Merge pull request #1 from mohammadumar-dev/develop

Initial release: Production-ready Passkeys CLI password manager

Author: mohammadumar-dev

.env.example

@@ -0,0 +1 @@
+DATABASE_URL=postgres://postgres:12345@localhost:5432/cli

.gitignore

@@ -1,12 +1,8 @@
-# Byte-compiled / optimized / DLL files
+# Python
 __pycache__/
-*.py[codz]
+*.py[cod]
 *$py.class
-
-# C extensions
 *.so
-
-# Distribution / packaging
 .Python
 build/
 develop-eggs/
@@ -20,188 +16,29 @@ parts/
 sdist/
 var/
 wheels/
-share/python-wheels/
 *.egg-info/
 .installed.cfg
 *.egg
-MANIFEST
-
-# PyInstaller
-#  Usually these files are written by a python script from a template
-#  before PyInstaller builds the exe, so as to inject date/other infos into it.
-*.manifest
-*.spec
-
-# Installer logs
-pip-log.txt
-pip-delete-this-directory.txt
-
-# Unit test / coverage reports
-htmlcov/
-.tox/
-.nox/
-.coverage
-.coverage.*
-.cache
-nosetests.xml
-coverage.xml
-*.cover
-*.py.cover
-.hypothesis/
-.pytest_cache/
-cover/
-
-# Translations
-*.mo
-*.pot
-
-# Django stuff:
-*.log
-local_settings.py
-db.sqlite3
-db.sqlite3-journal
-
-# Flask stuff:
-instance/
-.webassets-cache
-
-# Scrapy stuff:
-.scrapy
-
-# Sphinx documentation
-docs/_build/
-
-# PyBuilder
-.pybuilder/
-target/
-
-# Jupyter Notebook
-.ipynb_checkpoints
-
-# IPython
-profile_default/
-ipython_config.py
-
-# pyenv
-#   For a library or package, you might want to ignore these files since the code is
-#   intended to run in multiple environments; otherwise, check them in:
-# .python-version
-
-# pipenv
-#   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
-#   However, in case of collaboration, if having platform-specific dependencies or dependencies
-#   having no cross-platform support, pipenv may install dependencies that don't work, or not
-#   install all needed dependencies.
-#Pipfile.lock
-
-# UV
-#   Similar to Pipfile.lock, it is generally recommended to include uv.lock in version control.
-#   This is especially recommended for binary packages to ensure reproducibility, and is more
-#   commonly ignored for libraries.
-#uv.lock
-
-# poetry
-#   Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control.
-#   This is especially recommended for binary packages to ensure reproducibility, and is more
-#   commonly ignored for libraries.
-#   https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
-#poetry.lock
-#poetry.toml
 
-# pdm
-#   Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
-#   pdm recommends including project-wide configuration in pdm.toml, but excluding .pdm-python.
-#   https://pdm-project.org/en/latest/usage/project/#working-with-version-control
-#pdm.lock
-#pdm.toml
-.pdm-python
-.pdm-build/
-
-# pixi
-#   Similar to Pipfile.lock, it is generally recommended to include pixi.lock in version control.
-#pixi.lock
-#   Pixi creates a virtual environment in the .pixi directory, just like venv module creates one
-#   in the .venv directory. It is recommended not to include this directory in version control.
-.pixi
-
-# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm
-__pypackages__/
-
-# Celery stuff
-celerybeat-schedule
-celerybeat.pid
-
-# SageMath parsed files
-*.sage.py
-
-# Environments
+# Environment
 .env
-.envrc
 .venv
 env/
 venv/
 ENV/
 env.bak/
 venv.bak/
 
-# Spyder project settings
-.spyderproject
-.spyproject
-
-# Rope project settings
-.ropeproject
-
-# mkdocs documentation
-/site
-
-# mypy
-.mypy_cache/
-.dmypy.json
-dmypy.json
-
-# Pyre type checker
-.pyre/
+# IDE
+.vscode/
+.idea/
+*.swp
+*.swo
+*~
 
-# pytype static type analyzer
-.pytype/
+# OS
+.DS_Store
+Thumbs.db
 
-# Cython debug symbols
-cython_debug/
-
-# PyCharm
-#  JetBrains specific template is maintained in a separate JetBrains.gitignore that can
-#  be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
-#  and can be added to the global gitignore or merged into this file.  For a more nuclear
-#  option (not recommended) you can uncomment the following to ignore the entire idea folder.
-#.idea/
-
-# Abstra
-# Abstra is an AI-powered process automation framework.
-# Ignore directories containing user credentials, local state, and settings.
-# Learn more at https://abstra.io/docs
-.abstra/
-
-# Visual Studio Code
-#  Visual Studio Code specific template is maintained in a separate VisualStudioCode.gitignore 
-#  that can be found at https://github.com/github/gitignore/blob/main/Global/VisualStudioCode.gitignore
-#  and can be added to the global gitignore or merged into this file. However, if you prefer, 
-#  you could uncomment the following to ignore the entire vscode folder
-# .vscode/
-
-# Ruff stuff:
-.ruff_cache/
-
-# PyPI configuration file
-.pypirc
-
-# Cursor
-#  Cursor is an AI-powered code editor. `.cursorignore` specifies files/directories to
-#  exclude from AI features like autocomplete and code analysis. Recommended for sensitive data
-#  refer to https://docs.cursor.com/context/ignore-files
-.cursorignore
-.cursorindexingignore
-
-# Marimo
-marimo/_static/
-marimo/_lsp/
-__marimo__/
+# Logs
+*.log

README.md

@@ -1 +1,125 @@
-# passkeys-cli
+# Passkeys CLI - Production-Ready Password Manager
+
+A secure, production-level command-line password manager with encryption, validation, and enhanced user experience.
+
+## Features
+
+- 🔐 **Secure Encryption**: AES-GCM encryption with Scrypt key derivation
+- ✅ **Input Validation**: Comprehensive validation for all user inputs
+- 🔑 **Password Confirmation**: Mandatory password confirmation for create/update operations
+- 🎨 **Enhanced CLI**: Beautiful, colorized terminal interface
+- 🛡️ **Production-Ready**: Robust error handling and transaction management
+- 🔒 **Master Password**: Argon2 hashed master password protection
+- 📊 **Formatted Output**: Clean, readable table displays
+- 🎲 **Password Generator**: Cryptographically secure password generation
+
+## Installation
+
+1. **Install dependencies:**
+   ```bash
+   pip install -r requirements.txt
+   ```
+
+2. **Set up environment variables:**
+   Create a `.env` file in the project root:
+   ```env
+   DATABASE_URL=your_postgresql_connection_string
+   ```
+
+3. **Set up database schema:**
+   ```sql
+   CREATE TABLE master_key (
+       id INT PRIMARY KEY,
+       password_hash TEXT NOT NULL,
+       salt BYTEA NOT NULL
+   );
+
+   CREATE TABLE vault (
+       id UUID PRIMARY KEY,
+       service TEXT NOT NULL,
+       username TEXT NOT NULL,
+       secret BYTEA NOT NULL,
+       created_at TIMESTAMP DEFAULT now(),
+       updated_at TIMESTAMP DEFAULT now()
+   );
+   ```
+
+## Usage
+
+Run the application:
+```bash
+python main.py
+```
+
+### Menu Options
+
+1. **View passkeys** - List all stored passkeys with formatted table display
+2. **Create passkey** - Add a new passkey (requires password confirmation)
+3. **Update passkey** - Update an existing passkey (requires password confirmation)
+4. **Delete passkey** - Remove a passkey (requires confirmation)
+5. **Generate password** - Generate a secure random password
+6. **Exit** - Exit the application
+
+## Production Features
+
+### Input Validation
+- Service names: 2-100 characters, alphanumeric + special chars
+- Usernames: 1-255 characters
+- Passwords: Minimum 8 characters, maximum 1000 characters
+- Entry IDs: Valid UUID format validation
+
+### Security
+- AES-GCM encryption for all secrets
+- Scrypt key derivation (n=2^14, r=8, p=1)
+- Argon2 password hashing for master password
+- Secure random password generation
+- Input sanitization and validation
+
+### Error Handling
+- Comprehensive exception handling
+- Clear, user-friendly error messages
+- Database transaction rollback on errors
+- Graceful handling of invalid inputs
+
+### User Experience
+- Colorized terminal output
+- Formatted tables and menus
+- Clear success/error/warning messages
+- Password confirmation for critical operations
+- Confirmation prompts for destructive actions
+
+## Project Structure
+
+```
+passkeys/
+├── main.py          # CLI entry point with enhanced UI
+├── auth.py          # Master password logic with validation
+├── crypto.py        # Encryption/decryption utilities
+├── db.py            # Database connection management
+├── vault.py         # CRUD operations with validation
+├── generator.py     # Secure password generation
+├── validation.py    # Input validation utilities
+├── ui.py            # Enhanced CLI UI components
+├── config.py        # Environment configuration
+├── requirements.txt # Python dependencies
+└── README.md        # This file
+```
+
+## Security Best Practices
+
+1. **Master Password**: Choose a strong master password (minimum 8 characters)
+2. **Database Security**: Use secure database credentials and connection strings
+3. **Environment Variables**: Never commit `.env` files to version control
+4. **Backup**: Regularly backup your database
+5. **Access Control**: Restrict file permissions on sensitive files
+
+## Error Codes
+
+- `INVALID_ENTRY_ID`: Entry ID format is invalid
+- `ENTRY_NOT_FOUND`: Requested entry does not exist
+- `MASTER_PASSWORD_MISMATCH`: Master password verification failed
+- `MASTER_NOT_SET`: Master password has not been configured
+
+## License
+
+This project is provided as-is for educational and personal use.