humanenv 0.1.0

package/packages/client/dist/index.cjs

@@ -0,0 +1,333 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  HumanEnvClient: () => HumanEnvClient,
+  default: () => index_default
+});
+module.exports = __toCommonJS(index_exports);
+
+// src/shared/errors.ts
+var ErrorMessages = {
+  SERVER_PK_NOT_AVAILABLE: "Server private key is not available. Restart pending.",
+  CLIENT_AUTH_INVALID_PROJECT_NAME: "Invalid or unknown project name.",
+  CLIENT_AUTH_NOT_WHITELISTED: "Client fingerprint is not whitelisted for this project.",
+  CLIENT_AUTH_INVALID_API_KEY: "Invalid or expired API key.",
+  CLIENT_CONN_MAX_RETRIES_EXCEEDED: "Maximum WS connection retries exceeded.",
+  ENV_API_MODE_ONLY: "This env is API-mode only and cannot be accessed via CLI.",
+  SERVER_INTERNAL_ERROR: "An internal server error occurred.",
+  WS_CONNECTION_FAILED: "Failed to establish WebSocket connection.",
+  DB_OPERATION_FAILED: "Database operation failed."
+};
+var HumanEnvError = class extends Error {
+  code;
+  constructor(code, message) {
+    super(message ?? ErrorMessages[code]);
+    this.name = "HumanEnvError";
+    this.code = code;
+  }
+};
+
+// src/shared/crypto.ts
+var crypto = __toESM(require("node:crypto"));
+function generateFingerprint() {
+  const components = [
+    process.env.HOSTNAME || "unknown-host",
+    process.platform,
+    process.arch,
+    process.version
+  ];
+  return crypto.createHash("sha256").update(components.join("|")).digest("hex").slice(0, 16);
+}
+
+// src/ws-manager.ts
+var import_ws = __toESM(require("ws"));
+var HumanEnvClient = class {
+  ws = null;
+  connected = false;
+  authenticated = false;
+  _whitelistStatus = null;
+  attempts = 0;
+  pending = /* @__PURE__ */ new Map();
+  config;
+  retryTimer = null;
+  pingTimer = null;
+  reconnecting = false;
+  disconnecting = false;
+  _authResolve = null;
+  _authReject = null;
+  get whitelistStatus() {
+    return this._whitelistStatus;
+  }
+  constructor(config) {
+    this.config = {
+      serverUrl: config.serverUrl,
+      projectName: config.projectName,
+      projectApiKey: config.projectApiKey || "",
+      maxRetries: config.maxRetries ?? 10
+    };
+  }
+  getFingerprint() {
+    return generateFingerprint();
+  }
+  async connect() {
+    return new Promise((resolve, reject) => {
+      this.doConnect(resolve, reject);
+    });
+  }
+  doConnect(resolve, reject) {
+    const proto = this.config.serverUrl.startsWith("https") ? "wss" : "ws";
+    const host = this.config.serverUrl.replace(/^https?:\/\//, "").replace(/\/+$/, "");
+    const url = `${proto}://${host}/ws`;
+    this.ws = new import_ws.default(url);
+    this.ws.on("open", () => {
+      this.connected = true;
+      this.attempts = 0;
+      this.reconnecting = false;
+      this.startPing();
+      this.sendAuth(resolve, reject);
+    });
+    this.ws.on("message", (raw) => {
+      try {
+        const msg = JSON.parse(raw.toString());
+        this.handleMessage(msg);
+      } catch {
+      }
+    });
+    this.ws.on("close", () => {
+      this.connected = false;
+      this.authenticated = false;
+      this.stopPing();
+      if (!this.disconnecting && !this.reconnecting) this.scheduleReconnect(reject);
+    });
+    this.ws.on("error", () => {
+    });
+  }
+  sendAuth(resolve, reject) {
+    this._authResolve = resolve;
+    this._authReject = reject;
+    this.ws?.send(JSON.stringify({
+      type: "auth",
+      payload: {
+        projectName: this.config.projectName,
+        apiKey: this.config.projectApiKey,
+        fingerprint: this.getFingerprint()
+      }
+    }));
+  }
+  handleMessage(msg) {
+    if (msg.type === "auth_response") {
+      if (msg.payload.success) {
+        this.authenticated = true;
+        this._whitelistStatus = msg.payload.status || (msg.payload.whitelisted ? "approved" : "pending");
+        this._authResolve?.();
+      } else {
+        this._authReject?.(new HumanEnvError(msg.payload.code, msg.payload.error));
+      }
+      this._authResolve = null;
+      this._authReject = null;
+      return;
+    }
+    if (msg.type === "get_response") {
+      this._resolvePending("get", msg.payload);
+      return;
+    }
+    if (msg.type === "set_response") {
+      this._resolvePending("set", msg.payload);
+      return;
+    }
+    if (msg.type === "pong") {
+    }
+  }
+  _resolvePending(kind, payload) {
+    for (const [id, op] of this.pending) {
+      clearTimeout(op.timeout);
+      this.pending.delete(id);
+      if (payload.error) {
+        op.reject(new HumanEnvError(payload.code, payload.error));
+      } else {
+        op.resolve(payload);
+      }
+      return;
+    }
+  }
+  async get(keyOrKeys) {
+    if (!this.connected || !this.authenticated) throw new HumanEnvError("CLIENT_AUTH_INVALID_API_KEY" /* CLIENT_AUTH_INVALID_API_KEY */);
+    if (Array.isArray(keyOrKeys)) {
+      const result = {};
+      await Promise.all(keyOrKeys.map(async (key) => {
+        result[key] = await this._getSingle(key);
+      }));
+      return result;
+    }
+    return this._getSingle(keyOrKeys);
+  }
+  _getSingle(key) {
+    return new Promise((resolve, reject) => {
+      const msgId = `${key}-${Date.now()}`;
+      const timeout = setTimeout(() => {
+        this.pending.delete(msgId);
+        reject(new Error(`Timeout getting env: ${key}`));
+      }, 8e3);
+      this.pending.set(msgId, { resolve: (v) => resolve(v.value), reject, timeout });
+      this.ws?.send(JSON.stringify({ type: "get", payload: { key } }));
+    });
+  }
+  async set(key, value) {
+    if (!this.connected || !this.authenticated) throw new HumanEnvError("CLIENT_AUTH_INVALID_API_KEY" /* CLIENT_AUTH_INVALID_API_KEY */);
+    const msgId = `set-${Date.now()}`;
+    return new Promise((resolve, reject) => {
+      const timeout = setTimeout(() => {
+        this.pending.delete(msgId);
+        reject(new Error(`Timeout setting env: ${key}`));
+      }, 8e3);
+      this.pending.set(msgId, { resolve, reject, timeout });
+      this.ws?.send(JSON.stringify({ type: "set", payload: { key, value } }));
+    });
+  }
+  scheduleReconnect(reject) {
+    if (this.attempts >= this.config.maxRetries) {
+      reject(new HumanEnvError("CLIENT_CONN_MAX_RETRIES_EXCEEDED" /* CLIENT_CONN_MAX_RETRIES_EXCEEDED */));
+      return;
+    }
+    this.reconnecting = true;
+    this.attempts++;
+    const delay = Math.min(1e3 * Math.pow(2, this.attempts - 1), 3e4);
+    if (process.stdout.isTTY) {
+      console.error(`[humanenv] Reconnecting in ${delay}ms (attempt ${this.attempts}/${this.config.maxRetries})...`);
+    }
+    this.retryTimer = setTimeout(() => {
+      this.doConnect(() => {
+      }, reject);
+    }, delay);
+  }
+  startPing() {
+    this.stopPing();
+    this.pingTimer = setInterval(() => {
+      if (this.ws?.readyState === import_ws.default.OPEN) {
+        this.ws.send(JSON.stringify({ type: "ping" }));
+      }
+    }, 3e4);
+  }
+  stopPing() {
+    if (this.pingTimer) {
+      clearInterval(this.pingTimer);
+      this.pingTimer = null;
+    }
+  }
+  /** Send a generate_api_key request to the server */
+  async generateApiKey() {
+    if (!this.connected || !this.authenticated) throw new Error("Client not authenticated");
+    return new Promise((resolve, reject) => {
+      const msgId = `genkey-${Date.now()}`;
+      const timeout = setTimeout(() => {
+        this.pending.delete(msgId);
+        reject(new Error("Timeout waiting for API key generation"));
+      }, 6e4);
+      this.pending.set(msgId, { resolve: (v) => resolve(v.apiKey), reject, timeout });
+      this.ws?.send(JSON.stringify({ type: "generate_api_key", payload: { projectName: this.config.projectName } }));
+    });
+  }
+  /** Connect (creates fresh WS) and waits for auth response up to `timeoutMs`. Resolves silently on timeout. */
+  async connectAndWaitForAuth(timeoutMs) {
+    return new Promise((resolve) => {
+      if (this.connected && this.authenticated) {
+        resolve();
+        return;
+      }
+      const deadline = Date.now() + timeoutMs;
+      const checkInterval = setInterval(() => {
+        if (this.connected && this.authenticated) {
+          clearInterval(checkInterval);
+          resolve();
+          return;
+        }
+        if (Date.now() >= deadline) {
+          clearInterval(checkInterval);
+          resolve();
+          return;
+        }
+      }, 200);
+      if (!this.connected) {
+        this.attempts = 0;
+        this.doConnect(() => {
+        }, () => {
+          clearInterval(checkInterval);
+          resolve();
+        });
+      }
+    });
+  }
+  disconnect() {
+    this.stopPing();
+    if (this.retryTimer) {
+      clearTimeout(this.retryTimer);
+      this.retryTimer = null;
+    }
+    this.disconnecting = true;
+    this.reconnecting = false;
+    this.ws?.close();
+  }
+};
+
+// src/index.ts
+var singleton = null;
+var configSet = false;
+async function ensure() {
+  if (!singleton) throw new Error("humanenv.config() must be called first");
+  return singleton;
+}
+var index_default = {
+  config(cfg) {
+    if (configSet) return;
+    configSet = true;
+    singleton = new HumanEnvClient(cfg);
+  },
+  async get(keyOrKeys) {
+    const client = await ensure();
+    return client.get(keyOrKeys);
+  },
+  async set(key, value) {
+    const client = await ensure();
+    return client.set(key, value);
+  },
+  disconnect() {
+    if (singleton) {
+      singleton.disconnect();
+      singleton = null;
+      configSet = false;
+    }
+  }
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  HumanEnvClient
+});

package/packages/client/dist/index.mjs

@@ -0,0 +1,296 @@
+// src/shared/errors.ts
+var ErrorMessages = {
+  SERVER_PK_NOT_AVAILABLE: "Server private key is not available. Restart pending.",
+  CLIENT_AUTH_INVALID_PROJECT_NAME: "Invalid or unknown project name.",
+  CLIENT_AUTH_NOT_WHITELISTED: "Client fingerprint is not whitelisted for this project.",
+  CLIENT_AUTH_INVALID_API_KEY: "Invalid or expired API key.",
+  CLIENT_CONN_MAX_RETRIES_EXCEEDED: "Maximum WS connection retries exceeded.",
+  ENV_API_MODE_ONLY: "This env is API-mode only and cannot be accessed via CLI.",
+  SERVER_INTERNAL_ERROR: "An internal server error occurred.",
+  WS_CONNECTION_FAILED: "Failed to establish WebSocket connection.",
+  DB_OPERATION_FAILED: "Database operation failed."
+};
+var HumanEnvError = class extends Error {
+  code;
+  constructor(code, message) {
+    super(message ?? ErrorMessages[code]);
+    this.name = "HumanEnvError";
+    this.code = code;
+  }
+};
+
+// src/shared/crypto.ts
+import * as crypto from "node:crypto";
+function generateFingerprint() {
+  const components = [
+    process.env.HOSTNAME || "unknown-host",
+    process.platform,
+    process.arch,
+    process.version
+  ];
+  return crypto.createHash("sha256").update(components.join("|")).digest("hex").slice(0, 16);
+}
+
+// src/ws-manager.ts
+import WebSocket from "ws";
+var HumanEnvClient = class {
+  ws = null;
+  connected = false;
+  authenticated = false;
+  _whitelistStatus = null;
+  attempts = 0;
+  pending = /* @__PURE__ */ new Map();
+  config;
+  retryTimer = null;
+  pingTimer = null;
+  reconnecting = false;
+  disconnecting = false;
+  _authResolve = null;
+  _authReject = null;
+  get whitelistStatus() {
+    return this._whitelistStatus;
+  }
+  constructor(config) {
+    this.config = {
+      serverUrl: config.serverUrl,
+      projectName: config.projectName,
+      projectApiKey: config.projectApiKey || "",
+      maxRetries: config.maxRetries ?? 10
+    };
+  }
+  getFingerprint() {
+    return generateFingerprint();
+  }
+  async connect() {
+    return new Promise((resolve, reject) => {
+      this.doConnect(resolve, reject);
+    });
+  }
+  doConnect(resolve, reject) {
+    const proto = this.config.serverUrl.startsWith("https") ? "wss" : "ws";
+    const host = this.config.serverUrl.replace(/^https?:\/\//, "").replace(/\/+$/, "");
+    const url = `${proto}://${host}/ws`;
+    this.ws = new WebSocket(url);
+    this.ws.on("open", () => {
+      this.connected = true;
+      this.attempts = 0;
+      this.reconnecting = false;
+      this.startPing();
+      this.sendAuth(resolve, reject);
+    });
+    this.ws.on("message", (raw) => {
+      try {
+        const msg = JSON.parse(raw.toString());
+        this.handleMessage(msg);
+      } catch {
+      }
+    });
+    this.ws.on("close", () => {
+      this.connected = false;
+      this.authenticated = false;
+      this.stopPing();
+      if (!this.disconnecting && !this.reconnecting) this.scheduleReconnect(reject);
+    });
+    this.ws.on("error", () => {
+    });
+  }
+  sendAuth(resolve, reject) {
+    this._authResolve = resolve;
+    this._authReject = reject;
+    this.ws?.send(JSON.stringify({
+      type: "auth",
+      payload: {
+        projectName: this.config.projectName,
+        apiKey: this.config.projectApiKey,
+        fingerprint: this.getFingerprint()
+      }
+    }));
+  }
+  handleMessage(msg) {
+    if (msg.type === "auth_response") {
+      if (msg.payload.success) {
+        this.authenticated = true;
+        this._whitelistStatus = msg.payload.status || (msg.payload.whitelisted ? "approved" : "pending");
+        this._authResolve?.();
+      } else {
+        this._authReject?.(new HumanEnvError(msg.payload.code, msg.payload.error));
+      }
+      this._authResolve = null;
+      this._authReject = null;
+      return;
+    }
+    if (msg.type === "get_response") {
+      this._resolvePending("get", msg.payload);
+      return;
+    }
+    if (msg.type === "set_response") {
+      this._resolvePending("set", msg.payload);
+      return;
+    }
+    if (msg.type === "pong") {
+    }
+  }
+  _resolvePending(kind, payload) {
+    for (const [id, op] of this.pending) {
+      clearTimeout(op.timeout);
+      this.pending.delete(id);
+      if (payload.error) {
+        op.reject(new HumanEnvError(payload.code, payload.error));
+      } else {
+        op.resolve(payload);
+      }
+      return;
+    }
+  }
+  async get(keyOrKeys) {
+    if (!this.connected || !this.authenticated) throw new HumanEnvError("CLIENT_AUTH_INVALID_API_KEY" /* CLIENT_AUTH_INVALID_API_KEY */);
+    if (Array.isArray(keyOrKeys)) {
+      const result = {};
+      await Promise.all(keyOrKeys.map(async (key) => {
+        result[key] = await this._getSingle(key);
+      }));
+      return result;
+    }
+    return this._getSingle(keyOrKeys);
+  }
+  _getSingle(key) {
+    return new Promise((resolve, reject) => {
+      const msgId = `${key}-${Date.now()}`;
+      const timeout = setTimeout(() => {
+        this.pending.delete(msgId);
+        reject(new Error(`Timeout getting env: ${key}`));
+      }, 8e3);
+      this.pending.set(msgId, { resolve: (v) => resolve(v.value), reject, timeout });
+      this.ws?.send(JSON.stringify({ type: "get", payload: { key } }));
+    });
+  }
+  async set(key, value) {
+    if (!this.connected || !this.authenticated) throw new HumanEnvError("CLIENT_AUTH_INVALID_API_KEY" /* CLIENT_AUTH_INVALID_API_KEY */);
+    const msgId = `set-${Date.now()}`;
+    return new Promise((resolve, reject) => {
+      const timeout = setTimeout(() => {
+        this.pending.delete(msgId);
+        reject(new Error(`Timeout setting env: ${key}`));
+      }, 8e3);
+      this.pending.set(msgId, { resolve, reject, timeout });
+      this.ws?.send(JSON.stringify({ type: "set", payload: { key, value } }));
+    });
+  }
+  scheduleReconnect(reject) {
+    if (this.attempts >= this.config.maxRetries) {
+      reject(new HumanEnvError("CLIENT_CONN_MAX_RETRIES_EXCEEDED" /* CLIENT_CONN_MAX_RETRIES_EXCEEDED */));
+      return;
+    }
+    this.reconnecting = true;
+    this.attempts++;
+    const delay = Math.min(1e3 * Math.pow(2, this.attempts - 1), 3e4);
+    if (process.stdout.isTTY) {
+      console.error(`[humanenv] Reconnecting in ${delay}ms (attempt ${this.attempts}/${this.config.maxRetries})...`);
+    }
+    this.retryTimer = setTimeout(() => {
+      this.doConnect(() => {
+      }, reject);
+    }, delay);
+  }
+  startPing() {
+    this.stopPing();
+    this.pingTimer = setInterval(() => {
+      if (this.ws?.readyState === WebSocket.OPEN) {
+        this.ws.send(JSON.stringify({ type: "ping" }));
+      }
+    }, 3e4);
+  }
+  stopPing() {
+    if (this.pingTimer) {
+      clearInterval(this.pingTimer);
+      this.pingTimer = null;
+    }
+  }
+  /** Send a generate_api_key request to the server */
+  async generateApiKey() {
+    if (!this.connected || !this.authenticated) throw new Error("Client not authenticated");
+    return new Promise((resolve, reject) => {
+      const msgId = `genkey-${Date.now()}`;
+      const timeout = setTimeout(() => {
+        this.pending.delete(msgId);
+        reject(new Error("Timeout waiting for API key generation"));
+      }, 6e4);
+      this.pending.set(msgId, { resolve: (v) => resolve(v.apiKey), reject, timeout });
+      this.ws?.send(JSON.stringify({ type: "generate_api_key", payload: { projectName: this.config.projectName } }));
+    });
+  }
+  /** Connect (creates fresh WS) and waits for auth response up to `timeoutMs`. Resolves silently on timeout. */
+  async connectAndWaitForAuth(timeoutMs) {
+    return new Promise((resolve) => {
+      if (this.connected && this.authenticated) {
+        resolve();
+        return;
+      }
+      const deadline = Date.now() + timeoutMs;
+      const checkInterval = setInterval(() => {
+        if (this.connected && this.authenticated) {
+          clearInterval(checkInterval);
+          resolve();
+          return;
+        }
+        if (Date.now() >= deadline) {
+          clearInterval(checkInterval);
+          resolve();
+          return;
+        }
+      }, 200);
+      if (!this.connected) {
+        this.attempts = 0;
+        this.doConnect(() => {
+        }, () => {
+          clearInterval(checkInterval);
+          resolve();
+        });
+      }
+    });
+  }
+  disconnect() {
+    this.stopPing();
+    if (this.retryTimer) {
+      clearTimeout(this.retryTimer);
+      this.retryTimer = null;
+    }
+    this.disconnecting = true;
+    this.reconnecting = false;
+    this.ws?.close();
+  }
+};
+
+// src/index.ts
+var singleton = null;
+var configSet = false;
+async function ensure() {
+  if (!singleton) throw new Error("humanenv.config() must be called first");
+  return singleton;
+}
+var index_default = {
+  config(cfg) {
+    if (configSet) return;
+    configSet = true;
+    singleton = new HumanEnvClient(cfg);
+  },
+  async get(keyOrKeys) {
+    const client = await ensure();
+    return client.get(keyOrKeys);
+  },
+  async set(key, value) {
+    const client = await ensure();
+    return client.set(key, value);
+  },
+  disconnect() {
+    if (singleton) {
+      singleton.disconnect();
+      singleton = null;
+      configSet = false;
+    }
+  }
+};
+export {
+  HumanEnvClient,
+  index_default as default
+};

package/packages/client/package.json

@@ -0,0 +1,24 @@
+{
+  "name": "humanenv",
+  "version": "0.1.0",
+  "description": "Securely inject environment variables into your app. Secrets for humans only.",
+  "main": "./dist/index.cjs",
+  "types": "./dist/index.d.ts",
+  "bin": {
+    "humanenv": "./dist/cli.js"
+  },
+  "author": "arancibiajav@gmail.com",
+  "repository": {
+    "type": "git",
+    "url": "git@github.com:javimosch/humanenv.git"
+  },
+  "scripts": {
+    "build": "node build.js",
+    "typecheck": "tsc --noEmit"
+  },
+  "dependencies": {
+    "commander": "^12.1.0",
+    "ws": "^8.18.0"
+  },
+  "files": ["src/", "dist/"]
+}