envhub-cli 0.1.1

package/README.md

@@ -0,0 +1,60 @@
+# envhub Documentation
+
+**envhub** is a CLI tool that makes sharing `.env` files between developers easy and secure. Instead of sending secrets over chat messages, envhub stores them in a cloud secrets manager and lets your team push and pull environment configurations safely.
+
+## Why envhub?
+
+- No more sending API keys over Teams or Slack
+- Built-in version control prevents accidental overwrites
+- Easy interactive setup — no manual config files needed
+- Extensible provider architecture (AWS today, Azure & GCP coming soon)
+
+## Table of Contents
+
+### Getting Started
+
+1. [Installation](docs/getting-started/installation.md)
+2. [Setup (envhub init)](docs/getting-started/setup.md)
+3. [Your First Secret](docs/getting-started/first-secret.md)
+4. [Version Control](docs/getting-started/version-control.md)
+
+### Commands
+
+| Command | Description |
+| --- | --- |
+| [push](docs/commands/push.md) | Push a local .env file to the cloud |
+| [pull](docs/commands/pull.md) | Pull the latest .env file from the cloud |
+| [cat](docs/commands/cat.md) | Display the contents of a secret |
+| [list](docs/commands/list.md) | List all managed secrets |
+| [delete](docs/commands/delete.md) | Delete a secret |
+| [grant](docs/commands/grant.md) | Grant a user access to a secret |
+| [revoke](docs/commands/revoke.md) | Revoke a user's access to a secret |
+
+### Architecture
+
+- [Configuration (.envhubrc.json)](docs/architecture/configuration.md)
+- [Provider Architecture](docs/architecture/providers.md)
+
+## Quick Example
+
+```bash
+# 1. Set up your project
+npx envhub init
+
+# 2. Push your .env file
+npx envhub push my-app-dev ./.env -m "Initial setup"
+
+# 3. Your teammate pulls it
+npx envhub pull my-app-dev ./.env
+
+# 4. Grant access to another developer
+npx envhub grant my-app-dev jane.doe
+```
+
+## Supported Providers
+
+| Provider | Status |
+| --- | --- |
+| AWS Secrets Manager | Available |
+| Azure Key Vault | Planned |
+| GCP Secret Manager | Planned |

package/dist/cli.d.ts

@@ -0,0 +1,6 @@
+import { Command } from "commander";
+/**
+ * Create and configure the CLI program with all commands.
+ */
+export declare function createProgram(): Command;
+//# sourceMappingURL=cli.d.ts.map

package/dist/cli.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAUpC;;GAEG;AACH,wBAAgB,aAAa,IAAI,OAAO,CAkGvC"}

package/dist/cli.js

@@ -0,0 +1,92 @@
+import { Command } from "commander";
+import { initCommand } from "./commands/init.js";
+import { pushCommand } from "./commands/push.js";
+import { pullCommand } from "./commands/pull.js";
+import { catCommand } from "./commands/cat.js";
+import { listCommand } from "./commands/list.js";
+import { deleteCommand } from "./commands/delete.js";
+import { grantCommand } from "./commands/grant.js";
+import { revokeCommand } from "./commands/revoke.js";
+/**
+ * Create and configure the CLI program with all commands.
+ */
+export function createProgram() {
+    const program = new Command();
+    program
+        .name("envhub")
+        .description("Securely share .env files between developers using cloud providers.")
+        .version("0.1.0");
+    // ── init ────────────────────────────────────────────────────────
+    program
+        .command("init")
+        .description("Set up envhub for your project (interactive wizard)")
+        .action(async () => {
+        await initCommand();
+    });
+    // ── push ────────────────────────────────────────────────────────
+    program
+        .command("push")
+        .description("Push a local .env file to the cloud provider")
+        .argument("<name>", "Name for the secret")
+        .argument("<file>", "Path to the .env file")
+        .option("-m, --message <message>", "A message describing this version")
+        .option("-f, --force", "Bypass version conflict checking", false)
+        .action(async (name, file, options) => {
+        await pushCommand(name, file, options);
+    });
+    // ── pull ────────────────────────────────────────────────────────
+    program
+        .command("pull")
+        .description("Pull the latest .env file from the cloud provider")
+        .argument("<name>", "Name of the secret to pull")
+        .argument("<file>", "Path to write the .env file to")
+        .action(async (name, file) => {
+        await pullCommand(name, file);
+    });
+    // ── cat ─────────────────────────────────────────────────────────
+    program
+        .command("cat")
+        .description("Display the contents of a secret")
+        .argument("<name>", "Name of the secret to display")
+        .action(async (name) => {
+        await catCommand(name);
+    });
+    // ── list ────────────────────────────────────────────────────────
+    program
+        .command("list")
+        .alias("ls")
+        .description("List all secrets managed by envhub")
+        .action(async () => {
+        await listCommand();
+    });
+    // ── delete ──────────────────────────────────────────────────────
+    program
+        .command("delete")
+        .alias("rm")
+        .description("Delete a secret from the cloud provider")
+        .argument("<name>", "Name of the secret to delete")
+        .option("-f, --force", "Force immediate deletion", false)
+        .action(async (name, options) => {
+        await deleteCommand(name, options);
+    });
+    // ── grant ───────────────────────────────────────────────────────
+    program
+        .command("grant")
+        .description("Grant another user access to a secret")
+        .argument("<name>", "Name of the secret")
+        .argument("<user>", "IAM username or ARN of the user to grant access")
+        .action(async (name, user) => {
+        await grantCommand(name, user);
+    });
+    // ── revoke ──────────────────────────────────────────────────────
+    program
+        .command("revoke")
+        .description("Revoke a user's access to a secret")
+        .argument("<name>", "Name of the secret")
+        .argument("<user>", "IAM username or ARN of the user to revoke access")
+        .action(async (name, user) => {
+        await revokeCommand(name, user);
+    });
+    return program;
+}
+//# sourceMappingURL=cli.js.map

package/dist/cli.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAC/C,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACnD,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAErD;;GAEG;AACH,MAAM,UAAU,aAAa;IAC3B,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;IAE9B,OAAO;SACJ,IAAI,CAAC,QAAQ,CAAC;SACd,WAAW,CACV,qEAAqE,CACtE;SACA,OAAO,CAAC,OAAO,CAAC,CAAC;IAEpB,mEAAmE;IAEnE,OAAO;SACJ,OAAO,CAAC,MAAM,CAAC;SACf,WAAW,CAAC,qDAAqD,CAAC;SAClE,MAAM,CAAC,KAAK,IAAI,EAAE;QACjB,MAAM,WAAW,EAAE,CAAC;IACtB,CAAC,CAAC,CAAC;IAEL,mEAAmE;IAEnE,OAAO;SACJ,OAAO,CAAC,MAAM,CAAC;SACf,WAAW,CAAC,8CAA8C,CAAC;SAC3D,QAAQ,CAAC,QAAQ,EAAE,qBAAqB,CAAC;SACzC,QAAQ,CAAC,QAAQ,EAAE,uBAAuB,CAAC;SAC3C,MAAM,CAAC,yBAAyB,EAAE,mCAAmC,CAAC;SACtE,MAAM,CAAC,aAAa,EAAE,kCAAkC,EAAE,KAAK,CAAC;SAChE,MAAM,CAAC,KAAK,EAAE,IAAY,EAAE,IAAY,EAAE,OAAO,EAAE,EAAE;QACpD,MAAM,WAAW,CAAC,IAAI,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;IACzC,CAAC,CAAC,CAAC;IAEL,mEAAmE;IAEnE,OAAO;SACJ,OAAO,CAAC,MAAM,CAAC;SACf,WAAW,CAAC,mDAAmD,CAAC;SAChE,QAAQ,CAAC,QAAQ,EAAE,4BAA4B,CAAC;SAChD,QAAQ,CAAC,QAAQ,EAAE,gCAAgC,CAAC;SACpD,MAAM,CAAC,KAAK,EAAE,IAAY,EAAE,IAAY,EAAE,EAAE;QAC3C,MAAM,WAAW,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAChC,CAAC,CAAC,CAAC;IAEL,mEAAmE;IAEnE,OAAO;SACJ,OAAO,CAAC,KAAK,CAAC;SACd,WAAW,CAAC,kCAAkC,CAAC;SAC/C,QAAQ,CAAC,QAAQ,EAAE,+BAA+B,CAAC;SACnD,MAAM,CAAC,KAAK,EAAE,IAAY,EAAE,EAAE;QAC7B,MAAM,UAAU,CAAC,IAAI,CAAC,CAAC;IACzB,CAAC,CAAC,CAAC;IAEL,mEAAmE;IAEnE,OAAO;SACJ,OAAO,CAAC,MAAM,CAAC;SACf,KAAK,CAAC,IAAI,CAAC;SACX,WAAW,CAAC,oCAAoC,CAAC;SACjD,MAAM,CAAC,KAAK,IAAI,EAAE;QACjB,MAAM,WAAW,EAAE,CAAC;IACtB,CAAC,CAAC,CAAC;IAEL,mEAAmE;IAEnE,OAAO;SACJ,OAAO,CAAC,QAAQ,CAAC;SACjB,KAAK,CAAC,IAAI,CAAC;SACX,WAAW,CAAC,yCAAyC,CAAC;SACtD,QAAQ,CAAC,QAAQ,EAAE,8BAA8B,CAAC;SAClD,MAAM,CAAC,aAAa,EAAE,0BAA0B,EAAE,KAAK,CAAC;SACxD,MAAM,CAAC,KAAK,EAAE,IAAY,EAAE,OAAO,EAAE,EAAE;QACtC,MAAM,aAAa,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IACrC,CAAC,CAAC,CAAC;IAEL,mEAAmE;IAEnE,OAAO;SACJ,OAAO,CAAC,OAAO,CAAC;SAChB,WAAW,CAAC,uCAAuC,CAAC;SACpD,QAAQ,CAAC,QAAQ,EAAE,oBAAoB,CAAC;SACxC,QAAQ,CAAC,QAAQ,EAAE,iDAAiD,CAAC;SACrE,MAAM,CAAC,KAAK,EAAE,IAAY,EAAE,IAAY,EAAE,EAAE;QAC3C,MAAM,YAAY,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;IAEL,mEAAmE;IAEnE,OAAO;SACJ,OAAO,CAAC,QAAQ,CAAC;SACjB,WAAW,CAAC,oCAAoC,CAAC;SACjD,QAAQ,CAAC,QAAQ,EAAE,oBAAoB,CAAC;SACxC,QAAQ,CAAC,QAAQ,EAAE,kDAAkD,CAAC;SACtE,MAAM,CAAC,KAAK,EAAE,IAAY,EAAE,IAAY,EAAE,EAAE;QAC3C,MAAM,aAAa,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;IAEL,OAAO,OAAO,CAAC;AACjB,CAAC"}

package/dist/commands/cat.d.ts

@@ -0,0 +1,6 @@
+/**
+ * The `envhub cat` command.
+ * Outputs the contents of a secret without writing to disk.
+ */
+export declare function catCommand(secretName: string): Promise<void>;
+//# sourceMappingURL=cat.d.ts.map

package/dist/commands/cat.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cat.d.ts","sourceRoot":"","sources":["../../src/commands/cat.ts"],"names":[],"mappings":"AAqCA;;;GAGG;AACH,wBAAsB,UAAU,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAsBlE"}

package/dist/commands/cat.js

@@ -0,0 +1,55 @@
+import chalk from "chalk";
+import { configManager } from "../config/config.js";
+import { ProviderFactory } from "../providers/provider.factory.js";
+import { parseEnvContent } from "../utils/env-parser.js";
+import { logger } from "../utils/logger.js";
+/**
+ * Format .env content into a styled, readable table.
+ */
+function formatEnvTable(content) {
+    const entries = parseEnvContent(content);
+    if (entries.size === 0) {
+        return chalk.dim("  (empty)");
+    }
+    // Find the longest key for alignment
+    let maxKeyLen = 0;
+    for (const key of entries.keys()) {
+        if (key.length > maxKeyLen)
+            maxKeyLen = key.length;
+    }
+    const lines = [];
+    const separator = chalk.dim("─".repeat(maxKeyLen + 40));
+    lines.push(separator);
+    for (const [key, value] of entries) {
+        const paddedKey = key.padEnd(maxKeyLen);
+        lines.push(`  ${chalk.bold.cyan(paddedKey)}  ${chalk.dim("=")}  ${value}`);
+    }
+    lines.push(separator);
+    return lines.join("\n");
+}
+/**
+ * The `envhub cat` command.
+ * Outputs the contents of a secret without writing to disk.
+ */
+export async function catCommand(secretName) {
+    // Load config and create provider
+    const config = await configManager.load();
+    const provider = ProviderFactory.createProvider(config);
+    const spinner = logger.spinner(`Reading '${secretName}'...`);
+    try {
+        const content = await provider.cat(secretName);
+        const entries = parseEnvContent(content);
+        spinner.succeed(`${chalk.bold(secretName)} ${chalk.dim(`(${entries.size} keys)`)}`);
+        logger.newline();
+        logger.log(formatEnvTable(content));
+        logger.newline();
+    }
+    catch (error) {
+        spinner.fail(`Failed to read '${secretName}'.`);
+        if (error instanceof Error) {
+            logger.error(error.message);
+        }
+        process.exit(1);
+    }
+}
+//# sourceMappingURL=cat.js.map

package/dist/commands/cat.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cat.js","sourceRoot":"","sources":["../../src/commands/cat.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,eAAe,EAAE,MAAM,kCAAkC,CAAC;AACnE,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AACzD,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAE5C;;GAEG;AACH,SAAS,cAAc,CAAC,OAAe;IACrC,MAAM,OAAO,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC;IAEzC,IAAI,OAAO,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;QACvB,OAAO,KAAK,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;IAChC,CAAC;IAED,qCAAqC;IACrC,IAAI,SAAS,GAAG,CAAC,CAAC;IAClB,KAAK,MAAM,GAAG,IAAI,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;QACjC,IAAI,GAAG,CAAC,MAAM,GAAG,SAAS;YAAE,SAAS,GAAG,GAAG,CAAC,MAAM,CAAC;IACrD,CAAC;IAED,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,MAAM,SAAS,GAAG,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,SAAS,GAAG,EAAE,CAAC,CAAC,CAAC;IAExD,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAEtB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,OAAO,EAAE,CAAC;QACnC,MAAM,SAAS,GAAG,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QACxC,KAAK,CAAC,IAAI,CAAC,KAAK,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,KAAK,KAAK,EAAE,CAAC,CAAC;IAC7E,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAEtB,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,UAAkB;IACjD,kCAAkC;IAClC,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,IAAI,EAAE,CAAC;IAC1C,MAAM,QAAQ,GAAG,eAAe,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;IAExD,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,YAAY,UAAU,MAAM,CAAC,CAAC;IAE7D,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAC/C,MAAM,OAAO,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC;QACzC,OAAO,CAAC,OAAO,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,KAAK,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,IAAI,QAAQ,CAAC,EAAE,CAAC,CAAC;QAEpF,MAAM,CAAC,OAAO,EAAE,CAAC;QACjB,MAAM,CAAC,GAAG,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC;QACpC,MAAM,CAAC,OAAO,EAAE,CAAC;IACnB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,IAAI,CAAC,mBAAmB,UAAU,IAAI,CAAC,CAAC;QAChD,IAAI,KAAK,YAAY,KAAK,EAAE,CAAC;YAC3B,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAC9B,CAAC;QACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC"}

package/dist/commands/delete.d.ts

@@ -0,0 +1,10 @@
+interface DeleteCommandOptions {
+    force?: boolean;
+}
+/**
+ * The `envhub delete` command.
+ * Deletes a secret from the cloud provider.
+ */
+export declare function deleteCommand(secretName: string, options: DeleteCommandOptions): Promise<void>;
+export {};
+//# sourceMappingURL=delete.d.ts.map

package/dist/commands/delete.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"delete.d.ts","sourceRoot":"","sources":["../../src/commands/delete.ts"],"names":[],"mappings":"AAKA,UAAU,oBAAoB;IAC5B,KAAK,CAAC,EAAE,OAAO,CAAC;CACjB;AAED;;;GAGG;AACH,wBAAsB,aAAa,CACjC,UAAU,EAAE,MAAM,EAClB,OAAO,EAAE,oBAAoB,GAC5B,OAAO,CAAC,IAAI,CAAC,CA4Cf"}

package/dist/commands/delete.js

@@ -0,0 +1,46 @@
+import { confirm } from "@inquirer/prompts";
+import { configManager } from "../config/config.js";
+import { ProviderFactory } from "../providers/provider.factory.js";
+import { logger } from "../utils/logger.js";
+/**
+ * The `envhub delete` command.
+ * Deletes a secret from the cloud provider.
+ */
+export async function deleteCommand(secretName, options) {
+    // Load config and create provider
+    const config = await configManager.load();
+    const provider = ProviderFactory.createProvider(config);
+    // Confirm deletion
+    if (!options.force) {
+        const confirmed = await confirm({
+            message: `Are you sure you want to delete '${secretName}'? This action cannot be undone.`,
+            default: false,
+        });
+        if (!confirmed) {
+            logger.info("Deletion cancelled.");
+            return;
+        }
+    }
+    const spinner = logger.spinner(`Deleting '${secretName}'...`);
+    try {
+        await provider.delete(secretName, { force: options.force });
+        // Remove from local tracking
+        const cfg = configManager.getConfig();
+        if (cfg.secrets[secretName]) {
+            delete cfg.secrets[secretName];
+            await configManager.save(cfg);
+        }
+        spinner.succeed(`Deleted '${secretName}'.`);
+        if (!options.force) {
+            logger.dim("  Note: The secret is scheduled for deletion. Use --force for immediate deletion.");
+        }
+    }
+    catch (error) {
+        spinner.fail(`Failed to delete '${secretName}'.`);
+        if (error instanceof Error) {
+            logger.error(error.message);
+        }
+        process.exit(1);
+    }
+}
+//# sourceMappingURL=delete.js.map

package/dist/commands/delete.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"delete.js","sourceRoot":"","sources":["../../src/commands/delete.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC;AAC5C,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,eAAe,EAAE,MAAM,kCAAkC,CAAC;AACnE,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAM5C;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,UAAkB,EAClB,OAA6B;IAE7B,kCAAkC;IAClC,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,IAAI,EAAE,CAAC;IAC1C,MAAM,QAAQ,GAAG,eAAe,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;IAExD,mBAAmB;IACnB,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;QACnB,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC;YAC9B,OAAO,EAAE,oCAAoC,UAAU,kCAAkC;YACzF,OAAO,EAAE,KAAK;SACf,CAAC,CAAC;QAEH,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;YACnC,OAAO;QACT,CAAC;IACH,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,aAAa,UAAU,MAAM,CAAC,CAAC;IAE9D,IAAI,CAAC;QACH,MAAM,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC;QAE5D,6BAA6B;QAC7B,MAAM,GAAG,GAAG,aAAa,CAAC,SAAS,EAAE,CAAC;QACtC,IAAI,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;YAC5B,OAAO,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;YAC/B,MAAM,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAChC,CAAC;QAED,OAAO,CAAC,OAAO,CAAC,YAAY,UAAU,IAAI,CAAC,CAAC;QAE5C,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;YACnB,MAAM,CAAC,GAAG,CACR,mFAAmF,CACpF,CAAC;QACJ,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,IAAI,CAAC,qBAAqB,UAAU,IAAI,CAAC,CAAC;QAClD,IAAI,KAAK,YAAY,KAAK,EAAE,CAAC;YAC3B,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAC9B,CAAC;QACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC"}

package/dist/commands/grant.d.ts

@@ -0,0 +1,6 @@
+/**
+ * The `envhub grant` command.
+ * Grants another user access to a secret.
+ */
+export declare function grantCommand(secretName: string, userIdentifier: string): Promise<void>;
+//# sourceMappingURL=grant.d.ts.map

package/dist/commands/grant.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"grant.d.ts","sourceRoot":"","sources":["../../src/commands/grant.ts"],"names":[],"mappings":"AAIA;;;GAGG;AACH,wBAAsB,YAAY,CAChC,UAAU,EAAE,MAAM,EAClB,cAAc,EAAE,MAAM,GACrB,OAAO,CAAC,IAAI,CAAC,CAqBf"}

package/dist/commands/grant.js

@@ -0,0 +1,25 @@
+import { configManager } from "../config/config.js";
+import { ProviderFactory } from "../providers/provider.factory.js";
+import { logger } from "../utils/logger.js";
+/**
+ * The `envhub grant` command.
+ * Grants another user access to a secret.
+ */
+export async function grantCommand(secretName, userIdentifier) {
+    // Load config and create provider
+    const config = await configManager.load();
+    const provider = ProviderFactory.createProvider(config);
+    const spinner = logger.spinner(`Granting access to '${secretName}' for '${userIdentifier}'...`);
+    try {
+        await provider.grant(secretName, userIdentifier);
+        spinner.succeed(`Granted '${userIdentifier}' access to '${secretName}'.`);
+    }
+    catch (error) {
+        spinner.fail(`Failed to grant access.`);
+        if (error instanceof Error) {
+            logger.error(error.message);
+        }
+        process.exit(1);
+    }
+}
+//# sourceMappingURL=grant.js.map

package/dist/commands/grant.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"grant.js","sourceRoot":"","sources":["../../src/commands/grant.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,eAAe,EAAE,MAAM,kCAAkC,CAAC;AACnE,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAE5C;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,UAAkB,EAClB,cAAsB;IAEtB,kCAAkC;IAClC,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,IAAI,EAAE,CAAC;IAC1C,MAAM,QAAQ,GAAG,eAAe,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;IAExD,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAC5B,uBAAuB,UAAU,UAAU,cAAc,MAAM,CAChE,CAAC;IAEF,IAAI,CAAC;QACH,MAAM,QAAQ,CAAC,KAAK,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;QACjD,OAAO,CAAC,OAAO,CACb,YAAY,cAAc,gBAAgB,UAAU,IAAI,CACzD,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;QACxC,IAAI,KAAK,YAAY,KAAK,EAAE,CAAC;YAC3B,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAC9B,CAAC;QACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC"}

package/dist/commands/init.d.ts

@@ -0,0 +1,6 @@
+/**
+ * The `envhub init` command.
+ * Interactive wizard that creates the project configuration.
+ */
+export declare function initCommand(): Promise<void>;
+//# sourceMappingURL=init.d.ts.map

package/dist/commands/init.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"init.d.ts","sourceRoot":"","sources":["../../src/commands/init.ts"],"names":[],"mappings":"AA6HA;;;GAGG;AACH,wBAAsB,WAAW,IAAI,OAAO,CAAC,IAAI,CAAC,CAsLjD"}

package/dist/commands/init.js

@@ -0,0 +1,275 @@
+import { select, input, confirm } from "@inquirer/prompts";
+import chalk from "chalk";
+import * as fs from "node:fs/promises";
+import * as path from "node:path";
+import { logger } from "../utils/logger.js";
+import { ConfigManager } from "../config/config.js";
+import { ProviderFactory } from "../providers/provider.factory.js";
+/**
+ * Read available AWS profiles from ~/.aws/credentials and ~/.aws/config.
+ * Also extracts the region for each profile from ~/.aws/config.
+ */
+async function getAWSProfiles() {
+    const profileNames = new Set();
+    const profileRegions = new Map();
+    const homeDir = process.env.HOME ?? process.env.USERPROFILE ?? "";
+    // Parse credentials file (only profile names)
+    const credentialsPath = path.join(homeDir, ".aws", "credentials");
+    try {
+        const content = await fs.readFile(credentialsPath, "utf-8");
+        const profileRegex = /\[([^\]]+)\]/g;
+        let match;
+        while ((match = profileRegex.exec(content)) !== null) {
+            profileNames.add(match[1].trim());
+        }
+    }
+    catch {
+        // File doesn't exist, skip
+    }
+    // Parse config file (profile names + regions)
+    const configPath = path.join(homeDir, ".aws", "config");
+    try {
+        const content = await fs.readFile(configPath, "utf-8");
+        const lines = content.split("\n");
+        let currentProfile = null;
+        for (const line of lines) {
+            const trimmed = line.trim();
+            // Match profile header: [profile name] or [default]
+            const headerMatch = trimmed.match(/^\[(?:profile\s+)?([^\]]+)\]$/);
+            if (headerMatch) {
+                currentProfile = headerMatch[1].trim();
+                profileNames.add(currentProfile);
+                continue;
+            }
+            // Match region key under current profile
+            if (currentProfile) {
+                const regionMatch = trimmed.match(/^region\s*=\s*(.+)$/);
+                if (regionMatch) {
+                    profileRegions.set(currentProfile, regionMatch[1].trim());
+                }
+            }
+        }
+    }
+    catch {
+        // File doesn't exist, skip
+    }
+    return Array.from(profileNames)
+        .sort()
+        .map((name) => ({
+        name,
+        region: profileRegions.get(name),
+    }));
+}
+/**
+ * Common AWS regions for the selection prompt.
+ */
+const AWS_REGIONS = [
+    { name: "EU (Frankfurt) - eu-central-1", value: "eu-central-1" },
+    { name: "EU (Ireland) - eu-west-1", value: "eu-west-1" },
+    { name: "EU (London) - eu-west-2", value: "eu-west-2" },
+    { name: "EU (Paris) - eu-west-3", value: "eu-west-3" },
+    { name: "EU (Stockholm) - eu-north-1", value: "eu-north-1" },
+    { name: "US East (N. Virginia) - us-east-1", value: "us-east-1" },
+    { name: "US East (Ohio) - us-east-2", value: "us-east-2" },
+    { name: "US West (Oregon) - us-west-2", value: "us-west-2" },
+    { name: "Asia Pacific (Tokyo) - ap-northeast-1", value: "ap-northeast-1" },
+    { name: "Asia Pacific (Singapore) - ap-southeast-1", value: "ap-southeast-1" },
+];
+/**
+ * Update .gitignore to include .envhubrc.json if not already present.
+ */
+async function updateGitignore(dir) {
+    const gitignorePath = path.join(dir, ".gitignore");
+    const entry = ".envhubrc.json";
+    try {
+        let content = "";
+        try {
+            content = await fs.readFile(gitignorePath, "utf-8");
+        }
+        catch {
+            // .gitignore doesn't exist, we'll create it
+        }
+        if (content.includes(entry)) {
+            return false; // Already in .gitignore
+        }
+        const newContent = content
+            ? content.trimEnd() + "\n\n# envhub config (contains AWS profile info)\n" + entry + "\n"
+            : "# envhub config (contains AWS profile info)\n" + entry + "\n";
+        await fs.writeFile(gitignorePath, newContent, "utf-8");
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * The `envhub init` command.
+ * Interactive wizard that creates the project configuration.
+ */
+export async function initCommand() {
+    logger.log("");
+    logger.log(chalk.cyan("  ███████╗███╗   ██╗██╗   ██╗██╗  ██╗██╗   ██╗██████╗ "));
+    logger.log(chalk.cyan("  ██╔════╝████╗  ██║██║   ██║██║  ██║██║   ██║██╔══██╗"));
+    logger.log(chalk.cyan("  █████╗  ██╔██╗ ██║██║   ██║███████║██║   ██║██████╔╝"));
+    logger.log(chalk.cyan("  ██╔══╝  ██║╚██╗██║╚██╗ ██╔╝██╔══██║██║   ██║██╔══██╗"));
+    logger.log(chalk.cyan("  ███████╗██║ ╚████║ ╚████╔╝ ██║  ██║╚██████╔╝██████╔╝"));
+    logger.log(chalk.cyan("  ╚══════╝╚═╝  ╚═══╝  ╚═══╝  ╚═╝  ╚═╝ ╚═════╝ ╚═════╝ "));
+    logger.log("");
+    logger.log(chalk.dim("  Securely share .env files between developers."));
+    logger.log("");
+    // Check if config already exists
+    const exists = await ConfigManager.exists();
+    if (exists) {
+        const overwrite = await confirm({
+            message: "An .envhubrc.json already exists. Overwrite?",
+            default: false,
+        });
+        if (!overwrite) {
+            logger.info("Setup cancelled.");
+            return;
+        }
+    }
+    // Step 1: Select provider
+    const providers = ProviderFactory.getAvailableProviders();
+    const provider = await select({
+        message: "Which cloud provider would you like to use?",
+        choices: providers.map((p) => ({
+            name: p.available ? p.label : `${p.label} (coming soon)`,
+            value: p.type,
+            disabled: !p.available,
+        })),
+    });
+    // Step 2: Provider-specific configuration
+    const config = {
+        provider,
+        prefix: "envhub-",
+        secrets: {},
+    };
+    if (provider === "aws") {
+        // Detect available AWS profiles
+        const profiles = await getAWSProfiles();
+        let profileName;
+        let detectedRegion;
+        if (profiles.length > 0) {
+            profileName = await select({
+                message: "Select your AWS profile:",
+                choices: [
+                    ...profiles.map((p) => ({
+                        name: p.region ? `${p.name} (${p.region})` : p.name,
+                        value: p.name,
+                    })),
+                    { name: "Enter a different profile name...", value: "__custom__" },
+                ],
+            });
+            if (profileName === "__custom__") {
+                profileName = await input({
+                    message: "Enter your AWS profile name:",
+                    validate: (val) => (val.trim() ? true : "Profile name is required."),
+                });
+            }
+            else {
+                // Get the region from the selected profile
+                detectedRegion = profiles.find((p) => p.name === profileName)?.region;
+            }
+        }
+        else {
+            logger.warn("No AWS profiles found in ~/.aws/credentials or ~/.aws/config.");
+            logger.dim("  Create one first: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html");
+            logger.log("");
+            profileName = await input({
+                message: "Enter your AWS profile name:",
+                validate: (val) => (val.trim() ? true : "Profile name is required."),
+            });
+        }
+        // Select region — use detected region from profile if available
+        let finalRegion;
+        if (detectedRegion) {
+            const useDetected = await confirm({
+                message: `Use region '${detectedRegion}' from your AWS profile?`,
+                default: true,
+            });
+            if (useDetected) {
+                finalRegion = detectedRegion;
+            }
+            else {
+                finalRegion = await select({
+                    message: "Select a different AWS region:",
+                    choices: [
+                        ...AWS_REGIONS,
+                        { name: "Enter a custom region...", value: "__custom__" },
+                    ],
+                });
+                if (finalRegion === "__custom__") {
+                    finalRegion = await input({
+                        message: "Enter the AWS region (e.g. eu-central-1):",
+                        validate: (val) => (val.trim() ? true : "Region is required."),
+                    });
+                }
+            }
+        }
+        else {
+            finalRegion = await select({
+                message: "Select your AWS region:",
+                choices: [
+                    ...AWS_REGIONS,
+                    { name: "Enter a custom region...", value: "__custom__" },
+                ],
+                default: "eu-central-1",
+            });
+            if (finalRegion === "__custom__") {
+                finalRegion = await input({
+                    message: "Enter the AWS region (e.g. eu-central-1):",
+                    validate: (val) => (val.trim() ? true : "Region is required."),
+                });
+            }
+        }
+        config.aws = {
+            profile: profileName,
+            region: finalRegion,
+        };
+    }
+    // Step 3: Configure prefix
+    const customPrefix = await confirm({
+        message: `Use default secret prefix "${config.prefix}"?`,
+        default: true,
+    });
+    if (!customPrefix) {
+        config.prefix = await input({
+            message: "Enter a custom prefix for your secrets:",
+            default: "envhub-",
+            validate: (val) => (val.trim() ? true : "Prefix is required."),
+        });
+    }
+    // Step 4: Save configuration
+    const spinner = logger.spinner("Creating configuration...");
+    try {
+        const configManager = new ConfigManager();
+        const filePath = await configManager.create(config);
+        spinner.succeed("Configuration created.");
+        // Step 5: Update .gitignore
+        const gitignoreUpdated = await updateGitignore(process.cwd());
+        if (gitignoreUpdated) {
+            logger.success("Added .envhubrc.json to .gitignore");
+        }
+        logger.newline();
+        logger.success("envhub is ready to use!");
+        logger.newline();
+        logger.dim(`  Config file: ${filePath}`);
+        logger.dim(`  Provider:    ${config.provider}`);
+        if (config.aws) {
+            logger.dim(`  AWS Profile: ${config.aws.profile}`);
+            logger.dim(`  AWS Region:  ${config.aws.region}`);
+        }
+        logger.newline();
+        logger.log("  Next steps:");
+        logger.log("    Push a secret:  envhub push <name> <file>");
+        logger.log("    Pull a secret:  envhub pull <name> <file>");
+        logger.log("    List secrets:   envhub list");
+        logger.newline();
+    }
+    catch (error) {
+        spinner.fail("Failed to create configuration.");
+        throw error;
+    }
+}
+//# sourceMappingURL=init.js.map