lsh-framework 3.1.7 → 3.1.8

package/dist/lib/ipfs-secrets-storage.js

@@ -3,6 +3,7 @@
  * Stores encrypted secrets on IPFS using Storacha (formerly web3.storage)
  */
 import * as fs from 'fs';
+import * as fsPromises from 'fs/promises';
 import * as path from 'path';
 import * as os from 'os';
 import * as crypto from 'crypto';
@@ -30,12 +31,19 @@ export class IPFSSecretsStorage {
         const lshDir = path.join(homeDir, '.lsh');
         this.cacheDir = path.join(lshDir, 'secrets-cache');
         this.metadataPath = path.join(lshDir, 'secrets-metadata.json');
+        // Initialize metadata - will be loaded on first use
+        this.metadata = {};
+    }
+    /**
+     * Initialize async parts
+     */
+    async initialize() {
         // Ensure directories exist
         if (!fs.existsSync(this.cacheDir)) {
             fs.mkdirSync(this.cacheDir, { recursive: true });
         }
         // Load metadata
-        this.metadata = this.loadMetadata();
+        this.metadata = await this.loadMetadataAsync();
     }
     /**
      * Store secrets on IPFS
@@ -59,7 +67,7 @@ export class IPFSSecretsStorage {
                 encrypted: true,
             };
             this.metadata[this.getMetadataKey(gitRepo, environment)] = metadata;
-            this.saveMetadata();
+            await this.saveMetadata();
             logger.info(`📦 Stored ${secrets.length} secrets on IPFS: ${cid}`);
             logger.info(`   Environment: ${environment}`);
             if (gitRepo) {
@@ -132,7 +140,7 @@ export class IPFSSecretsStorage {
                                 encrypted: true,
                             };
                             this.metadata[metadataKey] = metadata;
-                            this.saveMetadata();
+                            await this.saveMetadata();
                         }
                     }
                 }
@@ -162,7 +170,7 @@ export class IPFSSecretsStorage {
                                 timestamp: new Date().toISOString(),
                             };
                             this.metadata[metadataKey] = metadata;
-                            this.saveMetadata();
+                            await this.saveMetadata();
                         }
                     }
                 }
@@ -236,20 +244,24 @@ export class IPFSSecretsStorage {
         return Object.values(this.metadata);
     }
     /**
-     * Delete secrets for environment
+     * Delete local cached secrets for an environment
      */
-    async delete(environment, gitRepo) {
+    async deleteLocal(environment, gitRepo) {
         const metadataKey = this.getMetadataKey(gitRepo, environment);
         const metadata = this.metadata[metadataKey];
         if (metadata) {
             // Delete local cache
             const cachePath = path.join(this.cacheDir, `${metadata.cid}.encrypted`);
-            if (fs.existsSync(cachePath)) {
-                fs.unlinkSync(cachePath);
+            try {
+                await fsPromises.access(cachePath);
+                await fsPromises.unlink(cachePath);
+            }
+            catch {
+                // File doesn't exist, which is fine
             }
             // Remove metadata
             delete this.metadata[metadataKey];
-            this.saveMetadata();
+            await this.saveMetadata();
             logger.info(`🗑️  Deleted secrets for ${environment}`);
         }
     }
@@ -310,7 +322,10 @@ export class IPFSSecretsStorage {
      */
     async storeLocally(cid, encryptedData, _environment) {
         const cachePath = path.join(this.cacheDir, `${cid}.encrypted`);
-        fs.writeFileSync(cachePath, encryptedData, 'utf8');
+        // Ensure parent directory exists
+        await fsPromises.mkdir(this.cacheDir, { recursive: true });
+        // Write file without locking (simpler approach)
+        await fsPromises.writeFile(cachePath, encryptedData, 'utf8');
         logger.debug(`Cached secrets locally: ${cachePath}`);
     }
     /**
@@ -318,10 +333,14 @@ export class IPFSSecretsStorage {
      */
     async loadLocally(cid) {
         const cachePath = path.join(this.cacheDir, `${cid}.encrypted`);
-        if (!fs.existsSync(cachePath)) {
+        try {
+            await fsPromises.access(cachePath);
+        }
+        catch {
             return null;
         }
-        return fs.readFileSync(cachePath, 'utf8');
+        // Simple read without locking for now
+        return await fsPromises.readFile(cachePath, 'utf8');
     }
     /**
      * Get metadata key for environment
@@ -344,10 +363,31 @@ export class IPFSSecretsStorage {
             return {};
         }
     }
+    /**
+     * Load metadata from disk asynchronously
+     */
+    async loadMetadataAsync() {
+        try {
+            await fsPromises.access(this.metadataPath);
+        }
+        catch {
+            return {};
+        }
+        try {
+            const content = await fsPromises.readFile(this.metadataPath, 'utf8');
+            return JSON.parse(content);
+        }
+        catch {
+            return {};
+        }
+    }
     /**
      * Save metadata to disk
      */
-    saveMetadata() {
-        fs.writeFileSync(this.metadataPath, JSON.stringify(this.metadata, null, 2), 'utf8');
+    async saveMetadata() {
+        // Ensure parent directory exists
+        const parentDir = path.dirname(this.metadataPath);
+        await fsPromises.mkdir(parentDir, { recursive: true });
+        await fsPromises.writeFile(this.metadataPath, JSON.stringify(this.metadata, null, 2), 'utf8');
     }
 }

package/dist/services/secrets/secrets.js

@@ -458,6 +458,7 @@ API_KEY=
         .option('--export', 'Output in export format for shell evaluation (alias for --format export)')
         .option('--format <type>', 'Output format: env, json, yaml, toml, export', 'env')
         .option('--exact', 'Require exact key match (disable fuzzy matching)')
+        .option('--no-mask', 'Show full values in fuzzy match results')
         .action(async (key, options) => {
         try {
             const manager = new SecretsManager({ globalMode: options.global });
@@ -546,11 +547,13 @@ API_KEY=
             // Multiple matches - show all matches for user to choose
             console.error(`🔍 Found ${matches.length} matches for '${key}':\n`);
             for (const match of matches) {
-                // Mask value for display
-                const maskedValue = match.value.length > 4
-                    ? match.value.substring(0, 4) + '*'.repeat(Math.min(match.value.length - 4, 10))
-                    : '****';
-                console.error(`  ${match.key}=${maskedValue}`);
+                // Mask value for display unless --no-mask is set
+                const displayValue = options.mask === false
+                    ? match.value
+                    : (match.value.length > 4
+                        ? match.value.substring(0, 4) + '*'.repeat(Math.min(match.value.length - 4, 10))
+                        : '****');
+                console.error(`  ${match.key}=${displayValue}`);
             }
             console.error('');
             console.error('💡 Please specify the exact key name or use one of:');

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "lsh-framework",
-  "version": "3.1.7",
+  "version": "3.1.8",
   "description": "Simple, cross-platform encrypted secrets manager with automatic sync, IPFS audit logs, and multi-environment support. Just run lsh sync and start managing your secrets.",
   "main": "dist/app.js",
   "bin": {
@@ -65,7 +65,8 @@
   "dependencies": {
     "@storacha/client": "^1.8.18",
     "@supabase/supabase-js": "^2.57.4",
-    "bcrypt": "^5.1.1",
+    "@types/proper-lockfile": "^4.1.4",
+    "bcrypt": "^6.0.0",
     "chalk": "^5.3.0",
     "chokidar": "^5.0.0",
     "commander": "^14.0.2",
@@ -80,6 +81,7 @@
     "node-cron": "^4.2.1",
     "ora": "^9.0.0",
     "pg": "^8.16.3",
+    "proper-lockfile": "^4.1.2",
     "smol-toml": "^1.3.1",
     "uuid": "^13.0.0"
   },