@prave/cli 1.4.1 → 1.4.2

package/dist/commands/run.js

@@ -1,5 +1,6 @@
 import { readdir, readFile, stat } from 'node:fs/promises';
 import { resolve, relative, basename, sep } from 'node:path';
+import { createInterface } from 'node:readline/promises';
 import { Buffer } from 'node:buffer';
 import chalk from 'chalk';
 import open from 'open';
@@ -62,11 +63,40 @@ export async function runDeployCommand(pathArg) {
     const creds0 = await requireAuth('prave run');
     if (!creds0)
         return;
-    // 1. Local secret-scan BEFORE we ship anything. Cheap defence in
+    // 1a. Look for .env / .env.production / .env.local etc. The scanner
+    // would otherwise hard-reject them on the upload. Offer to lift the
+    // values out of the bundle and pass them to the wizard so they end
+    // up encrypted on the run row instead of in the tarball.
+    const envFiles = await findEnvFiles(root);
+    let envVars = {};
+    const stripPaths = new Set();
+    if (envFiles.length > 0) {
+        const totalKeys = envFiles.reduce((n, f) => n + Object.keys(f.values).length, 0);
+        console.log();
+        console.log(chalk.bold(`Found ${envFiles.length} env file${envFiles.length === 1 ? '' : 's'} with ${totalKeys} variable${totalKeys === 1 ? '' : 's'}:`));
+        for (const f of envFiles) {
+            console.log(`  ${chalk.cyan('•')} ${f.path}  ${chalk.dim(`(${Object.keys(f.values).length} keys)`)}`);
+        }
+        console.log(chalk.dim('\nIf you continue, Prave strips these from the upload and passes the\n' +
+            'values to the browser wizard. They get AES-256-GCM-encrypted onto\n' +
+            'the run, decrypted only inside the sandbox at run-time.\n' +
+            'Decline to abort so you can clean up first.'));
+        const yes = await confirmYesNo('Strip & pass env vars to the wizard?');
+        if (!yes) {
+            log.error('Aborted. Remove the .env file(s) (or rename to .env.example) and re-run.');
+            process.exit(1);
+        }
+        for (const f of envFiles) {
+            stripPaths.add(f.path);
+            Object.assign(envVars, f.values);
+        }
+    }
+    // 1b. Local secret-scan BEFORE we ship anything. Cheap defence in
     // depth — even though the API scans again, surfacing the finding
     // pre-upload saves the user a round-trip and avoids briefly storing
-    // a secret-bearing tarball in our bucket.
-    const localFindings = await preflightScan(root);
+    // a secret-bearing tarball in our bucket. The env files we just
+    // accepted to lift out are excluded from the scan.
+    const localFindings = await preflightScan(root, stripPaths);
     if (localFindings.length > 0) {
         log.error('Bundle contains files that look like secrets:');
         for (const f of localFindings.slice(0, 10)) {
@@ -89,13 +119,28 @@ export async function runDeployCommand(pathArg) {
         initSpinner.fail(`Could not open deploy session: ${err.message}`);
         process.exit(1);
     }
+    // 2b. Ship env vars to the wizard before the upload so they're
+    // waiting when the browser opens. The wizard reads them once via
+    // /deploy/status and pre-fills its env-vars step.
+    if (Object.keys(envVars).length > 0) {
+        const envSpinner = ora('Sending env vars to the wizard…').start();
+        try {
+            await api.post(`/api/v1/deploy/env?session=${encodeURIComponent(session.session_id)}`, { env_vars: envVars }, true);
+            envSpinner.succeed(`Passed ${Object.keys(envVars).length} env var(s)`);
+        }
+        catch (err) {
+            envSpinner.fail(`Could not ship env vars: ${err.message}`);
+            process.exit(1);
+        }
+    }
     // 3. Pack the directory into a gzipped tar in memory. tar.create's
     // `cwd` option is critical — paths inside the archive must be
-    // RELATIVE to the project root, not absolute.
+    // RELATIVE to the project root, not absolute. Stripped paths are
+    // env files we already shipped via /deploy/env above.
     const packSpinner = ora('Bundling project…').start();
     let tarball;
     try {
-        tarball = await packDirectory(root);
+        tarball = await packDirectory(root, stripPaths);
         packSpinner.succeed(`Bundled ${formatBytes(tarball.length)}`);
     }
     catch (err) {
@@ -221,7 +266,7 @@ async function findSkillMd(root) {
         return null;
     }
 }
-async function preflightScan(root) {
+async function preflightScan(root, stripPaths = new Set()) {
     const inputs = [];
     let files = 0;
     let bytes = 0;
@@ -243,8 +288,13 @@ async function preflightScan(root) {
             }
             if (!entry.isFile())
                 continue;
-            files++;
             const rel = relative(root, abs).split(sep).join('/');
+            // The user already accepted to lift this env file out of the
+            // bundle in the previous step. Don't scan it (we know it has
+            // secrets — that's why we're lifting it).
+            if (stripPaths.has(rel))
+                continue;
+            files++;
             if (!isLikelyTextPath(rel)) {
                 inputs.push({ path: rel });
                 continue;
@@ -262,12 +312,17 @@ async function preflightScan(root) {
     await visit(root);
     return scanForSecrets(inputs).findings;
 }
-async function packDirectory(root) {
+async function packDirectory(root, stripPaths = new Set()) {
     // Top-level entries only — tar.create resolves them against `cwd`.
     const entries = (await readdir(root)).filter((n) => !TAR_IGNORE.has(n));
     if (entries.length === 0) {
         throw new Error('Project directory is empty.');
     }
+    // Normalise the strip-set against tar.create's relative-path format
+    // (POSIX forward slashes, no leading "./"). Paths sit one level
+    // beneath the archive's basename prefix, so we compare on the
+    // input-side relative path tar.create hands us.
+    const stripNormalised = new Set([...stripPaths].map((p) => p.replace(/\\/g, '/').replace(/^\.\//, '')));
     const stream = tar.create({
         gzip: true,
         cwd: root,
@@ -276,7 +331,10 @@ async function packDirectory(root) {
         // gets a `<project>/SKILL.md` shape, not a flat dump at the
         // archive root.
         prefix: basename(root),
-        filter: (_path) => true,
+        filter: (path) => {
+            const norm = path.replace(/\\/g, '/').replace(/^\.\//, '');
+            return !stripNormalised.has(norm);
+        },
     }, entries);
     const chunks = [];
     for await (const chunk of stream) {
@@ -284,6 +342,84 @@ async function packDirectory(root) {
     }
     return Buffer.concat(chunks);
 }
+/**
+ * Look for common `.env*` files at the project root. We don't scan
+ * deeper than top-level — a nested `.env` is almost certainly a
+ * shipping example, not the real secrets file. Returns an empty list
+ * when nothing's found.
+ */
+async function findEnvFiles(root) {
+    const entries = await readdir(root, { withFileTypes: true }).catch(() => []);
+    const findings = [];
+    for (const entry of entries) {
+        if (!entry.isFile())
+            continue;
+        const name = entry.name;
+        if (!isRealEnvFile(name))
+            continue;
+        try {
+            const raw = await readFile(`${root}${sep}${name}`, 'utf8');
+            const values = parseDotenv(raw);
+            if (Object.keys(values).length === 0)
+                continue;
+            findings.push({ path: name, values });
+        }
+        catch {
+            /* unreadable — skip */
+        }
+    }
+    return findings;
+}
+/**
+ * `.env`, `.env.local`, `.env.production`, `.env.development`, `.envrc`
+ * count as "real env files". Templates (`.env.example`, `.env.sample`,
+ * `.env.template`) are explicitly NOT lifted — those are meant to be
+ * shipped.
+ */
+function isRealEnvFile(name) {
+    if (name === '.env' || name === '.envrc')
+        return true;
+    if (!name.startsWith('.env.'))
+        return false;
+    const suffix = name.slice('.env.'.length);
+    if (/^(example|sample|template)$/i.test(suffix))
+        return false;
+    return true;
+}
+function parseDotenv(text) {
+    const out = {};
+    for (const raw of text.split('\n')) {
+        const line = raw.trim();
+        if (!line || line.startsWith('#'))
+            continue;
+        const eq = line.indexOf('=');
+        if (eq <= 0)
+            continue;
+        const key = line.slice(0, eq).trim();
+        let value = line.slice(eq + 1).trim();
+        if ((value.startsWith('"') && value.endsWith('"')) ||
+            (value.startsWith("'") && value.endsWith("'"))) {
+            value = value.slice(1, -1);
+        }
+        if (/^[A-Za-z_][A-Za-z0-9_]*$/.test(key))
+            out[key] = value;
+    }
+    return out;
+}
+async function confirmYesNo(question) {
+    // Non-interactive shells (pipes, CI) can't prompt — default to "no"
+    // so we never silently ship secrets in a script.
+    if (!process.stdout.isTTY || !process.stdin.isTTY)
+        return false;
+    const rl = createInterface({ input: process.stdin, output: process.stdout });
+    try {
+        const answer = (await rl.question(`${question} [Y/n] `)).trim().toLowerCase();
+        return answer === '' || answer === 'y' || answer === 'yes';
+    }
+    finally {
+        rl.close();
+    }
+}
 function formatBytes(n) {
     if (n < 1024)
         return `${n}B`;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@prave/cli",
-  "version": "1.4.1",
+  "version": "1.4.2",
   "description": "Prave CLI — discover, install, version, test, and ship Claude Skills. The developer platform for the complete Skill lifecycle.",
   "type": "module",
   "keywords": [
@@ -54,7 +54,7 @@
     "ora": "^8.0.1",
     "tar": "^7.4.3",
     "undici": "^6.18.0",
-    "@prave/shared": "1.4.1"
+    "@prave/shared": "1.4.2"
   },
   "devDependencies": {
     "@types/node": "^20.12.7",
@@ -71,6 +71,6 @@
     "build": "tsc -p tsconfig.json && node scripts/inject-config.mjs",
     "typecheck": "tsc -p tsconfig.json --noEmit",
     "lint": "tsc -p tsconfig.json --noEmit",
-    "postinstall": "node scripts/postinstall.mjs"
+    "postinstall": "node scripts/postinstall.mjs || true"
   }
 }