@vibecheckai/cli 3.2.4 → 3.2.6

package/bin/runners/lib/env-resolver.js

@@ -1,417 +1,417 @@
-/**
- * Env Resolver v2
- * 
- * Resolves environment variables for client calls, handles baseURL,
- * and generates .env.template from usage.
- */
-
-"use strict";
-
-const fs = require("fs");
-const path = require("path");
-
-// =============================================================================
-// ENV VAR PATTERNS
-// =============================================================================
-
-const ENV_PATTERNS = {
-  // Standard Node.js
-  processEnv: /process\.env\.(\w+)/g,
-  processEnvBracket: /process\.env\[['"](\w+)['"]\]/g,
-  
-  // Vite
-  importMetaEnv: /import\.meta\.env\.(\w+)/g,
-  
-  // Template literals
-  templateEnv: /\$\{process\.env\.(\w+)\}/g,
-  
-  // Next.js public
-  nextPublic: /NEXT_PUBLIC_(\w+)/g,
-};
-
-const BASE_URL_VARS = [
-  "NEXT_PUBLIC_API_URL",
-  "NEXT_PUBLIC_BASE_URL",
-  "NEXT_PUBLIC_APP_URL",
-  "VITE_API_URL",
-  "VITE_BASE_URL",
-  "API_URL",
-  "API_BASE_URL",
-  "BASE_URL",
-  "APP_URL",
-  "BACKEND_URL",
-];
-
-const SENSITIVE_PATTERNS = [
-  /SECRET/i,
-  /KEY/i,
-  /TOKEN/i,
-  /PASSWORD/i,
-  /PRIVATE/i,
-  /CREDENTIAL/i,
-  /AUTH/i,
-];
-
-// =============================================================================
-// BASE URL RESOLUTION
-// =============================================================================
-
-/**
- * Resolve base URL from env vars
- */
-function resolveBaseUrl(options = {}) {
-  const { envVars = {}, defaultUrl = "" } = options;
-
-  // Try each known base URL var
-  for (const varName of BASE_URL_VARS) {
-    if (envVars[varName]) {
-      return normalizeBaseUrl(envVars[varName]);
-    }
-  }
-
-  // Try to get from process.env (at runtime)
-  for (const varName of BASE_URL_VARS) {
-    if (process.env[varName]) {
-      return normalizeBaseUrl(process.env[varName]);
-    }
-  }
-
-  return defaultUrl;
-}
-
-/**
- * Normalize base URL (remove trailing slash)
- */
-function normalizeBaseUrl(url) {
-  if (!url) return "";
-  return url.replace(/\/+$/, "");
-}
-
-/**
- * Resolve URL with base
- */
-function resolveUrlWithBase(urlTemplate, baseUrl) {
-  if (!urlTemplate) return urlTemplate;
-
-  // Already absolute
-  if (urlTemplate.startsWith("http://") || urlTemplate.startsWith("https://")) {
-    return urlTemplate;
-  }
-
-  // Ensure path starts with /
-  const path = urlTemplate.startsWith("/") ? urlTemplate : `/${urlTemplate}`;
-
-  if (baseUrl) {
-    return `${normalizeBaseUrl(baseUrl)}${path}`;
-  }
-
-  return path;
-}
-
-/**
- * Extract env var references from URL template
- */
-function extractEnvVarsFromUrl(urlTemplate) {
-  const vars = [];
-
-  if (!urlTemplate) return vars;
-
-  // Check for env var patterns
-  let match;
-  
-  for (const [name, pattern] of Object.entries(ENV_PATTERNS)) {
-    const regex = new RegExp(pattern.source, "g");
-    while ((match = regex.exec(urlTemplate)) !== null) {
-      vars.push({
-        name: match[1],
-        pattern: name,
-        fullMatch: match[0],
-      });
-    }
-  }
-
-  return vars;
-}
-
-/**
- * Substitute env vars in URL template
- */
-function substituteEnvVars(urlTemplate, envVars = {}) {
-  if (!urlTemplate) return urlTemplate;
-
-  let result = urlTemplate;
-
-  // Substitute process.env.VAR
-  result = result.replace(/process\.env\.(\w+)/g, (_, name) => {
-    return envVars[name] || process.env[name] || `\${${name}}`;
-  });
-
-  // Substitute process.env["VAR"]
-  result = result.replace(/process\.env\[['"](\w+)['"]\]/g, (_, name) => {
-    return envVars[name] || process.env[name] || `\${${name}}`;
-  });
-
-  // Substitute import.meta.env.VAR
-  result = result.replace(/import\.meta\.env\.(\w+)/g, (_, name) => {
-    return envVars[name] || process.env[name] || `\${${name}}`;
-  });
-
-  // Substitute ${VAR}
-  result = result.replace(/\$\{(\w+)\}/g, (_, name) => {
-    return envVars[name] || process.env[name] || `\${${name}}`;
-  });
-
-  return result;
-}
-
-// =============================================================================
-// CLIENT CALL BASE URL RESOLUTION
-// =============================================================================
-
-/**
- * Resolve base URL for client calls
- */
-function resolveClientCallUrls(clientCalls, options = {}) {
-  const { baseUrl = "", envVars = {} } = options;
-
-  const resolvedBaseUrl = baseUrl || resolveBaseUrl({ envVars });
-
-  return clientCalls.map(call => {
-    // Extract env vars from URL
-    const envRefs = extractEnvVarsFromUrl(call.urlTemplate);
-
-    // Substitute env vars
-    const substituted = substituteEnvVars(call.urlTemplate, envVars);
-
-    // Resolve with base URL
-    const resolved = resolveUrlWithBase(substituted, resolvedBaseUrl);
-
-    return {
-      ...call,
-      urlResolved: resolved,
-      envRefs,
-      baseUrlUsed: resolvedBaseUrl || null,
-    };
-  });
-}
-
-// =============================================================================
-// ENV TEMPLATE GENERATION
-// =============================================================================
-
-/**
- * Generate .env.template from truthpack
- */
-function generateEnvTemplate(truthpack, options = {}) {
-  const { includeExamples = true, groupByPrefix = true } = options;
-
-  const env = truthpack?.env || {};
-  const vars = env.vars || [];
-  const declared = new Set(env.declared || []);
-
-  // Group vars
-  const groups = {
-    next_public: [],
-    vite: [],
-    api: [],
-    auth: [],
-    database: [],
-    stripe: [],
-    other: [],
-  };
-
-  for (const v of vars) {
-    const name = v.name;
-    
-    if (name.startsWith("NEXT_PUBLIC_")) {
-      groups.next_public.push(v);
-    } else if (name.startsWith("VITE_")) {
-      groups.vite.push(v);
-    } else if (name.includes("API") || name.includes("URL")) {
-      groups.api.push(v);
-    } else if (name.includes("AUTH") || name.includes("SESSION") || name.includes("JWT")) {
-      groups.auth.push(v);
-    } else if (name.includes("DATABASE") || name.includes("DB_") || name.includes("POSTGRES") || name.includes("MYSQL")) {
-      groups.database.push(v);
-    } else if (name.includes("STRIPE")) {
-      groups.stripe.push(v);
-    } else {
-      groups.other.push(v);
-    }
-  }
-
-  // Generate template
-  const lines = [];
-  lines.push("# Environment Variables Template");
-  lines.push("# Generated by Vibecheck - https://github.com/guardiavault-oss/Vibecheck");
-  lines.push(`# Generated at: ${new Date().toISOString()}`);
-  lines.push("");
-
-  const groupLabels = {
-    next_public: "# Next.js Public Variables (exposed to browser)",
-    vite: "# Vite Public Variables",
-    api: "# API Configuration",
-    auth: "# Authentication",
-    database: "# Database",
-    stripe: "# Stripe",
-    other: "# Other",
-  };
-
-  for (const [group, groupVars] of Object.entries(groups)) {
-    if (groupVars.length === 0) continue;
-
-    if (groupByPrefix) {
-      lines.push(groupLabels[group] || `# ${group}`);
-    }
-
-    for (const v of groupVars) {
-      const isSensitive = SENSITIVE_PATTERNS.some(p => p.test(v.name));
-      const example = includeExamples ? getExampleValue(v.name, isSensitive) : "";
-      const required = v.required || v.usageCount > 1 ? " # required" : "";
-      
-      lines.push(`${v.name}=${example}${required}`);
-    }
-
-    lines.push("");
-  }
-
-  return lines.join("\n");
-}
-
-/**
- * Get example value for env var
- */
-function getExampleValue(name, isSensitive = false) {
-  if (isSensitive) {
-    return "your-secret-here";
-  }
-
-  // Common patterns
-  if (name.includes("URL") || name.includes("HOST")) {
-    if (name.includes("API")) return "http://localhost:3001";
-    if (name.includes("DATABASE") || name.includes("DB")) return "postgresql://user:pass@localhost:5432/db";
-    return "http://localhost:3000";
-  }
-
-  if (name.includes("PORT")) return "3000";
-  if (name.includes("NODE_ENV")) return "development";
-  if (name.includes("DEBUG")) return "false";
-  if (name.includes("LOG_LEVEL")) return "info";
-
-  return "";
-}
-
-/**
- * Write .env.template to disk
- */
-function writeEnvTemplate(repoRoot, template) {
-  const templatePath = path.join(repoRoot, ".env.template");
-  fs.writeFileSync(templatePath, template);
-  return templatePath;
-}
-
-/**
- * Compare .env.template with current usage
- */
-function compareEnvTemplate(repoRoot, truthpack) {
-  const templatePath = path.join(repoRoot, ".env.template");
-  const examplePath = path.join(repoRoot, ".env.example");
-  
-  // Try both common names
-  let existingPath = null;
-  if (fs.existsSync(templatePath)) {
-    existingPath = templatePath;
-  } else if (fs.existsSync(examplePath)) {
-    existingPath = examplePath;
-  }
-
-  if (!existingPath) {
-    return { exists: false, missing: [], extra: [] };
-  }
-
-  const existingContent = fs.readFileSync(existingPath, "utf8");
-  const existingVars = new Set();
-
-  // Parse existing template
-  for (const line of existingContent.split("\n")) {
-    const match = line.match(/^([A-Z][A-Z0-9_]*)=/);
-    if (match) {
-      existingVars.add(match[1]);
-    }
-  }
-
-  // Compare with truthpack
-  const usedVars = new Set((truthpack?.env?.vars || []).map(v => v.name));
-  
-  const missing = [...usedVars].filter(v => !existingVars.has(v));
-  const extra = [...existingVars].filter(v => !usedVars.has(v));
-
-  return {
-    exists: true,
-    path: existingPath,
-    missing,
-    extra,
-    upToDate: missing.length === 0,
-  };
-}
-
-// =============================================================================
-// ENV GAP DETECTION
-// =============================================================================
-
-/**
- * Find env gaps - required vars not declared
- */
-function findEnvGaps(truthpack) {
-  const env = truthpack?.env || {};
-  const vars = env.vars || [];
-  const declared = new Set(env.declared || []);
-
-  const gaps = [];
-
-  for (const v of vars) {
-    const isRequired = v.required || v.usageCount > 1;
-    
-    if (isRequired && !declared.has(v.name)) {
-      gaps.push({
-        name: v.name,
-        usageCount: v.usageCount || 1,
-        files: v.files || [],
-        severity: SENSITIVE_PATTERNS.some(p => p.test(v.name)) ? "BLOCK" : "WARN",
-      });
-    }
-  }
-
-  return gaps;
-}
-
-// =============================================================================
-// EXPORTS
-// =============================================================================
-
-module.exports = {
-  // Patterns
-  ENV_PATTERNS,
-  BASE_URL_VARS,
-  SENSITIVE_PATTERNS,
-
-  // Base URL
-  resolveBaseUrl,
-  normalizeBaseUrl,
-  resolveUrlWithBase,
-
-  // Env var extraction
-  extractEnvVarsFromUrl,
-  substituteEnvVars,
-
-  // Client call resolution
-  resolveClientCallUrls,
-
-  // Template generation
-  generateEnvTemplate,
-  writeEnvTemplate,
-  compareEnvTemplate,
-
-  // Gap detection
-  findEnvGaps,
-};
+/**
+ * Env Resolver v2
+ * 
+ * Resolves environment variables for client calls, handles baseURL,
+ * and generates .env.template from usage.
+ */
+
+"use strict";
+
+const fs = require("fs");
+const path = require("path");
+
+// =============================================================================
+// ENV VAR PATTERNS
+// =============================================================================
+
+const ENV_PATTERNS = {
+  // Standard Node.js
+  processEnv: /process\.env\.(\w+)/g,
+  processEnvBracket: /process\.env\[['"](\w+)['"]\]/g,
+  
+  // Vite
+  importMetaEnv: /import\.meta\.env\.(\w+)/g,
+  
+  // Template literals
+  templateEnv: /\$\{process\.env\.(\w+)\}/g,
+  
+  // Next.js public
+  nextPublic: /NEXT_PUBLIC_(\w+)/g,
+};
+
+const BASE_URL_VARS = [
+  "NEXT_PUBLIC_API_URL",
+  "NEXT_PUBLIC_BASE_URL",
+  "NEXT_PUBLIC_APP_URL",
+  "VITE_API_URL",
+  "VITE_BASE_URL",
+  "API_URL",
+  "API_BASE_URL",
+  "BASE_URL",
+  "APP_URL",
+  "BACKEND_URL",
+];
+
+const SENSITIVE_PATTERNS = [
+  /SECRET/i,
+  /KEY/i,
+  /TOKEN/i,
+  /PASSWORD/i,
+  /PRIVATE/i,
+  /CREDENTIAL/i,
+  /AUTH/i,
+];
+
+// =============================================================================
+// BASE URL RESOLUTION
+// =============================================================================
+
+/**
+ * Resolve base URL from env vars
+ */
+function resolveBaseUrl(options = {}) {
+  const { envVars = {}, defaultUrl = "" } = options;
+
+  // Try each known base URL var
+  for (const varName of BASE_URL_VARS) {
+    if (envVars[varName]) {
+      return normalizeBaseUrl(envVars[varName]);
+    }
+  }
+
+  // Try to get from process.env (at runtime)
+  for (const varName of BASE_URL_VARS) {
+    if (process.env[varName]) {
+      return normalizeBaseUrl(process.env[varName]);
+    }
+  }
+
+  return defaultUrl;
+}
+
+/**
+ * Normalize base URL (remove trailing slash)
+ */
+function normalizeBaseUrl(url) {
+  if (!url) return "";
+  return url.replace(/\/+$/, "");
+}
+
+/**
+ * Resolve URL with base
+ */
+function resolveUrlWithBase(urlTemplate, baseUrl) {
+  if (!urlTemplate) return urlTemplate;
+
+  // Already absolute
+  if (urlTemplate.startsWith("http://") || urlTemplate.startsWith("https://")) {
+    return urlTemplate;
+  }
+
+  // Ensure path starts with /
+  const path = urlTemplate.startsWith("/") ? urlTemplate : `/${urlTemplate}`;
+
+  if (baseUrl) {
+    return `${normalizeBaseUrl(baseUrl)}${path}`;
+  }
+
+  return path;
+}
+
+/**
+ * Extract env var references from URL template
+ */
+function extractEnvVarsFromUrl(urlTemplate) {
+  const vars = [];
+
+  if (!urlTemplate) return vars;
+
+  // Check for env var patterns
+  let match;
+  
+  for (const [name, pattern] of Object.entries(ENV_PATTERNS)) {
+    const regex = new RegExp(pattern.source, "g");
+    while ((match = regex.exec(urlTemplate)) !== null) {
+      vars.push({
+        name: match[1],
+        pattern: name,
+        fullMatch: match[0],
+      });
+    }
+  }
+
+  return vars;
+}
+
+/**
+ * Substitute env vars in URL template
+ */
+function substituteEnvVars(urlTemplate, envVars = {}) {
+  if (!urlTemplate) return urlTemplate;
+
+  let result = urlTemplate;
+
+  // Substitute process.env.VAR
+  result = result.replace(/process\.env\.(\w+)/g, (_, name) => {
+    return envVars[name] || process.env[name] || `\${${name}}`;
+  });
+
+  // Substitute process.env["VAR"]
+  result = result.replace(/process\.env\[['"](\w+)['"]\]/g, (_, name) => {
+    return envVars[name] || process.env[name] || `\${${name}}`;
+  });
+
+  // Substitute import.meta.env.VAR
+  result = result.replace(/import\.meta\.env\.(\w+)/g, (_, name) => {
+    return envVars[name] || process.env[name] || `\${${name}}`;
+  });
+
+  // Substitute ${VAR}
+  result = result.replace(/\$\{(\w+)\}/g, (_, name) => {
+    return envVars[name] || process.env[name] || `\${${name}}`;
+  });
+
+  return result;
+}
+
+// =============================================================================
+// CLIENT CALL BASE URL RESOLUTION
+// =============================================================================
+
+/**
+ * Resolve base URL for client calls
+ */
+function resolveClientCallUrls(clientCalls, options = {}) {
+  const { baseUrl = "", envVars = {} } = options;
+
+  const resolvedBaseUrl = baseUrl || resolveBaseUrl({ envVars });
+
+  return clientCalls.map(call => {
+    // Extract env vars from URL
+    const envRefs = extractEnvVarsFromUrl(call.urlTemplate);
+
+    // Substitute env vars
+    const substituted = substituteEnvVars(call.urlTemplate, envVars);
+
+    // Resolve with base URL
+    const resolved = resolveUrlWithBase(substituted, resolvedBaseUrl);
+
+    return {
+      ...call,
+      urlResolved: resolved,
+      envRefs,
+      baseUrlUsed: resolvedBaseUrl || null,
+    };
+  });
+}
+
+// =============================================================================
+// ENV TEMPLATE GENERATION
+// =============================================================================
+
+/**
+ * Generate .env.template from truthpack
+ */
+function generateEnvTemplate(truthpack, options = {}) {
+  const { includeExamples = true, groupByPrefix = true } = options;
+
+  const env = truthpack?.env || {};
+  const vars = env.vars || [];
+  const declared = new Set(env.declared || []);
+
+  // Group vars
+  const groups = {
+    next_public: [],
+    vite: [],
+    api: [],
+    auth: [],
+    database: [],
+    stripe: [],
+    other: [],
+  };
+
+  for (const v of vars) {
+    const name = v.name;
+    
+    if (name.startsWith("NEXT_PUBLIC_")) {
+      groups.next_public.push(v);
+    } else if (name.startsWith("VITE_")) {
+      groups.vite.push(v);
+    } else if (name.includes("API") || name.includes("URL")) {
+      groups.api.push(v);
+    } else if (name.includes("AUTH") || name.includes("SESSION") || name.includes("JWT")) {
+      groups.auth.push(v);
+    } else if (name.includes("DATABASE") || name.includes("DB_") || name.includes("POSTGRES") || name.includes("MYSQL")) {
+      groups.database.push(v);
+    } else if (name.includes("STRIPE")) {
+      groups.stripe.push(v);
+    } else {
+      groups.other.push(v);
+    }
+  }
+
+  // Generate template
+  const lines = [];
+  lines.push("# Environment Variables Template");
+  lines.push("# Generated by Vibecheck - https://github.com/guardiavault-oss/Vibecheck");
+  lines.push(`# Generated at: ${new Date().toISOString()}`);
+  lines.push("");
+
+  const groupLabels = {
+    next_public: "# Next.js Public Variables (exposed to browser)",
+    vite: "# Vite Public Variables",
+    api: "# API Configuration",
+    auth: "# Authentication",
+    database: "# Database",
+    stripe: "# Stripe",
+    other: "# Other",
+  };
+
+  for (const [group, groupVars] of Object.entries(groups)) {
+    if (groupVars.length === 0) continue;
+
+    if (groupByPrefix) {
+      lines.push(groupLabels[group] || `# ${group}`);
+    }
+
+    for (const v of groupVars) {
+      const isSensitive = SENSITIVE_PATTERNS.some(p => p.test(v.name));
+      const example = includeExamples ? getExampleValue(v.name, isSensitive) : "";
+      const required = v.required || v.usageCount > 1 ? " # required" : "";
+      
+      lines.push(`${v.name}=${example}${required}`);
+    }
+
+    lines.push("");
+  }
+
+  return lines.join("\n");
+}
+
+/**
+ * Get example value for env var
+ */
+function getExampleValue(name, isSensitive = false) {
+  if (isSensitive) {
+    return "your-secret-here";
+  }
+
+  // Common patterns
+  if (name.includes("URL") || name.includes("HOST")) {
+    if (name.includes("API")) return "http://localhost:3001";
+    if (name.includes("DATABASE") || name.includes("DB")) return "postgresql://user:pass@localhost:5432/db";
+    return "http://localhost:3000";
+  }
+
+  if (name.includes("PORT")) return "3000";
+  if (name.includes("NODE_ENV")) return "development";
+  if (name.includes("DEBUG")) return "false";
+  if (name.includes("LOG_LEVEL")) return "info";
+
+  return "";
+}
+
+/**
+ * Write .env.template to disk
+ */
+function writeEnvTemplate(repoRoot, template) {
+  const templatePath = path.join(repoRoot, ".env.template");
+  fs.writeFileSync(templatePath, template);
+  return templatePath;
+}
+
+/**
+ * Compare .env.template with current usage
+ */
+function compareEnvTemplate(repoRoot, truthpack) {
+  const templatePath = path.join(repoRoot, ".env.template");
+  const examplePath = path.join(repoRoot, ".env.example");
+  
+  // Try both common names
+  let existingPath = null;
+  if (fs.existsSync(templatePath)) {
+    existingPath = templatePath;
+  } else if (fs.existsSync(examplePath)) {
+    existingPath = examplePath;
+  }
+
+  if (!existingPath) {
+    return { exists: false, missing: [], extra: [] };
+  }
+
+  const existingContent = fs.readFileSync(existingPath, "utf8");
+  const existingVars = new Set();
+
+  // Parse existing template
+  for (const line of existingContent.split("\n")) {
+    const match = line.match(/^([A-Z][A-Z0-9_]*)=/);
+    if (match) {
+      existingVars.add(match[1]);
+    }
+  }
+
+  // Compare with truthpack
+  const usedVars = new Set((truthpack?.env?.vars || []).map(v => v.name));
+  
+  const missing = [...usedVars].filter(v => !existingVars.has(v));
+  const extra = [...existingVars].filter(v => !usedVars.has(v));
+
+  return {
+    exists: true,
+    path: existingPath,
+    missing,
+    extra,
+    upToDate: missing.length === 0,
+  };
+}
+
+// =============================================================================
+// ENV GAP DETECTION
+// =============================================================================
+
+/**
+ * Find env gaps - required vars not declared
+ */
+function findEnvGaps(truthpack) {
+  const env = truthpack?.env || {};
+  const vars = env.vars || [];
+  const declared = new Set(env.declared || []);
+
+  const gaps = [];
+
+  for (const v of vars) {
+    const isRequired = v.required || v.usageCount > 1;
+    
+    if (isRequired && !declared.has(v.name)) {
+      gaps.push({
+        name: v.name,
+        usageCount: v.usageCount || 1,
+        files: v.files || [],
+        severity: SENSITIVE_PATTERNS.some(p => p.test(v.name)) ? "BLOCK" : "WARN",
+      });
+    }
+  }
+
+  return gaps;
+}
+
+// =============================================================================
+// EXPORTS
+// =============================================================================
+
+module.exports = {
+  // Patterns
+  ENV_PATTERNS,
+  BASE_URL_VARS,
+  SENSITIVE_PATTERNS,
+
+  // Base URL
+  resolveBaseUrl,
+  normalizeBaseUrl,
+  resolveUrlWithBase,
+
+  // Env var extraction
+  extractEnvVarsFromUrl,
+  substituteEnvVars,
+
+  // Client call resolution
+  resolveClientCallUrls,
+
+  // Template generation
+  generateEnvTemplate,
+  writeEnvTemplate,
+  compareEnvTemplate,
+
+  // Gap detection
+  findEnvGaps,
+};