From 5b6fa654d650c04bd751e9e2741e30a471bc9a4a Mon Sep 17 00:00:00 2001 From: SiebeBaree Date: Mon, 9 Mar 2026 15:15:26 +0100 Subject: [PATCH 1/2] feat: added support for SDK --- src/cmd/index.ts | 2 + src/cmd/sdk.ts | 62 ++++++++++++++++++++++++++ src/env.ts | 4 +- src/providers/enkryptify/auth.ts | 2 +- src/providers/enkryptify/httpClient.ts | 3 +- 5 files changed, 69 insertions(+), 4 deletions(-) create mode 100644 src/cmd/sdk.ts diff --git a/src/cmd/index.ts b/src/cmd/index.ts index 7abf875..91af3ad 100644 --- a/src/cmd/index.ts +++ b/src/cmd/index.ts @@ -5,6 +5,7 @@ import { registerListCommand } from "@/cmd/listCommand"; import { registerLoginCommand } from "@/cmd/login"; import { registerRunCommand } from "@/cmd/run"; import { registerRunFileCommand } from "@/cmd/run-file"; +import { registerSdkCommand } from "@/cmd/sdk"; import { registerSetApiUrlCommand } from "@/cmd/setApiUrl"; import { registerUpdateCommand } from "@/cmd/update"; import type { Command } from "commander"; @@ -14,6 +15,7 @@ export function registerCommands(program: Command) { registerConfigureCommand(program); registerRunCommand(program); registerRunFileCommand(program); + registerSdkCommand(program); registerListCommand(program); registerCreateCommand(program); registerDeleteCommand(program); diff --git a/src/cmd/sdk.ts b/src/cmd/sdk.ts new file mode 100644 index 0000000..7799e80 --- /dev/null +++ b/src/cmd/sdk.ts @@ -0,0 +1,62 @@ +import { config } from "@/lib/config"; +import { logError } from "@/lib/error"; +import http from "@/providers/enkryptify/httpClient"; +import type { Command } from "commander"; + +export function registerSdkCommand(program: Command): void { + program + .command("sdk") + .description("Run a command with a read-only Enkryptify SDK token") + .allowUnknownOption() + .allowExcessArguments() + .action(async (_options, cmd: Command) => { + const args = cmd.args as string[]; + if (args.length === 0) { + logError("No command provided. Usage: ek sdk -- "); + process.exit(1); + } + + // 1. Load project config (walks up from cwd) + let setup; + try { + setup = await config.getConfigure(process.cwd()); + } catch { + // getConfigure returns null if not found, doesn't throw + } + + if (!setup || setup.provider !== "enkryptify") { + logError("No Enkryptify project configured in this directory. Run `ek configure` first."); + process.exit(1); + } + + // 2. Create scoped SDK token (read-only, single environment, 8h) + let token: string; + try { + const { data } = await http.post<{ token: string }>( + `/v1/workspace/${setup.workspace_slug}/tokens/cli`, + { environmentId: setup.environment_id }, + ); + token = data.token; + } catch (error) { + logError(error instanceof Error ? error.message : String(error)); + process.exit(1); + } + + // 3. Spawn child process with token injected + const [bin, ...rest] = args; + if (!bin) { + logError("No command provided. Usage: ek sdk -- "); + process.exit(1); + } + + const proc = Bun.spawn([bin, ...rest], { + env: { ...process.env, ENKRYPTIFY_TOKEN: token }, + stdin: "inherit", + stdout: "inherit", + stderr: "inherit", + }); + + const exitCode = await proc.exited; + process.exit(exitCode); + }); +} diff --git a/src/env.ts b/src/env.ts index 862a576..fdebbbc 100644 --- a/src/env.ts +++ b/src/env.ts @@ -19,8 +19,8 @@ function loadApiBaseUrlOverride(): string | undefined { const apiBaseUrlOverride = loadApiBaseUrlOverride(); const defaults = { - API_BASE_URL: apiBaseUrlOverride ?? "https://api.enkryptify.com", - APP_BASE_URL: "https://app.enkryptify.com", + API_BASE_URL: apiBaseUrlOverride ?? "http://localhost:8080", + APP_BASE_URL: "http://localhost:3000", GCP_RESOURCE_MANAGER_API: "https://cloudresourcemanager.googleapis.com/v1", GCP_AUTH_URL: "https://www.googleapis.com/auth/cloud-platform", GCP_AUTH_SCOPES: "https://www.googleapis.com/auth/cloud-platform", diff --git a/src/providers/enkryptify/auth.ts b/src/providers/enkryptify/auth.ts index e629aa9..b35b42e 100644 --- a/src/providers/enkryptify/auth.ts +++ b/src/providers/enkryptify/auth.ts @@ -280,7 +280,7 @@ export class EnkryptifyAuth implements AuthProvider { async getUserInfo(token: string): Promise { const res = await http.get("/v1/me", { headers: { - "X-API-Key": token, + "Authorization": `Bearer ${token}`, }, validateStatus: () => true, }); diff --git a/src/providers/enkryptify/httpClient.ts b/src/providers/enkryptify/httpClient.ts index 0f27334..073578a 100644 --- a/src/providers/enkryptify/httpClient.ts +++ b/src/providers/enkryptify/httpClient.ts @@ -4,7 +4,8 @@ import { createAuthenticatedHttpClient } from "@/lib/sharedHttpClient"; const http = createAuthenticatedHttpClient({ baseURL: env.API_BASE_URL, keyringKey: "enkryptify", - authHeaderName: "X-API-Key", + authHeaderName: "Authorization", + authHeaderPrefix: "Bearer ", }); http.interceptors.request.use((config) => { From 4ae61e41cebe6a1b8f0ae6b08a5d1cb90977c301 Mon Sep 17 00:00:00 2001 From: SiebeBaree Date: Mon, 9 Mar 2026 15:16:34 +0100 Subject: [PATCH 2/2] fix: remove debug code --- src/env.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/env.ts b/src/env.ts index fdebbbc..862a576 100644 --- a/src/env.ts +++ b/src/env.ts @@ -19,8 +19,8 @@ function loadApiBaseUrlOverride(): string | undefined { const apiBaseUrlOverride = loadApiBaseUrlOverride(); const defaults = { - API_BASE_URL: apiBaseUrlOverride ?? "http://localhost:8080", - APP_BASE_URL: "http://localhost:3000", + API_BASE_URL: apiBaseUrlOverride ?? "https://api.enkryptify.com", + APP_BASE_URL: "https://app.enkryptify.com", GCP_RESOURCE_MANAGER_API: "https://cloudresourcemanager.googleapis.com/v1", GCP_AUTH_URL: "https://www.googleapis.com/auth/cloud-platform", GCP_AUTH_SCOPES: "https://www.googleapis.com/auth/cloud-platform",