@suronai/cli 0.1.2

package/README.md

@@ -0,0 +1,47 @@
+# @suronai/cli
+
+CLI for Suron — link your Telegram account and manage secrets.
+
+## Install
+
+```bash
+npm install -g @suronai/cli
+```
+
+## Setup
+
+Set your Convex deployment URL:
+
+```bash
+export SURON_API_URL=https://your-deployment.convex.site
+```
+
+## Commands
+
+### `suron login`
+Links your Telegram account. Opens a Telegram bot URL, tap Start. Saves `VAULT_API_KEY` to `~/.suron`.
+
+### `suron init`
+Run inside your project directory. Encrypts `.env` with dotenvx, registers your app in Convex, stores the private key encrypted under your `MASTER_KEY`, deletes `.env.keys`, writes `.suron.json`.
+
+```bash
+cd my-project
+suron init
+# or with explicit name:
+suron init --name my-project
+```
+
+### `suron whoami`
+Prints your linked Telegram username.
+
+### `suron rotate`
+Re-encrypts `.env` with a new private key, updates Convex, deletes `.env.keys`.
+
+## Files
+
+| File | Commit? | Notes |
+|---|---|---|
+| `.suron.json` | yes | app name + id |
+| `.env` | yes | encrypted by dotenvx |
+| `~/.suron` | no | your API key |
+| `.env.keys` | no | deleted by suron init |

package/dist/commands/init.d.ts

@@ -0,0 +1,2 @@
+import { Command } from "commander";
+export declare const initCommand: Command;

package/dist/commands/init.js

@@ -0,0 +1,77 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.initCommand = void 0;
+const commander_1 = require("commander");
+const fs_1 = require("fs");
+const path_1 = require("path");
+const config_1 = require("../utils/config");
+const dotenvx_1 = require("../utils/dotenvx");
+exports.initCommand = new commander_1.Command("init")
+    .description("Encrypt .env and register this app with Suron")
+    .option("--name <name>", "App name (defaults to current directory name)")
+    .action(async (opts) => {
+    const cwd = process.cwd();
+    const apiKey = (0, config_1.requireApiKey)();
+    const apiUrl = (0, config_1.getApiUrl)();
+    // 1. Check .env exists
+    if (!(0, fs_1.existsSync)((0, path_1.join)(cwd, ".env"))) {
+        console.error("error: .env not found in current directory");
+        console.error("       Create a .env file first, then run: suron init");
+        process.exit(1);
+    }
+    const appName = opts.name ?? require("path").basename(cwd) ?? "my-project";
+    console.log(`[suron] Encrypting .env with dotenvx...`);
+    // 2. Encrypt .env → produces encrypted .env + .env.keys
+    try {
+        (0, dotenvx_1.encryptDotenv)(cwd);
+    }
+    catch (err) {
+        console.error(`error: dotenvx encryption failed: ${err}`);
+        process.exit(1);
+    }
+    // 3. Read private key from .env.keys
+    let privateKey;
+    try {
+        privateKey = (0, dotenvx_1.readPrivateKey)(cwd);
+    }
+    catch (err) {
+        console.error(`error: ${err}`);
+        process.exit(1);
+    }
+    console.log("[suron] Registering app...");
+    // 4. Register app in Convex — backend encrypts privateKey with MASTER_KEY
+    let res;
+    try {
+        res = await fetch(`${apiUrl}/cli/register-app`, {
+            method: "POST",
+            headers: {
+                "Content-Type": "application/json",
+                Authorization: `Bearer ${apiKey}`,
+            },
+            body: JSON.stringify({ name: appName, private_key: privateKey }),
+        });
+    }
+    catch (err) {
+        console.error(`error: could not reach Suron API: ${err}`);
+        process.exit(1);
+    }
+    if (!res.ok) {
+        const text = await res.text().catch(() => "");
+        console.error(`error: register-app failed (${res.status}): ${text}`);
+        process.exit(1);
+    }
+    const data = (await res.json());
+    // 5. Delete .env.keys — private key now lives encrypted in Convex
+    (0, dotenvx_1.deleteKeysFile)(cwd);
+    // 6. Write .suron.json
+    const suronJson = { app: appName, id: data.app_id };
+    (0, fs_1.writeFileSync)((0, path_1.join)(cwd, ".suron.json"), JSON.stringify(suronJson, null, 2) + "\n", "utf-8");
+    console.log(`[suron] Done.`);
+    console.log(`        .env is encrypted — safe to commit`);
+    console.log(`        .env.keys deleted`);
+    console.log(`        .suron.json written — safe to commit`);
+    console.log(`\n  Next: add to your app entry point:`);
+    console.log(`    import { vault } from '@suronai/sdk'`);
+    console.log(`    await vault()\n`);
+});
+//# sourceMappingURL=init.js.map

package/dist/commands/init.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"init.js","sourceRoot":"","sources":["../../src/commands/init.ts"],"names":[],"mappings":";;;AAAA,yCAAoC;AACpC,2BAA+C;AAC/C,+BAA4B;AAC5B,4CAA2D;AAC3D,8CAAiF;AAEpE,QAAA,WAAW,GAAG,IAAI,mBAAO,CAAC,MAAM,CAAC;KAC3C,WAAW,CAAC,+CAA+C,CAAC;KAC5D,MAAM,CAAC,eAAe,EAAE,+CAA+C,CAAC;KACxE,MAAM,CAAC,KAAK,EAAE,IAAuB,EAAE,EAAE;IACxC,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;IAC1B,MAAM,MAAM,GAAG,IAAA,sBAAa,GAAE,CAAC;IAC/B,MAAM,MAAM,GAAG,IAAA,kBAAS,GAAE,CAAC;IAE3B,uBAAuB;IACvB,IAAI,CAAC,IAAA,eAAU,EAAC,IAAA,WAAI,EAAC,GAAG,EAAE,MAAM,CAAC,CAAC,EAAE,CAAC;QACnC,OAAO,CAAC,KAAK,CAAC,4CAA4C,CAAC,CAAC;QAC5D,OAAO,CAAC,KAAK,CAAC,uDAAuD,CAAC,CAAC;QACvE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,OAAO,GACX,IAAI,CAAC,IAAI,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,YAAY,CAAC;IAE7D,OAAO,CAAC,GAAG,CAAC,yCAAyC,CAAC,CAAC;IAEvD,wDAAwD;IACxD,IAAI,CAAC;QACH,IAAA,uBAAa,EAAC,GAAG,CAAC,CAAC;IACrB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,qCAAqC,GAAG,EAAE,CAAC,CAAC;QAC1D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,qCAAqC;IACrC,IAAI,UAAkB,CAAC;IACvB,IAAI,CAAC;QACH,UAAU,GAAG,IAAA,wBAAc,EAAC,GAAG,CAAC,CAAC;IACnC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,UAAU,GAAG,EAAE,CAAC,CAAC;QAC/B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,4BAA4B,CAAC,CAAC;IAE1C,0EAA0E;IAC1E,IAAI,GAAa,CAAC;IAClB,IAAI,CAAC;QACH,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,MAAM,mBAAmB,EAAE;YAC9C,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,aAAa,EAAE,UAAU,MAAM,EAAE;aAClC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,CAAC;SACjE,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,qCAAqC,GAAG,EAAE,CAAC,CAAC;QAC1D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;QAC9C,OAAO,CAAC,KAAK,CAAC,+BAA+B,GAAG,CAAC,MAAM,MAAM,IAAI,EAAE,CAAC,CAAC;QACrE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAuB,CAAC;IAEtD,kEAAkE;IAClE,IAAA,wBAAc,EAAC,GAAG,CAAC,CAAC;IAEpB,uBAAuB;IACvB,MAAM,SAAS,GAAG,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC;IACpD,IAAA,kBAAa,EACX,IAAA,WAAI,EAAC,GAAG,EAAE,aAAa,CAAC,EACxB,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,EACzC,OAAO,CACR,CAAC;IAEF,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;IAC7B,OAAO,CAAC,GAAG,CAAC,4CAA4C,CAAC,CAAC;IAC1D,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAC;IACzC,OAAO,CAAC,GAAG,CAAC,8CAA8C,CAAC,CAAC;IAC5D,OAAO,CAAC,GAAG,CAAC,wCAAwC,CAAC,CAAC;IACtD,OAAO,CAAC,GAAG,CAAC,0CAA0C,CAAC,CAAC;IACxD,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;AACrC,CAAC,CAAC,CAAC"}

package/dist/commands/login.d.ts

@@ -0,0 +1,2 @@
+import { Command } from "commander";
+export declare const loginCommand: Command;

package/dist/commands/login.js

@@ -0,0 +1,61 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.loginCommand = void 0;
+const commander_1 = require("commander");
+const child_process_1 = require("child_process");
+const config_1 = require("../utils/config");
+exports.loginCommand = new commander_1.Command("login")
+    .description("Link your Telegram account to Suron")
+    .action(async () => {
+    const apiUrl = (0, config_1.getApiUrl)();
+    console.log("[suron] Starting login flow...");
+    // Step 1: Request a one-time login token from the backend
+    let res;
+    try {
+        res = await fetch(`${apiUrl}/cli/start-login`, { method: "POST" });
+    }
+    catch (err) {
+        console.error(`error: could not reach Suron API at ${apiUrl}`);
+        console.error(`       Check that SURON_API_URL is correct.`);
+        process.exit(1);
+    }
+    if (!res.ok) {
+        const text = await res.text().catch(() => "");
+        console.error(`error: /cli/start-login failed (${res.status}): ${text}`);
+        process.exit(1);
+    }
+    const data = (await res.json());
+    const telegramUrl = `https://t.me/${data.bot_username}?start=${data.token}`;
+    console.log(`\n  Open Telegram and tap Start:\n  ${telegramUrl}\n`);
+    // Try to open browser automatically (best effort, ignore errors)
+    const opener = process.platform === "win32" ? "start" :
+        process.platform === "darwin" ? "open" : "xdg-open";
+    (0, child_process_1.exec)(`${opener} "${telegramUrl}"`);
+    // Step 2: Poll until Telegram confirms the link
+    console.log("[suron] Waiting for Telegram confirmation...");
+    const deadline = Date.now() + 120000; // 2 minute timeout
+    while (Date.now() < deadline) {
+        await sleep(2000);
+        let statusRes;
+        try {
+            statusRes = await fetch(`${apiUrl}/cli/login-status?token=${encodeURIComponent(data.token)}`);
+        }
+        catch {
+            continue;
+        }
+        if (!statusRes.ok)
+            continue;
+        const status = (await statusRes.json());
+        if (status.confirmed && status.api_key) {
+            (0, config_1.saveApiKey)(status.api_key);
+            console.log("[suron] Logged in. Credentials saved to ~/.suron");
+            return;
+        }
+    }
+    console.error("error: login timed out. Run: suron login");
+    process.exit(1);
+});
+function sleep(ms) {
+    return new Promise((r) => setTimeout(r, ms));
+}
+//# sourceMappingURL=login.js.map

package/dist/commands/login.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"login.js","sourceRoot":"","sources":["../../src/commands/login.ts"],"names":[],"mappings":";;;AAAA,yCAAoC;AACpC,iDAAqC;AACrC,4CAAwD;AAE3C,QAAA,YAAY,GAAG,IAAI,mBAAO,CAAC,OAAO,CAAC;KAC7C,WAAW,CAAC,qCAAqC,CAAC;KAClD,MAAM,CAAC,KAAK,IAAI,EAAE;IACjB,MAAM,MAAM,GAAG,IAAA,kBAAS,GAAE,CAAC;IAE3B,OAAO,CAAC,GAAG,CAAC,gCAAgC,CAAC,CAAC;IAE9C,0DAA0D;IAC1D,IAAI,GAAa,CAAC;IAClB,IAAI,CAAC;QACH,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,MAAM,kBAAkB,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;IACrE,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,uCAAuC,MAAM,EAAE,CAAC,CAAC;QAC/D,OAAO,CAAC,KAAK,CAAC,6CAA6C,CAAC,CAAC;QAC7D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;QAC9C,OAAO,CAAC,KAAK,CAAC,mCAAmC,GAAG,CAAC,MAAM,MAAM,IAAI,EAAE,CAAC,CAAC;QACzE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAI7B,CAAC;IAEF,MAAM,WAAW,GAAG,gBAAgB,IAAI,CAAC,YAAY,UAAU,IAAI,CAAC,KAAK,EAAE,CAAC;IAC5E,OAAO,CAAC,GAAG,CAAC,uCAAuC,WAAW,IAAI,CAAC,CAAC;IAEpE,iEAAiE;IACjE,MAAM,MAAM,GACV,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;QACxC,OAAO,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC;IACtD,IAAA,oBAAI,EAAC,GAAG,MAAM,KAAK,WAAW,GAAG,CAAC,CAAC;IAEnC,gDAAgD;IAChD,OAAO,CAAC,GAAG,CAAC,8CAA8C,CAAC,CAAC;IAC5D,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,MAAO,CAAC,CAAC,mBAAmB;IAE1D,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,EAAE,CAAC;QAC7B,MAAM,KAAK,CAAC,IAAI,CAAC,CAAC;QAElB,IAAI,SAAmB,CAAC;QACxB,IAAI,CAAC;YACH,SAAS,GAAG,MAAM,KAAK,CACrB,GAAG,MAAM,2BAA2B,kBAAkB,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CACrE,CAAC;QACJ,CAAC;QAAC,MAAM,CAAC;YACP,SAAS;QACX,CAAC;QAED,IAAI,CAAC,SAAS,CAAC,EAAE;YAAE,SAAS;QAE5B,MAAM,MAAM,GAAG,CAAC,MAAM,SAAS,CAAC,IAAI,EAAE,CAGrC,CAAC;QAEF,IAAI,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACvC,IAAA,mBAAU,EAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YAC3B,OAAO,CAAC,GAAG,CAAC,kDAAkD,CAAC,CAAC;YAChE,OAAO;QACT,CAAC;IACH,CAAC;IAED,OAAO,CAAC,KAAK,CAAC,0CAA0C,CAAC,CAAC;IAC1D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC;AAEL,SAAS,KAAK,CAAC,EAAU;IACvB,OAAO,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;AAC/C,CAAC"}

package/dist/commands/rotate.d.ts

@@ -0,0 +1,2 @@
+import { Command } from "commander";
+export declare const rotateCommand: Command;

package/dist/commands/rotate.js

@@ -0,0 +1,83 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.rotateCommand = void 0;
+const commander_1 = require("commander");
+const fs_1 = require("fs");
+const path_1 = require("path");
+const config_1 = require("../utils/config");
+const dotenvx_1 = require("../utils/dotenvx");
+exports.rotateCommand = new commander_1.Command("rotate")
+    .description("Re-encrypt .env with a new private key and update Suron")
+    .action(async () => {
+    const cwd = process.cwd();
+    const apiKey = (0, config_1.requireApiKey)();
+    const apiUrl = (0, config_1.getApiUrl)();
+    // 1. Read existing .suron.json
+    const suronJsonPath = (0, path_1.join)(cwd, ".suron.json");
+    if (!(0, fs_1.existsSync)(suronJsonPath)) {
+        console.error("error: .suron.json not found. Run: suron init first");
+        process.exit(1);
+    }
+    let suronConfig;
+    try {
+        suronConfig = JSON.parse((0, fs_1.readFileSync)(suronJsonPath, "utf-8"));
+    }
+    catch {
+        console.error("error: .suron.json is malformed");
+        process.exit(1);
+    }
+    // 2. Check .env exists
+    if (!(0, fs_1.existsSync)((0, path_1.join)(cwd, ".env"))) {
+        console.error("error: .env not found");
+        process.exit(1);
+    }
+    console.log("[suron] Re-encrypting .env with a new private key...");
+    // 3. Re-encrypt — dotenvx generates a new private key
+    try {
+        (0, dotenvx_1.encryptDotenv)(cwd);
+    }
+    catch (err) {
+        console.error(`error: dotenvx encryption failed: ${err}`);
+        process.exit(1);
+    }
+    // 4. Read new private key
+    let newPrivateKey;
+    try {
+        newPrivateKey = (0, dotenvx_1.readPrivateKey)(cwd);
+    }
+    catch (err) {
+        console.error(`error: ${err}`);
+        process.exit(1);
+    }
+    console.log("[suron] Updating private key in Suron...");
+    // 5. Send new private key to Convex (backend encrypts it with MASTER_KEY)
+    let res;
+    try {
+        res = await fetch(`${apiUrl}/cli/rotate-key`, {
+            method: "POST",
+            headers: {
+                "Content-Type": "application/json",
+                Authorization: `Bearer ${apiKey}`,
+            },
+            body: JSON.stringify({
+                app_id: suronConfig.id,
+                private_key: newPrivateKey,
+            }),
+        });
+    }
+    catch (err) {
+        console.error(`error: could not reach Suron API: ${err}`);
+        process.exit(1);
+    }
+    if (!res.ok) {
+        const text = await res.text().catch(() => "");
+        console.error(`error: rotate-key failed (${res.status}): ${text}`);
+        process.exit(1);
+    }
+    // 6. Delete .env.keys
+    (0, dotenvx_1.deleteKeysFile)(cwd);
+    console.log("[suron] Key rotated.");
+    console.log("        .env re-encrypted — safe to commit");
+    console.log("        .env.keys deleted");
+});
+//# sourceMappingURL=rotate.js.map

package/dist/commands/rotate.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rotate.js","sourceRoot":"","sources":["../../src/commands/rotate.ts"],"names":[],"mappings":";;;AAAA,yCAAoC;AACpC,2BAA8C;AAC9C,+BAA4B;AAC5B,4CAA2D;AAC3D,8CAAiF;AAEpE,QAAA,aAAa,GAAG,IAAI,mBAAO,CAAC,QAAQ,CAAC;KAC/C,WAAW,CAAC,yDAAyD,CAAC;KACtE,MAAM,CAAC,KAAK,IAAI,EAAE;IACjB,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;IAC1B,MAAM,MAAM,GAAG,IAAA,sBAAa,GAAE,CAAC;IAC/B,MAAM,MAAM,GAAG,IAAA,kBAAS,GAAE,CAAC;IAE3B,+BAA+B;IAC/B,MAAM,aAAa,GAAG,IAAA,WAAI,EAAC,GAAG,EAAE,aAAa,CAAC,CAAC;IAC/C,IAAI,CAAC,IAAA,eAAU,EAAC,aAAa,CAAC,EAAE,CAAC;QAC/B,OAAO,CAAC,KAAK,CAAC,qDAAqD,CAAC,CAAC;QACrE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,IAAI,WAAwC,CAAC;IAC7C,IAAI,CAAC;QACH,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,IAAA,iBAAY,EAAC,aAAa,EAAE,OAAO,CAAC,CAAC,CAAC;IACjE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,KAAK,CAAC,iCAAiC,CAAC,CAAC;QACjD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,uBAAuB;IACvB,IAAI,CAAC,IAAA,eAAU,EAAC,IAAA,WAAI,EAAC,GAAG,EAAE,MAAM,CAAC,CAAC,EAAE,CAAC;QACnC,OAAO,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC;QACvC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,sDAAsD,CAAC,CAAC;IAEpE,sDAAsD;IACtD,IAAI,CAAC;QACH,IAAA,uBAAa,EAAC,GAAG,CAAC,CAAC;IACrB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,qCAAqC,GAAG,EAAE,CAAC,CAAC;QAC1D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,0BAA0B;IAC1B,IAAI,aAAqB,CAAC;IAC1B,IAAI,CAAC;QACH,aAAa,GAAG,IAAA,wBAAc,EAAC,GAAG,CAAC,CAAC;IACtC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,UAAU,GAAG,EAAE,CAAC,CAAC;QAC/B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,0CAA0C,CAAC,CAAC;IAExD,0EAA0E;IAC1E,IAAI,GAAa,CAAC;IAClB,IAAI,CAAC;QACH,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,MAAM,iBAAiB,EAAE;YAC5C,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,aAAa,EAAE,UAAU,MAAM,EAAE;aAClC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,MAAM,EAAE,WAAW,CAAC,EAAE;gBACtB,WAAW,EAAE,aAAa;aAC3B,CAAC;SACH,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,qCAAqC,GAAG,EAAE,CAAC,CAAC;QAC1D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;QAC9C,OAAO,CAAC,KAAK,CAAC,6BAA6B,GAAG,CAAC,MAAM,MAAM,IAAI,EAAE,CAAC,CAAC;QACnE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,sBAAsB;IACtB,IAAA,wBAAc,EAAC,GAAG,CAAC,CAAC;IAEpB,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;IACpC,OAAO,CAAC,GAAG,CAAC,4CAA4C,CAAC,CAAC;IAC1D,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAC;AAC3C,CAAC,CAAC,CAAC"}

package/dist/commands/whoami.d.ts

@@ -0,0 +1,2 @@
+import { Command } from "commander";
+export declare const whoamiCommand: Command;

package/dist/commands/whoami.js

@@ -0,0 +1,38 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.whoamiCommand = void 0;
+const commander_1 = require("commander");
+const config_1 = require("../utils/config");
+exports.whoamiCommand = new commander_1.Command("whoami")
+    .description("Show your linked Telegram account and app info")
+    .action(async () => {
+    const apiKey = (0, config_1.requireApiKey)();
+    const apiUrl = (0, config_1.getApiUrl)();
+    let res;
+    try {
+        res = await fetch(`${apiUrl}/cli/whoami`, {
+            method: "POST",
+            headers: {
+                "Content-Type": "application/json",
+                Authorization: `Bearer ${apiKey}`,
+            },
+        });
+    }
+    catch (err) {
+        console.error(`error: could not reach Suron API: ${err}`);
+        process.exit(1);
+    }
+    if (res.status === 401) {
+        console.error("error: invalid API key. Run: suron login");
+        process.exit(1);
+    }
+    if (!res.ok) {
+        const text = await res.text().catch(() => "");
+        console.error(`error: whoami failed (${res.status}): ${text}`);
+        process.exit(1);
+    }
+    const data = (await res.json());
+    console.log(`telegram: @${data.telegram_username}`);
+    console.log(`id:       ${data.telegram_id}`);
+});
+//# sourceMappingURL=whoami.js.map

package/dist/commands/whoami.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"whoami.js","sourceRoot":"","sources":["../../src/commands/whoami.ts"],"names":[],"mappings":";;;AAAA,yCAAoC;AACpC,4CAA2D;AAE9C,QAAA,aAAa,GAAG,IAAI,mBAAO,CAAC,QAAQ,CAAC;KAC/C,WAAW,CAAC,gDAAgD,CAAC;KAC7D,MAAM,CAAC,KAAK,IAAI,EAAE;IACjB,MAAM,MAAM,GAAG,IAAA,sBAAa,GAAE,CAAC;IAC/B,MAAM,MAAM,GAAG,IAAA,kBAAS,GAAE,CAAC;IAE3B,IAAI,GAAa,CAAC;IAClB,IAAI,CAAC;QACH,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,MAAM,aAAa,EAAE;YACxC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,aAAa,EAAE,UAAU,MAAM,EAAE;aAClC;SACF,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,qCAAqC,GAAG,EAAE,CAAC,CAAC;QAC1D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;QACvB,OAAO,CAAC,KAAK,CAAC,0CAA0C,CAAC,CAAC;QAC1D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;QAC9C,OAAO,CAAC,KAAK,CAAC,yBAAyB,GAAG,CAAC,MAAM,MAAM,IAAI,EAAE,CAAC,CAAC;QAC/D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAG7B,CAAC;IAEF,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,CAAC,iBAAiB,EAAE,CAAC,CAAC;IACpD,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;AAC/C,CAAC,CAAC,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};

package/dist/index.js

@@ -0,0 +1,19 @@
+#!/usr/bin/env node
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const commander_1 = require("commander");
+const login_1 = require("./commands/login");
+const init_1 = require("./commands/init");
+const whoami_1 = require("./commands/whoami");
+const rotate_1 = require("./commands/rotate");
+const program = new commander_1.Command();
+program
+    .name("suron")
+    .description("Secrets delivery with Telegram approval")
+    .version("0.1.0");
+program.addCommand(login_1.loginCommand);
+program.addCommand(init_1.initCommand);
+program.addCommand(whoami_1.whoamiCommand);
+program.addCommand(rotate_1.rotateCommand);
+program.parse(process.argv);
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;AACA,yCAAoC;AACpC,4CAAgD;AAChD,0CAA8C;AAC9C,8CAAkD;AAClD,8CAAkD;AAElD,MAAM,OAAO,GAAG,IAAI,mBAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,OAAO,CAAC;KACb,WAAW,CAAC,yCAAyC,CAAC;KACtD,OAAO,CAAC,OAAO,CAAC,CAAC;AAEpB,OAAO,CAAC,UAAU,CAAC,oBAAY,CAAC,CAAC;AACjC,OAAO,CAAC,UAAU,CAAC,kBAAW,CAAC,CAAC;AAChC,OAAO,CAAC,UAAU,CAAC,sBAAa,CAAC,CAAC;AAClC,OAAO,CAAC,UAAU,CAAC,sBAAa,CAAC,CAAC;AAElC,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC"}

package/dist/utils/config.d.ts

@@ -0,0 +1,4 @@
+export declare function getApiKey(): string | null;
+export declare function saveApiKey(key: string): void;
+export declare function requireApiKey(): string;
+export declare function getApiUrl(): string;

package/dist/utils/config.js

@@ -0,0 +1,42 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getApiKey = getApiKey;
+exports.saveApiKey = saveApiKey;
+exports.requireApiKey = requireApiKey;
+exports.getApiUrl = getApiUrl;
+const os_1 = require("os");
+const path_1 = require("path");
+const fs_1 = require("fs");
+const CONFIG_PATH = (0, path_1.join)((0, os_1.homedir)(), ".suron");
+function getApiKey() {
+    if (!(0, fs_1.existsSync)(CONFIG_PATH))
+        return null;
+    try {
+        const content = (0, fs_1.readFileSync)(CONFIG_PATH, "utf-8");
+        const match = content.match(/VAULT_API_KEY=(.+)/);
+        return match?.[1]?.trim() ?? null;
+    }
+    catch {
+        return null;
+    }
+}
+function saveApiKey(key) {
+    (0, fs_1.writeFileSync)(CONFIG_PATH, `VAULT_API_KEY=${key}\n`, { mode: 0o600 });
+}
+function requireApiKey() {
+    const key = getApiKey();
+    if (!key) {
+        console.error("error: not logged in. Run: suron login");
+        process.exit(1);
+    }
+    return key;
+}
+function getApiUrl() {
+    const url = process.env.SURON_API_URL?.replace(/\/$/, "");
+    if (!url) {
+        console.error("error: SURON_API_URL is not set. Export your Convex deployment URL.");
+        process.exit(1);
+    }
+    return url;
+}
+//# sourceMappingURL=config.js.map

package/dist/utils/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/utils/config.ts"],"names":[],"mappings":";;AAMA,8BASC;AAED,gCAEC;AAED,sCAOC;AAED,8BASC;AAvCD,2BAA6B;AAC7B,+BAA4B;AAC5B,2BAA6D;AAE7D,MAAM,WAAW,GAAG,IAAA,WAAI,EAAC,IAAA,YAAO,GAAE,EAAE,QAAQ,CAAC,CAAC;AAE9C,SAAgB,SAAS;IACvB,IAAI,CAAC,IAAA,eAAU,EAAC,WAAW,CAAC;QAAE,OAAO,IAAI,CAAC;IAC1C,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,IAAA,iBAAY,EAAC,WAAW,EAAE,OAAO,CAAC,CAAC;QACnD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;QAClD,OAAO,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,IAAI,CAAC;IACpC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAgB,UAAU,CAAC,GAAW;IACpC,IAAA,kBAAa,EAAC,WAAW,EAAE,iBAAiB,GAAG,IAAI,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;AACxE,CAAC;AAED,SAAgB,aAAa;IAC3B,MAAM,GAAG,GAAG,SAAS,EAAE,CAAC;IACxB,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,OAAO,CAAC,KAAK,CAAC,wCAAwC,CAAC,CAAC;QACxD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAgB,SAAS;IACvB,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,EAAE,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IAC1D,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,OAAO,CAAC,KAAK,CACX,qEAAqE,CACtE,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/utils/dotenvx.d.ts

@@ -0,0 +1,14 @@
+/**
+ * Runs: dotenvx encrypt
+ * Requires @dotenvx/dotenvx to be installed globally or in path.
+ * After encryption: .env is encrypted, .env.keys holds the private key.
+ */
+export declare function encryptDotenv(cwd: string): void;
+/**
+ * Reads DOTENV_PRIVATE_KEY from .env.keys file.
+ */
+export declare function readPrivateKey(cwd: string): string;
+/**
+ * Deletes .env.keys — called after private key is stored in Convex.
+ */
+export declare function deleteKeysFile(cwd: string): void;

package/dist/utils/dotenvx.js

@@ -0,0 +1,47 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.encryptDotenv = encryptDotenv;
+exports.readPrivateKey = readPrivateKey;
+exports.deleteKeysFile = deleteKeysFile;
+const child_process_1 = require("child_process");
+const fs_1 = require("fs");
+const path_1 = require("path");
+/**
+ * Runs: dotenvx encrypt
+ * Requires @dotenvx/dotenvx to be installed globally or in path.
+ * After encryption: .env is encrypted, .env.keys holds the private key.
+ */
+function encryptDotenv(cwd) {
+    const dotenvPath = (0, path_1.join)(cwd, ".env");
+    if (!(0, fs_1.existsSync)(dotenvPath)) {
+        throw new Error(`.env not found in ${cwd}`);
+    }
+    (0, child_process_1.execSync)("npx @dotenvx/dotenvx encrypt", { cwd, stdio: "inherit" });
+}
+/**
+ * Reads DOTENV_PRIVATE_KEY from .env.keys file.
+ */
+function readPrivateKey(cwd) {
+    const keysPath = (0, path_1.join)(cwd, ".env.keys");
+    if (!(0, fs_1.existsSync)(keysPath)) {
+        throw new Error(".env.keys not found after encryption");
+    }
+    const { readFileSync } = require("fs");
+    const content = readFileSync(keysPath, "utf-8");
+    const match = content.match(/DOTENV_PRIVATE_KEY(?:_\w+)?="?([^"\n]+)"?/);
+    if (!match?.[1]) {
+        throw new Error("Could not parse DOTENV_PRIVATE_KEY from .env.keys");
+    }
+    return match[1].trim();
+}
+/**
+ * Deletes .env.keys — called after private key is stored in Convex.
+ */
+function deleteKeysFile(cwd) {
+    const keysPath = (0, path_1.join)(cwd, ".env.keys");
+    if ((0, fs_1.existsSync)(keysPath)) {
+        const { unlinkSync } = require("fs");
+        unlinkSync(keysPath);
+    }
+}
+//# sourceMappingURL=dotenvx.js.map

package/dist/utils/dotenvx.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"dotenvx.js","sourceRoot":"","sources":["../../src/utils/dotenvx.ts"],"names":[],"mappings":";;AASA,sCAMC;AAKD,wCAaC;AAKD,wCAMC;AA5CD,iDAAyC;AACzC,2BAAgC;AAChC,+BAA4B;AAE5B;;;;GAIG;AACH,SAAgB,aAAa,CAAC,GAAW;IACvC,MAAM,UAAU,GAAG,IAAA,WAAI,EAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IACrC,IAAI,CAAC,IAAA,eAAU,EAAC,UAAU,CAAC,EAAE,CAAC;QAC5B,MAAM,IAAI,KAAK,CAAC,qBAAqB,GAAG,EAAE,CAAC,CAAC;IAC9C,CAAC;IACD,IAAA,wBAAQ,EAAC,8BAA8B,EAAE,EAAE,GAAG,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC;AACtE,CAAC;AAED;;GAEG;AACH,SAAgB,cAAc,CAAC,GAAW;IACxC,MAAM,QAAQ,GAAG,IAAA,WAAI,EAAC,GAAG,EAAE,WAAW,CAAC,CAAC;IACxC,IAAI,CAAC,IAAA,eAAU,EAAC,QAAQ,CAAC,EAAE,CAAC;QAC1B,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;IAC1D,CAAC;IAED,MAAM,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,IAAI,CAAwB,CAAC;IAC9D,MAAM,OAAO,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAChD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,2CAA2C,CAAC,CAAC;IACzE,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAChB,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;IACvE,CAAC;IACD,OAAO,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;AACzB,CAAC;AAED;;GAEG;AACH,SAAgB,cAAc,CAAC,GAAW;IACxC,MAAM,QAAQ,GAAG,IAAA,WAAI,EAAC,GAAG,EAAE,WAAW,CAAC,CAAC;IACxC,IAAI,IAAA,eAAU,EAAC,QAAQ,CAAC,EAAE,CAAC;QACzB,MAAM,EAAE,UAAU,EAAE,GAAG,OAAO,CAAC,IAAI,CAAwB,CAAC;QAC5D,UAAU,CAAC,QAAQ,CAAC,CAAC;IACvB,CAAC;AACH,CAAC"}

package/package.json

@@ -0,0 +1,29 @@
+{
+  "name": "@suronai/cli",
+  "version": "0.1.2",
+  "description": "CLI for Suron — suron login, init, whoami, rotate",
+  "bin": {
+    "suron": "./dist/index.js"
+  },
+  "files": [
+    "dist"
+  ],
+  "scripts": {
+    "build": "tsc && node -e \"const fs=require('fs'),f='dist/index.js',c=fs.readFileSync(f,'utf8');if(!c.startsWith('#!/usr/bin/env node'))fs.writeFileSync(f,'#!/usr/bin/env node\\n'+c)\"",
+    "dev": "tsc --watch",
+    "clean": "rimraf dist"
+  },
+  "dependencies": {
+    "commander": "^12.0.0",
+    "chalk": "^5.3.0",
+    "@dotenvx/dotenvx": "^1.0.0"
+  },
+  "devDependencies": {
+    "typescript": "^5.4.0",
+    "@types/node": "^20.0.0",
+    "rimraf": "^5.0.0"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  }
+}