envilder 0.6.5 → 0.7.0

package/ROADMAP.md

@@ -1,66 +1,67 @@
-# 🛣️ Envilder Roadmap
-
-Envilder aims to be the simplest, most reliable way to generate `.env` files from AWS SSM Parameter Store
-— for both local development and CI/CD pipelines.
-
-## ✅ Current Features
-
-- Map-based secret resolution via `param-map.json`
-- Outputs clean `.env` files
-- Supports AWS profiles (`AWS_PROFILE`)
-- Compatible with SecureString and plain parameters
-- CLI-first, lightweight
-- 📸 **Demo GIF/video** showing the tool in action (terminal + env + app)
-
----
-
-## 🚧 Planned Improvements
-
-### 🔹 Usability & Visibility
-
-- [ ] 🔍 **Auto-discovery mode** (`--auto`) for fetching all parameters with a given prefix
-- [ ] ✍️ **Tutorial repo** showing full example with GitHub Actions
-- [ ] 🛍️ **Official GitHub Action** (in Marketplace)
-
-### 🔹 Dev Experience & Adoption
-
-- [ ] ✅ **Check mode** (`--check`) to validate SSM vs existing `.env` and fail CI if out-of-sync
-- [ ] 📝 **Onboarding doc** for new teams (how to set up param-map, profiles, best practices)
-
-### 🔹 Advanced Features
-
-- [ ] ↩️ **Push mode** (`--push`) to push local `.env` back to AWS SSM
-- [ ] 🔔 **Optional webhook/Slack notifier** on secret sync (for audit/logging)
-- [ ] 🌐 **Web-based interactive demo** (optional) to test mappings live
-- [ ] 🧠 **Awesome list submissions** and community templates
-
----
-
-## 🧪 Long-term Ideas (Open to Feedback)
-
-- [ ] 📁 Support hierarchical `param-map.json` per environment
-- [ ] 🧬 Plugin system for custom resolvers (e.g., secrets from other providers)
-
----
-
-## 🙌 Contribute or suggest ideas
-
-If you’ve faced similar problems or want to help improve this tool, feel free to open an issue, submit a PR
-or reach out.  
-Every bit of feedback helps make this tool better for the community.
-
----
-
-## Feature Status
-
-| Feature                        | Status         | Notes |
-|--------------------------------|---------------|-------|
-| Push mode (`--push`)           | ✅ Implemented | |
-| Mapping-based secret resolution| ✅ Implemented | |
-| .env file generation           | ✅ Implemented | |
-| AWS profile support            | ✅ Implemented | |
-| Auto-discovery mode (`--auto`) | ❌ Not implemented | Planned |
-| Check/sync mode (`--check`)    | ❌ Not implemented | Planned |
-| Webhook/Slack notification     | ❌ Not implemented | Planned |
-| Hierarchical mapping           | ❌ Not implemented | Only flat JSON mapping supported |
-| Plugin system                  | ❌ Not implemented | Only AWS SSM supported |
+# 🛣️ Envilder Roadmap
+
+Envilder aims to be the simplest, most reliable way to generate `.env` files from AWS SSM Parameter Store
+— for both local development and CI/CD pipelines.
+
+## ✅ Current Features
+
+- Map-based secret resolution via `param-map.json`
+- Outputs clean `.env` files
+- Supports AWS profiles (`AWS_PROFILE`)
+- Compatible with SecureString and plain parameters
+- CLI-first, lightweight
+- 📸 **Demo GIF/video** showing the tool in action (terminal + env + app)
+
+---
+
+## 🚧 Planned Improvements
+
+### 🔹 Usability & Visibility
+
+- [ ] 🔍 **Auto-discovery mode** (`--auto`) for fetching all parameters with a given prefix
+- [ ] ✍️ **Tutorial repo** showing full example with GitHub Actions
+- [x] 🛍️ **Official GitHub Action** (in Marketplace)
+
+### 🔹 Dev Experience & Adoption
+
+- [ ] ✅ **Check mode** (`--check`) to validate SSM vs existing `.env` and fail CI if out-of-sync
+- [ ] 📝 **Onboarding doc** for new teams (how to set up param-map, profiles, best practices)
+
+### 🔹 Advanced Features
+
+- [ ] ↩️ **Push mode** (`--push`) to push local `.env` back to AWS SSM
+- [ ] 🔔 **Optional webhook/Slack notifier** on secret sync (for audit/logging)
+- [ ] 🌐 **Web-based interactive demo** (optional) to test mappings live
+- [ ] 🧠 **Awesome list submissions** and community templates
+
+---
+
+## 🧪 Long-term Ideas (Open to Feedback)
+
+- [ ] 📁 Support hierarchical `param-map.json` per environment
+- [ ] 🧬 Plugin system for custom resolvers (e.g., secrets from other providers)
+
+---
+
+## 🙌 Contribute or suggest ideas
+
+If you’ve faced similar problems or want to help improve this tool, feel free to open an issue, submit a PR
+or reach out.  
+Every bit of feedback helps make this tool better for the community.
+
+---
+
+## Feature Status
+
+| Feature                        | Status         | Notes |
+|--------------------------------|---------------|-------|
+| Push mode (`--push`)           | ✅ Implemented | |
+| Mapping-based secret resolution| ✅ Implemented | |
+| .env file generation           | ✅ Implemented | |
+| AWS profile support            | ✅ Implemented | |
+| GitHub Action                  | ✅ Implemented | Available as composite action |
+| Auto-discovery mode (`--auto`) | ❌ Not implemented | Planned |
+| Check/sync mode (`--check`)    | ❌ Not implemented | Planned |
+| Webhook/Slack notification     | ❌ Not implemented | Planned |
+| Hierarchical mapping           | ❌ Not implemented | Only flat JSON mapping supported |
+| Plugin system                  | ❌ Not implemented | Only AWS SSM supported |

package/docs/CHANGELOG.md

@@ -0,0 +1,345 @@
+# [0.7.0](https://github.com/macalbert/envilder/compare/v0.6.6...v0.7.0) (2025-11-16)
+
+
+* ♻️ Move GitHub Action to github-action/ subfolder ([d9bf4d2](https://github.com/macalbert/envilder/commit/d9bf4d2e81acbb1ef2b4e0034c0b6aaa8b307ba3))
+
+
+### Bug Fixes
+
+* **githubAction:** Correct author name in action.yml ([e964aff](https://github.com/macalbert/envilder/commit/e964affbca8410aada8494648dee62ab2a1ab5de))
+* **githubAction:** Correct build command from ppnpm to pnpm ([c9df0c4](https://github.com/macalbert/envilder/commit/c9df0c4cb612de0f2b6ab6406235c54fcb45d0c2))
+* **githubAction:** Correct path to GitHubAction.js in validation step ([94d1166](https://github.com/macalbert/envilder/commit/94d116632f4a6de656449f238ec007eeede2f5f2))
+* **githubAction:** Remove source map generation from build:gha script ([8989448](https://github.com/macalbert/envilder/commit/898944898cdea866f28f8874b714bfe3fd2dd88e))
+* **githubAction:** Update action references in documentation and code ([412601b](https://github.com/macalbert/envilder/commit/412601b7b56a90dd50e031addcaf192e2dec8ba3))
+
+
+### Features
+
+* **githubAction:** Add end-to-end tests for GitHub Actions simulation ([29464a0](https://github.com/macalbert/envilder/commit/29464a016d0072cc728345400f68e0c62669579b))
+* **githubAction:** Update action paths and add new GitHub Action implementation ([4310e50](https://github.com/macalbert/envilder/commit/4310e5040fa4952c50e800578fb91e00cf2f7a36))
+* **githubAction:** Update action script paths and add entry point ([9f64e56](https://github.com/macalbert/envilder/commit/9f64e567d8c90832ee402accb6aba9264554a1e7))
+* **packaging:** Add project build and uninstall functionality ([70fc574](https://github.com/macalbert/envilder/commit/70fc5745c1490f33322f5fb8af1b68dd7e565fc1))
+
+
+### BREAKING CHANGES
+
+* Action path changed from macalbert/envilder@v1 to macalbert/envilder/github-action@v1
+
+
+
+# Changelog
+<!-- markdownlint-disable MD024 -->
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [0.6.6] - 2025-11-02
+
+### Changed
+
+- Updated AWS credentials configuration in workflows
+- Bumped vite from 7.1.10 to 7.1.11
+- Bumped @types/node from 24.7.2 to 24.9.2
+- Bumped @biomejs/biome from 2.2.6 to 2.3.2
+- Bumped GitHub/codeql-action from 3 to 4
+- Bumped actions/setup-node from 5 to 6
+- Bumped vitest from 3.2.4 to 4.0.6
+
+### Documentation
+
+- Added Snyk badge for known vulnerabilities in README
+
+## [0.6.5] - 2025-10-15
+
+### Added
+
+- Enabled npm trusted publishing with OIDC authentication
+
+### Changed
+
+- Bumped tmp from 0.2.3 to 0.2.4
+- Bumped @types/node from 22.16.3 to 24.3.0
+- Bumped @testcontainers/localstack from 11.2.1 to 11.5.1
+- Bumped testcontainers from 11.2.1 to 11.5.1
+- Bumped @aws-sdk/credential-providers from 3.844.0 to 3.879.0
+- Bumped secretlint from 10.2.1 to 11.2.0
+- Bumped @biomejs/biome from 2.1.3 to 2.2.4
+- Bumped @secretlint/secretlint-rule-preset-recommend from 10.2.1 to 11.2.4
+- Bumped vite from 7.0.4 to 7.1.5
+- Bumped commander from 14.0.0 to 14.0.1
+- Bumped inversify from 7.6.1 to 7.10.2
+- Updated actions/checkout from 4 to 5
+- Updated actions/setup-node from 4 to 5
+- Updated actions/upload-pages-artifact from 3 to 4
+- Updated aws-actions/configure-aws-credentials from 4 to 5
+
+## [0.6.4] - 2025-08-02
+
+### Changed
+
+- Bumped typescript from 5.8.3 to 5.9.2
+- Bumped secretlint from 10.2.0 to 10.2.1
+- Bumped @types/glob from 8.1.0 to 9.0.0
+- Bumped @secretlint/secretlint-rule-preset-recommend from 10.2.0 to 10.2.1
+- Bumped @biomejs/biome from 2.1.1 to 2.1.3
+
+## [0.6.3] - 2025-07-20
+
+### Changed
+
+- Implemented .NET-Style DIP Startup Pattern for dependency injection
+- Improved separation of concerns in dependency configuration
+
+## [0.6.1] - 2025-07-13
+
+### Added
+
+- **Push Mode** functionality to upload environment variables to AWS SSM Parameter Store
+- File-based approach for pushing multiple variables from `.env` files
+- Single-variable approach for direct command line uploads
+- Support for working with different AWS profiles when pushing secrets
+- Comprehensive test coverage for all Push Mode functionality
+
+### Security
+
+- Implemented secure parameter handling to protect sensitive values
+- Maintained AWS IAM best practices for least privilege
+- Added safeguards against accidental overwrites of critical parameters
+
+### Changed
+
+- Designed clean, modular command structure for Push Mode operations
+- Added new domain models and handlers to support Push feature
+- Maintained separation of concerns between infrastructure and application layers
+- Ensured backward compatibility with existing Pull Mode features
+
+### Documentation
+
+- Added comprehensive examples for all new Push Mode commands
+- Created visual diagrams explaining Push Mode data flow
+- Documented options and parameters for Push Mode operations
+
+## [0.5.6] - 2025-07-06
+
+### Added
+
+- Introduced new logger interface for seamless integration of custom logging implementations
+
+### Changed
+
+- Updated several packages to latest versions for improved security and performance
+
+### Documentation
+
+- Added video guide to README demonstrating CLI usage
+- Enhanced user onboarding materials
+
+## [0.5.5] - 2025-06-29
+
+### Changed
+
+- Moved `EnvilderBuilder` from `domain` to `application/builders` directory
+- Updated import paths across codebase for better organization
+- Enhanced code architecture alignment with domain-driven design principles
+
+### Fixed
+
+- Fixed glob pattern and path handling in test cleanup functions
+- Corrected file path resolution in end-to-end tests
+- Improved error handling during test file deletions
+
+### Documentation
+
+- Extensively updated README with clearer structure and table of contents
+- Added feature status table to clarify implemented vs planned features
+- Simplified installation and usage instructions
+- Revamped pull request template for better contributor experience
+- Removed outdated environment-specific parameter examples
+
+## [0.5.4] - 2025-06-10
+
+### Added
+
+- Added unit tests for error handling with missing CLI arguments
+- Enhanced unit test reporting with JUnit format for better CI integration
+
+### Changed
+
+- Refactored `EnvFileManager` and related interfaces to use async/await
+- Improved error handling and modularized secret processing in `Envilder`
+- Enhanced error handling for missing secrets with clearer feedback
+- Renamed methods, test suite descriptions, and filenames for consistency
+- Extracted package.json version retrieval into dedicated `PackageJsonFinder` class
+- Modularized and simplified `escapeEnvValue` method and related tests
+- Updated dependencies for better reliability
+- Improved test cleanup for more reliable test runs
+- Added and reorganized permissions in CI workflow
+- Updated `.gitattributes` for better language stats on GitHub
+
+## [0.5.3] - 2025-06-07
+
+### Added
+
+- Modular CLI for environment variable synchronization with pluggable secret providers
+- Builder pattern for flexible CLI configuration and usage
+- Extensive unit, integration, and end-to-end tests
+- AWS integration testing using Localstack with Testcontainers
+- Expanded tests for environment file escaping and builder configuration
+
+### Changed
+
+- **BREAKING**: Full TypeScript migration from JavaScript
+- Introduced modular, layered architecture with clear separation
+- Restructured CLI internals for improved maintainability
+- Test structure now mirrors production code structure
+- Migrated CI/CD workflows and scripts from Yarn to npm
+- Updated ignore files and configuration
+
+### Documentation
+
+- Updated documentation to focus on npm commands
+- Improved workflow and script documentation
+
+## [0.5.2] - 2025-05-18
+
+### Added
+
+- Comprehensive E2E validation test in CI/CD pipeline
+- Validation includes: build, `npm pack`, local install, and CLI command execution
+- Ensures package integrity and command-line operability before release
+
+## [0.5.1] - 2025-05-16
+
+### Fixed
+
+- CLI command not recognized after global install (`npm install -g envilder`)
+- Fixed missing compiled `lib/` files in published package
+
+## [0.3.0] - 2025-05-09
+
+### Added
+
+- Support for working with different AWS accounts and configurations via AWS profiles
+
+### Changed
+
+- Bumped @secretlint/secretlint-rule-preset-recommend from 9.3.0 to 9.3.2
+- Bumped @types/node from 22.14.1 to 22.15.3
+- Bumped commander from 12.1.0 to 13.1.0
+- Bumped vite from 6.2.6 to 6.3.4
+- Bumped @aws-sdk/client-ssm from 3.787.0 to 3.799.0
+
+## [0.2.3] - 2025-04-12
+
+### Changed
+
+- Updated multiple dependencies including:
+  - @types/node from 22.7.5 to 22.10.3
+  - @aws-sdk/client-ssm from 3.670.0 to 3.716.0
+  - @biomejs/biome from 1.9.3 to 1.9.4
+  - nanoid from 3.3.7 to 3.3.8
+  - @secretlint/secretlint-rule-preset-recommend from 8.5.0 to 9.0.0
+  - secretlint from 8.5.0 to 9.0.0
+
+## [0.2.1] - 2024-10-16
+
+### Added
+
+- Code coverage reporting and deployment to GitHub Pages
+- CodeQL workflow for security analysis
+- Preserve existing `.env` file and update values if present
+
+### Documentation
+
+- Updated README.md with improved documentation
+
+## [0.1.4] - 2024-10-01
+
+Initial public release of Envilder.
+
+---
+
+## How to Update This Changelog
+
+This changelog follows [Conventional Commits](https://www.conventionalcommits.org/) specification.
+
+### Commit Message Format
+
+```txt
+<type>[optional scope]: <description>
+
+[optional body]
+
+[optional footer(s)]
+```
+
+### Types
+
+- `feat`: A new feature (triggers MINOR version bump)
+- `fix`: A bug fix (triggers PATCH version bump)
+- `docs`: Documentation-only changes
+- `style`: Changes that don't affect code meaning (formatting, etc.)
+- `refactor`: Code change that neither fixes a bug nor adds a feature
+- `perf`: Performance improvements
+- `test`: Adding or correcting tests
+- `chore`: Changes to build process or auxiliary tools
+- `ci`: Changes to CI configuration files and scripts
+
+### Breaking Changes
+
+Add `BREAKING CHANGE:` in the footer or append `!` after type/scope:
+
+```txt
+feat!: remove AWS profile auto-detection
+
+BREAKING CHANGE: Users must now explicitly specify --profile flag
+```
+
+This triggers a MAJOR version bump.
+
+### Examples
+
+```bash
+# Feature addition (0.7.0 -> 0.8.0)
+git commit -m "feat(gha): add GitHub Action support"
+
+# Bug fix (0.7.0 -> 0.7.1)
+git commit -m "fix(cli): handle empty environment files"
+
+# Breaking change (0.7.0 -> 1.0.0)
+git commit -m "feat!: redesign CLI interface"
+```
+
+---
+
+## Automation
+
+This project uses automated changelog generation. To generate changelog entries:
+
+1. **Manual Update** (temporary):
+   - Edit this file following the format above
+   - Add entries under `[Unreleased]` section
+   - Run `pnpm version [patch|minor|major]` to create a new release
+
+2. **Automated** (recommended):
+   - Use conventional commits in your commit messages
+   - Run `pnpm changelog` to generate entries from git history
+   - Changelog will be auto-generated from commit messages
+
+[0.6.6]: https://github.com/macalbert/envilder/compare/v0.6.5...v0.6.6
+[0.6.5]: https://github.com/macalbert/envilder/compare/v0.6.4...v0.6.5
+[0.6.4]: https://github.com/macalbert/envilder/compare/v0.6.3...v0.6.4
+[0.6.3]: https://github.com/macalbert/envilder/compare/v0.6.1...v0.6.3
+[0.6.1]: https://github.com/macalbert/envilder/compare/v0.5.6...v0.6.1
+[0.5.6]: https://github.com/macalbert/envilder/compare/v0.5.5...v0.5.6
+[0.5.5]: https://github.com/macalbert/envilder/compare/v0.5.4...v0.5.5
+[0.5.4]: https://github.com/macalbert/envilder/compare/v0.5.3...v0.5.4
+[0.5.3]: https://github.com/macalbert/envilder/compare/v0.5.2...v0.5.3
+[0.5.2]: https://github.com/macalbert/envilder/compare/v0.5.1...v0.5.2
+[0.5.1]: https://github.com/macalbert/envilder/compare/v0.3.0...v0.5.1
+[0.3.0]: https://github.com/macalbert/envilder/compare/v0.2.3...v0.3.0
+[0.2.3]: https://github.com/macalbert/envilder/compare/v0.2.1...v0.2.3
+[0.2.1]: https://github.com/macalbert/envilder/compare/v0.1.4...v0.2.1
+[0.1.4]: https://github.com/macalbert/envilder/releases/tag/v0.1.4

package/docs/SECURITY.md

@@ -0,0 +1,167 @@
+# Security Policy
+
+## 🔒 Supported Versions
+
+We release patches for security vulnerabilities only in the latest version:
+
+| Version | Supported          |
+| ------- | ------------------ |
+| Latest  | ✅ |
+| Older   | ❌ |
+
+## 🚨 Reporting a Vulnerability
+
+**Please do not report security vulnerabilities through public GitHub issues.**
+
+If you discover a security vulnerability in Envilder, please report it privately to help us address it before public disclosure.
+
+### How to Report
+
+1. **Email**: Send details to <mac.albert@gmail.com>
+2. **Subject**: `[SECURITY] Envilder - [Brief Description]`
+3. **Include**:
+   - Description of the vulnerability
+   - Steps to reproduce the issue
+   - Potential impact
+   - Suggested fix (if available)
+   - Your contact information for follow-up
+
+### What to Expect
+
+- **Acknowledgment**: I will acknowledge your email as soon as possible
+- **Initial Assessment**: I'll provide an initial assessment and prioritize based on severity
+- **Updates**: I'll keep you informed about the progress
+- **Resolution**: I'll work to release a fix as soon as feasible (timeline depends on severity and complexity)
+- **Credit**: You'll be credited in the security advisory (unless you prefer to remain anonymous)
+
+**Note**: This is a solo open-source project maintained in my spare time. While I take security seriously,
+response times may vary based on availability.
+
+## 🛡️ Security Best Practices
+
+When using Envilder, follow these security guidelines:
+
+### AWS Credentials
+
+**DO**:
+
+- ✅ Use IAM roles with OIDC for GitHub Actions ([setup guide](https://docs.github.com/en/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services))
+- ✅ Use temporary credentials when possible
+- ✅ Follow the principle of least privilege
+
+**DON'T**:
+
+- ❌ Store AWS access keys in code or environment variables
+- ❌ Share AWS credentials via Slack, email, or chat
+
+### IAM Permissions
+
+Envilder requires these AWS permissions:
+
+```json
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Principal": {
+                "Federated": "arn:aws:iam::123456123456:oidc-provider/token.actions.githubusercontent.com"
+            },
+            "Action": "sts:AssumeRoleWithWebIdentity",
+            "Condition": {
+                "StringLike": {
+                    "token.actions.githubusercontent.com:sub": "repo:octo-org/octo-repo:*"
+                },
+                "StringEquals": {
+                    "token.actions.githubusercontent.com:aud": "sts.amazonaws.com"
+                }
+            }
+        }
+    ]
+}
+```
+
+**Recommendations**:
+
+- Scope permissions to specific parameter paths (e.g., `/myapp/prod/*`)
+- Use separate IAM roles for different environments (dev, staging, prod)
+- Enable CloudTrail logging for audit trails
+
+### Environment Files
+
+**DO**:
+
+- ✅ Add `.env` to `.gitignore`
+- ✅ Use `.env.example` for documentation (without real values)
+- ✅ Rotate secrets regularly
+
+**DON'T**:
+
+- ❌ Commit `.env` files to version control
+- ❌ Share `.env` files via email or chat
+
+### GitHub Actions
+
+When using Envilder GitHub Action:
+
+**DO**:
+
+- ✅ Use OIDC authentication instead of static credentials ([OIDC setup guide](https://docs.github.com/en/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services))
+- ✅ Pin action versions (e.g., `@v1.0.0` instead of `@main`)
+- ✅ Review action code before using in production
+
+**DON'T**:
+
+- ❌ Store AWS credentials in GitHub Secrets (use OIDC roles)
+- ❌ Use overly permissive IAM policies
+
+## 🔍 Security Audits
+
+This project uses:
+
+- **Snyk**: Vulnerability scanning for dependencies
+- **Secretlint**: Prevents accidental secret commits
+- **Biome**: Code quality and security linting
+- **Dependabot**: Automated dependency updates
+
+View current security status: [![Known Vulnerabilities](https://snyk.io/test/github/macalbert/envilder/badge.svg)](https://snyk.io/test/github/macalbert/envilder)
+
+## 📋 Known Security Considerations
+
+### AWS SSM Parameter Store
+
+- Parameters are encrypted at rest using AWS KMS
+- All API calls are logged in CloudTrail
+- Access is controlled via IAM policies
+- Supports versioning and automatic rotation
+
+### Local Environment Files
+
+- Generated `.env` files contain sensitive data
+- Ensure proper file permissions (e.g., `chmod 600 .env`)
+- Delete or rotate secrets if `.env` is accidentally committed
+
+## 🔗 Additional Resources
+
+- [AWS SSM Security Best Practices](https://docs.aws.amazon.com/systems-manager/latest/userguide/security-best-practices.html)
+- [GitHub Actions Security Hardening](https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions)
+- [OWASP Secrets Management Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html)
+
+## 📜 Disclosure Policy
+
+When I receive a security vulnerability report:
+
+1. I will confirm the vulnerability and determine its impact
+2. I will develop and test a fix
+3. I will release a security advisory and patched version
+4. I will credit the reporter (unless anonymity is requested)
+
+**Public Disclosure Timeline**:
+
+- Critical vulnerabilities: Disclosed after patch is released
+- Non-critical vulnerabilities: Coordinated disclosure with reasonable timeline based on severity
+
+**Note**: As a solo maintainer working on this project in my spare time, I appreciate your
+understanding regarding response and fix timelines.
+
+Thank you for helping keep Envilder and its users safe! 🙏

package/lib/apps/cli/Cli.d.ts

@@ -1,4 +1,3 @@
-#!/usr/bin/env node
 import 'reflect-metadata';
 export declare function main(): Promise<void>;
 //# sourceMappingURL=Cli.d.ts.map

package/lib/apps/cli/Cli.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"Cli.d.ts","sourceRoot":"","sources":["../../../src/apps/cli/Cli.ts"],"names":[],"mappings":";AACA,OAAO,kBAAkB,CAAC;AAwB1B,wBAAsB,IAAI,kBAgDzB"}
+{"version":3,"file":"Cli.d.ts","sourceRoot":"","sources":["../../../src/apps/cli/Cli.ts"],"names":[],"mappings":"AAAA,OAAO,kBAAkB,CAAC;AAuB1B,wBAAsB,IAAI,kBAgDzB"}

package/lib/apps/cli/Cli.js

@@ -1,4 +1,3 @@
-#!/usr/bin/env node
 var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
     function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
     return new (P || (P = Promise))(function (resolve, reject) {
@@ -61,9 +60,4 @@ function readPackageVersion() {
     const packageJsonPath = join(__dirname, '../../../package.json');
     return new PackageVersionReader().getVersion(packageJsonPath);
 }
-main().catch((error) => {
-    const logger = serviceProvider.get(TYPES.ILogger);
-    logger.error('🚨 Uh-oh! Looks like Mario fell into the wrong pipe! 🍄💥');
-    logger.error(error instanceof Error ? error.message : String(error));
-});
 //# sourceMappingURL=Cli.js.map

package/lib/apps/cli/Cli.js.map

@@ -1 +1 @@
-{"version":3,"file":"Cli.js","sourceRoot":"","sources":["../../../src/apps/cli/Cli.ts"],"names":[],"mappings":";;;;;;;;;;AACA,OAAO,kBAAkB,CAAC;AAC1B,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAEpC,OAAO,EAAE,qBAAqB,EAAE,MAAM,8DAA8D,CAAC;AAIrG,OAAO,EAAE,oBAAoB,EAAE,MAAM,+DAA+D,CAAC;AACrG,OAAO,EAAE,KAAK,EAAE,MAAM,yBAAyB,CAAC;AAChD,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAEvC,IAAI,eAA0B,CAAC;AAE/B,SAAe,cAAc,CAAC,OAAmB;;QAC/C,MAAM,cAAc,GAAG,eAAe,CAAC,GAAG,CACxC,KAAK,CAAC,4BAA4B,CACnC,CAAC;QAEF,MAAM,OAAO,GAAG,qBAAqB,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;QAC9D,MAAM,cAAc,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;IAC9C,CAAC;CAAA;AAED,MAAM,UAAgB,IAAI;;QACxB,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;QAC9B,MAAM,OAAO,GAAG,MAAM,kBAAkB,EAAE,CAAC;QAE3C,OAAO;aACJ,IAAI,CAAC,UAAU,CAAC;aAChB,WAAW,CACV,+FAA+F;YAC7F,2BAA2B;YAC3B,6DAA6D;YAC7D,iDAAiD;YACjD,oEAAoE;YACpE,wCAAwC;YACxC,kFAAkF,CACrF;aACA,OAAO,CAAC,OAAO,CAAC;aAChB,MAAM,CACL,cAAc,EACd,sFAAsF,CACvF;aACA,MAAM,CACL,kBAAkB,EAClB,gFAAgF,CACjF;aACA,MAAM,CAAC,kBAAkB,EAAE,mCAAmC,CAAC;aAC/D,MAAM,CAAC,QAAQ,EAAE,sCAAsC,CAAC;aACxD,MAAM,CACL,cAAc,EACd,6DAA6D,CAC9D;aACA,MAAM,CACL,iBAAiB,EACjB,qEAAqE,CACtE;aACA,MAAM,CACL,mBAAmB,EACnB,iEAAiE,CAClE;aACA,MAAM,CAAC,CAAO,OAAmB,EAAE,EAAE;YACpC,eAAe,GAAG,OAAO,CAAC,KAAK,EAAE;iBAC9B,iBAAiB,EAAE;iBACnB,uBAAuB,CAAC,OAAO,CAAC,OAAO,CAAC;iBACxC,MAAM,EAAE,CAAC;YAEZ,MAAM,cAAc,CAAC,OAAO,CAAC,CAAC;QAChC,CAAC,CAAA,CAAC,CAAC;QAEL,MAAM,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IACzC,CAAC;CAAA;AAED,SAAS,kBAAkB;IACzB,MAAM,UAAU,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAClD,MAAM,SAAS,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;IACtC,MAAM,eAAe,GAAG,IAAI,CAAC,SAAS,EAAE,uBAAuB,CAAC,CAAC;IAEjE,OAAO,IAAI,oBAAoB,EAAE,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC;AAChE,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;IACrB,MAAM,MAAM,GAAG,eAAe,CAAC,GAAG,CAAU,KAAK,CAAC,OAAO,CAAC,CAAC;IAE3D,MAAM,CAAC,KAAK,CAAC,2DAA2D,CAAC,CAAC;IAC1E,MAAM,CAAC,KAAK,CAAC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;AACvE,CAAC,CAAC,CAAC"}
+{"version":3,"file":"Cli.js","sourceRoot":"","sources":["../../../src/apps/cli/Cli.ts"],"names":[],"mappings":";;;;;;;;;AAAA,OAAO,kBAAkB,CAAC;AAC1B,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAEpC,OAAO,EAAE,qBAAqB,EAAE,MAAM,8DAA8D,CAAC;AAGrG,OAAO,EAAE,oBAAoB,EAAE,MAAM,+DAA+D,CAAC;AACrG,OAAO,EAAE,KAAK,EAAE,MAAM,yBAAyB,CAAC;AAChD,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAEvC,IAAI,eAA0B,CAAC;AAE/B,SAAe,cAAc,CAAC,OAAmB;;QAC/C,MAAM,cAAc,GAAG,eAAe,CAAC,GAAG,CACxC,KAAK,CAAC,4BAA4B,CACnC,CAAC;QAEF,MAAM,OAAO,GAAG,qBAAqB,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;QAC9D,MAAM,cAAc,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;IAC9C,CAAC;CAAA;AAED,MAAM,UAAgB,IAAI;;QACxB,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;QAC9B,MAAM,OAAO,GAAG,MAAM,kBAAkB,EAAE,CAAC;QAE3C,OAAO;aACJ,IAAI,CAAC,UAAU,CAAC;aAChB,WAAW,CACV,+FAA+F;YAC7F,2BAA2B;YAC3B,6DAA6D;YAC7D,iDAAiD;YACjD,oEAAoE;YACpE,wCAAwC;YACxC,kFAAkF,CACrF;aACA,OAAO,CAAC,OAAO,CAAC;aAChB,MAAM,CACL,cAAc,EACd,sFAAsF,CACvF;aACA,MAAM,CACL,kBAAkB,EAClB,gFAAgF,CACjF;aACA,MAAM,CAAC,kBAAkB,EAAE,mCAAmC,CAAC;aAC/D,MAAM,CAAC,QAAQ,EAAE,sCAAsC,CAAC;aACxD,MAAM,CACL,cAAc,EACd,6DAA6D,CAC9D;aACA,MAAM,CACL,iBAAiB,EACjB,qEAAqE,CACtE;aACA,MAAM,CACL,mBAAmB,EACnB,iEAAiE,CAClE;aACA,MAAM,CAAC,CAAO,OAAmB,EAAE,EAAE;YACpC,eAAe,GAAG,OAAO,CAAC,KAAK,EAAE;iBAC9B,iBAAiB,EAAE;iBACnB,uBAAuB,CAAC,OAAO,CAAC,OAAO,CAAC;iBACxC,MAAM,EAAE,CAAC;YAEZ,MAAM,cAAc,CAAC,OAAO,CAAC,CAAC;QAChC,CAAC,CAAA,CAAC,CAAC;QAEL,MAAM,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IACzC,CAAC;CAAA;AAED,SAAS,kBAAkB;IACzB,MAAM,UAAU,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAClD,MAAM,SAAS,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;IACtC,MAAM,eAAe,GAAG,IAAI,CAAC,SAAS,EAAE,uBAAuB,CAAC,CAAC;IAEjE,OAAO,IAAI,oBAAoB,EAAE,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC;AAChE,CAAC"}