ultraenv 1.0.0

package/dist/chunk-N5PAV4NM.js

@@ -0,0 +1,127 @@
+import {
+  EncryptionError
+} from "./chunk-5G2DU52U.js";
+
+// src/vault/integrity.ts
+import { createHmac, timingSafeEqual as cryptoTimingSafeEqual } from "crypto";
+var HMAC_ALGORITHM = "sha256";
+var HMAC_DIGEST_LENGTH = 64;
+function computeIntegrity(data, key) {
+  if (key.length === 0) {
+    throw new EncryptionError(
+      "Cannot compute integrity with an empty key",
+      { hint: "Provide a valid encryption key for integrity computation." }
+    );
+  }
+  if (data.length === 0) {
+    throw new EncryptionError(
+      "Cannot compute integrity for empty data",
+      { hint: "Provide non-empty data for integrity computation." }
+    );
+  }
+  const hmac = createHmac(HMAC_ALGORITHM, key);
+  hmac.update(data, "utf-8");
+  return hmac.digest("hex");
+}
+function verifyIntegrity(data, key, expected) {
+  if (key.length === 0) {
+    throw new EncryptionError(
+      "Cannot verify integrity with an empty key"
+    );
+  }
+  if (expected.length !== HMAC_DIGEST_LENGTH) {
+    throw new EncryptionError(
+      `Invalid expected digest length: expected ${HMAC_DIGEST_LENGTH} hex characters, got ${expected.length}`,
+      { hint: "The integrity digest should be a 64-character lowercase hex string from computeIntegrity()." }
+    );
+  }
+  if (!/^[0-9a-f]{64}$/.test(expected)) {
+    throw new EncryptionError(
+      "Invalid expected digest format: must be a lowercase hex string",
+      { hint: "Ensure the stored digest is a 64-character lowercase hex string." }
+    );
+  }
+  try {
+    const computed = computeIntegrity(data, key);
+    return timingSafeEqualHex(computed, expected);
+  } catch (error) {
+    if (error instanceof EncryptionError) throw error;
+    throw new EncryptionError("Integrity verification failed", {
+      cause: error instanceof Error ? error : void 0
+    });
+  }
+}
+function computeVaultChecksum(environments, key) {
+  if (key.length === 0) {
+    throw new EncryptionError(
+      "Cannot compute vault checksum with an empty key"
+    );
+  }
+  if (environments.size === 0) {
+    throw new EncryptionError(
+      "Cannot compute vault checksum for empty environment set"
+    );
+  }
+  const sortedNames = Array.from(environments.keys()).sort();
+  const parts = [];
+  for (const name of sortedNames) {
+    const entry = environments.get(name);
+    if (entry === void 0) continue;
+    const encrypted = entry["encrypted"];
+    const encryptedStr = typeof encrypted === "string" ? encrypted : "";
+    parts.push(`${name}:${encryptedStr}:${entry.varCount}:${entry.lastModified}`);
+  }
+  const combinedData = parts.join("\n");
+  return computeIntegrity(combinedData, key);
+}
+function verifyVaultChecksum(environments, key, expected) {
+  if (key.length === 0) {
+    throw new EncryptionError(
+      "Cannot verify vault checksum with an empty key"
+    );
+  }
+  if (expected.length !== HMAC_DIGEST_LENGTH) {
+    throw new EncryptionError(
+      `Invalid vault checksum length: expected ${HMAC_DIGEST_LENGTH} hex characters, got ${expected.length}`
+    );
+  }
+  try {
+    const computed = computeVaultChecksum(environments, key);
+    return timingSafeEqualHex(computed, expected);
+  } catch (error) {
+    if (error instanceof EncryptionError) throw error;
+    throw new EncryptionError("Vault checksum verification failed", {
+      cause: error instanceof Error ? error : void 0
+    });
+  }
+}
+function timingSafeEqualHex(a, b) {
+  if (a === b) return true;
+  const bufA = Buffer.from(a, "hex");
+  const bufB = Buffer.from(b, "hex");
+  if (bufA.length !== bufB.length) {
+    const maxLen = Math.max(bufA.length, bufB.length);
+    const padA = Buffer.alloc(maxLen);
+    const padB = Buffer.alloc(maxLen);
+    bufA.copy(padA, maxLen - bufA.length);
+    bufB.copy(padB, maxLen - bufB.length);
+    try {
+      cryptoTimingSafeEqual(padA, padB);
+    } catch {
+      return false;
+    }
+    return false;
+  }
+  try {
+    return cryptoTimingSafeEqual(bufA, bufB);
+  } catch {
+    return false;
+  }
+}
+
+export {
+  computeIntegrity,
+  verifyIntegrity,
+  computeVaultChecksum,
+  verifyVaultChecksum
+};

package/dist/chunk-NBOABPHM.js

@@ -0,0 +1,158 @@
+import {
+  readFile,
+  writeFile
+} from "./chunk-3VYXPTYV.js";
+import {
+  VaultError
+} from "./chunk-5G2DU52U.js";
+
+// src/vault/vault-file.ts
+var VAULT_VAR_PREFIX = "ULTRAENV_VAULT_";
+function parseVaultFile(content) {
+  const result = /* @__PURE__ */ new Map();
+  if (content.trim().length === 0) {
+    return result;
+  }
+  const lines = content.split("\n");
+  for (let i = 0; i < lines.length; i++) {
+    const lineNumber = i + 1;
+    const rawLine = lines[i];
+    if (rawLine === void 0) continue;
+    const line = rawLine.trim();
+    if (line.length === 0 || line.startsWith("#")) continue;
+    const match = line.match(
+      new RegExp(`^${VAULT_VAR_PREFIX}([A-Za-z0-9_]+)="(.*)"$`)
+    );
+    if (!match) {
+      const plainMatch = line.match(
+        new RegExp(`^${VAULT_VAR_PREFIX}([A-Za-z0-9_]+)=(.*)$`)
+      );
+      if (!plainMatch) {
+        throw new VaultError(
+          `Invalid vault file format at line ${lineNumber}: "${line}"`,
+          {
+            operation: "parse",
+            hint: `Each environment entry should be in the format: ${VAULT_VAR_PREFIX}{ENVIRONMENT}="encrypted:..."`
+          }
+        );
+      }
+      const envName2 = plainMatch[1].toLowerCase();
+      const encryptedValue2 = plainMatch[2];
+      const varCount2 = countEncryptedVars(encryptedValue2);
+      result.set(envName2, {
+        name: envName2,
+        varCount: varCount2,
+        lastModified: (/* @__PURE__ */ new Date()).toISOString(),
+        keyIds: extractKeyIds(encryptedValue2),
+        encrypted: encryptedValue2
+      });
+      continue;
+    }
+    const envName = match[1].toLowerCase();
+    const encryptedValue = match[2];
+    const varCount = countEncryptedVars(encryptedValue);
+    result.set(envName, {
+      name: envName,
+      varCount,
+      lastModified: (/* @__PURE__ */ new Date()).toISOString(),
+      keyIds: extractKeyIds(encryptedValue),
+      encrypted: encryptedValue
+    });
+  }
+  return result;
+}
+function serializeVaultFile(environments) {
+  const timestamp = (/* @__PURE__ */ new Date()).toISOString();
+  const envNames = Array.from(environments.keys()).sort();
+  const lines = [
+    "# ultraenv encrypted vault \u2014 safe to commit",
+    `# Generated: ${timestamp}`,
+    `# Environments: ${envNames.join(", ")}`,
+    ""
+  ];
+  for (const envName of envNames) {
+    const entry = environments.get(envName);
+    if (entry === void 0) continue;
+    const varName = `${VAULT_VAR_PREFIX}${envName.toUpperCase()}`;
+    lines.push(`${varName}="${entry.encrypted}"`);
+  }
+  if (lines[lines.length - 1] !== "") {
+    lines.push("");
+  }
+  return lines.join("\n");
+}
+async function readVaultFile(path) {
+  try {
+    const content = await readFile(path, "utf-8");
+    return parseVaultFile(content);
+  } catch (error) {
+    if (error instanceof VaultError) throw error;
+    throw new VaultError(
+      `Failed to read vault file "${path}"`,
+      {
+        operation: "read",
+        /* v8 ignore start */
+        cause: error instanceof Error ? error : void 0
+        /* v8 ignore stop */
+      }
+    );
+  }
+}
+async function writeVaultFile(path, environments) {
+  if (environments.size === 0) {
+    throw new VaultError(
+      "Cannot write an empty vault file",
+      {
+        operation: "write",
+        hint: "Add at least one environment to the vault before writing."
+      }
+    );
+  }
+  try {
+    const content = serializeVaultFile(environments);
+    await writeFile(path, content, "utf-8");
+  } catch (error) {
+    if (error instanceof VaultError) throw error;
+    throw new VaultError(
+      `Failed to write vault file "${path}"`,
+      {
+        operation: "write",
+        /* v8 ignore start */
+        cause: error instanceof Error ? error : void 0
+        /* v8 ignore stop */
+      }
+    );
+  }
+}
+function getEnvironmentData(vault, env) {
+  return vault.get(env.toLowerCase());
+}
+function getVaultEnvironments(vault) {
+  return Array.from(vault.keys()).sort();
+}
+function countEncryptedVars(encrypted) {
+  if (!encrypted.startsWith("encrypted:")) {
+    return encrypted.split("\n").filter((line) => line.includes("=")).length || 1;
+  }
+  return 1;
+}
+function extractKeyIds(encrypted) {
+  if (!encrypted.startsWith("encrypted:")) {
+    return ["unknown"];
+  }
+  const colonIndex = encrypted.indexOf(":", "encrypted:".length);
+  if (colonIndex === -1) {
+    return ["unknown"];
+  }
+  const version = encrypted.slice("encrypted:".length, colonIndex);
+  return [`v${version === "v1" ? "1" : version}`];
+}
+
+export {
+  parseVaultFile,
+  serializeVaultFile,
+  readVaultFile,
+  writeVaultFile,
+  getEnvironmentData,
+  getVaultEnvironments
+};

package/dist/chunk-OMAOROL4.js

@@ -0,0 +1,49 @@
+// src/cli/ui/colors.ts
+var ESC = "\x1B[";
+var CODES = {
+  reset: `${ESC}0m`,
+  bold: `${ESC}1m`,
+  dim: `${ESC}2m`,
+  underline: `${ESC}4m`,
+  red: `${ESC}31m`,
+  green: `${ESC}32m`,
+  yellow: `${ESC}33m`,
+  blue: `${ESC}34m`,
+  magenta: `${ESC}35m`,
+  cyan: `${ESC}36m`,
+  white: `${ESC}37m`,
+  gray: `${ESC}90m`
+};
+var bold = (text) => colorEnabled ? `${CODES.bold}${text}${CODES.reset}` : text;
+var dim = (text) => colorEnabled ? `${CODES.dim}${text}${CODES.reset}` : text;
+var red = (text) => colorEnabled ? `${CODES.red}${text}${CODES.reset}` : text;
+var green = (text) => colorEnabled ? `${CODES.green}${text}${CODES.reset}` : text;
+var yellow = (text) => colorEnabled ? `${CODES.yellow}${text}${CODES.reset}` : text;
+var cyan = (text) => colorEnabled ? `${CODES.cyan}${text}${CODES.reset}` : text;
+var colorEnabled = true;
+function supportsColor() {
+  if (process.env.NO_COLOR !== void 0 && process.env.NO_COLOR !== "") {
+    return false;
+  }
+  if (process.stdout !== void 0 && !process.stdout.isTTY) {
+    return false;
+  }
+  return true;
+}
+function initColorSupport(noColorFlag = false) {
+  if (noColorFlag || !supportsColor()) {
+    colorEnabled = false;
+  } else {
+    colorEnabled = true;
+  }
+}
+
+export {
+  bold,
+  dim,
+  red,
+  green,
+  yellow,
+  cyan,
+  initColorSupport
+};

package/dist/chunk-R7PZRSZ7.js

@@ -0,0 +1,105 @@
+// src/utils/git.ts
+import { execFile } from "child_process";
+import { promisify } from "util";
+var execFileAsync = promisify(execFile);
+async function git(args, cwd) {
+  try {
+    const { stdout } = await execFileAsync("git", [...args], {
+      cwd: cwd ?? process.cwd(),
+      maxBuffer: 10 * 1024 * 1024,
+      // 10MB
+      encoding: "utf-8",
+      timeout: 3e4
+    });
+    return stdout.trim();
+  } catch {
+    return "";
+  }
+}
+async function gitSuccess(args, cwd) {
+  try {
+    await execFileAsync("git", [...args], {
+      cwd: cwd ?? process.cwd(),
+      maxBuffer: 10 * 1024 * 1024,
+      encoding: "utf-8",
+      timeout: 3e4
+    });
+    return true;
+  } catch {
+    return false;
+  }
+}
+async function isGitRepository(cwd) {
+  return gitSuccess(["rev-parse", "--is-inside-work-tree"], cwd);
+}
+async function getGitRoot(cwd) {
+  const result = await git(["rev-parse", "--show-toplevel"], cwd);
+  return result !== "" ? result : null;
+}
+async function getStagedFiles(cwd) {
+  const result = await git(["diff", "--cached", "--name-only", "--diff-filter=ACMR"], cwd);
+  if (result === "") return [];
+  return result.split("\n").filter((f) => f.length > 0);
+}
+async function getDiffFiles(from, to, cwd) {
+  const args = ["diff", "--name-only", from];
+  if (to !== void 0) {
+    args.push(to);
+  }
+  const result = await git(args, cwd);
+  if (result === "") return [];
+  return result.split("\n").filter((f) => f.length > 0);
+}
+async function isGitIgnored(path, cwd) {
+  return gitSuccess(["check-ignore", "--quiet", path], cwd);
+}
+async function getCommitHash(cwd) {
+  const result = await git(["rev-parse", "--short", "HEAD"], cwd);
+  return result !== "" ? result : null;
+}
+async function getFullCommitHash(cwd) {
+  const result = await git(["rev-parse", "HEAD"], cwd);
+  return result !== "" ? result : null;
+}
+async function getConfig(key, cwd) {
+  const result = await git(["config", "--get", key], cwd);
+  return result !== "" ? result : null;
+}
+async function getConfigAll(key, cwd) {
+  const result = await git(["config", "--get-all", key], cwd);
+  if (result === "") return [];
+  return result.split("\n").filter((v) => v.length > 0);
+}
+async function getCurrentBranch(cwd) {
+  const result = await git(["rev-parse", "--abbrev-ref", "HEAD"], cwd);
+  if (result === "" || result === "HEAD") return null;
+  return result;
+}
+async function getRemoteUrl(remote = "origin", cwd) {
+  return getConfig(`remote.${remote}.url`, cwd);
+}
+async function isDirty(cwd) {
+  const result = await git(["status", "--porcelain"], cwd);
+  return result !== "";
+}
+async function getTrackedFiles(cwd) {
+  const result = await git(["ls-files"], cwd);
+  if (result === "") return [];
+  return result.split("\n").filter((f) => f.length > 0);
+}
+
+export {
+  isGitRepository,
+  getGitRoot,
+  getStagedFiles,
+  getDiffFiles,
+  isGitIgnored,
+  getCommitHash,
+  getFullCommitHash,
+  getConfig,
+  getConfigAll,
+  getCurrentBranch,
+  getRemoteUrl,
+  isDirty,
+  getTrackedFiles
+};

package/dist/chunk-TE7HPLA6.js

@@ -0,0 +1,73 @@
+// src/utils/mask.ts
+var DEFAULT_MASK_OPTIONS = {
+  visibleStart: 3,
+  visibleEnd: 4,
+  maskChar: "*",
+  minLength: 8
+};
+function maskValue(value, options) {
+  const opts = { ...DEFAULT_MASK_OPTIONS, ...options };
+  if (value.length === 0) return "";
+  if (value.length < opts.minLength) return value;
+  const startLen = Math.min(opts.visibleStart, value.length - opts.visibleEnd - 1);
+  const endLen = Math.min(opts.visibleEnd, value.length - startLen - 1);
+  const maskedLen = Math.max(4, value.length - startLen - endLen);
+  const start = value.slice(0, startLen);
+  const end = value.slice(-endLen);
+  const mask = opts.maskChar.repeat(maskedLen);
+  return `${start}${mask}${end}`;
+}
+var SECRET_INDICATORS = [
+  /^[a-zA-Z0-9]{20,}$/,
+  // Long alphanumeric strings (20+ chars)
+  /^[a-f0-9]{32,}$/,
+  // Hex strings (32+ chars, likely hashes/keys)
+  /^sk-[a-zA-Z0-9]{20,}$/,
+  // Stripe-style API keys
+  /^sk_live_[a-zA-Z0-9]{20,}$/,
+  // Stripe live keys
+  /^sk_test_[a-zA-Z0-9]{20,}$/,
+  // Stripe test keys
+  /^key-[a-zA-Z0-9]{16,}$/,
+  // Generic key- prefixed
+  /^token-[a-zA-Z0-9]{16,}$/,
+  // Generic token- prefixed
+  /^pk_[a-zA-Z0-9]{20,}$/,
+  // Public key patterns
+  /^secret_[a-zA-Z0-9]{16,}$/,
+  // Secret key patterns
+  /^[A-Za-z0-9+/]{40,}={0,2}$/,
+  // Base64-like strings (40+ chars)
+  /^[A-Za-z0-9_-]{40,}$/
+  // Base64url-like strings (40+ chars)
+];
+var SECRET_KEY_PATTERNS = [
+  /password/i,
+  /passwd/i,
+  /secret/i,
+  /token/i,
+  /api[_-]?key/i,
+  /private[_-]?key/i,
+  /access[_-]?key/i,
+  /auth/i,
+  /credential/i,
+  /certificate/i,
+  /private/i
+];
+function isSecretLike(value) {
+  if (value.length === 0) return false;
+  if (value.length < 16) return false;
+  for (const pattern of SECRET_INDICATORS) {
+    if (pattern.test(value)) return true;
+  }
+  return false;
+}
+function isSecretKey(key) {
+  return SECRET_KEY_PATTERNS.some((pattern) => pattern.test(key));
+}
+
+export {
+  maskValue,
+  isSecretLike,
+  isSecretKey
+};

package/dist/chunk-TMT5KCO3.js

@@ -0,0 +1,101 @@
+// src/cli/ui/box.ts
+var DEFAULT_BOX_OPTIONS = {
+  title: "",
+  border: "single",
+  padding: 1,
+  width: 0,
+  titleAlign: "left"
+};
+var BORDERS = {
+  single: {
+    topLeft: "\u250C",
+    topRight: "\u2510",
+    bottomLeft: "\u2514",
+    bottomRight: "\u2518",
+    horizontal: "\u2500",
+    vertical: "\u2502",
+    titleLeft: "\u251C",
+    titleRight: "\u2524",
+    titleHorizontal: "\u2500"
+  },
+  double: {
+    topLeft: "\u2554",
+    topRight: "\u2557",
+    bottomLeft: "\u255A",
+    bottomRight: "\u255D",
+    horizontal: "\u2550",
+    vertical: "\u2551",
+    titleLeft: "\u2560",
+    titleRight: "\u2563",
+    titleHorizontal: "\u2550"
+  },
+  rounded: {
+    topLeft: "\u256D",
+    topRight: "\u256E",
+    bottomLeft: "\u2570",
+    bottomRight: "\u256F",
+    horizontal: "\u2500",
+    vertical: "\u2502",
+    titleLeft: "\u251C",
+    titleRight: "\u2524",
+    titleHorizontal: "\u2500"
+  }
+};
+function visibleWidth(text) {
+  return text.replace(/\x1b\[[0-9;]*[a-zA-Z]/g, "").length;
+}
+function padVisible(text, width) {
+  const visible = visibleWidth(text);
+  const diff = width - visible;
+  if (diff <= 0) return text;
+  return text + " ".repeat(diff);
+}
+function drawBox(lines, options) {
+  const opts = { ...DEFAULT_BOX_OPTIONS, ...options };
+  const chars = BORDERS[opts.border];
+  let contentWidth = 0;
+  for (const line of lines) {
+    const w = visibleWidth(line);
+    if (w > contentWidth) contentWidth = w;
+  }
+  const innerWidth = contentWidth + opts.padding * 2;
+  const boxInnerWidth = opts.width > 0 ? opts.width - 2 : innerWidth;
+  const boxContentWidth = boxInnerWidth - opts.padding * 2;
+  if (boxContentWidth < contentWidth) {
+    contentWidth = boxContentWidth;
+  }
+  const finalInnerWidth = contentWidth + opts.padding * 2;
+  const result = [];
+  if (opts.title && opts.title.length > 0) {
+    const titleDisplay = ` ${opts.title} `;
+    const titleVisible = visibleWidth(titleDisplay);
+    const leftWidth = Math.max(2, Math.floor((finalInnerWidth - titleVisible) / 2));
+    let titleLine;
+    if (opts.titleAlign === "center") {
+      const left = chars.titleHorizontal.repeat(leftWidth);
+      const right = chars.titleHorizontal.repeat(finalInnerWidth - titleVisible - leftWidth);
+      titleLine = `${chars.topLeft}${left}${titleDisplay}${right}${chars.topRight}`;
+    } else if (opts.titleAlign === "right") {
+      const right = chars.titleHorizontal.repeat(2);
+      const left = chars.titleHorizontal.repeat(finalInnerWidth - titleVisible - 2);
+      titleLine = `${chars.topLeft}${left}${titleDisplay}${right}${chars.topRight}`;
+    } else {
+      const right = chars.titleHorizontal.repeat(Math.max(2, finalInnerWidth - titleVisible));
+      titleLine = `${chars.topLeft}${titleDisplay}${right}${chars.topRight}`;
+    }
+    result.push(titleLine);
+  } else {
+    result.push(`${chars.topLeft}${chars.horizontal.repeat(finalInnerWidth)}${chars.topRight}`);
+  }
+  for (const line of lines) {
+    const paddedLine = padVisible(line, boxContentWidth);
+    const paddingStr = " ".repeat(opts.padding);
+    result.push(`${chars.vertical}${paddingStr}${paddedLine}${paddingStr}${chars.vertical}`);
+  }
+  result.push(`${chars.bottomLeft}${chars.horizontal.repeat(finalInnerWidth)}${chars.bottomRight}`);
+  return result.join("\n");
+}
+
+export {
+  drawBox
+};