@geekmidas/cli 0.29.0 → 0.31.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@geekmidas/cli",
-  "version": "0.29.0",
+  "version": "0.31.0",
   "description": "CLI tools for building Lambda handlers, server applications, and generating OpenAPI specs",
   "private": false,
   "type": "module",
@@ -48,11 +48,11 @@
     "lodash.kebabcase": "^4.1.1",
     "openapi-typescript": "^7.4.2",
     "prompts": "~2.4.2",
-    "@geekmidas/errors": "~0.1.0",
-    "@geekmidas/envkit": "~0.4.0",
     "@geekmidas/constructs": "~0.6.0",
+    "@geekmidas/errors": "~0.1.0",
+    "@geekmidas/logger": "~0.4.0",
     "@geekmidas/schema": "~0.1.0",
-    "@geekmidas/logger": "~0.4.0"
+    "@geekmidas/envkit": "~0.5.0"
   },
   "devDependencies": {
     "@types/lodash.kebabcase": "^4.1.9",

package/src/dev/__tests__/entry.spec.ts

@@ -0,0 +1,140 @@
+import { mkdir, readFile, rm } from 'node:fs/promises';
+import { tmpdir } from 'node:os';
+import { join } from 'node:path';
+import { afterEach, beforeEach, describe, expect, it } from 'vitest';
+import { createEntryWrapper, findSecretsRoot } from '../index';
+
+describe('findSecretsRoot', () => {
+	let testDir: string;
+
+	beforeEach(async () => {
+		testDir = join(tmpdir(), `gkm-test-${Date.now()}-${Math.random().toString(36).slice(2)}`);
+		await mkdir(testDir, { recursive: true });
+	});
+
+	afterEach(async () => {
+		await rm(testDir, { recursive: true, force: true });
+	});
+
+	it('should return startDir when no .gkm/secrets exists', () => {
+		const result = findSecretsRoot(testDir);
+		expect(result).toBe(testDir);
+	});
+
+	it('should find secrets in current directory', async () => {
+		await mkdir(join(testDir, '.gkm', 'secrets'), { recursive: true });
+
+		const result = findSecretsRoot(testDir);
+		expect(result).toBe(testDir);
+	});
+
+	it('should find secrets in parent directory', async () => {
+		const childDir = join(testDir, 'apps', 'auth');
+		await mkdir(childDir, { recursive: true });
+		await mkdir(join(testDir, '.gkm', 'secrets'), { recursive: true });
+
+		const result = findSecretsRoot(childDir);
+		expect(result).toBe(testDir);
+	});
+
+	it('should find secrets in grandparent directory', async () => {
+		const grandchildDir = join(testDir, 'apps', 'auth', 'src');
+		await mkdir(grandchildDir, { recursive: true });
+		await mkdir(join(testDir, '.gkm', 'secrets'), { recursive: true });
+
+		const result = findSecretsRoot(grandchildDir);
+		expect(result).toBe(testDir);
+	});
+
+	it('should prefer closer secrets directory', async () => {
+		// Create secrets in both parent and child
+		const childDir = join(testDir, 'apps', 'auth');
+		await mkdir(join(testDir, '.gkm', 'secrets'), { recursive: true });
+		await mkdir(join(childDir, '.gkm', 'secrets'), { recursive: true });
+
+		const result = findSecretsRoot(childDir);
+		expect(result).toBe(childDir);
+	});
+});
+
+describe('createEntryWrapper', () => {
+	let testDir: string;
+
+	beforeEach(async () => {
+		testDir = join(tmpdir(), `gkm-test-${Date.now()}-${Math.random().toString(36).slice(2)}`);
+		await mkdir(testDir, { recursive: true });
+	});
+
+	afterEach(async () => {
+		await rm(testDir, { recursive: true, force: true });
+	});
+
+	it('should create wrapper without secrets injection', async () => {
+		const wrapperPath = join(testDir, 'wrapper.ts');
+		const entryPath = '/path/to/entry.ts';
+
+		await createEntryWrapper(wrapperPath, entryPath, undefined);
+
+		const content = await readFile(wrapperPath, 'utf-8');
+
+		expect(content).toContain("import '/path/to/entry.ts'");
+		expect(content).not.toContain('Credentials');
+		expect(content).toContain("Entry wrapper generated by 'gkm dev --entry'");
+	});
+
+	it('should create wrapper with secrets injection', async () => {
+		const wrapperPath = join(testDir, 'wrapper.ts');
+		const entryPath = '/path/to/entry.ts';
+		const secretsPath = '/path/to/secrets.json';
+
+		await createEntryWrapper(wrapperPath, entryPath, secretsPath);
+
+		const content = await readFile(wrapperPath, 'utf-8');
+
+		expect(content).toContain(
+			"import { Credentials } from '@geekmidas/envkit/credentials'",
+		);
+		expect(content).toContain(secretsPath);
+		expect(content).toContain('Object.assign(Credentials');
+		expect(content).toContain("import '/path/to/entry.ts'");
+	});
+
+	it('should inject secrets before entry import', async () => {
+		const wrapperPath = join(testDir, 'wrapper.ts');
+		const entryPath = '/path/to/entry.ts';
+		const secretsPath = '/path/to/secrets.json';
+
+		await createEntryWrapper(wrapperPath, entryPath, secretsPath);
+
+		const content = await readFile(wrapperPath, 'utf-8');
+
+		const credentialsIndex = content.indexOf('Credentials');
+		const importIndex = content.indexOf("import '/path/to/entry.ts'");
+
+		expect(credentialsIndex).toBeGreaterThan(-1);
+		expect(importIndex).toBeGreaterThan(-1);
+		expect(credentialsIndex).toBeLessThan(importIndex);
+	});
+
+	it('should include shebang line', async () => {
+		const wrapperPath = join(testDir, 'wrapper.ts');
+		const entryPath = '/path/to/entry.ts';
+
+		await createEntryWrapper(wrapperPath, entryPath, undefined);
+
+		const content = await readFile(wrapperPath, 'utf-8');
+
+		expect(content.startsWith('#!/usr/bin/env node')).toBe(true);
+	});
+
+	it('should handle Windows-style paths', async () => {
+		const wrapperPath = join(testDir, 'wrapper.ts');
+		const entryPath = 'C:\\Users\\test\\project\\src\\index.ts';
+
+		await createEntryWrapper(wrapperPath, entryPath, undefined);
+
+		const content = await readFile(wrapperPath, 'utf-8');
+
+		expect(content).toContain(entryPath);
+	});
+});

package/src/dev/__tests__/index.spec.ts

@@ -13,6 +13,7 @@ import {
 	findAvailablePort,
 	generateAllDependencyEnvVars,
 	isPortAvailable,
+	loadSecretsForApp,
 	normalizeHooksConfig,
 	normalizeProductionConfig,
 	normalizeStudioConfig,
@@ -967,3 +968,225 @@ describe('Workspace Dev Server', () => {
 		});
 	});
 });
+
+describe('loadSecretsForApp', () => {
+	let testDir: string;
+
+	beforeEach(() => {
+		testDir = join(
+			tmpdir(),
+			`gkm-secrets-test-${Date.now()}-${Math.random().toString(36).slice(2)}`,
+		);
+		mkdirSync(testDir, { recursive: true });
+	});
+
+	afterEach(() => {
+		if (existsSync(testDir)) {
+			rmSync(testDir, { recursive: true, force: true });
+		}
+	});
+
+	/**
+	 * Helper to create a secrets file in legacy (unencrypted) format.
+	 * This matches the StageSecrets structure.
+	 */
+	function createSecretsFile(
+		stage: string,
+		secrets: Record<string, string>,
+		root = testDir,
+	) {
+		const secretsDir = join(root, '.gkm', 'secrets');
+		mkdirSync(secretsDir, { recursive: true });
+		const stageSecrets = {
+			stage,
+			createdAt: new Date().toISOString(),
+			updatedAt: new Date().toISOString(),
+			services: {},
+			urls: {},
+			custom: secrets,
+		};
+		writeFileSync(
+			join(secretsDir, `${stage}.json`),
+			JSON.stringify(stageSecrets, null, 2),
+		);
+	}
+
+	describe('single app mode (no appName)', () => {
+		it('should return secrets as-is without mapping', async () => {
+			createSecretsFile('development', {
+				DATABASE_URL: 'postgresql://localhost/mydb',
+				JWT_SECRET: 'super-secret',
+				NODE_ENV: 'development',
+			});
+
+			const secrets = await loadSecretsForApp(testDir);
+
+			expect(secrets).toEqual({
+				DATABASE_URL: 'postgresql://localhost/mydb',
+				JWT_SECRET: 'super-secret',
+				NODE_ENV: 'development',
+			});
+		});
+
+		it('should try dev stage first, then development', async () => {
+			createSecretsFile('dev', {
+				DATABASE_URL: 'postgresql://localhost/devdb',
+			});
+			createSecretsFile('development', {
+				DATABASE_URL: 'postgresql://localhost/developmentdb',
+			});
+
+			const secrets = await loadSecretsForApp(testDir);
+
+			// Should use 'dev' stage since it's checked first
+			expect(secrets.DATABASE_URL).toBe('postgresql://localhost/devdb');
+		});
+
+		it('should fallback to development if dev does not exist', async () => {
+			createSecretsFile('development', {
+				DATABASE_URL: 'postgresql://localhost/developmentdb',
+			});
+
+			const secrets = await loadSecretsForApp(testDir);
+
+			expect(secrets.DATABASE_URL).toBe(
+				'postgresql://localhost/developmentdb',
+			);
+		});
+
+		it('should return empty object if no secrets exist', async () => {
+			const secrets = await loadSecretsForApp(testDir);
+
+			expect(secrets).toEqual({});
+		});
+	});
+
+	describe('workspace app mode (with appName)', () => {
+		it('should map {APP}_DATABASE_URL to DATABASE_URL', async () => {
+			createSecretsFile('development', {
+				AUTH_DATABASE_URL: 'postgresql://auth_user:pass@localhost/authdb',
+				API_DATABASE_URL: 'postgresql://api_user:pass@localhost/apidb',
+				JWT_SECRET: 'shared-secret',
+			});
+
+			const authSecrets = await loadSecretsForApp(testDir, 'auth');
+
+			expect(authSecrets.DATABASE_URL).toBe(
+				'postgresql://auth_user:pass@localhost/authdb',
+			);
+			// Original prefixed secrets are also available
+			expect(authSecrets.AUTH_DATABASE_URL).toBe(
+				'postgresql://auth_user:pass@localhost/authdb',
+			);
+			expect(authSecrets.JWT_SECRET).toBe('shared-secret');
+		});
+
+		it('should map API secrets correctly', async () => {
+			createSecretsFile('development', {
+				AUTH_DATABASE_URL: 'postgresql://auth_user:pass@localhost/authdb',
+				API_DATABASE_URL: 'postgresql://api_user:pass@localhost/apidb',
+			});
+
+			const apiSecrets = await loadSecretsForApp(testDir, 'api');
+
+			expect(apiSecrets.DATABASE_URL).toBe(
+				'postgresql://api_user:pass@localhost/apidb',
+			);
+		});
+
+		it('should not override DATABASE_URL if no prefixed version exists', async () => {
+			createSecretsFile('development', {
+				DATABASE_URL: 'postgresql://localhost/maindb',
+				JWT_SECRET: 'secret',
+			});
+
+			// Asking for 'auth' app but AUTH_DATABASE_URL doesn't exist
+			const authSecrets = await loadSecretsForApp(testDir, 'auth');
+
+			// Should keep the original DATABASE_URL since there's no AUTH_DATABASE_URL
+			expect(authSecrets.DATABASE_URL).toBe('postgresql://localhost/maindb');
+		});
+
+		it('should handle uppercase app names in secrets', async () => {
+			createSecretsFile('development', {
+				MYSERVICE_DATABASE_URL: 'postgresql://localhost/myservicedb',
+			});
+
+			// App name is lowercase but secrets are uppercase prefixed
+			const secrets = await loadSecretsForApp(testDir, 'myservice');
+
+			expect(secrets.DATABASE_URL).toBe('postgresql://localhost/myservicedb');
+		});
+
+		it('should return empty object if no secrets exist for app', async () => {
+			const secrets = await loadSecretsForApp(testDir, 'api');
+
+			expect(secrets).toEqual({});
+		});
+	});
+
+	describe('service credentials mapping', () => {
+		it('should include postgres service credentials', async () => {
+			const secretsDir = join(testDir, '.gkm', 'secrets');
+			mkdirSync(secretsDir, { recursive: true });
+			const stageSecrets = {
+				stage: 'development',
+				createdAt: new Date().toISOString(),
+				updatedAt: new Date().toISOString(),
+				services: {
+					postgres: {
+						username: 'postgres',
+						password: 'postgres123',
+						database: 'myapp',
+						host: 'localhost',
+						port: 5432,
+					},
+				},
+				urls: {},
+				custom: { NODE_ENV: 'development' },
+			};
+			writeFileSync(
+				join(secretsDir, 'development.json'),
+				JSON.stringify(stageSecrets, null, 2),
+			);
+
+			const secrets = await loadSecretsForApp(testDir);
+
+			expect(secrets.POSTGRES_USER).toBe('postgres');
+			expect(secrets.POSTGRES_PASSWORD).toBe('postgres123');
+			expect(secrets.POSTGRES_DB).toBe('myapp');
+			expect(secrets.POSTGRES_HOST).toBe('localhost');
+			expect(secrets.POSTGRES_PORT).toBe('5432');
+			expect(secrets.NODE_ENV).toBe('development');
+		});
+
+		it('should include redis service credentials', async () => {
+			const secretsDir = join(testDir, '.gkm', 'secrets');
+			mkdirSync(secretsDir, { recursive: true });
+			const stageSecrets = {
+				stage: 'development',
+				createdAt: new Date().toISOString(),
+				updatedAt: new Date().toISOString(),
+				services: {
+					redis: {
+						password: 'redis123',
+						host: 'localhost',
+						port: 6379,
+					},
+				},
+				urls: {},
+				custom: {},
+			};
+			writeFileSync(
+				join(secretsDir, 'development.json'),
+				JSON.stringify(stageSecrets, null, 2),
+			);
+
+			const secrets = await loadSecretsForApp(testDir);
+
+			expect(secrets.REDIS_PASSWORD).toBe('redis123');
+			expect(secrets.REDIS_HOST).toBe('localhost');
+			expect(secrets.REDIS_PORT).toBe('6379');
+		});
+	});
+});