ultraenv 1.0.0 → 1.0.2

package/dist/{chunk-GC7RXHLA.js → chunk-2MBSLURI.js}

@@ -1,15 +1,15 @@
 import {
   parseEnvFile
-} from "./chunk-HFXQGJY3.js";
+} from "./chunk-CVJPO3QY.js";
 import {
   exists,
   listFiles,
   readFile,
   writeFile
-} from "./chunk-3VYXPTYV.js";
+} from "./chunk-FSKVYBEP.js";
 import {
   FileSystemError
-} from "./chunk-5G2DU52U.js";
+} from "./chunk-N7GOHQBF.js";
 
 // src/environments/manager.ts
 import { resolve, join } from "path";
@@ -161,12 +161,14 @@ async function validateAllEnvironments(schema, cwd) {
       const message = error instanceof Error ? error.message : String(error);
       results.set(envName ?? pattern, {
         valid: false,
-        errors: [{
-          field: "",
-          value: "",
-          message: `Failed to read/parse file: ${message}`,
-          hint: "Check that the file is a valid .env file."
-        }],
+        errors: [
+          {
+            field: "",
+            value: "",
+            message: `Failed to read/parse file: ${message}`,
+            hint: "Check that the file is a valid .env file."
+          }
+        ],
         warnings: []
       });
     }
@@ -177,14 +179,11 @@ async function switchEnvironment(envName, cwd) {
   const baseDir = resolve(cwd ?? process.cwd());
   const envFile = join(baseDir, `.env.${envName}`);
   if (!await exists(envFile)) {
-    throw new FileSystemError(
-      `Environment file ".env.${envName}" not found`,
-      {
-        path: envFile,
-        operation: "read",
-        hint: `Create a ".env.${envName}" file first, or use "ultraenv env create ${envName}".`
-      }
-    );
+    throw new FileSystemError(`Environment file ".env.${envName}" not found`, {
+      path: envFile,
+      operation: "read",
+      hint: `Create a ".env.${envName}" file first, or use "ultraenv env create ${envName}".`
+    });
   }
   const content = await readFile(envFile);
   const header = [

package/dist/{chunk-IGFVP24Q.js → chunk-3AF476D7.js}

@@ -1,6 +1,6 @@
 import {
   writeFile
-} from "./chunk-3VYXPTYV.js";
+} from "./chunk-FSKVYBEP.js";
 
 // src/typegen/declaration.ts
 var DEFAULT_HEADER = "// Auto-generated by ultraenv \u2014 DO NOT EDIT";

package/dist/{chunk-N5PAV4NM.js → chunk-5WUBB633.js}

@@ -1,6 +1,6 @@
 import {
   EncryptionError
-} from "./chunk-5G2DU52U.js";
+} from "./chunk-N7GOHQBF.js";
 
 // src/vault/integrity.ts
 import { createHmac, timingSafeEqual as cryptoTimingSafeEqual } from "crypto";
@@ -8,16 +8,14 @@ var HMAC_ALGORITHM = "sha256";
 var HMAC_DIGEST_LENGTH = 64;
 function computeIntegrity(data, key) {
   if (key.length === 0) {
-    throw new EncryptionError(
-      "Cannot compute integrity with an empty key",
-      { hint: "Provide a valid encryption key for integrity computation." }
-    );
+    throw new EncryptionError("Cannot compute integrity with an empty key", {
+      hint: "Provide a valid encryption key for integrity computation."
+    });
   }
   if (data.length === 0) {
-    throw new EncryptionError(
-      "Cannot compute integrity for empty data",
-      { hint: "Provide non-empty data for integrity computation." }
-    );
+    throw new EncryptionError("Cannot compute integrity for empty data", {
+      hint: "Provide non-empty data for integrity computation."
+    });
   }
   const hmac = createHmac(HMAC_ALGORITHM, key);
   hmac.update(data, "utf-8");
@@ -25,21 +23,20 @@ function computeIntegrity(data, key) {
 }
 function verifyIntegrity(data, key, expected) {
   if (key.length === 0) {
-    throw new EncryptionError(
-      "Cannot verify integrity with an empty key"
-    );
+    throw new EncryptionError("Cannot verify integrity with an empty key");
   }
   if (expected.length !== HMAC_DIGEST_LENGTH) {
     throw new EncryptionError(
       `Invalid expected digest length: expected ${HMAC_DIGEST_LENGTH} hex characters, got ${expected.length}`,
-      { hint: "The integrity digest should be a 64-character lowercase hex string from computeIntegrity()." }
+      {
+        hint: "The integrity digest should be a 64-character lowercase hex string from computeIntegrity()."
+      }
     );
   }
   if (!/^[0-9a-f]{64}$/.test(expected)) {
-    throw new EncryptionError(
-      "Invalid expected digest format: must be a lowercase hex string",
-      { hint: "Ensure the stored digest is a 64-character lowercase hex string." }
-    );
+    throw new EncryptionError("Invalid expected digest format: must be a lowercase hex string", {
+      hint: "Ensure the stored digest is a 64-character lowercase hex string."
+    });
   }
   try {
     const computed = computeIntegrity(data, key);
@@ -53,14 +50,10 @@ function verifyIntegrity(data, key, expected) {
 }
 function computeVaultChecksum(environments, key) {
   if (key.length === 0) {
-    throw new EncryptionError(
-      "Cannot compute vault checksum with an empty key"
-    );
+    throw new EncryptionError("Cannot compute vault checksum with an empty key");
   }
   if (environments.size === 0) {
-    throw new EncryptionError(
-      "Cannot compute vault checksum for empty environment set"
-    );
+    throw new EncryptionError("Cannot compute vault checksum for empty environment set");
   }
   const sortedNames = Array.from(environments.keys()).sort();
   const parts = [];
@@ -76,9 +69,7 @@ function computeVaultChecksum(environments, key) {
 }
 function verifyVaultChecksum(environments, key, expected) {
   if (key.length === 0) {
-    throw new EncryptionError(
-      "Cannot verify vault checksum with an empty key"
-    );
+    throw new EncryptionError("Cannot verify vault checksum with an empty key");
   }
   if (expected.length !== HMAC_DIGEST_LENGTH) {
     throw new EncryptionError(

package/dist/{chunk-2USZPWLZ.js → chunk-6NFA23AY.js}

@@ -4,7 +4,7 @@ import {
 } from "./chunk-XC65ORJ5.js";
 import {
   EncryptionError
-} from "./chunk-5G2DU52U.js";
+} from "./chunk-N7GOHQBF.js";
 
 // src/utils/crypto.ts
 import {
@@ -38,11 +38,7 @@ function manualHkdf(ikm, salt, info, length) {
   const okm = Buffer.alloc(length);
   let previous = Buffer.alloc(0);
   for (let i = 1; i <= n; i++) {
-    const hmacData = Buffer.concat([
-      previous,
-      infoBuffer,
-      Buffer.from([i])
-    ]);
+    const hmacData = Buffer.concat([previous, infoBuffer, Buffer.from([i])]);
     previous = createHmac("sha256", prk).update(hmacData).digest();
     const offset = (i - 1) * hashLen;
     const copyLen = Math.min(hashLen, length - offset);
@@ -59,10 +55,7 @@ function encrypt(key, plaintext) {
   const iv = cryptoRandomBytes(12);
   const algo = `aes-${key.length * 8}-gcm`;
   const cipher = createCipheriv(algo, key, iv);
-  const ciphertext = Buffer.concat([
-    cipher.update(plaintext),
-    cipher.final()
-  ]);
+  const ciphertext = Buffer.concat([cipher.update(plaintext), cipher.final()]);
   const authTag = cipher.getAuthTag();
   return { iv, authTag, ciphertext };
 }
@@ -76,10 +69,7 @@ function decrypt(key, iv, authTag, ciphertext) {
   const decipher = createDecipheriv(algo, key, iv);
   decipher.setAuthTag(authTag);
   try {
-    return Buffer.concat([
-      decipher.update(ciphertext),
-      decipher.final()
-    ]);
+    return Buffer.concat([decipher.update(ciphertext), decipher.final()]);
   } catch (error) {
     const message = error instanceof Error ? error.message : String(error);
     throw new Error(
@@ -111,14 +101,15 @@ function encryptEnvironment(data, key) {
   if (key.length !== 32) {
     throw new EncryptionError(
       `Invalid key length: expected 32 bytes for AES-256, got ${key.length}`,
-      { hint: "Generate a new key using generateMasterKey() or ensure you are using the correct key file." }
+      {
+        hint: "Generate a new key using generateMasterKey() or ensure you are using the correct key file."
+      }
     );
   }
   if (Object.keys(data).length === 0) {
-    throw new EncryptionError(
-      "Cannot encrypt empty environment data",
-      { hint: "Provide at least one environment variable to encrypt." }
-    );
+    throw new EncryptionError("Cannot encrypt empty environment data", {
+      hint: "Provide at least one environment variable to encrypt."
+    });
   }
   try {
     const serialized = serializeEnvData(data);
@@ -147,7 +138,9 @@ function decryptEnvironment(encrypted, key) {
   if (encrypted.algorithm !== ENCRYPTION_ALGORITHM) {
     throw new EncryptionError(
       `Unsupported algorithm: "${encrypted.algorithm}". Expected "${ENCRYPTION_ALGORITHM}".`,
-      { hint: "This vault was encrypted with a different algorithm. You may need to migrate the vault." }
+      {
+        hint: "This vault was encrypted with a different algorithm. You may need to migrate the vault."
+      }
     );
   }
   if (encrypted.iv.length !== IV_LENGTH) {
@@ -204,12 +197,9 @@ function decryptValue(encrypted, key) {
     );
   }
   if (!encrypted.startsWith(ENCRYPTED_PREFIX)) {
-    throw new EncryptionError(
-      "Invalid encrypted value format: missing required prefix",
-      {
-        hint: `Expected the value to start with "${ENCRYPTED_PREFIX}". This value may not have been encrypted by ultraenv.`
-      }
-    );
+    throw new EncryptionError("Invalid encrypted value format: missing required prefix", {
+      hint: `Expected the value to start with "${ENCRYPTED_PREFIX}". This value may not have been encrypted by ultraenv.`
+    });
   }
   const payload = encrypted.slice(ENCRYPTED_PREFIX.length);
   const parts = payload.split(":");
@@ -225,16 +215,14 @@ function decryptValue(encrypted, key) {
   const authTagB64 = parts[1];
   const ciphertextB64 = parts[2];
   if (ivB64 === void 0 || authTagB64 === void 0 || ciphertextB64 === void 0) {
-    throw new EncryptionError(
-      "Invalid encrypted value: unexpected component structure",
-      { hint: "The encrypted data may be corrupted. Try re-encrypting the value." }
-    );
+    throw new EncryptionError("Invalid encrypted value: unexpected component structure", {
+      hint: "The encrypted data may be corrupted. Try re-encrypting the value."
+    });
   }
   if (ivB64.length === 0 || authTagB64.length === 0 || ciphertextB64.length === 0) {
-    throw new EncryptionError(
-      "Invalid encrypted value: one or more base64 components are empty",
-      { hint: "The encrypted data may be corrupted. Try re-encrypting the value." }
-    );
+    throw new EncryptionError("Invalid encrypted value: one or more base64 components are empty", {
+      hint: "The encrypted data may be corrupted. Try re-encrypting the value."
+    });
   }
   try {
     const iv = base64ToBuffer(ivB64);
@@ -243,7 +231,9 @@ function decryptValue(encrypted, key) {
     if (iv.length !== IV_LENGTH) {
       throw new EncryptionError(
         `Invalid IV length: expected ${IV_LENGTH} bytes, got ${iv.length}`,
-        { hint: "The encrypted data may be corrupted or was produced by a different version of ultraenv." }
+        {
+          hint: "The encrypted data may be corrupted or was produced by a different version of ultraenv."
+        }
       );
     }
     if (authTag.length !== AUTH_TAG_LENGTH) {
@@ -258,10 +248,9 @@ function decryptValue(encrypted, key) {
     if (error instanceof EncryptionError) throw error;
     const message = error instanceof Error ? error.message : String(error);
     if (message.includes("Invalid") || message.includes("base64")) {
-      throw new EncryptionError(
-        "Invalid base64 encoding in encrypted value",
-        { hint: "The encrypted data may be corrupted. Ensure the value was not modified." }
-      );
+      throw new EncryptionError("Invalid base64 encoding in encrypted value", {
+        hint: "The encrypted data may be corrupted. Ensure the value was not modified."
+      });
     }
     throw new EncryptionError(
       "Failed to decrypt value. The key may be incorrect or the ciphertext was tampered with.",

package/dist/{chunk-AWN6ADV7.js → chunk-6X3BUE5S.js}

@@ -1,15 +1,15 @@
 import {
   parseEnvFile
-} from "./chunk-HFXQGJY3.js";
+} from "./chunk-CVJPO3QY.js";
 import {
   exists,
   readFile,
   removeFile,
   writeFile
-} from "./chunk-3VYXPTYV.js";
+} from "./chunk-FSKVYBEP.js";
 import {
   FileSystemError
-} from "./chunk-5G2DU52U.js";
+} from "./chunk-N7GOHQBF.js";
 
 // src/environments/creator.ts
 import { resolve, join } from "path";
@@ -173,14 +173,11 @@ function validateEnvironmentName(name) {
     });
   }
   if (name.length > 64) {
-    throw new FileSystemError(
-      `Environment name too long: ${name.length} characters (max 64)`,
-      {
-        path: "",
-        operation: "validate",
-        hint: "Use a shorter environment name."
-      }
-    );
+    throw new FileSystemError(`Environment name too long: ${name.length} characters (max 64)`, {
+      path: "",
+      operation: "validate",
+      hint: "Use a shorter environment name."
+    });
   }
   if (!/^[a-zA-Z0-9_-]+$/.test(name)) {
     throw new FileSystemError(
@@ -194,14 +191,11 @@ function validateEnvironmentName(name) {
   }
   const reserved = ["local", "example", "template", "bak", "backup", "old", "tmp", "temp"];
   if (reserved.includes(name.toLowerCase())) {
-    throw new FileSystemError(
-      `Reserved environment name: "${name}"`,
-      {
-        path: "",
-        operation: "validate",
-        hint: `The name "${name}" is reserved. Choose a different name.`
-      }
-    );
+    throw new FileSystemError(`Reserved environment name: "${name}"`, {
+      path: "",
+      operation: "validate",
+      hint: `The name "${name}" is reserved. Choose a different name.`
+    });
   }
 }
 async function createEnvironment(name, options) {
@@ -209,28 +203,22 @@ async function createEnvironment(name, options) {
   const baseDir = resolve(options?.cwd ?? process.cwd());
   const outputPath = join(baseDir, `.env.${name}`);
   if (await exists(outputPath)) {
-    throw new FileSystemError(
-      `Environment file already exists: ".env.${name}"`,
-      {
-        path: outputPath,
-        operation: "create",
-        hint: "Delete the existing file first, or use a different environment name."
-      }
-    );
+    throw new FileSystemError(`Environment file already exists: ".env.${name}"`, {
+      path: outputPath,
+      operation: "create",
+      hint: "Delete the existing file first, or use a different environment name."
+    });
   }
   let content;
   let variables = [];
   if (options?.copyFrom !== void 0) {
     const sourcePath = join(baseDir, `.env.${options.copyFrom}`);
     if (!await exists(sourcePath)) {
-      throw new FileSystemError(
-        `Source environment not found: ".env.${options.copyFrom}"`,
-        {
-          path: sourcePath,
-          operation: "read",
-          hint: `Ensure ".env.${options.copyFrom}" exists before copying.`
-        }
-      );
+      throw new FileSystemError(`Source environment not found: ".env.${options.copyFrom}"`, {
+        path: sourcePath,
+        operation: "read",
+        hint: `Ensure ".env.${options.copyFrom}" exists before copying.`
+      });
     }
     content = await readFile(sourcePath);
     variables = extractVariables(content, options?.schema);
@@ -251,14 +239,11 @@ async function createEnvironment(name, options) {
     } else if (await exists(templatePath)) {
       content = await readFile(templatePath);
     } else {
-      throw new FileSystemError(
-        `Template not found: "${options.fromTemplate}"`,
-        {
-          path: templatePath,
-          operation: "read",
-          hint: "Use a built-in template name (nodejs, nextjs, docker) or a valid file path."
-        }
-      );
+      throw new FileSystemError(`Template not found: "${options.fromTemplate}"`, {
+        path: templatePath,
+        operation: "read",
+        hint: "Use a built-in template name (nodejs, nextjs, docker) or a valid file path."
+      });
     }
     variables = extractVariables(content, options?.schema);
     const values = collectValues(variables, options?.values);
@@ -293,23 +278,29 @@ async function createEnvironment(name, options) {
 }
 function listTemplates() {
   return [
-    { name: "nodejs", description: "Node.js backend environment (PORT, DATABASE_URL, JWT, CORS, etc.)" },
-    { name: "nextjs", description: "Next.js frontend environment (NEXT_PUBLIC_* variables, analytics, etc.)" },
-    { name: "docker", description: "Docker deployment environment (container ports, Postgres, Redis, etc.)" }
+    {
+      name: "nodejs",
+      description: "Node.js backend environment (PORT, DATABASE_URL, JWT, CORS, etc.)"
+    },
+    {
+      name: "nextjs",
+      description: "Next.js frontend environment (NEXT_PUBLIC_* variables, analytics, etc.)"
+    },
+    {
+      name: "docker",
+      description: "Docker deployment environment (container ports, Postgres, Redis, etc.)"
+    }
   ];
 }
 async function removeEnvironment(name, cwd) {
   const baseDir = resolve(cwd ?? process.cwd());
   const filePath = join(baseDir, `.env.${name}`);
   if (!await exists(filePath)) {
-    throw new FileSystemError(
-      `Environment file not found: ".env.${name}"`,
-      {
-        path: filePath,
-        operation: "unlink",
-        hint: "The environment does not exist."
-      }
-    );
+    throw new FileSystemError(`Environment file not found: ".env.${name}"`, {
+      path: filePath,
+      operation: "unlink",
+      hint: "The environment does not exist."
+    });
   }
   await removeFile(filePath);
 }

package/dist/{chunk-NBOABPHM.js → chunk-72UKVOO5.js}

@@ -1,10 +1,10 @@
 import {
   readFile,
   writeFile
-} from "./chunk-3VYXPTYV.js";
+} from "./chunk-FSKVYBEP.js";
 import {
   VaultError
-} from "./chunk-5G2DU52U.js";
+} from "./chunk-N7GOHQBF.js";
 
 // src/vault/vault-file.ts
 var VAULT_VAR_PREFIX = "ULTRAENV_VAULT_";
@@ -20,21 +20,14 @@ function parseVaultFile(content) {
     if (rawLine === void 0) continue;
     const line = rawLine.trim();
     if (line.length === 0 || line.startsWith("#")) continue;
-    const match = line.match(
-      new RegExp(`^${VAULT_VAR_PREFIX}([A-Za-z0-9_]+)="(.*)"$`)
-    );
+    const match = line.match(new RegExp(`^${VAULT_VAR_PREFIX}([A-Za-z0-9_]+)="(.*)"$`));
     if (!match) {
-      const plainMatch = line.match(
-        new RegExp(`^${VAULT_VAR_PREFIX}([A-Za-z0-9_]+)=(.*)$`)
-      );
+      const plainMatch = line.match(new RegExp(`^${VAULT_VAR_PREFIX}([A-Za-z0-9_]+)=(.*)$`));
       if (!plainMatch) {
-        throw new VaultError(
-          `Invalid vault file format at line ${lineNumber}: "${line}"`,
-          {
-            operation: "parse",
-            hint: `Each environment entry should be in the format: ${VAULT_VAR_PREFIX}{ENVIRONMENT}="encrypted:..."`
-          }
-        );
+        throw new VaultError(`Invalid vault file format at line ${lineNumber}: "${line}"`, {
+          operation: "parse",
+          hint: `Each environment entry should be in the format: ${VAULT_VAR_PREFIX}{ENVIRONMENT}="encrypted:..."`
+        });
       }
       const envName2 = plainMatch[1].toLowerCase();
       const encryptedValue2 = plainMatch[2];
@@ -87,41 +80,32 @@ async function readVaultFile(path) {
     return parseVaultFile(content);
   } catch (error) {
     if (error instanceof VaultError) throw error;
-    throw new VaultError(
-      `Failed to read vault file "${path}"`,
-      {
-        operation: "read",
-        /* v8 ignore start */
-        cause: error instanceof Error ? error : void 0
-        /* v8 ignore stop */
-      }
-    );
+    throw new VaultError(`Failed to read vault file "${path}"`, {
+      operation: "read",
+      /* v8 ignore start */
+      cause: error instanceof Error ? error : void 0
+      /* v8 ignore stop */
+    });
   }
 }
 async function writeVaultFile(path, environments) {
   if (environments.size === 0) {
-    throw new VaultError(
-      "Cannot write an empty vault file",
-      {
-        operation: "write",
-        hint: "Add at least one environment to the vault before writing."
-      }
-    );
+    throw new VaultError("Cannot write an empty vault file", {
+      operation: "write",
+      hint: "Add at least one environment to the vault before writing."
+    });
   }
   try {
     const content = serializeVaultFile(environments);
     await writeFile(path, content, "utf-8");
   } catch (error) {
     if (error instanceof VaultError) throw error;
-    throw new VaultError(
-      `Failed to write vault file "${path}"`,
-      {
-        operation: "write",
-        /* v8 ignore start */
-        cause: error instanceof Error ? error : void 0
-        /* v8 ignore stop */
-      }
-    );
+    throw new VaultError(`Failed to write vault file "${path}"`, {
+      operation: "write",
+      /* v8 ignore start */
+      cause: error instanceof Error ? error : void 0
+      /* v8 ignore stop */
+    });
   }
 }
 function getEnvironmentData(vault, env) {

package/dist/{chunk-JB7RKV3C.js → chunk-7AHG2IP4.js}

@@ -20,13 +20,7 @@ function ultraenvPlugin(fastify, options = {}, done) {
   }
   const allowSet = new Set(allowList.map((k) => k.toUpperCase()));
   const denySet = new Set(denyList.map((k) => k.toUpperCase()));
-  const filteredEnv = buildFastifyEnv(
-    source,
-    allPrefixes,
-    allowSet,
-    denySet,
-    exposeNodeEnv
-  );
+  const filteredEnv = buildFastifyEnv(source, allPrefixes, allowSet, denySet, exposeNodeEnv);
   fastify.decorate("env", filteredEnv);
   done();
 }

package/dist/{chunk-6KS56D6E.js → chunk-7VJ7LK2M.js}

@@ -1,6 +1,6 @@
 import {
   writeFile
-} from "./chunk-3VYXPTYV.js";
+} from "./chunk-FSKVYBEP.js";
 
 // src/typegen/json-schema.ts
 var JSON_SCHEMA_DRAFT_07 = "http://json-schema.org/draft-07/schema#";