lsh-framework 2.1.2 → 2.2.0

package/dist/commands/init.js

@@ -10,6 +10,7 @@ import * as crypto from 'crypto';
 import { createClient } from '@supabase/supabase-js';
 import ora from 'ora';
 import { getPlatformPaths } from '../lib/platform-utils.js';
+import { getGitRepoInfo } from '../lib/git-utils.js';
 /**
  * Register init commands
  */
@@ -101,9 +102,56 @@ async function runSetupWizard(options) {
         ]);
         storageType = storage;
     }
+    // Check if secrets already exist for this repo in the cloud
+    const cloudCheck = await checkCloudSecretsExist();
+    let encryptionKey;
+    if (cloudCheck.exists && cloudCheck.repoName) {
+        // Secrets found! This is an existing project
+        console.log(chalk.cyan(`\n✨ Found existing secrets for "${cloudCheck.repoName}" in cloud!`));
+        console.log(chalk.gray('This appears to be an existing project.'));
+        console.log('');
+        const { useExisting } = await inquirer.prompt([
+            {
+                type: 'confirm',
+                name: 'useExisting',
+                message: 'Pull existing secrets from another machine?',
+                default: true,
+            },
+        ]);
+        if (useExisting) {
+            // Prompt for existing encryption key
+            const { existingKey } = await inquirer.prompt([
+                {
+                    type: 'password',
+                    name: 'existingKey',
+                    message: 'Enter the encryption key from your other machine:',
+                    mask: '*',
+                    validate: (input) => {
+                        if (!input.trim())
+                            return 'Encryption key is required';
+                        if (input.length !== 64)
+                            return 'Key should be 64 characters (32 bytes hex)';
+                        if (!/^[0-9a-f]+$/i.test(input))
+                            return 'Key should be hexadecimal';
+                        return true;
+                    },
+                },
+            ]);
+            encryptionKey = existingKey.trim();
+        }
+        else {
+            // Generate new key (will overwrite existing)
+            console.log(chalk.yellow('\n⚠️  Generating new key will overwrite existing secrets!'));
+            encryptionKey = generateEncryptionKey();
+        }
+    }
+    else {
+        // No existing secrets - generate new key
+        encryptionKey = generateEncryptionKey();
+    }
     const config = {
         storageType,
-        encryptionKey: generateEncryptionKey(),
+        encryptionKey,
     };
     // Configure based on storage type
     if (storageType === 'storacha') {
@@ -118,6 +166,20 @@ async function runSetupWizard(options) {
     else {
         await configureLocal(config);
     }
+    // If using existing key and secrets exist, offer to pull them now
+    if (cloudCheck.exists && config.encryptionKey && cloudCheck.repoName) {
+        const { pullNow } = await inquirer.prompt([
+            {
+                type: 'confirm',
+                name: 'pullNow',
+                message: 'Pull secrets now?',
+                default: true,
+            },
+        ]);
+        if (pullNow) {
+            await pullSecretsAfterInit(config.encryptionKey, cloudCheck.repoName);
+        }
+    }
     // Save configuration
     await saveConfiguration(config);
     // Show success message
@@ -139,6 +201,59 @@ async function checkExistingConfig() {
         return false;
     }
 }
+/**
+ * Pull secrets after init is complete
+ */
+async function pullSecretsAfterInit(encryptionKey, repoName) {
+    const spinner = ora('Pulling secrets from cloud...').start();
+    try {
+        // Dynamically import SecretsManager to avoid circular dependencies
+        const { SecretsManager } = await import('../lib/secrets-manager.js');
+        const secretsManager = new SecretsManager();
+        // Pull secrets for this repo
+        await secretsManager.pull('.env', '', false);
+        spinner.succeed(chalk.green('✅ Secrets pulled successfully!'));
+    }
+    catch (error) {
+        spinner.fail(chalk.red('❌ Failed to pull secrets'));
+        const err = error;
+        console.log(chalk.yellow(`\n⚠️  ${err.message}`));
+        console.log(chalk.gray('\nYou can try pulling manually later with:'));
+        console.log(chalk.cyan(`   lsh pull`));
+    }
+}
+/**
+ * Check if secrets already exist in cloud for current repo
+ */
+async function checkCloudSecretsExist() {
+    try {
+        const gitInfo = getGitRepoInfo();
+        if (!gitInfo?.repoName) {
+            return { exists: false };
+        }
+        const repoName = gitInfo.repoName;
+        const environment = repoName; // Default environment for repo
+        // Check if metadata file exists with this repo's secrets
+        const paths = getPlatformPaths();
+        const metadataPath = path.join(paths.dataDir, 'secrets-metadata.json');
+        try {
+            const metadataContent = await fs.readFile(metadataPath, 'utf-8');
+            const metadata = JSON.parse(metadataContent);
+            // Check if any environment matches this repo name
+            const hasSecrets = Object.keys(metadata).some(env => env === repoName || env.startsWith(`${repoName}_`));
+            if (hasSecrets) {
+                return { exists: true, repoName, environment };
+            }
+        }
+        catch {
+            // Metadata file doesn't exist or can't be read
+        }
+        return { exists: false, repoName, environment };
+    }
+    catch {
+        return { exists: false };
+    }
+}
 /**
  * Configure Supabase
  */

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "lsh-framework",
-  "version": "2.1.2",
+  "version": "2.2.0",
   "description": "Simple, cross-platform encrypted secrets manager with automatic sync, IPFS audit logs, and multi-environment support. Just run lsh sync and start managing your secrets.",
   "main": "dist/app.js",
   "bin": {