@dotenc/cli 0.5.2 → 0.6.0

package/README.md

@@ -112,8 +112,7 @@ After setup, your project will look like:
 │   └── ...
 ├── .env.alice.enc
 ├── .env.production.enc
-├── .env.development.enc
-└── dotenc.json
+└── .env.development.enc
 ```
 
 Encrypted files are committed to Git. Public keys are stored inside `.dotenc/`. Each developer gets a personal encrypted environment (e.g., `.env.alice.enc`).
@@ -158,8 +157,7 @@ This will interactively guide you through the setup process:
 2. Prompting for your username (defaults to your system username);
 3. Letting you choose which SSH key to use;
 4. Deriving the public key and storing it in `.dotenc/` (e.g., `.dotenc/alice.pub`);
-5. Creating a `dotenc.json` configuration file in the root of your project;
-6. Creating your personal encrypted environment (e.g., `.env.alice.enc`).
+5. Creating encrypted `development` and personal environments (e.g., `.env.development.enc`, `.env.alice.enc`).
 
 No keys to generate. If you already have an SSH key (and you probably do), you're ready to go.
 

package/dist/cli.js

@@ -7,7 +7,7 @@ var package_default;
 var init_package = __esm(() => {
   package_default = {
     name: "@dotenc/cli",
-    version: "0.5.2",
+    version: "0.6.0",
     description: "🔐 Git-native encrypted environments powered by your SSH keys",
     author: "Ivan Filho <i@ivanfilho.com>",
     license: "MIT",
@@ -38,7 +38,6 @@ var init_package = __esm(() => {
       typescript: "^5.8.2"
     },
     dependencies: {
-      "@paralleldrive/cuid2": "^2.2.2",
       chalk: "^5.4.1",
       commander: "^13.1.0",
       eciesjs: "^0.4.15",
@@ -486,9 +485,77 @@ function tryParsePrivateKey(keyContent) {
     return parseOpenSSHPrivateKey(keyContent);
   }
 }
+function describeUnsupportedAlgorithm(keyType) {
+  return `unsupported algorithm: ${String(keyType ?? "unknown")}`;
+}
+function readLengthPrefixedBytes(buffer, offset) {
+  if (offset + 4 > buffer.length)
+    return null;
+  const length = buffer.readUInt32BE(offset);
+  const start = offset + 4;
+  const end = start + length;
+  if (end > buffer.length)
+    return null;
+  return { bytes: buffer.subarray(start, end), nextOffset: end };
+}
+function readLengthPrefixedString(buffer, offset) {
+  const bytes = readLengthPrefixedBytes(buffer, offset);
+  if (!bytes)
+    return null;
+  return { value: bytes.bytes.toString("ascii"), nextOffset: bytes.nextOffset };
+}
+function detectUnsupportedOpenSSHAlgorithm(keyContent) {
+  if (!keyContent.includes("BEGIN OPENSSH PRIVATE KEY"))
+    return null;
+  const lines = keyContent.split(`
+`);
+  const startIdx = lines.findIndex((line) => line.trim().startsWith("-----BEGIN OPENSSH PRIVATE KEY-----"));
+  const endIdx = lines.findIndex((line) => line.trim().startsWith("-----END OPENSSH PRIVATE KEY-----"));
+  if (startIdx === -1 || endIdx === -1)
+    return null;
+  const base64 = lines.slice(startIdx + 1, endIdx).map((line) => line.trim()).join("");
+  const buffer = Buffer.from(base64, "base64");
+  const MAGIC = "openssh-key-v1\x00";
+  if (buffer.length < MAGIC.length)
+    return null;
+  const magic = buffer.subarray(0, MAGIC.length).toString("ascii");
+  if (magic !== MAGIC)
+    return null;
+  let offset = MAGIC.length;
+  const ciphername = readLengthPrefixedString(buffer, offset);
+  if (!ciphername)
+    return null;
+  offset = ciphername.nextOffset;
+  const kdfname = readLengthPrefixedString(buffer, offset);
+  if (!kdfname)
+    return null;
+  offset = kdfname.nextOffset;
+  const kdfoptions = readLengthPrefixedBytes(buffer, offset);
+  if (!kdfoptions)
+    return null;
+  offset = kdfoptions.nextOffset;
+  if (offset + 4 > buffer.length)
+    return null;
+  const keyCount = buffer.readUInt32BE(offset);
+  offset += 4;
+  if (keyCount < 1)
+    return null;
+  const publicBlob = readLengthPrefixedBytes(buffer, offset);
+  if (!publicBlob)
+    return null;
+  const publicBlobType = readLengthPrefixedString(publicBlob.bytes, 0);
+  if (!publicBlobType)
+    return null;
+  if (publicBlobType.value === "ssh-rsa")
+    return null;
+  if (publicBlobType.value === "ssh-ed25519")
+    return null;
+  return publicBlobType.value;
+}
 var SSH_KEY_FILES, getPrivateKeys = async () => {
   const privateKeys = [];
   const passphraseProtectedKeys = [];
+  const unsupportedKeys = [];
   if (process.env.DOTENC_PRIVATE_KEY) {
     let privateKey = null;
     try {
@@ -512,6 +579,10 @@ var SSH_KEY_FILES, getPrivateKeys = async () => {
         }
         privateKeys.push(entry);
       } else {
+        unsupportedKeys.push({
+          name: "env.DOTENC_PRIVATE_KEY",
+          reason: describeUnsupportedAlgorithm(privateKey.asymmetricKeyType)
+        });
         console.error(`Unsupported key type in DOTENC_PRIVATE_KEY: ${privateKey.asymmetricKeyType}. Only RSA and Ed25519 are supported.`);
       }
     } else {
@@ -520,11 +591,15 @@ var SSH_KEY_FILES, getPrivateKeys = async () => {
         process.exit(1);
       }
       console.error("Invalid private key format in DOTENC_PRIVATE_KEY environment variable. Please provide a valid private key (PEM or OpenSSH format).");
+      unsupportedKeys.push({
+        name: "env.DOTENC_PRIVATE_KEY",
+        reason: "invalid private key format"
+      });
     }
   }
   const sshDir = path2.join(os.homedir(), ".ssh");
   if (!existsSync(sshDir)) {
-    return { keys: privateKeys, passphraseProtectedKeys };
+    return { keys: privateKeys, passphraseProtectedKeys, unsupportedKeys };
   }
   const files = await fs2.readdir(sshDir);
   const knownFiles = SSH_KEY_FILES.filter((f) => files.includes(f));
@@ -551,12 +626,27 @@ var SSH_KEY_FILES, getPrivateKeys = async () => {
     if (!privateKey) {
       if (isPassphraseProtected(keyContent)) {
         passphraseProtectedKeys.push(fileName);
+        unsupportedKeys.push({
+          name: fileName,
+          reason: "passphrase-protected"
+        });
+      } else {
+        const unsupportedOpenSSHType = detectUnsupportedOpenSSHAlgorithm(keyContent);
+        unsupportedKeys.push({
+          name: fileName,
+          reason: unsupportedOpenSSHType ? describeUnsupportedAlgorithm(unsupportedOpenSSHType) : "invalid private key format"
+        });
       }
       continue;
     }
     const algorithm = detectAlgorithm(privateKey);
-    if (!algorithm)
+    if (!algorithm) {
+      unsupportedKeys.push({
+        name: fileName,
+        reason: describeUnsupportedAlgorithm(privateKey.asymmetricKeyType)
+      });
       continue;
+    }
     const entry = {
       name: fileName,
       privateKey,
@@ -570,7 +660,7 @@ var SSH_KEY_FILES, getPrivateKeys = async () => {
     }
     privateKeys.push(entry);
   }
-  return { keys: privateKeys, passphraseProtectedKeys };
+  return { keys: privateKeys, passphraseProtectedKeys, unsupportedKeys };
 };
 var init_getPrivateKeys = __esm(() => {
   init_getKeyFingerprint();
@@ -880,20 +970,41 @@ var init_chooseEnvironment = __esm(() => {
 
 // src/prompts/choosePublicKey.ts
 import inquirer2 from "inquirer";
-var choosePublicKeyPrompt = async (message, multiple) => {
-  const publicKeys = await getPublicKeys();
-  const result = await inquirer2.prompt([
+async function _runChoosePublicKeyPrompt(message, multiple, depsOverrides = {}) {
+  const deps = {
+    ...defaultDeps,
+    ...depsOverrides
+  };
+  const publicKeys = await deps.getPublicKeys();
+  const result = await deps.prompt([
     {
-      type: multiple ? "list" : "checkbox",
+      type: multiple ? "checkbox" : "list",
       name: "key",
       message,
       choices: publicKeys.map((key) => key.name.replace(".pub", ""))
     }
   ]);
+  if (multiple) {
+    return Array.isArray(result.key) ? result.key : [result.key];
+  }
+  if (Array.isArray(result.key)) {
+    return result.key[0] ?? "";
+  }
   return result.key;
-};
+}
+async function choosePublicKeyPrompt(message, multiple) {
+  if (multiple) {
+    return _runChoosePublicKeyPrompt(message, true);
+  }
+  return _runChoosePublicKeyPrompt(message, false);
+}
+var defaultDeps;
 var init_choosePublicKey = __esm(() => {
   init_getPublicKeys();
+  defaultDeps = {
+    prompt: inquirer2.prompt,
+    getPublicKeys
+  };
 });
 
 // src/commands/auth/grant.ts
@@ -1213,25 +1324,6 @@ var init_getEnvironmentNameSuggestion = __esm(() => {
   init_environmentExists();
 });
 
-// src/helpers/projectConfig.ts
-import { existsSync as existsSync5 } from "node:fs";
-import fs8 from "node:fs/promises";
-import path8 from "node:path";
-import { z as z3 } from "zod";
-var projectConfigSchema, configPath, getProjectConfig = async () => {
-  if (existsSync5(configPath)) {
-    const config = JSON.parse(await fs8.readFile(configPath, "utf-8"));
-    return projectConfigSchema.parse(config);
-  }
-  return {};
-};
-var init_projectConfig = __esm(() => {
-  projectConfigSchema = z3.object({
-    projectId: z3.string()
-  });
-  configPath = path8.join(process.cwd(), "dotenc.json");
-});
-
 // src/prompts/createEnvironment.ts
 import inquirer4 from "inquirer";
 var createEnvironmentPrompt = async (message, defaultValue) => {
@@ -1248,15 +1340,23 @@ var createEnvironmentPrompt = async (message, defaultValue) => {
 var init_createEnvironment = () => {};
 
 // src/commands/env/create.ts
-import fs9 from "node:fs/promises";
-import path9 from "node:path";
+import fs8 from "node:fs/promises";
+import path8 from "node:path";
 import chalk9 from "chalk";
-var createCommand = async (environmentNameArg, publicKeyNameArg, initialContent) => {
-  const { projectId } = await getProjectConfig();
-  if (!projectId) {
-    console.error('No project found. Run "dotenc init" to create one.');
-    process.exit(1);
+var _getRunUsageHintForEnvironment = (environmentName) => {
+  if (environmentName === "development") {
+    return chalk9.gray("dotenc dev <command> [args...]");
+  }
+  return `${chalk9.gray(`dotenc run -e ${environmentName} <command> [args...]`)} or ${chalk9.gray(`DOTENC_ENV=${environmentName} dotenc run <command> [args...]`)}`;
+}, _normalizePublicKeyNamesForCreate = (selection) => {
+  if (Array.isArray(selection)) {
+    return selection;
+  }
+  if (typeof selection === "string" && selection.trim().length > 0) {
+    return [selection];
   }
+  return [];
+}, createCommand = async (environmentNameArg, publicKeyNameArg, initialContent) => {
   let environmentName = environmentNameArg;
   if (!environmentName) {
     environmentName = await createEnvironmentPrompt("What should the environment be named?", getEnvironmentNameSuggestion());
@@ -1279,7 +1379,8 @@ var createCommand = async (environmentNameArg, publicKeyNameArg, initialContent)
     console.error(`${chalk9.red("Error:")} no public keys found. Please add a public key using ${chalk9.gray("dotenc key add")}.`);
     process.exit(1);
   }
-  const publicKeys = publicKeyNameArg ? [publicKeyNameArg] : await choosePublicKeyPrompt("Which public key(s) do you want to grant access for this environment?", true);
+  const publicKeySelection = publicKeyNameArg ? publicKeyNameArg : await choosePublicKeyPrompt("Which public key(s) do you want to grant access for this environment?", true);
+  const publicKeys = _normalizePublicKeyNamesForCreate(publicKeySelection);
   const dataKey = createDataKey();
   const content = initialContent ?? `# ${environmentName} environment
 `;
@@ -1302,16 +1403,14 @@ var createCommand = async (environmentNameArg, publicKeyNameArg, initialContent)
       algorithm: publicKey.algorithm
     });
   }
-  await fs9.writeFile(path9.join(process.cwd(), `.env.${environmentName}.enc`), JSON.stringify(environmentJson, null, 2), "utf-8");
+  await fs8.writeFile(path8.join(process.cwd(), `.env.${environmentName}.enc`), JSON.stringify(environmentJson, null, 2), "utf-8");
   console.log(`${chalk9.green("✔")} Environment ${chalk9.cyan(environmentName)} created!`);
   console.log(`
 Some useful tips:`);
   const editCommand = chalk9.gray(`dotenc env edit ${environmentName}`);
   console.log(`
 - To securely edit your environment:	${editCommand}`);
-  const runCommand2 = chalk9.gray(`dotenc run -e ${environmentName} <command> [args...]`);
-  const runCommandWithEnv = chalk9.gray(`DOTENC_ENV=${environmentName} dotenc run <command> [args...]`);
-  console.log(`- To run your application:		${runCommand2} or ${runCommandWithEnv}`);
+  console.log(`- To run your application:		${_getRunUsageHintForEnvironment(environmentName)}`);
 };
 var init_create = __esm(() => {
   init_crypto();
@@ -1319,7 +1418,6 @@ var init_create = __esm(() => {
   init_environmentExists();
   init_getEnvironmentNameSuggestion();
   init_getPublicKeys();
-  init_projectConfig();
   init_choosePublicKey();
   init_createEnvironment();
 });
@@ -1446,10 +1544,10 @@ var init_getDefaultEditor = __esm(() => {
 
 // src/commands/env/edit.ts
 import { spawnSync } from "node:child_process";
-import { existsSync as existsSync6 } from "node:fs";
-import fs10 from "node:fs/promises";
+import { existsSync as existsSync5 } from "node:fs";
+import fs9 from "node:fs/promises";
 import os3 from "node:os";
-import path10 from "node:path";
+import path9 from "node:path";
 import chalk10 from "chalk";
 var editCommand = async (environmentNameArg) => {
   const environmentName = environmentNameArg || await chooseEnvironmentPrompt("What environment do you want to edit?");
@@ -1459,8 +1557,8 @@ var editCommand = async (environmentNameArg) => {
     process.exit(1);
   }
   const environmentFile = `.env.${environmentName}.enc`;
-  const environmentFilePath = path10.join(process.cwd(), environmentFile);
-  if (!existsSync6(environmentFilePath)) {
+  const environmentFilePath = path9.join(process.cwd(), environmentFile);
+  if (!existsSync5(environmentFilePath)) {
     console.error(`Environment file not found: ${environmentFilePath}`);
     process.exit(1);
   }
@@ -1484,15 +1582,15 @@ ${environment.keys.map((key) => `# - ${key.name}`).join(`
 # Use 'dotenc auth grant' and/or 'dotenc auth revoke' to manage access.
 # Make sure to save your changes before closing the editor.
 ${separator}${content}`;
-  const tempDir = await fs10.mkdtemp(path10.join(os3.tmpdir(), "dotenc-"));
-  const tempFilePath = path10.join(tempDir, `.env.${environmentName}`);
-  await fs10.writeFile(tempFilePath, content, { encoding: "utf-8", mode: 384 });
+  const tempDir = await fs9.mkdtemp(path9.join(os3.tmpdir(), "dotenc-"));
+  const tempFilePath = path9.join(tempDir, `.env.${environmentName}`);
+  await fs9.writeFile(tempFilePath, content, { encoding: "utf-8", mode: 384 });
   const initialHash = createHash(content);
   const cleanup = async () => {
-    await fs10.rm(tempDir, { recursive: true, force: true }).catch(() => {});
+    await fs9.rm(tempDir, { recursive: true, force: true }).catch(() => {});
   };
   const onSignal = () => {
-    fs10.rm(tempDir, { recursive: true, force: true }).catch(() => {}).finally(() => process.exit(130));
+    fs9.rm(tempDir, { recursive: true, force: true }).catch(() => {}).finally(() => process.exit(130));
   };
   process.on("SIGINT", onSignal);
   process.on("SIGTERM", onSignal);
@@ -1507,7 +1605,7 @@ ${separator}${content}`;
 Editor exited with code ${result.status}`);
       process.exit(1);
     }
-    let newContent = await fs10.readFile(tempFilePath, "utf-8");
+    let newContent = await fs9.readFile(tempFilePath, "utf-8");
     const finalHash = createHash(newContent);
     if (initialHash === finalHash) {
       console.log(`
@@ -1697,31 +1795,22 @@ var init_rotate = __esm(() => {
   init_chooseEnvironment();
 });
 
-// src/helpers/createProject.ts
-import { createId } from "@paralleldrive/cuid2";
-var createProject = async () => {
-  return {
-    projectId: createId()
-  };
-};
-var init_createProject = () => {};
-
 // src/helpers/setupGitDiff.ts
 import { spawnSync as spawnSync2 } from "node:child_process";
-import fs11 from "node:fs";
-import path11 from "node:path";
+import fs10 from "node:fs";
+import path10 from "node:path";
 var setupGitDiff = () => {
-  const gitattributesPath = path11.join(process.cwd(), ".gitattributes");
+  const gitattributesPath = path10.join(process.cwd(), ".gitattributes");
   const marker = "*.enc diff=dotenc";
   let content = "";
-  if (fs11.existsSync(gitattributesPath)) {
-    content = fs11.readFileSync(gitattributesPath, "utf-8");
+  if (fs10.existsSync(gitattributesPath)) {
+    content = fs10.readFileSync(gitattributesPath, "utf-8");
   }
   if (!content.includes(marker)) {
     const newline = content.length > 0 && !content.endsWith(`
 `) ? `
 ` : "";
-    fs11.writeFileSync(gitattributesPath, `${content}${newline}${marker}
+    fs10.writeFileSync(gitattributesPath, `${content}${newline}${marker}
 `);
   }
   spawnSync2("git", ["config", "--local", "diff.dotenc.textconv", "dotenc textconv"], {
@@ -1730,10 +1819,169 @@ var setupGitDiff = () => {
 };
 var init_setupGitDiff = () => {};
 
-// src/prompts/inputName.ts
+// src/helpers/createEd25519SshKey.ts
+import { spawnSync as spawnSync3 } from "node:child_process";
+import { existsSync as existsSync6 } from "node:fs";
+import fs11 from "node:fs/promises";
+import os4 from "node:os";
+import path11 from "node:path";
+var DEFAULT_DOTENC_KEY_BASENAME = "id_ed25519_dotenc", defaultResolveNewKeyPathDeps, _resolveNewDotencSshKeyPath = (deps = defaultResolveNewKeyPathDeps) => {
+  const sshDir = path11.join(os4.homedir(), ".ssh");
+  const basePath = path11.join(sshDir, DEFAULT_DOTENC_KEY_BASENAME);
+  if (!deps.existsSync(basePath) && !deps.existsSync(`${basePath}.pub`)) {
+    return basePath;
+  }
+  for (let index = 1;index < 1000; index += 1) {
+    const candidatePath = path11.join(sshDir, `${DEFAULT_DOTENC_KEY_BASENAME}_${index}`);
+    if (!deps.existsSync(candidatePath) && !deps.existsSync(`${candidatePath}.pub`)) {
+      return candidatePath;
+    }
+  }
+  throw new Error("Could not determine an available SSH key path in ~/.ssh.");
+}, defaultCreateEd25519SshKeyDeps, createEd25519SshKey = async (deps = defaultCreateEd25519SshKeyDeps) => {
+  const keyPath = deps.resolveNewSshKeyPath();
+  await deps.mkdir(path11.dirname(keyPath), { recursive: true, mode: 448 });
+  const result = deps.spawnSync("ssh-keygen", ["-t", "ed25519", "-f", keyPath, "-N", "", "-q", "-C", "dotenc"], {
+    stdio: "pipe",
+    encoding: "utf-8"
+  });
+  if (result.error) {
+    throw new Error(`Failed to run ssh-keygen: ${result.error.message || "unknown error"}`);
+  }
+  if (typeof result.status === "number" && result.status !== 0) {
+    const stderr = typeof result.stderr === "string" ? result.stderr.trim() : "";
+    const stdout = typeof result.stdout === "string" ? result.stdout.trim() : "";
+    throw new Error(`ssh-keygen failed (${result.status}): ${stderr || stdout || "unknown error"}`);
+  }
+  return keyPath;
+};
+var init_createEd25519SshKey = __esm(() => {
+  defaultResolveNewKeyPathDeps = {
+    existsSync: existsSync6
+  };
+  defaultCreateEd25519SshKeyDeps = {
+    mkdir: fs11.mkdir,
+    spawnSync: spawnSync3,
+    resolveNewSshKeyPath: () => _resolveNewDotencSshKeyPath()
+  };
+});
+
+// src/prompts/choosePrivateKey.ts
+import path12 from "node:path";
+import chalk12 from "chalk";
 import inquirer5 from "inquirer";
+function toSupportedChoice(key) {
+  return {
+    name: `${key.name} (${key.algorithm})`,
+    value: key.name
+  };
+}
+function toUnsupportedChoice(key, index) {
+  return {
+    name: `${chalk12.gray(key.name)} (${chalk12.yellow(key.reason)})`,
+    value: `__unsupported_${index}__`,
+    disabled: true
+  };
+}
+var CREATE_NEW_PRIVATE_KEY_CHOICE = "__dotenc_create_new_private_key__", defaultChoosePrivateKeyPromptDeps, buildPromptChoices = (keys, unsupportedKeys) => {
+  const choices = keys.map(toSupportedChoice);
+  if (unsupportedKeys.length > 0) {
+    if (choices.length > 0) {
+      choices.push({
+        name: chalk12.gray("────────"),
+        value: "__separator_supported_unsupported__",
+        disabled: true
+      });
+    }
+    choices.push({
+      name: chalk12.gray("Unsupported keys (ignored)"),
+      value: "__unsupported_header__",
+      disabled: true
+    });
+    choices.push(...unsupportedKeys.map(toUnsupportedChoice));
+  }
+  if (choices.length > 0) {
+    choices.push({
+      name: chalk12.gray("────────"),
+      value: "__separator_create__",
+      disabled: true
+    });
+  }
+  choices.push({
+    name: "Create a new SSH key (ed25519, recommended)",
+    value: CREATE_NEW_PRIVATE_KEY_CHOICE
+  });
+  return choices;
+}, _runChoosePrivateKeyPrompt = async (message, deps = defaultChoosePrivateKeyPromptDeps) => {
+  for (;; ) {
+    const {
+      keys,
+      passphraseProtectedKeys,
+      unsupportedKeys = []
+    } = await deps.getPrivateKeys();
+    const privateKeyMap = new Map(keys.map((key) => [key.name, key]));
+    if (!deps.isInteractive()) {
+      if (keys.length > 0) {
+        return keys[0];
+      }
+      if (passphraseProtectedKeys.length > 0) {
+        throw new Error(passphraseProtectedKeyError(passphraseProtectedKeys));
+      }
+      if (unsupportedKeys.length > 0) {
+        const unsupportedList = unsupportedKeys.map((key) => `  - ${key.name}: ${key.reason}`).join(`
+`);
+        throw new Error(`No supported SSH keys found.
+
+Unsupported keys:
+${unsupportedList}
+
+Generate a new key with:
+  ssh-keygen -t ed25519 -N ""`);
+      }
+      throw new Error('No SSH keys found in ~/.ssh/. Generate one with: ssh-keygen -t ed25519 -N ""');
+    }
+    const result = await deps.prompt([
+      {
+        type: "list",
+        name: "key",
+        message,
+        choices: buildPromptChoices(keys, unsupportedKeys)
+      }
+    ]);
+    const selected = String(result.key || "");
+    if (selected === CREATE_NEW_PRIVATE_KEY_CHOICE) {
+      try {
+        const createdPath = await deps.createEd25519SshKey();
+        deps.logInfo(`${chalk12.green("✔")} Created ${chalk12.cyan(path12.basename(createdPath))} at ${chalk12.gray(createdPath)}.`);
+      } catch (error) {
+        deps.logWarn(`${chalk12.yellow("Warning:")} failed to create a new SSH key. ${error instanceof Error ? error.message : String(error)}`);
+      }
+      continue;
+    }
+    const selectedKey = privateKeyMap.get(selected);
+    if (selectedKey) {
+      return selectedKey;
+    }
+  }
+}, choosePrivateKeyPrompt = async (message) => _runChoosePrivateKeyPrompt(message);
+var init_choosePrivateKey = __esm(() => {
+  init_createEd25519SshKey();
+  init_errors();
+  init_getPrivateKeys();
+  defaultChoosePrivateKeyPromptDeps = {
+    getPrivateKeys,
+    prompt: inquirer5.prompt,
+    createEd25519SshKey,
+    logInfo: console.log,
+    logWarn: console.warn,
+    isInteractive: () => Boolean(process.stdin.isTTY && process.stdout.isTTY)
+  };
+});
+
+// src/prompts/inputName.ts
+import inquirer6 from "inquirer";
 var inputNamePrompt = async (message, defaultValue) => {
-  const result = await inquirer5.prompt([
+  const result = await inquirer6.prompt([
     {
       type: "input",
       name: "name",
@@ -1818,9 +2066,9 @@ function validatePublicKey(key) {
 }
 
 // src/prompts/inputKey.ts
-import inquirer6 from "inquirer";
+import inquirer7 from "inquirer";
 var inputKeyPrompt = async (message, defaultValue) => {
-  const result = await inquirer6.prompt([
+  const result = await inquirer7.prompt([
     {
       type: "password",
       name: "key",
@@ -1837,26 +2085,21 @@ var init_inputKey = () => {};
 import crypto10 from "node:crypto";
 import { existsSync as existsSync7 } from "node:fs";
 import fs12 from "node:fs/promises";
-import os4 from "node:os";
-import path12 from "node:path";
-import chalk12 from "chalk";
-import inquirer7 from "inquirer";
+import os5 from "node:os";
+import path13 from "node:path";
+import chalk13 from "chalk";
+import inquirer8 from "inquirer";
 var keyAddCommand = async (nameArg, options) => {
-  const { projectId } = await getProjectConfig();
-  if (!projectId) {
-    console.error('No project found. Run "dotenc init" to create one.');
-    process.exit(1);
-  }
   let publicKey;
   if (options?.fromSsh) {
-    const sshPath = options.fromSsh.startsWith("~") ? path12.join(os4.homedir(), options.fromSsh.slice(1)) : options.fromSsh;
+    const sshPath = options.fromSsh.startsWith("~") ? path13.join(os5.homedir(), options.fromSsh.slice(1)) : options.fromSsh;
     if (!existsSync7(sshPath)) {
-      console.error(`File ${chalk12.cyan(sshPath)} does not exist. Please provide a valid SSH key path.`);
+      console.error(`File ${chalk13.cyan(sshPath)} does not exist. Please provide a valid SSH key path.`);
       process.exit(1);
     }
     const keyContent = await fs12.readFile(sshPath, "utf-8");
     if (isPassphraseProtected(keyContent)) {
-      console.error(`${chalk12.red("Error:")} the provided key is passphrase-protected, which is not currently supported by dotenc.`);
+      console.error(`${chalk13.red("Error:")} the provided key is passphrase-protected, which is not currently supported by dotenc.`);
       process.exit(1);
     }
     try {
@@ -1879,12 +2122,12 @@ var keyAddCommand = async (nameArg, options) => {
   }
   if (options?.fromFile) {
     if (!existsSync7(options.fromFile)) {
-      console.error(`File ${chalk12.cyan(options.fromFile)} does not exist. Please provide a valid file path.`);
+      console.error(`File ${chalk13.cyan(options.fromFile)} does not exist. Please provide a valid file path.`);
       process.exit(1);
     }
     const keyContent = await fs12.readFile(options.fromFile, "utf-8");
     if (isPassphraseProtected(keyContent)) {
-      console.error(`${chalk12.red("Error:")} the provided key is passphrase-protected, which is not currently supported by dotenc.`);
+      console.error(`${chalk13.red("Error:")} the provided key is passphrase-protected, which is not currently supported by dotenc.`);
       process.exit(1);
     }
     try {
@@ -1906,7 +2149,7 @@ var keyAddCommand = async (nameArg, options) => {
   }
   if (options?.fromString) {
     if (isPassphraseProtected(options.fromString)) {
-      console.error(`${chalk12.red("Error:")} the provided key is passphrase-protected, which is not currently supported by dotenc.`);
+      console.error(`${chalk13.red("Error:")} the provided key is passphrase-protected, which is not currently supported by dotenc.`);
       process.exit(1);
     }
     try {
@@ -1927,23 +2170,12 @@ var keyAddCommand = async (nameArg, options) => {
     }
   }
   if (!publicKey) {
-    const { keys: sshKeys, passphraseProtectedKeys } = await getPrivateKeys();
-    if (sshKeys.length === 0 && passphraseProtectedKeys.length > 0) {
-      console.warn(`${chalk12.yellow("Warning:")} SSH keys were found but are passphrase-protected (not supported by dotenc):
-${passphraseProtectedKeys.map((k) => `  - ${k}`).join(`
-`)}
-`);
-    }
-    const choices = sshKeys.map((key) => ({
-      name: `${key.name} (${key.algorithm})`,
-      value: key.name
-    }));
-    const modePrompt = await inquirer7.prompt({
+    const modePrompt = await inquirer8.prompt({
       type: "list",
       name: "mode",
       message: "Would you like to add one of your SSH keys or paste a public key?",
       choices: [
-        ...choices.length ? [{ name: "Choose from my SSH keys", value: "choose" }] : [],
+        { name: "Choose or create an SSH key", value: "choose" },
         { name: "Paste a public key (PEM format)", value: "paste" }
       ]
     });
@@ -1961,15 +2193,11 @@ ${passphraseProtectedKeys.map((k) => `  - ${k}`).join(`
         process.exit(1);
       }
     } else {
-      const keyPrompt = await inquirer7.prompt({
-        type: "list",
-        name: "key",
-        message: "Which SSH key do you want to add?",
-        choices
-      });
-      const selectedKey = sshKeys.find((k) => k.name === keyPrompt.key);
-      if (!selectedKey) {
-        console.error("SSH key not found.");
+      let selectedKey;
+      try {
+        selectedKey = await choosePrivateKeyPrompt("Which SSH key do you want to add?");
+      } catch (error) {
+        console.error(error instanceof Error ? error.message : String(error));
         process.exit(1);
       }
       publicKey = crypto10.createPublicKey(selectedKey.privateKey);
@@ -1991,25 +2219,24 @@ ${passphraseProtectedKeys.map((k) => `  - ${k}`).join(`
     type: "spki",
     format: "pem"
   });
-  if (!existsSync7(path12.join(process.cwd(), ".dotenc"))) {
-    await fs12.mkdir(path12.join(process.cwd(), ".dotenc"));
+  if (!existsSync7(path13.join(process.cwd(), ".dotenc"))) {
+    await fs12.mkdir(path13.join(process.cwd(), ".dotenc"));
   }
   let name = nameArg;
   if (!name) {
     name = await inputNamePrompt("What name do you want to give to the new public key?");
-    if (existsSync7(path12.join(process.cwd(), ".dotenc", `${name}.pub`))) {
-      console.error(`A public key with name ${chalk12.cyan(name)} already exists. Please choose a different name.`);
+    if (existsSync7(path13.join(process.cwd(), ".dotenc", `${name}.pub`))) {
+      console.error(`A public key with name ${chalk13.cyan(name)} already exists. Please choose a different name.`);
       process.exit(1);
     }
   }
-  await fs12.writeFile(path12.join(process.cwd(), ".dotenc", `${name}.pub`), publicKeyOutput, "utf-8");
+  await fs12.writeFile(path13.join(process.cwd(), ".dotenc", `${name}.pub`), publicKeyOutput, "utf-8");
   console.log(`
-Public key ${chalk12.cyan(name)} added successfully!`);
+Public key ${chalk13.cyan(name)} added successfully!`);
 };
 var init_add = __esm(() => {
-  init_getPrivateKeys();
   init_parseOpenSSHKey();
-  init_projectConfig();
+  init_choosePrivateKey();
   init_inputKey();
   init_inputName();
 });
@@ -2018,61 +2245,32 @@ var init_add = __esm(() => {
 import crypto11 from "node:crypto";
 import { existsSync as existsSync8 } from "node:fs";
 import fs13 from "node:fs/promises";
-import os5 from "node:os";
-import path13 from "node:path";
-import chalk13 from "chalk";
-import inquirer8 from "inquirer";
-var initCommand = async (options) => {
-  const { keys: privateKeys, passphraseProtectedKeys } = await getPrivateKeys();
-  if (!privateKeys.length) {
-    if (passphraseProtectedKeys.length > 0) {
-      console.error(passphraseProtectedKeyError(passphraseProtectedKeys));
-    } else {
-      console.error(`${chalk13.red("Error:")} no SSH keys found in ~/.ssh/. Please generate one first using ${chalk13.gray("ssh-keygen")}.`);
-    }
-    process.exit(1);
+import os6 from "node:os";
+import path14 from "node:path";
+import chalk14 from "chalk";
+var _resolveDocsUrl = () => {
+  if (typeof package_default.homepage === "string" && package_default.homepage.trim().length > 0) {
+    return package_default.homepage;
   }
-  const username = options.name || await inputNamePrompt("What's your name?", os5.userInfo().username);
+  const repositoryUrl = typeof package_default.repository === "string" ? package_default.repository : package_default.repository?.url;
+  if (typeof repositoryUrl !== "string" || repositoryUrl.trim().length === 0) {
+    return;
+  }
+  return repositoryUrl.replace(/^git\+/, "").replace(/\.git$/, "");
+}, initCommand = async (options) => {
+  const username = options.name || await inputNamePrompt("What's your name?", os6.userInfo().username);
   if (!username) {
-    console.error(`${chalk13.red("Error:")} no name provided.`);
+    console.error(`${chalk14.red("Error:")} no name provided.`);
     process.exit(1);
   }
-  if (!existsSync8(path13.join(process.cwd(), "dotenc.json"))) {
-    console.log("No project found. Let's create a new one.");
-    try {
-      const { projectId } = await createProject();
-      await fs13.writeFile(path13.join(process.cwd(), "dotenc.json"), JSON.stringify({ projectId }, null, 2), "utf-8");
-    } catch (error) {
-      console.error(`${chalk13.red("Error:")} failed to create the project.`);
-      console.error(`${chalk13.red("Details:")} ${error instanceof Error ? error.message : error}`);
-      process.exit(1);
-    }
-  }
-  let keyToAdd;
-  if (privateKeys.length === 1) {
-    keyToAdd = privateKeys[0].name;
-  } else {
-    const result = await inquirer8.prompt([
-      {
-        type: "list",
-        name: "key",
-        message: "Which SSH key would you like to use?",
-        choices: privateKeys.map((key) => ({
-          name: `${key.name} (${key.algorithm})`,
-          value: key.name
-        }))
-      }
-    ]);
-    keyToAdd = result.key;
-  }
-  if (!keyToAdd) {
-    console.error(`${chalk13.red("Error:")} no SSH key selected. Please select a key.`);
+  let keyEntry;
+  try {
+    keyEntry = await choosePrivateKeyPrompt("Which SSH key would you like to use?");
+  } catch (error) {
+    console.error(error instanceof Error ? error.message : String(error));
     process.exit(1);
   }
-  const keyEntry = privateKeys.find((k) => k.name === keyToAdd);
-  if (!keyEntry)
-    process.exit(1);
-  console.log(`Adding key: ${chalk13.cyan(username)} (${keyEntry.algorithm})`);
+  console.log(`Adding key: ${chalk14.cyan(username)} (${keyEntry.algorithm})`);
   const publicKey = crypto11.createPublicKey(keyEntry.privateKey);
   const publicKeyPem = publicKey.export({ type: "spki", format: "pem" }).toString();
   await keyAddCommand(username, {
@@ -2081,36 +2279,47 @@ var initCommand = async (options) => {
   try {
     setupGitDiff();
   } catch (_error) {
-    console.warn(`${chalk13.yellow("Warning:")} could not set up git diff driver. You can run ${chalk13.gray("dotenc init")} again inside a git repository.`);
+    console.warn(`${chalk14.yellow("Warning:")} could not set up git diff driver. You can run ${chalk14.gray("dotenc init")} again inside a git repository.`);
   }
   let initialContent;
-  const envPath = path13.join(process.cwd(), ".env");
+  const envPath = path14.join(process.cwd(), ".env");
   if (existsSync8(envPath)) {
     initialContent = await fs13.readFile(envPath, "utf-8");
     await fs13.unlink(envPath);
-    console.log(`Migrated ${chalk13.gray(".env")} contents to ${chalk13.cyan(username)} environment.`);
+    console.log(`Migrated ${chalk14.gray(".env")} contents to ${chalk14.cyan("development")} environment.`);
+  }
+  await createCommand("development", username, initialContent);
+  if (username !== "development") {
+    await createCommand(username, username);
   }
-  await createCommand(username, username, initialContent);
   console.log(`
-${chalk13.green("✔")} Initialization complete!`);
+${chalk14.green("✔")} Initialization complete!`);
   console.log(`
 Some useful tips:`);
-  const editCmd = chalk13.gray(`dotenc env edit ${username}`);
-  console.log(`- To edit your personal environment:	${editCmd}`);
-  const devCmd = chalk13.gray("dotenc dev <command>");
-  console.log(`- To run with your encrypted env:	${devCmd}`);
+  const developmentEditCmd = chalk14.gray("dotenc env edit development");
+  const personalEditCmd = chalk14.gray(`dotenc env edit ${username}`);
+  console.log(`- Edit the development environment:	${developmentEditCmd}`);
+  if (username !== "development") {
+    console.log(`- Edit your personal environment:	${personalEditCmd}`);
+  }
+  const devEnvironmentChain = username === "development" ? "development" : `development,${username}`;
+  const devCmd = chalk14.gray("dotenc dev <command>");
+  console.log(`- Run in development mode:		${devCmd} ${chalk14.gray(`(loads ${devEnvironmentChain})`)}`);
+  const docsUrl = _resolveDocsUrl();
+  if (docsUrl) {
+    console.log(`- Full docs:			${chalk14.gray(docsUrl)}`);
+  }
   if (existsSync8(".claude") || existsSync8("CLAUDE.md")) {
-    console.log(`- Install the agent skill:		${chalk13.gray("dotenc tools install-agent-skill")}`);
+    console.log(`- Install the agent skill:		${chalk14.gray("dotenc tools install-agent-skill")}`);
   }
   if (existsSync8(".vscode") || existsSync8(".cursor") || existsSync8(".windsurf")) {
-    console.log(`- Add the editor extension:		${chalk13.gray("dotenc tools install-vscode-extension")}`);
+    console.log(`- Add the editor extension:		${chalk14.gray("dotenc tools install-vscode-extension")}`);
   }
 };
 var init_init = __esm(() => {
-  init_createProject();
-  init_errors();
-  init_getPrivateKeys();
+  init_package();
   init_setupGitDiff();
+  init_choosePrivateKey();
   init_inputName();
   init_create();
   init_add();
@@ -2148,16 +2357,16 @@ var init_confirm = () => {};
 // src/commands/key/remove.ts
 import { existsSync as existsSync9 } from "node:fs";
 import fs14 from "node:fs/promises";
-import path14 from "node:path";
-import chalk14 from "chalk";
+import path15 from "node:path";
+import chalk15 from "chalk";
 var keyRemoveCommand = async (nameArg) => {
   let name = nameArg;
   if (!name) {
     name = await choosePublicKeyPrompt("Which public key do you want to remove?");
   }
-  const filePath = path14.join(process.cwd(), ".dotenc", `${name}.pub`);
+  const filePath = path15.join(process.cwd(), ".dotenc", `${name}.pub`);
   if (!existsSync9(filePath)) {
-    console.error(`Public key ${chalk14.cyan(name)} not found.`);
+    console.error(`Public key ${chalk15.cyan(name)} not found.`);
     process.exit(1);
   }
   const allEnvironments = await getEnvironments();
@@ -2171,7 +2380,7 @@ var keyRemoveCommand = async (nameArg) => {
     } catch {}
   }
   if (affectedEnvironments.length > 0) {
-    console.log(`Key ${chalk14.cyan(name)} has access to the following environments:`);
+    console.log(`Key ${chalk15.cyan(name)} has access to the following environments:`);
     for (const env of affectedEnvironments) {
       console.log(`  - ${env}`);
     }
@@ -2184,7 +2393,7 @@ Access will be revoked from these environments automatically.`);
     return;
   }
   await fs14.unlink(filePath);
-  console.log(`Public key ${chalk14.cyan(name)} removed successfully.`);
+  console.log(`Public key ${chalk15.cyan(name)} removed successfully.`);
   for (const envName of affectedEnvironments) {
     try {
       const envJson = await getEnvironmentByName(envName);
@@ -2192,9 +2401,9 @@ Access will be revoked from these environments automatically.`);
       await encryptEnvironment(envName, content, {
         revokePublicKeys: [name]
       });
-      console.log(`Revoked access from ${chalk14.cyan(envName)} environment.`);
+      console.log(`Revoked access from ${chalk15.cyan(envName)} environment.`);
     } catch {
-      console.warn(`${chalk14.yellow("Warning:")} could not revoke access from ${chalk14.cyan(envName)}. You may need to run ${chalk14.gray(`dotenc auth revoke ${envName} ${name}`)} manually or rotate the environment.`);
+      console.warn(`${chalk15.yellow("Warning:")} could not revoke access from ${chalk15.cyan(envName)}. You may need to run ${chalk15.gray(`dotenc auth revoke ${envName} ${name}`)} manually or rotate the environment.`);
     }
   }
 };
@@ -2209,9 +2418,9 @@ var init_remove = __esm(() => {
 
 // src/commands/textconv.ts
 import fs15 from "node:fs/promises";
-import path15 from "node:path";
+import path16 from "node:path";
 var textconvCommand = async (filePath) => {
-  const absolutePath = path15.isAbsolute(filePath) ? filePath : path15.join(process.cwd(), filePath);
+  const absolutePath = path16.isAbsolute(filePath) ? filePath : path16.join(process.cwd(), filePath);
   try {
     const environment = await getEnvironmentByPath(absolutePath);
     const plaintext = await decryptEnvironmentData(environment);
@@ -2228,18 +2437,18 @@ var init_textconv = __esm(() => {
 
 // src/commands/tools/install-agent-skill.ts
 import { spawn as spawn2 } from "node:child_process";
-import chalk15 from "chalk";
+import chalk16 from "chalk";
 import inquirer10 from "inquirer";
-var SKILL_SOURCE = "ivanfilhoz/dotenc", SKILL_NAME = "dotenc", runNpx = (args) => new Promise((resolve, reject) => {
-  const child = spawn2("npx", args, {
+var SKILL_SOURCE = "ivanfilhoz/dotenc", SKILL_NAME = "dotenc", runNpx = (args, spawnImpl = spawn2) => new Promise((resolve, reject) => {
+  const child = spawnImpl("npx", args, {
     stdio: "inherit",
     shell: process.platform === "win32"
   });
   child.on("error", reject);
   child.on("exit", (code) => resolve(code ?? 1));
-}), defaultDeps, _runInstallAgentSkillCommand = async (options, depsOverrides = {}) => {
+}), defaultDeps2, _runInstallAgentSkillCommand = async (options, depsOverrides = {}) => {
   const deps = {
-    ...defaultDeps,
+    ...defaultDeps2,
     ...depsOverrides
   };
   const { scope } = await deps.prompt([
@@ -2265,21 +2474,21 @@ var SKILL_SOURCE = "ivanfilhoz/dotenc", SKILL_NAME = "dotenc", runNpx = (args) =
   try {
     exitCode = await deps.runNpx(args);
   } catch (error) {
-    deps.logError(`${chalk15.red("Error:")} failed to run ${chalk15.gray(npxCommand)}.`);
-    deps.logError(`${chalk15.red("Details:")} ${error instanceof Error ? error.message : String(error)}`);
+    deps.logError(`${chalk16.red("Error:")} failed to run ${chalk16.gray(npxCommand)}.`);
+    deps.logError(`${chalk16.red("Details:")} ${error instanceof Error ? error.message : String(error)}`);
     deps.exit(1);
   }
   if (exitCode !== 0) {
-    deps.logError(`${chalk15.red("Error:")} skill installation command exited with code ${exitCode}.`);
+    deps.logError(`${chalk16.red("Error:")} skill installation command exited with code ${exitCode}.`);
     deps.exit(exitCode);
   }
-  deps.log(`${chalk15.green("✓")} Agent skill installation completed via ${chalk15.gray(npxCommand)}.`);
-  deps.log(`Run ${chalk15.gray("/dotenc")} in your agent to use it.`);
+  deps.log(`${chalk16.green("✓")} Agent skill installation completed via ${chalk16.gray(npxCommand)}.`);
+  deps.log(`Run ${chalk16.gray("/dotenc")} in your agent to use it.`);
 }, installAgentSkillCommand = async (options) => {
   await _runInstallAgentSkillCommand(options);
 };
 var init_install_agent_skill = __esm(() => {
-  defaultDeps = {
+  defaultDeps2 = {
     prompt: inquirer10.prompt,
     runNpx,
     log: console.log,
@@ -2292,12 +2501,12 @@ var init_install_agent_skill = __esm(() => {
 import { exec, execFile } from "node:child_process";
 import { existsSync as existsSync10 } from "node:fs";
 import fs16 from "node:fs/promises";
-import path16 from "node:path";
+import path17 from "node:path";
 import { promisify } from "node:util";
-import chalk16 from "chalk";
+import chalk17 from "chalk";
 import inquirer11 from "inquirer";
 async function addToExtensionsJson() {
-  const extensionsJsonPath = path16.join(process.cwd(), ".vscode", "extensions.json");
+  const extensionsJsonPath = path17.join(process.cwd(), ".vscode", "extensions.json");
   let json = {};
   if (existsSync10(extensionsJsonPath)) {
     const content = await fs16.readFile(extensionsJsonPath, "utf-8");
@@ -2307,7 +2516,7 @@ async function addToExtensionsJson() {
       json = {};
     }
   } else {
-    await fs16.mkdir(path16.join(process.cwd(), ".vscode"), { recursive: true });
+    await fs16.mkdir(path17.join(process.cwd(), ".vscode"), { recursive: true });
   }
   if (!Array.isArray(json.recommendations)) {
     json.recommendations = [];
@@ -2315,9 +2524,9 @@ async function addToExtensionsJson() {
   if (!json.recommendations.includes(EXTENSION_ID)) {
     json.recommendations.push(EXTENSION_ID);
     await fs16.writeFile(extensionsJsonPath, JSON.stringify(json, null, 2), "utf-8");
-    console.log(`${chalk16.green("✓")} Added dotenc to ${chalk16.gray(".vscode/extensions.json")}`);
+    console.log(`${chalk17.green("✓")} Added dotenc to ${chalk17.gray(".vscode/extensions.json")}`);
   } else {
-    console.log(`${chalk16.green("✓")} dotenc already in ${chalk16.gray(".vscode/extensions.json")}`);
+    console.log(`${chalk17.green("✓")} dotenc already in ${chalk17.gray(".vscode/extensions.json")}`);
   }
 }
 async function which(bin) {
@@ -2330,11 +2539,11 @@ async function which(bin) {
 }
 async function detectEditors() {
   const detected = [];
-  if (existsSync10(path16.join(process.cwd(), ".cursor")))
+  if (existsSync10(path17.join(process.cwd(), ".cursor")))
     detected.push("cursor");
-  if (existsSync10(path16.join(process.cwd(), ".windsurf")))
+  if (existsSync10(path17.join(process.cwd(), ".windsurf")))
     detected.push("windsurf");
-  if (existsSync10(path16.join(process.cwd(), ".vscode")))
+  if (existsSync10(path17.join(process.cwd(), ".vscode")))
     detected.push("vscode");
   const checks = [
     { key: "cursor", bins: ["cursor"] },
@@ -2381,7 +2590,7 @@ async function _runInstallVscodeExtension(getEditors = detectEditors, _openUrl =
   await addToExtensionsJson();
   if (editors.length === 0) {
     console.log(`
-Install the extension in VS Code: ${chalk16.cyan(EDITOR_PROTOCOL_URLS.vscode)}`);
+Install the extension in VS Code: ${chalk17.cyan(EDITOR_PROTOCOL_URLS.vscode)}`);
     return;
   }
   if (editors.length === 1) {
@@ -2400,10 +2609,10 @@ Install the extension in VS Code: ${chalk16.cyan(EDITOR_PROTOCOL_URLS.vscode)}`)
       try {
         await _openUrl(url);
       } catch {
-        console.log(`Open manually: ${chalk16.cyan(url)}`);
+        console.log(`Open manually: ${chalk17.cyan(url)}`);
       }
     } else {
-      console.log(`Install manually: ${chalk16.cyan(url)}`);
+      console.log(`Install manually: ${chalk17.cyan(url)}`);
     }
     return;
   }
@@ -2412,7 +2621,7 @@ Install the extension in your editor:`);
   for (const editor of editors) {
     const name = EDITOR_NAMES[editor] ?? editor;
     const url = EDITOR_PROTOCOL_URLS[editor];
-    console.log(`  ${name}: ${chalk16.cyan(url)}`);
+    console.log(`  ${name}: ${chalk17.cyan(url)}`);
   }
 }
 var execFileAsync, execAsync, EXTENSION_ID = "dotenc.dotenc", EDITOR_PROTOCOL_URLS, EDITOR_NAMES, installVscodeExtensionCommand = async () => {
@@ -2519,31 +2728,31 @@ var init_update = () => {};
 
 // src/commands/update.ts
 import { spawn as spawn3 } from "node:child_process";
-import chalk17 from "chalk";
-var runPackageManagerCommand = (command, args) => new Promise((resolve, reject) => {
-  const child = spawn3(command, args, {
+import chalk18 from "chalk";
+var runPackageManagerCommand = (command, args, spawnImpl = spawn3) => new Promise((resolve, reject) => {
+  const child = spawnImpl(command, args, {
     stdio: "inherit",
     shell: process.platform === "win32"
   });
   child.on("error", reject);
   child.on("exit", (code) => resolve(code ?? 1));
-}), defaultDeps2, updateCommands, _runUpdateCommand = async (depsOverrides = {}) => {
+}), defaultDeps3, updateCommands, _runUpdateCommand = async (depsOverrides = {}) => {
   const deps = {
-    ...defaultDeps2,
+    ...defaultDeps3,
     ...depsOverrides
   };
   const method = deps.detectInstallMethod();
   if (method === "binary") {
-    deps.log(`Standalone binary detected. Download the latest release at ${chalk17.cyan(GITHUB_RELEASES_URL)}.`);
+    deps.log(`Standalone binary detected. Download the latest release at ${chalk18.cyan(GITHUB_RELEASES_URL)}.`);
     return;
   }
   if (method === "unknown") {
     deps.log("Could not determine installation method automatically.");
     deps.log(`Try one of these commands:`);
-    deps.log(`  ${chalk17.gray("brew upgrade dotenc")}`);
-    deps.log(`  ${chalk17.gray("scoop update dotenc")}`);
-    deps.log(`  ${chalk17.gray("npm install -g @dotenc/cli")}`);
-    deps.log(`Or download from ${chalk17.cyan(GITHUB_RELEASES_URL)}.`);
+    deps.log(`  ${chalk18.gray("brew upgrade dotenc")}`);
+    deps.log(`  ${chalk18.gray("scoop update dotenc")}`);
+    deps.log(`  ${chalk18.gray("npm install -g @dotenc/cli")}`);
+    deps.log(`Or download from ${chalk18.cyan(GITHUB_RELEASES_URL)}.`);
     return;
   }
   const updater = updateCommands[method];
@@ -2552,12 +2761,12 @@ var runPackageManagerCommand = (command, args) => new Promise((resolve, reject)
   try {
     exitCode = await deps.runPackageManagerCommand(updater.command, updater.args);
   } catch (error) {
-    deps.logError(`${chalk17.red("Error:")} failed to run ${chalk17.gray([updater.command, ...updater.args].join(" "))}.`);
-    deps.logError(`${chalk17.red("Details:")} ${error instanceof Error ? error.message : String(error)}`);
+    deps.logError(`${chalk18.red("Error:")} failed to run ${chalk18.gray([updater.command, ...updater.args].join(" "))}.`);
+    deps.logError(`${chalk18.red("Details:")} ${error instanceof Error ? error.message : String(error)}`);
     deps.exit(1);
   }
   if (exitCode !== 0) {
-    deps.logError(`${chalk17.red("Error:")} update command exited with code ${exitCode}.`);
+    deps.logError(`${chalk18.red("Error:")} update command exited with code ${exitCode}.`);
     deps.exit(exitCode);
   }
 }, updateCommand = async () => {
@@ -2565,7 +2774,7 @@ var runPackageManagerCommand = (command, args) => new Promise((resolve, reject)
 };
 var init_update2 = __esm(() => {
   init_update();
-  defaultDeps2 = {
+  defaultDeps3 = {
     detectInstallMethod,
     runPackageManagerCommand,
     log: console.log,
@@ -2644,8 +2853,8 @@ var init_whoami = __esm(() => {
 });
 
 // src/helpers/updateNotifier.ts
-import chalk18 from "chalk";
-var CHECK_INTERVAL_MS, defaultDeps3, shouldSkipCheck = (args, env) => {
+import chalk19 from "chalk";
+var CHECK_INTERVAL_MS, defaultDeps4, shouldSkipCheck = (args, env) => {
   if (env.DOTENC_SKIP_UPDATE_CHECK === "1") {
     return true;
   }
@@ -2667,7 +2876,7 @@ var CHECK_INTERVAL_MS, defaultDeps3, shouldSkipCheck = (args, env) => {
   } catch {}
 }, maybeNotifyAboutUpdate = async (depsOverrides = {}) => {
   const deps = {
-    ...defaultDeps3,
+    ...defaultDeps4,
     ...depsOverrides
   };
   if (shouldSkipCheck(deps.args, deps.env)) {
@@ -2700,7 +2909,7 @@ var CHECK_INTERVAL_MS, defaultDeps3, shouldSkipCheck = (args, env) => {
   if (updateState.notifiedVersion === latestVersion) {
     return;
   }
-  deps.log(`${chalk18.yellow("Update available:")} ${chalk18.gray(`dotenc ${deps.currentVersion}`)} -> ${chalk18.cyan(`dotenc ${latestVersion}`)}. Run ${chalk18.gray("dotenc update")}.`);
+  deps.log(`${chalk19.yellow("Update available:")} ${chalk19.gray(`dotenc ${deps.currentVersion}`)} -> ${chalk19.cyan(`dotenc ${latestVersion}`)}. Run ${chalk19.gray("dotenc update")}.`);
   updateState = {
     ...updateState,
     notifiedVersion: latestVersion
@@ -2712,7 +2921,7 @@ var init_updateNotifier = __esm(() => {
   init_homeConfig();
   init_update();
   CHECK_INTERVAL_MS = 6 * 60 * 60 * 1000;
-  defaultDeps3 = {
+  defaultDeps4 = {
     getHomeConfig,
     setHomeConfig,
     fetchLatestVersion,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@dotenc/cli",
-  "version": "0.5.2",
+  "version": "0.6.0",
   "description": "🔐 Git-native encrypted environments powered by your SSH keys",
   "author": "Ivan Filho <i@ivanfilho.com>",
   "license": "MIT",
@@ -31,7 +31,6 @@
     "typescript": "^5.8.2"
   },
   "dependencies": {
-    "@paralleldrive/cuid2": "^2.2.2",
     "chalk": "^5.4.1",
     "commander": "^13.1.0",
     "eciesjs": "^0.4.15",