npm - hot-updater - Versions diffs - 0.22.2 → 0.23.1 - Mend

hot-updater 0.22.2 → 0.23.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/dist/config.cjs +8 -6
package/dist/config.d.cts +16 -1
package/dist/config.d.ts +16 -1
package/dist/config.js +2 -2
package/dist/index.cjs +858 -345
package/dist/index.js +513 -1
package/dist/{fingerprint-B-Krd3Gt.cjs → keyGeneration-BsF6FbpU.cjs} +216 -73
package/dist/{fingerprint-CrCon-HQ.js → keyGeneration-D_2zTEmt.js} +207 -91
package/package.json +12 -12

package/dist/index.js CHANGED Viewed

@@ -1,5 +1,5 @@
 #!/usr/bin/env node
-import { _ as __toESM, a as nativeFingerprint, c as showFingerprintDiff, d as IosConfigParser, f as require_plist, g as __require, h as __commonJS, i as generateFingerprints, l as isFingerprintEquals, m as AndroidConfigParser, o as readLocalFingerprint, p as require_base64_js, s as getFingerprintDiff, t as createAndInjectFingerprintFiles, u as require_out } from "./fingerprint-CrCon-HQ.js";
+import { _ as require_base64_js, a as createAndInjectFingerprintFiles, b as __require, c as generateFingerprints, d as getFingerprintDiff, f as showFingerprintDiff, g as require_plist, h as IosConfigParser, i as saveKeyPair, l as nativeFingerprint, m as require_out, n as getPublicKeyFromPrivate, p as isFingerprintEquals, r as loadPrivateKey, t as generateKeyPair, u as readLocalFingerprint, v as AndroidConfigParser, x as __toESM, y as __commonJS } from "./keyGeneration-D_2zTEmt.js";
 import { EventEmitter, addAbortListener, on, once, setMaxListeners } from "node:events";
 import childProcess, { ChildProcess, execFile, spawn, spawnSync } from "node:child_process";
 import path from "node:path";
@@ -29,6 +29,7 @@ import { createServer } from "http";
 import { Http2ServerRequest } from "http2";
 import app from "@hot-updater/console";
 import net from "node:net";
+import crypto$1 from "node:crypto";
 import { HotUpdaterDB } from "@hot-updater/server";
 import { kyselyAdapter } from "@hot-updater/server/adapters/kysely";
 import { Kysely, MysqlDialect, PostgresDialect, SqliteDialect } from "kysely";
@@ -35436,6 +35437,92 @@ const appendOutputDirectoryIntoGitignore = ({ cwd } = {}) => {
 	});
 };
+//#endregion
+//#region src/utils/signing/bundleSigning.ts
+/**
+* Sign bundle fileHash with private key.
+* @param fileHash SHA-256 hash of bundle (hex string)
+* @param privateKeyPath Path to private key file
+* @returns Base64-encoded RSA-SHA256 signature
+*/
+async function signBundle(fileHash, privateKeyPath) {
+	const privateKeyPEM = await loadPrivateKey(privateKeyPath);
+	const fileHashBuffer = Buffer.from(fileHash, "hex");
+	const sign = crypto$1.createSign("RSA-SHA256");
+	sign.update(fileHashBuffer);
+	sign.end();
+	return sign.sign(privateKeyPEM).toString("base64");
+}
+//#endregion
+//#region src/utils/signing/validateSigningConfig.ts
+const ANDROID_KEY$1 = "hot_updater_public_key";
+const IOS_KEY$1 = "HOT_UPDATER_PUBLIC_KEY";
+/**
+* Validates signing configuration consistency between config file and native files.
+* Detects mismatches that would cause OTA updates to fail.
+*/
+async function validateSigningConfig(config) {
+	const signingEnabled = config.signing?.enabled ?? false;
+	const iosParser = new IosConfigParser(config.platform.ios.infoPlistPaths);
+	const androidParser = new AndroidConfigParser(config.platform.android.stringResourcePaths);
+	const [iosExists, androidExists] = await Promise.all([iosParser.exists(), androidParser.exists()]);
+	const [iosResult, androidResult] = await Promise.all([iosExists ? iosParser.get(IOS_KEY$1) : Promise.resolve({
+		value: null,
+		paths: []
+	}), androidExists ? androidParser.get(ANDROID_KEY$1) : Promise.resolve({
+		value: null,
+		paths: []
+	})]);
+	const issues = [];
+	if (signingEnabled) {
+		if (!iosResult.value && iosExists) issues.push({
+			type: "error",
+			platform: "ios",
+			code: "MISSING_PUBLIC_KEY",
+			message: "Signing is enabled but HOT_UPDATER_PUBLIC_KEY is missing from Info.plist",
+			resolution: "Run `npx hot-updater keys export-public` to add the public key, then rebuild your iOS app."
+		});
+		if (!androidResult.value && androidExists) issues.push({
+			type: "error",
+			platform: "android",
+			code: "MISSING_PUBLIC_KEY",
+			message: "Signing is enabled but hot_updater_public_key is missing from strings.xml",
+			resolution: "Run `npx hot-updater keys export-public` to add the public key, then rebuild your Android app."
+		});
+	} else {
+		if (iosResult.value) issues.push({
+			type: "warning",
+			platform: "ios",
+			code: "ORPHAN_PUBLIC_KEY",
+			message: "Signing is disabled but HOT_UPDATER_PUBLIC_KEY exists in Info.plist. This will cause OTA updates to be rejected.",
+			resolution: "Run `npx hot-updater keys remove` to remove public keys, or enable signing in hot-updater.config.ts"
+		});
+		if (androidResult.value) issues.push({
+			type: "warning",
+			platform: "android",
+			code: "ORPHAN_PUBLIC_KEY",
+			message: "Signing is disabled but hot_updater_public_key exists in strings.xml. This will cause OTA updates to be rejected.",
+			resolution: "Run `npx hot-updater keys remove` to remove public keys, or enable signing in hot-updater.config.ts"
+		});
+	}
+	return {
+		isValid: issues.filter((i$1) => i$1.type === "error").length === 0,
+		signingEnabled,
+		nativePublicKeys: {
+			ios: {
+				exists: !!iosResult.value,
+				paths: iosResult.paths
+			},
+			android: {
+				exists: !!androidResult.value,
+				paths: androidResult.paths
+			}
+		},
+		issues
+	};
+}
 //#endregion
 //#region src/utils/version/getDefaultTargetAppVersion.ts
 var import_valid$2 = /* @__PURE__ */ __toESM(require_valid$2(), 1);
@@ -35455,6 +35542,64 @@ const getDefaultTargetAppVersion = async (platform$2) => {
 	return version$1;
 };
+//#endregion
+//#region src/signedHashUtils.ts
+/**
+* Utilities for handling signed file hashes in Hot Updater.
+*
+* The signed hash format uses a simple prefix to indicate signing:
+* - Signed: `sig:<base64_signature>`
+* - Unsigned: `<hex_hash>` (plain SHA256)
+*
+* Signature verification implicitly verifies hash integrity,
+* so we only need to store the signature for signed bundles.
+*
+* @module signedHashUtils
+*/
+/**
+* Prefix indicating a signed file hash.
+* @example "sig:MEUCIQDx..."
+*/
+const SIGNED_HASH_PREFIX = "sig:";
+/**
+* Custom error class for signed hash format errors.
+*/
+var SignedHashFormatError = class extends Error {
+	/**
+	* Creates a new SignedHashFormatError.
+	*
+	* @param message - Description of the format error
+	* @param input - The malformed input string that caused the error
+	*/
+	constructor(message, input) {
+		super(message);
+		this.input = input;
+		this.name = "SignedHashFormatError";
+	}
+};
+/**
+* Creates a signed file hash from a signature.
+*
+* The format is: `sig:<base64_signature>`
+*
+* Note: The hash is not stored because signature verification
+* implicitly verifies the hash (the signature is computed over the hash).
+*
+* @param signature - The Base64-encoded RSA-SHA256 signature
+* @returns The signed file hash string
+* @throws {SignedHashFormatError} If the signature is empty
+*
+* @example
+* ```typescript
+* const signedHash = createSignedFileHash("MEUCIQDx...");
+* // Returns: "sig:MEUCIQDx..."
+* ```
+*/
+function createSignedFileHash(signature) {
+	if (!signature || signature.trim().length === 0) throw new SignedHashFormatError("Invalid signature: signature cannot be empty", signature ?? "");
+	return `${SIGNED_HASH_PREFIX}${signature}`;
+}
 //#endregion
 //#region src/commands/deploy.ts
 var import_valid$1 = /* @__PURE__ */ __toESM(require_valid$2(), 1);
@@ -35486,6 +35631,31 @@ const deploy = async (options) => {
 		console.error("No config found. Please run `hot-updater init` first.");
 		process.exit(1);
 	}
+	const signingValidation = await validateSigningConfig(config);
+	if (signingValidation.issues.length > 0) {
+		const errors = signingValidation.issues.filter((i$1) => i$1.type === "error");
+		const warnings = signingValidation.issues.filter((i$1) => i$1.type === "warning");
+		if (errors.length > 0) {
+			console.log("");
+			p.log.error("Signing configuration error:");
+			for (const issue of errors) {
+				p.log.error(`  ${issue.message}`);
+				p.log.info(`  Resolution: ${issue.resolution}`);
+			}
+			console.log("");
+			p.log.error("Deployment blocked. Fix the signing configuration and try again.");
+			process.exit(1);
+		}
+		if (warnings.length > 0) {
+			console.log("");
+			p.log.warn("Signing configuration warning:");
+			for (const warning of warnings) {
+				p.log.warn(`  ${warning.message}`);
+				p.log.info(`  Resolution: ${warning.resolution}`);
+			}
+			console.log("");
+		}
+	}
 	const target = {
 		appVersion: null,
 		fingerprintHash: null
@@ -35589,6 +35759,20 @@ const deploy = async (options) => {
 				}
 				bundleId = taskRef.buildResult.bundleId;
 				fileHash = await getFileHashFromFile(bundlePath);
+				if (config.signing?.enabled) {
+					if (!config.signing.privateKeyPath) throw new Error("privateKeyPath is required when signing is enabled. Please provide a valid path to your RSA private key in hot-updater.config.ts");
+					const s$1 = p.spinner();
+					s$1.start("Signing bundle");
+					try {
+						fileHash = createSignedFileHash(await signBundle(fileHash, config.signing.privateKeyPath));
+						s$1.stop("Bundle signed successfully");
+					} catch (error) {
+						s$1.stop("Failed to sign bundle", 1);
+						p.log.error(`Signing error: ${error.message}`);
+						p.log.error("Ensure private key path is correct and file has proper permissions");
+						throw error;
+					}
+				}
 				p.log.success(`Bundle stored at ${colors.blueBright(path$1.relative(cwd, bundlePath))}`);
 				return `✅ Build Complete (${buildPlugin.name})`;
 			}
@@ -37266,6 +37450,323 @@ async function generateStandaloneSQL(options) {
 	}
 }
+//#endregion
+//#region src/commands/keys.ts
+const ANDROID_KEY = "hot_updater_public_key";
+const IOS_KEY = "HOT_UPDATER_PUBLIC_KEY";
+/**
+* Generate RSA key pair for code signing.
+* Usage: npx hot-updater keys:generate [--output ./keys] [--key-size 4096]
+*/
+const keysGenerate = async (options = {}) => {
+	const cwd = getCwd();
+	const outputDir = options.output ? path.isAbsolute(options.output) ? options.output : path.join(cwd, options.output) : path.join(cwd, "keys");
+	const keySize = options.keySize ?? 4096;
+	p.log.info(`Generating ${keySize}-bit RSA key pair...`);
+	const spinner = p.spinner();
+	spinner.start("Generating keys");
+	try {
+		await saveKeyPair(await generateKeyPair(keySize), outputDir);
+		spinner.stop("Keys generated successfully");
+		p.log.success(`Private key: ${path.join(outputDir, "private-key.pem")}`);
+		p.log.success(`Public key: ${path.join(outputDir, "public-key.pem")}`);
+		const keysDir = path.basename(outputDir);
+		if (appendToProjectRootGitignore({
+			cwd,
+			globLines: [`${keysDir}/`]
+		})) p.log.success(`Added ${keysDir}/ to .gitignore`);
+		console.log("");
+		p.log.warn("⚠️  Keep private key secure!");
+		p.log.warn("   - Use secure storage for CI/CD (AWS Secrets Manager, etc.)");
+		console.log("");
+		p.log.info("Next steps:");
+		p.log.info("1. Add to hot-updater.config.ts:");
+		p.log.info("   signing: { enabled: true, privateKeyPath: \"./keys/private-key.pem\" }");
+		p.log.info("2. Run: npx hot-updater keys export-public");
+		p.log.info("3. Embed public key in iOS Info.plist and Android strings.xml");
+		p.log.info("4. Rebuild native app");
+	} catch (error) {
+		spinner.stop("Failed to generate keys", 1);
+		p.log.error(error.message);
+		process.exit(1);
+	}
+};
+async function writePublicKeyToAndroid(publicKey, customPaths) {
+	try {
+		const androidParser = new AndroidConfigParser(customPaths);
+		if (!await androidParser.exists()) return {
+			platform: "android",
+			paths: [],
+			success: false,
+			error: "No strings.xml files found"
+		};
+		return {
+			platform: "android",
+			paths: (await androidParser.set(ANDROID_KEY, publicKey)).paths,
+			success: true
+		};
+	} catch (error) {
+		return {
+			platform: "android",
+			paths: [],
+			success: false,
+			error: error.message
+		};
+	}
+}
+async function writePublicKeyToIos(publicKey, customPaths) {
+	try {
+		const iosParser = new IosConfigParser(customPaths);
+		if (!await iosParser.exists()) return {
+			platform: "ios",
+			paths: [],
+			success: false,
+			error: "No Info.plist files found"
+		};
+		return {
+			platform: "ios",
+			paths: (await iosParser.set(IOS_KEY, publicKey)).paths,
+			success: true
+		};
+	} catch (error) {
+		return {
+			platform: "ios",
+			paths: [],
+			success: false,
+			error: error.message
+		};
+	}
+}
+function printPublicKeyInstructions(publicKeyPEM) {
+	console.log("");
+	console.log(colors.cyan("═══════════════════════════════════════════════════════"));
+	console.log(colors.cyan("Public Key (embed in native configuration)"));
+	console.log(colors.cyan("═══════════════════════════════════════════════════════"));
+	console.log("");
+	console.log(publicKeyPEM);
+	console.log("");
+	console.log(colors.yellow("iOS Configuration (Info.plist):"));
+	console.log("━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━");
+	console.log("<key>HOT_UPDATER_PUBLIC_KEY</key>");
+	console.log(`<string>${publicKeyPEM.trim().replace(/\n/g, "\\n")}</string>`);
+	console.log("");
+	console.log(colors.yellow("Android Configuration (res/values/strings.xml):"));
+	console.log("━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━");
+	console.log("<string name=\"hot_updater_public_key\">");
+	console.log(publicKeyPEM.trim());
+	console.log("</string>");
+	console.log("");
+	console.log(colors.cyan("═══════════════════════════════════════════════════════"));
+}
+/**
+* Export public key for embedding in native configuration.
+* By default, writes the public key to iOS Info.plist and Android strings.xml.
+* Use --print-only to only display the key without modifying files.
+*
+* The private key path is read from hot-updater.config.ts (signing.privateKeyPath)
+* unless overridden with --input.
+*
+* Usage: npx hot-updater keys export-public [--input ./keys/private-key.pem] [--print-only] [--yes]
+*/
+const keysExportPublic = async (options = {}) => {
+	const cwd = getCwd();
+	const config = await loadConfig(null);
+	const configPrivateKeyPath = config.signing?.privateKeyPath;
+	let privateKeyPath;
+	if (options.input) privateKeyPath = path.isAbsolute(options.input) ? options.input : path.join(cwd, options.input);
+	else if (configPrivateKeyPath) privateKeyPath = path.isAbsolute(configPrivateKeyPath) ? configPrivateKeyPath : path.join(cwd, configPrivateKeyPath);
+	else privateKeyPath = path.join(cwd, "keys", "private-key.pem");
+	try {
+		const publicKeyPEM = getPublicKeyFromPrivate(await loadPrivateKey(privateKeyPath));
+		if (options.printOnly) {
+			printPublicKeyInstructions(publicKeyPEM);
+			return;
+		}
+		p.log.info("Preparing to write public key to native configuration files...");
+		const androidParser = new AndroidConfigParser(config.platform.android.stringResourcePaths);
+		const iosParser = new IosConfigParser(config.platform.ios.infoPlistPaths);
+		const androidExists = await androidParser.exists();
+		const iosExists = await iosParser.exists();
+		if (!androidExists && !iosExists) {
+			p.log.error("No native configuration files found.");
+			p.log.info("Tip: Use --print-only to display the key for manual configuration.");
+			process.exit(1);
+		}
+		console.log("");
+		p.log.step("Files to be updated:");
+		if (androidExists) {
+			const androidPaths = config.platform.android.stringResourcePaths;
+			if (androidPaths.length === 1) p.log.info(`  Android: ${androidPaths[0]} (${ANDROID_KEY})`);
+			else {
+				p.log.info(`  Android (${ANDROID_KEY}):`);
+				for (const androidPath of androidPaths) p.log.info(`    - ${androidPath}`);
+			}
+		}
+		if (iosExists) {
+			const iosPaths = config.platform.ios.infoPlistPaths;
+			if (iosPaths.length === 1) p.log.info(`  iOS: ${iosPaths[0]} (${IOS_KEY})`);
+			else {
+				p.log.info(`  iOS (${IOS_KEY}):`);
+				for (const iosPath of iosPaths) p.log.info(`    - ${iosPath}`);
+			}
+		}
+		console.log("");
+		if (!options.yes) {
+			const shouldContinue = await p.confirm({
+				message: "Write public key to native files?",
+				initialValue: true
+			});
+			if (p.isCancel(shouldContinue) || !shouldContinue) {
+				p.cancel("Operation cancelled");
+				process.exit(0);
+			}
+		}
+		const results = [];
+		if (androidExists) results.push(await writePublicKeyToAndroid(publicKeyPEM.trim(), config.platform.android.stringResourcePaths));
+		if (iosExists) results.push(await writePublicKeyToIos(publicKeyPEM.trim(), config.platform.ios.infoPlistPaths));
+		console.log("");
+		for (const result of results) if (result.success) p.log.success(`${result.platform}: Updated ${result.paths.join(", ")}`);
+		else p.log.error(`${result.platform}: ${result.error}`);
+		const successCount = results.filter((r) => r.success).length;
+		console.log("");
+		if (successCount === results.length) {
+			p.log.success("Public key written to all native files!");
+			p.log.info("Next step: Rebuild your native app to apply the changes.");
+		} else if (successCount > 0) p.log.warn("Public key written to some files. Check errors above.");
+		else {
+			p.log.error("Failed to write public key to any native files.");
+			process.exit(1);
+		}
+	} catch (error) {
+		p.log.error(`Failed to export public key: ${error.message}`);
+		process.exit(1);
+	}
+};
+async function removePublicKeyFromAndroid(customPaths) {
+	try {
+		const androidParser = new AndroidConfigParser(customPaths);
+		if (!await androidParser.exists()) return {
+			platform: "android",
+			paths: [],
+			success: true,
+			found: false
+		};
+		const existing = await androidParser.get(ANDROID_KEY);
+		if (!existing.value) return {
+			platform: "android",
+			paths: existing.paths,
+			success: true,
+			found: false
+		};
+		return {
+			platform: "android",
+			paths: (await androidParser.remove(ANDROID_KEY)).paths,
+			success: true,
+			found: true
+		};
+	} catch (error) {
+		return {
+			platform: "android",
+			paths: [],
+			success: false,
+			found: true,
+			error: error.message
+		};
+	}
+}
+async function removePublicKeyFromIos(customPaths) {
+	try {
+		const iosParser = new IosConfigParser(customPaths);
+		if (!await iosParser.exists()) return {
+			platform: "ios",
+			paths: [],
+			success: true,
+			found: false
+		};
+		const existing = await iosParser.get(IOS_KEY);
+		if (!existing.value) return {
+			platform: "ios",
+			paths: existing.paths,
+			success: true,
+			found: false
+		};
+		return {
+			platform: "ios",
+			paths: (await iosParser.remove(IOS_KEY)).paths,
+			success: true,
+			found: true
+		};
+	} catch (error) {
+		return {
+			platform: "ios",
+			paths: [],
+			success: false,
+			found: true,
+			error: error.message
+		};
+	}
+}
+/**
+* Remove public keys from native configuration files.
+* Automatically detects and removes keys from both iOS and Android.
+*
+* Usage: npx hot-updater keys remove [--yes]
+*/
+const keysRemove = async (options = {}) => {
+	const config = await loadConfig(null);
+	const androidParser = new AndroidConfigParser(config.platform.android.stringResourcePaths);
+	const iosParser = new IosConfigParser(config.platform.ios.infoPlistPaths);
+	const [androidExists, iosExists] = await Promise.all([androidParser.exists(), iosParser.exists()]);
+	if (!androidExists && !iosExists) {
+		p.log.info("No native configuration files found.");
+		return;
+	}
+	const [androidKey, iosKey] = await Promise.all([androidExists ? androidParser.get(ANDROID_KEY) : Promise.resolve({
+		value: null,
+		paths: []
+	}), iosExists ? iosParser.get(IOS_KEY) : Promise.resolve({
+		value: null,
+		paths: []
+	})]);
+	const foundKeys = [];
+	if (iosKey.value) foundKeys.push(`iOS: ${iosKey.paths.join(", ")}`);
+	if (androidKey.value) foundKeys.push(`Android: ${androidKey.paths.join(", ")}`);
+	if (foundKeys.length === 0) {
+		p.log.info("No public keys found in native files.");
+		return;
+	}
+	console.log("");
+	p.log.step("Found public keys in:");
+	for (const key of foundKeys) p.log.info(`  • ${key}`);
+	console.log("");
+	if (!options.yes) {
+		const shouldContinue = await p.confirm({
+			message: "Remove public keys from these files?",
+			initialValue: false
+		});
+		if (p.isCancel(shouldContinue) || !shouldContinue) {
+			p.cancel("Operation cancelled");
+			return;
+		}
+	}
+	const results = [];
+	if (iosKey.value) results.push(await removePublicKeyFromIos(config.platform.ios.infoPlistPaths));
+	if (androidKey.value) results.push(await removePublicKeyFromAndroid(config.platform.android.stringResourcePaths));
+	console.log("");
+	for (const result of results) if (result.success && result.found) p.log.success(`Removed ${result.platform === "ios" ? IOS_KEY : ANDROID_KEY} from ${result.paths.join(", ")}`);
+	else if (!result.success) p.log.error(`${result.platform}: ${result.error}`);
+	const successCount = results.filter((r) => r.success && r.found).length;
+	console.log("");
+	if (successCount > 0) {
+		p.log.success("Public keys removed from native files!");
+		console.log("");
+		p.log.info("Next steps:");
+		p.log.info("  1. Rebuild your native apps");
+		p.log.info("  2. Release to app stores");
+		p.log.info("  3. Deploy unsigned bundles with `npx hot-updater deploy`");
+	}
+};
 //#endregion
 //#region src/commands/migrate.ts
 /**
@@ -37447,6 +37948,17 @@ fingerprintCommand.command("create").description("Create fingerprint").action(ha
 const channelCommand = program.command("channel").description("Manage channels");
 channelCommand.action(handleChannel);
 channelCommand.command("set").description("Set the channel for Android (BuildConfig) and iOS (Info.plist)").argument("<channel>", "the channel to set").action(handleSetChannel);
+const keysCommand = program.command("keys").description("Code signing key management");
+keysCommand.command("generate").description("Generate RSA key pair for code signing").option("-o, --output <dir>", "output directory for keys", "./keys").option("-k, --key-size <size>", "key size (2048 or 4096)", (value) => {
+	const size = Number.parseInt(value, 10);
+	if (size !== 2048 && size !== 4096) {
+		p.log.error("Key size must be 2048 or 4096");
+		process.exit(1);
+	}
+	return size;
+}, 4096).action(keysGenerate);
+keysCommand.command("export-public").description("Export public key for native configuration").option("-i, --input <path>", "path to private key file (default: from config signing.privateKeyPath in hot-updater.config.ts)").option("-p, --print-only", "only print the public key without writing to native files").option("-y, --yes", "skip confirmation prompt when writing to native files").action(keysExportPublic);
+keysCommand.command("remove").description("Remove public keys from native configuration files").option("-y, --yes", "skip confirmation prompt").action(keysRemove);
 program.command("deploy").description("deploy a new version").addOption(platformCommandOption).addOption(new Option("-t, --target-app-version <targetAppVersion>", "specify the target app version (semver format e.g. 1.0.0, 1.x.x)").argParser((value) => {
 	if (!(0, import_valid.default)(value)) {
 		p.log.error("Invalid semver format (e.g. 1.0.0, 1.x.x)");