@chriscode/hush 5.0.2 → 5.0.4

package/dist/cli.js

@@ -36,7 +36,7 @@ ${pc.bold('Commands:')}
   init              Initialize hush.yaml config
   encrypt           Encrypt source .hush files
   run -- <cmd>      Run command with secrets in memory (AI-safe)
-  set [VALUE] <KEY> Set a single secret (AI-safe, prompts if no value)
+  set <KEY> [VALUE] Set a single secret (AI-safe, prompts if no value)
   edit [file]       Edit all secrets in $EDITOR
   list              List all variables (shows values)
   inspect           List all variables (masked values, AI-safe)
@@ -114,7 +114,8 @@ ${pc.bold('Examples:')}
   hush run -t api -- wrangler dev  Run filtered for 'api' target (root secrets only)
   cd apps/mobile && hush run -- expo start  Run from subdirectory (applies template + target filters)
   hush set DATABASE_URL         Set a secret interactively (prompts for value)
-  hush set "myvalue" API_KEY    Set a secret inline (no prompt)
+  hush set API_KEY "myvalue"    Set a secret inline (no prompt)
+  echo "val" | hush set KEY     Set a secret from piped input
   hush set API_KEY --gui        Set secret via GUI dialog (for AI agents)
   hush set API_KEY -e prod      Set a production secret
   hush keys setup               Pull key from 1Password or verify local
@@ -281,10 +282,9 @@ function parseArgs(args) {
                 key = arg;
             }
             else if (!value) {
-                // Second positional arg: shift key to value, this arg is the key
-                // Syntax: hush set <VALUE> <KEY>
-                value = key;
-                key = arg;
+                // Second positional arg is the value
+                // Syntax: hush set <KEY> <VALUE>
+                value = arg;
             }
             continue;
         }

package/dist/commands/run.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"run.d.ts","sourceRoot":"","sources":["../../src/commands/run.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,UAAU,EAAmC,WAAW,EAAE,MAAM,aAAa,CAAC;AAkD5F,wBAAsB,UAAU,CAAC,GAAG,EAAE,WAAW,EAAE,OAAO,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CA8GrF"}
+{"version":3,"file":"run.d.ts","sourceRoot":"","sources":["../../src/commands/run.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,UAAU,EAAmC,WAAW,EAAE,MAAM,aAAa,CAAC;AAkD5F,wBAAsB,UAAU,CAAC,GAAG,EAAE,WAAW,EAAE,OAAO,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CA6GrF"}

package/dist/commands/run.js

@@ -121,7 +121,6 @@ export async function runCommand(ctx, options) {
     const result = ctx.exec.spawnSync(cmd, args, {
         stdio: 'inherit',
         env: childEnv,
-        shell: true,
         cwd: contextDir,
     });
     if (result.error) {

package/dist/commands/skill.js

@@ -70,7 +70,7 @@ npx hush inspect       # See what secrets exist
 ### Scenario 4: Need to Add/Modify Secrets
 
 \`\`\`bash
-npx hush set <VALUE> <KEY> # Add inline (value and key provided)
+npx hush set <KEY> <VALUE> # Add inline (key and value provided)
 npx hush set <KEY>         # Add interactively (prompts for value)
 npx hush edit              # Edit all secrets in $EDITOR
 npx hush inspect           # Verify changes
@@ -220,7 +220,7 @@ LOG_LEVEL=\${LOG_LEVEL:-info}
 | \`npx hush status\` | **Full diagnostic** | First step, always |
 | \`npx hush inspect\` | See variables (masked) | Check what's configured |
 | \`npx hush has <KEY>\` | Check specific variable | Verify a secret exists |
-| \`npx hush set [VALUE] <KEY>\` | Add secret (prompts if no value) | User needs to set a value |
+| \`npx hush set <KEY> [VALUE]\` | Add secret (prompts if no value) | User needs to set a value |
 | \`npx hush edit\` | Edit all secrets | Bulk editing |
 | \`npx hush run -- <cmd>\` | Run with secrets in memory | Actually use the secrets |
 | \`npx hush init\` | Initialize Hush | First-time setup |
@@ -317,8 +317,8 @@ npx hush has API_KEY -q             # Quiet: exit code only (0=set, 1=missing)
 
 **Method 1: Inline value (recommended for AI agents)**
 \`\`\`bash
-npx hush set "postgres://user:pass@host/db" DATABASE_URL
-npx hush set "sk_live_xxx" STRIPE_KEY -e production
+npx hush set DATABASE_URL "postgres://user:pass@host/db"
+npx hush set STRIPE_KEY "sk_live_xxx" -e production
 \`\`\`
 
 **Method 2: Interactive prompt (for users)**
@@ -700,19 +700,19 @@ hush run -t api -- wrangler dev       # Run filtered for 'api' target
 
 ---
 
-### hush set [VALUE] <KEY> ⭐
+### hush set <KEY> [VALUE] ⭐
 
 Add or update a single secret. Prompts for value if not provided inline.
 
 \`\`\`bash
 hush set DATABASE_URL              # Prompts for value interactively
-hush set "postgres://..." DATABASE_URL  # Inline value (no prompt)
+hush set DATABASE_URL "postgres://..."  # Inline value (no prompt)
 hush set API_KEY -e production     # Set in production secrets
 hush set DEBUG --local             # Set personal local override
 \`\`\`
 
 **Input methods (in priority order):**
-1. **Inline value**: \`hush set "myvalue" KEY\` - value provided directly
+1. **Inline value**: \`hush set KEY "myvalue"\` - value provided directly
 2. **Piped input**: \`echo "myvalue" | hush set KEY\` - reads from stdin
 3. **Interactive prompt**: Opens dialog/prompt for user input
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@chriscode/hush",
-  "version": "5.0.2",
+  "version": "5.0.4",
   "description": "SOPS-based secrets management for monorepos. Encrypt once, decrypt everywhere.",
   "type": "module",
   "bin": {