npm - @tolgamorf/env2op-cli - Versions diffs - 0.1.5 → 0.2.1 - Mend

@tolgamorf/env2op-cli 0.1.5 → 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/cli.js CHANGED Viewed

@@ -1,187 +1,160 @@
 #!/usr/bin/env node
+import { createRequire } from "node:module";
 var __create = Object.create;
+var __getProtoOf = Object.getPrototypeOf;
 var __defProp = Object.defineProperty;
-var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
-var __getProtoOf = Object.getPrototypeOf;
 var __hasOwnProp = Object.prototype.hasOwnProperty;
-var __commonJS = (cb, mod) => function __require() {
-  return mod || (0, cb[__getOwnPropNames(cb)[0]])((mod = { exports: {} }).exports, mod), mod.exports;
-};
-var __copyProps = (to, from, except, desc) => {
-  if (from && typeof from === "object" || typeof from === "function") {
-    for (let key of __getOwnPropNames(from))
-      if (!__hasOwnProp.call(to, key) && key !== except)
-        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
-  }
+var __toESM = (mod, isNodeMode, target) => {
+  target = mod != null ? __create(__getProtoOf(mod)) : {};
+  const to = isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target;
+  for (let key of __getOwnPropNames(mod))
+    if (!__hasOwnProp.call(to, key))
+      __defProp(to, key, {
+        get: () => mod[key],
+        enumerable: true
+      });
   return to;
 };
-var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
-  // If the importer is in node compatibility mode or this is not an ESM
-  // file that has been converted to a CommonJS file using a Babel-
-  // compatible transform (i.e. "__esModule" has not been set), then set
-  // "default" to the CommonJS "module.exports" for node compatibility.
-  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
-  mod
-));
+var __commonJS = (cb, mod) => () => (mod || cb((mod = { exports: {} }).exports, mod), mod.exports);
 // package.json
-var require_package = __commonJS({
-  "package.json"(exports, module) {
-    module.exports = {
-      name: "@tolgamorf/env2op-cli",
-      version: "0.1.5",
-      description: "Convert .env files to 1Password Secure Notes and generate templates for op inject/run",
-      type: "module",
-      main: "dist/index.js",
-      module: "dist/index.js",
-      types: "dist/index.d.ts",
-      exports: {
-        ".": {
-          import: "./dist/index.js",
-          types: "./dist/index.d.ts"
-        }
-      },
-      bin: {
-        env2op: "dist/cli.js",
-        op2env: "dist/op2env-cli.js"
-      },
-      files: [
-        "dist",
-        "LICENSE",
-        "README.md"
-      ],
-      scripts: {
-        dev: "bun run src/cli.ts",
-        build: "tsup",
-        test: "bun test",
-        "test:watch": "bun test --watch",
-        "test:coverage": "bun test --coverage",
-        typecheck: "tsc --noEmit",
-        lint: "bunx biome check .",
-        "lint:fix": "bunx biome check . --write",
-        format: "bunx biome format --write .",
-        "format:check": "bunx biome format .",
-        prepublishOnly: "bun run build",
-        release: "bun run scripts/release.ts"
-      },
-      keywords: [
-        "env",
-        "1password",
-        "op",
-        "cli",
-        "secrets",
-        "environment-variables",
-        "dotenv",
-        "secure-notes",
-        "bun",
-        "op-inject",
-        "op-run",
-        "template"
-      ],
-      author: {
-        name: "Tolga O.",
-        url: "https://github.com/tolgamorf"
-      },
-      license: "MIT",
-      repository: {
-        type: "git",
-        url: "git+https://github.com/tolgamorf/env2op-cli.git"
-      },
-      bugs: {
-        url: "https://github.com/tolgamorf/env2op-cli/issues"
-      },
-      homepage: "https://github.com/tolgamorf/env2op-cli#readme",
-      engines: {
-        node: ">=18.0.0"
-      },
-      dependencies: {
-        "@clack/prompts": "^0.11.0",
-        picocolors: "^1.1.1"
-      },
-      devDependencies: {
-        "@biomejs/biome": "^2.3.10",
-        "@tsconfig/bun": "^1.0.10",
-        "@types/bun": "^1.3.5",
-        tsup: "^8.5.1",
-        typescript: "^5.9.3"
+var require_package = __commonJS((exports, module) => {
+  module.exports = {
+    name: "@tolgamorf/env2op-cli",
+    version: "0.2.1",
+    description: "Convert .env files to 1Password Secure Notes and generate templates for op inject/run",
+    type: "module",
+    main: "dist/index.js",
+    module: "dist/index.js",
+    types: "dist/index.d.ts",
+    exports: {
+      ".": {
+        import: "./dist/index.js",
+        types: "./dist/index.d.ts"
       }
-    };
-  }
+    },
+    bin: {
+      env2op: "dist/cli.js",
+      op2env: "dist/op2env-cli.js"
+    },
+    files: [
+      "dist",
+      "LICENSE",
+      "README.md"
+    ],
+    scripts: {
+      dev: "bun run src/cli.ts",
+      build: "bunup",
+      test: "bun test",
+      "test:watch": "bun test --watch",
+      "test:coverage": "bun test --coverage",
+      typecheck: "tsc --noEmit",
+      lint: "bunx biome check .",
+      "lint:fix": "bunx biome check . --write",
+      format: "bunx biome format --write .",
+      "format:check": "bunx biome format .",
+      prepublishOnly: "bun run build",
+      release: "bun run scripts/release.ts"
+    },
+    keywords: [
+      "env",
+      "1password",
+      "op",
+      "cli",
+      "secrets",
+      "environment-variables",
+      "dotenv",
+      "secure-notes",
+      "bun",
+      "op-inject",
+      "op-run",
+      "template"
+    ],
+    author: {
+      name: "Tolga O.",
+      url: "https://github.com/tolgamorf"
+    },
+    license: "MIT",
+    repository: {
+      type: "git",
+      url: "git+https://github.com/tolgamorf/env2op-cli.git"
+    },
+    bugs: {
+      url: "https://github.com/tolgamorf/env2op-cli/issues"
+    },
+    homepage: "https://github.com/tolgamorf/env2op-cli#readme",
+    engines: {
+      node: ">=18.0.0"
+    },
+    dependencies: {
+      "@clack/prompts": "^0.11.0",
+      picocolors: "^1.1.1"
+    },
+    devDependencies: {
+      "@biomejs/biome": "^2.3.10",
+      "@tsconfig/bun": "^1.0.10",
+      "@types/bun": "^1.3.5",
+      bunup: "^0.16.17",
+      typescript: "^5.9.3"
+    }
+  };
 });
 // src/cli.ts
-import pc2 from "picocolors";
+import pc3 from "picocolors";
 // src/commands/convert.ts
-import { basename, dirname, join } from "path";
+import { basename, dirname, join } from "node:path";
 import * as p2 from "@clack/prompts";
 // src/core/env-parser.ts
-import { existsSync, readFileSync } from "fs";
+import { readFile } from "node:fs/promises";
 // src/utils/errors.ts
-var Env2OpError = class extends Error {
+class Env2OpError extends Error {
+  code;
+  suggestion;
   constructor(message, code, suggestion) {
     super(message);
     this.code = code;
     this.suggestion = suggestion;
     this.name = "Env2OpError";
   }
-};
+}
 var ErrorCodes = {
   ENV_FILE_NOT_FOUND: "ENV_FILE_NOT_FOUND",
   ENV_FILE_EMPTY: "ENV_FILE_EMPTY",
   OP_CLI_NOT_INSTALLED: "OP_CLI_NOT_INSTALLED",
   OP_NOT_SIGNED_IN: "OP_NOT_SIGNED_IN",
+  OP_SIGNIN_FAILED: "OP_SIGNIN_FAILED",
   VAULT_NOT_FOUND: "VAULT_NOT_FOUND",
   VAULT_CREATE_FAILED: "VAULT_CREATE_FAILED",
   ITEM_EXISTS: "ITEM_EXISTS",
   ITEM_CREATE_FAILED: "ITEM_CREATE_FAILED",
+  ITEM_EDIT_FAILED: "ITEM_EDIT_FAILED",
   PARSE_ERROR: "PARSE_ERROR",
   TEMPLATE_NOT_FOUND: "TEMPLATE_NOT_FOUND",
   INJECT_FAILED: "INJECT_FAILED"
 };
 var errors = {
-  envFileNotFound: (path) => new Env2OpError(
-    `File not found: ${path}`,
-    ErrorCodes.ENV_FILE_NOT_FOUND,
-    "Check that the file path is correct"
-  ),
-  envFileEmpty: (path) => new Env2OpError(
-    `No valid environment variables found in ${path}`,
-    ErrorCodes.ENV_FILE_EMPTY,
-    "Ensure the file contains KEY=value pairs"
-  ),
-  opCliNotInstalled: () => new Env2OpError(
-    "1Password CLI (op) is not installed",
-    ErrorCodes.OP_CLI_NOT_INSTALLED,
-    "Install it from https://1password.com/downloads/command-line/"
-  ),
-  opNotSignedIn: () => new Env2OpError(
-    "Not signed in to 1Password CLI",
-    ErrorCodes.OP_NOT_SIGNED_IN,
-    'Run "op signin" to authenticate'
-  ),
-  vaultNotFound: (vault2) => new Env2OpError(
-    `Vault not found: ${vault2}`,
-    ErrorCodes.VAULT_NOT_FOUND,
-    'Run "op vault list" to see available vaults'
-  ),
+  envFileNotFound: (path) => new Env2OpError(`File not found: ${path}`, ErrorCodes.ENV_FILE_NOT_FOUND, "Check that the file path is correct"),
+  envFileEmpty: (path) => new Env2OpError(`No valid environment variables found in ${path}`, ErrorCodes.ENV_FILE_EMPTY, "Ensure the file contains KEY=value pairs"),
+  opCliNotInstalled: () => new Env2OpError("1Password CLI (op) is not installed", ErrorCodes.OP_CLI_NOT_INSTALLED, "Install it from https://1password.com/downloads/command-line/"),
+  opNotSignedIn: () => new Env2OpError("Not signed in to 1Password CLI", ErrorCodes.OP_NOT_SIGNED_IN, 'Run "op signin" to authenticate'),
+  vaultNotFound: (vault) => new Env2OpError(`Vault not found: ${vault}`, ErrorCodes.VAULT_NOT_FOUND, 'Run "op vault list" to see available vaults'),
   vaultCreateFailed: (message) => new Env2OpError(`Failed to create vault: ${message}`, ErrorCodes.VAULT_CREATE_FAILED),
-  itemExists: (title, vault2) => new Env2OpError(
-    `Item "${title}" already exists in vault "${vault2}"`,
-    ErrorCodes.ITEM_EXISTS,
-    "Use default behavior (overwrites) or choose a different item name"
-  ),
+  itemExists: (title, vault) => new Env2OpError(`Item "${title}" already exists in vault "${vault}"`, ErrorCodes.ITEM_EXISTS, "Use default behavior (overwrites) or choose a different item name"),
   itemCreateFailed: (message) => new Env2OpError(`Failed to create 1Password item: ${message}`, ErrorCodes.ITEM_CREATE_FAILED),
+  itemEditFailed: (message) => new Env2OpError(`Failed to edit 1Password item: ${message}`, ErrorCodes.ITEM_EDIT_FAILED),
   parseError: (line, message) => new Env2OpError(`Parse error at line ${line}: ${message}`, ErrorCodes.PARSE_ERROR)
 };
 // src/core/env-parser.ts
 var HEADER_SEPARATOR = "# ===========================================================================";
 function stripHeaders(content) {
-  const lines = content.split("\n");
+  const lines = content.split(`
+`);
   const result = [];
   let inHeader = false;
   for (const line of lines) {
@@ -201,7 +174,8 @@ function stripHeaders(content) {
   while (result.length > 0 && result[0]?.trim() === "") {
     result.shift();
   }
-  return result.join("\n");
+  return result.join(`
+`);
 }
 function parseValue(raw) {
   const trimmed = raw.trim();
@@ -220,18 +194,27 @@ function parseValue(raw) {
   const parts = trimmed.split(/\s+#/);
   return (parts[0] ?? trimmed).trim();
 }
-function parseEnvFile(filePath) {
-  if (!existsSync(filePath)) {
+function stripBom(content) {
+  if (content.charCodeAt(0) === 65279) {
+    return content.slice(1);
+  }
+  return content;
+}
+async function parseEnvFile(filePath) {
+  let rawContent;
+  try {
+    rawContent = await readFile(filePath, "utf-8");
+  } catch {
     throw errors.envFileNotFound(filePath);
   }
-  const rawContent = readFileSync(filePath, "utf-8");
-  const content = stripHeaders(rawContent);
-  const rawLines = content.split("\n");
+  const content = stripHeaders(stripBom(rawContent));
+  const rawLines = content.split(`
+`);
   const variables = [];
   const lines = [];
   const parseErrors = [];
   let currentComment = "";
-  for (let i = 0; i < rawLines.length; i++) {
+  for (let i = 0;i < rawLines.length; i++) {
     const line = rawLines[i] ?? "";
     const trimmed = line.trim();
     const lineNumber = i + 1;
@@ -253,7 +236,7 @@ function parseEnvFile(filePath) {
       variables.push({
         key,
         value,
-        comment: currentComment || void 0,
+        comment: currentComment || undefined,
         line: lineNumber
       });
       lines.push({ type: "variable", key, value });
@@ -271,101 +254,181 @@ function validateParseResult(result, filePath) {
 }
 // src/utils/shell.ts
-import { spawn } from "child_process";
-async function exec(command, args2 = []) {
-  return new Promise((resolve, reject) => {
-    const proc = spawn(command, args2, {
-      shell: false,
-      stdio: ["pipe", "pipe", "pipe"]
+import { spawn } from "node:child_process";
+import pc from "picocolors";
+function quoteArg(arg) {
+  if (/[ [\]'"\\=]/.test(arg)) {
+    return `'${arg.replace(/'/g, "'\\''")}'`;
+  }
+  return arg;
+}
+async function exec(command, args = [], options = {}) {
+  const { verbose = false } = options;
+  const fullCommand = `${command} ${args.map(quoteArg).join(" ")}`;
+  if (verbose) {
+    console.log(pc.dim(`$ ${fullCommand}`));
+  }
+  return new Promise((resolve) => {
+    const proc = spawn(command, args, {
+      stdio: ["ignore", "pipe", "pipe"]
     });
-    let stdout = "";
-    let stderr = "";
+    const stdoutChunks = [];
+    const stderrChunks = [];
     proc.stdout?.on("data", (data) => {
-      stdout += data.toString();
+      const text = Buffer.isBuffer(data) ? data.toString() : String(data);
+      stdoutChunks.push(text);
+      if (verbose) {
+        process.stdout.write(text);
+      }
     });
     proc.stderr?.on("data", (data) => {
-      stderr += data.toString();
+      const text = Buffer.isBuffer(data) ? data.toString() : String(data);
+      stderrChunks.push(text);
+      if (verbose) {
+        process.stderr.write(text);
+      }
     });
-    proc.on("error", (error) => {
-      reject(error);
+    proc.on("close", (code) => {
+      resolve({
+        stdout: stdoutChunks.join(""),
+        stderr: stderrChunks.join(""),
+        exitCode: code ?? 1
+      });
+    });
+    proc.on("error", (err) => {
+      stderrChunks.push(err.message);
+      resolve({
+        stdout: stdoutChunks.join(""),
+        stderr: stderrChunks.join(""),
+        exitCode: 1
+      });
+    });
+  });
+}
+async function execWithStdin(command, args = [], options) {
+  const { stdin: stdinContent, verbose = false } = options;
+  if (verbose) {
+    const fullCommand = `${command} ${args.map(quoteArg).join(" ")}`;
+    console.log(pc.dim(`$ echo '...' | ${fullCommand}`));
+  }
+  return new Promise((resolve) => {
+    const proc = spawn(command, args, {
+      stdio: ["pipe", "pipe", "pipe"]
+    });
+    const stdoutChunks = [];
+    const stderrChunks = [];
+    proc.stdin?.write(stdinContent);
+    proc.stdin?.end();
+    proc.stdout?.on("data", (data) => {
+      const text = Buffer.isBuffer(data) ? data.toString() : String(data);
+      stdoutChunks.push(text);
+      if (verbose)
+        process.stdout.write(text);
+    });
+    proc.stderr?.on("data", (data) => {
+      const text = Buffer.isBuffer(data) ? data.toString() : String(data);
+      stderrChunks.push(text);
+      if (verbose)
+        process.stderr.write(text);
     });
     proc.on("close", (code) => {
       resolve({
-        stdout,
-        stderr,
-        exitCode: code ?? 0
+        stdout: stdoutChunks.join(""),
+        stderr: stderrChunks.join(""),
+        exitCode: code ?? 1
+      });
+    });
+    proc.on("error", (err) => {
+      stderrChunks.push(err.message);
+      resolve({
+        stdout: stdoutChunks.join(""),
+        stderr: stderrChunks.join(""),
+        exitCode: 1
       });
     });
   });
 }
-async function execOrThrow(command, args2 = []) {
-  const result = await exec(command, args2);
+// src/core/onepassword.ts
+async function checkOpCli(options = {}) {
+  const result = await exec("op", ["--version"], options);
+  return result.exitCode === 0;
+}
+async function checkSignedIn(options = {}) {
+  const result = await exec("op", ["whoami", "--format", "json"], options);
+  return result.exitCode === 0;
+}
+async function signIn(options = {}) {
+  const result = await exec("op", ["signin"], options);
+  return result.exitCode === 0;
+}
+async function itemExists(vault, title, options = {}) {
+  const result = await exec("op", ["item", "list", "--vault", vault, "--format", "json"], options);
   if (result.exitCode !== 0) {
-    const error = new Error(result.stderr || `Command failed with exit code ${result.exitCode}`);
-    error.stderr = result.stderr;
-    error.stdout = result.stdout;
-    error.exitCode = result.exitCode;
-    throw error;
+    return null;
+  }
+  try {
+    const items = JSON.parse(result.stdout);
+    const item = items.find((item2) => item2.title === title);
+    return item?.id ?? null;
+  } catch {
+    return null;
   }
-  return result;
-}
-async function execJson(command, args2 = []) {
-  const result = await execOrThrow(command, args2);
-  return JSON.parse(result.stdout);
 }
-async function execQuiet(command, args2 = []) {
+async function vaultExists(vault, options = {}) {
+  const result = await exec("op", ["vault", "list", "--format", "json"], options);
+  if (result.exitCode !== 0) {
+    return false;
+  }
   try {
-    const result = await exec(command, args2);
-    return result.exitCode === 0;
+    const vaults = JSON.parse(result.stdout);
+    return vaults.some((v) => v.name === vault);
   } catch {
     return false;
   }
 }
-// src/core/onepassword.ts
-async function checkOpCli() {
-  return execQuiet("op", ["--version"]);
-}
-async function checkSignedIn() {
-  return execQuiet("op", ["account", "get"]);
-}
-async function itemExists(vault2, title) {
-  return execQuiet("op", ["item", "get", title, "--vault", vault2]);
-}
-async function deleteItem(vault2, title) {
+async function createVault(name, options = {}) {
   try {
-    await exec("op", ["item", "delete", title, "--vault", vault2]);
-  } catch (_error) {
+    await exec("op", ["vault", "create", name], options);
+  } catch (error) {
+    const message = error instanceof Error ? error.message : String(error);
+    throw errors.vaultCreateFailed(message);
   }
 }
-async function createSecureNote(options2) {
-  const { vault: vault2, title, fields, secret } = options2;
-  const fieldType = secret ? "password" : "text";
-  const fieldArgs = fields.map(({ key, value }) => `${key}[${fieldType}]=${value}`);
+function buildItemTemplate(title, vault, fields, secret) {
+  const fieldType = secret ? "CONCEALED" : "STRING";
+  return {
+    title,
+    vault: { name: vault },
+    category: "SECURE_NOTE",
+    fields: fields.map(({ key, value }) => ({
+      type: fieldType,
+      label: key,
+      value
+    }))
+  };
+}
+async function createSecureNote(options) {
+  const { vault, title, fields, secret, verbose } = options;
+  const template = buildItemTemplate(title, vault, fields, secret);
+  const json = JSON.stringify(template);
   try {
-    const args2 = [
-      "item",
-      "create",
-      "--category=Secure Note",
-      `--vault=${vault2}`,
-      `--title=${title}`,
-      "--format=json",
-      ...fieldArgs
-    ];
-    const result = await execJson("op", args2);
+    const result = await execWithStdin("op", ["item", "create", "--format", "json"], { stdin: json, verbose });
+    if (result.exitCode !== 0) {
+      throw new Error(result.stderr || "Failed to create item");
+    }
+    const item = JSON.parse(result.stdout);
     const fieldIds = {};
-    if (Array.isArray(result.fields)) {
-      for (const field of result.fields) {
-        if (field.label && field.id) {
-          fieldIds[field.label] = field.id;
-        }
+    for (const field of item.fields ?? []) {
+      if (field.label && field.id) {
+        fieldIds[field.label] = field.id;
       }
     }
     return {
-      id: result.id,
-      title: result.title,
-      vault: result.vault?.name ?? vault2,
-      vaultId: result.vault?.id ?? "",
+      id: item.id,
+      title: item.title,
+      vault: item.vault?.name ?? vault,
+      vaultId: item.vault?.id ?? "",
       fieldIds
     };
   } catch (error) {
@@ -373,21 +436,41 @@ async function createSecureNote(options2) {
     throw errors.itemCreateFailed(message);
   }
 }
-async function vaultExists(vault2) {
-  return execQuiet("op", ["vault", "get", vault2]);
-}
-async function createVault(name) {
+async function editSecureNote(options) {
+  const { vault, title, fields, secret, verbose, itemId } = options;
+  const template = buildItemTemplate(title, vault, fields, secret);
+  const json = JSON.stringify(template);
   try {
-    await exec("op", ["vault", "create", name]);
+    const result = await execWithStdin("op", ["item", "edit", itemId, "--format", "json"], {
+      stdin: json,
+      verbose
+    });
+    if (result.exitCode !== 0) {
+      throw new Error(result.stderr || "Failed to edit item");
+    }
+    const item = JSON.parse(result.stdout);
+    const fieldIds = {};
+    for (const field of item.fields ?? []) {
+      if (field.label && field.id) {
+        fieldIds[field.label] = field.id;
+      }
+    }
+    return {
+      id: item.id,
+      title: item.title,
+      vault: item.vault?.name ?? vault,
+      vaultId: item.vault?.id ?? "",
+      fieldIds
+    };
   } catch (error) {
     const message = error instanceof Error ? error.message : String(error);
-    throw errors.vaultCreateFailed(message);
+    throw errors.itemEditFailed(message);
   }
 }
 // src/core/template-generator.ts
-var import_package = __toESM(require_package(), 1);
-import { writeFileSync } from "fs";
+var import__package = __toESM(require_package(), 1);
+import { writeFileSync } from "node:fs";
 var SEPARATOR = "# ===========================================================================";
 function deriveEnvFileName(templateFileName) {
   if (templateFileName.endsWith(".tpl")) {
@@ -395,17 +478,20 @@ function deriveEnvFileName(templateFileName) {
   }
   return templateFileName;
 }
+function deriveTemplateFileName(envFileName) {
+  return `${envFileName}.tpl`;
+}
 function formatTimestamp() {
-  return (/* @__PURE__ */ new Date()).toISOString().replace("T", " ").replace(/\.\d{3}Z$/, " UTC");
+  return new Date().toISOString().replace("T", " ").replace(/\.\d{3}Z$/, " UTC");
 }
 function generateTemplateHeader(templateFileName) {
   const envFileName = deriveEnvFileName(templateFileName);
   return [
     SEPARATOR,
-    `#  ${templateFileName} \u2014 1Password Secret References`,
+    `#  ${templateFileName} — 1Password Secret References`,
     "#",
     "#  This template contains references to secrets stored in 1Password.",
-    "#  The actual values are not stored here \u2014 only secret references.",
+    "#  The actual values are not stored here — only secret references.",
     "#",
     `#  To generate ${envFileName} with real values:`,
     `#    op2env ${templateFileName}`,
@@ -414,14 +500,33 @@ function generateTemplateHeader(templateFileName) {
     `#    op run --env-file ${templateFileName} -- npm start`,
     "#",
     `#  Pushed: ${formatTimestamp()}`,
-    `#  Generated by env2op v${import_package.default.version}`,
+    `#  Generated by env2op v${import__package.default.version}`,
     "#  https://github.com/tolgamorf/env2op-cli",
     SEPARATOR,
     ""
   ];
 }
-function generateTemplateContent(options2, templateFileName) {
-  const { vaultId, itemId, lines: envLines, fieldIds } = options2;
+function generateEnvHeader(envFileName) {
+  const templateFileName = deriveTemplateFileName(envFileName);
+  return [
+    SEPARATOR,
+    `#  ${envFileName} — Environment Variables`,
+    "#",
+    "#  WARNING: This file contains sensitive values. Do not commit to git!",
+    "#",
+    `#  To push updates to 1Password and generate ${templateFileName}:`,
+    `#    env2op ${envFileName} <vault> "<item_name>"`,
+    "#",
+    `#  Pulled: ${formatTimestamp()}`,
+    `#  Generated by op2env v${import__package.default.version}`,
+    "#  https://github.com/tolgamorf/env2op-cli",
+    SEPARATOR,
+    "",
+    ""
+  ];
+}
+function generateTemplateContent(options, templateFileName) {
+  const { vaultId, itemId, lines: envLines, fieldIds } = options;
   const outputLines = generateTemplateHeader(templateFileName);
   for (const line of envLines) {
     switch (line.type) {
@@ -438,129 +543,80 @@ function generateTemplateContent(options2, templateFileName) {
       }
     }
   }
-  return `${outputLines.join("\n")}
+  return `${outputLines.join(`
+`)}
 `;
 }
 function writeTemplate(content, outputPath) {
   writeFileSync(outputPath, content, "utf-8");
 }
 function generateUsageInstructions(templatePath) {
-  return ["", "Usage:", `  op2env ${templatePath}`, `  op run --env-file ${templatePath} -- npm start`].join("\n");
+  return ["Usage:", `  op2env ${templatePath}`, `  op run --env-file ${templatePath} -- npm start`].join(`
+`);
 }
 // src/utils/logger.ts
 import * as p from "@clack/prompts";
-import pc from "picocolors";
+import pc2 from "picocolors";
 var symbols = {
-  success: pc.green("\u2713"),
-  error: pc.red("\u2717"),
-  warning: pc.yellow("\u26A0"),
-  info: pc.blue("\u2139"),
-  arrow: pc.cyan("\u2192"),
-  bullet: pc.dim("\u2022")
+  success: pc2.green("✓"),
+  error: pc2.red("✗"),
+  warning: pc2.yellow("⚠"),
+  info: pc2.blue("ℹ"),
+  arrow: pc2.cyan("→"),
+  bullet: pc2.dim("•")
 };
 var logger = {
-  /**
-   * Display CLI intro banner
-   */
   intro(name, version, dryRun = false) {
-    const label = dryRun ? pc.bgYellow(pc.black(` ${name} v${version} [DRY RUN] `)) : pc.bgCyan(pc.black(` ${name} v${version} `));
+    const label = dryRun ? pc2.bgYellow(pc2.black(` ${name} v${version} [DRY RUN] `)) : pc2.bgCyan(pc2.black(` ${name} v${version} `));
     p.intro(label);
   },
-  /**
-   * Display section header
-   */
   section(title) {
     console.log(`
-${pc.bold(pc.underline(title))}`);
+${pc2.bold(pc2.underline(title))}`);
   },
-  /**
-   * Success message
-   */
   success(message) {
     p.log.success(message);
   },
-  /**
-   * Error message
-   */
   error(message) {
     p.log.error(message);
   },
-  /**
-   * Warning message
-   */
   warn(message) {
     p.log.warn(message);
   },
-  /**
-   * Info message
-   */
   info(message) {
     p.log.info(message);
   },
-  /**
-   * Step in a process
-   */
   step(message) {
     p.log.step(message);
   },
-  /**
-   * Message (neutral)
-   */
   message(message) {
     p.log.message(message);
   },
-  /**
-   * Display key-value pair
-   */
   keyValue(key, value, indent = 2) {
-    console.log(`${" ".repeat(indent)}${pc.dim(key)}: ${pc.cyan(value)}`);
+    console.log(`${" ".repeat(indent)}${pc2.dim(key)}: ${pc2.cyan(value)}`);
   },
-  /**
-   * Display list item
-   */
   listItem(item, indent = 2) {
     console.log(`${" ".repeat(indent)}${symbols.bullet} ${item}`);
   },
-  /**
-   * Display arrow item
-   */
   arrowItem(item, indent = 2) {
     console.log(`${" ".repeat(indent)}${symbols.arrow} ${item}`);
   },
-  /**
-   * Display dry run indicator
-   */
   dryRun(message) {
-    console.log(`${pc.yellow("[DRY RUN]")} ${message}`);
+    console.log(`${pc2.yellow("[DRY RUN]")} ${message}`);
   },
-  /**
-   * Create a spinner for async operations
-   */
   spinner() {
     return p.spinner();
   },
-  /**
-   * Display outro message
-   */
   outro(message) {
-    p.outro(pc.green(message));
+    p.outro(pc2.green(message));
   },
-  /**
-   * Display cancellation message
-   */
   cancel(message) {
     p.cancel(message);
   },
-  /**
-   * Display a note block
-   */
   note(message, title) {
     p.note(message, title);
   },
-  /**
-   * Format a field list for display
-   */
   formatFields(fields, max = 3) {
     if (fields.length <= max) {
       return fields.join(", ");
@@ -569,113 +625,147 @@ ${pc.bold(pc.underline(title))}`);
   }
 };
+// src/utils/timing.ts
+import { setTimeout } from "node:timers/promises";
+var MIN_SPINNER_TIME = 500;
+async function withMinTime(promise, minTime = MIN_SPINNER_TIME) {
+  const [result] = await Promise.all([promise, setTimeout(minTime)]);
+  return result;
+}
 // src/commands/convert.ts
-async function runConvert(options2) {
-  const { envFile: envFile2, vault: vault2, itemName: itemName2, output, dryRun, secret, force } = options2;
-  const pkg3 = await Promise.resolve().then(() => __toESM(require_package(), 1));
-  logger.intro("env2op", pkg3.version, dryRun);
+async function runConvert(options) {
+  const { envFile, vault, itemName, output, dryRun, secret, force, verbose } = options;
+  const pkg2 = await Promise.resolve().then(() => __toESM(require_package(), 1));
+  logger.intro("env2op", pkg2.version, dryRun);
   try {
-    const parseResult = parseEnvFile(envFile2);
-    validateParseResult(parseResult, envFile2);
+    const parseResult = await parseEnvFile(envFile);
+    validateParseResult(parseResult, envFile);
     const { variables, lines } = parseResult;
-    logger.success(`Parsed ${basename(envFile2)}`);
-    logger.message(`Found ${variables.length} environment variable${variables.length === 1 ? "" : "s"}`);
+    const varCount = variables.length;
+    logger.success(`Parsed ${basename(envFile)} — found ${varCount} variable${varCount === 1 ? "" : "s"}`);
     for (const error of parseResult.errors) {
       logger.warn(error);
     }
     let itemResult = null;
     if (dryRun) {
-      logger.warn("Would create Secure Note");
-      logger.keyValue("Vault", vault2);
-      logger.keyValue("Title", itemName2);
+      logger.step("Checking 1Password CLI...");
+      logger.warn("Would check if 1Password CLI is installed and authenticated");
+      logger.step(`Checking for vault "${vault}"...`);
+      logger.warn(`Would check if vault "${vault}" exists`);
+      logger.step(`Checking for item "${itemName}"...`);
+      logger.warn(`Would check if item "${itemName}" exists`);
+      logger.step("Pushing environment variables...");
+      logger.warn("Would push to 1Password:");
+      logger.keyValue("Vault", vault);
+      logger.keyValue("Title", itemName);
       logger.keyValue("Type", secret ? "password (hidden)" : "text (visible)");
       logger.keyValue("Fields", logger.formatFields(variables.map((v) => v.key)));
     } else {
-      const opInstalled = await checkOpCli();
+      const authSpinner = p2.spinner();
+      authSpinner.start("Checking 1Password CLI...");
+      const opInstalled = await checkOpCli({ verbose });
       if (!opInstalled) {
-        throw new Env2OpError(
-          "1Password CLI (op) is not installed",
-          "OP_CLI_NOT_INSTALLED",
-          "Install from https://1password.com/downloads/command-line/"
-        );
+        authSpinner.stop("1Password CLI not found");
+        throw new Env2OpError("1Password CLI (op) is not installed", "OP_CLI_NOT_INSTALLED", "Install from https://1password.com/downloads/command-line/");
       }
-      const signedIn = await checkSignedIn();
+      let signedIn = await checkSignedIn({ verbose });
       if (!signedIn) {
-        throw new Env2OpError(
-          "Not signed in to 1Password CLI",
-          "OP_NOT_SIGNED_IN",
-          'Run "op signin" to authenticate'
-        );
+        authSpinner.message("Signing in to 1Password...");
+        const signInSuccess = await signIn({ verbose });
+        if (!signInSuccess) {
+          authSpinner.stop();
+          throw new Env2OpError("Failed to sign in to 1Password CLI", "OP_SIGNIN_FAILED", 'Try running "op signin" manually');
+        }
+        signedIn = await checkSignedIn({ verbose });
+        if (!signedIn) {
+          authSpinner.stop();
+          throw new Env2OpError("Not signed in to 1Password CLI", "OP_NOT_SIGNED_IN", 'Run "op signin" to authenticate');
+        }
       }
-      const vaultFound = await vaultExists(vault2);
+      authSpinner.stop("1Password CLI ready");
+      const vaultSpinner = p2.spinner();
+      vaultSpinner.start(`Checking for vault "${vault}"...`);
+      const vaultFound = await withMinTime(vaultExists(vault, { verbose }));
       if (vaultFound) {
-        logger.success(`Vault "${vault2}" found`);
+        vaultSpinner.stop(`Vault "${vault}" found`);
       } else {
         if (force) {
-          logger.warn(`Vault "${vault2}" not found, creating...`);
-          await createVault(vault2);
-          logger.success(`Created vault "${vault2}"`);
+          vaultSpinner.message(`Vault "${vault}" not found, creating...`);
+          await createVault(vault, { verbose });
+          vaultSpinner.stop(`Created vault "${vault}"`);
         } else {
+          vaultSpinner.stop(`Vault "${vault}" not found`);
           const shouldCreate = await p2.confirm({
-            message: `Vault "${vault2}" does not exist. Create it?`
+            message: `Vault "${vault}" does not exist. Create it?`
           });
           if (p2.isCancel(shouldCreate) || !shouldCreate) {
             logger.cancel("Operation cancelled");
             logger.info('Run "op vault list" to see available vaults');
             process.exit(0);
           }
-          const spinner3 = logger.spinner();
-          spinner3.start(`Creating vault "${vault2}"...`);
-          await createVault(vault2);
-          spinner3.stop(`Created vault "${vault2}"`);
+          const createSpinner = p2.spinner();
+          createSpinner.start(`Creating vault "${vault}"...`);
+          await createVault(vault, { verbose });
+          createSpinner.stop(`Created vault "${vault}"`);
         }
       }
-      const exists = await itemExists(vault2, itemName2);
-      if (exists) {
-        if (force) {
-          logger.warn(`Item "${itemName2}" already exists, overwriting...`);
-          await deleteItem(vault2, itemName2);
-        } else {
+      const itemSpinner = p2.spinner();
+      itemSpinner.start(`Checking for item "${itemName}"...`);
+      const existingItemId = await withMinTime(itemExists(vault, itemName, { verbose }));
+      if (existingItemId) {
+        itemSpinner.stop(`Item "${itemName}" found`);
+        if (!force) {
           const shouldOverwrite = await p2.confirm({
-            message: `Item "${itemName2}" already exists in vault "${vault2}". Overwrite?`
+            message: `Item "${itemName}" already exists in vault "${vault}". Update it?`
           });
           if (p2.isCancel(shouldOverwrite) || !shouldOverwrite) {
             logger.cancel("Operation cancelled");
             process.exit(0);
           }
-          await deleteItem(vault2, itemName2);
         }
+      } else {
+        itemSpinner.stop(`Item "${itemName}" not found`);
       }
-      const spinner2 = logger.spinner();
-      spinner2.start("Creating 1Password Secure Note...");
+      const pushSpinner = p2.spinner();
+      pushSpinner.start("Pushing environment variables...");
       try {
-        itemResult = await createSecureNote({
-          vault: vault2,
-          title: itemName2,
-          fields: variables,
-          secret
-        });
-        spinner2.stop(`Created "${itemResult.title}" in vault "${itemResult.vault}"`);
+        if (existingItemId) {
+          itemResult = await editSecureNote({
+            vault,
+            title: itemName,
+            fields: variables,
+            secret,
+            verbose,
+            itemId: existingItemId
+          });
+        } else {
+          itemResult = await createSecureNote({
+            vault,
+            title: itemName,
+            fields: variables,
+            secret,
+            verbose
+          });
+        }
+        pushSpinner.stop(existingItemId ? `Updated "${itemResult.title}" in vault "${itemResult.vault}"` : `Created "${itemResult.title}" in vault "${itemResult.vault}"`);
       } catch (error) {
-        spinner2.stop("Failed to create Secure Note");
+        pushSpinner.stop();
         throw error;
       }
     }
-    const templatePath = output ?? join(dirname(envFile2), `${basename(envFile2)}.tpl`);
+    const templatePath = output ?? join(dirname(envFile), `${basename(envFile)}.tpl`);
     const templateFileName = basename(templatePath);
     if (dryRun) {
       logger.warn(`Would generate template: ${templatePath}`);
     } else if (itemResult) {
-      const templateContent = generateTemplateContent(
-        {
-          vaultId: itemResult.vaultId,
-          itemId: itemResult.id,
-          variables,
-          lines,
-          fieldIds: itemResult.fieldIds
-        },
-        templateFileName
-      );
+      const templateContent = generateTemplateContent({
+        vaultId: itemResult.vaultId,
+        itemId: itemResult.id,
+        variables,
+        lines,
+        fieldIds: itemResult.fieldIds
+      }, templateFileName);
       writeTemplate(templateContent, templatePath);
       logger.success(`Generated template: ${templatePath}`);
     }
@@ -701,10 +791,10 @@ async function runConvert(options2) {
 // src/cli.ts
 var pkg2 = await Promise.resolve().then(() => __toESM(require_package(), 1));
 var args = process.argv.slice(2);
-var flags = /* @__PURE__ */ new Set();
+var flags = new Set;
 var positional = [];
 var options = {};
-for (let i = 0; i < args.length; i++) {
+for (let i = 0;i < args.length; i++) {
   const arg = args[i];
   if (arg === "-o" || arg === "--output") {
     const next = args[i + 1];
@@ -744,67 +834,73 @@ await runConvert({
   output: options.output,
   dryRun: flags.has("dry-run"),
   secret: flags.has("secret"),
-  force: flags.has("f") || flags.has("force")
+  force: flags.has("f") || flags.has("force"),
+  verbose: flags.has("verbose")
 });
 function showHelp() {
-  const name = pc2.bold(pc2.cyan("env2op"));
-  const version = pc2.dim(`v${pkg2.version}`);
+  const name = pc3.bold(pc3.cyan("env2op"));
+  const version = pc3.dim(`v${pkg2.version}`);
   console.log(`
 ${name} ${version}
 ${pkg2.description}
-${pc2.bold("USAGE")}
-  ${pc2.cyan("$")} env2op ${pc2.yellow("<env_file>")} ${pc2.yellow("<vault>")} ${pc2.yellow("<item_name>")} ${pc2.dim("[options]")}
+${pc3.bold("USAGE")}
+  ${pc3.cyan("$")} env2op ${pc3.yellow("<env_file>")} ${pc3.yellow("<vault>")} ${pc3.yellow("<item_name>")} ${pc3.dim("[options]")}
-${pc2.bold("ARGUMENTS")}
-  ${pc2.yellow("env_file")}     Path to .env file
-  ${pc2.yellow("vault")}        1Password vault name
-  ${pc2.yellow("item_name")}    Name for the Secure Note in 1Password
+${pc3.bold("ARGUMENTS")}
+  ${pc3.yellow("env_file")}     Path to .env file
+  ${pc3.yellow("vault")}        1Password vault name
+  ${pc3.yellow("item_name")}    Name for the Secure Note in 1Password
-${pc2.bold("OPTIONS")}
-  ${pc2.cyan("-o, --output")}   Output template path (default: <env_file>.tpl)
-  ${pc2.cyan("-f, --force")}    Skip confirmation prompts
-  ${pc2.cyan("--dry-run")}      Preview actions without executing
-  ${pc2.cyan("--secret")}       Store all fields as password type (hidden)
-  ${pc2.cyan("-h, --help")}     Show this help message
-  ${pc2.cyan("-v, --version")}  Show version
+${pc3.bold("OPTIONS")}
+  ${pc3.cyan("-o, --output")}   Output template path (default: <env_file>.tpl)
+  ${pc3.cyan("-f, --force")}    Skip confirmation prompts
+  ${pc3.cyan("--dry-run")}      Preview actions without executing
+  ${pc3.cyan("--secret")}       Store all fields as password type (hidden)
+  ${pc3.cyan("--verbose")}      Show op CLI output
+  ${pc3.cyan("-h, --help")}     Show this help message
+  ${pc3.cyan("-v, --version")}  Show version
-${pc2.bold("EXAMPLES")}
-  ${pc2.dim("# Basic usage")}
-  ${pc2.cyan("$")} env2op .env.production Personal "MyApp - Production"
+${pc3.bold("EXAMPLES")}
+  ${pc3.dim("# Basic usage")}
+  ${pc3.cyan("$")} env2op .env.production Personal "MyApp - Production"
-  ${pc2.dim("# Custom output path")}
-  ${pc2.cyan("$")} env2op .env Personal "MyApp" -o secrets.tpl
+  ${pc3.dim("# Custom output path")}
+  ${pc3.cyan("$")} env2op .env Personal "MyApp" -o secrets.tpl
-  ${pc2.dim("# Preview without making changes")}
-  ${pc2.cyan("$")} env2op .env Personal "MyApp" --dry-run
+  ${pc3.dim("# Preview without making changes")}
+  ${pc3.cyan("$")} env2op .env Personal "MyApp" --dry-run
-  ${pc2.dim("# Store as hidden password fields")}
-  ${pc2.cyan("$")} env2op .env Personal "MyApp" --secret
+  ${pc3.dim("# Store as hidden password fields")}
+  ${pc3.cyan("$")} env2op .env Personal "MyApp" --secret
-  ${pc2.dim("# Skip confirmation prompts (for CI/scripts)")}
-  ${pc2.cyan("$")} env2op .env Personal "MyApp" -f
+  ${pc3.dim("# Skip confirmation prompts (for CI/scripts)")}
+  ${pc3.cyan("$")} env2op .env Personal "MyApp" -f
-${pc2.bold("DOCUMENTATION")}
-  ${pc2.dim("https://github.com/tolgamorf/env2op-cli")}
+${pc3.bold("DOCUMENTATION")}
+  ${pc3.dim("https://github.com/tolgamorf/env2op-cli")}
 `);
 }
 function showMissingArgsError(provided) {
   const missing = [];
-  if (provided.length < 1) missing.push("env_file");
-  if (provided.length < 2) missing.push("vault");
-  if (provided.length < 3) missing.push("item_name");
+  if (provided.length < 1)
+    missing.push("env_file");
+  if (provided.length < 2)
+    missing.push("vault");
+  if (provided.length < 3)
+    missing.push("item_name");
   console.log(`
-${pc2.red(pc2.bold("Error:"))} Missing required arguments
+${pc3.red(pc3.bold("Error:"))} Missing required arguments
-${pc2.bold("Usage:")} env2op ${pc2.yellow("<env_file>")} ${pc2.yellow("<vault>")} ${pc2.yellow("<item_name>")} ${pc2.dim("[options]")}
+${pc3.bold("Usage:")} env2op ${pc3.yellow("<env_file>")} ${pc3.yellow("<vault>")} ${pc3.yellow("<item_name>")} ${pc3.dim("[options]")}
-${pc2.bold("Missing:")}
-${missing.map((arg) => `  ${pc2.red("\u2022")} ${pc2.yellow(arg)}`).join("\n")}
+${pc3.bold("Missing:")}
+${missing.map((arg) => `  ${pc3.red("•")} ${pc3.yellow(arg)}`).join(`
+`)}
-${pc2.bold("Example:")}
-  ${pc2.cyan("$")} env2op .env.production Personal "MyApp - Production"
+${pc3.bold("Example:")}
+  ${pc3.cyan("$")} env2op .env.production Personal "MyApp - Production"
-Run ${pc2.cyan("env2op --help")} for more information.
+Run ${pc3.cyan("env2op --help")} for more information.
 `);
 }