@dotenc/cli 0.4.5 → 0.5.0

package/dist/cli.js

@@ -7,7 +7,7 @@ var package_default;
 var init_package = __esm(() => {
   package_default = {
     name: "@dotenc/cli",
-    version: "0.4.5",
+    version: "0.5.0",
     description: "🔐 Git-native encrypted environments powered by your SSH keys",
     author: "Ivan Filho <i@ivanfilho.com>",
     license: "MIT",
@@ -21,6 +21,7 @@ var init_package = __esm(() => {
     scripts: {
       dev: "bun src/cli.ts",
       start: "node dist/cli.js",
+      typecheck: "tsc --noEmit -p tsconfig.json",
       build: "bun build src/cli.ts --outdir dist --target node --packages external && { echo '#!/usr/bin/env node'; cat dist/cli.js; } > dist/cli.tmp && mv dist/cli.tmp dist/cli.js",
       "build:binary": "bun run build:binary:darwin-arm64 && bun run build:binary:darwin-x64 && bun run build:binary:linux-x64 && bun run build:binary:linux-arm64 && bun run build:binary:windows-x64",
       "build:binary:darwin-arm64": "bun build src/cli.ts --compile --target=bun-darwin-arm64 --outfile dist/dotenc-darwin-arm64",
@@ -1052,8 +1053,8 @@ var getCurrentKeyName = async (deps = { getPrivateKeys, getPublicKeys }) => {
   const { keys: privateKeys } = await deps.getPrivateKeys();
   const publicKeys = await deps.getPublicKeys();
   const privateFingerprints = new Set(privateKeys.map((k) => k.fingerprint));
-  const match = publicKeys.find((pub) => privateFingerprints.has(pub.fingerprint));
-  return match?.name;
+  const matches = publicKeys.filter((pub) => privateFingerprints.has(pub.fingerprint));
+  return matches.map((m) => m.name);
 };
 var init_getCurrentKeyName = __esm(() => {
   init_getPrivateKeys();
@@ -1150,12 +1151,29 @@ var init_run = __esm(() => {
 
 // src/commands/dev.ts
 import chalk8 from "chalk";
-var defaultDevCommandDeps, devCommand = async (command, args, deps = defaultDevCommandDeps) => {
-  const keyName = await deps.getCurrentKeyName();
-  if (!keyName) {
+import inquirer3 from "inquirer";
+var defaultSelect = async (message, choices) => {
+  const { selected } = await inquirer3.prompt([
+    {
+      type: "list",
+      name: "selected",
+      message,
+      choices
+    }
+  ]);
+  return selected;
+}, defaultDevCommandDeps, devCommand = async (command, args, deps = defaultDevCommandDeps) => {
+  const keyNames = await deps.getCurrentKeyName();
+  if (keyNames.length === 0) {
     deps.logError(`${chalk8.red("Error:")} could not resolve your identity. Run ${chalk8.gray("dotenc init")} first.`);
     deps.exit(1);
   }
+  let keyName;
+  if (keyNames.length === 1) {
+    keyName = keyNames[0];
+  } else {
+    keyName = await deps.select("Multiple identities found. Which one do you want to use?", keyNames.map((name) => ({ name, value: name })));
+  }
   await deps.runCommand(command, args, { env: `development,${keyName}` });
 };
 var init_dev = __esm(() => {
@@ -1165,7 +1183,8 @@ var init_dev = __esm(() => {
     getCurrentKeyName,
     runCommand,
     logError: console.error,
-    exit: process.exit
+    exit: process.exit,
+    select: defaultSelect
   };
 });
 
@@ -1207,9 +1226,9 @@ var init_projectConfig = __esm(() => {
 });
 
 // src/prompts/createEnvironment.ts
-import inquirer3 from "inquirer";
+import inquirer4 from "inquirer";
 var createEnvironmentPrompt = async (message, defaultValue) => {
-  const result = await inquirer3.prompt([
+  const result = await inquirer4.prompt([
     {
       type: "input",
       name: "environment",
@@ -1704,9 +1723,9 @@ var setupGitDiff = () => {
 var init_setupGitDiff = () => {};
 
 // src/prompts/inputName.ts
-import inquirer4 from "inquirer";
+import inquirer5 from "inquirer";
 var inputNamePrompt = async (message, defaultValue) => {
-  const result = await inquirer4.prompt([
+  const result = await inquirer5.prompt([
     {
       type: "input",
       name: "name",
@@ -1791,9 +1810,9 @@ function validatePublicKey(key) {
 }
 
 // src/prompts/inputKey.ts
-import inquirer5 from "inquirer";
+import inquirer6 from "inquirer";
 var inputKeyPrompt = async (message, defaultValue) => {
-  const result = await inquirer5.prompt([
+  const result = await inquirer6.prompt([
     {
       type: "password",
       name: "key",
@@ -1813,7 +1832,7 @@ import fs12 from "node:fs/promises";
 import os4 from "node:os";
 import path12 from "node:path";
 import chalk12 from "chalk";
-import inquirer6 from "inquirer";
+import inquirer7 from "inquirer";
 var keyAddCommand = async (nameArg, options) => {
   const { projectId } = await getProjectConfig();
   if (!projectId) {
@@ -1911,7 +1930,7 @@ ${passphraseProtectedKeys.map((k) => `  - ${k}`).join(`
       name: `${key.name} (${key.algorithm})`,
       value: key.name
     }));
-    const modePrompt = await inquirer6.prompt({
+    const modePrompt = await inquirer7.prompt({
       type: "list",
       name: "mode",
       message: "Would you like to add one of your SSH keys or paste a public key?",
@@ -1934,7 +1953,7 @@ ${passphraseProtectedKeys.map((k) => `  - ${k}`).join(`
         process.exit(1);
       }
     } else {
-      const keyPrompt = await inquirer6.prompt({
+      const keyPrompt = await inquirer7.prompt({
         type: "list",
         name: "key",
         message: "Which SSH key do you want to add?",
@@ -1994,7 +2013,7 @@ import fs13 from "node:fs/promises";
 import os5 from "node:os";
 import path13 from "node:path";
 import chalk13 from "chalk";
-import inquirer7 from "inquirer";
+import inquirer8 from "inquirer";
 var initCommand = async (options) => {
   const { keys: privateKeys, passphraseProtectedKeys } = await getPrivateKeys();
   if (!privateKeys.length) {
@@ -2025,7 +2044,7 @@ var initCommand = async (options) => {
   if (privateKeys.length === 1) {
     keyToAdd = privateKeys[0].name;
   } else {
-    const result = await inquirer7.prompt([
+    const result = await inquirer8.prompt([
       {
         type: "list",
         name: "key",
@@ -2072,6 +2091,12 @@ Some useful tips:`);
   console.log(`- To edit your personal environment:	${editCmd}`);
   const devCmd = chalk13.gray("dotenc dev <command>");
   console.log(`- To run with your encrypted env:	${devCmd}`);
+  if (existsSync8(".claude") || existsSync8("CLAUDE.md")) {
+    console.log(`- Install the Claude Code skill:	${chalk13.gray("dotenc tools install-claude-code-skill")}`);
+  }
+  if (existsSync8(".vscode") || existsSync8(".cursor") || existsSync8(".windsurf")) {
+    console.log(`- Add the editor extension:		${chalk13.gray("dotenc tools install-vscode-extension")}`);
+  }
 };
 var init_init = __esm(() => {
   init_createProject();
@@ -2099,9 +2124,9 @@ var init_list3 = __esm(() => {
 });
 
 // src/prompts/confirm.ts
-import inquirer8 from "inquirer";
+import inquirer9 from "inquirer";
 var confirmPrompt = async (message) => {
-  const result = await inquirer8.prompt([
+  const result = await inquirer9.prompt([
     {
       type: "confirm",
       name: "confirm",
@@ -2193,13 +2218,312 @@ var init_textconv = __esm(() => {
   init_getEnvironmentByPath();
 });
 
+// src/commands/tools/install-claude-code-skill.ts
+import { existsSync as existsSync10 } from "node:fs";
+import fs16 from "node:fs/promises";
+import os6 from "node:os";
+import path16 from "node:path";
+import chalk15 from "chalk";
+import inquirer10 from "inquirer";
+var SKILL_MD_CONTENT = `---
+name: dotenc
+description: Manage dotenc encrypted environments. Use when the user asks about environment variables, secrets, dotenc setup, encrypted environments, adding teammates, rotating keys, or running commands with secrets injected.
+allowed-tools: Bash, Read, Glob, Grep
+argument-hint: [command]
+---
+
+## Project context
+
+> If any command below shows an error, dotenc is likely not initialized — suggest running \`dotenc init\` first.
+
+**Current identity:**
+!\`dotenc whoami 2>&1 || true\`
+
+**Available environments:**
+!\`dotenc env list 2>&1 || true\`
+
+**Project public keys:**
+!\`dotenc key list 2>&1 || true\`
+
+## What is dotenc?
+
+dotenc is a Git-native encrypted environment management tool powered by SSH keys. It encrypts environment variables using AES-256-GCM and manages per-user access control using existing SSH key infrastructure. Private keys never leave \`~/.ssh/\`; only public keys are stored in the \`.dotenc/\` project folder. Encrypted files are safe to commit to Git.
+
+## Common workflows
+
+**First-time setup**
+\`\`\`bash
+dotenc init --name alice
+dotenc key add alice --from-ssh ~/.ssh/id_ed25519
+dotenc env create development alice
+dotenc env edit development        # opens editor to add secrets
+\`\`\`
+
+**Onboard a new teammate**
+\`\`\`bash
+dotenc key add bob --from-ssh /path/to/bob_key.pub
+dotenc auth grant development bob
+dotenc auth grant production bob   # only if they need it
+\`\`\`
+
+**Run the app locally with secrets**
+\`\`\`bash
+dotenc dev npm start               # injects development + personal env
+dotenc run -e production node app.js
+\`\`\`
+
+**Rotate keys before someone leaves**
+\`\`\`bash
+dotenc auth revoke production alice
+dotenc auth revoke development alice
+dotenc key remove alice
+dotenc env rotate production       # re-encrypts with remaining keys
+\`\`\`
+
+**Add a CI/CD key**
+\`\`\`bash
+dotenc key add ci --from-file ci_key.pub
+dotenc auth grant production ci
+\`\`\`
+
+## CLI command reference
+
+### Initialization & identity
+
+| Command | Description |
+|---------|-------------|
+| \`dotenc init [--name <name>]\` | Initialize a dotenc project in the current directory |
+| \`dotenc whoami\` | Show your identity, active SSH key, fingerprint, and environment access |
+| \`dotenc config <key> [value] [--remove]\` | Get, set, or remove a global configuration key |
+
+### Environment management
+
+| Command | Description |
+|---------|-------------|
+| \`dotenc env list\` | List all encrypted environments |
+| \`dotenc env create [environment] [publicKey]\` | Create a new encrypted environment |
+| \`dotenc env edit [environment]\` | Edit an environment in your configured editor |
+| \`dotenc env rotate [environment]\` | Rotate the data key for an environment |
+| \`dotenc env decrypt <environment> [--json]\` | Decrypt an environment to stdout |
+| \`dotenc env encrypt <environment> [--stdin] [--json]\` | Encrypt plaintext into an environment file |
+
+### Access control
+
+| Command | Description |
+|---------|-------------|
+| \`dotenc auth list [environment]\` | List public keys with access to an environment |
+| \`dotenc auth grant [environment] [publicKey]\` | Grant a key access to an environment |
+| \`dotenc auth revoke [environment] [publicKey]\` | Revoke a key's access from an environment |
+
+### Key management
+
+| Command | Description |
+|---------|-------------|
+| \`dotenc key list\` | List all public keys in the project |
+| \`dotenc key add [name] [--from-ssh <path>] [-f <file>] [-s <string>]\` | Add a public key to the project |
+| \`dotenc key remove [name]\` | Remove a public key and revoke from all environments |
+
+### Running commands with decrypted variables
+
+| Command | Description |
+|---------|-------------|
+| \`dotenc run -e <env1>[,env2] <command> [args...]\` | Run a command with decrypted environment variables |
+| \`dotenc dev <command> [args...]\` | Shortcut: run with \`development\` + your personal environment |
+
+### Git integration
+
+| Command | Description |
+|---------|-------------|
+| \`dotenc textconv <filepath>\` | Decrypt an environment file for \`git diff\` |
+
+## Guidelines
+
+- **Never expose decrypted secrets in chat output.** Do not run \`dotenc env decrypt\` and display the result. If the user needs to inspect values, suggest \`dotenc env edit\` which opens their editor.
+- **Prefer \`dotenc dev\` / \`dotenc run\`** over manually decrypting and exporting variables.
+- **Warn before destructive operations.** Confirm with the user before running \`dotenc key remove\`, \`dotenc auth revoke\`, or \`dotenc env rotate\`, as these can lock users out of environments.
+- **Always pass arguments explicitly.** All commands support interactive mode when arguments are omitted, but Claude Code is non-interactive — always provide the full command with arguments.
+- **Encrypted files are Git-safe.** Files like \`.env.production.enc\` are meant to be committed; never instruct the user to add them to \`.gitignore\`.
+`, installClaudeCodeSkillCommand = async (options) => {
+  const { scope } = await inquirer10.prompt([
+    {
+      type: "list",
+      name: "scope",
+      message: "Install locally or globally?",
+      choices: [
+        { name: "Locally (this project)", value: "local" },
+        { name: "Globally (all projects)", value: "global" }
+      ]
+    }
+  ]);
+  const baseDir = scope === "global" ? path16.join(os6.homedir(), ".claude") : path16.join(process.cwd(), ".claude");
+  const skillDir = path16.join(baseDir, "skills", "dotenc");
+  const skillPath = path16.join(skillDir, "SKILL.md");
+  if (existsSync10(skillPath) && !options.force) {
+    console.error(`${chalk15.red("Error:")} Claude Code skill already exists at ${chalk15.gray(skillPath)}.`);
+    console.error(`Run with ${chalk15.gray("--force")} to overwrite.`);
+    process.exit(1);
+  }
+  await fs16.mkdir(skillDir, { recursive: true });
+  await fs16.writeFile(skillPath, SKILL_MD_CONTENT, "utf-8");
+  console.log(`${chalk15.green("✓")} Claude Code skill installed at ${chalk15.gray(skillPath)}`);
+  console.log(`Run ${chalk15.gray("/dotenc")} in Claude Code to use it.`);
+};
+var init_install_claude_code_skill = () => {};
+
+// src/commands/tools/install-vscode-extension.ts
+import { exec, execFile } from "node:child_process";
+import { existsSync as existsSync11 } from "node:fs";
+import fs17 from "node:fs/promises";
+import path17 from "node:path";
+import { promisify } from "node:util";
+import chalk16 from "chalk";
+import inquirer11 from "inquirer";
+async function addToExtensionsJson() {
+  const extensionsJsonPath = path17.join(process.cwd(), ".vscode", "extensions.json");
+  let json = {};
+  if (existsSync11(extensionsJsonPath)) {
+    const content = await fs17.readFile(extensionsJsonPath, "utf-8");
+    try {
+      json = JSON.parse(content);
+    } catch {
+      json = {};
+    }
+  } else {
+    await fs17.mkdir(path17.join(process.cwd(), ".vscode"), { recursive: true });
+  }
+  if (!Array.isArray(json.recommendations)) {
+    json.recommendations = [];
+  }
+  if (!json.recommendations.includes(EXTENSION_ID)) {
+    json.recommendations.push(EXTENSION_ID);
+    await fs17.writeFile(extensionsJsonPath, JSON.stringify(json, null, 2), "utf-8");
+    console.log(`${chalk16.green("✓")} Added dotenc to ${chalk16.gray(".vscode/extensions.json")}`);
+  } else {
+    console.log(`${chalk16.green("✓")} dotenc already in ${chalk16.gray(".vscode/extensions.json")}`);
+  }
+}
+async function which(bin) {
+  try {
+    await execFileAsync("which", [bin]);
+    return true;
+  } catch {
+    return false;
+  }
+}
+async function detectEditors() {
+  const detected = [];
+  if (existsSync11(path17.join(process.cwd(), ".cursor")))
+    detected.push("cursor");
+  if (existsSync11(path17.join(process.cwd(), ".windsurf")))
+    detected.push("windsurf");
+  if (existsSync11(path17.join(process.cwd(), ".vscode")))
+    detected.push("vscode");
+  const checks = [
+    { key: "cursor", bins: ["cursor"] },
+    { key: "windsurf", bins: ["windsurf"] },
+    { key: "vscode", bins: ["code"] },
+    { key: "vscodium", bins: ["codium", "vscodium"] }
+  ];
+  if (process.platform === "darwin") {
+    const macApps = {
+      cursor: "/Applications/Cursor.app",
+      windsurf: "/Applications/Windsurf.app",
+      vscode: "/Applications/Visual Studio Code.app",
+      vscodium: "/Applications/VSCodium.app"
+    };
+    for (const [key, appPath] of Object.entries(macApps)) {
+      if (!detected.includes(key) && existsSync11(appPath)) {
+        detected.push(key);
+      }
+    }
+  }
+  for (const { key, bins } of checks) {
+    if (detected.includes(key))
+      continue;
+    for (const bin of bins) {
+      if (await which(bin)) {
+        detected.push(key);
+        break;
+      }
+    }
+  }
+  return detected;
+}
+async function openUrl(url) {
+  if (process.platform === "darwin") {
+    await execFileAsync("open", [url]);
+  } else if (process.platform === "win32") {
+    await execAsync(`start ${url}`);
+  } else {
+    await execFileAsync("xdg-open", [url]);
+  }
+}
+async function _runInstallVscodeExtension(getEditors = detectEditors, _openUrl = openUrl) {
+  const editors = await getEditors();
+  await addToExtensionsJson();
+  if (editors.length === 0) {
+    console.log(`
+Install the extension in VS Code: ${chalk16.cyan(EDITOR_PROTOCOL_URLS.vscode)}`);
+    return;
+  }
+  if (editors.length === 1) {
+    const editor = editors[0];
+    const url = EDITOR_PROTOCOL_URLS[editor];
+    const name = EDITOR_NAMES[editor];
+    const { open } = await inquirer11.prompt([
+      {
+        type: "confirm",
+        name: "open",
+        message: `Open extension page in ${name} now?`,
+        default: true
+      }
+    ]);
+    if (open) {
+      try {
+        await _openUrl(url);
+      } catch {
+        console.log(`Open manually: ${chalk16.cyan(url)}`);
+      }
+    } else {
+      console.log(`Install manually: ${chalk16.cyan(url)}`);
+    }
+    return;
+  }
+  console.log(`
+Install the extension in your editor:`);
+  for (const editor of editors) {
+    const name = EDITOR_NAMES[editor] ?? editor;
+    const url = EDITOR_PROTOCOL_URLS[editor];
+    console.log(`  ${name}: ${chalk16.cyan(url)}`);
+  }
+}
+var execFileAsync, execAsync, EXTENSION_ID = "dotenc.dotenc", EDITOR_PROTOCOL_URLS, EDITOR_NAMES, installVscodeExtensionCommand = async () => {
+  await _runInstallVscodeExtension();
+};
+var init_install_vscode_extension = __esm(() => {
+  execFileAsync = promisify(execFile);
+  execAsync = promisify(exec);
+  EDITOR_PROTOCOL_URLS = {
+    vscode: `vscode:extension/${EXTENSION_ID}`,
+    cursor: `cursor:extension/${EXTENSION_ID}`,
+    windsurf: `windsurf:extension/${EXTENSION_ID}`,
+    vscodium: `vscodium:extension/${EXTENSION_ID}`
+  };
+  EDITOR_NAMES = {
+    vscode: "VS Code",
+    cursor: "Cursor",
+    windsurf: "Windsurf",
+    vscodium: "VSCodium"
+  };
+});
+
 // src/commands/whoami.ts
 var whoamiCommand = async () => {
   const { keys: privateKeys, passphraseProtectedKeys } = await getPrivateKeys();
   const publicKeys = await getPublicKeys();
   const privateFingerprints = new Set(privateKeys.map((k) => k.fingerprint));
-  const matchingPublicKey = publicKeys.find((pub) => privateFingerprints.has(pub.fingerprint));
-  if (!matchingPublicKey) {
+  const matchingPublicKeys = publicKeys.filter((pub) => privateFingerprints.has(pub.fingerprint));
+  if (matchingPublicKeys.length === 0) {
     if (privateKeys.length === 0 && passphraseProtectedKeys.length > 0) {
       console.error(passphraseProtectedKeyError(passphraseProtectedKeys));
     } else {
@@ -2207,28 +2531,34 @@ var whoamiCommand = async () => {
     }
     process.exit(1);
   }
-  const matchingPrivateKey = privateKeys.find((pk) => pk.fingerprint === matchingPublicKey.fingerprint);
-  console.log(`Name: ${matchingPublicKey.name}`);
-  console.log(`Active SSH key: ${matchingPrivateKey?.name ?? "unknown"}`);
-  console.log(`Fingerprint: ${matchingPublicKey.fingerprint}`);
   const environments = await getEnvironments();
-  const authorizedEnvironments = [];
-  for (const envName of environments) {
-    try {
-      const environment = await getEnvironmentByName(envName);
-      const hasAccess = environment.keys.some((key) => key.fingerprint === matchingPublicKey.fingerprint);
-      if (hasAccess) {
-        authorizedEnvironments.push(envName);
+  for (let i = 0;i < matchingPublicKeys.length; i++) {
+    const matchingPublicKey = matchingPublicKeys[i];
+    if (i > 0) {
+      console.log("");
+    }
+    const matchingPrivateKey = privateKeys.find((pk) => pk.fingerprint === matchingPublicKey.fingerprint);
+    console.log(`Name: ${matchingPublicKey.name}`);
+    console.log(`Active SSH key: ${matchingPrivateKey?.name ?? "unknown"}`);
+    console.log(`Fingerprint: ${matchingPublicKey.fingerprint}`);
+    const authorizedEnvironments = [];
+    for (const envName of environments) {
+      try {
+        const environment = await getEnvironmentByName(envName);
+        const hasAccess = environment.keys.some((key) => key.fingerprint === matchingPublicKey.fingerprint);
+        if (hasAccess) {
+          authorizedEnvironments.push(envName);
+        }
+      } catch {}
+    }
+    if (authorizedEnvironments.length > 0) {
+      console.log("Authorized environments:");
+      for (const env of authorizedEnvironments) {
+        console.log(`  - ${env}`);
       }
-    } catch {}
-  }
-  if (authorizedEnvironments.length > 0) {
-    console.log("Authorized environments:");
-    for (const env of authorizedEnvironments) {
-      console.log(`  - ${env}`);
+    } else {
+      console.log("Authorized environments: none");
     }
-  } else {
-    console.log("Authorized environments: none");
   }
 };
 var init_whoami = __esm(() => {
@@ -2242,7 +2572,7 @@ var init_whoami = __esm(() => {
 // src/program.ts
 var exports_program = {};
 import { Command, Option } from "commander";
-var program, env, auth, key;
+var program, env, auth, key, tools;
 var init_program = __esm(() => {
   init_package();
   init_grant();
@@ -2262,6 +2592,8 @@ var init_program = __esm(() => {
   init_remove();
   init_run();
   init_textconv();
+  init_install_claude_code_skill();
+  init_install_vscode_extension();
   init_whoami();
   program = new Command;
   program.name("dotenc").description(package_default.description).version(package_default.version);
@@ -2283,6 +2615,9 @@ var init_program = __esm(() => {
   key.command("add").argument("[name]", "the name of the public key in the project").addOption(new Option("--from-ssh <path>", "add a public key derived from an SSH key file")).addOption(new Option("-f, --from-file <file>", "add the key from a PEM file")).addOption(new Option("-s, --from-string <string>", "add a public key from a string")).description("add a public key to the project").action(keyAddCommand);
   key.command("list").description("list all public keys in the project").action(keyListCommand);
   key.command("remove").argument("[name]", "the name of the public key to remove").description("remove a public key from the project").action(keyRemoveCommand);
+  tools = program.command("tools").description("install editor integrations");
+  tools.command("install-claude-code-skill").addOption(new Option("--force", "overwrite existing installation")).description("install the Claude Code skill for this project").action(installClaudeCodeSkillCommand);
+  tools.command("install-vscode-extension").description("add dotenc to VS Code / Cursor / Windsurf extension recommendations").action(installVscodeExtensionCommand);
   program.command("textconv", { hidden: true }).argument("<filepath>", "path to the encrypted environment file").description("decrypt an environment file for git diff").action(textconvCommand);
   program.command("whoami").description("show your identity in this project").action(whoamiCommand);
   program.command("config").argument("<key>", "the key to get or set").argument("[value]", "the value to set the key to").addOption(new Option("-r, --remove", "remove a configuration key")).description("manage global configuration").action(configCommand);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@dotenc/cli",
-  "version": "0.4.5",
+  "version": "0.5.0",
   "description": "🔐 Git-native encrypted environments powered by your SSH keys",
   "author": "Ivan Filho <i@ivanfilho.com>",
   "license": "MIT",
@@ -14,6 +14,7 @@
   "scripts": {
     "dev": "bun src/cli.ts",
     "start": "node dist/cli.js",
+    "typecheck": "tsc --noEmit -p tsconfig.json",
     "build": "bun build src/cli.ts --outdir dist --target node --packages external && { echo '#!/usr/bin/env node'; cat dist/cli.js; } > dist/cli.tmp && mv dist/cli.tmp dist/cli.js",
     "build:binary": "bun run build:binary:darwin-arm64 && bun run build:binary:darwin-x64 && bun run build:binary:linux-x64 && bun run build:binary:linux-arm64 && bun run build:binary:windows-x64",
     "build:binary:darwin-arm64": "bun build src/cli.ts --compile --target=bun-darwin-arm64 --outfile dist/dotenc-darwin-arm64",