@chriscode/hush 5.0.0 → 5.0.2

package/dist/commands/run.js

@@ -1,32 +1,28 @@
-import { spawnSync } from 'node:child_process';
-import { existsSync } from 'node:fs';
 import { join, resolve } from 'node:path';
 import pc from 'picocolors';
-import { loadConfig, findProjectRoot } from '../config/loader.js';
 import { filterVarsForTarget } from '../core/filter.js';
 import { interpolateVars, getUnresolvedVars } from '../core/interpolate.js';
 import { mergeVars } from '../core/merge.js';
 import { parseEnvContent } from '../core/parse.js';
-import { decrypt as sopsDecrypt } from '../core/sops.js';
 import { loadLocalTemplates, resolveTemplateVars } from '../core/template.js';
 function getEncryptedPath(sourcePath) {
     return sourcePath + '.encrypted';
 }
-function getDecryptedSecrets(projectRoot, env, config) {
+function getDecryptedSecrets(ctx, projectRoot, env, config) {
     const sharedEncrypted = join(projectRoot, getEncryptedPath(config.sources.shared));
     const envEncrypted = join(projectRoot, getEncryptedPath(config.sources[env]));
     const localEncrypted = join(projectRoot, getEncryptedPath(config.sources.local));
     const varSources = [];
-    if (existsSync(sharedEncrypted)) {
-        const content = sopsDecrypt(sharedEncrypted);
+    if (ctx.fs.existsSync(sharedEncrypted)) {
+        const content = ctx.sops.decrypt(sharedEncrypted);
         varSources.push(parseEnvContent(content));
     }
-    if (existsSync(envEncrypted)) {
-        const content = sopsDecrypt(envEncrypted);
+    if (ctx.fs.existsSync(envEncrypted)) {
+        const content = ctx.sops.decrypt(envEncrypted);
         varSources.push(parseEnvContent(content));
     }
-    if (existsSync(localEncrypted)) {
-        const content = sopsDecrypt(localEncrypted);
+    if (ctx.fs.existsSync(localEncrypted)) {
+        const content = ctx.sops.decrypt(localEncrypted);
         varSources.push(parseEnvContent(content));
     }
     if (varSources.length === 0) {
@@ -46,31 +42,31 @@ function getRootSecretsAsRecord(vars) {
     }
     return record;
 }
-export async function runCommand(options) {
+export async function runCommand(ctx, options) {
     const { root, env, target, command } = options;
     if (!command || command.length === 0) {
-        console.error(pc.red('Usage: hush run -- <command>'));
-        console.error(pc.dim('Example: hush run -- npm start'));
-        console.error(pc.dim('         hush run -e production -- npm run build'));
-        console.error(pc.dim('         hush run --target api -- wrangler dev'));
-        process.exit(1);
+        ctx.logger.error('Usage: hush run -- <command>');
+        ctx.logger.error(pc.dim('Example: hush run -- npm start'));
+        ctx.logger.error(pc.dim('         hush run -e production -- npm run build'));
+        ctx.logger.error(pc.dim('         hush run --target api -- wrangler dev'));
+        ctx.process.exit(1);
     }
     const contextDir = root;
-    const projectInfo = findProjectRoot(contextDir);
+    const projectInfo = ctx.config.findProjectRoot(contextDir);
     if (!projectInfo) {
-        console.error(pc.red('No hush.yaml found in current directory or any parent directory.'));
-        console.error(pc.dim('Run: npx hush init'));
-        process.exit(1);
+        ctx.logger.error('No hush.yaml found in current directory or any parent directory.');
+        ctx.logger.error(pc.dim('Run: npx hush init'));
+        ctx.process.exit(1);
     }
     const { projectRoot } = projectInfo;
-    const config = loadConfig(projectRoot);
-    const rootSecrets = getDecryptedSecrets(projectRoot, env, config);
+    const config = ctx.config.loadConfig(projectRoot);
+    const rootSecrets = getDecryptedSecrets(ctx, projectRoot, env, config);
     const rootSecretsRecord = getRootSecretsAsRecord(rootSecrets);
-    const localTemplate = loadLocalTemplates(contextDir, env);
+    const localTemplate = loadLocalTemplates(contextDir, env, ctx.fs);
     // 1. Resolve Template Vars
     let templateVars = [];
     if (localTemplate.hasTemplate) {
-        templateVars = resolveTemplateVars(localTemplate.vars, rootSecretsRecord, { processEnv: process.env });
+        templateVars = resolveTemplateVars(localTemplate.vars, rootSecretsRecord, { processEnv: ctx.process.env });
     }
     // 2. Resolve Target Vars
     let targetVars = [];
@@ -79,9 +75,9 @@ export async function runCommand(options) {
         ? config.targets.find(t => t.name === target)
         : config.targets.find(t => resolve(projectRoot, t.path) === resolve(contextDir));
     if (target && !targetConfig) {
-        console.error(pc.red(`Target "${target}" not found in hush.yaml`));
-        console.error(pc.dim(`Available targets: ${config.targets.map(t => t.name).join(', ')}`));
-        process.exit(1);
+        ctx.logger.error(`Target "${target}" not found in hush.yaml`);
+        ctx.logger.error(pc.dim(`Available targets: ${config.targets.map(t => t.name).join(', ')}`));
+        ctx.process.exit(1);
     }
     if (targetConfig) {
         targetVars = filterVarsForTarget(rootSecrets, targetConfig);
@@ -89,11 +85,11 @@ export async function runCommand(options) {
             targetVars.push({ key: 'CLOUDFLARE_INCLUDE_PROCESS_ENV', value: 'true' });
             const devVarsPath = join(targetConfig.path, '.dev.vars');
             const absDevVarsPath = join(projectRoot, devVarsPath);
-            if (existsSync(absDevVarsPath)) {
-                console.warn(pc.yellow('\n⚠️  Wrangler Conflict Detected'));
-                console.warn(pc.yellow(`   Found .dev.vars in ${targetConfig.path}`));
-                console.warn(pc.yellow('   Wrangler will IGNORE Hush secrets while this file exists.'));
-                console.warn(pc.bold(`   Fix: rm ${devVarsPath}\n`));
+            if (ctx.fs.existsSync(absDevVarsPath)) {
+                ctx.logger.warn('\n⚠️  Wrangler Conflict Detected');
+                ctx.logger.warn(`   Found .dev.vars in ${targetConfig.path}`);
+                ctx.logger.warn('   Wrangler will IGNORE Hush secrets while this file exists.');
+                ctx.logger.warn(pc.bold(`   Fix: rm ${devVarsPath}\n`));
             }
         }
     }
@@ -115,22 +111,22 @@ export async function runCommand(options) {
     }
     const unresolved = getUnresolvedVars(vars);
     if (unresolved.length > 0) {
-        console.warn(pc.yellow(`Warning: ${unresolved.length} vars have unresolved references: ${unresolved.join(', ')}`));
+        ctx.logger.warn(`Warning: ${unresolved.length} vars have unresolved references: ${unresolved.join(', ')}`);
     }
     const childEnv = {
-        ...process.env,
+        ...ctx.process.env,
         ...Object.fromEntries(vars.map(v => [v.key, v.value])),
     };
     const [cmd, ...args] = command;
-    const result = spawnSync(cmd, args, {
+    const result = ctx.exec.spawnSync(cmd, args, {
         stdio: 'inherit',
         env: childEnv,
         shell: true,
         cwd: contextDir,
     });
     if (result.error) {
-        console.error(pc.red(`Failed to execute: ${result.error.message}`));
-        process.exit(1);
+        ctx.logger.error(`Failed to execute: ${result.error.message}`);
+        ctx.process.exit(1);
     }
-    process.exit(result.status ?? 1);
+    ctx.process.exit(result.status ?? 1);
 }

package/dist/commands/set.d.ts

@@ -1,3 +1,3 @@
-import type { SetOptions } from '../types.js';
-export declare function setCommand(options: SetOptions): Promise<void>;
+import type { HushContext, SetOptions } from '../types.js';
+export declare function setCommand(ctx: HushContext, options: SetOptions): Promise<void>;
 //# sourceMappingURL=set.d.ts.map

package/dist/commands/set.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"set.d.ts","sourceRoot":"","sources":["../../src/commands/set.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AA2M9C,wBAAsB,UAAU,CAAC,OAAO,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CA0CnE"}
+{"version":3,"file":"set.d.ts","sourceRoot":"","sources":["../../src/commands/set.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAoM3D,wBAAsB,UAAU,CAAC,GAAG,EAAE,WAAW,EAAE,OAAO,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CA0CrF"}

package/dist/commands/set.js

@@ -1,74 +1,65 @@
-import { execSync } from 'node:child_process';
-import { existsSync, fstatSync } from 'node:fs';
 import { join } from 'node:path';
 import { platform } from 'node:os';
 import pc from 'picocolors';
-import { loadConfig } from '../config/loader.js';
 import { setKey } from '../core/sops.js';
-const STDIN_FD = 0;
-function hasStdinPipe() {
+function hasStdinPipe(ctx) {
     try {
-        if (process.stdin.isTTY) {
-            return false;
-        }
-        const stat = fstatSync(STDIN_FD);
-        return stat.isFIFO() || stat.isFile();
+        return !ctx.process.stdin.isTTY;
     }
     catch {
         return false;
     }
 }
-function readFromStdinPipe() {
+function readFromStdinPipe(ctx) {
     return new Promise((resolve, reject) => {
         let data = '';
-        process.stdin.setEncoding('utf8');
-        process.stdin.on('data', (chunk) => {
+        ctx.process.stdin.setEncoding('utf8');
+        ctx.process.stdin.on('data', (chunk) => {
             data += chunk;
         });
-        process.stdin.on('end', () => {
+        ctx.process.stdin.on('end', () => {
             const trimTrailingNewlines = /\n+$/;
             resolve(data.replace(trimTrailingNewlines, ''));
         });
-        process.stdin.on('error', reject);
-        process.stdin.resume();
+        ctx.process.stdin.on('error', reject);
+        ctx.process.stdin.resume();
     });
 }
-function promptViaMacOSDialog(key) {
+function promptViaMacOSDialog(ctx, key) {
     try {
-        const script = `display dialog "Enter value for ${key}:" default answer "" with hidden answer with title "Hush - Set Secret"`;
-        const result = execSync(`osascript -e '${script}' -e 'text returned of result'`, {
+        const script = `display dialog "Enter value for ${key}:" default answer "" with title "Hush - Set Secret"`;
+        const result = ctx.exec.execSync(`osascript -e '${script}' -e 'text returned of result'`, {
             encoding: 'utf-8',
             stdio: ['pipe', 'pipe', 'pipe'],
         });
-        return result.trim();
+        return result.toString().trim();
     }
     catch {
         return null;
     }
 }
-function promptViaWindowsDialog(key) {
+function promptViaWindowsDialog(ctx, key) {
     try {
         const psScript = `
       Add-Type -AssemblyName System.Windows.Forms
       Add-Type -AssemblyName System.Drawing
-      
+
       $form = New-Object System.Windows.Forms.Form
       $form.Text = 'Hush - Set Secret'
       $form.Size = New-Object System.Drawing.Size(300,150)
       $form.StartPosition = 'CenterScreen'
-      
+
       $label = New-Object System.Windows.Forms.Label
       $label.Location = New-Object System.Drawing.Point(10,20)
       $label.Size = New-Object System.Drawing.Size(280,20)
       $label.Text = 'Enter value for ${key}:'
       $form.Controls.Add($label)
-      
+
       $textBox = New-Object System.Windows.Forms.TextBox
       $textBox.Location = New-Object System.Drawing.Point(10,50)
       $textBox.Size = New-Object System.Drawing.Size(260,20)
-      $textBox.PasswordChar = '*'
       $form.Controls.Add($textBox)
-      
+
       $okButton = New-Object System.Windows.Forms.Button
       $okButton.Location = New-Object System.Drawing.Point(10,80)
       $okButton.Size = New-Object System.Drawing.Size(75,23)
@@ -76,11 +67,11 @@ function promptViaWindowsDialog(key) {
       $okButton.DialogResult = [System.Windows.Forms.DialogResult]::OK
       $form.AcceptButton = $okButton
       $form.Controls.Add($okButton)
-      
+
       $form.TopMost = $true
-      
+
       $result = $form.ShowDialog()
-      
+
       if ($result -eq [System.Windows.Forms.DialogResult]::OK) {
         Write-Output $textBox.Text
       } else {
@@ -88,41 +79,41 @@ function promptViaWindowsDialog(key) {
       }
     `;
         const encodedCommand = Buffer.from(psScript, 'utf16le').toString('base64');
-        const result = execSync(`powershell -EncodedCommand "${encodedCommand}"`, {
+        const result = ctx.exec.execSync(`powershell -EncodedCommand "${encodedCommand}"`, {
             encoding: 'utf-8',
             stdio: ['pipe', 'pipe', 'pipe'],
         });
-        return result.trim();
+        return result.toString().trim();
     }
     catch {
         return null;
     }
 }
-function promptViaLinuxDialog(key) {
+function promptViaLinuxDialog(ctx, key) {
     try {
-        const result = execSync(`zenity --password --title="Hush - Set Secret" --text="Enter value for ${key}:"`, {
+        const result = ctx.exec.execSync(`zenity --entry --title="Hush - Set Secret" --text="Enter value for ${key}:"`, {
             encoding: 'utf-8',
             stdio: ['pipe', 'pipe', 'pipe'],
         });
-        return result.trim();
+        return result.toString().trim();
     }
     catch {
         try {
-            const result = execSync(`kdialog --password "Enter value for ${key}:" --title "Hush - Set Secret"`, {
+            const result = ctx.exec.execSync(`kdialog --inputbox "Enter value for ${key}:" --title "Hush - Set Secret"`, {
                 encoding: 'utf-8',
                 stdio: ['pipe', 'pipe', 'pipe'],
             });
-            return result.trim();
+            return result.toString().trim();
         }
         catch {
             return null;
         }
     }
 }
-function promptViaTTY(key) {
+function promptViaTTY(ctx, key) {
     return new Promise((resolve, reject) => {
-        process.stdout.write(`Enter value for ${pc.cyan(key)}: `);
-        const stdin = process.stdin;
+        ctx.process.stdout.write(`Enter value for ${pc.cyan(key)}: `);
+        const stdin = ctx.process.stdin;
         stdin.setRawMode(true);
         stdin.resume();
         stdin.setEncoding('utf8');
@@ -135,49 +126,49 @@ function promptViaTTY(key) {
                     stdin.setRawMode(false);
                     stdin.pause();
                     stdin.removeListener('data', onData);
-                    process.stdout.write('\n');
+                    ctx.process.stdout.write('\n');
                     resolve(value);
                     break;
                 case '\u0003':
                     stdin.setRawMode(false);
                     stdin.pause();
                     stdin.removeListener('data', onData);
-                    process.stdout.write('\n');
+                    ctx.process.stdout.write('\n');
                     reject(new Error('Cancelled'));
                     break;
                 case '\u007F':
                 case '\b':
                     if (value.length > 0) {
                         value = value.slice(0, -1);
-                        process.stdout.write('\b \b');
+                        ctx.process.stdout.write('\b \b');
                     }
                     break;
                 default:
                     value += char;
-                    process.stdout.write('\u2022');
+                    ctx.process.stdout.write('\u2022');
             }
         };
         stdin.on('data', onData);
     });
 }
-async function promptForValue(key, forceGui) {
-    if (hasStdinPipe()) {
-        return readFromStdinPipe();
+async function promptForValue(ctx, key, forceGui) {
+    if (hasStdinPipe(ctx)) {
+        return readFromStdinPipe(ctx);
     }
-    if (process.stdin.isTTY && !forceGui) {
-        return promptViaTTY(key);
+    if (ctx.process.stdin.isTTY && !forceGui) {
+        return promptViaTTY(ctx, key);
     }
-    console.log(pc.dim('Opening dialog for secret input...'));
+    ctx.logger.log(pc.dim('Opening dialog for secret input...'));
     let value = null;
     switch (platform()) {
         case 'darwin':
-            value = promptViaMacOSDialog(key);
+            value = promptViaMacOSDialog(ctx, key);
             break;
         case 'win32':
-            value = promptViaWindowsDialog(key);
+            value = promptViaWindowsDialog(ctx, key);
             break;
         case 'linux':
-            value = promptViaLinuxDialog(key);
+            value = promptViaLinuxDialog(ctx, key);
             break;
     }
     if (value !== null) {
@@ -188,39 +179,39 @@ async function promptForValue(key, forceGui) {
     }
     throw new Error('Dialog cancelled or failed. Interactive input requires a terminal (TTY) or a supported GUI environment.');
 }
-export async function setCommand(options) {
-    const { root, file, key, gui } = options;
-    const config = loadConfig(root);
+export async function setCommand(ctx, options) {
+    const { root, file, key, value: inlineValue, gui } = options;
+    const config = ctx.config.loadConfig(root);
     const fileKey = file ?? 'shared';
     const sourcePath = config.sources[fileKey];
     const encryptedPath = join(root, sourcePath + '.encrypted');
     if (!key) {
-        console.error(pc.red('Usage: hush set <KEY> [-e environment]'));
-        console.error(pc.dim('Example: hush set DATABASE_URL'));
-        console.error(pc.dim('         hush set API_KEY -e production'));
-        console.error(pc.dim('\nTo edit all secrets in an editor, use: hush edit'));
-        process.exit(1);
+        ctx.logger.error(pc.red('Usage: hush set <KEY> [-e environment]'));
+        ctx.logger.error(pc.dim('Example: hush set DATABASE_URL'));
+        ctx.logger.error(pc.dim('         hush set API_KEY -e production'));
+        ctx.logger.error(pc.dim('\nTo edit all secrets in an editor, use: hush edit'));
+        ctx.process.exit(1);
     }
-    if (!existsSync(encryptedPath) && !existsSync(join(root, '.sops.yaml'))) {
-        console.error(pc.red('Hush is not initialized in this directory'));
-        console.error(pc.dim('Run "hush init" first, then "hush encrypt"'));
-        process.exit(1);
+    if (!ctx.fs.existsSync(encryptedPath) && !ctx.fs.existsSync(join(root, '.sops.yaml'))) {
+        ctx.logger.error(pc.red('Hush is not initialized in this directory'));
+        ctx.logger.error(pc.dim('Run "hush init" first, then "hush encrypt"'));
+        ctx.process.exit(1);
     }
     try {
-        const value = await promptForValue(key, gui ?? false);
+        const value = inlineValue ?? await promptForValue(ctx, key, gui ?? false);
         if (!value) {
-            console.error(pc.yellow('No value entered, aborting'));
-            process.exit(1);
+            ctx.logger.error(pc.yellow('No value entered, aborting'));
+            ctx.process.exit(1);
         }
         setKey(encryptedPath, key, value);
         const envLabel = fileKey === 'shared' ? '' : ` in ${fileKey}`;
-        console.log(pc.green(`\n${key} set${envLabel} (${value.length} chars, encrypted)`));
+        ctx.logger.log(pc.green(`\n${key} set${envLabel} (${value.length} chars, encrypted)`));
     }
     catch (error) {
         const err = error;
         if (err.message === 'Cancelled') {
-            console.log(pc.yellow('Cancelled'));
-            process.exit(1);
+            ctx.logger.log(pc.yellow('Cancelled'));
+            ctx.process.exit(1);
         }
         throw err;
     }

package/dist/commands/skill.d.ts

@@ -1,3 +1,3 @@
-import type { SkillOptions } from '../types.js';
-export declare function skillCommand(options: SkillOptions): Promise<void>;
+import type { HushContext, SkillOptions } from '../types.js';
+export declare function skillCommand(ctx: HushContext, options: SkillOptions): Promise<void>;
 //# sourceMappingURL=skill.d.ts.map

package/dist/commands/skill.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"skill.d.ts","sourceRoot":"","sources":["../../src/commands/skill.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAuiDhD,wBAAsB,YAAY,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CA0CvE"}
+{"version":3,"file":"skill.d.ts","sourceRoot":"","sources":["../../src/commands/skill.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAkvC7D,wBAAsB,YAAY,CAAC,GAAG,EAAE,WAAW,EAAE,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CA0CzF"}