// Local CLI helper — produces a bcrypt hash for an env USER*_PASSWORD_HASH value.
// Usage:
//   pnpm hash-password "mySuperSecret"
//
// The plain password is only present in argv/RAM during this invocation.
// It is NOT logged anywhere; only the hash is printed to stdout. Copy it into .env.

import { hashPassword } from '../src/utils/password.js';

async function main(): Promise<void> {
  const raw = process.argv.slice(2).join(' ').trim();
  if (!raw) {
    // eslint-disable-next-line no-console
    console.error('Usage: pnpm hash-password "<password>"');
    process.exit(1);
  }
  if (raw.length < 8) {
    // eslint-disable-next-line no-console
    console.error('Password must be at least 8 characters.');
    process.exit(1);
  }
  const hash = await hashPassword(raw);
  // Print ONLY the hash, nothing else, so it is trivial to redirect/copy.
  process.stdout.write(hash + '\n');
}

void main();