pal-explorer-cli 0.4.11 → 0.4.13

package/lib/commands/rbac.js

@@ -1,147 +1,147 @@
-import chalk from 'chalk';
-
-const BUILTIN_ROLES = {
-  'org-admin': ['view', 'download', 'reshare', 'delete', 'manage', 'audit', 'assign-roles'],
-  'dept-admin': ['view', 'download', 'reshare', 'delete', 'manage'],
-  'admin': ['view', 'download', 'reshare', 'delete', 'manage'],
-  'editor': ['view', 'download', 'reshare'],
-  'viewer': ['view', 'download'],
-  'member': ['view', 'download'],
-  'restricted': ['view'],
-  'external': ['view'],
-};
-
-export default function rbacCommand(program) {
-  const cmd = program
-    .command('rbac')
-    .description('enterprise role-based access control (Enterprise)')
-    .addHelpText('after', `
-Examples:
-  $ pe rbac roles                              List all roles and permissions
-  $ pe rbac assign <publicKey> admin            Assign role to user
-  $ pe rbac assign <publicKey> dept-admin --org acme --dept engineering
-  $ pe rbac revoke <publicKey>                  Remove role assignment
-  $ pe rbac check <publicKey> delete            Check if user has permission
-`)
-    .action(() => { cmd.outputHelp(); });
-
-  cmd
-    .command('roles')
-    .description('list all roles with permissions')
-    .action(async () => {
-      try {
-        console.log('');
-        console.log(chalk.cyan.bold('Flat Roles'));
-        console.log(chalk.gray('─'.repeat(50)));
-        for (const role of ['admin', 'editor', 'viewer', 'restricted']) {
-          const perms = BUILTIN_ROLES[role];
-          console.log(`  ${chalk.white(role)}`);
-          console.log(`    ${chalk.gray(perms.join(', '))}`);
-        }
-
-        console.log('');
-        console.log(chalk.cyan.bold('Enterprise Hierarchical Roles'));
-        console.log(chalk.gray('─'.repeat(50)));
-        for (const role of ['org-admin', 'dept-admin', 'member', 'external']) {
-          const perms = BUILTIN_ROLES[role];
-          const scope = role === 'dept-admin' ? chalk.yellow(' (scoped to dept)') : '';
-          const note = role === 'external' ? chalk.yellow(' (limited)') : '';
-          console.log(`  ${chalk.white(role)}${scope}${note}`);
-          console.log(`    ${chalk.gray(perms.join(', '))}`);
-        }
-        console.log('');
-      } catch (err) {
-        console.error(chalk.red(`Failed to list roles: ${err.message}`));
-        process.exitCode = 1;
-      }
-    });
-
-  cmd
-    .command('assign <publicKey> <role>')
-    .description('assign role to user')
-    .option('--org <orgId>', 'scope to organization')
-    .option('--dept <deptName>', 'scope to department')
-    .action(async (publicKey, role, opts) => {
-      try {
-        if (!BUILTIN_ROLES[role]) {
-          console.error(chalk.red(`Unknown role "${role}". Valid roles: ${Object.keys(BUILTIN_ROLES).join(', ')}`));
-          process.exitCode = 1;
-          return;
-        }
-
-        const extConfig = (await import('../utils/config.js')).default;
-        const store = extConfig.get('ext_store.enterprise-rbac') || {};
-        const key = `role:${publicKey}`;
-        store[key] = {
-          role,
-          org: opts.org || null,
-          dept: opts.dept || null,
-          assignedAt: new Date().toISOString(),
-        };
-        extConfig.set('ext_store.enterprise-rbac', store);
-
-        let scope = '';
-        if (opts.org) scope += ` org=${chalk.white(opts.org)}`;
-        if (opts.dept) scope += ` dept=${chalk.white(opts.dept)}`;
-        console.log(chalk.green(`✔ Assigned role "${role}" to ${publicKey.slice(0, 16)}...${scope}`));
-      } catch (err) {
-        console.error(chalk.red(`Assign failed: ${err.message}`));
-        process.exitCode = 1;
-      }
-    });
-
-  cmd
-    .command('revoke <publicKey>')
-    .description('remove role assignment')
-    .action(async (publicKey) => {
-      try {
-        const extConfig = (await import('../utils/config.js')).default;
-        const store = extConfig.get('ext_store.enterprise-rbac') || {};
-        const key = `role:${publicKey}`;
-
-        if (!store[key]) {
-          console.log(chalk.yellow(`No role assignment found for ${publicKey.slice(0, 16)}...`));
-          return;
-        }
-
-        const oldRole = store[key].role;
-        delete store[key];
-        extConfig.set('ext_store.enterprise-rbac', store);
-        console.log(chalk.green(`✔ Revoked role "${oldRole}" from ${publicKey.slice(0, 16)}...`));
-      } catch (err) {
-        console.error(chalk.red(`Revoke failed: ${err.message}`));
-        process.exitCode = 1;
-      }
-    });
-
-  cmd
-    .command('check <publicKey> <permission>')
-    .description('check if user has specific permission')
-    .action(async (publicKey, permission) => {
-      try {
-        const extConfig = (await import('../utils/config.js')).default;
-        const store = extConfig.get('ext_store.enterprise-rbac') || {};
-        const key = `role:${publicKey}`;
-        const assignment = store[key];
-
-        if (!assignment) {
-          console.log(chalk.red(`✘ No role assigned to ${publicKey.slice(0, 16)}...`));
-          process.exitCode = 1;
-          return;
-        }
-
-        const perms = BUILTIN_ROLES[assignment.role] || [];
-        const has = perms.includes(permission);
-
-        if (has) {
-          console.log(chalk.green(`✔ ${publicKey.slice(0, 16)}... HAS "${permission}" (role: ${assignment.role})`));
-        } else {
-          console.log(chalk.red(`✘ ${publicKey.slice(0, 16)}... DOES NOT have "${permission}" (role: ${assignment.role})`));
-          process.exitCode = 1;
-        }
-      } catch (err) {
-        console.error(chalk.red(`Check failed: ${err.message}`));
-        process.exitCode = 1;
-      }
-    });
-}
+import chalk from 'chalk';
+
+const BUILTIN_ROLES = {
+  'org-admin': ['view', 'download', 'reshare', 'delete', 'manage', 'audit', 'assign-roles'],
+  'dept-admin': ['view', 'download', 'reshare', 'delete', 'manage'],
+  'admin': ['view', 'download', 'reshare', 'delete', 'manage'],
+  'editor': ['view', 'download', 'reshare'],
+  'viewer': ['view', 'download'],
+  'member': ['view', 'download'],
+  'restricted': ['view'],
+  'external': ['view'],
+};
+
+export default function rbacCommand(program) {
+  const cmd = program
+    .command('rbac')
+    .description('enterprise role-based access control (Enterprise)')
+    .addHelpText('after', `
+Examples:
+  $ pal rbac roles                              List all roles and permissions
+  $ pal rbac assign <publicKey> admin            Assign role to user
+  $ pal rbac assign <publicKey> dept-admin --org acme --dept engineering
+  $ pal rbac revoke <publicKey>                  Remove role assignment
+  $ pal rbac check <publicKey> delete            Check if user has permission
+`)
+    .action(() => { cmd.outputHelp(); });
+
+  cmd
+    .command('roles')
+    .description('list all roles with permissions')
+    .action(async () => {
+      try {
+        console.log('');
+        console.log(chalk.cyan.bold('Flat Roles'));
+        console.log(chalk.gray('─'.repeat(50)));
+        for (const role of ['admin', 'editor', 'viewer', 'restricted']) {
+          const perms = BUILTIN_ROLES[role];
+          console.log(`  ${chalk.white(role)}`);
+          console.log(`    ${chalk.gray(perms.join(', '))}`);
+        }
+
+        console.log('');
+        console.log(chalk.cyan.bold('Enterprise Hierarchical Roles'));
+        console.log(chalk.gray('─'.repeat(50)));
+        for (const role of ['org-admin', 'dept-admin', 'member', 'external']) {
+          const perms = BUILTIN_ROLES[role];
+          const scope = role === 'dept-admin' ? chalk.yellow(' (scoped to dept)') : '';
+          const note = role === 'external' ? chalk.yellow(' (limited)') : '';
+          console.log(`  ${chalk.white(role)}${scope}${note}`);
+          console.log(`    ${chalk.gray(perms.join(', '))}`);
+        }
+        console.log('');
+      } catch (err) {
+        console.error(chalk.red(`Failed to list roles: ${err.message}`));
+        process.exitCode = 1;
+      }
+    });
+
+  cmd
+    .command('assign <publicKey> <role>')
+    .description('assign role to user')
+    .option('--org <orgId>', 'scope to organization')
+    .option('--dept <deptName>', 'scope to department')
+    .action(async (publicKey, role, opts) => {
+      try {
+        if (!BUILTIN_ROLES[role]) {
+          console.error(chalk.red(`Unknown role "${role}". Valid roles: ${Object.keys(BUILTIN_ROLES).join(', ')}`));
+          process.exitCode = 1;
+          return;
+        }
+
+        const extConfig = (await import('../utils/config.js')).default;
+        const store = extConfig.get('ext_store.enterprise-rbac') || {};
+        const key = `role:${publicKey}`;
+        store[key] = {
+          role,
+          org: opts.org || null,
+          dept: opts.dept || null,
+          assignedAt: new Date().toISOString(),
+        };
+        extConfig.set('ext_store.enterprise-rbac', store);
+
+        let scope = '';
+        if (opts.org) scope += ` org=${chalk.white(opts.org)}`;
+        if (opts.dept) scope += ` dept=${chalk.white(opts.dept)}`;
+        console.log(chalk.green(`✔ Assigned role "${role}" to ${publicKey.slice(0, 16)}...${scope}`));
+      } catch (err) {
+        console.error(chalk.red(`Assign failed: ${err.message}`));
+        process.exitCode = 1;
+      }
+    });
+
+  cmd
+    .command('revoke <publicKey>')
+    .description('remove role assignment')
+    .action(async (publicKey) => {
+      try {
+        const extConfig = (await import('../utils/config.js')).default;
+        const store = extConfig.get('ext_store.enterprise-rbac') || {};
+        const key = `role:${publicKey}`;
+
+        if (!store[key]) {
+          console.log(chalk.yellow(`No role assignment found for ${publicKey.slice(0, 16)}...`));
+          return;
+        }
+
+        const oldRole = store[key].role;
+        delete store[key];
+        extConfig.set('ext_store.enterprise-rbac', store);
+        console.log(chalk.green(`✔ Revoked role "${oldRole}" from ${publicKey.slice(0, 16)}...`));
+      } catch (err) {
+        console.error(chalk.red(`Revoke failed: ${err.message}`));
+        process.exitCode = 1;
+      }
+    });
+
+  cmd
+    .command('check <publicKey> <permission>')
+    .description('check if user has specific permission')
+    .action(async (publicKey, permission) => {
+      try {
+        const extConfig = (await import('../utils/config.js')).default;
+        const store = extConfig.get('ext_store.enterprise-rbac') || {};
+        const key = `role:${publicKey}`;
+        const assignment = store[key];
+
+        if (!assignment) {
+          console.log(chalk.red(`✘ No role assigned to ${publicKey.slice(0, 16)}...`));
+          process.exitCode = 1;
+          return;
+        }
+
+        const perms = BUILTIN_ROLES[assignment.role] || [];
+        const has = perms.includes(permission);
+
+        if (has) {
+          console.log(chalk.green(`✔ ${publicKey.slice(0, 16)}... HAS "${permission}" (role: ${assignment.role})`));
+        } else {
+          console.log(chalk.red(`✘ ${publicKey.slice(0, 16)}... DOES NOT have "${permission}" (role: ${assignment.role})`));
+          process.exitCode = 1;
+        }
+      } catch (err) {
+        console.error(chalk.red(`Check failed: ${err.message}`));
+        process.exitCode = 1;
+      }
+    });
+}

package/lib/commands/recover.js

@@ -1,36 +1,36 @@
-import chalk from 'chalk';
-import ora from 'ora';
-import { recoverIdentity } from '../core/identity.js';
-
-export default function recoverCommand(program) {
-  program
-    .command('recover <mnemonic...>')
-    .description('recover your identity from a BIP-39 mnemonic phrase')
-    .option('-n, --name <name>', 'Name for the recovered identity')
-    .addHelpText('after', `
-Examples:
-  $ pe recover word1 word2 ... word24           Recover from 24-word phrase
-  $ pe recover word1 word2 ... word24 -n alice  Recover with name "alice"
-`)
-    .action(async (words, opts) => {
-      const mnemonic = words.join(' ').trim();
-      const wordCount = mnemonic.split(/\s+/).length;
-      if (wordCount !== 24) {
-        console.log(chalk.red(`Expected 24 words, got ${wordCount}.`));
-        process.exitCode = 1;
-        return;
-      }
-
-      const spinner = ora('Recovering identity...').start();
-      try {
-        const identity = await recoverIdentity(mnemonic, opts.name);
-        spinner.succeed(chalk.green('Identity recovered!'));
-        console.log(chalk.cyan(`Public Key: ${identity.publicKey}`));
-        console.log(chalk.gray('Re-register your handle with `pe register <handle>` to associate it with this key.'));
-      } catch (err) {
-        spinner.fail(chalk.red('Recovery failed'));
-        console.error(chalk.red(`Error: ${err.message}`));
-        process.exitCode = 1;
-      }
-    });
-}
+import chalk from 'chalk';
+import ora from 'ora';
+import { recoverIdentity } from '../core/identity.js';
+
+export default function recoverCommand(program) {
+  program
+    .command('recover <mnemonic...>')
+    .description('recover your identity from a BIP-39 mnemonic phrase')
+    .option('-n, --name <name>', 'Name for the recovered identity')
+    .addHelpText('after', `
+Examples:
+  $ pal recover word1 word2 ... word24           Recover from 24-word phrase
+  $ pal recover word1 word2 ... word24 -n alice  Recover with name "alice"
+`)
+    .action(async (words, opts) => {
+      const mnemonic = words.join(' ').trim();
+      const wordCount = mnemonic.split(/\s+/).length;
+      if (wordCount !== 24) {
+        console.log(chalk.red(`Expected 24 words, got ${wordCount}.`));
+        process.exitCode = 1;
+        return;
+      }
+
+      const spinner = ora('Recovering identity...').start();
+      try {
+        const identity = await recoverIdentity(mnemonic, opts.name);
+        spinner.succeed(chalk.green('Identity recovered!'));
+        console.log(chalk.cyan(`Public Key: ${identity.publicKey}`));
+        console.log(chalk.gray('Re-register your handle with `pal register <handle>` to associate it with this key.'));
+      } catch (err) {
+        spinner.fail(chalk.red('Recovery failed'));
+        console.error(chalk.red(`Error: ${err.message}`));
+        process.exitCode = 1;
+      }
+    });
+}