@edcalderon/versioning 1.2.0 → 1.3.0

package/README.md

@@ -11,7 +11,9 @@ A comprehensive versioning and changelog management tool designed for monorepos
 - 📦 NPM publishable
 - 🏷️ Git tagging and committing
 - ✅ Validation of version sync
-- 🔌 **Extensible plugin system** for custom business logic
+- 🔌 **Extensible plugin system** for subdirectory-based extensions
+- 🔒 **Security Checks** with automatic Husky integration
+- 🧹 **Repository Cleanup** to keep root directory organized
 
 ## Installation
 
@@ -33,7 +35,7 @@ The versioning tool supports a **composable extension system** that allows you t
 - Implement custom versioning strategies
 
 Extensions are loaded automatically from:
-- Built-in extensions in the `src/extensions/` directory
+- Built-in extensions in subdirectories of `src/extensions/` (e.g. `src/extensions/reentry-status/index.ts`)
 - External packages listed in `versioning.config.json`
 
 ### Creating Extensions
@@ -172,20 +174,56 @@ versioning cleanup scan          # Dry-run scan of root
 versioning cleanup move          # Move files to configured destinations
 versioning cleanup restore       # Restore a moved file
 versioning cleanup config        # View/manage configuration
-versioning cleanup husky         # Setup git hook
+versioning cleanup husky         # Setup git hook (scan-only by default)
 ```
 
 Configuration (`versioning.config.json`):
 
 ```json
 {
-  "cleanup": {
-    "enabled": true,
-    "defaultDestination": "docs",
-    "allowlist": ["CHANGELOG.md"],
-    "routes": {
-      ".sh": "scripts",
-      ".json": "config"
+  "extensionConfig": {
+    "cleanup-repo": {
+      "enabled": true,
+      "defaultDestination": "docs",
+      "allowlist": ["CHANGELOG.md"],
+      "routes": {
+        ".sh": "scripts",
+        ".json": "config"
+      }
+    }
+  }
+}
+```
+
+#### Secrets Check Extension
+
+Prevents sensitive data (private keys, tokens, mnemonics) from being committed to the repository.
+
+Features:
+- **Pre-defined Patterns:** Detects AWS, GitHub, NPM tokens, private keys, and EVM mnemonics.
+- **Allowlist:** Ignore false positives or specific test keys.
+- **Husky Integration:** Easy CLI setup to block commits containing secrets.
+
+Commands:
+
+```bash
+versioning check-secrets         # Scan staged files for secrets
+versioning check-secrets husky   # Add blocking secrets check to pre-commit hook
+```
+
+Configuration (`versioning.config.json`):
+
+```json
+{
+  "extensionConfig": {
+    "secrets-check": {
+      "enabled": true,
+      "patterns": [
+        "CUSTOM_API_KEY=[0-9a-f]{32}"
+      ],
+      "allowlist": [
+        "ETHERSCAN_API_KEY=YOUR_KEY"
+      ]
     }
   }
 }

package/dist/extensions/{cleanup-repo-extension.d.ts → cleanup-repo/index.d.ts}

@@ -1,4 +1,4 @@
-import { VersioningExtension } from '../extensions';
+import { VersioningExtension } from '../../extensions';
 /**
  * The canonical cleanup configuration schema.
  * Everything the plugin needs lives here.
@@ -46,4 +46,4 @@ declare function loadCleanupConfig(rootConfig: any): CleanupRepoConfig;
 declare const extension: VersioningExtension;
 export { loadCleanupConfig, BUILTIN_ALLOWLIST, DEFAULT_EXTENSIONS, DEFAULT_ROUTES };
 export default extension;
-//# sourceMappingURL=cleanup-repo-extension.d.ts.map
+//# sourceMappingURL=index.d.ts.map

package/dist/extensions/{cleanup-repo-extension.js → cleanup-repo/index.js}

@@ -124,7 +124,7 @@ exports.DEFAULT_ROUTES = DEFAULT_ROUTES;
 //  CONFIG LOADER
 // ─────────────────────────────────────────────────────────────────
 function loadCleanupConfig(rootConfig) {
-    const raw = rootConfig?.cleanup ?? {};
+    const raw = rootConfig?.extensionConfig?.['cleanup-repo'] ?? rootConfig?.cleanup ?? {};
     return {
         enabled: raw.enabled !== false,
         defaultDestination: typeof raw.defaultDestination === 'string' ? raw.defaultDestination : 'docs',
@@ -262,7 +262,7 @@ const extension = {
                 return;
             }
             console.log('\n🔍 Repository Root Cleanup Scan\n');
-            console.log(`  Config: versioning.config.json → cleanup`);
+            console.log(`  Config: versioning.config.json → extensionConfig['cleanup-repo']`);
             console.log(`  Default destination: ${cfg.defaultDestination}/`);
             console.log(`  Extensions monitored: ${cfg.extensions.join(', ')}`);
             console.log(`  Allowlist (custom): ${cfg.allowlist.length > 0 ? cfg.allowlist.join(', ') : '—'}`);
@@ -390,23 +390,27 @@ const extension = {
             if (await fs.pathExists(configPath)) {
                 rawCfg = await fs.readJson(configPath);
             }
-            // Ensure cleanup section exists
-            if (!rawCfg.cleanup)
-                rawCfg.cleanup = {};
-            if (!Array.isArray(rawCfg.cleanup.allowlist))
-                rawCfg.cleanup.allowlist = [];
-            if (!Array.isArray(rawCfg.cleanup.denylist))
-                rawCfg.cleanup.denylist = [];
-            if (!rawCfg.cleanup.routes)
-                rawCfg.cleanup.routes = { ...DEFAULT_ROUTES };
-            if (!rawCfg.cleanup.extensions)
-                rawCfg.cleanup.extensions = [...DEFAULT_EXTENSIONS];
+            // Ensure extensionConfig section exists
+            if (!rawCfg.extensionConfig)
+                rawCfg.extensionConfig = {};
+            if (!rawCfg.extensionConfig['cleanup-repo']) {
+                rawCfg.extensionConfig['cleanup-repo'] = rawCfg.cleanup || {};
+            }
+            const extensionCfg = rawCfg.extensionConfig['cleanup-repo'];
+            if (!Array.isArray(extensionCfg.allowlist))
+                extensionCfg.allowlist = [];
+            if (!Array.isArray(extensionCfg.denylist))
+                extensionCfg.denylist = [];
+            if (!extensionCfg.routes)
+                extensionCfg.routes = { ...DEFAULT_ROUTES };
+            if (!extensionCfg.extensions)
+                extensionCfg.extensions = [...DEFAULT_EXTENSIONS];
             let modified = false;
             // ── --allow
             if (options.allow) {
                 const file = String(options.allow).trim();
-                if (!rawCfg.cleanup.allowlist.includes(file)) {
-                    rawCfg.cleanup.allowlist.push(file);
+                if (!extensionCfg.allowlist.includes(file)) {
+                    extensionCfg.allowlist.push(file);
                     modified = true;
                     console.log(`✅ Added "${file}" to cleanup.allowlist`);
                 }
@@ -417,8 +421,8 @@ const extension = {
             // ── --deny
             if (options.deny) {
                 const file = String(options.deny).trim();
-                if (!rawCfg.cleanup.denylist.includes(file)) {
-                    rawCfg.cleanup.denylist.push(file);
+                if (!extensionCfg.denylist.includes(file)) {
+                    extensionCfg.denylist.push(file);
                     modified = true;
                     console.log(`✅ Added "${file}" to cleanup.denylist`);
                 }
@@ -429,9 +433,9 @@ const extension = {
             // ── --unallow
             if (options.unallow) {
                 const file = String(options.unallow).trim();
-                const idx = rawCfg.cleanup.allowlist.indexOf(file);
+                const idx = extensionCfg.allowlist.indexOf(file);
                 if (idx !== -1) {
-                    rawCfg.cleanup.allowlist.splice(idx, 1);
+                    extensionCfg.allowlist.splice(idx, 1);
                     modified = true;
                     console.log(`✅ Removed "${file}" from cleanup.allowlist`);
                 }
@@ -442,9 +446,9 @@ const extension = {
             // ── --undeny
             if (options.undeny) {
                 const file = String(options.undeny).trim();
-                const idx = rawCfg.cleanup.denylist.indexOf(file);
+                const idx = extensionCfg.denylist.indexOf(file);
                 if (idx !== -1) {
-                    rawCfg.cleanup.denylist.splice(idx, 1);
+                    extensionCfg.denylist.splice(idx, 1);
                     modified = true;
                     console.log(`✅ Removed "${file}" from cleanup.denylist`);
                 }
@@ -464,15 +468,15 @@ const extension = {
                 const dest = mapping.slice(eqIdx + 1).trim();
                 if (!ext.startsWith('.'))
                     ext = `.${ext}`;
-                rawCfg.cleanup.routes[ext] = dest;
+                extensionCfg.routes[ext] = dest;
                 modified = true;
                 console.log(`✅ Added route: ${ext} → ${dest}/`);
             }
             // ── --set-dest
             if (options.setDest) {
-                rawCfg.cleanup.defaultDestination = String(options.setDest).trim();
+                extensionCfg.defaultDestination = String(options.setDest).trim();
                 modified = true;
-                console.log(`✅ Default destination set to "${rawCfg.cleanup.defaultDestination}"`);
+                console.log(`✅ Default destination set to "${extensionCfg.defaultDestination}"`);
             }
             // Write config if modified
             if (modified) {
@@ -626,16 +630,20 @@ async function updateHuskyConfig(configPath, enabled, hook, mode) {
     if (await fs.pathExists(fullPath)) {
         rawCfg = await fs.readJson(fullPath);
     }
-    if (!rawCfg.cleanup)
-        rawCfg.cleanup = {};
-    if (!rawCfg.cleanup.husky)
-        rawCfg.cleanup.husky = {};
-    rawCfg.cleanup.husky.enabled = enabled;
+    if (!rawCfg.extensionConfig)
+        rawCfg.extensionConfig = {};
+    if (!rawCfg.extensionConfig['cleanup-repo']) {
+        rawCfg.extensionConfig['cleanup-repo'] = rawCfg.cleanup || {};
+    }
+    const extensionCfg = rawCfg.extensionConfig['cleanup-repo'];
+    if (!extensionCfg.husky)
+        extensionCfg.husky = {};
+    extensionCfg.husky.enabled = enabled;
     if (hook)
-        rawCfg.cleanup.husky.hook = hook;
+        extensionCfg.husky.hook = hook;
     if (mode)
-        rawCfg.cleanup.husky.mode = mode;
+        extensionCfg.husky.mode = mode;
     await fs.writeJson(fullPath, rawCfg, { spaces: 2 });
 }
 exports.default = extension;
-//# sourceMappingURL=cleanup-repo-extension.js.map
+//# sourceMappingURL=index.js.map

package/dist/extensions/lifecycle-hooks/index.d.ts

@@ -0,0 +1,4 @@
+import { VersioningExtension } from '../../extensions';
+declare const extension: VersioningExtension;
+export default extension;
+//# sourceMappingURL=index.d.ts.map

package/dist/extensions/{lifecycle-hooks.js → lifecycle-hooks/index.js}

@@ -65,4 +65,4 @@ const extension = {
     }
 };
 exports.default = extension;
-//# sourceMappingURL=lifecycle-hooks.js.map
+//# sourceMappingURL=index.js.map

package/dist/extensions/npm-publish/index.d.ts

@@ -0,0 +1,4 @@
+import { VersioningExtension } from '../../extensions';
+declare const extension: VersioningExtension;
+export default extension;
+//# sourceMappingURL=index.d.ts.map

package/dist/extensions/{npm-publish.js → npm-publish/index.js}

@@ -178,4 +178,4 @@ async function publishToLocalRegistry(options) {
     console.log(`✅ Published to local registry: ${registry}`);
 }
 exports.default = extension;
-//# sourceMappingURL=npm-publish.js.map
+//# sourceMappingURL=index.js.map

package/dist/extensions/reentry-status/config-manager.js

@@ -84,7 +84,9 @@ function defaultFilesConfigForProject(project) {
 class ConfigManager {
     static loadConfig(rootConfig, project) {
         const canonicalProject = canonicalProjectKey(project);
-        const raw = (rootConfig && typeof rootConfig === 'object' ? rootConfig.reentryStatus : undefined);
+        // Try new extensionConfig location first, then fallback to root-level property
+        const extensionConfig = rootConfig?.extensionConfig?.['reentry-status'];
+        const raw = (extensionConfig ?? (rootConfig && typeof rootConfig === 'object' ? rootConfig.reentryStatus : undefined));
         const basePartial = { ...(raw ?? {}) };
         delete basePartial.projects;
         const projectPartial = canonicalProject && raw && typeof raw === 'object' && raw.projects && typeof raw.projects === 'object'

package/dist/extensions/reentry-status/constants.d.ts

@@ -1,4 +1,4 @@
-export declare const REENTRY_EXTENSION_NAME = "reentry-status-extension";
+export declare const REENTRY_EXTENSION_NAME = "reentry-status";
 export declare const REENTRY_STATUS_DIRNAME = ".versioning";
 export declare const REENTRY_STATUS_JSON_FILENAME = "reentry.status.json";
 export declare const REENTRY_STATUS_MD_FILENAME = "REENTRY.md";

package/dist/extensions/reentry-status/constants.js

@@ -1,7 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.ROADMAP_MD_FILENAME = exports.REENTRY_STATUS_MD_FILENAME = exports.REENTRY_STATUS_JSON_FILENAME = exports.REENTRY_STATUS_DIRNAME = exports.REENTRY_EXTENSION_NAME = void 0;
-exports.REENTRY_EXTENSION_NAME = 'reentry-status-extension';
+exports.REENTRY_EXTENSION_NAME = 'reentry-status';
 exports.REENTRY_STATUS_DIRNAME = '.versioning';
 exports.REENTRY_STATUS_JSON_FILENAME = 'reentry.status.json';
 exports.REENTRY_STATUS_MD_FILENAME = 'REENTRY.md';

package/dist/extensions/reentry-status/extension.d.ts

@@ -0,0 +1,4 @@
+import { VersioningExtension } from '../../extensions';
+declare const extension: VersioningExtension;
+export default extension;
+//# sourceMappingURL=extension.d.ts.map

package/dist/extensions/{reentry-status-extension.js → reentry-status/extension.js}

@@ -36,19 +36,19 @@ Object.defineProperty(exports, "__esModule", { value: true });
 const commander_1 = require("commander");
 const fs = __importStar(require("fs-extra"));
 const path = __importStar(require("path"));
-const config_manager_1 = require("./reentry-status/config-manager");
-const constants_1 = require("./reentry-status/constants");
-const file_manager_1 = require("./reentry-status/file-manager");
-const dirty_detection_1 = require("./reentry-status/dirty-detection");
-const github_rest_client_1 = require("./reentry-status/github-rest-client");
-const github_sync_adapter_1 = require("./reentry-status/github-sync-adapter");
-const obsidian_cli_client_1 = require("./reentry-status/obsidian-cli-client");
-const obsidian_sync_adapter_1 = require("./reentry-status/obsidian-sync-adapter");
-const roadmap_parser_1 = require("./reentry-status/roadmap-parser");
-const roadmap_renderer_1 = require("./reentry-status/roadmap-renderer");
-const status_renderer_1 = require("./reentry-status/status-renderer");
-const reentry_status_manager_1 = require("./reentry-status/reentry-status-manager");
-const git_context_1 = require("./reentry-status/git-context");
+const config_manager_1 = require("./config-manager");
+const constants_1 = require("./constants");
+const file_manager_1 = require("./file-manager");
+const dirty_detection_1 = require("./dirty-detection");
+const github_rest_client_1 = require("./github-rest-client");
+const github_sync_adapter_1 = require("./github-sync-adapter");
+const obsidian_cli_client_1 = require("./obsidian-cli-client");
+const obsidian_sync_adapter_1 = require("./obsidian-sync-adapter");
+const roadmap_parser_1 = require("./roadmap-parser");
+const roadmap_renderer_1 = require("./roadmap-renderer");
+const status_renderer_1 = require("./status-renderer");
+const reentry_status_manager_1 = require("./reentry-status-manager");
+const git_context_1 = require("./git-context");
 const extension = {
     name: constants_1.REENTRY_EXTENSION_NAME,
     description: 'Maintains canonical re-entry status and synchronizes to files, GitHub Issues, and Obsidian notes',
@@ -672,4 +672,4 @@ const extension = {
     }
 };
 exports.default = extension;
-//# sourceMappingURL=reentry-status-extension.js.map
+//# sourceMappingURL=extension.js.map

package/dist/extensions/reentry-status/index.d.ts

@@ -12,4 +12,6 @@ export * from './roadmap-renderer';
 export * from './git-context';
 export * from './reentry-status-manager';
 export * from './status-renderer';
+import extension from './extension';
+export default extension;
 //# sourceMappingURL=index.d.ts.map

package/dist/extensions/reentry-status/index.js

@@ -13,6 +13,9 @@ var __createBinding = (this && this.__createBinding) || (Object.create ? (functi
 var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
 Object.defineProperty(exports, "__esModule", { value: true });
 __exportStar(require("./constants"), exports);
 __exportStar(require("./config-manager"), exports);
@@ -28,4 +31,6 @@ __exportStar(require("./roadmap-renderer"), exports);
 __exportStar(require("./git-context"), exports);
 __exportStar(require("./reentry-status-manager"), exports);
 __exportStar(require("./status-renderer"), exports);
+const extension_1 = __importDefault(require("./extension"));
+exports.default = extension_1.default;
 //# sourceMappingURL=index.js.map

package/dist/extensions/sample-extension/index.d.ts

@@ -0,0 +1,4 @@
+import { VersioningExtension } from '../../extensions';
+declare const extension: VersioningExtension;
+export default extension;
+//# sourceMappingURL=index.d.ts.map

package/dist/extensions/{sample-extension.js → sample-extension/index.js}

@@ -51,4 +51,4 @@ const extension = {
     }
 };
 exports.default = extension;
-//# sourceMappingURL=sample-extension.js.map
+//# sourceMappingURL=index.js.map

package/dist/extensions/secrets-check/index.d.ts

@@ -0,0 +1,16 @@
+import { VersioningExtension } from '../../extensions';
+export interface SecretCheckResult {
+    file: string;
+    line: number;
+    content: string;
+    pattern: string;
+}
+export interface SecretsConfig {
+    enabled?: boolean;
+    patterns?: string[];
+    allowlist?: string[];
+}
+export declare function checkContentForSecrets(content: string, patterns: RegExp[], allowlist: string[], filename: string): SecretCheckResult[];
+declare const extension: VersioningExtension;
+export default extension;
+//# sourceMappingURL=index.d.ts.map

package/dist/extensions/secrets-check/index.js

@@ -0,0 +1,264 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.checkContentForSecrets = checkContentForSecrets;
+const child_process_1 = require("child_process");
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+// Definition of patterns to search for
+// Each pattern is a regex
+const DEFAULT_PATTERNS = [
+    // PEM / JSON private keys
+    new RegExp('-----BEGIN ' + 'PRIVATE KEY-----'),
+    new RegExp('-----BEGIN ' + 'RSA PRIVATE KEY-----'),
+    /"private_key":\s*"/,
+    /"private_key_id":\s*"/,
+    // Cloud / API tokens
+    /AIza[0-9A-Za-z\-_]{35}/,
+    /ghp_[0-9A-Za-z]{36}/,
+    /npm_[0-9A-Za-z]{36}/,
+    // Ethereum / EVM hex private keys
+    /PRIVATE_DEPLOYER=[0-9a-fA-F]{40,}/,
+    /DEPLOYER_PRIVATE_KEY=0x[0-9a-fA-F]{40,}/,
+    /PRIVATE_KEY=[0-9a-fA-F]{64}/,
+    /_KEY=0x[0-9a-fA-F]{64}/,
+    /cast wallet address 0x[0-9a-fA-F]{64}/,
+    // Seed phrases
+    /MNEMONIC=.{20,}/
+];
+// Allowlist patterns that are safe
+const DEFAULT_ALLOWLIST = [
+    "POOL_MANAGER_ADDRESS=",
+    "HOOK_OWNER=",
+    "NEXT_PUBLIC_",
+    "ETHERSCAN_API_KEY=YOUR_",
+    "RPC_URL=",
+    "YOUR_DEPLOYER_PRIVATE_KEY",
+    "YOUR_LOCAL_PRIVATE_KEY",
+    "YOUR_TESTNET_PRIVATE_KEY",
+    "your_private_key_here"
+];
+function checkContentForSecrets(content, patterns, allowlist, filename) {
+    const results = [];
+    const lines = content.split('\n');
+    for (let i = 0; i < lines.length; i++) {
+        const line = lines[i];
+        for (const pattern of patterns) {
+            if (pattern.test(line)) {
+                // Check allowance
+                let isAllowed = false;
+                for (const allow of allowlist) {
+                    if (line.includes(allow)) {
+                        isAllowed = true;
+                        break;
+                    }
+                }
+                if (!isAllowed) {
+                    results.push({
+                        file: filename,
+                        line: i + 1,
+                        content: line.trim(),
+                        pattern: pattern.toString()
+                    });
+                }
+            }
+        }
+    }
+    return results;
+}
+const extension = {
+    name: 'secrets-check',
+    description: 'Checks for hardcoded secrets and private keys in staged files',
+    version: '1.1.0',
+    register: async (program, config) => {
+        // Try to get config from extensionConfig first, fallback to top-level secrets for backcompat
+        const extensionConfig = config.extensionConfig?.['secrets-check'];
+        const secretsConfig = extensionConfig || config.secrets || {};
+        if (secretsConfig.enabled === false) {
+            return;
+        }
+        // Merge patterns
+        const patterns = [...DEFAULT_PATTERNS];
+        if (secretsConfig.patterns) {
+            for (const p of secretsConfig.patterns) {
+                try {
+                    patterns.push(new RegExp(p));
+                }
+                catch (e) {
+                    console.warn(`⚠️  Invalid regex pattern in config: ${p}`);
+                }
+            }
+        }
+        // Merge allowlist
+        const allowlist = [...DEFAULT_ALLOWLIST];
+        if (secretsConfig.allowlist) {
+            allowlist.push(...secretsConfig.allowlist);
+        }
+        const secretsCmd = program
+            .command('check-secrets')
+            .description('Scan staged files for potential secrets')
+            .action(async () => {
+            await runSecretsCheck();
+        });
+        secretsCmd
+            .command('husky')
+            .description('Add secrets check to Husky pre-commit hook')
+            .option('--remove', 'Remove secrets check from Husky hook', false)
+            .action(async (options) => {
+            const rootDir = process.cwd();
+            const huskyDir = path.join(rootDir, '.husky');
+            const hookPath = path.join(huskyDir, 'pre-commit');
+            const MARKER_START = '# === secrets-check: start ===';
+            const MARKER_END = '# === secrets-check: end ===';
+            if (options.remove) {
+                if (!fs.existsSync(hookPath)) {
+                    console.log('ℹ️  Hook pre-commit does not exist.');
+                    return;
+                }
+                const content = fs.readFileSync(hookPath, 'utf8');
+                const startIdx = content.indexOf(MARKER_START);
+                const endIdx = content.indexOf(MARKER_END);
+                if (startIdx === -1 || endIdx === -1) {
+                    console.log('ℹ️  No secrets-check block found in pre-commit.');
+                    return;
+                }
+                const before = content.slice(0, startIdx).trimEnd();
+                const after = content.slice(endIdx + MARKER_END.length).trimStart();
+                const updated = [before, '', after].join('\n').replace(/\n{3,}/g, '\n\n').trim() + '\n';
+                fs.writeFileSync(hookPath, updated, 'utf8');
+                console.log('✅ Removed secrets check from .husky/pre-commit');
+                return;
+            }
+            // Add cleanup block to hook
+            if (!fs.existsSync(huskyDir)) {
+                fs.mkdirSync(huskyDir, { recursive: true });
+            }
+            const block = [
+                '',
+                MARKER_START,
+                'echo "🔒 Running secrets check…"',
+                'npx versioning check-secrets 2>/dev/null',
+                MARKER_END,
+                ''
+            ].join('\n');
+            if (fs.existsSync(hookPath)) {
+                const existing = fs.readFileSync(hookPath, 'utf8');
+                if (existing.includes(MARKER_START)) {
+                    console.log('ℹ️  Secrets check is already integrated in .husky/pre-commit.');
+                    return;
+                }
+                const updated = existing.trimEnd() + '\n' + block;
+                fs.writeFileSync(hookPath, updated, 'utf8');
+            }
+            else {
+                const content = [
+                    '#!/bin/sh',
+                    '. "$(dirname "$0")/_/husky.sh"',
+                    '',
+                    block
+                ].join('\n');
+                fs.writeFileSync(hookPath, content, { mode: 0o755 });
+            }
+            console.log('✅ Secrets check integrated into .husky/pre-commit');
+        });
+        async function runSecretsCheck() {
+            try {
+                console.log("🔒 Scanning for secrets...");
+                let failed = false;
+                // Get list of staged files
+                let output = '';
+                try {
+                    output = (0, child_process_1.execSync)('git diff --cached --name-only --diff-filter=ACMR', { encoding: 'utf-8' });
+                }
+                catch (e) {
+                    // If not in a git repo or no staged files, just return
+                    console.log("⚠️  Not a git repository or git error.");
+                    return;
+                }
+                const files = output.split('\n').filter(f => f.trim() !== '');
+                if (files.length === 0) {
+                    console.log("✅ No staged files to check.");
+                    return;
+                }
+                for (const relativePath of files) {
+                    const filePath = path.resolve(process.cwd(), relativePath);
+                    // Skip check if file doesn't exist (deleted)
+                    if (!fs.existsSync(filePath)) {
+                        continue;
+                    }
+                    // Skip lock files
+                    if (relativePath.includes('lock.yaml') || relativePath.includes('lock.json')) {
+                        continue;
+                    }
+                    // Read file content
+                    let content = '';
+                    try {
+                        content = fs.readFileSync(filePath, 'utf-8');
+                    }
+                    catch (e) {
+                        console.warn(`⚠️  Could not read file ${relativePath}:`, e);
+                        continue;
+                    }
+                    const findings = checkContentForSecrets(content, patterns, allowlist, relativePath);
+                    if (findings.length > 0) {
+                        failed = true;
+                        for (const finding of findings) {
+                            console.log(`❌ POTENTIAL SECRET FOUND in ${finding.file}:${finding.line}`);
+                            console.log(`   ${finding.content}`);
+                            console.log(`   (matched pattern: ${finding.pattern})`);
+                        }
+                    }
+                }
+                if (failed) {
+                    console.log("----------------------------------------------------");
+                    console.log("⛔ COMMIT REJECTED");
+                    console.log("Sensitive data was found in the staged files.");
+                    console.log("Please remove the secrets before committing.");
+                    console.log("----------------------------------------------------");
+                    process.exit(1);
+                }
+                else {
+                    console.log("✅ No secrets found.");
+                }
+            }
+            catch (error) {
+                console.error('❌ Check failed:', error instanceof Error ? error.message : String(error));
+                process.exit(1);
+            }
+        }
+    }
+};
+exports.default = extension;
+//# sourceMappingURL=index.js.map

package/dist/extensions.js

@@ -81,24 +81,36 @@ async function loadExtensions(program) {
         if (await fs.pathExists(extensionsDir)) {
             const extensionFiles = await fs.readdir(extensionsDir);
             for (const file of extensionFiles) {
-                if (file.endsWith('.js')) {
-                    try {
-                        const extensionPath = path.join(extensionsDir, file);
-                        const extensionModule = require(extensionPath);
-                        const extension = extensionModule.default || extensionModule;
-                        if (extension && typeof extension.register === 'function') {
-                            await extension.register(program, config);
-                            // Register hooks if available
-                            if (extension.hooks) {
-                                context.hooks.push(extension.hooks);
-                            }
-                            console.log(`✅ Loaded extension: ${extension.name}@${extension.version}`);
-                        }
+                let extensionPath = path.join(extensionsDir, file);
+                const stats = await fs.stat(extensionPath);
+                if (stats.isDirectory()) {
+                    // Check for index.js in directory
+                    const indexPath = path.join(extensionPath, 'index.js');
+                    if (await fs.pathExists(indexPath)) {
+                        extensionPath = indexPath;
                     }
-                    catch (error) {
-                        console.warn(`⚠️  Failed to load extension ${file}:`, error instanceof Error ? error.message : String(error));
+                    else {
+                        continue;
                     }
                 }
+                else if (!file.endsWith('.js')) {
+                    continue;
+                }
+                try {
+                    const extensionModule = require(extensionPath);
+                    const extension = extensionModule.default || extensionModule;
+                    if (extension && typeof extension.register === 'function') {
+                        await extension.register(program, config);
+                        // Register hooks if available
+                        if (extension.hooks) {
+                            context.hooks.push(extension.hooks);
+                        }
+                        console.log(`✅ Loaded extension: ${extension.name}@${extension.version}`);
+                    }
+                }
+                catch (error) {
+                    console.warn(`⚠️  Failed to load extension ${file}:`, error instanceof Error ? error.message : String(error));
+                }
             }
         }
         // Note: External extensions from config.extensions are not yet implemented

package/dist/versioning.d.ts

@@ -4,6 +4,7 @@ export interface VersionConfig {
     packages: string[];
     changelogFile?: string;
     conventionalCommits?: boolean;
+    extensionConfig?: Record<string, any>;
 }
 export declare class VersionManager {
     private config;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@edcalderon/versioning",
-  "version": "1.2.0",
+  "version": "1.3.0",
   "description": "A comprehensive versioning and changelog management tool for monorepos",
   "main": "dist/index.js",
   "bin": {

package/dist/extensions/lifecycle-hooks.d.ts

@@ -1,4 +0,0 @@
-import { VersioningExtension } from '../extensions';
-declare const extension: VersioningExtension;
-export default extension;
-//# sourceMappingURL=lifecycle-hooks.d.ts.map

package/dist/extensions/npm-publish.d.ts

@@ -1,4 +0,0 @@
-import { VersioningExtension } from '../extensions';
-declare const extension: VersioningExtension;
-export default extension;
-//# sourceMappingURL=npm-publish.d.ts.map

package/dist/extensions/reentry-status-extension.d.ts

@@ -1,4 +0,0 @@
-import { VersioningExtension } from '../extensions';
-declare const extension: VersioningExtension;
-export default extension;
-//# sourceMappingURL=reentry-status-extension.d.ts.map

package/dist/extensions/sample-extension.d.ts

@@ -1,4 +0,0 @@
-import { VersioningExtension } from '../extensions';
-declare const extension: VersioningExtension;
-export default extension;
-//# sourceMappingURL=sample-extension.d.ts.map