kiroo 0.8.0 → 0.9.5

package/src/formatter.js

@@ -1,6 +1,8 @@
 import chalk from 'chalk';
 
-export function formatResponse(response) {
+import { translateText, translateResponseData } from './lingo.js';
+
+export async function formatResponse(response, lang) {
   const lines = [];
   
   // Status
@@ -21,7 +23,10 @@ export function formatResponse(response) {
     .slice(0, 3);
   
   if (headers.length > 0) {
-    lines.push(chalk.gray('  Headers:'));
+    let headersLabel = '  Headers:';
+    if (lang) headersLabel = await translateText(headersLabel, lang);
+    lines.push(chalk.gray(headersLabel));
+    
     headers.forEach(([key, value]) => {
       const displayValue = typeof value === 'string' && value.length > 50 
         ? value.substring(0, 50) + '...' 
@@ -33,17 +38,24 @@ export function formatResponse(response) {
   
   // Body
   if (response.data) {
-    lines.push(chalk.gray('  Response:'));
+    let responseLabel = '  Response:';
+    if (lang) responseLabel = await translateText(responseLabel, lang);
+    lines.push(chalk.gray(responseLabel));
+    
+    let displayData = response.data;
+    if (lang) {
+      displayData = await translateResponseData(response.data, lang);
+    }
     
-    if (typeof response.data === 'object') {
+    if (typeof displayData === 'object') {
       // Pretty print JSON
-      const json = JSON.stringify(response.data, null, 2);
+      const json = JSON.stringify(displayData, null, 2);
       json.split('\n').forEach(line => {
         lines.push(chalk.cyan(`    ${line}`));
       });
     } else {
       // Plain text
-      const text = String(response.data);
+      const text = String(displayData);
       const preview = text.length > 500 ? text.substring(0, 500) + '...' : text;
       lines.push(chalk.white(`    ${preview}`));
     }

package/src/init.js

@@ -1,48 +1,80 @@
-import chalk from 'chalk';
-import inquirer from 'inquirer';
-import { writeFileSync, existsSync } from 'fs';
-import { ensureKirooDir } from './storage.js';
-
-export async function initProject() {
-  console.log('');
-  console.log(chalk.cyan.bold('  🚀 Welcome to Kiroo'));
-  console.log(chalk.gray('  Git for API interactions\n'));
-  
-  if (existsSync('.kiroo')) {
-    console.log(chalk.yellow('  ⚠️  Kiroo is already initialized in this directory.\n'));
-    return;
-  }
-  
-  const answers = await inquirer.prompt([
-    {
-      type: 'input',
-      name: 'projectName',
-      message: 'Project name:',
-      default: 'my-api-project',
-    },
-    {
-      type: 'input',
-      name: 'baseUrl',
-      message: 'Base URL (optional):',
-      default: '',
-    },
-  ]);
-  
-  ensureKirooDir();
-  
-  const config = {
-    projectName: answers.projectName,
-    baseUrl: answers.baseUrl,
-    createdAt: new Date().toISOString(),
-  };
-  
-  writeFileSync('.kiroo/config.json', JSON.stringify(config, null, 2));
-  
-  console.log('');
-  console.log(chalk.green('  ✅ Kiroo initialized successfully!'));
-  console.log('');
-  console.log(chalk.gray('  Next steps:'));
-  console.log(chalk.white('    kiroo POST https://api.example.com/login email=test@test.com'));
-  console.log(chalk.white('    kiroo list'));
-  console.log(chalk.white('    kiroo snapshot save initial\n'));
-}
+import chalk from 'chalk';
+import inquirer from 'inquirer';
+import { existsSync } from 'fs';
+import { ensureKirooDir, loadEnv, saveEnv } from './storage.js';
+import { saveKirooConfig } from './config.js';
+
+export async function initProject() {
+  console.log('');
+  console.log(chalk.cyan.bold('  🚀 Welcome to Kiroo'));
+  console.log(chalk.gray('  Git for API interactions\n'));
+  
+  if (existsSync('.kiroo')) {
+    console.log(chalk.yellow('  ⚠️  Kiroo is already initialized in this directory.\n'));
+    return;
+  }
+  
+  const answers = await inquirer.prompt([
+    {
+      type: 'input',
+      name: 'projectName',
+      message: 'Project name:',
+      default: 'my-api-project',
+    },
+    {
+      type: 'input',
+      name: 'baseUrl',
+      message: 'Base URL (optional):',
+      default: '',
+    },
+    {
+      type: 'password',
+      name: 'groqApiKey',
+      message: 'Groq API Key (optional, hidden):',
+      default: '',
+      mask: '*',
+    },
+    {
+      type: 'password',
+      name: 'lingoApiKey',
+      message: 'Lingo.dev API Key (optional, hidden):',
+      default: '',
+      mask: '*',
+    },
+  ]);
+  
+  ensureKirooDir();
+  
+  const config = {
+    projectName: answers.projectName,
+    baseUrl: answers.baseUrl,
+    createdAt: new Date().toISOString(),
+  };
+  
+  saveKirooConfig(config);
+
+  const envData = loadEnv();
+  const current = envData.current || 'default';
+  if (!envData.environments[current]) {
+    envData.environments[current] = {};
+  }
+
+  if (answers.baseUrl) {
+    envData.environments[current].baseUrl = answers.baseUrl;
+  }
+  if (answers.groqApiKey) {
+    envData.environments[current].GROQ_API_KEY = answers.groqApiKey;
+  }
+  if (answers.lingoApiKey) {
+    envData.environments[current].LINGODOTDEV_API_KEY = answers.lingoApiKey;
+  }
+  saveEnv(envData);
+  
+  console.log('');
+  console.log(chalk.green('  ✅ Kiroo initialized successfully!'));
+  console.log('');
+  console.log(chalk.gray('  Next steps:'));
+  console.log(chalk.white('    kiroo POST https://api.example.com/login email=test@test.com'));
+  console.log(chalk.white('    kiroo list'));
+  console.log(chalk.white('    kiroo snapshot save initial\n'));
+}

package/src/lingo.js

@@ -1,36 +1,55 @@
-import { LingoDotDevEngine } from "lingo.dev/sdk";
-import chalk from "chalk";
-import { loadEnv } from "./storage.js";
-
-function getLingoEngine() {
-  const envData = loadEnv();
-  const currentEnvVars = envData.environments[envData.current] || {};
-  
-  // Prioritize process.env, fallback to kiroo environments
-  const apiKey = currentEnvVars.LINGODOTDEV_API_KEY;
-
-  if (!apiKey) {
-    console.log(chalk.yellow(`\n  ⚠️  LINGODOTDEV_API_KEY not found.`));
-    console.log(chalk.gray(`run 'kiroo env set LINGODOTDEV_API_KEY <your_key>'\n`));
-    return null;
-  }
-
-  return new LingoDotDevEngine({ apiKey });
-}
-
-export async function translateText(text, targetLang) {
-  const engine = getLingoEngine();
-  if (!engine) return text;
-
-  try {
-    const result = await engine.localizeText(text, {
-      sourceLocale: 'en',
-      targetLocale: targetLang,
-      fast: true 
-    });
-    return result;
-  } catch (error) {
-    console.log(chalk.red(`\n  ⚠️  Translation failed: ${error.message}`));
-    return text; 
-  }
-}
+import { LingoDotDevEngine } from "lingo.dev/sdk";
+import chalk from "chalk";
+import { getEnvVar } from "./env.js";
+
+function getLingoEngine() {
+  const apiKey = getEnvVar('LINGODOTDEV_API_KEY') || getEnvVar('LINGO_API_KEY');
+
+  if (!apiKey) {
+    console.log(chalk.yellow(`\n  ⚠️  Lingo API key not found in .kiroo/env.json.`));
+    console.log(chalk.gray(`  Run 'kiroo env set LINGODOTDEV_API_KEY <your_key>' or re-run 'kiroo init'.\n`));
+    return null;
+  }
+
+  return new LingoDotDevEngine({ apiKey });
+}
+
+export async function translateText(text, targetLang) {
+  if (!text || typeof text !== 'string' || text.trim() === '') return text;
+  const engine = getLingoEngine();
+  if (!engine) return text;
+
+  try {
+    const result = await engine.localizeText(text, {
+      sourceLocale: 'en',
+      targetLocale: targetLang,
+      fast: true 
+    });
+    return result;
+  } catch (error) {
+    // console.log(chalk.red(`\n  ⚠️  Translation failed: ${error.message}`));
+    return text; 
+  }
+}
+
+/**
+ * Recursively translates strings within an object or array
+ */
+export async function translateResponseData(data, targetLang) {
+  if (!data) return data;
+  if (typeof data === 'string') {
+    return await translateText(data, targetLang);
+  }
+  if (Array.isArray(data)) {
+    return await Promise.all(data.map(item => translateResponseData(item, targetLang)));
+  }
+  if (typeof data === 'object') {
+    const translated = {};
+    for (const [key, value] of Object.entries(data)) {
+      // Don't translate keys, just values
+      translated[key] = await translateResponseData(value, targetLang);
+    }
+    return translated;
+  }
+  return data;
+}

package/src/proxy.js

@@ -0,0 +1,140 @@
+import http from 'http';
+import httpProxy from 'http-proxy';
+import chalk from 'chalk';
+import { URL } from 'url';
+import stream from 'stream';
+import { saveInteraction } from './storage.js';
+
+export async function runProxy(targetHost, options = {}) {
+  const port = parseInt(options.port, 10) || 8080;
+
+  if (isNaN(port) || port <= 0 || port > 65535) {
+    console.error(chalk.red('\n  ✗ Invalid port provided.'), options.port);
+    console.log(chalk.gray('  Port must be a number between 1 and 65535.\n'));
+    process.exit(1);
+  }
+
+  // Validate target URL
+  try {
+    new URL(targetHost);
+  } catch (err) {
+    console.error(chalk.red('\n  ✗ Invalid target URL provided.'), targetHost);
+    console.log(chalk.gray('  Example: kiroo proxy --target http://localhost:3000\n'));
+    process.exit(1);
+  }
+
+  const proxy = httpProxy.createProxyServer({
+    target: targetHost,
+    changeOrigin: true,
+    secure: false,
+  });
+
+  // Handle Proxy Errors
+  proxy.on('error', (err, req, res) => {
+    let errorMsg = err.message;
+    if (err.code === 'ECONNREFUSED') {
+      errorMsg = `Connection Refused. Is your backend server running on ${targetHost}?`;
+    } else if (err.code === 'ENOTFOUND') {
+      errorMsg = `Target host not found: ${targetHost}`;
+    }
+
+    console.error(chalk.red(`\n  ✗ Proxy error for ${req.method} ${req.url}`));
+    console.error(chalk.yellow(`    Error: ${errorMsg} (${err.code || 'UNKNOWN'})\n`));
+
+    if (!res.headersSent && res.writeHead) {
+      res.writeHead(502, { 'Content-Type': 'application/json' });
+    }
+    if (res.end) {
+      res.end(JSON.stringify({ error: 'Proxy Error', message: errorMsg, code: err.code }));
+    }
+  });
+
+  // Intercept Response to save interaction
+  proxy.on('proxyRes', (proxyRes, req, res) => {
+    let responseBody = '';
+    proxyRes.on('data', (chunk) => {
+      responseBody += chunk.toString('utf8');
+    });
+
+    proxyRes.on('end', () => {
+      const duration = Date.now() - req.kirooStartTime;
+      const fullUrl = new URL(req.url, targetHost).toString();
+      
+      let parsedReqBody = req.kirooBodyData;
+      if (req.kirooBodyData) {
+         try { parsedReqBody = JSON.parse(req.kirooBodyData); } catch (e) { }
+      }
+
+      let parsedResBody = responseBody;
+      if (responseBody) {
+         try { parsedResBody = JSON.parse(responseBody); } catch (e) { }
+      }
+
+      // Only save if it's not a CORS preflight with no content
+      if (req.method !== 'OPTIONS' || proxyRes.statusCode !== 204) {
+          saveInteraction({
+            method: req.method,
+            url: fullUrl,
+            headers: req.headers,
+            body: parsedReqBody || undefined,
+            response: {
+              status: proxyRes.statusCode,
+              headers: proxyRes.headers,
+              body: parsedResBody || undefined
+            },
+            duration: duration
+          });
+          
+          const statusColor = proxyRes.statusCode >= 400 ? chalk.red : chalk.green;
+          console.log(`  ${statusColor(req.method)} ${chalk.dim(fullUrl)} ${statusColor(proxyRes.statusCode)} - ${duration}ms`);
+      }
+    });
+  });
+
+  // Add CORS headers to proxied responses
+  proxy.on('proxyRes', function (proxyRes, req, res) {
+    proxyRes.headers['access-control-allow-origin'] = req.headers.origin || '*';
+    proxyRes.headers['access-control-allow-credentials'] = 'true';
+  });
+
+  const server = http.createServer((req, res) => {
+    req.kirooStartTime = Date.now();
+
+    // Handle CORS preflight
+    if (req.method === 'OPTIONS') {
+      res.writeHead(204, {
+        'Access-Control-Allow-Origin': req.headers.origin || '*',
+        'Access-Control-Allow-Methods': 'GET, POST, PUT, DELETE, PATCH, OPTIONS',
+        'Access-Control-Allow-Headers': req.headers['access-control-request-headers'] || '*',
+        'Access-Control-Allow-Credentials': 'true',
+        'Access-Control-Max-Age': '86400',
+      });
+      res.end();
+      return;
+    }
+
+    let bodyChunks = [];
+
+    req.on('data', (chunk) => {
+      bodyChunks.push(chunk);
+    });
+
+    req.on('end', () => {
+      const bodyBuffer = Buffer.concat(bodyChunks);
+      req.kirooBodyData = bodyBuffer.toString('utf8');
+      
+      // We must re-stream the body because the original req stream is exhausted
+      const bufferStream = new stream.PassThrough();
+      bufferStream.end(bodyBuffer);
+      
+      proxy.web(req, res, { buffer: bufferStream });
+    });
+  });
+
+  server.listen(port, () => {
+    console.log(chalk.cyan(`\n  📡 Kiroo Proxy Started`));
+    console.log(chalk.white(`  Listening on : http://localhost:${port}`));
+    console.log(chalk.white(`  Forwarding to: ${targetHost}`));
+    console.log(chalk.gray(`\n  (Press Ctrl+C to stop recording)\n`));
+  });
+}

package/src/replay.js

@@ -11,7 +11,7 @@ export async function listInteractions(options) {
   
   // Apply Filters
   if (options.date) {
-    interactions = interactions.filter(int => int.id.startsWith(options.date));
+  interactions = interactions.filter(int => int.id.startsWith(options.date));
   }
   if (options.url) {
     interactions = interactions.filter(int => int.request.url.toLowerCase().includes(options.url.toLowerCase()));
@@ -42,12 +42,13 @@ export async function listInteractions(options) {
       ? chalk.red 
       : chalk.yellow;
     
+    const url = int.request.url || 'N/A';
     table.push([
       chalk.white(int.id),
-      chalk.white(int.request.method),
-      chalk.gray(int.request.url.substring(0, 42) + (int.request.url.length > 42 ? '...' : '')),
+      chalk.white(int.request.method || '???'),
+      chalk.gray(url.substring(0, 42) + (url.length > 42 ? '...' : '')),
       statusColor(int.response.status),
-      chalk.gray(int.metadata.duration_ms + 'ms'),
+      chalk.gray((int.metadata.duration_ms || 0) + 'ms'),
     ]);
   });
   

package/src/run.js

@@ -0,0 +1,246 @@
+import axios from 'axios';
+import chalk from 'chalk';
+import ora from 'ora';
+import { loadSnapshotData, loadEnv } from './storage.js';
+
+const REDACTED_RE = /<REDACTED[^>]*>/i;
+
+function isRedacted(val) {
+  return typeof val === 'string' && REDACTED_RE.test(val.trim());
+}
+
+/**
+ * Sort interactions chronologically (oldest first) so login
+ * runs before authenticated requests.
+ */
+function sortChronologically(interactions) {
+  return [...interactions].sort((a, b) => {
+    // IDs are timestamps like "2026-03-15T08-10-57-031Z"
+    const idA = a.id || '';
+    const idB = b.id || '';
+    return idA.localeCompare(idB);
+  });
+}
+
+/**
+ * Deduplicate redundant interactions (e.g. 10 identical GET /api/projects 304s).
+ * Keeps unique method+path combinations, but allows duplicates for different
+ * status codes or non-cacheable methods (POST/PUT/DELETE).
+ */
+function deduplicateInteractions(interactions) {
+  const seen = new Map();
+  return interactions.filter((int) => {
+    const method = String(int.method || int.request?.method || 'GET').toUpperCase();
+    // Always keep non-GET (side-effectful) methods
+    if (method !== 'GET') return true;
+
+    const url = int.url || int.request?.url || '/';
+    const status = int.response?.status || 0;
+    const key = `${method}|${url}|${status}`;
+    if (seen.has(key)) return false;
+    seen.set(key, true);
+    return true;
+  });
+}
+
+/**
+ * Run all interactions from a snapshot sequentially.
+ * - Sorted oldest-first so login precedes authenticated requests
+ * - Deduplicates redundant 304 GET requests
+ * - Auto-chains tokens from auth responses
+ * - Resolves <REDACTED> headers/body from env vars
+ */
+export async function runSnapshot(tag, options = {}) {
+  let snapshot;
+  try {
+    snapshot = loadSnapshotData(tag);
+  } catch (err) {
+    console.error(chalk.red(`\n  ✗ Snapshot not found: ${tag}`));
+    console.log(chalk.gray(`  Run 'kiroo snapshot list' to see available snapshots.\n`));
+    process.exit(1);
+  }
+
+  const raw = snapshot.interactions || [];
+  if (raw.length === 0) {
+    console.log(chalk.yellow(`\n  ⚠️ Snapshot "${tag}" has no interactions.\n`));
+    return;
+  }
+
+  const env = loadEnv();
+  const envVars = env.environments[env.current] || {};
+  const baseUrl = envVars.baseUrl || '';
+
+  // Sort chronologically, then deduplicate
+  const sorted = sortChronologically(raw);
+  const interactions = deduplicateInteractions(sorted);
+
+  // Captured variables during run (auto-chained)
+  const captured = {};
+
+  console.log(chalk.cyan(`\n  ▶ Running snapshot: ${chalk.white(tag)}`));
+  console.log(chalk.gray(`  ${interactions.length} interactions (${raw.length - interactions.length} duplicates skipped)\n`));
+
+  let passed = 0;
+  let failed = 0;
+
+  for (let i = 0; i < interactions.length; i++) {
+    const int = interactions[i];
+    const method = String(int.method || int.request?.method || 'GET').toUpperCase();
+    let url = int.url || int.request?.url || '/';
+    const headers = { ...(int.request?.headers || {}) };
+    let body = int.request?.body ? JSON.parse(JSON.stringify(int.request.body)) : undefined;
+
+    // Remove internal/hop-by-hop headers
+    for (const h of ['host', 'content-length', 'connection', 'accept-encoding', 'if-none-match',
+      'sec-ch-ua', 'sec-ch-ua-mobile', 'sec-ch-ua-platform', 'sec-fetch-dest', 'sec-fetch-mode',
+      'sec-fetch-site', 'dnt', 'origin', 'referer', 'user-agent']) {
+      delete headers[h];
+    }
+
+    // Resolve URL — if relative, prepend baseUrl
+    if (url.startsWith('/') && baseUrl) {
+      const normalized = baseUrl.endsWith('/') ? baseUrl.slice(0, -1) : baseUrl;
+      url = normalized + url;
+    }
+
+    // Fix redacted auth headers
+    for (const [key, val] of Object.entries(headers)) {
+      if (isRedacted(String(val))) {
+        const k = key.toLowerCase();
+        if (k === 'authorization') {
+          const token = captured.token || envVars.token;
+          if (token) headers[key] = token.startsWith('Bearer') ? token : `Bearer ${token}`;
+          else delete headers[key];
+        } else if (k === 'x-api-key' || k === 'api-key') {
+          const apiKey = captured.apiKey || envVars.sk || envVars.apiKey || envVars['x-api-key'];
+          if (apiKey) headers[key] = apiKey;
+          else delete headers[key];
+        } else {
+          delete headers[key];
+        }
+      }
+    }
+
+    // Fix redacted body fields (e.g. password)
+    if (body && typeof body === 'object') {
+      for (const [key, val] of Object.entries(body)) {
+        if (isRedacted(String(val))) {
+          // Try to find from env vars (password, secret, etc.)
+          const envVal = envVars[key] || envVars[key.toLowerCase()];
+          if (envVal) {
+            body[key] = envVal;
+          }
+          // If no env val found, leave <REDACTED> — will fail but at least user knows
+        }
+      }
+    }
+
+    // Replace {{var}} placeholders
+    const allVars = { ...envVars, ...captured };
+    url = replaceVars(url, allVars);
+    if (typeof body === 'string') body = replaceVars(body, allVars);
+    if (body && typeof body === 'object') body = replaceVarsDeep(body, allVars);
+    for (const [key, val] of Object.entries(headers)) {
+      if (typeof val === 'string') headers[key] = replaceVars(val, allVars);
+    }
+
+    // Execute
+    const shortUrl = url.replace(/^https?:\/\/[^/]+/, '');
+    const label = `[${i + 1}/${interactions.length}] ${method} ${shortUrl}`;
+    const spinner = ora({ text: chalk.gray(label), spinner: 'dots' }).start();
+    const start = Date.now();
+
+    try {
+      const res = await axios({
+        method: method.toLowerCase(),
+        url,
+        headers,
+        data: body,
+        timeout: options.timeout || 30000,
+        validateStatus: () => true,
+      });
+
+      const duration = Date.now() - start;
+      const status = res.status;
+      const statusColor = status >= 400 ? chalk.red : chalk.green;
+
+      spinner.stopAndPersist({
+        symbol: status >= 400 ? chalk.red('✗') : chalk.green('✓'),
+        text: `${statusColor(`${status}`)} ${chalk.gray(`${method} ${shortUrl}`)} ${chalk.dim(`${duration}ms`)}`,
+      });
+
+      // Auto-capture tokens from auth-like responses
+      if (res.data && typeof res.data === 'object') {
+        const data = res.data;
+        for (const field of ['token', 'accessToken', 'access_token', 'jwt', 'authToken', 'auth_token']) {
+          if (data[field] && typeof data[field] === 'string') {
+            captured.token = data[field];
+            if (options.verbose) console.log(chalk.dim(`    🔑 Captured ${field}`));
+          }
+          if (data.data && typeof data.data === 'object' && data.data[field]) {
+            captured.token = data.data[field];
+            if (options.verbose) console.log(chalk.dim(`    🔑 Captured data.${field}`));
+          }
+        }
+        for (const field of ['apiKey', 'api_key', 'key', 'publishableKey']) {
+          if (data[field] && typeof data[field] === 'string') {
+            captured.apiKey = data[field];
+          }
+        }
+      }
+
+      if (options.verbose && res.data) {
+        const bodyStr = typeof res.data === 'object' ? JSON.stringify(res.data, null, 2) : String(res.data);
+        const lines = bodyStr.split('\n');
+        const preview = lines.length > 6 ? lines.slice(0, 6).join('\n') + '\n    ...' : lines.join('\n');
+        console.log(chalk.gray(`    ↳ ${preview.split('\n').join('\n    ')}`));
+      }
+
+      if (status < 400) passed++;
+      else failed++;
+
+    } catch (err) {
+      const duration = Date.now() - start;
+      spinner.stopAndPersist({
+        symbol: chalk.red('✗'),
+        text: `${chalk.red('ERR')} ${chalk.gray(`${method} ${shortUrl}`)} ${chalk.dim(`${duration}ms`)} ${chalk.red(err.code || err.message)}`,
+      });
+      failed++;
+    }
+  }
+
+  // Summary
+  console.log(chalk.cyan(`\n  ── Run Complete ──`));
+  console.log(chalk.white(`  Snapshot: ${tag}`));
+  console.log(chalk.green(`  Passed:  ${passed}`));
+  if (failed > 0) console.log(chalk.red(`  Failed:  ${failed}`));
+  console.log(chalk.gray(`  Total:   ${interactions.length}\n`));
+
+  if (captured.token) {
+    console.log(chalk.dim(`  🔑 Auto-captured token from auth response`));
+    console.log('');
+  }
+
+  if (failed > 0 && options.failFast) {
+    process.exit(1);
+  }
+}
+
+function replaceVars(str, vars) {
+  return str.replace(/\{\{(.+?)\}\}/g, (match, key) => {
+    return vars[key] !== undefined ? vars[key] : match;
+  });
+}
+
+function replaceVarsDeep(obj, vars) {
+  if (typeof obj === 'string') return replaceVars(obj, vars);
+  if (Array.isArray(obj)) return obj.map(item => replaceVarsDeep(item, vars));
+  if (obj && typeof obj === 'object') {
+    const result = {};
+    for (const [k, v] of Object.entries(obj)) {
+      result[k] = replaceVarsDeep(v, vars);
+    }
+    return result;
+  }
+  return obj;
+}