clonebox 1.1.2__py3-none-any.whl → 1.1.3__py3-none-any.whl

clonebox/cli.py

@@ -28,6 +28,9 @@ from clonebox.container import ContainerCloner
 from clonebox.detector import SystemDetector
 from clonebox.models import ContainerConfig
 from clonebox.profiles import merge_with_profile
+from clonebox.exporter import SecureExporter, VMExporter
+from clonebox.importer import SecureImporter, VMImporter
+from clonebox.p2p import P2PManager
 
 # Custom questionary style
 custom_style = Style(
@@ -2635,6 +2638,127 @@ def cmd_detect(args):
         console.print(table)
 
 
+def cmd_keygen(args) -> None:
+    """Generate encryption key for secure P2P transfers."""
+    key_path = SecureExporter.generate_key()
+    console.print(f"[green]🔑 Encryption key generated: {key_path}[/]")
+    console.print("[dim]Share this key with team members for encrypted transfers.[/]")
+
+
+def cmd_export_encrypted(args) -> None:
+    """Export VM with AES-256 encryption."""
+    vm_name, config_file = _resolve_vm_name_and_config_file(args.name)
+    conn_uri = "qemu:///session" if getattr(args, "user", False) else "qemu:///system"
+    output = Path(args.output) if args.output else Path(f"{vm_name}.enc")
+
+    console.print(f"[cyan]🔒 Exporting encrypted: {vm_name} → {output}[/]")
+
+    try:
+        exporter = SecureExporter(conn_uri)
+        exporter.export_encrypted(
+            vm_name=vm_name,
+            output_path=output,
+            include_user_data=getattr(args, "user_data", False),
+            include_app_data=getattr(args, "include_data", False),
+        )
+        console.print(f"[green]✅ Encrypted export complete: {output}[/]")
+    except FileNotFoundError as e:
+        console.print(f"[red]❌ {e}[/]")
+        console.print("[yellow]Run: clonebox keygen[/]")
+    finally:
+        exporter.close()
+
+
+def cmd_import_encrypted(args) -> None:
+    """Import VM with AES-256 decryption."""
+    archive = Path(args.archive)
+    conn_uri = "qemu:///session" if getattr(args, "user", False) else "qemu:///system"
+
+    console.print(f"[cyan]🔓 Importing encrypted: {archive}[/]")
+
+    try:
+        importer = SecureImporter(conn_uri)
+        vm_name = importer.import_decrypted(
+            encrypted_path=archive,
+            import_user_data=getattr(args, "user_data", False),
+            import_app_data=getattr(args, "include_data", False),
+            new_name=getattr(args, "name", None),
+        )
+        console.print(f"[green]✅ Import complete: {vm_name}[/]")
+    except FileNotFoundError as e:
+        console.print(f"[red]❌ {e}[/]")
+    finally:
+        importer.close()
+
+
+def cmd_export_remote(args) -> None:
+    """Export VM from remote host."""
+    p2p = P2PManager()
+
+    console.print(f"[cyan]📤 Remote export: {args.host}:{args.vm_name}[/]")
+
+    try:
+        output = Path(args.output)
+        p2p.export_remote(
+            host=args.host,
+            vm_name=args.vm_name,
+            output=output,
+            encrypted=getattr(args, "encrypted", False),
+            include_user_data=getattr(args, "user_data", False),
+            include_app_data=getattr(args, "include_data", False),
+        )
+        console.print(f"[green]✅ Remote export complete: {output}[/]")
+    except RuntimeError as e:
+        console.print(f"[red]❌ {e}[/]")
+
+
+def cmd_import_remote(args) -> None:
+    """Import VM to remote host."""
+    p2p = P2PManager()
+    archive = Path(args.archive)
+
+    console.print(f"[cyan]📥 Remote import: {archive} → {args.host}[/]")
+
+    try:
+        p2p.import_remote(
+            host=args.host,
+            archive_path=archive,
+            encrypted=getattr(args, "encrypted", False),
+            import_user_data=getattr(args, "user_data", False),
+            new_name=getattr(args, "name", None),
+        )
+        console.print(f"[green]✅ Remote import complete[/]")
+    except RuntimeError as e:
+        console.print(f"[red]❌ {e}[/]")
+
+
+def cmd_sync_key(args) -> None:
+    """Sync encryption key to remote host."""
+    p2p = P2PManager()
+
+    console.print(f"[cyan]🔑 Syncing key to: {args.host}[/]")
+
+    try:
+        p2p.sync_key(args.host)
+        console.print(f"[green]✅ Key synced to {args.host}[/]")
+    except (FileNotFoundError, RuntimeError) as e:
+        console.print(f"[red]❌ {e}[/]")
+
+
+def cmd_list_remote(args) -> None:
+    """List VMs on remote host."""
+    p2p = P2PManager()
+
+    console.print(f"[cyan]🔍 Listing VMs on: {args.host}[/]")
+
+    vms = p2p.list_remote_vms(args.host)
+    if vms:
+        for vm in vms:
+            console.print(f"  • {vm}")
+    else:
+        console.print("[yellow]No VMs found on remote host.[/]")
+
+
 def main():
     """Main entry point."""
     parser = argparse.ArgumentParser(
@@ -3074,6 +3198,99 @@ def main():
     )
     test_parser.set_defaults(func=cmd_test)
 
+    # === P2P Secure Transfer Commands ===
+
+    # Keygen command - generate encryption key
+    keygen_parser = subparsers.add_parser("keygen", help="Generate encryption key for secure transfers")
+    keygen_parser.set_defaults(func=cmd_keygen)
+
+    # Export-encrypted command
+    export_enc_parser = subparsers.add_parser(
+        "export-encrypted", help="Export VM with AES-256 encryption"
+    )
+    export_enc_parser.add_argument(
+        "name", nargs="?", default=None, help="VM name or '.' to use .clonebox.yaml"
+    )
+    export_enc_parser.add_argument(
+        "-u", "--user", action="store_true", help="Use user session (qemu:///session)"
+    )
+    export_enc_parser.add_argument(
+        "-o", "--output", help="Output file (default: <vmname>.enc)"
+    )
+    export_enc_parser.add_argument(
+        "--user-data", action="store_true", help="Include user data (SSH keys, configs)"
+    )
+    export_enc_parser.add_argument(
+        "--include-data", "-d", action="store_true", help="Include app data"
+    )
+    export_enc_parser.set_defaults(func=cmd_export_encrypted)
+
+    # Import-encrypted command
+    import_enc_parser = subparsers.add_parser(
+        "import-encrypted", help="Import VM with AES-256 decryption"
+    )
+    import_enc_parser.add_argument("archive", help="Path to encrypted archive (.enc)")
+    import_enc_parser.add_argument(
+        "-u", "--user", action="store_true", help="Use user session (qemu:///session)"
+    )
+    import_enc_parser.add_argument("--name", "-n", help="New name for imported VM")
+    import_enc_parser.add_argument(
+        "--user-data", action="store_true", help="Import user data"
+    )
+    import_enc_parser.add_argument(
+        "--include-data", "-d", action="store_true", help="Import app data"
+    )
+    import_enc_parser.set_defaults(func=cmd_import_encrypted)
+
+    # Export-remote command
+    export_remote_parser = subparsers.add_parser(
+        "export-remote", help="Export VM from remote host via SSH"
+    )
+    export_remote_parser.add_argument("host", help="Remote host (user@hostname)")
+    export_remote_parser.add_argument("vm_name", help="VM name on remote host")
+    export_remote_parser.add_argument(
+        "-o", "--output", required=True, help="Local output file"
+    )
+    export_remote_parser.add_argument(
+        "--encrypted", "-e", action="store_true", help="Use encrypted export"
+    )
+    export_remote_parser.add_argument(
+        "--user-data", action="store_true", help="Include user data"
+    )
+    export_remote_parser.add_argument(
+        "--include-data", "-d", action="store_true", help="Include app data"
+    )
+    export_remote_parser.set_defaults(func=cmd_export_remote)
+
+    # Import-remote command
+    import_remote_parser = subparsers.add_parser(
+        "import-remote", help="Import VM to remote host via SSH"
+    )
+    import_remote_parser.add_argument("archive", help="Local archive to upload")
+    import_remote_parser.add_argument("host", help="Remote host (user@hostname)")
+    import_remote_parser.add_argument("--name", "-n", help="New name for VM on remote")
+    import_remote_parser.add_argument(
+        "--encrypted", "-e", action="store_true", help="Use encrypted import"
+    )
+    import_remote_parser.add_argument(
+        "--user-data", action="store_true", help="Import user data"
+    )
+    import_remote_parser.set_defaults(func=cmd_import_remote)
+
+    # Sync-key command
+    sync_key_parser = subparsers.add_parser(
+        "sync-key", help="Sync encryption key to remote host"
+    )
+    sync_key_parser.add_argument("host", help="Remote host (user@hostname)")
+    sync_key_parser.set_defaults(func=cmd_sync_key)
+
+    # List-remote command
+    list_remote_parser = subparsers.add_parser(
+        "list-remote", help="List VMs on remote host"
+    )
+    list_remote_parser.add_argument("host", help="Remote host (user@hostname)")
+    list_remote_parser.set_defaults(func=cmd_list_remote)
+
     args = parser.parse_args()
 
     if hasattr(args, "func"):

clonebox/exporter.py

@@ -0,0 +1,189 @@
+#!/usr/bin/env python3
+"""
+VM Exporter - Export VM with all data and optional AES-256 encryption.
+"""
+
+import os
+import tarfile
+import tempfile
+import xml.etree.ElementTree as ET
+from pathlib import Path
+from typing import List, Optional
+
+from cryptography.fernet import Fernet
+
+try:
+    import libvirt
+except ImportError:
+    libvirt = None
+
+
+class VMExporter:
+    """Export VM with disks, app data, and user data."""
+
+    def __init__(self, conn_uri: str = "qemu:///system"):
+        self.conn_uri = conn_uri
+        self._conn = None
+
+    @property
+    def conn(self):
+        if self._conn is None:
+            if libvirt is None:
+                raise RuntimeError("libvirt-python not installed")
+            self._conn = libvirt.open(self.conn_uri)
+        return self._conn
+
+    def export_vm(
+        self,
+        vm_name: str,
+        output_path: Path,
+        include_user_data: bool = False,
+        include_app_data: bool = False,
+    ) -> Path:
+        """Full export of VM with disks and optional data."""
+        vm = self.conn.lookupByName(vm_name)
+        vm_xml = vm.XMLDesc()
+        root = ET.fromstring(vm_xml)
+
+        # Find all disk files
+        disks: List[Path] = []
+        for disk in root.findall(".//disk[@type='file']"):
+            source = disk.find(".//source")
+            if source is not None and source.get("file"):
+                disk_path = Path(source.get("file"))
+                if disk_path.exists():
+                    disks.append(disk_path)
+
+        # Create archive
+        with tarfile.open(output_path, "w:gz") as tar:
+            # Add XML config
+            xml_tmp = Path(tempfile.gettempdir()) / f"{vm_name}.xml"
+            xml_tmp.write_text(vm_xml)
+            tar.add(xml_tmp, arcname=f"{vm_name}.xml")
+            xml_tmp.unlink()
+
+            # Add disks
+            for disk in disks:
+                arcname = f"disks/{disk.name}"
+                tar.add(disk, arcname=arcname)
+                print(f"   💾 Added disk: {disk}")
+
+            # Add app data
+            if include_app_data:
+                self._export_app_data(tar)
+
+            # Add user data
+            if include_user_data:
+                self._export_user_data(tar)
+
+        return output_path
+
+    def _export_app_data(self, tar: tarfile.TarFile) -> None:
+        """Export common application data paths."""
+        common_paths = [
+            Path.home() / "projects",
+            Path.home() / ".docker",
+            Path("/opt/myapp"),
+            Path("/var/www"),
+            Path("/srv/docker"),
+        ]
+
+        for path in common_paths:
+            if path.exists():
+                arcname = f"app-data/{path.name}"
+                try:
+                    tar.add(path, arcname=arcname, recursive=True)
+                    print(f"   📁 App data: {path}")
+                except PermissionError:
+                    print(f"   ⚠️ Permission denied: {path}")
+
+    def _export_user_data(self, tar: tarfile.TarFile) -> None:
+        """Export user data (home, SSH keys)."""
+        user_paths = [
+            Path.home() / ".ssh",
+            Path.home() / ".gitconfig",
+            Path.home() / ".bashrc",
+            Path.home() / ".zshrc",
+        ]
+
+        for path in user_paths:
+            if path.exists():
+                arcname = f"user-data/{path.name}"
+                try:
+                    tar.add(path, arcname=arcname, recursive=True)
+                    print(f"   👤 User data: {path}")
+                except PermissionError:
+                    print(f"   ⚠️ Permission denied: {path}")
+
+    def close(self) -> None:
+        if self._conn is not None:
+            self._conn.close()
+            self._conn = None
+
+
+class SecureExporter:
+    """AES-256 encrypted VM export."""
+
+    KEY_PATH = Path.home() / ".clonebox.key"
+
+    def __init__(self, conn_uri: str = "qemu:///system"):
+        self.exporter = VMExporter(conn_uri)
+
+    @classmethod
+    def generate_key(cls) -> Path:
+        """Generate and save team encryption key."""
+        key = Fernet.generate_key()
+        cls.KEY_PATH.write_bytes(key)
+        os.chmod(str(cls.KEY_PATH), 0o600)
+        return cls.KEY_PATH
+
+    @classmethod
+    def load_key(cls) -> Optional[bytes]:
+        """Load encryption key from file."""
+        if cls.KEY_PATH.exists():
+            return cls.KEY_PATH.read_bytes()
+        return None
+
+    def export_encrypted(
+        self,
+        vm_name: str,
+        output_path: Path,
+        include_user_data: bool = False,
+        include_app_data: bool = False,
+    ) -> Path:
+        """Export VM with AES-256 encryption."""
+        key = self.load_key()
+        if key is None:
+            raise FileNotFoundError(
+                f"No encryption key found at {self.KEY_PATH}. Run: clonebox keygen"
+            )
+
+        fernet = Fernet(key)
+
+        # Create temporary unencrypted archive
+        with tempfile.NamedTemporaryFile(suffix=".tar.gz", delete=False) as tmp:
+            tmp_path = Path(tmp.name)
+
+        try:
+            # Export to temp file
+            self.exporter.export_vm(
+                vm_name=vm_name,
+                output_path=tmp_path,
+                include_user_data=include_user_data,
+                include_app_data=include_app_data,
+            )
+
+            # Encrypt
+            data = tmp_path.read_bytes()
+            encrypted = fernet.encrypt(data)
+            output_path.write_bytes(encrypted)
+
+        finally:
+            # Cleanup temp file
+            if tmp_path.exists():
+                tmp_path.unlink()
+
+        return output_path
+
+    def close(self) -> None:
+        self.exporter.close()

clonebox/importer.py

@@ -0,0 +1,220 @@
+#!/usr/bin/env python3
+"""
+VM Importer - Import VM with path reconfiguration and decryption.
+"""
+
+import shutil
+import subprocess
+import tarfile
+import tempfile
+import xml.etree.ElementTree as ET
+from pathlib import Path
+from typing import Optional
+
+from cryptography.fernet import Fernet
+
+try:
+    import libvirt
+except ImportError:
+    libvirt = None
+
+
+class VMImporter:
+    """Import VM with disk path reconfiguration."""
+
+    DEFAULT_DISK_DIR = Path("/var/lib/libvirt/images")
+
+    def __init__(self, conn_uri: str = "qemu:///system"):
+        self.conn_uri = conn_uri
+        self._conn = None
+
+    @property
+    def conn(self):
+        if self._conn is None:
+            if libvirt is None:
+                raise RuntimeError("libvirt-python not installed")
+            self._conn = libvirt.open(self.conn_uri)
+        return self._conn
+
+    def import_vm(
+        self,
+        archive_path: Path,
+        import_user_data: bool = False,
+        import_app_data: bool = False,
+        new_name: Optional[str] = None,
+        disk_dir: Optional[Path] = None,
+    ) -> str:
+        """Import VM from archive with full path reconfiguration."""
+        disk_dir = disk_dir or self.DEFAULT_DISK_DIR
+
+        with tempfile.TemporaryDirectory(prefix="clonebox-import-") as tmp_dir:
+            tmp_path = Path(tmp_dir)
+
+            # Extract archive
+            with tarfile.open(archive_path) as tar:
+                tar.extractall(tmp_path)
+
+            # Find XML file
+            xml_files = list(tmp_path.glob("*.xml"))
+            if not xml_files:
+                raise FileNotFoundError("No XML configuration found in archive")
+            xml_file = xml_files[0]
+            vm_name = xml_file.stem
+
+            # Move disks to libvirt images directory
+            disks_dir = tmp_path / "disks"
+            disk_mapping = {}
+            if disks_dir.exists():
+                for disk_file in disks_dir.iterdir():
+                    dest = disk_dir / disk_file.name
+                    shutil.copy2(disk_file, dest)
+                    disk_mapping[disk_file.name] = dest
+                    print(f"   💾 Copied disk: {dest}")
+
+            # Reconfigure disk paths in XML
+            vm_xml = self._reconfigure_paths(xml_file, disk_mapping, new_name)
+
+            # Define and create VM
+            vm = self.conn.defineXML(vm_xml)
+            final_name = new_name or vm_name
+            print(f"   ✅ VM defined: {final_name}")
+
+            # Import user/app data
+            if import_user_data:
+                self._import_user_data(tmp_path / "user-data")
+            if import_app_data:
+                self._import_app_data(tmp_path / "app-data")
+
+            # Start VM
+            vm.create()
+            print(f"   🚀 VM started: {final_name}")
+
+            return final_name
+
+    def _reconfigure_paths(
+        self,
+        xml_file: Path,
+        disk_mapping: dict,
+        new_name: Optional[str] = None,
+    ) -> str:
+        """Update disk paths and optionally rename VM."""
+        tree = ET.parse(xml_file)
+        root = tree.getroot()
+
+        # Update name if requested
+        if new_name:
+            name_elem = root.find("name")
+            if name_elem is not None:
+                name_elem.text = new_name
+
+        # Update disk paths
+        for disk in root.findall(".//disk[@type='file']"):
+            source = disk.find(".//source")
+            if source is not None:
+                old_path = source.get("file")
+                if old_path:
+                    disk_name = Path(old_path).name
+                    if disk_name in disk_mapping:
+                        source.set("file", str(disk_mapping[disk_name]))
+                        print(f"   🔄 Remapped: {disk_name} → {disk_mapping[disk_name]}")
+
+        return ET.tostring(root, encoding="unicode")
+
+    def _import_user_data(self, user_data_dir: Path) -> None:
+        """Restore user data."""
+        if user_data_dir.exists():
+            for item in user_data_dir.iterdir():
+                dest = Path.home() / item.name
+                if item.is_dir():
+                    shutil.copytree(item, dest, dirs_exist_ok=True)
+                else:
+                    shutil.copy2(item, dest)
+                print(f"   👤 Restored: {dest}")
+
+    def _import_app_data(self, app_data_dir: Path) -> None:
+        """Restore application data."""
+        if app_data_dir.exists():
+            for item in app_data_dir.iterdir():
+                # Map back to original paths
+                dest_map = {
+                    "projects": Path.home() / "projects",
+                    ".docker": Path.home() / ".docker",
+                    "myapp": Path("/opt/myapp"),
+                    "www": Path("/var/www"),
+                    "docker": Path("/srv/docker"),
+                }
+                dest = dest_map.get(item.name, Path.home() / item.name)
+                try:
+                    if item.is_dir():
+                        shutil.copytree(item, dest, dirs_exist_ok=True)
+                    else:
+                        shutil.copy2(item, dest)
+                    print(f"   📁 Restored: {dest}")
+                except PermissionError:
+                    print(f"   ⚠️ Permission denied: {dest}")
+
+    def close(self) -> None:
+        if self._conn is not None:
+            self._conn.close()
+            self._conn = None
+
+
+class SecureImporter:
+    """AES-256 decrypting VM importer."""
+
+    KEY_PATH = Path.home() / ".clonebox.key"
+
+    def __init__(self, conn_uri: str = "qemu:///system"):
+        self.importer = VMImporter(conn_uri)
+
+    @classmethod
+    def load_key(cls) -> Optional[bytes]:
+        """Load decryption key from file."""
+        if cls.KEY_PATH.exists():
+            return cls.KEY_PATH.read_bytes()
+        return None
+
+    def import_decrypted(
+        self,
+        encrypted_path: Path,
+        import_user_data: bool = False,
+        import_app_data: bool = False,
+        new_name: Optional[str] = None,
+    ) -> str:
+        """Import VM with AES-256 decryption."""
+        key = self.load_key()
+        if key is None:
+            raise FileNotFoundError(
+                f"No decryption key found at {self.KEY_PATH}. "
+                "Copy the team key to this location."
+            )
+
+        fernet = Fernet(key)
+
+        # Create temporary decrypted archive
+        with tempfile.NamedTemporaryFile(suffix=".tar.gz", delete=False) as tmp:
+            tmp_path = Path(tmp.name)
+
+        try:
+            # Decrypt
+            encrypted_data = encrypted_path.read_bytes()
+            decrypted = fernet.decrypt(encrypted_data)
+            tmp_path.write_bytes(decrypted)
+
+            # Import
+            vm_name = self.importer.import_vm(
+                archive_path=tmp_path,
+                import_user_data=import_user_data,
+                import_app_data=import_app_data,
+                new_name=new_name,
+            )
+
+        finally:
+            # Cleanup
+            if tmp_path.exists():
+                tmp_path.unlink()
+
+        return vm_name
+
+    def close(self) -> None:
+        self.importer.close()

clonebox/p2p.py

@@ -0,0 +1,184 @@
+#!/usr/bin/env python3
+"""
+P2P Manager - Transfer VMs between workstations via SSH/SCP.
+"""
+
+import subprocess
+import tempfile
+from pathlib import Path
+from typing import Optional
+
+
+class P2PManager:
+    """Manage P2P VM transfers between workstations."""
+
+    def __init__(self, ssh_options: Optional[list] = None):
+        self.ssh_options = ssh_options or [
+            "-o", "StrictHostKeyChecking=no",
+            "-o", "UserKnownHostsFile=/dev/null",
+        ]
+
+    def _run_ssh(self, host: str, command: str) -> subprocess.CompletedProcess:
+        """Execute command on remote host via SSH."""
+        cmd = ["ssh"] + self.ssh_options + [host, command]
+        return subprocess.run(cmd, capture_output=True, text=True)
+
+    def _run_scp(
+        self,
+        source: str,
+        destination: str,
+        recursive: bool = False,
+    ) -> subprocess.CompletedProcess:
+        """Copy files via SCP."""
+        cmd = ["scp"] + self.ssh_options
+        if recursive:
+            cmd.append("-r")
+        cmd.extend([source, destination])
+        return subprocess.run(cmd, capture_output=True, text=True)
+
+    def export_remote(
+        self,
+        host: str,
+        vm_name: str,
+        output: Path,
+        encrypted: bool = False,
+        include_user_data: bool = False,
+        include_app_data: bool = False,
+    ) -> Path:
+        """Export VM from remote host to local file.
+
+        Args:
+            host: Remote host in format user@hostname
+            vm_name: Name of VM to export
+            output: Local output path
+            encrypted: Use encrypted export
+            include_user_data: Include user data
+            include_app_data: Include app data
+        """
+        remote_tmp = f"/tmp/clonebox-{vm_name}.tar.gz"
+        if encrypted:
+            remote_tmp = f"/tmp/clonebox-{vm_name}.enc"
+
+        # Build export command
+        export_cmd = f"clonebox export {vm_name} -o {remote_tmp}"
+        if encrypted:
+            export_cmd = f"clonebox export-encrypted {vm_name} -o {remote_tmp}"
+        if include_user_data:
+            export_cmd += " --user"
+        if include_app_data:
+            export_cmd += " --include-data"
+
+        print(f"📤 Exporting {vm_name} from {host}...")
+
+        # Execute remote export
+        result = self._run_ssh(host, export_cmd)
+        if result.returncode != 0:
+            raise RuntimeError(f"Remote export failed: {result.stderr}")
+
+        # Download file
+        print(f"⬇️  Downloading to {output}...")
+        result = self._run_scp(f"{host}:{remote_tmp}", str(output))
+        if result.returncode != 0:
+            raise RuntimeError(f"SCP download failed: {result.stderr}")
+
+        # Cleanup remote temp file
+        self._run_ssh(host, f"rm -f {remote_tmp}")
+
+        print(f"✅ Downloaded: {output}")
+        return output
+
+    def import_remote(
+        self,
+        host: str,
+        archive_path: Path,
+        encrypted: bool = False,
+        import_user_data: bool = False,
+        new_name: Optional[str] = None,
+    ) -> str:
+        """Upload and import VM on remote host.
+
+        Args:
+            host: Remote host in format user@hostname
+            archive_path: Local archive to upload
+            encrypted: Use decrypted import
+            import_user_data: Import user data
+            new_name: New name for VM on remote
+        """
+        remote_tmp = f"/tmp/{archive_path.name}"
+
+        print(f"⬆️  Uploading {archive_path} to {host}...")
+
+        # Upload file
+        result = self._run_scp(str(archive_path), f"{host}:{remote_tmp}")
+        if result.returncode != 0:
+            raise RuntimeError(f"SCP upload failed: {result.stderr}")
+
+        # Build import command
+        if encrypted:
+            import_cmd = f"clonebox import-encrypted {remote_tmp}"
+        else:
+            import_cmd = f"clonebox import {remote_tmp}"
+
+        if import_user_data:
+            import_cmd += " --user"
+        if new_name:
+            import_cmd += f" --name {new_name}"
+
+        print(f"📥 Importing on {host}...")
+
+        # Execute remote import
+        result = self._run_ssh(host, import_cmd)
+        if result.returncode != 0:
+            raise RuntimeError(f"Remote import failed: {result.stderr}")
+
+        # Cleanup remote temp file
+        self._run_ssh(host, f"rm -f {remote_tmp}")
+
+        print(f"✅ Import complete on {host}")
+        return new_name or archive_path.stem
+
+    def sync_key(self, host: str) -> bool:
+        """Sync encryption key to remote host.
+
+        Args:
+            host: Remote host in format user@hostname
+
+        Returns:
+            True if key was synced successfully
+        """
+        key_path = Path.home() / ".clonebox.key"
+        if not key_path.exists():
+            raise FileNotFoundError(f"No local key found at {key_path}")
+
+        print(f"🔑 Syncing encryption key to {host}...")
+
+        result = self._run_scp(str(key_path), f"{host}:~/.clonebox.key")
+        if result.returncode != 0:
+            raise RuntimeError(f"Key sync failed: {result.stderr}")
+
+        # Set proper permissions on remote
+        self._run_ssh(host, "chmod 600 ~/.clonebox.key")
+
+        print(f"✅ Key synced to {host}")
+        return True
+
+    def list_remote_vms(self, host: str) -> list:
+        """List VMs on remote host.
+
+        Args:
+            host: Remote host in format user@hostname
+
+        Returns:
+            List of VM names
+        """
+        result = self._run_ssh(host, "virsh list --all --name")
+        if result.returncode != 0:
+            return []
+
+        vms = [line.strip() for line in result.stdout.splitlines() if line.strip()]
+        return vms
+
+    def check_clonebox_installed(self, host: str) -> bool:
+        """Check if clonebox is installed on remote host."""
+        result = self._run_ssh(host, "which clonebox || command -v clonebox")
+        return result.returncode == 0

{clonebox-1.1.2.dist-info → clonebox-1.1.3.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: clonebox
-Version: 1.1.2
+Version: 1.1.3
 Summary: Clone your workstation environment to an isolated VM with selective apps, paths and services
 Author: CloneBox Team
 License: Apache-2.0
@@ -104,7 +104,7 @@ CloneBox excels in scenarios where developers need:
 
 ## What's New in v1.1
 
-**v1.1.0** is production-ready with two full runtimes:
+**v1.1.2** is production-ready with two full runtimes and P2P secure sharing:
 
 | Feature | Status |
 |---------|--------|
@@ -113,8 +113,34 @@ CloneBox excels in scenarios where developers need:
 | 📊 Web Dashboard (FastAPI + HTMX + Tailwind) | ✅ Stable |
 | 🎛️ Profiles System (`ml-dev`, `web-stack`) | ✅ Stable |
 | 🔍 Auto-detection (services, apps, paths) | ✅ Stable |
+| 🔒 P2P Secure Transfer (AES-256) | ✅ **NEW** |
 | 🧪 95%+ Test Coverage | ✅ |
 
+### P2P Secure VM Sharing
+
+Share VMs between workstations with AES-256 encryption:
+
+```bash
+# Generate team encryption key (once per team)
+clonebox keygen
+# 🔑 Key saved: ~/.clonebox.key
+
+# Export encrypted VM
+clonebox export-encrypted my-dev-vm -o team-env.enc --user-data
+
+# Transfer via SCP/SMB/USB
+scp team-env.enc user@workstationB:~/
+
+# Import on another machine (needs same key)
+clonebox import-encrypted team-env.enc --name my-dev-copy
+
+# Or use P2P commands directly
+clonebox export-remote user@hostA my-vm -o local.enc --encrypted
+clonebox import-remote local.enc user@hostB --encrypted
+clonebox sync-key user@hostB  # Sync encryption key
+clonebox list-remote user@hostB  # List remote VMs
+```
+
 ### Roadmap
 
 - **v1.2.0**: `clonebox exec` command, VM snapshots, snapshot restore

{clonebox-1.1.2.dist-info → clonebox-1.1.3.dist-info}/RECORD

@@ -1,18 +1,21 @@
 clonebox/__init__.py,sha256=CyfHVVq6KqBr4CNERBpXk_O6Q5B35q03YpdQbokVvvI,408
 clonebox/__main__.py,sha256=Fcoyzwwyz5-eC_sBlQk5a5RbKx8uodQz5sKJ190U0NU,135
-clonebox/cli.py,sha256=0ZOE66WVbIDdmIBf0_VyWw4U-jzPo_T4pCTXkWect5o,114804
+clonebox/cli.py,sha256=iPc2DWEDZaqBMXRJqpWKubmka9ZuJbAvs6mkMMEHAlw,122910
 clonebox/cloner.py,sha256=2YQO4SHCv0xOsU1hL9IqdgmxxJN-2j75X9pe-LpTpJE,82696
 clonebox/container.py,sha256=tiYK1ZB-DhdD6A2FuMA0h_sRNkUI7KfYcJ0tFOcdyeM,6105
 clonebox/dashboard.py,sha256=dMY6odvPq3j6FronhRRsX7aY3qdCwznB-aCWKEmHDNw,5768
 clonebox/detector.py,sha256=vS65cvFNPmUBCX1Y_TMTnSRljw6r1Ae9dlVtACs5XFc,23075
+clonebox/exporter.py,sha256=WIzVvmA0z_jjrpyXxvnXoLp9oaW6fKS7k0PGwzx_PIM,5629
+clonebox/importer.py,sha256=Q9Uk1IOA41mgGhU4ynW2k-h9GEoGxRKI3c9wWE4uxcA,7097
 clonebox/models.py,sha256=zwejkNtEEO_aPy_Q5UzXG5tszU-c7lkqh9LQus9eWMo,8307
+clonebox/p2p.py,sha256=LPQQ7wNO84yDnpVrGkaRU-FDUzqmC4URdZXVeHsNOew,5889
 clonebox/profiles.py,sha256=UP37fX_rhrG_O9ehNFJBUcULPmUtN1A8KsJ6cM44oK0,1986
 clonebox/validator.py,sha256=CF4hMlY69-AGRH5HdG8HAA9_LNCwDKD4xPlYQPWJ9Rw,36647
 clonebox/templates/profiles/ml-dev.yaml,sha256=w07MToGh31xtxpjbeXTBk9BkpAN8A3gv8HeA3ESKG9M,461
 clonebox/templates/profiles/web-stack.yaml,sha256=EBnnGMzML5vAjXmIUbCpbTCwmRaNJiuWd3EcL43DOK8,485
-clonebox-1.1.2.dist-info/licenses/LICENSE,sha256=xx0jnfkXJvxRnG63LTGOxlggYnIysveWIZ6H3PNdCrQ,11357
-clonebox-1.1.2.dist-info/METADATA,sha256=rcpTr77zlQIQ2VwauZBL5QEIGvmxuD0-4HQYIYj_jbE,47164
-clonebox-1.1.2.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
-clonebox-1.1.2.dist-info/entry_points.txt,sha256=FES95Vi3btfViLEEoHdb8nikNxTqzaooi9ehZw9ZfWI,47
-clonebox-1.1.2.dist-info/top_level.txt,sha256=LdMo2cvCrEcRGH2M8JgQNVsCoszLV0xug6kx1JnaRjo,9
-clonebox-1.1.2.dist-info/RECORD,,
+clonebox-1.1.3.dist-info/licenses/LICENSE,sha256=xx0jnfkXJvxRnG63LTGOxlggYnIysveWIZ6H3PNdCrQ,11357
+clonebox-1.1.3.dist-info/METADATA,sha256=16ilGCqzzvMBvEXxLZ-JlTyNxaI0u6ws74zM121Sw5o,47947
+clonebox-1.1.3.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
+clonebox-1.1.3.dist-info/entry_points.txt,sha256=FES95Vi3btfViLEEoHdb8nikNxTqzaooi9ehZw9ZfWI,47
+clonebox-1.1.3.dist-info/top_level.txt,sha256=LdMo2cvCrEcRGH2M8JgQNVsCoszLV0xug6kx1JnaRjo,9
+clonebox-1.1.3.dist-info/RECORD,,