firevault 0.1.1-beta.1 → 0.1.1-beta.3

package/CHANGELOG.md

@@ -6,6 +6,7 @@
 - Added init Git safety checks, `--force`, and `--yes`.
 - Added safe `.gitignore` updates for service account keys, backup output, and emulator logs.
 - Ensured Firevault can still explicitly commit the configured backup directory even when it is ignored by default.
+- Added a guarded local npm prerelease publish workflow using `gitversionjs`, pack verification, and forbidden-path checks.
 
 ## 0.1.0
 

package/README.md

@@ -49,6 +49,26 @@ firevault init
 
 `firevault init` asks for your Firebase project ID, service account path, output directory, and collections. It also checks Git state before writing files and appends safety entries to `.gitignore`.
 
+During setup, Firevault looks for likely Firebase project IDs in local files such as `.env.local`, `.env.development`, `firebase.json`, and common Firebase config files. Detection is best-effort and transparent: if Firevault finds candidates, it shows where they came from and lets you accept one or enter a value manually.
+
+Firevault also looks for likely local service account files such as `serviceAccountKey.json`, `service-account.json`, `firebase-service-account.json`, and `credentials/firebase.json`. It never prints private key contents. If you select a service account path, Firevault adds that path to `.gitignore`.
+
+After you enter a project ID, Firevault prints the direct Firebase Console URL for that project's Admin SDK service account page:
+
+```txt
+Create a Firebase service account key here:
+
+https://console.firebase.google.com/project/your-project-id/settings/serviceaccounts/adminsdk
+
+Download the JSON key and save it as:
+
+./serviceAccountKey.json
+```
+
+Firevault does not create service accounts, open a browser, run `gcloud`, or authenticate against Firebase during setup.
+
+If the selected service account file already exists, Firevault can optionally connect to Firestore and list top-level collections so you can choose which ones to back up. If the file is missing or Firebase access fails, init continues and you can enter collections manually.
+
 Generated `firevault.config.json`:
 
 ```json
@@ -330,15 +350,36 @@ Covered emulator flows:
 
 ## Publishing
 
-Before publishing:
+Firevault uses a local publish script for early prereleases. npm auth must already be configured before publishing; `npm whoami` should succeed for the intended npm account.
+
+Calculate the Git-derived prerelease version:
+
+```bash
+npm run version:calculate
+```
+
+Verify the package without publishing:
+
+```bash
+npm run publish:dry-run
+```
+
+Publish the prerelease with the `next` dist-tag:
+
+```bash
+npm run publish:next
+```
+
+Use `npm run publish:next -- --yes` only when you intentionally want to skip the final confirmation prompt.
+
+The publish script:
 
-- run `npm run build`,
-- run `npm run test:emulator`,
-- run `npm pack --dry-run` and review the file list,
-- verify `dist/index.js` exists and starts with `#!/usr/bin/env node`,
-- do not publish `serviceAccountKey.json`,
-- do not publish local `firestore-backups/` output,
-- verify logs such as `firestore-debug.log` are not included.
+- requires a clean Git working tree before real publishing,
+- calculates the npm prerelease version with `gitversionjs`,
+- runs clean, build, and emulator tests,
+- runs `npm pack --dry-run --cache /private/tmp/firevault-npm-cache`,
+- rejects forbidden package contents such as `serviceAccountKey.json`, `firestore-backups/`, `firestore-debug.log`, `src/`, `test/`, `firebase.json`, `firestore.rules`, and `.env` files,
+- publishes with `npm publish --access public --tag next --cache /private/tmp/firevault-npm-cache`.
 
 The package `bin` points to `./dist/index.js`, so a published or linked package must include compiled output. `prepublishOnly` currently runs clean, build, and emulator tests.
 

package/dist/commands/init.js

@@ -3,6 +3,9 @@ import { createInterface } from "node:readline/promises";
 import { stdin as input, stdout as output } from "node:process";
 import { appendFileSync, existsSync, readFileSync, writeFileSync, } from "node:fs";
 import { GitError, hasWorkingTreeChanges, initGitRepository, isInsideGitRepository, } from "../git/git.js";
+import { detectFirebaseProjectCandidates, uniqueProjectIds, } from "../init/detectFirebaseProject.js";
+import { detectServiceAccountPaths } from "../init/detectServiceAccount.js";
+import { listFirestoreCollections } from "../init/listCollections.js";
 const defaultConfig = {
     projectId: "your-firebase-project-id",
     serviceAccountPath: "./serviceAccountKey.json",
@@ -29,43 +32,189 @@ function validateConfig(config) {
 function parseCollections(value) {
     return value
         .split(",")
-        .map((collection) => collection.trim());
+        .map((collection) => collection.trim())
+        .filter((collection) => collection !== "");
 }
-async function promptForConfig(options) {
-    if (options.yes) {
-        return defaultConfig;
+function getServiceAccountUrl(projectId) {
+    return `https://console.firebase.google.com/project/${encodeURIComponent(projectId)}/settings/serviceaccounts/adminsdk`;
+}
+function printServiceAccountGuidance(projectId, serviceAccountPath) {
+    console.log("");
+    console.log("Create a Firebase service account key here:");
+    console.log("");
+    console.log(getServiceAccountUrl(projectId));
+    console.log("");
+    console.log("Download the JSON key and save it as:");
+    console.log("");
+    console.log(serviceAccountPath);
+    console.log("");
+}
+function printMissingServiceAccountInfo(serviceAccountPath) {
+    if (existsSync(serviceAccountPath)) {
+        return;
+    }
+    console.log(`Service account file does not exist yet: ${serviceAccountPath}`);
+    console.log("That is expected before downloading the Firebase Admin SDK key.");
+    console.log(`Save the downloaded JSON key at: ${serviceAccountPath}`);
+    console.log("");
+}
+function gitignorePathFor(filePath) {
+    return filePath.replace(/\\/g, "/").replace(/^\.\//, "");
+}
+function printDetectedProjectCandidates(candidates) {
+    if (candidates.length === 0) {
+        return;
+    }
+    console.log("Detected Firebase project IDs:");
+    console.log("");
+    candidates.forEach((candidate, index) => {
+        console.log(`${index + 1}. ${candidate.projectId} from ${candidate.source}`);
+    });
+    console.log("");
+}
+async function promptForProjectId(rl, candidates) {
+    const projectIds = uniqueProjectIds(candidates);
+    if (projectIds.length === 0) {
+        return (await rl.question("Firebase project ID: ")).trim();
+    }
+    printDetectedProjectCandidates(candidates);
+    if (projectIds.length === 1) {
+        return (await rl.question(`Firebase project ID (${projectIds[0]}): `)).trim() || projectIds[0];
+    }
+    const answer = (await rl.question("Select Firebase project ID by number or enter one manually: ")).trim();
+    const selection = Number(answer);
+    if (Number.isInteger(selection) && selection >= 1 && selection <= candidates.length) {
+        return candidates[selection - 1].projectId;
+    }
+    return answer;
+}
+function suggestedServiceAccountPath(detectedPaths) {
+    return detectedPaths[0] ?? defaultConfig.serviceAccountPath;
+}
+function printDetectedServiceAccounts(detectedPaths) {
+    if (detectedPaths.length === 0) {
+        return;
+    }
+    console.log("Detected possible service account files:");
+    console.log("");
+    detectedPaths.forEach((filePath, index) => {
+        console.log(`${index + 1}. ${filePath}`);
+    });
+    console.log("");
+}
+async function promptForServiceAccountPath(rl, detectedPaths) {
+    printDetectedServiceAccounts(detectedPaths);
+    const suggestedPath = suggestedServiceAccountPath(detectedPaths);
+    const answer = (await rl.question(`Service account path (${suggestedPath}): `)).trim();
+    const selection = Number(answer);
+    if (detectedPaths.length > 0 &&
+        Number.isInteger(selection) &&
+        selection >= 1 &&
+        selection <= detectedPaths.length) {
+        return detectedPaths[selection - 1];
+    }
+    return answer || suggestedPath;
+}
+function parseSelectedCollections(inputValue, detectedCollections) {
+    const selectedCollections = [];
+    for (const item of inputValue.split(",")) {
+        const value = item.trim();
+        if (value === "") {
+            continue;
+        }
+        const selection = Number(value);
+        if (Number.isInteger(selection) &&
+            selection >= 1 &&
+            selection <= detectedCollections.length) {
+            selectedCollections.push(detectedCollections[selection - 1]);
+            continue;
+        }
+        selectedCollections.push(value);
+    }
+    return [...new Set(selectedCollections)];
+}
+async function promptForCollectionListing(rl, projectId, serviceAccountPath) {
+    if (!existsSync(serviceAccountPath)) {
+        console.log(`Service account file is not present, so collection detection is skipped: ${serviceAccountPath}`);
+        console.log("");
+        return undefined;
     }
-    const rl = createInterface({ input, output });
+    const answer = (await rl.question("Try to list Firestore collections with this service account? (y/N): "))
+        .trim()
+        .toLowerCase();
+    if (answer !== "y" && answer !== "yes") {
+        return undefined;
+    }
+    console.log("Connecting to Firestore to list top-level collections...");
+    let detectedCollections;
     try {
-        const projectId = (await rl.question("Firebase project ID: ")).trim();
-        const serviceAccountPath = (await rl.question(`Service account path (${defaultConfig.serviceAccountPath}): `)).trim() || defaultConfig.serviceAccountPath;
-        const outputDir = (await rl.question(`Output directory (${defaultConfig.outputDir}): `)).trim() || defaultConfig.outputDir;
-        const collectionsInput = (await rl.question("Collections, comma-separated: ")).trim();
+        detectedCollections = await listFirestoreCollections(projectId, serviceAccountPath);
+    }
+    catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        console.log(`Could not list Firestore collections: ${message}`);
+        console.log("You can enter collection names manually.");
+        console.log("");
+        return undefined;
+    }
+    if (detectedCollections.length === 0) {
+        console.log("No top-level Firestore collections were detected.");
+        console.log("");
+        return undefined;
+    }
+    console.log("");
+    console.log("Detected Firestore collections:");
+    console.log("");
+    detectedCollections.forEach((collection, index) => {
+        console.log(`${index + 1}. ${collection}`);
+    });
+    console.log("");
+    const selected = (await rl.question("Collections to back up, comma-separated numbers or names: ")).trim();
+    if (selected === "") {
+        return undefined;
+    }
+    return parseSelectedCollections(selected, detectedCollections);
+}
+async function promptForConfig(options, rl) {
+    const projectCandidates = detectFirebaseProjectCandidates();
+    const serviceAccountPaths = detectServiceAccountPaths();
+    if (options.yes) {
         return {
-            projectId,
-            serviceAccountPath,
-            outputDir,
-            collections: parseCollections(collectionsInput),
+            ...defaultConfig,
+            projectId: uniqueProjectIds(projectCandidates)[0] ?? defaultConfig.projectId,
         };
     }
-    finally {
-        rl.close();
+    if (!rl) {
+        throw new Error("Prompt interface is required for interactive init.");
+    }
+    const projectId = await promptForProjectId(rl, projectCandidates);
+    if (projectId !== "") {
+        printServiceAccountGuidance(projectId, defaultConfig.serviceAccountPath);
     }
+    const serviceAccountPath = await promptForServiceAccountPath(rl, serviceAccountPaths);
+    const outputDir = (await rl.question(`Output directory (${defaultConfig.outputDir}): `)).trim() || defaultConfig.outputDir;
+    const detectedCollections = await promptForCollectionListing(rl, projectId, serviceAccountPath);
+    const collectionsInput = detectedCollections
+        ? detectedCollections.join(",")
+        : (await rl.question("Collections, comma-separated: ")).trim();
+    return {
+        projectId,
+        serviceAccountPath,
+        outputDir,
+        collections: parseCollections(collectionsInput),
+    };
 }
-async function promptForGitInit(options) {
+async function promptForGitInit(options, rl) {
     if (options.yes) {
         return true;
     }
-    const rl = createInterface({ input, output });
-    try {
-        const answer = (await rl.question("This directory is not a Git repository. Run git init? (Y/n): "))
-            .trim()
-            .toLowerCase();
-        return answer === "" || answer === "y" || answer === "yes";
-    }
-    finally {
-        rl.close();
+    if (!rl) {
+        throw new Error("Prompt interface is required for interactive init.");
     }
+    const answer = (await rl.question("This directory is not a Git repository. Run git init? (Y/n): "))
+        .trim()
+        .toLowerCase();
+    return answer === "" || answer === "y" || answer === "yes";
 }
 function ensureGitignoreEntries(entries) {
     const gitignorePath = ".gitignore";
@@ -76,7 +225,7 @@ function ensureGitignoreEntries(entries) {
         .split("\n")
         .map((line) => line.trim())
         .filter((line) => line !== ""));
-    const missingEntries = entries.filter((entry) => !existingLines.has(entry));
+    const missingEntries = [...new Set(entries)].filter((entry) => !existingLines.has(entry));
     if (missingEntries.length === 0) {
         return;
     }
@@ -89,39 +238,50 @@ export async function runInit(options) {
     console.log("");
     const configPath = "firevault.config.json";
     const alreadyInGitRepository = isInsideGitRepository();
-    if (alreadyInGitRepository && hasWorkingTreeChanges() && !options.force) {
-        throw new Error("Git working tree has changes. Commit, stash, or rerun with --force before init writes files.");
-    }
-    if (existsSync(configPath) && !options.force) {
-        throw new Error("firevault.config.json already exists. Rerun with --force to overwrite it.");
-    }
-    const shouldInitGit = alreadyInGitRepository
-        ? false
-        : await promptForGitInit(options);
-    const config = await promptForConfig(options);
-    config.collections = config.collections.map((collection) => collection.trim());
-    validateConfig(config);
-    if (shouldInitGit) {
-        initGitRepository();
-        console.log("Initialized Git repository.");
-    }
-    if (existsSync(configPath) && options.force) {
-        console.log("Warning: overwriting existing firevault.config.json.");
-    }
-    writeFileSync(configPath, `${JSON.stringify(config, null, 2)}\n`);
-    ensureGitignoreEntries([
-        "serviceAccountKey.json",
-        "firestore-backups/",
-        "firestore-debug.log",
-    ]);
-    console.log("Created firevault.config.json.");
-    console.log("Updated .gitignore safety entries.");
-    console.log("");
-    console.log("Next steps:");
-    console.log(`1. Save your service account key at ${config.serviceAccountPath}`);
-    console.log("2. Run `firevault snapshot`");
-    console.log("3. Run `firevault changes`");
-    console.log("4. Run `firevault restore-preview <path> --from <commit>` before a real restore");
+    const rl = options.yes ? undefined : createInterface({ input, output });
+    try {
+        if (alreadyInGitRepository && hasWorkingTreeChanges() && !options.force) {
+            throw new Error("Git working tree has changes. Commit, stash, or rerun with --force before init writes files.");
+        }
+        if (existsSync(configPath) && !options.force) {
+            throw new Error("firevault.config.json already exists. Rerun with --force to overwrite it.");
+        }
+        const shouldInitGit = alreadyInGitRepository
+            ? false
+            : await promptForGitInit(options, rl);
+        const config = await promptForConfig(options, rl);
+        config.collections = config.collections.map((collection) => collection.trim());
+        validateConfig(config);
+        if (options.yes) {
+            printServiceAccountGuidance(config.projectId, config.serviceAccountPath);
+        }
+        printMissingServiceAccountInfo(config.serviceAccountPath);
+        if (shouldInitGit) {
+            initGitRepository();
+            console.log("Initialized Git repository.");
+        }
+        if (existsSync(configPath) && options.force) {
+            console.log("Warning: overwriting existing firevault.config.json.");
+        }
+        writeFileSync(configPath, `${JSON.stringify(config, null, 2)}\n`);
+        ensureGitignoreEntries([
+            "serviceAccountKey.json",
+            gitignorePathFor(config.serviceAccountPath),
+            "firestore-backups/",
+            "firestore-debug.log",
+        ]);
+        console.log("Created firevault.config.json.");
+        console.log("Updated .gitignore safety entries.");
+        console.log("");
+        console.log("Next steps:");
+        console.log(`1. Save your service account key at ${config.serviceAccountPath}`);
+        console.log("2. Run `firevault snapshot`");
+        console.log("3. Run `firevault changes`");
+        console.log("4. Run `firevault restore-preview <path> --from <commit>` before a real restore");
+    }
+    finally {
+        rl?.close();
+    }
 }
 export const initCommand = new Command("init")
     .description("Create a guided Firevault configuration")

package/dist/init/detectFirebaseProject.js

@@ -0,0 +1,79 @@
+import { existsSync, readFileSync } from "node:fs";
+const projectConfigFiles = [
+    ".env",
+    ".env.local",
+    ".env.development",
+    ".env.production",
+    "firebase.json",
+    "src/firebase.ts",
+    "src/firebase.js",
+    "firebase.ts",
+    "firebase.js",
+    "src/lib/firebase.ts",
+    "src/lib/firebase.js",
+    "app/firebase.ts",
+    "app/firebase.js",
+];
+const projectKeys = [
+    "VITE_FIREBASE_PROJECT_ID",
+    "NEXT_PUBLIC_FIREBASE_PROJECT_ID",
+    "REACT_APP_FIREBASE_PROJECT_ID",
+    "FIREBASE_PROJECT_ID",
+    "GCLOUD_PROJECT",
+    "projectId",
+    "project_id",
+];
+function stripQuotes(value) {
+    return value.trim().replace(/^["']|["']$/g, "");
+}
+function findKeyValue(content, key) {
+    const escapedKey = key.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+    const patterns = [
+        new RegExp(`(?:^|\\n)\\s*${escapedKey}\\s*=\\s*["']?([^"'\\n#]+)["']?`, "g"),
+        new RegExp(`${escapedKey}\\s*[:=]\\s*["']([^"']+)["']`, "g"),
+    ];
+    const values = [];
+    for (const pattern of patterns) {
+        for (const match of content.matchAll(pattern)) {
+            const value = stripQuotes(match[1] ?? "");
+            if (value !== "") {
+                values.push(value);
+            }
+        }
+    }
+    return values;
+}
+export function detectFirebaseProjectCandidates() {
+    const candidates = [];
+    const seen = new Set();
+    for (const filePath of projectConfigFiles) {
+        if (!existsSync(filePath)) {
+            continue;
+        }
+        let content;
+        try {
+            content = readFileSync(filePath, "utf-8");
+        }
+        catch {
+            continue;
+        }
+        for (const key of projectKeys) {
+            for (const projectId of findKeyValue(content, key)) {
+                const dedupeKey = `${projectId}\0${filePath}\0${key}`;
+                if (seen.has(dedupeKey)) {
+                    continue;
+                }
+                seen.add(dedupeKey);
+                candidates.push({
+                    projectId,
+                    source: filePath,
+                    key,
+                });
+            }
+        }
+    }
+    return candidates;
+}
+export function uniqueProjectIds(candidates) {
+    return [...new Set(candidates.map((candidate) => candidate.projectId))];
+}

package/dist/init/detectServiceAccount.js

@@ -0,0 +1,10 @@
+import { existsSync } from "node:fs";
+const likelyServiceAccountPaths = [
+    "./serviceAccountKey.json",
+    "./service-account.json",
+    "./firebase-service-account.json",
+    "./credentials/firebase.json",
+];
+export function detectServiceAccountPaths() {
+    return likelyServiceAccountPaths.filter((filePath) => existsSync(filePath));
+}

package/dist/init/listCollections.js

@@ -0,0 +1,33 @@
+import admin from "firebase-admin";
+import { existsSync, readFileSync } from "node:fs";
+export async function listFirestoreCollections(projectId, serviceAccountPath) {
+    if (!existsSync(serviceAccountPath)) {
+        throw new Error(`Service account file not found: ${serviceAccountPath}`);
+    }
+    const emulatorHost = process.env.FIRESTORE_EMULATOR_HOST;
+    let appOptions;
+    if (emulatorHost) {
+        appOptions = { projectId };
+    }
+    else {
+        let serviceAccount;
+        try {
+            serviceAccount = JSON.parse(readFileSync(serviceAccountPath, "utf-8"));
+        }
+        catch {
+            throw new Error(`Invalid service account file: ${serviceAccountPath}`);
+        }
+        appOptions = {
+            credential: admin.credential.cert(serviceAccount),
+            projectId,
+        };
+    }
+    const app = admin.initializeApp(appOptions, `firevault-init-${Date.now()}`);
+    try {
+        const collections = await app.firestore().listCollections();
+        return collections.map((collection) => collection.id).sort();
+    }
+    finally {
+        await app.delete();
+    }
+}

package/docs/architecture.md

@@ -82,8 +82,9 @@ Current implementation notes:
 - `loadConfig` reads and parses `firevault.config.json`.
 - Firebase initialization expects `serviceAccountPath`.
 - `firevault init` guides setup, validates required fields, checks Git state before writing, and updates `.gitignore` without overwriting existing entries.
+- `firevault init` can suggest project IDs from local Firebase config files and likely service account paths from local filenames.
 - `firevault init --force` allows dirty Git state and config overwrite with a warning.
-- `firevault init --yes` provides a non-interactive path for tests and automation.
+- `firevault init --yes` provides a deterministic non-interactive path for tests and automation, using a detected project ID if one is available and skipping Firebase collection listing.
 
 ## Init Safety
 
@@ -94,10 +95,16 @@ Behavior:
 - prints the Firevault identity before prompting,
 - detects whether the current directory is inside a Git repository,
 - offers `git init` when no repository exists,
+- scans common local Firebase files for project ID candidates,
+- shows detected project ID candidates with their source files,
+- suggests likely service account paths without reading or printing private key contents,
+- prints the Firebase Console Admin SDK service account URL for the entered project ID,
+- explains where to save the manually downloaded service account key,
+- optionally lists top-level Firestore collections only after telling the user and only when the selected service account file exists,
 - refuses to run in a dirty Git working tree unless `--force` is provided,
 - refuses to overwrite `firevault.config.json` unless `--force` is provided,
-- appends `.gitignore` safety entries without duplicating existing lines,
-- never commits, pushes, creates GitHub repositories, contacts Firebase, or writes secrets.
+- appends `.gitignore` safety entries, including the selected service account path, without duplicating existing lines,
+- never creates service accounts, opens browsers, runs `gcloud`, commits, pushes, creates GitHub repositories, contacts Firebase, or writes secrets.
 
 ## Firebase Access
 
@@ -109,7 +116,8 @@ Design constraints:
 
 - operate only on existing Firestore projects,
 - keep credentials local,
-- do not introduce hosted auth or account systems,
+- use manually managed service account credentials,
+- do not introduce credential brokerage, hosted auth, or account systems,
 - avoid committing service account files.
 
 ## Emulator Tests
@@ -132,6 +140,12 @@ Current emulator coverage:
 - collection path rejection,
 - `--confirm` enforcement.
 
+## Publishing
+
+Prerelease publishing is intentionally local-script based for now. `scripts/publish.ts` calculates an npm-safe prerelease version from Git state with `gitversionjs`, verifies a clean working tree for real publishes, runs clean/build/emulator tests, inspects `npm pack --dry-run` contents, rejects known unsafe paths, and publishes with the `next` npm dist-tag only after explicit confirmation.
+
+There is no GitHub Actions publishing, trusted publishing, or release automation beyond this local guard script yet.
+
 ## Export Pipeline
 
 Current backup flow:

package/docs/roadmap.md

@@ -24,8 +24,9 @@ Status:
 - Firestore emulator integration tests cover backup and document restore safety paths.
 - CLI packaging runs from compiled `dist/index.js`.
 - npm prerelease packaging is guarded by package file whitelisting and pack verification.
+- Local npm prerelease publishing is guarded by a `gitversionjs`-based publish script with clean-tree, build, emulator-test, pack, and forbidden-path checks.
 - Public GitHub release docs cover quick start, security, contributing, and issue triage.
-- Guided `firevault init` validates setup input, checks Git state, and applies `.gitignore` safety entries.
+- Guided `firevault init` validates setup input, checks Git state, suggests local Firebase project settings, optionally lists Firestore collections, and applies `.gitignore` safety entries.
 
 Next work:
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "firevault",
-  "version": "0.1.1-beta.1",
+  "version": "0.1.1-beta.3",
   "description": "Undo button for Firestore. Git-style history, rollback, and recovery for Firestore projects.",
   "keywords": [
     "firebase",
@@ -33,6 +33,9 @@
     "clean": "rm -rf dist",
     "build": "tsc && chmod +x dist/index.js",
     "prepublishOnly": "npm run clean && npm run build && npm run test:emulator",
+    "version:calculate": "tsx scripts/publish.ts --version-only",
+    "publish:dry-run": "tsx scripts/publish.ts --dry-run --allow-dirty",
+    "publish:next": "tsx scripts/publish.ts",
     "test:emulator": "tsx test/integration/run-firestore-emulator.ts",
     "backup": "tsx src/index.ts backup",
     "commit": "tsx src/index.ts commit",
@@ -51,6 +54,7 @@
   "devDependencies": {
     "@types/node": "^24.0.0",
     "firebase-tools": "^15.18.0",
+    "gitversionjs": "^1.0.15",
     "tsx": "^4.20.0",
     "typescript": "^5.8.0"
   }