UNPKG

safevibe

Version:

Safevibe CLI - Simple personal secret vault for AI developers and amateur vibe coders

github.com/safevibe/safevibe

safevibe/safevibe

233 lines (232 loc) 8.67 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
import { createHash } from "node:crypto"; import { readFile, writeFile, mkdir } from "node:fs/promises"; import { homedir } from "node:os"; import { join } from "node:path"; /** * HTTP client that mimics tRPC interface */ class HttpTrpcClient { baseUrl; getHeaders; constructor(baseUrl, getHeaders) { this.baseUrl = baseUrl; this.getHeaders = getHeaders; } secret = { save: { mutate: async (params) => { const endpoint = 'cli.saveSecret'; const response = await fetch(`${this.baseUrl}/api/trpc/${endpoint}`, { method: "POST", headers: { "Content-Type": "application/json", ...this.getHeaders(), }, body: JSON.stringify({ json: params }), }); if (!response.ok) { throw new Error(`Failed to save secret: ${response.statusText}`); } const data = await response.json(); return data.result?.data?.json || { version: 1 }; }, }, get: { query: async (params) => { const endpoint = 'cli.getSecret'; const url = new URL(`${this.baseUrl}/api/trpc/${endpoint}`); url.searchParams.set("input", JSON.stringify({ json: params })); const response = await fetch(url.toString(), { headers: this.getHeaders(), }); if (!response.ok) { throw new Error(`Failed to get secret: ${response.statusText}`); } const data = await response.json(); return data.result?.data?.json || { ciphertext: "", version: 1 }; }, }, list: { query: async () => { const endpoint = 'cli.listSecrets'; const response = await fetch(`${this.baseUrl}/api/trpc/${endpoint}`, { headers: this.getHeaders(), }); if (!response.ok) { throw new Error(`Failed to list secrets: ${response.statusText}`); } const data = await response.json(); return data.result?.data?.json || []; }, }, rotate: { mutate: async (params) => { const endpoint = 'cli.rotateSecret'; const response = await fetch(`${this.baseUrl}/api/trpc/${endpoint}`, { method: "POST", headers: { "Content-Type": "application/json", ...this.getHeaders(), }, body: JSON.stringify({ json: params }), }); if (!response.ok) { throw new Error(`Failed to rotate secret: ${response.statusText}`); } const data = await response.json(); return data.result?.data?.json || { version: 1 }; }, }, }; } /** * Safevibe Client for MCP Server * * Handles: * - HTTP communication with backend * - Local X25519 encryption/decryption * - Session management * - Configuration persistence * * Simplified to work without projects - everything is user-scoped */ export class SafevibeClient { trpc; config; configPath; constructor() { // Default configuration - use production backend this.config = { backendUrl: process.env.SAFEVIBE_BACKEND_URL || "https://safevibe.vercel.app", }; // Configuration file path this.configPath = join(homedir(), ".safevibe", "mcp-config.json"); // Initialize HTTP client that mimics tRPC this.trpc = new HttpTrpcClient(this.config.backendUrl, () => { const headers = {}; if (this.config.sessionToken) { headers.Authorization = `Bearer ${this.config.sessionToken}`; } return headers; }); } /** * Initialize the client * Load configuration, ensure authentication, setup encryption keys */ async initialize() { await this.loadConfig(); await this.ensureAuthenticated(); await this.ensureKeys(); } /** * Cleanup resources */ async cleanup() { // Nothing to clean up for now } /** * Load configuration from file system */ async loadConfig() { try { const configData = await readFile(this.configPath, "utf-8"); const fileConfig = JSON.parse(configData); this.config = { ...this.config, ...fileConfig }; } catch (error) { // Config file doesn't exist or invalid, use defaults console.error("📝 No MCP config found, using defaults"); } } /** * Save configuration to file system */ async saveConfig() { try { await mkdir(join(homedir(), ".safevibe"), { recursive: true }); await writeFile(this.configPath, JSON.stringify(this.config, null, 2)); } catch (error) { console.error("❌ Failed to save MCP config:", error); } } /** * Ensure user is authenticated * Try to load session from CLI config, require proper authentication */ async ensureAuthenticated() { // Try to load session from CLI config try { const cliConfigPath = join(homedir(), ".safevibe", "config.json"); const cliConfigData = await readFile(cliConfigPath, "utf-8"); const cliConfig = JSON.parse(cliConfigData); if (cliConfig.sessionToken && cliConfig.userId) { console.error("✅ Found CLI authentication"); this.config.sessionToken = cliConfig.sessionToken; this.config.userId = cliConfig.userId; this.config.backendUrl = cliConfig.backendUrl || this.config.backendUrl; await this.saveConfig(); return; } } catch (error) { // CLI config doesn't exist or invalid } throw new Error("No valid authentication found. Please run 'safevibe init' to authenticate first."); } /** * Ensure cryptographic keys are generated * For demo purposes, we'll use a simple symmetric encryption * In production, this would use X25519 with proper key derivation */ async ensureKeys() { if (!this.config.privateKey || !this.config.publicKey) { console.error("🔑 Generating new encryption keys..."); // For demo: simple key derivation from a password // In production: use X25519 key generation const seed = process.env.SAFEVIBE_ENCRYPTION_KEY || "demo-key-safevibe-2024"; const hash = createHash("sha256").update(seed).digest("hex"); this.config.privateKey = hash.substring(0, 32); this.config.publicKey = hash.substring(32, 64); await this.saveConfig(); console.error("✅ Encryption keys generated and saved"); } } /** * Encrypt a secret value locally * For demo: simple XOR encryption * In production: use age encryption or similar with X25519 */ async encryptSecret(plaintext) { if (!this.config.privateKey) { throw new Error("No encryption key available"); } // Simple XOR encryption for demo const key = Buffer.from(this.config.privateKey, "hex"); const data = Buffer.from(plaintext, "utf-8"); const encrypted = Buffer.alloc(data.length); for (let i = 0; i < data.length; i++) { encrypted[i] = data[i] ^ key[i % key.length]; } return encrypted.toString("base64"); } /** * Decrypt a secret value locally * For demo: simple XOR decryption * In production: use age decryption or similar with X25519 */ async decryptSecret(ciphertext) { if (!this.config.privateKey) { throw new Error("No encryption key available"); } // Simple XOR decryption for demo (same as encryption) const key = Buffer.from(this.config.privateKey, "hex"); const data = Buffer.from(ciphertext, "base64"); const decrypted = Buffer.alloc(data.length); for (let i = 0; i < data.length; i++) { decrypted[i] = data[i] ^ key[i % key.length]; } return decrypted.toString("utf-8"); } }