envibe 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/README.md +255 -0
  2. package/dist/cli/index.js +23224 -0
  3. package/dist/index.js +20751 -0
  4. package/package.json +50 -0
package/README.md ADDED
@@ -0,0 +1,255 @@
1
+ # envibe
2
+
3
+ [![npm version](https://img.shields.io/npm/v/envibe.svg)](https://www.npmjs.com/package/envibe)
4
+ [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
5
+
6
+ **The missing permission layer between AI agents and your .env**
7
+
8
+ ---
9
+
10
+ ## The Problem
11
+
12
+ AI coding assistants (Claude Code, Cursor, Copilot) need your environment variables to run and test code. But they can see **everything**—API keys, database passwords, payment secrets.
13
+
14
+ It's all-or-nothing. Until now.
15
+
16
+ ## The Solution
17
+
18
+ `envibe` gives you **per-variable access control** with 5 levels:
19
+
20
+ | Level | AI Can See | AI Can Modify | Example |
21
+ |-------|-----------|---------------|---------|
22
+ | `full` | Actual value | Yes | `NODE_ENV`, `PORT`, `DEBUG` |
23
+ | `read-only` | Actual value | No | `DATABASE_URL` |
24
+ | `placeholder` | `<VAR_NAME>` | No | `API_KEY` |
25
+ | `schema-only` | Format only | No | Complex configs |
26
+ | `hidden` | Nothing | No | `STRIPE_SECRET_KEY` |
27
+
28
+ ## Quick Start
29
+
30
+ Add envibe as an MCP server to your AI tool:
31
+
32
+ ```json
33
+ {
34
+ "mcpServers": {
35
+ "envibe": {
36
+ "command": "npx",
37
+ "args": ["envibe-mcp"]
38
+ }
39
+ }
40
+ }
41
+ ```
42
+
43
+ On first use, envibe automatically:
44
+ 1. Creates `.env.manifest.yaml` from your `.env.example`
45
+ 2. Generates `.env.ai` (filtered view for AI)
46
+ 3. Blocks direct `.env` file access
47
+
48
+ ## How It Works
49
+
50
+ ```
51
+ ┌─────────────────────────────────────────────────────────────┐
52
+ │ Your .env (secrets) │
53
+ │ ├── STRIPE_SECRET_KEY=sk_live_xxx ← hidden from AI │
54
+ │ ├── DATABASE_URL=postgres://... ← AI can read │
55
+ │ └── DEBUG=true ← AI can read/write │
56
+ └─────────────────────────────────────────────────────────────┘
57
+
58
+
59
+ ┌─────────────────────────────────────────────────────────────┐
60
+ │ .env.manifest.yaml (access rules) │
61
+ │ variables: │
62
+ │ STRIPE_SECRET_KEY: { access: hidden } │
63
+ │ DATABASE_URL: { access: read-only } │
64
+ │ DEBUG: { access: full } │
65
+ └─────────────────────────────────────────────────────────────┘
66
+
67
+
68
+ ┌─────────────────────────────────────────────────────────────┐
69
+ │ .env.ai (what AI sees) │
70
+ │ DEBUG=true # [full] │
71
+ │ DATABASE_URL=postgres://... # [read-only] │
72
+ │ # STRIPE_SECRET_KEY hidden │
73
+ └─────────────────────────────────────────────────────────────┘
74
+ ```
75
+
76
+ ## Example Manifest
77
+
78
+ ```yaml
79
+ # .env.manifest.yaml
80
+ version: 1
81
+ variables:
82
+ NODE_ENV:
83
+ access: full
84
+ description: "Environment mode"
85
+
86
+ DATABASE_URL:
87
+ access: read-only
88
+ description: "Database connection string"
89
+
90
+ OPENAI_API_KEY:
91
+ access: placeholder
92
+ description: "OpenAI API key"
93
+
94
+ STRIPE_SECRET_KEY:
95
+ access: hidden
96
+ description: "Payment processing - never expose"
97
+ ```
98
+
99
+ ## CLI Commands
100
+
101
+ | Command | Description |
102
+ |---------|-------------|
103
+ | `envibe setup` | Full setup (recommended) |
104
+ | `envibe setup -i` | Interactive mode - choose access levels |
105
+ | `envibe generate` | Regenerate `.env.ai` |
106
+ | `envibe view` | Display variables with access levels |
107
+ | `envibe mcp` | Start MCP server |
108
+
109
+ ## Installation
110
+
111
+ <details>
112
+ <summary><b>Claude Code</b></summary>
113
+
114
+ ```bash
115
+ claude mcp add envibe npx envibe-mcp
116
+ ```
117
+
118
+ Or add to `.claude/settings.json`:
119
+ ```json
120
+ {
121
+ "mcpServers": {
122
+ "envibe": {
123
+ "command": "npx",
124
+ "args": ["envibe-mcp"]
125
+ }
126
+ }
127
+ }
128
+ ```
129
+ </details>
130
+
131
+ <details>
132
+ <summary><b>Claude Desktop</b></summary>
133
+
134
+ Add to your `claude_desktop_config.json`:
135
+ ```json
136
+ {
137
+ "mcpServers": {
138
+ "envibe": {
139
+ "command": "npx",
140
+ "args": ["envibe-mcp"]
141
+ }
142
+ }
143
+ }
144
+ ```
145
+
146
+ Config file locations:
147
+ - macOS: `~/Library/Application Support/Claude/claude_desktop_config.json`
148
+ - Windows: `%APPDATA%\Claude\claude_desktop_config.json`
149
+ </details>
150
+
151
+ <details>
152
+ <summary><b>VS Code (Copilot/Continue)</b></summary>
153
+
154
+ Add to your VS Code `settings.json`:
155
+ ```json
156
+ {
157
+ "mcp.servers": {
158
+ "envibe": {
159
+ "command": "npx",
160
+ "args": ["envibe-mcp"]
161
+ }
162
+ }
163
+ }
164
+ ```
165
+ </details>
166
+
167
+ <details>
168
+ <summary><b>Cursor</b></summary>
169
+
170
+ Add to Cursor MCP settings:
171
+ ```json
172
+ {
173
+ "mcpServers": {
174
+ "envibe": {
175
+ "command": "npx",
176
+ "args": ["envibe-mcp"]
177
+ }
178
+ }
179
+ }
180
+ ```
181
+ </details>
182
+
183
+ <details>
184
+ <summary><b>Windsurf</b></summary>
185
+
186
+ Add to `~/.codeium/windsurf/mcp_config.json`:
187
+ ```json
188
+ {
189
+ "mcpServers": {
190
+ "envibe": {
191
+ "command": "npx",
192
+ "args": ["envibe-mcp"]
193
+ }
194
+ }
195
+ }
196
+ ```
197
+ </details>
198
+
199
+ <details>
200
+ <summary><b>CLI (standalone)</b></summary>
201
+
202
+ ```bash
203
+ # Install globally
204
+ npm install -g envibe
205
+
206
+ # Run setup
207
+ envibe setup
208
+ ```
209
+ </details>
210
+
211
+ ## MCP Tools
212
+
213
+ | Tool | Description |
214
+ |------|-------------|
215
+ | `env_list` | List visible variables with access levels |
216
+ | `env_get` | Get a variable's value (respects permissions) |
217
+ | `env_set` | Set a variable (only `full` access) |
218
+ | `env_describe` | Get detailed info about a variable |
219
+
220
+ ## Why envibe?
221
+
222
+ | Approach | Problem |
223
+ |----------|---------|
224
+ | **dotenvx** | Encrypts files, but AI still needs the decryption key |
225
+ | **permissions.deny** | Blocks all .env access—no granular control |
226
+ | **Just ignore .env** | AI can't run or test code that needs env vars |
227
+ | **envibe** | Per-variable access control. AI sees what you allow. |
228
+
229
+ ## File Structure
230
+
231
+ ```
232
+ your-project/
233
+ ├── .env # Real secrets (gitignored)
234
+ ├── .env.example # Template for devs (committed)
235
+ ├── .env.manifest.yaml # Access rules (committed)
236
+ ├── .env.ai # AI-safe view (gitignored)
237
+ └── .claude/
238
+ └── settings.json # Claude Code config (committed)
239
+ ```
240
+
241
+ ## Security
242
+
243
+ - `.env` files are **gitignored** and blocked from AI
244
+ - `.env.manifest.yaml` contains **rules only**, not values—safe to commit
245
+ - `.env.ai` is **regenerated** from `.env` + manifest—gitignore it
246
+ - Unknown variables default to `placeholder` (fail-safe)
247
+ - Bash workarounds blocked (`cat .env`, `head .env`, etc.)
248
+
249
+ ## License
250
+
251
+ MIT
252
+
253
+ ---
254
+
255
+ Built for the AI coding era. Stop leaking secrets.