npm - hatchkit - Versions diffs - 0.1.26 → 0.1.28 - Mend

hatchkit 0.1.26 → 0.1.28

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (34) hide show

package/dist/adopt.d.ts.map +1 -1
package/dist/adopt.js +71 -19
package/dist/adopt.js.map +1 -1
package/dist/completion.js +1 -1
package/dist/completion.js.map +1 -1
package/dist/config.d.ts.map +1 -1
package/dist/config.js +11 -4
package/dist/config.js.map +1 -1
package/dist/deploy/coolify.d.ts +11 -3
package/dist/deploy/coolify.d.ts.map +1 -1
package/dist/deploy/coolify.js +5 -1
package/dist/deploy/coolify.js.map +1 -1
package/dist/deploy/keys.d.ts +77 -1
package/dist/deploy/keys.d.ts.map +1 -1
package/dist/deploy/keys.js +212 -10
package/dist/deploy/keys.js.map +1 -1
package/dist/deploy/rollback.d.ts.map +1 -1
package/dist/deploy/rollback.js +97 -7
package/dist/deploy/rollback.js.map +1 -1
package/dist/doctor.d.ts +13 -0
package/dist/doctor.d.ts.map +1 -1
package/dist/doctor.js +113 -0
package/dist/doctor.js.map +1 -1
package/dist/index.js +181 -20
package/dist/index.js.map +1 -1
package/dist/provision/s3-buckets.d.ts +21 -6
package/dist/provision/s3-buckets.d.ts.map +1 -1
package/dist/provision/s3-buckets.js +60 -54
package/dist/provision/s3-buckets.js.map +1 -1
package/dist/utils/gitignore.d.ts +22 -0
package/dist/utils/gitignore.d.ts.map +1 -0
package/dist/utils/gitignore.js +78 -0
package/dist/utils/gitignore.js.map +1 -0
package/package.json +1 -1

package/dist/utils/gitignore.js ADDED Viewed

@@ -0,0 +1,78 @@
+/*
+ * Tiny helpers for keeping `.env.keys` (and friends) out of git.
+ *
+ * Used by `hatchkit adopt` because the user's repo predates hatchkit
+ * and may not have `.env.keys` in `.gitignore`. The first time we
+ * generate `.env.keys`, we MUST also ensure it's gitignored — otherwise
+ * the next `git add -A` sweeps the dotenvx private key into the repo,
+ * and a `git push` to a public remote leaks it forever.
+ *
+ * The defensive guard lives here too: scan a candidate file's first
+ * few lines for the `DOTENV_PRIVATE_KEY` substring (matches both the
+ * literal `DOTENV_PRIVATE_KEY_PRODUCTION=…` line and the `.env.keys`
+ * banner comment that dotenvx emits). Used as belt-and-braces around
+ * `git add` to refuse to stage anything that smells like a private key,
+ * regardless of `.gitignore` state.
+ */
+import { existsSync, readFileSync, writeFileSync } from "node:fs";
+import { join } from "node:path";
+/** Marker block we own inside `.gitignore`. The leading newline keeps
+ *  the new section visually separate from whatever the user already
+ *  had (or no-op'd if they had nothing — git tolerates leading blanks).
+ *  The `# hatchkit:` comment is a bread crumb so a curious user can
+ *  trace where the line came from. */
+const SECTION_HEADER = "# hatchkit: dotenvx private keys (NEVER commit)";
+/** Append `patterns` to `<repoRoot>/.gitignore` if not already present.
+ *  Creates the file when missing. Considers a pattern "present" when an
+ *  existing line matches it exactly after trimming whitespace + a
+ *  leading `/` — handles both `.env.keys` and `/.env.keys` / repo-root
+ *  patterns the user may already have. */
+export function ensureGitignoreEntries(repoRoot, patterns) {
+    const path = join(repoRoot, ".gitignore");
+    const fileCreated = !existsSync(path);
+    const existing = fileCreated ? "" : readFileSync(path, "utf-8");
+    const existingLines = new Set(existing
+        .split(/\r?\n/)
+        .map((l) => l.trim().replace(/^\/+/, ""))
+        .filter((l) => l.length > 0 && !l.startsWith("#")));
+    const added = [];
+    const alreadyPresent = [];
+    for (const p of patterns) {
+        const norm = p.trim().replace(/^\/+/, "");
+        if (existingLines.has(norm)) {
+            alreadyPresent.push(p);
+        }
+        else {
+            added.push(p);
+        }
+    }
+    if (added.length === 0) {
+        return { fileCreated: false, added, alreadyPresent, path };
+    }
+    // Build the appended block. End the file with a trailing newline so
+    // a subsequent append doesn't glue onto the same physical line.
+    const needsLeadingNewline = existing.length > 0 && !existing.endsWith("\n");
+    const block = `${needsLeadingNewline ? "\n" : ""}${existing.length > 0 ? "\n" : ""}${SECTION_HEADER}\n${added.join("\n")}\n`;
+    writeFileSync(path, existing + block);
+    return { fileCreated, added, alreadyPresent, path };
+}
+/** True iff the file's first `lines` lines contain the literal string
+ *  `DOTENV_PRIVATE_KEY`. Disjoint from `DOTENV_PUBLIC_KEY` (they share
+ *  no common substring beyond `DOTENV_`), so this is safe against the
+ *  encrypted-but-public-key header dotenvx writes into `.env.production`. */
+export function looksLikeDotenvxPrivateKey(filePath, lines = 10) {
+    if (!existsSync(filePath))
+        return false;
+    let head;
+    try {
+        head = readFileSync(filePath, "utf-8");
+    }
+    catch {
+        // Binary / unreadable / permission denied — bail safely (treat as
+        // "not a private key" so we don't block staging legit binaries).
+        return false;
+    }
+    const slice = head.split(/\r?\n/, lines).join("\n");
+    return slice.includes("DOTENV_PRIVATE_KEY");
+}
+//# sourceMappingURL=gitignore.js.map

package/dist/utils/gitignore.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"gitignore.js","sourceRoot":"","sources":["../../src/utils/gitignore.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAClE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAEjC;;;;sCAIsC;AACtC,MAAM,cAAc,GAAG,iDAAiD,CAAC;AAazE;;;;0CAI0C;AAC1C,MAAM,UAAU,sBAAsB,CACpC,QAAgB,EAChB,QAAkB;IAElB,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;IAC1C,MAAM,WAAW,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;IACtC,MAAM,QAAQ,GAAG,WAAW,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IAChE,MAAM,aAAa,GAAG,IAAI,GAAG,CAC3B,QAAQ;SACL,KAAK,CAAC,OAAO,CAAC;SACd,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;SACxC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CACrD,CAAC;IAEF,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,MAAM,cAAc,GAAa,EAAE,CAAC;IACpC,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,MAAM,IAAI,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QAC1C,IAAI,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YAC5B,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACzB,CAAC;aAAM,CAAC;YACN,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAChB,CAAC;IACH,CAAC;IAED,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,OAAO,EAAE,WAAW,EAAE,KAAK,EAAE,KAAK,EAAE,cAAc,EAAE,IAAI,EAAE,CAAC;IAC7D,CAAC;IAED,oEAAoE;IACpE,gEAAgE;IAChE,MAAM,mBAAmB,GAAG,QAAQ,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IAC5E,MAAM,KAAK,GAAG,GAAG,mBAAmB,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,GAAG,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,GAAG,cAAc,KAAK,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;IAC7H,aAAa,CAAC,IAAI,EAAE,QAAQ,GAAG,KAAK,CAAC,CAAC;IAEtC,OAAO,EAAE,WAAW,EAAE,KAAK,EAAE,cAAc,EAAE,IAAI,EAAE,CAAC;AACtD,CAAC;AAED;;;6EAG6E;AAC7E,MAAM,UAAU,0BAA0B,CAAC,QAAgB,EAAE,KAAK,GAAG,EAAE;IACrE,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC;QAAE,OAAO,KAAK,CAAC;IACxC,IAAI,IAAY,CAAC;IACjB,IAAI,CAAC;QACH,IAAI,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IACzC,CAAC;IAAC,MAAM,CAAC;QACP,kEAAkE;QAClE,iEAAiE;QACjE,OAAO,KAAK,CAAC;IACf,CAAC;IACD,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACpD,OAAO,KAAK,CAAC,QAAQ,CAAC,oBAAoB,CAAC,CAAC;AAC9C,CAAC"}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "hatchkit",
-  "version": "0.1.26",
+  "version": "0.1.28",
   "packageManager": "pnpm@10.33.2",
   "description": "Interactive CLI for scaffolding full-stack projects and provisioning observability/email clients",
   "type": "module",