feat(cli): Added CLI - Githubissues

rajdip-b commented 6 days ago

User description

Description

The CLI

The main aim of this PR is to add the base keyshade CLI. Right now, the CLI is very fragile (mostly contains experimental code), but contains two of the main commands:

keyshade configure
keyshade run

These commands will allow you to configure any project of yours to be configured and used with keyshade.

Changes in API

We had to make some changes to how the API sent data to the CLI. We added a few endpoints and modified some. One of the things we would like to point out is, secrets would be sent in plain text to the users for now if the project contains the private key and the user has access to it.

Testing the CLI

Checkout the PR
Run the API
Create an API key
Create a project, an environment, and a variable named PORT_NUMBER
Go to apps/cli and run pnpm watch
Configure the CLI using node dist/index.js configure (from apps/cli)

For testing purposes, create a file, say test.js and then add the following code to it:

setInterval(() => {
const PORT_NUMBER = process.env.PORT_NUMBER
console.log(`PORT_NUMBER: ${PORT_NUMBER}`)
}, 3000)

Now, test the run command using node dist/index.js run "node test.js"

Notice how the program will start printing the PORT_NUMBER value. Try adding a revision, say setting the value to something else. Observe the CLI pick the change and reflect it automatically.

PR Type

Enhancement, Documentation

Description

Implemented CLI commands configure and run with real-time updates and configuration management.
Enhanced secret and variable services with methods for fetching environment-specific data and improved change notifications.
Added endpoints for fetching all secrets and variables of a project and environment.
Enhanced API key update logic and added validation for API key existence.
Implemented utility functions for configuration management and logging in the CLI.
Updated dependencies and added new ones for the CLI project.
Added TypeScript definitions and configurations for the CLI project.

Changes walkthrough 📝

Relevant files

Enhancement

22 files

run.command.ts Implement `RunCommand` for executing commands with real-time updates apps/cli/src/commands/run/run.command.ts Implemented `RunCommand` class to handle the `run` command. Added methods for fetching configurations, connecting to a socket, and executing commands. Integrated socket.io for real-time configuration updates.	+194/-0
secret.service.ts `Enhance secret service with environment-specific methods and` `notifications` apps/api/src/secret/service/secret.service.ts Added methods to fetch all secrets for a project and environment. Modified secret update logic to include version ordering and plaintext flag. Enhanced Redis change notification publishing.	+78/-8
variable.service.ts `Enhance variable service with environment-specific methods and` `notifications` apps/api/src/variable/service/variable.service.ts Added methods to fetch all variables for a project and environment. Modified variable update logic to include version ordering and plaintext flag. Enhanced Redis change notification publishing.	+76/-6
configure.command.ts Implement `ConfigureCommand` for CLI configuration management apps/cli/src/commands/configure/configure.command.ts Implemented `ConfigureCommand` class to handle the `configure` command. Added methods for listing and creating configurations. Integrated user prompts for configuration inputs.	+147/-0
configuration.ts `Add configuration utility functions for CLI` apps/cli/src/util/configuration.ts Added utility functions for fetching and writing project and user root configurations. Implemented methods to determine OS type and configuration file paths.	+61/-0
variable.controller.ts `Add endpoint for fetching all variables of a project and environment` apps/api/src/variable/controller/variable.controller.ts Added endpoint to fetch all variables for a project and environment. Updated `updateVariable` method to use `UpdateVariable` DTO.	+16/-1
api-key.service.ts `Enhance API key update logic with authority merging` apps/api/src/api-key/service/api-key.service.ts Enhanced `updateApiKey` method to merge existing and new authorities. Added validation for API key existence before updating.	+18/-5
logger.ts `Add Logger utility for formatted logging` apps/cli/src/util/logger.ts Implemented `Logger` utility with methods for logging info, error, and warning messages. Integrated `chalk` and `moment` for formatted logging.	+30/-0
secret.ts `Add SecretController for fetching secrets via HTTP` apps/cli/src/http/secret.ts Implemented `SecretController` for fetching secrets via HTTP. Added method to fetch secrets from the API.	+28/-0
variable.ts `Add VariableController for fetching variables via HTTP` apps/cli/src/http/variable.ts Implemented `VariableController` for fetching variables via HTTP. Added method to fetch variables from the API.	+28/-0
change-notifier.socket.ts `Enhance client registration with detailed response and logging` apps/api/src/socket/change-notifier.socket.ts Enhanced client registration to emit detailed response upon successful registration. Added logging for client registration events.	+11/-3
index.ts `Set up CLI entry point with commander` apps/cli/src/index.ts Set up CLI entry point with `commander`. Registered `ConfigureCommand` and `RunCommand`.	+20/-0
auth.guard.ts `Enhance AuthGuard error handling for API key validation` apps/api/src/auth/guard/auth/auth.guard.ts Enhanced error handling in `AuthGuard` for API key validation. Added specific error messages for missing and invalid API keys.	+2/-2
auth.ts `Add AuthController for API key validation` apps/cli/src/http/auth.ts Implemented `AuthController` for checking API key validity via HTTP. Added method to validate API key against the server.	+22/-0
secret.controller.ts `Add endpoint for fetching all secrets of a project and environment` apps/api/src/secret/controller/secret.controller.ts - Added endpoint to fetch all secrets for a project and environment.	+14/-0
api-key.controller.ts `Add endpoint to check API key access for live updates` apps/api/src/api-key/controller/api-key.controller.ts - Added endpoint to check if API key can access live updates.	+14/-0
socket.types.ts `Update socket types with client registration response and plaintext` `flag` apps/api/src/socket/socket.types.ts Added `ClientRegisteredResponse` interface. Renamed `isSecret` to `isPlaintext` in `ChangeNotification` interface.	+7/-1
run.types.d.ts `Add TypeScript definitions for run command types` apps/cli/src/commands/run/run.types.d.ts Added TypeScript definitions for `Configuration` and `ClientRegisteredResponse`.	+11/-0
configure.types.d.ts `Add TypeScript definitions for configure command types` apps/cli/src/commands/configure/configure.types.d.ts Added TypeScript definitions for `ProjectRootConfig` and `UserRootConfig`.	+11/-0
index.ts `Export HTTP controllers for CLI` apps/cli/src/http/index.ts Exported `SecretController`, `VariableController`, and `AuthController`.	+5/-0
command.interface.ts `Define BaseCommand interface for CLI commands` apps/cli/src/commands/base/command.interface.ts - Defined `BaseCommand` interface for CLI commands.	+5/-0
constants.ts `Add API base URL constant` apps/cli/src/util/constants.ts - Added `API_BASE_URL` constant.	+1/-0

Configuration changes

5 files

.eslintrc.js `Add ESLint configuration for CLI` apps/cli/.eslintrc.js - Added ESLint configuration for the CLI project.	+26/-0
package.json `Update package.json with CLI scripts and dependencies` package.json Added scripts and dependencies for the CLI project. Included commands for building and starting the CLI.	+6/-1
package.json `Create package.json for CLI project` apps/cli/package.json Created package.json for the CLI project. Defined scripts, dependencies, and project metadata.	+28/-0
tsconfig.json `Add TypeScript configuration for CLI` apps/cli/tsconfig.json - Added TypeScript configuration for the CLI project.	+21/-0
docker-compose.yml `Add volumes to docker-compose for persistent storage` docker-compose.yml - Added volumes for database, Redis, and MinIO services.	+8/-0

Dependencies

1 files

pnpm-lock.yaml

Update dependencies and add new ones for CLI

pnpm-lock.yaml

Updated dependencies and added new ones for the CLI project.

Included packages like commander, socket.io-client, and typescript.

+479/-108

💡 PR-Agent usage: Comment /help on the PR to get a list of all available PR-Agent tools and their descriptions

codiumai-pr-agent[bot] commented 6 days ago

PR Reviewer Guide 🔍

⏱️ Estimated effort to review [1-5]	4
🧪 Relevant tests	No
🔒 Security concerns	- Sensitive Information Exposure: As mentioned in the PR description and seen in the code, there is a risk of exposing sensitive information such as secrets in plain text. This needs immediate attention and rectification to ensure that all sensitive data is transmitted securely, preferably using encryption.
⚡ Key issues to review	Possible Security Issue: The PR mentions that secrets will be sent in plain text if the project contains the private key and the user has access to it. This is a significant security risk, especially for a production environment. It is recommended to implement encryption for such sensitive data transmission.
	Code Quality Concern: The use of `process.exit(1)` within the `action` method in `run.command.ts` could lead to abrupt termination of the process without proper cleanup or error handling. Consider implementing a more graceful error handling strategy.
	Resource Management: In `run.command.ts`, the child process is spawned and potentially killed and restarted multiple times. Ensure that all resources (e.g., file handles, network connections) are properly managed during these operations to prevent resource leaks.
	Error Handling: The error handling in the `fetchSecrets` and `fetchVariables` methods in the respective controllers could be improved by providing more detailed error information or handling specific error cases more gracefully.

codiumai-pr-agent[bot] commented 6 days ago

PR Code Suggestions ✨

Category	Suggestion	Score
Security	Use secure WebSocket (WSS) to enhance security during socket communication ___ Use HTTPS for socket connection to enhance security, especially if API keys are being transmitted. [apps/cli/src/commands/run/run.command.ts [87-93]](https://github.com/keyshade-xyz/keyshade/pull/289/files#diff-ad2c4906dc4a080f35a9cb6fa4e4992ea00dd9f5b553e8edea6a21e1bc9062deR87-R93) ```diff -const ioClient = io(`ws://${host}/change-notifier`, { +const ioClient = io(`wss://${host}/change-notifier`, { autoConnect: false, extraHeaders: { 'x-keyshade-token': data.apiKey }, transports: ['websocket'] }) ``` - [ ] Apply this suggestion Suggestion importance[1-10]: 10 Why: Switching to secure WebSocket (WSS) is crucial for enhancing security, especially when transmitting sensitive information like API keys.	10
Security	Replace the insecure `fs` module version with a secure alternative ___ The `fs` module with version `0.0.1-security` is a placeholder and should not be used in production as it might be a security risk. Consider using the built-in Node.js `fs` module or an alternative package with proper security updates and support. [pnpm-lock.yaml [280-282]](https://github.com/keyshade-xyz/keyshade/pull/289/files#diff-32824c984905bb02bc7ffcef96a77addd1f1602cff71a11fbbfdd7f53ee026bbR280-R282) ```diff -fs: - specifier: 0.0.1-security - version: 0.0.1-security +# Use Node.js built-in fs module or replace with an alternative +# fs: +# specifier: +# version: ``` - [ ] Apply this suggestion Suggestion importance[1-10]: 9 Why: Using a placeholder security version for the `fs` module can pose a significant security risk. Replacing it with a secure alternative is important for maintaining the security of the application.	9
Possible issue	Add error handling to the `action` method to improve robustness ___ Consider adding error handling for the `action` method in `ConfigureCommand`. If the `listConfigurations` or `createConfiguration` methods throw an error, it should be caught and handled appropriately to prevent the application from crashing. [apps/cli/src/commands/configure/configure.command.ts [31]](https://github.com/keyshade-xyz/keyshade/pull/289/files#diff-d30472a3d78404f1c212c800887469f7c6269efcf8f1c33275a22ef912e3cd93R31-R31) ```diff -this.action(str) +try { + this.action(str) +} catch (error) { + console.error('Error executing action:', error) +} ``` - [ ] Apply this suggestion Suggestion importance[1-10]: 9 Why: Adding error handling to the `action` method is crucial for preventing the application from crashing if an error occurs in `listConfigurations` or `createConfiguration`. This significantly improves the robustness of the code.	9
	Correct the version number to match the updated specifier for better dependency management ___ It appears that the version specifier for `@semantic-release/github` has been updated, but the version itself has been incorrectly updated to an older version than what might have been intended. Ensure that the version matches or exceeds the specifier to avoid potential issues with outdated dependencies. [pnpm-lock.yaml [24-25]](https://github.com/keyshade-xyz/keyshade/pull/289/files#diff-32824c984905bb02bc7ffcef96a77addd1f1602cff71a11fbbfdd7f53ee026bbR24-R25) ```diff '@semantic-release/github': specifier: ^10.0.3 - version: 10.0.5(semantic-release@23.1.1(typescript@5.5.2)) + version: 10.0.3(semantic-release@23.1.1(typescript@5.5.2)) ``` - [ ] Apply this suggestion Suggestion importance[1-10]: 8 Why: Ensuring the version number matches the specifier is crucial for maintaining dependency consistency and avoiding potential issues with outdated dependencies.	8
	Replace the infinite loop with a controlled loop to manage process lifecycle better ___ Replace the infinite loop in `executeCommand` with a more controlled loop mechanism to prevent potential high CPU usage and improve the manageability of the process lifecycle. [apps/cli/src/commands/run/run.command.ts [126-157]](https://github.com/keyshade-xyz/keyshade/pull/289/files#diff-ad2c4906dc4a080f35a9cb6fa4e4992ea00dd9f5b553e8edea6a21e1bc9062deR126-R157) ```diff -while (true) { +let running = true; +while (running) { if (this.shouldRestart) { Logger.info('Restarting command...') process.kill(-childProcess.pid) this.shouldRestart = false } if (childProcess === null) { childProcess = spawn(command, { stdio: ['inherit', 'pipe', 'pipe'], shell: true, env: this.processEnvironmentalVariables, detached: true }) } - await this.sleep(1000) + await this.sleep(1000); + // Include a condition to break the loop if needed + if (someCondition) { + running = false; + } } ``` Suggestion importance[1-10]: 7 Why: The suggestion improves the manageability of the process lifecycle and prevents potential high CPU usage, but the exact condition to break the loop is not provided, which leaves some ambiguity.	7
	Ensure Node.js runtime compatibility with the `commander` package's engine requirement ___ The `commander` package version `12.1.0` specifies that it requires Node.js version `>=18`, which might not be compatible with your current Node.js runtime if it's older. Verify and possibly update your Node.js runtime environment to meet this requirement, or adjust the package version to one compatible with your current Node.js version. [pnpm-lock.yaml [3964-3966]](https://github.com/keyshade-xyz/keyshade/pull/289/files#diff-32824c984905bb02bc7ffcef96a77addd1f1602cff71a11fbbfdd7f53ee026bbR3964-R3966) ```diff commander: specifier: ^12.1.0 version: 12.1.0 - engines: {node: '>=18'} + engines: {node: '>='} ``` - [ ] Apply this suggestion Suggestion importance[1-10]: 7 Why: Ensuring compatibility between the Node.js runtime and the `commander` package's engine requirement is important for preventing runtime issues, but the suggestion to adjust the package version might not always be feasible.	7
	Check compatibility of new `chalk` version with other packages ___ Verify the compatibility of the newly added `chalk` version with the existing codebase, especially if there are other packages that might interact with it. This helps prevent potential conflicts or issues arising from version mismatches. [package.json [160]](https://github.com/keyshade-xyz/keyshade/pull/289/files#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519R160-R160) ```diff -"chalk": "^4.1.2" +"chalk": "^4.1.2" # Ensure compatibility with other packages ``` - [ ] Apply this suggestion Suggestion importance[1-10]: 6 Why: Verifying the compatibility of the new `chalk` version with the existing codebase is a good practice to prevent potential conflicts, but the suggestion itself is more of a reminder than a direct code improvement.	6
Enhancement	Add error handling for the child process creation to enhance robustness ___ Add error handling for the `spawn` command to catch and log potential errors that occur when spawning the child process. [apps/cli/src/commands/run/run.command.ts [135-140]](https://github.com/keyshade-xyz/keyshade/pull/289/files#diff-ad2c4906dc4a080f35a9cb6fa4e4992ea00dd9f5b553e8edea6a21e1bc9062deR135-R140) ```diff -childProcess = spawn(command, { - stdio: ['inherit', 'pipe', 'pipe'], - shell: true, - env: this.processEnvironmentalVariables, - detached: true -}) +try { + childProcess = spawn(command, { + stdio: ['inherit', 'pipe', 'pipe'], + shell: true, + env: this.processEnvironmentalVariables, + detached: true + }) +} catch (error) { + Logger.error(`Failed to spawn child process: ${error.message}`); + return; +} ``` - [ ] Apply this suggestion Suggestion importance[1-10]: 9 Why: Adding error handling for the `spawn` command is a significant improvement that enhances the robustness and reliability of the code.	9
	Add input validation for CLI options to ensure correct and non-empty inputs ___ Implement input validation for CLI options to ensure that the inputs meet the expected format or constraints before proceeding with configuration. This can prevent potential runtime errors and provide user feedback for correction. [apps/cli/src/commands/configure/configure.command.ts [63-90]](https://github.com/keyshade-xyz/keyshade/pull/289/files#diff-d30472a3d78404f1c212c800887469f7c6269efcf8f1c33275a22ef912e3cd93R63-R90) ```diff workspace = await text({ - message: 'Enter the workspace name' + message: 'Enter the workspace name', + validate: input => input.trim() !== '' ? true : 'Workspace name cannot be empty' }) project = await text({ - message: 'Enter the project name' + message: 'Enter the project name', + validate: input => input.trim() !== '' ? true : 'Project name cannot be empty' }) environment = await text({ - message: 'Enter the environment name' + message: 'Enter the environment name', + validate: input => input.trim() !== '' ? true : 'Environment name cannot be empty' }) apiKey = await text({ - message: 'Enter the API key' + message: 'Enter the API key', + validate: input => input.trim() !== '' ? true : 'API key cannot be empty' }) privateKey = await text({ - message: 'Enter the private key' + message: 'Enter the private key', + validate: input => input.trim() !== '' ? true : 'Private key cannot be empty' }) ``` - [ ] Apply this suggestion Suggestion importance[1-10]: 8 Why: Implementing input validation for CLI options ensures that the inputs meet the expected format or constraints, preventing potential runtime errors and providing immediate user feedback for correction.	8
	Consider replacing `moment.js` with a more modern and modular date library ___ Review the necessity of adding `moment.js` as a dependency since it is a legacy project in maintenance mode. Consider using more modern alternatives like `date-fns` or `day.js` that are smaller and more modular, unless specific features of `moment.js` are required. [package.json [161]](https://github.com/keyshade-xyz/keyshade/pull/289/files#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519R161-R161) ```diff -"moment": "^2.30.1" +"day.js": "^1.11.3" ``` - [ ] Apply this suggestion Suggestion importance[1-10]: 7 Why: While `moment.js` is a legacy project, the suggestion to use a more modern alternative like `day.js` can improve performance and reduce bundle size. However, this change depends on the specific requirements of the project.	7
	Verify the necessity of reintroducing the `moment` package and remove if unnecessary ___ The `moment` package has been added again in the new hunk, but it was previously removed. If the addition was unintentional, consider removing it to keep the package list clean and to avoid reintroducing potentially unused or deprecated dependencies. [pnpm-lock.yaml [47-49]](https://github.com/keyshade-xyz/keyshade/pull/289/files#diff-32824c984905bb02bc7ffcef96a77addd1f1602cff71a11fbbfdd7f53ee026bbR47-R49) ```diff -moment: - specifier: ^2.30.1 - version: 2.30.1 +# Ensure moment is necessary or remove it +# moment: +# specifier: ^2.30.1 +# version: 2.30.1 ``` - [ ] Apply this suggestion Suggestion importance[1-10]: 6 Why: While keeping the package list clean is good practice, the reintroduction of `moment` might be intentional. Verification is necessary before removal.	6
Maintainability	Add test scripts for new CLI-related tasks to ensure code quality ___ Ensure that the newly added CLI-related scripts in the `scripts` section of `package.json` have corresponding test scripts to maintain high code quality and avoid regressions. This is crucial for continuous integration environments and for developers to verify changes locally before pushing. [package.json [109-114]](https://github.com/keyshade-xyz/keyshade/pull/289/files#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519R109-R114) ```diff "build:cli": "turbo run build --filter=cli", +"test:cli": "turbo run test --filter=cli", "start:cli": "turbo run start --filter=cli" ``` - [ ] Apply this suggestion Suggestion importance[1-10]: 9 Why: Adding test scripts for new CLI-related tasks is crucial for maintaining high code quality and avoiding regressions, especially in continuous integration environments.	9
Maintainability	Refactor to separate the existing configuration check into a new method ___ Refactor the `createConfiguration` method to separate concerns for better maintainability. Specifically, separate the logic for checking and handling existing configurations into a new method. [apps/cli/src/commands/configure/configure.command.ts [94-118]](https://github.com/keyshade-xyz/keyshade/pull/289/files#diff-d30472a3d78404f1c212c800887469f7c6269efcf8f1c33275a22ef912e3cd93R94-R118) ```diff -const userRootConfigExists = existsSync( - getUserRootConfigurationFilePath(project) -) -if (userRootConfigExists) { - const overwrite = await confirm({ - message: 'Overwrite existing user configuration?' - }) - if (isCancel(overwrite)) { - upsertUserRootConfig = false - } -} -const projectRootConfigExists = existsSync('keyshade.json') -if (projectRootConfigExists) { - const overwrite = await confirm({ - message: 'Overwrite existing project configuration?' - }) - if (isCancel(overwrite)) { - upsertProjectRootConfig = false - } -} +await this.handleExistingConfigurations(parsedData) ``` - [ ] Apply this suggestion Suggestion importance[1-10]: 7 Why: Refactoring to separate the logic for checking and handling existing configurations improves code maintainability and readability. However, it does not address any critical issues.	7
Possible bug	Add checks to ensure the child process exists before attempting to kill it ___ Implement a mechanism to handle the case where `childProcess.pid` is undefined to avoid potential runtime errors when attempting to kill an undefined process. [apps/cli/src/commands/run/run.command.ts [131]](https://github.com/keyshade-xyz/keyshade/pull/289/files#diff-ad2c4906dc4a080f35a9cb6fa4e4992ea00dd9f5b553e8edea6a21e1bc9062deR131-R131) ```diff -process.kill(-childProcess.pid) +if (childProcess && childProcess.pid) { + process.kill(-childProcess.pid); +} else { + Logger.error('Attempted to kill a non-existent process.'); +} ``` - [ ] Apply this suggestion Suggestion importance[1-10]: 8 Why: This suggestion addresses a potential runtime error by ensuring that the child process exists before attempting to kill it, improving the code's robustness.	8
Best practice	Use a structured logger for consistency in logging ___ Replace the direct console logging with a more structured logging approach using a dedicated logger. This will help in maintaining consistent logging formats and potentially managing log levels in a centralized way. [apps/cli/src/commands/configure/configure.command.ts [126-134]](https://github.com/keyshade-xyz/keyshade/pull/289/files#diff-d30472a3d78404f1c212c800887469f7c6269efcf8f1c33275a22ef912e3cd93R126-R134) ```diff -console.log('writing user root config') -console.log('writing project root config') +Logger.info('writing user root config') +Logger.info('writing project root config') ``` - [x] Apply this suggestion Suggestion importance[1-10]: 8 Why: Using a structured logger improves consistency in logging and helps in managing log levels centrally, which is a best practice for maintainable and scalable applications.	8
Best practice	Use exact versions for dependencies to enhance reliability and consistency ___ Consider specifying exact versions for the newly added dependencies to avoid potential issues with automatic updates that might introduce breaking changes or bugs. Using exact versions helps ensure that all environments run the same code, which can be crucial for debugging and reliability. [package.json [159-161]](https://github.com/keyshade-xyz/keyshade/pull/289/files#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519R159-R161) ```diff -"zod": "^3.23.6", -"chalk": "^4.1.2", -"moment": "^2.30.1" +"zod": "3.23.6", +"chalk": "4.1.2", +"moment": "2.30.1" ``` - [ ] Apply this suggestion Suggestion importance[1-10]: 8 Why: Using exact versions for dependencies is a best practice that helps ensure consistency across different environments, reducing the risk of unexpected issues due to automatic updates.	8

codecov[bot] commented 6 days ago

Codecov Report

Attention: Patch coverage is 78.57143% with 9 lines in your changes missing coverage. Please review.

Project coverage is 88.04%. Comparing base (ce50743) to head (87bc4e2). Report is 38 commits behind head on develop.

Files	Patch %	Lines
apps/api/src/secret/service/secret.service.ts	80.00%	3 Missing :warning:
apps/api/src/socket/change-notifier.socket.ts	0.00%	3 Missing :warning:
apps/api/src/auth/guard/auth/auth.guard.ts	0.00%	2 Missing :warning:
apps/api/src/api-key/service/api-key.service.ts	83.33%	1 Missing :warning:

Additional details and impacted files

```diff @@ Coverage Diff @@ ## develop #289 +/- ## =========================================== - Coverage 91.71% 88.04% -3.68% =========================================== Files 111 107 -4 Lines 2510 2308 -202 Branches 469 356 -113 =========================================== - Hits 2302 2032 -270 - Misses 208 276 +68 ``` | [Flag](https://app.codecov.io/gh/keyshade-xyz/keyshade/pull/289/flags?src=pr&el=flags&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=keyshade-xyz) | Coverage Δ | | |---|---|---| | [api-e2e-tests](https://app.codecov.io/gh/keyshade-xyz/keyshade/pull/289/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=keyshade-xyz) | `88.04% <78.57%> (-3.68%)` | :arrow_down: | Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=keyshade-xyz#carryforward-flags-in-the-pull-request-comment) to find out more.

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

sonarcloud[bot] commented 5 days ago

Quality Gate passed

Issues
1 New issue
1 Accepted issue

Measures
0 Security Hotspots
0.0% Coverage on New Code
4.7% Duplication on New Code

See analysis details on SonarCloud

Category	Suggestion	Score
Security	Use secure WebSocket (WSS) to enhance security during socket communication ___ Use HTTPS for socket connection to enhance security, especially if API keys are being transmitted. [apps/cli/src/commands/run/run.command.ts [87-93]](https://github.com/keyshade-xyz/keyshade/pull/289/files#diff-ad2c4906dc4a080f35a9cb6fa4e4992ea00dd9f5b553e8edea6a21e1bc9062deR87-R93) ```diff -const ioClient = io(`ws://${host}/change-notifier`, { +const ioClient = io(`wss://${host}/change-notifier`, { autoConnect: false, extraHeaders: { 'x-keyshade-token': data.apiKey }, transports: ['websocket'] }) ``` - [ ] Apply this suggestion Suggestion importance[1-10]: 10 Why: Switching to secure WebSocket (WSS) is crucial for enhancing security, especially when transmitting sensitive information like API keys.	10
Security	Replace the insecure `fs` module version with a secure alternative ___ The `fs` module with version `0.0.1-security` is a placeholder and should not be used in production as it might be a security risk. Consider using the built-in Node.js `fs` module or an alternative package with proper security updates and support. [pnpm-lock.yaml [280-282]](https://github.com/keyshade-xyz/keyshade/pull/289/files#diff-32824c984905bb02bc7ffcef96a77addd1f1602cff71a11fbbfdd7f53ee026bbR280-R282) ```diff -fs: - specifier: 0.0.1-security - version: 0.0.1-security +# Use Node.js built-in fs module or replace with an alternative +# fs: +# specifier: +# version: ``` - [ ] Apply this suggestion Suggestion importance[1-10]: 9 Why: Using a placeholder security version for the `fs` module can pose a significant security risk. Replacing it with a secure alternative is important for maintaining the security of the application.	9
Possible issue	Add error handling to the `action` method to improve robustness ___ Consider adding error handling for the `action` method in `ConfigureCommand`. If the `listConfigurations` or `createConfiguration` methods throw an error, it should be caught and handled appropriately to prevent the application from crashing. [apps/cli/src/commands/configure/configure.command.ts [31]](https://github.com/keyshade-xyz/keyshade/pull/289/files#diff-d30472a3d78404f1c212c800887469f7c6269efcf8f1c33275a22ef912e3cd93R31-R31) ```diff -this.action(str) +try { + this.action(str) +} catch (error) { + console.error('Error executing action:', error) +} ``` - [ ] Apply this suggestion Suggestion importance[1-10]: 9 Why: Adding error handling to the `action` method is crucial for preventing the application from crashing if an error occurs in `listConfigurations` or `createConfiguration`. This significantly improves the robustness of the code.	9
	Correct the version number to match the updated specifier for better dependency management ___ It appears that the version specifier for `@semantic-release/github` has been updated, but the version itself has been incorrectly updated to an older version than what might have been intended. Ensure that the version matches or exceeds the specifier to avoid potential issues with outdated dependencies. [pnpm-lock.yaml [24-25]](https://github.com/keyshade-xyz/keyshade/pull/289/files#diff-32824c984905bb02bc7ffcef96a77addd1f1602cff71a11fbbfdd7f53ee026bbR24-R25) ```diff '@semantic-release/github': specifier: ^10.0.3 - version: 10.0.5(semantic-release@23.1.1(typescript@5.5.2)) + version: 10.0.3(semantic-release@23.1.1(typescript@5.5.2)) ``` - [ ] Apply this suggestion Suggestion importance[1-10]: 8 Why: Ensuring the version number matches the specifier is crucial for maintaining dependency consistency and avoiding potential issues with outdated dependencies.	8
	Replace the infinite loop with a controlled loop to manage process lifecycle better ___ Replace the infinite loop in `executeCommand` with a more controlled loop mechanism to prevent potential high CPU usage and improve the manageability of the process lifecycle. [apps/cli/src/commands/run/run.command.ts [126-157]](https://github.com/keyshade-xyz/keyshade/pull/289/files#diff-ad2c4906dc4a080f35a9cb6fa4e4992ea00dd9f5b553e8edea6a21e1bc9062deR126-R157) ```diff -while (true) { +let running = true; +while (running) { if (this.shouldRestart) { Logger.info('Restarting command...') process.kill(-childProcess.pid) this.shouldRestart = false } if (childProcess === null) { childProcess = spawn(command, { stdio: ['inherit', 'pipe', 'pipe'], shell: true, env: this.processEnvironmentalVariables, detached: true }) } - await this.sleep(1000) + await this.sleep(1000); + // Include a condition to break the loop if needed + if (someCondition) { + running = false; + } } ``` Suggestion importance[1-10]: 7 Why: The suggestion improves the manageability of the process lifecycle and prevents potential high CPU usage, but the exact condition to break the loop is not provided, which leaves some ambiguity.	7
	Ensure Node.js runtime compatibility with the `commander` package's engine requirement ___ The `commander` package version `12.1.0` specifies that it requires Node.js version `>=18`, which might not be compatible with your current Node.js runtime if it's older. Verify and possibly update your Node.js runtime environment to meet this requirement, or adjust the package version to one compatible with your current Node.js version. [pnpm-lock.yaml [3964-3966]](https://github.com/keyshade-xyz/keyshade/pull/289/files#diff-32824c984905bb02bc7ffcef96a77addd1f1602cff71a11fbbfdd7f53ee026bbR3964-R3966) ```diff commander: specifier: ^12.1.0 version: 12.1.0 - engines: {node: '>=18'} + engines: {node: '>='} ``` - [ ] Apply this suggestion Suggestion importance[1-10]: 7 Why: Ensuring compatibility between the Node.js runtime and the `commander` package's engine requirement is important for preventing runtime issues, but the suggestion to adjust the package version might not always be feasible.	7
	Check compatibility of new `chalk` version with other packages ___ Verify the compatibility of the newly added `chalk` version with the existing codebase, especially if there are other packages that might interact with it. This helps prevent potential conflicts or issues arising from version mismatches. [package.json [160]](https://github.com/keyshade-xyz/keyshade/pull/289/files#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519R160-R160) ```diff -"chalk": "^4.1.2" +"chalk": "^4.1.2" # Ensure compatibility with other packages ``` - [ ] Apply this suggestion Suggestion importance[1-10]: 6 Why: Verifying the compatibility of the new `chalk` version with the existing codebase is a good practice to prevent potential conflicts, but the suggestion itself is more of a reminder than a direct code improvement.	6
Enhancement	Add error handling for the child process creation to enhance robustness ___ Add error handling for the `spawn` command to catch and log potential errors that occur when spawning the child process. [apps/cli/src/commands/run/run.command.ts [135-140]](https://github.com/keyshade-xyz/keyshade/pull/289/files#diff-ad2c4906dc4a080f35a9cb6fa4e4992ea00dd9f5b553e8edea6a21e1bc9062deR135-R140) ```diff -childProcess = spawn(command, { - stdio: ['inherit', 'pipe', 'pipe'], - shell: true, - env: this.processEnvironmentalVariables, - detached: true -}) +try { + childProcess = spawn(command, { + stdio: ['inherit', 'pipe', 'pipe'], + shell: true, + env: this.processEnvironmentalVariables, + detached: true + }) +} catch (error) { + Logger.error(`Failed to spawn child process: ${error.message}`); + return; +} ``` - [ ] Apply this suggestion Suggestion importance[1-10]: 9 Why: Adding error handling for the `spawn` command is a significant improvement that enhances the robustness and reliability of the code.	9
	Add input validation for CLI options to ensure correct and non-empty inputs ___ Implement input validation for CLI options to ensure that the inputs meet the expected format or constraints before proceeding with configuration. This can prevent potential runtime errors and provide user feedback for correction. [apps/cli/src/commands/configure/configure.command.ts [63-90]](https://github.com/keyshade-xyz/keyshade/pull/289/files#diff-d30472a3d78404f1c212c800887469f7c6269efcf8f1c33275a22ef912e3cd93R63-R90) ```diff workspace = await text({ - message: 'Enter the workspace name' + message: 'Enter the workspace name', + validate: input => input.trim() !== '' ? true : 'Workspace name cannot be empty' }) project = await text({ - message: 'Enter the project name' + message: 'Enter the project name', + validate: input => input.trim() !== '' ? true : 'Project name cannot be empty' }) environment = await text({ - message: 'Enter the environment name' + message: 'Enter the environment name', + validate: input => input.trim() !== '' ? true : 'Environment name cannot be empty' }) apiKey = await text({ - message: 'Enter the API key' + message: 'Enter the API key', + validate: input => input.trim() !== '' ? true : 'API key cannot be empty' }) privateKey = await text({ - message: 'Enter the private key' + message: 'Enter the private key', + validate: input => input.trim() !== '' ? true : 'Private key cannot be empty' }) ``` - [ ] Apply this suggestion Suggestion importance[1-10]: 8 Why: Implementing input validation for CLI options ensures that the inputs meet the expected format or constraints, preventing potential runtime errors and providing immediate user feedback for correction.	8
	Consider replacing `moment.js` with a more modern and modular date library ___ Review the necessity of adding `moment.js` as a dependency since it is a legacy project in maintenance mode. Consider using more modern alternatives like `date-fns` or `day.js` that are smaller and more modular, unless specific features of `moment.js` are required. [package.json [161]](https://github.com/keyshade-xyz/keyshade/pull/289/files#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519R161-R161) ```diff -"moment": "^2.30.1" +"day.js": "^1.11.3" ``` - [ ] Apply this suggestion Suggestion importance[1-10]: 7 Why: While `moment.js` is a legacy project, the suggestion to use a more modern alternative like `day.js` can improve performance and reduce bundle size. However, this change depends on the specific requirements of the project.	7
	Verify the necessity of reintroducing the `moment` package and remove if unnecessary ___ The `moment` package has been added again in the new hunk, but it was previously removed. If the addition was unintentional, consider removing it to keep the package list clean and to avoid reintroducing potentially unused or deprecated dependencies. [pnpm-lock.yaml [47-49]](https://github.com/keyshade-xyz/keyshade/pull/289/files#diff-32824c984905bb02bc7ffcef96a77addd1f1602cff71a11fbbfdd7f53ee026bbR47-R49) ```diff -moment: - specifier: ^2.30.1 - version: 2.30.1 +# Ensure moment is necessary or remove it +# moment: +# specifier: ^2.30.1 +# version: 2.30.1 ``` - [ ] Apply this suggestion Suggestion importance[1-10]: 6 Why: While keeping the package list clean is good practice, the reintroduction of `moment` might be intentional. Verification is necessary before removal.	6
Maintainability	Add test scripts for new CLI-related tasks to ensure code quality ___ Ensure that the newly added CLI-related scripts in the `scripts` section of `package.json` have corresponding test scripts to maintain high code quality and avoid regressions. This is crucial for continuous integration environments and for developers to verify changes locally before pushing. [package.json [109-114]](https://github.com/keyshade-xyz/keyshade/pull/289/files#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519R109-R114) ```diff "build:cli": "turbo run build --filter=cli", +"test:cli": "turbo run test --filter=cli", "start:cli": "turbo run start --filter=cli" ``` - [ ] Apply this suggestion Suggestion importance[1-10]: 9 Why: Adding test scripts for new CLI-related tasks is crucial for maintaining high code quality and avoiding regressions, especially in continuous integration environments.	9
Maintainability	Refactor to separate the existing configuration check into a new method ___ Refactor the `createConfiguration` method to separate concerns for better maintainability. Specifically, separate the logic for checking and handling existing configurations into a new method. [apps/cli/src/commands/configure/configure.command.ts [94-118]](https://github.com/keyshade-xyz/keyshade/pull/289/files#diff-d30472a3d78404f1c212c800887469f7c6269efcf8f1c33275a22ef912e3cd93R94-R118) ```diff -const userRootConfigExists = existsSync( - getUserRootConfigurationFilePath(project) -) -if (userRootConfigExists) { - const overwrite = await confirm({ - message: 'Overwrite existing user configuration?' - }) - if (isCancel(overwrite)) { - upsertUserRootConfig = false - } -} -const projectRootConfigExists = existsSync('keyshade.json') -if (projectRootConfigExists) { - const overwrite = await confirm({ - message: 'Overwrite existing project configuration?' - }) - if (isCancel(overwrite)) { - upsertProjectRootConfig = false - } -} +await this.handleExistingConfigurations(parsedData) ``` - [ ] Apply this suggestion Suggestion importance[1-10]: 7 Why: Refactoring to separate the logic for checking and handling existing configurations improves code maintainability and readability. However, it does not address any critical issues.	7
Possible bug	Add checks to ensure the child process exists before attempting to kill it ___ Implement a mechanism to handle the case where `childProcess.pid` is undefined to avoid potential runtime errors when attempting to kill an undefined process. [apps/cli/src/commands/run/run.command.ts [131]](https://github.com/keyshade-xyz/keyshade/pull/289/files#diff-ad2c4906dc4a080f35a9cb6fa4e4992ea00dd9f5b553e8edea6a21e1bc9062deR131-R131) ```diff -process.kill(-childProcess.pid) +if (childProcess && childProcess.pid) { + process.kill(-childProcess.pid); +} else { + Logger.error('Attempted to kill a non-existent process.'); +} ``` - [ ] Apply this suggestion Suggestion importance[1-10]: 8 Why: This suggestion addresses a potential runtime error by ensuring that the child process exists before attempting to kill it, improving the code's robustness.	8
Best practice	Use a structured logger for consistency in logging ___ Replace the direct console logging with a more structured logging approach using a dedicated logger. This will help in maintaining consistent logging formats and potentially managing log levels in a centralized way. [apps/cli/src/commands/configure/configure.command.ts [126-134]](https://github.com/keyshade-xyz/keyshade/pull/289/files#diff-d30472a3d78404f1c212c800887469f7c6269efcf8f1c33275a22ef912e3cd93R126-R134) ```diff -console.log('writing user root config') -console.log('writing project root config') +Logger.info('writing user root config') +Logger.info('writing project root config') ``` - [x] Apply this suggestion Suggestion importance[1-10]: 8 Why: Using a structured logger improves consistency in logging and helps in managing log levels centrally, which is a best practice for maintainable and scalable applications.	8
Best practice	Use exact versions for dependencies to enhance reliability and consistency ___ Consider specifying exact versions for the newly added dependencies to avoid potential issues with automatic updates that might introduce breaking changes or bugs. Using exact versions helps ensure that all environments run the same code, which can be crucial for debugging and reliability. [package.json [159-161]](https://github.com/keyshade-xyz/keyshade/pull/289/files#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519R159-R161) ```diff -"zod": "^3.23.6", -"chalk": "^4.1.2", -"moment": "^2.30.1" +"zod": "3.23.6", +"chalk": "4.1.2", +"moment": "2.30.1" ``` - [ ] Apply this suggestion Suggestion importance[1-10]: 8 Why: Using exact versions for dependencies is a best practice that helps ensure consistency across different environments, reducing the risk of unexpected issues due to automatic updates.	8

keyshade-xyz / keyshade

feat(cli): Added CLI #289

User description

Description

The CLI

Changes in API

Testing the CLI

PR Type

Description

Changes walkthrough 📝

PR Reviewer Guide 🔍

PR Code Suggestions ✨

Codecov Report

Quality Gate passed