@vultisig/cli 0.2.0-alpha.7 → 0.2.0-beta.8

package/CHANGELOG.md

@@ -1,5 +1,26 @@
 # @vultisig/cli
 
+## 0.2.0-beta.8
+
+### Minor Changes
+
+- [#62](https://github.com/vultisig/vultisig-sdk/pull/62) [`008db7f`](https://github.com/vultisig/vultisig-sdk/commit/008db7fb27580ec78df3bbc41b25aac24924ffd8) Thanks [@bornslippynuxx](https://github.com/bornslippynuxx)! - feat: separate unlock and export passwords in CLI export command
+
+  The export command now has two distinct password options:
+  - `--password`: Unlocks the vault (decrypts stored keyshares for encrypted vaults)
+  - `--exportPassword`: Encrypts the exported file (defaults to `--password` if not specified)
+
+  This fixes the "Password required but callback returned empty value" error when exporting encrypted vaults.
+
+  Password resolution now uses an in-memory cache that persists across SDK callbacks, allowing the CLI to pre-cache the unlock password before vault loading.
+
+### Patch Changes
+
+- [#62](https://github.com/vultisig/vultisig-sdk/pull/62) [`008db7f`](https://github.com/vultisig/vultisig-sdk/commit/008db7fb27580ec78df3bbc41b25aac24924ffd8) Thanks [@bornslippynuxx](https://github.com/bornslippynuxx)! - Simplify export command by removing `--encrypt` and `--no-encrypt` flags. Password is now optional - if provided, vault is encrypted; if omitted or empty, vault is exported without encryption. Path argument now supports directories (appends SDK-generated filename).
+
+- Updated dependencies [[`008db7f`](https://github.com/vultisig/vultisig-sdk/commit/008db7fb27580ec78df3bbc41b25aac24924ffd8)]:
+  - @vultisig/sdk@0.2.0-beta.8
+
 ## 0.2.0-alpha.7
 
 ### Minor Changes

package/README.md

@@ -186,6 +186,29 @@ vultisig -i
 - `--shares <n>` - Number of devices for secure vault (default: 2)
 - `--threshold <n>` - Signing threshold (default: ceil((shares+1)/2))
 
+**Export options:**
+- `[path]` - Output file or directory (defaults to SDK-generated filename in current directory)
+- `--password <password>` - Password to unlock encrypted vaults
+- `--exportPassword <password>` - Password to encrypt the export file (defaults to `--password` if provided)
+
+```bash
+# Export to current directory (prompts for export password)
+vultisig export
+
+# Export to specific directory
+vultisig export /path/to/backups/
+
+# Export with encryption (same password for unlock and export)
+vultisig export --password mypassword
+
+# Export with different passwords for unlock vs export
+vultisig export --password unlockPass --exportPassword exportPass
+
+# Export without encryption (leave password prompt empty)
+vultisig export
+# > Enter password for export encryption (leave empty for no encryption): [enter]
+```
+
 ### Wallet Operations
 
 | Command | Description |

package/dist/index.js

@@ -1314,6 +1314,15 @@ function createSpinner(text) {
 }
 
 // src/core/password-manager.ts
+var passwordCache = /* @__PURE__ */ new Map();
+function cachePassword(vaultIdOrName, password) {
+  passwordCache.set(vaultIdOrName, password);
+}
+function getCachedPassword(vaultId, vaultName) {
+  if (vaultName && passwordCache.has(vaultName)) return passwordCache.get(vaultName);
+  if (passwordCache.has(vaultId)) return passwordCache.get(vaultId);
+  return null;
+}
 function parseVaultPasswords() {
   const passwordMap = /* @__PURE__ */ new Map();
   const passwordsEnv = process.env.VAULT_PASSWORDS;
@@ -1356,14 +1365,23 @@ async function promptForPassword(vaultName, vaultId) {
   return password;
 }
 async function getPassword(vaultId, vaultName) {
+  const cachedPassword = getCachedPassword(vaultId, vaultName);
+  if (cachedPassword) {
+    return cachedPassword;
+  }
   const envPassword = getPasswordFromEnv(vaultId, vaultName);
   if (envPassword) {
+    cachePassword(vaultId, envPassword);
+    if (vaultName) cachePassword(vaultName, envPassword);
     return envPassword;
   }
   if (isSilent() || isJsonOutput()) {
     throw new Error("Password required but not provided. Set VAULT_PASSWORD or VAULT_PASSWORDS environment variable.");
   }
-  return promptForPassword(vaultName, vaultId);
+  const password = await promptForPassword(vaultName, vaultId);
+  cachePassword(vaultId, password);
+  if (vaultName) cachePassword(vaultName, password);
+  return password;
 }
 function createPasswordCallback() {
   return async (vaultId, vaultName) => {
@@ -1997,6 +2015,7 @@ var import_qrcode_terminal2 = __toESM(require_main(), 1);
 import chalk5 from "chalk";
 import { promises as fs } from "fs";
 import inquirer4 from "inquirer";
+import path from "path";
 function withAbortSignal(promise, signal) {
   if (!signal) return promise;
   return Promise.race([
@@ -2218,38 +2237,47 @@ async function executeVerify(ctx2, vaultId, options = {}) {
 }
 async function executeExport(ctx2, options = {}) {
   const vault = await ctx2.ensureActiveVault();
-  let encrypt = options.encrypt;
-  let password = options.password;
-  if (encrypt === void 0) {
-    const encryptAnswer = await inquirer4.prompt([
-      {
-        type: "confirm",
-        name: "encrypt",
-        message: "Encrypt export with password?",
-        default: true
-      }
-    ]);
-    encrypt = encryptAnswer.encrypt;
+  let exportPassword = options.exportPassword;
+  if (exportPassword === void 0) {
+    if (options.password !== void 0) {
+      exportPassword = options.password;
+    } else {
+      const answer = await inquirer4.prompt([
+        {
+          type: "password",
+          name: "exportPassword",
+          message: "Enter password for export encryption (leave empty for no encryption):",
+          mask: "*"
+        }
+      ]);
+      exportPassword = answer.exportPassword || void 0;
+    }
   }
-  if (encrypt && !password) {
-    const passwordAnswer = await inquirer4.prompt([
-      {
-        type: "password",
-        name: "password",
-        message: "Enter password:",
-        mask: "*"
+  const spinner = createSpinner("Exporting vault...");
+  const { data: vultContent, filename: sdkFilename } = await vault.export(exportPassword);
+  let outputPath;
+  if (options.outputPath) {
+    const resolvedPath = path.resolve(options.outputPath);
+    try {
+      const stat = await fs.stat(resolvedPath);
+      if (stat.isDirectory()) {
+        outputPath = path.join(resolvedPath, sdkFilename);
+      } else {
+        outputPath = resolvedPath;
       }
-    ]);
-    password = passwordAnswer.password;
+    } catch {
+      outputPath = resolvedPath;
+    }
+  } else {
+    outputPath = path.resolve(sdkFilename);
   }
-  const spinner = createSpinner("Exporting vault...");
-  const { data: vultContent } = await vault.export(encrypt ? password : void 0);
-  const fileName = options.outputPath || `${vault.name}-${vault.localPartyId}-vault.vult`;
-  await fs.writeFile(fileName, vultContent, "utf-8");
-  spinner.succeed(`Vault exported: ${fileName}`);
+  const parentDir = path.dirname(outputPath);
+  await fs.mkdir(parentDir, { recursive: true });
+  await fs.writeFile(outputPath, vultContent, "utf-8");
+  spinner.succeed(`Vault exported: ${outputPath}`);
   success("\n+ Vault exported successfully!");
-  info(`File: ${fileName}`);
-  return fileName;
+  info(`File: ${outputPath}`);
+  return outputPath;
 }
 async function executeVaults(ctx2) {
   const spinner = createSpinner("Loading vaults...");
@@ -2644,7 +2672,7 @@ Address Book${options.chain ? ` (${options.chain})` : ""}:
 // src/interactive/completer.ts
 import { Chain as Chain3 } from "@vultisig/sdk";
 import fs2 from "fs";
-import path from "path";
+import path2 from "path";
 var COMMANDS = [
   // Vault management
   "vaults",
@@ -2718,28 +2746,28 @@ function createCompleter(ctx2) {
 }
 function completeFilePath(partial, filterVult) {
   try {
-    const endsWithSeparator = partial.endsWith("/") || partial.endsWith(path.sep);
+    const endsWithSeparator = partial.endsWith("/") || partial.endsWith(path2.sep);
     let dir;
     let basename;
     if (endsWithSeparator) {
       dir = partial;
       basename = "";
     } else {
-      dir = path.dirname(partial);
-      basename = path.basename(partial);
+      dir = path2.dirname(partial);
+      basename = path2.basename(partial);
       if (fs2.existsSync(partial) && fs2.statSync(partial).isDirectory()) {
         dir = partial;
         basename = "";
       }
     }
-    const resolvedDir = path.resolve(dir);
+    const resolvedDir = path2.resolve(dir);
     if (!fs2.existsSync(resolvedDir) || !fs2.statSync(resolvedDir).isDirectory()) {
       return [[], partial];
     }
     const files = fs2.readdirSync(resolvedDir);
     const matches = files.filter((file) => file.startsWith(basename)).map((file) => {
-      const fullPath = path.join(dir, file);
-      const stats = fs2.statSync(path.join(resolvedDir, file));
+      const fullPath = path2.join(dir, file);
+      const stats = fs2.statSync(path2.join(resolvedDir, file));
       if (stats.isDirectory()) {
         return fullPath + "/";
       }
@@ -3900,7 +3928,7 @@ var cachedVersion = null;
 function getVersion() {
   if (cachedVersion) return cachedVersion;
   if (true) {
-    cachedVersion = "0.2.0-alpha.7";
+    cachedVersion = "0.2.0-beta.8";
     return cachedVersion;
   }
   try {
@@ -4368,14 +4396,17 @@ async function findVaultByNameOrId(sdk, nameOrId) {
   if (byPartialId) return byPartialId;
   return null;
 }
-async function init(vaultOverride) {
+async function init(vaultOverride, unlockPassword) {
   if (!ctx) {
+    const vaultSelector = vaultOverride || process.env.VULTISIG_VAULT;
+    if (unlockPassword && vaultSelector) {
+      cachePassword(vaultSelector, unlockPassword);
+    }
     const sdk = new Vultisig3({
       onPasswordRequired: createPasswordCallback()
     });
     await sdk.initialize();
     ctx = new CLIContext(sdk);
-    const vaultSelector = vaultOverride || process.env.VULTISIG_VAULT;
     let vault = null;
     if (vaultSelector) {
       vault = await findVaultByNameOrId(sdk, vaultSelector);
@@ -4478,13 +4509,13 @@ program.command("server").description("Check server connectivity and status").ac
     await executeServer(context);
   })
 );
-program.command("export [path]").description("Export vault to file").option("--encrypt", "Encrypt the export with a password").option("--no-encrypt", "Export without encryption").option("--password <password>", "Password for encryption").action(
-  withExit(async (path2, options) => {
-    const context = await init(program.opts().vault);
+program.command("export [path]").description("Export vault to file").option("--password <password>", "Password to unlock the vault (for encrypted vaults)").option("--exportPassword <password>", "Password to encrypt the exported file (defaults to --password)").action(
+  withExit(async (path3, options) => {
+    const context = await init(program.opts().vault, options.password);
     await executeExport(context, {
-      outputPath: path2,
-      encrypt: options.encrypt,
-      password: options.password
+      outputPath: path3,
+      password: options.password,
+      exportPassword: options.exportPassword
     });
   })
 );

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@vultisig/cli",
-  "version": "0.2.0-alpha.7",
+  "version": "0.2.0-beta.8",
   "description": "Command-line wallet for Vultisig - multi-chain MPC wallet management",
   "type": "module",
   "bin": {
@@ -48,7 +48,7 @@
   },
   "homepage": "https://vultisig.com",
   "dependencies": {
-    "@vultisig/sdk": "^0.2.0-alpha.7",
+    "@vultisig/sdk": "^0.2.0-beta.8",
     "chalk": "^5.3.0",
     "cli-table3": "^0.6.5",
     "commander": "^12.0.0",