npm - xtra-cli - Versions diffs - 0.1.0 - Mend

xtra-cli 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (44) hide show

package/LICENSE +21 -0
package/README.md +87 -0
package/dist/bin/xtra.js +124 -0
package/dist/commands/access.js +107 -0
package/dist/commands/admin.js +118 -0
package/dist/commands/audit.js +67 -0
package/dist/commands/branch.js +216 -0
package/dist/commands/checkout.js +74 -0
package/dist/commands/ci.js +330 -0
package/dist/commands/completion.js +227 -0
package/dist/commands/diff.js +163 -0
package/dist/commands/doctor.js +176 -0
package/dist/commands/env.js +70 -0
package/dist/commands/export.js +84 -0
package/dist/commands/generate.js +180 -0
package/dist/commands/history.js +77 -0
package/dist/commands/import.js +122 -0
package/dist/commands/init.js +162 -0
package/dist/commands/integration.js +188 -0
package/dist/commands/local.js +198 -0
package/dist/commands/login.js +176 -0
package/dist/commands/login.test.js +51 -0
package/dist/commands/logs.js +121 -0
package/dist/commands/profile.js +184 -0
package/dist/commands/project.js +98 -0
package/dist/commands/rollback.js +96 -0
package/dist/commands/rotate.js +94 -0
package/dist/commands/run.js +215 -0
package/dist/commands/scan.js +127 -0
package/dist/commands/secrets.js +265 -0
package/dist/commands/simulate.js +92 -0
package/dist/commands/status.js +94 -0
package/dist/commands/template.js +276 -0
package/dist/commands/ui.js +218 -0
package/dist/commands/watch.js +121 -0
package/dist/lib/api.js +172 -0
package/dist/lib/api.test.js +89 -0
package/dist/lib/audit.js +136 -0
package/dist/lib/config.js +42 -0
package/dist/lib/config.test.js +47 -0
package/dist/lib/crypto.js +50 -0
package/dist/lib/manifest.js +52 -0
package/dist/lib/profiles.js +103 -0
package/package.json +67 -0

package/dist/commands/simulate.js ADDED Viewed

@@ -0,0 +1,92 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.simulateCommand = void 0;
+/**
+ * simulate.ts — Dry-run mode for xtra run
+ *
+ * Fetches secrets and shows exactly what `xtra run` would inject into
+ * the process environment — without actually executing the command.
+ * Safe to use in any environment.
+ */
+const commander_1 = require("commander");
+const api_1 = require("../lib/api");
+const config_1 = require("../lib/config");
+const chalk_1 = __importDefault(require("chalk"));
+const ora_1 = __importDefault(require("ora"));
+const table_1 = require("table");
+exports.simulateCommand = new commander_1.Command("simulate")
+    .description("Dry-run: show what 'xtra run' would inject without executing the command")
+    .option("-p, --project <id>", "Project ID")
+    .option("-e, --env <environment>", "Environment", "development")
+    .option("-b, --branch <branch>", "Branch", "main")
+    .argument("[command]", "Command that would be executed (display only)")
+    .option("--show-values", "Reveal secret values in output (default: masked)", false)
+    .option("--diff", "Highlight secrets that differ from local .env / process.env", false)
+    .action(async (command, options) => {
+    let { project, env, branch, showValues, diff: showDiff } = options;
+    const envMap = { dev: "development", stg: "staging", prod: "production" };
+    env = envMap[env] || env;
+    if (!project)
+        project = (0, config_1.getConfigValue)("project");
+    if (!project) {
+        console.error(chalk_1.default.red("Error: Project ID required. Use -p <id> or run 'xtra project set'."));
+        process.exit(1);
+    }
+    const spinner = (0, ora_1.default)(`Fetching secrets to simulate injection (${env}/${branch})...`).start();
+    let secrets;
+    try {
+        secrets = await api_1.api.getSecrets(project, env, branch);
+        spinner.stop();
+    }
+    catch (e) {
+        spinner.fail("Failed to fetch secrets.");
+        console.error(chalk_1.default.red(e?.response?.data?.error || e.message));
+        process.exit(1);
+    }
+    const count = Object.keys(secrets).length;
+    console.log(chalk_1.default.bold(`\n🔬 Simulation — xtra run ${command ? chalk_1.default.cyan(command) : "(no command specified)"}\n`));
+    console.log(chalk_1.default.gray(`   Project : ${project}`));
+    console.log(chalk_1.default.gray(`   Env     : ${env}`));
+    console.log(chalk_1.default.gray(`   Branch  : ${branch}`));
+    console.log(chalk_1.default.gray(`   Secrets : ${count} would be injected\n`));
+    if (count === 0) {
+        console.log(chalk_1.default.yellow("  No secrets found for this environment/branch."));
+        return;
+    }
+    const rows = [
+        [chalk_1.default.bold("Key"), chalk_1.default.bold("Injected Value"), chalk_1.default.bold("Local .env"), chalk_1.default.bold("Status")]
+    ];
+    for (const [key, value] of Object.entries(secrets)) {
+        const localVal = process.env[key];
+        const displayVal = showValues ? chalk_1.default.cyan(value) : chalk_1.default.gray("••••••••");
+        let status = chalk_1.default.green("Injected");
+        let localDisplay = "-";
+        if (showDiff && localVal !== undefined) {
+            localDisplay = showValues ? chalk_1.default.yellow(localVal) : chalk_1.default.gray("••••••••");
+            if (localVal === value) {
+                status = chalk_1.default.gray("Same");
+            }
+            else {
+                status = chalk_1.default.yellow("⚡ Override");
+            }
+        }
+        else if (showDiff) {
+            status = chalk_1.default.blue("New");
+            localDisplay = chalk_1.default.gray("(not set)");
+        }
+        rows.push([chalk_1.default.white(key), displayVal, showDiff ? localDisplay : "-", status]);
+    }
+    console.log((0, table_1.table)(rows));
+    // Summary
+    if (!showValues) {
+        console.log(chalk_1.default.gray("  Tip: use --show-values to reveal actual secret values"));
+    }
+    if (!showDiff) {
+        console.log(chalk_1.default.gray("  Tip: use --diff to compare against your local process.env"));
+    }
+    console.log(chalk_1.default.bold(`\n  ✅ Simulation complete. ${count} secret(s) would be injected.`));
+    console.log(chalk_1.default.gray("  Run without 'simulate' to actually execute the command.\n"));
+});

package/dist/commands/status.js ADDED Viewed

@@ -0,0 +1,94 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.statusCommand = void 0;
+const commander_1 = require("commander");
+const api_1 = require("../lib/api");
+const chalk_1 = __importDefault(require("chalk"));
+const ora_1 = __importDefault(require("ora"));
+const table_1 = require("table");
+const manifest_1 = require("../lib/manifest");
+const crypto_1 = require("../lib/crypto");
+const config_1 = require("../lib/config");
+exports.statusCommand = new commander_1.Command("status")
+    .description("Check synchronization status with XtraSync platform")
+    .option("-p, --project <projectId>", "Project ID")
+    .option("-e, --env <environment>", "Environment (dev, stg, prod)", "dev")
+    .option("-b, --branch <branchName>", "Branch Name")
+    .action(async (options) => {
+    let { project, env, branch } = options;
+    // Use config fallback
+    if (!project) {
+        project = (0, config_1.getConfigValue)("project");
+    }
+    if (!branch) {
+        branch = (0, config_1.getConfigValue)("branch") || "main";
+    }
+    if (!project) {
+        console.error(chalk_1.default.red("Error: Project ID is required. Use -p <id> or run 'xtra project set' first."));
+        process.exit(1);
+    }
+    // Normalize Env
+    const envMap = { dev: "development", stg: "staging", prod: "production" };
+    env = envMap[env] || env;
+    // Load Manifest
+    const manifest = (0, manifest_1.loadManifest)();
+    if (!manifest) {
+        console.log(chalk_1.default.yellow("No local manifest found. Run 'xtra run' or 'xtra generate' first."));
+        return;
+    }
+    if (manifest.projectId !== project || manifest.environment !== env) {
+        console.log(chalk_1.default.yellow(`Manifest found for DIFFERENT project/env (${manifest.projectId}/${manifest.environment}).`));
+        console.log("Checking status against requested target anyway...");
+    }
+    const spinner = (0, ora_1.default)(`Fetching remote state for ${env} (branch: ${branch})...`).start();
+    try {
+        const secrets = await api_1.api.getSecrets(project, env, branch);
+        spinner.stop();
+        // Compare
+        const rows = [[chalk_1.default.bold("Secret Key"), chalk_1.default.bold("Status"), chalk_1.default.bold("Local Last Updated")]];
+        let diffCount = 0;
+        // Check Remote vs Local
+        Object.entries(secrets).forEach(([key, value]) => {
+            const remoteHash = (0, crypto_1.hash)(value);
+            const localEntry = manifest.secrets[key];
+            if (!localEntry) {
+                rows.push([key, chalk_1.default.green("NEW (Remote)"), "-"]);
+                diffCount++;
+            }
+            else if (localEntry.hash !== remoteHash) {
+                rows.push([key, chalk_1.default.yellow("MODIFIED"), localEntry.updatedAt]);
+                diffCount++;
+            }
+            else {
+                rows.push([key, chalk_1.default.cyan("Synced"), localEntry.updatedAt]);
+            }
+        });
+        // Check Local vs Remote (Deleted keys)
+        Object.keys(manifest.secrets).forEach(key => {
+            if (!secrets[key]) {
+                rows.push([key, chalk_1.default.red("DELETED (Remote)"), manifest.secrets[key].updatedAt]);
+                diffCount++;
+            }
+        });
+        console.log("");
+        console.log((0, table_1.table)(rows));
+        if (diffCount === 0) {
+            console.log(chalk_1.default.green("✔ Everything is in sync."));
+        }
+        else {
+            console.log(chalk_1.default.yellow(`⚠ Found ${diffCount} difference(s).\n`));
+            console.log(chalk_1.default.bold("  Next steps:"));
+            console.log(chalk_1.default.gray("    xtra generate              ") + chalk_1.default.white("# pull cloud secrets → .env (merge)"));
+            console.log(chalk_1.default.gray("    xtra generate -f json      ") + chalk_1.default.white("# pull cloud secrets → secrets.json"));
+            console.log(chalk_1.default.gray("    xtra run node app.js       ") + chalk_1.default.white("# inject secrets at runtime (no file)"));
+            console.log(chalk_1.default.gray("    xtra local sync            ") + chalk_1.default.white("# pull cloud secrets → .env.local (offline mode)"));
+        }
+    }
+    catch (error) {
+        spinner.fail("Failed to fetch remote secrets.");
+        console.error(chalk_1.default.red(error.message));
+    }
+});

package/dist/commands/template.js ADDED Viewed

@@ -0,0 +1,276 @@
+"use strict";
+/**
+ * template.ts — Secret Templating Engine for xtra-cli
+ *
+ * Reads a template file containing {{ secrets.KEY }} placeholders,
+ * fetches secrets from XtraSecurity Cloud, substitutes all placeholders,
+ * and writes the rendered output to the specified file (or stdout).
+ *
+ * Supported placeholder syntaxes:
+ *   {{ secrets.DATABASE_URL }}      → fetches DATABASE_URL from secrets
+ *   {{ secrets.PORT | 3000 }}       → with fallback default value "3000"
+ *   {{ env.NODE_ENV }}              → reads from local process environment
+ *
+ * Example:
+ *   # config.yaml.tpl
+ *   database:
+ *     url: {{ secrets.DATABASE_URL }}
+ *     pool: {{ secrets.DB_POOL_SIZE | 10 }}
+ *   app:
+ *     port: {{ env.PORT | 3000 }}
+ *     env: {{ env.NODE_ENV | development }}
+ *
+ * Usage:
+ *   xtra template render config.yaml.tpl -o config.yaml -p proj123 -e production
+ *   xtra template render nginx.conf.tpl | tee /etc/nginx/nginx.conf
+ *   xtra template check config.yaml.tpl -p proj123 -e production
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.templateCommand = void 0;
+const commander_1 = require("commander");
+const api_1 = require("../lib/api");
+const config_1 = require("../lib/config");
+const chalk_1 = __importDefault(require("chalk"));
+const ora_1 = __importDefault(require("ora"));
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+// ─── Placeholder Regex ────────────────────────────────────────────────────────
+// Matches: {{ secrets.KEY }}, {{ secrets.KEY | default }}, {{ env.KEY | default }}
+const PLACEHOLDER_RE = /\{\{\s*(secrets|env)\.([A-Z0-9_a-z]+)(?:\s*\|\s*([^}]*?))?\s*\}\}/g;
+function renderTemplate(template, secrets, processEnv) {
+    const missingKeys = [];
+    const usedDefaults = [];
+    let replacedCount = 0;
+    const output = template.replace(PLACEHOLDER_RE, (_, source, key, defaultVal) => {
+        let value;
+        if (source === "secrets") {
+            value = secrets[key];
+        }
+        else if (source === "env") {
+            value = processEnv[key];
+        }
+        if (value !== undefined && value !== "") {
+            replacedCount++;
+            return value;
+        }
+        if (defaultVal !== undefined) {
+            const trimmedDefault = defaultVal.trim();
+            usedDefaults.push(`${source}.${key} → "${trimmedDefault}"`);
+            replacedCount++;
+            return trimmedDefault;
+        }
+        missingKeys.push(`${source}.${key}`);
+        return `{{ ${source}.${key} }}`; // Leave unreplaced — user will see it clearly
+    });
+    return { output, replacedCount, missingKeys, usedDefaults };
+}
+// ─── Command ──────────────────────────────────────────────────────────────────
+exports.templateCommand = new commander_1.Command("template")
+    .description("Secret templating engine — inject secrets into config file templates")
+    .addHelpText("after", `
+Template Syntax:
+  {{ secrets.KEY }}           Replace with secret value
+  {{ secrets.KEY | default }} Replace with secret value, fall back to "default"
+  {{ env.KEY }}               Replace with local environment variable
+  {{ env.KEY | default }}     Replace with local env variable, fall back to "default"
+Examples:
+  $ xtra template render config.yaml.tpl -p proj123 -e production -o config.yaml
+  $ xtra template render nginx.conf.tpl -p proj123 -e production | sudo tee /etc/nginx/nginx.conf
+  $ xtra template check config.yaml.tpl -p proj123 -e production
+  $ xtra template list config.yaml.tpl
+`);
+// ── render ────────────────────────────────────────────────────────────────────
+exports.templateCommand
+    .command("render <templateFile>")
+    .description("Render a template file by injecting secrets and environment variables")
+    .option("-p, --project <id>", "Project ID")
+    .option("-e, --env <environment>", "Environment (default: development)", "development")
+    .option("-b, --branch <branch>", "Branch name", "main")
+    .option("-o, --output <file>", "Output file (default: stdout)")
+    .option("--strict", "Exit with error if any placeholder is unresolved", false)
+    .action(async (templateFile, options) => {
+    let { project, env, branch, output, strict } = options;
+    // Normalize env shorthand
+    const envMap = { dev: "development", stg: "staging", prod: "production" };
+    env = envMap[env] || env;
+    if (!project)
+        project = (0, config_1.getConfigValue)("project");
+    if (!project) {
+        console.error(chalk_1.default.red("Error: Project ID required. Use -p <id> or run 'xtra project set'."));
+        process.exit(1);
+    }
+    // Read template file
+    const templatePath = path.resolve(process.cwd(), templateFile);
+    if (!fs.existsSync(templatePath)) {
+        console.error(chalk_1.default.red(`Error: Template file not found: ${templatePath}`));
+        process.exit(1);
+    }
+    const template = fs.readFileSync(templatePath, "utf8");
+    // Count how many placeholders exist
+    const allPlaceholders = [...template.matchAll(PLACEHOLDER_RE)];
+    if (allPlaceholders.length === 0) {
+        console.warn(chalk_1.default.yellow("Warning: No {{ secrets.* }} or {{ env.* }} placeholders found in template."));
+    }
+    const spinner = (0, ora_1.default)(`Fetching secrets for ${project}/${env}...`).start();
+    let secrets = {};
+    try {
+        secrets = await api_1.api.getSecrets(project, env, branch);
+        spinner.succeed(`Loaded ${Object.keys(secrets).length} secrets.`);
+    }
+    catch (e) {
+        spinner.fail("Failed to fetch secrets.");
+        const safeErr = e?.response?.data?.error || e.message;
+        console.error(chalk_1.default.red(safeErr));
+        process.exit(1);
+    }
+    // Render
+    const { output: rendered, replacedCount, missingKeys, usedDefaults } = renderTemplate(template, secrets, process.env);
+    // Report
+    console.log(chalk_1.default.green(`✅ Replaced ${replacedCount} placeholder(s).`));
+    if (usedDefaults.length > 0) {
+        console.log(chalk_1.default.yellow(`⚠  Used defaults for: ${usedDefaults.join(", ")}`));
+    }
+    if (missingKeys.length > 0) {
+        console.log(chalk_1.default.red(`✗  Unresolved placeholders: ${missingKeys.join(", ")}`));
+        if (strict) {
+            console.error(chalk_1.default.red("Aborting due to --strict mode."));
+            process.exit(1);
+        }
+    }
+    // Write output
+    if (output) {
+        const outPath = path.resolve(process.cwd(), output);
+        fs.writeFileSync(outPath, rendered, "utf8");
+        console.log(chalk_1.default.blue(`→ Written to: ${outPath}`));
+    }
+    else {
+        // Print to stdout (so user can pipe it)
+        process.stdout.write(rendered);
+    }
+    // Audit log
+    try {
+        const { logAudit } = require("../lib/audit");
+        logAudit("TEMPLATE_RENDERED", project, env, {
+            template: templateFile,
+            output: output || "stdout",
+            replacedCount,
+            missingKeys,
+        });
+    }
+    catch (e) { }
+});
+// ── check ─────────────────────────────────────────────────────────────────────
+exports.templateCommand
+    .command("check <templateFile>")
+    .description("Validate that all template placeholders have matching secrets (dry-run)")
+    .option("-p, --project <id>", "Project ID")
+    .option("-e, --env <environment>", "Environment", "development")
+    .option("-b, --branch <branch>", "Branch name", "main")
+    .action(async (templateFile, options) => {
+    let { project, env, branch } = options;
+    const envMap = { dev: "development", stg: "staging", prod: "production" };
+    env = envMap[env] || env;
+    if (!project)
+        project = (0, config_1.getConfigValue)("project");
+    if (!project) {
+        console.error(chalk_1.default.red("Error: Project ID required."));
+        process.exit(1);
+    }
+    const templatePath = path.resolve(process.cwd(), templateFile);
+    if (!fs.existsSync(templatePath)) {
+        console.error(chalk_1.default.red(`Template file not found: ${templatePath}`));
+        process.exit(1);
+    }
+    const template = fs.readFileSync(templatePath, "utf8");
+    const spinner = (0, ora_1.default)(`Fetching secrets for check...`).start();
+    let secrets = {};
+    try {
+        secrets = await api_1.api.getSecrets(project, env, branch);
+        spinner.stop();
+    }
+    catch (e) {
+        spinner.fail("Failed to fetch secrets.");
+        process.exit(1);
+    }
+    const { replacedCount, missingKeys, usedDefaults } = renderTemplate(template, secrets, process.env);
+    const allCount = [...template.matchAll(PLACEHOLDER_RE)].length;
+    console.log(chalk_1.default.bold(`\nTemplate Check: ${templateFile}\n`));
+    console.log(`  Total placeholders : ${allCount}`);
+    console.log(`  Resolved           : ${chalk_1.default.green(replacedCount)}`);
+    console.log(`  Using defaults     : ${chalk_1.default.yellow(usedDefaults.length)}`);
+    console.log(`  Unresolved         : ${chalk_1.default.red(missingKeys.length)}`);
+    if (usedDefaults.length > 0) {
+        console.log(chalk_1.default.yellow(`\n  Defaults used:`));
+        usedDefaults.forEach(d => console.log(`    - ${d}`));
+    }
+    if (missingKeys.length > 0) {
+        console.log(chalk_1.default.red(`\n  Missing secrets (no default):`));
+        missingKeys.forEach(k => console.log(chalk_1.default.red(`    ✗ ${k}`)));
+        process.exit(1);
+    }
+    else {
+        console.log(chalk_1.default.green("\n  ✅ All placeholders are resolvable!"));
+    }
+});
+// ── list ──────────────────────────────────────────────────────────────────────
+exports.templateCommand
+    .command("list <templateFile>")
+    .description("List all placeholders found in a template file (no API call needed)")
+    .action((templateFile) => {
+    const templatePath = path.resolve(process.cwd(), templateFile);
+    if (!fs.existsSync(templatePath)) {
+        console.error(chalk_1.default.red(`Template file not found: ${templatePath}`));
+        process.exit(1);
+    }
+    const template = fs.readFileSync(templatePath, "utf8");
+    const matches = [...template.matchAll(PLACEHOLDER_RE)];
+    if (matches.length === 0) {
+        console.log(chalk_1.default.yellow("No placeholders found in this template."));
+        return;
+    }
+    console.log(chalk_1.default.bold(`\nPlaceholders in ${path.basename(templateFile)}:\n`));
+    matches.forEach(m => {
+        const [, source, key, def] = m;
+        const defaultHint = def ? chalk_1.default.gray(` (default: "${def.trim()}")`) : "";
+        const icon = source === "secrets" ? "🔒" : "📦";
+        console.log(`  ${icon} ${chalk_1.default.cyan(`{{ ${source}.${key} }}`)}${defaultHint}`);
+    });
+    console.log(`\n  Total: ${chalk_1.default.bold(matches.length)} placeholder(s)\n`);
+});

package/dist/commands/ui.js ADDED Viewed

@@ -0,0 +1,218 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.uiCommand = void 0;
+const commander_1 = require("commander");
+const chalk_1 = __importDefault(require("chalk"));
+const readline = __importStar(require("readline"));
+const api_1 = require("../lib/api");
+const ENVS = ["development", "staging", "production"];
+// ─── Rendering ────────────────────────────────────────────────────────────────
+function clear() { process.stdout.write("\x1Bc"); }
+function renderHeader() {
+    console.log(chalk_1.default.cyan("╔═══════════════════════════════════════════════════════════╗"));
+    console.log(chalk_1.default.cyan("║") + chalk_1.default.bold.cyan("  🔒  XtraSecurity — Interactive Shell                     ") + chalk_1.default.cyan("║"));
+    console.log(chalk_1.default.cyan("╚═══════════════════════════════════════════════════════════╝"));
+    console.log(chalk_1.default.gray("  ↑↓ Navigate  •  Enter Select  •  Tab Switch Panel  •  Q Quit\n"));
+}
+function renderList(title, items, selectedIdx, active) {
+    const border = active ? chalk_1.default.cyan : chalk_1.default.gray;
+    console.log(border(`┌─ ${title} ${"─".repeat(Math.max(0, 28 - title.length))}┐`));
+    items.forEach((item, i) => {
+        const isSelected = i === selectedIdx;
+        const icon = isSelected ? (active ? chalk_1.default.cyan("▶ ") : chalk_1.default.gray("▶ ")) : "  ";
+        const text = isSelected && active ? chalk_1.default.bold.cyan(item) : isSelected ? chalk_1.default.cyan(item) : chalk_1.default.white(item);
+        console.log(border("│") + ` ${icon}${text}`.padEnd(30) + border("│"));
+    });
+    console.log(border(`└${"─".repeat(32)}┘`));
+}
+function renderSecrets(secrets, selectedIdx, active) {
+    const border = active ? chalk_1.default.cyan : chalk_1.default.gray;
+    const COLS = [36, 12, 20];
+    const sep = "─".repeat(COLS[0]) + "┬" + "─".repeat(COLS[1]) + "┬" + "─".repeat(COLS[2]);
+    console.log(border(`┌${sep}┐`));
+    const header = [
+        chalk_1.default.bold.yellow("KEY".padEnd(COLS[0])),
+        chalk_1.default.bold.yellow("VALUE".padEnd(COLS[1])),
+        chalk_1.default.bold.yellow("UPDATED".padEnd(COLS[2]))
+    ].join(border("│"));
+    console.log(border("│") + header + border("│"));
+    console.log(border(`├${sep}┤`));
+    if (secrets.length === 0) {
+        console.log(border("│") + chalk_1.default.gray("  No secrets found.".padEnd(COLS[0] + COLS[1] + COLS[2] + 2)) + border("│"));
+    }
+    else {
+        secrets.forEach((s, i) => {
+            const isSelected = i === selectedIdx;
+            const fmt = (t, w) => {
+                const str = t.length > w - 2 ? t.slice(0, w - 5) + "..." : t;
+                return isSelected && active ? chalk_1.default.bold.bgCyan.black(str.padEnd(w)) : isSelected ? chalk_1.default.cyan(str.padEnd(w)) : str.padEnd(w);
+            };
+            const row = [
+                fmt(s.key, COLS[0]),
+                fmt("*".repeat(8), COLS[1]),
+                fmt(new Date(s.updatedAt).toLocaleDateString(), COLS[2]),
+            ].join(border("│"));
+            console.log(border("│") + row + border("│"));
+        });
+    }
+    console.log(border(`└${"─".repeat(COLS[0])}┴${"─".repeat(COLS[1])}┴${"─".repeat(COLS[2])}┘`));
+}
+function renderStatus(msg) {
+    console.log("\n" + chalk_1.default.gray("  ● ") + chalk_1.default.white(msg));
+}
+// ─── Main TUI Loop ────────────────────────────────────────────────────────────
+async function runUI() {
+    let screen = "project";
+    let projects = [];
+    let projectIdx = 0;
+    let envIdx = 0;
+    let secrets = [];
+    let secretIdx = 0;
+    let status = "Loading projects...";
+    let loading = false;
+    async function loadProjects() {
+        try {
+            projects = await api_1.api.getProjects();
+            status = projects.length > 0
+                ? `Loaded ${projects.length} projects. Use ↑↓ and Enter to navigate.`
+                : "No projects found. Try running `xtra login`.";
+        }
+        catch (e) {
+            status = chalk_1.default.red(`Error: ${e.message}`);
+        }
+        draw();
+    }
+    async function loadSecrets() {
+        if (!projects[projectIdx])
+            return;
+        loading = true;
+        status = `Fetching secrets for ${projects[projectIdx].name}/${ENVS[envIdx]}...`;
+        draw();
+        try {
+            secrets = await api_1.api.getSecrets(projects[projectIdx].id, ENVS[envIdx]);
+            secretIdx = 0;
+            status = `${secrets.length} secret(s) loaded. Tab to switch panel, Q to quit.`;
+        }
+        catch (e) {
+            secrets = [];
+            status = chalk_1.default.red(`Error: ${e.message}`);
+        }
+        loading = false;
+        draw();
+    }
+    function draw() {
+        clear();
+        renderHeader();
+        const projectNames = projects.map(p => p.name);
+        renderList("PROJECTS", projectNames.length ? projectNames : ["(loading...)"], projectIdx, screen === "project");
+        console.log();
+        renderList("ENVIRONMENT", ENVS, envIdx, screen === "env");
+        console.log();
+        if (loading) {
+            console.log(chalk_1.default.cyan("  ⠋ Loading secrets..."));
+        }
+        else {
+            renderSecrets(secrets, secretIdx, screen === "secrets");
+        }
+        renderStatus(status);
+    }
+    // Set up raw mode for keyboard input
+    readline.emitKeypressEvents(process.stdin);
+    if (process.stdin.isTTY)
+        process.stdin.setRawMode(true);
+    process.stdin.on("keypress", async (str, key) => {
+        if (!key)
+            return;
+        // Quit
+        if (str === "q" || str === "Q" || (key.ctrl && key.name === "c")) {
+            if (process.stdin.isTTY)
+                process.stdin.setRawMode(false);
+            clear();
+            console.log(chalk_1.default.cyan("Goodbye! 👋"));
+            process.exit(0);
+        }
+        // Tab to cycle panels
+        if (key.name === "tab") {
+            screen = screen === "project" ? "env" : screen === "env" ? "secrets" : "project";
+            draw();
+            return;
+        }
+        // Navigation based on active panel
+        if (screen === "project") {
+            if (key.name === "up")
+                projectIdx = Math.max(0, projectIdx - 1);
+            if (key.name === "down")
+                projectIdx = Math.min(projects.length - 1, projectIdx + 1);
+            if (key.name === "return") {
+                screen = "env";
+                await loadSecrets();
+                return;
+            }
+        }
+        if (screen === "env") {
+            if (key.name === "up")
+                envIdx = Math.max(0, envIdx - 1);
+            if (key.name === "down")
+                envIdx = Math.min(ENVS.length - 1, envIdx + 1);
+            if (key.name === "return") {
+                screen = "secrets";
+                await loadSecrets();
+                return;
+            }
+        }
+        if (screen === "secrets") {
+            if (key.name === "up")
+                secretIdx = Math.max(0, secretIdx - 1);
+            if (key.name === "down")
+                secretIdx = Math.min(secrets.length - 1, secretIdx + 1);
+        }
+        draw();
+    });
+    await loadProjects();
+    if (projects.length > 0)
+        await loadSecrets();
+    else
+        draw();
+}
+// ─── Commander Command ────────────────────────────────────────────────────────
+exports.uiCommand = new commander_1.Command("ui")
+    .description("Launch interactive TUI secrets dashboard (arrow keys to navigate, Q to quit)")
+    .action(async () => {
+    await runUI();
+});