diff --git a/.gitea/workflows/secrets.yml b/.gitea/workflows/secrets.yml new file mode 100644 index 0000000..14aeea9 --- /dev/null +++ b/.gitea/workflows/secrets.yml @@ -0,0 +1,313 @@ +name: Secrets CLI - Build & Release + +on: + push: + branches: [main] + paths: + - 'src/**' + - 'Cargo.toml' + - 'Cargo.lock' + - '.gitea/workflows/secrets.yml' + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +permissions: + contents: write + +env: + BINARY_NAME: secrets + CARGO_INCREMENTAL: 0 + CARGO_NET_RETRY: 10 + CARGO_TERM_COLOR: always + RUST_BACKTRACE: short + +jobs: + # ========== 版本检查(只跑一次,供后续 job 共用)========== + version: + name: 检查版本 + runs-on: debian + outputs: + version: ${{ steps.version.outputs.version }} + tag: ${{ steps.version.outputs.tag }} + tag_exists: ${{ steps.version.outputs.tag_exists }} + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: 检查版本 + id: version + run: | + version=$(grep -m1 '^version' Cargo.toml | sed 's/.*"\(.*\)".*/\1/') + tag="secrets-${version}" + echo "version=${version}" >> $GITHUB_OUTPUT + echo "tag=${tag}" >> $GITHUB_OUTPUT + + if git rev-parse "refs/tags/${tag}" >/dev/null 2>&1; then + echo "tag_exists=true" >> $GITHUB_OUTPUT + echo "版本 ${tag} 已存在" + else + echo "tag_exists=false" >> $GITHUB_OUTPUT + echo "将创建新版本 ${tag}" + fi + + - name: 创建 Tag + if: steps.version.outputs.tag_exists == 'false' + run: | + git config user.name "github-actions[bot]" + git config user.email "github-actions[bot]@users.noreply.github.com" + git tag -a "${{ steps.version.outputs.tag }}" -m "Release ${{ steps.version.outputs.tag }}" + git push origin "${{ steps.version.outputs.tag }}" + + # ========== 矩阵构建 ========== + build: + name: Build (${{ matrix.target }}) + needs: version + continue-on-error: true # 某平台失败/超时不阻断其他平台和 notify + timeout-minutes: 30 # runner 不在线时 30 分钟后放弃 + strategy: + fail-fast: false + matrix: + include: + - runner: debian + target: x86_64-unknown-linux-musl + archive_suffix: x86_64-linux-musl + os: linux + - runner: darwin-arm64 + target: aarch64-apple-darwin + archive_suffix: aarch64-macos + os: macos + - runner: windows + target: x86_64-pc-windows-msvc + archive_suffix: x86_64-windows + os: windows + + runs-on: ${{ matrix.runner }} + steps: + # ========== 环境准备 ========== + - name: 安装依赖 (Linux) + if: matrix.os == 'linux' + run: | + sudo apt-get update + sudo apt-get install -y jq curl git pkg-config musl-tools binutils + + if ! command -v cargo &>/dev/null; then + echo "安装 Rust 工具链..." + curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain stable + source "$HOME/.cargo/env" + rustup component add rustfmt clippy + fi + + rustup target add ${{ matrix.target }} + echo "$HOME/.cargo/bin" >> $GITHUB_PATH + + - name: 安装依赖 (macOS) + if: matrix.os == 'macos' + run: | + brew install jq + + if ! command -v cargo &>/dev/null; then + echo "安装 Rust 工具链..." + curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain stable + source "$HOME/.cargo/env" + rustup component add rustfmt clippy + fi + + rustup target add ${{ matrix.target }} + echo "$HOME/.cargo/bin" >> $GITHUB_PATH + + - name: 安装依赖 (Windows) + if: matrix.os == 'windows' + shell: pwsh + run: | + # 检查 Rust 是否已安装 + if (-not (Get-Command cargo -ErrorAction SilentlyContinue)) { + Write-Host "安装 Rust 工具链..." + Invoke-WebRequest -Uri "https://win.rustup.rs/x86_64" -OutFile rustup-init.exe + .\rustup-init.exe -y --default-toolchain stable + Remove-Item rustup-init.exe + } + rustup component add rustfmt clippy + rustup target add ${{ matrix.target }} + + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + # ========== Cargo 缓存 ========== + - name: 缓存 Cargo 依赖 + uses: actions/cache@v4 + with: + path: | + ~/.cargo/registry/index + ~/.cargo/registry/cache + ~/.cargo/git/db + target + key: cargo-secrets-${{ matrix.target }}-${{ hashFiles('Cargo.lock') }} + restore-keys: | + cargo-secrets-${{ matrix.target }}- + + - name: 检查代码格式 + if: matrix.os != 'windows' + run: cargo fmt -- --check + + - name: 检查代码格式 (Windows) + if: matrix.os == 'windows' + shell: pwsh + run: cargo fmt -- --check + + - name: 运行 Clippy 检查 + if: matrix.os != 'windows' + run: cargo clippy --release --target ${{ matrix.target }} -- -D warnings + + - name: 运行 Clippy 检查 (Windows) + if: matrix.os == 'windows' + shell: pwsh + run: cargo clippy --release --target ${{ matrix.target }} -- -D warnings + + - name: 构建 + if: matrix.os != 'windows' + env: + GIT_TAG: ${{ needs.version.outputs.version }} + run: cargo build --release --target ${{ matrix.target }} --verbose + + - name: 构建 (Windows) + if: matrix.os == 'windows' + shell: pwsh + env: + GIT_TAG: ${{ needs.version.outputs.version }} + run: cargo build --release --target ${{ matrix.target }} --verbose + + - name: Strip 二进制 (Linux) + if: matrix.os == 'linux' + run: strip target/${{ matrix.target }}/release/${{ env.BINARY_NAME }} + + - name: Strip 二进制 (macOS) + if: matrix.os == 'macos' + run: strip -x target/${{ matrix.target }}/release/${{ env.BINARY_NAME }} + + # ========== 上传 Release 产物 ========== + - name: 上传 Release 产物 (Linux/macOS) + if: needs.version.outputs.tag_exists == 'false' && matrix.os != 'windows' + env: + RELEASE_TOKEN: ${{ secrets.RELEASE_TOKEN }} + run: | + [ -z "$RELEASE_TOKEN" ] && echo "跳过:未配置 RELEASE_TOKEN" && exit 0 + + tag="${{ needs.version.outputs.tag }}" + binary="target/${{ matrix.target }}/release/${{ env.BINARY_NAME }}" + archive="${{ env.BINARY_NAME }}-${tag}-${{ matrix.archive_suffix }}.tar.gz" + + tar -czf "$archive" -C "$(dirname $binary)" "$(basename $binary)" + + # 查找已有 Release(由首个完成的 job 创建,后续 job 直接上传) + release_url="${{ github.server_url }}/api/v1/repos/${{ github.repository }}/releases" + release_id=$(curl -sS -H "Authorization: token $RELEASE_TOKEN" \ + "${release_url}/tags/${tag}" | jq -r '.id // empty') + + if [ -z "$release_id" ]; then + release_id=$(curl -sS -H "Authorization: token $RELEASE_TOKEN" \ + -H "Content-Type: application/json" \ + -X POST "$release_url" \ + -d "{\"tag_name\": \"${tag}\", \"name\": \"${tag}\", \"body\": \"Release ${tag}\"}" \ + | jq -r '.id') + fi + + upload_url="${{ github.server_url }}/api/v1/repos/${{ github.repository }}/releases/${release_id}/assets" + curl -sS -H "Authorization: token $RELEASE_TOKEN" \ + -F "attachment=@${archive}" \ + "$upload_url" + + echo "已上传: ${archive} → Release ${tag}" + + - name: 上传 Release 产物 (Windows) + if: needs.version.outputs.tag_exists == 'false' && matrix.os == 'windows' + shell: pwsh + env: + RELEASE_TOKEN: ${{ secrets.RELEASE_TOKEN }} + run: | + if (-not $env:RELEASE_TOKEN) { Write-Host "跳过:未配置 RELEASE_TOKEN"; exit 0 } + + $tag = "${{ needs.version.outputs.tag }}" + $binary = "target\${{ matrix.target }}\release\${{ env.BINARY_NAME }}.exe" + $archive = "${{ env.BINARY_NAME }}-${tag}-${{ matrix.archive_suffix }}.zip" + + Compress-Archive -Path $binary -DestinationPath $archive + + $headers = @{ "Authorization" = "token $env:RELEASE_TOKEN"; "Content-Type" = "application/json" } + $release_url = "${{ github.server_url }}/api/v1/repos/${{ github.repository }}/releases" + + # 查找已有 Release + $existing = Invoke-RestMethod -Uri "${release_url}/tags/${tag}" -Headers $headers -ErrorAction SilentlyContinue + if ($existing.id) { + $release_id = $existing.id + } else { + $body = @{ tag_name = $tag; name = $tag; body = "Release ${tag}" } | ConvertTo-Json + $release_id = (Invoke-RestMethod -Uri $release_url -Method Post -Headers $headers -Body $body).id + } + + $upload_url = "${release_url}/${release_id}/assets" + $upload_headers = @{ "Authorization" = "token $env:RELEASE_TOKEN" } + $form = @{ attachment = Get-Item $archive } + Invoke-RestMethod -Uri $upload_url -Method Post -Headers $upload_headers -Form $form + + Write-Host "已上传: ${archive} → Release ${tag}" + + # ========== 汇总通知 ========== + notify: + name: 发送通知 + needs: [version, build] + if: always() && github.event_name == 'push' + runs-on: debian + steps: + - uses: actions/checkout@v4 + + - name: 发送通知 + continue-on-error: true + env: + WEBHOOK_URL: ${{ vars.WEBHOOK_URL }} + run: | + [ -z "$WEBHOOK_URL" ] && exit 0 + + tag="${{ needs.version.outputs.tag }}" + tag_exists="${{ needs.version.outputs.tag_exists }}" + build_result="${{ needs.build.result }}" + + if [ "$build_result" = "success" ]; then + status_text="构建成功 ✅" + else + status_text="构建失败 ❌" + fi + + commit_title=$(git log -1 --pretty=format:"%s" 2>/dev/null || echo "N/A") + workflow_url="${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_number }}" + + if [ "$build_result" != "success" ]; then + payload=$(jq -n \ + --arg title "${{ env.BINARY_NAME }} ${status_text}" \ + --arg commit "$commit_title" \ + --arg version "$tag" \ + --arg author "${{ github.actor }}" \ + --arg url "$workflow_url" \ + '{msg_type: "text", content: {text: "\($title)\n提交:\($commit)\n版本:\($version)\n作者:\($author)\n详情:\($url)"}}') + elif [ "$tag_exists" = "false" ]; then + payload=$(jq -n \ + --arg title "${{ env.BINARY_NAME }} ${status_text}" \ + --arg commit "$commit_title" \ + --arg version "$tag" \ + --arg author "${{ github.actor }}" \ + --arg url "$workflow_url" \ + '{msg_type: "text", content: {text: "\($title)\n🆕 新版本已发布 (linux / macOS / windows)\n提交:\($commit)\n版本:\($version)\n作者:\($author)\n详情:\($url)"}}') + else + payload=$(jq -n \ + --arg title "${{ env.BINARY_NAME }} ${status_text}" \ + --arg commit "$commit_title" \ + --arg version "$tag" \ + --arg author "${{ github.actor }}" \ + --arg url "$workflow_url" \ + '{msg_type: "text", content: {text: "\($title)\n🔄 重复构建\n提交:\($commit)\n版本:\($version)\n作者:\($author)\n详情:\($url)"}}') + fi + + curl -sS -H "Content-Type: application/json" -X POST -d "$payload" "$WEBHOOK_URL" diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..fedaa2b --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +/target +.env diff --git a/.vscode/tasks.json b/.vscode/tasks.json new file mode 100644 index 0000000..1810e36 --- /dev/null +++ b/.vscode/tasks.json @@ -0,0 +1,107 @@ +{ + "version": "2.0.0", + "tasks": [ + { + "label": "build", + "type": "shell", + "command": "cargo build", + "group": { "kind": "build", "isDefault": true } + }, + { + "label": "cli: version", + "type": "shell", + "command": "./target/debug/secrets -V", + "dependsOn": "build" + }, + { + "label": "cli: help", + "type": "shell", + "command": "./target/debug/secrets --help", + "dependsOn": "build" + }, + { + "label": "cli: help add", + "type": "shell", + "command": "./target/debug/secrets help add", + "dependsOn": "build" + }, + { + "label": "test: search all", + "type": "shell", + "command": "./target/debug/secrets search", + "dependsOn": "build" + }, + { + "label": "test: search by namespace (refining)", + "type": "shell", + "command": "./target/debug/secrets search -n refining", + "dependsOn": "build" + }, + { + "label": "test: search by namespace (ricnsmart)", + "type": "shell", + "command": "./target/debug/secrets search -n ricnsmart", + "dependsOn": "build" + }, + { + "label": "test: search servers", + "type": "shell", + "command": "./target/debug/secrets search --kind server", + "dependsOn": "build" + }, + { + "label": "test: search services", + "type": "shell", + "command": "./target/debug/secrets search --kind service", + "dependsOn": "build" + }, + { + "label": "test: search keys", + "type": "shell", + "command": "./target/debug/secrets search --kind key", + "dependsOn": "build" + }, + { + "label": "test: search by tag (aliyun)", + "type": "shell", + "command": "./target/debug/secrets search --tag aliyun", + "dependsOn": "build" + }, + { + "label": "test: search by tag (hongkong)", + "type": "shell", + "command": "./target/debug/secrets search --tag hongkong", + "dependsOn": "build" + }, + { + "label": "test: search keyword (gitea)", + "type": "shell", + "command": "./target/debug/secrets search -q gitea", + "dependsOn": "build" + }, + { + "label": "test: search with secrets revealed", + "type": "shell", + "command": "./target/debug/secrets search -n refining --kind service --name gitea --show-secrets", + "dependsOn": "build" + }, + { + "label": "test: combined search (ricnsmart + server + shanghai)", + "type": "shell", + "command": "./target/debug/secrets search -n ricnsmart --kind server --tag shanghai", + "dependsOn": "build" + }, + { + "label": "test: add + delete roundtrip", + "type": "shell", + "command": "echo '--- add ---' && ./target/debug/secrets add -n test --kind demo --name roundtrip-test --tag test -m foo=bar -s password=secret123 && echo '--- search ---' && ./target/debug/secrets search -n test --show-secrets && echo '--- delete ---' && ./target/debug/secrets delete -n test --kind demo --name roundtrip-test && echo '--- verify deleted ---' && ./target/debug/secrets search -n test", + "dependsOn": "build" + }, + { + "label": "test: add with file secret", + "type": "shell", + "command": "echo '--- add key from file ---' && ./target/debug/secrets add -n test --kind key --name test-key --tag test -s content=@./refining/keys/Vultr && echo '--- verify ---' && ./target/debug/secrets search -n test --kind key --show-secrets && echo '--- cleanup ---' && ./target/debug/secrets delete -n test --kind key --name test-key", + "dependsOn": "build" + } + ] +} diff --git a/AGENTS.md b/AGENTS.md new file mode 100644 index 0000000..1febb54 --- /dev/null +++ b/AGENTS.md @@ -0,0 +1,130 @@ +# Secrets CLI — AGENTS.md + +跨设备密钥与配置管理 CLI 工具,将 refining / ricnsmart 两个项目的服务器信息、服务凭据存储到 PostgreSQL 18,供 AI 工具读取上下文。 + +## 项目结构 + +``` +secrets/ + src/ + main.rs # CLI 入口,clap 命令定义,auto-migrate + db.rs # PgPool 创建 + 建表/索引(幂等) + models.rs # Secret 结构体(sqlx::FromRow + serde) + commands/ + add.rs # add 命令:upsert,支持 --meta key=value / --secret key=@file + search.rs # search 命令:多条件动态查询 + delete.rs # delete 命令 + scripts/ + seed-data.sh # 从 refining/ricnsmart config.toml 导入全量数据 + .gitea/workflows/ + secrets.yml # CI:fmt + clippy + musl 构建 + Release 上传 + 飞书通知 + .vscode/tasks.json # 本地测试任务(build / search / add+delete roundtrip 等) + .env # DATABASE_URL(gitignore,不提交) +``` + +## 数据库 + +- **Host**: `47.117.131.22:5432`(阿里云上海 ECS,PostgreSQL 18 with io_uring) +- **Database**: `secrets` +- **连接串**: `postgres://postgres:@47.117.131.22:5432/secrets` +- **表**: 单张 `secrets` 表,首次连接自动建表(auto-migrate) + +### 表结构 + +```sql +secrets ( + id UUID PRIMARY KEY DEFAULT uuidv7(), -- PG18 时间有序 UUID + namespace VARCHAR(64) NOT NULL, -- 一级隔离: "refining" | "ricnsmart" + kind VARCHAR(64) NOT NULL, -- 类型: "server" | "service"(可扩展) + name VARCHAR(256) NOT NULL, -- 人类可读标识 + tags TEXT[] NOT NULL DEFAULT '{}', -- 灵活标签: ["aliyun","hongkong"] + metadata JSONB NOT NULL DEFAULT '{}', -- 明文描述: ip, desc, domains, location... + encrypted JSONB NOT NULL DEFAULT '{}', -- 敏感数据: ssh_key, password, token... + created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), + updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), + UNIQUE(namespace, kind, name) +) +``` + +### 字段职责划分 + +| 字段 | 存什么 | 示例 | +|------|--------|------| +| `namespace` | 项目/团队隔离 | `refining`, `ricnsmart` | +| `kind` | 记录类型 | `server`, `service` | +| `name` | 唯一标识名 | `i-uf63f2uookgs5uxmrdyc`, `gitea` | +| `tags` | 多维分类标签 | `["aliyun","hongkong","ricn"]` | +| `metadata` | 明文非敏感信息 | `{"ip":"47.243.154.187","desc":"Grafana","domains":["..."]}` | +| `encrypted` | 敏感凭据(MVP 阶段明文存储,后续对 value 加密) | `{"ssh_key":"-----BEGIN...","password":"..."}` | + +## CLI 命令 + +```bash +# 查看版本 +secrets -V / --version + +# 查看帮助 +secrets -h / --help +secrets help # 子命令详细帮助,如 secrets help add + +# 添加或更新记录(upsert) +secrets add -n --kind --name \ + [--tag ]... # 可重复 + [-m key=value]... # --meta 明文字段,-m 是短标志 + [-s key=value]... # --secret 敏感字段,value 以 @ 开头表示从文件读取 + +# 搜索(默认隐藏 encrypted 内容) +secrets search [-n ] [--kind ] [--tag ] [-q ] [--show-secrets] +# -q 匹配范围:name、namespace、kind、metadata 全文内容、tags + +# 删除 +secrets delete -n --kind --name +``` + +### 示例 + +```bash +# 添加服务器 +secrets add -n refining --kind server --name i-uf63f2uookgs5uxmrdyc \ + --tag aliyun --tag shanghai \ + -m ip=47.117.131.22 -m desc="Aliyun Shanghai ECS" \ + -s username=root -s ssh_key=@./keys/voson_shanghai_e.pem + +# 添加服务凭据 +secrets add -n refining --kind service --name gitea \ + --tag gitea \ + -m url=https://gitea.refining.dev \ + -s token= + +# 搜索含 mqtt 的所有记录 +secrets search -q mqtt + +# 查看 refining 的全部服务配置(显示 secrets) +secrets search -n refining --kind service --show-secrets + +# 按 tag 筛选 +secrets search --tag hongkong +``` + +## 代码规范 + +- 错误处理:统一使用 `anyhow::Result`,不用 `unwrap()` +- 异步:全程 `tokio`,数据库操作 `sqlx` async +- SQL:使用 `sqlx::query` / `sqlx::query_as` 绑定参数,禁止字符串拼接(搜索的动态 WHERE 子句除外,需使用参数绑定 `$1/$2`) +- 新增 `kind` 类型时:只需在 `add` 调用时传入,无需改代码 +- 字段命名:CLI 短标志 `-n`=namespace,`-m`=meta,`-s`=secret,`-q`=query + +## CI/CD + +- Gitea Actions(runner: debian) +- 触发:`src/**`、`Cargo.toml`、`Cargo.lock` 变更推送到 main +- 构建目标:`x86_64-unknown-linux-musl`(静态链接,无 glibc 依赖) +- 新版本自动打 Tag(格式 `secrets-`)并上传二进制到 Gitea Release +- 通知:飞书 Webhook(`vars.WEBHOOK_URL`) +- 所需 secrets/vars:`RELEASE_TOKEN`(Release 上传,Gitea PAT)、`vars.WEBHOOK_URL`(通知,可选) + +## 环境变量 + +| 变量 | 说明 | +|------|------| +| `DATABASE_URL` | PostgreSQL 连接串,优先级高于 `--db-url` 参数 | diff --git a/Cargo.lock b/Cargo.lock new file mode 100644 index 0000000..36bf7ac --- /dev/null +++ b/Cargo.lock @@ -0,0 +1,2400 @@ +# This file is automatically @generated by Cargo. +# It is not intended for manual editing. +version = 4 + +[[package]] +name = "allocator-api2" +version = "0.2.21" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "683d7910e743518b0e34f1186f92494becacb047c7b6bf616c96772180fef923" + +[[package]] +name = "android_system_properties" +version = "0.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "819e7219dbd41043ac279b19830f2efc897156490d7fd6ea916720117ee66311" +dependencies = [ + "libc", +] + +[[package]] +name = "anstream" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "824a212faf96e9acacdbd09febd34438f8f711fb84e09a8916013cd7815ca28d" +dependencies = [ + "anstyle", + "anstyle-parse", + "anstyle-query", + "anstyle-wincon", + "colorchoice", + "is_terminal_polyfill", + "utf8parse", +] + +[[package]] +name = "anstyle" +version = "1.0.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "940b3a0ca603d1eade50a4846a2afffd5ef57a9feac2c0e2ec2e14f9ead76000" + +[[package]] +name = "anstyle-parse" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "52ce7f38b242319f7cabaa6813055467063ecdc9d355bbb4ce0c68908cd8130e" +dependencies = [ + "utf8parse", +] + +[[package]] +name = "anstyle-query" +version = "1.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "40c48f72fd53cd289104fc64099abca73db4166ad86ea0b4341abe65af83dadc" +dependencies = [ + "windows-sys 0.61.2", +] + +[[package]] +name = "anstyle-wincon" +version = "3.0.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "291e6a250ff86cd4a820112fb8898808a366d8f9f58ce16d1f538353ad55747d" +dependencies = [ + "anstyle", + "once_cell_polyfill", + "windows-sys 0.61.2", +] + +[[package]] +name = "anyhow" +version = "1.0.102" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7f202df86484c868dbad7eaa557ef785d5c66295e41b460ef922eca0723b842c" + +[[package]] +name = "atoi" +version = "2.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f28d99ec8bfea296261ca1af174f24225171fea9664ba9003cbebee704810528" +dependencies = [ + "num-traits", +] + +[[package]] +name = "autocfg" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c08606f8c3cbf4ce6ec8e28fb0014a2c086708fe954eaa885384a6165172e7e8" + +[[package]] +name = "base64" +version = "0.22.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6" + +[[package]] +name = "base64ct" +version = "1.8.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2af50177e190e07a26ab74f8b1efbfe2ef87da2116221318cb1c2e82baf7de06" + +[[package]] +name = "bitflags" +version = "2.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "843867be96c8daad0d758b57df9392b6d8d271134fce549de6ce169ff98a92af" +dependencies = [ + "serde_core", +] + +[[package]] +name = "block-buffer" +version = "0.10.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3078c7629b62d3f0439517fa394996acacc5cbc91c5a20d8c658e77abd503a71" +dependencies = [ + "generic-array", +] + +[[package]] +name = "bumpalo" +version = "3.20.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5d20789868f4b01b2f2caec9f5c4e0213b41e3e5702a50157d699ae31ced2fcb" + +[[package]] +name = "byteorder" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b" + +[[package]] +name = "bytes" +version = "1.11.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1e748733b7cbc798e1434b6ac524f0c1ff2ab456fe201501e6497c8417a4fc33" + +[[package]] +name = "cc" +version = "1.2.57" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7a0dd1ca384932ff3641c8718a02769f1698e7563dc6974ffd03346116310423" +dependencies = [ + "find-msvc-tools", + "shlex", +] + +[[package]] +name = "cfg-if" +version = "1.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9330f8b2ff13f34540b44e946ef35111825727b38d33286ef986142615121801" + +[[package]] +name = "chrono" +version = "0.4.44" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c673075a2e0e5f4a1dde27ce9dee1ea4558c7ffe648f576438a20ca1d2acc4b0" +dependencies = [ + "iana-time-zone", + "js-sys", + "num-traits", + "serde", + "wasm-bindgen", + "windows-link", +] + +[[package]] +name = "clap" +version = "4.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b193af5b67834b676abd72466a96c1024e6a6ad978a1f484bd90b85c94041351" +dependencies = [ + "clap_builder", + "clap_derive", +] + +[[package]] +name = "clap_builder" +version = "4.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "714a53001bf66416adb0e2ef5ac857140e7dc3a0c48fb28b2f10762fc4b5069f" +dependencies = [ + "anstream", + "anstyle", + "clap_lex", + "strsim", +] + +[[package]] +name = "clap_derive" +version = "4.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1110bd8a634a1ab8cb04345d8d878267d57c3cf1b38d91b71af6686408bbca6a" +dependencies = [ + "heck", + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "clap_lex" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c8d4a3bb8b1e0c1050499d1815f5ab16d04f0959b233085fb31653fbfc9d98f9" + +[[package]] +name = "colorchoice" +version = "1.0.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1d07550c9036bf2ae0c684c4297d503f838287c83c53686d05370d0e139ae570" + +[[package]] +name = "concurrent-queue" +version = "2.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4ca0197aee26d1ae37445ee532fefce43251d24cc7c166799f4d46817f1d3973" +dependencies = [ + "crossbeam-utils", +] + +[[package]] +name = "const-oid" +version = "0.9.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8" + +[[package]] +name = "core-foundation" +version = "0.10.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b2a6cd9ae233e7f62ba4e9353e81a88df7fc8a5987b8d445b4d90c879bd156f6" +dependencies = [ + "core-foundation-sys", + "libc", +] + +[[package]] +name = "core-foundation-sys" +version = "0.8.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "773648b94d0e5d620f64f280777445740e61fe701025087ec8b57f45c791888b" + +[[package]] +name = "cpufeatures" +version = "0.2.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "59ed5838eebb26a2bb2e58f6d5b5316989ae9d08bab10e0e6d103e656d1b0280" +dependencies = [ + "libc", +] + +[[package]] +name = "crc" +version = "3.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5eb8a2a1cd12ab0d987a5d5e825195d372001a4094a0376319d5a0ad71c1ba0d" +dependencies = [ + "crc-catalog", +] + +[[package]] +name = "crc-catalog" +version = "2.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "19d374276b40fb8bbdee95aef7c7fa6b5316ec764510eb64b8dd0e2ed0d7e7f5" + +[[package]] +name = "crossbeam-queue" +version = "0.3.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0f58bbc28f91df819d0aa2a2c00cd19754769c2fad90579b3592b1c9ba7a3115" +dependencies = [ + "crossbeam-utils", +] + +[[package]] +name = "crossbeam-utils" +version = "0.8.21" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d0a5c400df2834b80a4c3327b3aad3a4c4cd4de0629063962b03235697506a28" + +[[package]] +name = "crypto-common" +version = "0.1.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "78c8292055d1c1df0cce5d180393dc8cce0abec0a7102adb6c7b1eef6016d60a" +dependencies = [ + "generic-array", + "typenum", +] + +[[package]] +name = "der" +version = "0.7.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e7c1832837b905bbfb5101e07cc24c8deddf52f93225eee6ead5f4d63d53ddcb" +dependencies = [ + "const-oid", + "pem-rfc7468", + "zeroize", +] + +[[package]] +name = "digest" +version = "0.10.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292" +dependencies = [ + "block-buffer", + "const-oid", + "crypto-common", + "subtle", +] + +[[package]] +name = "displaydoc" +version = "0.2.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "97369cbbc041bc366949bc74d34658d6cda5621039731c6310521892a3a20ae0" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "dotenvy" +version = "0.15.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1aaf95b3e5c8f23aa320147307562d361db0ae0d51242340f558153b4eb2439b" + +[[package]] +name = "either" +version = "1.15.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "48c757948c5ede0e46177b7add2e67155f70e33c07fea8284df6576da70b3719" +dependencies = [ + "serde", +] + +[[package]] +name = "equivalent" +version = "1.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "877a4ace8713b0bcf2a4e7eec82529c029f1d0619886d18145fea96c3ffe5c0f" + +[[package]] +name = "errno" +version = "0.3.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "39cab71617ae0d63f51a36d69f866391735b51691dbda63cf6f96d042b63efeb" +dependencies = [ + "libc", + "windows-sys 0.61.2", +] + +[[package]] +name = "etcetera" +version = "0.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "136d1b5283a1ab77bd9257427ffd09d8667ced0570b6f938942bc7568ed5b943" +dependencies = [ + "cfg-if", + "home", + "windows-sys 0.48.0", +] + +[[package]] +name = "event-listener" +version = "5.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e13b66accf52311f30a0db42147dadea9850cb48cd070028831ae5f5d4b856ab" +dependencies = [ + "concurrent-queue", + "parking", + "pin-project-lite", +] + +[[package]] +name = "fastrand" +version = "2.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "37909eebbb50d72f9059c3b6d82c0463f2ff062c9e95845c43a6c9c0355411be" + +[[package]] +name = "find-msvc-tools" +version = "0.1.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5baebc0774151f905a1a2cc41989300b1e6fbb29aff0ceffa1064fdd3088d582" + +[[package]] +name = "flume" +version = "0.11.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "da0e4dd2a88388a1f4ccc7c9ce104604dab68d9f408dc34cd45823d5a9069095" +dependencies = [ + "futures-core", + "futures-sink", + "spin", +] + +[[package]] +name = "foldhash" +version = "0.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d9c4f5dac5e15c24eb999c26181a6ca40b39fe946cbe4c263c7209467bc83af2" + +[[package]] +name = "foreign-types" +version = "0.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1" +dependencies = [ + "foreign-types-shared", +] + +[[package]] +name = "foreign-types-shared" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b" + +[[package]] +name = "form_urlencoded" +version = "1.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cb4cb245038516f5f85277875cdaa4f7d2c9a0fa0468de06ed190163b1581fcf" +dependencies = [ + "percent-encoding", +] + +[[package]] +name = "futures-channel" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "07bbe89c50d7a535e539b8c17bc0b49bdb77747034daa8087407d655f3f7cc1d" +dependencies = [ + "futures-core", + "futures-sink", +] + +[[package]] +name = "futures-core" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7e3450815272ef58cec6d564423f6e755e25379b217b0bc688e295ba24df6b1d" + +[[package]] +name = "futures-executor" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "baf29c38818342a3b26b5b923639e7b1f4a61fc5e76102d4b1981c6dc7a7579d" +dependencies = [ + "futures-core", + "futures-task", + "futures-util", +] + +[[package]] +name = "futures-intrusive" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1d930c203dd0b6ff06e0201a4a2fe9149b43c684fd4420555b26d21b1a02956f" +dependencies = [ + "futures-core", + "lock_api", + "parking_lot", +] + +[[package]] +name = "futures-io" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cecba35d7ad927e23624b22ad55235f2239cfa44fd10428eecbeba6d6a717718" + +[[package]] +name = "futures-sink" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c39754e157331b013978ec91992bde1ac089843443c49cbc7f46150b0fad0893" + +[[package]] +name = "futures-task" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "037711b3d59c33004d3856fbdc83b99d4ff37a24768fa1be9ce3538a1cde4393" + +[[package]] +name = "futures-util" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "389ca41296e6190b48053de0321d02a77f32f8a5d2461dd38762c0593805c6d6" +dependencies = [ + "futures-core", + "futures-io", + "futures-sink", + "futures-task", + "memchr", + "pin-project-lite", + "slab", +] + +[[package]] +name = "generic-array" +version = "0.14.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a" +dependencies = [ + "typenum", + "version_check", +] + +[[package]] +name = "getrandom" +version = "0.2.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ff2abc00be7fca6ebc474524697ae276ad847ad0a6b3faa4bcb027e9a4614ad0" +dependencies = [ + "cfg-if", + "libc", + "wasi", +] + +[[package]] +name = "getrandom" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0de51e6874e94e7bf76d726fc5d13ba782deca734ff60d5bb2fb2607c7406555" +dependencies = [ + "cfg-if", + "libc", + "r-efi", + "wasip2", + "wasip3", +] + +[[package]] +name = "hashbrown" +version = "0.15.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9229cfe53dfd69f0609a49f65461bd93001ea1ef889cd5529dd176593f5338a1" +dependencies = [ + "allocator-api2", + "equivalent", + "foldhash", +] + +[[package]] +name = "hashbrown" +version = "0.16.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "841d1cc9bed7f9236f321df977030373f4a4163ae1a7dbfe1a51a2c1a51d9100" + +[[package]] +name = "hashlink" +version = "0.10.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7382cf6263419f2d8df38c55d7da83da5c18aef87fc7a7fc1fb1e344edfe14c1" +dependencies = [ + "hashbrown 0.15.5", +] + +[[package]] +name = "heck" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea" + +[[package]] +name = "hex" +version = "0.4.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70" + +[[package]] +name = "hkdf" +version = "0.12.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7b5f8eb2ad728638ea2c7d47a21db23b7b58a72ed6a38256b8a1849f15fbbdf7" +dependencies = [ + "hmac", +] + +[[package]] +name = "hmac" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e" +dependencies = [ + "digest", +] + +[[package]] +name = "home" +version = "0.5.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cc627f471c528ff0c4a49e1d5e60450c8f6461dd6d10ba9dcd3a61d3dff7728d" +dependencies = [ + "windows-sys 0.61.2", +] + +[[package]] +name = "iana-time-zone" +version = "0.1.65" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e31bc9ad994ba00e440a8aa5c9ef0ec67d5cb5e5cb0cc7f8b744a35b389cc470" +dependencies = [ + "android_system_properties", + "core-foundation-sys", + "iana-time-zone-haiku", + "js-sys", + "log", + "wasm-bindgen", + "windows-core", +] + +[[package]] +name = "iana-time-zone-haiku" +version = "0.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f31827a206f56af32e590ba56d5d2d085f558508192593743f16b2306495269f" +dependencies = [ + "cc", +] + +[[package]] +name = "icu_collections" +version = "2.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4c6b649701667bbe825c3b7e6388cb521c23d88644678e83c0c4d0a621a34b43" +dependencies = [ + "displaydoc", + "potential_utf", + "yoke", + "zerofrom", + "zerovec", +] + +[[package]] +name = "icu_locale_core" +version = "2.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "edba7861004dd3714265b4db54a3c390e880ab658fec5f7db895fae2046b5bb6" +dependencies = [ + "displaydoc", + "litemap", + "tinystr", + "writeable", + "zerovec", +] + +[[package]] +name = "icu_normalizer" +version = "2.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5f6c8828b67bf8908d82127b2054ea1b4427ff0230ee9141c54251934ab1b599" +dependencies = [ + "icu_collections", + "icu_normalizer_data", + "icu_properties", + "icu_provider", + "smallvec", + "zerovec", +] + +[[package]] +name = "icu_normalizer_data" +version = "2.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7aedcccd01fc5fe81e6b489c15b247b8b0690feb23304303a9e560f37efc560a" + +[[package]] +name = "icu_properties" +version = "2.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "020bfc02fe870ec3a66d93e677ccca0562506e5872c650f893269e08615d74ec" +dependencies = [ + "icu_collections", + "icu_locale_core", + "icu_properties_data", + "icu_provider", + "zerotrie", + "zerovec", +] + +[[package]] +name = "icu_properties_data" +version = "2.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "616c294cf8d725c6afcd8f55abc17c56464ef6211f9ed59cccffe534129c77af" + +[[package]] +name = "icu_provider" +version = "2.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "85962cf0ce02e1e0a629cc34e7ca3e373ce20dda4c4d7294bbd0bf1fdb59e614" +dependencies = [ + "displaydoc", + "icu_locale_core", + "writeable", + "yoke", + "zerofrom", + "zerotrie", + "zerovec", +] + +[[package]] +name = "id-arena" +version = "2.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3d3067d79b975e8844ca9eb072e16b31c3c1c36928edf9c6789548c524d0d954" + +[[package]] +name = "idna" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3b0875f23caa03898994f6ddc501886a45c7d3d62d04d2d90788d47be1b1e4de" +dependencies = [ + "idna_adapter", + "smallvec", + "utf8_iter", +] + +[[package]] +name = "idna_adapter" +version = "1.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3acae9609540aa318d1bc588455225fb2085b9ed0c4f6bd0d9d5bcd86f1a0344" +dependencies = [ + "icu_normalizer", + "icu_properties", +] + +[[package]] +name = "indexmap" +version = "2.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7714e70437a7dc3ac8eb7e6f8df75fd8eb422675fc7678aff7364301092b1017" +dependencies = [ + "equivalent", + "hashbrown 0.16.1", + "serde", + "serde_core", +] + +[[package]] +name = "is_terminal_polyfill" +version = "1.70.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a6cb138bb79a146c1bd460005623e142ef0181e3d0219cb493e02f7d08a35695" + +[[package]] +name = "itoa" +version = "1.0.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "92ecc6618181def0457392ccd0ee51198e065e016d1d527a7ac1b6dc7c1f09d2" + +[[package]] +name = "js-sys" +version = "0.3.91" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b49715b7073f385ba4bc528e5747d02e66cb39c6146efb66b781f131f0fb399c" +dependencies = [ + "once_cell", + "wasm-bindgen", +] + +[[package]] +name = "lazy_static" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe" +dependencies = [ + "spin", +] + +[[package]] +name = "leb128fmt" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "09edd9e8b54e49e587e4f6295a7d29c3ea94d469cb40ab8ca70b288248a81db2" + +[[package]] +name = "libc" +version = "0.2.183" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b5b646652bf6661599e1da8901b3b9522896f01e736bad5f723fe7a3a27f899d" + +[[package]] +name = "libm" +version = "0.2.16" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b6d2cec3eae94f9f509c767b45932f1ada8350c4bdb85af2fcab4a3c14807981" + +[[package]] +name = "libredox" +version = "0.1.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1744e39d1d6a9948f4f388969627434e31128196de472883b39f148769bfe30a" +dependencies = [ + "bitflags", + "libc", + "plain", + "redox_syscall 0.7.3", +] + +[[package]] +name = "libsqlite3-sys" +version = "0.30.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2e99fb7a497b1e3339bc746195567ed8d3e24945ecd636e3619d20b9de9e9149" +dependencies = [ + "pkg-config", + "vcpkg", +] + +[[package]] +name = "linux-raw-sys" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "32a66949e030da00e8c7d4434b251670a91556f4144941d37452769c25d58a53" + +[[package]] +name = "litemap" +version = "0.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6373607a59f0be73a39b6fe456b8192fcc3585f602af20751600e974dd455e77" + +[[package]] +name = "lock_api" +version = "0.4.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "224399e74b87b5f3557511d98dff8b14089b3dadafcab6bb93eab67d3aace965" +dependencies = [ + "scopeguard", +] + +[[package]] +name = "log" +version = "0.4.29" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5e5032e24019045c762d3c0f28f5b6b8bbf38563a65908389bf7978758920897" + +[[package]] +name = "md-5" +version = "0.10.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d89e7ee0cfbedfc4da3340218492196241d89eefb6dab27de5df917a6d2e78cf" +dependencies = [ + "cfg-if", + "digest", +] + +[[package]] +name = "memchr" +version = "2.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f8ca58f447f06ed17d5fc4043ce1b10dd205e060fb3ce5b979b8ed8e59ff3f79" + +[[package]] +name = "mio" +version = "1.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a69bcab0ad47271a0234d9422b131806bf3968021e5dc9328caf2d4cd58557fc" +dependencies = [ + "libc", + "wasi", + "windows-sys 0.61.2", +] + +[[package]] +name = "native-tls" +version = "0.2.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "465500e14ea162429d264d44189adc38b199b62b1c21eea9f69e4b73cb03bbf2" +dependencies = [ + "libc", + "log", + "openssl", + "openssl-probe", + "openssl-sys", + "schannel", + "security-framework", + "security-framework-sys", + "tempfile", +] + +[[package]] +name = "num-bigint-dig" +version = "0.8.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e661dda6640fad38e827a6d4a310ff4763082116fe217f279885c97f511bb0b7" +dependencies = [ + "lazy_static", + "libm", + "num-integer", + "num-iter", + "num-traits", + "rand", + "smallvec", + "zeroize", +] + +[[package]] +name = "num-integer" +version = "0.1.46" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7969661fd2958a5cb096e56c8e1ad0444ac2bbcd0061bd28660485a44879858f" +dependencies = [ + "num-traits", +] + +[[package]] +name = "num-iter" +version = "0.1.45" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1429034a0490724d0075ebb2bc9e875d6503c3cf69e235a8941aa757d83ef5bf" +dependencies = [ + "autocfg", + "num-integer", + "num-traits", +] + +[[package]] +name = "num-traits" +version = "0.2.19" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "071dfc062690e90b734c0b2273ce72ad0ffa95f0c74596bc250dcfd960262841" +dependencies = [ + "autocfg", + "libm", +] + +[[package]] +name = "once_cell" +version = "1.21.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9f7c3e4beb33f85d45ae3e3a1792185706c8e16d043238c593331cc7cd313b50" + +[[package]] +name = "once_cell_polyfill" +version = "1.70.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "384b8ab6d37215f3c5301a95a4accb5d64aa607f1fcb26a11b5303878451b4fe" + +[[package]] +name = "openssl" +version = "0.10.76" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "951c002c75e16ea2c65b8c7e4d3d51d5530d8dfa7d060b4776828c88cfb18ecf" +dependencies = [ + "bitflags", + "cfg-if", + "foreign-types", + "libc", + "once_cell", + "openssl-macros", + "openssl-sys", +] + +[[package]] +name = "openssl-macros" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "openssl-probe" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7c87def4c32ab89d880effc9e097653c8da5d6ef28e6b539d313baaacfbafcbe" + +[[package]] +name = "openssl-sys" +version = "0.9.112" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "57d55af3b3e226502be1526dfdba67ab0e9c96fc293004e79576b2b9edb0dbdb" +dependencies = [ + "cc", + "libc", + "pkg-config", + "vcpkg", +] + +[[package]] +name = "parking" +version = "2.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f38d5652c16fde515bb1ecef450ab0f6a219d619a7274976324d5e377f7dceba" + +[[package]] +name = "parking_lot" +version = "0.12.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "93857453250e3077bd71ff98b6a65ea6621a19bb0f559a85248955ac12c45a1a" +dependencies = [ + "lock_api", + "parking_lot_core", +] + +[[package]] +name = "parking_lot_core" +version = "0.9.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2621685985a2ebf1c516881c026032ac7deafcda1a2c9b7850dc81e3dfcb64c1" +dependencies = [ + "cfg-if", + "libc", + "redox_syscall 0.5.18", + "smallvec", + "windows-link", +] + +[[package]] +name = "pem-rfc7468" +version = "0.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "88b39c9bfcfc231068454382784bb460aae594343fb030d46e9f50a645418412" +dependencies = [ + "base64ct", +] + +[[package]] +name = "percent-encoding" +version = "2.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9b4f627cb1b25917193a259e49bdad08f671f8d9708acfd5fe0a8c1455d87220" + +[[package]] +name = "pin-project-lite" +version = "0.2.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a89322df9ebe1c1578d689c92318e070967d1042b512afbe49518723f4e6d5cd" + +[[package]] +name = "pkcs1" +version = "0.7.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c8ffb9f10fa047879315e6625af03c164b16962a5368d724ed16323b68ace47f" +dependencies = [ + "der", + "pkcs8", + "spki", +] + +[[package]] +name = "pkcs8" +version = "0.10.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f950b2377845cebe5cf8b5165cb3cc1a5e0fa5cfa3e1f7f55707d8fd82e0a7b7" +dependencies = [ + "der", + "spki", +] + +[[package]] +name = "pkg-config" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7edddbd0b52d732b21ad9a5fab5c704c14cd949e5e9a1ec5929a24fded1b904c" + +[[package]] +name = "plain" +version = "0.2.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b4596b6d070b27117e987119b4dac604f3c58cfb0b191112e24771b2faeac1a6" + +[[package]] +name = "potential_utf" +version = "0.1.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b73949432f5e2a09657003c25bca5e19a0e9c84f8058ca374f49e0ebe605af77" +dependencies = [ + "zerovec", +] + +[[package]] +name = "ppv-lite86" +version = "0.2.21" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "85eae3c4ed2f50dcfe72643da4befc30deadb458a9b590d720cde2f2b1e97da9" +dependencies = [ + "zerocopy", +] + +[[package]] +name = "prettyplease" +version = "0.2.37" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "479ca8adacdd7ce8f1fb39ce9ecccbfe93a3f1344b3d0d97f20bc0196208f62b" +dependencies = [ + "proc-macro2", + "syn", +] + +[[package]] +name = "proc-macro2" +version = "1.0.106" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8fd00f0bb2e90d81d1044c2b32617f68fcb9fa3bb7640c23e9c748e53fb30934" +dependencies = [ + "unicode-ident", +] + +[[package]] +name = "quote" +version = "1.0.45" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "41f2619966050689382d2b44f664f4bc593e129785a36d6ee376ddf37259b924" +dependencies = [ + "proc-macro2", +] + +[[package]] +name = "r-efi" +version = "6.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f8dcc9c7d52a811697d2151c701e0d08956f92b0e24136cf4cf27b57a6a0d9bf" + +[[package]] +name = "rand" +version = "0.8.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404" +dependencies = [ + "libc", + "rand_chacha", + "rand_core", +] + +[[package]] +name = "rand_chacha" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88" +dependencies = [ + "ppv-lite86", + "rand_core", +] + +[[package]] +name = "rand_core" +version = "0.6.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c" +dependencies = [ + "getrandom 0.2.17", +] + +[[package]] +name = "redox_syscall" +version = "0.5.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ed2bf2547551a7053d6fdfafda3f938979645c44812fbfcda098faae3f1a362d" +dependencies = [ + "bitflags", +] + +[[package]] +name = "redox_syscall" +version = "0.7.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6ce70a74e890531977d37e532c34d45e9055d2409ed08ddba14529471ed0be16" +dependencies = [ + "bitflags", +] + +[[package]] +name = "rsa" +version = "0.9.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b8573f03f5883dcaebdfcf4725caa1ecb9c15b2ef50c43a07b816e06799bb12d" +dependencies = [ + "const-oid", + "digest", + "num-bigint-dig", + "num-integer", + "num-traits", + "pkcs1", + "pkcs8", + "rand_core", + "signature", + "spki", + "subtle", + "zeroize", +] + +[[package]] +name = "rustix" +version = "1.1.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b6fe4565b9518b83ef4f91bb47ce29620ca828bd32cb7e408f0062e9930ba190" +dependencies = [ + "bitflags", + "errno", + "libc", + "linux-raw-sys", + "windows-sys 0.61.2", +] + +[[package]] +name = "rustversion" +version = "1.0.22" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b39cdef0fa800fc44525c84ccb54a029961a8215f9619753635a9c0d2538d46d" + +[[package]] +name = "ryu" +version = "1.0.23" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9774ba4a74de5f7b1c1451ed6cd5285a32eddb5cccb8cc655a4e50009e06477f" + +[[package]] +name = "schannel" +version = "0.1.29" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "91c1b7e4904c873ef0710c1f407dde2e6287de2bebc1bbbf7d430bb7cbffd939" +dependencies = [ + "windows-sys 0.61.2", +] + +[[package]] +name = "scopeguard" +version = "1.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" + +[[package]] +name = "secrets" +version = "0.1.0" +dependencies = [ + "anyhow", + "chrono", + "clap", + "dotenvy", + "serde", + "serde_json", + "sqlx", + "tokio", + "toml", + "uuid", +] + +[[package]] +name = "security-framework" +version = "3.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b7f4bc775c73d9a02cde8bf7b2ec4c9d12743edf609006c7facc23998404cd1d" +dependencies = [ + "bitflags", + "core-foundation", + "core-foundation-sys", + "libc", + "security-framework-sys", +] + +[[package]] +name = "security-framework-sys" +version = "2.17.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6ce2691df843ecc5d231c0b14ece2acc3efb62c0a398c7e1d875f3983ce020e3" +dependencies = [ + "core-foundation-sys", + "libc", +] + +[[package]] +name = "semver" +version = "1.0.27" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d767eb0aabc880b29956c35734170f26ed551a859dbd361d140cdbeca61ab1e2" + +[[package]] +name = "serde" +version = "1.0.228" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9a8e94ea7f378bd32cbbd37198a4a91436180c5bb472411e48b5ec2e2124ae9e" +dependencies = [ + "serde_core", + "serde_derive", +] + +[[package]] +name = "serde_core" +version = "1.0.228" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "41d385c7d4ca58e59fc732af25c3983b67ac852c1a25000afe1175de458b67ad" +dependencies = [ + "serde_derive", +] + +[[package]] +name = "serde_derive" +version = "1.0.228" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d540f220d3187173da220f885ab66608367b6574e925011a9353e4badda91d79" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "serde_json" +version = "1.0.149" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "83fc039473c5595ace860d8c4fafa220ff474b3fc6bfdb4293327f1a37e94d86" +dependencies = [ + "itoa", + "memchr", + "serde", + "serde_core", + "zmij", +] + +[[package]] +name = "serde_spanned" +version = "1.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f8bbf91e5a4d6315eee45e704372590b30e260ee83af6639d64557f51b067776" +dependencies = [ + "serde_core", +] + +[[package]] +name = "serde_urlencoded" +version = "0.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d3491c14715ca2294c4d6a88f15e84739788c1d030eed8c110436aafdaa2f3fd" +dependencies = [ + "form_urlencoded", + "itoa", + "ryu", + "serde", +] + +[[package]] +name = "sha1" +version = "0.10.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e3bf829a2d51ab4a5ddf1352d8470c140cadc8301b2ae1789db023f01cedd6ba" +dependencies = [ + "cfg-if", + "cpufeatures", + "digest", +] + +[[package]] +name = "sha2" +version = "0.10.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a7507d819769d01a365ab707794a4084392c824f54a7a6a7862f8c3d0892b283" +dependencies = [ + "cfg-if", + "cpufeatures", + "digest", +] + +[[package]] +name = "shlex" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64" + +[[package]] +name = "signal-hook-registry" +version = "1.4.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c4db69cba1110affc0e9f7bcd48bbf87b3f4fc7c61fc9155afd4c469eb3d6c1b" +dependencies = [ + "errno", + "libc", +] + +[[package]] +name = "signature" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "77549399552de45a898a580c1b41d445bf730df867cc44e6c0233bbc4b8329de" +dependencies = [ + "digest", + "rand_core", +] + +[[package]] +name = "slab" +version = "0.4.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0c790de23124f9ab44544d7ac05d60440adc586479ce501c1d6d7da3cd8c9cf5" + +[[package]] +name = "smallvec" +version = "1.15.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "67b1b7a3b5fe4f1376887184045fcf45c69e92af734b7aaddc05fb777b6fbd03" +dependencies = [ + "serde", +] + +[[package]] +name = "socket2" +version = "0.6.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3a766e1110788c36f4fa1c2b71b387a7815aa65f88ce0229841826633d93723e" +dependencies = [ + "libc", + "windows-sys 0.61.2", +] + +[[package]] +name = "spin" +version = "0.9.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67" +dependencies = [ + "lock_api", +] + +[[package]] +name = "spki" +version = "0.7.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d91ed6c858b01f942cd56b37a94b3e0a1798290327d1236e4d9cf4eaca44d29d" +dependencies = [ + "base64ct", + "der", +] + +[[package]] +name = "sqlx" +version = "0.8.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1fefb893899429669dcdd979aff487bd78f4064e5e7907e4269081e0ef7d97dc" +dependencies = [ + "sqlx-core", + "sqlx-macros", + "sqlx-mysql", + "sqlx-postgres", + "sqlx-sqlite", +] + +[[package]] +name = "sqlx-core" +version = "0.8.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ee6798b1838b6a0f69c007c133b8df5866302197e404e8b6ee8ed3e3a5e68dc6" +dependencies = [ + "base64", + "bytes", + "chrono", + "crc", + "crossbeam-queue", + "either", + "event-listener", + "futures-core", + "futures-intrusive", + "futures-io", + "futures-util", + "hashbrown 0.15.5", + "hashlink", + "indexmap", + "log", + "memchr", + "native-tls", + "once_cell", + "percent-encoding", + "serde", + "serde_json", + "sha2", + "smallvec", + "thiserror", + "tokio", + "tokio-stream", + "tracing", + "url", + "uuid", +] + +[[package]] +name = "sqlx-macros" +version = "0.8.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a2d452988ccaacfbf5e0bdbc348fb91d7c8af5bee192173ac3636b5fb6e6715d" +dependencies = [ + "proc-macro2", + "quote", + "sqlx-core", + "sqlx-macros-core", + "syn", +] + +[[package]] +name = "sqlx-macros-core" +version = "0.8.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "19a9c1841124ac5a61741f96e1d9e2ec77424bf323962dd894bdb93f37d5219b" +dependencies = [ + "dotenvy", + "either", + "heck", + "hex", + "once_cell", + "proc-macro2", + "quote", + "serde", + "serde_json", + "sha2", + "sqlx-core", + "sqlx-mysql", + "sqlx-postgres", + "sqlx-sqlite", + "syn", + "tokio", + "url", +] + +[[package]] +name = "sqlx-mysql" +version = "0.8.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "aa003f0038df784eb8fecbbac13affe3da23b45194bd57dba231c8f48199c526" +dependencies = [ + "atoi", + "base64", + "bitflags", + "byteorder", + "bytes", + "chrono", + "crc", + "digest", + "dotenvy", + "either", + "futures-channel", + "futures-core", + "futures-io", + "futures-util", + "generic-array", + "hex", + "hkdf", + "hmac", + "itoa", + "log", + "md-5", + "memchr", + "once_cell", + "percent-encoding", + "rand", + "rsa", + "serde", + "sha1", + "sha2", + "smallvec", + "sqlx-core", + "stringprep", + "thiserror", + "tracing", + "uuid", + "whoami", +] + +[[package]] +name = "sqlx-postgres" +version = "0.8.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "db58fcd5a53cf07c184b154801ff91347e4c30d17a3562a635ff028ad5deda46" +dependencies = [ + "atoi", + "base64", + "bitflags", + "byteorder", + "chrono", + "crc", + "dotenvy", + "etcetera", + "futures-channel", + "futures-core", + "futures-util", + "hex", + "hkdf", + "hmac", + "home", + "itoa", + "log", + "md-5", + "memchr", + "once_cell", + "rand", + "serde", + "serde_json", + "sha2", + "smallvec", + "sqlx-core", + "stringprep", + "thiserror", + "tracing", + "uuid", + "whoami", +] + +[[package]] +name = "sqlx-sqlite" +version = "0.8.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c2d12fe70b2c1b4401038055f90f151b78208de1f9f89a7dbfd41587a10c3eea" +dependencies = [ + "atoi", + "chrono", + "flume", + "futures-channel", + "futures-core", + "futures-executor", + "futures-intrusive", + "futures-util", + "libsqlite3-sys", + "log", + "percent-encoding", + "serde", + "serde_urlencoded", + "sqlx-core", + "thiserror", + "tracing", + "url", + "uuid", +] + +[[package]] +name = "stable_deref_trait" +version = "1.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6ce2be8dc25455e1f91df71bfa12ad37d7af1092ae736f3a6cd0e37bc7810596" + +[[package]] +name = "stringprep" +version = "0.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7b4df3d392d81bd458a8a621b8bffbd2302a12ffe288a9d931670948749463b1" +dependencies = [ + "unicode-bidi", + "unicode-normalization", + "unicode-properties", +] + +[[package]] +name = "strsim" +version = "0.11.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7da8b5736845d9f2fcb837ea5d9e2628564b3b043a70948a3f0b778838c5fb4f" + +[[package]] +name = "subtle" +version = "2.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292" + +[[package]] +name = "syn" +version = "2.0.117" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e665b8803e7b1d2a727f4023456bbbbe74da67099c585258af0ad9c5013b9b99" +dependencies = [ + "proc-macro2", + "quote", + "unicode-ident", +] + +[[package]] +name = "synstructure" +version = "0.13.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "728a70f3dbaf5bab7f0c4b1ac8d7ae5ea60a4b5549c8a5914361c99147a709d2" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "tempfile" +version = "3.27.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "32497e9a4c7b38532efcdebeef879707aa9f794296a4f0244f6f69e9bc8574bd" +dependencies = [ + "fastrand", + "getrandom 0.4.2", + "once_cell", + "rustix", + "windows-sys 0.61.2", +] + +[[package]] +name = "thiserror" +version = "2.0.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4288b5bcbc7920c07a1149a35cf9590a2aa808e0bc1eafaade0b80947865fbc4" +dependencies = [ + "thiserror-impl", +] + +[[package]] +name = "thiserror-impl" +version = "2.0.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ebc4ee7f67670e9b64d05fa4253e753e016c6c95ff35b89b7941d6b856dec1d5" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "tinystr" +version = "0.8.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "42d3e9c45c09de15d06dd8acf5f4e0e399e85927b7f00711024eb7ae10fa4869" +dependencies = [ + "displaydoc", + "zerovec", +] + +[[package]] +name = "tinyvec" +version = "1.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3e61e67053d25a4e82c844e8424039d9745781b3fc4f32b8d55ed50f5f667ef3" +dependencies = [ + "tinyvec_macros", +] + +[[package]] +name = "tinyvec_macros" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" + +[[package]] +name = "tokio" +version = "1.50.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "27ad5e34374e03cfffefc301becb44e9dc3c17584f414349ebe29ed26661822d" +dependencies = [ + "bytes", + "libc", + "mio", + "parking_lot", + "pin-project-lite", + "signal-hook-registry", + "socket2", + "tokio-macros", + "windows-sys 0.61.2", +] + +[[package]] +name = "tokio-macros" +version = "2.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "af407857209536a95c8e56f8231ef2c2e2aff839b22e07a1ffcbc617e9db9fa5" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "tokio-stream" +version = "0.1.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "32da49809aab5c3bc678af03902d4ccddea2a87d028d86392a4b1560c6906c70" +dependencies = [ + "futures-core", + "pin-project-lite", + "tokio", +] + +[[package]] +name = "toml" +version = "1.0.7+spec-1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dd28d57d8a6f6e458bc0b8784f8fdcc4b99a437936056fa122cb234f18656a96" +dependencies = [ + "indexmap", + "serde_core", + "serde_spanned", + "toml_datetime", + "toml_parser", + "toml_writer", + "winnow", +] + +[[package]] +name = "toml_datetime" +version = "1.0.1+spec-1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9b320e741db58cac564e26c607d3cc1fdc4a88fd36c879568c07856ed83ff3e9" +dependencies = [ + "serde_core", +] + +[[package]] +name = "toml_parser" +version = "1.0.10+spec-1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7df25b4befd31c4816df190124375d5a20c6b6921e2cad937316de3fccd63420" +dependencies = [ + "winnow", +] + +[[package]] +name = "toml_writer" +version = "1.0.7+spec-1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f17aaa1c6e3dc22b1da4b6bba97d066e354c7945cac2f7852d4e4e7ca7a6b56d" + +[[package]] +name = "tracing" +version = "0.1.44" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "63e71662fa4b2a2c3a26f570f037eb95bb1f85397f3cd8076caed2f026a6d100" +dependencies = [ + "log", + "pin-project-lite", + "tracing-attributes", + "tracing-core", +] + +[[package]] +name = "tracing-attributes" +version = "0.1.31" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7490cfa5ec963746568740651ac6781f701c9c5ea257c58e057f3ba8cf69e8da" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "tracing-core" +version = "0.1.36" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "db97caf9d906fbde555dd62fa95ddba9eecfd14cb388e4f491a66d74cd5fb79a" +dependencies = [ + "once_cell", +] + +[[package]] +name = "typenum" +version = "1.19.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "562d481066bde0658276a35467c4af00bdc6ee726305698a55b86e61d7ad82bb" + +[[package]] +name = "unicode-bidi" +version = "0.3.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5c1cb5db39152898a79168971543b1cb5020dff7fe43c8dc468b0885f5e29df5" + +[[package]] +name = "unicode-ident" +version = "1.0.24" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e6e4313cd5fcd3dad5cafa179702e2b244f760991f45397d14d4ebf38247da75" + +[[package]] +name = "unicode-normalization" +version = "0.1.25" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5fd4f6878c9cb28d874b009da9e8d183b5abc80117c40bbd187a1fde336be6e8" +dependencies = [ + "tinyvec", +] + +[[package]] +name = "unicode-properties" +version = "0.1.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7df058c713841ad818f1dc5d3fd88063241cc61f49f5fbea4b951e8cf5a8d71d" + +[[package]] +name = "unicode-xid" +version = "0.2.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ebc1c04c71510c7f702b52b7c350734c9ff1295c464a03335b00bb84fc54f853" + +[[package]] +name = "url" +version = "2.5.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ff67a8a4397373c3ef660812acab3268222035010ab8680ec4215f38ba3d0eed" +dependencies = [ + "form_urlencoded", + "idna", + "percent-encoding", + "serde", +] + +[[package]] +name = "utf8_iter" +version = "1.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b6c140620e7ffbb22c2dee59cafe6084a59b5ffc27a8859a5f0d494b5d52b6be" + +[[package]] +name = "utf8parse" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821" + +[[package]] +name = "uuid" +version = "1.22.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a68d3c8f01c0cfa54a75291d83601161799e4a89a39e0929f4b0354d88757a37" +dependencies = [ + "getrandom 0.4.2", + "js-sys", + "serde_core", + "wasm-bindgen", +] + +[[package]] +name = "vcpkg" +version = "0.2.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426" + +[[package]] +name = "version_check" +version = "0.9.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a" + +[[package]] +name = "wasi" +version = "0.11.1+wasi-snapshot-preview1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ccf3ec651a847eb01de73ccad15eb7d99f80485de043efb2f370cd654f4ea44b" + +[[package]] +name = "wasip2" +version = "1.0.2+wasi-0.2.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9517f9239f02c069db75e65f174b3da828fe5f5b945c4dd26bd25d89c03ebcf5" +dependencies = [ + "wit-bindgen", +] + +[[package]] +name = "wasip3" +version = "0.4.0+wasi-0.3.0-rc-2026-01-06" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5428f8bf88ea5ddc08faddef2ac4a67e390b88186c703ce6dbd955e1c145aca5" +dependencies = [ + "wit-bindgen", +] + +[[package]] +name = "wasite" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b8dad83b4f25e74f184f64c43b150b91efe7647395b42289f38e50566d82855b" + +[[package]] +name = "wasm-bindgen" +version = "0.2.114" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6532f9a5c1ece3798cb1c2cfdba640b9b3ba884f5db45973a6f442510a87d38e" +dependencies = [ + "cfg-if", + "once_cell", + "rustversion", + "wasm-bindgen-macro", + "wasm-bindgen-shared", +] + +[[package]] +name = "wasm-bindgen-macro" +version = "0.2.114" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "18a2d50fcf105fb33bb15f00e7a77b772945a2ee45dcf454961fd843e74c18e6" +dependencies = [ + "quote", + "wasm-bindgen-macro-support", +] + +[[package]] +name = "wasm-bindgen-macro-support" +version = "0.2.114" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "03ce4caeaac547cdf713d280eda22a730824dd11e6b8c3ca9e42247b25c631e3" +dependencies = [ + "bumpalo", + "proc-macro2", + "quote", + "syn", + "wasm-bindgen-shared", +] + +[[package]] +name = "wasm-bindgen-shared" +version = "0.2.114" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "75a326b8c223ee17883a4251907455a2431acc2791c98c26279376490c378c16" +dependencies = [ + "unicode-ident", +] + +[[package]] +name = "wasm-encoder" +version = "0.244.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "990065f2fe63003fe337b932cfb5e3b80e0b4d0f5ff650e6985b1048f62c8319" +dependencies = [ + "leb128fmt", + "wasmparser", +] + +[[package]] +name = "wasm-metadata" +version = "0.244.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bb0e353e6a2fbdc176932bbaab493762eb1255a7900fe0fea1a2f96c296cc909" +dependencies = [ + "anyhow", + "indexmap", + "wasm-encoder", + "wasmparser", +] + +[[package]] +name = "wasmparser" +version = "0.244.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "47b807c72e1bac69382b3a6fb3dbe8ea4c0ed87ff5629b8685ae6b9a611028fe" +dependencies = [ + "bitflags", + "hashbrown 0.15.5", + "indexmap", + "semver", +] + +[[package]] +name = "whoami" +version = "1.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5d4a4db5077702ca3015d3d02d74974948aba2ad9e12ab7df718ee64ccd7e97d" +dependencies = [ + "libredox", + "wasite", +] + +[[package]] +name = "windows-core" +version = "0.62.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b8e83a14d34d0623b51dce9581199302a221863196a1dde71a7663a4c2be9deb" +dependencies = [ + "windows-implement", + "windows-interface", + "windows-link", + "windows-result", + "windows-strings", +] + +[[package]] +name = "windows-implement" +version = "0.60.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "053e2e040ab57b9dc951b72c264860db7eb3b0200ba345b4e4c3b14f67855ddf" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "windows-interface" +version = "0.59.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3f316c4a2570ba26bbec722032c4099d8c8bc095efccdc15688708623367e358" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "windows-link" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f0805222e57f7521d6a62e36fa9163bc891acd422f971defe97d64e70d0a4fe5" + +[[package]] +name = "windows-result" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7781fa89eaf60850ac3d2da7af8e5242a5ea78d1a11c49bf2910bb5a73853eb5" +dependencies = [ + "windows-link", +] + +[[package]] +name = "windows-strings" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7837d08f69c77cf6b07689544538e017c1bfcf57e34b4c0ff58e6c2cd3b37091" +dependencies = [ + "windows-link", +] + +[[package]] +name = "windows-sys" +version = "0.48.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "677d2418bec65e3338edb076e806bc1ec15693c5d0104683f2efe857f61056a9" +dependencies = [ + "windows-targets", +] + +[[package]] +name = "windows-sys" +version = "0.61.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ae137229bcbd6cdf0f7b80a31df61766145077ddf49416a728b02cb3921ff3fc" +dependencies = [ + "windows-link", +] + +[[package]] +name = "windows-targets" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9a2fa6e2155d7247be68c096456083145c183cbbbc2764150dda45a87197940c" +dependencies = [ + "windows_aarch64_gnullvm", + "windows_aarch64_msvc", + "windows_i686_gnu", + "windows_i686_msvc", + "windows_x86_64_gnu", + "windows_x86_64_gnullvm", + "windows_x86_64_msvc", +] + +[[package]] +name = "windows_aarch64_gnullvm" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2b38e32f0abccf9987a4e3079dfb67dcd799fb61361e53e2882c3cbaf0d905d8" + +[[package]] +name = "windows_aarch64_msvc" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dc35310971f3b2dbbf3f0690a219f40e2d9afcf64f9ab7cc1be722937c26b4bc" + +[[package]] +name = "windows_i686_gnu" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a75915e7def60c94dcef72200b9a8e58e5091744960da64ec734a6c6e9b3743e" + +[[package]] +name = "windows_i686_msvc" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8f55c233f70c4b27f66c523580f78f1004e8b5a8b659e05a4eb49d4166cca406" + +[[package]] +name = "windows_x86_64_gnu" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "53d40abd2583d23e4718fddf1ebec84dbff8381c07cae67ff7768bbf19c6718e" + +[[package]] +name = "windows_x86_64_gnullvm" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0b7b52767868a23d5bab768e390dc5f5c55825b6d30b86c844ff2dc7414044cc" + +[[package]] +name = "windows_x86_64_msvc" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538" + +[[package]] +name = "winnow" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a90e88e4667264a994d34e6d1ab2d26d398dcdca8b7f52bec8668957517fc7d8" + +[[package]] +name = "wit-bindgen" +version = "0.51.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d7249219f66ced02969388cf2bb044a09756a083d0fab1e566056b04d9fbcaa5" +dependencies = [ + "wit-bindgen-rust-macro", +] + +[[package]] +name = "wit-bindgen-core" +version = "0.51.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ea61de684c3ea68cb082b7a88508a8b27fcc8b797d738bfc99a82facf1d752dc" +dependencies = [ + "anyhow", + "heck", + "wit-parser", +] + +[[package]] +name = "wit-bindgen-rust" +version = "0.51.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b7c566e0f4b284dd6561c786d9cb0142da491f46a9fbed79ea69cdad5db17f21" +dependencies = [ + "anyhow", + "heck", + "indexmap", + "prettyplease", + "syn", + "wasm-metadata", + "wit-bindgen-core", + "wit-component", +] + +[[package]] +name = "wit-bindgen-rust-macro" +version = "0.51.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0c0f9bfd77e6a48eccf51359e3ae77140a7f50b1e2ebfe62422d8afdaffab17a" +dependencies = [ + "anyhow", + "prettyplease", + "proc-macro2", + "quote", + "syn", + "wit-bindgen-core", + "wit-bindgen-rust", +] + +[[package]] +name = "wit-component" +version = "0.244.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9d66ea20e9553b30172b5e831994e35fbde2d165325bec84fc43dbf6f4eb9cb2" +dependencies = [ + "anyhow", + "bitflags", + "indexmap", + "log", + "serde", + "serde_derive", + "serde_json", + "wasm-encoder", + "wasm-metadata", + "wasmparser", + "wit-parser", +] + +[[package]] +name = "wit-parser" +version = "0.244.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ecc8ac4bc1dc3381b7f59c34f00b67e18f910c2c0f50015669dde7def656a736" +dependencies = [ + "anyhow", + "id-arena", + "indexmap", + "log", + "semver", + "serde", + "serde_derive", + "serde_json", + "unicode-xid", + "wasmparser", +] + +[[package]] +name = "writeable" +version = "0.6.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9edde0db4769d2dc68579893f2306b26c6ecfbe0ef499b013d731b7b9247e0b9" + +[[package]] +name = "yoke" +version = "0.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "72d6e5c6afb84d73944e5cedb052c4680d5657337201555f9f2a16b7406d4954" +dependencies = [ + "stable_deref_trait", + "yoke-derive", + "zerofrom", +] + +[[package]] +name = "yoke-derive" +version = "0.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b659052874eb698efe5b9e8cf382204678a0086ebf46982b79d6ca3182927e5d" +dependencies = [ + "proc-macro2", + "quote", + "syn", + "synstructure", +] + +[[package]] +name = "zerocopy" +version = "0.8.42" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f2578b716f8a7a858b7f02d5bd870c14bf4ddbbcf3a4c05414ba6503640505e3" +dependencies = [ + "zerocopy-derive", +] + +[[package]] +name = "zerocopy-derive" +version = "0.8.42" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7e6cc098ea4d3bd6246687de65af3f920c430e236bee1e3bf2e441463f08a02f" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "zerofrom" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "50cc42e0333e05660c3587f3bf9d0478688e15d870fab3346451ce7f8c9fbea5" +dependencies = [ + "zerofrom-derive", +] + +[[package]] +name = "zerofrom-derive" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d71e5d6e06ab090c67b5e44993ec16b72dcbaabc526db883a360057678b48502" +dependencies = [ + "proc-macro2", + "quote", + "syn", + "synstructure", +] + +[[package]] +name = "zeroize" +version = "1.8.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b97154e67e32c85465826e8bcc1c59429aaaf107c1e4a9e53c8d8ccd5eff88d0" + +[[package]] +name = "zerotrie" +version = "0.2.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2a59c17a5562d507e4b54960e8569ebee33bee890c70aa3fe7b97e85a9fd7851" +dependencies = [ + "displaydoc", + "yoke", + "zerofrom", +] + +[[package]] +name = "zerovec" +version = "0.11.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6c28719294829477f525be0186d13efa9a3c602f7ec202ca9e353d310fb9a002" +dependencies = [ + "yoke", + "zerofrom", + "zerovec-derive", +] + +[[package]] +name = "zerovec-derive" +version = "0.11.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "eadce39539ca5cb3985590102671f2567e659fca9666581ad3411d59207951f3" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "zmij" +version = "1.0.21" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b8848ee67ecc8aedbaf3e4122217aff892639231befc6a1b58d29fff4c2cabaa" diff --git a/Cargo.toml b/Cargo.toml new file mode 100644 index 0000000..05b43b2 --- /dev/null +++ b/Cargo.toml @@ -0,0 +1,16 @@ +[package] +name = "secrets" +version = "0.1.0" +edition = "2024" + +[dependencies] +anyhow = "1.0.102" +chrono = { version = "0.4.44", features = ["serde"] } +clap = { version = "4.6.0", features = ["derive", "env"] } +dotenvy = "0.15.7" +serde = { version = "1.0.228", features = ["derive"] } +serde_json = "1.0.149" +sqlx = { version = "0.8.6", features = ["runtime-tokio", "tls-native-tls", "postgres", "uuid", "json", "chrono"] } +tokio = { version = "1.50.0", features = ["full"] } +toml = "1.0.7" +uuid = { version = "1.22.0", features = ["serde", "v4"] } diff --git a/README.md b/README.md new file mode 100644 index 0000000..516c318 --- /dev/null +++ b/README.md @@ -0,0 +1,104 @@ +# secrets + +跨设备密钥与配置管理 CLI,基于 Rust + PostgreSQL 18。 + +将服务器信息、服务凭据统一存入数据库,供本地工具和 AI 读取上下文。 + +## 安装 + +```bash +cargo build --release +# 或从 Release 页面下载预编译二进制 +``` + +配置数据库连接: + +```bash +export DATABASE_URL=postgres://postgres:@:5432/secrets +# 或在项目根目录创建 .env 文件写入上述变量 +``` + +## 使用 + +```bash +# 查看版本 +secrets -V +secrets --version + +# 查看帮助 +secrets --help +secrets -h + +# 查看子命令帮助 +secrets help add +secrets help search +secrets help delete + +# 添加服务器 +secrets add -n refining --kind server --name my-server \ + --tag aliyun --tag shanghai \ + -m ip=1.2.3.4 -m desc="My Server" \ + -s username=root \ + -s ssh_key=@./keys/my.pem + +# 添加服务凭据 +secrets add -n refining --kind service --name gitea \ + -m url=https://gitea.example.com \ + -s token= + +# 搜索(默认隐藏敏感字段) +secrets search +secrets search -n refining --kind server +secrets search --tag hongkong +secrets search -q mqtt # 关键词匹配 name / metadata / tags +secrets search -n refining --kind service --name gitea --show-secrets + +# 删除 +secrets delete -n refining --kind server --name my-server +``` + +## 数据模型 + +单张 `secrets` 表,首次连接自动建表。 + +| 字段 | 说明 | +|------|------| +| `namespace` | 一级隔离,如 `refining`、`ricnsmart` | +| `kind` | 记录类型,如 `server`、`service`(可自由扩展) | +| `name` | 人类可读唯一标识 | +| `tags` | 多维标签,如 `["aliyun","hongkong"]` | +| `metadata` | 明文描述信息(ip、desc、domains 等) | +| `encrypted` | 敏感凭据(ssh_key、password、token 等),MVP 阶段明文存储,预留加密字段 | + +`-m` / `--meta` 写入 `metadata`,`-s` / `--secret` 写入 `encrypted`,`value=@file` 从文件读取内容。 + +## 项目结构 + +``` +src/ + main.rs # CLI 入口(clap) + db.rs # 连接池 + auto-migrate + models.rs # Secret 结构体 + commands/ + add.rs # upsert + search.rs # 多条件查询 + delete.rs # 删除 +scripts/ + seed-data.sh # 导入 refining / ricnsmart 全量数据 +``` + +## CI/CD(Gitea Actions) + +推送 `main` 分支时自动:fmt/clippy 检查 → musl 构建 → 创建 Release 并上传二进制。 + +**首次使用需配置 Actions 变量和 Secrets:** + +```bash +# 需有 ~/.config/gitea/config.env(GITEA_URL、GITEA_TOKEN、GITEA_WEBHOOK_URL) +./scripts/setup-gitea-actions.sh +``` + +- `RELEASE_TOKEN`(Secret):Gitea PAT,用于创建 Release 上传二进制 +- `WEBHOOK_URL`(Variable):飞书通知,可选 + +详见 [AGENTS.md](AGENTS.md)。 diff --git a/ai-secrets-manager-design.md b/ai-secrets-manager-design.md deleted file mode 100644 index 38959fd..0000000 --- a/ai-secrets-manager-design.md +++ /dev/null @@ -1,544 +0,0 @@ -# AI-Native Secret Manager 设计文档 - -面向 AI Agent(Cursor / OpenCode)和开发者的轻量级 Secret 管理工具。通过 CLI 提供安全的环境变量注入,secret 在使用阶段永远不进入 LLM 上下文。 - -## 背景与动机 - -### 当前痛点 - -在使用 AI 编码助手(Cursor、OpenCode)进行服务器运维、部署等操作时,经常需要提供敏感凭证: - -``` -# 当前做法:明文存储 + 聊天中粘贴 -~/.../ricnsmart/config.toml ← 明文 TOML,iCloud 同步 -~/.../refining/config.toml ← 包含 AK/SK、密码、API Key -~/.../*/keys/*.pem ← SSH 私钥 -聊天中直接粘贴 AccessKey ← 明文进入 LLM context → 发送到云端 API -``` - -**核心安全问题**:Secret 明文反复进入 LLM 的上下文窗口,被发送到 Anthropic/OpenAI 等远程服务器,并留存在聊天历史中。 - -### 设计目标 - -1. **使用阶段 Secret 不进入 LLM 上下文**:AI Agent 只知道环境变量名(`$VAR_NAME`),不知道值 -2. **跨设备、跨平台**:macOS / Windows / Linux 多台电脑共享同一套 secrets -3. **面向 AI Agent**:AI 通过 CLI 进行 CRUD 和环境变量注入 -4. **人性化管理**:Web UI 提供可视化的 secret 管理界面 -5. **轻量安全**:客户端加密(CLI + WASM),Server 端永远不接触敏感明文 - -### 市场定位 - -| 工具 | 定位 | AI Agent 支持 | 客户端加密 | 自托管 | -|------|------|--------------|-----------|--------| -| HashiCorp Vault | 企业级 Secret 管理 | 无 | 否 | 是 | -| Infisical | 开发团队 Secret 管理 | 无 | 有 | 是 | -| 1Password MCP | 消费级密码管理 + AI | 有(SaaS) | 有 | 否 | -| SOPS / age | 文件加密 | 无 | 是 | - | -| **本项目** | **AI Agent 的 Secret 注入** | **核心功能** | **是** | **是** | - -## 架构 - -### 整体架构 - -``` - Rust crypto crate(加密核心) - ┌──────────────────────────┐ - │ AES-256-GCM / Argon2id │ - │ DEK 管理 / 信封加密 │ - └──────┬──────────┬─────────┘ - │ │ - 编译为 native │ │ 编译为 WASM - │ │ -┌────────────────────┐ │ ┌────┴───────────────┐ -│ CLI (Rust 跨平台) │◄──────┘ │ Web UI (浏览器) │ -│ + OS Keychain │ │ + WASM 加密模块 │ -│ macOS / Win / Linux│ │ + wasm-bindgen │ -└─────────┬──────────┘ └─────────┬──────────┘ - │ HTTPS │ HTTPS - └──────────────┬───────────────────┘ - │ - ┌─────────┴──────────┐ - │ Remote Server │ - │ (Rust / Axum) │ - │ ├─ HTTPS API │ - │ └─ 托管 Web UI + │ - │ WASM 静态文件 │ - └─────────┬──────────┘ - │ - ┌─────────┴──────────┐ - │ PostgreSQL 18 │ - └────────────────────┘ -``` - -### 组件 - -| 组件 | 职责 | 技术选型 | -|------|------|---------| -| **crypto** | 加密核心(AES-256-GCM + Argon2id + 信封加密) | Rust crate,编译为 native + wasm32 | -| **server** | HTTPS API、数据库 CRUD、认证、托管静态文件 | Rust / Axum | -| **cli** | 客户端加解密、OS Keychain、环境变量注入、CRUD | Rust / clap | -| **web (WASM)** | 浏览器端加解密绑定 | Rust / wasm-bindgen | -| **web-ui** | 可视化 Secret 管理界面 | HTML / JS / CSS | -| **PostgreSQL 18** | 持久化存储(密文 + 明文元数据) | 云端 PG | - -### Cargo Workspace 结构 - -``` -secrets/ -├── crates/ -│ ├── crypto/ ← 加密核心(编译目标: native + wasm32) -│ ├── server/ ← Axum HTTPS Server -│ ├── cli/ ← CLI 客户端(链接 crypto native) -│ └── web/ ← WASM 绑定(wasm-bindgen,链接 crypto wasm) -├── web-ui/ ← 前端代码(调用 WASM 模块) -└── Cargo.toml ← workspace 根配置 -``` - -## 核心设计 - -### 1. 安全模型:分层暴露策略 - -Secret 在不同生命周期阶段有不同的暴露等级: - -| 阶段 | Secret 暴露情况 | 说明 | -|------|----------------|------| -| **创建** | 可能经过 LLM | 用户通过聊天告知 AI,或 AI 执行 `secrets set` 命令。一次性暴露,可接受 | -| **使用** | 不经过 LLM | AI 只引用 `$VAR_NAME`,本地 shell 展开后执行。反复使用,始终安全 | -| **generate** | 完全不经过 LLM | CLI 本地生成随机密码 → 本地加密 → 密文发送 Server。值不经过 AI | - -**核心价值**:一个 secret 可能被使用几十上百次,只有创建时可能暴露一次,之后的所有使用都通过环境变量引用,安全。 - -工作流示例: - -``` -# 创建阶段(一次性,secret 可能经过 LLM) -AI Agent: secrets set ricnsmart/aliyun.ak "LTAI5t..." - -# 使用阶段(反复使用,secret 不经过 LLM) -AI Agent: eval $(secrets inject ricnsmart --export) -AI Agent: ssh -i "$RICNSMART_SSH_KEY" "$RICNSMART_SSH_USER@$RICNSMART_HOST_PRIMARY" "..." - ↑ AI 只写变量名,本地 shell 展开后执行 - -# 生成阶段(secret 完全不经过 LLM) -AI Agent: secrets generate ricnsmart/db.password --length 32 - → CLI 本地生成 → 本地加密 → 密文存 Server - → 返回: "已生成并存储,环境变量名: RICNSMART_DB_PASSWORD" -``` - -### SSH 远程命令场景 - -环境变量注入天然支持 SSH 远程命令场景: - -```bash -eval $(secrets inject ricnsmart --export) -ssh user@server "mysql -u root -p'$DB_PASSWORD' -e 'CREATE DATABASE app'" -``` - -执行过程: -1. `eval` 将 secrets 注入当前 shell 环境变量 -2. AI 写命令只引用 `$DB_PASSWORD`(变量名) -3. **本地 shell 展开** `$DB_PASSWORD` 为真实值 -4. 展开后的命令通过 **SSH 加密通道**传输到远程执行 -5. AI 始终只看到变量名,从不看到实际值 - -### 2. 加密模型:客户端加密 + 混合存储 - -采用**混合加密模型**:用户决定每条 secret 是否加密。敏感数据客户端加密后存密文,非敏感数据明文存储以支持搜索。 - -#### 敏感数据:信封加密 - -``` -secret_value - → AES-256-GCM(DEK) → 密文 → 存入 PostgreSQL (encrypted_value) -DEK (Data Encryption Key) - → AES-256-GCM(Master Key) → 加密 DEK → 存入 PostgreSQL (encrypted_dek) -Master Key - → Argon2id(password, salt) → 派生 → 存入 OS Keychain -``` - -**每条加密的 secret 使用独立的 DEK**,限制单个密钥泄露的影响范围。 - -PostgreSQL 只存密文和加密后的 DEK,Server 被攻破也无法获取明文。 - -#### 非敏感数据:明文存储 - -用户选择不加密的 secret(如 URL、用户名等)以明文存储,支持服务端搜索和索引。 - -#### 元数据:JSONB 灵活字段 - -每条 secret 附带 JSONB 元数据字段,始终为明文,用于描述、标签、备注等。支持 GIN 索引高效搜索。 - -### 3. 跨设备 Master Key 同步 - -采用**密码派生**方案,跨平台支持: - -```bash -# 新设备初始化(只需一次) -secrets init --server "https://secrets.example.com" -# 输入 master password -# → 从 Server 获取 Argon2id salt -# → 本地派生 Master Key -# → 存入 OS Keychain -# 之后自动从 Keychain 获取,无需再次输入 -``` - -所有设备使用相同密码,派生出相同的 Master Key。Argon2id salt 存储在 Server 端 PostgreSQL 中。 - -| 平台 | Keychain 实现 | -|------|--------------| -| macOS | Keychain Services | -| Windows | Credential Manager | -| Linux | libsecret (Secret Service API) | - -Rust `keyring` crate 统一封装三个平台。 - -### 4. Web UI 浏览器端加密(Rust WASM) - -Web UI 通过 Rust 编译为 WebAssembly 实现浏览器端加密,与 CLI **共享完全相同的加密逻辑**: - -``` -用户打开 Web UI - → 输入 master password - → WASM 模块中 Argon2id 派生 master key(salt 从 Server API 获取) - → master key 仅存于浏览器内存 - -创建敏感 secret: - → WASM 加密 → 密文通过 HTTPS API 发送到 Server - -查看敏感 secret: - → Server 返回密文 → WASM 解密 → 浏览器中显示 - -页面关闭: - → master key 从内存消失 -``` - -**Server 端全程不接触明文**,无论是 CLI 还是 Web UI 访问,安全模型一致。 - -使用 WASM 而非 Web Crypto API 的原因: -- Web Crypto API 不支持 Argon2id(只有 PBKDF2) -- WASM 直接复用 CLI 的 Rust 加密代码,保证一致性 -- Rust 内存安全 + 成熟加密 crate,优于 JS 实现 - -### 5. 环境变量命名规则 - -``` -project: ricnsmart, key: aliyun.access_key_id -→ 环境变量: RICNSMART_ALIYUN_ACCESS_KEY_ID - -project: refining, key: grafana.password -→ 环境变量: REFINING_GRAFANA_PASSWORD - -规则: upper(project) + "_" + upper(key.replace(".", "_")) -``` - -## Server API - -### 认证 - -API Token 认证。首次 `secrets init` 时生成 Token,存入客户端 OS Keychain。所有 API 请求通过 `Authorization: Bearer ` 头认证。 - -### 接口列表 - -``` -# 配置 -GET /api/config/:key 获取配置(如 argon2_salt) -POST /api/config 设置配置 - -# 项目 -GET /api/projects 列出所有项目 -POST /api/projects 创建项目 -DELETE /api/projects/:id 删除项目 - -# Secrets -GET /api/secrets 列出 secrets(支持过滤,不含加密值) - ?project=ricnsmart - &pattern=ssh.* - &kind=file -POST /api/secrets 创建 secret(接收密文或明文) -GET /api/secrets/:id 获取 secret 详情(含加密值密文,客户端解密) -PUT /api/secrets/:id 更新 secret -DELETE /api/secrets/:id 删除 secret - -# 静态文件 -GET / Web UI 入口 -GET /assets/* Web UI 静态资源 + WASM 文件 -``` - -### 请求/响应示例 - -**创建加密 secret**: - -```json -POST /api/secrets -{ - "project": "ricnsmart", - "key": "aliyun.access_key_id", - "is_encrypted": true, - "kind": "text", - "encrypted_value": "", - "encrypted_dek": "", - "nonce": "", - "dek_nonce": "", - "metadata": { - "description": "阿里云主账号 AccessKey", - "tags": ["cloud", "aliyun", "production"], - "env_var": "RICNSMART_ALIYUN_ACCESS_KEY_ID" - } -} -``` - -**创建非加密 secret**: - -```json -POST /api/secrets -{ - "project": "ricnsmart", - "key": "gitea.url", - "is_encrypted": false, - "kind": "text", - "plaintext_value": "https://gitea.refining.dev", - "metadata": { - "description": "Gitea 服务地址", - "tags": ["service", "gitea"] - } -} -``` - -**列出 secrets 响应**(不含加密值): - -```json -[ - { - "id": "uuid-...", - "project": "ricnsmart", - "key": "aliyun.access_key_id", - "is_encrypted": true, - "kind": "text", - "metadata": { - "description": "阿里云主账号 AccessKey", - "tags": ["cloud", "aliyun", "production"] - }, - "created_at": "2025-03-06T10:00:00Z", - "updated_at": "2025-03-06T10:00:00Z" - } -] -``` - -## 数据模型 - -### PostgreSQL 18 Schema - -```sql -CREATE TABLE projects ( - id UUID PRIMARY KEY DEFAULT gen_random_uuid(), - name TEXT UNIQUE NOT NULL, -- "ricnsmart", "refining" - description TEXT, - created_at TIMESTAMPTZ DEFAULT now() -); - -CREATE TABLE secrets ( - id UUID PRIMARY KEY DEFAULT gen_random_uuid(), - project_id UUID REFERENCES projects(id) ON DELETE CASCADE, - key TEXT NOT NULL, -- "aliyun.access_key_id" - - -- 敏感数据(客户端加密后存储) - encrypted_value BYTEA, -- AES-256-GCM 密文 - encrypted_dek BYTEA, -- 加密后的 DEK - nonce BYTEA, -- GCM nonce - dek_nonce BYTEA, -- DEK 加密的 nonce - - -- 非敏感数据(明文存储,可搜索) - plaintext_value TEXT, -- 用户选择不加密时存储明文 - - -- 灵活元数据(明文 JSONB,可搜索) - metadata JSONB DEFAULT '{}', -- 描述、标签、备注等 - - is_encrypted BOOLEAN NOT NULL DEFAULT true, - kind TEXT NOT NULL DEFAULT 'text', -- "text", "ssh-key", "json", "file" - - created_at TIMESTAMPTZ DEFAULT now(), - updated_at TIMESTAMPTZ DEFAULT now(), - UNIQUE(project_id, key) -); - --- JSONB GIN 索引,支持高效搜索 -CREATE INDEX idx_secrets_metadata ON secrets USING GIN (metadata); --- 按 kind 过滤 -CREATE INDEX idx_secrets_kind ON secrets (kind); - --- 全局配置(Argon2id salt 等) -CREATE TABLE config ( - key TEXT PRIMARY KEY, - value BYTEA NOT NULL -); - --- 审计日志 -CREATE TABLE audit_log ( - id BIGSERIAL PRIMARY KEY, - secret_id UUID REFERENCES secrets(id) ON DELETE SET NULL, - action TEXT NOT NULL, -- "read", "write", "delete", "inject", "generate" - device TEXT, -- 设备标识 - detail TEXT, -- 额外信息 - created_at TIMESTAMPTZ DEFAULT now() -); -``` - -### 从现有 TOML 配置迁移的映射 - -``` -# ricnsmart/config.toml - -[[servers]] → ricnsmart/server.tianchu-primary (kind=json, encrypted) -hostname = "..." encrypted_value: {...} -public_ip = "8.153.204.96" metadata: {"description": "天储主服务器"} - -[services.gitea] → ricnsmart/gitea.url (kind=text, 不加密) -url = "https://gitea.refining.dev" plaintext_value: "https://gitea.refining.dev" - ricnsmart/gitea.token (kind=text, 加密) -token = "92a627..." encrypted_value: <密文> - -# SSH 密钥 → ricnsmart/ssh-key.ricnsmart-sh (kind=file, 加密) -~/.../keys/ricnsmart-sh.pem encrypted_value: <密文> - metadata: {"original_path": "ricnsmart-sh.pem"} -``` - -## CLI 命令设计 - -CLI 是 AI Agent 和人共用的主要接口。 - -```bash -# ===== 初始化 ===== -secrets init --server "https://secrets.example.com" -# 输入 master password → 从 Server 获取 salt → Argon2id 派生 Master Key -# → Master Key + API Token 存入 OS Keychain - -# ===== 项目管理 ===== -secrets project list # 列出所有项目 -secrets project create ricnsmart # 创建项目 -secrets project delete ricnsmart # 删除项目(需确认) - -# ===== Secret CRUD ===== -secrets set ricnsmart/aliyun.ak "LTAI5t..." # 创建(默认加密) -secrets set ricnsmart/gitea.url "https://..." --no-encrypt # 创建(不加密) -secrets set ricnsmart/ssh.key --file ~/.ssh/ricnsmart.pem # 从文件创建(加密) -secrets set ricnsmart/server.primary --json '{"host":...}' # JSON 类型(加密) - -secrets get ricnsmart/aliyun.ak # 获取值(本地解密,输出到 stdout) -secrets list # 列出所有(不显示值) -secrets list ricnsmart/ # 按项目过滤 -secrets list --pattern "ssh.*" # 模糊匹配 key -secrets list --kind file # 按类型过滤 -secrets delete ricnsmart/aliyun.ak # 删除 - -# ===== 生成随机密码 ===== -secrets generate ricnsmart/db.password --length 32 # 默认字符集 -secrets generate ricnsmart/api.key --length 64 --charset hex # 指定字符集 -# → 本地生成 → 本地加密 → 密文存 Server -# → 输出: "已生成并存储,环境变量名: RICNSMART_DB_PASSWORD" - -# ===== 环境变量注入 ===== -# macOS / Linux (bash/zsh) -eval $(secrets inject ricnsmart --export) - -# Windows PowerShell -secrets inject ricnsmart --export-ps | Invoke-Expression - -# 通用方式(所有平台,启动子进程) -secrets inject ricnsmart -- ./app - -# 选择性注入 -secrets inject ricnsmart --keys "aliyun.*,ssh.*" --export - -# ===== 导入 ===== -secrets import config.toml --project ricnsmart # 从 TOML 导入 -secrets import config.toml --project ricnsmart --dry-run # 预览 -``` - -## 安全注意事项 - -### Secret 生命周期 - -``` -创建: CLI set / generate → 本地加密 → HTTPS → Server 存密文到 PG - Web UI 输入 → WASM 加密 → HTTPS → Server 存密文到 PG -读取: CLI inject → HTTPS 拉取密文 → 本地解密 → 注入环境变量 - Web UI 查看 → HTTPS 拉取密文 → WASM 解密 → 浏览器显示 -使用: AI 写 shell 命令引用 $VAR → 本地 shell 展开为真实值 → 执行 -清理: 进程退出后环境变量消失,Web UI 关闭后 master key 消失 -``` - -### 威胁模型 - -| 威胁 | 防御措施 | -|------|---------| -| PostgreSQL 被攻破 | 客户端加密,PG 只有密文,Server 不持有 Master Key | -| Server 被攻破 | 敏感数据为客户端密文,非敏感数据暴露但不含凭证 | -| 设备丢失 | Master Key 在 OS Keychain(需要设备密码/生物识别) | -| LLM 提供商窥探 | 使用阶段 secret 不进入 LLM context,只有变量名 | -| 命令输出泄露 secret | 可选输出脱敏(Phase 2,替换已知 secret 值为 `***`) | -| Master Password 弱 | Argon2id 高计算成本(推荐:m=64MB, t=3, p=4) | -| 传输层攻击 | HTTPS/TLS 加密传输 | -| WASM 模块被篡改 | Server 托管 WASM,可通过 SRI (Subresource Integrity) 校验 | - -### 不防御的场景 - -- 设备上的 root 权限攻击者(可直接读取进程环境变量或内存) -- 用户主动将 secret 粘贴到聊天中(行为问题,非技术问题) -- AI 通过 `echo $VAR` 读取环境变量值并返回到 LLM 上下文(已知弱点,Phase 2 输出脱敏可缓解) - -## 技术选型 - -| 组件 | 选择 | 理由 | -|------|------|------| -| 语言 | Rust | 单二进制分发、加密库成熟、性能好、编译为 native + WASM | -| 加密 | `aes-gcm` crate | AEAD,业界标准 | -| 密钥派生 | `argon2` crate | 抗 GPU/ASIC,OWASP 推荐,支持 WASM 编译 | -| OS Keychain | `keyring` crate | 跨平台(macOS Keychain / Windows Credential Manager / Linux libsecret) | -| 数据库 | PostgreSQL 18 + `sqlx` crate | async、编译期 SQL 检查、JSONB 原生支持 | -| HTTP Server | `axum` crate | Rust 生态主流、tokio 驱动、tower 中间件 | -| WASM 绑定 | `wasm-bindgen` + `wasm-pack` | Rust → WASM 标准工具链 | -| CLI 框架 | `clap` crate | Rust 生态标准 | -| 序列化 | `serde` + `serde_json` | JSON 处理标准库 | - -## 开发计划 - -### Phase 1: MVP(Server + CLI) - -- [ ] Cargo workspace 脚手架(`crypto` + `server` + `cli`) -- [ ] `crypto` crate:AES-256-GCM + Argon2id + 信封加密 -- [ ] PostgreSQL 18 schema + 迁移脚本 -- [ ] `server` crate:Axum HTTPS API(CRUD + config + 认证) -- [ ] `cli` crate:init / set / get / list / delete / generate / inject -- [ ] 跨平台 OS Keychain 集成(macOS / Windows / Linux) -- [ ] 跨平台 inject 命令(bash/zsh + PowerShell) -- [ ] `secrets import config.toml` 从现有配置导入 - -### Phase 2: Web UI + 增强 - -- [ ] `web` crate:crypto 编译为 WASM + wasm-bindgen 绑定 -- [ ] Web UI 前端:CRUD 管理界面 + WASM 浏览器端加解密 -- [ ] Server 托管 Web UI + WASM 静态文件 -- [ ] TOTP 支持(存储 TOTP seed,生成一次性验证码) -- [ ] 输出脱敏(可选,替换已知 secret 值为 `***`) -- [ ] 审计日志 - -### Phase 3: 扩展 - -- [ ] MCP Server(可选 AI 增强,stdio 模式) -- [ ] 模板渲染(`secrets template config.tpl > config.yaml`) -- [ ] 团队共享(多用户 + RBAC) -- [ ] Secret 轮换提醒 -- [ ] CI/CD 集成(Gitea Actions 中使用) - -## 参考 - -- [MCP 协议规范](https://modelcontextprotocol.io/) -- [Infisical](https://github.com/Infisical/infisical) — 开源 Secret Manager -- [age](https://github.com/FiloSottile/age) — 文件加密工具 -- [SOPS](https://github.com/getsops/sops) — Mozilla 的加密文件编辑器 -- [Rust `aes-gcm`](https://docs.rs/aes-gcm/) — AEAD 加密 -- [Rust `argon2`](https://docs.rs/argon2/) — 密码哈希 -- [Rust `keyring`](https://docs.rs/keyring/) — 跨平台 Keychain -- [Rust `axum`](https://docs.rs/axum/) — HTTP Server 框架 -- [wasm-bindgen](https://rustwasm.github.io/wasm-bindgen/) — Rust WASM 绑定 -- [wasm-pack](https://rustwasm.github.io/wasm-pack/) — Rust WASM 打包工具 diff --git a/scripts/setup-gitea-actions.sh b/scripts/setup-gitea-actions.sh new file mode 100755 index 0000000..dcfd0dc --- /dev/null +++ b/scripts/setup-gitea-actions.sh @@ -0,0 +1,177 @@ +#!/usr/bin/env bash +# +# 为 refining/secrets 仓库配置 Gitea Actions 所需的 Secrets 和 Variables +# 参考: .gitea/workflows/secrets.yml +# +# 所需配置: +# - secrets.RELEASE_TOKEN (必选) Release 上传用,值为 Gitea PAT +# - vars.WEBHOOK_URL (可选) 飞书通知 +# +# 注意: Gitea 不允许 secret/variable 名以 GITEA_ 或 GITHUB_ 开头,故使用 RELEASE_TOKEN +# +# 用法: +# 1. 从 ~/.config/gitea/config.env 读取 GITEA_URL, GITEA_TOKEN, GITEA_WEBHOOK_URL +# 2. 或通过环境变量覆盖: GITEA_TOKEN(作为 RELEASE_TOKEN 的值), WEBHOOK_URL +# 3. 或使用 secrets CLI 获取: 需 DATABASE_URL,从 refining/service gitea 读取 +# + +set -e + +OWNER="refining" +REPO="secrets" + +# 解析参数 +USE_SECRETS_CLI=false +while [[ $# -gt 0 ]]; do + case $1 in + --from-secrets) USE_SECRETS_CLI=true; shift ;; + -h|--help) + echo "用法: $0 [--from-secrets]" + echo "" + echo " --from-secrets 从 secrets CLI (refining/service gitea) 获取 token 和 webhook_url" + echo " 否则从 ~/.config/gitea/config.env 读取" + echo "" + echo "环境变量覆盖:" + echo " GITEA_URL Gitea 实例地址" + echo " GITEA_TOKEN 用于 Release 上传的 PAT (创建 RELEASE_TOKEN secret)" + echo " WEBHOOK_URL 飞书 Webhook URL (创建 variable,可选)" + exit 0 + ;; + *) shift ;; + esac +done + +# 加载配置 +load_config() { + local config="$HOME/.config/gitea/config.env" + if [[ -f "$config" ]]; then + # shellcheck source=/dev/null + source "$config" + fi +} + +# 从 secrets CLI 获取 gitea 凭据 +fetch_from_secrets() { + if ! command -v secrets &>/dev/null; then + echo "❌ secrets CLI 未找到,请先构建: cargo build --release" >&2 + return 1 + fi + # 输出 JSON 格式便于解析;需要 --show-secrets + # secrets 当前无 JSON 输出,用简单解析 + local out + out=$(secrets search -n refining --kind service -q gitea --show-secrets 2>/dev/null || true) + if [[ -z "$out" ]]; then + echo "❌ 未找到 refining/service gitea 记录" >&2 + return 1 + fi + # 简化:从 metadata 和 secrets 中提取,实际格式需根据 search 输出调整 + # 此处仅作占位,实际解析较复杂;建议用户优先用 config.env + echo "⚠️ --from-secrets 暂不支持自动解析,请使用 config.env 或环境变量" >&2 + return 1 +} + +load_config + +# 优先使用环境变量 +if [[ -n "$GITEA_TOKEN" && -z "$GITEA_URL" ]]; then + echo "❌ 请设置 GITEA_URL (或确保 config.env 中有)" >&2 + exit 1 +fi + +if [[ -z "$GITEA_URL" ]]; then + echo "❌ GITEA_URL 未配置" + echo " 请创建 ~/.config/gitea/config.env 或设置环境变量" >&2 + exit 1 +fi + +# 去掉 URL 尾部斜杠 +GITEA_URL="${GITEA_URL%/}" +# 确保使用 /api/v1 基础路径(若用户只写了根 URL) +[[ "$GITEA_URL" != *"/api/v1"* ]] || true + +API_BASE="${GITEA_URL}/api/v1" + +# 获取 GITEA_TOKEN(作为 workflow 中 secrets.RELEASE_TOKEN 的值) +if [[ -z "$GITEA_TOKEN" ]]; then + if $USE_SECRETS_CLI; then + fetch_from_secrets || exit 1 + fi + echo "❌ GITEA_TOKEN 未配置" + echo " 在 ~/.config/gitea/config.env 中设置,或 export GITEA_TOKEN=xxx" >&2 + echo " Token 需具备 repo 写权限(创建 Release、上传附件)" >&2 + exit 1 +fi + +echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" +echo "配置 Gitea Actions: $OWNER/$REPO" +echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" +echo "" + +# 1. 创建 Secret: RELEASE_TOKEN +echo "1. 创建 Secret: RELEASE_TOKEN" +encoded=$(echo -n "$GITEA_TOKEN" | base64) +resp=$(curl -s -w "\n%{http_code}" -X PUT \ + -H "Authorization: token $GITEA_TOKEN" \ + -H "Content-Type: application/json" \ + -d "{\"data\":\"${encoded}\"}" \ + "${API_BASE}/repos/${OWNER}/${REPO}/actions/secrets/RELEASE_TOKEN") +http_code=$(echo "$resp" | tail -n1) +body=$(echo "$resp" | sed '$d') + +if [[ "$http_code" == "200" || "$http_code" == "201" || "$http_code" == "204" ]]; then + echo " ✓ RELEASE_TOKEN 已创建/更新" +else + echo " ❌ 失败 (HTTP $http_code)" >&2 + echo "$body" | jq -r '.message // .' 2>/dev/null || echo "$body" >&2 + exit 1 +fi + +# 2. 创建/更新 Variable: WEBHOOK_URL(可选) +WEBHOOK_VALUE="${WEBHOOK_URL:-$GITEA_WEBHOOK_URL}" +if [[ -n "$WEBHOOK_VALUE" ]]; then + echo "" + echo "2. 创建/更新 Variable: WEBHOOK_URL" + resp=$(curl -s -w "\n%{http_code}" -X POST \ + -H "Authorization: token $GITEA_TOKEN" \ + -H "Content-Type: application/json" \ + -d "{\"value\":\"${WEBHOOK_VALUE}\"}" \ + "${API_BASE}/repos/${OWNER}/${REPO}/actions/variables/WEBHOOK_URL") + http_code=$(echo "$resp" | tail -n1) + body=$(echo "$resp" | sed '$d') + + if [[ "$http_code" == "200" || "$http_code" == "201" || "$http_code" == "204" ]]; then + echo " ✓ WEBHOOK_URL 已创建/更新" + elif [[ "$http_code" == "409" ]]; then + # 变量已存在,用 PUT 更新 + resp=$(curl -s -w "\n%{http_code}" -X PUT \ + -H "Authorization: token $GITEA_TOKEN" \ + -H "Content-Type: application/json" \ + -d "{\"value\":\"${WEBHOOK_VALUE}\"}" \ + "${API_BASE}/repos/${OWNER}/${REPO}/actions/variables/WEBHOOK_URL") + http_code=$(echo "$resp" | tail -n1) + if [[ "$http_code" == "200" || "$http_code" == "204" ]]; then + echo " ✓ WEBHOOK_URL 已更新" + else + echo " ⚠ 更新失败 (HTTP $http_code)" >&2 + fi + else + echo " ⚠ 失败 (HTTP $http_code),飞书通知将不可用" >&2 + fi +else + echo "" + echo "2. 跳过 WEBHOOK_URL(未配置 GITEA_WEBHOOK_URL 或 WEBHOOK_URL)" + echo " 飞书通知将不可用;如需可后续在仓库 Settings → Variables 中添加" +fi + +echo "" +echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" +echo "✓ 配置完成" +echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" +echo "" +echo "Workflow 将使用:" +echo " - secrets.RELEASE_TOKEN 创建 Release 并上传二进制" +echo " - vars.WEBHOOK_URL 发送飞书通知(如已配置)" +echo "" +echo "推送代码触发构建:" +echo " git push origin main" +echo "" diff --git a/src/commands/add.rs b/src/commands/add.rs new file mode 100644 index 0000000..e8a1de0 --- /dev/null +++ b/src/commands/add.rs @@ -0,0 +1,87 @@ +use anyhow::Result; +use serde_json::{Map, Value}; +use sqlx::PgPool; +use std::fs; + +/// Parse "key=value" entries. Value starting with '@' reads from file. +fn parse_kv(entry: &str) -> Result<(String, String)> { + let (key, raw_val) = entry.split_once('=').ok_or_else(|| { + anyhow::anyhow!( + "Invalid format '{}'. Expected: key=value or key=@file", + entry + ) + })?; + + let value = if let Some(path) = raw_val.strip_prefix('@') { + fs::read_to_string(path) + .map_err(|e| anyhow::anyhow!("Failed to read file '{}': {}", path, e))? + } else { + raw_val.to_string() + }; + + Ok((key.to_string(), value)) +} + +fn build_json(entries: &[String]) -> Result { + let mut map = Map::new(); + for entry in entries { + let (key, value) = parse_kv(entry)?; + map.insert(key, Value::String(value)); + } + Ok(Value::Object(map)) +} + +pub async fn run( + pool: &PgPool, + namespace: &str, + kind: &str, + name: &str, + tags: &[String], + meta_entries: &[String], + secret_entries: &[String], +) -> Result<()> { + let metadata = build_json(meta_entries)?; + let encrypted = build_json(secret_entries)?; + + sqlx::query( + r#" + INSERT INTO secrets (namespace, kind, name, tags, metadata, encrypted, updated_at) + VALUES ($1, $2, $3, $4, $5, $6, NOW()) + ON CONFLICT (namespace, kind, name) + DO UPDATE SET + tags = EXCLUDED.tags, + metadata = EXCLUDED.metadata, + encrypted = EXCLUDED.encrypted, + updated_at = NOW() + "#, + ) + .bind(namespace) + .bind(kind) + .bind(name) + .bind(tags) + .bind(&metadata) + .bind(&encrypted) + .execute(pool) + .await?; + + println!("Added: [{}/{}] {}", namespace, kind, name); + if !tags.is_empty() { + println!(" tags: {}", tags.join(", ")); + } + if !meta_entries.is_empty() { + let keys: Vec<&str> = meta_entries + .iter() + .filter_map(|s| s.split_once('=').map(|(k, _)| k)) + .collect(); + println!(" metadata: {}", keys.join(", ")); + } + if !secret_entries.is_empty() { + let keys: Vec<&str> = secret_entries + .iter() + .filter_map(|s| s.split_once('=').map(|(k, _)| k)) + .collect(); + println!(" secrets: {}", keys.join(", ")); + } + + Ok(()) +} diff --git a/src/commands/delete.rs b/src/commands/delete.rs new file mode 100644 index 0000000..f2163fe --- /dev/null +++ b/src/commands/delete.rs @@ -0,0 +1,20 @@ +use anyhow::Result; +use sqlx::PgPool; + +pub async fn run(pool: &PgPool, namespace: &str, kind: &str, name: &str) -> Result<()> { + let result = sqlx::query( + "DELETE FROM secrets WHERE namespace = $1 AND kind = $2 AND name = $3", + ) + .bind(namespace) + .bind(kind) + .bind(name) + .execute(pool) + .await?; + + if result.rows_affected() == 0 { + println!("Not found: [{}/{}] {}", namespace, kind, name); + } else { + println!("Deleted: [{}/{}] {}", namespace, kind, name); + } + Ok(()) +} diff --git a/src/commands/mod.rs b/src/commands/mod.rs new file mode 100644 index 0000000..a4398d9 --- /dev/null +++ b/src/commands/mod.rs @@ -0,0 +1,3 @@ +pub mod add; +pub mod delete; +pub mod search; diff --git a/src/commands/search.rs b/src/commands/search.rs new file mode 100644 index 0000000..f604c5f --- /dev/null +++ b/src/commands/search.rs @@ -0,0 +1,104 @@ +use anyhow::Result; +use sqlx::PgPool; + +use crate::models::Secret; + +pub async fn run( + pool: &PgPool, + namespace: Option<&str>, + kind: Option<&str>, + tag: Option<&str>, + query: Option<&str>, + show_secrets: bool, +) -> Result<()> { + let mut conditions: Vec = Vec::new(); + let mut idx: i32 = 1; + + if namespace.is_some() { + conditions.push(format!("namespace = ${}", idx)); + idx += 1; + } + if kind.is_some() { + conditions.push(format!("kind = ${}", idx)); + idx += 1; + } + if tag.is_some() { + conditions.push(format!("tags @> ARRAY[${}]", idx)); + idx += 1; + } + if query.is_some() { + conditions.push(format!( + "(name ILIKE ${i} OR namespace ILIKE ${i} OR kind ILIKE ${i} OR metadata::text ILIKE ${i} OR EXISTS (SELECT 1 FROM unnest(tags) t WHERE t ILIKE ${i}))", + i = idx + )); + } + + let where_clause = if conditions.is_empty() { + String::new() + } else { + format!("WHERE {}", conditions.join(" AND ")) + }; + + let sql = format!( + "SELECT * FROM secrets {} ORDER BY namespace, kind, name", + where_clause + ); + + let mut q = sqlx::query_as::<_, Secret>(&sql); + if let Some(v) = namespace { + q = q.bind(v); + } + if let Some(v) = kind { + q = q.bind(v); + } + if let Some(v) = tag { + q = q.bind(v); + } + if let Some(v) = query { + q = q.bind(format!("%{}%", v)); + } + + let rows = q.fetch_all(pool).await?; + + if rows.is_empty() { + println!("No records found."); + return Ok(()); + } + + for row in &rows { + println!( + "[{}/{}] {}", + row.namespace, row.kind, row.name, + ); + println!(" id: {}", row.id); + + if !row.tags.is_empty() { + println!(" tags: [{}]", row.tags.join(", ")); + } + + let meta_obj = row.metadata.as_object(); + if let Some(m) = meta_obj { + if !m.is_empty() { + println!(" metadata: {}", serde_json::to_string_pretty(&row.metadata)?); + } + } + + if show_secrets { + println!(" secrets: {}", serde_json::to_string_pretty(&row.encrypted)?); + } else { + let keys: Vec = row + .encrypted + .as_object() + .map(|m| m.keys().cloned().collect()) + .unwrap_or_default(); + if !keys.is_empty() { + println!(" secrets: [{}] (--show-secrets to reveal)", keys.join(", ")); + } + } + + println!(" created: {}", row.created_at.format("%Y-%m-%d %H:%M:%S UTC")); + println!(); + } + println!("{} record(s) found.", rows.len()); + Ok(()) +} diff --git a/src/db.rs b/src/db.rs new file mode 100644 index 0000000..165a762 --- /dev/null +++ b/src/db.rs @@ -0,0 +1,44 @@ +use anyhow::Result; +use sqlx::postgres::PgPoolOptions; +use sqlx::PgPool; + +pub async fn create_pool(database_url: &str) -> Result { + let pool = PgPoolOptions::new() + .max_connections(5) + .connect(database_url) + .await?; + Ok(pool) +} + +pub async fn migrate(pool: &PgPool) -> Result<()> { + sqlx::raw_sql( + r#" + CREATE TABLE IF NOT EXISTS secrets ( + id UUID PRIMARY KEY DEFAULT uuidv7(), + namespace VARCHAR(64) NOT NULL, + kind VARCHAR(64) NOT NULL, + name VARCHAR(256) NOT NULL, + tags TEXT[] NOT NULL DEFAULT '{}', + metadata JSONB NOT NULL DEFAULT '{}', + encrypted JSONB NOT NULL DEFAULT '{}', + created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), + updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), + UNIQUE(namespace, kind, name) + ); + + -- idempotent column add for existing tables + DO $$ BEGIN + ALTER TABLE secrets ADD COLUMN IF NOT EXISTS metadata JSONB NOT NULL DEFAULT '{}'; + EXCEPTION WHEN OTHERS THEN NULL; + END $$; + + CREATE INDEX IF NOT EXISTS idx_secrets_namespace ON secrets(namespace); + CREATE INDEX IF NOT EXISTS idx_secrets_kind ON secrets(kind); + CREATE INDEX IF NOT EXISTS idx_secrets_tags ON secrets USING GIN(tags); + CREATE INDEX IF NOT EXISTS idx_secrets_metadata ON secrets USING GIN(metadata jsonb_path_ops); + "#, + ) + .execute(pool) + .await?; + Ok(()) +} diff --git a/src/main.rs b/src/main.rs new file mode 100644 index 0000000..8dbb1d0 --- /dev/null +++ b/src/main.rs @@ -0,0 +1,132 @@ +mod commands; +mod db; +mod models; + +use anyhow::Result; +use clap::{Parser, Subcommand}; +use dotenvy::dotenv; + +#[derive(Parser)] +#[command(name = "secrets", version, about = "Secrets & config manager backed by PostgreSQL")] +struct Cli { + /// Database URL (or set DATABASE_URL env var) + #[arg(long, env = "DATABASE_URL", global = true, default_value = "")] + db_url: String, + + #[command(subcommand)] + command: Commands, +} + +#[derive(Subcommand)] +enum Commands { + /// Add or update a record (upsert) + Add { + /// Namespace (e.g. refining, ricnsmart) + #[arg(short, long)] + namespace: String, + /// Kind of record (server, service, key, ...) + #[arg(long)] + kind: String, + /// Human-readable name + #[arg(long)] + name: String, + /// Tags for categorization (repeatable) + #[arg(long = "tag")] + tags: Vec, + /// Plaintext metadata entry: key=value (repeatable, key=@file reads from file) + #[arg(long = "meta", short = 'm')] + meta: Vec, + /// Secret entry: key=value (repeatable, key=@file reads from file) + #[arg(long = "secret", short = 's')] + secrets: Vec, + }, + + /// Search records + Search { + /// Filter by namespace + #[arg(short, long)] + namespace: Option, + /// Filter by kind + #[arg(long)] + kind: Option, + /// Filter by tag + #[arg(long)] + tag: Option, + /// Search by keyword (matches name, namespace, kind) + #[arg(short, long)] + query: Option, + /// Reveal encrypted secret values + #[arg(long)] + show_secrets: bool, + }, + + /// Delete a record + Delete { + /// Namespace + #[arg(short, long)] + namespace: String, + /// Kind + #[arg(long)] + kind: String, + /// Name + #[arg(long)] + name: String, + }, +} + +#[tokio::main] +async fn main() -> Result<()> { + dotenv().ok(); + + let cli = Cli::parse(); + + let db_url = if cli.db_url.is_empty() { + std::env::var("DATABASE_URL").map_err(|_| { + anyhow::anyhow!("DATABASE_URL not set. Use --db-url or set DATABASE_URL env var.") + })? + } else { + cli.db_url.clone() + }; + + let pool = db::create_pool(&db_url).await?; + db::migrate(&pool).await?; + + match &cli.command { + Commands::Add { + namespace, + kind, + name, + tags, + meta, + secrets, + } => { + commands::add::run(&pool, namespace, kind, name, tags, meta, secrets).await?; + } + Commands::Search { + namespace, + kind, + tag, + query, + show_secrets, + } => { + commands::search::run( + &pool, + namespace.as_deref(), + kind.as_deref(), + tag.as_deref(), + query.as_deref(), + *show_secrets, + ) + .await?; + } + Commands::Delete { + namespace, + kind, + name, + } => { + commands::delete::run(&pool, namespace, kind, name).await?; + } + } + + Ok(()) +} diff --git a/src/models.rs b/src/models.rs new file mode 100644 index 0000000..aa1d6c8 --- /dev/null +++ b/src/models.rs @@ -0,0 +1,17 @@ +use chrono::{DateTime, Utc}; +use serde::{Deserialize, Serialize}; +use serde_json::Value; +use uuid::Uuid; + +#[derive(Debug, Serialize, Deserialize, sqlx::FromRow)] +pub struct Secret { + pub id: Uuid, + pub namespace: String, + pub kind: String, + pub name: String, + pub tags: Vec, + pub metadata: Value, + pub encrypted: Value, + pub created_at: DateTime, + pub updated_at: DateTime, +}