@zincapp/znvault-cli 2.26.5 → 2.29.1

package/dist/commands/ssh-ca/certificates.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"certificates.d.ts","sourceRoot":"","sources":["../../../src/commands/ssh-ca/certificates.ts"],"names":[],"mappings":"AAWA,OAAO,KAAK,EAGV,eAAe,EACf,aAAa,EACd,MAAM,YAAY,CAAC;AAGpB,wBAAsB,gBAAgB,CAAC,OAAO,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC,CAgD9E;AAED,wBAAsB,cAAc,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE;IAAE,IAAI,CAAC,EAAE,OAAO,CAAA;CAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAwC/F;AAED,wBAAsB,iBAAiB,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC,CAuC7F"}

package/dist/commands/ssh-ca/certificates.js

@@ -0,0 +1,131 @@
+// Path: src/commands/ssh-ca/certificates.ts
+/**
+ * Certificate management commands for SSH CA
+ */
+import ora from 'ora';
+import Table from 'cli-table3';
+import inquirer from 'inquirer';
+import { client } from '../../lib/client.js';
+import * as output from '../../lib/output.js';
+import { formatDate, formatValidity, formatPrincipals } from './helpers.js';
+export async function listCertificates(options) {
+    const spinner = ora('Fetching certificates...').start();
+    try {
+        const params = new URLSearchParams();
+        if (options.activeOnly)
+            params.set('activeOnly', 'true');
+        if (options.revoked)
+            params.set('revoked', 'true');
+        if (options.userId)
+            params.set('userId', options.userId);
+        if (options.limit)
+            params.set('limit', options.limit);
+        const query = params.toString();
+        const response = await client.get(`/v1/ssh/certificates${query ? `?${query}` : ''}`);
+        spinner.stop();
+        if (options.json) {
+            output.json(response);
+            return;
+        }
+        if (response.items.length === 0) {
+            output.info('No certificates found.');
+            return;
+        }
+        const table = new Table({
+            head: ['Serial', 'User', 'Principals', 'Valid Until', 'Status'],
+            style: { head: ['cyan'] },
+        });
+        for (const cert of response.items) {
+            table.push([
+                cert.serial,
+                cert.username ?? cert.userId.substring(0, 8),
+                formatPrincipals(cert.principals),
+                formatDate(cert.validBefore),
+                formatValidity(cert.validBefore, cert.revoked),
+            ]);
+        }
+        console.log(table.toString());
+        output.info(`${response.items.length} certificate(s) found (total: ${response.pagination.total})`);
+    }
+    catch (err) {
+        spinner.fail('Failed to list certificates');
+        output.error(err instanceof Error ? err.message : String(err));
+        process.exit(1);
+    }
+}
+export async function getCertificate(certId, options) {
+    const spinner = ora('Fetching certificate...').start();
+    try {
+        const cert = await client.get(`/v1/ssh/certificates/${certId}`);
+        spinner.stop();
+        if (options.json) {
+            output.json(cert);
+            return;
+        }
+        output.keyValue({
+            'ID': cert.id,
+            'Serial': cert.serial,
+            'User': cert.username ?? cert.userId,
+            'Fingerprint': cert.fingerprint,
+            'Principals': cert.principals.join(', '),
+            'Extensions': cert.extensions?.join(', ') ?? '-',
+            'Valid From': formatDate(cert.validAfter),
+            'Valid Until': formatDate(cert.validBefore),
+            'Status': formatValidity(cert.validBefore, cert.revoked),
+            'Request IP': cert.requestIp ?? '-',
+            'Created': formatDate(cert.createdAt),
+        });
+        if (cert.revoked) {
+            console.log();
+            output.warn('Certificate is revoked:');
+            output.keyValue({
+                'Revoked At': formatDate(cert.revokedAt),
+                'Revoked By': cert.revokedBy ?? '-',
+                'Reason': cert.revocationReason ?? '-',
+            });
+        }
+    }
+    catch (err) {
+        spinner.fail('Failed to get certificate');
+        output.error(err instanceof Error ? err.message : String(err));
+        process.exit(1);
+    }
+}
+export async function revokeCertificate(certId, options) {
+    if (!options.force) {
+        const { confirm } = await inquirer.prompt([{
+                type: 'confirm',
+                name: 'confirm',
+                message: `Revoke certificate ${certId}?`,
+                default: false,
+            }]);
+        if (!confirm) {
+            output.info('Operation cancelled.');
+            return;
+        }
+    }
+    const reason = options.reason ?? (await inquirer.prompt([{
+            type: 'input',
+            name: 'reason',
+            message: 'Revocation reason (optional):',
+            default: 'Manually revoked via CLI',
+        }])).reason;
+    const spinner = ora('Revoking certificate...').start();
+    try {
+        await client.post(`/v1/ssh/certificates/${certId}/revoke`, { reason });
+        spinner.succeed('Certificate revoked');
+        if (options.json) {
+            output.json({ success: true, certId, reason });
+        }
+        else {
+            output.info('Certificate has been added to the Key Revocation List.');
+            output.info('Servers should refresh their KRL: znvault ssh-ca krl');
+        }
+    }
+    catch (err) {
+        spinner.fail('Failed to revoke certificate');
+        output.error(err instanceof Error ? err.message : String(err));
+        process.exit(1);
+    }
+}
+//# sourceMappingURL=certificates.js.map

package/dist/commands/ssh-ca/certificates.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"certificates.js","sourceRoot":"","sources":["../../../src/commands/ssh-ca/certificates.ts"],"names":[],"mappings":"AAAA,4CAA4C;AAE5C;;GAEG;AAEH,OAAO,GAAG,MAAM,KAAK,CAAC;AACtB,OAAO,KAAK,MAAM,YAAY,CAAC;AAC/B,OAAO,QAAQ,MAAM,UAAU,CAAC;AAChC,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAC;AAC7C,OAAO,KAAK,MAAM,MAAM,qBAAqB,CAAC;AAO9C,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAE5E,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,OAAwB;IAC7D,MAAM,OAAO,GAAG,GAAG,CAAC,0BAA0B,CAAC,CAAC,KAAK,EAAE,CAAC;IAExD,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,eAAe,EAAE,CAAC;QACrC,IAAI,OAAO,CAAC,UAAU;YAAE,MAAM,CAAC,GAAG,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;QACzD,IAAI,OAAO,CAAC,OAAO;YAAE,MAAM,CAAC,GAAG,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;QACnD,IAAI,OAAO,CAAC,MAAM;YAAE,MAAM,CAAC,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;QACzD,IAAI,OAAO,CAAC,KAAK;YAAE,MAAM,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;QAEtD,MAAM,KAAK,GAAG,MAAM,CAAC,QAAQ,EAAE,CAAC;QAChC,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,GAAG,CAC/B,uBAAuB,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAClD,CAAC;QACF,OAAO,CAAC,IAAI,EAAE,CAAC;QAEf,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;YACjB,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACtB,OAAO;QACT,CAAC;QAED,IAAI,QAAQ,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAChC,MAAM,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;YACtC,OAAO;QACT,CAAC;QAED,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC;YACtB,IAAI,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,YAAY,EAAE,aAAa,EAAE,QAAQ,CAAC;YAC/D,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,MAAM,CAAC,EAAE;SAC1B,CAAC,CAAC;QAEH,KAAK,MAAM,IAAI,IAAI,QAAQ,CAAC,KAAK,EAAE,CAAC;YAClC,KAAK,CAAC,IAAI,CAAC;gBACT,IAAI,CAAC,MAAM;gBACX,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC;gBAC5C,gBAAgB,CAAC,IAAI,CAAC,UAAU,CAAC;gBACjC,UAAU,CAAC,IAAI,CAAC,WAAW,CAAC;gBAC5B,cAAc,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,OAAO,CAAC;aAC/C,CAAC,CAAC;QACL,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC9B,MAAM,CAAC,IAAI,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,MAAM,iCAAiC,QAAQ,CAAC,UAAU,CAAC,KAAK,GAAG,CAAC,CAAC;IACrG,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC;QAC5C,MAAM,CAAC,KAAK,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;QAC/D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,MAAc,EAAE,OAA2B;IAC9E,MAAM,OAAO,GAAG,GAAG,CAAC,yBAAyB,CAAC,CAAC,KAAK,EAAE,CAAC;IAEvD,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,GAAG,CAAiB,wBAAwB,MAAM,EAAE,CAAC,CAAC;QAChF,OAAO,CAAC,IAAI,EAAE,CAAC;QAEf,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;YACjB,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAClB,OAAO;QACT,CAAC;QAED,MAAM,CAAC,QAAQ,CAAC;YACd,IAAI,EAAE,IAAI,CAAC,EAAE;YACb,QAAQ,EAAE,IAAI,CAAC,MAAM;YACrB,MAAM,EAAE,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,MAAM;YACpC,aAAa,EAAE,IAAI,CAAC,WAAW;YAC/B,YAAY,EAAE,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC;YACxC,YAAY,EAAE,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI,GAAG;YAChD,YAAY,EAAE,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC;YACzC,aAAa,EAAE,UAAU,CAAC,IAAI,CAAC,WAAW,CAAC;YAC3C,QAAQ,EAAE,cAAc,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,OAAO,CAAC;YACxD,YAAY,EAAE,IAAI,CAAC,SAAS,IAAI,GAAG;YACnC,SAAS,EAAE,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC;SACtC,CAAC,CAAC;QAEH,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjB,OAAO,CAAC,GAAG,EAAE,CAAC;YACd,MAAM,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;YACvC,MAAM,CAAC,QAAQ,CAAC;gBACd,YAAY,EAAE,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC;gBACxC,YAAY,EAAE,IAAI,CAAC,SAAS,IAAI,GAAG;gBACnC,QAAQ,EAAE,IAAI,CAAC,gBAAgB,IAAI,GAAG;aACvC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;QAC1C,MAAM,CAAC,KAAK,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;QAC/D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,MAAc,EAAE,OAAsB;IAC5E,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;QACnB,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,QAAQ,CAAC,MAAM,CAAuB,CAAC;gBAC/D,IAAI,EAAE,SAAS;gBACf,IAAI,EAAE,SAAS;gBACf,OAAO,EAAE,sBAAsB,MAAM,GAAG;gBACxC,OAAO,EAAE,KAAK;aACf,CAAC,CAAC,CAAC;QAEJ,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;YACpC,OAAO;QACT,CAAC;IACH,CAAC;IAED,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,CAAC,MAAM,QAAQ,CAAC,MAAM,CAAqB,CAAC;YAC3E,IAAI,EAAE,OAAO;YACb,IAAI,EAAE,QAAQ;YACd,OAAO,EAAE,+BAA+B;YACxC,OAAO,EAAE,0BAA0B;SACpC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;IAEZ,MAAM,OAAO,GAAG,GAAG,CAAC,yBAAyB,CAAC,CAAC,KAAK,EAAE,CAAC;IAEvD,IAAI,CAAC;QACH,MAAM,MAAM,CAAC,IAAI,CAAC,wBAAwB,MAAM,SAAS,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;QACvE,OAAO,CAAC,OAAO,CAAC,qBAAqB,CAAC,CAAC;QAEvC,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;YACjB,MAAM,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;QACjD,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CAAC,wDAAwD,CAAC,CAAC;YACtE,MAAM,CAAC,IAAI,CAAC,sDAAsD,CAAC,CAAC;QACtE,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;QAC7C,MAAM,CAAC,KAAK,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;QAC/D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC"}

package/dist/commands/ssh-ca/helpers.d.ts

@@ -0,0 +1,37 @@
+/**
+ * Format TTL in human-readable form
+ */
+export declare function formatTtl(seconds: number | undefined | null): string;
+/**
+ * Format date in a readable format
+ */
+export declare function formatDate(date: string | null | undefined): string;
+/**
+ * Format certificate validity status
+ */
+export declare function formatValidity(validBefore: string, revoked: boolean): string;
+/**
+ * Format key type for display
+ */
+export declare function formatKeyType(keyType: string | undefined): string;
+/**
+ * Format principals array
+ */
+export declare function formatPrincipals(principals: string[]): string;
+/**
+ * Parse principals from comma-separated string
+ */
+export declare function parsePrincipals(input: string): string[];
+/**
+ * Parse extensions from comma-separated string
+ */
+export declare function parseExtensions(input: string): string[];
+/**
+ * Validate principal name
+ */
+export declare function isValidPrincipal(name: string): boolean;
+/**
+ * Read public key from file or stdin
+ */
+export declare function readPublicKey(file?: string): Promise<string>;
+//# sourceMappingURL=helpers.d.ts.map

package/dist/commands/ssh-ca/helpers.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"helpers.d.ts","sourceRoot":"","sources":["../../../src/commands/ssh-ca/helpers.ts"],"names":[],"mappings":"AAQA;;GAEG;AACH,wBAAgB,SAAS,CAAC,OAAO,EAAE,MAAM,GAAG,SAAS,GAAG,IAAI,GAAG,MAAM,CAOpE;AAED;;GAEG;AACH,wBAAgB,UAAU,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAAG,MAAM,CAIlE;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,WAAW,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,GAAG,MAAM,CAkB5E;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,OAAO,EAAE,MAAM,GAAG,SAAS,GAAG,MAAM,CAGjE;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,UAAU,EAAE,MAAM,EAAE,GAAG,MAAM,CAI7D;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,EAAE,CAEvD;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,EAAE,CAEvD;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAEtD;AAED;;GAEG;AACH,wBAAsB,aAAa,CAAC,IAAI,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAoBlE"}

package/dist/commands/ssh-ca/helpers.js

@@ -0,0 +1,104 @@
+// Path: src/commands/ssh-ca/helpers.ts
+/**
+ * Helper functions for SSH CA commands
+ */
+import chalk from 'chalk';
+/**
+ * Format TTL in human-readable form
+ */
+export function formatTtl(seconds) {
+    if (seconds === undefined || seconds === null)
+        return '-';
+    if (seconds < 60)
+        return `${seconds}s`;
+    if (seconds < 3600)
+        return `${Math.floor(seconds / 60)}m`;
+    if (seconds < 86400)
+        return `${Math.floor(seconds / 3600)}h`;
+    return `${Math.floor(seconds / 86400)}d`;
+}
+/**
+ * Format date in a readable format
+ */
+export function formatDate(date) {
+    if (!date)
+        return '-';
+    const d = new Date(date);
+    return d.toLocaleString();
+}
+/**
+ * Format certificate validity status
+ */
+export function formatValidity(validBefore, revoked) {
+    if (revoked) {
+        return chalk.red('REVOKED');
+    }
+    const expiry = new Date(validBefore);
+    const now = new Date();
+    if (expiry < now) {
+        return chalk.gray('EXPIRED');
+    }
+    const hoursLeft = Math.floor((expiry.getTime() - now.getTime()) / (1000 * 60 * 60));
+    if (hoursLeft < 1) {
+        return chalk.yellow('EXPIRING');
+    }
+    return chalk.green('VALID');
+}
+/**
+ * Format key type for display
+ */
+export function formatKeyType(keyType) {
+    if (!keyType)
+        return '-';
+    return keyType === 'ed25519' ? 'Ed25519' : 'RSA-4096';
+}
+/**
+ * Format principals array
+ */
+export function formatPrincipals(principals) {
+    if (!principals || principals.length === 0)
+        return '-';
+    if (principals.length <= 3)
+        return principals.join(', ');
+    return `${principals.slice(0, 3).join(', ')} (+${principals.length - 3})`;
+}
+/**
+ * Parse principals from comma-separated string
+ */
+export function parsePrincipals(input) {
+    return input.split(',').map(p => p.trim()).filter(p => p.length > 0);
+}
+/**
+ * Parse extensions from comma-separated string
+ */
+export function parseExtensions(input) {
+    return input.split(',').map(e => e.trim()).filter(e => e.length > 0);
+}
+/**
+ * Validate principal name
+ */
+export function isValidPrincipal(name) {
+    return /^[a-zA-Z0-9_-]+$/.test(name);
+}
+/**
+ * Read public key from file or stdin
+ */
+export async function readPublicKey(file) {
+    const fs = await import('fs/promises');
+    if (file) {
+        const content = await fs.readFile(file, 'utf8');
+        return content.trim();
+    }
+    // Read from stdin if piped
+    if (!process.stdin.isTTY) {
+        return new Promise((resolve, reject) => {
+            let data = '';
+            process.stdin.setEncoding('utf8');
+            process.stdin.on('data', chunk => { data += chunk; });
+            process.stdin.on('end', () => resolve(data.trim()));
+            process.stdin.on('error', reject);
+        });
+    }
+    throw new Error('No public key provided. Use --public-key, --file, or pipe to stdin.');
+}
+//# sourceMappingURL=helpers.js.map

package/dist/commands/ssh-ca/helpers.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"helpers.js","sourceRoot":"","sources":["../../../src/commands/ssh-ca/helpers.ts"],"names":[],"mappings":"AAAA,uCAAuC;AAEvC;;GAEG;AAEH,OAAO,KAAK,MAAM,OAAO,CAAC;AAE1B;;GAEG;AACH,MAAM,UAAU,SAAS,CAAC,OAAkC;IAC1D,IAAI,OAAO,KAAK,SAAS,IAAI,OAAO,KAAK,IAAI;QAAE,OAAO,GAAG,CAAC;IAE1D,IAAI,OAAO,GAAG,EAAE;QAAE,OAAO,GAAG,OAAO,GAAG,CAAC;IACvC,IAAI,OAAO,GAAG,IAAI;QAAE,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,GAAG,EAAE,CAAC,GAAG,CAAC;IAC1D,IAAI,OAAO,GAAG,KAAK;QAAE,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC;IAC7D,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,GAAG,KAAK,CAAC,GAAG,CAAC;AAC3C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,UAAU,CAAC,IAA+B;IACxD,IAAI,CAAC,IAAI;QAAE,OAAO,GAAG,CAAC;IACtB,MAAM,CAAC,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,CAAC;IACzB,OAAO,CAAC,CAAC,cAAc,EAAE,CAAC;AAC5B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc,CAAC,WAAmB,EAAE,OAAgB;IAClE,IAAI,OAAO,EAAE,CAAC;QACZ,OAAO,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IAC9B,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,IAAI,CAAC,WAAW,CAAC,CAAC;IACrC,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IAEvB,IAAI,MAAM,GAAG,GAAG,EAAE,CAAC;QACjB,OAAO,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAC/B,CAAC;IAED,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,OAAO,EAAE,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC,GAAG,CAAC,IAAI,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC;IACpF,IAAI,SAAS,GAAG,CAAC,EAAE,CAAC;QAClB,OAAO,KAAK,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IAClC,CAAC;IAED,OAAO,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;AAC9B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,OAA2B;IACvD,IAAI,CAAC,OAAO;QAAE,OAAO,GAAG,CAAC;IACzB,OAAO,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,UAAU,CAAC;AACxD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,UAAoB;IACnD,IAAI,CAAC,UAAU,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,GAAG,CAAC;IACvD,IAAI,UAAU,CAAC,MAAM,IAAI,CAAC;QAAE,OAAO,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACzD,OAAO,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,UAAU,CAAC,MAAM,GAAG,CAAC,GAAG,CAAC;AAC5E,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,KAAa;IAC3C,OAAO,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;AACvE,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,KAAa;IAC3C,OAAO,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;AACvE,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,IAAY;IAC3C,OAAO,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACvC,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,IAAa;IAC/C,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;IAEvC,IAAI,IAAI,EAAE,CAAC;QACT,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QAChD,OAAO,OAAO,CAAC,IAAI,EAAE,CAAC;IACxB,CAAC;IAED,2BAA2B;IAC3B,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;QACzB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,IAAI,IAAI,GAAG,EAAE,CAAC;YACd,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;YAClC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,GAAG,IAAI,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;YACtD,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;YACpD,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QACpC,CAAC,CAAC,CAAC;IACL,CAAC;IAED,MAAM,IAAI,KAAK,CAAC,qEAAqE,CAAC,CAAC;AACzF,CAAC"}

package/dist/commands/ssh-ca/index.d.ts

@@ -0,0 +1,7 @@
+/**
+ * SSH CA command registration
+ */
+import { type Command } from 'commander';
+export * from './types.js';
+export declare function registerSSHCACommands(program: Command): void;
+//# sourceMappingURL=index.d.ts.map

package/dist/commands/ssh-ca/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/commands/ssh-ca/index.ts"],"names":[],"mappings":"AAEA;;GAEG;AAEH,OAAO,EAAE,KAAK,OAAO,EAAE,MAAM,WAAW,CAAC;AAgBzC,cAAc,YAAY,CAAC;AAE3B,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CAgM5D"}

package/dist/commands/ssh-ca/index.js

@@ -0,0 +1,180 @@
+// Path: src/commands/ssh-ca/index.ts
+import { getStatus, initCA, deleteCA, getPublicKey } from './ca.js';
+import { listMappings, createMapping, updateMapping, deleteMapping } from './mappings.js';
+import { listServerGroups, getServerGroup, createServerGroup, deleteServerGroup, setAccessRule, deleteAccessRule, getAuthorizedPrincipals, } from './server-groups.js';
+import { listCertificates, getCertificate, revokeCertificate } from './certificates.js';
+import { signCertificate } from './sign.js';
+// Re-export types
+export * from './types.js';
+export function registerSSHCACommands(program) {
+    const sshca = program
+        .command('ssh-ca')
+        .description('SSH Certificate Authority management')
+        .addHelpText('after', `
+Examples:
+  # Initialize the CA
+  znvault ssh-ca init --key-type ed25519 --default-ttl 28800
+
+  # Get CA public key for server configuration
+  znvault ssh-ca public-key --raw > /etc/ssh/trusted-user-ca-keys.pub
+
+  # Create a principal mapping
+  znvault ssh-ca mapping create --group-id GROUP_ID --principals deploy,developer
+
+  # Create a server group and add access rules
+  znvault ssh-ca server-group create --name production-web
+  znvault ssh-ca server-group set-access GROUP_ID --linux-user deploy --principals deploy,admin
+
+  # Sign your SSH public key
+  znvault ssh-ca sign --file ~/.ssh/id_ed25519.pub > ~/.ssh/id_ed25519-cert.pub
+
+  # List and revoke certificates
+  znvault ssh-ca cert list --active-only
+  znvault ssh-ca cert revoke CERT_ID --reason "User offboarded"
+`);
+    // -------------------------------------------------------------------------
+    // CA Commands
+    // -------------------------------------------------------------------------
+    sshca
+        .command('status')
+        .description('Get SSH CA status')
+        .option('--json', 'Output as JSON')
+        .action(getStatus);
+    sshca
+        .command('init')
+        .description('Initialize SSH CA')
+        .option('--key-type <type>', 'Key type: ed25519 or rsa-4096')
+        .option('--default-ttl <seconds>', 'Default certificate TTL in seconds')
+        .option('--max-ttl <seconds>', 'Maximum certificate TTL in seconds')
+        .option('--extensions <list>', 'Allowed extensions (comma-separated)')
+        .option('--json', 'Output as JSON')
+        .action(initCA);
+    sshca
+        .command('delete')
+        .description('Delete SSH CA (destructive!)')
+        .option('--force', 'Skip confirmation')
+        .option('--json', 'Output as JSON')
+        .action(deleteCA);
+    sshca
+        .command('public-key')
+        .description('Get CA public key')
+        .option('--raw', 'Output only the key (for piping to file)')
+        .option('--json', 'Output as JSON')
+        .action(getPublicKey);
+    // -------------------------------------------------------------------------
+    // Mapping Commands
+    // -------------------------------------------------------------------------
+    const mapping = sshca.command('mapping').description('Manage principal mappings (SSO group → SSH principals)');
+    mapping
+        .command('list')
+        .alias('ls')
+        .description('List principal mappings')
+        .option('--json', 'Output as JSON')
+        .action(listMappings);
+    mapping
+        .command('create')
+        .description('Create a principal mapping')
+        .option('--group-id <id>', 'SSO group ID')
+        .option('--principals <list>', 'SSH principals (comma-separated)')
+        .option('--json', 'Output as JSON')
+        .action(createMapping);
+    mapping
+        .command('update <mapping-id>')
+        .description('Update a principal mapping')
+        .option('--principals <list>', 'New SSH principals (comma-separated)')
+        .option('--json', 'Output as JSON')
+        .action(updateMapping);
+    mapping
+        .command('delete <mapping-id>')
+        .alias('rm')
+        .description('Delete a principal mapping')
+        .option('--force', 'Skip confirmation')
+        .option('--json', 'Output as JSON')
+        .action(deleteMapping);
+    // -------------------------------------------------------------------------
+    // Server Group Commands
+    // -------------------------------------------------------------------------
+    const serverGroup = sshca.command('server-group').alias('sg').description('Manage server groups');
+    serverGroup
+        .command('list')
+        .alias('ls')
+        .description('List server groups')
+        .option('--json', 'Output as JSON')
+        .action(listServerGroups);
+    serverGroup
+        .command('get <group-id>')
+        .description('Get server group details')
+        .option('--json', 'Output as JSON')
+        .action(getServerGroup);
+    serverGroup
+        .command('create')
+        .description('Create a server group')
+        .option('--name <name>', 'Server group name')
+        .option('--description <desc>', 'Description')
+        .option('--json', 'Output as JSON')
+        .action(createServerGroup);
+    serverGroup
+        .command('delete <group-id>')
+        .alias('rm')
+        .description('Delete a server group')
+        .option('--force', 'Skip confirmation')
+        .option('--json', 'Output as JSON')
+        .action(deleteServerGroup);
+    serverGroup
+        .command('set-access <group-id>')
+        .description('Set access rule for a server group')
+        .option('--linux-user <user>', 'Linux user name')
+        .option('--principals <list>', 'Allowed principals (comma-separated)')
+        .option('--json', 'Output as JSON')
+        .action(setAccessRule);
+    serverGroup
+        .command('delete-access <group-id> <linux-user>')
+        .description('Delete access rule from a server group')
+        .option('--force', 'Skip confirmation')
+        .option('--json', 'Output as JSON')
+        .action(deleteAccessRule);
+    serverGroup
+        .command('principals <group-id>')
+        .description('Get authorized principals for server configuration')
+        .option('--json', 'Output as JSON')
+        .action(getAuthorizedPrincipals);
+    // -------------------------------------------------------------------------
+    // Certificate Commands
+    // -------------------------------------------------------------------------
+    const cert = sshca.command('cert').alias('certificate').description('Manage SSH certificates');
+    cert
+        .command('list')
+        .alias('ls')
+        .description('List certificates')
+        .option('--active-only', 'Show only active certificates')
+        .option('--revoked', 'Show only revoked certificates')
+        .option('--user-id <id>', 'Filter by user ID')
+        .option('--limit <n>', 'Maximum number of results')
+        .option('--json', 'Output as JSON')
+        .action(listCertificates);
+    cert
+        .command('get <cert-id>')
+        .description('Get certificate details')
+        .option('--json', 'Output as JSON')
+        .action(getCertificate);
+    cert
+        .command('revoke <cert-id>')
+        .description('Revoke a certificate')
+        .option('--reason <reason>', 'Revocation reason')
+        .option('--force', 'Skip confirmation')
+        .option('--json', 'Output as JSON')
+        .action(revokeCertificate);
+    // -------------------------------------------------------------------------
+    // Sign Command
+    // -------------------------------------------------------------------------
+    sshca
+        .command('sign')
+        .description('Sign SSH public key to get a certificate')
+        .option('--public-key <key>', 'SSH public key string')
+        .option('--file <path>', 'Path to SSH public key file')
+        .option('--ttl <seconds>', 'Certificate TTL in seconds')
+        .option('--principals <list>', 'Direct principal specification (admin override, comma-separated). Requires ssh:ca:admin permission OR admin crypto access.')
+        .option('--json', 'Output as JSON')
+        .action(signCertificate);
+}
+//# sourceMappingURL=index.js.map

package/dist/commands/ssh-ca/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/commands/ssh-ca/index.ts"],"names":[],"mappings":"AAAA,qCAAqC;AAOrC,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACpE,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAC1F,OAAO,EACL,gBAAgB,EAChB,cAAc,EACd,iBAAiB,EACjB,iBAAiB,EACjB,aAAa,EACb,gBAAgB,EAChB,uBAAuB,GACxB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AACxF,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAE5C,kBAAkB;AAClB,cAAc,YAAY,CAAC;AAE3B,MAAM,UAAU,qBAAqB,CAAC,OAAgB;IACpD,MAAM,KAAK,GAAG,OAAO;SAClB,OAAO,CAAC,QAAQ,CAAC;SACjB,WAAW,CAAC,sCAAsC,CAAC;SACnD,WAAW,CAAC,OAAO,EAAE;;;;;;;;;;;;;;;;;;;;;CAqBzB,CAAC,CAAC;IAED,4EAA4E;IAC5E,cAAc;IACd,4EAA4E;IAC5E,KAAK;SACF,OAAO,CAAC,QAAQ,CAAC;SACjB,WAAW,CAAC,mBAAmB,CAAC;SAChC,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;SAClC,MAAM,CAAC,SAAS,CAAC,CAAC;IAErB,KAAK;SACF,OAAO,CAAC,MAAM,CAAC;SACf,WAAW,CAAC,mBAAmB,CAAC;SAChC,MAAM,CAAC,mBAAmB,EAAE,+BAA+B,CAAC;SAC5D,MAAM,CAAC,yBAAyB,EAAE,oCAAoC,CAAC;SACvE,MAAM,CAAC,qBAAqB,EAAE,oCAAoC,CAAC;SACnE,MAAM,CAAC,qBAAqB,EAAE,sCAAsC,CAAC;SACrE,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;SAClC,MAAM,CAAC,MAAM,CAAC,CAAC;IAElB,KAAK;SACF,OAAO,CAAC,QAAQ,CAAC;SACjB,WAAW,CAAC,8BAA8B,CAAC;SAC3C,MAAM,CAAC,SAAS,EAAE,mBAAmB,CAAC;SACtC,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;SAClC,MAAM,CAAC,QAAQ,CAAC,CAAC;IAEpB,KAAK;SACF,OAAO,CAAC,YAAY,CAAC;SACrB,WAAW,CAAC,mBAAmB,CAAC;SAChC,MAAM,CAAC,OAAO,EAAE,0CAA0C,CAAC;SAC3D,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;SAClC,MAAM,CAAC,YAAY,CAAC,CAAC;IAExB,4EAA4E;IAC5E,mBAAmB;IACnB,4EAA4E;IAC5E,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,WAAW,CAAC,wDAAwD,CAAC,CAAC;IAE/G,OAAO;SACJ,OAAO,CAAC,MAAM,CAAC;SACf,KAAK,CAAC,IAAI,CAAC;SACX,WAAW,CAAC,yBAAyB,CAAC;SACtC,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;SAClC,MAAM,CAAC,YAAY,CAAC,CAAC;IAExB,OAAO;SACJ,OAAO,CAAC,QAAQ,CAAC;SACjB,WAAW,CAAC,4BAA4B,CAAC;SACzC,MAAM,CAAC,iBAAiB,EAAE,cAAc,CAAC;SACzC,MAAM,CAAC,qBAAqB,EAAE,kCAAkC,CAAC;SACjE,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;SAClC,MAAM,CAAC,aAAa,CAAC,CAAC;IAEzB,OAAO;SACJ,OAAO,CAAC,qBAAqB,CAAC;SAC9B,WAAW,CAAC,4BAA4B,CAAC;SACzC,MAAM,CAAC,qBAAqB,EAAE,sCAAsC,CAAC;SACrE,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;SAClC,MAAM,CAAC,aAAa,CAAC,CAAC;IAEzB,OAAO;SACJ,OAAO,CAAC,qBAAqB,CAAC;SAC9B,KAAK,CAAC,IAAI,CAAC;SACX,WAAW,CAAC,4BAA4B,CAAC;SACzC,MAAM,CAAC,SAAS,EAAE,mBAAmB,CAAC;SACtC,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;SAClC,MAAM,CAAC,aAAa,CAAC,CAAC;IAEzB,4EAA4E;IAC5E,wBAAwB;IACxB,4EAA4E;IAC5E,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,WAAW,CAAC,sBAAsB,CAAC,CAAC;IAElG,WAAW;SACR,OAAO,CAAC,MAAM,CAAC;SACf,KAAK,CAAC,IAAI,CAAC;SACX,WAAW,CAAC,oBAAoB,CAAC;SACjC,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;SAClC,MAAM,CAAC,gBAAgB,CAAC,CAAC;IAE5B,WAAW;SACR,OAAO,CAAC,gBAAgB,CAAC;SACzB,WAAW,CAAC,0BAA0B,CAAC;SACvC,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;SAClC,MAAM,CAAC,cAAc,CAAC,CAAC;IAE1B,WAAW;SACR,OAAO,CAAC,QAAQ,CAAC;SACjB,WAAW,CAAC,uBAAuB,CAAC;SACpC,MAAM,CAAC,eAAe,EAAE,mBAAmB,CAAC;SAC5C,MAAM,CAAC,sBAAsB,EAAE,aAAa,CAAC;SAC7C,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;SAClC,MAAM,CAAC,iBAAiB,CAAC,CAAC;IAE7B,WAAW;SACR,OAAO,CAAC,mBAAmB,CAAC;SAC5B,KAAK,CAAC,IAAI,CAAC;SACX,WAAW,CAAC,uBAAuB,CAAC;SACpC,MAAM,CAAC,SAAS,EAAE,mBAAmB,CAAC;SACtC,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;SAClC,MAAM,CAAC,iBAAiB,CAAC,CAAC;IAE7B,WAAW;SACR,OAAO,CAAC,uBAAuB,CAAC;SAChC,WAAW,CAAC,oCAAoC,CAAC;SACjD,MAAM,CAAC,qBAAqB,EAAE,iBAAiB,CAAC;SAChD,MAAM,CAAC,qBAAqB,EAAE,sCAAsC,CAAC;SACrE,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;SAClC,MAAM,CAAC,aAAa,CAAC,CAAC;IAEzB,WAAW;SACR,OAAO,CAAC,uCAAuC,CAAC;SAChD,WAAW,CAAC,wCAAwC,CAAC;SACrD,MAAM,CAAC,SAAS,EAAE,mBAAmB,CAAC;SACtC,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;SAClC,MAAM,CAAC,gBAAgB,CAAC,CAAC;IAE5B,WAAW;SACR,OAAO,CAAC,uBAAuB,CAAC;SAChC,WAAW,CAAC,oDAAoD,CAAC;SACjE,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;SAClC,MAAM,CAAC,uBAAuB,CAAC,CAAC;IAEnC,4EAA4E;IAC5E,uBAAuB;IACvB,4EAA4E;IAC5E,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,WAAW,CAAC,yBAAyB,CAAC,CAAC;IAE/F,IAAI;SACD,OAAO,CAAC,MAAM,CAAC;SACf,KAAK,CAAC,IAAI,CAAC;SACX,WAAW,CAAC,mBAAmB,CAAC;SAChC,MAAM,CAAC,eAAe,EAAE,+BAA+B,CAAC;SACxD,MAAM,CAAC,WAAW,EAAE,gCAAgC,CAAC;SACrD,MAAM,CAAC,gBAAgB,EAAE,mBAAmB,CAAC;SAC7C,MAAM,CAAC,aAAa,EAAE,2BAA2B,CAAC;SAClD,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;SAClC,MAAM,CAAC,gBAAgB,CAAC,CAAC;IAE5B,IAAI;SACD,OAAO,CAAC,eAAe,CAAC;SACxB,WAAW,CAAC,yBAAyB,CAAC;SACtC,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;SAClC,MAAM,CAAC,cAAc,CAAC,CAAC;IAE1B,IAAI;SACD,OAAO,CAAC,kBAAkB,CAAC;SAC3B,WAAW,CAAC,sBAAsB,CAAC;SACnC,MAAM,CAAC,mBAAmB,EAAE,mBAAmB,CAAC;SAChD,MAAM,CAAC,SAAS,EAAE,mBAAmB,CAAC;SACtC,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;SAClC,MAAM,CAAC,iBAAiB,CAAC,CAAC;IAE7B,4EAA4E;IAC5E,eAAe;IACf,4EAA4E;IAC5E,KAAK;SACF,OAAO,CAAC,MAAM,CAAC;SACf,WAAW,CAAC,0CAA0C,CAAC;SACvD,MAAM,CAAC,oBAAoB,EAAE,uBAAuB,CAAC;SACrD,MAAM,CAAC,eAAe,EAAE,6BAA6B,CAAC;SACtD,MAAM,CAAC,iBAAiB,EAAE,4BAA4B,CAAC;SACvD,MAAM,CAAC,qBAAqB,EAAE,4HAA4H,CAAC;SAC3J,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;SAClC,MAAM,CAAC,eAAe,CAAC,CAAC;AAC7B,CAAC"}

package/dist/commands/ssh-ca/mappings.d.ts

@@ -0,0 +1,11 @@
+import type { MappingCreateOptions, MappingUpdateOptions } from './types.js';
+export declare function listMappings(options: {
+    json?: boolean;
+}): Promise<void>;
+export declare function createMapping(options: MappingCreateOptions): Promise<void>;
+export declare function updateMapping(mappingId: string, options: MappingUpdateOptions): Promise<void>;
+export declare function deleteMapping(mappingId: string, options: {
+    force?: boolean;
+    json?: boolean;
+}): Promise<void>;
+//# sourceMappingURL=mappings.d.ts.map

package/dist/commands/ssh-ca/mappings.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mappings.d.ts","sourceRoot":"","sources":["../../../src/commands/ssh-ca/mappings.ts"],"names":[],"mappings":"AAWA,OAAO,KAAK,EAGV,oBAAoB,EACpB,oBAAoB,EACrB,MAAM,YAAY,CAAC;AAapB,wBAAsB,YAAY,CAAC,OAAO,EAAE;IAAE,IAAI,CAAC,EAAE,OAAO,CAAA;CAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAuC7E;AAED,wBAAsB,aAAa,CAAC,OAAO,EAAE,oBAAoB,GAAG,OAAO,CAAC,IAAI,CAAC,CA2EhF;AAED,wBAAsB,aAAa,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,oBAAoB,GAAG,OAAO,CAAC,IAAI,CAAC,CA+BnG;AAED,wBAAsB,aAAa,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE;IAAE,KAAK,CAAC,EAAE,OAAO,CAAC;IAAC,IAAI,CAAC,EAAE,OAAO,CAAA;CAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CA6BlH"}