@zincapp/znvault-cli 2.4.0 → 2.5.0

package/dist/commands/backup/helpers.js

@@ -0,0 +1,81 @@
+// Path: znvault-cli/src/commands/backup/helpers.ts
+// Helper functions for backup CLI commands
+export function formatDate(dateStr) {
+    if (!dateStr)
+        return '-';
+    return new Date(dateStr).toLocaleString();
+}
+export function formatBytes(bytes) {
+    if (bytes < 1024)
+        return `${bytes} B`;
+    if (bytes < 1024 * 1024)
+        return `${(bytes / 1024).toFixed(1)} KB`;
+    if (bytes < 1024 * 1024 * 1024)
+        return `${(bytes / (1024 * 1024)).toFixed(1)} MB`;
+    return `${(bytes / (1024 * 1024 * 1024)).toFixed(2)} GB`;
+}
+export function formatDuration(ms) {
+    if (!ms)
+        return '-';
+    if (ms < 1000)
+        return `${ms}ms`;
+    if (ms < 60000)
+        return `${(ms / 1000).toFixed(1)}s`;
+    return `${(ms / 60000).toFixed(1)}m`;
+}
+export function formatStatus(status) {
+    const statusMap = {
+        'pending': 'Pending',
+        'completed': 'Completed',
+        'failed': 'Failed',
+        'verified': 'Verified',
+    };
+    return statusMap[status] || status;
+}
+export function formatAge(dateStr) {
+    if (!dateStr)
+        return '-';
+    const date = new Date(dateStr);
+    const now = new Date();
+    const diffMs = now.getTime() - date.getTime();
+    const diffHours = Math.floor(diffMs / (1000 * 60 * 60));
+    const diffDays = Math.floor(diffHours / 24);
+    if (diffDays > 0)
+        return `${diffDays}d ago`;
+    if (diffHours > 0)
+        return `${diffHours}h ago`;
+    return 'Just now';
+}
+export function formatInterval(ms) {
+    const hours = Math.floor(ms / (1000 * 60 * 60));
+    const minutes = Math.floor((ms % (1000 * 60 * 60)) / (1000 * 60));
+    if (hours > 0 && minutes > 0)
+        return `${hours}h ${minutes}m`;
+    if (hours > 0)
+        return `${hours}h`;
+    if (minutes > 0)
+        return `${minutes}m`;
+    return `${ms}ms`;
+}
+export function parseInterval(interval) {
+    // Support formats: 1h, 30m, 1h30m, 3600000 (ms)
+    const regex = /^(?:(\d+)h)?(?:(\d+)m)?$/i;
+    const match = regex.exec(interval);
+    if (match !== null) {
+        // Capture groups are undefined when not matched (runtime behavior)
+        const hoursStr = match[1];
+        const minutesStr = match[2];
+        // Both groups are optional - at least one must be present for a valid interval
+        if (hoursStr ?? minutesStr) {
+            const hours = hoursStr ? parseInt(hoursStr, 10) : 0;
+            const minutes = minutesStr ? parseInt(minutesStr, 10) : 0;
+            return (hours * 60 + minutes) * 60 * 1000;
+        }
+    }
+    // Try parsing as milliseconds
+    const ms = parseInt(interval, 10);
+    if (!isNaN(ms))
+        return ms;
+    throw new Error('Invalid interval format. Use: 1h, 30m, 1h30m, or milliseconds');
+}
+//# sourceMappingURL=helpers.js.map

package/dist/commands/backup/helpers.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"helpers.js","sourceRoot":"","sources":["../../../src/commands/backup/helpers.ts"],"names":[],"mappings":"AAAA,mDAAmD;AACnD,2CAA2C;AAE3C,MAAM,UAAU,UAAU,CAAC,OAA2B;IACpD,IAAI,CAAC,OAAO;QAAE,OAAO,GAAG,CAAC;IACzB,OAAO,IAAI,IAAI,CAAC,OAAO,CAAC,CAAC,cAAc,EAAE,CAAC;AAC5C,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,KAAa;IACvC,IAAI,KAAK,GAAG,IAAI;QAAE,OAAO,GAAG,KAAK,IAAI,CAAC;IACtC,IAAI,KAAK,GAAG,IAAI,GAAG,IAAI;QAAE,OAAO,GAAG,CAAC,KAAK,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC;IAClE,IAAI,KAAK,GAAG,IAAI,GAAG,IAAI,GAAG,IAAI;QAAE,OAAO,GAAG,CAAC,KAAK,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC;IAClF,OAAO,GAAG,CAAC,KAAK,GAAG,CAAC,IAAI,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC;AAC3D,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,EAAW;IACxC,IAAI,CAAC,EAAE;QAAE,OAAO,GAAG,CAAC;IACpB,IAAI,EAAE,GAAG,IAAI;QAAE,OAAO,GAAG,EAAE,IAAI,CAAC;IAChC,IAAI,EAAE,GAAG,KAAK;QAAE,OAAO,GAAG,CAAC,EAAE,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC;IACpD,OAAO,GAAG,CAAC,EAAE,GAAG,KAAK,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC;AACvC,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,MAAc;IACzC,MAAM,SAAS,GAA2B;QACxC,SAAS,EAAE,SAAS;QACpB,WAAW,EAAE,WAAW;QACxB,QAAQ,EAAE,QAAQ;QAClB,UAAU,EAAE,UAAU;KACvB,CAAC;IACF,OAAO,SAAS,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC;AACrC,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,OAAgB;IACxC,IAAI,CAAC,OAAO;QAAE,OAAO,GAAG,CAAC;IACzB,MAAM,IAAI,GAAG,IAAI,IAAI,CAAC,OAAO,CAAC,CAAC;IAC/B,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IACvB,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;IAC9C,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,IAAI,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC;IACxD,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,GAAG,EAAE,CAAC,CAAC;IAE5C,IAAI,QAAQ,GAAG,CAAC;QAAE,OAAO,GAAG,QAAQ,OAAO,CAAC;IAC5C,IAAI,SAAS,GAAG,CAAC;QAAE,OAAO,GAAG,SAAS,OAAO,CAAC;IAC9C,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,EAAU;IACvC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,GAAG,CAAC,IAAI,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC;IAChD,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,IAAI,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,GAAG,CAAC,IAAI,GAAG,EAAE,CAAC,CAAC,CAAC;IAElE,IAAI,KAAK,GAAG,CAAC,IAAI,OAAO,GAAG,CAAC;QAAE,OAAO,GAAG,KAAK,KAAK,OAAO,GAAG,CAAC;IAC7D,IAAI,KAAK,GAAG,CAAC;QAAE,OAAO,GAAG,KAAK,GAAG,CAAC;IAClC,IAAI,OAAO,GAAG,CAAC;QAAE,OAAO,GAAG,OAAO,GAAG,CAAC;IACtC,OAAO,GAAG,EAAE,IAAI,CAAC;AACnB,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,QAAgB;IAC5C,gDAAgD;IAChD,MAAM,KAAK,GAAG,2BAA2B,CAAC;IAC1C,MAAM,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACnC,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QACnB,mEAAmE;QACnE,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAuB,CAAC;QAChD,MAAM,UAAU,GAAG,KAAK,CAAC,CAAC,CAAuB,CAAC;QAClD,+EAA+E;QAC/E,IAAI,QAAQ,IAAI,UAAU,EAAE,CAAC;YAC3B,MAAM,KAAK,GAAG,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YACpD,MAAM,OAAO,GAAG,UAAU,CAAC,CAAC,CAAC,QAAQ,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC1D,OAAO,CAAC,KAAK,GAAG,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;QAC5C,CAAC;IACH,CAAC;IACD,8BAA8B;IAC9B,MAAM,EAAE,GAAG,QAAQ,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;IAClC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAAE,OAAO,EAAE,CAAC;IAC1B,MAAM,IAAI,KAAK,CAAC,+DAA+D,CAAC,CAAC;AACnF,CAAC"}

package/dist/commands/{backup.d.ts → backup/index.d.ts}

@@ -1,3 +1,4 @@
 import { type Command } from 'commander';
 export declare function registerBackupCommands(program: Command): void;
-//# sourceMappingURL=backup.d.ts.map
+export * from './types.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/commands/backup/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/commands/backup/index.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,KAAK,OAAO,EAAE,MAAM,WAAW,CAAC;AAqBzC,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CAyI7D;AAGD,cAAc,YAAY,CAAC"}

package/dist/commands/backup/index.js

@@ -0,0 +1,129 @@
+// Path: znvault-cli/src/commands/backup/index.ts
+// Command registration for backup CLI
+import { listBackups, getBackup, createBackup, generateKey, verifyBackup, deleteBackup, restoreBackup, showStats, showHealth, } from './operations.js';
+import { showConfig, updateConfig, configureS3Storage, configureLocalStorage, configureEncryption, testStorage, } from './config.js';
+export function registerBackupCommands(program) {
+    const backup = program
+        .command('backup')
+        .description('Backup management');
+    // List backups
+    backup
+        .command('list')
+        .description('List all backups')
+        .option('--status <status>', 'Filter by status (pending, completed, failed, verified)')
+        .option('--limit <n>', 'Maximum number of backups to list')
+        .option('--json', 'Output as JSON')
+        .action(listBackups);
+    // Get backup
+    backup
+        .command('get <id>')
+        .description('Get backup details')
+        .option('--json', 'Output as JSON')
+        .action(getBackup);
+    // Create backup
+    backup
+        .command('create')
+        .description('Create a new backup')
+        .option('--user-key <key>', 'Base64-encoded user master key for encryption')
+        .option('--user-key-file <path>', 'Path to file containing the user master key')
+        .action(createBackup);
+    // Generate master key
+    backup
+        .command('generate-key')
+        .description('Generate a new master key for user-key backup encryption')
+        .option('--output <path>', 'Save key to file')
+        .option('--json', 'Output as JSON')
+        .action(generateKey);
+    // Verify backup
+    backup
+        .command('verify <id>')
+        .description('Verify backup integrity')
+        .action(verifyBackup);
+    // Delete backup
+    backup
+        .command('delete <id>')
+        .description('Delete a backup')
+        .option('-f, --force', 'Skip confirmation')
+        .action(deleteBackup);
+    // Restore backup
+    backup
+        .command('restore <id>')
+        .description('Restore from a backup (DESTRUCTIVE - will overwrite current database)')
+        .option('--user-key <key>', 'Base64-encoded user master key (for user-key encrypted backups)')
+        .option('--user-key-file <path>', 'Path to file containing the user master key')
+        .option('--password <password>', 'Encryption password (for password-encrypted backups)')
+        .option('--password-file <path>', 'Path to file containing the encryption password')
+        .option('--restore-lmk', 'Also restore the LMK (DANGEROUS - changes master encryption key)')
+        .option('--no-pre-backup', 'Skip creating a pre-restore backup (not recommended)')
+        .option('-f, --force', 'Skip confirmation prompts')
+        .action(restoreBackup);
+    // Show stats
+    backup
+        .command('stats')
+        .description('Show backup statistics')
+        .option('--json', 'Output as JSON')
+        .action(showStats);
+    // Show health
+    backup
+        .command('health')
+        .description('Check backup system health')
+        .option('--json', 'Output as JSON')
+        .action(showHealth);
+    // Show config
+    backup
+        .command('config')
+        .description('Show backup configuration')
+        .option('--json', 'Output as JSON')
+        .action(showConfig);
+    // Update general config
+    backup
+        .command('config-update')
+        .description('Update general backup settings')
+        .option('--enabled', 'Enable automatic backups')
+        .option('--no-enabled', 'Disable automatic backups')
+        .option('--interval <interval>', 'Backup interval (e.g., 1h, 30m, 1h30m)')
+        .option('--retention-days <n>', 'Maximum age of backups in days')
+        .option('--retention-count <n>', 'Maximum number of backups to retain')
+        .option('--json', 'Output as JSON')
+        .action(updateConfig);
+    // Storage Configuration Subcommands
+    const storage = backup
+        .command('storage')
+        .description('Configure backup storage backend');
+    // Configure S3 storage
+    storage
+        .command('s3')
+        .description('Configure S3 or S3-compatible storage (MinIO, DigitalOcean Spaces, etc.)')
+        .requiredOption('--bucket <bucket>', 'S3 bucket name')
+        .option('--region <region>', 'AWS region (default: us-east-1)')
+        .option('--prefix <prefix>', 'Key prefix for backups (default: backups/)')
+        .option('--endpoint <url>', 'Custom endpoint URL for S3-compatible storage')
+        .option('--access-key-id <key>', 'AWS access key ID (omit to use IAM role)')
+        .option('--secret-access-key <secret>', 'AWS secret access key')
+        .option('--json', 'Output as JSON')
+        .action(configureS3Storage);
+    // Configure local storage
+    storage
+        .command('local')
+        .description('Configure local filesystem storage')
+        .requiredOption('--path <path>', 'Directory path for backup storage')
+        .option('--json', 'Output as JSON')
+        .action(configureLocalStorage);
+    // Test storage connectivity
+    storage
+        .command('test')
+        .description('Test storage backend connectivity')
+        .action(testStorage);
+    // Encryption Configuration
+    backup
+        .command('encryption')
+        .description('Configure backup encryption')
+        .option('--enable', 'Enable backup encryption')
+        .option('--disable', 'Disable backup encryption')
+        .option('--password-file <path>', 'Path to file containing encryption password')
+        .option('--json', 'Output as JSON')
+        .action(configureEncryption);
+}
+// Re-export types for external use
+export * from './types.js';
+//# sourceMappingURL=index.js.map

package/dist/commands/backup/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/commands/backup/index.ts"],"names":[],"mappings":"AAAA,iDAAiD;AACjD,sCAAsC;AAGtC,OAAO,EACL,WAAW,EACX,SAAS,EACT,YAAY,EACZ,WAAW,EACX,YAAY,EACZ,YAAY,EACZ,aAAa,EACb,SAAS,EACT,UAAU,GACX,MAAM,iBAAiB,CAAC;AACzB,OAAO,EACL,UAAU,EACV,YAAY,EACZ,kBAAkB,EAClB,qBAAqB,EACrB,mBAAmB,EACnB,WAAW,GACZ,MAAM,aAAa,CAAC;AAErB,MAAM,UAAU,sBAAsB,CAAC,OAAgB;IACrD,MAAM,MAAM,GAAG,OAAO;SACnB,OAAO,CAAC,QAAQ,CAAC;SACjB,WAAW,CAAC,mBAAmB,CAAC,CAAC;IAEpC,eAAe;IACf,MAAM;SACH,OAAO,CAAC,MAAM,CAAC;SACf,WAAW,CAAC,kBAAkB,CAAC;SAC/B,MAAM,CAAC,mBAAmB,EAAE,yDAAyD,CAAC;SACtF,MAAM,CAAC,aAAa,EAAE,mCAAmC,CAAC;SAC1D,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;SAClC,MAAM,CAAC,WAAW,CAAC,CAAC;IAEvB,aAAa;IACb,MAAM;SACH,OAAO,CAAC,UAAU,CAAC;SACnB,WAAW,CAAC,oBAAoB,CAAC;SACjC,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;SAClC,MAAM,CAAC,SAAS,CAAC,CAAC;IAErB,gBAAgB;IAChB,MAAM;SACH,OAAO,CAAC,QAAQ,CAAC;SACjB,WAAW,CAAC,qBAAqB,CAAC;SAClC,MAAM,CAAC,kBAAkB,EAAE,+CAA+C,CAAC;SAC3E,MAAM,CAAC,wBAAwB,EAAE,6CAA6C,CAAC;SAC/E,MAAM,CAAC,YAAY,CAAC,CAAC;IAExB,sBAAsB;IACtB,MAAM;SACH,OAAO,CAAC,cAAc,CAAC;SACvB,WAAW,CAAC,0DAA0D,CAAC;SACvE,MAAM,CAAC,iBAAiB,EAAE,kBAAkB,CAAC;SAC7C,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;SAClC,MAAM,CAAC,WAAW,CAAC,CAAC;IAEvB,gBAAgB;IAChB,MAAM;SACH,OAAO,CAAC,aAAa,CAAC;SACtB,WAAW,CAAC,yBAAyB,CAAC;SACtC,MAAM,CAAC,YAAY,CAAC,CAAC;IAExB,gBAAgB;IAChB,MAAM;SACH,OAAO,CAAC,aAAa,CAAC;SACtB,WAAW,CAAC,iBAAiB,CAAC;SAC9B,MAAM,CAAC,aAAa,EAAE,mBAAmB,CAAC;SAC1C,MAAM,CAAC,YAAY,CAAC,CAAC;IAExB,iBAAiB;IACjB,MAAM;SACH,OAAO,CAAC,cAAc,CAAC;SACvB,WAAW,CAAC,uEAAuE,CAAC;SACpF,MAAM,CAAC,kBAAkB,EAAE,iEAAiE,CAAC;SAC7F,MAAM,CAAC,wBAAwB,EAAE,6CAA6C,CAAC;SAC/E,MAAM,CAAC,uBAAuB,EAAE,sDAAsD,CAAC;SACvF,MAAM,CAAC,wBAAwB,EAAE,iDAAiD,CAAC;SACnF,MAAM,CAAC,eAAe,EAAE,kEAAkE,CAAC;SAC3F,MAAM,CAAC,iBAAiB,EAAE,sDAAsD,CAAC;SACjF,MAAM,CAAC,aAAa,EAAE,2BAA2B,CAAC;SAClD,MAAM,CAAC,aAAa,CAAC,CAAC;IAEzB,aAAa;IACb,MAAM;SACH,OAAO,CAAC,OAAO,CAAC;SAChB,WAAW,CAAC,wBAAwB,CAAC;SACrC,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;SAClC,MAAM,CAAC,SAAS,CAAC,CAAC;IAErB,cAAc;IACd,MAAM;SACH,OAAO,CAAC,QAAQ,CAAC;SACjB,WAAW,CAAC,4BAA4B,CAAC;SACzC,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;SAClC,MAAM,CAAC,UAAU,CAAC,CAAC;IAEtB,cAAc;IACd,MAAM;SACH,OAAO,CAAC,QAAQ,CAAC;SACjB,WAAW,CAAC,2BAA2B,CAAC;SACxC,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;SAClC,MAAM,CAAC,UAAU,CAAC,CAAC;IAEtB,wBAAwB;IACxB,MAAM;SACH,OAAO,CAAC,eAAe,CAAC;SACxB,WAAW,CAAC,gCAAgC,CAAC;SAC7C,MAAM,CAAC,WAAW,EAAE,0BAA0B,CAAC;SAC/C,MAAM,CAAC,cAAc,EAAE,2BAA2B,CAAC;SACnD,MAAM,CAAC,uBAAuB,EAAE,wCAAwC,CAAC;SACzE,MAAM,CAAC,sBAAsB,EAAE,gCAAgC,CAAC;SAChE,MAAM,CAAC,uBAAuB,EAAE,qCAAqC,CAAC;SACtE,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;SAClC,MAAM,CAAC,YAAY,CAAC,CAAC;IAExB,oCAAoC;IACpC,MAAM,OAAO,GAAG,MAAM;SACnB,OAAO,CAAC,SAAS,CAAC;SAClB,WAAW,CAAC,kCAAkC,CAAC,CAAC;IAEnD,uBAAuB;IACvB,OAAO;SACJ,OAAO,CAAC,IAAI,CAAC;SACb,WAAW,CAAC,0EAA0E,CAAC;SACvF,cAAc,CAAC,mBAAmB,EAAE,gBAAgB,CAAC;SACrD,MAAM,CAAC,mBAAmB,EAAE,iCAAiC,CAAC;SAC9D,MAAM,CAAC,mBAAmB,EAAE,4CAA4C,CAAC;SACzE,MAAM,CAAC,kBAAkB,EAAE,+CAA+C,CAAC;SAC3E,MAAM,CAAC,uBAAuB,EAAE,0CAA0C,CAAC;SAC3E,MAAM,CAAC,8BAA8B,EAAE,uBAAuB,CAAC;SAC/D,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;SAClC,MAAM,CAAC,kBAAkB,CAAC,CAAC;IAE9B,0BAA0B;IAC1B,OAAO;SACJ,OAAO,CAAC,OAAO,CAAC;SAChB,WAAW,CAAC,oCAAoC,CAAC;SACjD,cAAc,CAAC,eAAe,EAAE,mCAAmC,CAAC;SACpE,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;SAClC,MAAM,CAAC,qBAAqB,CAAC,CAAC;IAEjC,4BAA4B;IAC5B,OAAO;SACJ,OAAO,CAAC,MAAM,CAAC;SACf,WAAW,CAAC,mCAAmC,CAAC;SAChD,MAAM,CAAC,WAAW,CAAC,CAAC;IAEvB,2BAA2B;IAC3B,MAAM;SACH,OAAO,CAAC,YAAY,CAAC;SACrB,WAAW,CAAC,6BAA6B,CAAC;SAC1C,MAAM,CAAC,UAAU,EAAE,0BAA0B,CAAC;SAC9C,MAAM,CAAC,WAAW,EAAE,2BAA2B,CAAC;SAChD,MAAM,CAAC,wBAAwB,EAAE,6CAA6C,CAAC;SAC/E,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;SAClC,MAAM,CAAC,mBAAmB,CAAC,CAAC;AACjC,CAAC;AAED,mCAAmC;AACnC,cAAc,YAAY,CAAC"}

package/dist/commands/backup/operations.d.ts

@@ -0,0 +1,15 @@
+import type { ListOptions, GetOptions, DeleteOptions, RestoreOptions, CreateBackupOptions, GenerateKeyOptions } from './types.js';
+export declare function listBackups(options: ListOptions): Promise<void>;
+export declare function getBackup(id: string, options: GetOptions): Promise<void>;
+export declare function createBackup(options: CreateBackupOptions): Promise<void>;
+export declare function generateKey(options: GenerateKeyOptions): Promise<void>;
+export declare function verifyBackup(id: string): Promise<void>;
+export declare function deleteBackup(id: string, options: DeleteOptions): Promise<void>;
+export declare function restoreBackup(id: string, options: RestoreOptions): Promise<void>;
+export declare function showStats(options: {
+    json?: boolean;
+}): Promise<void>;
+export declare function showHealth(options: {
+    json?: boolean;
+}): Promise<void>;
+//# sourceMappingURL=operations.d.ts.map

package/dist/commands/backup/operations.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"operations.d.ts","sourceRoot":"","sources":["../../../src/commands/backup/operations.ts"],"names":[],"mappings":"AAgBA,OAAO,KAAK,EAKV,WAAW,EACX,UAAU,EACV,aAAa,EACb,cAAc,EACd,mBAAmB,EACnB,kBAAkB,EAGnB,MAAM,YAAY,CAAC;AAEpB,wBAAsB,WAAW,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CA6CrE;AAED,wBAAsB,SAAS,CAAC,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CA2C9E;AAED,wBAAsB,YAAY,CAAC,OAAO,EAAE,mBAAmB,GAAG,OAAO,CAAC,IAAI,CAAC,CAmD9E;AAED,wBAAsB,WAAW,CAAC,OAAO,EAAE,kBAAkB,GAAG,OAAO,CAAC,IAAI,CAAC,CAiC5E;AAED,wBAAsB,YAAY,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAoB5D;AAED,wBAAsB,YAAY,CAAC,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC,CAsCpF;AAED,wBAAsB,aAAa,CAAC,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC,CA2ItF;AAED,wBAAsB,SAAS,CAAC,OAAO,EAAE;IAAE,IAAI,CAAC,EAAE,OAAO,CAAA;CAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CA+B1E;AAED,wBAAsB,UAAU,CAAC,OAAO,EAAE;IAAE,IAAI,CAAC,EAAE,OAAO,CAAA;CAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAiC3E"}

package/dist/commands/backup/operations.js

@@ -0,0 +1,390 @@
+// Path: znvault-cli/src/commands/backup/operations.ts
+// Backup CRUD operations
+import { readFile, writeFile } from 'node:fs/promises';
+import ora from 'ora';
+import Table from 'cli-table3';
+import inquirer from 'inquirer';
+import { client } from '../../lib/client.js';
+import * as output from '../../lib/output.js';
+import { formatDate, formatBytes, formatDuration, formatStatus, formatAge, } from './helpers.js';
+export async function listBackups(options) {
+    const spinner = ora('Fetching backups...').start();
+    try {
+        const query = {};
+        if (options.status)
+            query.status = options.status;
+        if (options.limit)
+            query.limit = options.limit;
+        const response = await client.get('/v1/admin/backups?' + new URLSearchParams(query).toString());
+        spinner.stop();
+        if (options.json) {
+            output.json(response.items);
+            return;
+        }
+        if (response.items.length === 0) {
+            output.info('No backups found');
+            return;
+        }
+        const table = new Table({
+            head: ['ID', 'Status', 'Size', 'Type', 'Initiated', 'Created', 'Duration'],
+            colWidths: [38, 12, 12, 12, 12, 20, 10],
+        });
+        for (const backup of response.items) {
+            table.push([
+                backup.id,
+                formatStatus(backup.status),
+                formatBytes(backup.backupSizeBytes),
+                backup.storageType,
+                backup.initiatedBy,
+                formatAge(backup.createdAt),
+                formatDuration(backup.metadata?.duration),
+            ]);
+        }
+        console.log(table.toString());
+        output.info(`Total: ${response.total} backup(s)`);
+    }
+    catch (error) {
+        spinner.fail('Failed to list backups');
+        output.error(error.message);
+        process.exit(1);
+    }
+}
+export async function getBackup(id, options) {
+    const spinner = ora('Fetching backup...').start();
+    try {
+        const backup = await client.get(`/v1/admin/backups/${id}`);
+        spinner.stop();
+        if (options.json) {
+            output.json(backup);
+            return;
+        }
+        const table = new Table({
+            colWidths: [20, 50],
+        });
+        table.push(['ID', backup.id], ['Filename', backup.filename], ['Status', formatStatus(backup.status)], ['Storage Type', backup.storageType], ['Storage ID', backup.storageIdentifier], ['DB Size', formatBytes(backup.dbSizeBytes)], ['Backup Size', formatBytes(backup.backupSizeBytes)], ['Compression', backup.metadata?.compressionRatio ? `${(backup.metadata.compressionRatio * 100).toFixed(1)}%` : '-'], ['Encrypted', backup.encrypted ? 'Yes' : 'No'], ['Checksum', backup.checksum ?? '-'], ['Initiated By', backup.initiatedBy], ['Created', formatDate(backup.createdAt)], ['Completed', formatDate(backup.completedAt)], ['Duration', formatDuration(backup.metadata?.duration)]);
+        if (backup.verifiedAt) {
+            table.push(['Verified At', formatDate(backup.verifiedAt)]);
+        }
+        console.log(table.toString());
+    }
+    catch (error) {
+        spinner.fail('Failed to get backup');
+        output.error(error.message);
+        process.exit(1);
+    }
+}
+export async function createBackup(options) {
+    // Get user key if provided
+    let userKey;
+    if (options.userKey) {
+        userKey = options.userKey;
+    }
+    else if (options.userKeyFile) {
+        try {
+            const keyContent = await readFile(options.userKeyFile, 'utf-8');
+            userKey = keyContent.trim();
+        }
+        catch (error) {
+            output.error(`Failed to read user key file: ${error.message}`);
+            process.exit(1);
+        }
+    }
+    const encryptionMode = userKey ? 'user-key encrypted' : 'default';
+    const { confirm } = await inquirer.prompt([
+        {
+            type: 'confirm',
+            name: 'confirm',
+            message: `Create a new ${encryptionMode} backup now?`,
+            default: true,
+        },
+    ]);
+    if (!confirm) {
+        output.info('Backup cancelled');
+        return;
+    }
+    const spinner = ora('Creating backup...').start();
+    try {
+        const body = userKey ? { userKey } : {};
+        const result = await client.post('/v1/admin/backups', body);
+        spinner.stop();
+        output.success('Backup created successfully!');
+        console.log(`  ID:         ${result.backup.id}`);
+        console.log(`  Filename:   ${result.backup.filename}`);
+        console.log(`  Size:       ${formatBytes(result.backup.backupSizeBytes)}`);
+        console.log(`  Encrypted:  ${result.backup.encrypted ? 'Yes' : 'No'}`);
+        if (result.encryptionMode) {
+            console.log(`  Encryption: ${result.encryptionMode}`);
+        }
+        console.log(`  Duration:   ${formatDuration(result.backup.metadata?.duration)}`);
+    }
+    catch (error) {
+        spinner.fail('Failed to create backup');
+        output.error(error.message);
+        process.exit(1);
+    }
+}
+export async function generateKey(options) {
+    const spinner = ora('Generating master key...').start();
+    try {
+        const result = await client.post('/v1/admin/backups/generate-key', {});
+        spinner.stop();
+        if (options.json) {
+            output.json(result);
+            return;
+        }
+        // Save to file if requested
+        if (options.output) {
+            await writeFile(options.output, result.base64, 'utf-8');
+            output.success(`Master key saved to: ${options.output}`);
+        }
+        output.success('Master key generated successfully!');
+        console.log('');
+        console.log('  Key ID:  ', result.keyId);
+        console.log('  Base64:  ', result.base64);
+        console.log('  Hex:     ', result.hex);
+        console.log('');
+        console.log('  IMPORTANT: Store this key securely in a password manager!');
+        console.log('  You will need it to restore backups encrypted with user-key mode.');
+        console.log('  If you lose this key, encrypted backups cannot be recovered.');
+        console.log('');
+    }
+    catch (error) {
+        spinner.fail('Failed to generate key');
+        output.error(error.message);
+        process.exit(1);
+    }
+}
+export async function verifyBackup(id) {
+    const spinner = ora('Verifying backup...').start();
+    try {
+        const result = await client.post(`/v1/admin/backups/${id}/verify`, {});
+        spinner.stop();
+        if (result.valid) {
+            output.success('Backup verification passed!');
+            console.log(`  Checksum:  ${result.checksum}`);
+            console.log(`  Integrity: ${result.integrityCheck}`);
+        }
+        else {
+            output.error('Backup verification failed!');
+            console.log(`  Message: ${result.message}`);
+        }
+    }
+    catch (error) {
+        spinner.fail('Failed to verify backup');
+        output.error(error.message);
+        process.exit(1);
+    }
+}
+export async function deleteBackup(id, options) {
+    if (!options.force) {
+        const spinner = ora('Fetching backup...').start();
+        try {
+            const backup = await client.get(`/v1/admin/backups/${id}`);
+            spinner.stop();
+            const { confirm } = await inquirer.prompt([
+                {
+                    type: 'confirm',
+                    name: 'confirm',
+                    message: `Delete backup "${backup.filename}" (${formatBytes(backup.backupSizeBytes)})? This cannot be undone.`,
+                    default: false,
+                },
+            ]);
+            if (!confirm) {
+                output.info('Deletion cancelled');
+                return;
+            }
+        }
+        catch (error) {
+            spinner.fail('Failed to fetch backup');
+            output.error(error.message);
+            process.exit(1);
+        }
+    }
+    const deleteSpinner = ora('Deleting backup...').start();
+    try {
+        await client.delete(`/v1/admin/backups/${id}`);
+        deleteSpinner.stop();
+        output.success('Backup deleted successfully');
+    }
+    catch (error) {
+        deleteSpinner.fail('Failed to delete backup');
+        output.error(error.message);
+        process.exit(1);
+    }
+}
+export async function restoreBackup(id, options) {
+    // Fetch backup details first
+    const fetchSpinner = ora('Fetching backup details...').start();
+    let backup;
+    try {
+        backup = await client.get(`/v1/admin/backups/${id}`);
+        fetchSpinner.stop();
+    }
+    catch (error) {
+        fetchSpinner.fail('Failed to fetch backup');
+        output.error(error.message);
+        process.exit(1);
+    }
+    // Get user key if provided
+    let userKey;
+    if (options.userKey) {
+        userKey = options.userKey;
+    }
+    else if (options.userKeyFile) {
+        try {
+            const keyContent = await readFile(options.userKeyFile, 'utf-8');
+            userKey = keyContent.trim();
+        }
+        catch (error) {
+            output.error(`Failed to read user key file: ${error.message}`);
+            process.exit(1);
+        }
+    }
+    // Get password if provided
+    let password;
+    if (options.password) {
+        password = options.password;
+    }
+    else if (options.passwordFile) {
+        try {
+            const passContent = await readFile(options.passwordFile, 'utf-8');
+            password = passContent.trim();
+        }
+        catch (error) {
+            output.error(`Failed to read password file: ${error.message}`);
+            process.exit(1);
+        }
+    }
+    // Show warnings and get confirmation
+    if (!options.force) {
+        console.log('\n');
+        output.warn('WARNING: This is a DESTRUCTIVE operation!');
+        console.log('');
+        console.log('  Backup to restore:');
+        console.log(`    ID:        ${backup.id}`);
+        console.log(`    Filename:  ${backup.filename}`);
+        console.log(`    Size:      ${formatBytes(backup.backupSizeBytes)}`);
+        console.log(`    Created:   ${formatDate(backup.createdAt)}`);
+        console.log(`    Encrypted: ${backup.encrypted ? 'Yes' : 'No'}`);
+        console.log('');
+        if (options.restoreLmk) {
+            output.warn('LMK RESTORE ENABLED: This will change the master encryption key!');
+            output.warn('A server restart will be REQUIRED after restore.');
+            console.log('');
+        }
+        if (!options.noPreBackup) {
+            console.log('  A pre-restore backup will be created before restoring.');
+            console.log('');
+        }
+        const confirmPhrase = `RESTORE-${backup.id.slice(0, 8)}`;
+        console.log(`  To proceed, type: ${confirmPhrase}`);
+        console.log('');
+        const { confirmation } = await inquirer.prompt([
+            {
+                type: 'input',
+                name: 'confirmation',
+                message: 'Confirmation phrase:',
+            },
+        ]);
+        if (confirmation !== confirmPhrase) {
+            output.error('Confirmation phrase does not match. Restore cancelled.');
+            process.exit(1);
+        }
+    }
+    const restoreSpinner = ora('Restoring backup...').start();
+    try {
+        const confirmPhrase = `RESTORE-${backup.id.slice(0, 8)}`;
+        const body = {
+            confirmPhrase,
+            createPreRestoreBackup: !options.noPreBackup,
+        };
+        if (userKey) {
+            body.userKey = userKey;
+        }
+        if (password) {
+            body.password = password;
+        }
+        if (options.restoreLmk) {
+            body.options = { restoreLmk: true };
+        }
+        const result = await client.post(`/v1/admin/backups/${id}/restore`, body);
+        restoreSpinner.stop();
+        output.success('Backup restored successfully!');
+        console.log('');
+        console.log(`  Tables restored:  ${result.tablesRestored}`);
+        console.log(`  LMK restored:     ${result.lmkRestored ? 'Yes' : 'No'}`);
+        console.log(`  Duration:         ${formatDuration(result.duration)}`);
+        if (result.preRestoreBackupId) {
+            console.log(`  Pre-restore backup: ${result.preRestoreBackupId}`);
+        }
+        if (result.warnings.length > 0) {
+            console.log('');
+            output.warn('Warnings:');
+            for (const warning of result.warnings) {
+                console.log(`    - ${warning}`);
+            }
+        }
+        if (result.lmkRestored) {
+            console.log('');
+            output.warn('IMPORTANT: Server restart is REQUIRED due to LMK change!');
+        }
+    }
+    catch (error) {
+        restoreSpinner.fail('Failed to restore backup');
+        output.error(error.message);
+        process.exit(1);
+    }
+}
+export async function showStats(options) {
+    const spinner = ora('Fetching backup stats...').start();
+    try {
+        const stats = await client.get('/v1/admin/backups/stats');
+        spinner.stop();
+        if (options.json) {
+            output.json(stats);
+            return;
+        }
+        const table = new Table({
+            colWidths: [25, 40],
+        });
+        table.push(['Total Backups', String(stats.totalBackups)], ['Total Size', formatBytes(stats.totalSizeBytes)], ['Last Backup', formatDate(stats.lastBackup)], ['Last Successful', formatDate(stats.lastSuccessful)], ['Verified Count', String(stats.verifiedCount)], ['Failed Count', String(stats.failedCount)]);
+        console.log(table.toString());
+    }
+    catch (error) {
+        spinner.fail('Failed to fetch stats');
+        output.error(error.message);
+        process.exit(1);
+    }
+}
+export async function showHealth(options) {
+    const spinner = ora('Checking backup health...').start();
+    try {
+        const health = await client.get('/v1/admin/backups/health');
+        spinner.stop();
+        if (options.json) {
+            output.json(health);
+            return;
+        }
+        if (health.healthy) {
+            output.success('Backup system is healthy');
+        }
+        else {
+            output.warn('Backup system has issues');
+        }
+        console.log(`  Last Backup Age:    ${health.lastBackupAge ? `${health.lastBackupAge}h` : 'N/A'}`);
+        console.log(`  Last Backup Status: ${health.lastBackupStatus ?? 'N/A'}`);
+        console.log(`  Storage Accessible: ${health.storageAccessible ? 'Yes' : 'No'}`);
+        if (health.warnings && health.warnings.length > 0) {
+            console.log('\nWarnings:');
+            for (const warning of health.warnings) {
+                console.log(`  - ${warning}`);
+            }
+        }
+    }
+    catch (error) {
+        spinner.fail('Failed to check health');
+        output.error(error.message);
+        process.exit(1);
+    }
+}
+//# sourceMappingURL=operations.js.map