npm - latchkey - Versions diffs - 0.1.0 - Mend

latchkey 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (176) hide show

package/.nvmrc +1 -0
package/.pre-commit-config.yaml +22 -0
package/.prettierignore +4 -0
package/.prettierrc +7 -0
package/CLAUDE.md +13 -0
package/LICENSE +7 -0
package/README.md +167 -0
package/dist/scripts/cryptFile.d.ts +21 -0
package/dist/scripts/cryptFile.d.ts.map +1 -0
package/dist/scripts/cryptFile.js +106 -0
package/dist/scripts/cryptFile.js.map +1 -0
package/dist/scripts/encryptFile.d.ts +21 -0
package/dist/scripts/encryptFile.d.ts.map +1 -0
package/dist/scripts/encryptFile.js +101 -0
package/dist/scripts/encryptFile.js.map +1 -0
package/dist/scripts/recordBrowserSession.d.ts +18 -0
package/dist/scripts/recordBrowserSession.d.ts.map +1 -0
package/dist/scripts/recordBrowserSession.js +213 -0
package/dist/scripts/recordBrowserSession.js.map +1 -0
package/dist/src/apiCredentialStore.d.ts +19 -0
package/dist/src/apiCredentialStore.d.ts.map +1 -0
package/dist/src/apiCredentialStore.js +65 -0
package/dist/src/apiCredentialStore.js.map +1 -0
package/dist/src/apiCredentials.d.ts +134 -0
package/dist/src/apiCredentials.d.ts.map +1 -0
package/dist/src/apiCredentials.js +139 -0
package/dist/src/apiCredentials.js.map +1 -0
package/dist/src/browserConfig.d.ts +90 -0
package/dist/src/browserConfig.d.ts.map +1 -0
package/dist/src/browserConfig.js +259 -0
package/dist/src/browserConfig.js.map +1 -0
package/dist/src/browserState.d.ts +8 -0
package/dist/src/browserState.d.ts.map +1 -0
package/dist/src/browserState.js +21 -0
package/dist/src/browserState.js.map +1 -0
package/dist/src/cli.d.ts +6 -0
package/dist/src/cli.d.ts.map +1 -0
package/dist/src/cli.js +25 -0
package/dist/src/cli.js.map +1 -0
package/dist/src/cliCommands.d.ts +29 -0
package/dist/src/cliCommands.d.ts.map +1 -0
package/dist/src/cliCommands.js +264 -0
package/dist/src/cliCommands.js.map +1 -0
package/dist/src/config.d.ts +35 -0
package/dist/src/config.d.ts.map +1 -0
package/dist/src/config.js +96 -0
package/dist/src/config.js.map +1 -0
package/dist/src/curl.d.ts +29 -0
package/dist/src/curl.d.ts.map +1 -0
package/dist/src/curl.js +53 -0
package/dist/src/curl.js.map +1 -0
package/dist/src/encryptedStorage.d.ts +39 -0
package/dist/src/encryptedStorage.d.ts.map +1 -0
package/dist/src/encryptedStorage.js +128 -0
package/dist/src/encryptedStorage.js.map +1 -0
package/dist/src/encryption.d.ts +28 -0
package/dist/src/encryption.d.ts.map +1 -0
package/dist/src/encryption.js +86 -0
package/dist/src/encryption.js.map +1 -0
package/dist/src/index.d.ts +14 -0
package/dist/src/index.d.ts.map +1 -0
package/dist/src/index.js +17 -0
package/dist/src/index.js.map +1 -0
package/dist/src/keychain.d.ts +33 -0
package/dist/src/keychain.d.ts.map +1 -0
package/dist/src/keychain.js +94 -0
package/dist/src/keychain.js.map +1 -0
package/dist/src/playwrightUtils.d.ts +27 -0
package/dist/src/playwrightUtils.d.ts.map +1 -0
package/dist/src/playwrightUtils.js +122 -0
package/dist/src/playwrightUtils.js.map +1 -0
package/dist/src/registry.d.ts +12 -0
package/dist/src/registry.d.ts.map +1 -0
package/dist/src/registry.js +30 -0
package/dist/src/registry.js.map +1 -0
package/dist/src/services/base.d.ts +98 -0
package/dist/src/services/base.d.ts.map +1 -0
package/dist/src/services/base.js +137 -0
package/dist/src/services/base.js.map +1 -0
package/dist/src/services/discord.d.ts +20 -0
package/dist/src/services/discord.d.ts.map +1 -0
package/dist/src/services/discord.js +55 -0
package/dist/src/services/discord.js.map +1 -0
package/dist/src/services/dropbox.d.ts +23 -0
package/dist/src/services/dropbox.d.ts.map +1 -0
package/dist/src/services/dropbox.js +136 -0
package/dist/src/services/dropbox.js.map +1 -0
package/dist/src/services/github.d.ts +23 -0
package/dist/src/services/github.d.ts.map +1 -0
package/dist/src/services/github.js +110 -0
package/dist/src/services/github.js.map +1 -0
package/dist/src/services/index.d.ts +12 -0
package/dist/src/services/index.d.ts.map +1 -0
package/dist/src/services/index.js +11 -0
package/dist/src/services/index.js.map +1 -0
package/dist/src/services/linear.d.ts +23 -0
package/dist/src/services/linear.d.ts.map +1 -0
package/dist/src/services/linear.js +110 -0
package/dist/src/services/linear.js.map +1 -0
package/dist/src/services/slack.d.ts +21 -0
package/dist/src/services/slack.d.ts.map +1 -0
package/dist/src/services/slack.js +67 -0
package/dist/src/services/slack.js.map +1 -0
package/dist/tests/apiCredentialStore.test.d.ts +2 -0
package/dist/tests/apiCredentialStore.test.d.ts.map +1 -0
package/dist/tests/apiCredentialStore.test.js +130 -0
package/dist/tests/apiCredentialStore.test.js.map +1 -0
package/dist/tests/apiCredentials.test.d.ts +2 -0
package/dist/tests/apiCredentials.test.d.ts.map +1 -0
package/dist/tests/apiCredentials.test.js +169 -0
package/dist/tests/apiCredentials.test.js.map +1 -0
package/dist/tests/cli.test.d.ts +2 -0
package/dist/tests/cli.test.d.ts.map +1 -0
package/dist/tests/cli.test.js +584 -0
package/dist/tests/cli.test.js.map +1 -0
package/dist/tests/encryptedStorage.test.d.ts +2 -0
package/dist/tests/encryptedStorage.test.d.ts.map +1 -0
package/dist/tests/encryptedStorage.test.js +126 -0
package/dist/tests/encryptedStorage.test.js.map +1 -0
package/dist/tests/encryption.test.d.ts +2 -0
package/dist/tests/encryption.test.d.ts.map +1 -0
package/dist/tests/encryption.test.js +121 -0
package/dist/tests/encryption.test.js.map +1 -0
package/dist/tests/lint.test.d.ts +2 -0
package/dist/tests/lint.test.d.ts.map +1 -0
package/dist/tests/lint.test.js +18 -0
package/dist/tests/lint.test.js.map +1 -0
package/dist/tests/registry.test.d.ts +2 -0
package/dist/tests/registry.test.d.ts.map +1 -0
package/dist/tests/registry.test.js +85 -0
package/dist/tests/registry.test.js.map +1 -0
package/dist/tests/servicesAgainstRecordings.test.d.ts +20 -0
package/dist/tests/servicesAgainstRecordings.test.d.ts.map +1 -0
package/dist/tests/servicesAgainstRecordings.test.js +157 -0
package/dist/tests/servicesAgainstRecordings.test.js.map +1 -0
package/dist/tests/typecheck.test.d.ts +2 -0
package/dist/tests/typecheck.test.d.ts.map +1 -0
package/dist/tests/typecheck.test.js +18 -0
package/dist/tests/typecheck.test.js.map +1 -0
package/docs/development.md +94 -0
package/eslint.config.js +30 -0
package/integrations/SKILL.md +62 -0
package/package.json +68 -0
package/scripts/cryptFile.ts +123 -0
package/scripts/recordBrowserSession.ts +280 -0
package/scripts/tsconfig.json +10 -0
package/src/apiCredentialStore.ts +87 -0
package/src/apiCredentials.ts +180 -0
package/src/cli.ts +32 -0
package/src/cliCommands.ts +321 -0
package/src/config.ts +115 -0
package/src/curl.ts +78 -0
package/src/encryptedStorage.ts +161 -0
package/src/encryption.ts +106 -0
package/src/index.ts +65 -0
package/src/keychain.ts +105 -0
package/src/playwrightUtils.ts +143 -0
package/src/registry.ts +35 -0
package/src/services/base.ts +234 -0
package/src/services/discord.ts +73 -0
package/src/services/dropbox.ts +173 -0
package/src/services/github.ts +139 -0
package/src/services/index.ts +13 -0
package/src/services/linear.ts +134 -0
package/src/services/slack.ts +85 -0
package/tests/apiCredentialStore.test.ts +162 -0
package/tests/apiCredentials.test.ts +195 -0
package/tests/cli.test.ts +798 -0
package/tests/encryptedStorage.test.ts +173 -0
package/tests/encryption.test.ts +169 -0
package/tests/lint.test.ts +19 -0
package/tests/registry.test.ts +103 -0
package/tests/servicesAgainstRecordings.test.ts +230 -0
package/tests/typecheck.test.ts +19 -0
package/tsconfig.json +24 -0
package/vitest.config.ts +13 -0

package/src/apiCredentialStore.ts ADDED Viewed

@@ -0,0 +1,87 @@
+/**
+ * API credential store for persisting and loading API credentials.
+ */
+import {
+  ApiCredentials,
+  ApiCredentialsSchema,
+  deserializeCredentials,
+  serializeCredentials,
+} from './apiCredentials.js';
+import { EncryptedStorage } from './encryptedStorage.js';
+export class ApiCredentialStoreError extends Error {
+  constructor(message: string) {
+    super(message);
+    this.name = 'ApiCredentialStoreError';
+  }
+}
+type StoreData = Record<string, unknown>;
+export class ApiCredentialStore {
+  readonly path: string;
+  private readonly encryptedStorage: EncryptedStorage;
+  constructor(path: string, encryptedStorage: EncryptedStorage) {
+    this.path = path;
+    this.encryptedStorage = encryptedStorage;
+  }
+  private loadStoreData(): StoreData {
+    try {
+      const content = this.encryptedStorage.readFile(this.path);
+      if (content === null) {
+        return {};
+      }
+      return JSON.parse(content) as StoreData;
+    } catch (error) {
+      throw new ApiCredentialStoreError(
+        `Failed to read credential store: ${error instanceof Error ? error.message : String(error)}`
+      );
+    }
+  }
+  private saveStoreData(data: StoreData): void {
+    try {
+      this.encryptedStorage.writeFile(this.path, JSON.stringify(data, null, 2));
+    } catch (error) {
+      throw new ApiCredentialStoreError(
+        `Failed to write credential store: ${error instanceof Error ? error.message : String(error)}`
+      );
+    }
+  }
+  get(serviceName: string): ApiCredentials | null {
+    const data = this.loadStoreData();
+    const credentialData = data[serviceName];
+    if (credentialData === undefined) {
+      return null;
+    }
+    const parseResult = ApiCredentialsSchema.safeParse(credentialData);
+    if (!parseResult.success) {
+      throw new ApiCredentialStoreError(
+        `Invalid credential data for service ${serviceName}: ${parseResult.error.message}`
+      );
+    }
+    return deserializeCredentials(parseResult.data);
+  }
+  save(serviceName: string, apiCredentials: ApiCredentials): void {
+    const data = this.loadStoreData();
+    data[serviceName] = serializeCredentials(apiCredentials);
+    this.saveStoreData(data);
+  }
+  delete(serviceName: string): boolean {
+    const data = this.loadStoreData();
+    if (!(serviceName in data)) {
+      return false;
+    }
+    const { [serviceName]: _, ...rest } = data;
+    this.saveStoreData(rest);
+    return true;
+  }
+}

package/src/apiCredentials.ts ADDED Viewed

@@ -0,0 +1,180 @@
+/**
+ * API credentials types and utilities for authentication with various services.
+ */
+import { z } from 'zod';
+export enum ApiCredentialStatus {
+  Missing = 'missing',
+  Valid = 'valid',
+  Invalid = 'invalid',
+}
+/**
+ * Base interface for all API credentials.
+ * Each credential type must specify how to convert itself to curl arguments.
+ */
+export interface ApiCredentials {
+  readonly objectType: string;
+  asCurlArguments(): readonly string[];
+}
+/**
+ * Bearer token authentication (Authorization: Bearer <token>).
+ */
+export const AuthorizationBearerSchema = z.object({
+  objectType: z.literal('authorizationBearer'),
+  token: z.string(),
+});
+export type AuthorizationBearerData = z.infer<typeof AuthorizationBearerSchema>;
+export class AuthorizationBearer implements ApiCredentials {
+  readonly objectType = 'authorizationBearer' as const;
+  readonly token: string;
+  constructor(token: string) {
+    this.token = token;
+  }
+  asCurlArguments(): readonly string[] {
+    return ['-H', `Authorization: Bearer ${this.token}`];
+  }
+  toJSON(): AuthorizationBearerData {
+    return {
+      objectType: this.objectType,
+      token: this.token,
+    };
+  }
+  static fromJSON(data: AuthorizationBearerData): AuthorizationBearer {
+    return new AuthorizationBearer(data.token);
+  }
+}
+/**
+ * Raw authorization header (Authorization: <token>).
+ */
+export const AuthorizationBareSchema = z.object({
+  objectType: z.literal('authorizationBare'),
+  token: z.string(),
+});
+export type AuthorizationBareData = z.infer<typeof AuthorizationBareSchema>;
+export class AuthorizationBare implements ApiCredentials {
+  readonly objectType = 'authorizationBare' as const;
+  readonly token: string;
+  constructor(token: string) {
+    this.token = token;
+  }
+  asCurlArguments(): readonly string[] {
+    return ['-H', `Authorization: ${this.token}`];
+  }
+  toJSON(): AuthorizationBareData {
+    return {
+      objectType: this.objectType,
+      token: this.token,
+    };
+  }
+  static fromJSON(data: AuthorizationBareData): AuthorizationBare {
+    return new AuthorizationBare(data.token);
+  }
+}
+/**
+ * Slack-specific credentials (token + d cookie).
+ */
+export const SlackApiCredentialsSchema = z.object({
+  objectType: z.literal('slack'),
+  token: z.string(),
+  dCookie: z.string(),
+});
+export type SlackApiCredentialsData = z.infer<typeof SlackApiCredentialsSchema>;
+export class SlackApiCredentials implements ApiCredentials {
+  readonly objectType = 'slack' as const;
+  readonly token: string;
+  readonly dCookie: string;
+  constructor(token: string, dCookie: string) {
+    this.token = token;
+    this.dCookie = dCookie;
+  }
+  asCurlArguments(): readonly string[] {
+    return ['-H', `Authorization: Bearer ${this.token}`, '-H', `Cookie: d=${this.dCookie}`];
+  }
+  toJSON(): SlackApiCredentialsData {
+    return {
+      objectType: this.objectType,
+      token: this.token,
+      dCookie: this.dCookie,
+    };
+  }
+  static fromJSON(data: SlackApiCredentialsData): SlackApiCredentials {
+    return new SlackApiCredentials(data.token, data.dCookie);
+  }
+}
+/**
+ * Union schema for all credential types.
+ */
+export const ApiCredentialsSchema = z.discriminatedUnion('objectType', [
+  AuthorizationBearerSchema,
+  AuthorizationBareSchema,
+  SlackApiCredentialsSchema,
+]);
+export type ApiCredentialsData = z.infer<typeof ApiCredentialsSchema>;
+/**
+ * Deserialize credentials from JSON data.
+ */
+export function deserializeCredentials(data: ApiCredentialsData): ApiCredentials {
+  switch (data.objectType) {
+    case 'authorizationBearer':
+      return AuthorizationBearer.fromJSON(data);
+    case 'authorizationBare':
+      return AuthorizationBare.fromJSON(data);
+    case 'slack':
+      return SlackApiCredentials.fromJSON(data);
+    default: {
+      const exhaustiveCheck: never = data;
+      throw new ApiCredentialsSerializationError(
+        `Unknown credential type: ${(exhaustiveCheck as { objectType: string }).objectType}`
+      );
+    }
+  }
+}
+/**
+ * Serialize credentials to JSON data.
+ */
+export function serializeCredentials(credentials: ApiCredentials): ApiCredentialsData {
+  if (credentials instanceof AuthorizationBearer) {
+    return credentials.toJSON();
+  }
+  if (credentials instanceof AuthorizationBare) {
+    return credentials.toJSON();
+  }
+  if (credentials instanceof SlackApiCredentials) {
+    return credentials.toJSON();
+  }
+  throw new ApiCredentialsSerializationError(`Unknown credential type: ${credentials.objectType}`);
+}
+export class ApiCredentialsSerializationError extends Error {
+  constructor(message: string) {
+    super(message);
+    this.name = 'ApiCredentialsSerializationError';
+  }
+}

package/src/cli.ts ADDED Viewed

@@ -0,0 +1,32 @@
+#!/usr/bin/env node
+/**
+ * Command-line interface entry point for latchkey.
+ */
+import { program } from 'commander';
+import { registerCommands, createDefaultDependencies } from './cliCommands.js';
+import { InsecureFilePermissionsError } from './config.js';
+const deps = createDefaultDependencies();
+try {
+  deps.config.checkSensitiveFilePermissions();
+} catch (error) {
+  if (error instanceof InsecureFilePermissionsError) {
+    console.error(`Error: ${error.message}`);
+    process.exit(1);
+  }
+  throw error;
+}
+program
+  .name('latchkey')
+  .description(
+    'A command-line tool that injects API credentials to curl requests to known public APIs.'
+  )
+  .version('0.1.0');
+registerCommands(program, deps);
+program.parse();

package/src/cliCommands.ts ADDED Viewed

@@ -0,0 +1,321 @@
+/**
+ * CLI command implementations with dependency injection for testability.
+ */
+import type { Command } from 'commander';
+import { existsSync, unlinkSync } from 'node:fs';
+import { createInterface } from 'node:readline';
+import { ApiCredentialStore } from './apiCredentialStore.js';
+import { ApiCredentialStatus, ApiCredentials } from './apiCredentials.js';
+import { Config, CONFIG } from './config.js';
+import type { CurlResult } from './curl.js';
+import { EncryptedStorage } from './encryptedStorage.js';
+import { Registry, REGISTRY } from './registry.js';
+import { LoginCancelledError, LoginFailedError } from './services/index.js';
+import { run as curlRun } from './curl.js';
+// Curl flags that don't affect the HTTP request semantics but may not be supported by URL extraction.
+const CURL_PASSTHROUGH_FLAGS = new Set(['-v', '--verbose']);
+/**
+ * Dependencies that can be injected for testing.
+ */
+export interface CliDependencies {
+  readonly registry: Registry;
+  readonly config: Config;
+  readonly runCurl: (args: readonly string[]) => CurlResult;
+  readonly confirm: (message: string) => Promise<boolean>;
+  readonly exit: (code: number) => never;
+  readonly log: (message: string) => void;
+  readonly errorLog: (message: string) => void;
+}
+/**
+ * Default implementation of CLI dependencies.
+ */
+export function createDefaultDependencies(): CliDependencies {
+  return {
+    registry: REGISTRY,
+    config: CONFIG,
+    runCurl: curlRun,
+    confirm: defaultConfirm,
+    exit: (code: number) => process.exit(code),
+    log: (message: string) => {
+      console.log(message);
+    },
+    errorLog: (message: string) => {
+      console.error(message);
+    },
+  };
+}
+function filterPassthroughFlags(args: string[]): string[] {
+  return args.filter((arg) => !CURL_PASSTHROUGH_FLAGS.has(arg));
+}
+export function extractUrlFromCurlArguments(args: string[]): string | null {
+  const filteredArgs = filterPassthroughFlags(args);
+  // Simple URL extraction: look for arguments that look like URLs
+  // or parse known curl argument patterns
+  for (let i = 0; i < filteredArgs.length; i++) {
+    const arg = filteredArgs[i];
+    if (arg === undefined) continue;
+    // Skip flags and their values
+    if (arg.startsWith('-')) {
+      // Skip flags that take a value
+      if (['-H', '-d', '-X', '-o', '-w', '-u', '-A', '-e', '-b', '-c', '-F', '-T'].includes(arg)) {
+        i++; // Skip the next argument which is the value
+      }
+      continue;
+    }
+    // This looks like a URL
+    if (arg.startsWith('http://') || arg.startsWith('https://')) {
+      return arg;
+    }
+  }
+  return null;
+}
+async function defaultConfirm(message: string): Promise<boolean> {
+  const readline = createInterface({
+    input: process.stdin,
+    output: process.stdout,
+  });
+  return new Promise((resolve) => {
+    readline.question(`${message} (y/N) `, (answer) => {
+      readline.close();
+      resolve(answer.toLowerCase() === 'y' || answer.toLowerCase() === 'yes');
+    });
+  });
+}
+async function clearAll(deps: CliDependencies, yes: boolean): Promise<void> {
+  const latchkeyStore = deps.config.credentialStorePath;
+  const browserState = deps.config.browserStatePath;
+  const filesToDelete: string[] = [];
+  if (existsSync(latchkeyStore)) {
+    filesToDelete.push(latchkeyStore);
+  }
+  if (existsSync(browserState)) {
+    filesToDelete.push(browserState);
+  }
+  if (filesToDelete.length === 0) {
+    deps.log('No files to delete.');
+    return;
+  }
+  if (!yes) {
+    deps.log('This will delete the following files:');
+    for (const filePath of filesToDelete) {
+      deps.log(`  ${filePath}`);
+    }
+    const confirmed = await deps.confirm('Are you sure you want to continue?');
+    if (!confirmed) {
+      deps.log('Aborted.');
+      deps.exit(1);
+    }
+  }
+  for (const filePath of filesToDelete) {
+    unlinkSync(filePath);
+    if (filePath === latchkeyStore) {
+      deps.log(`Deleted credentials store: ${filePath}`);
+    } else {
+      deps.log(`Deleted browser state: ${filePath}`);
+    }
+  }
+}
+function createEncryptedStorageFromConfig(config: Config) {
+  return new EncryptedStorage({
+    encryptionKeyOverride: config.encryptionKeyOverride,
+    serviceName: config.serviceName,
+    accountName: config.accountName,
+  });
+}
+function clearService(deps: CliDependencies, serviceName: string): void {
+  const service = deps.registry.getByName(serviceName);
+  if (service === null) {
+    deps.errorLog(`Error: Unknown service: ${serviceName}`);
+    deps.errorLog("Use 'latchkey services' to see available services.");
+    deps.exit(1);
+  }
+  const encryptedStorage = createEncryptedStorageFromConfig(deps.config);
+  const apiCredentialStore = new ApiCredentialStore(
+    deps.config.credentialStorePath,
+    encryptedStorage
+  );
+  const deleted = apiCredentialStore.delete(serviceName);
+  if (deleted) {
+    deps.log(`API credentials for ${serviceName} have been cleared.`);
+  } else {
+    deps.log(`No API credentials found for ${serviceName}.`);
+  }
+}
+/**
+ * Register all CLI commands on the given program.
+ */
+export function registerCommands(program: Command, deps: CliDependencies): void {
+  program
+    .command('services')
+    .description('List known and supported third-party services.')
+    .action(() => {
+      const serviceNames = deps.registry.services.map((service) => service.name);
+      deps.log(serviceNames.join(' '));
+    });
+  program
+    .command('clear')
+    .description('Clear stored API credentials.')
+    .argument('[service_name]', 'Name of the service to clear API credentials for')
+    .option('-y, --yes', 'Skip confirmation prompt when clearing all data')
+    .action(async (serviceName: string | undefined, options: { yes?: boolean }) => {
+      if (serviceName === undefined) {
+        await clearAll(deps, options.yes ?? false);
+      } else {
+        clearService(deps, serviceName);
+      }
+    });
+  program
+    .command('status')
+    .description('Check the API credential status for a service.')
+    .argument('[service_name]', 'Name of the service to check status for')
+    .action((serviceName: string | undefined) => {
+      const encryptedStorage = createEncryptedStorageFromConfig(deps.config);
+      const apiCredentialStore = new ApiCredentialStore(
+        deps.config.credentialStorePath,
+        encryptedStorage
+      );
+      if (serviceName === undefined) {
+        for (const service of deps.registry.services) {
+          const apiCredentials = apiCredentialStore.get(service.name);
+          if (apiCredentials === null) {
+            deps.log(`${service.name}: ${ApiCredentialStatus.Missing}`);
+          } else {
+            const status = service.checkApiCredentials(apiCredentials);
+            deps.log(`${service.name}: ${status}`);
+          }
+        }
+        return;
+      }
+      const service = deps.registry.getByName(serviceName);
+      if (service === null) {
+        deps.errorLog(`Error: Unknown service: ${serviceName}`);
+        deps.errorLog("Use 'latchkey services' to see available services.");
+        deps.exit(1);
+      }
+      const apiCredentials = apiCredentialStore.get(serviceName);
+      if (apiCredentials === null) {
+        deps.log(ApiCredentialStatus.Missing);
+        return;
+      }
+      const apiCredentialStatus = service.checkApiCredentials(apiCredentials);
+      deps.log(apiCredentialStatus);
+    });
+  program
+    .command('login')
+    .description('Login to a service and store the API credentials.')
+    .argument('<service_name>', 'Name of the service to login to')
+    .action(async (serviceName: string) => {
+      const service = deps.registry.getByName(serviceName);
+      if (service === null) {
+        deps.errorLog(`Error: Unknown service: ${serviceName}`);
+        deps.errorLog("Use 'latchkey services' to see available services.");
+        deps.exit(1);
+      }
+      const encryptedStorage = createEncryptedStorageFromConfig(deps.config);
+      const apiCredentialStore = new ApiCredentialStore(
+        deps.config.credentialStorePath,
+        encryptedStorage
+      );
+      try {
+        const apiCredentials = await service
+          .getSession()
+          .login(encryptedStorage, deps.config.browserStatePath);
+        apiCredentialStore.save(service.name, apiCredentials);
+        deps.log('Done');
+      } catch (error) {
+        if (error instanceof LoginCancelledError) {
+          deps.errorLog('Login cancelled.');
+          deps.exit(1);
+        }
+        if (error instanceof LoginFailedError) {
+          deps.errorLog(error.message);
+          deps.exit(1);
+        }
+        throw error;
+      }
+    });
+  program
+    .command('curl')
+    .description('Run curl with API credential injection.')
+    .allowUnknownOption()
+    .allowExcessArguments()
+    .action(async (_options: unknown, command: { args: string[] }) => {
+      const curlArguments = command.args;
+      const url = extractUrlFromCurlArguments(curlArguments);
+      if (url === null) {
+        deps.errorLog('Error: Could not extract URL from curl arguments.');
+        deps.exit(1);
+      }
+      const service = deps.registry.getByUrl(url);
+      if (service === null) {
+        deps.errorLog(`Error: No service matches URL: ${url}`);
+        deps.exit(1);
+      }
+      const encryptedStorage = createEncryptedStorageFromConfig(deps.config);
+      const apiCredentialStore = new ApiCredentialStore(
+        deps.config.credentialStorePath,
+        encryptedStorage
+      );
+      let apiCredentials: ApiCredentials | null = apiCredentialStore.get(service.name);
+      if (apiCredentials === null) {
+        try {
+          apiCredentials = await service
+            .getSession()
+            .login(encryptedStorage, deps.config.browserStatePath);
+          apiCredentialStore.save(service.name, apiCredentials);
+        } catch (error) {
+          if (error instanceof LoginCancelledError) {
+            deps.errorLog('Login cancelled.');
+            deps.exit(1);
+          }
+          if (error instanceof LoginFailedError) {
+            deps.errorLog(error.message);
+            deps.exit(1);
+          }
+          throw error;
+        }
+      }
+      const allArguments = [...apiCredentials.asCurlArguments(), ...curlArguments];
+      const result = deps.runCurl(allArguments);
+      deps.exit(result.returncode);
+    });
+}