envlock-next 0.4.0 → 0.6.0

package/dist/cli/index.js

@@ -2,29 +2,162 @@
 
 // src/cli/index.ts
 import { pathToFileURL as pathToFileURL2 } from "url";
+import { realpathSync } from "fs";
 import { Command } from "commander";
-import { ENVIRONMENTS, runWithSecrets, validateEnvFilePath, validateOnePasswordEnvId as validateOnePasswordEnvId2 } from "envlock-core";
+
+// ../core/dist/index.js
+import { spawnSync } from "child_process";
+import { execFileSync } from "child_process";
+import { isAbsolute, relative, resolve } from "path";
+import { createServer } from "net";
+var verbose = false;
+function setVerbose(flag) {
+  verbose = flag;
+}
+var log = {
+  debug: (msg) => {
+    if (verbose) process.stderr.write(`[envlock:debug] ${msg}
+`);
+  },
+  info: (msg) => {
+    process.stderr.write(`[envlock] ${msg}
+`);
+  },
+  warn: (msg) => {
+    process.stderr.write(`[envlock] Warning: ${msg}
+`);
+  },
+  error: (msg) => {
+    process.stderr.write(`[envlock] Error: ${msg}
+`);
+  }
+};
+var WHICH = process.platform === "win32" ? "where" : "which";
+function hasBinary(name) {
+  try {
+    execFileSync(WHICH, [name], { stdio: "pipe" });
+    return true;
+  } catch {
+    return false;
+  }
+}
+function checkBinary(name, installHint) {
+  if (!hasBinary(name)) {
+    throw new Error(`[envlock] '${name}' not found in PATH.
+${installHint}`);
+  }
+  log.debug(`Binary check: ${name} found`);
+}
+function runWithSecrets(options) {
+  const { envFile, environment, onePasswordEnvId, command, args } = options;
+  checkBinary(
+    "dotenvx",
+    "Install dotenvx: npm install -g @dotenvx/dotenvx\nOr add it as a dev dependency."
+  );
+  const privateKeyVar = `DOTENV_PRIVATE_KEY_${environment.toUpperCase()}`;
+  const keyAlreadyInjected = !!process.env[privateKeyVar];
+  let result;
+  if (keyAlreadyInjected) {
+    log.debug(`Spawning: dotenvx run -f ${envFile} -- ${command} ${args.join(" ")}`);
+    result = spawnSync(
+      "dotenvx",
+      ["run", "-f", envFile, "--", command, ...args],
+      { stdio: "inherit" }
+    );
+    if (result.error) {
+      throw new Error(`[envlock] Failed to spawn 'dotenvx': ${result.error.message}`);
+    }
+  } else {
+    checkBinary(
+      "op",
+      "Install 1Password CLI: brew install --cask 1password-cli@beta\nThen sign in: op signin"
+    );
+    log.debug(`Spawning: op run --environment ${onePasswordEnvId} -- dotenvx run -f ${envFile} -- ${command} ${args.join(" ")}`);
+    result = spawnSync(
+      "op",
+      [
+        "run",
+        "--environment",
+        onePasswordEnvId,
+        "--",
+        "dotenvx",
+        "run",
+        "-f",
+        envFile,
+        "--",
+        command,
+        ...args
+      ],
+      { stdio: "inherit" }
+    );
+    if (result.error) {
+      throw new Error(`[envlock] Failed to spawn 'op': ${result.error.message}`);
+    }
+  }
+  process.exit(result.status ?? 1);
+}
+var OP_ENV_ID_PATTERN = /^[a-z0-9][a-z0-9-]*$/;
+function validateOnePasswordEnvId(id) {
+  if (!id || !OP_ENV_ID_PATTERN.test(id)) {
+    throw new Error(
+      `[envlock] Invalid onePasswordEnvId: "${id}". Must be a lowercase alphanumeric string (hyphens allowed), e.g. 'ca6uypwvab5mevel44gqdc2zae'.`
+    );
+  }
+}
+function validateEnvFilePath(envFile, cwd) {
+  if (envFile.includes("\0")) {
+    throw new Error(`[envlock] Invalid env file path: null bytes are not allowed.`);
+  }
+  const resolved = resolve(cwd, envFile);
+  const base = resolve(cwd);
+  const rel = relative(base, resolved);
+  if (rel.startsWith("..") || isAbsolute(rel)) {
+    throw new Error(
+      `[envlock] Invalid env file path: "${envFile}" resolves outside the project directory.`
+    );
+  }
+}
+var ENVIRONMENTS = {
+  development: "development",
+  staging: "staging",
+  production: "production"
+};
+function isPortFree(port) {
+  return new Promise((resolve22) => {
+    const server = createServer();
+    server.once("error", () => resolve22(false));
+    server.once("listening", () => server.close(() => resolve22(true)));
+    server.listen(port, "127.0.0.1");
+  });
+}
+async function findFreePort(preferred) {
+  for (let port = preferred; port <= preferred + 10; port++) {
+    if (await isPortFree(port)) return port;
+  }
+  throw new Error(
+    `[envlock] No free port found in range ${preferred}\u2013${preferred + 10}.`
+  );
+}
 
 // src/cli/resolve-config.ts
 import { existsSync } from "fs";
-import { resolve } from "path";
+import { resolve as resolve2 } from "path";
 import { pathToFileURL } from "url";
-import { validateOnePasswordEnvId } from "envlock-core";
-var CONFIG_CANDIDATES = ["next.config.js", "next.config.mjs"];
+var CONFIG_CANDIDATES = ["next.config.ts", "next.config.js", "next.config.mjs"];
 async function resolveConfig(cwd) {
   for (const candidate of CONFIG_CANDIDATES) {
-    const fullPath = resolve(cwd, candidate);
+    const fullPath = resolve2(cwd, candidate);
     if (!existsSync(fullPath)) continue;
     try {
       const mod = await import(pathToFileURL(fullPath).href);
       const config = mod.default ?? mod;
       if (config && typeof config === "object" && "__envlock" in config && config.__envlock && typeof config.__envlock === "object" && "onePasswordEnvId" in config.__envlock) {
+        log.debug(`Config loaded from ${candidate}`);
         return config.__envlock;
       }
     } catch (err) {
-      console.warn(
-        `[envlock] Failed to load ${candidate}: ${err instanceof Error ? err.message : String(err)}`
-      );
+      log.warn(`Failed to load ${candidate}: ${err instanceof Error ? err.message : String(err)}`);
+      log.debug(`Stack: ${err instanceof Error ? err.stack ?? "" : ""}`);
     }
   }
   if (process.env["ENVLOCK_OP_ENV_ID"]) {
@@ -61,12 +194,30 @@ async function runNextCommand(subcommand, environment, passthroughArgs) {
   const config = await resolveConfig(process.cwd());
   const envFile = config.envFiles?.[environment] ?? DEFAULT_ENV_FILES[environment];
   validateEnvFilePath(envFile, process.cwd());
+  let finalArgs = [...passthroughArgs];
+  if (subcommand === "dev") {
+    const portFlagIndex = finalArgs.findIndex(
+      (a) => a === "--port" || a === "-p"
+    );
+    const requestedPort = portFlagIndex !== -1 ? parseInt(finalArgs[portFlagIndex + 1] ?? "3000", 10) : 3e3;
+    const freePort = await findFreePort(requestedPort);
+    if (freePort !== requestedPort) {
+      log.warn(`Port ${requestedPort} in use, switching to ${freePort}`);
+    }
+    if (portFlagIndex !== -1) {
+      finalArgs.splice(portFlagIndex, 2);
+    }
+    finalArgs = ["-p", String(freePort), ...finalArgs];
+  }
+  log.debug(`Environment: ${environment}`);
+  log.debug(`Env file: ${envFile}`);
+  log.debug(`Command: next ${subcommand} ${finalArgs.join(" ")}`);
   runWithSecrets({
     envFile,
     environment,
     onePasswordEnvId: config.onePasswordEnvId,
     command: "next",
-    args: [subcommand, ...passthroughArgs]
+    args: [subcommand, ...finalArgs]
   });
 }
 function addEnvFlags(cmd) {
@@ -91,9 +242,12 @@ async function handleRunCommand(cmd, cmdArgs, opts) {
       "[envlock] No onePasswordEnvId found. Set it in envlock.config.js or via ENVLOCK_OP_ENV_ID env var."
     );
   }
-  validateOnePasswordEnvId2(onePasswordEnvId);
+  validateOnePasswordEnvId(onePasswordEnvId);
   const envFile = config.envFiles?.[environment] ?? DEFAULT_ENV_FILES[environment];
   validateEnvFilePath(envFile, process.cwd());
+  log.debug(`Environment: ${environment}`);
+  log.debug(`Env file: ${envFile}`);
+  log.debug(`Command: ${cmd} ${cmdArgs.join(" ")}`);
   runWithSecrets({
     envFile,
     environment,
@@ -103,7 +257,7 @@ async function handleRunCommand(cmd, cmdArgs, opts) {
   });
 }
 var program = new Command("envlock");
-program.name("envlock").description("Run Next.js commands with 1Password + dotenvx secret injection").version("0.3.0").enablePositionalOptions();
+program.name("envlock").description("Run Next.js commands with 1Password + dotenvx secret injection").version("0.3.0").enablePositionalOptions().option("-d, --debug", "enable debug output");
 for (const [subcommand, defaultEnv] of Object.entries(
   SUPPORTED_SUBCOMMANDS
 )) {
@@ -122,15 +276,27 @@ addEnvFlags(runCmd).action(
     try {
       await handleRunCommand(cmd, cmdArgs, opts);
     } catch (err) {
-      console.error(err instanceof Error ? err.message : String(err));
+      log.error(err instanceof Error ? err.message : String(err));
       process.exit(1);
     }
   }
 );
 program.addCommand(runCmd);
-if (import.meta.url === pathToFileURL2(process.argv[1] ?? "").href) {
+var _resolvedArgv1Next = (() => {
+  try {
+    return realpathSync(process.argv[1] ?? "");
+  } catch {
+    return process.argv[1] ?? "";
+  }
+})();
+if (import.meta.url === pathToFileURL2(_resolvedArgv1Next).href) {
+  if (process.argv.includes("--debug") || process.argv.includes("-d")) {
+    setVerbose(true);
+  }
+  log.debug(`Resolved argv[1]: ${_resolvedArgv1Next}`);
   program.parse(process.argv);
 }
 export {
-  handleRunCommand
+  handleRunCommand,
+  runNextCommand
 };

package/dist/index.cjs

@@ -0,0 +1,45 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/index.ts
+var src_exports = {};
+__export(src_exports, {
+  withEnvlock: () => withEnvlock
+});
+module.exports = __toCommonJS(src_exports);
+
+// src/plugin.ts
+var import_envlock_core = require("envlock-core");
+function withEnvlock(nextConfig, options) {
+  if (!options?.onePasswordEnvId) {
+    console.warn(
+      "[envlock] No onePasswordEnvId provided to withEnvlock(). Set it to your 1Password Environment ID for automatic secret injection. Alternatively, set ENVLOCK_OP_ENV_ID in your environment."
+    );
+  } else {
+    (0, import_envlock_core.validateOnePasswordEnvId)(options.onePasswordEnvId);
+  }
+  return {
+    ...nextConfig,
+    __envlock: options ?? { onePasswordEnvId: "" }
+  };
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  withEnvlock
+});

package/dist/index.d.cts

@@ -0,0 +1,10 @@
+import { NextConfig } from 'next';
+import { EnvlockOptions } from 'envlock-core';
+export { EnvlockOptions } from 'envlock-core';
+
+type EnvlockNextConfig = NextConfig & {
+    __envlock: EnvlockOptions;
+};
+declare function withEnvlock(nextConfig: NextConfig, options?: EnvlockOptions): EnvlockNextConfig;
+
+export { type EnvlockNextConfig, withEnvlock };

package/dist/postinstall.cjs

@@ -0,0 +1,64 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/postinstall.ts
+var postinstall_exports = {};
+__export(postinstall_exports, {
+  rewriteScripts: () => rewriteScripts
+});
+module.exports = __toCommonJS(postinstall_exports);
+var import_node_fs = require("fs");
+var import_node_path = require("path");
+var REWRITES = [
+  { from: /(?<![envlock\s])next dev/, to: "envlock dev", cmd: "dev" },
+  { from: /(?<![envlock\s])next build/, to: "envlock build", cmd: "build" },
+  { from: /(?<![envlock\s])next start/, to: "envlock start", cmd: "start" }
+];
+function rewriteScripts(projectRoot2) {
+  const pkgPath = (0, import_node_path.join)(projectRoot2, "package.json");
+  if (!(0, import_node_fs.existsSync)(pkgPath)) return;
+  let pkg;
+  try {
+    pkg = JSON.parse((0, import_node_fs.readFileSync)(pkgPath, "utf8"));
+  } catch {
+    return;
+  }
+  if (!pkg.scripts) return;
+  let changed = false;
+  for (const { from, to, cmd } of REWRITES) {
+    const script = pkg.scripts[cmd];
+    if (!script) continue;
+    if (script.includes("envlock")) continue;
+    if (!from.test(script)) continue;
+    pkg.scripts[cmd] = script.replace(from, to);
+    console.log(`[envlock] Updated scripts.${cmd}: "${script}" \u2192 "${pkg.scripts[cmd]}"`);
+    changed = true;
+  }
+  if (changed) {
+    (0, import_node_fs.writeFileSync)(pkgPath, JSON.stringify(pkg, null, 2) + "\n");
+  }
+}
+var projectRoot = process.env["INIT_CWD"];
+if (projectRoot) {
+  rewriteScripts(projectRoot);
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  rewriteScripts
+});

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "envlock-next",
-  "version": "0.4.0",
+  "version": "0.6.0",
   "type": "module",
   "description": "Next.js plugin and CLI for envlock",
   "license": "MIT",
@@ -22,24 +22,33 @@
   },
   "exports": {
     ".": {
-      "import": "./dist/index.js",
-      "types": "./dist/index.d.ts"
+      "types":   "./dist/index.d.ts",
+      "require": "./dist/index.cjs",
+      "import":  "./dist/index.js"
     }
   },
-  "files": ["dist"],
+  "main": "./dist/index.cjs",
+  "files": [
+    "dist"
+  ],
   "scripts": {
     "build": "tsup",
     "dev": "tsup --watch",
     "test": "vitest run",
-    "test:watch": "vitest"
+    "test:watch": "vitest",
+    "postinstall": "node ./dist/postinstall.cjs"
   },
   "dependencies": {
-    "envlock-core": "workspace:*",
+    "envlock-core": "^0.6.0",
     "commander": "^12.0.0"
   },
   "peerDependencies": {
+    "@dotenvx/dotenvx": ">=1.0.0",
     "next": ">=14.0.0"
   },
+  "peerDependenciesMeta": {
+    "@dotenvx/dotenvx": { "optional": false }
+  },
   "devDependencies": {
     "envlock-core": "workspace:*",
     "@types/node": "^20.14.10",