npm - xtra-cli - Versions diffs - 0.1.0 - Mend

xtra-cli 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (44) hide show

package/LICENSE +21 -0
package/README.md +87 -0
package/dist/bin/xtra.js +124 -0
package/dist/commands/access.js +107 -0
package/dist/commands/admin.js +118 -0
package/dist/commands/audit.js +67 -0
package/dist/commands/branch.js +216 -0
package/dist/commands/checkout.js +74 -0
package/dist/commands/ci.js +330 -0
package/dist/commands/completion.js +227 -0
package/dist/commands/diff.js +163 -0
package/dist/commands/doctor.js +176 -0
package/dist/commands/env.js +70 -0
package/dist/commands/export.js +84 -0
package/dist/commands/generate.js +180 -0
package/dist/commands/history.js +77 -0
package/dist/commands/import.js +122 -0
package/dist/commands/init.js +162 -0
package/dist/commands/integration.js +188 -0
package/dist/commands/local.js +198 -0
package/dist/commands/login.js +176 -0
package/dist/commands/login.test.js +51 -0
package/dist/commands/logs.js +121 -0
package/dist/commands/profile.js +184 -0
package/dist/commands/project.js +98 -0
package/dist/commands/rollback.js +96 -0
package/dist/commands/rotate.js +94 -0
package/dist/commands/run.js +215 -0
package/dist/commands/scan.js +127 -0
package/dist/commands/secrets.js +265 -0
package/dist/commands/simulate.js +92 -0
package/dist/commands/status.js +94 -0
package/dist/commands/template.js +276 -0
package/dist/commands/ui.js +218 -0
package/dist/commands/watch.js +121 -0
package/dist/lib/api.js +172 -0
package/dist/lib/api.test.js +89 -0
package/dist/lib/audit.js +136 -0
package/dist/lib/config.js +42 -0
package/dist/lib/config.test.js +47 -0
package/dist/lib/crypto.js +50 -0
package/dist/lib/manifest.js +52 -0
package/dist/lib/profiles.js +103 -0
package/package.json +67 -0

package/dist/commands/export.js ADDED Viewed

@@ -0,0 +1,84 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.exportCommand = void 0;
+const commander_1 = require("commander");
+const api_1 = require("../lib/api");
+const chalk_1 = __importDefault(require("chalk"));
+const fs_1 = __importDefault(require("fs"));
+const path_1 = __importDefault(require("path"));
+const sync_1 = require("csv-stringify/sync");
+const config_1 = require("../lib/config");
+exports.exportCommand = new commander_1.Command("export")
+    .description("Export secrets to a file (JSON, Dotenv, CSV)")
+    .option("-p, --project <projectId>", "Project ID")
+    .option("-e, --env <environment>", "Environment (development, staging, production)", "development")
+    .option("-b, --branch <branchName>", "Branch Name")
+    .option("-f, --format <format>", "Output format (json, dotenv, csv)", "json")
+    .option("-o, --output <file>", "Output file path (default: stdout)")
+    .action(async (options) => {
+    let { project, env, branch, format, output } = options;
+    // Use config fallback
+    if (!project) {
+        project = (0, config_1.getConfigValue)("project");
+    }
+    if (!branch) {
+        branch = (0, config_1.getConfigValue)("branch") || "main";
+    }
+    // Normalize Env
+    const envMap = { dev: "development", stg: "staging", prod: "production" };
+    env = envMap[env] || env;
+    if (!project) {
+        console.error(chalk_1.default.red("Error: Project ID is required. Use -p <id> or run 'xtra project set' first."));
+        process.exit(1);
+    }
+    const spinner = require("ora")(`Fetching secrets for export (${env} @ ${branch})...`).start();
+    try {
+        const secrets = await api_1.api.getSecrets(project, env, branch);
+        spinner.stop();
+        if (!secrets || Object.keys(secrets).length === 0) {
+            console.warn(chalk_1.default.yellow("No secrets found to export."));
+            return;
+        }
+        let content = "";
+        switch (format.toLowerCase()) {
+            case "json":
+                content = JSON.stringify(secrets, null, 2);
+                break;
+            case "dotenv":
+                content = Object.entries(secrets)
+                    .map(([key, value]) => `${key}="${String(value).replace(/"/g, '\\"')}"`)
+                    .join("\n");
+                break;
+            case "csv":
+                const records = Object.entries(secrets).map(([key, value]) => ({ key, value }));
+                content = (0, sync_1.stringify)(records, { header: true });
+                break;
+            default:
+                console.error(chalk_1.default.red(`Error: Unsupported format '${format}'. Use json, dotenv, or csv.`));
+                process.exit(1);
+        }
+        if (output) {
+            const outputPath = path_1.default.resolve(process.cwd(), output);
+            fs_1.default.writeFileSync(outputPath, content, "utf-8");
+            console.log(chalk_1.default.green(`✔ Secrets exported to ${outputPath}`));
+        }
+        else {
+            console.log(content);
+        }
+        // Log Audit
+        try {
+            const { logAudit } = require("../lib/audit");
+            logAudit("SECRET_EXPORT", project, env, { format, destination: output || "stdout", branch });
+        }
+        catch (e) { }
+    }
+    catch (error) {
+        spinner.fail("Export failed.");
+        const safeErr = error?.response?.data?.error || error.message || "Unknown error";
+        console.error(chalk_1.default.red(safeErr));
+        process.exit(1);
+    }
+});

package/dist/commands/generate.js ADDED Viewed

@@ -0,0 +1,180 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.generateCommand = void 0;
+const commander_1 = require("commander");
+const api_1 = require("../lib/api");
+const chalk_1 = __importDefault(require("chalk"));
+const ora_1 = __importDefault(require("ora"));
+const fs_1 = __importDefault(require("fs"));
+const path_1 = __importDefault(require("path"));
+const yaml_1 = __importDefault(require("yaml"));
+const config_1 = require("../lib/config");
+// Helper: Parse .env file into key-value pairs
+function parseEnvFile(content) {
+    const result = {};
+    const lines = content.split(/\r?\n/);
+    for (const line of lines) {
+        const trimmed = line.trim();
+        // Skip empty lines and comments
+        if (!trimmed || trimmed.startsWith('#'))
+            continue;
+        const idx = trimmed.indexOf('=');
+        if (idx === -1)
+            continue;
+        const key = trimmed.substring(0, idx).trim();
+        let value = trimmed.substring(idx + 1).trim();
+        // Remove surrounding quotes if present
+        if ((value.startsWith('"') && value.endsWith('"')) ||
+            (value.startsWith("'") && value.endsWith("'"))) {
+            value = value.slice(1, -1);
+        }
+        result[key] = value;
+    }
+    return result;
+}
+// Helper: Merge secrets into existing file content, preserving comments and order
+function mergeEnvContent(existingContent, newSecrets) {
+    const lines = existingContent.split(/\r?\n/);
+    const existingKeys = new Set();
+    const added = [];
+    const updated = [];
+    // First pass: update existing keys
+    const updatedLines = lines.map(line => {
+        const trimmed = line.trim();
+        if (!trimmed || trimmed.startsWith('#'))
+            return line;
+        const idx = trimmed.indexOf('=');
+        if (idx === -1)
+            return line;
+        const key = trimmed.substring(0, idx).trim();
+        existingKeys.add(key);
+        if (key in newSecrets) {
+            const oldValue = parseEnvFile(line)[key];
+            if (oldValue !== newSecrets[key]) {
+                updated.push(key);
+            }
+            return `${key}="${newSecrets[key]}"`;
+        }
+        return line;
+    });
+    // Second pass: add new keys
+    for (const [key, value] of Object.entries(newSecrets)) {
+        if (!existingKeys.has(key)) {
+            updatedLines.push(`${key}="${value}"`);
+            added.push(key);
+        }
+    }
+    return { content: updatedLines.join('\n'), added, updated };
+}
+exports.generateCommand = new commander_1.Command("generate")
+    .description("Generate local configuration files from secrets")
+    .option("-p, --project <projectId>", "Project ID")
+    .option("-e, --env <environment>", "Environment (dev, stg, prod)", "dev")
+    .option("-b, --branch <branchName>", "Branch Name")
+    .option("-o, --output <path>", "Output file path (forces complete overwrite)")
+    .option("-f, --format <format>", "Output format (env, json, yaml)", "env")
+    .option("--force", "Skip confirmation prompts", false)
+    .action(async (options) => {
+    let { project, env, branch, output, format, force } = options;
+    // Use config fallback
+    if (!project) {
+        project = (0, config_1.getConfigValue)("project");
+    }
+    if (!branch) {
+        branch = (0, config_1.getConfigValue)("branch") || "main";
+    }
+    // Normalize Env
+    const envMap = { dev: "development", stg: "staging", prod: "production" };
+    env = envMap[env] || env;
+    if (!project) {
+        console.error(chalk_1.default.red("Error: Project ID is required. Use -p <id> or run 'xtra project set' first."));
+        process.exit(1);
+    }
+    // Determine if we should merge or overwrite
+    const shouldMerge = !output && format === "env";
+    // Determine output filename
+    let outputPath = output;
+    if (!outputPath) {
+        switch (format) {
+            case "json":
+                outputPath = "secrets.json";
+                break;
+            case "yaml":
+                outputPath = "secrets.yaml";
+                break;
+            default:
+                outputPath = ".env";
+                break;
+        }
+    }
+    const fullPath = path_1.default.resolve(process.cwd(), outputPath);
+    const fileExists = fs_1.default.existsSync(fullPath);
+    const spinner = (0, ora_1.default)(`Fetching secrets for ${env} (branch: ${branch})...`).start();
+    try {
+        const secrets = await api_1.api.getSecrets(project, env, branch);
+        if (!secrets || Object.keys(secrets).length === 0) {
+            spinner.warn(chalk_1.default.yellow("No secrets found. File not modified."));
+            return;
+        }
+        let content = "";
+        let added = [];
+        let updated = [];
+        // Handle merge for .env format when no -o flag
+        if (shouldMerge && fileExists) {
+            spinner.text = "Merging with existing .env file...";
+            const existingContent = fs_1.default.readFileSync(fullPath, 'utf-8');
+            const mergeResult = mergeEnvContent(existingContent, secrets);
+            content = mergeResult.content;
+            added = mergeResult.added;
+            updated = mergeResult.updated;
+            if (added.length === 0 && updated.length === 0) {
+                spinner.succeed(chalk_1.default.green("No changes needed - .env is already up to date."));
+                return;
+            }
+        }
+        else {
+            // Full overwrite mode
+            switch (format.toLowerCase()) {
+                case "json":
+                    content = JSON.stringify(secrets, null, 2);
+                    break;
+                case "yaml":
+                    content = yaml_1.default.stringify(secrets);
+                    break;
+                case "env":
+                default:
+                    content = Object.entries(secrets)
+                        .map(([key, value]) => `${key}="${value}"`)
+                        .join("\n");
+                    break;
+            }
+        }
+        // Write file
+        fs_1.default.writeFileSync(fullPath, content, "utf-8");
+        // Update manifest
+        const { hash } = require("../lib/crypto");
+        const { updateManifest } = require("../lib/manifest");
+        updateManifest(project, env, secrets, hash);
+        // Show result
+        if (shouldMerge && fileExists) {
+            spinner.succeed(chalk_1.default.green(`Updated ${outputPath}`));
+            if (added.length > 0) {
+                console.log(chalk_1.default.cyan(`  + Added: ${added.join(', ')}`));
+            }
+            if (updated.length > 0) {
+                console.log(chalk_1.default.yellow(`  ~ Updated: ${updated.join(', ')}`));
+            }
+        }
+        else {
+            spinner.succeed(`Generated ${outputPath} (${Object.keys(secrets).length} secrets)`);
+        }
+    }
+    catch (error) {
+        spinner.fail("Failed to generate file.");
+        console.error(chalk_1.default.red(error.message));
+        process.exit(1);
+    }
+});

package/dist/commands/history.js ADDED Viewed

@@ -0,0 +1,77 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.rollbackCommand = exports.historyCommand = void 0;
+const commander_1 = require("commander");
+const chalk_1 = __importDefault(require("chalk"));
+const api_1 = require("../lib/api");
+const config_1 = require("../lib/config");
+exports.historyCommand = new commander_1.Command("history");
+exports.historyCommand
+    .argument("<key>", "Secret key")
+    .option("-p, --project <id>", "Project ID")
+    .option("-e, --env <environment>", "Environment", "development")
+    .description("View version history of a secret")
+    .action(async (key, options) => {
+    try {
+        let projectId = options.project;
+        if (!projectId) {
+            projectId = (0, config_1.getConfigValue)("project");
+            if (!projectId) {
+                console.error(chalk_1.default.red("Error: Project ID not found. Use -p <id> or run 'xtra project set' first."));
+                process.exit(1);
+            }
+        }
+        const data = await api_1.api.getSecretHistory(projectId, options.env, key);
+        console.log(chalk_1.default.bold(`\nHistory for ${key} (${options.env})`));
+        console.log(chalk_1.default.gray(`Current Version: ${data.currentVersion}\n`));
+        const history = data.history || [];
+        if (history.length === 0) {
+            console.log("No history found.");
+        }
+        else {
+            history.forEach((h) => {
+                const dateStr = new Date(h.updatedAt).toLocaleString();
+                console.log(chalk_1.default.blue(`v${h.version}`) + ` - ${dateStr} by ${h.updatedBy}`);
+                if (h.description)
+                    console.log(chalk_1.default.gray(`  ${h.description}`));
+                console.log("");
+            });
+        }
+    }
+    catch (error) {
+        console.error(chalk_1.default.red("Error fetching history:"), error.message || error);
+    }
+});
+exports.rollbackCommand = new commander_1.Command("rollback");
+exports.rollbackCommand
+    .argument("<key>", "Secret key")
+    .argument("<version>", "Version to rollback to")
+    .option("-p, --project <id>", "Project ID")
+    .option("-e, --env <environment>", "Environment", "development")
+    .description("Rollback a secret to a previous version")
+    .action(async (key, version, options) => {
+    try {
+        let projectId = options.project;
+        if (!projectId) {
+            projectId = (0, config_1.getConfigValue)("project");
+            if (!projectId) {
+                console.error(chalk_1.default.red("Error: Project ID not found. Use -p <id> or run 'xtra project set' first."));
+                process.exit(1);
+            }
+        }
+        console.log(chalk_1.default.yellow(`Rolling back ${key} to v${version}...`));
+        const result = await api_1.api.rollbackSecret(projectId, options.env, key, version);
+        if (result.success) {
+            console.log(chalk_1.default.green(`\nSuccessfully rolled back to v${version} (New current version: v${result.version})`));
+        }
+        else {
+            console.log(chalk_1.default.red("Rollback failed."));
+        }
+    }
+    catch (error) {
+        console.error(chalk_1.default.red("Error rolling back:"), error.message || error);
+    }
+});

package/dist/commands/import.js ADDED Viewed

@@ -0,0 +1,122 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.importCommand = void 0;
+const commander_1 = require("commander");
+const api_1 = require("../lib/api");
+const chalk_1 = __importDefault(require("chalk"));
+const fs_1 = __importDefault(require("fs"));
+const path_1 = __importDefault(require("path"));
+const dotenv_1 = __importDefault(require("dotenv"));
+const sync_1 = require("csv-parse/sync");
+const config_1 = require("../lib/config");
+exports.importCommand = new commander_1.Command("import")
+    .description("Import secrets from a file (JSON, Dotenv, CSV)")
+    .argument("<file>", "Path to the file to import")
+    .option("-p, --project <projectId>", "Project ID")
+    .option("-e, --env <environment>", "Environment (development, staging, production)", "development")
+    .option("-b, --branch <branchName>", "Branch Name")
+    .option("-f, --format <format>", "Input format (json, dotenv, csv). Auto-detected if omitted.")
+    .option("--prefix <prefix>", "Add prefix to all imported keys")
+    .option("--overwrite", "Overwrite existing secrets (default: merged, but API usually upserts)", true)
+    .action(async (file, options) => {
+    let { project, env, branch, format, prefix } = options;
+    // Use config fallback
+    if (!project) {
+        project = (0, config_1.getConfigValue)("project");
+    }
+    if (!branch) {
+        branch = (0, config_1.getConfigValue)("branch") || "main";
+    }
+    // Normalize Env
+    const envMap = { dev: "development", stg: "staging", prod: "production" };
+    env = envMap[env] || env;
+    if (!project) {
+        console.error(chalk_1.default.red("Error: Project ID is required. Use -p <id> or run 'xtra project set' first."));
+        process.exit(1);
+    }
+    const filePath = path_1.default.resolve(process.cwd(), file);
+    if (!fs_1.default.existsSync(filePath)) {
+        console.error(chalk_1.default.red(`Error: File not found: ${filePath}`));
+        process.exit(1);
+    }
+    let detectedFormat = format;
+    if (!detectedFormat) {
+        const ext = path_1.default.extname(filePath).toLowerCase();
+        if (ext === ".json")
+            detectedFormat = "json";
+        else if (ext === ".env")
+            detectedFormat = "dotenv";
+        else if (ext === ".csv")
+            detectedFormat = "csv";
+        else {
+            console.error(chalk_1.default.red("Error: Could not detect format. Please specify -f <format>"));
+            process.exit(1);
+        }
+    }
+    const spinner = require("ora")(`Reading ${detectedFormat} file...`).start();
+    const fileContent = fs_1.default.readFileSync(filePath, "utf-8");
+    let secrets = {};
+    try {
+        switch (detectedFormat.toLowerCase()) {
+            case "json":
+                secrets = JSON.parse(fileContent);
+                break;
+            case "dotenv":
+                secrets = dotenv_1.default.parse(fileContent);
+                break;
+            case "csv":
+                const records = (0, sync_1.parse)(fileContent, {
+                    columns: true,
+                    skip_empty_lines: true
+                });
+                // Expect header: key, value or Key, Value
+                records.forEach((record) => {
+                    // Try case-insensitive key lookup
+                    const key = record.key || record.Key || record.KEY;
+                    const value = record.value || record.Value || record.VALUE;
+                    if (key) {
+                        secrets[key] = value || "";
+                    }
+                });
+                break;
+            default:
+                spinner.fail(`Unsupported format: ${detectedFormat}`);
+                process.exit(1);
+        }
+        if (Object.keys(secrets).length === 0) {
+            spinner.fail("No valid secrets found in file.");
+            return;
+        }
+        // Apply prefix
+        if (prefix) {
+            const prefixedSecrets = {};
+            Object.entries(secrets).forEach(([key, value]) => {
+                prefixedSecrets[`${prefix}${key}`] = value;
+            });
+            secrets = prefixedSecrets;
+        }
+        // Upload
+        spinner.text = `Importing ${Object.keys(secrets).length} secrets to ${env} (branch: ${branch})...`;
+        await api_1.api.setSecrets(project, env, secrets, undefined, branch);
+        spinner.succeed(`Successfully imported ${Object.keys(secrets).length} secrets.`);
+        // Log Audit
+        try {
+            const { logAudit } = require("../lib/audit");
+            logAudit("SECRET_IMPORT", project, env, {
+                file: path_1.default.basename(filePath),
+                format: detectedFormat,
+                count: Object.keys(secrets).length,
+                branch: branch
+            });
+        }
+        catch (e) { }
+    }
+    catch (error) {
+        spinner.fail("Import failed.");
+        console.error(chalk_1.default.red(error.message));
+        process.exit(1);
+    }
+});

package/dist/commands/init.js ADDED Viewed

@@ -0,0 +1,162 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.initCommand = void 0;
+/**
+ * init.ts — Bootstrap a new project with .xtrarc and recommended structure
+ */
+const commander_1 = require("commander");
+const chalk_1 = __importDefault(require("chalk"));
+const inquirer_1 = __importDefault(require("inquirer"));
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const config_1 = require("../lib/config");
+const RC_FILE = ".xtrarc";
+exports.initCommand = new commander_1.Command("init")
+    .description("Bootstrap a new project — creates .xtrarc and recommended structure")
+    .option("--project <id>", "Project ID (skip prompt)")
+    .option("--env <env>", "Default environment", "development")
+    .option("--branch <branch>", "Default branch", "main")
+    .option("-y, --yes", "Accept all defaults without prompting", false)
+    .action(async (options) => {
+    const cwd = process.cwd();
+    const rcPath = path.join(cwd, RC_FILE);
+    console.log(chalk_1.default.bold("\n🚀 xtra init — setting up your project\n"));
+    // Warn if already initialized
+    if (fs.existsSync(rcPath)) {
+        const { overwrite } = await inquirer_1.default.prompt([{
+                type: "confirm",
+                name: "overwrite",
+                message: chalk_1.default.yellow(`.xtrarc already exists. Overwrite it?`),
+                default: false,
+            }]);
+        if (!overwrite) {
+            console.log(chalk_1.default.gray("Aborted."));
+            return;
+        }
+    }
+    let { project, env, branch } = options;
+    // Interactive prompts if not --yes
+    if (!options.yes) {
+        // ── API Projects Fetch ─────────────────────────────────────────────
+        const ora = (await Promise.resolve().then(() => __importStar(require("ora")))).default;
+        const apiSpinner = ora("Fetching your projects...").start();
+        let remoteProjects = [];
+        try {
+            const { api } = await Promise.resolve().then(() => __importStar(require("../lib/api")));
+            remoteProjects = await api.getProjects();
+            apiSpinner.succeed(`Found ${remoteProjects.length} projects`);
+        }
+        catch (err) {
+            apiSpinner.warn(chalk_1.default.yellow("Could not fetch projects. You will need to enter the ID manually."));
+        }
+        const fallbackProject = project || (0, config_1.getConfigValue)("project") || "";
+        const answers = await inquirer_1.default.prompt([
+            {
+                type: remoteProjects.length > 0 ? "list" : "input",
+                name: "project",
+                message: remoteProjects.length > 0 ? "Select a project:" : "Project ID:",
+                choices: remoteProjects.length > 0
+                    ? remoteProjects.map(p => ({ name: `${p.name} (${p.id})`, value: p.id }))
+                    : undefined,
+                default: fallbackProject,
+                validate: (v) => v.trim() ? true : "Project ID is required",
+            },
+            {
+                type: "list",
+                name: "env",
+                message: "Default environment:",
+                choices: ["development", "staging", "production"],
+                default: env || "development",
+            },
+            {
+                type: "input",
+                name: "branch",
+                message: "Default branch:",
+                default: branch || "main",
+            },
+            {
+                type: "confirm",
+                name: "addGitignore",
+                message: "Add .xtrarc to .gitignore? (recommended)",
+                default: true,
+            },
+        ]);
+        project = answers.project.trim();
+        env = answers.env;
+        branch = answers.branch;
+        // Add to .gitignore
+        if (answers.addGitignore) {
+            const gitignorePath = path.join(cwd, ".gitignore");
+            let existing = "";
+            try {
+                existing = fs.readFileSync(gitignorePath, "utf8");
+            }
+            catch (_) { }
+            if (!existing.includes(".xtrarc")) {
+                fs.appendFileSync(gitignorePath, "\n# XtraSecurity config\n.xtrarc\n");
+                console.log(chalk_1.default.gray("  ✔ Added .xtrarc to .gitignore"));
+            }
+        }
+    }
+    if (!project) {
+        console.error(chalk_1.default.red("Error: Project ID is required."));
+        process.exit(1);
+    }
+    // Write .xtrarc
+    const rc = {
+        project,
+        env,
+        branch,
+        apiUrl: process.env.XTRA_API_URL || "http://localhost:3000/api",
+        createdAt: new Date().toISOString(),
+    };
+    fs.writeFileSync(rcPath, JSON.stringify(rc, null, 2), "utf8");
+    // Summary
+    console.log(chalk_1.default.green(`\n  ✅ Initialized! Created ${RC_FILE}:\n`));
+    console.log(chalk_1.default.gray(`     Project  : ${chalk_1.default.white(project)}`));
+    console.log(chalk_1.default.gray(`     Env      : ${chalk_1.default.white(env)}`));
+    console.log(chalk_1.default.gray(`     Branch   : ${chalk_1.default.white(branch)}`));
+    console.log();
+    console.log(chalk_1.default.bold("  Next steps:"));
+    console.log(chalk_1.default.gray("    xtra login                   # authenticate"));
+    console.log(chalk_1.default.gray("    xtra secrets list            # view secrets"));
+    console.log(chalk_1.default.gray("    xtra run node app.js         # inject and run"));
+    console.log(chalk_1.default.gray("    xtra doctor                  # verify everything works"));
+    console.log();
+});