cfenv-kv-sync 0.1.0-beta.1

package/dist/lib/profiles.js

@@ -0,0 +1,86 @@
+import { promises as fs } from "node:fs";
+import { ensurePrivateDir, exists, writePrivateFile } from "./fs-utils.js";
+import { getGlobalConfigDir, getProfilesPath } from "./paths.js";
+function parseProfile(raw, keyHint) {
+    if (!raw || typeof raw !== "object") {
+        throw new Error(`Invalid profile "${keyHint}".`);
+    }
+    const record = raw;
+    const name = typeof record.name === "string" && record.name.trim() ? record.name : keyHint;
+    const accountId = typeof record.accountId === "string" ? record.accountId : "";
+    const createdAt = typeof record.createdAt === "string" ? record.createdAt : new Date().toISOString();
+    const updatedAt = typeof record.updatedAt === "string" ? record.updatedAt : createdAt;
+    const apiToken = typeof record.apiToken === "string" ? record.apiToken : undefined;
+    const authSource = record.authSource === "wrangler" || record.authSource === "api-token"
+        ? record.authSource
+        : undefined;
+    if (!accountId.trim()) {
+        throw new Error(`Invalid profile "${keyHint}": missing accountId.`);
+    }
+    return {
+        name,
+        accountId,
+        apiToken,
+        authSource,
+        createdAt,
+        updatedAt
+    };
+}
+export async function loadProfiles() {
+    const profilesPath = getProfilesPath();
+    if (!(await exists(profilesPath))) {
+        return {
+            version: 1,
+            profiles: {},
+            defaultProfile: undefined
+        };
+    }
+    const raw = await fs.readFile(profilesPath, "utf8");
+    const parsed = JSON.parse(raw);
+    const rawProfiles = parsed.profiles;
+    const profiles = {};
+    if (rawProfiles && typeof rawProfiles === "object") {
+        for (const [key, value] of Object.entries(rawProfiles)) {
+            profiles[key] = parseProfile(value, key);
+        }
+    }
+    return {
+        version: 1,
+        profiles,
+        defaultProfile: typeof parsed.defaultProfile === "string" ? parsed.defaultProfile : undefined
+    };
+}
+export async function saveProfiles(data) {
+    const configDir = getGlobalConfigDir();
+    const profilesPath = getProfilesPath();
+    await ensurePrivateDir(configDir);
+    await writePrivateFile(profilesPath, `${JSON.stringify(data, null, 2)}\n`);
+}
+export async function upsertProfile(profile, setAsDefault = true) {
+    const profiles = await loadProfiles();
+    profiles.profiles[profile.name] = profile;
+    if (setAsDefault) {
+        profiles.defaultProfile = profile.name;
+    }
+    await saveProfiles(profiles);
+}
+export async function getProfile(name) {
+    const profiles = await loadProfiles();
+    const profileName = name ?? profiles.defaultProfile;
+    if (!profileName) {
+        const allNames = Object.keys(profiles.profiles);
+        if (allNames.length === 1) {
+            return profiles.profiles[allNames[0]];
+        }
+        throw new Error("No profile selected. Run `cfenv login` first or pass --profile.");
+    }
+    const profile = profiles.profiles[profileName];
+    if (!profile) {
+        throw new Error(`Profile "${profileName}" does not exist. Run \`cfenv login --profile ${profileName}\`.`);
+    }
+    return profile;
+}
+export async function listProfileNames() {
+    const profiles = await loadProfiles();
+    return Object.keys(profiles.profiles).sort((a, b) => a.localeCompare(b));
+}

package/dist/lib/wrangler-auth.js

@@ -0,0 +1,159 @@
+import { execFile } from "node:child_process";
+import { promisify } from "node:util";
+const execFileAsync = promisify(execFile);
+const ANSI_PATTERN = /\u001b\[[0-9;]*m/g;
+async function runWrangler(args) {
+    try {
+        const { stdout } = await execFileAsync("wrangler", args, {
+            maxBuffer: 1024 * 1024
+        });
+        return stdout.trim();
+    }
+    catch (error) {
+        if (typeof error === "object" && error !== null) {
+            const item = error;
+            const details = [item.message, item.stderr, item.stdout]
+                .map((value) => value?.trim())
+                .filter(Boolean)
+                .join("\n");
+            throw new Error(`Wrangler command failed (${["wrangler", ...args].join(" ")}): ${details}`);
+        }
+        if (error instanceof Error) {
+            throw new Error(`Wrangler command failed (${["wrangler", ...args].join(" ")}): ${error.message}`);
+        }
+        throw error;
+    }
+}
+function stripAnsi(input) {
+    return input.replace(ANSI_PATTERN, "");
+}
+function extractTokenFromOutput(raw) {
+    const lines = stripAnsi(raw)
+        .split(/\r?\n/)
+        .map((line) => line.trim())
+        .filter(Boolean);
+    for (let i = lines.length - 1; i >= 0; i -= 1) {
+        const line = lines[i];
+        if (line.includes(" ")) {
+            continue;
+        }
+        if (/^[A-Za-z0-9._-]{20,}$/.test(line)) {
+            return line;
+        }
+    }
+    return undefined;
+}
+function extractAccountId(account) {
+    if (!account) {
+        return undefined;
+    }
+    return account.id ?? account.accountId ?? account.account_id;
+}
+function extractAccountIdFromText(raw) {
+    const cleaned = stripAnsi(raw);
+    const directPatterns = [
+        /account\s+id\s*[:=]\s*([A-Fa-f0-9]{32})/i,
+        /account\s*[:=]\s*([A-Fa-f0-9]{32})/i
+    ];
+    for (const pattern of directPatterns) {
+        const match = cleaned.match(pattern);
+        if (match?.[1]) {
+            return match[1].toLowerCase();
+        }
+    }
+    const candidates = cleaned.match(/\b[A-Fa-f0-9]{32}\b/g);
+    if (candidates?.length) {
+        return candidates[0].toLowerCase();
+    }
+    return undefined;
+}
+function parseWhoamiJson(raw) {
+    let parsed;
+    try {
+        parsed = JSON.parse(stripAnsi(raw));
+    }
+    catch {
+        return undefined;
+    }
+    return extractAccountId(parsed.account) ?? extractAccountId(parsed.accounts?.[0]);
+}
+export async function getWranglerAccessToken() {
+    const raw = await runWrangler(["auth", "token"]);
+    const token = extractTokenFromOutput(raw);
+    if (!token) {
+        throw new Error("Wrangler returned an unusable token. Run `wrangler login` first.");
+    }
+    return token;
+}
+async function getAccountIdFromApi(token) {
+    const response = await fetch("https://api.cloudflare.com/client/v4/accounts?page=1&per_page=1", {
+        method: "GET",
+        headers: {
+            Authorization: `Bearer ${token}`
+        }
+    });
+    const raw = await response.text();
+    let payload;
+    try {
+        payload = JSON.parse(raw);
+    }
+    catch {
+        throw new Error(`Unable to parse accounts API response (${response.status}).`);
+    }
+    if (!response.ok || !payload.success) {
+        const msg = payload.errors?.map((item) => item.message).filter(Boolean).join("; ");
+        throw new Error(msg || `Accounts API request failed (${response.status}).`);
+    }
+    const accountId = payload.result?.[0]?.id;
+    return accountId;
+}
+export async function getWranglerAccountId() {
+    const errors = [];
+    const jsonAttempts = [
+        ["whoami", "--json"],
+        ["whoami", "--format", "json"]
+    ];
+    for (const args of jsonAttempts) {
+        try {
+            const raw = await runWrangler(args);
+            const accountId = parseWhoamiJson(raw);
+            if (accountId) {
+                return accountId;
+            }
+        }
+        catch (error) {
+            errors.push(String(error));
+        }
+    }
+    try {
+        const raw = await runWrangler(["whoami"]);
+        const accountId = extractAccountIdFromText(raw);
+        if (accountId) {
+            return accountId;
+        }
+    }
+    catch (error) {
+        errors.push(String(error));
+    }
+    const accountFromEnv = process.env.CLOUDFLARE_ACCOUNT_ID;
+    if (accountFromEnv?.trim()) {
+        return accountFromEnv.trim();
+    }
+    try {
+        const token = await getWranglerAccessToken();
+        const accountId = await getAccountIdFromApi(token);
+        if (accountId) {
+            return accountId;
+        }
+    }
+    catch (error) {
+        errors.push(String(error));
+    }
+    throw new Error([
+        "Could not determine Cloudflare account ID from Wrangler.",
+        "Pass --account-id explicitly.",
+        errors.length ? `Wrangler errors:\n${errors.join("\n")}` : ""
+    ]
+        .filter(Boolean)
+        .join("\n"));
+}

package/dist/sdk/hot-update.js

@@ -0,0 +1,161 @@
+import { CloudflareApiClient } from "../lib/cloudflare-api.js";
+import { checksumEntries } from "../lib/hash.js";
+import { flatEnvMetaKey, flatEnvVarsPrefix } from "../lib/kv-keys.js";
+const DEFAULT_INTERVAL_MS = 30_000;
+const DEFAULT_MAX_INTERVAL_MS = 300_000;
+function sleep(ms) {
+    return new Promise((resolve) => {
+        setTimeout(resolve, ms);
+    });
+}
+function toError(value) {
+    if (value instanceof Error) {
+        return value;
+    }
+    return new Error(String(value));
+}
+function buildLink(options) {
+    return {
+        version: 1,
+        profile: "sdk",
+        namespaceId: options.namespaceId,
+        keyPrefix: options.keyPrefix ?? "cfenv",
+        project: options.project,
+        environment: options.environment,
+        storageMode: "flat"
+    };
+}
+export class CfenvHotUpdateClient {
+    options;
+    client;
+    link;
+    intervalMs;
+    maxIntervalMs;
+    bootstrap;
+    running = false;
+    timer = null;
+    consecutiveErrors = 0;
+    lastChecksum;
+    lastSnapshot = null;
+    constructor(options) {
+        this.options = options;
+        this.client = options.client ?? new CloudflareApiClient({
+            accountId: options.accountId,
+            apiToken: options.apiToken
+        });
+        this.link = buildLink(options);
+        this.intervalMs = Math.max(1_000, options.intervalMs ?? DEFAULT_INTERVAL_MS);
+        this.maxIntervalMs = Math.max(this.intervalMs, options.maxIntervalMs ?? DEFAULT_MAX_INTERVAL_MS);
+        this.bootstrap = options.bootstrap ?? true;
+    }
+    async start() {
+        if (this.running) {
+            return;
+        }
+        this.running = true;
+        if (this.bootstrap) {
+            await this.refreshOnce("initial");
+        }
+        this.schedule(this.intervalMs);
+    }
+    stop() {
+        this.running = false;
+        if (this.timer) {
+            clearTimeout(this.timer);
+            this.timer = null;
+        }
+    }
+    isRunning() {
+        return this.running;
+    }
+    getSnapshot() {
+        return this.lastSnapshot;
+    }
+    async refreshOnce(reason = "changed") {
+        const snapshot = await this.fetchSnapshot();
+        const changed = snapshot.checksum !== this.lastChecksum;
+        if (!changed) {
+            return false;
+        }
+        this.lastChecksum = snapshot.checksum;
+        this.lastSnapshot = snapshot;
+        if (this.options.onUpdate) {
+            await this.options.onUpdate(snapshot, reason);
+        }
+        return true;
+    }
+    schedule(delayMs) {
+        if (!this.running) {
+            return;
+        }
+        this.timer = setTimeout(async () => {
+            if (!this.running) {
+                return;
+            }
+            try {
+                await this.refreshOnce("changed");
+                this.consecutiveErrors = 0;
+                this.schedule(this.intervalMs);
+            }
+            catch (error) {
+                this.consecutiveErrors += 1;
+                const nextDelay = Math.min(this.maxIntervalMs, this.intervalMs * 2 ** Math.min(this.consecutiveErrors, 6));
+                if (this.options.onError) {
+                    await this.options.onError(toError(error));
+                }
+                await sleep(0);
+                this.schedule(nextDelay);
+            }
+        }, delayMs);
+    }
+    async fetchSnapshot() {
+        const metaRaw = await this.client.getValue(this.link.namespaceId, flatEnvMetaKey(this.link));
+        if (!metaRaw) {
+            throw new Error("No flat metadata found in KV for hot update.");
+        }
+        let metadata;
+        try {
+            metadata = JSON.parse(metaRaw);
+        }
+        catch {
+            throw new Error("Invalid flat metadata payload.");
+        }
+        const prefix = flatEnvVarsPrefix(this.link);
+        const keys = await this.client.listKeys(this.link.namespaceId, prefix);
+        const envVarKeys = keys
+            .map((item) => item.name)
+            .filter((name) => name.startsWith(prefix))
+            .sort((a, b) => a.localeCompare(b));
+        const entries = {};
+        for (const fullKey of envVarKeys) {
+            const envVarName = fullKey.slice(prefix.length);
+            const envVarValue = await this.client.getValue(this.link.namespaceId, fullKey);
+            if (envVarValue !== null) {
+                entries[envVarName] = envVarValue;
+            }
+        }
+        const computedChecksum = checksumEntries(entries);
+        if (computedChecksum !== metadata.checksum) {
+            throw new Error("Hot update checksum mismatch.");
+        }
+        return {
+            project: this.link.project,
+            environment: this.link.environment,
+            namespaceId: this.link.namespaceId,
+            checksum: metadata.checksum,
+            updatedAt: metadata.updatedAt,
+            updatedBy: metadata.updatedBy,
+            entriesCount: metadata.entriesCount,
+            entries
+        };
+    }
+}
+export function applyEntriesToProcessEnv(entries, options = {}) {
+    const overwrite = options.overwrite ?? true;
+    for (const [key, value] of Object.entries(entries)) {
+        if (!overwrite && process.env[key] !== undefined) {
+            continue;
+        }
+        process.env[key] = value;
+    }
+}

package/dist/sdk/index.js

@@ -0,0 +1 @@
+export { applyEntriesToProcessEnv, CfenvHotUpdateClient } from "./hot-update.js";

package/dist/types.js

@@ -0,0 +1 @@
+export {};

package/package.json

@@ -0,0 +1,40 @@
+{
+  "name": "cfenv-kv-sync",
+  "version": "0.1.0-beta.1",
+  "description": "Cloudflare KV-backed environment sync CLI",
+  "type": "module",
+  "main": "dist/sdk/index.js",
+  "exports": {
+    ".": "./dist/sdk/index.js",
+    "./package.json": "./package.json"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "files": [
+    "dist",
+    "README.md"
+  ],
+  "bin": {
+    "cfenv": "dist/index.js"
+  },
+  "scripts": {
+    "build": "tsc -p tsconfig.json",
+    "check": "tsc --noEmit -p tsconfig.json",
+    "test": "tsx --test test/*.test.ts",
+    "dev": "tsx src/index.ts",
+    "start": "node dist/index.js",
+    "prepublishOnly": "npm run check && npm run test && npm run build"
+  },
+  "engines": {
+    "node": ">=20.0.0"
+  },
+  "dependencies": {
+    "commander": "^13.1.0"
+  },
+  "devDependencies": {
+    "@types/node": "^22.13.1",
+    "tsx": "^4.19.3",
+    "typescript": "^5.7.3"
+  }
+}