@reegaviljoen/eldlock 0.1.0

package/eldlock-cli/src/tui.ts

@@ -0,0 +1,676 @@
+import process from "node:process";
+import type { CliRenderer, TextRenderable } from "@opentui/core";
+import { request, type EldlockResponse, type SecretType } from "./api.js";
+
+type TUIMode = "vault" | "pin" | "switch-vault" | "switch-pin" | "browse" | "add-name" | "add-value" | "add-pin" | "edit-value" | "edit-pin" | "delete-pin" | "show-pin" | "show-value" | "import-path" | "import-pin" | "refresh-pin";
+
+type TUIPrompt = {
+  label: string;
+  value: string;
+  hidden: boolean;
+  title: string;
+  help: string[];
+  tone: "neutral" | "danger" | "secret";
+};
+
+type TUIState = {
+  vault: string;
+  secrets: Array<{ name: string; type: SecretType }>;
+  selected: number;
+  message: string;
+  mode: TUIMode;
+  prompt?: TUIPrompt;
+  pendingName?: string;
+  pendingValue?: string;
+  pendingImportPath?: string;
+  revealedName?: string;
+  revealedValue?: string;
+};
+
+export async function openTUI(): Promise<void> {
+  if (!process.stdin.isTTY || !process.stdout.isTTY) {
+    throw new Error("TUI requires an interactive terminal");
+  }
+
+  const { createCliRenderer, TextRenderable } = await import("@opentui/core").catch((error: unknown) => {
+    const message = error instanceof Error ? error.message : String(error);
+    throw new Error(`could not load OpenTUI; run eldlock with Bun or a Node runtime that supports node:ffi: ${message}`);
+  });
+  const renderer = await createCliRenderer({
+    screenMode: "alternate-screen",
+    consoleMode: "disabled",
+    exitOnCtrlC: false,
+    clearOnShutdown: true,
+    useMouse: false,
+    backgroundColor: "#0d1117",
+  });
+  const screen = new TextRenderable(renderer, {
+    id: "eldlock-screen",
+    content: "",
+    width: "100%",
+    height: "100%",
+  });
+  renderer.root.add(screen);
+  const input = createOpenTUIInput(renderer);
+  const state: TUIState = {
+    vault: "",
+    secrets: [],
+    selected: 0,
+    message: "Enter a vault name to begin",
+    mode: "vault",
+    prompt: {
+      label: "Vault name (blank for default)",
+      value: "",
+      hidden: false,
+      title: "Open Vault",
+      help: ["Type the vault name to enter.", "Leave it blank to use the default vault."],
+      tone: "neutral",
+    },
+  };
+
+  try {
+    renderer.start();
+    for (;;) {
+      renderTUI(state, screen, renderer);
+      const key = await input.read();
+      try {
+        const shouldQuit = await handleTUIKey(state, key);
+        if (shouldQuit) {
+          return;
+        }
+      } catch (error) {
+        state.mode = "browse";
+        state.prompt = undefined;
+        state.message = error instanceof Error ? error.message : String(error);
+      }
+    }
+  } finally {
+    input.destroy();
+    renderer.destroy();
+  }
+}
+
+async function loadTUISecrets(vault: string, pin: string): Promise<Array<{ name: string; type: SecretType }>> {
+  const response = await request({ action: "secret.list", vault, pin });
+  if (!response.ok) {
+    throw new Error(response.error ?? "request failed");
+  }
+  return response.secrets ?? [];
+}
+
+async function requireOK(response: EldlockResponse): Promise<void> {
+  if (!response.ok) {
+    throw new Error(response.error ?? "request failed");
+  }
+}
+
+async function handleTUIKey(state: TUIState, key: string): Promise<boolean> {
+  if (key === "\u0003") {
+    return true;
+  }
+  if (state.prompt) {
+    await handlePromptKey(state, key);
+    return false;
+  }
+  if (state.mode === "show-value") {
+    if (key === "q") {
+      return true;
+    }
+    state.revealedName = undefined;
+    state.revealedValue = undefined;
+    state.mode = "browse";
+    state.message = "Secret hidden";
+    return false;
+  }
+
+  switch (key) {
+    case "q":
+      return true;
+    case "\u001b[A":
+    case "k":
+      moveSelection(state, -1);
+      return false;
+    case "\u001b[B":
+    case "j":
+      moveSelection(state, 1);
+      return false;
+    case "a":
+      startPrompt(state, "add-name", "New secret name", false);
+      return false;
+    case "d":
+      requireSelectedSecret(state);
+      startPrompt(state, "delete-pin", `PIN to delete ${selectedSecret(state).name}`, true);
+      return false;
+    case "s":
+      requireSelectedSecret(state);
+      startPrompt(state, "show-pin", `PIN to show ${selectedSecret(state).name}`, true);
+      return false;
+    case "e":
+      requireSelectedSecret(state);
+      startPrompt(state, "edit-value", `New value for ${selectedSecret(state).name}`, true);
+      return false;
+    case "r":
+      startPrompt(state, "refresh-pin", "YubiKey PIN", true);
+      return false;
+    case "v":
+      startPrompt(state, "switch-vault", "Vault name (blank for default)", false);
+      state.prompt!.value = state.vault;
+      state.message = "Switch vault";
+      return false;
+    case "i":
+      startPrompt(state, "import-path", ".env path", false);
+      state.prompt!.value = ".env";
+      state.message = "Import env file";
+      return false;
+    default:
+      state.message = "Use a/d/s/e/i/r/v, arrows or j/k, q";
+      return false;
+  }
+}
+
+async function handlePromptKey(state: TUIState, key: string): Promise<void> {
+  const prompt = state.prompt;
+  if (!prompt) {
+    return;
+  }
+  if (isBracketedPaste(key)) {
+    if (promptAllowsPaste(state)) {
+      prompt.value += normalizePastedPromptText(extractBracketedPaste(key));
+    }
+    return;
+  }
+  if (isEscapeKey(key)) {
+    cancelPrompt(state);
+    return;
+  }
+  if (key.length > 1 && promptAllowsPaste(state)) {
+    prompt.value += normalizePastedPromptText(key);
+    return;
+  }
+  if (key === "\r" || key === "\n") {
+    await submitPrompt(state, prompt.value);
+    return;
+  }
+  if (key === "\u007f" || key === "\b") {
+    prompt.value = prompt.value.slice(0, -1);
+    return;
+  }
+  if (key >= " " && key !== "\u007f") {
+    prompt.value += key;
+  }
+}
+
+function promptAllowsPaste(state: TUIState): boolean {
+  return !state.mode.endsWith("-pin") && state.mode !== "pin";
+}
+
+function cancelPrompt(state: TUIState): void {
+  state.prompt = undefined;
+  state.mode = "browse";
+  state.message = "Cancelled";
+}
+
+function isEscapeKey(value: string): boolean {
+  return value === "\u001b" || value.startsWith("\u001b");
+}
+
+function isBracketedPaste(value: string): boolean {
+  return value.startsWith("\u001b[200~") && value.endsWith("\u001b[201~");
+}
+
+function extractBracketedPaste(value: string): string {
+  return value.slice("\u001b[200~".length, -"\u001b[201~".length);
+}
+
+function normalizePastedPromptText(value: string): string {
+  return value
+    .replace(/\u001b\[200~/g, "")
+    .replace(/\u001b\[201~/g, "")
+    .replace(/[\r\n]+/g, "")
+    .replace(/[\u0000-\u0008\u000b\u000c\u000e-\u001f\u007f]/g, "");
+}
+
+async function submitPrompt(state: TUIState, value: string): Promise<void> {
+  switch (state.mode) {
+    case "vault":
+      state.vault = value.trim();
+      startPrompt(state, "pin", "YubiKey PIN", true);
+      state.message = `Unlocking ${displayVaultName(state.vault)}`;
+      return;
+    case "pin":
+      state.secrets = await loadTUISecrets(state.vault, value);
+      state.selected = clampSelection(state.selected, state.secrets);
+      state.prompt = undefined;
+      state.mode = "browse";
+      state.message = `Vault ${displayVaultName(state.vault)} unlocked`;
+      return;
+    case "switch-vault":
+      state.vault = value.trim();
+      state.secrets = [];
+      state.selected = 0;
+      startPrompt(state, "switch-pin", "YubiKey PIN", true);
+      state.message = `Switching to ${displayVaultName(state.vault)}`;
+      return;
+    case "switch-pin":
+      state.secrets = await loadTUISecrets(state.vault, value);
+      state.selected = clampSelection(0, state.secrets);
+      state.prompt = undefined;
+      state.mode = "browse";
+      state.message = `Vault ${displayVaultName(state.vault)} unlocked`;
+      return;
+    case "add-name":
+      if (!value.trim()) {
+        throw new Error("secret name is required");
+      }
+      state.pendingName = value.trim();
+      startPrompt(state, "add-value", `Value for ${state.pendingName}`, true);
+      return;
+    case "add-value":
+      if (!value) {
+        throw new Error("secret value is required");
+      }
+      state.pendingValue = value;
+      startPrompt(state, "add-pin", "YubiKey PIN", true);
+      return;
+    case "add-pin":
+      await requireOK(await request({ action: "secret.add", vault: state.vault, type: "env", name: state.pendingName, value: state.pendingValue, pin: value }));
+      await refreshAfterAction(state, value, "Secret added");
+      return;
+    case "edit-value":
+      if (!value) {
+        throw new Error("secret value is required");
+      }
+      state.pendingName = selectedSecret(state).name;
+      state.pendingValue = value;
+      startPrompt(state, "edit-pin", "YubiKey PIN", true);
+      return;
+    case "edit-pin":
+      await requireOK(await request({ action: "secret.add", vault: state.vault, type: "env", name: state.pendingName, value: state.pendingValue, pin: value }));
+      await refreshAfterAction(state, value, "Secret edited");
+      return;
+    case "delete-pin":
+      await requireOK(await request({ action: "secret.remove", vault: state.vault, name: selectedSecret(state).name, pin: value }));
+      await refreshAfterAction(state, value, "Secret deleted");
+      return;
+    case "show-pin": {
+      const secret = selectedSecret(state);
+      const response = await request({ action: "secret.read", vault: state.vault, name: secret.name, output: "plain", pin: value });
+      await requireOK(response);
+      state.prompt = undefined;
+      state.mode = "show-value";
+      state.revealedName = secret.name;
+      state.revealedValue = response.value ?? "";
+      state.message = "Press any key to hide this value";
+      return;
+    }
+    case "import-path":
+      state.pendingImportPath = value.trim() || ".env";
+      startPrompt(state, "import-pin", "YubiKey PIN", true);
+      return;
+    case "import-pin": {
+      const response = await request({
+        action: "secret.import_env",
+        vault: state.vault,
+        source_path: state.pendingImportPath,
+        cwd: process.cwd(),
+        pin: value,
+      });
+      await requireOK(response);
+      await refreshAfterAction(state, value, response.message ?? `Imported ${response.imported ?? 0} env secrets`);
+      return;
+    }
+    case "refresh-pin":
+      await refreshAfterAction(state, value, "Refreshed");
+      return;
+    default:
+      return;
+  }
+}
+
+async function refreshAfterAction(state: TUIState, pin: string, message: string): Promise<void> {
+  state.secrets = await loadTUISecrets(state.vault, pin);
+  state.selected = clampSelection(state.selected, state.secrets);
+  state.pendingName = undefined;
+  state.pendingValue = undefined;
+  state.pendingImportPath = undefined;
+  state.prompt = undefined;
+  state.mode = "browse";
+  state.message = message;
+}
+
+function renderTUI(state: TUIState, screen: TextRenderable, renderer: CliRenderer): void {
+  const width = renderer.terminalWidth || process.stdout.columns || 100;
+  const height = renderer.terminalHeight || process.stdout.rows || 30;
+  const bodyHeight = Math.max(4, height - 8);
+  const lines: string[] = [];
+  const nameWidth = Math.max(16, width - 42);
+  lines.push(padRight(` Eldlock   Vault ${displayVaultName(state.vault)}   ${state.secrets.length} secrets`, width));
+  lines.push(fillLine(width, "─"));
+  lines.push(`${padRight(" ", 3)}${padRight("TYPE", 8)} ${padRight("SECRET", nameWidth)} VALUE`);
+
+  if (state.secrets.length === 0) {
+    lines.push("");
+    lines.push("  No secrets in this vault");
+  } else {
+    const windowStart = selectionWindowStart(state.selected, state.secrets.length, bodyHeight);
+    const visible = state.secrets.slice(windowStart, windowStart + bodyHeight);
+    for (let offset = 0; offset < visible.length; offset += 1) {
+      const index = windowStart + offset;
+      const secret = state.secrets[index];
+      const selected = index === state.selected;
+      const prefix = selected ? "›" : " ";
+      const row = `${padRight(prefix, 3)}${padRight(secret.type, 8)} ${padRight(truncate(secret.name, nameWidth), nameWidth)} **********`;
+      lines.push(selected ? `${row}  selected` : row);
+    }
+  }
+
+  while (lines.length < height - 3) {
+    lines.push("");
+  }
+
+  lines.push(fillLine(width, "─"));
+  lines.push(truncatePrintable(` ${state.message}`, width));
+  lines.push(truncatePrintable(" a add   d delete   s show   e edit   i import   v vault   r refresh   ↑/↓ or j/k move   q quit", width));
+
+  if (state.mode === "show-value") {
+    drawModal(lines, width, height, {
+      title: `Showing ${state.revealedName ?? "secret"}`,
+      body: [state.revealedValue ?? ""],
+      footer: "Press any key to hide",
+      tone: "secret",
+    });
+  } else if (state.prompt) {
+    const value = state.prompt.hidden ? "•".repeat(state.prompt.value.length) : state.prompt.value;
+    drawModal(lines, width, height, {
+      title: state.prompt.title,
+      body: [...state.prompt.help, "", `${state.prompt.label}`, `${value}_`],
+      footer: "Enter submit   Esc cancel",
+      tone: state.prompt.tone,
+    });
+  }
+
+  screen.content = lines.slice(0, height).map((line) => truncatePrintable(line, width)).join("\n");
+  renderer.requestRender();
+}
+
+function startPrompt(state: TUIState, mode: TUIMode, label: string, hidden: boolean): void {
+  state.mode = mode;
+  state.prompt = {
+    label,
+    value: "",
+    hidden,
+    ...promptPresentation(mode, state),
+  };
+}
+
+function selectedSecret(state: TUIState): { name: string; type: SecretType } {
+  requireSelectedSecret(state);
+  return state.secrets[state.selected];
+}
+
+function requireSelectedSecret(state: TUIState): void {
+  if (state.secrets.length === 0) {
+    throw new Error("No selected secret");
+  }
+}
+
+function moveSelection(state: TUIState, delta: number): void {
+  state.selected = clampSelection(state.selected + delta, state.secrets);
+  state.message = state.secrets[state.selected]?.name ?? "No secrets";
+}
+
+function clampSelection(selected: number, secrets: Array<{ name: string }>): number {
+  if (secrets.length === 0) {
+    return 0;
+  }
+  return Math.max(0, Math.min(selected, secrets.length - 1));
+}
+
+type ModalOptions = {
+  title: string;
+  body: string[];
+  footer: string;
+  tone: "neutral" | "danger" | "secret";
+};
+
+function drawModal(lines: string[], width: number, height: number, modal: ModalOptions): void {
+  const modalWidth = Math.min(Math.max(46, Math.floor(width * 0.62)), Math.max(28, width - 4));
+  const wrappedBody = modal.body.flatMap((line) => wrapLine(line, modalWidth - 6));
+  const modalHeight = Math.min(height - 4, Math.max(8, wrappedBody.length + 5));
+  const top = Math.max(1, Math.floor((height - modalHeight) / 2));
+  const left = Math.max(0, Math.floor((width - modalWidth) / 2));
+  const title = ` ${modal.title} `;
+  const borderChar = modal.tone === "danger" ? "!" : "─";
+  const topBorder = `┌${centerText(title, modalWidth - 2, borderChar)}┐`;
+  const bottomBorder = `└${fillLine(modalWidth - 2, "─")}┘`;
+
+  const modalLines = [
+    topBorder,
+    ...wrappedBody.slice(0, modalHeight - 4).map((line) => `│ ${padRight(truncate(line, modalWidth - 4), modalWidth - 4)} │`),
+    `│ ${padRight("", modalWidth - 4)} │`,
+    `│ ${padRight(truncate(modal.footer, modalWidth - 4), modalWidth - 4)} │`,
+    bottomBorder,
+  ];
+
+  for (let row = 0; row < modalLines.length && top + row < height; row += 1) {
+    const existing = lines[top + row] ?? "";
+    const padded = truncatePrintable(existing, width).split("");
+    const modalLine = modalLines[row];
+    for (let column = 0; column < modalLine.length && left + column < width; column += 1) {
+      padded[left + column] = modalLine[column];
+    }
+    lines[top + row] = padded.join("");
+  }
+}
+
+function promptPresentation(mode: TUIMode, state: TUIState): Pick<TUIPrompt, "title" | "help" | "tone"> {
+  const selected = state.secrets[state.selected]?.name;
+  switch (mode) {
+    case "vault":
+      return {
+        title: "Open Vault",
+        help: ["Type the vault name to enter.", "Leave it blank to use the default vault."],
+        tone: "neutral",
+      };
+    case "pin":
+    case "switch-pin":
+    case "refresh-pin":
+      return {
+        title: "YubiKey PIN",
+        help: [`Unlock ${displayVaultName(state.vault)} with your YubiKey.`],
+        tone: "secret",
+      };
+    case "switch-vault":
+      return {
+        title: "Switch Vault",
+        help: ["Type another vault name to enter.", "Leave it blank to use the default vault."],
+        tone: "neutral",
+      };
+    case "add-name":
+      return {
+        title: "Add Secret",
+        help: ["Choose a name for the new secret.", "The value and PIN confirmation come next."],
+        tone: "neutral",
+      };
+    case "add-value":
+      return {
+        title: `Value for ${state.pendingName ?? "secret"}`,
+        help: ["Paste or type the value.", "It is hidden while you enter it."],
+        tone: "secret",
+      };
+    case "add-pin":
+      return {
+        title: "Confirm Add",
+        help: [`Use your YubiKey PIN to add ${state.pendingName ?? "this secret"}.`],
+        tone: "secret",
+      };
+    case "edit-value":
+      return {
+        title: `Edit ${selected ?? "secret"}`,
+        help: ["Enter the replacement value.", "The selected secret name stays unchanged."],
+        tone: "secret",
+      };
+    case "edit-pin":
+      return {
+        title: "Confirm Edit",
+        help: [`Use your YubiKey PIN to update ${state.pendingName ?? selected ?? "this secret"}.`],
+        tone: "secret",
+      };
+    case "delete-pin":
+      return {
+        title: `Delete ${selected ?? "secret"}`,
+        help: ["This removes the selected secret from the vault.", "Enter your YubiKey PIN to confirm."],
+        tone: "danger",
+      };
+    case "show-pin":
+      return {
+        title: `Show ${selected ?? "secret"}`,
+        help: ["This will reveal the selected value on screen.", "Enter your YubiKey PIN to continue."],
+        tone: "secret",
+      };
+    case "import-path":
+      return {
+        title: "Import .env",
+        help: ["Import env variables into the current vault.", "The daemon reads and parses the file."],
+        tone: "neutral",
+      };
+    case "import-pin":
+      return {
+        title: "Confirm Import",
+        help: [`Use your YubiKey PIN to import ${state.pendingImportPath ?? ".env"}.`],
+        tone: "secret",
+      };
+    default:
+      return {
+        title: "Eldlock",
+        help: [],
+        tone: "neutral",
+      };
+  }
+}
+
+function selectionWindowStart(selected: number, total: number, visible: number): number {
+  if (total <= visible) {
+    return 0;
+  }
+  const half = Math.floor(visible / 2);
+  return Math.max(0, Math.min(selected - half, total - visible));
+}
+
+function wrapLine(value: string, width: number): string[] {
+  if (!value) {
+    return [""];
+  }
+  const words = value.split(" ");
+  const lines: string[] = [];
+  let current = "";
+  for (const word of words) {
+    if (!current) {
+      current = word;
+      continue;
+    }
+    if (`${current} ${word}`.length > width) {
+      lines.push(current);
+      current = word;
+    } else {
+      current = `${current} ${word}`;
+    }
+  }
+  lines.push(current);
+  return lines.flatMap((line) => line.length <= width ? [line] : chunkLine(line, width));
+}
+
+function chunkLine(value: string, width: number): string[] {
+  const chunks: string[] = [];
+  for (let index = 0; index < value.length; index += width) {
+    chunks.push(value.slice(index, index + width));
+  }
+  return chunks;
+}
+
+function centerText(value: string, size: number, fill: string): string {
+  if (value.length >= size) {
+    return truncate(value, size);
+  }
+  const left = Math.floor((size - value.length) / 2);
+  const right = size - value.length - left;
+  return fill.repeat(left) + value + fill.repeat(right);
+}
+
+function fillLine(width: number, char: string): string {
+  return char.repeat(Math.max(0, width));
+}
+
+function displayVaultName(vault: string): string {
+  return vault.trim() || "default";
+}
+
+type OpenTUIInput = {
+  read(): Promise<string>;
+  destroy(): void;
+};
+
+function createOpenTUIInput(renderer: CliRenderer): OpenTUIInput {
+  const queue: string[] = [];
+  let waiter: ((value: string) => void) | undefined;
+
+  const push = (value: string): void => {
+    if (!value) {
+      return;
+    }
+    if (waiter) {
+      const resolve = waiter;
+      waiter = undefined;
+      resolve(value);
+      return;
+    }
+    queue.push(value);
+  };
+
+  const keyHandler = (key: { sequence?: string; raw?: string }): void => {
+    push(key.sequence ?? key.raw ?? "");
+  };
+  const pasteHandler = (event: { bytes: Uint8Array }): void => {
+    push(`\u001b[200~${decodePasteBytes(event.bytes)}\u001b[201~`);
+  };
+
+  renderer.keyInput.on("keypress", keyHandler);
+  renderer.keyInput.on("paste", pasteHandler);
+
+  return {
+    read(): Promise<string> {
+      const next = queue.shift();
+      if (next !== undefined) {
+        return Promise.resolve(next);
+      }
+      return new Promise((resolve) => {
+        waiter = resolve;
+      });
+    },
+    destroy(): void {
+      renderer.keyInput.off("keypress", keyHandler);
+      renderer.keyInput.off("paste", pasteHandler);
+      if (waiter) {
+        const resolve = waiter;
+        waiter = undefined;
+        resolve("\u0003");
+      }
+    },
+  };
+}
+
+function decodePasteBytes(bytes: Uint8Array): string {
+  return Buffer.from(bytes).toString("utf8");
+}
+
+function padRight(value: string, size: number): string {
+  return value.length >= size ? value : value + " ".repeat(size - value.length);
+}
+
+function truncate(value: string, size: number): string {
+  return value.length <= size ? value : value.slice(0, size - 1) + ".";
+}
+
+function truncatePrintable(value: string, size: number): string {
+  return value.length <= size ? value.padEnd(size) : value.slice(0, size);
+}

package/eldlock-cli/tsconfig.json

@@ -0,0 +1,13 @@
+{
+  "compilerOptions": {
+    "target": "ES2022",
+    "module": "NodeNext",
+    "moduleResolution": "NodeNext",
+    "strict": true,
+    "outDir": "dist",
+    "rootDir": "src",
+    "skipLibCheck": true
+  },
+  "include": ["src/**/*.ts"]
+}
+