keyra-cli 0.1.0 → 0.1.2

package/cli/package-lock.json

@@ -1,11 +1,11 @@
 {
-  "name": "envpilot",
+  "name": "keyra-cli",
   "version": "0.1.0",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
-      "name": "envpilot",
+      "name": "keyra-cli",
       "version": "0.1.0",
       "license": "MIT",
       "dependencies": {
@@ -17,7 +17,7 @@
         "ora": "^9.3.0"
       },
       "bin": {
-        "envpilot": "dist/index.js"
+        "keyra": "dist/index.js"
       },
       "devDependencies": {
         "@types/inquirer": "^9.0.9",
@@ -1209,6 +1209,7 @@
       "integrity": "sha512-m0jEgYlYz+mDJZ2+F4v8D1AyQb+QzsNqRuI7xg1VQX/KlKS0qT9r1Mo16yo5F/MtifXFgaofIFsdFMox2SxIbQ==",
       "devOptional": true,
       "license": "MIT",
+      "peer": true,
       "dependencies": {
         "undici-types": "~7.16.0"
       }
@@ -1571,6 +1572,7 @@
       "dev": true,
       "hasInstallScript": true,
       "license": "MIT",
+      "peer": true,
       "bin": {
         "esbuild": "bin/esbuild"
       },
@@ -2044,6 +2046,7 @@
       "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==",
       "dev": true,
       "license": "MIT",
+      "peer": true,
       "engines": {
         "node": ">=12"
       },
@@ -2489,6 +2492,7 @@
       "integrity": "sha512-jl1vZzPDinLr9eUt3J/t7V6FgNEw9QjvBPdysz9KfQDD41fQrC2Y4vKQdiaUpFT4bXlb1RHhLpp8wtm6M5TgSw==",
       "dev": true,
       "license": "Apache-2.0",
+      "peer": true,
       "bin": {
         "tsc": "bin/tsc",
         "tsserver": "bin/tsserver"

package/cli/package.json

@@ -1,13 +1,17 @@
 {
-  "name": "keyra",
-  "version": "0.1.0",
+  "name": "keyra-cli",
+  "version": "0.1.2",
   "description": "Encrypted .env vault. Sync, share, and never lose an API key.",
   "bin": {
-    "keyra": "./dist/index.js"
+    "keyra-cli": "./dist/index.js"
   },
+  "files": [
+    "dist"
+  ],
   "scripts": {
     "build": "tsup src/index.ts --format esm --target node18 --clean --shims",
-    "dev": "tsup src/index.ts --format esm --target node18 --watch --shims"
+    "dev": "tsup src/index.ts --format esm --target node18 --watch --shims",
+    "prepublishOnly": "npm run build"
   },
   "keywords": [
     "env",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "keyra-cli",
-  "version": "0.1.0",
+  "version": "0.1.2",
   "scripts": {
     "dev": "next dev",
     "build": "next build",

package/cli/src/commands/guard.ts

@@ -1,89 +0,0 @@
-import { Command } from 'commander';
-import fs from 'fs';
-import path from 'path';
-import chalk from 'chalk';
-import { success, error, warning, printBox } from '../lib/ui.js';
-
-const HOOK_MARKER = '# keyra-guard';
-const PRE_COMMIT_HOOK = `#!/bin/sh
-${HOOK_MARKER}
-# Keyra Git Guardian — blocks accidental .env commits
-# https://keyra.dev
-
-staged=$(git diff --cached --name-only 2>/dev/null)
-
-for file in $staged; do
-  if echo "$file" | grep -qE '(^|\\.)\\.env(\\..*)?$'; then
-    echo ""
-    echo "  \\033[0;31m✗ Keyra Git Guardian blocked your commit\\033[0m"
-    echo "  \\033[0;33m⚠ Detected .env file in staged changes: $file\\033[0m"
-    echo ""
-    echo "  Commit secrets to your Keyra vault instead:"
-    echo "    keyra push"
-    echo ""
-    exit 1
-  fi
-done
-`;
-
-export const guardCommand = new Command('guard')
-  .description('Install a pre-commit hook to block accidental .env commits')
-  .action(async () => {
-    // Find .git directory
-    let gitDir: string | null = null;
-    let dir = process.cwd();
-    for (let i = 0; i < 10; i++) {
-      const candidate = path.join(dir, '.git');
-      if (fs.existsSync(candidate) && fs.statSync(candidate).isDirectory()) {
-        gitDir = candidate;
-        break;
-      }
-      const parent = path.dirname(dir);
-      if (parent === dir) break;
-      dir = parent;
-    }
-
-    if (!gitDir) {
-      error('Not inside a git repository.');
-      process.exit(1);
-    }
-
-    const hooksDir = path.join(gitDir, 'hooks');
-    if (!fs.existsSync(hooksDir)) {
-      fs.mkdirSync(hooksDir, { recursive: true });
-    }
-
-    const hookPath = path.join(hooksDir, 'pre-commit');
-
-    // Check if already installed
-    if (fs.existsSync(hookPath)) {
-      const existing = fs.readFileSync(hookPath, 'utf-8');
-      if (existing.includes(HOOK_MARKER)) {
-        warning('Git Guardian is already installed in this repository.');
-        return;
-      }
-      // Append to existing hook
-      fs.appendFileSync(hookPath, '\n' + PRE_COMMIT_HOOK);
-      success('Git Guardian appended to existing pre-commit hook.');
-    } else {
-      fs.writeFileSync(hookPath, PRE_COMMIT_HOOK);
-    }
-
-    // Make executable (no-op on Windows, but harmless)
-    try {
-      fs.chmodSync(hookPath, 0o755);
-    } catch {
-      // Windows doesn't support chmod
-    }
-
-    printBox(
-      chalk.green.bold('Git Guardian installed') +
-        '\n\n' +
-        chalk.dim('Pre-commit hook added to: ') +
-        chalk.white(hookPath) +
-        '\n\n' +
-        chalk.dim('Now if you accidentally stage a .env file,\n') +
-        chalk.dim('git commit will be blocked automatically.'),
-      'green'
-    );
-  });

package/cli/src/commands/init.ts

@@ -1,172 +0,0 @@
-import { Command } from 'commander';
-import path from 'path';
-import inquirer from 'inquirer';
-import chalk from 'chalk';
-import {
-  requireAuth,
-  hasProjectConfig,
-  loadProjectConfig,
-  saveProjectConfig,
-  addToGitignore,
-} from '../lib/config.js';
-import { createProject, upsertVaultEntries } from '../lib/api.js';
-import { readEnvFile } from '../lib/env-file.js';
-import { encrypt } from '../lib/encryption.js';
-import { success, error, info, spinner, printBox } from '../lib/ui.js';
-
-export const initCommand = new Command('init')
-  .description('Link current directory to a Keyra project')
-  .action(async () => {
-    let config;
-    try {
-      config = requireAuth();
-    } catch (err: any) {
-      error(err.message);
-      return;
-    }
-
-    if (hasProjectConfig()) {
-      const existing = loadProjectConfig();
-      info(
-        `This project is already linked to vault project: ${chalk.bold(existing?.projectName)}`
-      );
-      info('Run `keyra push` or `keyra pull` to sync.');
-      return;
-    }
-
-    const folderName = path.basename(process.cwd());
-
-    const { name } = await inquirer.prompt([
-      {
-        type: 'input',
-        name: 'name',
-        message: 'Project name:',
-        default: folderName,
-        validate: (input: string) =>
-          input.trim().length > 0 || 'Name is required',
-      },
-    ]);
-
-    const s = spinner('Creating project...');
-    s.start();
-
-    let project;
-    try {
-      project = await createProject(name.trim());
-      s.stop();
-      success(`Project "${project.name}" created`);
-    } catch (err: any) {
-      s.stop();
-      error(err.message);
-      return;
-    }
-
-    // Check for existing .env file
-    const envData = readEnvFile();
-    if (envData) {
-      const varCount = Object.keys(envData.vars).length;
-      const { importVars } = await inquirer.prompt([
-        {
-          type: 'confirm',
-          name: 'importVars',
-          message: `Found ${envData.filename} with ${varCount} variable${varCount !== 1 ? 's' : ''}. Import them to your vault?`,
-          default: true,
-        },
-      ]);
-
-      if (importVars) {
-        const uploadSpinner = spinner('Encrypting and uploading...');
-        uploadSpinner.start();
-
-        try {
-          const entries = Object.entries(envData.vars).map(([key, value]) => {
-            const encrypted = encrypt(value, config.passphrase);
-            return {
-              key_name: key,
-              encrypted_value: encrypted.encrypted,
-              iv: encrypted.iv,
-              salt: encrypted.salt,
-              auth_tag: encrypted.authTag,
-              category: guessCategory(key),
-            };
-          });
-
-          await upsertVaultEntries(project.id, entries);
-          uploadSpinner.stop();
-          success(`Imported ${entries.length} variable${entries.length !== 1 ? 's' : ''} to vault`);
-        } catch (err: any) {
-          uploadSpinner.stop();
-          error(`Failed to import: ${err.message}`);
-        }
-      }
-    }
-
-    saveProjectConfig({
-      projectId: project.id,
-      projectName: project.name,
-    });
-
-    addToGitignore('.keyra.json');
-
-    printBox(
-      chalk.green.bold(`Project "${project.name}" created and linked.`) +
-        '\n\n' +
-        chalk.dim('Use ') +
-        chalk.white('keyra push') +
-        chalk.dim(' and ') +
-        chalk.white('keyra pull') +
-        chalk.dim(' to sync.')
-    );
-  });
-
-function guessCategory(key: string): string {
-  const k = key.toUpperCase();
-  if (k.includes('OPENAI') || k.includes('ANTHROPIC') || k.includes('AI'))
-    return 'ai';
-  if (
-    k.includes('DATABASE') ||
-    k.includes('DB_') ||
-    k.includes('POSTGRES') ||
-    k.includes('MYSQL') ||
-    k.includes('MONGO') ||
-    k.includes('REDIS') ||
-    k.includes('SUPABASE')
-  )
-    return 'database';
-  if (
-    k.includes('AUTH') ||
-    k.includes('JWT') ||
-    k.includes('SESSION') ||
-    k.includes('NEXTAUTH') ||
-    k.includes('CLERK')
-  )
-    return 'auth';
-  if (k.includes('STRIPE') || k.includes('PAYMENT') || k.includes('PAYPAL'))
-    return 'payment';
-  if (
-    k.includes('VERCEL') ||
-    k.includes('AWS') ||
-    k.includes('GCP') ||
-    k.includes('AZURE') ||
-    k.includes('HEROKU') ||
-    k.includes('DEPLOY')
-  )
-    return 'hosting';
-  if (
-    k.includes('SMTP') ||
-    k.includes('EMAIL') ||
-    k.includes('SENDGRID') ||
-    k.includes('RESEND') ||
-    k.includes('MAILGUN')
-  )
-    return 'email';
-  if (
-    k.includes('ANALYTICS') ||
-    k.includes('MIXPANEL') ||
-    k.includes('GA_') ||
-    k.includes('POSTHOG') ||
-    k.includes('SENTRY')
-  )
-    return 'analytics';
-  return 'general';
-}

package/cli/src/commands/list.ts

@@ -1,60 +0,0 @@
-import { Command } from 'commander';
-import chalk from 'chalk';
-import { requireAuth } from '../lib/config.js';
-import { getProjects } from '../lib/api.js';
-import { error, info, spinner } from '../lib/ui.js';
-
-export const listCommand = new Command('list')
-  .alias('ls')
-  .description('List all your projects')
-  .action(async () => {
-    try {
-      requireAuth();
-    } catch (err: any) {
-      error(err.message);
-      return;
-    }
-
-    const s = spinner('Loading projects...');
-    s.start();
-
-    try {
-      const projects = await getProjects();
-      s.stop();
-
-      if (projects.length === 0) {
-        info('No projects yet. Run `keyra init` in a project folder.');
-        return;
-      }
-
-      console.log();
-      console.log(chalk.bold(`  ${projects.length} project${projects.length !== 1 ? 's' : ''}:`));
-      console.log();
-
-      // Calculate column widths
-      const maxName = Math.max(...projects.map((p) => p.name.length), 4);
-
-      // Header
-      console.log(
-        chalk.dim(
-          `  ${'Name'.padEnd(maxName + 2)}${'Vars'.padEnd(8)}Last Synced`
-        )
-      );
-      console.log(chalk.dim(`  ${'─'.repeat(maxName + 2 + 8 + 20)}`));
-
-      for (const project of projects) {
-        const name = chalk.green(project.name.padEnd(maxName + 2));
-        const vars = String(project.var_count).padEnd(8);
-        const synced = project.last_synced_at
-          ? new Date(project.last_synced_at).toLocaleDateString()
-          : chalk.dim('never');
-
-        console.log(`  ${name}${vars}${synced}`);
-      }
-
-      console.log();
-    } catch (err: any) {
-      s.stop();
-      error(err.message);
-    }
-  });

package/cli/src/commands/login.ts

@@ -1,116 +0,0 @@
-import { Command } from 'commander';
-import inquirer from 'inquirer';
-import open from 'open';
-import chalk from 'chalk';
-import { createDeviceCode, pollAuth } from '../lib/api.js';
-import { saveConfig } from '../lib/config.js';
-import { banner, spinner, success, error, printBox } from '../lib/ui.js';
-
-export const loginCommand = new Command('login')
-  .description('Authenticate with Keyra via browser')
-  .option('--api-url <url>', 'API URL', 'https://keyra.dev')
-  .action(async (options) => {
-    banner();
-
-    const baseUrl = options.apiUrl;
-    saveConfig({ apiUrl: baseUrl });
-
-    const s = spinner('Creating device code...');
-    s.start();
-
-    let deviceCode: string;
-    try {
-      const result = await createDeviceCode();
-      deviceCode = result.deviceCode;
-      s.stop();
-    } catch (err: any) {
-      s.stop();
-      error(err.message);
-      return;
-    }
-    const authUrl = `${baseUrl}/cli/auth?code=${deviceCode}`;
-
-    console.log();
-    console.log(chalk.dim('  Opening browser to authenticate...'));
-    console.log(chalk.dim(`  ${authUrl}`));
-    console.log();
-
-    try {
-      await open(authUrl);
-    } catch {
-      console.log(chalk.yellow('  Could not open browser automatically.'));
-      console.log(chalk.yellow(`  Open this URL manually: ${authUrl}`));
-    }
-
-    const pollSpinner = spinner('Waiting for you to sign in...');
-    pollSpinner.start();
-
-    const maxAttempts = 150; // 5 minutes at 2 second intervals
-    let accessToken: string | undefined;
-
-    for (let i = 0; i < maxAttempts; i++) {
-      await new Promise((resolve) => setTimeout(resolve, 2000));
-
-      try {
-        const result = await pollAuth(deviceCode);
-        if (result.status === 'authorized' && result.accessToken) {
-          accessToken = result.accessToken;
-          break;
-        }
-        if (result.status === 'expired') {
-          pollSpinner.stop();
-          error('Authentication timed out. Please try again.');
-          return;
-        }
-      } catch {
-        // Polling error, continue
-      }
-    }
-
-    pollSpinner.stop();
-
-    if (!accessToken) {
-      error('Authentication timed out. Please try again.');
-      return;
-    }
-
-    success('Signed in successfully!');
-    console.log();
-
-    const { passphrase } = await inquirer.prompt([
-      {
-        type: 'password',
-        name: 'passphrase',
-        message:
-          'Enter an encryption passphrase (this encrypts your secrets locally — remember it!):',
-        mask: '*',
-        validate: (input: string) =>
-          input.length >= 4 || 'Passphrase must be at least 4 characters',
-      },
-    ]);
-
-    const { confirm } = await inquirer.prompt([
-      {
-        type: 'password',
-        name: 'confirm',
-        message: 'Confirm passphrase:',
-        mask: '*',
-        validate: (input: string) =>
-          input === passphrase || 'Passphrases do not match',
-      },
-    ]);
-
-    saveConfig({
-      apiUrl: baseUrl,
-      accessToken,
-      passphrase,
-    });
-
-    printBox(
-      chalk.green.bold('You\'re logged in!') +
-        '\n\n' +
-        chalk.dim('Run ') +
-        chalk.white('keyra init') +
-        chalk.dim(' in a project to get started.')
-    );
-  });

package/cli/src/commands/logout.ts

@@ -1,10 +0,0 @@
-import { Command } from 'commander';
-import { clearConfig } from '../lib/config.js';
-import { success } from '../lib/ui.js';
-
-export const logoutCommand = new Command('logout')
-  .description('Clear stored credentials')
-  .action(() => {
-    clearConfig();
-    success('Logged out. Your vault data is still safe in the cloud.');
-  });

package/cli/src/commands/pull.ts

@@ -1,94 +0,0 @@
-import { Command } from 'commander';
-import fs from 'fs';
-import path from 'path';
-import chalk from 'chalk';
-import { requireAuth, requireProjectConfig } from '../lib/config.js';
-import { getVaultEntries, getProjects } from '../lib/api.js';
-import { decrypt } from '../lib/encryption.js';
-import { writeEnvFile } from '../lib/env-file.js';
-import { success, error, warning, spinner, promptSecret } from '../lib/ui.js';
-
-export const pullCommand = new Command('pull')
-  .description('Pull vault variables to local .env')
-  .option('-f, --file <filename>', 'Output filename', '.env')
-  .action(async (options) => {
-    let config;
-    try {
-      config = requireAuth();
-    } catch (err: any) {
-      error(err.message);
-      return;
-    }
-
-    let projectConfig;
-    try {
-      projectConfig = requireProjectConfig();
-    } catch (err: any) {
-      error(err.message);
-      return;
-    }
-
-    // Check if project has a password
-    let projectPassword: string | null = null;
-    try {
-      const projects = await getProjects();
-      const project = projects.find((p) => p.id === projectConfig.projectId);
-      if (project?.has_project_password) {
-        projectPassword = await promptSecret('Project password: ');
-        const blob = JSON.parse(project.project_password_salt!) as { encrypted: string; iv: string; salt: string; authTag: string };
-        try {
-          const result = decrypt(blob.encrypted, blob.iv, blob.salt, blob.authTag, projectPassword);
-          if (result !== 'keyra-verified') {
-            error('Incorrect project password');
-            return;
-          }
-        } catch {
-          error('Incorrect project password');
-          return;
-        }
-      }
-    } catch (err: any) {
-      error('Failed to fetch project info: ' + err.message);
-      return;
-    }
-
-    const s = spinner('Pulling from vault...');
-    s.start();
-
-    try {
-      const entries = await getVaultEntries(projectConfig.projectId);
-
-      if (entries.length === 0) {
-        s.stop();
-        warning('No variables found in vault. Push some first with `keyra push`.');
-        return;
-      }
-
-      const vars: Record<string, string> = {};
-      for (const entry of entries) {
-        if (projectPassword) {
-          // Double decrypt: outer with vault passphrase, inner with project password
-          const innerJson = decrypt(entry.encrypted_value, entry.iv, entry.salt, entry.auth_tag, config.passphrase);
-          const inner = JSON.parse(innerJson) as { encrypted: string; iv: string; salt: string; authTag: string };
-          vars[entry.key_name] = decrypt(inner.encrypted, inner.iv, inner.salt, inner.authTag, projectPassword);
-        } else {
-          vars[entry.key_name] = decrypt(entry.encrypted_value, entry.iv, entry.salt, entry.auth_tag, config.passphrase);
-        }
-      }
-
-      const existed = fs.existsSync(path.join(process.cwd(), options.file));
-      writeEnvFile(vars, undefined, options.file);
-
-      s.stop();
-      success(
-        'Pulled ' + entries.length + ' variable' + (entries.length !== 1 ? 's' : '') + ' from vault -> ' + options.file + ' ' + chalk.dim('(' + projectConfig.projectName + ')')
-      );
-
-      if (existed) {
-        warning('Existing ' + options.file + ' was overwritten');
-      }
-    } catch (err: any) {
-      s.stop();
-      error(err.message);
-    }
-  });