@clef-sh/cli 0.1.0

package/dist/commands/export.js

@@ -0,0 +1,110 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.registerExportCommand = registerExportCommand;
+const path = __importStar(require("path"));
+const core_1 = require("@clef-sh/core");
+const formatter_1 = require("../output/formatter");
+function registerExportCommand(program, deps) {
+    program
+        .command("export <target>")
+        .description("Print decrypted secrets as shell export statements to stdout.\n\n" +
+        "  target: namespace/environment (e.g. payments/production)\n\n" +
+        "Usage:\n" +
+        "  eval $(clef export payments/production --format env)\n\n" +
+        "Exit codes:\n" +
+        "  0  Values printed successfully\n" +
+        "  1  Decryption error or invalid arguments")
+        .option("--format <format>", "Output format (only 'env' is supported)", "env")
+        .option("--no-export", "Omit the 'export' keyword — output bare KEY=value pairs")
+        .action(async (target, options) => {
+        try {
+            // Reject unsupported formats with a clear explanation
+            if (options.format !== "env") {
+                if (options.format === "dotenv" ||
+                    options.format === "json" ||
+                    options.format === "yaml") {
+                    formatter_1.formatter.error(`Format '${options.format}' is not supported. ` +
+                        "Clef does not support output formats that encourage writing plaintext secrets to disk.\n\n" +
+                        "Use one of these patterns instead:\n" +
+                        "  clef exec payments/production -- node server.js  (recommended — injects secrets via env)\n" +
+                        "  eval $(clef export payments/production --format env)  (shell eval pattern)");
+                }
+                else {
+                    formatter_1.formatter.error(`Unknown format '${options.format}'. Only 'env' is supported.\n\n` +
+                        "Usage: clef export payments/production --format env");
+                }
+                process.exit(1);
+                return;
+            }
+            const [namespace, environment] = parseTarget(target);
+            const repoRoot = program.opts().repo || process.cwd();
+            const parser = new core_1.ManifestParser();
+            const manifest = parser.parse(path.join(repoRoot, "clef.yaml"));
+            const filePath = path.join(repoRoot, manifest.file_pattern
+                .replace("{namespace}", namespace)
+                .replace("{environment}", environment));
+            const sopsClient = new core_1.SopsClient(deps.runner);
+            const decrypted = await sopsClient.decrypt(filePath);
+            const consumption = new core_1.ConsumptionClient();
+            const output = consumption.formatExport(decrypted, "env", !options.export);
+            // Warn on Linux about /proc visibility
+            if (process.platform === "linux") {
+                formatter_1.formatter.warn("Exported values will be visible in /proc/<pid>/environ to processes with ptrace access. Use clef exec when possible.");
+            }
+            // Raw output — no labels, no colour
+            formatter_1.formatter.raw(output);
+        }
+        catch (err) {
+            if (err instanceof core_1.SopsMissingError || err instanceof core_1.SopsVersionError) {
+                formatter_1.formatter.formatDependencyError(err);
+                process.exit(1);
+                return;
+            }
+            // Never leak decrypted values in error messages
+            const message = err instanceof Error ? err.message : "Export failed";
+            formatter_1.formatter.error(message);
+            process.exit(1);
+        }
+    });
+}
+function parseTarget(target) {
+    const parts = target.split("/");
+    if (parts.length !== 2 || !parts[0] || !parts[1]) {
+        throw new Error(`Invalid target "${target}". Expected format: namespace/environment`);
+    }
+    return [parts[0], parts[1]];
+}
+//# sourceMappingURL=export.js.map

package/dist/commands/export.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"export.js","sourceRoot":"","sources":["../../src/commands/export.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAYA,sDAgFC;AA5FD,2CAA6B;AAE7B,wCAOuB;AACvB,mDAAgD;AAEhD,SAAgB,qBAAqB,CAAC,OAAgB,EAAE,IAAkC;IACxF,OAAO;SACJ,OAAO,CAAC,iBAAiB,CAAC;SAC1B,WAAW,CACV,mEAAmE;QACjE,gEAAgE;QAChE,UAAU;QACV,4DAA4D;QAC5D,eAAe;QACf,oCAAoC;QACpC,4CAA4C,CAC/C;SACA,MAAM,CAAC,mBAAmB,EAAE,yCAAyC,EAAE,KAAK,CAAC;SAC7E,MAAM,CAAC,aAAa,EAAE,yDAAyD,CAAC;SAChF,MAAM,CAAC,KAAK,EAAE,MAAc,EAAE,OAA4C,EAAE,EAAE;QAC7E,IAAI,CAAC;YACH,sDAAsD;YACtD,IAAI,OAAO,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;gBAC7B,IACE,OAAO,CAAC,MAAM,KAAK,QAAQ;oBAC3B,OAAO,CAAC,MAAM,KAAK,MAAM;oBACzB,OAAO,CAAC,MAAM,KAAK,MAAM,EACzB,CAAC;oBACD,qBAAS,CAAC,KAAK,CACb,WAAW,OAAO,CAAC,MAAM,sBAAsB;wBAC7C,4FAA4F;wBAC5F,sCAAsC;wBACtC,8FAA8F;wBAC9F,8EAA8E,CACjF,CAAC;gBACJ,CAAC;qBAAM,CAAC;oBACN,qBAAS,CAAC,KAAK,CACb,mBAAmB,OAAO,CAAC,MAAM,iCAAiC;wBAChE,qDAAqD,CACxD,CAAC;gBACJ,CAAC;gBACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;gBAChB,OAAO;YACT,CAAC;YAED,MAAM,CAAC,SAAS,EAAE,WAAW,CAAC,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;YACrD,MAAM,QAAQ,GAAI,OAAO,CAAC,IAAI,EAAE,CAAC,IAAe,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;YAElE,MAAM,MAAM,GAAG,IAAI,qBAAc,EAAE,CAAC;YACpC,MAAM,QAAQ,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC,CAAC;YAEhE,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CACxB,QAAQ,EACR,QAAQ,CAAC,YAAY;iBAClB,OAAO,CAAC,aAAa,EAAE,SAAS,CAAC;iBACjC,OAAO,CAAC,eAAe,EAAE,WAAW,CAAC,CACzC,CAAC;YAEF,MAAM,UAAU,GAAG,IAAI,iBAAU,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAC/C,MAAM,SAAS,GAAG,MAAM,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YAErD,MAAM,WAAW,GAAG,IAAI,wBAAiB,EAAE,CAAC;YAC5C,MAAM,MAAM,GAAG,WAAW,CAAC,YAAY,CAAC,SAAS,EAAE,KAAK,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;YAE3E,uCAAuC;YACvC,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;gBACjC,qBAAS,CAAC,IAAI,CACZ,sHAAsH,CACvH,CAAC;YACJ,CAAC;YAED,oCAAoC;YACpC,qBAAS,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACxB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,uBAAgB,IAAI,GAAG,YAAY,uBAAgB,EAAE,CAAC;gBACvE,qBAAS,CAAC,qBAAqB,CAAC,GAAG,CAAC,CAAC;gBACrC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;gBAChB,OAAO;YACT,CAAC;YACD,gDAAgD;YAChD,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;YACrE,qBAAS,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YACzB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC,CAAC,CAAC;AACP,CAAC;AAED,SAAS,WAAW,CAAC,MAAc;IACjC,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAChC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;QACjD,MAAM,IAAI,KAAK,CAAC,mBAAmB,MAAM,2CAA2C,CAAC,CAAC;IACxF,CAAC;IACD,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;AAC9B,CAAC"}

package/dist/commands/get.d.ts

@@ -0,0 +1,6 @@
+import { Command } from "commander";
+import { SubprocessRunner } from "@clef-sh/core";
+export declare function registerGetCommand(program: Command, deps: {
+    runner: SubprocessRunner;
+}): void;
+//# sourceMappingURL=get.d.ts.map

package/dist/commands/get.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"get.d.ts","sourceRoot":"","sources":["../../src/commands/get.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAKL,gBAAgB,EACjB,MAAM,eAAe,CAAC;AAGvB,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE;IAAE,MAAM,EAAE,gBAAgB,CAAA;CAAE,GAAG,IAAI,CAgD7F"}

package/dist/commands/get.js

@@ -0,0 +1,85 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.registerGetCommand = registerGetCommand;
+const path = __importStar(require("path"));
+const core_1 = require("@clef-sh/core");
+const formatter_1 = require("../output/formatter");
+function registerGetCommand(program, deps) {
+    program
+        .command("get <target> <key>")
+        .description("Get a single decrypted value. Output is raw (no labels, no colour) for piping.\n\n" +
+        "  target: namespace/environment (e.g. payments/production)\n" +
+        "  key:    the key name to retrieve\n\n" +
+        "Exit codes:\n" +
+        "  0  Value found and printed\n" +
+        "  1  Key not found or decryption error")
+        .action(async (target, key) => {
+        try {
+            const [namespace, environment] = parseTarget(target);
+            const repoRoot = program.opts().repo || process.cwd();
+            const parser = new core_1.ManifestParser();
+            const manifest = parser.parse(path.join(repoRoot, "clef.yaml"));
+            const filePath = path.join(repoRoot, manifest.file_pattern
+                .replace("{namespace}", namespace)
+                .replace("{environment}", environment));
+            const sopsClient = new core_1.SopsClient(deps.runner);
+            const decrypted = await sopsClient.decrypt(filePath);
+            if (!(key in decrypted.values)) {
+                formatter_1.formatter.error(`Key '${key}' not found in ${namespace}/${environment}. Available keys: ${Object.keys(decrypted.values).join(", ") || "(none)"}`);
+                process.exit(1);
+                return;
+            }
+            formatter_1.formatter.keyValue(key, decrypted.values[key]);
+        }
+        catch (err) {
+            if (err instanceof core_1.SopsMissingError || err instanceof core_1.SopsVersionError) {
+                formatter_1.formatter.formatDependencyError(err);
+                process.exit(1);
+                return;
+            }
+            formatter_1.formatter.error(err.message);
+            process.exit(1);
+        }
+    });
+}
+function parseTarget(target) {
+    const parts = target.split("/");
+    if (parts.length !== 2 || !parts[0] || !parts[1]) {
+        throw new Error(`Invalid target "${target}". Expected format: namespace/environment`);
+    }
+    return [parts[0], parts[1]];
+}
+//# sourceMappingURL=get.js.map

package/dist/commands/get.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"get.js","sourceRoot":"","sources":["../../src/commands/get.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAWA,gDAgDC;AA3DD,2CAA6B;AAE7B,wCAMuB;AACvB,mDAAgD;AAEhD,SAAgB,kBAAkB,CAAC,OAAgB,EAAE,IAAkC;IACrF,OAAO;SACJ,OAAO,CAAC,oBAAoB,CAAC;SAC7B,WAAW,CACV,oFAAoF;QAClF,8DAA8D;QAC9D,wCAAwC;QACxC,eAAe;QACf,gCAAgC;QAChC,wCAAwC,CAC3C;SACA,MAAM,CAAC,KAAK,EAAE,MAAc,EAAE,GAAW,EAAE,EAAE;QAC5C,IAAI,CAAC;YACH,MAAM,CAAC,SAAS,EAAE,WAAW,CAAC,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;YACrD,MAAM,QAAQ,GAAI,OAAO,CAAC,IAAI,EAAE,CAAC,IAAe,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;YAElE,MAAM,MAAM,GAAG,IAAI,qBAAc,EAAE,CAAC;YACpC,MAAM,QAAQ,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC,CAAC;YAEhE,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CACxB,QAAQ,EACR,QAAQ,CAAC,YAAY;iBAClB,OAAO,CAAC,aAAa,EAAE,SAAS,CAAC;iBACjC,OAAO,CAAC,eAAe,EAAE,WAAW,CAAC,CACzC,CAAC;YAEF,MAAM,UAAU,GAAG,IAAI,iBAAU,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAC/C,MAAM,SAAS,GAAG,MAAM,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YAErD,IAAI,CAAC,CAAC,GAAG,IAAI,SAAS,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC/B,qBAAS,CAAC,KAAK,CACb,QAAQ,GAAG,kBAAkB,SAAS,IAAI,WAAW,qBAAqB,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,QAAQ,EAAE,CACjI,CAAC;gBACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;gBAChB,OAAO;YACT,CAAC;YAED,qBAAS,CAAC,QAAQ,CAAC,GAAG,EAAE,SAAS,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;QACjD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,uBAAgB,IAAI,GAAG,YAAY,uBAAgB,EAAE,CAAC;gBACvE,qBAAS,CAAC,qBAAqB,CAAC,GAAG,CAAC,CAAC;gBACrC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;gBAChB,OAAO;YACT,CAAC;YACD,qBAAS,CAAC,KAAK,CAAE,GAAa,CAAC,OAAO,CAAC,CAAC;YACxC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC,CAAC,CAAC;AACP,CAAC;AAED,SAAS,WAAW,CAAC,MAAc;IACjC,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAChC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;QACjD,MAAM,IAAI,KAAK,CAAC,mBAAmB,MAAM,2CAA2C,CAAC,CAAC;IACxF,CAAC;IACD,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;AAC9B,CAAC"}

package/dist/commands/hooks.d.ts

@@ -0,0 +1,6 @@
+import { Command } from "commander";
+import { SubprocessRunner } from "@clef-sh/core";
+export declare function registerHooksCommand(program: Command, deps: {
+    runner: SubprocessRunner;
+}): void;
+//# sourceMappingURL=hooks.d.ts.map

package/dist/commands/hooks.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"hooks.d.ts","sourceRoot":"","sources":["../../src/commands/hooks.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAkB,gBAAgB,EAAE,MAAM,eAAe,CAAC;AAIjE,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE;IAAE,MAAM,EAAE,gBAAgB,CAAA;CAAE,GAAG,IAAI,CAsD/F"}

package/dist/commands/hooks.js

@@ -0,0 +1,89 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.registerHooksCommand = registerHooksCommand;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const core_1 = require("@clef-sh/core");
+const formatter_1 = require("../output/formatter");
+const symbols_1 = require("../output/symbols");
+function registerHooksCommand(program, deps) {
+    const hooks = program.command("hooks").description("Manage git hooks for Clef");
+    hooks
+        .command("install")
+        .description("Install the Clef pre-commit hook that blocks unencrypted secret commits")
+        .action(async () => {
+        try {
+            const repoRoot = program.opts().repo || process.cwd();
+            const hookPath = path.join(repoRoot, ".git", "hooks", "pre-commit");
+            // Check if hook already exists
+            if (fs.existsSync(hookPath)) {
+                const content = fs.readFileSync(hookPath, "utf-8");
+                if (content.includes("clef") || content.includes("SOPS")) {
+                    const confirmed = await formatter_1.formatter.confirm("A Clef pre-commit hook already exists. Overwrite?");
+                    if (!confirmed) {
+                        formatter_1.formatter.info("Aborted.");
+                        return;
+                    }
+                }
+                else {
+                    const confirmed = await formatter_1.formatter.confirm("A pre-commit hook already exists (not Clef). Overwrite?");
+                    if (!confirmed) {
+                        formatter_1.formatter.info("Aborted. You can manually add Clef checks to your existing hook.");
+                        return;
+                    }
+                }
+            }
+            const git = new core_1.GitIntegration(deps.runner);
+            await git.installPreCommitHook(repoRoot);
+            formatter_1.formatter.success("Pre-commit hook installed");
+            formatter_1.formatter.print(`   ${(0, symbols_1.sym)("pending")}  ${hookPath}`);
+            formatter_1.formatter.hint("Hook checks SOPS metadata on staged .enc files and runs: clef scan --staged");
+            // Also ensure the merge driver is configured (idempotent)
+            try {
+                await git.installMergeDriver(repoRoot);
+                formatter_1.formatter.success("SOPS merge driver configured");
+            }
+            catch {
+                formatter_1.formatter.warn("Could not configure SOPS merge driver. Run inside a git repository.");
+            }
+        }
+        catch (err) {
+            formatter_1.formatter.error(err.message);
+            process.exit(1);
+        }
+    });
+}
+//# sourceMappingURL=hooks.js.map

package/dist/commands/hooks.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"hooks.js","sourceRoot":"","sources":["../../src/commands/hooks.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAOA,oDAsDC;AA7DD,uCAAyB;AACzB,2CAA6B;AAE7B,wCAAiE;AACjE,mDAAgD;AAChD,+CAAwC;AAExC,SAAgB,oBAAoB,CAAC,OAAgB,EAAE,IAAkC;IACvF,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,WAAW,CAAC,2BAA2B,CAAC,CAAC;IAEhF,KAAK;SACF,OAAO,CAAC,SAAS,CAAC;SAClB,WAAW,CAAC,yEAAyE,CAAC;SACtF,MAAM,CAAC,KAAK,IAAI,EAAE;QACjB,IAAI,CAAC;YACH,MAAM,QAAQ,GAAI,OAAO,CAAC,IAAI,EAAE,CAAC,IAAe,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;YAClE,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,YAAY,CAAC,CAAC;YAEpE,+BAA+B;YAC/B,IAAI,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC5B,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;gBACnD,IAAI,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;oBACzD,MAAM,SAAS,GAAG,MAAM,qBAAS,CAAC,OAAO,CACvC,mDAAmD,CACpD,CAAC;oBACF,IAAI,CAAC,SAAS,EAAE,CAAC;wBACf,qBAAS,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;wBAC3B,OAAO;oBACT,CAAC;gBACH,CAAC;qBAAM,CAAC;oBACN,MAAM,SAAS,GAAG,MAAM,qBAAS,CAAC,OAAO,CACvC,yDAAyD,CAC1D,CAAC;oBACF,IAAI,CAAC,SAAS,EAAE,CAAC;wBACf,qBAAS,CAAC,IAAI,CAAC,kEAAkE,CAAC,CAAC;wBACnF,OAAO;oBACT,CAAC;gBACH,CAAC;YACH,CAAC;YAED,MAAM,GAAG,GAAG,IAAI,qBAAc,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAC5C,MAAM,GAAG,CAAC,oBAAoB,CAAC,QAAQ,CAAC,CAAC;YAEzC,qBAAS,CAAC,OAAO,CAAC,2BAA2B,CAAC,CAAC;YAC/C,qBAAS,CAAC,KAAK,CAAC,MAAM,IAAA,aAAG,EAAC,SAAS,CAAC,KAAK,QAAQ,EAAE,CAAC,CAAC;YACrD,qBAAS,CAAC,IAAI,CACZ,6EAA6E,CAC9E,CAAC;YAEF,0DAA0D;YAC1D,IAAI,CAAC;gBACH,MAAM,GAAG,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC;gBACvC,qBAAS,CAAC,OAAO,CAAC,8BAA8B,CAAC,CAAC;YACpD,CAAC;YAAC,MAAM,CAAC;gBACP,qBAAS,CAAC,IAAI,CAAC,qEAAqE,CAAC,CAAC;YACxF,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,qBAAS,CAAC,KAAK,CAAE,GAAa,CAAC,OAAO,CAAC,CAAC;YACxC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC,CAAC,CAAC;AACP,CAAC"}

package/dist/commands/import.d.ts

@@ -0,0 +1,6 @@
+import { Command } from "commander";
+import { SubprocessRunner } from "@clef-sh/core";
+export declare function registerImportCommand(program: Command, deps: {
+    runner: SubprocessRunner;
+}): void;
+//# sourceMappingURL=import.d.ts.map

package/dist/commands/import.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"import.d.ts","sourceRoot":"","sources":["../../src/commands/import.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAML,gBAAgB,EAGjB,MAAM,eAAe,CAAC;AAgBvB,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE;IAAE,MAAM,EAAE,gBAAgB,CAAA;CAAE,GAAG,IAAI,CAuMhG"}

package/dist/commands/import.js

@@ -0,0 +1,210 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.registerImportCommand = registerImportCommand;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const core_1 = require("@clef-sh/core");
+const formatter_1 = require("../output/formatter");
+const symbols_1 = require("../output/symbols");
+async function readStdin() {
+    return new Promise((resolve, reject) => {
+        let data = "";
+        process.stdin.setEncoding("utf-8");
+        process.stdin.on("data", (chunk) => {
+            data += chunk;
+        });
+        process.stdin.on("end", () => resolve(data));
+        process.stdin.on("error", reject);
+    });
+}
+function registerImportCommand(program, deps) {
+    program
+        .command("import <target> [source]")
+        .description("Bulk-import secrets from a file (dotenv, JSON, or YAML) into an encrypted SOPS file.\n\n" +
+        "  target: namespace/environment (e.g. database/staging)\n" +
+        "  source: path to the source file (required unless --stdin is used)\n\n" +
+        "Exit codes:\n" +
+        "  0  Success or dry run complete\n" +
+        "  1  Partial failure (some keys failed to encrypt)\n" +
+        "  2  Could not start (missing manifest, invalid target, file not found, parse error)")
+        .option("--format <format>", "Override format detection (dotenv, json, yaml)")
+        .option("--prefix <string>", "Only import keys starting with this prefix")
+        .option("--keys <keys>", "Only import specific keys (comma-separated)")
+        .option("--overwrite", "Overwrite existing keys", false)
+        .option("--dry-run", "Preview without encrypting", false)
+        .option("--stdin", "Read source from stdin", false)
+        .action(async (target, source, opts) => {
+        try {
+            // Validate target format
+            const parts = target.split("/");
+            if (parts.length !== 2 || !parts[0] || !parts[1]) {
+                formatter_1.formatter.error(`Invalid target '${target}'. Expected format: namespace/environment (e.g. database/staging)`);
+                process.exit(2);
+                return;
+            }
+            const [namespace, environment] = parts;
+            // Validate format option
+            const validFormats = ["dotenv", "json", "yaml"];
+            if (opts.format && !validFormats.includes(opts.format)) {
+                formatter_1.formatter.error(`Unknown format '${opts.format}'. Supported formats: dotenv, json, yaml`);
+                process.exit(2);
+                return;
+            }
+            const repoRoot = program.opts().repo || process.cwd();
+            const parser = new core_1.ManifestParser();
+            let manifest;
+            try {
+                manifest = parser.parse(path.join(repoRoot, "clef.yaml"));
+            }
+            catch (err) {
+                formatter_1.formatter.error(err.message);
+                process.exit(2);
+                return;
+            }
+            // Check for protected environment
+            const matrixManager = new core_1.MatrixManager();
+            if (matrixManager.isProtectedEnvironment(manifest, environment)) {
+                const confirmed = await formatter_1.formatter.confirm(`This is a protected environment (${environment}). Confirm?`);
+                if (!confirmed) {
+                    formatter_1.formatter.info("Aborted.");
+                    return;
+                }
+            }
+            // Read source content
+            let content;
+            let sourcePath = null;
+            if (opts.stdin) {
+                content = await readStdin();
+            }
+            else if (source) {
+                if (!fs.existsSync(source)) {
+                    formatter_1.formatter.error(`Source file not found: ${source}`);
+                    process.exit(2);
+                    return;
+                }
+                try {
+                    content = fs.readFileSync(source, "utf-8");
+                    sourcePath = source;
+                }
+                catch (err) {
+                    formatter_1.formatter.error(`Could not read source file: ${err.message}`);
+                    process.exit(2);
+                    return;
+                }
+            }
+            else {
+                formatter_1.formatter.error("No source specified. Provide a file path or use --stdin to read from stdin.");
+                process.exit(2);
+                return;
+            }
+            // Parse keys option
+            const keysFilter = opts.keys ? opts.keys.split(",").map((k) => k.trim()) : undefined;
+            const sourceLabel = sourcePath ? path.basename(sourcePath) : "stdin";
+            if (opts.dryRun) {
+                formatter_1.formatter.print(`Dry run — nothing will be encrypted.`);
+                formatter_1.formatter.print(`Previewing import to ${namespace}/${environment} from ${sourceLabel}...\n`);
+            }
+            else {
+                formatter_1.formatter.print(`Importing to ${namespace}/${environment} from ${sourceLabel}...\n`);
+            }
+            const sopsClient = new core_1.SopsClient(deps.runner);
+            const importRunner = new core_1.ImportRunner(sopsClient);
+            let result;
+            try {
+                result = await importRunner.import(target, sourcePath, content, manifest, repoRoot, {
+                    format: opts.format,
+                    prefix: opts.prefix,
+                    keys: keysFilter,
+                    overwrite: opts.overwrite,
+                    dryRun: opts.dryRun,
+                });
+            }
+            catch (err) {
+                // Re-throw dependency errors so the outer handler can format them
+                if (err instanceof core_1.SopsMissingError || err instanceof core_1.SopsVersionError) {
+                    throw err;
+                }
+                formatter_1.formatter.error(err.message);
+                process.exit(2);
+                return;
+            }
+            // Show warnings
+            for (const warning of result.warnings) {
+                formatter_1.formatter.print(`  ${(0, symbols_1.sym)("warning")}  ${warning}`);
+            }
+            if (opts.dryRun) {
+                // Show dry run preview
+                for (const key of result.imported) {
+                    formatter_1.formatter.print(`   ${(0, symbols_1.sym)("arrow")}  ${key.padEnd(20)} would import`);
+                }
+                for (const key of result.skipped) {
+                    formatter_1.formatter.print(`   ${(0, symbols_1.sym)("skipped")}  ${key.padEnd(20)} would skip \u2014 already exists`);
+                }
+                formatter_1.formatter.print(`\nDry run complete: ${result.imported.length} would import, ${result.skipped.length} would skip.`);
+                formatter_1.formatter.print(`Run without --dry-run to apply.`);
+            }
+            else {
+                // Show actual import results
+                for (const key of result.imported) {
+                    formatter_1.formatter.print(`   ${(0, symbols_1.sym)("success")}  ${key.padEnd(12)} ${(0, symbols_1.sym)("locked")}  imported`);
+                }
+                for (const key of result.skipped) {
+                    formatter_1.formatter.print(`   ${(0, symbols_1.sym)("skipped")}  ${key.padEnd(12)}     skipped \u2014 already exists (--overwrite to replace)`);
+                }
+                for (const { key, error: keyError } of result.failed) {
+                    formatter_1.formatter.print(`   ${(0, symbols_1.sym)("failure")}  ${key.padEnd(12)}     failed \u2014 encrypt error: ${keyError}`);
+                }
+                formatter_1.formatter.print(`\n${result.imported.length} imported, ${result.skipped.length} skipped, ${result.failed.length} failed.`);
+                if (result.failed.length > 0) {
+                    for (const { key } of result.failed) {
+                        formatter_1.formatter.hint(`clef set ${target} ${key}   (retry failed key)`);
+                    }
+                    process.exit(1);
+                }
+            }
+        }
+        catch (err) {
+            if (err instanceof core_1.SopsMissingError || err instanceof core_1.SopsVersionError) {
+                formatter_1.formatter.formatDependencyError(err);
+                process.exit(1);
+                return;
+            }
+            formatter_1.formatter.error(err.message);
+            process.exit(1);
+        }
+    });
+}
+//# sourceMappingURL=import.js.map

package/dist/commands/import.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"import.js","sourceRoot":"","sources":["../../src/commands/import.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA4BA,sDAuMC;AAnOD,uCAAyB;AACzB,2CAA6B;AAE7B,wCASuB;AACvB,mDAAgD;AAChD,+CAAwC;AAExC,KAAK,UAAU,SAAS;IACtB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,IAAI,IAAI,GAAG,EAAE,CAAC;QACd,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QACnC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,EAAE;YACjC,IAAI,IAAI,KAAK,CAAC;QAChB,CAAC,CAAC,CAAC;QACH,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;QAC7C,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IACpC,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAgB,qBAAqB,CAAC,OAAgB,EAAE,IAAkC;IACxF,OAAO;SACJ,OAAO,CAAC,0BAA0B,CAAC;SACnC,WAAW,CACV,0FAA0F;QACxF,2DAA2D;QAC3D,yEAAyE;QACzE,eAAe;QACf,oCAAoC;QACpC,sDAAsD;QACtD,sFAAsF,CACzF;SACA,MAAM,CAAC,mBAAmB,EAAE,gDAAgD,CAAC;SAC7E,MAAM,CAAC,mBAAmB,EAAE,4CAA4C,CAAC;SACzE,MAAM,CAAC,eAAe,EAAE,6CAA6C,CAAC;SACtE,MAAM,CAAC,aAAa,EAAE,yBAAyB,EAAE,KAAK,CAAC;SACvD,MAAM,CAAC,WAAW,EAAE,4BAA4B,EAAE,KAAK,CAAC;SACxD,MAAM,CAAC,SAAS,EAAE,wBAAwB,EAAE,KAAK,CAAC;SAClD,MAAM,CACL,KAAK,EACH,MAAc,EACd,MAA0B,EAC1B,IAOC,EACD,EAAE;QACF,IAAI,CAAC;YACH,yBAAyB;YACzB,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAChC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;gBACjD,qBAAS,CAAC,KAAK,CACb,mBAAmB,MAAM,mEAAmE,CAC7F,CAAC;gBACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;gBAChB,OAAO;YACT,CAAC;YACD,MAAM,CAAC,SAAS,EAAE,WAAW,CAAC,GAAG,KAAK,CAAC;YAEvC,yBAAyB;YACzB,MAAM,YAAY,GAAG,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;YAChD,IAAI,IAAI,CAAC,MAAM,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;gBACvD,qBAAS,CAAC,KAAK,CACb,mBAAmB,IAAI,CAAC,MAAM,0CAA0C,CACzE,CAAC;gBACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;gBAChB,OAAO;YACT,CAAC;YAED,MAAM,QAAQ,GAAI,OAAO,CAAC,IAAI,EAAE,CAAC,IAAe,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;YAElE,MAAM,MAAM,GAAG,IAAI,qBAAc,EAAE,CAAC;YACpC,IAAI,QAAQ,CAAC;YACb,IAAI,CAAC;gBACH,QAAQ,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC,CAAC;YAC5D,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,qBAAS,CAAC,KAAK,CAAE,GAAa,CAAC,OAAO,CAAC,CAAC;gBACxC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;gBAChB,OAAO;YACT,CAAC;YAED,kCAAkC;YAClC,MAAM,aAAa,GAAG,IAAI,oBAAa,EAAE,CAAC;YAC1C,IAAI,aAAa,CAAC,sBAAsB,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,CAAC;gBAChE,MAAM,SAAS,GAAG,MAAM,qBAAS,CAAC,OAAO,CACvC,oCAAoC,WAAW,aAAa,CAC7D,CAAC;gBACF,IAAI,CAAC,SAAS,EAAE,CAAC;oBACf,qBAAS,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;oBAC3B,OAAO;gBACT,CAAC;YACH,CAAC;YAED,sBAAsB;YACtB,IAAI,OAAe,CAAC;YACpB,IAAI,UAAU,GAAkB,IAAI,CAAC;YAErC,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;gBACf,OAAO,GAAG,MAAM,SAAS,EAAE,CAAC;YAC9B,CAAC;iBAAM,IAAI,MAAM,EAAE,CAAC;gBAClB,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;oBAC3B,qBAAS,CAAC,KAAK,CAAC,0BAA0B,MAAM,EAAE,CAAC,CAAC;oBACpD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;oBAChB,OAAO;gBACT,CAAC;gBACD,IAAI,CAAC;oBACH,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;oBAC3C,UAAU,GAAG,MAAM,CAAC;gBACtB,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,qBAAS,CAAC,KAAK,CAAC,+BAAgC,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;oBACzE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;oBAChB,OAAO;gBACT,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,qBAAS,CAAC,KAAK,CACb,6EAA6E,CAC9E,CAAC;gBACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;gBAChB,OAAO;YACT,CAAC;YAED,oBAAoB;YACpB,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YAErF,MAAM,WAAW,GAAG,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;YAErE,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;gBAChB,qBAAS,CAAC,KAAK,CAAC,sCAAsC,CAAC,CAAC;gBACxD,qBAAS,CAAC,KAAK,CACb,wBAAwB,SAAS,IAAI,WAAW,SAAS,WAAW,OAAO,CAC5E,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,qBAAS,CAAC,KAAK,CAAC,gBAAgB,SAAS,IAAI,WAAW,SAAS,WAAW,OAAO,CAAC,CAAC;YACvF,CAAC;YAED,MAAM,UAAU,GAAG,IAAI,iBAAU,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAC/C,MAAM,YAAY,GAAG,IAAI,mBAAY,CAAC,UAAU,CAAC,CAAC;YAElD,IAAI,MAAM,CAAC;YACX,IAAI,CAAC;gBACH,MAAM,GAAG,MAAM,YAAY,CAAC,MAAM,CAAC,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE;oBAClF,MAAM,EAAE,IAAI,CAAC,MAAkC;oBAC/C,MAAM,EAAE,IAAI,CAAC,MAAM;oBACnB,IAAI,EAAE,UAAU;oBAChB,SAAS,EAAE,IAAI,CAAC,SAAS;oBACzB,MAAM,EAAE,IAAI,CAAC,MAAM;iBACpB,CAAC,CAAC;YACL,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,kEAAkE;gBAClE,IAAI,GAAG,YAAY,uBAAgB,IAAI,GAAG,YAAY,uBAAgB,EAAE,CAAC;oBACvE,MAAM,GAAG,CAAC;gBACZ,CAAC;gBACD,qBAAS,CAAC,KAAK,CAAE,GAAa,CAAC,OAAO,CAAC,CAAC;gBACxC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;gBAChB,OAAO;YACT,CAAC;YAED,gBAAgB;YAChB,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;gBACtC,qBAAS,CAAC,KAAK,CAAC,KAAK,IAAA,aAAG,EAAC,SAAS,CAAC,KAAK,OAAO,EAAE,CAAC,CAAC;YACrD,CAAC;YAED,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;gBAChB,uBAAuB;gBACvB,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;oBAClC,qBAAS,CAAC,KAAK,CAAC,MAAM,IAAA,aAAG,EAAC,OAAO,CAAC,KAAK,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,eAAe,CAAC,CAAC;gBACxE,CAAC;gBACD,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;oBACjC,qBAAS,CAAC,KAAK,CACb,MAAM,IAAA,aAAG,EAAC,SAAS,CAAC,KAAK,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,mCAAmC,CAC3E,CAAC;gBACJ,CAAC;gBAED,qBAAS,CAAC,KAAK,CACb,uBAAuB,MAAM,CAAC,QAAQ,CAAC,MAAM,kBAAkB,MAAM,CAAC,OAAO,CAAC,MAAM,cAAc,CACnG,CAAC;gBACF,qBAAS,CAAC,KAAK,CAAC,iCAAiC,CAAC,CAAC;YACrD,CAAC;iBAAM,CAAC;gBACN,6BAA6B;gBAC7B,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;oBAClC,qBAAS,CAAC,KAAK,CAAC,MAAM,IAAA,aAAG,EAAC,SAAS,CAAC,KAAK,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,IAAA,aAAG,EAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;gBACxF,CAAC;gBACD,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;oBACjC,qBAAS,CAAC,KAAK,CACb,MAAM,IAAA,aAAG,EAAC,SAAS,CAAC,KAAK,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,6DAA6D,CACrG,CAAC;gBACJ,CAAC;gBACD,KAAK,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;oBACrD,qBAAS,CAAC,KAAK,CACb,MAAM,IAAA,aAAG,EAAC,SAAS,CAAC,KAAK,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,qCAAqC,QAAQ,EAAE,CACvF,CAAC;gBACJ,CAAC;gBAED,qBAAS,CAAC,KAAK,CACb,KAAK,MAAM,CAAC,QAAQ,CAAC,MAAM,cAAc,MAAM,CAAC,OAAO,CAAC,MAAM,aAAa,MAAM,CAAC,MAAM,CAAC,MAAM,UAAU,CAC1G,CAAC;gBAEF,IAAI,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAC7B,KAAK,MAAM,EAAE,GAAG,EAAE,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;wBACpC,qBAAS,CAAC,IAAI,CAAC,YAAY,MAAM,IAAI,GAAG,uBAAuB,CAAC,CAAC;oBACnE,CAAC;oBACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;gBAClB,CAAC;YACH,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,uBAAgB,IAAI,GAAG,YAAY,uBAAgB,EAAE,CAAC;gBACvE,qBAAS,CAAC,qBAAqB,CAAC,GAAG,CAAC,CAAC;gBACrC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;gBAChB,OAAO;YACT,CAAC;YACD,qBAAS,CAAC,KAAK,CAAE,GAAa,CAAC,OAAO,CAAC,CAAC;YACxC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC,CACF,CAAC;AACN,CAAC"}

package/dist/commands/init.d.ts

@@ -0,0 +1,11 @@
+import { Command } from "commander";
+import { SubprocessRunner } from "@clef-sh/core";
+export declare function registerInitCommand(program: Command, deps: {
+    runner: SubprocessRunner;
+}): void;
+/**
+ * Generate .sops.yaml from a manifest and write it to disk.
+ * Used by `clef init` and `clef doctor --fix`.
+ */
+export declare function scaffoldSopsConfig(repoRoot: string): void;
+//# sourceMappingURL=init.d.ts.map

package/dist/commands/init.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"init.d.ts","sourceRoot":"","sources":["../../src/commands/init.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAQL,gBAAgB,EASjB,MAAM,eAAe,CAAC;AA+DvB,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE;IAAE,MAAM,EAAE,gBAAgB,CAAA;CAAE,GAAG,IAAI,CA6D9F;AAuQD;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,CAYzD"}