fix: include type field in encrypted set-default values

[jkebinger]

Summary

Fixes a bug where set-default --secret was not sending the type field and was using the wrong field name for encrypted values, causing the value to not be properly sent to the server.

Problem

When setting encrypted values using reforge set-default --secret, the API payload was malformed:

• Missing the required type field
• Using string as the field name instead of value

This caused encrypted values to fail when sent to the /internal/ops/v1/set-default endpoint.

Solution

1. encryption.ts:209 - Changed field name from string to value
2. set-default.ts:255-258 - Added type: 'string' field to encrypted values
3. Test validation - Added mock handler validation to ensure encrypted values have correct structure
4. Version bump - 0.0.11 → 0.0.12

Payload Comparison

Before (Incorrect) ❌

{
  "configKey": "test.secret",
  "currentVersionId": 1,
  "environmentId": 5,
  "value": {
    "string": "encrypted-data--iv--tag",
    "confidential": true,
    "decryptWith": "reforge.secrets.encryption.key"
  }
}

After (Correct) ✅

{
  "configKey": "test.secret",
  "currentVersionId": 1,
  "environmentId": 5,
  "value": {
    "type": "string",
    "value": "encrypted-data--iv--tag",
    "confidential": true,
    "decryptWith": "reforge.secrets.encryption.key"
  }
}

Files Changed

• src/util/encryption.ts - Fixed encrypted value field name
• src/commands/set-default.ts - Added type field to encrypted values
• test/responses/set-default.ts - Added validation for encrypted value structure
• package.json - Version bump to 0.0.12

Test Plan

The existing test at test/commands/set-default.test.ts:100-105 validates encrypted value creation. With the added mock handler validation, this test would fail before the fix and passes after.

🤖 Generated with Claude Code

[jdwyah]

thanks