@networkpro/web 1.25.1 → 1.25.2

package/CHANGELOG.md

@@ -22,6 +22,30 @@ This project attempts to follow [Keep a Changelog](https://keepachangelog.com/en
 
 ---
 
+## [1.25.2]
+
+### Changed
+
+- **Unified Environment Detection (`env.js`)**
+  - Added support for server-side hostname injection via optional `hostOverride` parameter.
+  - Enables accurate audit environment detection on both server (`hooks.server.js`) and client.
+  - Logs the resolved environment and host when executed on the server.
+  - Maintains safe fallback behavior for client-only usage.
+
+- **CSP Handling (`hooks.server.js`)**
+  - Replaced reliance on `window.location` (unavailable on server) with `event.url.hostname` for host detection.
+  - Now correctly applies hardened audit-mode CSP in deployments matching `*.audit.netwk.pro`.
+  - Improved logging for audit/test/prod environment resolution during server request lifecycle.
+
+- **Build Diagnostics (`vite.config.js`)**
+  - Added `stderr` output for `audit` mode builds to ensure visibility in CI logs.
+  - Displays a prominent `🔒 Audit Mode Detected` tag during Vercel and local builds.
+  - Continues to log `ENV_MODE`, `PUBLIC_ENV_MODE`, and `NODE_ENV` for build-time inspection.
+
+- Bumped project version to `v1.25.2`.
+
+---
+
 ## [1.25.1]
 
 ### Added
@@ -41,6 +65,7 @@ This project attempts to follow [Keep a Changelog](https://keepachangelog.com/en
   - Simplified and stabilized environment detection logic for better cross-environment consistency.
   - Removed redundant imports and corrected handling of static vs dynamic `BUILD_ENV_MODE`.
   - Improved comments and type annotations for maintainability and IDE autocompletion.
+- Bumped project version to `v1.25.1`.
 
 ### Developer Experience
 
@@ -87,6 +112,7 @@ This project attempts to follow [Keep a Changelog](https://keepachangelog.com/en
   - Simplified step output and summary formatting for clearer reporting in the Actions log and job summary.
   - Maintains lightweight permissions (`contents: read`) and executes entirely without repository writes.
   - Improves reliability of branch protection monitoring without affecting CI or merge operations.
+- Bumped project version to `v1.25.0`.
 
 ### Fixed
 
@@ -1610,7 +1636,8 @@ This enables analytics filtering and CSP hardening for the audit environment.
 
 <!-- Link references -->
 
-[Unreleased]: https://github.com/netwk-pro/netwk-pro.github.io/compare/v1.25.1...HEAD
+[Unreleased]: https://github.com/netwk-pro/netwk-pro.github.io/compare/v1.25.2...HEAD
+[1.25.2]: https://github.com/netwk-pro/netwk-pro.github.io/releases/tag/v1.25.2
 [1.25.1]: https://github.com/netwk-pro/netwk-pro.github.io/releases/tag/v1.25.1
 [1.25.0]: https://github.com/netwk-pro/netwk-pro.github.io/releases/tag/v1.25.0
 [1.24.5]: https://github.com/netwk-pro/netwk-pro.github.io/releases/tag/v1.24.5

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@networkpro/web",
   "private": false,
-  "version": "1.25.1",
+  "version": "1.25.2",
   "description": "Locking Down Networks, Unlocking Confidence™ | Security, Networking, Privacy — Network Pro Strategies",
   "keywords": [
     "advisory",

package/src/hooks.server.js

@@ -15,8 +15,17 @@ import { detectEnvironment } from '$lib/utils/env.js';
 export async function handle({ event, resolve }) {
   const response = await resolve(event);
 
-  const { isAudit, isTest, isProd, effective, mode } = detectEnvironment();
-  console.log('[CSP Debug ENV]', { mode, effective, isProd, isAudit, isTest });
+  const env = detectEnvironment(event.url.hostname);
+  const { isAudit, isTest, isProd, mode, effective } = env;
+
+  console.log('[CSP Debug ENV]', {
+    mode,
+    effective,
+    hostname: event.url.hostname,
+    isAudit,
+    isTest,
+    isProd,
+  });
 
   // Determine report URI
   const reportUri =

package/src/lib/utils/env.js

@@ -16,7 +16,7 @@ This file is part of Network Pro.
  *
  * @module src/lib/utils
  * @author Scott Lopez
- * @updated 2025-11-02
+ * @updated 2025-11-03
  *
  * @example
  * import { detectEnvironment } from '$lib/utils/env.js';
@@ -44,17 +44,19 @@ export const BUILD_ENV_MODE =
   import.meta.env.PUBLIC_ENV_MODE || import.meta.env.MODE || 'production';
 
 /**
- * Detects the current environment, combining build-time
- * and runtime (hostname-based) checks.
- * Works safely in both Node and browser contexts.
+ * Detects the current environment, combining build-time and host-based checks.
+ * Supports browser, server, and build-time contexts.
  *
+ * @param {string} [hostOverride] Optional hostname to use for environment resolution (e.g., from event.url.hostname)
  * @returns {EnvironmentInfo}
  */
-export function detectEnvironment() {
+export function detectEnvironment(hostOverride) {
   const mode = BUILD_ENV_MODE;
 
-  // Client-side fallback for audit/netwk environments
-  const host = typeof window !== 'undefined' ? window.location.hostname : '';
+  // Determine host based on execution context
+  const host =
+    hostOverride ||
+    (typeof window !== 'undefined' ? window.location.hostname : '');
 
   const hostIsAudit = /(^|\.)audit\.netwk\.pro$/i.test(host);
 
@@ -64,16 +66,13 @@ export function detectEnvironment() {
   const isCI = mode === 'ci';
   const isTest = mode === 'test';
 
-  // Prefer host-based detection if it disagrees with build-time
   const effective = hostIsAudit && !isAudit ? 'audit(host)' : mode;
 
   if (typeof window === 'undefined') {
-    // Only log on server / build to avoid client noise
-    console.log('[detectEnvironment] Build mode:', mode);
+    console.log('[detectEnvironment] Server-side build mode:', mode);
+    console.log('[detectEnvironment] Hostname:', host || '(none)');
     if (hostIsAudit && mode !== 'audit') {
-      console.log(
-        '[detectEnvironment] Host suggests audit, overriding build-time mode.',
-      );
+      console.log('[detectEnvironment] Host suggests audit, overriding mode.');
     }
   }
 

package/src/routes/status/+page.server.js

@@ -12,11 +12,11 @@ This file is part of Network Pro.
  * Logs runtime environment variables for debugging purposes.
  * This function executes on the server during SSR and is used to verify
  * that environment variables (e.g., ENV_MODE and NODE_ENV) are properly
- * injected and available during runtime in Netlify's SSR context.
+ * injected and available during runtime in Vercel's SSR context.
  *
  * @module src/routes/status
  * @author Scott Lopez
- * @updated 2025-05-31
+ * @updated 2025-11-03
  */
 
 export const prerender = false;

package/vite.config.js

@@ -31,6 +31,15 @@ export default defineConfig(({ mode }) => {
   console.log('ENV_MODE:', process.env.ENV_MODE);
   console.log('PUBLIC_ENV_MODE:', process.env.PUBLIC_ENV_MODE);
   console.log('NODE_ENV:', process.env.NODE_ENV);
+  if (
+    process.env.ENV_MODE === 'audit' ||
+    process.env.PUBLIC_ENV_MODE === 'audit' ||
+    mode === 'audit'
+  ) {
+    process.stderr.write(
+      '🔒 Audit Mode Detected — hardened CSP and no analytics will be applied.\n',
+    );
+  }
   console.log(
     '\x1b[36m%s\x1b[0m',
     '──────────────────────────────────────────────',

package/src/routes/api/env-check/+server.js

@@ -1,25 +0,0 @@
-/* ==========================================================================
-src/routes/api/env-check/+server.js
-
-Copyright © 2025 Network Pro Strategies (Network Pro™)
-SPDX-License-Identifier: CC-BY-4.0 OR GPL-3.0-or-later
-This file is part of Network Pro.
-========================================================================== */
-
-/**
- * @file Returns the current environment state (client + server vars)
- * @type {import('@sveltejs/kit').RequestHandler}
- */
-export async function GET() {
-  const data = {
-    NODE_ENV: process.env.NODE_ENV,
-    ENV_MODE: process.env.ENV_MODE,
-    PUBLIC_ENV_MODE: process.env.PUBLIC_ENV_MODE,
-    IMPORT_META_MODE: import.meta.env.MODE,
-    IMPORT_META_PUBLIC: import.meta.env.PUBLIC_ENV_MODE,
-  };
-
-  return new Response(JSON.stringify(data, null, 2), {
-    headers: { 'Content-Type': 'application/json' },
-  });
-}