npm - lockbox-vault - Versions diffs - 1.0.0 - Mend

lockbox-vault 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (50) hide show

package/README.md +180 -0
package/dist/cli/env-utils.d.ts +46 -0
package/dist/cli/env-utils.d.ts.map +1 -0
package/dist/cli/env-utils.js +97 -0
package/dist/cli/env-utils.js.map +1 -0
package/dist/cli/helpers.d.ts +49 -0
package/dist/cli/helpers.d.ts.map +1 -0
package/dist/cli/helpers.js +168 -0
package/dist/cli/helpers.js.map +1 -0
package/dist/cli/index.d.ts +6 -0
package/dist/cli/index.d.ts.map +1 -0
package/dist/cli/index.js +728 -0
package/dist/cli/index.js.map +1 -0
package/dist/cli/session.d.ts +52 -0
package/dist/cli/session.d.ts.map +1 -0
package/dist/cli/session.js +188 -0
package/dist/cli/session.js.map +1 -0
package/dist/crypto/encryption.d.ts +32 -0
package/dist/crypto/encryption.d.ts.map +1 -0
package/dist/crypto/encryption.js +54 -0
package/dist/crypto/encryption.js.map +1 -0
package/dist/crypto/keyDerivation.d.ts +22 -0
package/dist/crypto/keyDerivation.d.ts.map +1 -0
package/dist/crypto/keyDerivation.js +47 -0
package/dist/crypto/keyDerivation.js.map +1 -0
package/dist/index.d.ts +3 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +35 -0
package/dist/index.js.map +1 -0
package/dist/mcp/audit.d.ts +31 -0
package/dist/mcp/audit.d.ts.map +1 -0
package/dist/mcp/audit.js +69 -0
package/dist/mcp/audit.js.map +1 -0
package/dist/mcp/server.d.ts +22 -0
package/dist/mcp/server.d.ts.map +1 -0
package/dist/mcp/server.js +189 -0
package/dist/mcp/server.js.map +1 -0
package/dist/types/index.d.ts +35 -0
package/dist/types/index.d.ts.map +1 -0
package/dist/types/index.js +5 -0
package/dist/types/index.js.map +1 -0
package/dist/vault/config.d.ts +29 -0
package/dist/vault/config.d.ts.map +1 -0
package/dist/vault/config.js +66 -0
package/dist/vault/config.js.map +1 -0
package/dist/vault/vault.d.ts +130 -0
package/dist/vault/vault.d.ts.map +1 -0
package/dist/vault/vault.js +296 -0
package/dist/vault/vault.js.map +1 -0
package/package.json +62 -0

package/README.md ADDED Viewed

@@ -0,0 +1,180 @@
+# Lockbox
+**Encrypted API key vault with MCP integration for AI coding tools.**
+Lockbox stores your API keys in an AES-256-GCM encrypted vault on your machine. Access them from the CLI, pipe them into scripts, or let AI coding agents (Claude Code, Cursor, Windsurf) retrieve secrets through the Model Context Protocol — without ever putting real keys in your codebase.
+## Quick Start
+```bash
+npm install -g lockbox-vault
+lockbox init                        # create your encrypted vault
+lockbox add openai API_KEY sk-...   # store a secret
+lockbox get openai API_KEY          # retrieve it
+```
+## Installation
+```bash
+npm install -g lockbox-vault
+```
+Requires Node.js 18+.
+## CLI Commands
+### Vault Lifecycle
+```bash
+lockbox init                # create a new encrypted vault
+lockbox unlock              # unlock with your master password (15-min session)
+lockbox lock                # lock the vault immediately
+lockbox status              # show vault info, lock state, key count
+lockbox doctor              # run health checks on the vault
+```
+### Secret Management
+```bash
+lockbox add openai API_KEY sk-abc123              # store a secret
+lockbox add stripe SECRET --project myapp         # organize by project
+lockbox add aws ACCESS_KEY                        # prompts for value (hidden)
+lockbox get openai API_KEY                        # print to stdout
+lockbox get openai API_KEY --copy                 # copy to clipboard (clears in 30s)
+lockbox remove openai API_KEY                     # delete (with confirmation)
+lockbox list                                      # show all keys (never values)
+lockbox list --project myapp                      # filter by project
+lockbox search stripe                             # search by name, service, or notes
+```
+### Import & Export
+```bash
+lockbox import .env                               # import from .env file
+lockbox import creds.json --project myapp         # import from JSON
+lockbox export > .env                             # export as .env format
+lockbox export --format json                      # export as JSON
+lockbox export --format shell >> ~/.bashrc        # export as shell exports
+```
+### Proxy Key System
+The proxy key system lets you commit `.env` files to git without exposing real secrets. Instead of actual values, your env file contains `lockbox://` references that are resolved at runtime.
+```bash
+# generate a .env.proxy file (safe to commit)
+lockbox proxy-init --project myapp
+# the generated file looks like:
+# OPENAI_API_KEY=lockbox://openai/API_KEY
+# STRIPE_SECRET_KEY=lockbox://stripe/SECRET_KEY
+# run your app with real values injected
+lockbox run --env-file .env.proxy "npm start"
+lockbox run --env-file .env.proxy "python app.py"
+```
+Non-proxy values (like `DATABASE_URL=postgresql://localhost/mydb`) are passed through unchanged.
+### Audit & Security
+```bash
+lockbox audit                                     # show last 50 audit entries
+lockbox audit --since 2025-01-01                  # filter by date
+lockbox audit -n 10                               # limit entries
+```
+## MCP Setup
+Lockbox exposes your vault to AI coding agents via the Model Context Protocol. The MCP server provides 6 tools: `store_secret`, `get_secret`, `list_secrets`, `delete_secret`, `export_env`, and `list_projects`.
+**Prerequisites:** Unlock your vault before using MCP tools:
+```bash
+lockbox unlock
+```
+### Claude Code
+Add to your project's `.mcp.json`:
+```json
+{
+  "mcpServers": {
+    "lockbox": {
+      "command": "npx",
+      "args": ["lockbox-mcp"]
+    }
+  }
+}
+```
+### Cursor
+Add to `.cursor/mcp.json` in your project root (or `~/.cursor/mcp.json` for global):
+```json
+{
+  "mcpServers": {
+    "lockbox": {
+      "command": "npx",
+      "args": ["lockbox-mcp"]
+    }
+  }
+}
+```
+### Windsurf
+Add to `~/.codeium/windsurf/mcp_config.json`:
+```json
+{
+  "mcpServers": {
+    "lockbox": {
+      "command": "npx",
+      "args": ["lockbox-mcp"]
+    }
+  }
+}
+```
+## Security Model
+| Layer | Implementation |
+|-------|---------------|
+| **Encryption** | AES-256-GCM with 12-byte random IV (fresh on every save) |
+| **Key Derivation** | Argon2id (64 MB memory, 3 iterations, 4 threads) |
+| **Integrity** | HMAC-SHA256 verified before decryption attempt |
+| **Session** | Derived key encrypted to temp file, auto-expires after 15 minutes |
+| **Rate Limiting** | 5 failed unlock attempts per 60s triggers 60s lockout |
+| **Audit Trail** | Append-only log of all operations (values never logged) |
+| **Clipboard** | Auto-clears after 30 seconds when using `--copy` |
+| **Memory** | Derived key zeroed on lock; secrets only in memory while unlocked |
+### Vault File Format
+The vault is a single encrypted JSON file at `~/.config/lockbox/vault.enc`:
+```
+{ salt, iv, tag, ciphertext, hmac }  (all base64-encoded)
+```
+The decrypted payload contains versioned key entries with per-key metadata (project, notes, timestamps, expiry).
+## Contributing
+Contributions are welcome! Please open an issue or submit a pull request on [GitHub](https://github.com/brentschroeter/lockbox).
+```bash
+git clone https://github.com/brentschroeter/lockbox.git
+cd lockbox
+npm install
+npm run build
+npm test
+```
+## License
+MIT

package/dist/cli/env-utils.d.ts ADDED Viewed

@@ -0,0 +1,46 @@
+/**
+ * Shared .env parsing, key-name conversion, and proxy URI utilities
+ */
+/** Proxy URI prefix */
+export declare const PROXY_PREFIX = "lockbox://";
+/**
+ * Convert a vault key name (e.g. "openai/API_KEY") to an env-style name.
+ * "openai/API_KEY" → "OPENAI_API_KEY"
+ */
+export declare function envKeyName(name: string): string;
+/**
+ * Split a key name into [service, keyName].
+ * If no "/" present, defaults to service "imported".
+ */
+export declare function splitKeyName(key: string): [string, string];
+/**
+ * Parse a .env file into key-value pairs.
+ * Supports: KEY=value, KEY="value", KEY='value'
+ * Skips blank lines and # comments.
+ */
+export declare function parseEnvFile(raw: string): {
+    key: string;
+    value: string;
+}[];
+/**
+ * Parse a JSON file into key-value pairs.
+ * Expects a flat { "KEY": "value" } object.
+ */
+export declare function parseJsonImport(raw: string): {
+    key: string;
+    value: string;
+}[];
+/**
+ * Parse a lockbox proxy URI: "lockbox://service/KEY_NAME"
+ * Returns { service, keyName } or null if the value is not a proxy URI.
+ */
+export declare function parseProxyUri(value: string): {
+    service: string;
+    keyName: string;
+} | null;
+/**
+ * Build a proxy URI from service and key name.
+ * "openai", "API_KEY" → "lockbox://openai/API_KEY"
+ */
+export declare function buildProxyUri(service: string, keyName: string): string;
+//# sourceMappingURL=env-utils.d.ts.map

package/dist/cli/env-utils.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"env-utils.d.ts","sourceRoot":"","sources":["../../src/cli/env-utils.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,uBAAuB;AACvB,eAAO,MAAM,YAAY,eAAe,CAAC;AAEzC;;;GAGG;AACH,wBAAgB,UAAU,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAE/C;AAED;;;GAGG;AACH,wBAAgB,YAAY,CAAC,GAAG,EAAE,MAAM,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAW1D;AAED;;;;GAIG;AACH,wBAAgB,YAAY,CAAC,GAAG,EAAE,MAAM,GAAG;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,EAAE,CA4B1E;AAED;;;GAGG;AACH,wBAAgB,eAAe,CAAC,GAAG,EAAE,MAAM,GAAG;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,EAAE,CAU7E;AAED;;;GAGG;AACH,wBAAgB,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG;IAAE,OAAO,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,CAgBxF;AAED;;;GAGG;AACH,wBAAgB,aAAa,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,MAAM,CAEtE"}

package/dist/cli/env-utils.js ADDED Viewed

@@ -0,0 +1,97 @@
+/**
+ * Shared .env parsing, key-name conversion, and proxy URI utilities
+ */
+/** Proxy URI prefix */
+export const PROXY_PREFIX = 'lockbox://';
+/**
+ * Convert a vault key name (e.g. "openai/API_KEY") to an env-style name.
+ * "openai/API_KEY" → "OPENAI_API_KEY"
+ */
+export function envKeyName(name) {
+    return name.replace(/\//g, '_').toUpperCase();
+}
+/**
+ * Split a key name into [service, keyName].
+ * If no "/" present, defaults to service "imported".
+ */
+export function splitKeyName(key) {
+    if (key.includes('/')) {
+        const idx = key.indexOf('/');
+        return [key.slice(0, idx), key.slice(idx + 1)];
+    }
+    // Best guess: split on first underscore for service (e.g. OPENAI_API_KEY → openai, API_KEY)
+    const parts = key.split('_');
+    if (parts.length >= 2) {
+        return [parts[0].toLowerCase(), parts.slice(1).join('_')];
+    }
+    return ['imported', key];
+}
+/**
+ * Parse a .env file into key-value pairs.
+ * Supports: KEY=value, KEY="value", KEY='value'
+ * Skips blank lines and # comments.
+ */
+export function parseEnvFile(raw) {
+    const entries = [];
+    for (const line of raw.split('\n')) {
+        const trimmed = line.trim();
+        // Skip empty lines and comments
+        if (!trimmed || trimmed.startsWith('#'))
+            continue;
+        // Skip lines without '='
+        const eqIdx = trimmed.indexOf('=');
+        if (eqIdx === -1)
+            continue;
+        const key = trimmed.slice(0, eqIdx).trim();
+        let value = trimmed.slice(eqIdx + 1).trim();
+        // Strip surrounding quotes
+        if ((value.startsWith('"') && value.endsWith('"')) ||
+            (value.startsWith("'") && value.endsWith("'"))) {
+            value = value.slice(1, -1);
+        }
+        if (key) {
+            entries.push({ key, value });
+        }
+    }
+    return entries;
+}
+/**
+ * Parse a JSON file into key-value pairs.
+ * Expects a flat { "KEY": "value" } object.
+ */
+export function parseJsonImport(raw) {
+    const obj = JSON.parse(raw);
+    if (typeof obj !== 'object' || obj === null || Array.isArray(obj)) {
+        throw new Error('JSON import expects a flat { "KEY": "value" } object');
+    }
+    return Object.entries(obj).map(([key, value]) => ({
+        key,
+        value: String(value),
+    }));
+}
+/**
+ * Parse a lockbox proxy URI: "lockbox://service/KEY_NAME"
+ * Returns { service, keyName } or null if the value is not a proxy URI.
+ */
+export function parseProxyUri(value) {
+    if (!value.startsWith(PROXY_PREFIX)) {
+        return null;
+    }
+    const path = value.slice(PROXY_PREFIX.length);
+    const slashIdx = path.indexOf('/');
+    if (slashIdx === -1 || slashIdx === 0 || slashIdx === path.length - 1) {
+        return null; // malformed: "lockbox://", "lockbox:///KEY", "lockbox://service/"
+    }
+    return {
+        service: path.slice(0, slashIdx),
+        keyName: path.slice(slashIdx + 1),
+    };
+}
+/**
+ * Build a proxy URI from service and key name.
+ * "openai", "API_KEY" → "lockbox://openai/API_KEY"
+ */
+export function buildProxyUri(service, keyName) {
+    return `${PROXY_PREFIX}${service}/${keyName}`;
+}
+//# sourceMappingURL=env-utils.js.map

package/dist/cli/env-utils.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"env-utils.js","sourceRoot":"","sources":["../../src/cli/env-utils.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,uBAAuB;AACvB,MAAM,CAAC,MAAM,YAAY,GAAG,YAAY,CAAC;AAEzC;;;GAGG;AACH,MAAM,UAAU,UAAU,CAAC,IAAY;IACrC,OAAO,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC;AAChD,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,YAAY,CAAC,GAAW;IACtC,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACtB,MAAM,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAC7B,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,GAAG,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;IACjD,CAAC;IACD,4FAA4F;IAC5F,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC7B,IAAI,KAAK,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QACtB,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5D,CAAC;IACD,OAAO,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;AAC3B,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,YAAY,CAAC,GAAW;IACtC,MAAM,OAAO,GAAqC,EAAE,CAAC;IAErD,KAAK,MAAM,IAAI,IAAI,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACnC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,gCAAgC;QAChC,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,SAAS;QAClD,yBAAyB;QACzB,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACnC,IAAI,KAAK,KAAK,CAAC,CAAC;YAAE,SAAS;QAE3B,MAAM,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,IAAI,EAAE,CAAC;QAC3C,IAAI,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAE5C,2BAA2B;QAC3B,IACE,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;YAC9C,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EAC9C,CAAC;YACD,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QAC7B,CAAC;QAED,IAAI,GAAG,EAAE,CAAC;YACR,OAAO,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,CAAC;QAC/B,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,eAAe,CAAC,GAAW;IACzC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC5B,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,IAAI,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAClE,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;IAC1E,CAAC;IAED,OAAO,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC;QAChD,GAAG;QACH,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC;KACrB,CAAC,CAAC,CAAC;AACN,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,aAAa,CAAC,KAAa;IACzC,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;QACpC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;IAC9C,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAEnC,IAAI,QAAQ,KAAK,CAAC,CAAC,IAAI,QAAQ,KAAK,CAAC,IAAI,QAAQ,KAAK,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtE,OAAO,IAAI,CAAC,CAAC,kEAAkE;IACjF,CAAC;IAED,OAAO;QACL,OAAO,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,QAAQ,CAAC;QAChC,OAAO,EAAE,IAAI,CAAC,KAAK,CAAC,QAAQ,GAAG,CAAC,CAAC;KAClC,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,aAAa,CAAC,OAAe,EAAE,OAAe;IAC5D,OAAO,GAAG,YAAY,GAAG,OAAO,IAAI,OAAO,EAAE,CAAC;AAChD,CAAC"}

package/dist/cli/helpers.d.ts ADDED Viewed

@@ -0,0 +1,49 @@
+/**
+ * CLI helper utilities — prompts, clipboard, table formatting, colours
+ */
+import chalk from 'chalk';
+/**
+ * Prompt for a password with hidden (muted) input.
+ */
+export declare function promptPassword(message: string): Promise<string>;
+/**
+ * Prompt for a password and confirm it matches.
+ * @returns The confirmed password
+ * @throws  If passwords don't match
+ */
+export declare function promptPasswordWithConfirm(): Promise<string>;
+/**
+ * Ask a yes/no confirmation question.
+ */
+export declare function promptConfirm(message: string): Promise<boolean>;
+/**
+ * Copy text to the system clipboard (platform-aware).
+ */
+export declare function copyToClipboard(text: string): Promise<void>;
+/**
+ * Copy value to clipboard and schedule auto-clear after N seconds.
+ * Keeps the process alive until the clipboard is cleared.
+ */
+export declare function copyAndScheduleClear(value: string, seconds: number): Promise<void>;
+/**
+ * Format data as a simple aligned table.
+ */
+export declare function formatTable(headers: string[], rows: string[][]): string;
+/**
+ * Print an error message and exit.
+ */
+export declare function exitWithError(message: string): never;
+/**
+ * Format an ISO date string as a short readable date.
+ */
+export declare function shortDate(iso: string | null): string;
+/**
+ * Prompt the user to choose from a set of options.
+ * Returns the key of the chosen option.
+ */
+export declare function promptChoice(message: string, choices: {
+    key: string;
+    label: string;
+}[]): Promise<string>;
+export { chalk };
+//# sourceMappingURL=helpers.d.ts.map

package/dist/cli/helpers.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"helpers.d.ts","sourceRoot":"","sources":["../../src/cli/helpers.ts"],"names":[],"mappings":"AAAA;;GAEG;AAMH,OAAO,KAAK,MAAM,OAAO,CAAC;AAI1B;;GAEG;AACH,wBAAsB,cAAc,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAuBrE;AAED;;;;GAIG;AACH,wBAAsB,yBAAyB,IAAI,OAAO,CAAC,MAAM,CAAC,CAajE;AAID;;GAEG;AACH,wBAAsB,aAAa,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAYrE;AAID;;GAEG;AACH,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAqB3D;AAED;;;GAGG;AACH,wBAAsB,oBAAoB,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAWxF;AAID;;GAEG;AACH,wBAAgB,WAAW,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,GAAG,MAAM,CAiBvE;AAID;;GAEG;AACH,wBAAgB,aAAa,CAAC,OAAO,EAAE,MAAM,GAAG,KAAK,CAGpD;AAID;;GAEG;AACH,wBAAgB,SAAS,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI,GAAG,MAAM,CAQpD;AAID;;;GAGG;AACH,wBAAsB,YAAY,CAChC,OAAO,EAAE,MAAM,EACf,OAAO,EAAE;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,EAAE,GACxC,OAAO,CAAC,MAAM,CAAC,CAiBjB;AAGD,OAAO,EAAE,KAAK,EAAE,CAAC"}

package/dist/cli/helpers.js ADDED Viewed

@@ -0,0 +1,168 @@
+/**
+ * CLI helper utilities — prompts, clipboard, table formatting, colours
+ */
+import { createInterface } from 'node:readline';
+import { Writable } from 'node:stream';
+import { exec } from 'node:child_process';
+import { platform } from 'node:os';
+import chalk from 'chalk';
+// ─── Password prompt (hidden input) ─────────────────────────────────────────
+/**
+ * Prompt for a password with hidden (muted) input.
+ */
+export async function promptPassword(message) {
+    // Create a muted output so readline doesn't echo typed characters
+    const muted = new Writable({
+        write(_chunk, _encoding, callback) {
+            callback();
+        },
+    });
+    const rl = createInterface({
+        input: process.stdin,
+        output: muted,
+        terminal: true,
+    });
+    process.stderr.write(message);
+    return new Promise((resolve) => {
+        rl.question('', (answer) => {
+            rl.close();
+            process.stderr.write('\n');
+            resolve(answer);
+        });
+    });
+}
+/**
+ * Prompt for a password and confirm it matches.
+ * @returns The confirmed password
+ * @throws  If passwords don't match
+ */
+export async function promptPasswordWithConfirm() {
+    const pw1 = await promptPassword(chalk.cyan('Enter master password: '));
+    const pw2 = await promptPassword(chalk.cyan('Confirm master password: '));
+    if (pw1 !== pw2) {
+        throw new Error('Passwords do not match');
+    }
+    if (pw1.length < 8) {
+        throw new Error('Password must be at least 8 characters');
+    }
+    return pw1;
+}
+// ─── Confirm prompt ──────────────────────────────────────────────────────────
+/**
+ * Ask a yes/no confirmation question.
+ */
+export async function promptConfirm(message) {
+    const rl = createInterface({
+        input: process.stdin,
+        output: process.stderr,
+    });
+    return new Promise((resolve) => {
+        rl.question(`${message} (y/N): `, (answer) => {
+            rl.close();
+            resolve(answer.toLowerCase() === 'y' || answer.toLowerCase() === 'yes');
+        });
+    });
+}
+// ─── Clipboard ───────────────────────────────────────────────────────────────
+/**
+ * Copy text to the system clipboard (platform-aware).
+ */
+export function copyToClipboard(text) {
+    return new Promise((resolve, reject) => {
+        const p = platform();
+        let cmd;
+        if (p === 'win32') {
+            cmd = 'clip';
+        }
+        else if (p === 'darwin') {
+            cmd = 'pbcopy';
+        }
+        else {
+            cmd = 'xclip -selection clipboard';
+        }
+        const child = exec(cmd, (err) => {
+            if (err)
+                reject(err);
+            else
+                resolve();
+        });
+        child.stdin?.write(text);
+        child.stdin?.end();
+    });
+}
+/**
+ * Copy value to clipboard and schedule auto-clear after N seconds.
+ * Keeps the process alive until the clipboard is cleared.
+ */
+export async function copyAndScheduleClear(value, seconds) {
+    await copyToClipboard(value);
+    process.stderr.write(chalk.green(`✓ Copied to clipboard. Auto-clearing in ${seconds}s...\n`));
+    return new Promise((resolve) => {
+        setTimeout(async () => {
+            await copyToClipboard('');
+            process.stderr.write(chalk.dim(`✓ Clipboard cleared.\n`));
+            resolve();
+        }, seconds * 1000);
+    });
+}
+// ─── Table formatting ────────────────────────────────────────────────────────
+/**
+ * Format data as a simple aligned table.
+ */
+export function formatTable(headers, rows) {
+    // Calculate column widths
+    const widths = headers.map((h, i) => Math.max(h.length, ...rows.map((r) => (r[i] || '').length)));
+    const divider = widths.map((w) => '─'.repeat(w + 2)).join('┼');
+    const headerLine = headers
+        .map((h, i) => chalk.bold(h.padEnd(widths[i])))
+        .join(' │ ');
+    const body = rows
+        .map((row) => row.map((cell, i) => (cell || '').padEnd(widths[i])).join(' │ '))
+        .join('\n');
+    return `${headerLine}\n${divider}\n${body}`;
+}
+// ─── Error formatting ────────────────────────────────────────────────────────
+/**
+ * Print an error message and exit.
+ */
+export function exitWithError(message) {
+    process.stderr.write(chalk.red(`✗ ${message}\n`));
+    process.exit(1);
+}
+// ─── Date formatting ─────────────────────────────────────────────────────────
+/**
+ * Format an ISO date string as a short readable date.
+ */
+export function shortDate(iso) {
+    if (!iso)
+        return '—';
+    const d = new Date(iso);
+    return d.toLocaleDateString('en-US', {
+        year: 'numeric',
+        month: 'short',
+        day: 'numeric',
+    });
+}
+// ─── Choice prompt ───────────────────────────────────────────────────────────
+/**
+ * Prompt the user to choose from a set of options.
+ * Returns the key of the chosen option.
+ */
+export async function promptChoice(message, choices) {
+    const rl = createInterface({
+        input: process.stdin,
+        output: process.stderr,
+    });
+    const optionStr = choices.map((c) => c.label).join('/');
+    return new Promise((resolve) => {
+        rl.question(`${message} (${optionStr}): `, (answer) => {
+            rl.close();
+            const lower = answer.toLowerCase().trim();
+            const match = choices.find((c) => c.key === lower || c.label.toLowerCase().startsWith(lower));
+            resolve(match ? match.key : choices[0].key);
+        });
+    });
+}
+// Re-export chalk for use in commands
+export { chalk };
+//# sourceMappingURL=helpers.js.map

package/dist/cli/helpers.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"helpers.js","sourceRoot":"","sources":["../../src/cli/helpers.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAChD,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACvC,OAAO,EAAE,IAAI,EAAE,MAAM,oBAAoB,CAAC;AAC1C,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AACnC,OAAO,KAAK,MAAM,OAAO,CAAC;AAE1B,+EAA+E;AAE/E;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,OAAe;IAClD,kEAAkE;IAClE,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC;QACzB,KAAK,CAAC,MAAM,EAAE,SAAS,EAAE,QAAQ;YAC/B,QAAQ,EAAE,CAAC;QACb,CAAC;KACF,CAAC,CAAC;IAEH,MAAM,EAAE,GAAG,eAAe,CAAC;QACzB,KAAK,EAAE,OAAO,CAAC,KAAK;QACpB,MAAM,EAAE,KAAK;QACb,QAAQ,EAAE,IAAI;KACf,CAAC,CAAC;IAEH,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAE9B,OAAO,IAAI,OAAO,CAAS,CAAC,OAAO,EAAE,EAAE;QACrC,EAAE,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC,MAAM,EAAE,EAAE;YACzB,EAAE,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAC3B,OAAO,CAAC,MAAM,CAAC,CAAC;QAClB,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,yBAAyB;IAC7C,MAAM,GAAG,GAAG,MAAM,cAAc,CAAC,KAAK,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC,CAAC;IACxE,MAAM,GAAG,GAAG,MAAM,cAAc,CAAC,KAAK,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC,CAAC;IAE1E,IAAI,GAAG,KAAK,GAAG,EAAE,CAAC;QAChB,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;IAC5C,CAAC;IAED,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACnB,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;IAC5D,CAAC;IAED,OAAO,GAAG,CAAC;AACb,CAAC;AAED,gFAAgF;AAEhF;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,OAAe;IACjD,MAAM,EAAE,GAAG,eAAe,CAAC;QACzB,KAAK,EAAE,OAAO,CAAC,KAAK;QACpB,MAAM,EAAE,OAAO,CAAC,MAAM;KACvB,CAAC,CAAC;IAEH,OAAO,IAAI,OAAO,CAAU,CAAC,OAAO,EAAE,EAAE;QACtC,EAAE,CAAC,QAAQ,CAAC,GAAG,OAAO,UAAU,EAAE,CAAC,MAAM,EAAE,EAAE;YAC3C,EAAE,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE,KAAK,GAAG,IAAI,MAAM,CAAC,WAAW,EAAE,KAAK,KAAK,CAAC,CAAC;QAC1E,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC;AAED,gFAAgF;AAEhF;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,IAAY;IAC1C,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,CAAC,GAAG,QAAQ,EAAE,CAAC;QACrB,IAAI,GAAW,CAAC;QAEhB,IAAI,CAAC,KAAK,OAAO,EAAE,CAAC;YAClB,GAAG,GAAG,MAAM,CAAC;QACf,CAAC;aAAM,IAAI,CAAC,KAAK,QAAQ,EAAE,CAAC;YAC1B,GAAG,GAAG,QAAQ,CAAC;QACjB,CAAC;aAAM,CAAC;YACN,GAAG,GAAG,4BAA4B,CAAC;QACrC,CAAC;QAED,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,GAAG,EAAE,EAAE;YAC9B,IAAI,GAAG;gBAAE,MAAM,CAAC,GAAG,CAAC,CAAC;;gBAChB,OAAO,EAAE,CAAC;QACjB,CAAC,CAAC,CAAC;QAEH,KAAK,CAAC,KAAK,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;QACzB,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,CAAC;IACrB,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CAAC,KAAa,EAAE,OAAe;IACvE,MAAM,eAAe,CAAC,KAAK,CAAC,CAAC;IAC7B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,2CAA2C,OAAO,QAAQ,CAAC,CAAC,CAAC;IAE9F,OAAO,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,EAAE;QACnC,UAAU,CAAC,KAAK,IAAI,EAAE;YACpB,MAAM,eAAe,CAAC,EAAE,CAAC,CAAC;YAC1B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAC,CAAC;YAC1D,OAAO,EAAE,CAAC;QACZ,CAAC,EAAE,OAAO,GAAG,IAAI,CAAC,CAAC;IACrB,CAAC,CAAC,CAAC;AACL,CAAC;AAED,gFAAgF;AAEhF;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,OAAiB,EAAE,IAAgB;IAC7D,0BAA0B;IAC1B,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAClC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAC5D,CAAC;IAEF,MAAM,OAAO,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC/D,MAAM,UAAU,GAAG,OAAO;SACvB,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;SAC9C,IAAI,CAAC,KAAK,CAAC,CAAC;IACf,MAAM,IAAI,GAAG,IAAI;SACd,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CACX,GAAG,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CACjE;SACA,IAAI,CAAC,IAAI,CAAC,CAAC;IAEd,OAAO,GAAG,UAAU,KAAK,OAAO,KAAK,IAAI,EAAE,CAAC;AAC9C,CAAC;AAED,gFAAgF;AAEhF;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,OAAe;IAC3C,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,OAAO,IAAI,CAAC,CAAC,CAAC;IAClD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC;AAED,gFAAgF;AAEhF;;GAEG;AACH,MAAM,UAAU,SAAS,CAAC,GAAkB;IAC1C,IAAI,CAAC,GAAG;QAAE,OAAO,GAAG,CAAC;IACrB,MAAM,CAAC,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC;IACxB,OAAO,CAAC,CAAC,kBAAkB,CAAC,OAAO,EAAE;QACnC,IAAI,EAAE,SAAS;QACf,KAAK,EAAE,OAAO;QACd,GAAG,EAAE,SAAS;KACf,CAAC,CAAC;AACL,CAAC;AAED,gFAAgF;AAEhF;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,OAAe,EACf,OAAyC;IAEzC,MAAM,EAAE,GAAG,eAAe,CAAC;QACzB,KAAK,EAAE,OAAO,CAAC,KAAK;QACpB,MAAM,EAAE,OAAO,CAAC,MAAM;KACvB,CAAC,CAAC;IAEH,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACxD,OAAO,IAAI,OAAO,CAAS,CAAC,OAAO,EAAE,EAAE;QACrC,EAAE,CAAC,QAAQ,CAAC,GAAG,OAAO,KAAK,SAAS,KAAK,EAAE,CAAC,MAAM,EAAE,EAAE;YACpD,EAAE,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,KAAK,GAAG,MAAM,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,CAAC;YAC1C,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,CACxB,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,KAAK,IAAI,CAAC,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,KAAK,CAAC,CAClE,CAAC;YACF,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QAC9C,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC;AAED,sCAAsC;AACtC,OAAO,EAAE,KAAK,EAAE,CAAC"}

package/dist/cli/index.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+/**
+ * CLI command registration — wires up all lockbox commands
+ */
+import type { Command } from 'commander';
+export declare function registerCommands(program: Command): void;
+//# sourceMappingURL=index.d.ts.map

package/dist/cli/index.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/cli/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAKH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AA+CzC,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CA4xBvD"}