securegate-cli-tool 2.0.4 → 2.1.1

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "securegate-cli-tool",
-    "version": "2.0.4",
+    "version": "2.1.1",
     "description": "SecureGate CLI — Secure your AI agent API keys from the terminal",
     "main": "src/index.js",
     "bin": {
@@ -18,7 +18,6 @@
         "ai-agent",
         "security-key",
         "device-lock",
-        "mcp",
         "cli"
     ],
     "author": "SecureGate",
@@ -27,9 +26,11 @@
         "node": ">=16"
     },
     "dependencies": {
+        "@supabase/supabase-js": "^2.97.0",
+        "chalk": "^4.1.2",
         "commander": "^12.1.0",
         "inquirer": "^8.2.6",
-        "chalk": "^4.1.2",
+        "open": "^11.0.0",
         "ora": "^5.4.1"
     }
-}
+}

package/scripts/postinstall.js

@@ -1,37 +1,37 @@
-#!/usr/bin/env node
-
-const fs = require('fs');
-const path = require('path');
-const os = require('os');
-
-try {
-    const homeDir = os.homedir();
-    const openClawPath = path.join(homeDir, '.openclaw');
-    const skillsDir = path.join(openClawPath, 'skills');
-    const targetDir = path.join(skillsDir, 'securegate');
-    const templatePath = path.join(__dirname, '../templates/SKILL.md');
-
-    // Only proceed if .openclaw config directory exists (implies usage)
-    // Or if the user wants to force it? No, auto-detect is safer.
-    if (fs.existsSync(openClawPath)) {
-        console.log('OpenClaw detected. Installing SecureGate skill...');
-
-        // Ensure directories exist
-        if (!fs.existsSync(skillsDir)) {
-            fs.mkdirSync(skillsDir, { recursive: true });
-        }
-
-        if (!fs.existsSync(targetDir)) {
-            fs.mkdirSync(targetDir, { recursive: true });
-        }
-
-        // Copy skill file
-        fs.copyFileSync(templatePath, path.join(targetDir, 'SKILL.md'));
-
-        console.log('✅ SecureGate skill installed to ~/.openclaw/skills/securegate/SKILL.md');
-    }
-} catch (error) {
-    // Silently fail or log warning - we don't want to break the install just for this
-    console.warn('Note: Could not auto-install OpenClaw skill (optional step).');
-    // console.warn(error.message);
-}
+#!/usr/bin/env node
+
+const fs = require('fs');
+const path = require('path');
+const os = require('os');
+
+try {
+    const homeDir = os.homedir();
+    const openClawPath = path.join(homeDir, '.openclaw');
+    const skillsDir = path.join(openClawPath, 'skills');
+    const targetDir = path.join(skillsDir, 'securegate');
+    const templatePath = path.join(__dirname, '../templates/SKILL.md');
+
+    // Only proceed if .openclaw config directory exists (implies usage)
+    // Or if the user wants to force it? No, auto-detect is safer.
+    if (fs.existsSync(openClawPath)) {
+        console.log('OpenClaw detected. Installing SecureGate skill...');
+
+        // Ensure directories exist
+        if (!fs.existsSync(skillsDir)) {
+            fs.mkdirSync(skillsDir, { recursive: true });
+        }
+
+        if (!fs.existsSync(targetDir)) {
+            fs.mkdirSync(targetDir, { recursive: true });
+        }
+
+        // Copy skill file
+        fs.copyFileSync(templatePath, path.join(targetDir, 'SKILL.md'));
+
+        console.log('✅ SecureGate skill installed to ~/.openclaw/skills/securegate/SKILL.md');
+    }
+} catch (error) {
+    // Silently fail or log warning - we don't want to break the install just for this
+    console.warn('Note: Could not auto-install OpenClaw skill (optional step).');
+    // console.warn(error.message);
+}

package/src/api.js

@@ -1,205 +1,213 @@
-/**
- * SecureGate CLI — API Client
- * Wraps all Supabase Edge Function calls
- */
-
-const https = require('https');
-const http = require('http');
-const { SUPABASE_URL, SUPABASE_ANON_KEY, getAuth, setAuth } = require('./config');
-
-// ── HTTP Helper ──────────────────────────────────────────────────────────────
-
-function httpRequest(url, options = {}) {
-    return new Promise((resolve, reject) => {
-        const urlObj = new URL(url);
-        const lib = urlObj.protocol === 'https:' ? https : http;
-
-        const req = lib.request(url, {
-            method: options.method || 'GET',
-            headers: options.headers || {},
-        }, (res) => {
-            let data = '';
-            res.on('data', chunk => data += chunk);
-            res.on('end', () => {
-                try {
-                    resolve({ status: res.statusCode, data: JSON.parse(data) });
-                } catch {
-                    resolve({ status: res.statusCode, data });
-                }
-            });
-        });
-
-        req.on('error', reject);
-        if (options.body) req.write(options.body);
-        req.end();
-    });
-}
-
-// ── Auth Helpers ─────────────────────────────────────────────────────────────
-
-async function login(email, password) {
-    const res = await httpRequest(`${SUPABASE_URL}/auth/v1/token?grant_type=password`, {
-        method: 'POST',
-        headers: {
-            'Content-Type': 'application/json',
-            'apikey': SUPABASE_ANON_KEY,
-        },
-        body: JSON.stringify({ email, password }),
-    });
-
-    if (res.status !== 200) {
-        throw new Error(res.data?.error_description || res.data?.msg || 'Login failed');
-    }
-
-    setAuth({
-        access_token: res.data.access_token,
-        refresh_token: res.data.refresh_token,
-        user: {
-            id: res.data.user?.id,
-            email: res.data.user?.email,
-        },
-        expires_at: Date.now() + (res.data.expires_in * 1000),
-    });
-
-    return res.data;
-}
-
-async function refreshToken() {
-    const auth = getAuth();
-    if (!auth?.refresh_token) throw new Error('Not logged in. Run: securegate login');
-
-    const res = await httpRequest(`${SUPABASE_URL}/auth/v1/token?grant_type=refresh_token`, {
-        method: 'POST',
-        headers: {
-            'Content-Type': 'application/json',
-            'apikey': SUPABASE_ANON_KEY,
-        },
-        body: JSON.stringify({ refresh_token: auth.refresh_token }),
-    });
-
-    if (res.status !== 200) {
-        throw new Error('Session expired. Please run: securegate login');
-    }
-
-    setAuth({
-        access_token: res.data.access_token,
-        refresh_token: res.data.refresh_token,
-        user: auth.user,
-        expires_at: Date.now() + (res.data.expires_in * 1000),
-    });
-
-    return res.data.access_token;
-}
-
-async function getValidToken() {
-    const auth = getAuth();
-    if (!auth) throw new Error('Not logged in. Run: securegate login');
-
-    // Refresh if expires within 5 minutes
-    if (auth.expires_at && (Date.now() > auth.expires_at - 300000)) {
-        return await refreshToken();
-    }
-
-    return auth.access_token;
-}
-
-// ── Edge Function Wrappers ───────────────────────────────────────────────────
-
-async function authedRequest(functionName, body = null, method = 'POST') {
-    const token = await getValidToken();
-
-    const options = {
-        method,
-        headers: {
-            'Authorization': `Bearer ${token}`,
-            'Content-Type': 'application/json',
-        },
-    };
-
-    if (body) options.body = JSON.stringify(body);
-
-    const res = await httpRequest(`${SUPABASE_URL}/functions/v1/${functionName}`, options);
-
-    if (res.status === 403) {
-        throw new Error('Unauthorized. Your session may have expired. Run: securegate login');
-    }
-
-    return res;
-}
-
-async function listConnections() {
-    return authedRequest('list-connections', null, 'GET');
-}
-
-async function getConnection(connectionId) {
-    return authedRequest(`get-connection?connection_id=${connectionId}`, null, 'GET');
-}
-
-async function createConnection({ provider, apiKey, customName, baseUrl }) {
-    return authedRequest('create-connection', {
-        provider,
-        api_key: apiKey,
-        custom_name: customName,
-        base_url: baseUrl,
-    });
-}
-
-async function generateKey(connectionId, label) {
-    const os = require('os');
-    const crypto = require('crypto');
-
-    // Generate device fingerprint
-    const networkInterfaces = os.networkInterfaces();
-    let mac = '';
-    for (const [, interfaces] of Object.entries(networkInterfaces)) {
-        for (const iface of interfaces) {
-            if (iface.mac && iface.mac !== '00:00:00:00:00:00') {
-                mac = iface.mac;
-                break;
-            }
-        }
-        if (mac) break;
-    }
-
-    const fingerprint = [
-        os.hostname(), os.platform(), os.arch(),
-        os.cpus()[0]?.model || 'unknown', mac,
-        os.totalmem().toString(),
-    ].join('|');
-
-    const deviceFingerprint = crypto.createHash('sha256').update(fingerprint).digest('hex').substring(0, 32);
-
-    return authedRequest('generate-key', {
-        connection_id: connectionId,
-        device_fingerprint: deviceFingerprint,
-        label: label || `${os.hostname()} (${os.platform()})`,
-    });
-}
-
-async function deleteKey(keyId) {
-    return authedRequest('delete-key', { key_id: keyId });
-}
-
-async function lockKey(keyId, ip) {
-    return authedRequest('update-key', {
-        key_id: keyId,
-        update_data: { bound_ip: ip }
-    });
-}
-
-async function getProfile() {
-    return authedRequest('get-profile', null, 'GET');
-}
-
-module.exports = {
-    login,
-    refreshToken,
-    getValidToken,
-    listConnections,
-    getConnection,
-    createConnection,
-    generateKey,
-    deleteKey,
-    lockKey,
-    getProfile,
-};
+/**
+ * SecureGate CLI — API Client
+ * Wraps all Supabase Edge Function calls
+ */
+
+const https = require('https');
+const http = require('http');
+const { SUPABASE_URL, SUPABASE_ANON_KEY, getAuth, setAuth } = require('./config');
+
+// ── HTTP Helper ──────────────────────────────────────────────────────────────
+
+function httpRequest(url, options = {}) {
+    return new Promise((resolve, reject) => {
+        const urlObj = new URL(url);
+        const lib = urlObj.protocol === 'https:' ? https : http;
+
+        const req = lib.request(url, {
+            method: options.method || 'GET',
+            headers: options.headers || {},
+        }, (res) => {
+            let data = '';
+            res.on('data', chunk => data += chunk);
+            res.on('end', () => {
+                try {
+                    resolve({ status: res.statusCode, data: JSON.parse(data) });
+                } catch {
+                    resolve({ status: res.statusCode, data });
+                }
+            });
+        });
+
+        req.on('error', reject);
+        if (options.body) req.write(options.body);
+        req.end();
+    });
+}
+
+// ── Auth Helpers ─────────────────────────────────────────────────────────────
+
+async function login(email, password) {
+    const res = await httpRequest(`${SUPABASE_URL}/auth/v1/token?grant_type=password`, {
+        method: 'POST',
+        headers: {
+            'Content-Type': 'application/json',
+            'apikey': SUPABASE_ANON_KEY,
+        },
+        body: JSON.stringify({ email, password }),
+    });
+
+    if (res.status !== 200) {
+        throw new Error(res.data?.error_description || res.data?.msg || 'Login failed');
+    }
+
+    setAuth({
+        access_token: res.data.access_token,
+        refresh_token: res.data.refresh_token,
+        user: {
+            id: res.data.user?.id,
+            email: res.data.user?.email,
+        },
+        expires_at: Date.now() + (res.data.expires_in * 1000),
+    });
+
+    return res.data;
+}
+
+async function refreshToken() {
+    const auth = getAuth();
+    if (!auth?.refresh_token) throw new Error('Not logged in. Run: securegate login');
+
+    const res = await httpRequest(`${SUPABASE_URL}/auth/v1/token?grant_type=refresh_token`, {
+        method: 'POST',
+        headers: {
+            'Content-Type': 'application/json',
+            'apikey': SUPABASE_ANON_KEY,
+        },
+        body: JSON.stringify({ refresh_token: auth.refresh_token }),
+    });
+
+    if (res.status !== 200) {
+        throw new Error('Session expired. Please run: securegate login');
+    }
+
+    setAuth({
+        access_token: res.data.access_token,
+        refresh_token: res.data.refresh_token,
+        user: auth.user,
+        expires_at: Date.now() + (res.data.expires_in * 1000),
+    });
+
+    return res.data.access_token;
+}
+
+async function getValidToken() {
+    const auth = getAuth();
+    if (!auth) throw new Error('Not logged in. Run: securegate login');
+
+    // Refresh if expires within 5 minutes
+    if (auth.expires_at && (Date.now() > auth.expires_at - 300000)) {
+        return await refreshToken();
+    }
+
+    return auth.access_token;
+}
+
+// ── Edge Function Wrappers ───────────────────────────────────────────────────
+
+async function authedRequest(functionName, body = null, method = 'POST') {
+    const token = await getValidToken();
+
+    const options = {
+        method,
+        headers: {
+            'Authorization': `Bearer ${token}`,
+            'Content-Type': 'application/json',
+        },
+    };
+
+    if (body) options.body = JSON.stringify(body);
+
+    const res = await httpRequest(`${SUPABASE_URL}/functions/v1/${functionName}`, options);
+
+    if (res.status === 403) {
+        throw new Error('Unauthorized. Your session may have expired. Run: securegate login');
+    }
+
+    return res;
+}
+
+async function listConnections() {
+    return authedRequest('list-connections', null, 'GET');
+}
+
+async function getConnection(connectionId) {
+    return authedRequest(`get-connection?connection_id=${connectionId}`, null, 'GET');
+}
+
+async function createConnection({ provider, apiKey, customName, baseUrl }) {
+    return authedRequest('create-connection', {
+        provider,
+        api_key: apiKey,
+        custom_name: customName,
+        base_url: baseUrl,
+    });
+}
+
+async function generateKey(connectionId, label) {
+    const os = require('os');
+    const crypto = require('crypto');
+
+    // Generate device fingerprint
+    const networkInterfaces = os.networkInterfaces();
+    let mac = '';
+    for (const [, interfaces] of Object.entries(networkInterfaces)) {
+        for (const iface of interfaces) {
+            if (iface.mac && iface.mac !== '00:00:00:00:00:00') {
+                mac = iface.mac;
+                break;
+            }
+        }
+        if (mac) break;
+    }
+
+    const fingerprint = [
+        os.hostname(), os.platform(), os.arch(),
+        os.cpus()[0]?.model || 'unknown', mac,
+        os.totalmem().toString(),
+    ].join('|');
+
+    const deviceFingerprint = crypto.createHash('sha256').update(fingerprint).digest('hex').substring(0, 32);
+
+    return authedRequest('generate-key', {
+        connection_id: connectionId,
+        device_fingerprint: deviceFingerprint,
+        label: label || `${os.hostname()} (${os.platform()})`,
+    });
+}
+
+async function deleteKey(keyId) {
+    return authedRequest('delete-key', { key_id: keyId });
+}
+
+async function lockKey(keyId, ip) {
+    return authedRequest('update-key', {
+        key_id: keyId,
+        update_data: { bound_ip: ip }
+    });
+}
+
+async function updateKey(keyId, updateData) {
+    return authedRequest('update-key', {
+        key_id: keyId,
+        update_data: updateData
+    });
+}
+
+async function getProfile() {
+    return authedRequest('get-profile', null, 'GET');
+}
+
+module.exports = {
+    login,
+    refreshToken,
+    getValidToken,
+    listConnections,
+    getConnection,
+    createConnection,
+    generateKey,
+    deleteKey,
+    lockKey,
+    updateKey,
+    getProfile,
+};