favacli 0.0.21 → 0.0.23

package/build/BaseCommand.d.mts

@@ -1,6 +1,6 @@
 import { Command } from 'clipanion';
 import type { Jsonifiable } from 'type-fest';
-import type { LockedRepresentationString, TwoFaLib } from 'favalib';
+import type { LockedRepresentationString, FavaLib } from 'favalib';
 import { Settings } from './utils/init.mjs';
 export interface ErrorInCommand {
     timestamp: number;
@@ -8,14 +8,14 @@ export interface ErrorInCommand {
 }
 declare abstract class BaseCommand extends Command {
     abstract exec(): Promise<Jsonifiable>;
-    abstract requireTwoFaLib: boolean;
+    abstract requireFavaLib: boolean;
     errors: ErrorInCommand[];
     preFormattedOutput: boolean;
     json: boolean | undefined;
     verbose: boolean | undefined;
     lockedRepresentationString: LockedRepresentationString;
     settings: Settings;
-    twoFaLib: TwoFaLib;
+    favaLib: FavaLib;
     output(string: string): void;
     execute(): Promise<number>;
     private addError;

package/build/BaseCommand.mjs

@@ -21,17 +21,18 @@ class BaseCommand extends Command {
     async execute() {
         const { lockedRepresentationString, settings } = await init();
         this.settings = settings;
-        if (lockedRepresentationString && this.requireTwoFaLib) {
-            this.twoFaLib = await loadVault(lockedRepresentationString, settings, this.addError.bind(this), this.verbose);
+        this.lockedRepresentationString = lockedRepresentationString;
+        if (lockedRepresentationString && this.requireFavaLib) {
+            this.favaLib = await loadVault(lockedRepresentationString, settings, this.addError.bind(this), this.verbose);
         }
         else {
-            if (this.requireTwoFaLib) {
+            if (this.requireFavaLib) {
                 throw new Error('No vault loaded, was it created?');
             }
         }
         const result = await this.exec();
-        if (this.twoFaLib?.sync) {
-            this.twoFaLib.sync.closeServerConnection();
+        if (this.favaLib?.sync) {
+            this.favaLib.sync.closeServerConnection();
         }
         if (this.json) {
             // output is already formatted, don't add the result & errors bit

package/build/BaseListOutputCommand.d.mts

@@ -5,12 +5,12 @@ import formatters from './formatters/index.mjs';
 import { Jsonifiable } from 'type-fest';
 export type Formatter = (entries: (EntryMeta | EntryMetaWithToken)[], errors: ErrorInCommand[]) => Jsonifiable;
 declare abstract class BaseListOutputCommand extends BaseCommand {
-    abstract getList(): EntryMeta[] | EntryMetaWithToken[];
+    abstract getList(): Promise<(EntryMeta | EntryMetaWithToken)[]>;
     format: (typeof formatters)[0]["name"] | undefined;
     exec(): Promise<string | number | boolean | {
         [x: string]: Jsonifiable | undefined;
     } | {
         toJSON: () => Jsonifiable;
-    } | import("type-fest/source/jsonifiable.js").JsonifiableArray | null>;
+    } | readonly Jsonifiable[] | null>;
 }
 export default BaseListOutputCommand;

package/build/BaseListOutputCommand.mjs

@@ -11,7 +11,6 @@ class BaseListOutputCommand extends BaseCommand {
             description: 'formatter',
         });
     }
-    // eslint-disable-next-line @typescript-eslint/require-await
     async exec() {
         this.preFormattedOutput = this.format !== undefined;
         let formatter = (json) => json;
@@ -22,7 +21,7 @@ class BaseListOutputCommand extends BaseCommand {
             }
             formatter = selectedFormatter;
         }
-        const list = this.getList();
+        const list = await this.getList();
         if (list.length === 0) {
             this.context.stdout.write('No entries\n');
             return formatter([], this.errors);

package/build/commands/entries/add.d.mts

@@ -2,7 +2,7 @@ import BaseCommand from '../../BaseCommand.mjs';
 declare class EntriesAddCommand extends BaseCommand {
     static paths: string[][];
     static usage: import("clipanion").Usage;
-    requireTwoFaLib: boolean;
+    requireFavaLib: boolean;
     name: string;
     issuer: string;
     secret: string;

package/build/commands/entries/add.mjs

@@ -3,7 +3,7 @@ import BaseCommand from '../../BaseCommand.mjs';
 class EntriesAddCommand extends BaseCommand {
     constructor() {
         super(...arguments);
-        this.requireTwoFaLib = true;
+        this.requireFavaLib = true;
         this.name = Option.String('--name', { required: true });
         this.issuer = Option.String('--issuer', { required: true });
         this.secret = Option.String('--secret', { required: true });
@@ -32,10 +32,12 @@ class EntriesAddCommand extends BaseCommand {
         ],
     }); }
     async exec() {
-        await this.twoFaLib.vault.addEntry({
+        await this.favaLib.vault.addEntry({
             name: this.name,
             issuer: this.issuer,
             type: 'TOTP',
+            match: null,
+            matchType: null,
             payload: {
                 secret: this.secret,
                 period: Number.parseInt(this.period, 10),

package/build/commands/entries/list.d.mts

@@ -2,8 +2,8 @@ import BaseListOutputCommand from '../../BaseListOutputCommand.mjs';
 declare class EntriesListCommand extends BaseListOutputCommand {
     static paths: string[][];
     static usage: import("clipanion").Usage;
-    requireTwoFaLib: boolean;
+    requireFavaLib: boolean;
     withTokens: boolean | undefined;
-    getList(): import("favalib").EntryMeta[];
+    getList(): Promise<import("favalib").EntryMeta[]>;
 }
 export default EntriesListCommand;

package/build/commands/entries/list.mjs

@@ -3,7 +3,7 @@ import BaseListOutputCommand from '../../BaseListOutputCommand.mjs';
 class EntriesListCommand extends BaseListOutputCommand {
     constructor() {
         super(...arguments);
-        this.requireTwoFaLib = true;
+        this.requireFavaLib = true;
         this.withTokens = Option.Boolean('--withTokens', {
             description: 'Include current TOTP tokens in the output',
         });
@@ -22,12 +22,12 @@ class EntriesListCommand extends BaseListOutputCommand {
             ['List entries with current TOTP tokens', 'entries list --withTokens'],
         ],
     }); }
-    getList() {
+    async getList() {
         if (this.withTokens) {
-            return this.twoFaLib.vault.listEntriesMetas(true);
+            return this.favaLib.vault.listEntriesMetas(true);
         }
         else {
-            return this.twoFaLib.vault.listEntriesMetas(false);
+            return this.favaLib.vault.listEntriesMetas(false);
         }
     }
 }

package/build/commands/entries/search.d.mts

@@ -2,9 +2,9 @@ import BaseListOutputCommand from '../../BaseListOutputCommand.mjs';
 declare class EntriesSearchCommand extends BaseListOutputCommand {
     static paths: string[][];
     static usage: import("clipanion").Usage;
-    requireTwoFaLib: boolean;
+    requireFavaLib: boolean;
     withTokens: boolean | undefined;
     query: string;
-    getList(): import("favalib").EntryMeta[];
+    getList(): Promise<import("favalib").EntryMeta[]>;
 }
 export default EntriesSearchCommand;

package/build/commands/entries/search.mjs

@@ -3,7 +3,7 @@ import BaseListOutputCommand from '../../BaseListOutputCommand.mjs';
 class EntriesSearchCommand extends BaseListOutputCommand {
     constructor() {
         super(...arguments);
-        this.requireTwoFaLib = true;
+        this.requireFavaLib = true;
         this.withTokens = Option.Boolean('--withTokens', {
             description: 'Include current TOTP tokens in the output',
         });
@@ -27,12 +27,12 @@ class EntriesSearchCommand extends BaseListOutputCommand {
             ],
         ],
     }); }
-    getList() {
+    async getList() {
         if (this.withTokens) {
-            return this.twoFaLib.vault.searchEntriesMetas(this.query, true);
+            return this.favaLib.vault.searchEntriesMetas(this.query, true);
         }
         else {
-            return this.twoFaLib.vault.searchEntriesMetas(this.query, false);
+            return this.favaLib.vault.searchEntriesMetas(this.query, false);
         }
     }
 }

package/build/commands/export/text.d.mts

@@ -1,9 +1,9 @@
 import BaseCommand from '../../BaseCommand.mjs';
 declare class ExportTextCommand extends BaseCommand {
     static paths: string[][];
-    requireTwoFaLib: boolean;
+    requireFavaLib: boolean;
     pathOption: string | undefined;
-    passphraseSource: string | undefined;
+    passwordSource: string | undefined;
     static usage: import("clipanion").Usage;
     exec(): Promise<{
         success: boolean;

package/build/commands/export/text.mjs

@@ -3,16 +3,16 @@ import { Option } from 'clipanion';
 import * as t from 'typanion';
 import keytar from 'keytar';
 import BaseCommand from '../../BaseCommand.mjs';
-import { password, input } from '@inquirer/prompts';
+import { password as passwordInput, input } from '@inquirer/prompts';
 class ExportTextCommand extends BaseCommand {
     constructor() {
         super(...arguments);
-        this.requireTwoFaLib = true;
+        this.requireFavaLib = true;
         this.pathOption = Option.String('--path', {
             description: 'File path for the export, if not set will output to stdout',
         });
-        this.passphraseSource = Option.String('--passphrase-source', {
-            description: 'Source of passphrase, either "stdin" or "stored"',
+        this.passwordSource = Option.String('--password-source', {
+            description: 'Source of password, either "stdin" or "stored"',
             validator: t.isEnum(['stdin', 'stored']),
         });
     }
@@ -25,63 +25,60 @@ class ExportTextCommand extends BaseCommand {
 
       You can specify a file path for the export using the --path flag.
 
-      You can specify the passphrase source with --passphrase-source flag:
-      - "stdin": You'll be prompted to enter a passphrase
-      - "stored": Will use the previously stored passphrase, if none is found, will be promted for a passphrase
+      You can specify the password source with --password-source flag:
+      - "stdin": You'll be prompted to enter a password
+      - "stored": Will use the previously stored password, if none is found, will be promted for a password
 
-      If no passphrase source is specified, it will export without encryption (no passphrase).
+      If no password source is specified, it will export without encryption (no password).
 
-      WARNING: Exporting your 2FA secrets in plain text (without passphrase) is not secure.
+      WARNING: Exporting your 2FA secrets in plain text (without password) is not secure.
     `,
         examples: [
             ['Export entries as unencrypted text (UNSECURE)', 'export text'],
             ['Export to specific file', 'export text --path=/path/to/export.txt'],
+            ['Export using stored password', 'export text --password-source=stored'],
             [
-                'Export using stored passphrase',
-                'export text --passphrase-source=stored',
-            ],
-            [
-                'Export with manual passphrase entry',
-                'export text --passphrase-source=stdin',
+                'Export with manual password entry',
+                'export text --password-source=stdin',
             ],
         ],
     }); }
     async exec() {
-        const entriesCount = this.twoFaLib.vault.listEntries().length;
-        // Get passphrase based on source
-        let passphrase = undefined;
-        // If passphrase source is "stored", try to get from keytar without prompting
-        if (this.passphraseSource === 'stored') {
+        const entriesCount = this.favaLib.vault.listEntries().length;
+        // Get password based on source
+        let password = undefined;
+        // If password source is "stored", try to get from keytar without prompting
+        if (this.passwordSource === 'stored') {
             try {
-                passphrase = await keytar.getPassword('favacli', 'export-passphrase');
-                if (!passphrase) {
-                    this.context.stderr.write('No stored passphrase found. Please enter a passphrase to store.\n');
-                    passphrase = await password({
-                        message: 'Enter passphrase to store and use for encryption:',
+                password = await keytar.getPassword('favacli', 'export-password');
+                if (!password) {
+                    this.context.stderr.write('No stored password found. Please enter a password to store.\n');
+                    password = await passwordInput({
+                        message: 'Enter password to store and use for encryption:',
                     });
-                    // Store the passphrase for future use
-                    await keytar.setPassword('favacli', 'export-passphrase', passphrase);
-                    this.context.stdout.write('Passphrase stored.\n');
+                    // Store the password for future use
+                    await keytar.setPassword('favacli', 'export-password', password);
+                    this.context.stdout.write('Password stored.\n');
                 }
             }
             catch (error) {
                 if (error instanceof Error) {
-                    this.context.stderr.write(`Failed to access stored passphrase: ${error.message}}\n`);
+                    this.context.stderr.write(`Failed to access stored password: ${error.message}}\n`);
                 }
                 else {
-                    this.context.stderr.write(`Failed to access stored passphrase: Unknown error\n`);
+                    this.context.stderr.write(`Failed to access stored password: Unknown error\n`);
                 }
                 return { success: false };
             }
         }
         // Default behavior or explicit "stdin"
-        else if (this.passphraseSource === 'stdin') {
-            passphrase = await password({
-                message: 'Enter passphrase to use for encryption:',
+        else if (this.passwordSource === 'stdin') {
+            password = await passwordInput({
+                message: 'Enter password to use for encryption:',
             });
         }
-        // Add warning and confirmation if no passphrase is provided
-        else if (!this.passphraseSource) {
+        // Add warning and confirmation if no password is provided
+        else if (!this.passwordSource) {
             this.context.stderr.write('WARNING: You are about to export 2FA secrets in plain text without encryption.\n');
             this.context.stderr.write('This is NOT SECURE and could expose your 2FA secrets if the file is accessed by others.\n');
             const confirm = await input({
@@ -92,7 +89,7 @@ class ExportTextCommand extends BaseCommand {
                 return { success: false };
             }
         }
-        const content = await this.twoFaLib.exportImport.exportEntries('text', passphrase, true);
+        const content = await this.favaLib.exportImport.exportEntries('text', password, true);
         if (this.pathOption) {
             try {
                 await fs.writeFile(this.pathOption, content);

package/build/commands/sync/connect.d.mts

@@ -1,7 +1,7 @@
 import BaseCommand from '../../BaseCommand.mjs';
 declare class ConnectCommand extends BaseCommand {
     static paths: string[][];
-    requireTwoFaLib: boolean;
+    requireFavaLib: boolean;
     static usage: import("clipanion").Usage;
     exec(): Promise<{
         success: boolean;

package/build/commands/sync/connect.mjs

@@ -1,10 +1,10 @@
 import { input } from '@inquirer/prompts';
 import BaseCommand from '../../BaseCommand.mjs';
-import { TwoFaLibEvent } from 'favalib';
+import { FavaLibEvent } from 'favalib';
 class ConnectCommand extends BaseCommand {
     constructor() {
         super(...arguments);
-        this.requireTwoFaLib = true;
+        this.requireFavaLib = true;
     }
     static { this.paths = [['sync', 'connect']]; }
     static { this.usage = BaseCommand.Usage({
@@ -18,18 +18,24 @@ class ConnectCommand extends BaseCommand {
         examples: [['Connect to an existing vault', 'sync connect']],
     }); }
     async exec() {
-        if (!this.twoFaLib.sync) {
+        if (!this.favaLib.sync) {
             throw new Error('No server url set');
         }
         const connectionString = await input({
             message: 'Enter connection string:',
         });
+        const friendlyName = (await input({
+            message: 'Enter a friendly name for this device (optional):',
+        })).trim();
+        if (friendlyName) {
+            await this.favaLib.setDeviceFriendlyName(friendlyName);
+        }
         const connectFinished = new Promise((resolve) => {
-            this.twoFaLib.addEventListener(TwoFaLibEvent.ConnectToExistingVaultFinished, () => {
+            this.favaLib.addEventListener(FavaLibEvent.ConnectToExistingVaultFinished, () => {
                 resolve();
             });
         });
-        await this.twoFaLib.sync.respondToAddDeviceFlow(connectionString, 'text');
+        await this.favaLib.sync.respondToAddDeviceFlow(connectionString, 'text');
         await connectFinished;
         return { success: true };
     }

package/build/commands/sync/getInfo.d.mts

@@ -1,7 +1,7 @@
 import BaseCommand from '../../BaseCommand.mjs';
 declare class GetInfoCommand extends BaseCommand {
     static paths: string[][];
-    requireTwoFaLib: boolean;
+    requireFavaLib: boolean;
     static usage: import("clipanion").Usage;
     exec(): Promise<{
         connected: boolean;

package/build/commands/sync/getInfo.mjs

@@ -2,7 +2,7 @@ import BaseCommand from '../../BaseCommand.mjs';
 class GetInfoCommand extends BaseCommand {
     constructor() {
         super(...arguments);
-        this.requireTwoFaLib = true;
+        this.requireFavaLib = true;
     }
     static { this.paths = [['sync', 'get-info']]; }
     static { this.usage = BaseCommand.Usage({
@@ -12,12 +12,12 @@ class GetInfoCommand extends BaseCommand {
         examples: [['Get sync info', 'sync get-info']],
     }); }
     exec() {
-        if (!this.twoFaLib.sync) {
+        if (!this.favaLib.sync) {
             throw new Error('No server url set');
         }
-        const connected = this.twoFaLib.sync.webSocketConnected || false;
-        const friendlyName = this.twoFaLib.meta.deviceFriendlyName || '(none)';
-        const serverUrl = this.twoFaLib.sync.serverUrl || '(none)';
+        const connected = this.favaLib.sync.webSocketConnected || false;
+        const friendlyName = this.favaLib.meta.deviceFriendlyName || '(none)';
+        const serverUrl = this.favaLib.sync.serverUrl || '(none)';
         this.output(`Connected: ${connected ? 'yes' : 'no'}\n`);
         this.output(`Device friendly name: ${friendlyName}\n`);
         this.output(`Sync server URL: ${serverUrl}\n`);

package/build/commands/sync/listDevices.d.mts

@@ -2,7 +2,7 @@ import BaseCommand from '../../BaseCommand.mjs';
 import type { PublicSyncDevice } from 'favalib';
 declare class ListDevicesCommand extends BaseCommand {
     static paths: string[][];
-    requireTwoFaLib: boolean;
+    requireFavaLib: boolean;
     static usage: import("clipanion").Usage;
     exec(): Promise<{
         devices: PublicSyncDevice[];

package/build/commands/sync/listDevices.mjs

@@ -3,7 +3,7 @@ import BaseCommand from '../../BaseCommand.mjs';
 class ListDevicesCommand extends BaseCommand {
     constructor() {
         super(...arguments);
-        this.requireTwoFaLib = true;
+        this.requireFavaLib = true;
     }
     static { this.paths = [['sync', 'list-devices']]; }
     static { this.usage = BaseCommand.Usage({
@@ -13,10 +13,10 @@ class ListDevicesCommand extends BaseCommand {
         examples: [['List all synced devices', 'sync list-devices']],
     }); }
     async exec() {
-        if (!this.twoFaLib.sync) {
+        if (!this.favaLib.sync) {
             throw new Error('No server url set');
         }
-        const devices = this.twoFaLib.sync.getSyncDevices();
+        const devices = this.favaLib.sync.getSyncDevices();
         const headers = [
             { value: 'deviceId', align: 'left', width: 38 },
             { value: 'deviceType', align: 'left', width: 38 },

package/build/commands/sync/removeDevice.d.mts

@@ -0,0 +1,16 @@
+import BaseCommand from '../../BaseCommand.mjs';
+declare class RemoveDeviceCommand extends BaseCommand {
+    static paths: string[][];
+    requireFavaLib: boolean;
+    static usage: import("clipanion").Usage;
+    deviceId: string | undefined;
+    force: boolean | undefined;
+    exec(): Promise<{
+        success: boolean;
+        cancelled?: undefined;
+    } | {
+        success: boolean;
+        cancelled: boolean;
+    }>;
+}
+export default RemoveDeviceCommand;

package/build/commands/sync/removeDevice.mjs

@@ -0,0 +1,69 @@
+import { Option } from 'clipanion';
+import { select, confirm } from '@inquirer/prompts';
+import BaseCommand from '../../BaseCommand.mjs';
+class RemoveDeviceCommand extends BaseCommand {
+    constructor() {
+        super(...arguments);
+        this.requireFavaLib = true;
+        this.deviceId = Option.String('--device-id', { required: false });
+        this.force = Option.Boolean('--force', {
+            description: 'Remove without confirmation',
+        });
+    }
+    static { this.paths = [['sync', 'remove-device']]; }
+    static { this.usage = BaseCommand.Usage({
+        category: 'Sync',
+        description: 'Remove a device from the vault sync set',
+        details: `Removes a synced device from your vault. The removal is synced to all other
+      connected devices. Pass --device-id to skip the interactive picker.`,
+        examples: [
+            ['Pick a device to remove interactively', 'sync remove-device'],
+            ['Remove a specific device', 'sync remove-device --device-id <id>'],
+        ],
+    }); }
+    async exec() {
+        if (!this.favaLib.sync) {
+            throw new Error('No server url set');
+        }
+        const devices = this.favaLib.sync.getSyncDevices();
+        if (devices.length === 0) {
+            this.output('No devices to remove.\n');
+            return { success: false };
+        }
+        // Resolve target device
+        let targetId;
+        if (this.deviceId) {
+            const match = devices.find((d) => d.deviceId === this.deviceId);
+            if (!match) {
+                throw new Error(`No synced device found with id: ${this.deviceId}`);
+            }
+            targetId = match.deviceId;
+        }
+        else {
+            targetId = await select({
+                message: 'Select a device to remove:',
+                choices: devices.map((d) => ({
+                    name: `${d.deviceFriendlyName ?? '(no name)'} (${d.deviceType ?? 'unknown'}) — ${d.deviceId}`,
+                    value: d.deviceId,
+                })),
+            });
+        }
+        // Confirmation (skippable with --force)
+        const target = devices.find((d) => d.deviceId === targetId);
+        const label = target?.deviceFriendlyName ?? targetId;
+        if (!this.force) {
+            const ok = await confirm({
+                message: `Remove "${label}"? This will sync to all devices.`,
+                default: false,
+            });
+            if (!ok) {
+                this.output('Device removal cancelled.\n');
+                return { success: false, cancelled: true };
+            }
+        }
+        await this.favaLib.removeSyncDevice(targetId);
+        this.output(`Removed device: ${label}\n`);
+        return { success: true };
+    }
+}
+export default RemoveDeviceCommand;

package/build/commands/sync/resilver.d.mts

@@ -1,7 +1,7 @@
 import BaseCommand from '../../BaseCommand.mjs';
 declare class ResilverCommand extends BaseCommand {
     static paths: string[][];
-    requireTwoFaLib: boolean;
+    requireFavaLib: boolean;
     static usage: import("clipanion").Usage;
     exec(): Promise<{
         success: boolean;

package/build/commands/sync/resilver.mjs

@@ -2,7 +2,7 @@ import BaseCommand from '../../BaseCommand.mjs';
 class ResilverCommand extends BaseCommand {
     constructor() {
         super(...arguments);
-        this.requireTwoFaLib = true;
+        this.requireFavaLib = true;
     }
     static { this.paths = [['sync', 'resilver']]; }
     static { this.usage = BaseCommand.Usage({
@@ -12,10 +12,10 @@ class ResilverCommand extends BaseCommand {
         examples: [['Resilver a vault', 'sync resilver']],
     }); }
     async exec() {
-        if (!this.twoFaLib.sync) {
+        if (!this.favaLib.sync) {
             throw new Error('No server url set');
         }
-        await this.twoFaLib.sync.requestResilver();
+        await this.favaLib.sync.requestResilver();
         // TODO: do this based on events
         await new Promise((resolve) => setTimeout(resolve, 5000));
         return { success: true };

package/build/commands/sync/setFriendlyName.d.mts

@@ -1,7 +1,7 @@
 import BaseCommand from '../../BaseCommand.mjs';
 declare class SetFriendlyNameCommand extends BaseCommand {
     static paths: string[][];
-    requireTwoFaLib: boolean;
+    requireFavaLib: boolean;
     static usage: import("clipanion").Usage;
     name: string;
     exec(): Promise<{

package/build/commands/sync/setFriendlyName.mjs

@@ -3,7 +3,7 @@ import BaseCommand from '../../BaseCommand.mjs';
 class SetFriendlyNameCommand extends BaseCommand {
     constructor() {
         super(...arguments);
-        this.requireTwoFaLib = true;
+        this.requireFavaLib = true;
         this.name = Option.String('--name', { required: true });
     }
     static { this.paths = [['sync', 'set-friendly-name']]; }
@@ -17,10 +17,10 @@ class SetFriendlyNameCommand extends BaseCommand {
         ],
     }); }
     async exec() {
-        if (!this.twoFaLib.sync) {
+        if (!this.favaLib.sync) {
             throw new Error('No server url set');
         }
-        await this.twoFaLib.setDeviceFriendlyName(this.name);
+        await this.favaLib.setDeviceFriendlyName(this.name);
         this.output(`Device name set to: ${this.name}\n`);
         return { success: true };
     }

package/build/commands/sync/setServerUrl.d.mts

@@ -2,7 +2,7 @@ import BaseCommand from '../../BaseCommand.mjs';
 declare class SetServerUrlCommand extends BaseCommand {
     static paths: string[][];
     static usage: import("clipanion").Usage;
-    requireTwoFaLib: boolean;
+    requireFavaLib: boolean;
     serverUrl: string;
     force: boolean | undefined;
     exec(): Promise<{

package/build/commands/sync/setServerUrl.mjs

@@ -3,7 +3,7 @@ import BaseCommand from '../../BaseCommand.mjs';
 class SetServerUrlCommand extends BaseCommand {
     constructor() {
         super(...arguments);
-        this.requireTwoFaLib = true;
+        this.requireFavaLib = true;
         this.serverUrl = Option.String({ required: true });
         this.force = Option.Boolean('--force', {
             description: 'Set serverUrl even if connection fails',
@@ -23,7 +23,7 @@ class SetServerUrlCommand extends BaseCommand {
         ],
     }); }
     async exec() {
-        await this.twoFaLib.setSyncServerUrl(this.serverUrl, this.force);
+        await this.favaLib.setSyncServerUrl(this.serverUrl, this.force);
         return { success: true };
     }
 }

package/build/commands/vault/create.d.mts

@@ -1,7 +1,7 @@
 import BaseCommand from '../../BaseCommand.mjs';
 declare class VaultCreateCommand extends BaseCommand {
     static paths: string[][];
-    requireTwoFaLib: boolean;
+    requireFavaLib: boolean;
     static usage: import("clipanion").Usage;
     exec(): Promise<{
         success: boolean;

package/build/commands/vault/create.mjs

@@ -1,14 +1,13 @@
 import fs from 'node:fs/promises';
 import keytar from 'keytar';
 import BaseCommand from '../../BaseCommand.mjs';
-import { getTwoFaLibVaultCreationUtils } from 'favalib';
-import NodeCryptoProvider from 'favalib/cryptoProviders/node';
-import { password } from '@inquirer/prompts';
-const cryptoLib = new NodeCryptoProvider();
+import { getFavaLibVaultCreationUtils } from 'favalib';
+import NodePlatformProvider from 'favalib/platformProviders/node';
+import { password as passwordInput } from '@inquirer/prompts';
 class VaultCreateCommand extends BaseCommand {
     constructor() {
         super(...arguments);
-        this.requireTwoFaLib = false;
+        this.requireFavaLib = false;
     }
     static { this.paths = [['vault', 'create']]; }
     static { this.usage = BaseCommand.Usage({
@@ -17,28 +16,28 @@ class VaultCreateCommand extends BaseCommand {
         details: `
       This command creates a new encrypted vault file to store your 2FA entries.
 
-      You will be prompted to enter a passphrase that will be used to encrypt the vault.
-      The passphrase will be securely stored in your system's keychain.
+      You will be prompted to enter a password that will be used to encrypt the vault.
+      The password will be securely stored in your system's keychain.
     `,
         examples: [['Create a new vault', 'vault create']],
     }); }
     async exec() {
-        const twoFaLibVaultCreationUtils = getTwoFaLibVaultCreationUtils(cryptoLib, 'cli', ['cli'], (newLockedRepresentationString) => fs.writeFile(this.settings.vaultLocation, newLockedRepresentationString));
-        const passphrase = (await password({
-            message: 'Enter your vault passphrase:',
+        const favaLibVaultCreationUtils = getFavaLibVaultCreationUtils(NodePlatformProvider, 'cli', ['cli'], (newLockedRepresentationString) => fs.writeFile(this.settings.vaultLocation, newLockedRepresentationString));
+        const password = (await passwordInput({
+            message: 'Enter your vault password:',
             mask: '*',
         }));
-        const repeatPassphrase = (await password({
-            message: 'Repeat your vault passphrase:',
+        const repeatPassword = (await passwordInput({
+            message: 'Repeat your vault password:',
             mask: '*',
         }));
-        if (passphrase != repeatPassphrase) {
-            throw new Error("Passphrases don't match");
+        if (password != repeatPassword) {
+            throw new Error("Passwords don't match");
         }
-        const { twoFaLib } = await twoFaLibVaultCreationUtils.createNewTwoFaLibVault(passphrase);
+        const { favaLib } = await favaLibVaultCreationUtils.createNewFavaLibVault(password);
         await Promise.all([
-            twoFaLib.storage.forceSave(),
-            keytar.setPassword('favacli', 'vault-passphrase', passphrase),
+            favaLib.storage.forceSave(),
+            keytar.setPassword('favacli', 'vault-password', password),
         ]);
         return { success: true };
     }

package/build/commands/vault/delete.d.mts

@@ -1,7 +1,7 @@
 import BaseCommand from '../../BaseCommand.mjs';
 declare class VaultDeleteCommand extends BaseCommand {
     static paths: string[][];
-    requireTwoFaLib: boolean;
+    requireFavaLib: boolean;
     static usage: import("clipanion").Usage;
     force: boolean | undefined;
     exec(): Promise<{

package/build/commands/vault/delete.mjs

@@ -5,7 +5,7 @@ import BaseCommand from '../../BaseCommand.mjs';
 class VaultDeleteCommand extends BaseCommand {
     constructor() {
         super(...arguments);
-        this.requireTwoFaLib = false;
+        this.requireFavaLib = false;
         this.force = Option.Boolean('--force', {
             description: 'Delete the vault without confirmation',
         });

package/build/commands/vault/restorePassword.d.mts

@@ -0,0 +1,10 @@
+import BaseCommand from '../../BaseCommand.mjs';
+declare class VaultRestorePasswordCommand extends BaseCommand {
+    static paths: string[][];
+    requireFavaLib: boolean;
+    static usage: import("clipanion").Usage;
+    exec(): Promise<{
+        success: boolean;
+    }>;
+}
+export default VaultRestorePasswordCommand;

package/build/commands/vault/restorePassword.mjs

@@ -0,0 +1,60 @@
+import keytar from 'keytar';
+import BaseCommand from '../../BaseCommand.mjs';
+import { getFavaLibVaultCreationUtils } from 'favalib';
+import NodePlatformProvider from 'favalib/platformProviders/node';
+import { password as passwordInput } from '@inquirer/prompts';
+class VaultRestorePasswordCommand extends BaseCommand {
+    constructor() {
+        super(...arguments);
+        this.requireFavaLib = false;
+    }
+    static { this.paths = [['vault', 'restore-password']]; }
+    static { this.usage = BaseCommand.Usage({
+        category: 'Vault',
+        description: "Store an existing vault's password in the system keychain",
+        details: `
+      Use this when the vault file exists on this device but its password is not
+      stored in the system keychain (e.g. after copying the vault from another
+      device, or after the keychain was cleared).
+
+      You will be prompted for the vault password. It is verified against the
+      existing vault and, if correct, stored in your system's keychain so other
+      commands can decrypt the vault. This does NOT change or re-encrypt the vault.
+    `,
+        examples: [
+            ['Restore the vault password in the keychain', 'vault restore-password'],
+        ],
+    }); }
+    async exec() {
+        if (!this.lockedRepresentationString) {
+            throw new Error(`No vault found at "${this.settings.vaultLocation}". Run "vault create" to create one.`);
+        }
+        const password = (await passwordInput({
+            message: 'Enter your vault password:',
+            mask: '*',
+        }));
+        // No save function is passed: we only load the vault to validate the
+        // password, we never write it back.
+        const favaLibVaultCreationUtils = getFavaLibVaultCreationUtils(NodePlatformProvider, 'cli', ['cli']);
+        // Validate the entered password by decrypting the existing vault (offline).
+        let favaLib;
+        try {
+            favaLib =
+                await favaLibVaultCreationUtils.loadFavaLibFromLockedRepesentation(this.lockedRepresentationString, password);
+        }
+        catch (err) {
+            if (err instanceof Error && err.message === 'Invalid password') {
+                throw new Error('Incorrect password — nothing was stored.');
+            }
+            throw err;
+        }
+        await keytar.setPassword('favacli', 'vault-password', password);
+        // Loading may have opened a sync connection; close it so the process exits.
+        if (favaLib.sync) {
+            favaLib.sync.closeServerConnection();
+        }
+        this.output('Vault password stored in the system keychain.\n');
+        return { success: true };
+    }
+}
+export default VaultRestorePasswordCommand;

package/build/main.mjs

@@ -2,6 +2,7 @@
 import { Cli, Builtins } from 'clipanion';
 import VaultCreateCommand from './commands/vault/create.mjs';
 import VaultDeleteCommand from './commands/vault/delete.mjs';
+import VaultRestorePasswordCommand from './commands/vault/restorePassword.mjs';
 import EntriesAddCommand from './commands/entries/add.mjs';
 import EntriesListCommand from './commands/entries/list.mjs';
 import EntriesSearchCommand from './commands/entries/search.mjs';
@@ -9,6 +10,7 @@ import SyncSetServerUrlCommand from './commands/sync/setServerUrl.mjs';
 import SyncConnect from './commands/sync/connect.mjs';
 import SyncResilver from './commands/sync/resilver.mjs';
 import SyncListDevices from './commands/sync/listDevices.mjs';
+import SyncRemoveDeviceCommand from './commands/sync/removeDevice.mjs';
 import SyncSetFriendlyNameCommand from './commands/sync/setFriendlyName.mjs';
 import ExportTextCommand from './commands/export/text.mjs';
 import SyncGetInfoCommand from './commands/sync/getInfo.mjs';
@@ -21,10 +23,11 @@ const [, , ...args] = process.argv;
 const cli = new Cli({
     binaryLabel: 'FavaCli',
     binaryName: `favacli`,
-    binaryVersion: '0.0.21',
+    binaryVersion: '0.0.23',
 });
 cli.register(VaultCreateCommand);
 cli.register(VaultDeleteCommand);
+cli.register(VaultRestorePasswordCommand);
 cli.register(EntriesAddCommand);
 cli.register(EntriesListCommand);
 cli.register(EntriesSearchCommand);
@@ -32,6 +35,7 @@ cli.register(SyncSetServerUrlCommand);
 cli.register(SyncConnect);
 cli.register(SyncResilver);
 cli.register(SyncListDevices);
+cli.register(SyncRemoveDeviceCommand);
 cli.register(ExportTextCommand);
 cli.register(SyncSetFriendlyNameCommand);
 cli.register(SyncGetInfoCommand);

package/build/test.d.mts

@@ -0,0 +1 @@
+export {};

package/build/test.mjs

@@ -0,0 +1,15 @@
+import { getFavaLibVaultCreationUtils, } from 'favalib';
+// almost empty for now
+const SwiftPlatformProvider = {
+    CryptoLib: class {
+    },
+};
+const favaLibVaultCreationUtils = getFavaLibVaultCreationUtils(SwiftPlatformProvider, 'ios-app', ['iphone', 'apple'], () => {
+    /* no-op for now */
+});
+const getPasswordStrength = async (password) => {
+    const result = await favaLibVaultCreationUtils.getPasswordStrength(password);
+    return result.score;
+};
+// example usage
+console.log(await getPasswordStrength('welcome123'));

package/build/utils/loadVault.d.mts

@@ -1,4 +1,4 @@
 import { type LockedRepresentationString } from 'favalib';
 import { Settings } from './init.mjs';
-declare const loadVault: (vaultData: LockedRepresentationString, settings: Settings, addError: (err: Error) => void, verbose?: boolean) => Promise<import("favalib").TwoFaLib>;
+declare const loadVault: (vaultData: LockedRepresentationString, settings: Settings, addError: (err: Error) => void, verbose?: boolean) => Promise<import("favalib").FavaLib>;
 export default loadVault;

package/build/utils/loadVault.mjs

@@ -1,8 +1,7 @@
 import fs from 'node:fs/promises';
 import keytar from 'keytar';
-import { getTwoFaLibVaultCreationUtils, TwoFaLibEvent, } from 'favalib';
-import NodeCryptoProvider from 'favalib/cryptoProviders/node';
-const cryptoLib = new NodeCryptoProvider();
+import { getFavaLibVaultCreationUtils, FavaLibEvent, } from 'favalib';
+import NodePlatformProvider from 'favalib/platformProviders/node';
 const loadVault = async (vaultData, settings, addError, verbose = false) => {
     const saveFunction = async (newLockedRepresentationString) => {
         const tempFile = `${settings.vaultLocation}.tmp`;
@@ -30,10 +29,25 @@ const loadVault = async (vaultData, settings, addError, verbose = false) => {
             throw error;
         }
     };
-    const twoFaLibVaultCreationUtils = getTwoFaLibVaultCreationUtils(cryptoLib, 'cli', ['cli'], saveFunction);
-    const passphrase = (await keytar.getPassword('favacli', 'vault-passphrase'));
-    const twoFaLib = await twoFaLibVaultCreationUtils.loadTwoFaLibFromLockedRepesentation(vaultData, passphrase);
-    twoFaLib.addEventListener(TwoFaLibEvent.Log, (ev) => {
+    const favaLibVaultCreationUtils = getFavaLibVaultCreationUtils(NodePlatformProvider, 'cli', ['cli'], saveFunction);
+    let storedPassword;
+    try {
+        storedPassword = await keytar.getPassword('favacli', 'vault-password');
+    }
+    catch (err) {
+        throw new Error(`Failed to read the vault password from the system keychain: ${err instanceof Error ? err.message : String(err)}. Make sure your OS keychain service is available (on Linux this requires a ` +
+            `Secret Service provider such as gnome-keyring or KWallet via libsecret).`);
+    }
+    if (!storedPassword) {
+        throw new Error(`No vault password found in the system keychain. The vault file at ` +
+            `"${settings.vaultLocation}" exists, but the password used to decrypt it is not ` +
+            `stored on this device. This usually happens when the vault was copied from another ` +
+            `device or the keychain entry was removed. Run "favacli vault restore-password" to ` +
+            `re-store it.`);
+    }
+    const password = storedPassword;
+    const favaLib = await favaLibVaultCreationUtils.loadFavaLibFromLockedRepesentation(vaultData, password);
+    favaLib.addEventListener(FavaLibEvent.Log, (ev) => {
         if (ev.detail.severity === 'warning') {
             addError(new Error(ev.detail.message));
             return;
@@ -42,7 +56,7 @@ const loadVault = async (vaultData, settings, addError, verbose = false) => {
             console.log(ev.detail.message);
         }
     });
-    await twoFaLib.ready;
-    return twoFaLib;
+    await favaLib.ready;
+    return favaLib;
 };
 export default loadVault;

package/package.json

@@ -1,22 +1,22 @@
 {
   "name": "favacli",
-  "version": "0.0.21",
+  "version": "0.0.23",
   "description": "",
   "type": "module",
   "author": "",
   "license": "ISC",
   "dependencies": {
-    "@inquirer/prompts": "^7.5.3",
-    "bufferutil": "^4.0.9",
+    "@inquirer/prompts": "^8.4.3",
+    "bufferutil": "^4.1.0",
     "clipanion": "^4.0.0-rc.4",
-    "env-paths": "^3.0.0",
-    "favalib": "^0.0.11",
+    "env-paths": "^4.0.0",
     "keytar": "^7.9.0",
-    "tty-table": "^4.2.3",
-    "typanion": "^3.14.0"
+    "tty-table": "^5.0.0",
+    "typanion": "^3.14.0",
+    "favalib": "0.0.17"
   },
   "devDependencies": {
-    "type-fest": "^4.26.1"
+    "type-fest": "^5.6.0"
   },
   "bin": {
     "favacli": "build/main.mjs"
@@ -27,4 +27,4 @@
   "engines": {
     "node": ">=20"
   }
-}
+}