envlock-core 0.3.0 → 0.5.0

package/dist/cli/index.js

@@ -2,6 +2,7 @@
 
 // src/cli/index.ts
 import { pathToFileURL as pathToFileURL2 } from "url";
+import { realpathSync } from "fs";
 
 // src/types.ts
 var ENVIRONMENTS = {
@@ -15,6 +16,32 @@ import { spawnSync } from "child_process";
 
 // src/detect.ts
 import { execFileSync } from "child_process";
+
+// src/logger.ts
+var verbose = false;
+function setVerbose(flag) {
+  verbose = flag;
+}
+var log = {
+  debug: (msg) => {
+    if (verbose) process.stderr.write(`[envlock:debug] ${msg}
+`);
+  },
+  info: (msg) => {
+    process.stderr.write(`[envlock] ${msg}
+`);
+  },
+  warn: (msg) => {
+    process.stderr.write(`[envlock] Warning: ${msg}
+`);
+  },
+  error: (msg) => {
+    process.stderr.write(`[envlock] Error: ${msg}
+`);
+  }
+};
+
+// src/detect.ts
 var WHICH = process.platform === "win32" ? "where" : "which";
 function hasBinary(name) {
   try {
@@ -26,10 +53,10 @@ function hasBinary(name) {
 }
 function checkBinary(name, installHint) {
   if (!hasBinary(name)) {
-    console.error(`[envlock] '${name}' not found in PATH.
+    throw new Error(`[envlock] '${name}' not found in PATH.
 ${installHint}`);
-    process.exit(1);
   }
+  log.debug(`Binary check: ${name} found`);
 }
 
 // src/invoke.ts
@@ -43,16 +70,21 @@ function runWithSecrets(options) {
   const keyAlreadyInjected = !!process.env[privateKeyVar];
   let result;
   if (keyAlreadyInjected) {
+    log.debug(`Spawning: dotenvx run -f ${envFile} -- ${command} ${args.join(" ")}`);
     result = spawnSync(
       "dotenvx",
       ["run", "-f", envFile, "--", command, ...args],
       { stdio: "inherit" }
     );
+    if (result.error) {
+      throw new Error(`[envlock] Failed to spawn 'dotenvx': ${result.error.message}`);
+    }
   } else {
     checkBinary(
       "op",
       "Install 1Password CLI: brew install --cask 1password-cli@beta\nThen sign in: op signin"
     );
+    log.debug(`Spawning: op run --environment ${onePasswordEnvId} -- dotenvx run -f ${envFile} -- ${command} ${args.join(" ")}`);
     result = spawnSync(
       "op",
       [
@@ -70,6 +102,9 @@ function runWithSecrets(options) {
       ],
       { stdio: "inherit" }
     );
+    if (result.error) {
+      throw new Error(`[envlock] Failed to spawn 'op': ${result.error.message}`);
+    }
   }
   process.exit(result.status ?? 1);
 }
@@ -114,12 +149,12 @@ async function resolveConfig(cwd) {
       const mod = await import(pathToFileURL(fullPath).href);
       const config = mod.default ?? mod;
       if (config && typeof config === "object") {
+        log.debug(`Config loaded from ${candidate}`);
         return config;
       }
     } catch (err) {
-      console.warn(
-        `[envlock] Failed to load ${candidate}: ${err instanceof Error ? err.message : String(err)}`
-      );
+      log.warn(`Failed to load ${candidate}: ${err instanceof Error ? err.message : String(err)}`);
+      log.debug(`Stack: ${err instanceof Error ? err.stack ?? "" : ""}`);
     }
   }
   return null;
@@ -145,6 +180,11 @@ function splitCommand(cmd) {
   return parts;
 }
 async function run(argv, cwd = process.cwd()) {
+  const debugIdx = argv.findIndex((a) => a === "--debug" || a === "-d");
+  if (debugIdx !== -1) {
+    setVerbose(true);
+    argv = argv.filter((_, i) => i !== debugIdx);
+  }
   const environment = argv.includes(ARGUMENT_FLAGS.production) ? ENVIRONMENTS.production : argv.includes(ARGUMENT_FLAGS.staging) ? ENVIRONMENTS.staging : ENVIRONMENTS.development;
   const passthrough = argv.filter(
     (f) => f !== ARGUMENT_FLAGS.staging && f !== ARGUMENT_FLAGS.production
@@ -157,7 +197,21 @@ async function run(argv, cwd = process.cwd()) {
     const available = config?.commands ? Object.keys(config.commands).join(", ") : "none";
     throw new Error(`[envlock] No command specified. Available commands: ${available}`);
   }
-  if (config?.commands && firstArg in config.commands) {
+  if (firstArg === "run") {
+    if (config?.commands?.["run"]) {
+      log.warn(
+        '"run" is a reserved subcommand. The config command named "run" is ignored.\nRename it in envlock.config.js to use it as a named command.'
+      );
+    }
+    const runArgs = passthrough.slice(1);
+    if (runArgs.length === 0) {
+      throw new Error(
+        "[envlock] Usage: envlock run <command> [args...]\nExample: envlock run node server.js --port 4000"
+      );
+    }
+    command = runArgs[0];
+    args = runArgs.slice(1);
+  } else if (config?.commands && firstArg in config.commands) {
     const cmdString = config.commands[firstArg];
     if (!cmdString || cmdString.trim() === "") {
       throw new Error(`[envlock] Command "${firstArg}" is empty in envlock.config.js.`);
@@ -182,11 +236,25 @@ async function run(argv, cwd = process.cwd()) {
   validateOnePasswordEnvId(onePasswordEnvId);
   const envFile = config?.envFiles?.[environment] ?? DEFAULT_ENV_FILES[environment];
   validateEnvFilePath(envFile, cwd);
+  log.debug(`Environment: ${environment}`);
+  log.debug(`Env file: ${envFile}`);
+  log.debug(`Command: ${command} ${args.join(" ")}`);
   runWithSecrets({ envFile, environment, onePasswordEnvId, command, args });
 }
-if (import.meta.url === pathToFileURL2(process.argv[1] ?? "").href) {
+var _resolvedArgv1 = (() => {
+  try {
+    return realpathSync(process.argv[1] ?? "");
+  } catch {
+    return process.argv[1] ?? "";
+  }
+})();
+if (import.meta.url === pathToFileURL2(_resolvedArgv1).href) {
+  if (process.argv.includes("--debug") || process.argv.includes("-d")) {
+    setVerbose(true);
+  }
+  log.debug(`Resolved argv[1]: ${_resolvedArgv1}`);
   run(process.argv.slice(2)).catch((err) => {
-    console.error(err instanceof Error ? err.message : String(err));
+    log.error(err instanceof Error ? err.message : String(err));
     process.exit(1);
   });
 }

package/dist/index.d.ts

@@ -33,4 +33,12 @@ declare function checkBinary(name: string, installHint: string): void;
 declare function validateOnePasswordEnvId(id: string): void;
 declare function validateEnvFilePath(envFile: string, cwd: string): void;
 
-export { ENVIRONMENTS, type Environment, type EnvlockConfig, type EnvlockOptions, type RunWithSecretsOptions, checkBinary, hasBinary, runWithSecrets, validateEnvFilePath, validateOnePasswordEnvId };
+declare function setVerbose(flag: boolean): void;
+declare const log: {
+    debug: (msg: string) => void;
+    info: (msg: string) => void;
+    warn: (msg: string) => void;
+    error: (msg: string) => void;
+};
+
+export { ENVIRONMENTS, type Environment, type EnvlockConfig, type EnvlockOptions, type RunWithSecretsOptions, checkBinary, hasBinary, log, runWithSecrets, setVerbose, validateEnvFilePath, validateOnePasswordEnvId };

package/dist/index.js

@@ -3,6 +3,32 @@ import { spawnSync } from "child_process";
 
 // src/detect.ts
 import { execFileSync } from "child_process";
+
+// src/logger.ts
+var verbose = false;
+function setVerbose(flag) {
+  verbose = flag;
+}
+var log = {
+  debug: (msg) => {
+    if (verbose) process.stderr.write(`[envlock:debug] ${msg}
+`);
+  },
+  info: (msg) => {
+    process.stderr.write(`[envlock] ${msg}
+`);
+  },
+  warn: (msg) => {
+    process.stderr.write(`[envlock] Warning: ${msg}
+`);
+  },
+  error: (msg) => {
+    process.stderr.write(`[envlock] Error: ${msg}
+`);
+  }
+};
+
+// src/detect.ts
 var WHICH = process.platform === "win32" ? "where" : "which";
 function hasBinary(name) {
   try {
@@ -14,10 +40,10 @@ function hasBinary(name) {
 }
 function checkBinary(name, installHint) {
   if (!hasBinary(name)) {
-    console.error(`[envlock] '${name}' not found in PATH.
+    throw new Error(`[envlock] '${name}' not found in PATH.
 ${installHint}`);
-    process.exit(1);
   }
+  log.debug(`Binary check: ${name} found`);
 }
 
 // src/invoke.ts
@@ -31,16 +57,21 @@ function runWithSecrets(options) {
   const keyAlreadyInjected = !!process.env[privateKeyVar];
   let result;
   if (keyAlreadyInjected) {
+    log.debug(`Spawning: dotenvx run -f ${envFile} -- ${command} ${args.join(" ")}`);
     result = spawnSync(
       "dotenvx",
       ["run", "-f", envFile, "--", command, ...args],
       { stdio: "inherit" }
     );
+    if (result.error) {
+      throw new Error(`[envlock] Failed to spawn 'dotenvx': ${result.error.message}`);
+    }
   } else {
     checkBinary(
       "op",
       "Install 1Password CLI: brew install --cask 1password-cli@beta\nThen sign in: op signin"
     );
+    log.debug(`Spawning: op run --environment ${onePasswordEnvId} -- dotenvx run -f ${envFile} -- ${command} ${args.join(" ")}`);
     result = spawnSync(
       "op",
       [
@@ -58,6 +89,9 @@ function runWithSecrets(options) {
       ],
       { stdio: "inherit" }
     );
+    if (result.error) {
+      throw new Error(`[envlock] Failed to spawn 'op': ${result.error.message}`);
+    }
   }
   process.exit(result.status ?? 1);
 }
@@ -96,7 +130,9 @@ export {
   ENVIRONMENTS,
   checkBinary,
   hasBinary,
+  log,
   runWithSecrets,
+  setVerbose,
   validateEnvFilePath,
   validateOnePasswordEnvId
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "envlock-core",
-  "version": "0.3.0",
+  "version": "0.5.0",
   "type": "module",
   "description": "Core 1Password + dotenvx secret injection logic for envlock",
   "license": "MIT",
@@ -29,16 +29,16 @@
   "files": [
     "dist"
   ],
-  "devDependencies": {
-    "@types/node": "^20.14.10",
-    "tsup": "^8.0.0",
-    "typescript": "^5.8.2",
-    "vitest": "^3.0.0"
-  },
   "scripts": {
     "build": "tsup",
     "dev": "tsup --watch",
     "test": "vitest run",
     "test:watch": "vitest"
+  },
+  "devDependencies": {
+    "@types/node": "^20.14.10",
+    "tsup": "^8.0.0",
+    "typescript": "^5.8.2",
+    "vitest": "^3.0.0"
   }
-}
+}

package/LICENSE

@@ -1,21 +0,0 @@
-MIT License
-
-Copyright (c) 2026 Benjamin Davies
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.