@zincapp/znvault-cli 2.29.0 → 2.29.2

package/dist/commands/ssh/scp.js

@@ -0,0 +1,219 @@
+// Path: src/commands/ssh/scp.ts
+import ora from 'ora';
+import * as output from '../../lib/output.js';
+import { getCurrentProfile } from '../../lib/config.js';
+import { getDefaultKeyPath, getCertificatePath, isCertificateValid, signCertificate, } from './helpers.js';
+import { resolveBookmark } from './bookmark.js';
+/**
+ * Parse SCP path which can be:
+ * - local path: /path/to/file or ./file
+ * - remote path: host:/path or user@host:/path or bookmark:/path
+ */
+function parseSCPPath(pathStr) {
+    // Check for remote path (contains :)
+    const colonIndex = pathStr.indexOf(':');
+    if (colonIndex === -1 || (colonIndex === 1 && /^[a-zA-Z]$/.test(pathStr[0]))) {
+        // No colon, or Windows drive letter (C:\...)
+        return { isRemote: false, path: pathStr };
+    }
+    const hostPart = pathStr.substring(0, colonIndex);
+    const remotePath = pathStr.substring(colonIndex + 1) || '.';
+    // Check for user@host
+    if (hostPart.includes('@')) {
+        const atIndex = hostPart.indexOf('@');
+        return {
+            isRemote: true,
+            user: hostPart.substring(0, atIndex),
+            host: hostPart.substring(atIndex + 1),
+            path: remotePath,
+        };
+    }
+    // Could be a bookmark or just a host
+    return {
+        isRemote: true,
+        host: hostPart,
+        path: remotePath,
+        bookmarkName: hostPart, // Will check if it's a bookmark later
+    };
+}
+export function registerSCPCommand(parent) {
+    parent
+        .command('scp <source> <destination>')
+        .description('Copy files using SCP with certificate authentication')
+        .option('-i, --identity <file>', 'Path to SSH private key')
+        .option('-P, --port <port>', 'SSH port', '22')
+        .option('--principals <principals>', 'Principals for signing (admin override)')
+        .option('--ttl <ttl>', 'Certificate TTL (e.g., 8h, 1d)')
+        .option('--tenant <id>', 'Tenant ID (superadmin only)')
+        .option('--force-sign', 'Force re-signing even if certificate is valid')
+        .option('-r, --recursive', 'Recursively copy directories')
+        .option('-p, --preserve', 'Preserve modification times and modes')
+        .option('-v, --verbose', 'Show verbose output')
+        .option('--dry-run', 'Show what would be done without executing')
+        .action(async (source, destination, options) => {
+        const fs = await import('fs');
+        const pathModule = await import('path');
+        const { spawn } = await import('child_process');
+        const profile = getCurrentProfile();
+        // Parse source and destination
+        const srcParsed = parseSCPPath(source);
+        const dstParsed = parseSCPPath(destination);
+        // Validate: one must be local, one must be remote
+        if (!srcParsed.isRemote && !dstParsed.isRemote) {
+            output.error('At least one path must be remote (host:path)');
+            process.exit(1);
+        }
+        if (srcParsed.isRemote && dstParsed.isRemote) {
+            output.error('Cannot copy between two remote hosts directly');
+            output.info('Copy to local first, then to the other host');
+            process.exit(1);
+        }
+        // Get the remote part
+        const remotePart = srcParsed.isRemote ? srcParsed : dstParsed;
+        let host = remotePart.host;
+        let user = remotePart.user;
+        let port = options.port ?? '22';
+        let identityOverride = options.identity;
+        let principalsOverride = options.principals;
+        // Check if host is a bookmark
+        if (remotePart.bookmarkName) {
+            const bookmark = resolveBookmark(remotePart.bookmarkName);
+            if (bookmark) {
+                host = bookmark.host;
+                user = bookmark.user ?? user;
+                if (bookmark.port)
+                    port = bookmark.port.toString();
+                if (bookmark.identity)
+                    identityOverride = bookmark.identity;
+                if (bookmark.principals && !options.principals) {
+                    principalsOverride = bookmark.principals.join(',');
+                }
+                if (options.verbose) {
+                    output.info(`Using bookmark '${remotePart.bookmarkName}' → ${bookmark.host}`);
+                }
+            }
+        }
+        // Fall back to profile defaults
+        if (!user && profile.sshUser) {
+            user = profile.sshUser;
+        }
+        const verbose = (msg) => {
+            if (options.verbose)
+                output.info(msg);
+        };
+        try {
+            // Step 1: Find SSH key
+            let keyPath;
+            if (identityOverride) {
+                keyPath = pathModule.resolve(identityOverride.replace(/^~/, process.env.HOME ?? ''));
+                if (!fs.existsSync(keyPath)) {
+                    output.error(`SSH key not found: ${keyPath}`);
+                    process.exit(1);
+                }
+                verbose(`Using specified key: ${keyPath}`);
+            }
+            else if (profile.sshIdentity && fs.existsSync(profile.sshIdentity)) {
+                keyPath = profile.sshIdentity;
+                verbose(`Using configured key: ${keyPath}`);
+            }
+            else {
+                const defaultKey = await getDefaultKeyPath();
+                if (!defaultKey) {
+                    output.error('No SSH key found in ~/.ssh/');
+                    process.exit(1);
+                }
+                keyPath = defaultKey;
+                verbose(`Using default key: ${keyPath}`);
+            }
+            const pubKeyPath = `${keyPath}.pub`;
+            if (!fs.existsSync(pubKeyPath)) {
+                output.error(`Public key not found: ${pubKeyPath}`);
+                process.exit(1);
+            }
+            // Step 2: Check certificate validity
+            const certPath = await getCertificatePath(keyPath);
+            const certStatus = await isCertificateValid(certPath);
+            const needsSign = options.forceSign || !certStatus.valid;
+            if (options.verbose && !certStatus.valid) {
+                output.warn(`Certificate needs signing: ${certStatus.reason}`);
+            }
+            // Step 3: Sign if needed
+            if (needsSign) {
+                const spinner = ora('Signing certificate...').start();
+                try {
+                    await signCertificate(pubKeyPath, certPath, principalsOverride, options.ttl, options.tenant);
+                    spinner.succeed('Certificate signed');
+                }
+                catch (err) {
+                    spinner.fail('Failed to sign certificate');
+                    output.error(err instanceof Error ? err.message : String(err));
+                    process.exit(1);
+                }
+            }
+            else {
+                verbose('Using existing valid certificate');
+            }
+            // Step 4: Build SCP command
+            const scpArgs = [];
+            // Add identity
+            scpArgs.push('-i', keyPath);
+            // Add port (SCP uses -P not -p)
+            if (port !== '22') {
+                scpArgs.push('-P', port);
+            }
+            // Add certificate option
+            scpArgs.push('-o', `CertificateFile=${certPath}`);
+            // Add options
+            if (options.recursive)
+                scpArgs.push('-r');
+            if (options.preserve)
+                scpArgs.push('-p');
+            if (options.verbose)
+                scpArgs.push('-v');
+            // Build remote path string
+            const buildRemotePath = (parsed) => {
+                if (!parsed.isRemote)
+                    return parsed.path;
+                const userPart = user ? `${user}@` : '';
+                return `${userPart}${host}:${parsed.path}`;
+            };
+            // Add source and destination
+            scpArgs.push(srcParsed.isRemote ? buildRemotePath(srcParsed) : srcParsed.path);
+            scpArgs.push(dstParsed.isRemote ? buildRemotePath(dstParsed) : dstParsed.path);
+            // Execute or dry-run
+            if (options.dryRun) {
+                output.section('Dry Run');
+                output.keyValue({
+                    'Source': srcParsed.isRemote ? buildRemotePath(srcParsed) : srcParsed.path,
+                    'Destination': dstParsed.isRemote ? buildRemotePath(dstParsed) : dstParsed.path,
+                    'Key': keyPath,
+                    'Certificate': certPath,
+                    'Port': port,
+                });
+                console.log();
+                output.info(`Would execute: scp ${scpArgs.join(' ')}`);
+                return;
+            }
+            verbose(`Executing: scp ${scpArgs.join(' ')}`);
+            const scpProcess = spawn('scp', scpArgs, {
+                stdio: 'inherit',
+                env: process.env,
+            });
+            scpProcess.on('close', (code) => {
+                if (code === 0) {
+                    output.success('Transfer complete');
+                }
+                process.exit(code ?? 0);
+            });
+            scpProcess.on('error', (err) => {
+                output.error(`Failed to start SCP: ${err.message}`);
+                process.exit(1);
+            });
+        }
+        catch (err) {
+            output.error(err instanceof Error ? err.message : String(err));
+            process.exit(1);
+        }
+    });
+}
+//# sourceMappingURL=scp.js.map

package/dist/commands/ssh/scp.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"scp.js","sourceRoot":"","sources":["../../../src/commands/ssh/scp.ts"],"names":[],"mappings":"AAAA,gCAAgC;AAOhC,OAAO,GAAG,MAAM,KAAK,CAAC;AACtB,OAAO,KAAK,MAAM,MAAM,qBAAqB,CAAC;AAC9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AACxD,OAAO,EACL,iBAAiB,EACjB,kBAAkB,EAClB,kBAAkB,EAClB,eAAe,GAChB,MAAM,cAAc,CAAC;AACtB,OAAO,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAehD;;;;GAIG;AACH,SAAS,YAAY,CAAC,OAAe;IAOnC,qCAAqC;IACrC,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACxC,IAAI,UAAU,KAAK,CAAC,CAAC,IAAI,CAAC,UAAU,KAAK,CAAC,IAAI,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAC7E,6CAA6C;QAC7C,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;IAC5C,CAAC;IAED,MAAM,QAAQ,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;IAClD,MAAM,UAAU,GAAG,OAAO,CAAC,SAAS,CAAC,UAAU,GAAG,CAAC,CAAC,IAAI,GAAG,CAAC;IAE5D,sBAAsB;IACtB,IAAI,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAC3B,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACtC,OAAO;YACL,QAAQ,EAAE,IAAI;YACd,IAAI,EAAE,QAAQ,CAAC,SAAS,CAAC,CAAC,EAAE,OAAO,CAAC;YACpC,IAAI,EAAE,QAAQ,CAAC,SAAS,CAAC,OAAO,GAAG,CAAC,CAAC;YACrC,IAAI,EAAE,UAAU;SACjB,CAAC;IACJ,CAAC;IAED,qCAAqC;IACrC,OAAO;QACL,QAAQ,EAAE,IAAI;QACd,IAAI,EAAE,QAAQ;QACd,IAAI,EAAE,UAAU;QAChB,YAAY,EAAE,QAAQ,EAAE,sCAAsC;KAC/D,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,MAAe;IAChD,MAAM;SACH,OAAO,CAAC,4BAA4B,CAAC;SACrC,WAAW,CAAC,sDAAsD,CAAC;SACnE,MAAM,CAAC,uBAAuB,EAAE,yBAAyB,CAAC;SAC1D,MAAM,CAAC,mBAAmB,EAAE,UAAU,EAAE,IAAI,CAAC;SAC7C,MAAM,CAAC,2BAA2B,EAAE,yCAAyC,CAAC;SAC9E,MAAM,CAAC,aAAa,EAAE,gCAAgC,CAAC;SACvD,MAAM,CAAC,eAAe,EAAE,6BAA6B,CAAC;SACtD,MAAM,CAAC,cAAc,EAAE,+CAA+C,CAAC;SACvE,MAAM,CAAC,iBAAiB,EAAE,8BAA8B,CAAC;SACzD,MAAM,CAAC,gBAAgB,EAAE,uCAAuC,CAAC;SACjE,MAAM,CAAC,eAAe,EAAE,qBAAqB,CAAC;SAC9C,MAAM,CAAC,WAAW,EAAE,2CAA2C,CAAC;SAChE,MAAM,CAAC,KAAK,EAAE,MAAc,EAAE,WAAmB,EAAE,OAAmB,EAAE,EAAE;QACzE,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,CAAC;QAC9B,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,CAAC;QACxC,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,MAAM,CAAC,eAAe,CAAC,CAAC;QAEhD,MAAM,OAAO,GAAG,iBAAiB,EAAE,CAAC;QAEpC,+BAA+B;QAC/B,MAAM,SAAS,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;QACvC,MAAM,SAAS,GAAG,YAAY,CAAC,WAAW,CAAC,CAAC;QAE5C,kDAAkD;QAClD,IAAI,CAAC,SAAS,CAAC,QAAQ,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,CAAC;YAC/C,MAAM,CAAC,KAAK,CAAC,8CAA8C,CAAC,CAAC;YAC7D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,IAAI,SAAS,CAAC,QAAQ,IAAI,SAAS,CAAC,QAAQ,EAAE,CAAC;YAC7C,MAAM,CAAC,KAAK,CAAC,+CAA+C,CAAC,CAAC;YAC9D,MAAM,CAAC,IAAI,CAAC,6CAA6C,CAAC,CAAC;YAC3D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,sBAAsB;QACtB,MAAM,UAAU,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;QAC9D,IAAI,IAAI,GAAG,UAAU,CAAC,IAAK,CAAC;QAC5B,IAAI,IAAI,GAAG,UAAU,CAAC,IAAI,CAAC;QAC3B,IAAI,IAAI,GAAG,OAAO,CAAC,IAAI,IAAI,IAAI,CAAC;QAChC,IAAI,gBAAgB,GAAG,OAAO,CAAC,QAAQ,CAAC;QACxC,IAAI,kBAAkB,GAAG,OAAO,CAAC,UAAU,CAAC;QAE5C,8BAA8B;QAC9B,IAAI,UAAU,CAAC,YAAY,EAAE,CAAC;YAC5B,MAAM,QAAQ,GAAG,eAAe,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC;YAC1D,IAAI,QAAQ,EAAE,CAAC;gBACb,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC;gBACrB,IAAI,GAAG,QAAQ,CAAC,IAAI,IAAI,IAAI,CAAC;gBAC7B,IAAI,QAAQ,CAAC,IAAI;oBAAE,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACnD,IAAI,QAAQ,CAAC,QAAQ;oBAAE,gBAAgB,GAAG,QAAQ,CAAC,QAAQ,CAAC;gBAC5D,IAAI,QAAQ,CAAC,UAAU,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,CAAC;oBAC/C,kBAAkB,GAAG,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBACrD,CAAC;gBACD,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;oBACpB,MAAM,CAAC,IAAI,CAAC,mBAAmB,UAAU,CAAC,YAAY,OAAO,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;gBAChF,CAAC;YACH,CAAC;QACH,CAAC;QAED,gCAAgC;QAChC,IAAI,CAAC,IAAI,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;YAC7B,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC;QACzB,CAAC;QAED,MAAM,OAAO,GAAG,CAAC,GAAW,EAAE,EAAE;YAC9B,IAAI,OAAO,CAAC,OAAO;gBAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACxC,CAAC,CAAC;QAEF,IAAI,CAAC;YACH,uBAAuB;YACvB,IAAI,OAAe,CAAC;YACpB,IAAI,gBAAgB,EAAE,CAAC;gBACrB,OAAO,GAAG,UAAU,CAAC,OAAO,CAAC,gBAAgB,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,CAAC;gBACrF,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;oBAC5B,MAAM,CAAC,KAAK,CAAC,sBAAsB,OAAO,EAAE,CAAC,CAAC;oBAC9C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;gBAClB,CAAC;gBACD,OAAO,CAAC,wBAAwB,OAAO,EAAE,CAAC,CAAC;YAC7C,CAAC;iBAAM,IAAI,OAAO,CAAC,WAAW,IAAI,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,WAAW,CAAC,EAAE,CAAC;gBACrE,OAAO,GAAG,OAAO,CAAC,WAAW,CAAC;gBAC9B,OAAO,CAAC,yBAAyB,OAAO,EAAE,CAAC,CAAC;YAC9C,CAAC;iBAAM,CAAC;gBACN,MAAM,UAAU,GAAG,MAAM,iBAAiB,EAAE,CAAC;gBAC7C,IAAI,CAAC,UAAU,EAAE,CAAC;oBAChB,MAAM,CAAC,KAAK,CAAC,6BAA6B,CAAC,CAAC;oBAC5C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;gBAClB,CAAC;gBACD,OAAO,GAAG,UAAU,CAAC;gBACrB,OAAO,CAAC,sBAAsB,OAAO,EAAE,CAAC,CAAC;YAC3C,CAAC;YAED,MAAM,UAAU,GAAG,GAAG,OAAO,MAAM,CAAC;YACpC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;gBAC/B,MAAM,CAAC,KAAK,CAAC,yBAAyB,UAAU,EAAE,CAAC,CAAC;gBACpD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;YAED,qCAAqC;YACrC,MAAM,QAAQ,GAAG,MAAM,kBAAkB,CAAC,OAAO,CAAC,CAAC;YACnD,MAAM,UAAU,GAAG,MAAM,kBAAkB,CAAC,QAAQ,CAAC,CAAC;YACtD,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC;YAEzD,IAAI,OAAO,CAAC,OAAO,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;gBACzC,MAAM,CAAC,IAAI,CAAC,8BAA8B,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC;YACjE,CAAC;YAED,yBAAyB;YACzB,IAAI,SAAS,EAAE,CAAC;gBACd,MAAM,OAAO,GAAG,GAAG,CAAC,wBAAwB,CAAC,CAAC,KAAK,EAAE,CAAC;gBACtD,IAAI,CAAC;oBACH,MAAM,eAAe,CAAC,UAAU,EAAE,QAAQ,EAAE,kBAAkB,EAAE,OAAO,CAAC,GAAG,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;oBAC7F,OAAO,CAAC,OAAO,CAAC,oBAAoB,CAAC,CAAC;gBACxC,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,OAAO,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;oBAC3C,MAAM,CAAC,KAAK,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;oBAC/D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;gBAClB,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,kCAAkC,CAAC,CAAC;YAC9C,CAAC;YAED,4BAA4B;YAC5B,MAAM,OAAO,GAAa,EAAE,CAAC;YAE7B,eAAe;YACf,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;YAE5B,gCAAgC;YAChC,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;gBAClB,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;YAC3B,CAAC;YAED,yBAAyB;YACzB,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE,mBAAmB,QAAQ,EAAE,CAAC,CAAC;YAElD,cAAc;YACd,IAAI,OAAO,CAAC,SAAS;gBAAE,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC1C,IAAI,OAAO,CAAC,QAAQ;gBAAE,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACzC,IAAI,OAAO,CAAC,OAAO;gBAAE,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAExC,2BAA2B;YAC3B,MAAM,eAAe,GAAG,CAAC,MAAuC,EAAE,EAAE;gBAClE,IAAI,CAAC,MAAM,CAAC,QAAQ;oBAAE,OAAO,MAAM,CAAC,IAAI,CAAC;gBACzC,MAAM,QAAQ,GAAG,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;gBACxC,OAAO,GAAG,QAAQ,GAAG,IAAI,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC;YAC7C,CAAC,CAAC;YAEF,6BAA6B;YAC7B,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;YAC/E,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;YAE/E,qBAAqB;YACrB,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;gBACnB,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;gBAC1B,MAAM,CAAC,QAAQ,CAAC;oBACd,QAAQ,EAAE,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,IAAI;oBAC1E,aAAa,EAAE,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,IAAI;oBAC/E,KAAK,EAAE,OAAO;oBACd,aAAa,EAAE,QAAQ;oBACvB,MAAM,EAAE,IAAI;iBACb,CAAC,CAAC;gBACH,OAAO,CAAC,GAAG,EAAE,CAAC;gBACd,MAAM,CAAC,IAAI,CAAC,sBAAsB,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;gBACvD,OAAO;YACT,CAAC;YAED,OAAO,CAAC,kBAAkB,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAE/C,MAAM,UAAU,GAAG,KAAK,CAAC,KAAK,EAAE,OAAO,EAAE;gBACvC,KAAK,EAAE,SAAS;gBAChB,GAAG,EAAE,OAAO,CAAC,GAAG;aACjB,CAAC,CAAC;YAEH,UAAU,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE;gBAC9B,IAAI,IAAI,KAAK,CAAC,EAAE,CAAC;oBACf,MAAM,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;gBACtC,CAAC;gBACD,OAAO,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC;YAC1B,CAAC,CAAC,CAAC;YAEH,UAAU,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;gBAC7B,MAAM,CAAC,KAAK,CAAC,wBAAwB,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;gBACpD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,CAAC,KAAK,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;YAC/D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC,CAAC,CAAC;AACP,CAAC"}

package/dist/commands/ssh/server-group.d.ts

@@ -0,0 +1,6 @@
+/**
+ * SSH server group management commands
+ */
+import type { Command } from 'commander';
+export declare function registerServerGroupCommands(parent: Command): void;
+//# sourceMappingURL=server-group.d.ts.map

package/dist/commands/ssh/server-group.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"server-group.d.ts","sourceRoot":"","sources":["../../../src/commands/ssh/server-group.ts"],"names":[],"mappings":"AAEA;;GAEG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAQzC,wBAAgB,2BAA2B,CAAC,MAAM,EAAE,OAAO,GAAG,IAAI,CAmRjE"}

package/dist/commands/ssh/server-group.js

@@ -0,0 +1,249 @@
+// Path: src/commands/ssh/server-group.ts
+import ora from 'ora';
+import { client } from '../../lib/client.js';
+import { promptConfirm } from '../../lib/prompts.js';
+import * as output from '../../lib/output.js';
+import { buildTenantQuery } from './helpers.js';
+export function registerServerGroupCommands(parent) {
+    const group = parent
+        .command('server-group')
+        .description('SSH server group management');
+    // List Server Groups
+    group
+        .command('list')
+        .description('List server groups')
+        .option('--tenant <id>', 'Tenant ID (superadmin only)')
+        .option('--json', 'Output as JSON')
+        .action(async (options) => {
+        const spinner = ora('Fetching server groups...').start();
+        try {
+            const query = buildTenantQuery(options.tenant);
+            const response = await client.get(`/v1/ssh/server-groups${query}`);
+            spinner.stop();
+            if (options.json) {
+                output.json(response.items);
+                return;
+            }
+            if (response.items.length === 0) {
+                output.info('No server groups found');
+                output.info('Use "znvault ssh server-group create" to create a group');
+                return;
+            }
+            output.table(['ID', 'Name', 'Description', 'Created'], response.items.map(g => [
+                g.id.substring(0, 8) + '...',
+                g.name,
+                (g.description ?? '-').substring(0, 30),
+                output.formatDate(g.createdAt),
+            ]));
+            output.info(`Total: ${response.items.length} server group(s)`);
+        }
+        catch (err) {
+            spinner.fail('Failed to list server groups');
+            output.error(err instanceof Error ? err.message : String(err));
+            process.exit(1);
+        }
+    });
+    // Create Server Group
+    group
+        .command('create <name>')
+        .description('Create server group')
+        .option('--tenant <id>', 'Tenant ID (superadmin only)')
+        .option('-d, --description <text>', 'Group description')
+        .option('--json', 'Output as JSON')
+        .action(async (name, options) => {
+        const spinner = ora('Creating server group...').start();
+        try {
+            const query = buildTenantQuery(options.tenant);
+            const groupResult = await client.post(`/v1/ssh/server-groups${query}`, {
+                name,
+                description: options.description,
+            });
+            spinner.succeed('Server group created successfully');
+            if (options.json) {
+                output.json(groupResult);
+                return;
+            }
+            output.keyValue({
+                'ID': groupResult.id,
+                'Name': groupResult.name,
+                'Description': groupResult.description ?? '-',
+                'Created': output.formatDate(groupResult.createdAt),
+            });
+        }
+        catch (err) {
+            spinner.fail('Failed to create server group');
+            output.error(err instanceof Error ? err.message : String(err));
+            process.exit(1);
+        }
+    });
+    // Get Server Group
+    group
+        .command('get <id>')
+        .description('Get server group details')
+        .option('--tenant <id>', 'Tenant ID (superadmin only)')
+        .option('--json', 'Output as JSON')
+        .action(async (id, options) => {
+        const spinner = ora('Fetching server group...').start();
+        try {
+            const query = buildTenantQuery(options.tenant);
+            const groupResult = await client.get(`/v1/ssh/server-groups/${encodeURIComponent(id)}${query}`);
+            spinner.stop();
+            if (options.json) {
+                output.json(groupResult);
+                return;
+            }
+            output.section('Server Group');
+            output.keyValue({
+                'ID': groupResult.id,
+                'Name': groupResult.name,
+                'Description': groupResult.description ?? '-',
+                'Created': output.formatDate(groupResult.createdAt),
+            });
+            if (groupResult.accessRules && groupResult.accessRules.length > 0) {
+                output.section('Access Rules');
+                output.table(['Linux User', 'Allowed Principals'], groupResult.accessRules.map(r => [
+                    r.linuxUser,
+                    r.allowedPrincipals.join(', '),
+                ]));
+            }
+            else {
+                output.section('Access Rules');
+                output.info('No access rules defined');
+                output.info('Use "znvault ssh server-group set-access" to add rules');
+            }
+        }
+        catch (err) {
+            spinner.fail('Failed to get server group');
+            output.error(err instanceof Error ? err.message : String(err));
+            process.exit(1);
+        }
+    });
+    // Delete Server Group
+    group
+        .command('delete <id>')
+        .description('Delete server group')
+        .option('--tenant <id>', 'Tenant ID (superadmin only)')
+        .option('-y, --yes', 'Skip confirmation')
+        .action(async (id, options) => {
+        try {
+            const query = buildTenantQuery(options.tenant);
+            if (!options.yes) {
+                const confirmed = await promptConfirm('Delete this server group?');
+                if (!confirmed) {
+                    output.info('Delete cancelled');
+                    return;
+                }
+            }
+            const spinner = ora('Deleting server group...').start();
+            try {
+                await client.delete(`/v1/ssh/server-groups/${encodeURIComponent(id)}${query}`);
+                spinner.succeed('Server group deleted successfully');
+            }
+            catch (err) {
+                spinner.fail('Failed to delete server group');
+                throw err;
+            }
+        }
+        catch (err) {
+            output.error(err instanceof Error ? err.message : String(err));
+            process.exit(1);
+        }
+    });
+    // Set Access Rule
+    group
+        .command('set-access <groupId> <linuxUser> <principals...>')
+        .description('Set access rule for server group (which principals can access which Linux user)')
+        .option('--tenant <id>', 'Tenant ID (superadmin only)')
+        .option('--json', 'Output as JSON')
+        .action(async (groupId, linuxUser, principals, options) => {
+        const spinner = ora('Setting access rule...').start();
+        try {
+            const query = buildTenantQuery(options.tenant);
+            const access = await client.put(`/v1/ssh/server-groups/${encodeURIComponent(groupId)}/access${query}`, { linuxUser, allowedPrincipals: principals });
+            spinner.succeed('Access rule set successfully');
+            if (options.json) {
+                output.json(access);
+                return;
+            }
+            output.keyValue({
+                'Linux User': access.linuxUser,
+                'Allowed Principals': access.allowedPrincipals.join(', '),
+            });
+        }
+        catch (err) {
+            spinner.fail('Failed to set access rule');
+            output.error(err instanceof Error ? err.message : String(err));
+            process.exit(1);
+        }
+    });
+    // Delete Access Rule
+    group
+        .command('delete-access <groupId> <linuxUser>')
+        .description('Delete access rule from server group')
+        .option('--tenant <id>', 'Tenant ID (superadmin only)')
+        .option('-y, --yes', 'Skip confirmation')
+        .action(async (groupId, linuxUser, options) => {
+        try {
+            const query = buildTenantQuery(options.tenant);
+            if (!options.yes) {
+                const confirmed = await promptConfirm(`Delete access rule for Linux user "${linuxUser}"?`);
+                if (!confirmed) {
+                    output.info('Delete cancelled');
+                    return;
+                }
+            }
+            const spinner = ora('Deleting access rule...').start();
+            try {
+                await client.delete(`/v1/ssh/server-groups/${encodeURIComponent(groupId)}/access/${encodeURIComponent(linuxUser)}${query}`);
+                spinner.succeed('Access rule deleted successfully');
+            }
+            catch (err) {
+                spinner.fail('Failed to delete access rule');
+                throw err;
+            }
+        }
+        catch (err) {
+            output.error(err instanceof Error ? err.message : String(err));
+            process.exit(1);
+        }
+    });
+    // Get Authorized Principals
+    group
+        .command('authorized-principals <groupId>')
+        .description('Get AuthorizedPrincipalsFile content for a server group')
+        .option('--tenant <id>', 'Tenant ID (superadmin only)')
+        .option('--output <file>', 'Output to file')
+        .action(async (groupId, options) => {
+        const spinner = ora('Generating authorized principals...').start();
+        try {
+            const query = buildTenantQuery(options.tenant);
+            const response = await client.get(`/v1/ssh/server-groups/${encodeURIComponent(groupId)}/authorized-principals${query}`);
+            spinner.stop();
+            // Format as AuthorizedPrincipalsFile content
+            const lines = [];
+            for (const [linuxUser, principals] of Object.entries(response)) {
+                lines.push(`# Linux user: ${linuxUser}`);
+                for (const principal of principals) {
+                    lines.push(principal);
+                }
+                lines.push('');
+            }
+            const content = lines.join('\n');
+            if (options.output) {
+                const fs = await import('fs');
+                const path = await import('path');
+                fs.writeFileSync(path.resolve(options.output), content);
+                output.success(`Written to ${options.output}`);
+            }
+            else {
+                console.log(content);
+            }
+        }
+        catch (err) {
+            spinner.fail('Failed to get authorized principals');
+            output.error(err instanceof Error ? err.message : String(err));
+            process.exit(1);
+        }
+    });
+}
+//# sourceMappingURL=server-group.js.map

package/dist/commands/ssh/server-group.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"server-group.js","sourceRoot":"","sources":["../../../src/commands/ssh/server-group.ts"],"names":[],"mappings":"AAAA,yCAAyC;AAOzC,OAAO,GAAG,MAAM,KAAK,CAAC;AACtB,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAC;AAC7C,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,KAAK,MAAM,MAAM,qBAAqB,CAAC;AAE9C,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAEhD,MAAM,UAAU,2BAA2B,CAAC,MAAe;IACzD,MAAM,KAAK,GAAG,MAAM;SACjB,OAAO,CAAC,cAAc,CAAC;SACvB,WAAW,CAAC,6BAA6B,CAAC,CAAC;IAE9C,qBAAqB;IACrB,KAAK;SACF,OAAO,CAAC,MAAM,CAAC;SACf,WAAW,CAAC,oBAAoB,CAAC;SACjC,MAAM,CAAC,eAAe,EAAE,6BAA6B,CAAC;SACtD,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;SAClC,MAAM,CAAC,KAAK,EAAE,OAAoB,EAAE,EAAE;QACrC,MAAM,OAAO,GAAG,GAAG,CAAC,2BAA2B,CAAC,CAAC,KAAK,EAAE,CAAC;QAEzD,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,gBAAgB,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;YAC/C,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,GAAG,CAA2B,wBAAwB,KAAK,EAAE,CAAC,CAAC;YAC7F,OAAO,CAAC,IAAI,EAAE,CAAC;YAEf,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;gBACjB,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;gBAC5B,OAAO;YACT,CAAC;YAED,IAAI,QAAQ,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAChC,MAAM,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;gBACtC,MAAM,CAAC,IAAI,CAAC,yDAAyD,CAAC,CAAC;gBACvE,OAAO;YACT,CAAC;YAED,MAAM,CAAC,KAAK,CACV,CAAC,IAAI,EAAE,MAAM,EAAE,aAAa,EAAE,SAAS,CAAC,EACxC,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;gBACtB,CAAC,CAAC,EAAE,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK;gBAC5B,CAAC,CAAC,IAAI;gBACN,CAAC,CAAC,CAAC,WAAW,IAAI,GAAG,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC;gBACvC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;aAC/B,CAAC,CACH,CAAC;YAEF,MAAM,CAAC,IAAI,CAAC,UAAU,QAAQ,CAAC,KAAK,CAAC,MAAM,kBAAkB,CAAC,CAAC;QACjE,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;YAC7C,MAAM,CAAC,KAAK,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;YAC/D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC,CAAC,CAAC;IAEL,sBAAsB;IACtB,KAAK;SACF,OAAO,CAAC,eAAe,CAAC;SACxB,WAAW,CAAC,qBAAqB,CAAC;SAClC,MAAM,CAAC,eAAe,EAAE,6BAA6B,CAAC;SACtD,MAAM,CAAC,0BAA0B,EAAE,mBAAmB,CAAC;SACvD,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;SAClC,MAAM,CAAC,KAAK,EAAE,IAAY,EAAE,OAAiC,EAAE,EAAE;QAChE,MAAM,OAAO,GAAG,GAAG,CAAC,0BAA0B,CAAC,CAAC,KAAK,EAAE,CAAC;QAExD,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,gBAAgB,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;YAC/C,MAAM,WAAW,GAAG,MAAM,MAAM,CAAC,IAAI,CAAc,wBAAwB,KAAK,EAAE,EAAE;gBAClF,IAAI;gBACJ,WAAW,EAAE,OAAO,CAAC,WAAW;aACjC,CAAC,CAAC;YACH,OAAO,CAAC,OAAO,CAAC,mCAAmC,CAAC,CAAC;YAErD,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;gBACjB,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;gBACzB,OAAO;YACT,CAAC;YAED,MAAM,CAAC,QAAQ,CAAC;gBACd,IAAI,EAAE,WAAW,CAAC,EAAE;gBACpB,MAAM,EAAE,WAAW,CAAC,IAAI;gBACxB,aAAa,EAAE,WAAW,CAAC,WAAW,IAAI,GAAG;gBAC7C,SAAS,EAAE,MAAM,CAAC,UAAU,CAAC,WAAW,CAAC,SAAS,CAAC;aACpD,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;YAC9C,MAAM,CAAC,KAAK,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;YAC/D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC,CAAC,CAAC;IAEL,mBAAmB;IACnB,KAAK;SACF,OAAO,CAAC,UAAU,CAAC;SACnB,WAAW,CAAC,0BAA0B,CAAC;SACvC,MAAM,CAAC,eAAe,EAAE,6BAA6B,CAAC;SACtD,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;SAClC,MAAM,CAAC,KAAK,EAAE,EAAU,EAAE,OAAmB,EAAE,EAAE;QAChD,MAAM,OAAO,GAAG,GAAG,CAAC,0BAA0B,CAAC,CAAC,KAAK,EAAE,CAAC;QAExD,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,gBAAgB,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;YAC/C,MAAM,WAAW,GAAG,MAAM,MAAM,CAAC,GAAG,CAAc,yBAAyB,kBAAkB,CAAC,EAAE,CAAC,GAAG,KAAK,EAAE,CAAC,CAAC;YAC7G,OAAO,CAAC,IAAI,EAAE,CAAC;YAEf,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;gBACjB,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;gBACzB,OAAO;YACT,CAAC;YAED,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;YAC/B,MAAM,CAAC,QAAQ,CAAC;gBACd,IAAI,EAAE,WAAW,CAAC,EAAE;gBACpB,MAAM,EAAE,WAAW,CAAC,IAAI;gBACxB,aAAa,EAAE,WAAW,CAAC,WAAW,IAAI,GAAG;gBAC7C,SAAS,EAAE,MAAM,CAAC,UAAU,CAAC,WAAW,CAAC,SAAS,CAAC;aACpD,CAAC,CAAC;YAEH,IAAI,WAAW,CAAC,WAAW,IAAI,WAAW,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAClE,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;gBAC/B,MAAM,CAAC,KAAK,CACV,CAAC,YAAY,EAAE,oBAAoB,CAAC,EACpC,WAAW,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;oBAC/B,CAAC,CAAC,SAAS;oBACX,CAAC,CAAC,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC;iBAC/B,CAAC,CACH,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;gBAC/B,MAAM,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;gBACvC,MAAM,CAAC,IAAI,CAAC,wDAAwD,CAAC,CAAC;YACxE,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;YAC3C,MAAM,CAAC,KAAK,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;YAC/D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC,CAAC,CAAC;IAEL,sBAAsB;IACtB,KAAK;SACF,OAAO,CAAC,aAAa,CAAC;SACtB,WAAW,CAAC,qBAAqB,CAAC;SAClC,MAAM,CAAC,eAAe,EAAE,6BAA6B,CAAC;SACtD,MAAM,CAAC,WAAW,EAAE,mBAAmB,CAAC;SACxC,MAAM,CAAC,KAAK,EAAE,EAAU,EAAE,OAAsB,EAAE,EAAE;QACnD,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,gBAAgB,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;YAE/C,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;gBACjB,MAAM,SAAS,GAAG,MAAM,aAAa,CAAC,2BAA2B,CAAC,CAAC;gBACnE,IAAI,CAAC,SAAS,EAAE,CAAC;oBACf,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;oBAChC,OAAO;gBACT,CAAC;YACH,CAAC;YAED,MAAM,OAAO,GAAG,GAAG,CAAC,0BAA0B,CAAC,CAAC,KAAK,EAAE,CAAC;YAExD,IAAI,CAAC;gBACH,MAAM,MAAM,CAAC,MAAM,CAAC,yBAAyB,kBAAkB,CAAC,EAAE,CAAC,GAAG,KAAK,EAAE,CAAC,CAAC;gBAC/E,OAAO,CAAC,OAAO,CAAC,mCAAmC,CAAC,CAAC;YACvD,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;gBAC9C,MAAM,GAAG,CAAC;YACZ,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,CAAC,KAAK,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;YAC/D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC,CAAC,CAAC;IAEL,kBAAkB;IAClB,KAAK;SACF,OAAO,CAAC,kDAAkD,CAAC;SAC3D,WAAW,CAAC,iFAAiF,CAAC;SAC9F,MAAM,CAAC,eAAe,EAAE,6BAA6B,CAAC;SACtD,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;SAClC,MAAM,CAAC,KAAK,EAAE,OAAe,EAAE,SAAiB,EAAE,UAAoB,EAAE,OAAyB,EAAE,EAAE;QACpG,MAAM,OAAO,GAAG,GAAG,CAAC,wBAAwB,CAAC,CAAC,KAAK,EAAE,CAAC;QAEtD,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,gBAAgB,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;YAC/C,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,GAAG,CAC7B,yBAAyB,kBAAkB,CAAC,OAAO,CAAC,UAAU,KAAK,EAAE,EACrE,EAAE,SAAS,EAAE,iBAAiB,EAAE,UAAU,EAAE,CAC7C,CAAC;YACF,OAAO,CAAC,OAAO,CAAC,8BAA8B,CAAC,CAAC;YAEhD,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;gBACjB,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;gBACpB,OAAO;YACT,CAAC;YAED,MAAM,CAAC,QAAQ,CAAC;gBACd,YAAY,EAAE,MAAM,CAAC,SAAS;gBAC9B,oBAAoB,EAAE,MAAM,CAAC,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC;aAC1D,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;YAC1C,MAAM,CAAC,KAAK,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;YAC/D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC,CAAC,CAAC;IAEL,qBAAqB;IACrB,KAAK;SACF,OAAO,CAAC,qCAAqC,CAAC;SAC9C,WAAW,CAAC,sCAAsC,CAAC;SACnD,MAAM,CAAC,eAAe,EAAE,6BAA6B,CAAC;SACtD,MAAM,CAAC,WAAW,EAAE,mBAAmB,CAAC;SACxC,MAAM,CAAC,KAAK,EAAE,OAAe,EAAE,SAAiB,EAAE,OAAsB,EAAE,EAAE;QAC3E,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,gBAAgB,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;YAE/C,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;gBACjB,MAAM,SAAS,GAAG,MAAM,aAAa,CAAC,sCAAsC,SAAS,IAAI,CAAC,CAAC;gBAC3F,IAAI,CAAC,SAAS,EAAE,CAAC;oBACf,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;oBAChC,OAAO;gBACT,CAAC;YACH,CAAC;YAED,MAAM,OAAO,GAAG,GAAG,CAAC,yBAAyB,CAAC,CAAC,KAAK,EAAE,CAAC;YAEvD,IAAI,CAAC;gBACH,MAAM,MAAM,CAAC,MAAM,CACjB,yBAAyB,kBAAkB,CAAC,OAAO,CAAC,WAAW,kBAAkB,CAAC,SAAS,CAAC,GAAG,KAAK,EAAE,CACvG,CAAC;gBACF,OAAO,CAAC,OAAO,CAAC,kCAAkC,CAAC,CAAC;YACtD,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;gBAC7C,MAAM,GAAG,CAAC;YACZ,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,CAAC,KAAK,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;YAC/D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC,CAAC,CAAC;IAEL,4BAA4B;IAC5B,KAAK;SACF,OAAO,CAAC,iCAAiC,CAAC;SAC1C,WAAW,CAAC,yDAAyD,CAAC;SACtE,MAAM,CAAC,eAAe,EAAE,6BAA6B,CAAC;SACtD,MAAM,CAAC,iBAAiB,EAAE,gBAAgB,CAAC;SAC3C,MAAM,CAAC,KAAK,EAAE,OAAe,EAAE,OAA6C,EAAE,EAAE;QAC/E,MAAM,OAAO,GAAG,GAAG,CAAC,qCAAqC,CAAC,CAAC,KAAK,EAAE,CAAC;QAEnE,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,gBAAgB,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;YAC/C,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,GAAG,CAC/B,yBAAyB,kBAAkB,CAAC,OAAO,CAAC,yBAAyB,KAAK,EAAE,CACrF,CAAC;YACF,OAAO,CAAC,IAAI,EAAE,CAAC;YAEf,6CAA6C;YAC7C,MAAM,KAAK,GAAa,EAAE,CAAC;YAC3B,KAAK,MAAM,CAAC,SAAS,EAAE,UAAU,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC/D,KAAK,CAAC,IAAI,CAAC,iBAAiB,SAAS,EAAE,CAAC,CAAC;gBACzC,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;oBACnC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;gBACxB,CAAC;gBACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACjB,CAAC;YAED,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAEjC,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;gBACnB,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,CAAC;gBAC9B,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,CAAC;gBAClC,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,OAAO,CAAC,CAAC;gBACxD,MAAM,CAAC,OAAO,CAAC,cAAc,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;YACjD,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YACvB,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;YACpD,MAAM,CAAC,KAAK,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;YAC/D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC,CAAC,CAAC;AACP,CAAC"}

package/dist/commands/ssh/types.d.ts

@@ -0,0 +1,150 @@
+/**
+ * SSH CA command types and interfaces
+ */
+export interface CAStatus {
+    initialized: boolean;
+    publicKey?: string;
+    fingerprint?: string;
+    keyType?: string;
+    defaultTtlSeconds?: number;
+    maxTtlSeconds?: number;
+    allowedExtensions?: string[];
+    totalCertificates?: number;
+    activeCertificates?: number;
+    createdAt?: string;
+}
+export interface CA {
+    id: string;
+    publicKey: string;
+    fingerprint: string;
+    keyType: string;
+    defaultTtlSeconds: number;
+    maxTtlSeconds: number;
+    allowedExtensions: string[];
+    createdAt: string;
+}
+export interface Certificate {
+    id: string;
+    serial: string;
+    userId: string;
+    username?: string;
+    fingerprint: string;
+    principals: string[];
+    extensions?: string[];
+    validAfter: string;
+    validBefore: string;
+    revoked: boolean;
+    revokedAt?: string;
+    revokedBy?: string;
+    revocationReason?: string;
+    requestIp?: string;
+    createdAt: string;
+}
+export interface PrincipalMapping {
+    id: string;
+    groupId: string;
+    groupName?: string;
+    groupDisplayName?: string;
+    principals: string[];
+    createdAt: string;
+    createdBy?: string;
+}
+export interface ServerGroup {
+    id: string;
+    name: string;
+    description?: string;
+    accessRules?: Array<{
+        linuxUser: string;
+        allowedPrincipals: string[];
+    }>;
+    createdAt: string;
+    createdBy?: string;
+}
+export interface SignResult {
+    certificate: string;
+    serial: string;
+    principals: string[];
+    validAfter: string;
+    validBefore: string;
+    fingerprint: string;
+}
+export interface ListOptions {
+    tenant?: string;
+    json?: boolean;
+}
+export interface CertListOptions extends ListOptions {
+    limit?: string;
+    offset?: string;
+    activeOnly?: boolean;
+    revoked?: boolean;
+    userId?: string;
+}
+export interface InitOptions {
+    tenant?: string;
+    keyType?: string;
+    defaultTtl?: string;
+    maxTtl?: string;
+    extension?: string[];
+    json?: boolean;
+}
+export interface SignOptions {
+    tenant?: string;
+    ttl?: string;
+    output?: string;
+    json?: boolean;
+}
+export interface CreateMappingOptions {
+    tenant?: string;
+    json?: boolean;
+}
+export interface CreateServerGroupOptions {
+    tenant?: string;
+    description?: string;
+    json?: boolean;
+}
+export interface SetAccessOptions {
+    tenant?: string;
+    json?: boolean;
+}
+export interface DeleteOptions {
+    tenant?: string;
+    yes?: boolean;
+}
+export interface GetOptions {
+    tenant?: string;
+    json?: boolean;
+}
+export interface ConnectOptions {
+    identity?: string;
+    port?: string;
+    principals?: string;
+    ttl?: string;
+    tenant?: string;
+    forceSign?: boolean;
+    dryRun?: boolean;
+    verbose?: boolean;
+    t?: boolean;
+    T?: boolean;
+}
+export interface SSHBookmark {
+    name: string;
+    host: string;
+    port?: number;
+    user?: string;
+    identity?: string;
+    principals?: string[];
+    description?: string;
+    createdAt: string;
+}
+export interface LocalCertInfo {
+    exists: boolean;
+    path: string;
+    valid?: boolean;
+    principals?: string[];
+    validAfter?: Date;
+    validBefore?: Date;
+    fingerprint?: string;
+    keyId?: string;
+    remainingTime?: string;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/commands/ssh/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/commands/ssh/types.ts"],"names":[],"mappings":"AAEA;;GAEG;AAMH,MAAM,WAAW,QAAQ;IACvB,WAAW,EAAE,OAAO,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC7B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,EAAE;IACjB,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,aAAa,EAAE,MAAM,CAAC;IACtB,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,WAAW;IAC1B,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,OAAO,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,gBAAgB;IAC/B,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,WAAW;IAC1B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,KAAK,CAAC;QAClB,SAAS,EAAE,MAAM,CAAC;QAClB,iBAAiB,EAAE,MAAM,EAAE,CAAC;KAC7B,CAAC,CAAC;IACH,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,UAAU;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;CACrB;AAMD,MAAM,WAAW,WAAW;IAC1B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,OAAO,CAAC;CAChB;AAED,MAAM,WAAW,eAAgB,SAAQ,WAAW;IAClD,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,WAAW;IAC1B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB,IAAI,CAAC,EAAE,OAAO,CAAC;CAChB;AAED,MAAM,WAAW,WAAW;IAC1B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,OAAO,CAAC;CAChB;AAED,MAAM,WAAW,oBAAoB;IACnC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,OAAO,CAAC;CAChB;AAED,MAAM,WAAW,wBAAwB;IACvC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,IAAI,CAAC,EAAE,OAAO,CAAC;CAChB;AAED,MAAM,WAAW,gBAAgB;IAC/B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,OAAO,CAAC;CAChB;AAED,MAAM,WAAW,aAAa;IAC5B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,GAAG,CAAC,EAAE,OAAO,CAAC;CACf;AAED,MAAM,WAAW,UAAU;IACzB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,OAAO,CAAC;CAChB;AAED,MAAM,WAAW,cAAc;IAC7B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,CAAC,CAAC,EAAE,OAAO,CAAC;IACZ,CAAC,CAAC,EAAE,OAAO,CAAC;CACb;AAMD,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;CACnB;AAMD,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,OAAO,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,UAAU,CAAC,EAAE,IAAI,CAAC;IAClB,WAAW,CAAC,EAAE,IAAI,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB"}