deepstrike 4.0.0 → 6.0.0

package/dist/cli.js

@@ -30,6 +30,401 @@ var __export = (target, all) => {
 var __esm = (fn, res) => () => (fn && (res = fn(fn = 0)), res);
 var __require = /* @__PURE__ */ createRequire(import.meta.url);
 
+// node_modules/dotenv/package.json
+var require_package = __commonJS((exports, module) => {
+  module.exports = {
+    name: "dotenv",
+    version: "17.2.3",
+    description: "Loads environment variables from .env file",
+    main: "lib/main.js",
+    types: "lib/main.d.ts",
+    exports: {
+      ".": {
+        types: "./lib/main.d.ts",
+        require: "./lib/main.js",
+        default: "./lib/main.js"
+      },
+      "./config": "./config.js",
+      "./config.js": "./config.js",
+      "./lib/env-options": "./lib/env-options.js",
+      "./lib/env-options.js": "./lib/env-options.js",
+      "./lib/cli-options": "./lib/cli-options.js",
+      "./lib/cli-options.js": "./lib/cli-options.js",
+      "./package.json": "./package.json"
+    },
+    scripts: {
+      "dts-check": "tsc --project tests/types/tsconfig.json",
+      lint: "standard",
+      pretest: "npm run lint && npm run dts-check",
+      test: "tap run tests/**/*.js --allow-empty-coverage --disable-coverage --timeout=60000",
+      "test:coverage": "tap run tests/**/*.js --show-full-coverage --timeout=60000 --coverage-report=text --coverage-report=lcov",
+      prerelease: "npm test",
+      release: "standard-version"
+    },
+    repository: {
+      type: "git",
+      url: "git://github.com/motdotla/dotenv.git"
+    },
+    homepage: "https://github.com/motdotla/dotenv#readme",
+    funding: "https://dotenvx.com",
+    keywords: [
+      "dotenv",
+      "env",
+      ".env",
+      "environment",
+      "variables",
+      "config",
+      "settings"
+    ],
+    readmeFilename: "README.md",
+    license: "BSD-2-Clause",
+    devDependencies: {
+      "@types/node": "^18.11.3",
+      decache: "^4.6.2",
+      sinon: "^14.0.1",
+      standard: "^17.0.0",
+      "standard-version": "^9.5.0",
+      tap: "^19.2.0",
+      typescript: "^4.8.4"
+    },
+    engines: {
+      node: ">=12"
+    },
+    browser: {
+      fs: false
+    }
+  };
+});
+
+// node_modules/dotenv/lib/main.js
+var require_main = __commonJS((exports, module) => {
+  var fs = __require("fs");
+  var path = __require("path");
+  var os = __require("os");
+  var crypto2 = __require("crypto");
+  var packageJson = require_package();
+  var version = packageJson.version;
+  var TIPS = [
+    "\uD83D\uDD10 encrypt with Dotenvx: https://dotenvx.com",
+    "\uD83D\uDD10 prevent committing .env to code: https://dotenvx.com/precommit",
+    "\uD83D\uDD10 prevent building .env in docker: https://dotenvx.com/prebuild",
+    "\uD83D\uDCE1 add observability to secrets: https://dotenvx.com/ops",
+    "\uD83D\uDC65 sync secrets across teammates & machines: https://dotenvx.com/ops",
+    "\uD83D\uDDC2️ backup and recover secrets: https://dotenvx.com/ops",
+    "✅ audit secrets and track compliance: https://dotenvx.com/ops",
+    "\uD83D\uDD04 add secrets lifecycle management: https://dotenvx.com/ops",
+    "\uD83D\uDD11 add access controls to secrets: https://dotenvx.com/ops",
+    "\uD83D\uDEE0️  run anywhere with `dotenvx run -- yourcommand`",
+    "⚙️  specify custom .env file path with { path: '/custom/path/.env' }",
+    "⚙️  enable debug logging with { debug: true }",
+    "⚙️  override existing env vars with { override: true }",
+    "⚙️  suppress all logs with { quiet: true }",
+    "⚙️  write to custom object with { processEnv: myObject }",
+    "⚙️  load multiple .env files with { path: ['.env.local', '.env'] }"
+  ];
+  function _getRandomTip() {
+    return TIPS[Math.floor(Math.random() * TIPS.length)];
+  }
+  function parseBoolean(value) {
+    if (typeof value === "string") {
+      return !["false", "0", "no", "off", ""].includes(value.toLowerCase());
+    }
+    return Boolean(value);
+  }
+  function supportsAnsi() {
+    return process.stdout.isTTY;
+  }
+  function dim(text) {
+    return supportsAnsi() ? `\x1B[2m${text}\x1B[0m` : text;
+  }
+  var LINE = /(?:^|^)\s*(?:export\s+)?([\w.-]+)(?:\s*=\s*?|:\s+?)(\s*'(?:\\'|[^'])*'|\s*"(?:\\"|[^"])*"|\s*`(?:\\`|[^`])*`|[^#\r\n]+)?\s*(?:#.*)?(?:$|$)/mg;
+  function parse(src) {
+    const obj = {};
+    let lines = src.toString();
+    lines = lines.replace(/\r\n?/mg, `
+`);
+    let match;
+    while ((match = LINE.exec(lines)) != null) {
+      const key = match[1];
+      let value = match[2] || "";
+      value = value.trim();
+      const maybeQuote = value[0];
+      value = value.replace(/^(['"`])([\s\S]*)\1$/mg, "$2");
+      if (maybeQuote === '"') {
+        value = value.replace(/\\n/g, `
+`);
+        value = value.replace(/\\r/g, "\r");
+      }
+      obj[key] = value;
+    }
+    return obj;
+  }
+  function _parseVault(options) {
+    options = options || {};
+    const vaultPath = _vaultPath(options);
+    options.path = vaultPath;
+    const result = DotenvModule.configDotenv(options);
+    if (!result.parsed) {
+      const err = new Error(`MISSING_DATA: Cannot parse ${vaultPath} for an unknown reason`);
+      err.code = "MISSING_DATA";
+      throw err;
+    }
+    const keys = _dotenvKey(options).split(",");
+    const length = keys.length;
+    let decrypted;
+    for (let i = 0;i < length; i++) {
+      try {
+        const key = keys[i].trim();
+        const attrs = _instructions(result, key);
+        decrypted = DotenvModule.decrypt(attrs.ciphertext, attrs.key);
+        break;
+      } catch (error) {
+        if (i + 1 >= length) {
+          throw error;
+        }
+      }
+    }
+    return DotenvModule.parse(decrypted);
+  }
+  function _warn(message) {
+    console.error(`[dotenv@${version}][WARN] ${message}`);
+  }
+  function _debug(message) {
+    console.log(`[dotenv@${version}][DEBUG] ${message}`);
+  }
+  function _log(message) {
+    console.log(`[dotenv@${version}] ${message}`);
+  }
+  function _dotenvKey(options) {
+    if (options && options.DOTENV_KEY && options.DOTENV_KEY.length > 0) {
+      return options.DOTENV_KEY;
+    }
+    if (process.env.DOTENV_KEY && process.env.DOTENV_KEY.length > 0) {
+      return process.env.DOTENV_KEY;
+    }
+    return "";
+  }
+  function _instructions(result, dotenvKey) {
+    let uri;
+    try {
+      uri = new URL(dotenvKey);
+    } catch (error) {
+      if (error.code === "ERR_INVALID_URL") {
+        const err = new Error("INVALID_DOTENV_KEY: Wrong format. Must be in valid uri format like dotenv://:key_1234@dotenvx.com/vault/.env.vault?environment=development");
+        err.code = "INVALID_DOTENV_KEY";
+        throw err;
+      }
+      throw error;
+    }
+    const key = uri.password;
+    if (!key) {
+      const err = new Error("INVALID_DOTENV_KEY: Missing key part");
+      err.code = "INVALID_DOTENV_KEY";
+      throw err;
+    }
+    const environment = uri.searchParams.get("environment");
+    if (!environment) {
+      const err = new Error("INVALID_DOTENV_KEY: Missing environment part");
+      err.code = "INVALID_DOTENV_KEY";
+      throw err;
+    }
+    const environmentKey = `DOTENV_VAULT_${environment.toUpperCase()}`;
+    const ciphertext = result.parsed[environmentKey];
+    if (!ciphertext) {
+      const err = new Error(`NOT_FOUND_DOTENV_ENVIRONMENT: Cannot locate environment ${environmentKey} in your .env.vault file.`);
+      err.code = "NOT_FOUND_DOTENV_ENVIRONMENT";
+      throw err;
+    }
+    return { ciphertext, key };
+  }
+  function _vaultPath(options) {
+    let possibleVaultPath = null;
+    if (options && options.path && options.path.length > 0) {
+      if (Array.isArray(options.path)) {
+        for (const filepath of options.path) {
+          if (fs.existsSync(filepath)) {
+            possibleVaultPath = filepath.endsWith(".vault") ? filepath : `${filepath}.vault`;
+          }
+        }
+      } else {
+        possibleVaultPath = options.path.endsWith(".vault") ? options.path : `${options.path}.vault`;
+      }
+    } else {
+      possibleVaultPath = path.resolve(process.cwd(), ".env.vault");
+    }
+    if (fs.existsSync(possibleVaultPath)) {
+      return possibleVaultPath;
+    }
+    return null;
+  }
+  function _resolveHome(envPath) {
+    return envPath[0] === "~" ? path.join(os.homedir(), envPath.slice(1)) : envPath;
+  }
+  function _configVault(options) {
+    const debug = parseBoolean(process.env.DOTENV_CONFIG_DEBUG || options && options.debug);
+    const quiet = parseBoolean(process.env.DOTENV_CONFIG_QUIET || options && options.quiet);
+    if (debug || !quiet) {
+      _log("Loading env from encrypted .env.vault");
+    }
+    const parsed = DotenvModule._parseVault(options);
+    let processEnv = process.env;
+    if (options && options.processEnv != null) {
+      processEnv = options.processEnv;
+    }
+    DotenvModule.populate(processEnv, parsed, options);
+    return { parsed };
+  }
+  function configDotenv(options) {
+    const dotenvPath = path.resolve(process.cwd(), ".env");
+    let encoding = "utf8";
+    let processEnv = process.env;
+    if (options && options.processEnv != null) {
+      processEnv = options.processEnv;
+    }
+    let debug = parseBoolean(processEnv.DOTENV_CONFIG_DEBUG || options && options.debug);
+    let quiet = parseBoolean(processEnv.DOTENV_CONFIG_QUIET || options && options.quiet);
+    if (options && options.encoding) {
+      encoding = options.encoding;
+    } else {
+      if (debug) {
+        _debug("No encoding is specified. UTF-8 is used by default");
+      }
+    }
+    let optionPaths = [dotenvPath];
+    if (options && options.path) {
+      if (!Array.isArray(options.path)) {
+        optionPaths = [_resolveHome(options.path)];
+      } else {
+        optionPaths = [];
+        for (const filepath of options.path) {
+          optionPaths.push(_resolveHome(filepath));
+        }
+      }
+    }
+    let lastError;
+    const parsedAll = {};
+    for (const path2 of optionPaths) {
+      try {
+        const parsed = DotenvModule.parse(fs.readFileSync(path2, { encoding }));
+        DotenvModule.populate(parsedAll, parsed, options);
+      } catch (e) {
+        if (debug) {
+          _debug(`Failed to load ${path2} ${e.message}`);
+        }
+        lastError = e;
+      }
+    }
+    const populated = DotenvModule.populate(processEnv, parsedAll, options);
+    debug = parseBoolean(processEnv.DOTENV_CONFIG_DEBUG || debug);
+    quiet = parseBoolean(processEnv.DOTENV_CONFIG_QUIET || quiet);
+    if (debug || !quiet) {
+      const keysCount = Object.keys(populated).length;
+      const shortPaths = [];
+      for (const filePath of optionPaths) {
+        try {
+          const relative = path.relative(process.cwd(), filePath);
+          shortPaths.push(relative);
+        } catch (e) {
+          if (debug) {
+            _debug(`Failed to load ${filePath} ${e.message}`);
+          }
+          lastError = e;
+        }
+      }
+      _log(`injecting env (${keysCount}) from ${shortPaths.join(",")} ${dim(`-- tip: ${_getRandomTip()}`)}`);
+    }
+    if (lastError) {
+      return { parsed: parsedAll, error: lastError };
+    } else {
+      return { parsed: parsedAll };
+    }
+  }
+  function config(options) {
+    if (_dotenvKey(options).length === 0) {
+      return DotenvModule.configDotenv(options);
+    }
+    const vaultPath = _vaultPath(options);
+    if (!vaultPath) {
+      _warn(`You set DOTENV_KEY but you are missing a .env.vault file at ${vaultPath}. Did you forget to build it?`);
+      return DotenvModule.configDotenv(options);
+    }
+    return DotenvModule._configVault(options);
+  }
+  function decrypt(encrypted, keyStr) {
+    const key = Buffer.from(keyStr.slice(-64), "hex");
+    let ciphertext = Buffer.from(encrypted, "base64");
+    const nonce = ciphertext.subarray(0, 12);
+    const authTag = ciphertext.subarray(-16);
+    ciphertext = ciphertext.subarray(12, -16);
+    try {
+      const aesgcm = crypto2.createDecipheriv("aes-256-gcm", key, nonce);
+      aesgcm.setAuthTag(authTag);
+      return `${aesgcm.update(ciphertext)}${aesgcm.final()}`;
+    } catch (error) {
+      const isRange = error instanceof RangeError;
+      const invalidKeyLength = error.message === "Invalid key length";
+      const decryptionFailed = error.message === "Unsupported state or unable to authenticate data";
+      if (isRange || invalidKeyLength) {
+        const err = new Error("INVALID_DOTENV_KEY: It must be 64 characters long (or more)");
+        err.code = "INVALID_DOTENV_KEY";
+        throw err;
+      } else if (decryptionFailed) {
+        const err = new Error("DECRYPTION_FAILED: Please check your DOTENV_KEY");
+        err.code = "DECRYPTION_FAILED";
+        throw err;
+      } else {
+        throw error;
+      }
+    }
+  }
+  function populate(processEnv, parsed, options = {}) {
+    const debug = Boolean(options && options.debug);
+    const override = Boolean(options && options.override);
+    const populated = {};
+    if (typeof parsed !== "object") {
+      const err = new Error("OBJECT_REQUIRED: Please check the processEnv argument being passed to populate");
+      err.code = "OBJECT_REQUIRED";
+      throw err;
+    }
+    for (const key of Object.keys(parsed)) {
+      if (Object.prototype.hasOwnProperty.call(processEnv, key)) {
+        if (override === true) {
+          processEnv[key] = parsed[key];
+          populated[key] = parsed[key];
+        }
+        if (debug) {
+          if (override === true) {
+            _debug(`"${key}" is already defined and WAS overwritten`);
+          } else {
+            _debug(`"${key}" is already defined and was NOT overwritten`);
+          }
+        }
+      } else {
+        processEnv[key] = parsed[key];
+        populated[key] = parsed[key];
+      }
+    }
+    return populated;
+  }
+  var DotenvModule = {
+    configDotenv,
+    _configVault,
+    _parseVault,
+    config,
+    decrypt,
+    parse,
+    populate
+  };
+  exports.configDotenv = DotenvModule.configDotenv;
+  exports._configVault = DotenvModule._configVault;
+  exports._parseVault = DotenvModule._parseVault;
+  exports.config = DotenvModule.config;
+  exports.decrypt = DotenvModule.decrypt;
+  exports.parse = DotenvModule.parse;
+  exports.populate = DotenvModule.populate;
+  module.exports = DotenvModule;
+});
+
 // node_modules/@azure/core-tracing/dist/commonjs/state.js
 var require_state = __commonJS((exports) => {
   Object.defineProperty(exports, "__esModule", { value: true });
@@ -6420,6 +6815,7 @@ var require_tslib = __commonJS((exports, module) => {
 });
 
 // src/cli.ts
+var import_dotenv = __toESM(require_main(), 1);
 import { promises as fs6 } from "fs";
 import path5 from "path";
 
@@ -22664,6 +23060,7 @@ var formatEnvironmentToSafeSecretName = (environment, projectName) => {
 };
 var BASE_PATH = "./.deepstrike";
 var TEMPLATE_FILE_NAME = formatEnvironmentFileName("env");
+var SECRET_INPUT_FILE_NAME = ".env.setup";
 
 // src/fs/read.ts
 import * as path3 from "path";
@@ -22830,9 +23227,21 @@ var writeJsonIfMissing = async (filePath, data) => {
 `, "utf8");
   return true;
 };
+var writeSecretFileIfMissing = async () => {
+  const filePath = path5.join(getDeepstrikeDir(), SECRET_INPUT_FILE_NAME);
+  if (await fileExists(filePath))
+    return false;
+  await fs6.writeFile(filePath, `AZURE_CLIENT_SECRET=<input secret here>
+`, "utf8");
+  return true;
+};
 var appendGitignoreRules = async (projectRoot) => {
   const gitignorePath = path5.join(projectRoot, ".gitignore");
-  const rules = ["!.deepstrike/.secrets.env.json", ".deepstrike/.secrets.*.json"];
+  const rules = [
+    "!.deepstrike/.secrets.env.json",
+    ".deepstrike/.secrets.*.json",
+    `.deepstrike/${SECRET_INPUT_FILE_NAME}`
+  ];
   let existing = "";
   if (await fileExists(gitignorePath)) {
     existing = await fs6.readFile(gitignorePath, "utf8");
@@ -22867,6 +23276,11 @@ var getTemplateData = () => ({
   secretNames: ["DatabasePassword", "ApiKey"]
 });
 var getClientSecret = () => {
+  try {
+    const envSetupPath = path5.join(getDeepstrikeDir(), SECRET_INPUT_FILE_NAME);
+    import_dotenv.configDotenv({ path: envSetupPath });
+  } catch {
+  }
   const value = process.env["AZURE_CLIENT_SECRET"];
   if (!value) {
     throw new Error("AZURE_CLIENT_SECRET environment variable is not set.");
@@ -22881,6 +23295,7 @@ Usage:
   deepstrike create <environment>
   deepstrike push <environment>
   deepstrike pull <environment>
+  deepstrike export <environment>
 
 Notes:
   Config directory: ${deepstrikeDirName}
@@ -22896,12 +23311,14 @@ var initCommand = async () => {
   await ensureDir(deepstrikeDir);
   const wroteTemplate = await writeJsonIfMissing(templatePath, getTemplateData());
   const updatedGitignore = await appendGitignoreRules(projectRoot);
+  const addedSecretFile = await writeSecretFileIfMissing();
   const lines = [];
   lines.push("Deepstrike initialized.");
   lines.push(`Directory: ${deepstrikeDirName}`);
   lines.push(`Template: ${path5.relative(projectRoot, templatePath)}`);
   lines.push(wroteTemplate ? "Template file created." : "Template file already exists.");
   lines.push(updatedGitignore ? ".gitignore updated." : ".gitignore already up to date.");
+  lines.push(addedSecretFile ? `Secret input file created: ${SECRET_INPUT_FILE_NAME}` : `Secret input file already exists: ${SECRET_INPUT_FILE_NAME}`);
   lines.push("Next: deepstrike create <environment>");
   process.stdout.write(lines.join(`
 `) + `
@@ -22951,6 +23368,17 @@ var pullCommand = async (environmentRaw) => {
   process.stdout.write(`Pulled secrets for environment ${environmentRaw} to ${outPath}
 `);
 };
+var exportCommand = async (environmentRaw) => {
+  const secretsFile = await readEnvironmentSecretsFile(environmentRaw);
+  const outFileName = `.env.${environmentRaw}`;
+  const outPath = path5.join(getProjectRoot(), outFileName);
+  const lines = (secretsFile.secrets ?? []).map((secret) => `${secret.name}=${secret.value}`);
+  await fs6.writeFile(outPath, lines.join(`
+`) + `
+`, "utf8");
+  process.stdout.write(`Exported secrets for environment ${environmentRaw} to ${outPath}
+`);
+};
 var main = async () => {
   const [, , command, ...args] = process.argv;
   if (!command || command === "help" || command === "--help" || command === "-h") {
@@ -22982,6 +23410,13 @@ var main = async () => {
     await pullCommand(environment);
     return;
   }
+  if (command === "export") {
+    const environment = args[0];
+    if (!environment)
+      throw new Error("export requires <environment>");
+    await exportCommand(environment);
+    return;
+  }
   throw new Error(`Unknown command: ${command}`);
 };
 main().catch((error) => {

package/package.json

@@ -1,5 +1,5 @@
 {
-	"version": "4.0.0",
+	"version": "6.0.0",
 	"name": "deepstrike",
 	"type": "module",
 	"devDependencies": {