dotsec 4.0.0-alpha.2 → 4.0.0-alpha.21

package/dist/cli/index.js

@@ -1,4 +1,453 @@
-var je=Object.create;var J=Object.defineProperty;var Ve=Object.getOwnPropertyDescriptor;var Ae=Object.getOwnPropertyNames;var ke=Object.getPrototypeOf,He=Object.prototype.hasOwnProperty;var Le=(n,o,a,t)=>{if(o&&typeof o=="object"||typeof o=="function")for(let e of Ae(o))!He.call(n,e)&&e!==a&&J(n,e,{get:()=>o[e],enumerable:!(t=Ve(o,e))||t.enumerable});return n};var w=(n,o,a)=>(a=n!=null?je(ke(n)):{},Le(o||!n||!n.__esModule?J(a,"default",{value:n,enumerable:!0}):a,n));var Te=require("commander");var Re="dotsec.config.ts",B=[Re],q=".sec",G=".env",_={defaults:{}};var Y=w(require("fs")),z=w(require("path"));function Me(n){try{return new Function(`return ${n.trim()}`)()}catch{return{}}}var Q=async n=>{try{return Me(await Y.default.promises.readFile(n,"utf8"))}catch(o){throw o instanceof Error?new Error(`Failed to parse ${z.default.relative(process.cwd(),n)}: ${o.message}`):o}};var X=require("bundle-require"),Z=w(require("joycon")),ee=w(require("path")),ne=async n=>{let o=process.cwd(),t=await new Z.default().resolve({files:n?[n]:[...B,"package.json"],cwd:o,stopDir:ee.default.parse(o).root,packageKey:"dotsec"});if(n&&t===null)throw new Error(`Could not find config file ${n}`);if(t){if(t.endsWith(".json")){let e=await Q(t),i;return t.endsWith("package.json")&&e.dotsec!==void 0?i=e.dotsec:i=e,{source:"json",contents:{..._,...i,defaults:{...i?.defaults,..._.defaults,plugins:{...i?.defaults?.plugins,..._.defaults?.plugins}},push:{...i?.push}}}}else if(t.endsWith(".ts")){let e=await(0,X.bundleRequire)({filepath:t}),i=e.mod.dotsec||e.mod.default||e.mod;return{source:"ts",contents:{..._,...i,defaults:{...i?.defaults,..._.defaults,plugins:{...i?.defaults?.plugins,..._.defaults?.plugins}},push:{...i?.push}}}}}return{source:"defaultConfig",contents:_}};var W=async n=>import(n.name).then(o=>o.default);var te=require("commander"),x=(n,o,a)=>{n&&Object.values(n).map(t=>{let e;if(Array.isArray(t)){let[i,c,l]=t;e={flags:i,description:c,defaultValue:l}}else{let{flags:i,description:c,defaultValue:l,choices:s,env:r,fn:f}=t;e={flags:i,description:c,defaultValue:l,choices:s,env:r,fn:f}}if(e){let i=new te.Option(e.flags,e.description);e.fn&&i.argParser(e.fn),e.defaultValue&&i.default(e.defaultValue),e.env&&i.env(e.env),a&&i.makeOptionMandatory(!0),e.choices&&i.choices(e.choices),o.addOption(i)}})};var k=w(require("fs/promises")),oe=w(require("path")),ie=w(require("prompts")),V=async n=>await k.default.readFile(n,"utf-8"),I=async(n,o)=>await k.default.writeFile(n,o,"utf-8"),qe=async n=>{try{return await(0,k.stat)(n),!0}catch{return!1}},A=async({filePath:n,skip:o})=>{let a;return await qe(n)&&o!==!0?a=await(0,ie.default)({type:"confirm",name:"overwrite",message:()=>`Overwrite './${oe.default.relative(process.cwd(),n)}' ?`}):a=void 0,a};var re=w(require("chalk")),Ge=w(require("cli-table"));var C=n=>re.default.yellow.bold(n);var ye=require("commander");var S={option:["--env-file <envFile>",`Path to .env file. If not provided, will look for value in 'ENV_FILE' environment variable. If not provided, will look for '${G}' file in current directory.`,G],env:"ENV_FILE"},N={option:["--sec-file, <secFile>",`Path to .sec file. If not provided, will look for value in 'SEC_FILE' environment variable. If not provided, will look for '${q}' file in current directory.`,q],env:"SEC_FILE"},L={flags:"--using <using>",description:"Wether to use a dot env file or a dot sec file",choices:["env","sec"],env:"DOTSEC_USING"},se={flags:"--using <using>",description:"Wether to use a dot env file or a dot sec file",choices:["env"],env:"DOTSEC_USING"},$={option:["--yes","Skip confirmation prompts"]};var F={option:["-c, --config-file, --configFile <configFile>","Config file"],env:"DOTSEC_CONFIG_FILE"},ae={option:["--plugin <plugin>","Comma-separated list of plugins to use"],env:"DOTSEC_PLUGIN"},ce={option:["--engine <engine>","Encryption engine to use"],env:"DOTSEC_ENGINE"},R={option:["--create-manifest","Create a markdown manifest file. See the --manifest-file option for more information."],env:"CREATE_MANIFEST"},M={option:["--manifest-file <manifestFile>","Specify the name of the manifest file to create."],env:"ENCRYPTION_MANIFEST_FILE"};var We={decrypt:{options:{configFile:F,envFile:S,secFile:N,createManifest:R,manifestFile:M,yes:$},description:"Decrypt a sec file",helpText:`Examples:
+'use strict';
+
+var commander = require('commander');
+var fs3 = require('fs');
+var path = require('path');
+var bundleRequire = require('bundle-require');
+var JoyCon = require('joycon');
+var fs2 = require('fs/promises');
+var prompts = require('prompts');
+var chalk2 = require('chalk');
+require('cli-table');
+var dotenvExpand = require('dotenv-expand');
+var camelCase = require('camel-case');
+var child_process = require('child_process');
+var Ajv = require('ajv');
+var yargsParser = require('yargs-parser');
+
+function _interopDefault (e) { return e && e.__esModule ? e : { default: e }; }
+
+var fs3__default = /*#__PURE__*/_interopDefault(fs3);
+var path__default = /*#__PURE__*/_interopDefault(path);
+var JoyCon__default = /*#__PURE__*/_interopDefault(JoyCon);
+var fs2__default = /*#__PURE__*/_interopDefault(fs2);
+var prompts__default = /*#__PURE__*/_interopDefault(prompts);
+var chalk2__default = /*#__PURE__*/_interopDefault(chalk2);
+var Ajv__default = /*#__PURE__*/_interopDefault(Ajv);
+var yargsParser__default = /*#__PURE__*/_interopDefault(yargsParser);
+
+// src/cli/index.ts
+
+// src/constants.ts
+var DOTSEC_DEFAULT_CONFIG_FILE = "dotsec.config.ts";
+var DOTSEC_CONFIG_FILES = [DOTSEC_DEFAULT_CONFIG_FILE];
+var DOTSEC_DEFAULT_DOTSEC_FILENAME = ".sec";
+var DOTSEC_DEFAULT_DOTENV_FILENAME = ".env";
+var defaultConfig = {
+  defaults: {
+    // encryptionEngine: "pke",
+    // plugins: {
+    // 	pke: {},
+    // },
+  }
+};
+function jsoncParse(data) {
+  try {
+    return new Function(`return ${data.trim()}`)();
+  } catch {
+    return {};
+  }
+}
+var loadJson = async (filepath) => {
+  try {
+    return jsoncParse(await fs3__default.default.promises.readFile(filepath, "utf8"));
+  } catch (error) {
+    if (error instanceof Error) {
+      throw new Error(
+        `Failed to parse ${path__default.default.relative(process.cwd(), filepath)}: ${error.message}`
+      );
+    } else {
+      throw error;
+    }
+  }
+};
+var getMagicalConfig = async (filename) => {
+  const cwd = process.cwd();
+  const configJoycon = new JoyCon__default.default();
+  const configPath = await configJoycon.resolve({
+    files: filename ? [filename] : [...DOTSEC_CONFIG_FILES, "package.json"],
+    cwd,
+    stopDir: path__default.default.parse(cwd).root,
+    packageKey: "dotsec"
+  });
+  if (filename && configPath === null) {
+    throw new Error(`Could not find config file ${filename}`);
+  }
+  if (configPath) {
+    if (configPath.endsWith(".json")) {
+      const rawData = await loadJson(configPath);
+      let data;
+      if (configPath.endsWith("package.json") && rawData.dotsec !== void 0) {
+        data = rawData.dotsec;
+      } else {
+        data = rawData;
+      }
+      return {
+        source: "json",
+        contents: {
+          ...defaultConfig,
+          ...data,
+          defaults: {
+            ...data?.defaults,
+            ...defaultConfig.defaults,
+            output: {
+              ...data?.defaults?.output,
+              ...defaultConfig.defaults?.output
+            },
+            plugins: {
+              ...data?.defaults?.plugins,
+              ...defaultConfig.defaults?.plugins
+            }
+          },
+          push: {
+            ...data?.push
+          }
+        }
+      };
+    } else if (configPath.endsWith(".ts")) {
+      const bundleRequireResult = await bundleRequire.bundleRequire({
+        filepath: configPath
+      });
+      const data = bundleRequireResult.mod.dotsec || bundleRequireResult.mod.default || bundleRequireResult.mod;
+      return {
+        source: "ts",
+        contents: {
+          ...defaultConfig,
+          ...data,
+          defaults: {
+            ...data?.defaults,
+            ...defaultConfig.defaults,
+            output: {
+              ...data?.defaults?.output,
+              ...defaultConfig.defaults?.output
+            },
+            plugins: {
+              ...data?.defaults?.plugins,
+              ...defaultConfig.defaults?.plugins
+            }
+          },
+          push: {
+            ...data?.push
+          }
+        }
+      };
+    }
+  }
+  return { source: "defaultConfig", contents: defaultConfig };
+};
+
+// src/lib/loadDotsecPlugin.ts
+var loadDotsecPlugin = async (options) => {
+  return import(options.name).then((imported) => {
+    return imported.default;
+  });
+};
+var addPluginOptions = (options, command, mandatory) => {
+  if (options) {
+    Object.values(options).map((option) => {
+      let optionProps;
+      if (Array.isArray(option)) {
+        const [flags, description, defaultValue] = option;
+        optionProps = {
+          flags,
+          description,
+          defaultValue
+        };
+      } else {
+        const { flags, description, defaultValue, choices, env, fn } = option;
+        optionProps = {
+          flags,
+          description,
+          defaultValue,
+          choices,
+          env,
+          fn
+        };
+      }
+      if (optionProps) {
+        const newOption = new commander.Option(
+          optionProps.flags,
+          optionProps.description
+        );
+        if (optionProps.fn) {
+          newOption.argParser(optionProps.fn);
+        }
+        if (optionProps.defaultValue) {
+          newOption.default(optionProps.defaultValue);
+        }
+        if (optionProps.env) {
+          newOption.env(optionProps.env);
+        }
+        if (mandatory) {
+          newOption.makeOptionMandatory(true);
+        }
+        if (optionProps.choices) {
+          newOption.choices(optionProps.choices);
+        }
+        command.addOption(newOption);
+      }
+    });
+  }
+};
+var readContentsFromFile = async (filePath) => {
+  return await fs2__default.default.readFile(filePath, "utf-8");
+};
+var writeContentsToFile = async (filePath, contents) => {
+  return await fs2__default.default.writeFile(filePath, contents, "utf-8");
+};
+var fileExists = async (source) => {
+  try {
+    await fs2.stat(source);
+    return true;
+  } catch {
+    return false;
+  }
+};
+var promptOverwriteIfFileExists = async ({
+  filePath,
+  skip
+}) => {
+  let overwriteResponse;
+  if (await fileExists(filePath) && skip !== true) {
+    overwriteResponse = await prompts__default.default({
+      type: "confirm",
+      name: "overwrite",
+      message: () => {
+        return `Overwrite './${path__default.default.relative(process.cwd(), filePath)}' ?`;
+      }
+    });
+  } else {
+    overwriteResponse = void 0;
+  }
+  return overwriteResponse;
+};
+
+// src/lib/parse.ts
+var LINE = /^(#.*)|(\s?\r?\n)|(?:^|^)\s*(?:export\s+)?([\w.-]*)(?:\s*=\s*?|:\s+?)(\s*'(?:\\'|[^'])*'|\s*"(?:\\"|[^"])*"|\s*`(?:\\`|[^`])*`|[^#\r\n]+)?(\s*)(#.*)?(?:$|$)/gm;
+var parse = (src) => {
+  const obj = {};
+  const blocks = [];
+  let lines = src.toString();
+  lines = lines.replace(/\r\n?/gm, "\n");
+  let match;
+  while ((match = LINE.exec(lines)) != null) {
+    const key = match[3];
+    if (match?.[1]?.[0] === "#") {
+      blocks.push({ type: "comment", raw: match[1] });
+    } else if (match?.[2]) {
+      blocks.push({ type: "whitespace", raw: match[2] });
+    } else {
+      let value = match[4] || "";
+      value = value.trim();
+      const maybeQuote = value[0];
+      value = value.replace(/^(['"`])([\s\S]*)\1$/gm, "$2");
+      if (maybeQuote === '"') {
+        value = value.replace(/\\n/g, "\n");
+        value = value.replace(/\\r/g, "\r");
+      }
+      obj[key] = value;
+      blocks.push({
+        type: "value",
+        key,
+        value,
+        raw: value + (match[5] ? match[5] : "") + (match[6] ? match[6] : "")
+      });
+    }
+  }
+  return { blocks, obj };
+};
+if (undefined) {
+  const { it, expect } = undefined;
+  it("parse", () => {
+    const input1 = "KEY=value";
+    const input2 = 'KEY="value"';
+    const input3 = "KEY='value'";
+    const input4 = "KEY=value #   this is a comment";
+    expect(parse(input1)).toMatchInlineSnapshot(`
+			{
+			  "blocks": [
+			    {
+			      "key": "KEY",
+			      "raw": "value",
+			      "type": "value",
+			      "value": "value",
+			    },
+			  ],
+			  "obj": {
+			    "KEY": "value",
+			  },
+			}
+		`);
+    expect(parse(input2)).toMatchInlineSnapshot(`
+			{
+			  "blocks": [
+			    {
+			      "key": "KEY",
+			      "raw": "value",
+			      "type": "value",
+			      "value": "value",
+			    },
+			  ],
+			  "obj": {
+			    "KEY": "value",
+			  },
+			}
+		`);
+    expect(parse(input3)).toMatchInlineSnapshot(`
+			{
+			  "blocks": [
+			    {
+			      "key": "KEY",
+			      "raw": "value",
+			      "type": "value",
+			      "value": "value",
+			    },
+			  ],
+			  "obj": {
+			    "KEY": "value",
+			  },
+			}
+		`);
+    expect(parse(input4)).toMatchInlineSnapshot(`
+      {
+        "blocks": [
+          {
+            "key": "KEY",
+            "raw": "value#   this is a comment",
+            "type": "value",
+            "value": "value",
+          },
+        ],
+        "obj": {
+          "KEY": "value",
+        },
+      }
+    `);
+  });
+}
+var strong = (str) => chalk2__default.default.yellow.bold(str);
+
+// src/types/colors.ts
+var backgroundColors = [
+  "black",
+  "red",
+  "green",
+  "yellow",
+  "blue",
+  "magenta",
+  "cyan",
+  "white",
+  "black-bright",
+  "gray",
+  "grey",
+  "red-bright",
+  "green-bright",
+  "yellow-bright",
+  "blue-bright",
+  "magenta-bright",
+  "cyan-bright",
+  "white-bright"
+];
+
+// src/cli/options/sharedOptions.ts
+var envFileOption = {
+  option: [
+    "--env-file <envFile>",
+    `Path to .env file. If not provided, will look for value in 'ENV_FILE' environment variable. If not provided, will look for '${DOTSEC_DEFAULT_DOTENV_FILENAME}' file in current directory.`,
+    DOTSEC_DEFAULT_DOTENV_FILENAME
+  ],
+  env: "ENV_FILE"
+};
+var secFileOption = {
+  option: [
+    "--sec-file, <secFile>",
+    `Path to .sec file. If not provided, will look for value in 'SEC_FILE' environment variable. If not provided, will look for '${DOTSEC_DEFAULT_DOTSEC_FILENAME}' file in current directory.`,
+    DOTSEC_DEFAULT_DOTSEC_FILENAME
+  ],
+  env: "SEC_FILE"
+};
+var usingOption = {
+  flags: "--using <using>",
+  description: "Wether to use a dot env file or a dot sec file",
+  choices: ["env", "sec"],
+  env: "DOTSEC_USING"
+};
+var usingNoEncryptionEngineOption = {
+  flags: "--using <using>",
+  description: "Wether to use a dot env file or a dot sec file",
+  choices: ["env"],
+  env: "DOTSEC_USING"
+};
+var showRedactedOption = {
+  flags: "--show-redacted",
+  description: 'Wether to show redacted values."',
+  env: "DOTSEC_SHOW_REDACTED"
+};
+var showOutputPrefixOption = {
+  flags: "--show-output-prefix",
+  description: "Show output prefix",
+  env: "DOTSEC_SHOW_OUTPUT_PREFIX"
+};
+var outputPrefixOption = {
+  flags: "--output-prefix <outputPrefix>",
+  description: "Output prefix",
+  env: "DOTSEC_OUTPUT_PREFIX"
+};
+var showOutputBackgroundColorOption = {
+  flags: "--show-output-background-color",
+  description: "Show output background color",
+  env: "DOTSEC_SHOW_OUTPUT_BACKGROUND_COLOR"
+};
+var outputBackgroundColorOption = {
+  flags: "--output-background-color <outputBackgroundColor>",
+  description: "Background color of the output.",
+  env: "DOTSEC_OUTPUT_BACKGROUND_COLOR",
+  choices: backgroundColors,
+  defaultValue: "red-bright"
+};
+var yesOption = {
+  option: ["--yes", "Skip confirmation prompts"]
+};
+var configFileOption = {
+  option: ["-c, --config-file, --configFile <configFile>", "Config file"],
+  env: "DOTSEC_CONFIG_FILE"
+};
+var pluginOption = {
+  option: ["--plugin <plugin>", "Comma-separated list of plugins to use"],
+  env: "DOTSEC_PLUGIN"
+};
+var engineOption = {
+  option: ["--engine <engine>", "Encryption engine to use"],
+  env: "DOTSEC_ENGINE"
+};
+var createManifestOption = {
+  option: [
+    "--create-manifest",
+    "Create a markdown manifest file. See the --manifest-file option for more information."
+  ],
+  env: "CREATE_MANIFEST"
+};
+var manifestFilePrefixOption = {
+  option: [
+    "--manifest-file-prefix <manifestFilePrefix>",
+    "Mmanifest file prefix"
+  ],
+  env: "ENCRYPTION_MANIFEST_FILE"
+};
+
+// src/cli/options/decrypt.ts
+var decryptCommandDefaults = {
+  decrypt: {
+    options: {
+      configFile: configFileOption,
+      envFile: envFileOption,
+      secFile: secFileOption,
+      createManifest: createManifestOption,
+      manifestFilePrefix: manifestFilePrefixOption,
+      yes: yesOption
+    },
+    description: "Decrypt a sec file",
+    helpText: `Examples:
 
 
 Decrypt .sec file to .env file
@@ -16,7 +465,7 @@ Specify a different .env file
 $ npx dotsec decrypt --env-file .env.dev
 $ ENV_FILE=.env.dev npx dotsec decrypt
 
-Write a manifest file
+Write a manifest markdown file
 
 $ npx dotsec decrypt --create-manifest
 $ CREATE_MANIFEST=true npx dotsec decrypt
@@ -24,8 +473,36 @@ $ CREATE_MANIFEST=true npx dotsec decrypt
 Specify a different manifest file
 
 $ npx dotsec decrypt --manifest-file .manifest.dev
-$ MANIFEST_FILE=.manifest.dev npx dotsec decrypt
-`}},pe=We;var Ue={dotsec:{options:{configFile:F,plugin:ae}}},le=Ue;var Ke={encrypt:{options:{configFile:F,envFile:S,secFile:N,createManifest:R,manifestFile:M,yes:$},description:"Encrypt an env file",helpText:`Examples:
+$ MANIFEST_FILE=decryption-manifest.md npx dotsec decrypt
+`
+  }
+};
+var decrypt_default = decryptCommandDefaults;
+
+// src/cli/options/dotsec.ts
+var dotsecCommandDefaults = {
+  dotsec: {
+    options: {
+      configFile: configFileOption,
+      plugin: pluginOption
+    }
+  }
+};
+var dotsec_default = dotsecCommandDefaults;
+
+// src/cli/options/encrypt.ts
+var encryptCommandDefaults = {
+  encrypt: {
+    options: {
+      configFile: configFileOption,
+      envFile: envFileOption,
+      secFile: secFileOption,
+      createManifest: createManifestOption,
+      manifestFile: manifestFilePrefixOption,
+      yes: yesOption
+    },
+    description: "Encrypt an env file",
+    helpText: `Examples:
 
 
 Encrypt .env file to .sec file
@@ -38,13 +515,14 @@ Specify a different .env file
 $ npx dotsec encrypt --env-file .env.dev
 $ ENV_FILE=.env.dev npx dotsec encrypt
 
+
 Specify a different .sec file
 
 $ npx dotsec encrypt --sec-file .sec.dev
 $ SEC_FILE=.sec.dev npx dotsec encrypt
 
 
-Write a manifest file
+Write a manifest markdown file
 
 $ npx dotsec encrypt --create-manifest
 $ CREATE_MANIFEST=true npx dotsec encrypt
@@ -52,9 +530,22 @@ $ CREATE_MANIFEST=true npx dotsec encrypt
 
 Specify a different manifest file
 
-$ npx dotsec encrypt --manifest-file .manifest.dev
-$ MANIFEST_FILE=.manifest.dev npx dotsec encrypt
-`}},de=Ke;var Je={init:{options:{configFile:F,yes:$},description:"Initialize a dotsec project by creating a dotsec.config.ts file.",helpText:`Examples:
+$ npx dotsec encrypt --manifest-file manifest.dev
+$ MANIFEST_FILE=encryption-manifest.md npx dotsec encrypt
+`
+  }
+};
+var encrypt_default = encryptCommandDefaults;
+
+// src/cli/options/init.ts
+var initCommandDefaults = {
+  init: {
+    options: {
+      configFile: configFileOption,
+      yes: yesOption
+    },
+    description: "Initialize a dotsec project by creating a dotsec.config.ts file.",
+    helpText: `Examples:
 
 Create a dotsec.config.ts file in the current directory
 
@@ -73,7 +564,25 @@ By specifying the --config-file option, you can create a dotsec config file with
 $ npx dotsec init --config-file dotsec.config.ts
 
 $ DOTSEC_CONFIG_FILE=my.config.ts npx dotsec init
-`}},fe=Je;var Be={push:{options:{configFile:F,envFile:S,secFile:N,yes:$},requiredOptions:{using:L},description:"Push variables from env or sec file to a remote",helpText:`Examples:
+`
+  }
+};
+var init_default = initCommandDefaults;
+
+// src/cli/options/push.ts
+var pushCommandDefaults = {
+  push: {
+    options: {
+      configFile: configFileOption,
+      envFile: envFileOption,
+      secFile: secFileOption,
+      yes: yesOption
+    },
+    requiredOptions: {
+      using: usingOption
+    },
+    description: "Push variables from env or sec file to a remote",
+    helpText: `Examples:
 
 Push variables from .env file to remote
 
@@ -85,7 +594,31 @@ Push variables from .sec file to remote
 
 $ npx dotsec push --using sec
 $ DOTSEC_USING=sec npx dotsec push
-`}},me=Be;var Ye={runEnvOnly:{usage:"--using env [commandArgs...]",options:{configFile:F,envFile:S,yes:$,engine:ce},requiredOptions:{using:se},description:"Run a command in a separate process and populate env with contents of a dotenv file.",helpText:`Examples:
+`
+  }
+};
+var push_default = pushCommandDefaults;
+
+// src/cli/options/run.ts
+var runCommandDefaults = {
+  runEnvOnly: {
+    usage: "--using env [commandArgs...]",
+    options: {
+      configFile: configFileOption,
+      envFile: envFileOption,
+      yes: yesOption,
+      engine: engineOption,
+      showRedacted: showRedactedOption,
+      outputBackgroundColor: outputBackgroundColorOption,
+      showOutputBackgroundColor: showOutputBackgroundColorOption,
+      showOutputPrefix: showOutputPrefixOption,
+      outputPrefix: outputPrefixOption
+    },
+    requiredOptions: {
+      using: usingNoEncryptionEngineOption
+    },
+    description: "Run a command in a separate process and populate env with contents of a dotenv file.",
+    helpText: `Examples:
 		
 Run a command with a .env file
 		
@@ -105,63 +638,872 @@ $ ENV_FILE=.env.dev npx dotsec run --using env node -e "console.log(process.env)
 You can also specify 'using' as an environment variable
 
 $ DOTSEC_USING=env npx dotsec run node -e "console.log(process.env)"
-		`},run:{options:{configFile:F,envFile:S,secFile:N,yes:$},requiredOptions:{using:L},usage:"[--using env] [--using sec] [commandArgs...]",description:`Run a command in a separate process and populate env with either 
+		`
+  },
+  run: {
+    options: {
+      configFile: configFileOption,
+      envFile: envFileOption,
+      secFile: secFileOption,
+      yes: yesOption,
+      showRedacted: showRedactedOption,
+      outputBackgroundColor: outputBackgroundColorOption,
+      hideOutputBackgroundColor: showOutputBackgroundColorOption,
+      hideOutputPrefix: showOutputPrefixOption,
+      outputPrefix: outputPrefixOption
+    },
+    requiredOptions: {
+      using: usingOption
+    },
+    usage: "[--using env] [--using sec] [commandArgs...]",
+    description: `Run a command in a separate process and populate env with either 
 			- contents of a dotenv file
 			- decrypted values of a dotsec file.
 
-The --withEnv option will take precedence over the --withSec option. If neither are specified, the --withEnv option will be used by default.`,helpText:`Examples:
+The --withEnv option will take precedence over the --withSec option. If neither are specified, the --withEnv option will be used by default.`,
+    helpText: `${"Examples:"}
 
-Run a command with a .env file
+${"Run a command with a .env file"}
 
 $ dotsec run echo "hello world"
 
 
-Run a command with a specific .env file
+${"Run a command with a specific .env file"}
 
 $ dotsec run --with-env --env-file .env.dev echo "hello world"
 
 
-Run a command with a .sec file
+${"Run a command with a .sec file"}
 
 $ dotsec run --with-sec echo "hello world"
 
 
-Run a command with a specific .sec file
+${"Run a command with a specific .sec file"}
 
 $ dotsec run --with-sec --sec-file .sec.dev echo "hello world"
-`}},ge=Ye;var ze={...le,...fe,...de,...pe,...ge,...me},Qe=n=>{if(Array.isArray(n)){let[o,a,t]=n;return{flags:o,description:a,defaultValue:t}}else{if("option"in n){let[o,a,t]=n.option;return{flags:o,description:a,defaultValue:t,env:n.env}}return n}},ue=(n,o)=>{let a=o?.dotsecConfig?.defaults?.options?.[o?.optionKey],t=Qe(n),e=new ye.Option(t.flags,t.description);return t.fn&&e.argParser(t.fn),t.defaultValue&&e.default(a||t.defaultValue),t.env&&e.env(t.env),o.required&&e.makeOptionMandatory(!0),t.choices&&e.choices(t.choices),e},P=n=>{let{program:o,commandName:a,dotsecConfig:t}=n,e=ze[a||o.name()];if(e){let{options:i,requiredOptions:c,description:l,usage:s,helpText:r}=e;i&&Object.keys(i).forEach(f=>{let m=i[f],d=ue(m,{dotsecConfig:t,optionKey:f});o.addOption(d)}),c&&Object.keys(c).forEach(f=>{let m=c[f],d=ue(m,{required:!0,dotsecConfig:t,optionKey:f});o.addOption(d)}),l&&o.description(l),s&&o.usage(s),r&&o.description(r)}};var Oe=require("dotenv"),Xe=async(n,o)=>{let{dotsecConfig:a,decryptHandlers:t}=o,e=n.enablePositionalOptions().passThroughOptions().command("decrypt").action(async(c,l)=>{try{let{envFile:s,secFile:r,engine:f,createManifest:m,manifestFile:d,yes:p}=l.optsWithGlobals(),O=f||a?.defaults?.encryptionEngine,u=(t||[]).find(h=>h.triggerOptionValue===O);if(!u)throw new Error(`No decryption plugin found, available decryption engine(s): ${o.decryptHandlers.map(h=>`--${h.triggerOptionValue}`).join(", ")}`);console.log("Decrypting with",C(u.encryptionEngineName||u.triggerOptionValue),"engine");let g=[...Object.keys(u.options||{}),...Object.keys(u.requiredOptions||{})],D=Object.fromEntries(g.map(h=>[h,c[h]])),v=await V(r),E=await u.handler({ciphertext:v,...D}),j=await A({filePath:s,skip:p});if((j===void 0||j.overwrite===!0)&&(await I(s,E),console.log(`Wrote plaintext contents of ${C(r)} file to ${C(s)}`)),m){let h=(0,Oe.parse)(E),y=`# Dotsec decryption manifest 
+`
+  }
+  // push: {
+  // 	options: {
+  // 		...dotsecCommandDefaults.dotsec.options,
+  // 		withEnv: withEnvOption,
+  // 		withSec: withSecOption,
+  // 		envFile: envFileOption,
+  // 		secFile: secFileOption,
+  // 		yes: yesOption,
+  // 	},
+  // 	requiredOptions: {
+  // 		...dotsecCommandDefaults.dotsec.requiredOptions,
+  // 	},
+  // },
+};
+var run_default = runCommandDefaults;
+
+// src/cli/options/index.ts
+var commandOptions = {
+  ...dotsec_default,
+  ...init_default,
+  ...encrypt_default,
+  ...decrypt_default,
+  ...run_default,
+  ...push_default
+};
+var expandCommandOption = (commandOption) => {
+  if (Array.isArray(commandOption)) {
+    const [flags, description, defaultValue] = commandOption;
+    const optionProps = {
+      flags,
+      description,
+      defaultValue
+    };
+    return optionProps;
+  } else {
+    if ("option" in commandOption) {
+      const [flags, description, defaultValue] = commandOption.option;
+      const optionProps = {
+        flags,
+        description,
+        defaultValue,
+        env: commandOption.env
+      };
+      return optionProps;
+    }
+    return commandOption;
+  }
+};
+var createOption = (commandOption, options) => {
+  const defaultOptionValueFromConfig = options?.dotsecConfig?.defaults?.options?.[options?.optionKey];
+  const optionProps = expandCommandOption(commandOption);
+  const newOption = new commander.Option(optionProps.flags, optionProps.description);
+  if (optionProps.fn) {
+    newOption.argParser(optionProps.fn);
+  }
+  if (optionProps.defaultValue) {
+    newOption.default(defaultOptionValueFromConfig || optionProps.defaultValue);
+  }
+  if (optionProps.env) {
+    newOption.env(optionProps.env);
+  }
+  if (options.required) {
+    newOption.makeOptionMandatory(true);
+  }
+  if (optionProps.choices) {
+    newOption.choices(optionProps.choices);
+  }
+  return newOption;
+};
+var setProgramOptions = (params) => {
+  const { program: program2, commandName, dotsecConfig } = params;
+  const programOptions = commandOptions[commandName || program2.name()];
+  if (programOptions) {
+    const { options, requiredOptions, description, usage, helpText } = programOptions;
+    if (options) {
+      Object.keys(options).forEach((optionKey) => {
+        const commandOption = options[optionKey];
+        const newOption = createOption(commandOption, {
+          dotsecConfig,
+          optionKey
+        });
+        program2.addOption(newOption);
+      });
+    }
+    if (requiredOptions) {
+      Object.keys(requiredOptions).forEach((requiredOptionKey) => {
+        const requiredOption = requiredOptions[requiredOptionKey];
+        const newOption = createOption(requiredOption, {
+          required: true,
+          dotsecConfig,
+          optionKey: requiredOptionKey
+        });
+        program2.addOption(newOption);
+      });
+    }
+    if (description) {
+      program2.description(description);
+    }
+    if (usage) {
+      program2.usage(usage);
+    }
+    if (helpText) {
+      program2.description(helpText);
+    }
+  }
+};
+
+// src/cli/commands/decrypt.ts
+var addEncryptProgram = async (program2, options) => {
+  const { dotsecConfig, decryptHandlers } = options;
+  const subProgram = program2.enablePositionalOptions().passThroughOptions().command("decrypt").action(async (_options, command) => {
+    try {
+      const {
+        // verbose,
+        envFile,
+        secFile,
+        engine,
+        createManifest,
+        manifestFile,
+        yes
+      } = command.optsWithGlobals();
+      const encryptionEngine = engine || dotsecConfig?.defaults?.encryptionEngine;
+      const pluginCliDecrypt = (decryptHandlers || []).find((handler) => {
+        return handler.triggerOptionValue === encryptionEngine;
+      });
+      if (!pluginCliDecrypt) {
+        throw new Error(
+          `No decryption plugin found, available decryption engine(s): ${options.decryptHandlers.map((e) => `--${e.triggerOptionValue}`).join(", ")}`
+        );
+      }
+      console.log(
+        "Decrypting with",
+        strong(
+          pluginCliDecrypt.encryptionEngineName || pluginCliDecrypt.triggerOptionValue
+        ),
+        "engine"
+      );
+      const allOptionKeys = [
+        ...Object.keys(pluginCliDecrypt.options || {}),
+        ...Object.keys(pluginCliDecrypt.requiredOptions || {})
+      ];
+      const allOptionsValues = Object.fromEntries(
+        allOptionKeys.map((key) => {
+          return [key, _options[key]];
+        })
+      );
+      const dotsecString = await readContentsFromFile(secFile);
+      const plaintext = await pluginCliDecrypt.handler({
+        ciphertext: dotsecString,
+        ...allOptionsValues
+      });
+      const dotenvOverwriteResponse = await promptOverwriteIfFileExists({
+        filePath: envFile,
+        skip: yes
+      });
+      if (dotenvOverwriteResponse === void 0 || dotenvOverwriteResponse.overwrite === true) {
+        await writeContentsToFile(envFile, plaintext);
+        console.log(
+          `Wrote plaintext contents of ${strong(secFile)} file to ${strong(
+            envFile
+          )}`
+        );
+      }
+      if (createManifest || dotsecConfig?.defaults?.options?.createManifest) {
+        const dotenvVars = parse(plaintext).obj;
+        const markdownManifest = `# Dotsec decryption manifest
 
 ## Overview
 
-- plaintext source: ${s}
-- ciphertext target: ${r}
-- created: ${new Date().toUTCString()}
-- Decryption engine: ${u.encryptionEngineName||u.triggerOptionValue}
-- Decryption engine options: ${JSON.stringify(D)}
+- plaintext source: ${envFile}
+- ciphertext target: ${secFile}
+- created: ${( new Date()).toUTCString()}
+- Decryption engine: ${pluginCliDecrypt.encryptionEngineName || pluginCliDecrypt.triggerOptionValue}
+- Decryption engine options: ${JSON.stringify(allOptionsValues)}
 
 ## Variables
 
-| Key | 
-| --- | 
-${Object.keys(h).map(H=>`| \`${H} \`| `).join(`
-`)}
-`,b=d||`${s}.decryption-manifest.md`;await I(b,y),console.log(`Wrote manifest of ${C(s)} file to ${C(b)}`)}}catch(s){console.error(C(s.message)),l.help()}});o.decryptHandlers.map(c=>{let{options:l,requiredOptions:s}=c;x(l,e),x(s,e,!0)});let i=o.decryptHandlers.map(c=>c.triggerOptionValue);return e.option("--engine <engine>",`Encryption engine${i.length>0?"s":""} to use: ${i.length===1?i[0]:i.join(", ")}`,i.length===1?i[0]:void 0),P({program:e,dotsecConfig:a}),e},Ce=Xe;var he=require("dotenv"),Ze=async(n,o)=>{let{encryptHandlers:a,dotsecConfig:t}=o,e=n.enablePositionalOptions().passThroughOptions().command("encrypt").action(async(l,s)=>{try{let{envFile:r,secFile:f,engine:m,createManifest:d,manifestFile:p,yes:O}=s.optsWithGlobals(),u=m||t?.defaults?.encryptionEngine,g=(a||[]).find(y=>y.triggerOptionValue===u);if(!g)throw new Error(`No encryption plugin found, available encryption engine(s): ${o.encryptHandlers.map(y=>y.triggerOptionValue).join(", ")}`);let D=[...Object.keys(g.options||{}),...Object.keys(g.requiredOptions||{})],v=Object.fromEntries(D.map(y=>[y,l[y]])),E=await V(r),j=await g.handler({plaintext:E,...v}),h=await A({filePath:f,skip:O});if((h===void 0||h.overwrite===!0)&&(await I(f,j),console.log(`Wrote encrypted contents of ${C(r)} file to ${C(f)}`),d)){let y=(0,he.parse)(E),b=`# Dotsec encryption manifest 
+| Key |
+| --- |
+${Object.keys(dotenvVars).map((key) => {
+          return `| \`${key} \`| `;
+        }).join("\n")}
+`;
+        const manifestTargetFile = manifestFile || `${envFile}.decryption-manifest.md`;
+        await writeContentsToFile(manifestTargetFile, markdownManifest);
+        console.log(
+          `Wrote manifest of ${strong(envFile)} file to ${strong(
+            manifestTargetFile
+          )}`
+        );
+      }
+    } catch (e) {
+      console.error(strong(e.message));
+      command.help();
+    }
+  });
+  options.decryptHandlers.map((decryption) => {
+    const { options: options2, requiredOptions } = decryption;
+    addPluginOptions(options2, subProgram);
+    addPluginOptions(requiredOptions, subProgram, true);
+  });
+  const engines = options.decryptHandlers.map((e) => e.triggerOptionValue);
+  subProgram.option(
+    "--engine <engine>",
+    `Encryption engine${engines.length > 0 ? "s" : ""} to use: ${engines.length === 1 ? engines[0] : engines.join(", ")}`,
+    engines.length === 1 ? engines[0] : void 0
+  );
+  setProgramOptions({ program: subProgram, dotsecConfig });
+  return subProgram;
+};
+var decrypt_default2 = addEncryptProgram;
+
+// src/cli/commands/encrypt.ts
+var addEncryptProgram2 = async (program2, options) => {
+  const { encryptHandlers, dotsecConfig } = options;
+  const subProgram = program2.enablePositionalOptions().passThroughOptions().command("encrypt").action(async (_options, command) => {
+    try {
+      const {
+        // verbose,
+        envFile,
+        secFile,
+        engine,
+        createManifest,
+        manifestFile,
+        yes
+      } = command.optsWithGlobals();
+      const encryptionEngine = engine || dotsecConfig?.defaults?.encryptionEngine;
+      const pluginCliEncrypt = (encryptHandlers || []).find((handler) => {
+        return handler.triggerOptionValue === encryptionEngine;
+      });
+      if (!pluginCliEncrypt) {
+        throw new Error(
+          `No encryption plugin found, available encryption engine(s): ${options.encryptHandlers.map((e) => e.triggerOptionValue).join(", ")}`
+        );
+      }
+      const allOptionKeys = [
+        ...Object.keys(pluginCliEncrypt.options || {}),
+        ...Object.keys(pluginCliEncrypt.requiredOptions || {})
+      ];
+      const allOptionsValues = Object.fromEntries(
+        allOptionKeys.map((key) => {
+          return [key, _options[key]];
+        })
+      );
+      const dotenvString = await readContentsFromFile(envFile);
+      let dotsecString;
+      try {
+        dotsecString = await readContentsFromFile(secFile);
+      } catch (e) {
+      }
+      const cipherText = await pluginCliEncrypt.handler({
+        plaintext: dotenvString,
+        ciphertext: dotsecString,
+        ...allOptionsValues
+      });
+      const dotsecOverwriteResponse = await promptOverwriteIfFileExists({
+        filePath: secFile,
+        skip: yes
+      });
+      if (dotsecOverwriteResponse === void 0 || dotsecOverwriteResponse.overwrite === true) {
+        await writeContentsToFile(secFile, cipherText);
+        console.log(
+          `Wrote encrypted contents of ${strong(envFile)} file to ${strong(
+            secFile
+          )}`
+        );
+        if (createManifest || dotsecConfig?.defaults?.options?.createManifest) {
+          const dotenvVars = parse(dotenvString).obj;
+          const markdownManifest = `# Dotsec encryption manifest 
 
 ## Overview
 
-- plaintext source: ${r}
-- ciphertext target: ${f}
-- created: ${new Date().toUTCString()}
-- encryption engine: ${g.encryptionEngineName||g.triggerOptionValue}
-- encryption engine options: ${JSON.stringify(v)}
+- plaintext source: ${envFile}
+- ciphertext target: ${secFile}
+- created: ${( new Date()).toUTCString()}
+- encryption engine: ${pluginCliEncrypt.encryptionEngineName || pluginCliEncrypt.triggerOptionValue}
+- encryption engine options: ${JSON.stringify(allOptionsValues)}
 
 ## Variables
 
 | Key | 
 | --- | 
-${Object.keys(y).map(Ne=>`| \`${Ne} \`| `).join(`
-`)}
-`,H=p||`${f}.encryption-manifest.md`;await I(H,b),console.log(`Wrote manifest of ${C(r)} file to ${C(H)}`)}}catch(r){console.error(C(r.message)),s.help()}});o.encryptHandlers.map(l=>{let{options:s,requiredOptions:r}=l;x(s,e),x(r,e,!0)});let i=o.encryptHandlers.map(l=>l.triggerOptionValue),c=o.encryptHandlers.map(l=>l.encryptionEngineName);return e.option("--engine <engine>",`Encryption engine${i.length>0?"s":""}: ${i.length===1?i[0]:i.join(", ")}`,i.length===1?i[0]:void 0),P({program:e,dotsecConfig:t}),e.description(`Encrypt .env file using ${c.join(", ")}`),e},ve=Ze;var Ee=w(require("path")),en=async(n,o)=>{let{dotsecConfig:a}=o,t=n.enablePositionalOptions().passThroughOptions().command("init").action(async(e,i)=>{let{configFile:c="dotsec.config.ts",yes:l}=i.optsWithGlobals();try{let s=await V(Ee.default.resolve(__dirname,"../../src/templates/dotsec.config.ts")),r=await A({filePath:c,skip:l});(r===void 0||r.overwrite===!0)&&(await I(c,s),console.log(`Wrote config file to ${C(c)}`))}catch(s){i.error(s)}});return P({program:t,dotsecConfig:a}),t},we=en;var De=require("dotenv"),Fe=require("dotenv-expand"),U=w(require("fs")),nn=async(n,o)=>{let{dotsecConfig:a,handlers:t}=o,e=n.enablePositionalOptions().passThroughOptions().command("push").action(async(r,f)=>{try{let{using:m,envFile:d,secFile:p,engine:O,yes:u}=f.optsWithGlobals(),g=O||a?.defaults?.encryptionEngine,D=(t||[]).find(y=>y.decrypt?.triggerOptionValue===g)?.decrypt,v=(t||[]).find(y=>y.push?.triggerOptionValue===g)?.push;if(!v)throw new Error("No push plugin found!");let E=[...Object.keys(D?.options||{}),...Object.keys(D?.requiredOptions||{}),...Object.keys(v?.options||{}),...Object.keys(v?.requiredOptions||{})],j=Object.fromEntries(E.map(y=>[y,r[y]])),h;if(m==="env"){if(!d)throw new Error("No dotenv file specified in --env-file option");h=U.default.readFileSync(d,"utf8")}else{if(!p)throw new Error("No dotsec file specified in --sec-file option");if(!D)throw new Error(`No decryption plugin found, available decryption engine(s): ${t.map(b=>`--${b.decrypt?.triggerOptionValue}`).join(", ")}`);let y=U.default.readFileSync(p,"utf8");h=await D.handler({ciphertext:y,...j})}if(h){let y=(0,De.parse)(h),b=(0,Fe.expand)({ignoreProcessEnv:!0,parsed:{...process.env,...y}});b.parsed&&await v.handler({push:b.parsed,yes:u,...j})}else throw new Error("No .env or .sec file provided")}catch(m){console.error(m),process.exit(1)}});P({program:e,dotsecConfig:a});let i=o.handlers.map(({decrypt:r})=>r.triggerOptionValue);e.option("--engine <engine>",`Encryption engine${i.length>0?"s":""} to use: ${i.length===1?i[0]:i.join(", ")}`,i.length===1?i[0]:void 0);let c={};o.handlers.forEach(r=>{Object.keys(r).map(f=>{let{options:m,requiredOptions:d}=r[f];Object.keys(m||{}).forEach(p=>{c[p]=Array.isArray(m[p])?m[p]:{...c[p],...m[p]}}),Object.keys(d||{}).forEach(p=>{c[p]=Array.isArray(d[p])?d[p]:{...c[p],...d[p],required:!0}})})});let l=[],s=[];return t.forEach(r=>{r.push?.description&&s.push(r.push.description),r.push?.usage&&l.push(r.push.usage)}),s.length>0&&e.description(s.join(`
-`)),l.length>0&&e.usage(l.join(`
-`)),x(Object.fromEntries(Object.entries(c).filter(([r,f])=>f.required!==!0)),e),x(Object.fromEntries(Object.entries(c).filter(([r,f])=>f.required===!0)),e,!0),e},xe=nn;var K=w(require("fs")),Pe=require("dotenv"),$e=require("dotenv-expand");var be=require("child_process"),tn=(n,o)=>{let{dotsecConfig:a,decryptHandlers:t}=o||{},e=t!==void 0&&t.length>0,i=n.command("run <command...>").allowUnknownOption(!0).enablePositionalOptions().passThroughOptions().showHelpAfterError(!0).action(async(c,l,s)=>{try{let{envFile:r,using:f,secFile:m,engine:d}=s.optsWithGlobals(),p;if(f==="env"||e===!1){if(!r)throw new Error("No dotenv file specified in --env-file option");p=K.default.readFileSync(r,"utf8")}else if(f==="sec"){if(!m)throw new Error("No dotsec file specified in --sec-file option");let O=d||a?.defaults?.encryptionEngine,u=(t||[]).find(E=>E.triggerOptionValue===O);if(!u)throw new Error(`No decryption plugin found, available decryption engine(s): ${(t||[]).map(E=>`--${E.triggerOptionValue}`).join(", ")}`);let g=[...Object.keys(u.options||{}),...Object.keys(u.requiredOptions||{})],D=Object.fromEntries(g.map(E=>[E,l[E]])),v=K.default.readFileSync(m,"utf8");p=await u.handler({ciphertext:v,...D})}if(p){let O=(0,Pe.parse)(p),u=(0,$e.expand)({ignoreProcessEnv:!0,parsed:{...process.env,...O}}),[g,...D]=c,v=(0,be.spawnSync)(g,[...D],{stdio:"inherit",shell:!1,encoding:"utf-8",env:{...u.parsed,...process.env,__DOTSEC_ENV__:JSON.stringify(Object.keys(O))}});v.status!==0&&process.exit(v.status||1)}else throw new Error("No .env or .sec file provided")}catch(r){console.error(C(r.message)),s.help()}});if(P({program:i,commandName:e?"run":"runEnvOnly",dotsecConfig:a}),e){t?.map(l=>{let{options:s,requiredOptions:r}=l;x(s,i),x(r,i,!0)});let c=t?.map(l=>l.triggerOptionValue);i.option("--engine <engine>",`Encryption engine${c.length>0?"s":""}: ${c.join(", "),c.length===1?c[0]:void 0}`)}return i},Se=tn;var _e=w(require("ajv")),Ie=w(require("yargs-parser")),on={keyword:"separator",type:"string",metaSchema:{type:"string",description:"value separator"},modifying:!0,valid:!0,errors:!1,compile:n=>(o,a)=>{if(a){let{parentData:t,parentDataProperty:e}=a;return t[e]=o===""?[]:o.split(n),!0}else return!1}},T=new Te.Command;(async()=>{let n=(0,Ie.default)(process.argv),o=[];n.plugin&&(Array.isArray(n.plugin)?o.push(...n.plugin):o.push(n.plugin));let a=[...Array.isArray(n.configFile)?n.configFile:[n.configFile],...Array.isArray(n.c)?n.c:[n.c]][0]||process.env.DOTSEC_CONFIG_FILE,{contents:t={}}=await ne(a),{defaults:e={},push:i,plugins:c}=t;T.name("dotsec").description(".env, but secure").version("1.0.0").enablePositionalOptions().action((d,p)=>{p.help()}),P({program:T,dotsecConfig:t});let l=new _e.default({allErrors:!0,removeAdditional:!0,useDefaults:!0,coerceTypes:!0,allowUnionTypes:!0,addUsedSchema:!1,keywords:[on]}),s={};if(c)for(let d of c)e?.plugins?.[d]||(e.plugins={...e.plugins,[d]:{}});if(o.length>0)for(let d of o){let O=await(await W({name:d}))({dotsecConfig:t,ajv:l,configFile:a});s[O.name]=d,o.length===1&&(t.defaults={...t.defaults,encryptionEngine:String(O.name),plugins:{...t.defaults?.plugins,[O.name]:{...t.defaults?.plugins?.[O.name]}}})}e?.encryptionEngine&&(e?.plugins?.[e.encryptionEngine]||(e.plugins={...e.plugins,[e.encryptionEngine]:{}})),e?.plugins&&Object.entries(e?.plugins).forEach(([d,p])=>{p?.name?s[d]=p?.name:s[d]=`@dotsec/plugin-${d}`}),Object.values(i||{}).forEach(d=>{Object.keys(d).forEach(p=>{s[p]||(s[p]=`@dotsec/plugin-${p}`)})});let r=[],f=[],m=[];for(let d of Object.keys(s)){let p=s[d],O=await W({name:p}),{addCliCommand:u,cliHandlers:g}=await O({ajv:l,dotsecConfig:t,configFile:a});g?.encrypt&&r.push(g.encrypt),g?.decrypt&&(f.push(g.decrypt),g?.push&&m.push({push:g.push,decrypt:g.decrypt})),u&&u({program:T})}r.length&&await ve(T,{dotsecConfig:t,encryptHandlers:r}),f.length&&await Ce(T,{dotsecConfig:t,decryptHandlers:f}),m.length&&await xe(T,{dotsecConfig:t,handlers:m}),await we(T,{dotsecConfig:t}),await Se(T,{dotsecConfig:t,decryptHandlers:f}),await T.parse()})();
+${Object.keys(dotenvVars).map((key) => {
+            return `| \`${key} \`| `;
+          }).join("\n")}
+`;
+          const manifestTargetFile = manifestFile || `${secFile}.encryption-manifest.md`;
+          await writeContentsToFile(manifestTargetFile, markdownManifest);
+          console.log(
+            `Wrote manifest of ${strong(envFile)} file to ${strong(
+              manifestTargetFile
+            )}`
+          );
+        }
+      }
+    } catch (e) {
+      console.error(strong(e.message));
+      command.help();
+    }
+  });
+  options.encryptHandlers.map((encryptionHandler) => {
+    const { options: options2, requiredOptions } = encryptionHandler;
+    addPluginOptions(options2, subProgram);
+    addPluginOptions(requiredOptions, subProgram, true);
+  });
+  const engines = options.encryptHandlers.map((e) => e.triggerOptionValue);
+  const encryptionEngineNames = options.encryptHandlers.map(
+    (e) => e.encryptionEngineName
+  );
+  subProgram.option(
+    "--engine <engine>",
+    `Encryption engine${engines.length > 0 ? "s" : ""}: ${engines.length === 1 ? engines[0] : engines.join(", ")}`,
+    engines.length === 1 ? engines[0] : void 0
+  );
+  setProgramOptions({ program: subProgram, dotsecConfig });
+  subProgram.description(
+    `Encrypt .env file using ${encryptionEngineNames.join(", ")}`
+  );
+  return subProgram;
+};
+var encrypt_default2 = addEncryptProgram2;
+var addInitProgram = async (program2, options) => {
+  const { dotsecConfig } = options;
+  const subProgram = program2.enablePositionalOptions().passThroughOptions().command("init").action(async (_options, command) => {
+    const { configFile = "dotsec.config.ts", yes } = command.optsWithGlobals();
+    try {
+      const configTemplate = await readContentsFromFile(
+        path__default.default.resolve(__dirname, "../../src/templates/dotsec.config.ts")
+      );
+      const dotsecConfigOverwriteResponse = await promptOverwriteIfFileExists(
+        {
+          filePath: configFile,
+          skip: yes
+        }
+      );
+      if (dotsecConfigOverwriteResponse === void 0 || dotsecConfigOverwriteResponse.overwrite === true) {
+        await writeContentsToFile(configFile, configTemplate);
+        console.log(`Wrote config file to ${strong(configFile)}`);
+      }
+    } catch (e) {
+      command.error(e);
+    }
+  });
+  setProgramOptions({ program: subProgram, dotsecConfig });
+  return subProgram;
+};
+var init_default2 = addInitProgram;
+var addPushProgram = async (program2, options) => {
+  const { dotsecConfig, handlers } = options;
+  const subProgram = program2.enablePositionalOptions().passThroughOptions().command("push").action(async (_options, command) => {
+    try {
+      const {
+        // verbose,
+        using,
+        envFile,
+        secFile,
+        engine,
+        yes
+      } = command.optsWithGlobals();
+      const encryptionEngine = engine || dotsecConfig?.defaults?.encryptionEngine;
+      const pluginCliDecrypt = (handlers || []).find((handler) => {
+        return handler.decrypt?.triggerOptionValue === encryptionEngine;
+      })?.decrypt;
+      const pluginCliPush = (handlers || []).find((handler) => {
+        return handler.push?.triggerOptionValue === encryptionEngine;
+      })?.push;
+      if (!pluginCliPush) {
+        throw new Error("No push plugin found!");
+      }
+      const allOptionKeys = [
+        ...Object.keys(pluginCliDecrypt?.options || {}),
+        ...Object.keys(pluginCliDecrypt?.requiredOptions || {}),
+        ...Object.keys(pluginCliPush?.options || {}),
+        ...Object.keys(pluginCliPush?.requiredOptions || {})
+      ];
+      const allOptionsValues = Object.fromEntries(
+        allOptionKeys.map((key) => {
+          return [key, _options[key]];
+        })
+      );
+      let envContents;
+      if (using === "env") {
+        if (!envFile) {
+          throw new Error("No dotenv file specified in --env-file option");
+        }
+        envContents = fs3__default.default.readFileSync(envFile, "utf8");
+      } else {
+        if (!secFile) {
+          throw new Error("No dotsec file specified in --sec-file option");
+        }
+        if (!pluginCliDecrypt) {
+          throw new Error(
+            `No decryption plugin found, available decryption engine(s): ${handlers.map((e) => `--${e.decrypt?.triggerOptionValue}`).join(", ")}`
+          );
+        }
+        const dotSecContents = fs3__default.default.readFileSync(secFile, "utf8");
+        envContents = await pluginCliDecrypt.handler({
+          ciphertext: dotSecContents,
+          ...allOptionsValues
+        });
+      }
+      if (envContents) {
+        const dotenvVars = parse(envContents).obj;
+        const expandedEnvVars = dotenvExpand.expand({
+          ignoreProcessEnv: true,
+          parsed: {
+            // add standard env variables
+            ...process.env,
+            // add custom env variables, either from .env or .sec, (or empty object if none)
+            ...dotenvVars
+          }
+        });
+        if (expandedEnvVars.parsed) {
+          await pluginCliPush.handler({
+            push: expandedEnvVars.parsed,
+            yes,
+            ...allOptionsValues
+          });
+        }
+      } else {
+        throw new Error("No .env or .sec file provided");
+      }
+    } catch (e) {
+      console.error(e);
+      process.exit(1);
+    }
+  });
+  setProgramOptions({ program: subProgram, dotsecConfig });
+  const engines = options.handlers.map(
+    ({ decrypt }) => decrypt.triggerOptionValue
+  );
+  subProgram.option(
+    "--engine <engine>",
+    `Encryption engine${engines.length > 0 ? "s" : ""} to use: ${engines.length === 1 ? engines[0] : engines.join(", ")}`,
+    engines.length === 1 ? engines[0] : void 0
+  );
+  const allOptions = {};
+  options.handlers.forEach((handlers2) => {
+    Object.keys(handlers2).map((handlerName) => {
+      const { options: cliOptions, requiredOptions } = handlers2[handlerName];
+      Object.keys(cliOptions || {}).forEach((key) => {
+        allOptions[key] = Array.isArray(cliOptions[key]) ? cliOptions[key] : { ...allOptions[key], ...cliOptions[key] };
+      });
+      Object.keys(requiredOptions || {}).forEach((key) => {
+        allOptions[key] = Array.isArray(requiredOptions[key]) ? requiredOptions[key] : {
+          ...allOptions[key],
+          ...requiredOptions[key],
+          required: true
+        };
+      });
+    });
+  });
+  const usage = [];
+  const descriptions = [];
+  handlers.forEach((handler) => {
+    if (handler.push?.description) {
+      descriptions.push(handler.push.description);
+    }
+    if (handler.push?.usage) {
+      usage.push(handler.push.usage);
+    }
+  });
+  if (descriptions.length > 0) {
+    subProgram.description(descriptions.join("\n"));
+  }
+  if (usage.length > 0) {
+    subProgram.usage(usage.join("\n"));
+  }
+  addPluginOptions(
+    Object.fromEntries(
+      Object.entries(allOptions).filter(
+        ([_key, value]) => value.required !== true
+      )
+    ),
+    subProgram
+  );
+  addPluginOptions(
+    Object.fromEntries(
+      Object.entries(allOptions).filter(
+        ([_key, value]) => value.required === true
+      )
+    ),
+    subProgram,
+    true
+  );
+  return subProgram;
+};
+var push_default2 = addPushProgram;
+var addRunProgam = (program2, options) => {
+  const { dotsecConfig, decryptHandlers } = options || {};
+  const hasDecryptEngine = decryptHandlers !== void 0 && decryptHandlers.length > 0;
+  const subProgram = program2.command("run <command...>").allowUnknownOption(true).enablePositionalOptions().passThroughOptions().showHelpAfterError(true).action(
+    async (commands, _options, command) => {
+      try {
+        const {
+          envFile,
+          using,
+          secFile,
+          engine,
+          showRedacted,
+          outputBackgroundColor,
+          showOutputBackgroundColor,
+          showOutputPrefix,
+          outputPrefix
+        } = command.optsWithGlobals();
+        let envContents;
+        if (using === "env" || hasDecryptEngine === false) {
+          if (!envFile) {
+            throw new Error("No dotenv file specified in --env-file option");
+          }
+          envContents = fs3__default.default.readFileSync(envFile, "utf8");
+        } else if (using === "sec") {
+          if (!secFile) {
+            throw new Error("No dotsec file specified in --sec-file option");
+          }
+          const encryptionEngine = engine || dotsecConfig?.defaults?.encryptionEngine;
+          const pluginCliDecrypt = (decryptHandlers || []).find((handler) => {
+            return handler.triggerOptionValue === encryptionEngine;
+          });
+          if (!pluginCliDecrypt) {
+            throw new Error(
+              `No decryption plugin found, available decryption engine(s): ${(decryptHandlers || []).map((e) => `--${e.triggerOptionValue}`).join(", ")}`
+            );
+          }
+          const allOptionKeys = [
+            ...Object.keys(pluginCliDecrypt.options || {}),
+            ...Object.keys(pluginCliDecrypt.requiredOptions || {})
+          ];
+          const allOptionsValues = Object.fromEntries(
+            allOptionKeys.map((key) => {
+              return [key, _options[key]];
+            })
+          );
+          try {
+            const dotSecContents = fs3__default.default.readFileSync(secFile, "utf8");
+            envContents = await pluginCliDecrypt.handler({
+              ciphertext: dotSecContents,
+              ...allOptionsValues
+            });
+          } catch (e) {
+            console.error("Something bad happened while decrypting.");
+            console.error(`File: ${secFile}`);
+            throw e;
+          }
+        }
+        if (envContents) {
+          const dotenvVars = parse(envContents).obj;
+          const expandedEnvVars = dotenvExpand.expand({
+            ignoreProcessEnv: true,
+            parsed: {
+              // add standard env variables
+              ...process.env,
+              // add custom env variables, either from .env or .sec, (or empty object if none)
+              ...dotenvVars
+            }
+          });
+          const [userCommand, ...userCommandArgs] = commands;
+          const waiter = await new Promise((resolve) => {
+            const cprocess = child_process.spawn(userCommand, [...userCommandArgs], {
+              stdio: "pipe",
+              shell: false,
+              env: {
+                ...expandedEnvVars.parsed,
+                ...process.env,
+                __DOTSEC_ENV__: JSON.stringify(Object.keys(dotenvVars))
+              }
+            });
+            const expandedEnvVarsWithoutEnv = dotenvExpand.expand({
+              ignoreProcessEnv: true,
+              parsed: {
+                // add standard env variables
+                // add custom env variables, either from .env or .sec, (or empty object if none)
+                ...dotenvVars
+              }
+            });
+            cprocess.stdout.setEncoding("utf8");
+            let addBackgroundColor = showOutputBackgroundColor || dotsecConfig.defaults?.options?.showBackgroundColor ? chalk2__default.default.bgRedBright : (str) => str;
+            if (outputBackgroundColor && (showOutputBackgroundColor || dotsecConfig.defaults?.options?.showBackgroundColor)) {
+              if (!backgroundColors.includes(
+                outputBackgroundColor
+              )) {
+                throw new Error(
+                  `Invalid background color: ${outputBackgroundColor}`
+                );
+              }
+              const backgroundColorFnName = camelCase.camelCase(
+                `bg-${outputBackgroundColor}`
+              );
+              if (chalk2__default.default[backgroundColorFnName]) {
+                addBackgroundColor = chalk2__default.default[backgroundColorFnName];
+              } else {
+                console.warn(
+                  `Invalid background color: ${backgroundColorFnName}, using default: red`
+                );
+                addBackgroundColor = chalk2__default.default.bgRedBright;
+              }
+            }
+            const prefix = showOutputPrefix || dotsecConfig?.defaults?.options?.showOutputPrefix ? `${outputPrefix || "(dotsec) "}` : "";
+            cprocess.stdout.on("data", function(data) {
+              const lines = addBackgroundColor(
+                data.split(/\r?\n/).map((line) => `${prefix}${line}`).join("\n")
+              );
+              const redactedLines = (showRedacted || dotsecConfig?.defaults?.options?.showRedacted) !== true ? Object.entries(expandedEnvVarsWithoutEnv.parsed || {}).sort(([, a], [, b]) => {
+                if (a.length > b.length) {
+                  return -1;
+                } else if (a.length < b.length) {
+                  return 1;
+                } else {
+                  return 0;
+                }
+              }).reduce((acc, [key, value]) => {
+                console.log("KEY", key);
+                if (dotsecConfig?.redaction?.ignore?.includes(key)) {
+                  console.log("IGNORING", key);
+                  return acc;
+                } else {
+                  const redactedValue = value.replace(/./g, "*");
+                  return acc.replace(value, redactedValue);
+                }
+              }, lines) : lines;
+              console.log(redactedLines);
+            });
+            cprocess.stderr.setEncoding("utf8");
+            cprocess.stderr.on("data", function(data) {
+              process.stderr.write(data.toString());
+            });
+            cprocess.on("exit", (code) => {
+              resolve(code);
+            });
+          });
+          if (waiter !== 0) {
+            process.exit(waiter || 1);
+          }
+        } else {
+          throw new Error("No .env or .sec file provided");
+        }
+      } catch (e) {
+        console.error(strong(e.message));
+        command.help();
+      }
+    }
+  );
+  setProgramOptions({
+    program: subProgram,
+    commandName: hasDecryptEngine ? "run" : "runEnvOnly",
+    dotsecConfig
+  });
+  if (hasDecryptEngine) {
+    decryptHandlers?.map((run) => {
+      const { options: options2, requiredOptions } = run;
+      addPluginOptions(options2, subProgram);
+      addPluginOptions(requiredOptions, subProgram, true);
+    });
+    const engines = decryptHandlers?.map((e) => e.triggerOptionValue);
+    subProgram.option(
+      "--engine <engine>",
+      `Encryption engine${engines.length > 0 ? "s" : ""}: ${engines.join(", "), engines.length === 1 ? engines[0] : void 0}`
+      // engines.length === 1 ? engines[0] : undefined,
+    );
+  }
+  return subProgram;
+};
+var run_default2 = addRunProgam;
+var separator = {
+  keyword: "separator",
+  type: "string",
+  metaSchema: {
+    type: "string",
+    description: "value separator"
+  },
+  modifying: true,
+  valid: true,
+  errors: false,
+  compile: (schema) => (data, ctx) => {
+    if (ctx) {
+      const { parentData, parentDataProperty } = ctx;
+      parentData[parentDataProperty] = data === "" ? [] : data.split(schema);
+      return true;
+    } else {
+      return false;
+    }
+  }
+};
+var program = new commander.Command();
+(async () => {
+  const parsedOptions = yargsParser__default.default(process.argv);
+  const argvPluginModules = [];
+  if (parsedOptions.plugin) {
+    if (Array.isArray(parsedOptions.plugin)) {
+      argvPluginModules.push(...parsedOptions.plugin);
+    } else {
+      argvPluginModules.push(parsedOptions.plugin);
+    }
+  }
+  const someConfigFile = parsedOptions.configFile || parsedOptions.c;
+  const configFile = [
+    ...Array.isArray(someConfigFile) ? someConfigFile : [someConfigFile]
+  ]?.[0] || process.env.DOTSEC_CONFIG_FILE;
+  const { contents: dotsecConfig = {} } = await getMagicalConfig(configFile);
+  const { defaults = {}, push: pushVariables, plugins } = dotsecConfig;
+  program.name("dotsec").description(".env, but secure").version("1.0.0").passThroughOptions().action((_options, other) => {
+    other.help();
+  });
+  setProgramOptions({ program, dotsecConfig });
+  const ajv = new Ajv__default.default({
+    allErrors: true,
+    removeAdditional: true,
+    useDefaults: true,
+    coerceTypes: true,
+    allowUnionTypes: true,
+    addUsedSchema: false,
+    keywords: [separator]
+  });
+  const pluginModules = {};
+  if (plugins) {
+    for (const pluginName of plugins) {
+      if (!defaults?.plugins?.[pluginName]) {
+        defaults.plugins = {
+          ...defaults.plugins,
+          [pluginName]: {}
+        };
+      }
+    }
+  }
+  if (argvPluginModules.length > 0) {
+    for (const pluginModule of argvPluginModules) {
+      const plugin = await loadDotsecPlugin({ name: pluginModule });
+      const loadedPlugin = await plugin({
+        dotsecConfig,
+        ajv,
+        configFile
+      });
+      pluginModules[loadedPlugin.name] = pluginModule;
+      if (argvPluginModules.length === 1) {
+        dotsecConfig.defaults = {
+          ...dotsecConfig.defaults,
+          encryptionEngine: String(loadedPlugin.name),
+          plugins: {
+            ...dotsecConfig.defaults?.plugins,
+            [loadedPlugin.name]: {
+              ...dotsecConfig.defaults?.plugins?.[loadedPlugin.name]
+            }
+          }
+        };
+      }
+    }
+  }
+  if (defaults?.encryptionEngine) {
+    if (!defaults?.plugins?.[defaults.encryptionEngine]) {
+      defaults.plugins = {
+        ...defaults.plugins,
+        [defaults.encryptionEngine]: {}
+      };
+    }
+  }
+  if (defaults?.plugins) {
+    Object.entries(defaults?.plugins).forEach(
+      ([pluginName, pluginModule]) => {
+        if (pluginModule?.name) {
+          pluginModules[pluginName] = pluginModule?.name;
+        } else {
+          pluginModules[pluginName] = `@dotsec/plugin-${pluginName}`;
+        }
+      }
+    );
+  }
+  Object.values(pushVariables || {}).forEach((pushVariable) => {
+    Object.keys(pushVariable).forEach((pluginName) => {
+      if (!pluginModules[pluginName]) {
+        pluginModules[pluginName] = `@dotsec/plugin-${pluginName}`;
+      }
+    });
+  });
+  const cliPluginEncryptHandlers = [];
+  const cliPluginDecryptHandlers = [];
+  const cliPluginPushHandlers = [];
+  for (const pluginName of Object.keys(pluginModules)) {
+    const pluginModule = pluginModules[pluginName];
+    const initDotsecPlugin = await loadDotsecPlugin({ name: pluginModule });
+    const { addCliCommand, cliHandlers: cli } = await initDotsecPlugin({
+      ajv,
+      dotsecConfig,
+      configFile
+    });
+    if (cli?.encrypt) {
+      cliPluginEncryptHandlers.push(cli.encrypt);
+    }
+    if (cli?.decrypt) {
+      cliPluginDecryptHandlers.push(cli.decrypt);
+      if (cli?.push) {
+        cliPluginPushHandlers.push({ push: cli.push, decrypt: cli.decrypt });
+      }
+    }
+    if (addCliCommand) {
+      addCliCommand({ program });
+    }
+  }
+  if (cliPluginEncryptHandlers.length) {
+    await encrypt_default2(program, {
+      dotsecConfig,
+      encryptHandlers: cliPluginEncryptHandlers
+    });
+  }
+  if (cliPluginDecryptHandlers.length) {
+    await decrypt_default2(program, {
+      dotsecConfig,
+      decryptHandlers: cliPluginDecryptHandlers
+    });
+  }
+  if (cliPluginPushHandlers.length) {
+    await push_default2(program, {
+      dotsecConfig,
+      handlers: cliPluginPushHandlers
+    });
+  }
+  await init_default2(program, { dotsecConfig });
+  await run_default2(program, {
+    dotsecConfig,
+    decryptHandlers: cliPluginDecryptHandlers
+  });
+  await program.parse();
+})();
+//# sourceMappingURL=out.js.map
 //# sourceMappingURL=index.js.map