@edcalderon/versioning 1.2.0 → 1.3.1

package/dist/extensions/secrets-check/index.js

@@ -0,0 +1,264 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.checkContentForSecrets = checkContentForSecrets;
+const child_process_1 = require("child_process");
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+// Definition of patterns to search for
+// Each pattern is a regex
+const DEFAULT_PATTERNS = [
+    // PEM / JSON private keys
+    new RegExp('-----BEGIN ' + 'PRIVATE KEY-----'),
+    new RegExp('-----BEGIN ' + 'RSA PRIVATE KEY-----'),
+    /"private_key":\s*"/,
+    /"private_key_id":\s*"/,
+    // Cloud / API tokens
+    /AIza[0-9A-Za-z\-_]{35}/,
+    /ghp_[0-9A-Za-z]{36}/,
+    /npm_[0-9A-Za-z]{36}/,
+    // Ethereum / EVM hex private keys
+    /PRIVATE_DEPLOYER=[0-9a-fA-F]{40,}/,
+    /DEPLOYER_PRIVATE_KEY=0x[0-9a-fA-F]{40,}/,
+    /PRIVATE_KEY=[0-9a-fA-F]{64}/,
+    /_KEY=0x[0-9a-fA-F]{64}/,
+    /cast wallet address 0x[0-9a-fA-F]{64}/,
+    // Seed phrases
+    /MNEMONIC=.{20,}/
+];
+// Allowlist patterns that are safe
+const DEFAULT_ALLOWLIST = [
+    "POOL_MANAGER_ADDRESS=",
+    "HOOK_OWNER=",
+    "NEXT_PUBLIC_",
+    "ETHERSCAN_API_KEY=YOUR_",
+    "RPC_URL=",
+    "YOUR_DEPLOYER_PRIVATE_KEY",
+    "YOUR_LOCAL_PRIVATE_KEY",
+    "YOUR_TESTNET_PRIVATE_KEY",
+    "your_private_key_here"
+];
+function checkContentForSecrets(content, patterns, allowlist, filename) {
+    const results = [];
+    const lines = content.split('\n');
+    for (let i = 0; i < lines.length; i++) {
+        const line = lines[i];
+        for (const pattern of patterns) {
+            if (pattern.test(line)) {
+                // Check allowance
+                let isAllowed = false;
+                for (const allow of allowlist) {
+                    if (line.includes(allow)) {
+                        isAllowed = true;
+                        break;
+                    }
+                }
+                if (!isAllowed) {
+                    results.push({
+                        file: filename,
+                        line: i + 1,
+                        content: line.trim(),
+                        pattern: pattern.toString()
+                    });
+                }
+            }
+        }
+    }
+    return results;
+}
+const extension = {
+    name: 'secrets-check',
+    description: 'Checks for hardcoded secrets and private keys in staged files',
+    version: '1.1.0',
+    register: async (program, config) => {
+        // Try to get config from extensionConfig first, fallback to top-level secrets for backcompat
+        const extensionConfig = config.extensionConfig?.['secrets-check'];
+        const secretsConfig = extensionConfig || config.secrets || {};
+        if (secretsConfig.enabled === false) {
+            return;
+        }
+        // Merge patterns
+        const patterns = [...DEFAULT_PATTERNS];
+        if (secretsConfig.patterns) {
+            for (const p of secretsConfig.patterns) {
+                try {
+                    patterns.push(new RegExp(p));
+                }
+                catch (e) {
+                    console.warn(`⚠️  Invalid regex pattern in config: ${p}`);
+                }
+            }
+        }
+        // Merge allowlist
+        const allowlist = [...DEFAULT_ALLOWLIST];
+        if (secretsConfig.allowlist) {
+            allowlist.push(...secretsConfig.allowlist);
+        }
+        const secretsCmd = program
+            .command('check-secrets')
+            .description('Scan staged files for potential secrets')
+            .action(async () => {
+            await runSecretsCheck();
+        });
+        secretsCmd
+            .command('husky')
+            .description('Add secrets check to Husky pre-commit hook')
+            .option('--remove', 'Remove secrets check from Husky hook', false)
+            .action(async (options) => {
+            const rootDir = process.cwd();
+            const huskyDir = path.join(rootDir, '.husky');
+            const hookPath = path.join(huskyDir, 'pre-commit');
+            const MARKER_START = '# === secrets-check: start ===';
+            const MARKER_END = '# === secrets-check: end ===';
+            if (options.remove) {
+                if (!fs.existsSync(hookPath)) {
+                    console.log('ℹ️  Hook pre-commit does not exist.');
+                    return;
+                }
+                const content = fs.readFileSync(hookPath, 'utf8');
+                const startIdx = content.indexOf(MARKER_START);
+                const endIdx = content.indexOf(MARKER_END);
+                if (startIdx === -1 || endIdx === -1) {
+                    console.log('ℹ️  No secrets-check block found in pre-commit.');
+                    return;
+                }
+                const before = content.slice(0, startIdx).trimEnd();
+                const after = content.slice(endIdx + MARKER_END.length).trimStart();
+                const updated = [before, '', after].join('\n').replace(/\n{3,}/g, '\n\n').trim() + '\n';
+                fs.writeFileSync(hookPath, updated, 'utf8');
+                console.log('✅ Removed secrets check from .husky/pre-commit');
+                return;
+            }
+            // Add cleanup block to hook
+            if (!fs.existsSync(huskyDir)) {
+                fs.mkdirSync(huskyDir, { recursive: true });
+            }
+            const block = [
+                '',
+                MARKER_START,
+                'echo "🔒 Running secrets check…"',
+                'npx versioning check-secrets 2>/dev/null',
+                MARKER_END,
+                ''
+            ].join('\n');
+            if (fs.existsSync(hookPath)) {
+                const existing = fs.readFileSync(hookPath, 'utf8');
+                if (existing.includes(MARKER_START)) {
+                    console.log('ℹ️  Secrets check is already integrated in .husky/pre-commit.');
+                    return;
+                }
+                const updated = existing.trimEnd() + '\n' + block;
+                fs.writeFileSync(hookPath, updated, 'utf8');
+            }
+            else {
+                const content = [
+                    '#!/bin/sh',
+                    '. "$(dirname "$0")/_/husky.sh"',
+                    '',
+                    block
+                ].join('\n');
+                fs.writeFileSync(hookPath, content, { mode: 0o755 });
+            }
+            console.log('✅ Secrets check integrated into .husky/pre-commit');
+        });
+        async function runSecretsCheck() {
+            try {
+                console.log("🔒 Scanning for secrets...");
+                let failed = false;
+                // Get list of staged files
+                let output = '';
+                try {
+                    output = (0, child_process_1.execSync)('git diff --cached --name-only --diff-filter=ACMR', { encoding: 'utf-8' });
+                }
+                catch (e) {
+                    // If not in a git repo or no staged files, just return
+                    console.log("⚠️  Not a git repository or git error.");
+                    return;
+                }
+                const files = output.split('\n').filter(f => f.trim() !== '');
+                if (files.length === 0) {
+                    console.log("✅ No staged files to check.");
+                    return;
+                }
+                for (const relativePath of files) {
+                    const filePath = path.resolve(process.cwd(), relativePath);
+                    // Skip check if file doesn't exist (deleted)
+                    if (!fs.existsSync(filePath)) {
+                        continue;
+                    }
+                    // Skip lock files
+                    if (relativePath.includes('lock.yaml') || relativePath.includes('lock.json')) {
+                        continue;
+                    }
+                    // Read file content
+                    let content = '';
+                    try {
+                        content = fs.readFileSync(filePath, 'utf-8');
+                    }
+                    catch (e) {
+                        console.warn(`⚠️  Could not read file ${relativePath}:`, e);
+                        continue;
+                    }
+                    const findings = checkContentForSecrets(content, patterns, allowlist, relativePath);
+                    if (findings.length > 0) {
+                        failed = true;
+                        for (const finding of findings) {
+                            console.log(`❌ POTENTIAL SECRET FOUND in ${finding.file}:${finding.line}`);
+                            console.log(`   ${finding.content}`);
+                            console.log(`   (matched pattern: ${finding.pattern})`);
+                        }
+                    }
+                }
+                if (failed) {
+                    console.log("----------------------------------------------------");
+                    console.log("⛔ COMMIT REJECTED");
+                    console.log("Sensitive data was found in the staged files.");
+                    console.log("Please remove the secrets before committing.");
+                    console.log("----------------------------------------------------");
+                    process.exit(1);
+                }
+                else {
+                    console.log("✅ No secrets found.");
+                }
+            }
+            catch (error) {
+                console.error('❌ Check failed:', error instanceof Error ? error.message : String(error));
+                process.exit(1);
+            }
+        }
+    }
+};
+exports.default = extension;
+//# sourceMappingURL=index.js.map

package/dist/extensions.js

@@ -81,24 +81,36 @@ async function loadExtensions(program) {
         if (await fs.pathExists(extensionsDir)) {
             const extensionFiles = await fs.readdir(extensionsDir);
             for (const file of extensionFiles) {
-                if (file.endsWith('.js')) {
-                    try {
-                        const extensionPath = path.join(extensionsDir, file);
-                        const extensionModule = require(extensionPath);
-                        const extension = extensionModule.default || extensionModule;
-                        if (extension && typeof extension.register === 'function') {
-                            await extension.register(program, config);
-                            // Register hooks if available
-                            if (extension.hooks) {
-                                context.hooks.push(extension.hooks);
-                            }
-                            console.log(`✅ Loaded extension: ${extension.name}@${extension.version}`);
-                        }
+                let extensionPath = path.join(extensionsDir, file);
+                const stats = await fs.stat(extensionPath);
+                if (stats.isDirectory()) {
+                    // Check for index.js in directory
+                    const indexPath = path.join(extensionPath, 'index.js');
+                    if (await fs.pathExists(indexPath)) {
+                        extensionPath = indexPath;
                     }
-                    catch (error) {
-                        console.warn(`⚠️  Failed to load extension ${file}:`, error instanceof Error ? error.message : String(error));
+                    else {
+                        continue;
                     }
                 }
+                else if (!file.endsWith('.js')) {
+                    continue;
+                }
+                try {
+                    const extensionModule = require(extensionPath);
+                    const extension = extensionModule.default || extensionModule;
+                    if (extension && typeof extension.register === 'function') {
+                        await extension.register(program, config);
+                        // Register hooks if available
+                        if (extension.hooks) {
+                            context.hooks.push(extension.hooks);
+                        }
+                        console.log(`✅ Loaded extension: ${extension.name}@${extension.version}`);
+                    }
+                }
+                catch (error) {
+                    console.warn(`⚠️  Failed to load extension ${file}:`, error instanceof Error ? error.message : String(error));
+                }
             }
         }
         // Note: External extensions from config.extensions are not yet implemented

package/dist/release.d.ts

@@ -17,17 +17,21 @@ export declare class ReleaseManager {
         skipSync?: boolean;
     }): Promise<void>;
     private publishPackages;
-    patchRelease(options?: {
-        packages?: string[];
-        message?: string;
-    }): Promise<string>;
-    minorRelease(options?: {
-        packages?: string[];
-        message?: string;
-    }): Promise<string>;
-    majorRelease(options?: {
-        packages?: string[];
-        message?: string;
-    }): Promise<string>;
+    patchRelease(options?: ReleaseOptions): Promise<string>;
+    minorRelease(options?: ReleaseOptions): Promise<string>;
+    majorRelease(options?: ReleaseOptions): Promise<string>;
+    private shouldUseBranchAwareFlow;
+    private releaseBranchAware;
+}
+interface ReleaseOptions {
+    message?: string;
+    packages?: string[];
+    skipSync?: boolean;
+    branchAware?: boolean;
+    forceBranchAware?: boolean;
+    targetBranch?: string;
+    format?: string;
+    build?: number;
 }
+export {};
 //# sourceMappingURL=release.d.ts.map

package/dist/release.js

@@ -81,21 +81,55 @@ class ReleaseManager {
         console.log('Publishing packages:', packages || 'all');
     }
     async patchRelease(options = {}) {
-        const currentVersion = await this.config.versionManager.getCurrentVersion();
+        if (this.shouldUseBranchAwareFlow(options)) {
+            return await this.releaseBranchAware('patch', options);
+        }
         const newVersion = await this.config.versionManager.bumpVersion('patch');
         await this.release(newVersion, options);
         return newVersion;
     }
     async minorRelease(options = {}) {
+        if (this.shouldUseBranchAwareFlow(options)) {
+            return await this.releaseBranchAware('minor', options);
+        }
         const newVersion = await this.config.versionManager.bumpVersion('minor');
         await this.release(newVersion, options);
         return newVersion;
     }
     async majorRelease(options = {}) {
+        if (this.shouldUseBranchAwareFlow(options)) {
+            return await this.releaseBranchAware('major', options);
+        }
         const newVersion = await this.config.versionManager.bumpVersion('major');
         await this.release(newVersion, options);
         return newVersion;
     }
+    shouldUseBranchAwareFlow(options) {
+        return options.branchAware === true
+            || options.forceBranchAware === true
+            || typeof options.targetBranch === 'string'
+            || typeof options.format === 'string'
+            || typeof options.build === 'number';
+    }
+    async releaseBranchAware(releaseType, options) {
+        const result = await this.config.versionManager.bumpVersionBranchAware(releaseType, {
+            targetBranch: options.targetBranch,
+            forceBranchAware: options.forceBranchAware,
+            format: options.format,
+            build: options.build
+        });
+        await this.config.changelogManager.generate();
+        if (this.config.createCommit) {
+            await this.config.versionManager.commitChanges(result.version);
+        }
+        if (this.config.createTag) {
+            await this.config.versionManager.createGitTagWithFormat(result.version, result.tagFormat, options.message);
+        }
+        if (this.config.publish) {
+            await this.publishPackages(options.packages);
+        }
+        return result.version;
+    }
 }
 exports.ReleaseManager = ReleaseManager;
 //# sourceMappingURL=release.js.map

package/dist/versioning.d.ts

@@ -1,9 +1,37 @@
 import * as semver from 'semver';
+export interface BranchRuleConfig {
+    versionFormat?: 'semantic' | 'dev' | 'feature' | 'hotfix' | string;
+    tagFormat?: string;
+    syncFiles?: string[];
+    environment?: string;
+    bumpStrategy?: 'semantic' | 'dev-build' | 'feature-branch' | 'hotfix' | string;
+}
+export interface BranchAwarenessConfig {
+    enabled?: boolean;
+    defaultBranch?: string;
+    branches?: Record<string, BranchRuleConfig>;
+}
+export interface BranchAwareBumpOptions {
+    targetBranch?: string;
+    forceBranchAware?: boolean;
+    format?: string;
+    build?: number;
+}
+export interface BranchAwareBumpResult {
+    version: string;
+    branch: string;
+    matchPattern: string;
+    versionFormat: string;
+    tagFormat: string;
+    syncFiles: string[];
+}
 export interface VersionConfig {
     rootPackageJson: string;
     packages: string[];
     changelogFile?: string;
     conventionalCommits?: boolean;
+    extensionConfig?: Record<string, any>;
+    branchAwareness?: BranchAwarenessConfig;
 }
 export declare class VersionManager {
     private config;
@@ -11,9 +39,30 @@ export declare class VersionManager {
     constructor(config: VersionConfig);
     getCurrentVersion(): Promise<string>;
     bumpVersion(releaseType: semver.ReleaseType, preRelease?: string): Promise<string>;
+    bumpVersionBranchAware(releaseType: semver.ReleaseType, options?: BranchAwareBumpOptions): Promise<BranchAwareBumpResult>;
     updateVersion(newVersion: string): Promise<void>;
     private updatePackageJson;
     createGitTag(version: string, message?: string): Promise<void>;
+    createGitTagWithFormat(version: string, tagFormat?: string, message?: string): Promise<string>;
     commitChanges(version: string): Promise<void>;
+    private getCurrentBranch;
+    private resolveBranchConfig;
+    private getBranchAwarenessConfig;
+    private getDefaultBranchRules;
+    private normalizeBranchRule;
+    private getDefaultBumpStrategy;
+    private buildBranchAwareVersion;
+    private shouldBumpSemantic;
+    private coerceBaseVersion;
+    private incrementSemanticVersion;
+    private resolveBuildNumber;
+    private getDefaultSyncFiles;
+    private applyVersionFormat;
+    private extractBuildNumber;
+    private readVersionFromFile;
+    private updateVersionFile;
+    private matchesPattern;
+    private escapeRegex;
+    private renderTag;
 }
 //# sourceMappingURL=versioning.d.ts.map