lsh-framework 3.2.5 → 3.5.0

package/dist/services/secrets/secrets.js

@@ -2,53 +2,25 @@
  * Secrets Management Commands
  * Sync .env files across development environments
  */
-import SecretsManager from '../../lib/secrets-manager.js';
+import SecretsManager, { findEncryptionKey } from '../../lib/secrets-manager.js';
 import * as fs from 'fs';
 import * as path from 'path';
 import * as readline from 'readline';
 import { getGitRepoInfo } from '../../lib/git-utils.js';
 import { ENV_VARS } from '../../constants/index.js';
 import { IPFSClientManager } from '../../lib/ipfs-client-manager.js';
+import { SyncKeyStore } from '../../lib/sync-key-store.js';
+function maskKey(key) {
+    if (key.length <= 12)
+        return '*'.repeat(key.length);
+    return `${key.slice(0, 4)}...${key.slice(-4)}`;
+}
 /**
  * Type guard to check if a string is a valid OutputFormat.
  */
 function isOutputFormat(value) {
     return ['env', 'json', 'yaml', 'toml', 'export'].includes(value);
 }
-/**
- * Find existing LSH_SECRETS_KEY from environment, local .env, or global ~/.env
- */
-function findExistingKey() {
-    // 1. Check environment variable
-    const envKey = process.env[ENV_VARS.LSH_SECRETS_KEY];
-    if (envKey)
-        return envKey;
-    // 2. Check local .env
-    const localEnvPath = path.join(process.cwd(), '.env');
-    const localKey = readKeyFromEnvFile(localEnvPath);
-    if (localKey)
-        return localKey;
-    // 3. Check global ~/.env
-    const globalEnvPath = path.join(process.env.HOME || '~', '.env');
-    const globalKey = readKeyFromEnvFile(globalEnvPath);
-    if (globalKey)
-        return globalKey;
-    return null;
-}
-function readKeyFromEnvFile(envPath) {
-    try {
-        if (fs.existsSync(envPath)) {
-            const content = fs.readFileSync(envPath, 'utf-8');
-            const match = content.match(/^LSH_SECRETS_KEY=['"]?([^'"\n]+)['"]?/m);
-            if (match)
-                return match[1];
-        }
-    }
-    catch {
-        // Ignore read errors
-    }
-    return null;
-}
 export async function init_secrets(program) {
     // Push secrets to cloud
     program
@@ -305,7 +277,7 @@ export async function init_secrets(program) {
     // Default action: show existing key or prompt to generate
     keyCmd
         .action(async () => {
-        const existingKey = findExistingKey();
+        const existingKey = findEncryptionKey();
         if (existingKey) {
             const masked = existingKey.slice(0, 8) + '...' + existingKey.slice(-4);
             console.log(`\n🔑 LSH_SECRETS_KEY=${masked}\n`);
@@ -326,7 +298,7 @@ export async function init_secrets(program) {
         .option('--no-mask', 'Show the full key (default: masked)')
         .option('--export', 'Output in export format for shell evaluation')
         .action(async (options) => {
-        const existingKey = findExistingKey();
+        const existingKey = findEncryptionKey();
         if (!existingKey) {
             console.error('❌ No encryption key found. Run: lsh key generate');
             process.exit(1);
@@ -350,7 +322,7 @@ export async function init_secrets(program) {
         .option('--force', 'Overwrite existing key')
         .option('--export', 'Output in export format for shell evaluation')
         .action(async (options) => {
-        const existingKey = findExistingKey();
+        const existingKey = findEncryptionKey();
         if (existingKey && !options.force) {
             console.error('❌ An encryption key already exists. Use --force to overwrite.');
             console.error('⚠️  Warning: existing secrets will NOT be decryptable with a new key.\n');
@@ -400,7 +372,7 @@ export async function init_secrets(program) {
             process.exit(1);
         }
         // Check for existing key
-        const existingKey = findExistingKey();
+        const existingKey = findEncryptionKey();
         if (existingKey) {
             if (existingKey === keyValue) {
                 console.log('\n✅ This key is already configured.\n');
@@ -447,6 +419,72 @@ export async function init_secrets(program) {
             process.exit(1);
         }
     });
+    // lsh key gen — generate + persist to ~/.config/lsh/sync_key.json
+    keyCmd
+        .command('gen')
+        .description('Generate a new key and persist it to the LSH sync key store')
+        .option('-f, --force', 'Overwrite an existing stored key')
+        .option('--show', 'Print the full key (default masks it)')
+        .action((options) => {
+        const store = new SyncKeyStore();
+        let key;
+        try {
+            key = store.generate(options.force === true);
+        }
+        catch (err) {
+            const e = err;
+            console.error(`❌ ${e.message}`);
+            console.error("💡 Use --force to overwrite, or run 'lsh key show' to view the existing key.");
+            process.exit(1);
+            return; // for the type-checker
+        }
+        console.log(`✅ Generated sync key at ${store.path}`);
+        if (options.show) {
+            console.log(`🔑 ${key}`);
+        }
+        else {
+            console.log(`🔑 ${maskKey(key)}  (use --show to print full)`);
+        }
+        console.log("💡 Share this key with teammates / your other hosts. Then run `lsh key set <key>` on each peer.");
+    });
+    // lsh key set — paste a 64-char hex key from another host into the store
+    keyCmd
+        .command('set <key>')
+        .description('Persist an existing 64-char hex key to the LSH sync key store')
+        .action((keyValue) => {
+        const store = new SyncKeyStore();
+        try {
+            store.set(keyValue.trim());
+        }
+        catch (err) {
+            const e = err;
+            console.error(`❌ ${e.message}`);
+            process.exit(1);
+        }
+        console.log('✅ Sync key stored.');
+    });
+    // lsh key clear — delete the persisted key (env var, if set, is untouched)
+    keyCmd
+        .command('clear')
+        .description('Delete the persisted LSH sync key (env var is untouched)')
+        .option('-y, --yes', 'Skip confirmation prompt')
+        .action(async (options) => {
+        if (!options.yes) {
+            const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
+            const answer = await new Promise((resolve) => {
+                rl.question('Remove the stored sync key? [y/N] ', (ans) => {
+                    rl.close();
+                    resolve(ans.trim().toLowerCase());
+                });
+            });
+            if (answer !== 'y' && answer !== 'yes') {
+                console.log('Aborted.');
+                return;
+            }
+        }
+        new SyncKeyStore().clear();
+        console.log('✅ Stored sync key removed.');
+    });
     // Create .env file
     program
         .command('create')

package/package.json

@@ -1,8 +1,8 @@
 {
   "name": "lsh-framework",
-  "version": "3.2.5",
+  "version": "3.5.0",
   "description": "Simple, cross-platform encrypted secrets manager with automatic sync, IPFS audit logs, and multi-environment support. Just run lsh sync and start managing your secrets.",
-  "main": "dist/app.js",
+  "main": "dist/cli.js",
   "bin": {
     "lsh": "./dist/cli.js"
   },
@@ -64,39 +64,39 @@
   ],
   "dependencies": {
     "@supabase/supabase-js": "^2.57.4",
-    "@types/proper-lockfile": "^4.1.4",
     "bcrypt": "^6.0.0",
     "chalk": "^5.3.0",
     "chokidar": "^5.0.0",
-    "commander": "^14.0.2",
+    "commander": "^15.0.0",
     "cors": "^2.8.5",
     "dotenv": "^17.2.3",
-    "express": "^4.22.1",
+    "express": "^5.2.1",
     "express-rate-limit": "^8.2.1",
     "glob": "^13.0.0",
-    "inquirer": "^9.2.12",
+    "inquirer": "^14.0.1",
     "js-yaml": "^4.1.0",
     "jsonwebtoken": "^9.0.2",
     "node-cron": "^4.2.1",
     "ora": "^9.0.0",
     "pg": "^8.16.3",
     "proper-lockfile": "^4.1.2",
-    "smol-toml": "^1.3.1",
-    "uuid": "^13.0.0"
+    "smol-toml": "^1.3.1"
   },
   "devDependencies": {
-    "@types/bcrypt": "^5.0.2",
+    "@eslint/js": "^10.0.1",
+    "@types/bcrypt": "^6.0.0",
     "@types/cors": "^2.8.17",
-    "@types/express": "^4.17.21",
+    "@types/express": "^5.0.6",
     "@types/jest": "^30.0.0",
     "@types/js-yaml": "^4.0.9",
     "@types/jsonwebtoken": "^9.0.5",
-    "@types/node": "^20.19.27",
-    "@typescript-eslint/eslint-plugin": "^8.44.1",
-    "@typescript-eslint/parser": "^8.44.1",
-    "eslint": "^9.36.0",
-    "jest": "^29.7.0",
+    "@types/node": "^25.9.1",
+    "@types/proper-lockfile": "^4.1.4",
+    "@typescript-eslint/eslint-plugin": "^8.60.0",
+    "@typescript-eslint/parser": "^8.60.0",
+    "eslint": "^10.4.1",
+    "jest": "^30.4.2",
     "ts-jest": "^29.2.5",
-    "typescript": "^5.4.5"
+    "typescript": "^6.0.3"
   }
 }

package/dist/__tests__/fixtures/job-fixtures.js

@@ -1,204 +0,0 @@
-/**
- * Job Fixtures for Testing
- *
- * Provides factory functions and sample data for testing job-related functionality.
- *
- * @example
- * ```typescript
- * import { createTestJob, SAMPLE_JOBS } from '../fixtures/job-fixtures';
- *
- * const job = createTestJob({ name: 'my-test-job', command: 'echo test' });
- * ```
- */
-// ============================================================================
-// FACTORY FUNCTIONS
-// ============================================================================
-/**
- * Create a test job specification with sensible defaults.
- */
-export function createTestJob(overrides = {}) {
-    const id = `job_${Math.random().toString(36).substr(2, 9)}`;
-    return {
-        id,
-        name: 'test-job',
-        command: 'echo "test"',
-        args: [],
-        status: 'created',
-        createdAt: new Date(),
-        tags: [],
-        priority: 5,
-        maxRetries: 3,
-        retryCount: 0,
-        databaseSync: false, // Disable DB sync in tests by default
-        ...overrides,
-    };
-}
-/**
- * Create a test job execution record.
- */
-export function createTestExecution(overrides = {}) {
-    const executionId = `exec_${Math.random().toString(36).substr(2, 9)}`;
-    return {
-        executionId,
-        jobId: `job_${Math.random().toString(36).substr(2, 9)}`,
-        jobName: 'test-job',
-        command: 'echo "test"',
-        startTime: new Date(),
-        status: 'completed',
-        exitCode: 0,
-        ...overrides,
-    };
-}
-/**
- * Create a scheduled job with cron expression.
- */
-export function createScheduledJob(cronExpression, overrides = {}) {
-    return createTestJob({
-        name: 'scheduled-job',
-        command: './scripts/scheduled.sh',
-        schedule: {
-            cron: cronExpression,
-        },
-        ...overrides,
-    });
-}
-/**
- * Create a job with interval scheduling.
- */
-export function createIntervalJob(intervalMs, overrides = {}) {
-    return createTestJob({
-        name: 'interval-job',
-        command: './scripts/interval.sh',
-        schedule: {
-            interval: intervalMs,
-        },
-        ...overrides,
-    });
-}
-// ============================================================================
-// SAMPLE DATA
-// ============================================================================
-/**
- * Collection of sample jobs for different test scenarios.
- */
-export const SAMPLE_JOBS = {
-    /** Simple echo job */
-    simple: createTestJob({
-        id: 'job_simple',
-        name: 'simple-job',
-        command: 'echo "hello"',
-    }),
-    /** Job with environment variables */
-    withEnv: createTestJob({
-        id: 'job_with_env',
-        name: 'env-job',
-        command: 'printenv',
-        env: {
-            MY_VAR: 'test_value',
-            ANOTHER_VAR: '123',
-        },
-    }),
-    /** Job with arguments */
-    withArgs: createTestJob({
-        id: 'job_with_args',
-        name: 'args-job',
-        command: 'ls',
-        args: ['-la', '/tmp'],
-    }),
-    /** Scheduled job (daily at midnight) */
-    scheduled: createScheduledJob('0 0 * * *', {
-        id: 'job_scheduled',
-        name: 'daily-job',
-    }),
-    /** Interval job (every 5 minutes) */
-    interval: createIntervalJob(5 * 60 * 1000, {
-        id: 'job_interval',
-        name: 'frequent-job',
-    }),
-    /** Long-running job with timeout */
-    longRunning: createTestJob({
-        id: 'job_long',
-        name: 'long-running-job',
-        command: 'sleep 300',
-        timeout: 60000, // 1 minute timeout
-    }),
-    /** Job that will fail */
-    failing: createTestJob({
-        id: 'job_failing',
-        name: 'failing-job',
-        command: 'exit 1',
-        maxRetries: 2,
-    }),
-    /** Completed job */
-    completed: createTestJob({
-        id: 'job_completed',
-        name: 'completed-job',
-        command: 'echo "done"',
-        status: 'completed',
-        startedAt: new Date(Date.now() - 1000),
-        completedAt: new Date(),
-        exitCode: 0,
-        stdout: 'done\n',
-    }),
-    /** Failed job */
-    failed: createTestJob({
-        id: 'job_failed',
-        name: 'failed-job',
-        command: 'false',
-        status: 'failed',
-        startedAt: new Date(Date.now() - 1000),
-        completedAt: new Date(),
-        exitCode: 1,
-        stderr: 'Command failed\n',
-        retryCount: 3,
-    }),
-    /** Secrets rotation job (realistic example) */
-    secretsRotation: createScheduledJob('0 2 1 * *', {
-        id: 'job_secrets_rotation',
-        name: 'rotate-api-keys',
-        command: './examples/secrets-rotation/rotate-api-keys.sh',
-        description: 'Monthly API key rotation',
-        tags: ['secrets', 'maintenance', 'security'],
-        env: {
-            LSH_ENVIRONMENT: 'production',
-            LOG_LEVEL: 'info',
-        },
-        timeout: 300000, // 5 minutes
-    }),
-};
-/**
- * Sample execution records for testing history/statistics.
- */
-export const SAMPLE_EXECUTIONS = {
-    success: createTestExecution({
-        executionId: 'exec_success',
-        jobId: 'job_simple',
-        status: 'completed',
-        exitCode: 0,
-        duration: 150,
-        stdout: 'hello\n',
-    }),
-    failure: createTestExecution({
-        executionId: 'exec_failure',
-        jobId: 'job_failing',
-        status: 'failed',
-        exitCode: 1,
-        duration: 50,
-        stderr: 'Error: Command failed\n',
-        errorMessage: 'Process exited with code 1',
-    }),
-    timeout: createTestExecution({
-        executionId: 'exec_timeout',
-        jobId: 'job_long',
-        status: 'timeout',
-        duration: 60000,
-        errorMessage: 'Job exceeded timeout of 60000ms',
-    }),
-    killed: createTestExecution({
-        executionId: 'exec_killed',
-        jobId: 'job_simple',
-        status: 'killed',
-        duration: 5000,
-        errorMessage: 'Process killed by signal SIGTERM',
-    }),
-};

package/dist/__tests__/fixtures/supabase-mocks.js

@@ -1,252 +0,0 @@
-/**
- * Supabase Mock Utilities for Testing
- *
- * Provides mock Supabase client and factory functions for creating
- * test data that matches the database schema.
- *
- * @example
- * ```typescript
- * import { createMockSupabase, mockOrganization } from '../fixtures/supabase-mocks';
- *
- * const supabase = createMockSupabase({
- *   organizations: [mockOrganization({ name: 'Test Org' })],
- * });
- * ```
- */
-// ============================================================================
-// FACTORY FUNCTIONS
-// ============================================================================
-/**
- * Create a mock organization record with sensible defaults.
- * Override any field by passing it in the partial.
- */
-export function mockOrganization(overrides = {}) {
-    const now = new Date().toISOString();
-    return {
-        id: `org_${Math.random().toString(36).substr(2, 9)}`,
-        name: 'Test Organization',
-        slug: 'test-org',
-        stripe_customer_id: null,
-        subscription_tier: 'free',
-        subscription_status: 'active',
-        subscription_expires_at: null,
-        settings: null,
-        created_at: now,
-        updated_at: now,
-        deleted_at: null,
-        ...overrides,
-    };
-}
-/**
- * Create a mock user record with sensible defaults.
- */
-export function mockUser(overrides = {}) {
-    const now = new Date().toISOString();
-    const id = `user_${Math.random().toString(36).substr(2, 9)}`;
-    return {
-        id,
-        email: `${id}@example.com`,
-        email_verified: true,
-        email_verification_token: null,
-        email_verification_expires_at: null,
-        password_hash: '$2b$12$mockhashmockhashmockhashmockhash', // Not a real hash
-        oauth_provider: null,
-        oauth_provider_id: null,
-        first_name: 'Test',
-        last_name: 'User',
-        avatar_url: null,
-        last_login_at: now,
-        last_login_ip: '127.0.0.1',
-        created_at: now,
-        updated_at: now,
-        deleted_at: null,
-        ...overrides,
-    };
-}
-/**
- * Create a mock team record with sensible defaults.
- */
-export function mockTeam(overrides = {}) {
-    const now = new Date().toISOString();
-    return {
-        id: `team_${Math.random().toString(36).substr(2, 9)}`,
-        organization_id: `org_${Math.random().toString(36).substr(2, 9)}`,
-        name: 'Test Team',
-        slug: 'test-team',
-        description: 'A test team',
-        encryption_key_id: null,
-        created_at: now,
-        updated_at: now,
-        deleted_at: null,
-        ...overrides,
-    };
-}
-/**
- * Create a mock secret record with sensible defaults.
- */
-export function mockSecret(overrides = {}) {
-    const now = new Date().toISOString();
-    return {
-        id: `secret_${Math.random().toString(36).substr(2, 9)}`,
-        team_id: `team_${Math.random().toString(36).substr(2, 9)}`,
-        environment: 'development',
-        key: 'TEST_SECRET',
-        encrypted_value: 'encrypted_test_value',
-        encryption_key_id: `key_${Math.random().toString(36).substr(2, 9)}`,
-        description: 'A test secret',
-        tags: '[]',
-        last_rotated_at: null,
-        rotation_interval_days: null,
-        created_at: now,
-        created_by: null,
-        updated_at: now,
-        updated_by: null,
-        deleted_at: null,
-        deleted_by: null,
-        ...overrides,
-    };
-}
-/**
- * Create a mock organization member record.
- */
-export function mockOrgMember(overrides = {}) {
-    const now = new Date().toISOString();
-    return {
-        id: `member_${Math.random().toString(36).substr(2, 9)}`,
-        organization_id: `org_${Math.random().toString(36).substr(2, 9)}`,
-        user_id: `user_${Math.random().toString(36).substr(2, 9)}`,
-        role: 'member',
-        invited_by: null,
-        invited_at: now,
-        accepted_at: now,
-        created_at: now,
-        updated_at: now,
-        ...overrides,
-    };
-}
-/**
- * Create a successful Supabase response.
- */
-export function mockSuccess(data) {
-    return { data, error: null };
-}
-/**
- * Create an error Supabase response.
- */
-export function mockError(message, code = 'PGRST000') {
-    return { data: null, error: { message, code } };
-}
-/**
- * Create a mock Supabase client for testing.
- *
- * Returns data from the provided config based on query parameters.
- * Supports basic filtering via .eq() and .single().
- *
- * @example
- * ```typescript
- * const mockClient = createMockSupabase({
- *   organizations: [mockOrganization({ id: 'org_123' })],
- * });
- *
- * // In test
- * jest.mock('../../lib/supabase-client', () => ({
- *   getSupabaseClient: () => mockClient,
- * }));
- * ```
- */
-export function createMockSupabase(config = {}) {
-    const tables = {
-        organizations: config.organizations || [],
-        users: config.users || [],
-        teams: config.teams || [],
-        secrets: config.secrets || [],
-        organization_members: config.members || [],
-    };
-    return {
-        from: (tableName) => {
-            const tableData = tables[tableName] || [];
-            let filteredData = [...tableData];
-            let isSingle = false;
-            const queryBuilder = {
-                select: (_columns) => queryBuilder,
-                insert: (data) => {
-                    if (Array.isArray(data)) {
-                        tableData.push(...data);
-                    }
-                    else {
-                        tableData.push(data);
-                    }
-                    filteredData = Array.isArray(data) ? data : [data];
-                    return queryBuilder;
-                },
-                update: (_data) => queryBuilder,
-                delete: () => queryBuilder,
-                eq: (column, value) => {
-                    filteredData = filteredData.filter((row) => row[column] === value);
-                    return queryBuilder;
-                },
-                neq: (column, value) => {
-                    filteredData = filteredData.filter((row) => row[column] !== value);
-                    return queryBuilder;
-                },
-                is: (column, value) => {
-                    filteredData = filteredData.filter((row) => row[column] === value);
-                    return queryBuilder;
-                },
-                order: (_column, _options) => queryBuilder,
-                limit: (count) => {
-                    filteredData = filteredData.slice(0, count);
-                    return queryBuilder;
-                },
-                single: () => {
-                    isSingle = true;
-                    return queryBuilder;
-                },
-                then: (resolve) => {
-                    if (isSingle) {
-                        if (filteredData.length === 0) {
-                            resolve(mockError('No rows found', 'PGRST116'));
-                        }
-                        else {
-                            resolve(mockSuccess(filteredData[0]));
-                        }
-                    }
-                    else {
-                        resolve(mockSuccess(filteredData));
-                    }
-                },
-            };
-            return queryBuilder;
-        },
-    };
-}
-// ============================================================================
-// SAMPLE DATA
-// ============================================================================
-/**
- * Pre-built sample organization for quick testing.
- */
-export const SAMPLE_ORG = mockOrganization({
-    id: 'org_sample123',
-    name: 'Sample Organization',
-    slug: 'sample-org',
-    subscription_tier: 'pro',
-});
-/**
- * Pre-built sample user for quick testing.
- */
-export const SAMPLE_USER = mockUser({
-    id: 'user_sample123',
-    email: 'sample@example.com',
-    first_name: 'Sample',
-    last_name: 'User',
-});
-/**
- * Pre-built sample team for quick testing.
- */
-export const SAMPLE_TEAM = mockTeam({
-    id: 'team_sample123',
-    organization_id: 'org_sample123',
-    name: 'Sample Team',
-    slug: 'sample-team',
-});