npm - @bostonuniversity/buwp-local - Versions diffs - 0.7.3 → 0.7.5 - Mend

@bostonuniversity/buwp-local 0.7.3 → 0.7.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/docs/CHANGELOG.md CHANGED Viewed

@@ -5,6 +5,12 @@ All notable changes to buwp-local will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+## [0.7.4]
+### Changed
+- **Localhost-Only Port Binding for Database & Redis**
+- Database and Redis services now bind to `127.0.0.1` instead of `0.0.0.0` for improved security and local development isolation
 ## [0.7.3]
 ### Added

package/docs/COMMANDS.md CHANGED Viewed

@@ -17,6 +17,7 @@ npx buwp-local init [options]
 - `--plugin` - Non-interactive: initialize as plugin project
 - `--mu-plugin` - Non-interactive: initialize as mu-plugin project
 - `--theme` - Non-interactive: initialize as theme project
+- `--sandbox` - Non-interactive: initialize as sandbox project
 - `-f, --force` - Overwrite existing configuration file
 **Examples:**
@@ -28,13 +29,14 @@ npx buwp-local init
 npx buwp-local init --plugin
 npx buwp-local init --mu-plugin --force
 npx buwp-local init --theme --no-interactive
+npx buwp-local init --sandbox --no-interactive
 ```
 **What it does:**
 - Creates `.buwp-local.json` configuration file
 - Auto-detects project type from directory structure
 - Generates hostname from directory name
-- Creates appropriate volume mappings for plugin/theme/mu-plugin types
+- Creates appropriate volume mappings for plugin/theme/mu-plugin/sandbox types
 - Configures services (Redis, S3, Shibboleth)
 - Sets up port mappings

package/docs/GETTING_STARTED.md CHANGED Viewed

@@ -93,6 +93,8 @@ sudo bash -c 'echo "127.0.0.1 username-myproject.local" >> /etc/hosts'
 Replace `username-myproject.local` with the hostname you chose in step 4.
+The `init` command will also display this command for you to run.
 ### 6. Start Your Environment
 Start the Docker containers:

package/docs/ROADMAP.md CHANGED Viewed

@@ -174,39 +174,55 @@ hostile.remove('127.0.0.1', config.hostname);
 ### Shipped in v0.7.3
-- **Job Watcher Command** 🚧
+- **Job Watcher Command** ✅
   - New `watch-jobs` command to periodically run `wp site-manager process-jobs`
-  - Configurable polling interval (default: 5 minutes)
+  - Configurable polling interval (default: 60 seconds)
   - Runs as standalone process in terminal window
   - Timestamped output for job processing visibility
+  - True quiet mode for long-running background monitoring
   - Graceful shutdown (Ctrl+C)
   **Problem:** Production environments use cron/AWS EventBridge to automatically process site-manager jobs (content migration, deployments). Local developers currently must manually run `npx buwp-local wp site-manager process-jobs` to see queued jobs complete.
   **Solution:** Standalone `watch-jobs` command that runs indefinitely, polling for jobs at configurable intervals. Mirrors production behavior without requiring cron setup. Enables developers to use the site-manager web UI for content operations and see jobs complete automatically.
+### Shipped in v0.7.4
+- **Localhost-Only Port Binding for Database & Redis** ✅
+  - Bind database (3306) and Redis (6379) ports to 127.0.0.1 only
+  - Prevents network exposure of confidential database content
+  - HTTP/HTTPS remain on all interfaces (0.0.0.0) for device testing
+  - Local database tools (TablePlus, Sequel Pro, etc.) still work perfectly
-  **Implementation location:** `lib/commands/watch-jobs.js`
+  **Security Problem:** Default Docker port binding (`3306:3306`) exposes database on all network interfaces (0.0.0.0), including public WiFi. Confidential data accessible to anyone on the network.
-  **Configuration support:**
-  ```json
-  {
-    "jobWatchInterval": 60  // seconds, default 60 seconds
-  }
-  ```
+  **Solution:** Explicit localhost binding (`127.0.0.1:3306:3306`) restricts access to the laptop only. Network isolation provides defense-in-depth beyond password protection.
-  **Command syntax:**
-  ```bash
-  buwp-local watch-jobs [--interval 200] [--quiet]
+  **Implementation:**
+  ```javascript
+  // Database - localhost only (network isolated)
+  ports: [`127.0.0.1:${config.ports.db}:3306`]
+  // Redis - localhost only (session data protected)
+  ports: [`127.0.0.1:${config.ports.redis}:6379`]
+  // HTTP/HTTPS - all interfaces (device testing enabled)
+  ports: [`${config.ports.http}:80`, `${config.ports.https}:443`]
   ```
-  **Technical considerations:**
-  - Requires WordPress container to be running
-  - Uses `docker compose exec` to run WP-CLI command
-  - Handles container stop/restart gracefully
-  - Minimal resource usage (sleeps between checks)
-  - Output includes timestamps for audit trail
+  **Benefits:**
+  - Coffee shop/airport WiFi cannot reach database
+  - Brute-force attacks prevented by network isolation
+  - Zero performance impact
+  - Industry best practice (matching Laravel Sail, wp-env)
-  **Future enhancement (v0.8.0+):** If widely adopted, consider adding `--watch-jobs` flag to `start` command for automatic background execution.
+  **Breaking Change Note:** Existing projects will need `buwp-local update` or restart to apply new port bindings. Database access from phones/tablets/other computers will no longer work (rare use case).
+### Shipped in v0.7.5
+- **Init Template updated with WP_ENVIRONMENT_TYPE** ✅
+  - New projects set `WP_ENVIRONMENT_TYPE=local` by default
+  - Provides standardized environment detection for plugins/themes
+  - Can be overridden to simulate staging/production if needed
 ### Potential Features
@@ -217,10 +233,10 @@ hostile.remove('127.0.0.1', config.hostname);
   - Commands to export credentials to JSON file
   - Useful for migrating between machines or sharing setup
-- **Database Security**
-  - Check database access on db port (e.g. `localhost:3306`)
-  - Consider more stringent default database passwords
-  - The database can have restricted content in it, so we need to ensure that users are aware of this and take appropriate measures.
+- **Advanced Port Binding Configuration**
+  - Optional config to override localhost-only binding for database/Redis
+  - For advanced users who need network access to services
+  - Example: `"portBindings": { "db": "0.0.0.0", "redis": "127.0.0.1" }`
 - **Xdebug Integration**
   - Command to help generate Xdebug configuration for IDEs (VSCode, Zed)
@@ -234,6 +250,10 @@ hostile.remove('127.0.0.1', config.hostname);
   - Multiplatform /etc/hosts hostname guide
   - Evaluate credential storage solutions for non-macOS platforms (https://www.npmjs.com/package/keytar)
+- **Custom Docker Compose Overrides**
+  - Support for user-provided `docker-compose.override.yml` files
+  - Allows advanced users to customize services, add new ones, etc.
 - **Project Status & Listing**
   - Central tracking of all buwp-local projects in `~/.buwp-local/projects.json`
   - View all running projects: `buwp-local list`

package/lib/commands/init.js CHANGED Viewed

@@ -262,6 +262,7 @@ async function initCommand(options) {
     mappings: [],
     env: {
       WP_DEBUG: true,
+      WP_ENVIRONMENT_TYPE: 'local',
       XDEBUG: answers.xdebug || false
     }
   };

package/lib/compose-generator.js CHANGED Viewed

@@ -66,7 +66,7 @@ function generateDbService(config, dbVolumeName) {
       MYSQL_PASSWORD: '${WORDPRESS_DB_PASSWORD:-password}',
       MYSQL_ROOT_PASSWORD: '${DB_ROOT_PASSWORD:-rootpassword}'
     },
-    ports: [`${config.ports.db}:3306`],
+    ports: [`127.0.0.1:${config.ports.db}:3306`],
     networks: ['wp-network']
   };
 }
@@ -212,7 +212,7 @@ function generateRedisService(config) {
   return {
     image: 'redis:alpine',
     restart: 'always',
-    ports: [`${config.ports.redis}:6379`],
+    ports: [`127.0.0.1:${config.ports.redis}:6379`],
     networks: ['wp-network']
   };
 }

package/lib/config.js CHANGED Viewed

@@ -228,6 +228,7 @@ function initConfig(projectPath = process.cwd(), options = {}) {
     mappings: [],
     env: {
       WP_DEBUG: true,
+      WP_ENVIRONMENT_TYPE: 'local',
       XDEBUG: false
     }
   };

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@bostonuniversity/buwp-local",
-  "version": "0.7.3",
+  "version": "0.7.5",
   "description": "Local WordPress development environment for Boston University projects",
   "type": "module",
   "main": "lib/index.js",

package/readme.md CHANGED Viewed

@@ -113,3 +113,4 @@ Your local WordPress site should now be accessible at the hostname you configure
 - ✅ Smart initialization for plugins, themes, and mu-plugins
 - ✅ Volume mapping for live code sync
 - ✅ Xdebug support for step debugging
+- ✅ WordPress environment detection (`WP_ENVIRONMENT_TYPE` set to `local`)