@chriscode/hush 5.0.0 → 5.0.2

package/dist/commands/migrate.d.ts

@@ -1,6 +1,7 @@
+import { HushContext } from '../types.js';
 export interface MigrateOptions {
     root: string;
     dryRun: boolean;
 }
-export declare function migrateCommand(options: MigrateOptions): Promise<void>;
+export declare function migrateCommand(ctx: HushContext, options: MigrateOptions): Promise<void>;
 //# sourceMappingURL=migrate.d.ts.map

package/dist/commands/migrate.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"migrate.d.ts","sourceRoot":"","sources":["../../src/commands/migrate.ts"],"names":[],"mappings":"AAMA,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,OAAO,CAAC;CACjB;AA8DD,wBAAsB,cAAc,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC,CA0E3E"}
+{"version":3,"file":"migrate.d.ts","sourceRoot":"","sources":["../../src/commands/migrate.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAE1C,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,OAAO,CAAC;CACjB;AA+DD,wBAAsB,cAAc,CAAC,GAAG,EAAE,WAAW,EAAE,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC,CA4E7F"}

package/dist/commands/migrate.js

@@ -1,8 +1,6 @@
-import { existsSync, renameSync, readFileSync, writeFileSync } from 'node:fs';
 import { join } from 'node:path';
 import pc from 'picocolors';
 import { parse as parseYaml, stringify as stringifyYaml } from 'yaml';
-import { findConfigPath } from '../config/loader.js';
 const FILE_MIGRATIONS = [
     { from: '.env.encrypted', to: '.hush.encrypted' },
     { from: '.env.development.encrypted', to: '.hush.development.encrypted' },
@@ -15,18 +13,19 @@ const SOURCE_MIGRATIONS = {
     '.env.production': '.hush.production',
     '.env.local': '.hush.local',
 };
-function getMigrationFiles(root) {
+function getMigrationFiles(ctx, root) {
     return FILE_MIGRATIONS.map(({ from, to }) => ({
         from,
         to,
-        exists: existsSync(join(root, from)),
+        exists: ctx.fs.existsSync(join(root, from)),
     }));
 }
-function migrateConfig(root, dryRun) {
-    const configPath = findConfigPath(root);
-    if (!configPath)
+function migrateConfig(ctx, root, dryRun) {
+    const projectInfo = ctx.config.findProjectRoot(root);
+    if (!projectInfo)
         return false;
-    const content = readFileSync(configPath, 'utf-8');
+    const configPath = projectInfo.configPath;
+    const content = ctx.fs.readFileSync(configPath, 'utf-8');
     const config = parseYaml(content);
     let modified = false;
     const sources = config.sources;
@@ -45,43 +44,43 @@ function migrateConfig(root, dryRun) {
     if (modified && !dryRun) {
         const schemaComment = content.startsWith('#') ? content.split('\n')[0] + '\n' : '';
         const newContent = schemaComment + stringifyYaml(config, { indent: 2 });
-        writeFileSync(configPath, newContent, 'utf-8');
+        ctx.fs.writeFileSync(configPath, newContent, 'utf-8');
     }
     return modified;
 }
-export async function migrateCommand(options) {
+export async function migrateCommand(ctx, options) {
     const { root, dryRun } = options;
-    console.log(pc.blue('Hush v4 → v5 Migration\n'));
+    ctx.logger.log(pc.blue('Hush v4 → v5 Migration\n'));
     if (dryRun) {
-        console.log(pc.yellow('DRY RUN - no changes will be made\n'));
+        ctx.logger.log(pc.yellow('DRY RUN - no changes will be made\n'));
     }
-    const migrations = getMigrationFiles(root);
+    const migrations = getMigrationFiles(ctx, root);
     const filesToMigrate = migrations.filter(m => m.exists);
     if (filesToMigrate.length === 0) {
-        console.log(pc.dim('No v4 encrypted files found (.env.encrypted, etc.)'));
-        console.log(pc.dim('Already on v5 or no encrypted files exist.\n'));
-        const configNeedsMigration = migrateConfig(root, true);
+        ctx.logger.log(pc.dim('No v4 encrypted files found (.env.encrypted, etc.)'));
+        ctx.logger.log(pc.dim('Already on v5 or no encrypted files exist.\n'));
+        const configNeedsMigration = migrateConfig(ctx, root, true);
         if (configNeedsMigration) {
-            console.log(pc.yellow('hush.yaml contains v4 source paths that need updating.\n'));
+            ctx.logger.log(pc.yellow('hush.yaml contains v4 source paths that need updating.\n'));
             if (!dryRun) {
-                migrateConfig(root, false);
-                console.log(pc.green('Updated hush.yaml source paths to v5 format.\n'));
+                migrateConfig(ctx, root, false);
+                ctx.logger.log(pc.green('Updated hush.yaml source paths to v5 format.\n'));
             }
         }
         return;
     }
-    console.log(pc.bold('Files to migrate:'));
+    ctx.logger.log(pc.bold('Files to migrate:'));
     for (const { from, to, exists } of migrations) {
         if (exists) {
-            console.log(`  ${pc.yellow(from)} → ${pc.green(to)}`);
+            ctx.logger.log(`  ${pc.yellow(from)} → ${pc.green(to)}`);
         }
         else {
-            console.log(pc.dim(`  ${from} (not found, skipping)`));
+            ctx.logger.log(pc.dim(`  ${from} (not found, skipping)`));
         }
     }
-    console.log('');
+    ctx.logger.log('');
     if (dryRun) {
-        console.log(pc.dim('Run without --dry-run to apply changes.'));
+        ctx.logger.log(pc.dim('Run without --dry-run to apply changes.'));
         return;
     }
     let migratedCount = 0;
@@ -90,27 +89,29 @@ export async function migrateCommand(options) {
             continue;
         const fromPath = join(root, from);
         const toPath = join(root, to);
-        if (existsSync(toPath)) {
-            console.log(pc.yellow(`  Skipping ${from}: ${to} already exists`));
+        if (ctx.fs.existsSync(toPath)) {
+            ctx.logger.log(pc.yellow(`  Skipping ${from}: ${to} already exists`));
             continue;
         }
-        renameSync(fromPath, toPath);
-        console.log(pc.green(`  Migrated ${from} → ${to}`));
+        const content = ctx.fs.readFileSync(fromPath, 'utf-8');
+        ctx.fs.writeFileSync(toPath, content);
+        ctx.fs.unlinkSync(fromPath);
+        ctx.logger.log(pc.green(`  Migrated ${from} → ${to}`));
         migratedCount++;
     }
-    const configUpdated = migrateConfig(root, false);
+    const configUpdated = migrateConfig(ctx, root, false);
     if (configUpdated) {
-        console.log(pc.green('  Updated hush.yaml source paths'));
+        ctx.logger.log(pc.green('  Updated hush.yaml source paths'));
     }
-    console.log('');
+    ctx.logger.log('');
     if (migratedCount > 0 || configUpdated) {
-        console.log(pc.green(pc.bold(`Migration complete.`)));
-        console.log(pc.dim('\nNext steps:'));
-        console.log(pc.dim('  1. git add .hush.encrypted .hush.*.encrypted hush.yaml'));
-        console.log(pc.dim('  2. git rm .env.encrypted .env.*.encrypted (if tracked)'));
-        console.log(pc.dim('  3. git commit -m "chore: migrate to Hush v5 format"'));
+        ctx.logger.log(pc.green(pc.bold(`Migration complete.`)));
+        ctx.logger.log(pc.dim('\nNext steps:'));
+        ctx.logger.log(pc.dim('  1. git add .hush.encrypted .hush.*.encrypted hush.yaml'));
+        ctx.logger.log(pc.dim('  2. git rm .env.encrypted .env.*.encrypted (if tracked)'));
+        ctx.logger.log(pc.dim('  3. git commit -m "chore: migrate to Hush v5 format"'));
     }
     else {
-        console.log(pc.dim('No changes made.'));
+        ctx.logger.log(pc.dim('No changes made.'));
     }
 }

package/dist/commands/push.d.ts

@@ -1,3 +1,3 @@
-import type { PushOptions } from '../types.js';
-export declare function pushCommand(options: PushOptions): Promise<void>;
+import type { PushOptions, HushContext } from '../types.js';
+export declare function pushCommand(ctx: HushContext, options: PushOptions): Promise<void>;
 //# sourceMappingURL=push.d.ts.map

package/dist/commands/push.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"push.d.ts","sourceRoot":"","sources":["../../src/commands/push.ts"],"names":[],"mappings":"AAWA,OAAO,KAAK,EAAU,WAAW,EAAqC,MAAM,aAAa,CAAC;AAgH1F,wBAAsB,WAAW,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CA6GrE"}
+{"version":3,"file":"push.d.ts","sourceRoot":"","sources":["../../src/commands/push.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAU,WAAW,EAAqC,WAAW,EAAE,MAAM,aAAa,CAAC;AAiHvG,wBAAsB,WAAW,CAAC,GAAG,EAAE,WAAW,EAAE,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CA6GvF"}

package/dist/commands/push.js

@@ -1,26 +1,22 @@
-import { execSync } from 'node:child_process';
-import { existsSync, writeFileSync, unlinkSync } from 'node:fs';
 import { join } from 'node:path';
 import pc from 'picocolors';
-import { loadConfig } from '../config/loader.js';
 import { filterVarsForTarget } from '../core/filter.js';
 import { interpolateVars } from '../core/interpolate.js';
 import { mergeVars } from '../core/merge.js';
 import { parseEnvContent } from '../core/parse.js';
-import { decrypt as sopsDecrypt } from '../core/sops.js';
 import { loadLocalTemplates, resolveTemplateVars } from '../core/template.js';
-function pushWorkerSecret(key, value, targetDir, dryRun, verbose) {
+function pushWorkerSecret(ctx, key, value, targetDir, dryRun, verbose) {
     if (dryRun) {
         if (verbose) {
-            console.log(pc.green(`    + ${key}`));
+            ctx.logger.log(pc.green(`    + ${key}`));
         }
         else {
-            console.log(pc.dim(`    [dry-run] ${key}`));
+            ctx.logger.log(pc.dim(`    [dry-run] ${key}`));
         }
         return true;
     }
     try {
-        execSync(`echo "${value}" | wrangler secret put ${key}`, {
+        ctx.exec.execSync(`echo "${value}" | wrangler secret put ${key}`, {
             cwd: targetDir,
             stdio: ['pipe', 'pipe', 'pipe'],
             shell: '/bin/bash',
@@ -29,18 +25,18 @@ function pushWorkerSecret(key, value, targetDir, dryRun, verbose) {
     }
     catch (error) {
         const err = error;
-        console.error(pc.red(`    Failed: ${key} - ${err.stderr || err.message}`));
+        ctx.logger.error(pc.red(`    Failed: ${key} - ${err.stderr || err.message}`));
         return false;
     }
 }
-function pushPagesSecrets(vars, projectName, targetDir, dryRun, verbose) {
+function pushPagesSecrets(ctx, vars, projectName, targetDir, dryRun, verbose) {
     if (dryRun) {
         for (const { key } of vars) {
             if (verbose) {
-                console.log(pc.green(`    + ${key}`));
+                ctx.logger.log(pc.green(`    + ${key}`));
             }
             else {
-                console.log(pc.dim(`    [dry-run] ${key}`));
+                ctx.logger.log(pc.dim(`    [dry-run] ${key}`));
             }
         }
         return { success: vars.length, failed: 0 };
@@ -51,26 +47,26 @@ function pushPagesSecrets(vars, projectName, targetDir, dryRun, verbose) {
     }
     const tempFile = join(targetDir, '.hush-secrets-temp.json');
     try {
-        writeFileSync(tempFile, JSON.stringify(secretsJson, null, 2));
-        execSync(`wrangler pages secret bulk "${tempFile}" --project-name "${projectName}"`, {
+        ctx.fs.writeFileSync(tempFile, JSON.stringify(secretsJson, null, 2));
+        ctx.exec.execSync(`wrangler pages secret bulk "${tempFile}" --project-name "${projectName}"`, {
             cwd: targetDir,
             stdio: ['pipe', 'pipe', 'pipe'],
             shell: '/bin/bash',
         });
         for (const { key } of vars) {
-            console.log(pc.green(`    ${key}`));
+            ctx.logger.log(pc.green(`    ${key}`));
         }
         return { success: vars.length, failed: 0 };
     }
     catch (error) {
         const err = error;
         const stderrStr = err.stderr instanceof Buffer ? err.stderr.toString() : (err.stderr || err.message || 'Unknown error');
-        console.error(pc.red(`    Failed to push secrets: ${stderrStr}`));
+        ctx.logger.error(pc.red(`    Failed to push secrets: ${stderrStr}`));
         return { success: 0, failed: vars.length };
     }
     finally {
-        if (existsSync(tempFile)) {
-            unlinkSync(tempFile);
+        if (ctx.fs.existsSync(tempFile)) {
+            ctx.fs.unlinkSync(tempFile);
         }
     }
 }
@@ -103,30 +99,30 @@ function getPagesProject(target) {
     }
     throw new Error(`Target "${target.name}" is not configured for Cloudflare Pages`);
 }
-export async function pushCommand(options) {
+export async function pushCommand(ctx, options) {
     const { root, dryRun, verbose, target: targetFilter } = options;
-    const config = loadConfig(root);
-    console.log(pc.blue('Pushing production secrets to Cloudflare...'));
+    const config = ctx.config.loadConfig(root);
+    ctx.logger.log(pc.blue('Pushing production secrets to Cloudflare...'));
     if (dryRun) {
-        console.log(pc.yellow('(dry-run mode)'));
+        ctx.logger.log(pc.yellow('(dry-run mode)'));
         if (verbose) {
-            console.log(pc.dim('(verbose output enabled)'));
+            ctx.logger.log(pc.dim('(verbose output enabled)'));
         }
     }
     const sharedEncrypted = join(root, config.sources.shared + '.encrypted');
     const prodEncrypted = join(root, config.sources.production + '.encrypted');
     const varSources = [];
-    if (existsSync(sharedEncrypted)) {
-        const content = sopsDecrypt(sharedEncrypted);
+    if (ctx.fs.existsSync(sharedEncrypted)) {
+        const content = ctx.sops.decrypt(sharedEncrypted);
         varSources.push(parseEnvContent(content));
     }
-    if (existsSync(prodEncrypted)) {
-        const content = sopsDecrypt(prodEncrypted);
+    if (ctx.fs.existsSync(prodEncrypted)) {
+        const content = ctx.sops.decrypt(prodEncrypted);
         varSources.push(parseEnvContent(content));
     }
     if (varSources.length === 0) {
-        console.error(pc.red('No encrypted files found'));
-        process.exit(1);
+        ctx.logger.error(pc.red('No encrypted files found'));
+        ctx.process.exit(1);
     }
     const merged = mergeVars(...varSources);
     const interpolated = interpolateVars(merged);
@@ -139,47 +135,47 @@ export async function pushCommand(options) {
         pushableTargets = getTargetsWithPush(config, targetFilter);
     }
     catch (error) {
-        console.error(pc.red(error.message));
-        process.exit(1);
+        ctx.logger.error(pc.red(error.message));
+        ctx.process.exit(1);
     }
     if (pushableTargets.length === 0) {
-        console.error(pc.red('No targets configured for push'));
-        console.error(pc.dim('Add format: wrangler or push_to: { type: cloudflare-pages, project: ... } to a target'));
-        process.exit(1);
+        ctx.logger.error(pc.red('No targets configured for push'));
+        ctx.logger.error(pc.dim('Add format: wrangler or push_to: { type: cloudflare-pages, project: ... } to a target'));
+        ctx.process.exit(1);
     }
     for (const target of pushableTargets) {
         const targetDir = join(root, target.path);
         const pushType = getPushType(target);
         let filtered = filterVarsForTarget(interpolated, target);
-        const localTemplate = loadLocalTemplates(targetDir, 'production');
+        const localTemplate = loadLocalTemplates(targetDir, 'production', ctx.fs);
         if (localTemplate.hasTemplate) {
-            const templateVars = resolveTemplateVars(localTemplate.vars, rootSecretsRecord, { processEnv: process.env });
+            const templateVars = resolveTemplateVars(localTemplate.vars, rootSecretsRecord, { processEnv: ctx.process.env });
             filtered = mergeVars(filtered, templateVars);
         }
         if (filtered.length === 0) {
-            console.log(pc.dim(`\n${target.name} - no matching vars, skipped`));
+            ctx.logger.log(pc.dim(`\n${target.name} - no matching vars, skipped`));
             continue;
         }
         const typeLabel = pushType === 'cloudflare-pages' ? 'Pages' : 'Workers';
         if (dryRun && verbose) {
-            console.log(pc.blue(`\n[DRY RUN] Would push to ${target.name} (${typeLabel}, ${target.path}/):`));
+            ctx.logger.log(pc.blue(`\n[DRY RUN] Would push to ${target.name} (${typeLabel}, ${target.path}/):`));
         }
         else {
-            console.log(pc.blue(`\n${target.name} (${typeLabel}, ${target.path}/)`));
+            ctx.logger.log(pc.blue(`\n${target.name} (${typeLabel}, ${target.path}/)`));
         }
         let success = 0;
         let failed = 0;
         if (pushType === 'cloudflare-pages') {
             const projectName = getPagesProject(target);
-            const result = pushPagesSecrets(filtered, projectName, targetDir, dryRun, verbose);
+            const result = pushPagesSecrets(ctx, filtered, projectName, targetDir, dryRun, verbose);
             success = result.success;
             failed = result.failed;
         }
         else {
             for (const { key, value } of filtered) {
-                if (pushWorkerSecret(key, value, targetDir, dryRun, verbose)) {
+                if (pushWorkerSecret(ctx, key, value, targetDir, dryRun, verbose)) {
                     if (!dryRun)
-                        console.log(pc.green(`    ${key}`));
+                        ctx.logger.log(pc.green(`    ${key}`));
                     success++;
                 }
                 else {
@@ -187,12 +183,12 @@ export async function pushCommand(options) {
                 }
             }
         }
-        console.log(pc.dim(`  ${success} pushed, ${failed} failed`));
+        ctx.logger.log(pc.dim(`  ${success} pushed, ${failed} failed`));
     }
     if (dryRun) {
-        console.log(pc.yellow('\n[dry-run] No secrets were pushed'));
+        ctx.logger.log(pc.yellow('\n[dry-run] No secrets were pushed'));
     }
     else {
-        console.log(pc.green('\nPush complete'));
+        ctx.logger.log(pc.green('\nPush complete'));
     }
 }

package/dist/commands/resolve.d.ts

@@ -1,8 +1,8 @@
-import type { Environment } from '../types.js';
+import type { Environment, HushContext } from '../types.js';
 export interface ResolveOptions {
     root: string;
     env: Environment;
     target: string;
 }
-export declare function resolveCommand(options: ResolveOptions): Promise<void>;
+export declare function resolveCommand(ctx: HushContext, options: ResolveOptions): Promise<void>;
 //# sourceMappingURL=resolve.d.ts.map

package/dist/commands/resolve.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"resolve.d.ts","sourceRoot":"","sources":["../../src/commands/resolve.ts"],"names":[],"mappings":"AASA,OAAO,KAAK,EAAU,WAAW,EAAU,MAAM,aAAa,CAAC;AAG/D,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,WAAW,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;CAChB;AA6BD,wBAAsB,cAAc,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC,CAmI3E"}
+{"version":3,"file":"resolve.d.ts","sourceRoot":"","sources":["../../src/commands/resolve.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAU,WAAW,EAAU,WAAW,EAAE,MAAM,aAAa,CAAC;AAG5E,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,WAAW,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;CAChB;AA6BD,wBAAsB,cAAc,CAAC,GAAG,EAAE,WAAW,EAAE,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC,CAmI7F"}

package/dist/commands/resolve.js

@@ -1,11 +1,8 @@
-import { existsSync } from 'node:fs';
 import { join } from 'node:path';
 import pc from 'picocolors';
-import { loadConfig } from '../config/loader.js';
 import { interpolateVars } from '../core/interpolate.js';
 import { mergeVars } from '../core/merge.js';
 import { parseEnvContent } from '../core/parse.js';
-import { decrypt as sopsDecrypt } from '../core/sops.js';
 import { loadLocalTemplates } from '../core/template.js';
 import { FORMAT_OUTPUT_FILES } from '../types.js';
 function matchesPattern(key, pattern) {
@@ -26,14 +23,14 @@ function getOutputFilename(target, env) {
     }
     return FORMAT_OUTPUT_FILES[target.format][env];
 }
-export async function resolveCommand(options) {
+export async function resolveCommand(ctx, options) {
     const { root, env, target: targetName } = options;
-    const config = loadConfig(root);
+    const config = ctx.config.loadConfig(root);
     const target = config.targets.find(t => t.name === targetName);
     if (!target) {
-        console.error(pc.red(`Target not found: ${targetName}`));
-        console.error(pc.dim('Available targets: ' + config.targets.map(t => t.name).join(', ')));
-        process.exit(1);
+        ctx.logger.error(`Target not found: ${targetName}`);
+        ctx.logger.error(pc.dim('Available targets: ' + config.targets.map(t => t.name).join(', ')));
+        ctx.process.exit(1);
     }
     const sharedEncrypted = join(root, config.sources.shared + '.encrypted');
     const envEncrypted = join(root, config.sources[env] + '.encrypted');
@@ -41,9 +38,9 @@ export async function resolveCommand(options) {
     const varsBySource = new Map();
     const allVars = new Map();
     const loadSource = (path, sourceName) => {
-        if (!existsSync(path))
+        if (!ctx.fs.existsSync(path))
             return;
-        const content = sopsDecrypt(path);
+        const content = ctx.sops.decrypt(path);
         const vars = parseEnvContent(content);
         const sourceVars = [];
         for (const v of vars) {
@@ -57,8 +54,8 @@ export async function resolveCommand(options) {
     loadSource(envEncrypted, config.sources[env]);
     loadSource(localEncrypted, config.sources.local);
     if (allVars.size === 0) {
-        console.error(pc.red('No encrypted files found'));
-        process.exit(1);
+        ctx.logger.error('No encrypted files found');
+        ctx.process.exit(1);
     }
     const merged = mergeVars(...Array.from(varsBySource.values()).map(sources => sources.map(s => ({ key: s.key, value: s.value }))));
     const interpolated = interpolateVars(merged);
@@ -84,44 +81,44 @@ export async function resolveCommand(options) {
         included.push({ key: v.key, source });
     }
     const outputFile = getOutputFilename(target, env);
-    console.log(pc.bold(`\nTarget: ${pc.cyan(target.name)}`));
-    console.log(`Path: ${pc.dim(target.path + '/')}`);
-    console.log(`Format: ${pc.dim(target.format)} ${pc.dim(`(${outputFile})`)}`);
-    console.log(`Environment: ${pc.dim(env)}`);
-    console.log(pc.green(`\n✅ ROOT SECRETS (Matched Filters) (${included.length}):`));
+    ctx.logger.log(pc.bold(`\nTarget: ${pc.cyan(target.name)}`));
+    ctx.logger.log(`Path: ${pc.dim(target.path + '/')}`);
+    ctx.logger.log(`Format: ${pc.dim(target.format)} ${pc.dim(`(${outputFile})`)}`);
+    ctx.logger.log(`Environment: ${pc.dim(env)}`);
+    ctx.logger.log(pc.green(`\n✅ ROOT SECRETS (Matched Filters) (${included.length}):`));
     if (included.length === 0) {
-        console.log(pc.dim('  (none)'));
+        ctx.logger.log(pc.dim('  (none)'));
     }
     else {
         const maxKeyLen = Math.max(...included.map(v => v.key.length));
         for (const v of included) {
-            console.log(`  ${v.key.padEnd(maxKeyLen)}  ${pc.dim(`(source: ${v.source})`)}`);
+            ctx.logger.log(`  ${v.key.padEnd(maxKeyLen)}  ${pc.dim(`(source: ${v.source})`)}`);
         }
     }
-    console.log(pc.red(`\n🚫 EXCLUDED VARIABLES (${excluded.length}):`));
+    ctx.logger.log(pc.red(`\n🚫 EXCLUDED VARIABLES (${excluded.length}):`));
     if (excluded.length === 0) {
-        console.log(pc.dim('  (none)'));
+        ctx.logger.log(pc.dim('  (none)'));
     }
     else {
         const maxKeyLen = Math.max(...excluded.map(v => v.key.length));
         for (const v of excluded) {
-            console.log(`  ${v.key.padEnd(maxKeyLen)}  ${pc.dim(`(matches: ${v.pattern})`)}`);
+            ctx.logger.log(`  ${v.key.padEnd(maxKeyLen)}  ${pc.dim(`(matches: ${v.pattern})`)}`);
         }
     }
     const targetAbsPath = join(root, target.path);
-    const localTemplate = loadLocalTemplates(targetAbsPath, env);
+    const localTemplate = loadLocalTemplates(targetAbsPath, env, ctx.fs);
     if (localTemplate.hasTemplate) {
-        console.log(pc.blue(`\n📄 TEMPLATE EXPANSIONS (${pc.dim(join(target.path, '.env'))}):`));
+        ctx.logger.log(pc.blue(`\n📄 TEMPLATE EXPANSIONS (${pc.dim(join(target.path, '.hush'))}):`));
         const maxKeyLen = Math.max(...localTemplate.vars.map(v => v.key.length));
         for (const v of localTemplate.vars) {
-            console.log(`  ${v.key.padEnd(maxKeyLen)}  ${pc.dim(`← ${v.value}`)}`);
+            ctx.logger.log(`  ${v.key.padEnd(maxKeyLen)}  ${pc.dim(`← ${v.value}`)}`);
         }
         // Calculate final merged list for clarity
         const finalKeys = new Set([
             ...included.map(v => v.key),
             ...localTemplate.vars.map(v => v.key)
         ]);
-        console.log(pc.magenta(`\n📦 FINAL INJECTION (${finalKeys.size} total):`));
+        ctx.logger.log(pc.magenta(`\n📦 FINAL INJECTION (${finalKeys.size} total):`));
         const sortedKeys = Array.from(finalKeys).sort();
         for (const key of sortedKeys) {
             const isTemplate = localTemplate.vars.some(v => v.key === key);
@@ -133,8 +130,8 @@ export async function resolveCommand(options) {
                 sourceInfo = pc.dim('(template)');
             else if (isRoot)
                 sourceInfo = pc.dim('(root)');
-            console.log(`  ${key}  ${sourceInfo}`);
+            ctx.logger.log(`  ${key}  ${sourceInfo}`);
         }
     }
-    console.log('');
+    ctx.logger.log('');
 }

package/dist/commands/run.d.ts

@@ -1,3 +1,3 @@
-import type { RunOptions } from '../types.js';
-export declare function runCommand(options: RunOptions): Promise<void>;
+import type { RunOptions, HushContext } from '../types.js';
+export declare function runCommand(ctx: HushContext, options: RunOptions): Promise<void>;
 //# sourceMappingURL=run.d.ts.map

package/dist/commands/run.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"run.d.ts","sourceRoot":"","sources":["../../src/commands/run.ts"],"names":[],"mappings":"AAWA,OAAO,KAAK,EAAE,UAAU,EAAmC,MAAM,aAAa,CAAC;AAkD/E,wBAAsB,UAAU,CAAC,OAAO,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CA8GnE"}
+{"version":3,"file":"run.d.ts","sourceRoot":"","sources":["../../src/commands/run.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,UAAU,EAAmC,WAAW,EAAE,MAAM,aAAa,CAAC;AAkD5F,wBAAsB,UAAU,CAAC,GAAG,EAAE,WAAW,EAAE,OAAO,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CA8GrF"}