npm - vaulter-cli - Versions diffs - 2.3.3 → 2.3.5 - Mend

vaulter-cli 2.3.3 → 2.3.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "vaulter-cli",
-  "version": "2.3.3",
+  "version": "2.3.5",
   "description": "CLI tool for Vaulter - Secure API Key Manager",
   "author": "faris-sait",
   "repository": {

package/src/commands/help.js CHANGED Viewed

@@ -12,26 +12,48 @@ export async function showHelp() {
   console.log(status);
   console.log('');
-  console.log(purple.bold('  COMMANDS'));
-  console.log('');
-  const commands = [
-    { name: 'init',                desc: 'Initialize current directory as a Vaulter project' },
-    { name: 'sign-in',             desc: 'Authenticate with Vaulter via browser' },
-    { name: 'sign-out',            desc: 'Sign out and clear saved credentials' },
-    { name: 'ls',                  desc: 'List all API keys in your vault' },
-    { name: 'add <name>',          desc: 'Add a new API key to your vault' },
-    { name: 'remove <name-or-id>', desc: 'Remove an API key from your vault' },
-    { name: 'view [key_names...]', desc: 'Decrypt and display one or more API keys in your terminal' },
-    { name: 'make [file]',         desc: 'Generate a .env file from your vault keys' },
-    { name: 'save [file]',         desc: 'Upload a local .env file to your vault' },
-    { name: 'web-app',             desc: 'Open the Vaulter web app in your browser' },
-    { name: 'help',                desc: 'Show this help message' },
+  const sections = [
+    {
+      label: 'SETUP',
+      commands: [
+        { name: 'init',      desc: 'Initialize current directory as a Vaulter project' },
+        { name: 'sign-in',   desc: 'Authenticate with Vaulter via browser' },
+        { name: 'sign-out',  desc: 'Sign out and clear saved credentials' },
+      ],
+    },
+    {
+      label: 'VAULT KEYS',
+      commands: [
+        { name: 'ls',                  desc: 'List all API keys in your vault' },
+        { name: 'add <name>',          desc: 'Add a new API key to your vault' },
+        { name: 'remove <name-or-id>', desc: 'Remove an API key from your vault' },
+        { name: 'view [key_names...]', desc: 'Decrypt and display keys in your terminal' },
+      ],
+    },
+    {
+      label: 'FILES',
+      commands: [
+        { name: 'make [file]', desc: 'Generate a .env file from your vault keys' },
+        { name: 'save [file]', desc: 'Upload a local .env file to your vault' },
+      ],
+    },
+    {
+      label: 'MORE',
+      commands: [
+        { name: 'web-app', desc: 'Open the Vaulter web app in your browser' },
+        { name: 'help',    desc: 'Show this help message' },
+      ],
+    },
   ];
-  for (const cmd of commands) {
-    const padded = cmd.name.padEnd(22);
-    console.log(`  ${white.bold(padded)} ${dim(cmd.desc)}`);
+  for (const section of sections) {
+    console.log(purple.bold('  ' + section.label));
+    console.log('');
+    for (const cmd of section.commands) {
+      const padded = cmd.name.padEnd(22);
+      console.log(`    ${white.bold(padded)} ${dim(cmd.desc)}`);
+    }
+    console.log('');
   }
   console.log('');

package/src/commands/ls.js CHANGED Viewed

@@ -43,21 +43,23 @@ export async function listKeys() {
     for (const key of keys) {
       const tags = (key.tags || []).join(', ') || dim('none');
       const created = new Date(key.created_at).toLocaleDateString();
-      const usage = key.usage_count || 0;
+      const usageCount = key.usage_count || 0;
+      const usage = usageCount > 0 ? dim(`${usageCount}x`) : dim('—');
       table.push([
         chalk.white(key.name),
         chalk.hex('#a78bfa')(key.masked_key),
         dim(tags),
         dim(created),
-        dim(`${usage}x`),
+        usage,
       ]);
     }
     console.log('');
     console.log(table.toString());
     console.log('');
-    console.log(dim(`  ${keys.length} key(s) in your vault`));
+    const label = keys.length === 1 ? '1 key in your vault' : `${keys.length} keys in your vault`;
+    console.log(dim(`  ${label}`));
     tip('Run `vaulter make .env` to export keys to a .env file.');
     console.log('');
   } catch (err) {

package/src/commands/sign-in.js CHANGED Viewed

@@ -1,107 +1,101 @@
-import http from 'http';
 import crypto from 'crypto';
 import open from 'open';
 import ora from 'ora';
-import { saveToken, getToken } from '../lib/auth.js';
+import { saveToken } from '../lib/auth.js';
 import { getApiUrl } from '../lib/config.js';
 import { printLogo } from '../assets/logo.js';
 import { success, error, info } from '../lib/ui.js';
+const POLL_INTERVAL_MS = 2000;
+const TIMEOUT_MS = 120000;
+function isSSH() {
+  return !!(process.env.SSH_CLIENT || process.env.SSH_TTY || process.env.SSH_CONNECTION);
+}
 export async function signIn() {
+  const requestId = crypto.randomBytes(16).toString('hex');
   const state = crypto.randomBytes(16).toString('hex');
+  const apiUrl = getApiUrl();
+  // Register pending auth request on backend
+  const registerRes = await fetch(`${apiUrl}/api/cli/auth-request`, {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify({ request_id: requestId, state }),
+  });
+  if (!registerRes.ok) {
+    const data = await registerRes.json().catch(() => ({}));
+    error(`Failed to start authentication: ${data.error || registerRes.status}`);
+    return;
+  }
+  const authUrl = `${apiUrl}/cli-auth?request_id=${requestId}&state=${state}`;
+  console.log('');
+  if (isSSH()) {
+    info('Open this URL in your browser to authenticate:');
+    console.log(`  ${authUrl}`);
+  } else {
+    info('Opening browser for authentication...');
+    info(`If the browser doesn't open, visit:`);
+    console.log(`  ${authUrl}`);
+    open(authUrl);
+  }
+  console.log('');
+  const spinner = ora({
+    text: 'Waiting for browser authorization...',
+    color: 'magenta',
+  }).start();
-  return new Promise((resolve) => {
-    const server = http.createServer(async (req, res) => {
-      const url = new URL(req.url, `http://localhost`);
-      if (url.pathname === '/callback') {
-        const token = url.searchParams.get('token');
-        const returnedState = url.searchParams.get('state');
-        const denied = url.searchParams.get('error');
-        if (denied === 'denied') {
-          res.writeHead(200, { 'Content-Type': 'text/html' });
-          res.end('<html><body style="background:#0f172a;color:#c4b5fd;font-family:sans-serif;display:flex;align-items:center;justify-content:center;height:100vh;margin:0"><h2>Authorization denied. You can close this tab.</h2></body></html>');
-          spinner.fail('Authorization denied.');
-          server.close();
-          resolve();
-          return;
-        }
-        if (returnedState !== state) {
-          res.writeHead(400, { 'Content-Type': 'text/html' });
-          res.end('<html><body style="background:#0f172a;color:#ef4444;font-family:sans-serif;display:flex;align-items:center;justify-content:center;height:100vh;margin:0"><h2>State mismatch. Please try again.</h2></body></html>');
-          spinner.fail('State mismatch - possible CSRF attack. Try again.');
-          server.close();
-          resolve();
-          return;
-        }
-        if (token) {
-          saveToken(token);
-          // Verify the token works
-          try {
-            const verifyRes = await fetch(`${getApiUrl()}/api/keys`, {
-              headers: { 'Authorization': `Bearer ${token}` },
-            });
-            if (!verifyRes.ok) throw new Error('Verification failed');
-          } catch {
-            res.writeHead(200, { 'Content-Type': 'text/html' });
-            res.end('<html><body style="background:#0f172a;color:#ef4444;font-family:sans-serif;display:flex;align-items:center;justify-content:center;height:100vh;margin:0"><h2>Token verification failed. Please try again.</h2></body></html>');
-            spinner.fail('Token verification failed.');
-            server.close();
-            resolve();
-            return;
-          }
-          res.writeHead(200, { 'Content-Type': 'text/html' });
-          res.end('<html><body style="background:#0f172a;color:#a78bfa;font-family:sans-serif;display:flex;align-items:center;justify-content:center;height:100vh;margin:0"><div style="text-align:center"><h2 style="color:#22c55e">Authenticated!</h2><p>You can close this tab and return to your terminal.</p></div></body></html>');
-          spinner.succeed('Authenticated successfully!');
-          await printLogo();
-          success('You are now signed in to Vaulter.');
-          info('Run `vaulter ls` to list your keys.');
-          server.close();
-          resolve();
-          return;
-        }
-        res.writeHead(400, { 'Content-Type': 'text/html' });
-        res.end('<html><body style="background:#0f172a;color:#ef4444;font-family:sans-serif;display:flex;align-items:center;justify-content:center;height:100vh;margin:0"><h2>Missing token. Please try again.</h2></body></html>');
-        spinner.fail('No token received.');
-        server.close();
-        resolve();
+  const deadline = Date.now() + TIMEOUT_MS;
+  while (Date.now() < deadline) {
+    await new Promise((r) => setTimeout(r, POLL_INTERVAL_MS));
+    let pollData;
+    try {
+      const pollRes = await fetch(`${apiUrl}/api/cli/auth-request/${requestId}`);
+      pollData = await pollRes.json();
+    } catch {
+      // Network hiccup — keep polling
+      continue;
+    }
+    if (pollData.status === 'completed') {
+      const token = pollData.token;
+      // Verify the token works
+      try {
+        const verifyRes = await fetch(`${apiUrl}/api/keys`, {
+          headers: { Authorization: `Bearer ${token}` },
+        });
+        if (!verifyRes.ok) throw new Error('Verification failed');
+      } catch {
+        spinner.fail('Token verification failed. Please try again.');
         return;
       }
-      res.writeHead(404);
-      res.end('Not found');
-    });
-    server.listen(0, () => {
-      const port = server.address().port;
-      const authUrl = `${getApiUrl()}/cli-auth?port=${port}&state=${state}`;
-      console.log('');
-      info('Opening browser for authentication...');
-      console.log('');
-      info(`If the browser doesn't open, visit:`);
-      console.log(`  ${authUrl}`);
-      console.log('');
-      open(authUrl);
-    });
-    const spinner = ora({
-      text: 'Waiting for browser authorization...',
-      color: 'magenta',
-    }).start();
-    // 120 second timeout
-    setTimeout(() => {
-      spinner.fail('Authorization timed out (120s). Please try again.');
-      server.close();
-      resolve();
-    }, 120000);
-  });
+      saveToken(token);
+      spinner.succeed('Authenticated successfully!');
+      await printLogo();
+      success('You are now signed in to Vaulter.');
+      info('Run `vaulter ls` to list your keys.');
+      return;
+    }
+    if (pollData.status === 'denied') {
+      spinner.fail('Authorization denied.');
+      return;
+    }
+    if (pollData.status === 'expired') {
+      spinner.fail('Authorization request expired. Please try again.');
+      return;
+    }
+  }
+  spinner.fail('Authorization timed out (120s). Please try again.');
 }

package/src/commands/view.js CHANGED Viewed

@@ -3,7 +3,7 @@ import ora from 'ora';
 import chalk from 'chalk';
 import clipboardy from 'clipboardy';
 import { apiFetch } from '../lib/api.js';
-import { purple, dim, error, warn, green } from '../lib/ui.js';
+import { purple, dim, error, warn, success, tip } from '../lib/ui.js';
 const DIVIDER_WIDTH = 60;
 const divider = chalk.dim('─'.repeat(DIVIDER_WIDTH));
@@ -96,6 +96,9 @@ export async function viewKeys(names) {
   decryptSpinner.stop();
+  const failed = rows.filter(r => r.value === null);
+  failed.forEach(r => warn(`Failed to decrypt "${r.name}"`));
   // Display cards
   console.log('');
   console.log(`  ${chalk.dim('━'.repeat(DIVIDER_WIDTH))}`);
@@ -143,7 +146,7 @@ export async function viewKeys(names) {
     } else {
       try {
         await clipboardy.write(toCopy.value);
-        console.log(`  ${green('✔')} ${chalk.white(toCopy.name)} copied to clipboard.`);
+        success(`${chalk.white(toCopy.name)} copied to clipboard.`);
         console.log('');
       } catch {
         warn('Could not access clipboard. Copy the value manually from above.');
@@ -152,5 +155,6 @@ export async function viewKeys(names) {
     }
   }
+  tip('Run `clear` to wipe your terminal and protect these values.');
   console.log('');
 }

package/src/lib/ui.js CHANGED Viewed

@@ -11,11 +11,11 @@ export const yellow = chalk.yellow;
 export const cyan = chalk.cyan;
 export function success(msg) {
-  console.log(green('  ' + msg));
+  console.log(green('  ✔ ' + msg));
 }
 export function error(msg) {
-  console.log(red('  ' + msg));
+  console.log(red('  ✗ ' + msg));
 }
 export function info(msg) {
@@ -23,7 +23,7 @@ export function info(msg) {
 }
 export function warn(msg) {
-  console.log(yellow('  ' + msg));
+  console.log(yellow('  ⚠ ' + msg));
 }
 export function tip(msg) {