npm - firevault - Versions diffs - 0.2.0-beta.1 → 0.2.0-beta.3 - Mend

firevault 0.2.0-beta.1 → 0.2.0-beta.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -6,6 +6,7 @@
 - Added `firevault doctor` for actionable local setup validation.
 - Added `firevault setup-github-action` to generate a scheduled GitHub Actions workflow for offsite snapshots.
 - Added local workflow detection for generated GitHub Actions snapshot automation.
+- Changed `firevault doctor` to treat service account paths outside `.firevault` as informational rather than a failure.
 ## 0.2.0-beta.0

package/dist/commands/doctor.js CHANGED Viewed

@@ -133,7 +133,7 @@ export function runDoctor() {
     }
     const serviceAccountDisplayPath = displayPathFromApp(config.workspaceRoot, config.serviceAccountPathAbsolute);
     if (!isInside(config.workspaceRoot, config.serviceAccountPathAbsolute)) {
-        addCheck(checks, "FAIL", "Service account path is outside .firevault", "Set serviceAccountPath to a path inside .firevault, such as ./serviceAccountKey.json");
+        addCheck(checks, "INFO", "Service account path is outside .firevault", "External credential paths are supported. Ensure the file is securely managed and excluded from Git.");
     }
     else if (existsSync(config.serviceAccountPathAbsolute)) {
         addCheck(checks, "OK", "Service account file present");
@@ -164,10 +164,14 @@ export function runDoctor() {
         addCheck(checks, "WARN", "No Git remote origin configured", "git -C .firevault remote add origin <private-repo-url>");
     }
     workflowChecks(checks, config.workspaceRoot);
-    const serviceAccountIgnored = workspaceIsGitRepo
+    const serviceAccountIsInsideWorkspace = isInside(config.workspaceRoot, config.serviceAccountPathAbsolute);
+    const serviceAccountIgnored = workspaceIsGitRepo && serviceAccountIsInsideWorkspace
         ? isPathIgnored(config.serviceAccountPath, config.workspaceRoot)
         : undefined;
-    if (serviceAccountIgnored === true || gitignoreContains(config.workspaceRoot, config.serviceAccountPath)) {
+    if (!serviceAccountIsInsideWorkspace) {
+        addCheck(checks, "INFO", "Service account ignore check skipped for external path");
+    }
+    else if (serviceAccountIgnored === true || gitignoreContains(config.workspaceRoot, config.serviceAccountPath)) {
         addCheck(checks, "OK", "Service account file ignored");
     }
     else {

package/dist/index.js CHANGED Viewed

@@ -12,11 +12,12 @@ import { setupGithubActionCommand } from "./commands/setupGithubAction.js";
 import { restorePreviewCommand } from "./commands/restorePreview.js";
 import { restoreLocalCommand } from "./commands/restoreLocal.js";
 import { restoreFirestoreCommand } from "./commands/restoreFirestore.js";
+import packageJson from "../package.json" with { type: "json" };
 const program = new Command();
 program
     .name("firevault")
     .description("Undo button for Firestore.")
-    .version("0.2.0-beta.0");
+    .version(packageJson.version);
 program.addCommand(initCommand);
 program.addCommand(backupCommand);
 program.addCommand(commitCommand);

package/docs/doctor-design.md CHANGED Viewed

@@ -45,6 +45,7 @@ Next fixes:
 Use clear severity:
 - `OK`: check passed.
+- `INFO`: supported setup choice or useful context.
 - `WARN`: setup can work locally but recovery posture is weaker.
 - `FAIL`: setup is incomplete or unsafe enough that normal recovery workflows may fail.
@@ -54,6 +55,8 @@ Exit codes:
 - `1` if warnings are present and no checks fail.
 - `2` if any `FAIL`.
+`INFO` checks do not affect the exit code.
 ## Checks
 ### Workspace
@@ -103,16 +106,25 @@ Edit .firevault/config.json or rerun `firevault init --force`
 Checks:
-- configured `serviceAccountPath` resolves inside `.firevault`,
-- file exists.
+- configured `serviceAccountPath` may resolve inside or outside `.firevault`,
+- file exists when the path is inside `.firevault`.
+External credential paths are supported. A service account file outside `.firevault` is not inherently unsafe because users may keep credentials in secure locations such as `~/.config`, password-manager mounted paths, or shared secret directories.
 Do not parse the service account JSON in the first version. Parsing is local, but it starts pulling doctor toward credential validation. Save that for a later `--verify` mode.
 Result:
+- `INFO Service account path is outside .firevault`
 - `OK Service account file present`
 - `FAIL Service account file missing`
+Message for external paths:
+```txt
+External credential paths are supported. Ensure the file is securely managed and excluded from Git.
+```
 Fix:
 ```txt
@@ -216,7 +228,9 @@ Review .firevault/.github/workflows/firevault-snapshot.yml or rerun `firevault s
 Checks:
 - `.firevault/.gitignore` exists,
-- configured service account path is ignored by Git.
+- configured service account path is ignored by Git when the path is inside `.firevault`.
+If the configured service account path is outside `.firevault`, skip `.firevault/.gitignore` enforcement and report an informational check instead. External credential paths should be managed by the external location's security and Git ignore policy.
 Best check:

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "firevault",
-  "version": "0.2.0-beta.1",
+  "version": "0.2.0-beta.3",
   "description": "Undo button for Firestore. Git-style history, rollback, and recovery for Firestore projects.",
   "keywords": [
     "firebase",