fling-remote 0.1.0__tar.gz

fling_remote-0.1.0/PKG-INFO

@@ -0,0 +1,10 @@
+Metadata-Version: 2.4
+Name: fling-remote
+Version: 0.1.0
+Summary: Lightweight SSH orchestration CLI with encrypted credential vault
+Requires-Python: >=3.10
+Requires-Dist: asyncssh>=2.17
+Requires-Dist: cryptography>=42.0
+Requires-Dist: typer>=0.12
+Requires-Dist: rich>=13.0
+Requires-Dist: python-dotenv>=1.0

fling_remote-0.1.0/fling/cli.py

@@ -0,0 +1,247 @@
+from __future__ import annotations
+
+import asyncio
+from pathlib import Path
+
+from dotenv import load_dotenv
+
+load_dotenv(Path(__file__).resolve().parent.parent / ".env")
+
+import typer
+from rich.console import Console
+from rich.table import Table
+
+from fling.models import ServerProfile
+from fling.ssh import run_command, run_on_all, transfer_files
+from fling.vault import (
+    create_vault,
+    get_master_password,
+    load_profiles,
+    remove_profile,
+    save_profile,
+    vault_exists,
+)
+
+app = typer.Typer(help="fling — lightweight SSH orchestration with encrypted credentials")
+console = Console()
+
+
+@app.command()
+def setup():
+    """Interactive setup wizard — discover hosts from SSH config and probe connectivity."""
+    from fling.setup import run_setup_wizard
+    run_setup_wizard()
+
+
+@app.command()
+def init():
+    """Initialize the encrypted vault with a master password."""
+    if vault_exists():
+        console.print("[yellow]Vault already exists.[/yellow] Use 'fling add' to add servers.")
+        raise typer.Exit()
+    pw = typer.prompt("Set master password", hide_input=True)
+    pw2 = typer.prompt("Confirm master password", hide_input=True)
+    if pw != pw2:
+        console.print("[red]Passwords do not match.[/red]")
+        raise typer.Exit(1)
+    create_vault(pw)
+    console.print("[green]Vault created.[/green] Use 'fling add <alias>' to add servers.")
+
+
+@app.command()
+def add(alias: str):
+    """Add a server profile to the vault."""
+    if not vault_exists():
+        console.print("[red]No vault found.[/red] Run 'fling init' first.")
+        raise typer.Exit(1)
+    pw = get_master_password()
+    host = typer.prompt("Host")
+    port = typer.prompt("Port", default=22, type=int)
+    username = typer.prompt("Username", default="root")
+    password = typer.prompt("SSH password (leave empty for key auth)", default="", hide_input=True)
+    auth = "password" if password else "key"
+    profile = ServerProfile(
+        alias=alias, host=host, port=port, username=username,
+        password=password, auth_method=auth,
+    )
+    try:
+        save_profile(pw, profile)
+    except ValueError as e:
+        console.print(f"[red]{e}[/red]")
+        raise typer.Exit(1)
+    console.print(f"[green]Added '{alias}' ({auth} auth).[/green]")
+
+
+@app.command()
+def remove(alias: str):
+    """Remove a server profile from the vault."""
+    if not vault_exists():
+        console.print("[red]No vault found.[/red]")
+        raise typer.Exit(1)
+    pw = get_master_password()
+    try:
+        if remove_profile(pw, alias):
+            console.print(f"[green]Removed '{alias}'.[/green]")
+        else:
+            console.print(f"[yellow]'{alias}' not found.[/yellow]")
+    except ValueError as e:
+        console.print(f"[red]{e}[/red]")
+        raise typer.Exit(1)
+
+
+@app.command(name="list")
+def list_servers():
+    """List all server profiles (passwords hidden)."""
+    if not vault_exists():
+        console.print("[red]No vault found.[/red] Run 'fling init' first.")
+        raise typer.Exit(1)
+    pw = get_master_password()
+    try:
+        profiles = load_profiles(pw)
+    except ValueError as e:
+        console.print(f"[red]{e}[/red]")
+        raise typer.Exit(1)
+    if not profiles:
+        console.print("[yellow]No servers configured.[/yellow] Use 'fling setup' or 'fling add <alias>'.")
+        return
+    table = Table(title="Servers")
+    table.add_column("Alias", style="cyan")
+    table.add_column("Host")
+    table.add_column("Port")
+    table.add_column("User")
+    table.add_column("Auth")
+    table.add_column("ProxyJump")
+    for p in profiles.values():
+        auth_display = "[green]key[/green]" if p.auth_method == "key" else "[yellow]password[/yellow]"
+        table.add_row(p.alias, p.host, str(p.port), p.username, auth_display, p.proxy_jump or "-")
+    console.print(table)
+
+
+@app.command()
+def run(
+    alias: str,
+    command: str,
+    sudo: bool = typer.Option(False, "--sudo", help="Run with sudo"),
+    timeout: int = typer.Option(30, "--timeout", help="Timeout in seconds"),
+):
+    """Run a command on a single server."""
+    if not vault_exists():
+        console.print("[red]No vault found.[/red]")
+        raise typer.Exit(1)
+    pw = get_master_password()
+    try:
+        profiles = load_profiles(pw)
+    except ValueError as e:
+        console.print(f"[red]{e}[/red]")
+        raise typer.Exit(1)
+    if alias not in profiles:
+        console.print(f"[red]Server '{alias}' not found.[/red]")
+        raise typer.Exit(1)
+    with console.status(f"Running on {alias}..."):
+        result = asyncio.run(
+            run_command(profiles[alias], command, sudo=sudo, timeout=timeout, all_profiles=profiles)
+        )
+    if result.stdout:
+        console.print(result.stdout, end="")
+    if result.stderr:
+        console.print(f"[red]{result.stderr}[/red]", end="")
+    raise typer.Exit(result.exit_code)
+
+
+@app.command()
+def run_all(
+    command: str,
+    sudo: bool = typer.Option(False, "--sudo", help="Run with sudo"),
+    timeout: int = typer.Option(30, "--timeout", help="Timeout in seconds"),
+):
+    """Run a command on ALL servers in parallel."""
+    if not vault_exists():
+        console.print("[red]No vault found.[/red]")
+        raise typer.Exit(1)
+    pw = get_master_password()
+    try:
+        profiles = load_profiles(pw)
+    except ValueError as e:
+        console.print(f"[red]{e}[/red]")
+        raise typer.Exit(1)
+    if not profiles:
+        console.print("[yellow]No servers configured.[/yellow]")
+        raise typer.Exit(1)
+    with console.status(f"Running on {len(profiles)} server(s)..."):
+        results = asyncio.run(
+            run_on_all(list(profiles.values()), command, sudo=sudo, timeout=timeout, all_profiles=profiles)
+        )
+    for r in results:
+        header = f"[cyan]{r.alias}[/cyan]"
+        if r.exit_code == 0:
+            header += " [green](ok)[/green]"
+        else:
+            header += f" [red](exit {r.exit_code})[/red]"
+        console.print(header)
+        if r.stdout:
+            console.print(r.stdout, end="")
+        if r.stderr:
+            console.print(f"[red]{r.stderr}[/red]", end="")
+        console.print()
+
+
+def _parse_remote_path(spec: str) -> tuple[str, str]:
+    """Parse 'alias:path' into (alias, path). Raises if invalid."""
+    if ":" not in spec:
+        raise typer.BadParameter(f"Expected alias:path, got '{spec}'")
+    alias, path = spec.split(":", 1)
+    if not alias or not path:
+        raise typer.BadParameter(f"Expected alias:path, got '{spec}'")
+    return alias, path
+
+
+@app.command()
+def transfer(
+    src: str = typer.Argument(help="Source as alias:/path/to/file_or_dir"),
+    dst: str = typer.Argument(help="Destination as alias:/path/to/dir"),
+):
+    """Transfer files between servers using this machine as a relay.
+
+    Examples:
+        fling transfer 6000:~/script.py 4090s:~/jimmys_projects/
+        fling transfer e6000:~/jimmys_projects/myapp 6000:~/jimmys_projects/
+        fling transfer 4090s:~/jimmys_projects/*.py A100:~/scripts/
+    """
+    if not vault_exists():
+        console.print("[red]No vault found.[/red]")
+        raise typer.Exit(1)
+    pw = get_master_password()
+    try:
+        profiles = load_profiles(pw)
+    except ValueError as e:
+        console.print(f"[red]{e}[/red]")
+        raise typer.Exit(1)
+
+    src_alias, src_path = _parse_remote_path(src)
+    dst_alias, dst_path = _parse_remote_path(dst)
+
+    if src_alias not in profiles:
+        console.print(f"[red]Server '{src_alias}' not found.[/red]")
+        raise typer.Exit(1)
+    if dst_alias not in profiles:
+        console.print(f"[red]Server '{dst_alias}' not found.[/red]")
+        raise typer.Exit(1)
+
+    with console.status(f"Transferring {src_alias} → {dst_alias}..."):
+        stdout, stderr = asyncio.run(
+            transfer_files(
+                profiles[src_alias], src_path,
+                profiles[dst_alias], dst_path,
+                all_profiles=profiles,
+            )
+        )
+    if stdout:
+        console.print(stdout)
+    if stderr:
+        console.print(f"[red]{stderr}[/red]")
+        raise typer.Exit(1)
+    console.print(f"[green]Done.[/green]")
+
+
+if __name__ == "__main__":
+    app()

fling_remote-0.1.0/fling/models.py

@@ -0,0 +1,24 @@
+from __future__ import annotations
+
+from dataclasses import dataclass, asdict, field
+
+
+@dataclass
+class ServerProfile:
+    alias: str
+    host: str
+    port: int = 22
+    username: str = "root"
+    password: str = ""
+    auth_method: str = "password"  # "key" or "password"
+    proxy_jump: str = ""  # alias of another host to jump through
+
+    def to_dict(self) -> dict:
+        return asdict(self)
+
+    @classmethod
+    def from_dict(cls, data: dict) -> ServerProfile:
+        # Handle vaults created before auth_method/proxy_jump existed
+        data.setdefault("auth_method", "password")
+        data.setdefault("proxy_jump", "")
+        return cls(**data)

fling_remote-0.1.0/fling/setup.py

@@ -0,0 +1,246 @@
+from __future__ import annotations
+
+import asyncio
+from pathlib import Path
+
+import typer
+from rich.console import Console
+from rich.table import Table
+
+from fling.models import ServerProfile
+from fling.ssh import probe_connection
+from fling.vault import create_vault, get_master_password, load_profiles, save_profile, vault_exists
+
+console = Console()
+
+SSH_CONFIG_PATH = Path.home() / ".ssh" / "config"
+
+
+def parse_ssh_config() -> list[dict]:
+    """Parse ~/.ssh/config and return a list of host entries."""
+    if not SSH_CONFIG_PATH.exists():
+        return []
+
+    hosts = []
+    current: dict | None = None
+
+    for line in SSH_CONFIG_PATH.read_text().splitlines():
+        stripped = line.strip()
+        if not stripped or stripped.startswith("#"):
+            continue
+
+        # Split on first whitespace
+        parts = stripped.split(None, 1)
+        if len(parts) != 2:
+            continue
+        key, value = parts[0].lower(), parts[1]
+
+        if key == "host":
+            # Skip wildcard entries
+            if "*" in value or "?" in value:
+                current = None
+                continue
+            current = {"alias": value, "host": "", "port": 22, "username": "root", "proxy_jump": ""}
+            hosts.append(current)
+        elif current is not None:
+            if key == "hostname":
+                current["host"] = value
+            elif key == "port":
+                current["port"] = int(value)
+            elif key == "user":
+                current["username"] = value
+            elif key == "proxyjump":
+                current["proxy_jump"] = value
+
+    # If HostName wasn't set, use the alias as the host
+    for h in hosts:
+        if not h["host"]:
+            h["host"] = h["alias"]
+
+    return hosts
+
+
+async def _probe_with_tunnel(
+    entry: dict,
+    jump_profile: ServerProfile | None = None,
+    password: str | None = None,
+    timeout: int = 10,
+) -> tuple[bool, str]:
+    """Probe a host, opening a proxy tunnel if needed — all in one async context."""
+    import asyncssh
+
+    tunnel = None
+    try:
+        if jump_profile:
+            tunnel_kwargs = dict(
+                host=jump_profile.host, port=jump_profile.port,
+                username=jump_profile.username, known_hosts=None,
+            )
+            if jump_profile.auth_method == "password" and jump_profile.password:
+                tunnel_kwargs["password"] = jump_profile.password
+            tunnel = await asyncio.wait_for(asyncssh.connect(**tunnel_kwargs), timeout=timeout)
+
+        success, method = await probe_connection(
+            host=entry["host"],
+            port=entry["port"],
+            username=entry["username"],
+            password=password,
+            proxy_jump_conn=tunnel,
+            timeout=timeout,
+        )
+        return success, method
+    except Exception:
+        return False, ""
+    finally:
+        if tunnel:
+            tunnel.close()
+
+
+def run_setup_wizard():
+    """Interactive setup wizard that discovers and probes SSH hosts."""
+
+    console.print("\n[bold cyan]fling setup wizard[/bold cyan]\n")
+
+    # Step 1: Ensure vault exists
+    if not vault_exists():
+        console.print("No vault found. Let's create one first.\n")
+        pw = typer.prompt("Set master password", hide_input=True)
+        pw2 = typer.prompt("Confirm master password", hide_input=True)
+        if pw != pw2:
+            console.print("[red]Passwords do not match.[/red]")
+            raise typer.Exit(1)
+        create_vault(pw)
+        console.print("[green]Vault created.[/green]\n")
+    else:
+        console.print("Vault found.\n")
+
+    pw = get_master_password()
+
+    # Validate password
+    try:
+        existing = load_profiles(pw)
+    except ValueError:
+        console.print("[red]Invalid master password.[/red]")
+        raise typer.Exit(1)
+
+    # Step 2: Parse SSH config
+    entries = parse_ssh_config()
+    if not entries:
+        console.print("[yellow]No hosts found in ~/.ssh/config.[/yellow]")
+    else:
+        console.print(f"Found [cyan]{len(entries)}[/cyan] hosts in ~/.ssh/config:\n")
+        table = Table()
+        table.add_column("Alias", style="cyan")
+        table.add_column("Host")
+        table.add_column("Port")
+        table.add_column("User")
+        table.add_column("ProxyJump")
+        for e in entries:
+            table.add_row(e["alias"], e["host"], str(e["port"]), e["username"], e["proxy_jump"] or "-")
+        console.print(table)
+        console.print()
+
+    # Step 3: Probe each host
+    results: list[tuple[str, str]] = []  # (alias, status)
+    # Sort: non-proxyjump hosts first (they might be needed as tunnels)
+    non_proxy = [e for e in entries if not e["proxy_jump"]]
+    with_proxy = [e for e in entries if e["proxy_jump"]]
+
+    # Track connected profiles for proxy jump resolution
+    connected_profiles: dict[str, ServerProfile] = dict(existing)
+
+    for entry in non_proxy + with_proxy:
+        alias = entry["alias"]
+
+        # Skip if already in vault
+        if alias in existing:
+            console.print(f"  [dim]{alias}[/dim] — already in vault, skipping")
+            results.append((alias, "existing"))
+            continue
+
+        console.print(f"  [cyan]{alias}[/cyan] ({entry['host']}:{entry['port']}) — ", end="")
+
+        # Resolve proxy jump profile if needed
+        jump_profile = None
+        if entry["proxy_jump"]:
+            if entry["proxy_jump"] in connected_profiles:
+                jump_profile = connected_profiles[entry["proxy_jump"]]
+            else:
+                console.print("[yellow]proxy jump host not available, skipping[/yellow]")
+                results.append((alias, "skipped"))
+                continue
+
+        # Try key-based auth (tunnel + probe in single async context)
+        success, method = asyncio.run(
+            _probe_with_tunnel(entry, jump_profile=jump_profile, timeout=10)
+        )
+
+        if success:
+            console.print(f"[green]connected (ssh key)[/green]")
+            profile = ServerProfile(
+                alias=alias, host=entry["host"], port=entry["port"],
+                username=entry["username"], password="",
+                auth_method="key", proxy_jump=entry.get("proxy_jump", ""),
+            )
+            save_profile(pw, profile)
+            connected_profiles[alias] = profile
+            results.append((alias, "key"))
+        else:
+            console.print("[yellow]key auth failed[/yellow]")
+            try_password = typer.confirm(f"    Try password for {alias}?", default=True)
+            if not try_password:
+                results.append((alias, "skipped"))
+                continue
+
+            password = typer.prompt(f"    Password for {entry['username']}@{alias}", hide_input=True)
+            pw_success, _ = asyncio.run(
+                _probe_with_tunnel(entry, jump_profile=jump_profile, password=password, timeout=10)
+            )
+
+            if pw_success:
+                console.print(f"    [green]connected (password)[/green]")
+                profile = ServerProfile(
+                    alias=alias, host=entry["host"], port=entry["port"],
+                    username=entry["username"], password=password,
+                    auth_method="password", proxy_jump=entry.get("proxy_jump", ""),
+                )
+                save_profile(pw, profile)
+                connected_profiles[alias] = profile
+                results.append((alias, "password"))
+            else:
+                console.print(f"    [red]failed[/red]")
+                results.append((alias, "failed"))
+
+    # Step 4: Summary
+    console.print("\n[bold]Summary:[/bold]")
+    summary_table = Table()
+    summary_table.add_column("Server", style="cyan")
+    summary_table.add_column("Status")
+    for alias, status in results:
+        style_map = {
+            "key": "[green]saved (ssh key)[/green]",
+            "password": "[green]saved (password)[/green]",
+            "existing": "[dim]already configured[/dim]",
+            "skipped": "[yellow]skipped[/yellow]",
+            "failed": "[red]failed[/red]",
+        }
+        summary_table.add_row(alias, style_map.get(status, status))
+    console.print(summary_table)
+
+    # Step 5: Add more?
+    console.print()
+    while typer.confirm("Add another server manually?", default=False):
+        alias = typer.prompt("  Alias")
+        host = typer.prompt("  Host")
+        port = typer.prompt("  Port", default=22, type=int)
+        username = typer.prompt("  Username", default="root")
+        password = typer.prompt("  SSH password (leave empty for key auth)", default="", hide_input=True)
+        auth = "password" if password else "key"
+        profile = ServerProfile(
+            alias=alias, host=host, port=port, username=username,
+            password=password, auth_method=auth,
+        )
+        save_profile(pw, profile)
+        console.print(f"  [green]Added '{alias}'.[/green]")
+
+    console.print("\n[green]Setup complete.[/green] Use 'fling list' to see your servers.")

fling_remote-0.1.0/fling/ssh.py

@@ -0,0 +1,249 @@
+from __future__ import annotations
+
+import asyncio
+from dataclasses import dataclass
+
+import asyncssh
+
+from fling.models import ServerProfile
+
+
+@dataclass
+class CommandResult:
+    alias: str
+    stdout: str
+    stderr: str
+    exit_code: int
+
+
+async def _get_tunnel(proxy_jump: str, profiles: dict[str, ServerProfile] | None = None):
+    """Open a tunnel connection through a proxy jump host."""
+    if not proxy_jump or not profiles or proxy_jump not in profiles:
+        return None
+    jump = profiles[proxy_jump]
+    connect_kwargs = dict(
+        host=jump.host,
+        port=jump.port,
+        username=jump.username,
+        known_hosts=None,
+    )
+    if jump.auth_method == "password" and jump.password:
+        connect_kwargs["password"] = jump.password
+    return await asyncssh.connect(**connect_kwargs)
+
+
+def _connect_kwargs(profile: ServerProfile) -> dict:
+    """Build asyncssh.connect kwargs based on auth method."""
+    kwargs = dict(
+        host=profile.host,
+        port=profile.port,
+        username=profile.username,
+        known_hosts=None,
+    )
+    if profile.auth_method == "password" and profile.password:
+        kwargs["password"] = profile.password
+    return kwargs
+
+
+async def probe_connection(
+    host: str,
+    port: int,
+    username: str,
+    password: str | None = None,
+    proxy_jump_conn=None,
+    timeout: int = 10,
+) -> tuple[bool, str]:
+    """Try to connect and run 'echo ok'. Returns (success, auth_method_used)."""
+    # Try key-based auth first
+    try:
+        connect_kwargs = dict(
+            host=host, port=port, username=username, known_hosts=None,
+        )
+        if proxy_jump_conn:
+            connect_kwargs["tunnel"] = proxy_jump_conn
+        async with asyncssh.connect(**connect_kwargs) as conn:
+            result = await asyncio.wait_for(conn.run("echo ok", check=False), timeout=timeout)
+            if result.exit_status == 0:
+                return True, "key"
+    except Exception:
+        pass
+
+    # Try password auth if provided
+    if password:
+        try:
+            connect_kwargs = dict(
+                host=host, port=port, username=username,
+                password=password, known_hosts=None,
+            )
+            if proxy_jump_conn:
+                connect_kwargs["tunnel"] = proxy_jump_conn
+            async with asyncssh.connect(**connect_kwargs) as conn:
+                result = await asyncio.wait_for(conn.run("echo ok", check=False), timeout=timeout)
+                if result.exit_status == 0:
+                    return True, "password"
+        except Exception:
+            pass
+
+    return False, ""
+
+
+async def run_command(
+    profile: ServerProfile,
+    command: str,
+    sudo: bool = False,
+    timeout: int = 30,
+    all_profiles: dict[str, ServerProfile] | None = None,
+) -> CommandResult:
+    tunnel = None
+    try:
+        if profile.proxy_jump:
+            tunnel = await _get_tunnel(profile.proxy_jump, all_profiles)
+
+        kwargs = _connect_kwargs(profile)
+        if tunnel:
+            kwargs["tunnel"] = tunnel
+
+        async with asyncssh.connect(**kwargs) as conn:
+            if sudo:
+                command = f"sudo -S {command}"
+                sudo_input = (profile.password + "\n") if profile.password else ""
+                result = await asyncio.wait_for(
+                    conn.run(command, input=sudo_input, check=False),
+                    timeout=timeout,
+                )
+            else:
+                result = await asyncio.wait_for(
+                    conn.run(command, check=False),
+                    timeout=timeout,
+                )
+            return CommandResult(
+                alias=profile.alias,
+                stdout=result.stdout or "",
+                stderr=result.stderr or "",
+                exit_code=result.exit_status or 0,
+            )
+    except asyncio.TimeoutError:
+        return CommandResult(
+            alias=profile.alias, stdout="",
+            stderr=f"Timed out after {timeout}s", exit_code=-1,
+        )
+    except Exception as e:
+        return CommandResult(
+            alias=profile.alias, stdout="", stderr=str(e), exit_code=-1,
+        )
+    finally:
+        if tunnel:
+            tunnel.close()
+
+
+async def transfer_files(
+    src_profile: ServerProfile,
+    src_path: str,
+    dst_profile: ServerProfile,
+    dst_path: str,
+    all_profiles: dict[str, ServerProfile] | None = None,
+) -> tuple[str, str]:
+    """Download files from src to a local temp dir, then upload to dst.
+
+    Returns (stdout_log, stderr_log).
+    """
+    import tempfile
+    import os
+
+    log_lines = []
+    errors = []
+
+    with tempfile.TemporaryDirectory(prefix="fling_transfer_") as tmp:
+        # --- Download from source ---
+        src_tunnel = None
+        try:
+            if src_profile.proxy_jump:
+                src_tunnel = await _get_tunnel(src_profile.proxy_jump, all_profiles)
+            kwargs = _connect_kwargs(src_profile)
+            if src_tunnel:
+                kwargs["tunnel"] = src_tunnel
+
+            async with asyncssh.connect(**kwargs) as conn:
+                # Check if source is a directory
+                result = await conn.run(f"test -d {src_path} && echo DIR || echo FILE", check=False)
+                is_dir = result.stdout.strip() == "DIR"
+
+                if is_dir:
+                    log_lines.append(f"Downloading directory {src_path} from {src_profile.alias}...")
+                    await asyncssh.scp(
+                        (conn, src_path), tmp, recurse=True, preserve=True
+                    )
+                else:
+                    # Could be a glob or single file — let the remote expand it
+                    result = await conn.run(f"ls -1 {src_path} 2>/dev/null", check=False)
+                    files = [f for f in result.stdout.strip().split("\n") if f]
+                    if not files:
+                        return "", f"No files matched: {src_path}"
+                    log_lines.append(f"Downloading {len(files)} file(s) from {src_profile.alias}...")
+                    for f in files:
+                        await asyncssh.scp(
+                            (conn, f), tmp, preserve=True
+                        )
+        except Exception as e:
+            return "", f"Download failed: {e}"
+        finally:
+            if src_tunnel:
+                src_tunnel.close()
+
+        # List what we got
+        local_files = []
+        for root, dirs, filenames in os.walk(tmp):
+            for fname in filenames:
+                full = os.path.join(root, fname)
+                rel = os.path.relpath(full, tmp)
+                local_files.append(rel)
+        log_lines.append(f"Staged {len(local_files)} file(s) locally")
+
+        # --- Upload to destination ---
+        dst_tunnel = None
+        try:
+            if dst_profile.proxy_jump:
+                dst_tunnel = await _get_tunnel(dst_profile.proxy_jump, all_profiles)
+            kwargs = _connect_kwargs(dst_profile)
+            if dst_tunnel:
+                kwargs["tunnel"] = dst_tunnel
+
+            async with asyncssh.connect(**kwargs) as conn:
+                # Ensure destination directory exists
+                await conn.run(f"mkdir -p {dst_path}", check=False)
+
+                log_lines.append(f"Uploading to {dst_profile.alias}:{dst_path}...")
+                # Upload everything from tmp
+                entries = os.listdir(tmp)
+                for entry in entries:
+                    src_local = os.path.join(tmp, entry)
+                    is_local_dir = os.path.isdir(src_local)
+                    await asyncssh.scp(
+                        src_local, (conn, dst_path),
+                        recurse=is_local_dir, preserve=True
+                    )
+        except Exception as e:
+            return "\n".join(log_lines), f"Upload failed: {e}"
+        finally:
+            if dst_tunnel:
+                dst_tunnel.close()
+
+    log_lines.append("Transfer complete")
+    for f in local_files:
+        log_lines.append(f"  {f}")
+
+    return "\n".join(log_lines), "\n".join(errors) if errors else ""
+
+
+async def run_on_all(
+    profiles: list[ServerProfile],
+    command: str,
+    sudo: bool = False,
+    timeout: int = 30,
+    all_profiles: dict[str, ServerProfile] | None = None,
+) -> list[CommandResult]:
+    tasks = [
+        run_command(p, command, sudo=sudo, timeout=timeout, all_profiles=all_profiles)
+        for p in profiles
+    ]
+    return await asyncio.gather(*tasks)

fling_remote-0.1.0/fling/vault.py

@@ -0,0 +1,90 @@
+from __future__ import annotations
+
+import base64
+import json
+import os
+from pathlib import Path
+
+from cryptography.fernet import Fernet, InvalidToken
+from cryptography.hazmat.primitives import hashes
+from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
+
+from fling.models import ServerProfile
+
+VAULT_DIR = Path.home() / ".config" / "fling"
+VAULT_FILE = VAULT_DIR / "vault.enc"
+SALT_SIZE = 16
+KDF_ITERATIONS = 600_000
+
+
+def _derive_key(password: str, salt: bytes) -> bytes:
+    kdf = PBKDF2HMAC(
+        algorithm=hashes.SHA256(),
+        length=32,
+        salt=salt,
+        iterations=KDF_ITERATIONS,
+    )
+    return base64.urlsafe_b64encode(kdf.derive(password.encode()))
+
+
+def get_master_password() -> str:
+    pw = os.environ.get("FLING_MASTER_KEY")
+    if pw:
+        return pw
+    import getpass
+    return getpass.getpass("Master password: ")
+
+
+def vault_exists() -> bool:
+    return VAULT_FILE.exists()
+
+
+def create_vault(password: str) -> None:
+    VAULT_DIR.mkdir(parents=True, exist_ok=True)
+    salt = os.urandom(SALT_SIZE)
+    key = _derive_key(password, salt)
+    f = Fernet(key)
+    encrypted = f.encrypt(json.dumps({}).encode())
+    VAULT_FILE.write_bytes(salt + encrypted)
+    VAULT_FILE.chmod(0o600)
+
+
+def _load_raw(password: str) -> dict:
+    data = VAULT_FILE.read_bytes()
+    salt = data[:SALT_SIZE]
+    encrypted = data[SALT_SIZE:]
+    key = _derive_key(password, salt)
+    f = Fernet(key)
+    try:
+        decrypted = f.decrypt(encrypted)
+    except InvalidToken:
+        raise ValueError("Invalid master password")
+    return json.loads(decrypted), salt
+
+
+def _save_raw(profiles: dict, password: str, salt: bytes) -> None:
+    key = _derive_key(password, salt)
+    f = Fernet(key)
+    encrypted = f.encrypt(json.dumps(profiles).encode())
+    VAULT_FILE.write_bytes(salt + encrypted)
+    VAULT_FILE.chmod(0o600)
+
+
+def load_profiles(password: str) -> dict[str, ServerProfile]:
+    raw, _ = _load_raw(password)
+    return {alias: ServerProfile.from_dict(data) for alias, data in raw.items()}
+
+
+def save_profile(password: str, profile: ServerProfile) -> None:
+    raw, salt = _load_raw(password)
+    raw[profile.alias] = profile.to_dict()
+    _save_raw(raw, password, salt)
+
+
+def remove_profile(password: str, alias: str) -> bool:
+    raw, salt = _load_raw(password)
+    if alias not in raw:
+        return False
+    del raw[alias]
+    _save_raw(raw, password, salt)
+    return True

fling_remote-0.1.0/fling_remote.egg-info/PKG-INFO

@@ -0,0 +1,10 @@
+Metadata-Version: 2.4
+Name: fling-remote
+Version: 0.1.0
+Summary: Lightweight SSH orchestration CLI with encrypted credential vault
+Requires-Python: >=3.10
+Requires-Dist: asyncssh>=2.17
+Requires-Dist: cryptography>=42.0
+Requires-Dist: typer>=0.12
+Requires-Dist: rich>=13.0
+Requires-Dist: python-dotenv>=1.0

fling_remote-0.1.0/fling_remote.egg-info/SOURCES.txt

@@ -0,0 +1,13 @@
+pyproject.toml
+fling/__init__.py
+fling/cli.py
+fling/models.py
+fling/setup.py
+fling/ssh.py
+fling/vault.py
+fling_remote.egg-info/PKG-INFO
+fling_remote.egg-info/SOURCES.txt
+fling_remote.egg-info/dependency_links.txt
+fling_remote.egg-info/entry_points.txt
+fling_remote.egg-info/requires.txt
+fling_remote.egg-info/top_level.txt

fling_remote-0.1.0/fling_remote.egg-info/dependency_links.txt

@@ -0,0 +1 @@
+

fling_remote-0.1.0/fling_remote.egg-info/entry_points.txt

@@ -0,0 +1,2 @@
+[console_scripts]
+fling = fling.cli:app

fling_remote-0.1.0/fling_remote.egg-info/requires.txt

@@ -0,0 +1,5 @@
+asyncssh>=2.17
+cryptography>=42.0
+typer>=0.12
+rich>=13.0
+python-dotenv>=1.0

fling_remote-0.1.0/fling_remote.egg-info/top_level.txt

@@ -0,0 +1 @@
+fling

fling_remote-0.1.0/pyproject.toml

@@ -0,0 +1,19 @@
+[build-system]
+requires = ["setuptools>=68.0", "wheel"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "fling-remote"
+version = "0.1.0"
+description = "Lightweight SSH orchestration CLI with encrypted credential vault"
+requires-python = ">=3.10"
+dependencies = [
+    "asyncssh>=2.17",
+    "cryptography>=42.0",
+    "typer>=0.12",
+    "rich>=13.0",
+    "python-dotenv>=1.0",
+]
+
+[project.scripts]
+fling = "fling.cli:app"

fling_remote-0.1.0/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+