purple-ssh 3.6.0

Open-source terminal SSH manager that keeps ~/.ssh/config in sync with your cloud infra. Spin up a VM on AWS, GCP, Azure, Hetzner or 12 other cloud providers and it appears in your host list. Destroy it and the entry dims. Search hundreds of hosts, transfer files, manage Docker and Podman over SSH, sign Vault SSH certs. Rust TUI, MIT licensed.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396

// ── Add host validation ─────────────────────────────────────────

pub const ALIAS_EMPTY: &str = "Alias can't be empty. Use --alias to specify one.";
pub const ALIAS_WHITESPACE: &str =
    "Alias can't contain whitespace. Use --alias to pick a simpler name.";
pub const ALIAS_PATTERN_CHARS: &str =
    "Alias can't contain pattern characters. Use --alias to pick a different name.";
pub const HOSTNAME_WHITESPACE: &str = "Hostname can't contain whitespace.";
pub const USER_WHITESPACE: &str = "User can't contain whitespace.";
pub const PASSWORD_EMPTY: &str = "Password can't be empty.";
pub const CANCELLED: &str = "Cancelled.";
pub const DESCRIPTION_CONTROL_CHARS: &str = "Description contains control characters.";

pub use super::contains_control_chars as control_chars;

pub fn welcome(alias: &str) -> String {
    format!("Welcome aboard, {}!", alias)
}

// ── Import ──────────────────────────────────────────────────────

pub const IMPORT_NO_FILE: &str =
    "Provide a file or use --known-hosts. Run 'purple import --help' for details.";

// ── Provider CLI ────────────────────────────────────────────────

pub const NO_PROVIDERS: &str = "No providers configured. Run 'purple provider add' to set one up.";

/// All supported provider slugs as a comma-separated string. Surfaced in
/// `unknown_provider` and `skipping_unknown_provider`. Kept as a single
/// const so adding a new provider only updates one place.
pub const PROVIDER_LIST: &str = "digitalocean, vultr, linode, hetzner, upcloud, proxmox, aws, \
     scaleway, gcp, azure, tailscale, oracle, ovh, leaseweb, i3d, transip";

/// Stderr line when the user passed `--provider X` for an unknown slug.
/// Different from `skipping_unknown_provider` so each call site can
/// evolve its wording without breaking the other.
pub fn unknown_provider(name: &str) -> String {
    format!("Never heard of '{}'. Try: {}.", name, PROVIDER_LIST)
}

/// Stderr line when iterating configured providers and one is unknown
/// (e.g. config file references a since-removed provider). The sync
/// continues with the remaining providers.
pub fn skipping_unknown_provider(name: &str) -> String {
    format!(
        "Skipping unknown provider '{}'. Try: {}.",
        name, PROVIDER_LIST
    )
}

/// Stderr line printed by `purple add` when the alias already exists.
/// Tells the user the exact flag to fix it instead of just complaining.
pub fn alias_already_exists(alias: &str) -> String {
    format!(
        "'{}' already exists. Use --alias to pick a different name.",
        alias
    )
}

/// Stderr lines printed after `purple import` when some lines failed
/// to parse or read. Use the singular/plural form via the count.
pub fn import_parse_failures(count: usize) -> String {
    let s = if count == 1 { "" } else { "s" };
    format!(
        "! {} line{} could not be parsed (invalid format).",
        count, s
    )
}

pub fn import_read_errors(count: usize) -> String {
    let s = if count == 1 { "" } else { "s" };
    format!("! {} line{} could not be read (encoding error).", count, s)
}

pub fn no_config_for(provider: &str) -> String {
    format!(
        "No configuration for {}. Run 'purple provider add {}' first.",
        provider, provider
    )
}

pub fn saved_config(provider: &str) -> String {
    format!("Saved {} configuration.", provider)
}

pub fn no_config_to_remove(provider: &str) -> String {
    format!("No configuration for '{}'. Nothing to remove.", provider)
}

pub fn removed_config(provider: &str) -> String {
    format!("Removed {} configuration.", provider)
}

// ── Tunnel CLI ──────────────────────────────────────────────────

pub fn no_tunnels_for(alias: &str) -> String {
    format!("No tunnels configured for {}.", alias)
}

pub fn tunnels_for(alias: &str) -> String {
    format!("Tunnels for {}:", alias)
}

pub const NO_TUNNELS: &str = "No tunnels configured.";

pub fn starting_tunnel(alias: &str) -> String {
    format!("Starting tunnel for {}... (Ctrl+C to stop)", alias)
}

pub fn host_not_found(alias: &str) -> String {
    format!("No host '{}' found.", alias)
}

pub fn added_forward(forward: &str, alias: &str) -> String {
    format!("Added {} to {}.", forward, alias)
}

pub fn forward_exists(forward: &str, alias: &str) -> String {
    format!("Forward {} already exists on {}.", forward, alias)
}

pub fn forward_not_found(forward: &str, alias: &str) -> String {
    format!("No matching forward {} found on {}.", forward, alias)
}

pub fn removed_forward(forward: &str, alias: &str) -> String {
    format!("Removed {} from {}.", forward, alias)
}

pub fn no_forwards(alias: &str) -> String {
    format!("No forwarding directives configured for '{}'.", alias)
}

pub fn save_config_failed(e: &impl std::fmt::Display) -> String {
    format!("Failed to save config: {}", e)
}

pub fn included_host_read_only(alias: &str) -> String {
    format!(
        "Host '{}' is from an included file and cannot be modified.",
        alias
    )
}

pub fn operation_failed(e: &impl std::fmt::Display) -> String {
    format!("Failed: {}", e)
}

// ── Snippet CLI ─────────────────────────────────────────────────

pub const NO_SNIPPETS: &str = "No snippets configured. Use 'purple snippet add' to create one.";

pub use super::snippet_added;
pub use super::snippet_removed;
pub use super::snippet_updated;

pub fn snippet_not_found(name: &str) -> String {
    format!("No snippet '{}' found.", name)
}

pub fn no_hosts_with_tag(tag: &str) -> String {
    format!("No hosts found with tag '{}'.", tag)
}

pub const SPECIFY_TARGET: &str = "Specify a host alias, --tag or --all.";

// ── Run/exec output ─────────────────────────────────────────────

pub fn beaming_up(alias: &str) -> String {
    format!("Beaming you up to {}...\n", alias)
}

pub fn running_snippet_on(name: &str, alias: &str) -> String {
    format!("Running '{}' on {}...\n", name, alias)
}

pub fn host_separator(alias: &str) -> String {
    format!("── {} ──", alias)
}

pub fn exited_with_code(code: i32) -> String {
    format!("Exited with code {}.", code)
}

pub const DONE: &str = "Done.";

pub fn done_multi(name: &str, count: usize) -> String {
    format!("Done. Ran '{}' on {} hosts.", name, count)
}

pub const PRESS_ENTER: &str = "Press Enter to continue...";

pub fn host_failed(alias: &str, e: &impl std::fmt::Display) -> String {
    format!("[{}] Failed: {}", alias, e)
}

pub fn skipping_host(alias: &str, e: &impl std::fmt::Display) -> String {
    format!("Skipping {}: {}", alias, e)
}

// ── Password CLI ────────────────────────────────────────────────

pub fn password_removed(alias: &str) -> String {
    format!("Password removed for {}.", alias)
}

// ── Log CLI ─────────────────────────────────────────────────────

pub fn log_deleted(path: &impl std::fmt::Display) -> String {
    format!("Log file deleted: {}", path)
}

pub fn no_log_file(path: &impl std::fmt::Display) -> String {
    format!("No log file found at {}", path)
}

// ── Theme CLI ───────────────────────────────────────────────────

pub const BUILTIN_THEMES: &str = "Built-in themes:";
pub const CUSTOM_THEMES: &str = "\nCustom themes:";

pub fn theme_set(name: &str) -> String {
    format!("Theme set to: {}", name)
}

// ── Sync output ─────────────────────────────────────────────────

pub fn syncing(name: &str, summary: &str) -> String {
    format!("\x1b[2K\rSyncing {}... {}", name, summary)
}

/// One-shot "Syncing X... " prefix without the cursor-clear/CR escapes.
/// Used before progress callbacks start emitting overwrite-style updates,
/// so the user sees something happening even if the provider is slow to
/// produce the first progress event.
pub fn syncing_start(name: &str) -> String {
    format!("Syncing {}... ", name)
}

/// Rendered before the dot-progress (`\u{2713}` or error) on each
/// per-host vault sign in the CLI bulk path. The trailing space is
/// intentional — the success/fail glyph follows on the same line.
pub fn vault_signing_host(alias: &str) -> String {
    format!("Signing {}... ", alias)
}

/// Stderr line emitted by `purple vault sign --all` when a host block
/// disappeared between the moment we enumerated it and the moment we
/// tried to write its CertificateFile (rename, delete, race with another
/// process). The cert is on disk; only the wiring is missing.
pub fn vault_sign_host_block_gone(alias: &str) -> String {
    format!(
        "  warning: {} no longer in ssh config; CertificateFile not written (cert saved on disk)",
        alias
    )
}

/// Single-word "failed." status the CLI sync output appends when a
/// provider fetch hit a hard error. Mirrors the trailing-status pattern
/// used by `syncing_start` so the line reads `Syncing X... failed.`.
pub const SYNC_FAILED: &str = "failed.";

pub fn servers_found_with_failures(count: usize, failures: usize, total: usize) -> String {
    format!(
        "{} servers found ({} of {} failed to fetch).",
        count, failures, total
    )
}

pub fn servers_found(count: usize) -> String {
    format!("{} servers found.", count)
}

pub fn sync_result(prefix: &str, added: usize, updated: usize, unchanged: usize) -> String {
    format!(
        "{}Added {}, updated {}, unchanged {}.",
        prefix, added, updated, unchanged
    )
}

pub fn sync_removed(count: usize) -> String {
    format!("  Removed {}.", count)
}

pub fn sync_stale(count: usize) -> String {
    format!("  Marked {} stale.", count)
}

pub fn sync_skip_remove(display_name: &str) -> String {
    format!(
        "! {}: skipping --remove due to partial failures.",
        display_name
    )
}

pub fn sync_error(display_name: &str, e: &impl std::fmt::Display) -> String {
    format!("! {}: {}", display_name, e)
}

pub const SYNC_SKIP_WRITE: &str =
    "! Skipping config write due to sync failures. Fix the errors and re-run.";

// ── Provider validation (CLI) ───────────────────────────────────

pub const PROXMOX_URL_REQUIRED: &str =
    "Proxmox requires --url (e.g. --url https://pve.example.com:8006).";
pub const AWS_REGIONS_REQUIRED: &str =
    "AWS requires --regions (e.g. --regions us-east-1,eu-west-1).";
pub const AZURE_REGIONS_REQUIRED: &str =
    "Azure requires --regions with one or more subscription IDs.";
pub const GCP_PROJECT_REQUIRED: &str = "GCP requires --project (e.g. --project my-gcp-project-id).";
pub use super::ALIAS_PREFIX_INVALID;

pub const WARN_URL_NOT_USED: &str =
    "Warning: --url is only used by the Proxmox provider. Ignoring.";
pub const WARN_PROFILE_NOT_USED: &str =
    "Warning: --profile is only used by the AWS provider. Ignoring.";
pub const WARN_PROJECT_NOT_USED: &str =
    "Warning: --project is only used by the GCP provider. Ignoring.";
pub const WARN_COMPARTMENT_NOT_USED: &str =
    "Warning: --compartment is only used by the Oracle provider. Ignoring.";
pub const WARN_NO_VERIFY_TLS_NOT_USED: &str =
    "Warning: --no-verify-tls is only used by the Proxmox provider. Ignoring.";
pub const WARN_VERIFY_TLS_NOT_USED: &str =
    "Warning: --verify-tls is only used by the Proxmox provider. Ignoring.";
pub const WARN_REGIONS_NOT_USED: &str = "Warning: --regions is only used by the AWS, Scaleway, GCP, Azure and Oracle providers. \
     Ignoring.";

/// Per-host status prefixes for `purple sync` output. Indented two
/// spaces so the result line aligns under the `Syncing X...` header.
/// `--dry-run` mode prepends "Would have:" so the user knows nothing
/// was written.
pub const SYNC_RESULT_PREFIX_LIVE: &str = "  ";
pub const SYNC_RESULT_PREFIX_DRY_RUN: &str = "  Would have: ";

/// Stderr line printed by `purple provider add` when the user-supplied
/// URL does not start with `https://`. CLI-flavoured: tells the user to
/// use the `--no-verify-tls` flag, distinct from the TUI variant which
/// references a Verify TLS toggle.
pub const PROVIDER_URL_REQUIRES_HTTPS: &str =
    "URL must start with https://. For self-signed certificates use --no-verify-tls.";

/// Reuse the TUI form's `Token can't be empty...` lines verbatim — the
/// remediation steps (paste a JSON file path, paste an OCI config path,
/// grab a token from the dashboard) are identical between CLI and TUI.
pub use super::PROVIDER_TOKEN_REQUIRED_GCP;
pub use super::PROVIDER_TOKEN_REQUIRED_ORACLE;
pub use super::azure_subscription_id_invalid;
pub use super::provider_token_required;

/// Stderr line printed when `purple provider add scaleway` is missing
/// `--regions`. Mirrors the Azure/GCP/Oracle pattern of including the
/// concrete flag form in the message.
pub const SCALEWAY_REGIONS_REQUIRED: &str = "Scaleway requires --regions with one or more zones \
     (e.g. --regions fr-par-1,nl-ams-1).";

pub const ORACLE_COMPARTMENT_REQUIRED: &str =
    "Oracle requires --compartment (e.g. --compartment ocid1.compartment.oc1..aaa...).";

// ── Vault CLI ───────────────────────────────────────────────────

pub fn vault_no_role(alias: &str) -> String {
    format!(
        "No Vault SSH role configured for '{}'. Set it in the host form \
         (Vault SSH Role field) or in the provider config (vault_role).",
        alias
    )
}

pub fn vault_cert_signed(path: &impl std::fmt::Display) -> String {
    format!("Certificate signed: {}", path)
}

pub fn vault_sign_failed(e: &impl std::fmt::Display) -> String {
    format!("failed: {}", e)
}

pub fn vault_config_update_warning(e: &impl std::fmt::Display) -> String {
    format!("Warning: Failed to update SSH config: {}", e)
}

// ── List hosts ──────────────────────────────────────────────────

pub const NO_HOSTS: &str = "No hosts configured. Run 'purple' to add some!";

// ── Token ───────────────────────────────────────────────────────

pub const NO_TOKEN: &str =
    "No token provided. Use --token, --token-stdin, or set PURPLE_TOKEN env var.";

// ── What's new (CLI) ────────────────────────────────────────────

pub mod whats_new {
    pub const HEADER: &str = "purple release notes";
}