xtra-cli 0.1.0

package/dist/commands/logs.js

@@ -0,0 +1,121 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.logsCommand = void 0;
+const commander_1 = require("commander");
+const audit_1 = require("../lib/audit");
+const chalk_1 = __importDefault(require("chalk"));
+const table_1 = require("table");
+exports.logsCommand = new commander_1.Command("logs")
+    .description("View local audit logs")
+    .option("-n, --limit <number>", "Number of logs to show", "20")
+    .option("--sync", "Sync logs to cloud", false)
+    .option("--event <type>", "Filter by event type (e.g. SECRET_UPDATE, SECRET_ROTATE)")
+    .option("--project <projectId>", "Filter by project ID")
+    .option("--since <duration>", "Show logs since (e.g. 1h, 24h, 7d, 30d)", "")
+    .option("--json", "Output raw JSON instead of table", false)
+    .action(async (options) => {
+    const { limit, sync, event: eventFilter, project: projectFilter, since, json: jsonOut } = options;
+    try {
+        let logs = (0, audit_1.loadAuditLogs)();
+        if (sync) {
+            const unsynced = logs.filter(l => !l.synced);
+            if (unsynced.length === 0) {
+                console.log(chalk_1.default.green("All logs are already synced."));
+                return;
+            }
+            const spinner = require("ora")(`Syncing ${unsynced.length} logs to cloud...`).start();
+            try {
+                const { api } = require("../lib/api");
+                const { saveAuditLogs } = require("../lib/audit");
+                await api.syncLogs(unsynced);
+                unsynced.forEach(l => l.synced = true);
+                saveAuditLogs(logs);
+                spinner.succeed(`Successfully synced ${unsynced.length} logs.`);
+            }
+            catch (err) {
+                spinner.fail("Sync failed.");
+                console.error(chalk_1.default.red(err.message));
+            }
+            return;
+        }
+        if (logs.length === 0) {
+            console.log(chalk_1.default.yellow("No local audit logs found."));
+            return;
+        }
+        // ── Filtering ─────────────────────────────────────────────────────────
+        // Filter by event type
+        if (eventFilter) {
+            const upper = eventFilter.toUpperCase();
+            logs = logs.filter(l => l.action?.toUpperCase().includes(upper));
+        }
+        // Filter by project
+        if (projectFilter) {
+            logs = logs.filter(l => l.projectId === projectFilter);
+        }
+        // Filter by --since duration (1h, 6h, 24h, 7d, 30d)
+        if (since) {
+            const match = since.match(/^(\d+)(h|d|m)$/i);
+            if (!match) {
+                console.error(chalk_1.default.red(`Invalid --since format: '${since}'. Use e.g. 1h, 24h, 7d, 30d`));
+                process.exit(1);
+            }
+            const amount = parseInt(match[1]);
+            const unit = match[2].toLowerCase();
+            const msMap = { h: 3600000, d: 86400000, m: 60000 };
+            const cutoff = new Date(Date.now() - amount * msMap[unit]);
+            logs = logs.filter(l => new Date(l.timestamp) >= cutoff);
+        }
+        // Sort newest first
+        logs.sort((a, b) => new Date(b.timestamp).getTime() - new Date(a.timestamp).getTime());
+        const limitedLogs = logs.slice(0, parseInt(limit));
+        if (limitedLogs.length === 0) {
+            console.log(chalk_1.default.yellow("No logs matched your filters."));
+            return;
+        }
+        // ── Output ────────────────────────────────────────────────────────────
+        if (jsonOut) {
+            process.stdout.write(JSON.stringify(limitedLogs, null, 2) + "\n");
+            return;
+        }
+        const data = [
+            [chalk_1.default.bold("Timestamp"), chalk_1.default.bold("Action"), chalk_1.default.bold("Project"), chalk_1.default.bold("Sync"), chalk_1.default.bold("Details")]
+        ];
+        limitedLogs.forEach(l => {
+            let details = "";
+            if (l.details) {
+                if (l.details.keys)
+                    details = `Keys: ${l.details.keys.join(", ")}`;
+                else if (l.details.key)
+                    details = `Key: ${l.details.key}`;
+                else
+                    details = JSON.stringify(l.details);
+            }
+            const proj = l.projectId ? l.projectId.substring(0, 8) + "..." : "-";
+            data.push([
+                new Date(l.timestamp).toLocaleString(),
+                l.action,
+                proj,
+                l.synced ? chalk_1.default.green("✔") : chalk_1.default.yellow("✖"),
+                details.substring(0, 50) + (details.length > 50 ? "..." : "")
+            ]);
+        });
+        // Show active filters in header
+        const filterParts = [];
+        if (eventFilter)
+            filterParts.push(`event: ${eventFilter.toUpperCase()}`);
+        if (projectFilter)
+            filterParts.push(`project: ${projectFilter}`);
+        if (since)
+            filterParts.push(`since: ${since}`);
+        const filterHint = filterParts.length > 0 ? chalk_1.default.gray(` [${filterParts.join(" | ")}]`) : "";
+        console.log(chalk_1.default.bold(`\nLocal Audit Logs${filterHint}`));
+        console.log((0, table_1.table)(data));
+        console.log(chalk_1.default.gray(`  Showing ${limitedLogs.length} of ${logs.length} total logs.`));
+    }
+    catch (error) {
+        console.error(chalk_1.default.red("Failed to load logs: " + error.message));
+    }
+});

package/dist/commands/profile.js

@@ -0,0 +1,184 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.profileCommand = void 0;
+const commander_1 = require("commander");
+const chalk_1 = __importDefault(require("chalk"));
+const table_1 = require("table");
+const inquirer_1 = __importDefault(require("inquirer"));
+const profiles_1 = require("../lib/profiles");
+// ─── Helper ───────────────────────────────────────────────────────────────────
+const safeError = (e) => e?.message || "Unknown error";
+// ─── xtra profile ─────────────────────────────────────────────────────────────
+exports.profileCommand = new commander_1.Command("profile")
+    .description("Manage named configuration profiles (token, apiUrl, project per profile)")
+    .addHelpText("after", `
+Examples:
+  $ xtra profile list                       # Show all profiles
+  $ xtra profile create work --url https://app.xtrasecurity.io/api
+  $ xtra profile use work                   # Switch active profile
+  $ xtra profile set work --project abc123  # Set a value in a profile
+  $ xtra profile delete old-profile         # Remove a profile
+  $ xtra --profile work secrets list        # Use profile for one command
+`);
+// ── LIST ──────────────────────────────────────────────────────────────────────
+exports.profileCommand
+    .command("list")
+    .alias("ls")
+    .description("List all saved profiles")
+    .action(() => {
+    const profiles = (0, profiles_1.listProfiles)();
+    const active = (0, profiles_1.getActiveProfileName)();
+    if (Object.keys(profiles).length === 0) {
+        console.log(chalk_1.default.yellow("No profiles found."));
+        return;
+    }
+    const rows = [
+        [chalk_1.default.bold("Profile"), chalk_1.default.bold("API URL"), chalk_1.default.bold("Project"), chalk_1.default.bold("Status")]
+    ];
+    for (const [name, data] of Object.entries(profiles)) {
+        const isActive = name === active;
+        rows.push([
+            isActive ? chalk_1.default.green(`▶ ${name}`) : chalk_1.default.white(`  ${name}`),
+            chalk_1.default.gray(data.apiUrl || "(default)"),
+            chalk_1.default.cyan(data.project || "(not set)"),
+            isActive ? chalk_1.default.green("active") : chalk_1.default.gray("inactive"),
+        ]);
+    }
+    console.log(chalk_1.default.bold("\nProfiles:\n"));
+    console.log((0, table_1.table)(rows));
+    console.log(chalk_1.default.gray(`Tip: Use XTRA_PROFILE=<name> to override per-command.\n`));
+});
+// ── CREATE ────────────────────────────────────────────────────────────────────
+exports.profileCommand
+    .command("create <name>")
+    .description("Create a new profile")
+    .option("--url <apiUrl>", "XtraSecurity API URL for this profile")
+    .option("--project <projectId>", "Default project ID for this profile")
+    .option("--token <token>", "Auth token for this profile")
+    .action(async (name, options) => {
+    try {
+        // If no options given, prompt interactively
+        let { url, project, token } = options;
+        if (!url && !project && !token) {
+            const answers = await inquirer_1.default.prompt([
+                {
+                    type: "input",
+                    name: "url",
+                    message: "API URL:",
+                    default: "http://localhost:3000/api",
+                },
+                {
+                    type: "input",
+                    name: "project",
+                    message: "Default Project ID (optional):",
+                    default: "",
+                },
+            ]);
+            url = answers.url;
+            project = answers.project || undefined;
+        }
+        (0, profiles_1.createProfile)(name, { apiUrl: url, project: project || undefined, token: token || undefined });
+        console.log(chalk_1.default.green(`✅ Profile '${name}' created!`));
+        console.log(chalk_1.default.gray(`   Activate it with: xtra profile use ${name}`));
+    }
+    catch (e) {
+        console.error(chalk_1.default.red(safeError(e)));
+    }
+});
+// ── USE ───────────────────────────────────────────────────────────────────────
+exports.profileCommand
+    .command("use <name>")
+    .description("Switch to a different profile (persists across sessions)")
+    .action((name) => {
+    try {
+        (0, profiles_1.setActiveProfile)(name);
+        console.log(chalk_1.default.green(`✅ Switched to profile '${name}'.`));
+        console.log(chalk_1.default.gray(`   All future commands will use this profile.`));
+    }
+    catch (e) {
+        console.error(chalk_1.default.red(safeError(e)));
+    }
+});
+// ── SET ───────────────────────────────────────────────────────────────────────
+exports.profileCommand
+    .command("set <name>")
+    .description("Update a value in an existing profile")
+    .option("--url <apiUrl>", "Update the API URL")
+    .option("--project <projectId>", "Update the default project ID")
+    .option("--token <token>", "Update the auth token")
+    .option("--env <environment>", "Update the default environment")
+    .action((name, options) => {
+    const fieldMap = {
+        url: "apiUrl",
+        project: "project",
+        token: "token",
+        env: "env",
+    };
+    const updated = [];
+    try {
+        for (const [flag, field] of Object.entries(fieldMap)) {
+            if (options[flag]) {
+                (0, profiles_1.setProfileValue)(name, field, options[flag]);
+                updated.push(`${field} = ${field === "token" ? "****" : options[flag]}`);
+            }
+        }
+        if (updated.length === 0) {
+            console.log(chalk_1.default.yellow("No values provided. Use --url, --project, --token, or --env."));
+            return;
+        }
+        console.log(chalk_1.default.green(`✅ Profile '${name}' updated:`));
+        updated.forEach(u => console.log(chalk_1.default.gray(`   ${u}`)));
+    }
+    catch (e) {
+        console.error(chalk_1.default.red(safeError(e)));
+    }
+});
+// ── CURRENT ───────────────────────────────────────────────────────────────────
+exports.profileCommand
+    .command("current")
+    .description("Show the currently active profile")
+    .action(() => {
+    const name = (0, profiles_1.getActiveProfileName)();
+    const profiles = (0, profiles_1.listProfiles)();
+    const data = profiles[name] || {};
+    console.log(chalk_1.default.bold(`\nActive Profile: ${chalk_1.default.green(name)}\n`));
+    const rows = [
+        [chalk_1.default.bold("Key"), chalk_1.default.bold("Value")],
+        ["API URL", chalk_1.default.cyan(data.apiUrl || "(default)")],
+        ["Project", chalk_1.default.cyan(data.project || "(not set)")],
+        ["Branch", chalk_1.default.cyan(data.branch || "(not set)")],
+        ["Env", chalk_1.default.cyan(data.env || "(not set)")],
+        ["Token", data.token ? chalk_1.default.green("Set ✓") : chalk_1.default.gray("Not set")],
+    ];
+    console.log((0, table_1.table)(rows));
+});
+// ── DELETE ────────────────────────────────────────────────────────────────────
+exports.profileCommand
+    .command("delete <name>")
+    .alias("rm")
+    .description("Delete a profile")
+    .option("-y, --yes", "Skip confirmation prompt")
+    .action(async (name, options) => {
+    try {
+        if (!options.yes) {
+            const { confirm } = await inquirer_1.default.prompt([{
+                    type: "confirm",
+                    name: "confirm",
+                    message: chalk_1.default.red(`Delete profile '${name}'? This cannot be undone.`),
+                    default: false,
+                }]);
+            if (!confirm) {
+                console.log(chalk_1.default.gray("Cancelled."));
+                return;
+            }
+        }
+        (0, profiles_1.deleteProfile)(name);
+        console.log(chalk_1.default.green(`✅ Profile '${name}' deleted.`));
+    }
+    catch (e) {
+        console.error(chalk_1.default.red(safeError(e)));
+    }
+});

package/dist/commands/project.js

@@ -0,0 +1,98 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.projectCommand = void 0;
+const commander_1 = require("commander");
+const chalk_1 = __importDefault(require("chalk"));
+const ora_1 = __importDefault(require("ora"));
+const inquirer_1 = __importDefault(require("inquirer"));
+const config_1 = require("../lib/config");
+const api_1 = require("../lib/api");
+exports.projectCommand = new commander_1.Command("project")
+    .description("Manage project context");
+// SET
+exports.projectCommand
+    .command("set")
+    .description("Set the default project ID")
+    .argument("[projectId]", "Project ID to set as default (optional - will show list if not provided)")
+    .action(async (projectId) => {
+    // If projectId is provided, set it directly
+    if (projectId) {
+        (0, config_1.setConfig)("project", projectId);
+        console.log(chalk_1.default.green(`✔ Default project set to '${projectId}'`));
+        const currentBranch = (0, config_1.getConfigValue)("branch");
+        if (currentBranch) {
+            console.log(chalk_1.default.gray(`  Active branch: ${currentBranch}`));
+        }
+        return;
+    }
+    // Otherwise, fetch projects and show interactive selector
+    const spinner = (0, ora_1.default)("Fetching your projects...").start();
+    try {
+        const projects = await api_1.api.getProjects();
+        spinner.stop();
+        if (!Array.isArray(projects) || projects.length === 0) {
+            console.log(chalk_1.default.yellow("No projects found."));
+            return;
+        }
+        const choices = projects.map((p) => ({
+            name: `${p.name} (${p.id})`,
+            value: p.id,
+            short: p.name
+        }));
+        const { selectedProject } = await inquirer_1.default.prompt([{
+                type: "list",
+                name: "selectedProject",
+                message: "Select a project:",
+                choices
+            }]);
+        (0, config_1.setConfig)("project", selectedProject);
+        const selectedName = projects.find((p) => p.id === selectedProject)?.name || selectedProject;
+        console.log(chalk_1.default.green(`✔ Default project set to '${selectedName}'`));
+        const currentBranch = (0, config_1.getConfigValue)("branch");
+        if (currentBranch) {
+            console.log(chalk_1.default.gray(`  Active branch: ${currentBranch}`));
+        }
+    }
+    catch (error) {
+        spinner.fail("Failed to fetch projects");
+        if (error.response?.data?.error) {
+            console.error(chalk_1.default.red(`Error: ${error.response.data.error}`));
+        }
+        else {
+            console.error(chalk_1.default.red(error.message));
+        }
+    }
+});
+// GET (show current)
+exports.projectCommand
+    .command("current")
+    .description("Show the current default project")
+    .action(async () => {
+    const projectId = (0, config_1.getConfigValue)("project");
+    const branch = (0, config_1.getConfigValue)("branch");
+    if (projectId) {
+        // Try to fetch project name
+        try {
+            const projects = await api_1.api.getProjects();
+            const project = projects.find((p) => p.id === projectId);
+            if (project) {
+                console.log(chalk_1.default.cyan(`Project: ${project.name} (${projectId})`));
+            }
+            else {
+                console.log(chalk_1.default.cyan(`Project: ${projectId}`));
+            }
+        }
+        catch {
+            console.log(chalk_1.default.cyan(`Project: ${projectId}`));
+        }
+    }
+    else {
+        console.log(chalk_1.default.yellow("No default project set. Use 'xtra project set' to set one."));
+    }
+    if (branch) {
+        console.log(chalk_1.default.cyan(`Branch: ${branch}`));
+    }
+});

package/dist/commands/rollback.js

@@ -0,0 +1,96 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.rollbackCommand = void 0;
+const commander_1 = require("commander");
+const api_1 = require("../lib/api");
+const chalk_1 = __importDefault(require("chalk"));
+const ora_1 = __importDefault(require("ora"));
+const inquirer_1 = __importDefault(require("inquirer"));
+const crypto_1 = require("../lib/crypto");
+const config_1 = require("../lib/config");
+exports.rollbackCommand = new commander_1.Command("rollback")
+    .description("Rollback a secret to a previous version")
+    .argument("<key>", "Secret Key to rollback")
+    .option("-p, --project <projectId>", "Project ID")
+    .option("-e, --env <environment>", "Environment (dev, stg, prod)", "dev")
+    .action(async (key, options) => {
+    let { project, env } = options;
+    // Use config fallback
+    if (!project) {
+        project = (0, config_1.getConfigValue)("project");
+    }
+    if (!project) {
+        console.error(chalk_1.default.red("Error: Project ID is required. Use -p <id> or run 'xtra project set' first."));
+        process.exit(1);
+    }
+    // Normalize Env
+    const envMap = { dev: "development", stg: "staging", prod: "production" };
+    env = envMap[env] || env;
+    const spinner = (0, ora_1.default)(`Fetching history for ${key}...`).start();
+    try {
+        const secret = await api_1.api.getSecretDetails(project, env, key);
+        spinner.stop();
+        if (!secret.history || !Array.isArray(secret.history) || secret.history.length === 0) {
+            console.log(chalk_1.default.yellow(`No history found for ${key}. Cannot rollback.`));
+            return;
+        }
+        // Prepare choices
+        // Current version
+        const choices = [];
+        // History versions (reverse order to show latest first)
+        const history = [...secret.history].reverse();
+        history.forEach((h) => {
+            let displayValue = "********";
+            try {
+                const enc = JSON.parse(h.value[0]);
+                displayValue = (0, crypto_1.decrypt)(enc);
+            }
+            catch (e) {
+                displayValue = h.value[0];
+            }
+            choices.push({
+                name: `v${h.version} - ${new Date(h.updatedAt).toLocaleString()} (Value: ${displayValue.substring(0, 10)}...)`,
+                value: h
+            });
+        });
+        const { selectedVersion } = await inquirer_1.default.prompt([
+            {
+                type: "list",
+                name: "selectedVersion",
+                message: "Select version to restore:",
+                choices: choices
+            }
+        ]);
+        // Restore
+        const confirmSpinner = (0, ora_1.default)(`Restoring version v${selectedVersion.version}...`).start();
+        // We use setSecrets to update it to the old value. 
+        // This will create a NEW version in history (preserving the timeline).
+        let restoredValue = selectedVersion.value[0];
+        try {
+            const enc = JSON.parse(restoredValue);
+            restoredValue = (0, crypto_1.decrypt)(enc);
+        }
+        catch (e) { }
+        const payload = { [key]: restoredValue };
+        await api_1.api.setSecrets(project, env, payload);
+        confirmSpinner.succeed(`Successfully rolled back ${key} to v${selectedVersion.version}`);
+        // Log Audit
+        try {
+            const { logAudit } = require("../lib/audit");
+            logAudit("SECRET_ROLLBACK", project, env, { key, version: selectedVersion.version });
+        }
+        catch (e) { }
+    }
+    catch (error) {
+        spinner.fail("Failed to rollback.");
+        if (error.response && error.response.status === 404) {
+            console.error(chalk_1.default.red("Secret not found."));
+        }
+        else {
+            console.error(chalk_1.default.red(error.message));
+        }
+    }
+});

package/dist/commands/rotate.js

@@ -0,0 +1,94 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.rotateCommand = void 0;
+const commander_1 = require("commander");
+const api_1 = require("../lib/api");
+const config_1 = require("../lib/config");
+const chalk_1 = __importDefault(require("chalk"));
+const ora_1 = __importDefault(require("ora"));
+exports.rotateCommand = new commander_1.Command("rotate")
+    .description("Rotate a secret (Zero-Downtime Shadow Mode)")
+    .argument("<key>", "Key of the secret to rotate")
+    .option("-p, --project <projectId>", "Project ID")
+    .option("-e, --env <environment>", "Environment", "development")
+    .option("--strategy <strategy>", "Rotation strategy", "shadow")
+    .option("--promote", "Promote the shadow value to active", false)
+    .option("--value <value>", "New value for the secret (optional)")
+    .action(async (key, options) => {
+    let { project, env, strategy, promote, value } = options;
+    // Use config fallback
+    if (!project) {
+        project = (0, config_1.getConfigValue)("project");
+    }
+    // Normalize Env
+    const envMap = { dev: "development", stg: "staging", prod: "production" };
+    env = envMap[env] || env;
+    if (!project) {
+        console.error(chalk_1.default.red("Error: Project ID is required. Use -p <id> or checkout a branch."));
+        process.exit(1);
+    }
+    // Production confirmation gate
+    if (env === "production") {
+        const inquirer = require("inquirer");
+        const { confirmProd } = await inquirer.prompt([{
+                type: "confirm",
+                name: "confirmProd",
+                message: chalk_1.default.red(`⚠ You are about to rotate a secret in PRODUCTION (${key}). Proceed?`),
+                default: false,
+            }]);
+        if (!confirmProd) {
+            console.log(chalk_1.default.yellow("Aborted."));
+            return;
+        }
+    }
+    if (promote) {
+        // PROMOTE FLOW
+        const spinner = (0, ora_1.default)(`Promoting secret '${key}' in ${env}...`).start();
+        try {
+            const result = await api_1.api.promoteSecret(project, env, key);
+            spinner.succeed(chalk_1.default.green(`Successfully promoted '${key}' to version ${result.version}`));
+            try {
+                const { logAudit } = require("../lib/audit");
+                logAudit("SECRET_PROMOTE", project, env, { key, newVersion: result.version });
+            }
+            catch (e) { }
+        }
+        catch (error) {
+            spinner.fail("Promotion failed");
+            if (error.response && error.response.data && error.response.data.error) {
+                console.error(chalk_1.default.red(`Server Error: ${error.response.data.error}`));
+            }
+            else {
+                console.error(chalk_1.default.red(error.message));
+            }
+        }
+    }
+    else {
+        // ROTATE FLOW
+        const spinner = (0, ora_1.default)(`Starting rotation for '${key}' (Strategy: ${strategy})...`).start();
+        try {
+            const result = await api_1.api.rotateSecret(project, env, key, strategy, value);
+            spinner.succeed(chalk_1.default.green(`Rotation initiated for '${key}'`));
+            console.log(chalk_1.default.dim(`Shadow Value: ${result.shadowValue}`));
+            console.log(chalk_1.default.dim(`Expires At: ${result.expiresAt}`));
+            console.log(chalk_1.default.blue(`\nTo verify, run your app. To finalize, run:\nxtra rotate ${key} --promote -p ${project} -e ${env}`));
+            try {
+                const { logAudit } = require("../lib/audit");
+                logAudit("SECRET_ROTATE", project, env, { key, strategy, expiresAt: result.expiresAt });
+            }
+            catch (e) { }
+        }
+        catch (error) {
+            spinner.fail("Rotation failed");
+            if (error.response && error.response.data && error.response.data.error) {
+                console.error(chalk_1.default.red(`Server Error: ${error.response.data.error}`));
+            }
+            else {
+                console.error(chalk_1.default.red(error.message));
+            }
+        }
+    }
+});