@dotenc/cli 0.4.4 → 0.4.5

package/README.md

@@ -447,7 +447,6 @@ Alternatively, the `DOTENC_ENV` variable can be used to set the environment, so
   dotenc run node app.js
 ```
 
-> **Note:** `dotenc textconv` is an internal command used by the git diff driver. It is set up automatically during `dotenc init` and allows `git diff` to show decrypted content of `.env.*.enc` files.
 
 ## How dotenc compares
 

package/dist/cli.js

@@ -7,7 +7,7 @@ var package_default;
 var init_package = __esm(() => {
   package_default = {
     name: "@dotenc/cli",
-    version: "0.4.4",
+    version: "0.4.5",
     description: "🔐 Git-native encrypted environments powered by your SSH keys",
     author: "Ivan Filho <i@ivanfilho.com>",
     license: "MIT",
@@ -1298,6 +1298,77 @@ var init_create = __esm(() => {
   init_createEnvironment();
 });
 
+// src/commands/env/decrypt.ts
+var defaultDecryptCommandDeps, ansiPattern, stripAnsi = (value) => value.replace(ansiPattern, ""), mapErrorCode = (message) => {
+  if (message.includes("Environment file not found")) {
+    return "ENVIRONMENT_NOT_FOUND";
+  }
+  if (message === "Access denied to the environment.") {
+    return "ACCESS_DENIED";
+  }
+  if (message.includes("No private keys found")) {
+    return "NO_PRIVATE_KEYS";
+  }
+  if (message.toLowerCase().includes("passphrase-protected")) {
+    return "PASSPHRASE_PROTECTED_KEYS";
+  }
+  return "UNKNOWN";
+}, writeJson = (message, deps) => {
+  deps.writeStdout(`${JSON.stringify(message)}
+`);
+}, decryptCommand = async (environmentName, options, _command, deps = defaultDecryptCommandDeps) => {
+  const validation = deps.validateEnvironmentName(environmentName);
+  if (!validation.valid) {
+    if (options.json) {
+      writeJson({
+        ok: false,
+        error: {
+          code: "INVALID_ENVIRONMENT_NAME",
+          message: validation.reason
+        }
+      }, deps);
+    } else {
+      deps.logError(validation.reason);
+    }
+    deps.exit(1);
+  }
+  try {
+    const environment = await deps.getEnvironmentByName(environmentName);
+    const plaintext = await deps.decryptEnvironmentData(environment);
+    if (options.json) {
+      writeJson({ ok: true, content: plaintext }, deps);
+    } else {
+      deps.writeStdout(plaintext);
+    }
+  } catch (error) {
+    const rawMessage = error instanceof Error ? error.message : "Unknown error occurred while decrypting the environment.";
+    const message = stripAnsi(rawMessage);
+    const code = mapErrorCode(message);
+    if (options.json) {
+      writeJson({
+        ok: false,
+        error: { code, message }
+      }, deps);
+    } else {
+      deps.logError(message);
+    }
+    deps.exit(1);
+  }
+};
+var init_decrypt = __esm(() => {
+  init_decryptEnvironment();
+  init_getEnvironmentByName();
+  defaultDecryptCommandDeps = {
+    validateEnvironmentName,
+    getEnvironmentByName,
+    decryptEnvironmentData,
+    writeStdout: (message) => process.stdout.write(message),
+    logError: (message) => console.error(message),
+    exit: (code) => process.exit(code)
+  };
+  ansiPattern = new RegExp(`${String.fromCharCode(27)}\\[[0-9;]*m`, "g");
+});
+
 // src/helpers/createHash.ts
 import crypto9 from "node:crypto";
 var createHash = (input) => {
@@ -1443,6 +1514,117 @@ var init_edit = __esm(() => {
   init_chooseEnvironment();
 });
 
+// src/commands/env/encrypt.ts
+var defaultEncryptCommandDeps, ansiPattern2, stripAnsi2 = (value) => value.replace(ansiPattern2, ""), mapErrorCode2 = (message) => {
+  if (message.includes("Environment file not found")) {
+    return "ENVIRONMENT_NOT_FOUND";
+  }
+  if (message === "Access denied to the environment.") {
+    return "ACCESS_DENIED";
+  }
+  if (message.includes("No private keys found")) {
+    return "NO_PRIVATE_KEYS";
+  }
+  if (message.includes("No public keys found")) {
+    return "NO_PUBLIC_KEYS";
+  }
+  if (message.toLowerCase().includes("passphrase-protected")) {
+    return "PASSPHRASE_PROTECTED_KEYS";
+  }
+  return "UNKNOWN";
+}, writeJson2 = (message, deps) => {
+  deps.writeStdout(`${JSON.stringify(message)}
+`);
+}, runWithoutConsoleNoise = async (fn) => {
+  const originalLog = console.log;
+  const originalError = console.error;
+  try {
+    console.log = () => {};
+    console.error = () => {};
+    await fn();
+  } finally {
+    console.log = originalLog;
+    console.error = originalError;
+  }
+}, encryptCommand = async (environmentName, options, _command, deps = defaultEncryptCommandDeps) => {
+  const validation = deps.validateEnvironmentName(environmentName);
+  if (!validation.valid) {
+    if (options.json) {
+      writeJson2({
+        ok: false,
+        error: {
+          code: "INVALID_ENVIRONMENT_NAME",
+          message: validation.reason
+        }
+      }, deps);
+    } else {
+      deps.logError(validation.reason);
+    }
+    deps.exit(1);
+  }
+  if (!options.stdin) {
+    const message = 'No input source provided. Use "--stdin" and pipe the plaintext content.';
+    if (options.json) {
+      writeJson2({
+        ok: false,
+        error: {
+          code: "MISSING_STDIN",
+          message
+        }
+      }, deps);
+    } else {
+      deps.logError(message);
+    }
+    deps.exit(1);
+  }
+  try {
+    const content = await deps.readStdin();
+    if (options.json) {
+      await runWithoutConsoleNoise(async () => {
+        await deps.encryptEnvironment(environmentName, content);
+      });
+      writeJson2({ ok: true }, deps);
+      return;
+    }
+    await deps.encryptEnvironment(environmentName, content);
+  } catch (error) {
+    const rawMessage = error instanceof Error ? error.message : "Unknown error occurred while encrypting the environment.";
+    const message = stripAnsi2(rawMessage);
+    const code = mapErrorCode2(message);
+    if (options.json) {
+      writeJson2({
+        ok: false,
+        error: { code, message }
+      }, deps);
+    } else {
+      deps.logError(message);
+    }
+    deps.exit(1);
+  }
+};
+var init_encrypt = __esm(() => {
+  init_encryptEnvironment();
+  defaultEncryptCommandDeps = {
+    validateEnvironmentName,
+    encryptEnvironment,
+    readStdin: () => new Promise((resolve, reject) => {
+      let input = "";
+      process.stdin.setEncoding("utf-8");
+      process.stdin.on("data", (chunk) => {
+        input += chunk;
+      });
+      process.stdin.on("end", () => {
+        resolve(input);
+      });
+      process.stdin.on("error", reject);
+    }),
+    writeStdout: (message) => process.stdout.write(message),
+    logError: (message) => console.error(message),
+    exit: (code) => process.exit(code)
+  };
+  ansiPattern2 = new RegExp(`${String.fromCharCode(27)}\\[[0-9;]*m`, "g");
+});
+
 // src/commands/env/list.ts
 var envListCommand = async () => {
   const environments = await getEnvironments();
@@ -2069,7 +2251,9 @@ var init_program = __esm(() => {
   init_config();
   init_dev();
   init_create();
+  init_decrypt();
   init_edit();
+  init_encrypt();
   init_list2();
   init_rotate();
   init_init();
@@ -2085,6 +2269,8 @@ var init_program = __esm(() => {
   env = program.command("env").description("manage environments");
   env.command("create").argument("[environment]", "the name of the new environment").argument("[publicKey]", "the name of the public key to grant access to the environment").description("create a new environment").action((env2, pubKey) => createCommand(env2, pubKey));
   env.command("edit").argument("[environment]", "the environment to edit").description("edit an environment").action(editCommand);
+  env.command("decrypt", { hidden: true }).argument("<environment>", "the environment to decrypt").addOption(new Option("--json", "output machine-readable JSON")).description("decrypt an environment and print plaintext to stdout").action(decryptCommand);
+  env.command("encrypt", { hidden: true }).argument("<environment>", "the environment to encrypt").addOption(new Option("--stdin", "read plaintext content from stdin")).addOption(new Option("--json", "output machine-readable JSON")).description("encrypt plaintext content and write it to an environment file").action(encryptCommand);
   env.command("rotate").argument("[environment]", "the environment to rotate the data key for").description("rotate the data key for an environment").action(rotateCommand);
   env.command("list").description("list all environments").action(envListCommand);
   auth = program.command("auth").description("manage environment access");
@@ -2097,7 +2283,7 @@ var init_program = __esm(() => {
   key.command("add").argument("[name]", "the name of the public key in the project").addOption(new Option("--from-ssh <path>", "add a public key derived from an SSH key file")).addOption(new Option("-f, --from-file <file>", "add the key from a PEM file")).addOption(new Option("-s, --from-string <string>", "add a public key from a string")).description("add a public key to the project").action(keyAddCommand);
   key.command("list").description("list all public keys in the project").action(keyListCommand);
   key.command("remove").argument("[name]", "the name of the public key to remove").description("remove a public key from the project").action(keyRemoveCommand);
-  program.command("textconv").argument("<filepath>", "path to the encrypted environment file").description("decrypt an environment file for git diff").action(textconvCommand);
+  program.command("textconv", { hidden: true }).argument("<filepath>", "path to the encrypted environment file").description("decrypt an environment file for git diff").action(textconvCommand);
   program.command("whoami").description("show your identity in this project").action(whoamiCommand);
   program.command("config").argument("<key>", "the key to get or set").argument("[value]", "the value to set the key to").addOption(new Option("-r, --remove", "remove a configuration key")).description("manage global configuration").action(configCommand);
   program.parse();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@dotenc/cli",
-  "version": "0.4.4",
+  "version": "0.4.5",
   "description": "🔐 Git-native encrypted environments powered by your SSH keys",
   "author": "Ivan Filho <i@ivanfilho.com>",
   "license": "MIT",