npm - lsh-framework - Versions diffs - 0.8.0 → 0.8.1 - Mend

lsh-framework 0.8.0 → 0.8.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/README.md +4 -4
package/dist/lib/secrets-manager.js +69 -8
package/dist/services/secrets/secrets.js +105 -1
package/package.json +1 -1
package/dist/services/api/api.js +0 -58

package/README.md CHANGED Viewed

@@ -126,7 +126,7 @@ lsh lib secrets pull --env prod     # for production debugging
 | `lsh lib secrets create` | Create new .env file |
 | `lsh lib secrets delete` | Delete .env file (with confirmation) |
-See the complete guide: [SECRETS_GUIDE.md](SECRETS_GUIDE.md)
+See the complete guide: [SECRETS_GUIDE.md](docs/features/secrets/SECRETS_GUIDE.md)
 ## Installation
@@ -536,10 +536,10 @@ lsh lib daemon start
 ## Documentation
-- **[SECRETS_GUIDE.md](SECRETS_GUIDE.md)** - Complete secrets management guide
-- **[SECRETS_QUICK_REFERENCE.md](SECRETS_QUICK_REFERENCE.md)** - Quick reference for daily use
+- **[SECRETS_GUIDE.md](docs/features/secrets/SECRETS_GUIDE.md)** - Complete secrets management guide
+- **[SECRETS_QUICK_REFERENCE.md](docs/features/secrets/SECRETS_QUICK_REFERENCE.md)** - Quick reference for daily use
 - **[SECRETS_CHEATSHEET.txt](SECRETS_CHEATSHEET.txt)** - Command cheatsheet
-- **[INSTALL.md](INSTALL.md)** - Detailed installation instructions
+- **[INSTALL.md](docs/deployment/INSTALL.md)** - Detailed installation instructions
 - **[CLAUDE.md](CLAUDE.md)** - Developer guide for contributors
 ## Architecture

package/dist/lib/secrets-manager.js CHANGED Viewed

@@ -117,6 +117,11 @@ export class SecretsManager {
         if (!fs.existsSync(envFilePath)) {
             throw new Error(`File not found: ${envFilePath}`);
         }
+        // Validate filename pattern for custom files
+        const filename = path.basename(envFilePath);
+        if (filename !== '.env' && !filename.startsWith('.env.')) {
+            throw new Error(`Invalid filename: ${filename}. Must be '.env' or start with '.env.'`);
+        }
         // Warn if using default key
         if (!process.env.LSH_SECRETS_KEY) {
             logger.warn('⚠️  Warning: No LSH_SECRETS_KEY set. Using machine-specific key.');
@@ -129,9 +134,10 @@ export class SecretsManager {
         const env = this.parseEnvFile(content);
         // Encrypt entire .env content
         const encrypted = this.encrypt(content);
-        // Store in Supabase (using job system for now)
+        // Include filename in job_id for tracking multiple .env files
+        const safeFilename = filename.replace(/[^a-zA-Z0-9._-]/g, '_');
         const secretData = {
-            job_id: `secrets_${environment}_${Date.now()}`,
+            job_id: `secrets_${environment}_${safeFilename}_${Date.now()}`,
             command: 'secrets_sync',
             status: 'completed',
             output: encrypted,
@@ -140,20 +146,31 @@ export class SecretsManager {
             working_directory: process.cwd(),
         };
         await this.persistence.saveJob(secretData);
-        logger.info(`✅ Pushed ${Object.keys(env).length} secrets to Supabase`);
+        logger.info(`✅ Pushed ${Object.keys(env).length} secrets from ${filename} to Supabase`);
     }
     /**
      * Pull .env from Supabase
      */
     async pull(envFilePath = '.env', environment = 'dev', force = false) {
-        logger.info(`Pulling ${environment} secrets from Supabase...`);
-        // Get latest secrets
+        // Validate filename pattern for custom files
+        const filename = path.basename(envFilePath);
+        if (filename !== '.env' && !filename.startsWith('.env.')) {
+            throw new Error(`Invalid filename: ${filename}. Must be '.env' or start with '.env.'`);
+        }
+        logger.info(`Pulling ${filename} (${environment}) from Supabase...`);
+        // Get latest secrets for this specific file
         const jobs = await this.persistence.getActiveJobs();
+        const safeFilename = filename.replace(/[^a-zA-Z0-9._-]/g, '_');
         const secretsJobs = jobs
-            .filter(j => j.command === 'secrets_sync' && j.job_id.includes(environment))
+            .filter(j => {
+            // Match secrets for this environment and filename
+            return j.command === 'secrets_sync' &&
+                j.job_id.includes(environment) &&
+                j.job_id.includes(safeFilename);
+        })
             .sort((a, b) => new Date(b.started_at).getTime() - new Date(a.started_at).getTime());
         if (secretsJobs.length === 0) {
-            throw new Error(`No secrets found for environment: ${environment}`);
+            throw new Error(`No secrets found for file '${filename}' in environment: ${environment}`);
         }
         const latestSecret = secretsJobs[0];
         if (!latestSecret.output) {
@@ -179,13 +196,57 @@ export class SecretsManager {
         const secretsJobs = jobs.filter(j => j.command === 'secrets_sync');
         const envs = new Set();
         for (const job of secretsJobs) {
-            const match = job.job_id.match(/secrets_(.+?)_\d+/);
+            // Updated regex to handle new format with filename
+            const match = job.job_id.match(/secrets_([^_]+)_/);
             if (match) {
                 envs.add(match[1]);
             }
         }
         return Array.from(envs).sort();
     }
+    /**
+     * List all tracked .env files
+     */
+    async listAllFiles() {
+        const jobs = await this.persistence.getActiveJobs();
+        const secretsJobs = jobs.filter(j => j.command === 'secrets_sync');
+        // Group by environment and filename to get latest of each
+        const fileMap = new Map();
+        for (const job of secretsJobs) {
+            // Parse job_id: secrets_${environment}_${safeFilename}_${timestamp}
+            const parts = job.job_id.split('_');
+            if (parts.length >= 3 && parts[0] === 'secrets') {
+                const environment = parts[1];
+                // Handle both old and new format
+                let filename = '.env';
+                if (parts.length >= 4) {
+                    // New format with filename
+                    const timestamp = parts[parts.length - 1];
+                    // Reconstruct filename from middle parts
+                    const filenameParts = parts.slice(2, -1);
+                    if (filenameParts.length > 0) {
+                        // Convert underscores back to dots for the extension
+                        filename = filenameParts.join('_');
+                        // Fix the extension dots that were replaced
+                        filename = filename.replace(/^env_/, '.env.');
+                        if (filename === 'env') {
+                            filename = '.env';
+                        }
+                    }
+                }
+                const key = `${environment}_${filename}`;
+                const existing = fileMap.get(key);
+                if (!existing || new Date(job.completed_at || job.started_at) > new Date(existing.updated)) {
+                    fileMap.set(key, {
+                        filename,
+                        environment,
+                        updated: new Date(job.completed_at || job.started_at).toLocaleString()
+                    });
+                }
+            }
+        }
+        return Array.from(fileMap.values()).sort((a, b) => a.filename.localeCompare(b.filename) || a.environment.localeCompare(b.environment));
+    }
     /**
      * Show secrets (masked)
      */

package/dist/services/secrets/secrets.js CHANGED Viewed

@@ -48,9 +48,24 @@ export async function init_secrets(program) {
         .command('list [environment]')
         .alias('ls')
         .description('List all stored environments or show secrets for specific environment')
-        .action(async (environment) => {
+        .option('--all-files', 'List all tracked .env files across environments')
+        .action(async (environment, options) => {
         try {
             const manager = new SecretsManager();
+            // If --all-files flag is set, list all tracked files
+            if (options.allFiles) {
+                const files = await manager.listAllFiles();
+                if (files.length === 0) {
+                    console.log('No .env files found. Push your first file with: lsh secrets push --file <filename>');
+                    return;
+                }
+                console.log('\n📦 Tracked .env files:\n');
+                for (const file of files) {
+                    console.log(`  • ${file.filename} (${file.environment}) - Last updated: ${file.updated}`);
+                }
+                console.log();
+                return;
+            }
             // If environment specified, show secrets for that environment
             if (environment) {
                 await manager.show(environment);
@@ -187,6 +202,95 @@ API_KEY=
             process.exit(1);
         }
     });
+    // Get a specific secret value
+    secretsCmd
+        .command('get <key>')
+        .description('Get a specific secret value from .env file')
+        .option('-f, --file <path>', 'Path to .env file', '.env')
+        .action(async (key, options) => {
+        try {
+            const envPath = path.resolve(options.file);
+            if (!fs.existsSync(envPath)) {
+                console.error(`❌ File not found: ${envPath}`);
+                process.exit(1);
+            }
+            const content = fs.readFileSync(envPath, 'utf8');
+            const lines = content.split('\n');
+            for (const line of lines) {
+                if (line.trim().startsWith('#') || !line.trim())
+                    continue;
+                const match = line.match(/^([^=]+)=(.*)$/);
+                if (match && match[1].trim() === key) {
+                    let value = match[2].trim();
+                    // Remove quotes if present
+                    if ((value.startsWith('"') && value.endsWith('"')) ||
+                        (value.startsWith("'") && value.endsWith("'"))) {
+                        value = value.slice(1, -1);
+                    }
+                    console.log(value);
+                    return;
+                }
+            }
+            console.error(`❌ Key '${key}' not found in ${options.file}`);
+            process.exit(1);
+        }
+        catch (error) {
+            console.error('❌ Failed to get secret:', error.message);
+            process.exit(1);
+        }
+    });
+    // Set a specific secret value
+    secretsCmd
+        .command('set <key> <value>')
+        .description('Set a specific secret value in .env file')
+        .option('-f, --file <path>', 'Path to .env file', '.env')
+        .action(async (key, value, options) => {
+        try {
+            const envPath = path.resolve(options.file);
+            // Validate key format
+            if (!/^[A-Za-z_][A-Za-z0-9_]*$/.test(key)) {
+                console.error(`❌ Invalid key format: ${key}. Must be a valid environment variable name.`);
+                process.exit(1);
+            }
+            let content = '';
+            let found = false;
+            if (fs.existsSync(envPath)) {
+                content = fs.readFileSync(envPath, 'utf8');
+                const lines = content.split('\n');
+                const newLines = [];
+                for (const line of lines) {
+                    if (line.trim().startsWith('#') || !line.trim()) {
+                        newLines.push(line);
+                        continue;
+                    }
+                    const match = line.match(/^([^=]+)=(.*)$/);
+                    if (match && match[1].trim() === key) {
+                        // Quote values with spaces or special characters
+                        const needsQuotes = /[\s#]/.test(value);
+                        const quotedValue = needsQuotes ? `"${value}"` : value;
+                        newLines.push(`${key}=${quotedValue}`);
+                        found = true;
+                    }
+                    else {
+                        newLines.push(line);
+                    }
+                }
+                content = newLines.join('\n');
+            }
+            // If key wasn't found, append it
+            if (!found) {
+                const needsQuotes = /[\s#]/.test(value);
+                const quotedValue = needsQuotes ? `"${value}"` : value;
+                content = content.trimRight() + `\n${key}=${quotedValue}\n`;
+            }
+            fs.writeFileSync(envPath, content, 'utf8');
+            console.log(`✅ Set ${key} in ${options.file}`);
+        }
+        catch (error) {
+            console.error('❌ Failed to set secret:', error.message);
+            process.exit(1);
+        }
+    });
     // Delete .env file with confirmation
     secretsCmd
         .command('delete')

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "lsh-framework",
-  "version": "0.8.0",
+  "version": "0.8.1",
   "description": "Encrypted secrets manager with automatic rotation, team sync, and multi-environment support. Built on a powerful shell with daemon scheduling and CI/CD integration.",
   "main": "dist/app.js",
   "bin": {

package/dist/services/api/api.js DELETED Viewed

@@ -1,58 +0,0 @@
-import AsyncLock from 'async-lock';
-import request from 'request';
-import { CONFIG } from './config.js';
-import { FILE } from './file.js';
-const semaphore = new AsyncLock();
-let pkgId;
-export const makePOSTRequest = async (typeName, method, data, onSuccess) => {
-    console.log("makePostRequest");
-    const url = CONFIG.URL + '/api/8' + '/' + typeName + '/' + method;
-    console.log(url);
-    // Prevent parallel writes/deletions
-    return semaphore.acquire('request', (done) => {
-        return request.post(url, {
-            method: 'POST',
-            body: data,
-            json: true,
-            headers: {
-                Authorization: CONFIG.AUTH_TOKEN,
-            },
-        }, (err, response, body) => {
-            console.log(body);
-            onSuccess?.(response);
-            done();
-        });
-    });
-};
-const getMetadataPath = (path) => {
-    console.log("getMetadataPath");
-    return path.substring(path.indexOf(CONFIG.PATH_TO_PACKAGE_REPO) + CONFIG.PATH_TO_PACKAGE_REPO.length);
-};
-const getPkgId = async () => {
-    console.log("getPkgId");
-    if (pkgId) {
-        return pkgId;
-    }
-    await makePOSTRequest('Pkg', 'inst', ['Pkg'], (body) => {
-        pkgId = body;
-    });
-    return pkgId;
-};
-const _writeContent = async (path) => {
-    console.log("writeContent");
-    const pkgId = await getPkgId();
-    const metadataPath = getMetadataPath(path);
-    const content = FILE.encodeContent(path);
-    if (await content === FILE.NO_CHANGE_TO_FILE) {
-        return;
-    }
-    return makePOSTRequest('Pkg', 'writeContent', [pkgId, metadataPath, {
-            type: 'ContentValue',
-            content,
-        }], () => console.log("Success"));
-};
-const _deleteContent = async (path) => {
-    const pkgId = await getPkgId();
-    const metadataPath = getMetadataPath(path);
-    return makePOSTRequest('Pkg', 'deleteContent', [pkgId, metadataPath, true], () => console.log("deleted!"));
-};