feat(cli): Added CLI

[rajdip-b]

User description

Description

The CLI

The main aim of this PR is to add the base keyshade CLI. Right now, the CLI is very fragile (mostly contains experimental code), but contains two of the main commands:

• keyshade configure
• keyshade run

These commands will allow you to configure any project of yours to be configured and used with keyshade.

Changes in API

We had to make some changes to how the API sent data to the CLI. We added a few endpoints and modified some. One of the things we would like to point out is, secrets would be sent in plain text to the users for now if the project contains the private key and the user has access to it.

Testing the CLI

• Checkout the PR
• Run the API
• Create an API key
• Create a project, an environment, and a variable named PORT_NUMBER
• Go to apps/cli and run pnpm watch
• Configure the CLI using node dist/index.js configure (from apps/cli)
• For testing purposes, create a file, say test.js and then add the following code to it:

  setInterval(() => {
    const PORT_NUMBER = process.env.PORT_NUMBER
    console.log(`PORT_NUMBER: ${PORT_NUMBER}`)
  }, 3000)

• Now, test the run command using node dist/index.js run "node test.js"

Notice how the program will start printing the PORT_NUMBER value. Try adding a revision, say setting the value to something else. Observe the CLI pick the change and reflect it automatically.

---

PR Type

Enhancement, Documentation

---

Description

• Implemented CLI commands configure and run with real-time updates and configuration management.
• Enhanced secret and variable services with methods for fetching environment-specific data and improved change notifications.
• Added endpoints for fetching all secrets and variables of a project and environment.
• Enhanced API key update logic and added validation for API key existence.
• Implemented utility functions for configuration management and logging in the CLI.
• Updated dependencies and added new ones for the CLI project.
• Added TypeScript definitions and configurations for the CLI project.

---

Changes walkthrough 📝

	Relevant files
Enhancement	22 files run.command.ts Implement `RunCommand` for executing commands with real-time updates apps/cli/src/commands/run/run.command.ts Implemented RunCommand class to handle the run command. Added methods for fetching configurations, connecting to a socket, and executing commands. Integrated socket.io for real-time configuration updates. +194/-0  secret.service.ts Enhance secret service with environment-specific methods and notifications apps/api/src/secret/service/secret.service.ts Added methods to fetch all secrets for a project and environment. Modified secret update logic to include version ordering and plaintext flag. Enhanced Redis change notification publishing. +78/-8    variable.service.ts Enhance variable service with environment-specific methods and notifications apps/api/src/variable/service/variable.service.ts Added methods to fetch all variables for a project and environment. Modified variable update logic to include version ordering and plaintext flag. Enhanced Redis change notification publishing. +76/-6    configure.command.ts Implement `ConfigureCommand` for CLI configuration management apps/cli/src/commands/configure/configure.command.ts Implemented ConfigureCommand class to handle the configure command. Added methods for listing and creating configurations. Integrated user prompts for configuration inputs. +147/-0  configuration.ts Add configuration utility functions for CLI                            apps/cli/src/util/configuration.ts Added utility functions for fetching and writing project and user root configurations. Implemented methods to determine OS type and configuration file paths. +61/-0    variable.controller.ts Add endpoint for fetching all variables of a project and environment apps/api/src/variable/controller/variable.controller.ts Added endpoint to fetch all variables for a project and environment. Updated updateVariable method to use UpdateVariable DTO. +16/-1    api-key.service.ts Enhance API key update logic with authority merging            apps/api/src/api-key/service/api-key.service.ts Enhanced updateApiKey method to merge existing and new authorities. Added validation for API key existence before updating. +18/-5    logger.ts Add Logger utility for formatted logging                                  apps/cli/src/util/logger.ts Implemented Logger utility with methods for logging info, error, and warning messages. Integrated chalk and moment for formatted logging. +30/-0    secret.ts Add SecretController for fetching secrets via HTTP              apps/cli/src/http/secret.ts Implemented SecretController for fetching secrets via HTTP. Added method to fetch secrets from the API. +28/-0    variable.ts Add VariableController for fetching variables via HTTP      apps/cli/src/http/variable.ts Implemented VariableController for fetching variables via HTTP. Added method to fetch variables from the API. +28/-0    change-notifier.socket.ts Enhance client registration with detailed response and logging apps/api/src/socket/change-notifier.socket.ts Enhanced client registration to emit detailed response upon successful registration. Added logging for client registration events. +11/-3    index.ts Set up CLI entry point with commander                                        apps/cli/src/index.ts Set up CLI entry point with commander. Registered ConfigureCommand and RunCommand. +20/-0    auth.guard.ts Enhance AuthGuard error handling for API key validation    apps/api/src/auth/guard/auth/auth.guard.ts Enhanced error handling in AuthGuard for API key validation. Added specific error messages for missing and invalid API keys. +2/-2      auth.ts Add AuthController for API key validation                                apps/cli/src/http/auth.ts Implemented AuthController for checking API key validity via HTTP. Added method to validate API key against the server. +22/-0    secret.controller.ts Add endpoint for fetching all secrets of a project and environment apps/api/src/secret/controller/secret.controller.ts Added endpoint to fetch all secrets for a project and environment. +14/-0    api-key.controller.ts Add endpoint to check API key access for live updates        apps/api/src/api-key/controller/api-key.controller.ts Added endpoint to check if API key can access live updates. +14/-0    socket.types.ts Update socket types with client registration response and plaintext flag apps/api/src/socket/socket.types.ts Added ClientRegisteredResponse interface. Renamed isSecret to isPlaintext in ChangeNotification interface. +7/-1      run.types.d.ts Add TypeScript definitions for run command types                  apps/cli/src/commands/run/run.types.d.ts Added TypeScript definitions for Configuration and ClientRegisteredResponse. +11/-0    configure.types.d.ts Add TypeScript definitions for configure command types      apps/cli/src/commands/configure/configure.types.d.ts Added TypeScript definitions for ProjectRootConfig and UserRootConfig. +11/-0    index.ts Export HTTP controllers for CLI                                                    apps/cli/src/http/index.ts Exported SecretController, VariableController, and AuthController. +5/-0      command.interface.ts Define BaseCommand interface for CLI commands                        apps/cli/src/commands/base/command.interface.ts Defined BaseCommand interface for CLI commands. +5/-0      constants.ts Add API base URL constant                                                                apps/cli/src/util/constants.ts Added API_BASE_URL constant. +1/-0
Configuration changes	5 files .eslintrc.js Add ESLint configuration for CLI                                                  apps/cli/.eslintrc.js Added ESLint configuration for the CLI project. +26/-0    package.json Update package.json with CLI scripts and dependencies        package.json Added scripts and dependencies for the CLI project. Included commands for building and starting the CLI. +6/-1      package.json Create package.json for CLI project                                            apps/cli/package.json Created package.json for the CLI project. Defined scripts, dependencies, and project metadata. +28/-0    tsconfig.json Add TypeScript configuration for CLI                                          apps/cli/tsconfig.json Added TypeScript configuration for the CLI project. +21/-0    docker-compose.yml Add volumes to docker-compose for persistent storage          docker-compose.yml Added volumes for database, Redis, and MinIO services. +8/-0
Dependencies	1 files pnpm-lock.yaml Update dependencies and add new ones for CLI                          pnpm-lock.yaml Updated dependencies and added new ones for the CLI project. Included packages like commander, socket.io-client, and typescript. +479/-108

---

💡 PR-Agent usage:
Comment /help on the PR to get a list of all available PR-Agent tools and their descriptions

[codiumai-pr-agent-free]

PR Reviewer Guide 🔍

⏱️ Estimated effort to review [1-5]	4
🧪 Relevant tests	No
🔒 Security concerns	- Sensitive Information Exposure: As mentioned in the PR description and seen in the code, there is a risk of exposing sensitive information such as secrets in plain text. This needs immediate attention and rectification to ensure that all sensitive data is transmitted securely, preferably using encryption.
⚡ Key issues to review	Possible Security Issue: The PR mentions that secrets will be sent in plain text if the project contains the private key and the user has access to it. This is a significant security risk, especially for a production environment. It is recommended to implement encryption for such sensitive data transmission.
	Code Quality Concern: The use of process.exit(1) within the action method in run.command.ts could lead to abrupt termination of the process without proper cleanup or error handling. Consider implementing a more graceful error handling strategy.
	Resource Management: In run.command.ts, the child process is spawned and potentially killed and restarted multiple times. Ensure that all resources (e.g., file handles, network connections) are properly managed during these operations to prevent resource leaks.
	Error Handling: The error handling in the fetchSecrets and fetchVariables methods in the respective controllers could be improved by providing more detailed error information or handling specific error cases more gracefully.

[codiumai-pr-agent-free]

PR Code Suggestions ✨

Category	Suggestion	Score
Security	Use secure WebSocket (WSS) to enhance security during socket communication Use HTTPS for socket connection to enhance security, especially if API keys are being transmitted. apps/cli/src/commands/run/run.command.ts [87-93] -const ioClient = io(`ws://${host}/change-notifier`, { +const ioClient = io(`wss://${host}/change-notifier`, { autoConnect: false, extraHeaders: { 'x-keyshade-token': data.apiKey }, transports: ['websocket'] }) Apply this suggestion Suggestion importance[1-10]: 10 Why: Switching to secure WebSocket (WSS) is crucial for enhancing security, especially when transmitting sensitive information like API keys.	10
	Replace the insecure fs module version with a secure alternative The fs module with version 0.0.1-security is a placeholder and should not be used in production as it might be a security risk. Consider using the built-in Node.js fs module or an alternative package with proper security updates and support. pnpm-lock.yaml [280-282] -fs: - specifier: 0.0.1-security - version: 0.0.1-security +# Use Node.js built-in fs module or replace with an alternative +# fs: +# specifier: <valid-version> +# version: <valid-version> Apply this suggestion Suggestion importance[1-10]: 9 Why: Using a placeholder security version for the fs module can pose a significant security risk. Replacing it with a secure alternative is important for maintaining the security of the application.	9
Possible issue	Add error handling to the action method to improve robustness Consider adding error handling for the action method in ConfigureCommand. If the listConfigurations or createConfiguration methods throw an error, it should be caught and handled appropriately to prevent the application from crashing. apps/cli/src/commands/configure/configure.command.ts [31] -this.action(str) +try { + this.action(str) +} catch (error) { + console.error('Error executing action:', error) +} Apply this suggestion Suggestion importance[1-10]: 9 Why: Adding error handling to the action method is crucial for preventing the application from crashing if an error occurs in listConfigurations or createConfiguration. This significantly improves the robustness of the code.	9
	Correct the version number to match the updated specifier for better dependency management It appears that the version specifier for @semantic-release/github has been updated, but the version itself has been incorrectly updated to an older version than what might have been intended. Ensure that the version matches or exceeds the specifier to avoid potential issues with outdated dependencies. pnpm-lock.yaml [24-25] '@semantic-release/github': specifier: ^10.0.3 - version: 10.0.5(semantic-release@23.1.1(typescript@5.5.2)) + version: 10.0.3(semantic-release@23.1.1(typescript@5.5.2)) Apply this suggestion Suggestion importance[1-10]: 8 Why: Ensuring the version number matches the specifier is crucial for maintaining dependency consistency and avoiding potential issues with outdated dependencies.	8
	Replace the infinite loop with a controlled loop to manage process lifecycle better Replace the infinite loop in executeCommand with a more controlled loop mechanism to prevent potential high CPU usage and improve the manageability of the process lifecycle. apps/cli/src/commands/run/run.command.ts [126-157] -while (true) { +let running = true; +while (running) { if (this.shouldRestart) { Logger.info('Restarting command...') process.kill(-childProcess.pid) this.shouldRestart = false } if (childProcess === null) { childProcess = spawn(command, { stdio: ['inherit', 'pipe', 'pipe'], shell: true, env: this.processEnvironmentalVariables, detached: true }) } - await this.sleep(1000) + await this.sleep(1000); + // Include a condition to break the loop if needed + if (someCondition) { + running = false; + } } Suggestion importance[1-10]: 7 Why: The suggestion improves the manageability of the process lifecycle and prevents potential high CPU usage, but the exact condition to break the loop is not provided, which leaves some ambiguity.	7
	Ensure Node.js runtime compatibility with the commander package's engine requirement The commander package version 12.1.0 specifies that it requires Node.js version >=18, which might not be compatible with your current Node.js runtime if it's older. Verify and possibly update your Node.js runtime environment to meet this requirement, or adjust the package version to one compatible with your current Node.js version. pnpm-lock.yaml [3964-3966] commander: specifier: ^12.1.0 version: 12.1.0 - engines: {node: '>=18'} + engines: {node: '>=<your-current-node-version>'} Apply this suggestion Suggestion importance[1-10]: 7 Why: Ensuring compatibility between the Node.js runtime and the commander package's engine requirement is important for preventing runtime issues, but the suggestion to adjust the package version might not always be feasible.	7
	Check compatibility of new chalk version with other packages Verify the compatibility of the newly added chalk version with the existing codebase, especially if there are other packages that might interact with it. This helps prevent potential conflicts or issues arising from version mismatches. package.json [160] -"chalk": "^4.1.2" +"chalk": "^4.1.2" # Ensure compatibility with other packages Apply this suggestion Suggestion importance[1-10]: 6 Why: Verifying the compatibility of the new chalk version with the existing codebase is a good practice to prevent potential conflicts, but the suggestion itself is more of a reminder than a direct code improvement.	6
Enhancement	Add error handling for the child process creation to enhance robustness Add error handling for the spawn command to catch and log potential errors that occur when spawning the child process. apps/cli/src/commands/run/run.command.ts [135-140] -childProcess = spawn(command, { - stdio: ['inherit', 'pipe', 'pipe'], - shell: true, - env: this.processEnvironmentalVariables, - detached: true -}) +try { + childProcess = spawn(command, { + stdio: ['inherit', 'pipe', 'pipe'], + shell: true, + env: this.processEnvironmentalVariables, + detached: true + }) +} catch (error) { + Logger.error(`Failed to spawn child process: ${error.message}`); + return; +} Apply this suggestion Suggestion importance[1-10]: 9 Why: Adding error handling for the spawn command is a significant improvement that enhances the robustness and reliability of the code.	9
	Add input validation for CLI options to ensure correct and non-empty inputs Implement input validation for CLI options to ensure that the inputs meet the expected format or constraints before proceeding with configuration. This can prevent potential runtime errors and provide user feedback for correction. apps/cli/src/commands/configure/configure.command.ts [63-90] workspace = await text({ - message: 'Enter the workspace name' + message: 'Enter the workspace name', + validate: input => input.trim() !== '' ? true : 'Workspace name cannot be empty' }) project = await text({ - message: 'Enter the project name' + message: 'Enter the project name', + validate: input => input.trim() !== '' ? true : 'Project name cannot be empty' }) environment = await text({ - message: 'Enter the environment name' + message: 'Enter the environment name', + validate: input => input.trim() !== '' ? true : 'Environment name cannot be empty' }) apiKey = await text({ - message: 'Enter the API key' + message: 'Enter the API key', + validate: input => input.trim() !== '' ? true : 'API key cannot be empty' }) privateKey = await text({ - message: 'Enter the private key' + message: 'Enter the private key', + validate: input => input.trim() !== '' ? true : 'Private key cannot be empty' }) Apply this suggestion Suggestion importance[1-10]: 8 Why: Implementing input validation for CLI options ensures that the inputs meet the expected format or constraints, preventing potential runtime errors and providing immediate user feedback for correction.	8
	Consider replacing moment.js with a more modern and modular date library Review the necessity of adding moment.js as a dependency since it is a legacy project in maintenance mode. Consider using more modern alternatives like date-fns or day.js that are smaller and more modular, unless specific features of moment.js are required. package.json [161] -"moment": "^2.30.1" +"day.js": "^1.11.3" Apply this suggestion Suggestion importance[1-10]: 7 Why: While moment.js is a legacy project, the suggestion to use a more modern alternative like day.js can improve performance and reduce bundle size. However, this change depends on the specific requirements of the project.	7
	Verify the necessity of reintroducing the moment package and remove if unnecessary The moment package has been added again in the new hunk, but it was previously removed. If the addition was unintentional, consider removing it to keep the package list clean and to avoid reintroducing potentially unused or deprecated dependencies. pnpm-lock.yaml [47-49] -moment: - specifier: ^2.30.1 - version: 2.30.1 +# Ensure moment is necessary or remove it +# moment: +# specifier: ^2.30.1 +# version: 2.30.1 Apply this suggestion Suggestion importance[1-10]: 6 Why: While keeping the package list clean is good practice, the reintroduction of moment might be intentional. Verification is necessary before removal.	6
Maintainability	Add test scripts for new CLI-related tasks to ensure code quality Ensure that the newly added CLI-related scripts in the scripts section of package.json have corresponding test scripts to maintain high code quality and avoid regressions. This is crucial for continuous integration environments and for developers to verify changes locally before pushing. package.json [109-114] "build:cli": "turbo run build --filter=cli", +"test:cli": "turbo run test --filter=cli", "start:cli": "turbo run start --filter=cli" Apply this suggestion Suggestion importance[1-10]: 9 Why: Adding test scripts for new CLI-related tasks is crucial for maintaining high code quality and avoiding regressions, especially in continuous integration environments.	9
	Refactor to separate the existing configuration check into a new method Refactor the createConfiguration method to separate concerns for better maintainability. Specifically, separate the logic for checking and handling existing configurations into a new method. apps/cli/src/commands/configure/configure.command.ts [94-118] -const userRootConfigExists = existsSync( - getUserRootConfigurationFilePath(project) -) -if (userRootConfigExists) { - const overwrite = await confirm({ - message: 'Overwrite existing user configuration?' - }) - if (isCancel(overwrite)) { - upsertUserRootConfig = false - } -} -const projectRootConfigExists = existsSync('keyshade.json') -if (projectRootConfigExists) { - const overwrite = await confirm({ - message: 'Overwrite existing project configuration?' - }) - if (isCancel(overwrite)) { - upsertProjectRootConfig = false - } -} +await this.handleExistingConfigurations(parsedData) Apply this suggestion Suggestion importance[1-10]: 7 Why: Refactoring to separate the logic for checking and handling existing configurations improves code maintainability and readability. However, it does not address any critical issues.	7
Possible bug	Add checks to ensure the child process exists before attempting to kill it Implement a mechanism to handle the case where childProcess.pid is undefined to avoid potential runtime errors when attempting to kill an undefined process. apps/cli/src/commands/run/run.command.ts [131] -process.kill(-childProcess.pid) +if (childProcess && childProcess.pid) { + process.kill(-childProcess.pid); +} else { + Logger.error('Attempted to kill a non-existent process.'); +} Apply this suggestion Suggestion importance[1-10]: 8 Why: This suggestion addresses a potential runtime error by ensuring that the child process exists before attempting to kill it, improving the code's robustness.	8
Best practice	Use a structured logger for consistency in logging Replace the direct console logging with a more structured logging approach using a dedicated logger. This will help in maintaining consistent logging formats and potentially managing log levels in a centralized way. apps/cli/src/commands/configure/configure.command.ts [126-134] -console.log('writing user root config') -console.log('writing project root config') +Logger.info('writing user root config') +Logger.info('writing project root config') Apply this suggestion Suggestion importance[1-10]: 8 Why: Using a structured logger improves consistency in logging and helps in managing log levels centrally, which is a best practice for maintainable and scalable applications.	8
	Use exact versions for dependencies to enhance reliability and consistency Consider specifying exact versions for the newly added dependencies to avoid potential issues with automatic updates that might introduce breaking changes or bugs. Using exact versions helps ensure that all environments run the same code, which can be crucial for debugging and reliability. package.json [159-161] -"zod": "^3.23.6", -"chalk": "^4.1.2", -"moment": "^2.30.1" +"zod": "3.23.6", +"chalk": "4.1.2", +"moment": "2.30.1" Apply this suggestion Suggestion importance[1-10]: 8 Why: Using exact versions for dependencies is a best practice that helps ensure consistency across different environments, reducing the risk of unexpected issues due to automatic updates.	8

[codecov]

Codecov Report

Attention: Patch coverage is 78.57143% with 9 lines in your changes missing coverage. Please review.

Project coverage is 88.04%. Comparing base (ce50743) to head (87bc4e2).
Report is 38 commits behind head on develop.

Files	Patch %	Lines
apps/api/src/secret/service/secret.service.ts	80.00%	3 Missing ⚠️
apps/api/src/socket/change-notifier.socket.ts	0.00%	3 Missing ⚠️
apps/api/src/auth/guard/auth/auth.guard.ts	0.00%	2 Missing ⚠️
apps/api/src/api-key/service/api-key.service.ts	83.33%	1 Missing ⚠️

Additional details and impacted files

@@             Coverage Diff             @@
##           develop     #289      +/-   ##
===========================================
- Coverage    91.71%   88.04%   -3.68%     
===========================================
  Files          111      107       -4     
  Lines         2510     2308     -202     
  Branches       469      356     -113     
===========================================
- Hits          2302     2032     -270     
- Misses         208      276      +68     

Flag	Coverage Δ
api-e2e-tests	88.04% <78.57%> (-3.68%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[sonarcloud]

Quality Gate passed

Issues
1 New issue
1 Accepted issue

Measures
0 Security Hotspots
0.0% Coverage on New Code
4.7% Duplication on New Code

See analysis details on SonarCloud