents-2.3.3.tgz"
+  }
+}

package/eldlock-cli/src/api.ts

@@ -0,0 +1,250 @@
+import crypto from "node:crypto";
+import fs from "node:fs";
+import net from "node:net";
+import os from "node:os";
+import path from "node:path";
+import process from "node:process";
+
+export type SecretType = "env" | "ssh";
+export type OutputMode = "plain" | "clipboard";
+
+export type EldlockRequest = {
+  action: string;
+  vault?: string;
+  name?: string;
+  type?: SecretType;
+  value?: string;
+  source_path?: string;
+  output?: OutputMode;
+  pin?: string;
+  command?: string[];
+  shell?: string;
+  shell_command?: string;
+  interactive?: boolean;
+  cwd?: string;
+  env?: Record<string, string>;
+};
+
+export type EldlockResponse = {
+  ok: boolean;
+  message?: string;
+  value?: string;
+  stdout?: string;
+  stderr?: string;
+  exit_code?: number;
+  imported?: number;
+  env?: Record<string, string>;
+  secrets?: Array<{ name: string; type: SecretType }>;
+  error?: string;
+  code?: string;
+};
+
+export async function requestWithPINPrompt(payload: EldlockRequest): Promise<EldlockResponse> {
+  let pin: string | undefined;
+  for (let attempt = 0; attempt < 3; attempt += 1) {
+    const response = await request(pin ? { ...payload, pin } : payload);
+    if (response.ok || (response.code !== "pin_required" && response.code !== "pin_invalid")) {
+      return response;
+    }
+    if (response.code === "pin_invalid") {
+      console.error("eldlock: PIN was invalid; try again.");
+    }
+    pin = await promptHidden("YubiKey PIN: ");
+  }
+  return { ok: false, code: "pin_invalid", error: "YubiKey PIN failed too many times" };
+}
+
+export function request(payload: EldlockRequest): Promise<EldlockResponse> {
+  return new Promise((resolve, reject) => {
+    const chunks: Buffer[] = [];
+    const socket = net.createConnection(defaultSocketPath());
+
+    socket.on("connect", () => {
+      socket.write(`${JSON.stringify(payload)}\n`);
+    });
+    socket.on("data", (chunk: Buffer) => {
+      chunks.push(chunk);
+      if (chunk.includes(10)) {
+        socket.end();
+      }
+    });
+    socket.on("error", (error: NodeJS.ErrnoException) => {
+      if (error.code === "ENOENT" || error.code === "ECONNREFUSED") {
+        reject(new Error(`could not connect to eldlock-server at ${defaultSocketPath()}; start it with "eldlock start"`));
+        return;
+      }
+      reject(error);
+    });
+    socket.on("end", () => {
+      try {
+        const line = Buffer.concat(chunks).toString("utf8").trim();
+        resolve(JSON.parse(line) as EldlockResponse);
+      } catch (error) {
+        reject(error);
+      }
+    });
+  });
+}
+
+export function checkServerHealth(): Promise<EldlockResponse> {
+  return new Promise((resolve) => {
+    request({ action: "health" })
+      .then(resolve)
+      .catch((error: unknown) => {
+        const message = error instanceof Error ? error.message : String(error);
+        resolve({ ok: false, error: message });
+      });
+  });
+}
+
+export function printResponse(response: EldlockResponse): void {
+  if (!response.ok) {
+    throw new Error(response.error ?? "request failed");
+  }
+  if (response.value !== undefined) {
+    process.stdout.write(response.value);
+    if (!response.value.endsWith("\n")) {
+      process.stdout.write("\n");
+    }
+    return;
+  }
+  if (response.message) {
+    console.log(response.message);
+  }
+}
+
+export function defaultSocketPath(): string {
+  if (process.env.ELDLOCK_SOCKET) {
+    return process.env.ELDLOCK_SOCKET;
+  }
+  const digest = crypto.createHash("sha256").update(defaultStateDir()).digest("hex").slice(0, 16);
+  return path.join(os.tmpdir(), "eldlock", digest, "daemon.sock");
+}
+
+export function defaultStateDir(): string {
+  return process.env.ELDLOCK_STATE_DIR ?? path.join(process.cwd(), ".eldlock");
+}
+
+export function defaultPidPath(): string {
+  return path.join(defaultStateDir(), "server.pid");
+}
+
+export function defaultLogPath(): string {
+  return path.join(defaultStateDir(), "server.log");
+}
+
+export function readPid(): number | undefined {
+  try {
+    const raw = fs.readFileSync(defaultPidPath(), "utf8").trim();
+    const pid = Number.parseInt(raw, 10);
+    return Number.isFinite(pid) ? pid : undefined;
+  } catch (error) {
+    if (isNodeError(error) && error.code === "ENOENT") {
+      return undefined;
+    }
+    throw error;
+  }
+}
+
+export function isPidAlive(pid: number): boolean {
+  try {
+    process.kill(pid, 0);
+    return true;
+  } catch (error) {
+    if (isNodeError(error) && error.code === "ESRCH") {
+      return false;
+    }
+    if (isNodeError(error) && error.code === "EPERM") {
+      return true;
+    }
+    throw error;
+  }
+}
+
+export function cleanupPidFile(): void {
+  try {
+    fs.unlinkSync(defaultPidPath());
+  } catch (error) {
+    if (isNodeError(error) && error.code === "ENOENT") {
+      return;
+    }
+    throw error;
+  }
+}
+
+export async function waitForHealth(timeoutMs: number): Promise<EldlockResponse> {
+  const deadline = Date.now() + timeoutMs;
+  let last: EldlockResponse = { ok: false };
+  while (Date.now() < deadline) {
+    last = await checkServerHealth();
+    if (last.ok) {
+      return last;
+    }
+    await sleep(100);
+  }
+  return last;
+}
+
+export async function waitForStop(pid: number, timeoutMs: number): Promise<void> {
+  const deadline = Date.now() + timeoutMs;
+  while (Date.now() < deadline) {
+    if (!isPidAlive(pid)) {
+      return;
+    }
+    await sleep(100);
+  }
+  throw new Error(`timed out waiting for eldlock-server pid ${pid} to stop`);
+}
+
+export function sleep(ms: number): Promise<void> {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+
+export function isNodeError(error: unknown): error is NodeJS.ErrnoException {
+  return error instanceof Error && "code" in error;
+}
+
+function promptHidden(prompt: string): Promise<string> {
+  if (!process.stdin.isTTY || !process.stdout.isTTY) {
+    throw new Error("YubiKey PIN is required, but this terminal is not interactive");
+  }
+
+  return new Promise((resolve, reject) => {
+    const stdin = process.stdin;
+    const wasRaw = stdin.isRaw;
+    let value = "";
+
+    const cleanup = (): void => {
+      stdin.off("data", onData);
+      stdin.setRawMode(wasRaw);
+      stdin.pause();
+      process.stdout.write("\n");
+    };
+
+    const onData = (chunk: Buffer): void => {
+      const text = chunk.toString("utf8");
+      for (const char of text) {
+        if (char === "\u0003") {
+          cleanup();
+          reject(new Error("cancelled"));
+          return;
+        }
+        if (char === "\r" || char === "\n") {
+          cleanup();
+          resolve(value);
+          return;
+        }
+        if (char === "\u007f" || char === "\b") {
+          value = value.slice(0, -1);
+          continue;
+        }
+        value += char;
+      }
+    };
+
+    process.stdout.write(prompt);
+    stdin.setRawMode(true);
+    stdin.resume();
+    stdin.on("data", onData);
+  });
+}