repo-cloak-cli 1.2.4 → 1.3.2

package/src/core/crypto.js

@@ -1,128 +1,128 @@
-/**
- * Crypto Module
- * Handles encryption/decryption of sensitive data using user-specific secret
- */
-
-import { createCipheriv, createDecipheriv, randomBytes, scryptSync } from 'crypto';
-import { existsSync, mkdirSync, readFileSync, writeFileSync } from 'fs';
-import { join } from 'path';
-import { homedir } from 'os';
-
-const CONFIG_DIR = join(homedir(), '.repo-cloak');
-const SECRET_FILE = join(CONFIG_DIR, 'secret.key');
-const ALGORITHM = 'aes-256-gcm';
-
-/**
- * Get or create user's secret key
- */
-export function getOrCreateSecret() {
-    // Ensure config directory exists
-    if (!existsSync(CONFIG_DIR)) {
-        mkdirSync(CONFIG_DIR, { recursive: true });
-    }
-
-    // Check if secret exists
-    if (existsSync(SECRET_FILE)) {
-        return readFileSync(SECRET_FILE, 'utf-8').trim();
-    }
-
-    // Generate new secret
-    const secret = randomBytes(32).toString('hex');
-    writeFileSync(SECRET_FILE, secret, { mode: 0o600 }); // Read/write only for owner
-
-    return secret;
-}
-
-/**
- * Check if user has a secret key
- */
-export function hasSecret() {
-    return existsSync(SECRET_FILE);
-}
-
-/**
- * Encrypt a string using user's secret
- */
-export function encrypt(text, secret) {
-    const key = scryptSync(secret, 'repo-cloak-salt', 32);
-    const iv = randomBytes(16);
-    const cipher = createCipheriv(ALGORITHM, key, iv);
-
-    let encrypted = cipher.update(text, 'utf8', 'hex');
-    encrypted += cipher.final('hex');
-    const authTag = cipher.getAuthTag();
-
-    // Return iv:authTag:encrypted
-    return `${iv.toString('hex')}:${authTag.toString('hex')}:${encrypted}`;
-}
-
-/**
- * Decrypt a string using user's secret
- */
-export function decrypt(encryptedData, secret) {
-    try {
-        const [ivHex, authTagHex, encrypted] = encryptedData.split(':');
-
-        if (!ivHex || !authTagHex || !encrypted) {
-            throw new Error('Invalid encrypted data format');
-        }
-
-        const key = scryptSync(secret, 'repo-cloak-salt', 32);
-        const iv = Buffer.from(ivHex, 'hex');
-        const authTag = Buffer.from(authTagHex, 'hex');
-        const decipher = createDecipheriv(ALGORITHM, key, iv);
-
-        decipher.setAuthTag(authTag);
-
-        let decrypted = decipher.update(encrypted, 'hex', 'utf8');
-        decrypted += decipher.final('utf8');
-
-        return decrypted;
-    } catch (error) {
-        return null; // Decryption failed
-    }
-}
-
-/**
- * Encrypt replacements for storage
- */
-export function encryptReplacements(replacements, secret) {
-    return replacements.map(r => ({
-        original: encrypt(r.original, secret),
-        replacement: r.replacement, // Keep replacement visible (it's the safe version)
-        encrypted: true
-    }));
-}
-
-/**
- * Decrypt replacements from storage
- */
-export function decryptReplacements(replacements, secret) {
-    return replacements.map(r => {
-        if (!r.encrypted) {
-            return r; // Already decrypted or legacy format
-        }
-
-        const original = decrypt(r.original, secret);
-
-        if (original === null) {
-            return {
-                ...r,
-                original: null, // Failed to decrypt
-                decryptFailed: true
-            };
-        }
-
-        return {
-            original,
-            replacement: r.replacement
-        };
-    });
-}
-
-/**
- * Get the config directory path
- */
-export function getConfigDir() {
-    return CONFIG_DIR;
-}
+/**
+ * Crypto Module
+ * Handles encryption/decryption of sensitive data using user-specific secret
+ */
+
+import { createCipheriv, createDecipheriv, randomBytes, scryptSync } from 'crypto';
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from 'fs';
+import { join } from 'path';
+import { homedir } from 'os';
+
+const CONFIG_DIR = join(homedir(), '.repo-cloak');
+const SECRET_FILE = join(CONFIG_DIR, 'secret.key');
+const ALGORITHM = 'aes-256-gcm';
+
+/**
+ * Get or create user's secret key
+ */
+export function getOrCreateSecret() {
+    // Ensure config directory exists
+    if (!existsSync(CONFIG_DIR)) {
+        mkdirSync(CONFIG_DIR, { recursive: true });
+    }
+
+    // Check if secret exists
+    if (existsSync(SECRET_FILE)) {
+        return readFileSync(SECRET_FILE, 'utf-8').trim();
+    }
+
+    // Generate new secret
+    const secret = randomBytes(32).toString('hex');
+    writeFileSync(SECRET_FILE, secret, { mode: 0o600 }); // Read/write only for owner
+
+    return secret;
+}
+
+/**
+ * Check if user has a secret key
+ */
+export function hasSecret() {
+    return existsSync(SECRET_FILE);
+}
+
+/**
+ * Encrypt a string using user's secret
+ */
+export function encrypt(text, secret) {
+    const key = scryptSync(secret, 'repo-cloak-salt', 32);
+    const iv = randomBytes(16);
+    const cipher = createCipheriv(ALGORITHM, key, iv);
+
+    let encrypted = cipher.update(text, 'utf8', 'hex');
+    encrypted += cipher.final('hex');
+    const authTag = cipher.getAuthTag();
+
+    // Return iv:authTag:encrypted
+    return `${iv.toString('hex')}:${authTag.toString('hex')}:${encrypted}`;
+}
+
+/**
+ * Decrypt a string using user's secret
+ */
+export function decrypt(encryptedData, secret) {
+    try {
+        const [ivHex, authTagHex, encrypted] = encryptedData.split(':');
+
+        if (!ivHex || !authTagHex || !encrypted) {
+            throw new Error('Invalid encrypted data format');
+        }
+
+        const key = scryptSync(secret, 'repo-cloak-salt', 32);
+        const iv = Buffer.from(ivHex, 'hex');
+        const authTag = Buffer.from(authTagHex, 'hex');
+        const decipher = createDecipheriv(ALGORITHM, key, iv);
+
+        decipher.setAuthTag(authTag);
+
+        let decrypted = decipher.update(encrypted, 'hex', 'utf8');
+        decrypted += decipher.final('utf8');
+
+        return decrypted;
+    } catch (error) {
+        return null; // Decryption failed
+    }
+}
+
+/**
+ * Encrypt replacements for storage
+ */
+export function encryptReplacements(replacements, secret) {
+    return replacements.map(r => ({
+        original: encrypt(r.original, secret),
+        replacement: r.replacement, // Keep replacement visible (it's the safe version)
+        encrypted: true
+    }));
+}
+
+/**
+ * Decrypt replacements from storage
+ */
+export function decryptReplacements(replacements, secret) {
+    return replacements.map(r => {
+        if (!r.encrypted) {
+            return r; // Already decrypted or legacy format
+        }
+
+        const original = decrypt(r.original, secret);
+
+        if (original === null) {
+            return {
+                ...r,
+                original: null, // Failed to decrypt
+                decryptFailed: true
+            };
+        }
+
+        return {
+            original,
+            replacement: r.replacement
+        };
+    });
+}
+
+/**
+ * Get the config directory path
+ */
+export function getConfigDir() {
+    return CONFIG_DIR;
+}

package/src/core/git.js

@@ -0,0 +1,61 @@
+/**
+ * Git Integration
+ * Utilities to interact with Git repositories
+ */
+
+import { exec } from 'child_process';
+import { promisify } from 'util';
+import { existsSync } from 'fs';
+import { join } from 'path';
+
+const execAsync = promisify(exec);
+
+/**
+ * Check if a directory is a Git repository
+ * @param {string} dirPath - Directory to check
+ * @returns {boolean} True if .git folder exists
+ */
+export function isGitRepo(dirPath) {
+    return existsSync(join(dirPath, '.git'));
+}
+
+/**
+ * Get list of changed/added/untracked files
+ * @param {string} dirPath - Repository root
+ * @returns {Promise<string[]>} List of relative file paths
+ */
+export async function getChangedFiles(dirPath) {
+    try {
+        // -u option shows individual files in untracked directories
+        const { stdout } = await execAsync('git status --porcelain -u', { cwd: dirPath });
+
+        if (!stdout) return [];
+
+        const files = stdout
+            .split('\n')
+            .filter(line => line.trim() !== '')
+            .map(line => {
+                // Format: "MM file.txt" or "?? file.txt" or "R  old -> new"
+                const status = line.substring(0, 2);
+                let file = line.substring(3).trim();
+
+                // Handle renamed files: "old -> new"
+                if (file.includes(' -> ')) {
+                    file = file.split(' -> ')[1];
+                }
+
+                // Remove quotes if present (git status quotes files with spaces)
+                const cleanFile = file.replace(/^"|"$/g, '');
+
+                return { status, file: cleanFile };
+            })
+            // Filter deleted files (D) as we can't pull them
+            .filter(item => !item.status.includes('D'))
+            .map(item => item.file);
+
+        return files;
+    } catch (error) {
+        // If git command fails, return empty list
+        return [];
+    }
+}