@chriscode/hush 2.1.0 → 2.3.0

package/dist/cli.js

@@ -3,6 +3,8 @@ import pc from 'picocolors';
 import { decryptCommand } from './commands/decrypt.js';
 import { encryptCommand } from './commands/encrypt.js';
 import { editCommand } from './commands/edit.js';
+import { setCommand } from './commands/set.js';
+import { runCommand } from './commands/run.js';
 import { statusCommand } from './commands/status.js';
 import { pushCommand } from './commands/push.js';
 import { initCommand } from './commands/init.js';
@@ -11,7 +13,9 @@ import { inspectCommand } from './commands/inspect.js';
 import { hasCommand } from './commands/has.js';
 import { checkCommand } from './commands/check.js';
 import { skillCommand } from './commands/skill.js';
-const VERSION = '2.1.0';
+import { keysCommand } from './commands/keys.js';
+import { findConfigPath, loadConfig, checkSchemaVersion } from './config/loader.js';
+const VERSION = '2.3.0';
 function printHelp() {
     console.log(`
 ${pc.bold('hush')} - SOPS-based secrets management for monorepos
@@ -22,8 +26,9 @@ ${pc.bold('Usage:')}
 ${pc.bold('Commands:')}
   init              Initialize hush.yaml config
   encrypt           Encrypt source .env files
-  decrypt           Decrypt and distribute to targets
-  set [file]        Set/edit secrets in $EDITOR (alias: edit)
+  run -- <cmd>      Run command with secrets in memory (AI-safe)
+  set <KEY>         Set a single secret interactively (AI-safe)
+  edit [file]       Edit all secrets in $EDITOR
   list              List all variables (shows values)
   inspect           List all variables (masked values, AI-safe)
   has <key>         Check if a secret exists (exit 0 if set, 1 if not)
@@ -31,40 +36,49 @@ ${pc.bold('Commands:')}
   push              Push secrets to Cloudflare Workers
   status            Show configuration and status
   skill             Install Claude Code / OpenCode skill
+  keys <cmd>        Manage SOPS age keys (setup, generate, pull, push, list)
+  
+${pc.bold('Deprecated Commands:')}
+  decrypt           Write secrets to disk (unsafe - use 'run' instead)
 
 ${pc.bold('Options:')}
   -e, --env <env>   Environment: development or production (default: development)
   -r, --root <dir>  Root directory (default: current directory)
+  -t, --target <t>  Target name from hush.yaml (run only)
   -q, --quiet       Suppress output (has/check commands)
   --dry-run         Preview changes without applying (push only)
   --warn            Warn but exit 0 on drift (check only)
   --json            Output machine-readable JSON (check only)
   --only-changed    Only check git-modified files (check only)
   --require-source  Fail if source file is missing (check only)
+  --allow-plaintext Allow plaintext .env files (check only, not recommended)
   --global          Install skill to ~/.claude/skills/ (skill only)
-  --local           Install skill to ./.claude/skills/ (skill only)
+  --local           Install skill to ./.claude/skills/ (skill/set only)
+  --gui             Use macOS dialog for input (set only, for AI agents)
   -h, --help        Show this help message
   -v, --version     Show version number
 
 ${pc.bold('Examples:')}
-  hush init                     Initialize hush.yaml config
+  hush init                     Initialize config + generate keys
   hush encrypt                  Encrypt .env files
-  hush decrypt                  Decrypt for development
-  hush decrypt -e production    Decrypt for production
-  hush set                      Set/edit shared secrets
-  hush set development          Set/edit development secrets
-  hush list                     List all variables (shows values)
+  hush run -- npm start         Run with secrets in memory (AI-safe!)
+  hush run -e prod -- npm build Run with production secrets
+  hush run -t api -- wrangler dev  Run filtered for 'api' target
+  hush set DATABASE_URL         Set a secret interactively (AI-safe)
+  hush set API_KEY --gui        Set secret via macOS dialog (for AI agents)
+  hush set API_KEY -e prod      Set a production secret
+  hush keys setup               Pull key from 1Password or verify local
+  hush keys generate            Generate new key + backup to 1Password
+  hush edit                     Edit all shared secrets in $EDITOR
+  hush edit development         Edit development secrets in $EDITOR
+  hush edit local               Edit personal local overrides
   hush inspect                  List all variables (masked, AI-safe)
   hush has DATABASE_URL         Check if DATABASE_URL is set
   hush has API_KEY -q && echo "API_KEY is configured"
   hush check                    Verify secrets are encrypted
-  hush check --warn             Check but don't fail on drift
-  hush check --json             Output JSON for CI
   hush push --dry-run           Preview push to Cloudflare
   hush status                   Show current status
   hush skill                    Install Claude skill (interactive)
-  hush skill --global           Install skill for all projects
-  hush skill --local            Install skill for this project only
 `);
 }
 function parseEnvironment(value) {
@@ -75,7 +89,7 @@ function parseEnvironment(value) {
     return null;
 }
 function parseFileKey(value) {
-    if (value === 'shared' || value === 'development' || value === 'production')
+    if (value === 'shared' || value === 'development' || value === 'production' || value === 'local')
         return value;
     if (value === 'dev')
         return 'development';
@@ -85,7 +99,9 @@ function parseFileKey(value) {
 }
 function parseArgs(args) {
     let command = '';
+    let subcommand;
     let env = 'development';
+    let envExplicit = false;
     let root = process.cwd();
     let dryRun = false;
     let quiet = false;
@@ -93,10 +109,16 @@ function parseArgs(args) {
     let json = false;
     let onlyChanged = false;
     let requireSource = false;
+    let allowPlaintext = false;
     let global = false;
     let local = false;
+    let force = false;
+    let gui = false;
+    let vault;
     let file;
     let key;
+    let target;
+    let cmdArgs = [];
     for (let i = 0; i < args.length; i++) {
         const arg = args[i];
         if (arg === '-h' || arg === '--help') {
@@ -112,6 +134,7 @@ function parseArgs(args) {
             const parsed = parseEnvironment(nextArg);
             if (parsed) {
                 env = parsed;
+                envExplicit = true;
             }
             else {
                 console.error(pc.red(`Invalid environment: ${nextArg}`));
@@ -148,6 +171,10 @@ function parseArgs(args) {
             requireSource = true;
             continue;
         }
+        if (arg === '--allow-plaintext') {
+            allowPlaintext = true;
+            continue;
+        }
         if (arg === '--global') {
             global = true;
             continue;
@@ -156,28 +183,84 @@ function parseArgs(args) {
             local = true;
             continue;
         }
+        if (arg === '--force' || arg === '-f') {
+            force = true;
+            continue;
+        }
+        if (arg === '--gui') {
+            gui = true;
+            continue;
+        }
+        if (arg === '--vault') {
+            vault = args[++i];
+            continue;
+        }
+        if (arg === '-t' || arg === '--target') {
+            target = args[++i];
+            continue;
+        }
+        if (arg === '--') {
+            cmdArgs = args.slice(i + 1);
+            break;
+        }
         if (!command && !arg.startsWith('-')) {
             command = arg;
             continue;
         }
-        if ((command === 'set' || command === 'edit') && !arg.startsWith('-')) {
+        if (command === 'edit' && !arg.startsWith('-')) {
             const parsed = parseFileKey(arg);
             if (parsed) {
                 file = parsed;
             }
             else {
                 console.error(pc.red(`Invalid file: ${arg}`));
-                console.error(pc.dim('Use: shared, development, or production'));
+                console.error(pc.dim('Use: shared, development, production, or local'));
                 process.exit(1);
             }
             continue;
         }
+        if (command === 'set' && !arg.startsWith('-') && !key) {
+            key = arg;
+            continue;
+        }
         if (command === 'has' && !arg.startsWith('-') && !key) {
             key = arg;
             continue;
         }
+        if (command === 'keys' && !arg.startsWith('-') && !subcommand) {
+            subcommand = arg;
+            continue;
+        }
+    }
+    return { command, subcommand, env, envExplicit, root, dryRun, quiet, warn, json, onlyChanged, requireSource, allowPlaintext, global, local, force, gui, vault, file, key, target, cmdArgs };
+}
+function checkMigrationNeeded(root, command) {
+    const skipCommands = ['', 'help', 'version', 'init', 'skill'];
+    if (skipCommands.includes(command))
+        return;
+    const configPath = findConfigPath(root);
+    if (!configPath)
+        return;
+    const config = loadConfig(root);
+    const { needsMigration, from, to } = checkSchemaVersion(config);
+    if (needsMigration) {
+        console.log('');
+        console.log(pc.yellow('━'.repeat(60)));
+        console.log(pc.yellow(pc.bold('  Migration Required')));
+        console.log(pc.yellow('━'.repeat(60)));
+        console.log('');
+        console.log(`  Your ${pc.cyan('hush.yaml')} uses schema version ${pc.bold(String(from))}.`);
+        console.log(`  Hush ${VERSION} uses schema version ${pc.bold(String(to))}.`);
+        console.log('');
+        console.log(pc.dim('  Migration guide:'));
+        console.log(`  ${pc.cyan(`https://hush-docs.pages.dev/migrations/v${from}-to-v${to}`)}`);
+        console.log('');
+        console.log(pc.dim('  Or ask your AI assistant:'));
+        console.log(pc.dim(`  "Help me migrate hush.yaml from schema v${from} to v${to}"`));
+        console.log('');
+        console.log(pc.yellow('━'.repeat(60)));
+        console.log('');
     }
-    return { command, env, root, dryRun, quiet, warn, json, onlyChanged, requireSource, global, local, file, key };
 }
 async function main() {
     const args = process.argv.slice(2);
@@ -185,7 +268,8 @@ async function main() {
         printHelp();
         process.exit(0);
     }
-    const { command, env, root, dryRun, quiet, warn, json, onlyChanged, requireSource, global, local, file, key } = parseArgs(args);
+    const { command, subcommand, env, envExplicit, root, dryRun, quiet, warn, json, onlyChanged, requireSource, allowPlaintext, global, local, force, gui, vault, file, key, target, cmdArgs } = parseArgs(args);
+    checkMigrationNeeded(root, command);
     try {
         switch (command) {
             case 'init':
@@ -195,9 +279,32 @@ async function main() {
                 await encryptCommand({ root });
                 break;
             case 'decrypt':
+                console.warn(pc.yellow('⚠️  Warning: "hush decrypt" is deprecated and writes unencrypted secrets to disk.'));
+                console.warn(pc.yellow('   Use "hush run -- <command>" instead for better security.'));
+                console.warn(pc.dim('   To suppress this warning, use "hush unsafe:decrypt"'));
+                console.warn('');
                 await decryptCommand({ root, env });
                 break;
-            case 'set':
+            case 'unsafe:decrypt':
+                console.warn(pc.red('⚠️  UNSAFE MODE: Writing unencrypted secrets to disk.'));
+                console.warn(pc.red('   These files will be readable by AI assistants and other tools.'));
+                console.warn('');
+                await decryptCommand({ root, env });
+                break;
+            case 'run':
+                await runCommand({ root, env, target, command: cmdArgs });
+                break;
+            case 'set': {
+                let setFile = 'shared';
+                if (local) {
+                    setFile = 'local';
+                }
+                else if (envExplicit) {
+                    setFile = env;
+                }
+                await setCommand({ root, file: setFile, key, gui });
+                break;
+            }
             case 'edit':
                 await editCommand({ root, file });
                 break;
@@ -215,7 +322,7 @@ async function main() {
                 await hasCommand({ root, env, key, quiet });
                 break;
             case 'check':
-                await checkCommand({ root, warn, json, quiet, onlyChanged, requireSource });
+                await checkCommand({ root, warn, json, quiet, onlyChanged, requireSource, allowPlaintext });
                 break;
             case 'push':
                 await pushCommand({ root, dryRun });
@@ -226,6 +333,14 @@ async function main() {
             case 'skill':
                 await skillCommand({ root, global, local });
                 break;
+            case 'keys':
+                if (!subcommand) {
+                    console.error(pc.red('Usage: hush keys <command>'));
+                    console.error(pc.dim('Commands: setup, generate, pull, push, list'));
+                    process.exit(1);
+                }
+                await keysCommand({ root, subcommand, vault, force });
+                break;
             default:
                 if (command) {
                     console.error(pc.red(`Unknown command: ${command}`));

package/dist/commands/check.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"check.d.ts","sourceRoot":"","sources":["../../src/commands/check.ts"],"names":[],"mappings":"AAQA,OAAO,KAAK,EAAE,YAAY,EAAmB,WAAW,EAAc,MAAM,aAAa,CAAC;AA+C1F,wBAAsB,KAAK,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,WAAW,CAAC,CA4BvE;AAmLD,wBAAsB,YAAY,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CA6BvE"}
+{"version":3,"file":"check.d.ts","sourceRoot":"","sources":["../../src/commands/check.ts"],"names":[],"mappings":"AAQA,OAAO,KAAK,EAAE,YAAY,EAAmB,WAAW,EAAmC,MAAM,aAAa,CAAC;AAkF/G,wBAAsB,KAAK,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,WAAW,CAAC,CA+BvE;AAuMD,wBAAsB,YAAY,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CAiCvE"}

package/dist/commands/check.js

@@ -1,8 +1,8 @@
-import { existsSync, readFileSync } from 'node:fs';
+import { existsSync, readFileSync, readdirSync, statSync } from 'node:fs';
 import { join } from 'node:path';
 import { execSync } from 'node:child_process';
 import pc from 'picocolors';
-import { loadConfig, findConfigPath } from '../config/loader.js';
+import { loadConfig } from '../config/loader.js';
 import { parseEnvContent } from '../core/parse.js';
 import { decrypt as sopsDecrypt, isSopsInstalled } from '../core/sops.js';
 import { computeDiff, isInSync } from '../lib/diff.js';
@@ -42,8 +42,41 @@ function getGitChangedFiles(root) {
         return new Set();
     }
 }
+function findPlaintextEnvFiles(root) {
+    const results = [];
+    const plaintextPatterns = ['.env', '.env.development', '.env.production', '.env.local', '.env.staging', '.env.test', '.dev.vars'];
+    const skipDirs = new Set(['node_modules', '.git', 'dist', 'build', '.next', '.nuxt']);
+    function scanDir(dir, relativePath = '') {
+        let entries;
+        try {
+            entries = readdirSync(dir);
+        }
+        catch {
+            return;
+        }
+        for (const entry of entries) {
+            if (skipDirs.has(entry))
+                continue;
+            const fullPath = join(dir, entry);
+            const relPath = relativePath ? `${relativePath}/${entry}` : entry;
+            try {
+                if (statSync(fullPath).isDirectory()) {
+                    scanDir(fullPath, relPath);
+                }
+                else if (plaintextPatterns.includes(entry)) {
+                    results.push({ file: relPath, keyCount: 0 });
+                }
+            }
+            catch {
+                continue;
+            }
+        }
+    }
+    scanDir(root);
+    return results;
+}
 export async function check(options) {
-    const { root, requireSource, onlyChanged } = options;
+    const { root, requireSource, onlyChanged, allowPlaintext } = options;
     if (!isSopsInstalled()) {
         return {
             status: 'error',
@@ -58,15 +91,17 @@ export async function check(options) {
                 }],
         };
     }
-    const configPath = findConfigPath(root);
-    if (!configPath) {
-        const config = loadConfig(root);
-        const pairs = getSourceEncryptedPairs(config);
-        return checkPairs(root, pairs, requireSource, onlyChanged);
-    }
     const config = loadConfig(root);
     const pairs = getSourceEncryptedPairs(config);
-    return checkPairs(root, pairs, requireSource, onlyChanged);
+    const result = checkPairs(root, pairs, requireSource, onlyChanged);
+    if (!allowPlaintext) {
+        const plaintextFiles = findPlaintextEnvFiles(root);
+        if (plaintextFiles.length > 0) {
+            result.plaintextFiles = plaintextFiles;
+            result.status = 'plaintext';
+        }
+    }
+    return result;
 }
 function checkPairs(root, pairs, requireSource, onlyChanged) {
     const changedFiles = onlyChanged ? getGitChangedFiles(root) : null;
@@ -160,6 +195,25 @@ function checkPairs(root, pairs, requireSource, onlyChanged) {
 function formatTextOutput(result) {
     const lines = [];
     lines.push('Checking secrets...\n');
+    if (result.plaintextFiles && result.plaintextFiles.length > 0) {
+        lines.push(pc.red(pc.bold('⚠ PLAINTEXT SECRETS DETECTED')));
+        lines.push('');
+        lines.push(pc.red('The following unencrypted .env files were found:'));
+        for (const pf of result.plaintextFiles) {
+            lines.push(pc.red(`  • ${pf.file}`));
+        }
+        lines.push('');
+        lines.push(pc.yellow('These files contain plaintext secrets that could be exposed to AI assistants.'));
+        lines.push('');
+        lines.push(pc.bold('To fix:'));
+        lines.push(pc.dim('  1. Run: hush encrypt'));
+        lines.push(pc.dim('  2. Delete the plaintext files (the .encrypted versions are your source of truth)'));
+        lines.push(pc.dim('  3. Add to .gitignore: .env, .env.*, .dev.vars'));
+        lines.push('');
+        lines.push(pc.dim('To allow plaintext files (not recommended): --allow-plaintext'));
+        lines.push('');
+        return lines.join('\n');
+    }
     for (const file of result.files) {
         if (file.error === 'SOPS_NOT_INSTALLED') {
             lines.push(pc.red('Error: SOPS is not installed'));
@@ -232,6 +286,9 @@ export async function checkCommand(options) {
             console.log(formatTextOutput(result));
         }
     }
+    if (result.status === 'plaintext' && !options.warn) {
+        process.exit(4);
+    }
     if (result.status === 'error') {
         const hasSopsError = result.files.some(f => f.error === 'SOPS_NOT_INSTALLED');
         const hasDecryptError = result.files.some(f => f.error === 'DECRYPT_FAILED');

package/dist/commands/init.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"init.d.ts","sourceRoot":"","sources":["../../src/commands/init.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAc,WAAW,EAAU,MAAM,aAAa,CAAC;AAqCnE,wBAAsB,WAAW,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CAkCrE"}
+{"version":3,"file":"init.d.ts","sourceRoot":"","sources":["../../src/commands/init.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAc,WAAW,EAAU,MAAM,aAAa,CAAC;AA2InE,wBAAsB,WAAW,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CAyCrE"}

package/dist/commands/init.js

@@ -1,9 +1,99 @@
-import { existsSync, readdirSync, writeFileSync } from 'node:fs';
+import { existsSync, readdirSync, readFileSync, writeFileSync } from 'node:fs';
 import { join } from 'node:path';
 import pc from 'picocolors';
 import { stringify as stringifyYaml } from 'yaml';
 import { findConfigPath } from '../config/loader.js';
+import { ageAvailable, ageGenerate, keyExists, keySave, keyPath } from '../lib/age.js';
+import { opAvailable, opGetKey, opStoreKey } from '../lib/onepassword.js';
 import { DEFAULT_SOURCES } from '../types.js';
+function getProjectFromPackageJson(root) {
+    const pkgPath = join(root, 'package.json');
+    if (!existsSync(pkgPath))
+        return null;
+    try {
+        const pkg = JSON.parse(readFileSync(pkgPath, 'utf-8'));
+        if (typeof pkg.repository === 'string') {
+            const match = pkg.repository.match(/github\.com[/:]([\w-]+\/[\w-]+)/);
+            if (match)
+                return match[1];
+        }
+        if (pkg.repository?.url) {
+            const match = pkg.repository.url.match(/github\.com[/:]([\w-]+\/[\w-]+)/);
+            if (match)
+                return match[1];
+        }
+    }
+    catch {
+        return null;
+    }
+    return null;
+}
+async function tryExistingLocalKey(project) {
+    if (!keyExists(project))
+        return null;
+    const existing = await import('../lib/age.js').then(m => m.keyLoad(project));
+    if (!existing)
+        return null;
+    console.log(pc.green(`Using existing key for ${pc.cyan(project)}`));
+    return { publicKey: existing.public, source: 'existing' };
+}
+async function tryPullFrom1Password(project) {
+    if (!opAvailable())
+        return null;
+    console.log(pc.dim('Checking 1Password for existing key...'));
+    const priv = opGetKey(project);
+    if (!priv)
+        return null;
+    const { agePublicFromPrivate } = await import('../lib/age.js');
+    const pub = agePublicFromPrivate(priv);
+    keySave(project, { private: priv, public: pub });
+    console.log(pc.green(`Pulled key from 1Password for ${pc.cyan(project)}`));
+    return { publicKey: pub, source: '1password' };
+}
+function generateAndBackupKey(project) {
+    if (!ageAvailable()) {
+        console.log(pc.yellow('age not installed. Run: brew install age'));
+        return null;
+    }
+    console.log(pc.blue(`Generating new key for ${pc.cyan(project)}...`));
+    const key = ageGenerate();
+    keySave(project, key);
+    console.log(pc.green(`Saved to ${keyPath(project)}`));
+    console.log(pc.dim(`Public: ${key.public}`));
+    if (opAvailable()) {
+        try {
+            opStoreKey(project, key.private, key.public);
+            console.log(pc.green('Backed up to 1Password.'));
+        }
+        catch (e) {
+            console.warn(pc.yellow(`Could not backup to 1Password: ${e.message}`));
+        }
+    }
+    return { publicKey: key.public, source: 'generated' };
+}
+async function setupKey(root, project) {
+    if (!project) {
+        console.log(pc.yellow('No project identifier found. Skipping key setup.'));
+        console.log(pc.dim('Add "project: my-project" to hush.yaml or set repository in package.json'));
+        return null;
+    }
+    return ((await tryExistingLocalKey(project)) ||
+        (await tryPullFrom1Password(project)) ||
+        generateAndBackupKey(project));
+}
+function createSopsConfig(root, publicKey) {
+    const sopsPath = join(root, '.sops.yaml');
+    if (existsSync(sopsPath)) {
+        console.log(pc.yellow('.sops.yaml already exists. Add this public key if needed:'));
+        console.log(`  ${publicKey}`);
+        return;
+    }
+    const sopsConfig = stringifyYaml({
+        creation_rules: [{ encrypted_regex: '.*', age: publicKey }]
+    });
+    writeFileSync(sopsPath, sopsConfig, 'utf-8');
+    console.log(pc.green('Created .sops.yaml'));
+}
 function detectTargets(root) {
     const targets = [{ name: 'root', path: '.', format: 'dotenv' }];
     const entries = readdirSync(root, { withFileTypes: true });
@@ -43,10 +133,16 @@ export async function initCommand(options) {
         process.exit(1);
     }
     console.log(pc.blue('Initializing hush...'));
+    const project = getProjectFromPackageJson(root);
+    const keyResult = await setupKey(root, project);
+    if (keyResult) {
+        createSopsConfig(root, keyResult.publicKey);
+    }
     const targets = detectTargets(root);
     const config = {
         sources: DEFAULT_SOURCES,
         targets,
+        ...(project && { project }),
     };
     const yaml = stringifyYaml(config, { indent: 2 });
     const configPath = join(root, 'hush.yaml');
@@ -57,7 +153,6 @@ export async function initCommand(options) {
         console.log(`  ${pc.cyan(target.name)} ${pc.dim(target.path)} ${pc.magenta(target.format)}`);
     }
     console.log(pc.dim('\nNext steps:'));
-    console.log('  1. Create your .env files (.env, .env.development, .env.production)');
-    console.log('  2. Run "hush encrypt" to encrypt them');
-    console.log('  3. Run "hush decrypt" to generate local env files');
+    console.log('  1. Run "hush set <KEY>" to add secrets');
+    console.log('  2. Run "hush run -- <command>" to run with secrets in memory');
 }

package/dist/commands/keys.d.ts

@@ -0,0 +1,8 @@
+export interface KeysOptions {
+    root: string;
+    subcommand: string;
+    vault?: string;
+    force?: boolean;
+}
+export declare function keysCommand(options: KeysOptions): Promise<void>;
+//# sourceMappingURL=keys.d.ts.map

package/dist/commands/keys.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"keys.d.ts","sourceRoot":"","sources":["../../src/commands/keys.ts"],"names":[],"mappings":"AAQA,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,OAAO,CAAC;CACjB;AAwBD,wBAAsB,WAAW,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CA6HrE"}