locker-cli 0.1.0

package/dist/commands/login.js

@@ -0,0 +1,87 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.loginCommand = loginCommand;
+const node_readline_1 = __importDefault(require("node:readline"));
+const config_1 = require("../auth/config");
+const client_1 = require("../auth/client");
+function prompt(question, hidden = false) {
+    const rl = node_readline_1.default.createInterface({
+        input: process.stdin,
+        output: process.stdout,
+    });
+    return new Promise((resolve) => {
+        if (hidden && process.stdin.isTTY) {
+            // Hide password input
+            process.stdout.write(question);
+            const stdin = process.stdin;
+            stdin.setRawMode(true);
+            stdin.resume();
+            stdin.setEncoding("utf8");
+            let input = "";
+            const onData = (ch) => {
+                if (ch === "\n" || ch === "\r" || ch === "\u0004") {
+                    stdin.setRawMode(false);
+                    stdin.removeListener("data", onData);
+                    stdin.pause();
+                    rl.close();
+                    process.stdout.write("\n");
+                    resolve(input);
+                }
+                else if (ch === "\u0003") {
+                    // Ctrl-C
+                    process.exit(0);
+                }
+                else if (ch === "\u007F" || ch === "\b") {
+                    // Backspace
+                    if (input.length > 0) {
+                        input = input.slice(0, -1);
+                    }
+                }
+                else {
+                    input += ch;
+                }
+            };
+            stdin.on("data", onData);
+        }
+        else {
+            rl.question(question, (answer) => {
+                rl.close();
+                resolve(answer);
+            });
+        }
+    });
+}
+async function loginCommand(options) {
+    const apiUrl = options.api || (0, client_1.getDefaultApiUrl)();
+    const isRegister = options.register || false;
+    console.log(isRegister ? "Create a new Locker account" : "Log in to Locker");
+    console.log();
+    const email = await prompt("Email: ");
+    const password = await prompt("Password: ", true);
+    if (!email || !password) {
+        console.error("Email and password are required.");
+        process.exit(1);
+    }
+    if (isRegister && password.length < 8) {
+        console.error("Password must be at least 8 characters.");
+        process.exit(1);
+    }
+    const endpoint = isRegister ? "/auth/register" : "/auth/login";
+    const res = await (0, client_1.authRequest)("POST", endpoint, apiUrl, { email, password });
+    if (!res.ok) {
+        console.error(res.data.error || "Authentication failed.");
+        process.exit(1);
+    }
+    (0, config_1.writeConfig)({
+        token: res.data.token,
+        email: res.data.user.email,
+        apiUrl,
+    });
+    console.log();
+    console.log(`Logged in as ${res.data.user.email}`);
+    console.log("Token stored in ~/.locker/config");
+}
+//# sourceMappingURL=login.js.map

package/dist/commands/login.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"login.js","sourceRoot":"","sources":["../../src/commands/login.ts"],"names":[],"mappings":";;;;;AAkDA,oCA0CC;AA5FD,kEAAqC;AACrC,2CAA6C;AAC7C,2CAA+D;AAE/D,SAAS,MAAM,CAAC,QAAgB,EAAE,MAAM,GAAG,KAAK;IAC9C,MAAM,EAAE,GAAG,uBAAQ,CAAC,eAAe,CAAC;QAClC,KAAK,EAAE,OAAO,CAAC,KAAK;QACpB,MAAM,EAAE,OAAO,CAAC,MAAM;KACvB,CAAC,CAAC;IAEH,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC7B,IAAI,MAAM,IAAI,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;YAClC,sBAAsB;YACtB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;YAC/B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;YAC5B,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;YACvB,KAAK,CAAC,MAAM,EAAE,CAAC;YACf,KAAK,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;YAE1B,IAAI,KAAK,GAAG,EAAE,CAAC;YACf,MAAM,MAAM,GAAG,CAAC,EAAU,EAAE,EAAE;gBAC5B,IAAI,EAAE,KAAK,IAAI,IAAI,EAAE,KAAK,IAAI,IAAI,EAAE,KAAK,QAAQ,EAAE,CAAC;oBAClD,KAAK,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;oBACxB,KAAK,CAAC,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;oBACrC,KAAK,CAAC,KAAK,EAAE,CAAC;oBACd,EAAE,CAAC,KAAK,EAAE,CAAC;oBACX,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;oBAC3B,OAAO,CAAC,KAAK,CAAC,CAAC;gBACjB,CAAC;qBAAM,IAAI,EAAE,KAAK,QAAQ,EAAE,CAAC;oBAC3B,SAAS;oBACT,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;gBAClB,CAAC;qBAAM,IAAI,EAAE,KAAK,QAAQ,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC;oBAC1C,YAAY;oBACZ,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;wBACrB,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;oBAC7B,CAAC;gBACH,CAAC;qBAAM,CAAC;oBACN,KAAK,IAAI,EAAE,CAAC;gBACd,CAAC;YACH,CAAC,CAAC;YACF,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAC3B,CAAC;aAAM,CAAC;YACN,EAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC,MAAM,EAAE,EAAE;gBAC/B,EAAE,CAAC,KAAK,EAAE,CAAC;gBACX,OAAO,CAAC,MAAM,CAAC,CAAC;YAClB,CAAC,CAAC,CAAC;QACL,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC;AAEM,KAAK,UAAU,YAAY,CAAC,OAA6C;IAC9E,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,IAAI,IAAA,yBAAgB,GAAE,CAAC;IACjD,MAAM,UAAU,GAAG,OAAO,CAAC,QAAQ,IAAI,KAAK,CAAC;IAE7C,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,6BAA6B,CAAC,CAAC,CAAC,kBAAkB,CAAC,CAAC;IAC7E,OAAO,CAAC,GAAG,EAAE,CAAC;IAEd,MAAM,KAAK,GAAG,MAAM,MAAM,CAAC,SAAS,CAAC,CAAC;IACtC,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,YAAY,EAAE,IAAI,CAAC,CAAC;IAElD,IAAI,CAAC,KAAK,IAAI,CAAC,QAAQ,EAAE,CAAC;QACxB,OAAO,CAAC,KAAK,CAAC,kCAAkC,CAAC,CAAC;QAClD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,IAAI,UAAU,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtC,OAAO,CAAC,KAAK,CAAC,yCAAyC,CAAC,CAAC;QACzD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,QAAQ,GAAG,UAAU,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,aAAa,CAAC;IAC/D,MAAM,GAAG,GAAG,MAAM,IAAA,oBAAW,EAC3B,MAAM,EACN,QAAQ,EACR,MAAM,EACN,EAAE,KAAK,EAAE,QAAQ,EAAE,CACpB,CAAC;IAEF,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,IAAI,wBAAwB,CAAC,CAAC;QAC1D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,IAAA,oBAAW,EAAC;QACV,KAAK,EAAE,GAAG,CAAC,IAAI,CAAC,KAAK;QACrB,KAAK,EAAE,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK;QAC1B,MAAM;KACP,CAAC,CAAC;IAEH,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,gBAAgB,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;IACnD,OAAO,CAAC,GAAG,CAAC,kCAAkC,CAAC,CAAC;AAClD,CAAC"}

package/dist/commands/logout.d.ts

@@ -0,0 +1 @@
+export declare function logoutCommand(): void;

package/dist/commands/logout.js

@@ -0,0 +1,15 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.logoutCommand = logoutCommand;
+const config_1 = require("../auth/config");
+function logoutCommand() {
+    const config = (0, config_1.readConfig)();
+    (0, config_1.clearConfig)();
+    if (config) {
+        console.log(`Logged out (${config.email}). Token cleared.`);
+    }
+    else {
+        console.log("Already logged out.");
+    }
+}
+//# sourceMappingURL=logout.js.map

package/dist/commands/logout.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"logout.js","sourceRoot":"","sources":["../../src/commands/logout.ts"],"names":[],"mappings":";;AAEA,sCASC;AAXD,2CAAyD;AAEzD,SAAgB,aAAa;IAC3B,MAAM,MAAM,GAAG,IAAA,mBAAU,GAAE,CAAC;IAC5B,IAAA,oBAAW,GAAE,CAAC;IAEd,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,CAAC,GAAG,CAAC,eAAe,MAAM,CAAC,KAAK,mBAAmB,CAAC,CAAC;IAC9D,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;IACrC,CAAC;AACH,CAAC"}

package/dist/commands/mcp.d.ts

@@ -0,0 +1,2 @@
+export declare function mcpInstallCommand(): void;
+export declare function mcpUninstallCommand(): void;

package/dist/commands/mcp.js

@@ -0,0 +1,83 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.mcpInstallCommand = mcpInstallCommand;
+exports.mcpUninstallCommand = mcpUninstallCommand;
+const node_fs_1 = __importDefault(require("node:fs"));
+const node_path_1 = __importDefault(require("node:path"));
+const node_os_1 = __importDefault(require("node:os"));
+const TARGETS = {
+    claude: node_path_1.default.join(node_os_1.default.homedir(), ".claude", "claude_desktop_config.json"),
+    cursor: node_path_1.default.join(node_os_1.default.homedir(), ".cursor", "mcp.json"),
+};
+function getMcpEntry() {
+    // Use the published npm package — npx resolves it globally
+    return { command: "npx", args: ["locker-mcp-server"] };
+}
+function installToTarget(name, configPath) {
+    const dir = node_path_1.default.dirname(configPath);
+    if (!node_fs_1.default.existsSync(dir)) {
+        node_fs_1.default.mkdirSync(dir, { recursive: true });
+    }
+    let config = {};
+    if (node_fs_1.default.existsSync(configPath)) {
+        try {
+            config = JSON.parse(node_fs_1.default.readFileSync(configPath, "utf8"));
+        }
+        catch {
+            console.error(`  Could not parse ${configPath}`);
+            return false;
+        }
+    }
+    if (!config.mcpServers) {
+        config.mcpServers = {};
+    }
+    const entry = getMcpEntry();
+    config.mcpServers.locker = entry;
+    node_fs_1.default.writeFileSync(configPath, JSON.stringify(config, null, 2) + "\n");
+    console.log(`  ✓ ${name} — ${configPath}`);
+    return true;
+}
+function mcpInstallCommand() {
+    console.log("Installing Locker MCP server...\n");
+    let installed = 0;
+    for (const [name, configPath] of Object.entries(TARGETS)) {
+        const dir = node_path_1.default.dirname(configPath);
+        // Only install if the tool's config directory exists (tool is installed)
+        if (node_fs_1.default.existsSync(dir) || name === "claude") {
+            if (installToTarget(name, configPath))
+                installed++;
+        }
+    }
+    if (installed === 0) {
+        console.log("No supported AI tools detected.");
+        console.log("Manually add to your tool's MCP config:");
+        const entry = getMcpEntry();
+        console.log(JSON.stringify({ locker: entry }, null, 2));
+    }
+    else {
+        console.log(`\nDone. Restart your AI tool to activate.`);
+    }
+}
+function mcpUninstallCommand() {
+    console.log("Removing Locker MCP server...\n");
+    for (const [name, configPath] of Object.entries(TARGETS)) {
+        if (!node_fs_1.default.existsSync(configPath))
+            continue;
+        try {
+            const config = JSON.parse(node_fs_1.default.readFileSync(configPath, "utf8"));
+            if (config.mcpServers?.locker) {
+                delete config.mcpServers.locker;
+                node_fs_1.default.writeFileSync(configPath, JSON.stringify(config, null, 2) + "\n");
+                console.log(`  ✓ Removed from ${name}`);
+            }
+        }
+        catch {
+            // Skip
+        }
+    }
+    console.log("\nDone.");
+}
+//# sourceMappingURL=mcp.js.map

package/dist/commands/mcp.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcp.js","sourceRoot":"","sources":["../../src/commands/mcp.ts"],"names":[],"mappings":";;;;;AA+CA,8CAoBC;AAED,kDAiBC;AAtFD,sDAAyB;AACzB,0DAA6B;AAC7B,sDAAyB;AAOzB,MAAM,OAAO,GAA2B;IACtC,MAAM,EAAE,mBAAI,CAAC,IAAI,CAAC,iBAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,4BAA4B,CAAC;IACxE,MAAM,EAAE,mBAAI,CAAC,IAAI,CAAC,iBAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,UAAU,CAAC;CACvD,CAAC;AAEF,SAAS,WAAW;IAClB,2DAA2D;IAC3D,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,mBAAmB,CAAC,EAAE,CAAC;AACzD,CAAC;AAED,SAAS,eAAe,CAAC,IAAY,EAAE,UAAkB;IACvD,MAAM,GAAG,GAAG,mBAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IACrC,IAAI,CAAC,iBAAE,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACxB,iBAAE,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACzC,CAAC;IAED,IAAI,MAAM,GAAc,EAAE,CAAC;IAC3B,IAAI,iBAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC9B,IAAI,CAAC;YACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,iBAAE,CAAC,YAAY,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC;QAC3D,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,CAAC,KAAK,CAAC,qBAAqB,UAAU,EAAE,CAAC,CAAC;YACjD,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;QACvB,MAAM,CAAC,UAAU,GAAG,EAAE,CAAC;IACzB,CAAC;IAED,MAAM,KAAK,GAAG,WAAW,EAAE,CAAC;IAC5B,MAAM,CAAC,UAAU,CAAC,MAAM,GAAG,KAAK,CAAC;IAEjC,iBAAE,CAAC,aAAa,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;IACrE,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,MAAM,UAAU,EAAE,CAAC,CAAC;IAC3C,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAgB,iBAAiB;IAC/B,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC;IAEjD,IAAI,SAAS,GAAG,CAAC,CAAC;IAClB,KAAK,MAAM,CAAC,IAAI,EAAE,UAAU,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QACzD,MAAM,GAAG,GAAG,mBAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QACrC,yEAAyE;QACzE,IAAI,iBAAE,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC5C,IAAI,eAAe,CAAC,IAAI,EAAE,UAAU,CAAC;gBAAE,SAAS,EAAE,CAAC;QACrD,CAAC;IACH,CAAC;IAED,IAAI,SAAS,KAAK,CAAC,EAAE,CAAC;QACpB,OAAO,CAAC,GAAG,CAAC,iCAAiC,CAAC,CAAC;QAC/C,OAAO,CAAC,GAAG,CAAC,yCAAyC,CAAC,CAAC;QACvD,MAAM,KAAK,GAAG,WAAW,EAAE,CAAC;QAC5B,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAC1D,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,2CAA2C,CAAC,CAAC;IAC3D,CAAC;AACH,CAAC;AAED,SAAgB,mBAAmB;IACjC,OAAO,CAAC,GAAG,CAAC,iCAAiC,CAAC,CAAC;IAE/C,KAAK,MAAM,CAAC,IAAI,EAAE,UAAU,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QACzD,IAAI,CAAC,iBAAE,CAAC,UAAU,CAAC,UAAU,CAAC;YAAE,SAAS;QACzC,IAAI,CAAC;YACH,MAAM,MAAM,GAAc,IAAI,CAAC,KAAK,CAAC,iBAAE,CAAC,YAAY,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC;YAC1E,IAAI,MAAM,CAAC,UAAU,EAAE,MAAM,EAAE,CAAC;gBAC9B,OAAO,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC;gBAChC,iBAAE,CAAC,aAAa,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;gBACrE,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,EAAE,CAAC,CAAC;YAC1C,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,OAAO;QACT,CAAC;IACH,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;AACzB,CAAC"}

package/dist/commands/revoke.d.ts

@@ -0,0 +1 @@
+export declare function revokeCommand(service: string): Promise<void>;

package/dist/commands/revoke.js

@@ -0,0 +1,19 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.revokeCommand = revokeCommand;
+const config_1 = require("../auth/config");
+const client_1 = require("../auth/client");
+async function revokeCommand(service) {
+    const config = (0, config_1.requireAuth)();
+    const res = await (0, client_1.apiRequest)("DELETE", `/keys/${encodeURIComponent(service)}`, config);
+    if (!res.ok) {
+        if (res.status === 404) {
+            console.error(`No key found for service: ${service}`);
+            process.exit(1);
+        }
+        console.error(res.data.error || "Failed to revoke key.");
+        process.exit(1);
+    }
+    console.log(`Key revoked for ${service}`);
+}
+//# sourceMappingURL=revoke.js.map

package/dist/commands/revoke.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"revoke.js","sourceRoot":"","sources":["../../src/commands/revoke.ts"],"names":[],"mappings":";;AAGA,sCAmBC;AAtBD,2CAA6C;AAC7C,2CAA4C;AAErC,KAAK,UAAU,aAAa,CAAC,OAAe;IACjD,MAAM,MAAM,GAAG,IAAA,oBAAW,GAAE,CAAC;IAE7B,MAAM,GAAG,GAAG,MAAM,IAAA,mBAAU,EAC1B,QAAQ,EACR,SAAS,kBAAkB,CAAC,OAAO,CAAC,EAAE,EACtC,MAAM,CACP,CAAC;IAEF,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YACvB,OAAO,CAAC,KAAK,CAAC,6BAA6B,OAAO,EAAE,CAAC,CAAC;YACtD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,IAAI,uBAAuB,CAAC,CAAC;QACzD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,mBAAmB,OAAO,EAAE,CAAC,CAAC;AAC5C,CAAC"}

package/dist/commands/set.d.ts

@@ -0,0 +1 @@
+export declare function setCommand(service: string, key: string): Promise<void>;

package/dist/commands/set.js

@@ -0,0 +1,15 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.setCommand = setCommand;
+const config_1 = require("../auth/config");
+const client_1 = require("../auth/client");
+async function setCommand(service, key) {
+    const config = (0, config_1.requireAuth)();
+    const res = await (0, client_1.apiRequest)("POST", "/keys", config, { service, key });
+    if (!res.ok) {
+        console.error(res.data.error || "Failed to store key.");
+        process.exit(1);
+    }
+    console.log(`Key stored for ${service}`);
+}
+//# sourceMappingURL=set.js.map

package/dist/commands/set.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"set.js","sourceRoot":"","sources":["../../src/commands/set.ts"],"names":[],"mappings":";;AAGA,gCAgBC;AAnBD,2CAA6C;AAC7C,2CAA4C;AAErC,KAAK,UAAU,UAAU,CAAC,OAAe,EAAE,GAAW;IAC3D,MAAM,MAAM,GAAG,IAAA,oBAAW,GAAE,CAAC;IAE7B,MAAM,GAAG,GAAG,MAAM,IAAA,mBAAU,EAC1B,MAAM,EACN,OAAO,EACP,MAAM,EACN,EAAE,OAAO,EAAE,GAAG,EAAE,CACjB,CAAC;IAEF,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,IAAI,sBAAsB,CAAC,CAAC;QACxD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,kBAAkB,OAAO,EAAE,CAAC,CAAC;AAC3C,CAAC"}

package/dist/commands/whoami.d.ts

@@ -0,0 +1 @@
+export declare function whoamiCommand(): void;

package/dist/commands/whoami.js

@@ -0,0 +1,9 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.whoamiCommand = whoamiCommand;
+const config_1 = require("../auth/config");
+function whoamiCommand() {
+    const config = (0, config_1.requireAuth)();
+    console.log(config.email);
+}
+//# sourceMappingURL=whoami.js.map

package/dist/commands/whoami.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"whoami.js","sourceRoot":"","sources":["../../src/commands/whoami.ts"],"names":[],"mappings":";;AAEA,sCAGC;AALD,2CAA6C;AAE7C,SAAgB,aAAa;IAC3B,MAAM,MAAM,GAAG,IAAA,oBAAW,GAAE,CAAC;IAC7B,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAC5B,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};

package/dist/index.js

@@ -0,0 +1,61 @@
+#!/usr/bin/env node
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const commander_1 = require("commander");
+const login_1 = require("./commands/login");
+const logout_1 = require("./commands/logout");
+const whoami_1 = require("./commands/whoami");
+const get_1 = require("./commands/get");
+const set_1 = require("./commands/set");
+const list_1 = require("./commands/list");
+const revoke_1 = require("./commands/revoke");
+const mcp_1 = require("./commands/mcp");
+const program = new commander_1.Command();
+program
+    .name("locker")
+    .description("Secure API credential manager for AI agents")
+    .version("0.1.0");
+program
+    .command("login")
+    .description("Log in to Locker")
+    .option("--register", "Create a new account")
+    .option("--api <url>", "API server URL")
+    .action(login_1.loginCommand);
+program
+    .command("logout")
+    .description("Log out and clear stored token")
+    .action(logout_1.logoutCommand);
+program
+    .command("whoami")
+    .description("Show the currently logged-in user")
+    .action(whoami_1.whoamiCommand);
+program
+    .command("get <service>")
+    .description("Retrieve an API key (prints to stdout)")
+    .option("--agent <name>", "Agent identifier for audit log")
+    .action(get_1.getCommand);
+program
+    .command("set <service> <key>")
+    .description("Store an API key")
+    .action(set_1.setCommand);
+program
+    .command("list")
+    .description("List all stored services")
+    .action(list_1.listCommand);
+program
+    .command("revoke <service>")
+    .description("Delete a stored API key")
+    .action(revoke_1.revokeCommand);
+const mcp = program
+    .command("mcp")
+    .description("Manage the Locker MCP server");
+mcp
+    .command("install")
+    .description("Install Locker MCP server into Claude Code, Cursor, etc.")
+    .action(mcp_1.mcpInstallCommand);
+mcp
+    .command("uninstall")
+    .description("Remove Locker MCP server from AI tools")
+    .action(mcp_1.mcpUninstallCommand);
+program.parse();
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;AAEA,yCAAoC;AACpC,4CAAgD;AAChD,8CAAkD;AAClD,8CAAkD;AAClD,wCAA4C;AAC5C,wCAA4C;AAC5C,0CAA8C;AAC9C,8CAAkD;AAClD,wCAAwE;AAExE,MAAM,OAAO,GAAG,IAAI,mBAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,QAAQ,CAAC;KACd,WAAW,CAAC,6CAA6C,CAAC;KAC1D,OAAO,CAAC,OAAO,CAAC,CAAC;AAEpB,OAAO;KACJ,OAAO,CAAC,OAAO,CAAC;KAChB,WAAW,CAAC,kBAAkB,CAAC;KAC/B,MAAM,CAAC,YAAY,EAAE,sBAAsB,CAAC;KAC5C,MAAM,CAAC,aAAa,EAAE,gBAAgB,CAAC;KACvC,MAAM,CAAC,oBAAY,CAAC,CAAC;AAExB,OAAO;KACJ,OAAO,CAAC,QAAQ,CAAC;KACjB,WAAW,CAAC,gCAAgC,CAAC;KAC7C,MAAM,CAAC,sBAAa,CAAC,CAAC;AAEzB,OAAO;KACJ,OAAO,CAAC,QAAQ,CAAC;KACjB,WAAW,CAAC,mCAAmC,CAAC;KAChD,MAAM,CAAC,sBAAa,CAAC,CAAC;AAEzB,OAAO;KACJ,OAAO,CAAC,eAAe,CAAC;KACxB,WAAW,CAAC,wCAAwC,CAAC;KACrD,MAAM,CAAC,gBAAgB,EAAE,gCAAgC,CAAC;KAC1D,MAAM,CAAC,gBAAU,CAAC,CAAC;AAEtB,OAAO;KACJ,OAAO,CAAC,qBAAqB,CAAC;KAC9B,WAAW,CAAC,kBAAkB,CAAC;KAC/B,MAAM,CAAC,gBAAU,CAAC,CAAC;AAEtB,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,0BAA0B,CAAC;KACvC,MAAM,CAAC,kBAAW,CAAC,CAAC;AAEvB,OAAO;KACJ,OAAO,CAAC,kBAAkB,CAAC;KAC3B,WAAW,CAAC,yBAAyB,CAAC;KACtC,MAAM,CAAC,sBAAa,CAAC,CAAC;AAEzB,MAAM,GAAG,GAAG,OAAO;KAChB,OAAO,CAAC,KAAK,CAAC;KACd,WAAW,CAAC,8BAA8B,CAAC,CAAC;AAE/C,GAAG;KACA,OAAO,CAAC,SAAS,CAAC;KAClB,WAAW,CAAC,0DAA0D,CAAC;KACvE,MAAM,CAAC,uBAAiB,CAAC,CAAC;AAE7B,GAAG;KACA,OAAO,CAAC,WAAW,CAAC;KACpB,WAAW,CAAC,wCAAwC,CAAC;KACrD,MAAM,CAAC,yBAAmB,CAAC,CAAC;AAE/B,OAAO,CAAC,KAAK,EAAE,CAAC"}

package/package.json

@@ -0,0 +1,26 @@
+{
+  "name": "locker-cli",
+  "version": "0.1.0",
+  "description": "CLI for Locker — secure API credential manager for AI agents",
+  "main": "dist/index.js",
+  "bin": {
+    "locker": "dist/index.js"
+  },
+  "scripts": {
+    "dev": "tsx src/index.ts",
+    "build": "tsc",
+    "start": "node dist/index.js",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "lint": "tsc --noEmit"
+  },
+  "dependencies": {
+    "commander": "^12.1.0"
+  },
+  "devDependencies": {
+    "@types/node": "^22.0.0",
+    "tsx": "^4.19.0",
+    "typescript": "^5.6.0",
+    "vitest": "^2.1.0"
+  }
+}

package/src/auth/client.ts

@@ -0,0 +1,86 @@
+import { LockerConfig } from "./config";
+
+const DEFAULT_API_URL = "http://localhost:3001";
+
+export interface ApiResponse<T = any> {
+  ok: boolean;
+  status: number;
+  data: T & { error?: string };
+}
+
+/**
+ * Makes an authenticated request to the Locker API.
+ * Handles common error cases (expired token, network, not found).
+ */
+export async function apiRequest<T = any>(
+  method: string,
+  path: string,
+  config: LockerConfig,
+  body?: Record<string, any>,
+  headers?: Record<string, string>
+): Promise<ApiResponse<T>> {
+  const url = `${config.apiUrl}${path}`;
+  const reqHeaders: Record<string, string> = {
+    "Content-Type": "application/json",
+    Authorization: `Bearer ${config.token}`,
+    ...headers,
+  };
+
+  try {
+    const res = await fetch(url, {
+      method,
+      headers: reqHeaders,
+      body: body ? JSON.stringify(body) : undefined,
+    });
+
+    const data = await res.json().catch(() => ({}));
+
+    if (res.status === 401) {
+      console.error("Session expired. Run: locker login");
+      process.exit(1);
+    }
+
+    return { ok: res.ok, status: res.status, data: data as T & { error?: string } };
+  } catch (err: any) {
+    if (err.cause?.code === "ECONNREFUSED" || err.message?.includes("fetch failed")) {
+      console.error(`Cannot connect to Locker API at ${config.apiUrl}`);
+      console.error("Is the server running?");
+      process.exit(1);
+    }
+    throw err;
+  }
+}
+
+/**
+ * Makes an unauthenticated request (for login/register).
+ */
+export async function authRequest<T = any>(
+  method: string,
+  path: string,
+  apiUrl: string,
+  body: Record<string, any>
+): Promise<ApiResponse<T>> {
+  const url = `${apiUrl}${path}`;
+
+  try {
+    const res = await fetch(url, {
+      method,
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify(body),
+    });
+
+    const data = await res.json().catch(() => ({}));
+    return { ok: res.ok, status: res.status, data: data as T & { error?: string } };
+  } catch (err: any) {
+    if (err.cause?.code === "ECONNREFUSED" || err.message?.includes("fetch failed")) {
+      console.error(`Cannot connect to Locker API at ${apiUrl}`);
+      console.error("Is the server running?");
+      process.exit(1);
+    }
+    throw err;
+  }
+}
+
+export function getDefaultApiUrl(): string {
+  return process.env.LOCKER_API_URL || DEFAULT_API_URL;
+}

package/src/auth/config.test.ts

@@ -0,0 +1,78 @@
+import { describe, it, expect, beforeEach, afterEach } from "vitest";
+import fs from "node:fs";
+import path from "node:path";
+import os from "node:os";
+import { readConfig, writeConfig, clearConfig, LockerConfig } from "./config";
+
+// Use a temp directory to avoid touching the real ~/.locker
+const ORIGINAL_HOME = os.homedir();
+let tmpDir: string;
+
+beforeEach(() => {
+  tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), "locker-test-"));
+  // Override HOME so ~/.locker resolves to tmpDir/.locker
+  process.env.HOME = tmpDir;
+  // The config module uses os.homedir() which caches, so we need to
+  // re-import or monkey-patch. Instead, we test the functions with
+  // a direct approach by creating the expected paths.
+});
+
+afterEach(() => {
+  process.env.HOME = ORIGINAL_HOME;
+  fs.rmSync(tmpDir, { recursive: true, force: true });
+});
+
+// Since os.homedir() caches the HOME env at import time, we test
+// the config read/write logic by directly operating on files in the
+// expected location. The actual config module is tested via the CLI
+// integration tests. Here we test the serialization logic.
+
+describe("config serialization", () => {
+  it("writeConfig creates a valid JSON file", () => {
+    const configDir = path.join(tmpDir, ".locker");
+    const configFile = path.join(configDir, "config");
+
+    // Manually create what writeConfig does
+    fs.mkdirSync(configDir, { mode: 0o700 });
+    const config: LockerConfig = {
+      token: "jwt-token-123",
+      email: "test@example.com",
+      apiUrl: "http://localhost:3001",
+    };
+    fs.writeFileSync(configFile, JSON.stringify(config, null, 2), {
+      mode: 0o600,
+    });
+
+    // Verify
+    const raw = fs.readFileSync(configFile, "utf8");
+    const parsed = JSON.parse(raw);
+    expect(parsed.token).toBe("jwt-token-123");
+    expect(parsed.email).toBe("test@example.com");
+    expect(parsed.apiUrl).toBe("http://localhost:3001");
+
+    // Verify permissions (owner-only)
+    const stat = fs.statSync(configFile);
+    const mode = stat.mode & 0o777;
+    expect(mode).toBe(0o600);
+  });
+
+  it("config file is valid JSON roundtrip", () => {
+    const config: LockerConfig = {
+      token: "eyJhbGciOiJIUzI1NiJ9.test",
+      email: "user@locker.dev",
+      apiUrl: "https://api.locker.dev",
+    };
+    const json = JSON.stringify(config, null, 2);
+    const parsed = JSON.parse(json) as LockerConfig;
+    expect(parsed).toEqual(config);
+  });
+
+  it("handles missing fields gracefully", () => {
+    const incomplete = { token: "abc" };
+    const json = JSON.stringify(incomplete);
+    const parsed = JSON.parse(json);
+    // readConfig checks for all three fields
+    const valid = parsed.token && parsed.email && parsed.apiUrl;
+    expect(valid).toBeFalsy();
+  });
+});

package/src/auth/config.ts

@@ -0,0 +1,66 @@
+import fs from "node:fs";
+import path from "node:path";
+import os from "node:os";
+
+const CONFIG_DIR = path.join(os.homedir(), ".locker");
+const CONFIG_FILE = path.join(CONFIG_DIR, "config");
+
+export interface LockerConfig {
+  token: string;
+  email: string;
+  apiUrl: string;
+}
+
+/**
+ * Reads the stored config from ~/.locker/config.
+ * Returns null if no config exists.
+ */
+export function readConfig(): LockerConfig | null {
+  try {
+    if (!fs.existsSync(CONFIG_FILE)) return null;
+    const raw = fs.readFileSync(CONFIG_FILE, "utf8");
+    const parsed = JSON.parse(raw);
+    if (!parsed.token || !parsed.email || !parsed.apiUrl) return null;
+    return parsed as LockerConfig;
+  } catch {
+    return null;
+  }
+}
+
+/**
+ * Writes config to ~/.locker/config with chmod 600 (owner-only read/write).
+ * Creates ~/.locker directory if it doesn't exist.
+ */
+export function writeConfig(config: LockerConfig): void {
+  if (!fs.existsSync(CONFIG_DIR)) {
+    fs.mkdirSync(CONFIG_DIR, { mode: 0o700 });
+  }
+  fs.writeFileSync(CONFIG_FILE, JSON.stringify(config, null, 2), {
+    mode: 0o600,
+  });
+}
+
+/**
+ * Deletes ~/.locker/config (logout).
+ */
+export function clearConfig(): void {
+  try {
+    if (fs.existsSync(CONFIG_FILE)) {
+      fs.unlinkSync(CONFIG_FILE);
+    }
+  } catch {
+    // Ignore — file may not exist
+  }
+}
+
+/**
+ * Returns the config or exits with a helpful message if not logged in.
+ */
+export function requireAuth(): LockerConfig {
+  const config = readConfig();
+  if (!config) {
+    console.error("Not logged in. Run: locker login");
+    process.exit(1);
+  }
+  return config;
+}