vaulter-cli 0.1.0

package/package.json

@@ -0,0 +1,31 @@
+{
+  "name": "vaulter-cli",
+  "version": "0.1.0",
+  "description": "CLI tool for Vaulter - Secure API Key Manager",
+  "author": "faris-sait",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/faris-sait/Vaulter"
+  },
+  "bin": {
+    "vaulter": "./src/index.js"
+  },
+  "type": "module",
+  "files": [
+    "src",
+    "postinstall.js"
+  ],
+  "scripts": {
+    "postinstall": "node postinstall.js"
+  },
+  "keywords": ["vaulter", "api-keys", "cli", "vault", "security", "env", "secrets"],
+  "license": "MIT",
+  "dependencies": {
+    "chalk": "^5.3.0",
+    "cli-table3": "^0.6.3",
+    "commander": "^12.0.0",
+    "inquirer": "^9.2.0",
+    "open": "^10.0.0",
+    "ora": "^8.0.0"
+  }
+}

package/postinstall.js

@@ -0,0 +1,15 @@
+// postinstall.js - Uses raw ANSI escape codes (no ESM imports needed)
+const purple = '\x1b[38;2;146;0;255m';
+const purple2 = '\x1b[38;2;122;0;230m';
+const purple3 = '\x1b[38;2;102;0;204m';
+const purple4 = '\x1b[38;2;94;0;255m';
+const reset = '\x1b[0m';
+
+console.log('');
+console.log(purple + '  ╦  ╦╔═╗╦ ╦╦ ╔╦╗╔═╗╦═╗' + reset);
+console.log(purple2 + '  ╚╗╔╝╠═╣║ ║║  ║ ║╣ ╠╦╝' + reset);
+console.log(purple3 + '   ╚╝ ╩ ╩╚═╝╩═╝╩ ╚═╝╩╚═' + reset);
+console.log(purple4 + '   Your keys. Your vault.' + reset);
+console.log('');
+console.log('  Run \x1b[1mvaulter sign-in\x1b[0m to get started.');
+console.log('');

package/src/assets/logo.js

@@ -0,0 +1,30 @@
+import chalk from 'chalk';
+
+const purple1 = chalk.hex('#9200ff');
+const purple2 = chalk.hex('#7a00e6');
+const purple3 = chalk.hex('#6600cc');
+const purple4 = chalk.hex('#5e00ff');
+
+function sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+
+async function typeLine(text, colorFn, charDelay = 18) {
+  for (let i = 0; i <= text.length; i++) {
+    const partial = colorFn(text.slice(0, i));
+    // Clear line fully then write partial
+    process.stdout.write(`\x1b[2K\r${partial}`);
+    await sleep(charDelay);
+  }
+  process.stdout.write('\n');
+}
+
+export async function printLogo() {
+  console.log('');
+  await typeLine('  ╦  ╦╔═╗╦ ╦╦ ╔╦╗╔═╗╦═╗', purple1, 18);
+  await typeLine('  ╚╗╔╝╠═╣║ ║║  ║ ║╣ ╠╦╝', purple2, 18);
+  await typeLine('   ╚╝ ╩ ╩╚═╝╩═╝╩ ╚═╝╩╚═', purple3, 18);
+  await sleep(80);
+  await typeLine('   Your keys. Your vault.', purple4, 30);
+  console.log('');
+}

package/src/commands/add.js

@@ -0,0 +1,46 @@
+import inquirer from 'inquirer';
+import ora from 'ora';
+import { apiFetch } from '../lib/api.js';
+import { success, error, info, purple } from '../lib/ui.js';
+
+export async function addKey(name) {
+  console.log('');
+  info(`Adding key: ${name}`);
+  console.log('');
+
+  const answers = await inquirer.prompt([
+    {
+      type: 'password',
+      name: 'apiKey',
+      message: purple('API Key:'),
+      mask: '*',
+      validate: (input) => input.length > 0 || 'API key cannot be empty',
+    },
+    {
+      type: 'input',
+      name: 'tags',
+      message: purple('Tags (comma-separated, optional):'),
+    },
+  ]);
+
+  const tags = answers.tags
+    ? answers.tags.split(',').map((t) => t.trim()).filter(Boolean)
+    : [];
+
+  const spinner = ora({ text: 'Encrypting and saving...', color: 'magenta' }).start();
+
+  try {
+    await apiFetch('/api/keys', {
+      method: 'POST',
+      body: JSON.stringify({ name, apiKey: answers.apiKey, tags }),
+    });
+
+    spinner.succeed('Key added to vault!');
+    console.log('');
+    success(`"${name}" has been securely stored.`);
+    console.log('');
+  } catch (err) {
+    spinner.fail('Failed to add key');
+    error(err.message);
+  }
+}

package/src/commands/help.js

@@ -0,0 +1,40 @@
+import { printLogo } from '../assets/logo.js';
+import { isAuthenticated } from '../lib/auth.js';
+import { purple, dim, bold, white, green, yellow } from '../lib/ui.js';
+
+export async function showHelp() {
+  await printLogo();
+
+  const status = isAuthenticated()
+    ? green('  Signed in')
+    : yellow('  Not signed in') + dim(' — run `vaulter sign-in`');
+
+  console.log(status);
+  console.log('');
+
+  console.log(purple.bold('  COMMANDS'));
+  console.log('');
+
+  const commands = [
+    { name: 'sign-in',             desc: 'Authenticate with Vaulter via browser' },
+    { name: 'ls',                  desc: 'List all API keys in your vault' },
+    { name: 'add <name>',          desc: 'Add a new API key to your vault' },
+    { name: 'remove <name-or-id>', desc: 'Remove an API key from your vault' },
+    { name: 'web-app',             desc: 'Open the Vaulter web app in your browser' },
+    { name: 'help',                desc: 'Show this help message' },
+  ];
+
+  for (const cmd of commands) {
+    const padded = cmd.name.padEnd(22);
+    console.log(`  ${white.bold(padded)} ${dim(cmd.desc)}`);
+  }
+
+  console.log('');
+  console.log(purple.bold('  OPTIONS'));
+  console.log('');
+  console.log(`  ${white.bold('-V, --version'.padEnd(22))} ${dim('Output the version number')}`);
+  console.log(`  ${white.bold('-h, --help'.padEnd(22))} ${dim('Display help for a command')}`);
+  console.log('');
+  console.log(dim('  https://vaulter-nine.vercel.app'));
+  console.log('');
+}

package/src/commands/ls.js

@@ -0,0 +1,66 @@
+import Table from 'cli-table3';
+import chalk from 'chalk';
+import ora from 'ora';
+import { apiFetch } from '../lib/api.js';
+import { purple, dim, error } from '../lib/ui.js';
+
+export async function listKeys() {
+  const spinner = ora({ text: 'Fetching keys...', color: 'magenta' }).start();
+
+  try {
+    const data = await apiFetch('/api/keys');
+    const keys = data.keys || [];
+
+    spinner.stop();
+
+    if (keys.length === 0) {
+      console.log('');
+      console.log(dim('  No keys found. Run `vaulter add <name>` to add one.'));
+      console.log('');
+      return;
+    }
+
+    const table = new Table({
+      head: [
+        purple.bold('Name'),
+        purple.bold('Masked Key'),
+        purple.bold('Tags'),
+        purple.bold('Created'),
+        purple.bold('Usage'),
+      ],
+      style: {
+        head: [],
+        border: ['dim'],
+      },
+      chars: {
+        'top': '─', 'top-mid': '┬', 'top-left': '┌', 'top-right': '┐',
+        'bottom': '─', 'bottom-mid': '┴', 'bottom-left': '└', 'bottom-right': '┘',
+        'left': '│', 'left-mid': '├', 'mid': '─', 'mid-mid': '┼',
+        'right': '│', 'right-mid': '┤', 'middle': '│',
+      },
+    });
+
+    for (const key of keys) {
+      const tags = (key.tags || []).join(', ') || dim('none');
+      const created = new Date(key.created_at).toLocaleDateString();
+      const usage = key.usage_count || 0;
+
+      table.push([
+        chalk.white(key.name),
+        chalk.hex('#a78bfa')(key.masked_key),
+        dim(tags),
+        dim(created),
+        dim(`${usage}x`),
+      ]);
+    }
+
+    console.log('');
+    console.log(table.toString());
+    console.log('');
+    console.log(dim(`  ${keys.length} key(s) in your vault`));
+    console.log('');
+  } catch (err) {
+    spinner.fail('Failed to fetch keys');
+    error(err.message);
+  }
+}

package/src/commands/remove.js

@@ -0,0 +1,88 @@
+import inquirer from 'inquirer';
+import ora from 'ora';
+import chalk from 'chalk';
+import { apiFetch } from '../lib/api.js';
+import { success, error, warn, purple, dim } from '../lib/ui.js';
+
+export async function removeKey(nameOrId) {
+  const spinner = ora({ text: 'Looking up key...', color: 'magenta' }).start();
+
+  let keys;
+  try {
+    const data = await apiFetch('/api/keys');
+    keys = data.keys || [];
+  } catch (err) {
+    spinner.fail('Failed to fetch keys');
+    error(err.message);
+    return;
+  }
+
+  // Match by name (case-insensitive) or UUID prefix
+  const matches = keys.filter(
+    (k) =>
+      k.name.toLowerCase() === nameOrId.toLowerCase() ||
+      k.id.startsWith(nameOrId)
+  );
+
+  spinner.stop();
+
+  if (matches.length === 0) {
+    console.log('');
+    warn(`No key found matching "${nameOrId}".`);
+    console.log('');
+    return;
+  }
+
+  let target;
+
+  if (matches.length === 1) {
+    target = matches[0];
+  } else {
+    console.log('');
+    const answer = await inquirer.prompt([
+      {
+        type: 'list',
+        name: 'key',
+        message: purple('Multiple keys found. Select one:'),
+        choices: matches.map((k) => ({
+          name: `${k.name} ${dim(`(${k.masked_key})`)}`,
+          value: k,
+        })),
+      },
+    ]);
+    target = answer.key;
+  }
+
+  console.log('');
+  console.log(`  ${chalk.white.bold(target.name)}`);
+  console.log(`  ${dim(target.masked_key)}`);
+  console.log(`  ${dim(`Created: ${new Date(target.created_at).toLocaleDateString()}`)}`);
+  console.log('');
+
+  const confirm = await inquirer.prompt([
+    {
+      type: 'confirm',
+      name: 'yes',
+      message: chalk.red('Delete this key? This cannot be undone.'),
+      default: false,
+    },
+  ]);
+
+  if (!confirm.yes) {
+    warn('Cancelled.');
+    return;
+  }
+
+  const deleteSpinner = ora({ text: 'Deleting...', color: 'magenta' }).start();
+
+  try {
+    await apiFetch(`/api/keys/${target.id}`, { method: 'DELETE' });
+    deleteSpinner.succeed('Key deleted!');
+    console.log('');
+    success(`"${target.name}" has been removed from your vault.`);
+    console.log('');
+  } catch (err) {
+    deleteSpinner.fail('Failed to delete key');
+    error(err.message);
+  }
+}

package/src/commands/sign-in.js

@@ -0,0 +1,107 @@
+import http from 'http';
+import crypto from 'crypto';
+import open from 'open';
+import ora from 'ora';
+import { saveToken, getToken } from '../lib/auth.js';
+import { getApiUrl } from '../lib/config.js';
+import { printLogo } from '../assets/logo.js';
+import { success, error, info } from '../lib/ui.js';
+
+export async function signIn() {
+  const state = crypto.randomBytes(16).toString('hex');
+
+  return new Promise((resolve) => {
+    const server = http.createServer(async (req, res) => {
+      const url = new URL(req.url, `http://localhost`);
+
+      if (url.pathname === '/callback') {
+        const token = url.searchParams.get('token');
+        const returnedState = url.searchParams.get('state');
+        const denied = url.searchParams.get('error');
+
+        if (denied === 'denied') {
+          res.writeHead(200, { 'Content-Type': 'text/html' });
+          res.end('<html><body style="background:#0f172a;color:#c4b5fd;font-family:sans-serif;display:flex;align-items:center;justify-content:center;height:100vh;margin:0"><h2>Authorization denied. You can close this tab.</h2></body></html>');
+          spinner.fail('Authorization denied.');
+          server.close();
+          resolve();
+          return;
+        }
+
+        if (returnedState !== state) {
+          res.writeHead(400, { 'Content-Type': 'text/html' });
+          res.end('<html><body style="background:#0f172a;color:#ef4444;font-family:sans-serif;display:flex;align-items:center;justify-content:center;height:100vh;margin:0"><h2>State mismatch. Please try again.</h2></body></html>');
+          spinner.fail('State mismatch - possible CSRF attack. Try again.');
+          server.close();
+          resolve();
+          return;
+        }
+
+        if (token) {
+          saveToken(token);
+
+          // Verify the token works
+          try {
+            const verifyRes = await fetch(`${getApiUrl()}/api/keys`, {
+              headers: { 'Authorization': `Bearer ${token}` },
+            });
+            if (!verifyRes.ok) throw new Error('Verification failed');
+          } catch {
+            res.writeHead(200, { 'Content-Type': 'text/html' });
+            res.end('<html><body style="background:#0f172a;color:#ef4444;font-family:sans-serif;display:flex;align-items:center;justify-content:center;height:100vh;margin:0"><h2>Token verification failed. Please try again.</h2></body></html>');
+            spinner.fail('Token verification failed.');
+            server.close();
+            resolve();
+            return;
+          }
+
+          res.writeHead(200, { 'Content-Type': 'text/html' });
+          res.end('<html><body style="background:#0f172a;color:#a78bfa;font-family:sans-serif;display:flex;align-items:center;justify-content:center;height:100vh;margin:0"><div style="text-align:center"><h2 style="color:#22c55e">Authenticated!</h2><p>You can close this tab and return to your terminal.</p></div></body></html>');
+          spinner.succeed('Authenticated successfully!');
+          await printLogo();
+          success('You are now signed in to Vaulter.');
+          info('Run `vaulter ls` to list your keys.');
+          server.close();
+          resolve();
+          return;
+        }
+
+        res.writeHead(400, { 'Content-Type': 'text/html' });
+        res.end('<html><body style="background:#0f172a;color:#ef4444;font-family:sans-serif;display:flex;align-items:center;justify-content:center;height:100vh;margin:0"><h2>Missing token. Please try again.</h2></body></html>');
+        spinner.fail('No token received.');
+        server.close();
+        resolve();
+        return;
+      }
+
+      res.writeHead(404);
+      res.end('Not found');
+    });
+
+    server.listen(0, () => {
+      const port = server.address().port;
+      const authUrl = `${getApiUrl()}/cli-auth?port=${port}&state=${state}`;
+
+      console.log('');
+      info('Opening browser for authentication...');
+      console.log('');
+      info(`If the browser doesn't open, visit:`);
+      console.log(`  ${authUrl}`);
+      console.log('');
+
+      open(authUrl);
+    });
+
+    const spinner = ora({
+      text: 'Waiting for browser authorization...',
+      color: 'magenta',
+    }).start();
+
+    // 120 second timeout
+    setTimeout(() => {
+      spinner.fail('Authorization timed out (120s). Please try again.');
+      server.close();
+      resolve();
+    }, 120000);
+  });
+}

package/src/commands/web-app.js

@@ -0,0 +1,9 @@
+import open from 'open';
+import { getApiUrl } from '../lib/config.js';
+import { success } from '../lib/ui.js';
+
+export async function openWebApp() {
+  const url = getApiUrl();
+  success(`Opening ${url}`);
+  await open(url);
+}

package/src/index.js

@@ -0,0 +1,74 @@
+#!/usr/bin/env node
+
+import { Command } from 'commander';
+import { signIn } from './commands/sign-in.js';
+import { listKeys } from './commands/ls.js';
+import { addKey } from './commands/add.js';
+import { removeKey } from './commands/remove.js';
+import { openWebApp } from './commands/web-app.js';
+import { showHelp } from './commands/help.js';
+import { printLogo } from './assets/logo.js';
+import { isAuthenticated } from './lib/auth.js';
+import { error } from './lib/ui.js';
+
+const program = new Command();
+
+program
+  .name('vaulter')
+  .description('Vaulter CLI - Secure API Key Manager')
+  .version('0.1.0')
+  .action(async () => {
+    await showHelp();
+  });
+
+program
+  .command('sign-in')
+  .description('Authenticate with Vaulter via browser')
+  .action(signIn);
+
+program
+  .command('ls')
+  .description('List all API keys in your vault')
+  .action(async () => {
+    if (!isAuthenticated()) {
+      error('Not authenticated. Run `vaulter sign-in` first.');
+      process.exit(1);
+    }
+    await listKeys();
+  });
+
+program
+  .command('add <name>')
+  .description('Add a new API key to your vault')
+  .action(async (name) => {
+    if (!isAuthenticated()) {
+      error('Not authenticated. Run `vaulter sign-in` first.');
+      process.exit(1);
+    }
+    await addKey(name);
+  });
+
+program
+  .command('remove <name-or-id>')
+  .description('Remove an API key from your vault')
+  .action(async (nameOrId) => {
+    if (!isAuthenticated()) {
+      error('Not authenticated. Run `vaulter sign-in` first.');
+      process.exit(1);
+    }
+    await removeKey(nameOrId);
+  });
+
+program
+  .command('web-app')
+  .description('Open the Vaulter web app in your browser')
+  .action(openWebApp);
+
+program
+  .command('help')
+  .description('Show all available commands')
+  .action(async () => {
+    await showHelp();
+  });
+
+program.parse();

package/src/lib/api.js

@@ -0,0 +1,31 @@
+import { getToken } from './auth.js';
+import { getApiUrl } from './config.js';
+
+export async function apiFetch(path, options = {}) {
+  const token = getToken();
+  if (!token) {
+    throw new Error('Not authenticated. Run `vaulter sign-in` first.');
+  }
+
+  const url = `${getApiUrl()}${path}`;
+  const res = await fetch(url, {
+    ...options,
+    headers: {
+      'Content-Type': 'application/json',
+      'Authorization': `Bearer ${token}`,
+      ...options.headers,
+    },
+  });
+
+  if (res.status === 401) {
+    throw new Error('Session expired. Run `vaulter sign-in` to re-authenticate.');
+  }
+
+  const data = await res.json();
+
+  if (!res.ok) {
+    throw new Error(data.error || `Request failed with status ${res.status}`);
+  }
+
+  return data;
+}

package/src/lib/auth.js

@@ -0,0 +1,38 @@
+import fs from 'fs';
+import path from 'path';
+import os from 'os';
+
+const VAULTER_DIR = path.join(os.homedir(), '.vaulter');
+const CREDENTIALS_FILE = path.join(VAULTER_DIR, 'credentials.json');
+
+export function getToken() {
+  try {
+    const data = JSON.parse(fs.readFileSync(CREDENTIALS_FILE, 'utf-8'));
+    return data.token || null;
+  } catch {
+    return null;
+  }
+}
+
+export function saveToken(token) {
+  if (!fs.existsSync(VAULTER_DIR)) {
+    fs.mkdirSync(VAULTER_DIR, { mode: 0o700 });
+  }
+  fs.writeFileSync(
+    CREDENTIALS_FILE,
+    JSON.stringify({ token }, null, 2),
+    { mode: 0o600 }
+  );
+}
+
+export function clearToken() {
+  try {
+    if (fs.existsSync(CREDENTIALS_FILE)) {
+      fs.unlinkSync(CREDENTIALS_FILE);
+    }
+  } catch {}
+}
+
+export function isAuthenticated() {
+  return !!getToken();
+}

package/src/lib/config.js

@@ -0,0 +1,5 @@
+const API_URL = process.env.VAULTER_API_URL || 'https://vaulter-nine.vercel.app';
+
+export function getApiUrl() {
+  return API_URL;
+}

package/src/lib/ui.js

@@ -0,0 +1,27 @@
+import chalk from 'chalk';
+
+export const purple = chalk.hex('#9200ff');
+export const deepPurple = chalk.hex('#5e00ff');
+export const dim = chalk.dim;
+export const bold = chalk.bold;
+export const white = chalk.white;
+export const red = chalk.red;
+export const green = chalk.green;
+export const yellow = chalk.yellow;
+export const cyan = chalk.cyan;
+
+export function success(msg) {
+  console.log(green('  ' + msg));
+}
+
+export function error(msg) {
+  console.log(red('  ' + msg));
+}
+
+export function info(msg) {
+  console.log(purple('  ' + msg));
+}
+
+export function warn(msg) {
+  console.log(yellow('  ' + msg));
+}