@chriscode/hush 1.0.0 → 2.0.0

package/dist/commands/decrypt.js

@@ -1,105 +1,71 @@
 import { existsSync, mkdirSync, writeFileSync } from 'node:fs';
-import { dirname, join } from 'node:path';
+import { join } from 'node:path';
 import pc from 'picocolors';
-import { discoverPackages } from '../core/discover.js';
-import { expandVariables, formatEnvFile, getVarsForEnvironment, mergeEnvVars, parseEnvContent, parseEnvFile, } from '../core/parse.js';
+import { loadConfig } from '../config/loader.js';
+import { filterVarsForTarget } from '../core/filter.js';
+import { interpolateVars, getUnresolvedVars } from '../core/interpolate.js';
+import { mergeVars } from '../core/merge.js';
+import { parseEnvContent, parseEnvFile } from '../core/parse.js';
 import { decrypt as sopsDecrypt } from '../core/sops.js';
-/**
- * Get output files for a package based on its style and environment
- */
-function getOutputFiles(pkg, env) {
-    if (pkg.style === 'wrangler') {
-        // Wrangler always uses .dev.vars (even for "prod" we generate dev vars for local testing)
-        return [{ path: '.dev.vars', env }];
-    }
-    // Standard style outputs environment-specific files
-    if (env === 'dev') {
-        return [{ path: '.env.development', env: 'dev' }];
-    }
-    else {
-        return [{ path: '.env.production', env: 'prod' }];
-    }
+import { formatVars } from '../formats/index.js';
+import { FORMAT_OUTPUT_FILES } from '../types.js';
+function getEncryptedPath(sourcePath) {
+    return sourcePath + '.encrypted';
 }
-/**
- * Filter variables for a package based on naming conventions
- * - EXPO_PUBLIC_* vars only go to non-wrangler packages
- * - Other vars go to wrangler packages
- */
-function filterVarsForPackage(vars, pkg) {
-    if (pkg.style === 'wrangler') {
-        // Wrangler gets everything EXCEPT EXPO_PUBLIC_* vars
-        return vars.filter((v) => !v.key.startsWith('EXPO_PUBLIC_'));
-    }
-    // Standard packages get all vars (including EXPO_PUBLIC_*)
-    return vars;
-}
-/**
- * Decrypt command - decrypt .env.encrypted and generate env files for all packages
- */
 export async function decryptCommand(options) {
-    const { root, env = 'dev' } = options;
-    const encryptedPath = join(root, '.env.encrypted');
+    const { root, env } = options;
+    const config = loadConfig(root);
+    console.log(pc.blue(`Decrypting for ${env}...`));
+    const sharedEncrypted = join(root, getEncryptedPath(config.sources.shared));
+    const envEncrypted = join(root, getEncryptedPath(config.sources[env]));
     const localPath = join(root, '.env.local');
-    // Check encrypted file exists
-    if (!existsSync(encryptedPath)) {
-        console.error(pc.red(`Error: ${encryptedPath} not found`));
-        console.error(pc.dim('Create it with: pnpm secrets encrypt (after creating .env)'));
-        process.exit(1);
+    const varSources = [];
+    if (existsSync(sharedEncrypted)) {
+        const content = sopsDecrypt(sharedEncrypted);
+        const vars = parseEnvContent(content);
+        varSources.push(vars);
+        console.log(pc.dim(`  ${config.sources.shared}.encrypted: ${vars.length} vars`));
+    }
+    if (existsSync(envEncrypted)) {
+        const content = sopsDecrypt(envEncrypted);
+        const vars = parseEnvContent(content);
+        varSources.push(vars);
+        console.log(pc.dim(`  ${config.sources[env]}.encrypted: ${vars.length} vars`));
     }
-    console.log(pc.blue('Decrypting secrets...'));
-    // Decrypt the encrypted file
-    let decryptedContent;
-    try {
-        decryptedContent = sopsDecrypt(encryptedPath);
+    if (existsSync(localPath)) {
+        const vars = parseEnvFile(localPath);
+        varSources.push(vars);
+        console.log(pc.dim(`  .env.local: ${vars.length} vars (overrides)`));
     }
-    catch (error) {
-        console.error(pc.red(error.message));
+    if (varSources.length === 0) {
+        console.error(pc.red('No encrypted files found'));
+        console.error(pc.dim(`Expected: ${sharedEncrypted}`));
         process.exit(1);
     }
-    // Parse decrypted content
-    const allVars = parseEnvContent(decryptedContent);
-    console.log(pc.dim(`  Parsed ${allVars.length} variables from .env.encrypted`));
-    // Get vars for the target environment
-    const envVars = getVarsForEnvironment(allVars, env);
-    console.log(pc.dim(`  ${envVars.length} variables for ${env} environment`));
-    // Load local overrides if they exist
-    const localVars = parseEnvFile(localPath);
-    if (localVars.length > 0) {
-        console.log(pc.dim(`  ${localVars.length} local overrides from .env.local`));
+    const merged = mergeVars(...varSources);
+    const interpolated = interpolateVars(merged);
+    const unresolved = getUnresolvedVars(interpolated);
+    if (unresolved.length > 0) {
+        console.warn(pc.yellow(`  Warning: ${unresolved.length} vars have unresolved references`));
     }
-    // Merge and expand
-    const mergedVars = mergeEnvVars(envVars, localVars);
-    const expandedVars = expandVariables(mergedVars);
-    // Discover packages
-    const packages = await discoverPackages(root);
-    console.log(pc.blue(`\nDiscovered ${packages.length} packages:`));
-    // Generate output files for each package
-    for (const pkg of packages) {
-        const pkgDir = pkg.path ? join(root, pkg.path) : root;
-        const outputFiles = getOutputFiles(pkg, env);
-        const pkgVars = filterVarsForPackage(expandedVars, pkg);
-        if (pkgVars.length === 0) {
-            console.log(pc.dim(`  ${pkg.path || '.'} (${pkg.style}) - no applicable vars, skipped`));
+    console.log(pc.blue(`\nWriting to ${config.targets.length} targets:`));
+    for (const target of config.targets) {
+        const targetDir = join(root, target.path);
+        const filtered = filterVarsForTarget(interpolated, target);
+        if (filtered.length === 0) {
+            console.log(pc.dim(`  ${target.path}/ - no matching vars, skipped`));
             continue;
         }
-        for (const output of outputFiles) {
-            const outputPath = join(pkgDir, output.path);
-            // Ensure directory exists
-            const dir = dirname(outputPath);
-            if (!existsSync(dir)) {
-                mkdirSync(dir, { recursive: true });
-            }
-            // Write the file
-            const content = formatEnvFile(pkgVars);
-            writeFileSync(outputPath, content, 'utf-8');
-            const relativePath = pkg.path ? `${pkg.path}/${output.path}` : output.path;
-            console.log(pc.green(`  ${relativePath}`) +
-                pc.dim(` (${pkg.style}, ${pkgVars.length} vars)`));
+        const outputFilename = FORMAT_OUTPUT_FILES[target.format][env];
+        const outputPath = join(targetDir, outputFilename);
+        if (!existsSync(targetDir)) {
+            mkdirSync(targetDir, { recursive: true });
         }
+        const content = formatVars(filtered, target.format);
+        writeFileSync(outputPath, content, 'utf-8');
+        const relativePath = target.path === '.' ? outputFilename : `${target.path}/${outputFilename}`;
+        console.log(pc.green(`  ${relativePath}`) +
+            pc.dim(` (${target.format}, ${filtered.length} vars)`));
     }
-    // Also write root .env with shared vars (useful for scripts)
-    const rootEnvPath = join(root, '.env');
-    writeFileSync(rootEnvPath, formatEnvFile(expandedVars), 'utf-8');
-    console.log(pc.green(`  .env`) + pc.dim(` (root, ${expandedVars.length} vars)`));
     console.log(pc.green('\nDecryption complete'));
 }

package/dist/commands/edit.d.ts

@@ -1,9 +1,3 @@
-interface EditOptions {
-    root: string;
-}
-/**
- * Edit command - open .env.encrypted in editor via SOPS
- */
+import type { EditOptions } from '../types.js';
 export declare function editCommand(options: EditOptions): Promise<void>;
-export {};
 //# sourceMappingURL=edit.d.ts.map

package/dist/commands/edit.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"edit.d.ts","sourceRoot":"","sources":["../../src/commands/edit.ts"],"names":[],"mappings":"AAKA,UAAU,WAAW;IACnB,IAAI,EAAE,MAAM,CAAC;CACd;AAED;;GAEG;AACH,wBAAsB,WAAW,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CAyBrE"}
+{"version":3,"file":"edit.d.ts","sourceRoot":"","sources":["../../src/commands/edit.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAI/C,wBAAsB,WAAW,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CAqBrE"}

package/dist/commands/edit.js

@@ -1,28 +1,22 @@
 import { existsSync } from 'node:fs';
 import { join } from 'node:path';
 import pc from 'picocolors';
+import { loadConfig } from '../config/loader.js';
 import { edit as sopsEdit } from '../core/sops.js';
-/**
- * Edit command - open .env.encrypted in editor via SOPS
- */
 export async function editCommand(options) {
-    const { root } = options;
-    const encryptedPath = join(root, '.env.encrypted');
-    // Check encrypted file exists
+    const { root, file } = options;
+    const config = loadConfig(root);
+    const fileKey = file ?? 'shared';
+    const sourcePath = config.sources[fileKey];
+    const encryptedPath = join(root, sourcePath + '.encrypted');
     if (!existsSync(encryptedPath)) {
-        console.error(pc.red(`Error: ${encryptedPath} not found`));
-        console.error(pc.dim('Create it with: pnpm secrets encrypt (after creating .env)'));
-        process.exit(1);
-    }
-    console.log(pc.blue('Opening encrypted file in editor...'));
-    console.log(pc.dim('  (Changes will be encrypted on save)'));
-    try {
-        sopsEdit(encryptedPath);
-        console.log(pc.green('\nEdit complete'));
-        console.log(pc.dim('  Run "pnpm secrets decrypt" to update local env files.'));
-    }
-    catch (error) {
-        console.error(pc.red(error.message));
+        console.error(pc.red(`Encrypted file not found: ${sourcePath}.encrypted`));
+        console.error(pc.dim('Run "hush encrypt" first to create encrypted files'));
         process.exit(1);
     }
+    console.log(pc.blue(`Editing ${sourcePath}.encrypted...`));
+    console.log(pc.dim('Changes will be encrypted on save'));
+    sopsEdit(encryptedPath);
+    console.log(pc.green('\nEdit complete'));
+    console.log(pc.dim('Run "hush decrypt" to regenerate local env files'));
 }

package/dist/commands/encrypt.d.ts

@@ -1,9 +1,3 @@
-interface EncryptOptions {
-    root: string;
-}
-/**
- * Encrypt command - encrypt .env to .env.encrypted
- */
+import type { EncryptOptions } from '../types.js';
 export declare function encryptCommand(options: EncryptOptions): Promise<void>;
-export {};
 //# sourceMappingURL=encrypt.d.ts.map

package/dist/commands/encrypt.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"encrypt.d.ts","sourceRoot":"","sources":["../../src/commands/encrypt.ts"],"names":[],"mappings":"AAKA,UAAU,cAAc;IACtB,IAAI,EAAE,MAAM,CAAC;CACd;AAED;;GAEG;AACH,wBAAsB,cAAc,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC,CAyB3E"}
+{"version":3,"file":"encrypt.d.ts","sourceRoot":"","sources":["../../src/commands/encrypt.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAElD,wBAAsB,cAAc,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC,CAoC3E"}

package/dist/commands/encrypt.js

@@ -1,30 +1,34 @@
 import { existsSync } from 'node:fs';
 import { join } from 'node:path';
 import pc from 'picocolors';
+import { loadConfig } from '../config/loader.js';
 import { encrypt as sopsEncrypt } from '../core/sops.js';
-/**
- * Encrypt command - encrypt .env to .env.encrypted
- */
 export async function encryptCommand(options) {
     const { root } = options;
-    const inputPath = join(root, '.env');
-    const outputPath = join(root, '.env.encrypted');
-    // Check input file exists
-    if (!existsSync(inputPath)) {
-        console.error(pc.red(`Error: ${inputPath} not found`));
-        console.error(pc.dim('Create a .env file first, then run encrypt.'));
-        process.exit(1);
-    }
+    const config = loadConfig(root);
     console.log(pc.blue('Encrypting secrets...'));
-    console.log(pc.dim(`  Input: .env`));
-    console.log(pc.dim(`  Output: .env.encrypted`));
-    try {
-        sopsEncrypt(inputPath, outputPath);
-        console.log(pc.green('\nEncryption complete'));
-        console.log(pc.dim('  You can now commit .env.encrypted to git.'));
+    const sourceFiles = [
+        { key: 'shared', path: config.sources.shared },
+        { key: 'development', path: config.sources.development },
+        { key: 'production', path: config.sources.production },
+    ];
+    let encryptedCount = 0;
+    for (const { key, path } of sourceFiles) {
+        const sourcePath = join(root, path);
+        const encryptedPath = sourcePath + '.encrypted';
+        if (!existsSync(sourcePath)) {
+            console.log(pc.dim(`  ${path} - not found, skipping`));
+            continue;
+        }
+        sopsEncrypt(sourcePath, encryptedPath);
+        encryptedCount++;
+        console.log(pc.green(`  ${path}`) + pc.dim(` -> ${path}.encrypted`));
     }
-    catch (error) {
-        console.error(pc.red(error.message));
+    if (encryptedCount === 0) {
+        console.error(pc.red('\nNo source files found to encrypt'));
+        console.error(pc.dim('Create at least .env with your secrets'));
         process.exit(1);
     }
+    console.log(pc.green(`\nEncrypted ${encryptedCount} file(s)`));
+    console.log(pc.dim('You can now commit the .encrypted files to git'));
 }

package/dist/commands/has.d.ts

@@ -0,0 +1,9 @@
+import type { Environment } from '../types.js';
+export interface HasOptions {
+    root: string;
+    env: Environment;
+    key: string;
+    quiet: boolean;
+}
+export declare function hasCommand(options: HasOptions): Promise<void>;
+//# sourceMappingURL=has.d.ts.map

package/dist/commands/has.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"has.d.ts","sourceRoot":"","sources":["../../src/commands/has.ts"],"names":[],"mappings":"AAQA,OAAO,KAAK,EAAU,WAAW,EAAE,MAAM,aAAa,CAAC;AAEvD,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,WAAW,CAAC;IACjB,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,EAAE,OAAO,CAAC;CAChB;AAED,wBAAsB,UAAU,CAAC,OAAO,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CA2CnE"}

package/dist/commands/has.js

@@ -0,0 +1,45 @@
+import { existsSync } from 'node:fs';
+import { join } from 'node:path';
+import pc from 'picocolors';
+import { loadConfig } from '../config/loader.js';
+import { interpolateVars } from '../core/interpolate.js';
+import { mergeVars } from '../core/merge.js';
+import { parseEnvContent } from '../core/parse.js';
+import { decrypt as sopsDecrypt } from '../core/sops.js';
+export async function hasCommand(options) {
+    const { root, env, key, quiet } = options;
+    const config = loadConfig(root);
+    const sharedEncrypted = join(root, config.sources.shared + '.encrypted');
+    const envEncrypted = join(root, config.sources[env] + '.encrypted');
+    const varSources = [];
+    if (existsSync(sharedEncrypted)) {
+        const content = sopsDecrypt(sharedEncrypted);
+        varSources.push(parseEnvContent(content));
+    }
+    if (existsSync(envEncrypted)) {
+        const content = sopsDecrypt(envEncrypted);
+        varSources.push(parseEnvContent(content));
+    }
+    if (varSources.length === 0) {
+        if (!quiet) {
+            console.error(pc.red('No encrypted files found'));
+        }
+        process.exit(2);
+    }
+    const merged = mergeVars(...varSources);
+    const interpolated = interpolateVars(merged);
+    const found = interpolated.find(v => v.key === key);
+    const exists = found !== undefined && found.value.length > 0;
+    if (!quiet) {
+        if (exists) {
+            console.log(pc.green(`${key} is set (${found.value.length} chars)`));
+        }
+        else if (found) {
+            console.log(pc.yellow(`${key} exists but is empty`));
+        }
+        else {
+            console.log(pc.red(`${key} not found`));
+        }
+    }
+    process.exit(exists ? 0 : 1);
+}

package/dist/commands/init.d.ts

@@ -0,0 +1,3 @@
+import type { InitOptions } from '../types.js';
+export declare function initCommand(options: InitOptions): Promise<void>;
+//# sourceMappingURL=init.d.ts.map

package/dist/commands/init.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"init.d.ts","sourceRoot":"","sources":["../../src/commands/init.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAc,WAAW,EAAU,MAAM,aAAa,CAAC;AAqCnE,wBAAsB,WAAW,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CAkCrE"}

package/dist/commands/init.js

@@ -0,0 +1,63 @@
+import { existsSync, readdirSync, writeFileSync } from 'node:fs';
+import { join } from 'node:path';
+import pc from 'picocolors';
+import { stringify as stringifyYaml } from 'yaml';
+import { findConfigPath } from '../config/loader.js';
+import { DEFAULT_SOURCES } from '../types.js';
+function detectTargets(root) {
+    const targets = [{ name: 'root', path: '.', format: 'dotenv' }];
+    const entries = readdirSync(root, { withFileTypes: true });
+    for (const entry of entries) {
+        if (!entry.isDirectory())
+            continue;
+        if (entry.name.startsWith('.') || entry.name === 'node_modules')
+            continue;
+        const dirPath = join(root, entry.name);
+        const packageJsonPath = join(dirPath, 'package.json');
+        const wranglerPath = join(dirPath, 'wrangler.toml');
+        if (!existsSync(packageJsonPath))
+            continue;
+        if (existsSync(wranglerPath)) {
+            targets.push({
+                name: entry.name,
+                path: `./${entry.name}`,
+                format: 'wrangler',
+                exclude: ['EXPO_PUBLIC_*', 'NEXT_PUBLIC_*', 'VITE_*'],
+            });
+        }
+        else {
+            targets.push({
+                name: entry.name,
+                path: `./${entry.name}`,
+                format: 'dotenv',
+            });
+        }
+    }
+    return targets;
+}
+export async function initCommand(options) {
+    const { root } = options;
+    const existingConfig = findConfigPath(root);
+    if (existingConfig) {
+        console.error(pc.red(`Config already exists: ${existingConfig}`));
+        process.exit(1);
+    }
+    console.log(pc.blue('Initializing hush...'));
+    const targets = detectTargets(root);
+    const config = {
+        sources: DEFAULT_SOURCES,
+        targets,
+    };
+    const yaml = stringifyYaml(config, { indent: 2 });
+    const configPath = join(root, 'hush.yaml');
+    writeFileSync(configPath, yaml, 'utf-8');
+    console.log(pc.green(`\nCreated ${configPath}`));
+    console.log(pc.dim('\nDetected targets:'));
+    for (const target of targets) {
+        console.log(`  ${pc.cyan(target.name)} ${pc.dim(target.path)} ${pc.magenta(target.format)}`);
+    }
+    console.log(pc.dim('\nNext steps:'));
+    console.log('  1. Create your .env files (.env, .env.development, .env.production)');
+    console.log('  2. Run "hush encrypt" to encrypt them');
+    console.log('  3. Run "hush decrypt" to generate local env files');
+}

package/dist/commands/inspect.d.ts

@@ -0,0 +1,7 @@
+import type { Environment } from '../types.js';
+export interface InspectOptions {
+    root: string;
+    env: Environment;
+}
+export declare function inspectCommand(options: InspectOptions): Promise<void>;
+//# sourceMappingURL=inspect.d.ts.map

package/dist/commands/inspect.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"inspect.d.ts","sourceRoot":"","sources":["../../src/commands/inspect.ts"],"names":[],"mappings":"AAUA,OAAO,KAAK,EAAU,WAAW,EAAE,MAAM,aAAa,CAAC;AAEvD,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,WAAW,CAAC;CAClB;AAED,wBAAsB,cAAc,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC,CAqD3E"}

package/dist/commands/inspect.js

@@ -0,0 +1,50 @@
+import { existsSync } from 'node:fs';
+import { join } from 'node:path';
+import pc from 'picocolors';
+import { loadConfig } from '../config/loader.js';
+import { filterVarsForTarget, describeFilter } from '../core/filter.js';
+import { interpolateVars } from '../core/interpolate.js';
+import { maskVars, formatMaskedVar } from '../core/mask.js';
+import { mergeVars } from '../core/merge.js';
+import { parseEnvContent } from '../core/parse.js';
+import { decrypt as sopsDecrypt } from '../core/sops.js';
+export async function inspectCommand(options) {
+    const { root, env } = options;
+    const config = loadConfig(root);
+    const sharedEncrypted = join(root, config.sources.shared + '.encrypted');
+    const envEncrypted = join(root, config.sources[env] + '.encrypted');
+    const varSources = [];
+    if (existsSync(sharedEncrypted)) {
+        const content = sopsDecrypt(sharedEncrypted);
+        varSources.push(parseEnvContent(content));
+    }
+    if (existsSync(envEncrypted)) {
+        const content = sopsDecrypt(envEncrypted);
+        varSources.push(parseEnvContent(content));
+    }
+    if (varSources.length === 0) {
+        console.error(pc.red('No encrypted files found'));
+        console.error(pc.dim(`Expected: ${sharedEncrypted}`));
+        process.exit(1);
+    }
+    const merged = mergeVars(...varSources);
+    const interpolated = interpolateVars(merged);
+    const masked = maskVars(interpolated);
+    const maxKeyLen = Math.max(...masked.map(v => v.key.length));
+    console.log(pc.blue(`\nSecrets for ${env}:\n`));
+    for (const v of masked) {
+        const line = formatMaskedVar(v, maxKeyLen);
+        console.log(`  ${v.isSet ? pc.green(v.key.padEnd(maxKeyLen)) : pc.yellow(v.key.padEnd(maxKeyLen))} = ${v.isSet ? pc.dim(v.masked + ` (${v.length} chars)`) : pc.yellow('(not set)')}`);
+    }
+    console.log(pc.dim(`\nTotal: ${masked.length} variables\n`));
+    console.log(pc.blue('Target distribution:\n'));
+    for (const target of config.targets) {
+        const filtered = filterVarsForTarget(interpolated, target);
+        const filter = describeFilter(target);
+        console.log(`  ${pc.cyan(target.name)} ${pc.dim(`(${target.path}/)`)} - ${filtered.length} vars`);
+        if (filter !== 'all vars') {
+            console.log(`    ${pc.dim(filter)}`);
+        }
+    }
+    console.log('');
+}

package/dist/commands/list.d.ts

@@ -0,0 +1,3 @@
+import type { ListOptions } from '../types.js';
+export declare function listCommand(options: ListOptions): Promise<void>;
+//# sourceMappingURL=list.d.ts.map

package/dist/commands/list.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"list.d.ts","sourceRoot":"","sources":["../../src/commands/list.ts"],"names":[],"mappings":"AAQA,OAAO,KAAK,EAAU,WAAW,EAAE,MAAM,aAAa,CAAC;AAEvD,wBAAsB,WAAW,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CAmCrE"}

package/dist/commands/list.js

@@ -0,0 +1,35 @@
+import { existsSync } from 'node:fs';
+import { join } from 'node:path';
+import pc from 'picocolors';
+import { loadConfig } from '../config/loader.js';
+import { interpolateVars } from '../core/interpolate.js';
+import { mergeVars } from '../core/merge.js';
+import { parseEnvContent } from '../core/parse.js';
+import { decrypt as sopsDecrypt } from '../core/sops.js';
+export async function listCommand(options) {
+    const { root, env } = options;
+    const config = loadConfig(root);
+    console.log(pc.blue(`Variables for ${env}:\n`));
+    const sharedEncrypted = join(root, config.sources.shared + '.encrypted');
+    const envEncrypted = join(root, config.sources[env] + '.encrypted');
+    const varSources = [];
+    if (existsSync(sharedEncrypted)) {
+        const content = sopsDecrypt(sharedEncrypted);
+        varSources.push(parseEnvContent(content));
+    }
+    if (existsSync(envEncrypted)) {
+        const content = sopsDecrypt(envEncrypted);
+        varSources.push(parseEnvContent(content));
+    }
+    if (varSources.length === 0) {
+        console.error(pc.red('No encrypted files found'));
+        process.exit(1);
+    }
+    const merged = mergeVars(...varSources);
+    const interpolated = interpolateVars(merged);
+    for (const { key, value } of interpolated) {
+        const displayValue = value.length > 50 ? value.slice(0, 47) + '...' : value;
+        console.log(`${pc.cyan(key)}=${pc.dim(displayValue)}`);
+    }
+    console.log(pc.dim(`\nTotal: ${interpolated.length} variables`));
+}

package/dist/commands/push.d.ts

@@ -1,10 +1,3 @@
-interface PushOptions {
-    root: string;
-    dryRun?: boolean;
-}
-/**
- * Push command - push production secrets to Cloudflare Workers
- */
+import type { PushOptions } from '../types.js';
 export declare function pushCommand(options: PushOptions): Promise<void>;
-export {};
 //# sourceMappingURL=push.d.ts.map

package/dist/commands/push.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"push.d.ts","sourceRoot":"","sources":["../../src/commands/push.ts"],"names":[],"mappings":"AAaA,UAAU,WAAW;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AA0CD;;GAEG;AACH,wBAAsB,WAAW,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CAqErE"}
+{"version":3,"file":"push.d.ts","sourceRoot":"","sources":["../../src/commands/push.ts"],"names":[],"mappings":"AAUA,OAAO,KAAK,EAAU,WAAW,EAAE,MAAM,aAAa,CAAC;AAsBvD,wBAAsB,WAAW,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CAiErE"}