npm - komplian - Versions diffs - 0.5.3 → 0.6.1 - Mend

komplian 0.5.3 → 0.6.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/README.md +6 -8
package/komplian-db-all-dev.mjs +256 -0
package/komplian-db.mjs +142 -94
package/komplian-localhost.mjs +48 -36
package/komplian-onboard.mjs +14 -7
package/komplian-postman.mjs +89 -19
package/package.json +3 -3
package/KOMPLIAN_DATABASE_URLS.env.example +0 -28

package/README.md CHANGED Viewed

@@ -6,24 +6,22 @@
 2. Browser login: `gh auth login -h github.com -s repo -s read:org -w`
 3. `npx komplian onboard --yes` (sin `@versión`: usa `latest` del registry público).
-**`npm ERR! ETARGET` / “No matching version”** (también si falló **`postman`**, no solo `onboard`): es el mismo paquete npm. Usa **`npx komplian postman login`** / **`npx komplian postman --yes`** **sin** `@0.4.x`; comprueba `npm config get registry` → `https://registry.npmjs.org/`; `npm cache clean --force`. Detalle: `ONBOARDING.md` en el monorepo.
+**Orden típico del equipo:** onboard → **`postman --yes`** (pide la clave la primera vez en TTY) → `mcp-tools --yes` → **`db:all:dev`** → `localhost --yes`. Ver **`ONBOARDING.md`**.
+**`npm ERR! ETARGET` / “No matching version”** (también si falló **`postman`**, no solo `onboard`): es el mismo paquete npm. Usa **`npx komplian postman --yes`** **sin** `@0.4.x`; comprueba `npm config get registry` → `https://registry.npmjs.org/`; `npm cache clean --force`. Detalle: `ONBOARDING.md` en el monorepo.
 ### Postman (colección + entornos)
 1. En [Postman](https://postman.com) usa una cuenta con email **`@komplian.com`** (o añade ese email a tu perfil).
 2. Crea una **API key**: Settings → **API keys** → Generate.
-3. **Una vez por máquina** (guarda la clave en `~/.komplian/postman-api-key`; no hace falta `export` después):
-```bash
-npx komplian postman login
-```
-4. Cuando quieras sincronizar la colección:
+3. **Sincronizar** (la primera vez en terminal interactiva **te pide** la API key y la guarda en `~/.komplian/postman-api-key`; no hace falta `export` después):
 ```bash
 npx komplian postman --yes
 ```
+Opcional: **`npx komplian postman login`** solo para guardar o rotar la clave sin ejecutar el sync.
 Opcional: `export POSTMAN_API_KEY=…` solo para la sesión actual (tiene prioridad sobre el archivo).
 El comando llama a `GET https://api.getpostman.com/me` y **solo continúa** si el email de la cuenta es `@komplian.com`. **Si ya existen** la colección **Komplian API** y los entornos con el mismo nombre en ese workspace, se **actualizan**; si no, se crean.

package/komplian-db-all-dev.mjs ADDED Viewed

@@ -0,0 +1,256 @@
+#!/usr/bin/env node
+/**
+ * db:all:dev — Verificación empleado @komplian.com (Postman GET /me, misma clave que postman login),
+ * guarda las 3 URLs de desarrollo en ~/.komplian/dev-databases.json (600) y las propaga a
+ * app|api|web|admin/.env.local. No usa archivos secretos en la raíz del monorepo.
+ *
+ * No interactivo: export KOMPLIAN_DEV_APP_DATABASE_URL, _ADMIN_, _WEB_ y npx komplian db:all:dev --yes
+ */
+import {
+  chmodSync,
+  existsSync,
+  mkdirSync,
+  readFileSync,
+  writeFileSync,
+} from "node:fs";
+import { join, resolve } from "node:path";
+import { homedir } from "node:os";
+import { createInterface } from "node:readline/promises";
+import { stdin as input, stdout as output } from "node:process";
+import { assertKomplianEmployeePostman } from "./komplian-postman.mjs";
+import {
+  applyOverridesToEnvContent,
+  formatEnvValue,
+  findWorkspaceRoot,
+  writeAtomic,
+} from "./komplian-localhost.mjs";
+import {
+  loadHomeDevDatabases,
+  maskDatabaseUrl,
+} from "./komplian-db.mjs";
+const c = {
+  reset: "\x1b[0m",
+  dim: "\x1b[2m",
+  bold: "\x1b[1m",
+  cyan: "\x1b[36m",
+  green: "\x1b[32m",
+  red: "\x1b[31m",
+  yellow: "\x1b[33m",
+};
+function log(s = "") {
+  console.log(s);
+}
+const PLACEHOLDER = "komplian_localhost_placeholder";
+const DEV_DB_NAME = "dev-databases.json";
+function ensureKomplianHome() {
+  const dir = join(homedir(), ".komplian");
+  mkdirSync(dir, { recursive: true, mode: 0o700 });
+  try {
+    chmodSync(dir, 0o700);
+  } catch {
+    /* ignore */
+  }
+  return dir;
+}
+function devDbPath() {
+  return join(ensureKomplianHome(), DEV_DB_NAME);
+}
+function writeSavedDevDatabases(data) {
+  const p = devDbPath();
+  const body = JSON.stringify(
+    {
+      schemaVersion: 1,
+      app: data.app,
+      admin: data.admin,
+      web: data.web,
+      savedAt: new Date().toISOString(),
+    },
+    null,
+    2
+  );
+  writeFileSync(p, body, { encoding: "utf8", mode: 0o600 });
+  try {
+    chmodSync(p, 0o600);
+  } catch {
+    /* ignore */
+  }
+}
+function isValidPostgresUrl(s) {
+  const t = (s || "").trim();
+  if (!t.startsWith("postgresql://") && !t.startsWith("postgres://")) return false;
+  if (t.includes(PLACEHOLDER)) return false;
+  try {
+    const u = new URL(t);
+    return !!u.hostname;
+  } catch {
+    return false;
+  }
+}
+function isValidTriplet(d) {
+  return (
+    isValidPostgresUrl(d.app) &&
+    isValidPostgresUrl(d.admin) &&
+    isValidPostgresUrl(d.web)
+  );
+}
+function headerDbAllDev() {
+  return `# KOMPLIAN — development databases (komplian db:all:dev · no commitear)\n`;
+}
+function patchEnvLocal(workspaceRoot, project, overrides) {
+  const envPath = join(workspaceRoot, project, ".env.local");
+  const examplePath = join(workspaceRoot, project, ".env.example");
+  let body;
+  let prefix = "";
+  if (existsSync(envPath)) {
+    body = applyOverridesToEnvContent(readFileSync(envPath, "utf8"), overrides);
+  } else if (existsSync(examplePath)) {
+    prefix = headerDbAllDev();
+    body = applyOverridesToEnvContent(readFileSync(examplePath, "utf8"), overrides);
+  } else {
+    prefix = headerDbAllDev();
+    body = Object.entries(overrides)
+      .map(([k, v]) => `${k}=${formatEnvValue(v)}`)
+      .join("\n");
+  }
+  writeAtomic(envPath, prefix + body);
+}
+function propagateToMonorepo(workspaceRoot, data) {
+  patchEnvLocal(workspaceRoot, "app", { DATABASE_URL: data.app });
+  patchEnvLocal(workspaceRoot, "admin", { DATABASE_URL: data.admin });
+  patchEnvLocal(workspaceRoot, "web", { DATABASE_URL: data.web });
+  patchEnvLocal(workspaceRoot, "api", {
+    APP_DATABASE_URL: data.app,
+    ADMIN_DATABASE_URL: data.admin,
+    WEB_DATABASE_URL: data.web,
+  });
+}
+function collectUrlsFromEnv() {
+  return {
+    app: process.env.KOMPLIAN_DEV_APP_DATABASE_URL?.trim() || "",
+    admin: process.env.KOMPLIAN_DEV_ADMIN_DATABASE_URL?.trim() || "",
+    web: process.env.KOMPLIAN_DEV_WEB_DATABASE_URL?.trim() || "",
+  };
+}
+async function collectUrlsInteractive(rl) {
+  log(`  ${c.dim}postgresql://… desde Neon (rama development) u homólogo.${c.reset}`);
+  const app = (await rl.question(`${c.bold}URL APP${c.reset} (app + API): `)).trim();
+  const admin = (await rl.question(`${c.bold}URL ADMIN${c.reset}: `)).trim();
+  const web = (await rl.question(`${c.bold}URL WEB${c.reset} (pilot): `)).trim();
+  return { app, admin, web };
+}
+function parseArgs(argv) {
+  const opts = {
+    yes: false,
+    force: false,
+    workspace: "",
+    help: false,
+  };
+  const rest = [];
+  for (let i = 0; i < argv.length; i++) {
+    const a = argv[i];
+    if (a === "--yes" || a === "-y") opts.yes = true;
+    else if (a === "--force") opts.force = true;
+    else if (a === "-w" || a === "--workspace") opts.workspace = argv[++i] || "";
+    else if (a === "-h" || a === "--help") opts.help = true;
+    else if (a.startsWith("-")) {
+      log(`${c.red}✗${c.reset} Opción desconocida: ${a}`);
+      process.exit(1);
+    } else rest.push(a);
+  }
+  if (rest[0]) opts.workspace = rest[0];
+  return opts;
+}
+function usage() {
+  log(`Uso: npx komplian db:all:dev [opciones] [monorepo]`);
+  log(``);
+  log(`  Tras ${c.bold}npx komplian postman login${c.reset}: verifica @komplian.com y configura las 3 bases de desarrollo.`);
+  log(`  Guarda en ${c.dim}~/.komplian/dev-databases.json${c.reset} y actualiza ${c.dim}app|api|web|admin/.env.local${c.reset}.`);
+  log(``);
+  log(`  Sin prompts: ${c.dim}KOMPLIAN_DEV_APP_DATABASE_URL${c.reset}, ${c.dim}_ADMIN_${c.reset}, ${c.dim}_WEB_${c.reset} + ${c.bold}--yes${c.reset}`);
+  log(`  ${c.bold}--force${c.reset}     Volver a pedir URLs (o usar env) aunque exista el JSON`);
+  log(`  -w, --workspace  Raíz del monorepo`);
+  log(`  -h, --help`);
+}
+export async function runDbAllDev(argv) {
+  const opts = parseArgs(argv);
+  if (opts.help) {
+    usage();
+    return;
+  }
+  const workspaceRoot = opts.workspace.trim()
+    ? resolve(opts.workspace.replace(/^~(?=$|[/\\])/, process.env.HOME || ""))
+    : findWorkspaceRoot(process.cwd());
+  if (!existsSync(join(workspaceRoot, "api", "package.json"))) {
+    log(`${c.red}✗${c.reset} No parece un monorepo Komplian: ${workspaceRoot}`);
+    process.exit(1);
+  }
+  log(`${c.cyan}━━ Komplian — bases de datos (development) ━━${c.reset}`);
+  await assertKomplianEmployeePostman();
+  const fromEnv = collectUrlsFromEnv();
+  const envOk = isValidTriplet(fromEnv);
+  const saved = loadHomeDevDatabases();
+  const savedOk = saved && isValidTriplet(saved);
+  /** @type {{ app: string; admin: string; web: string }} */
+  let data;
+  if (envOk) {
+    data = fromEnv;
+    log(`${c.green}✓${c.reset} URLs desde variables de entorno (KOMPLIAN_DEV_*_DATABASE_URL).`);
+  } else if (savedOk && !opts.force && !envOk) {
+    data = saved;
+    log(
+      `${c.dim}○${c.reset} Usando ${c.bold}~/.komplian/dev-databases.json${c.reset} (${c.dim}--force${c.reset} para cambiar).`
+    );
+  } else if (opts.yes && !envOk) {
+    log(
+      `${c.red}✗${c.reset} Con ${c.bold}--yes${c.reset} define las tres variables ${c.dim}KOMPLIAN_DEV_APP_DATABASE_URL${c.reset}, ${c.dim}_ADMIN_${c.reset}, ${c.dim}_WEB_${c.reset}, o ejecuta sin ${c.bold}--yes${c.reset} para modo interactivo.`
+    );
+    process.exit(1);
+  } else {
+    const rl = createInterface({ input, output });
+    log(``);
+    log(`${c.bold}Introduce las connection strings de desarrollo (3).${c.reset}`);
+    data = await collectUrlsInteractive(rl);
+    rl.close();
+  }
+  if (!isValidTriplet(data)) {
+    log(`${c.red}✗${c.reset} Las tres URLs deben ser postgres:// o postgresql:// válidas (sin placeholder).`);
+    process.exit(1);
+  }
+  writeSavedDevDatabases(data);
+  propagateToMonorepo(workspaceRoot, data);
+  log(``);
+  log(`${c.green}✓${c.reset} Guardado ${c.dim}~/.komplian/${DEV_DB_NAME}${c.reset} y .env.local en app, api, web, admin.`);
+  log(`  ${c.dim}APP${c.reset}   ${maskDatabaseUrl(data.app)}`);
+  log(`  ${c.dim}ADMIN${c.reset} ${maskDatabaseUrl(data.admin)}`);
+  log(`  ${c.dim}WEB${c.reset}   ${maskDatabaseUrl(data.web)}`);
+  log(``);
+  log(`${c.dim}Siguiente: ${c.reset}${c.cyan}npx komplian localhost --yes${c.reset}`);
+  log(`${c.dim}psql: ${c.reset}${c.cyan}npx komplian db:app:development${c.reset} …`);
+}

package/komplian-db.mjs CHANGED Viewed

@@ -7,11 +7,8 @@
  *   npx komplian db:admin:staging
  *   npx komplian db:web:production
  *
- * URLs (prioridad: process.env → KOMPLIAN_DATABASE_URLS.env → KOMPLIAN_LOCALHOST_SECRETS.env → .env.local solo development):
- *   KOMPLIAN_DATABASE_URL_APP_DEVELOPMENT | _STAGING | _PRODUCTION
- *   KOMPLIAN_DATABASE_URL_ADMIN_*
- *   KOMPLIAN_DATABASE_URL_WEB_*
- * Legacy development: KOMPLIAN_LOCALHOST_*_DATABASE_URL
+ * Development: 1) .env.local por repo; 2) ~/.komplian/dev-databases.json (db:all:dev); 3) variables de sesión KOMPLIAN_*.
+ * Staging/producción: solo KOMPLIAN_DATABASE_URL_*_STAGING|_PRODUCTION (env o archivos en raíz), nunca .env.local.
  *
  * Producción: solo emails @komplian.com en KOMPLIAN_DATABASE_PRODUCTION_ALLOWLIST
  * (por defecto josue.santana@komplian.com). Operador: KOMPLIAN_DATABASE_OPERATOR_EMAIL o git config user.email.
@@ -22,6 +19,7 @@
 import { spawn, spawnSync } from "node:child_process";
 import { existsSync, readFileSync } from "node:fs";
+import { homedir } from "node:os";
 import { dirname, join, resolve } from "node:path";
 import { createInterface } from "node:readline/promises";
 import { stdin as input, stdout as output } from "node:process";
@@ -56,12 +54,12 @@ const DEFAULT_PRODUCTION_ALLOWLIST = ["josue.santana@komplian.com"];
 /** Misma cadena que `komplian-localhost.mjs` cuando no hay URL real. */
 const LOCALHOST_DB_PLACEHOLDER = "komplian_localhost_placeholder";
-function isPlaceholderDbUrl(url) {
+export function isPlaceholderDbUrl(url) {
   return !!(url && String(url).includes(LOCALHOST_DB_PLACEHOLDER));
 }
 /** Primera URL no vacía que no sea el placeholder de localhost. */
-function pickFirstNonPlaceholder(...candidates) {
+export function pickFirstNonPlaceholder(...candidates) {
   for (const c of candidates) {
     const u = (c ?? "").trim();
     if (u && !isPlaceholderDbUrl(u)) return u;
@@ -75,7 +73,7 @@ function assertNotPlaceholderDbUrl(url) {
     `${c.red}✗${c.reset} La URL es el ${c.bold}placeholder${c.reset} de \`komplian localhost\` (no apunta a una base de datos real).`
   );
   log(``);
-  log(`  Pon una URL real (raíz del monorepo: ${c.dim}KOMPLIAN_LOCALHOST_*_DATABASE_URL${c.reset}, ${c.dim}KOMPLIAN_DATABASE_URLS.env${c.reset}, o ${c.dim}--url${c.reset}).`);
+  log(`  Pon una URL real (${c.bold}npx komplian db:all:dev${c.reset}, ${c.dim}--url${c.reset}, o variables en sesión).`);
   process.exit(1);
 }
@@ -99,25 +97,21 @@ function parseEnvFile(content) {
   return out;
 }
-function loadMergedEnvFiles(workspaceRoot) {
-  const out = {};
-  const paths = [
-    join(workspaceRoot, "KOMPLIAN_DATABASE_URLS.env"),
-    join(workspaceRoot, ".komplian", "KOMPLIAN_DATABASE_URLS.env"),
-    join(workspaceRoot, "KOMPLIAN_LOCALHOST_SECRETS.env"),
-    join(workspaceRoot, ".komplian", "KOMPLIAN_LOCALHOST_SECRETS.env"),
-    join(workspaceRoot, "komplian-localhost.secrets.env"),
-    join(workspaceRoot, ".komplian", "localhost-secrets.env"),
-  ];
-  for (const p of paths) {
-    if (!existsSync(p)) continue;
-    try {
-      Object.assign(out, parseEnvFile(readFileSync(p, "utf8")));
-    } catch {
-      /* ignore */
-    }
+/** ~/.komplian/dev-databases.json (creado por db:all:dev). No se leen secretos en la raíz del monorepo. */
+export function loadHomeDevDatabases() {
+  const p = join(homedir(), ".komplian", "dev-databases.json");
+  if (!existsSync(p)) return null;
+  try {
+    const j = JSON.parse(readFileSync(p, "utf8"));
+    if (!j || typeof j !== "object") return null;
+    return {
+      app: String(j.app || "").trim(),
+      admin: String(j.admin || "").trim(),
+      web: String(j.web || "").trim(),
+    };
+  } catch {
+    return null;
   }
-  return out;
 }
 function readEnvLocalKey(workspaceRoot, project, keys) {
@@ -152,7 +146,7 @@ function findWorkspaceRoot(start) {
   return resolve(start);
 }
-function maskDatabaseUrl(url) {
+export function maskDatabaseUrl(url) {
   try {
     const u = new URL(url);
     if (u.password) u.password = "***";
@@ -171,7 +165,7 @@ function platformToDbKey(platform) {
   return null;
 }
-function loadProductionAllowlist(workspaceRoot) {
+function loadProductionAllowlist() {
   const raw = process.env.KOMPLIAN_DATABASE_PRODUCTION_ALLOWLIST?.trim();
   if (raw) {
     return raw
@@ -179,21 +173,6 @@ function loadProductionAllowlist(workspaceRoot) {
       .map((s) => s.trim().toLowerCase())
       .filter(Boolean);
   }
-  const p = join(
-    workspaceRoot,
-    ".komplian",
-    "KOMPLIAN_DATABASE_PRODUCTION_ALLOWLIST"
-  );
-  if (existsSync(p)) {
-    try {
-      return readFileSync(p, "utf8")
-        .split(/\r?\n/)
-        .map((l) => l.trim().toLowerCase())
-        .filter((l) => l && !l.startsWith("#"));
-    } catch {
-      /* ignore */
-    }
-  }
   return DEFAULT_PRODUCTION_ALLOWLIST.map((e) => e.toLowerCase());
 }
@@ -248,7 +227,7 @@ async function resolveOperatorEmail() {
   return (ans || "").trim();
 }
-function assertProductionAccess(email, allowlist) {
+function assertProductionAccessLocalAllowlist(email, allowlist) {
   const e = email.toLowerCase();
   if (!e || !e.endsWith("@komplian.com")) {
     log(
@@ -258,57 +237,123 @@ function assertProductionAccess(email, allowlist) {
   }
   if (!allowlist.includes(e)) {
     log(
-      `${c.red}✗${c.reset} Producción: este email no está autorizado. Añádelo en ${c.bold}KOMPLIAN_DATABASE_PRODUCTION_ALLOWLIST${c.reset} o en ${c.dim}.komplian/KOMPLIAN_DATABASE_PRODUCTION_ALLOWLIST${c.reset}.`
+      `${c.red}✗${c.reset} Producción: email no autorizado (local). Usa Admin → ${c.bold}Prod DB CLI${c.reset} o ${c.dim}KOMPLIAN_DATABASE_PRODUCTION_ALLOWLIST${c.reset} / ${c.dim}KOMPLIAN_API_URL${c.reset}+${c.dim}ADMIN_API_KEY${c.reset}.`
     );
     process.exit(1);
   }
 }
+/** Si hay KOMPLIAN_API_URL + ADMIN_API_KEY, la API central decide (lista en Admin, super admin). */
+async function verifyProductionAccessViaApi(email) {
+  const base = (process.env.KOMPLIAN_API_URL || "").trim().replace(/\/$/, "");
+  const apiKey = (process.env.ADMIN_API_KEY || "").trim();
+  if (!base || !apiKey) return null;
+  try {
+    const ac = new AbortController();
+    const t = setTimeout(() => ac.abort(), 15000);
+    const r = await fetch(`${base}/api/admin/production-db-cli/verify`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "X-API-Key": apiKey,
+      },
+      body: JSON.stringify({ email: email.toLowerCase() }),
+      signal: ac.signal,
+    });
+    clearTimeout(t);
+    const j = await r.json().catch(() => ({}));
+    if (!r.ok || j.success !== true || typeof j.allowed !== "boolean") return null;
+    return j.allowed;
+  } catch {
+    return null;
+  }
+}
+async function assertProductionAccessResolved(email, quiet) {
+  const e = (email || "").toLowerCase().trim();
+  if (!e || !e.endsWith("@komplian.com")) {
+    log(
+      `${c.red}✗${c.reset} Producción: solo cuentas ${c.bold}@komplian.com${c.reset}. Define ${c.dim}KOMPLIAN_DATABASE_OPERATOR_EMAIL${c.reset} o ${c.dim}git config user.email${c.reset}.`
+    );
+    process.exit(1);
+  }
+  const verdict = await verifyProductionAccessViaApi(e);
+  if (verdict === true) {
+    if (!quiet) {
+      log(
+        `${c.dim}○${c.reset} Producción: allowlist desde ${c.bold}API central${c.reset} (Admin → Prod DB CLI).`
+      );
+    }
+    return;
+  }
+  if (verdict === false) {
+    log(
+      `${c.red}✗${c.reset} Producción: este email no está en la lista (Admin → Prod DB CLI, solo super admin).`
+    );
+    process.exit(1);
+  }
+  assertProductionAccessLocalAllowlist(e, loadProductionAllowlist());
+}
 function resolveDatabaseUrl(workspaceRoot, platform, environment) {
   const dbKey = platformToDbKey(platform);
   if (!dbKey) return "";
-  const file = loadMergedEnvFiles(workspaceRoot);
   const envU = environment.toUpperCase();
   const primaryKey = `KOMPLIAN_DATABASE_URL_${dbKey}_${envU}`;
+  const home = loadHomeDevDatabases();
-  let url = pickFirstNonPlaceholder(
-    process.env[primaryKey],
-    file[primaryKey]
-  );
+  if (environment !== "development") {
+    return pickFirstNonPlaceholder(process.env[primaryKey]);
+  }
+  const single = (process.env.KOMPLIAN_LOCALHOST_DATABASE_URL || "").trim();
-  if (environment === "development" && !url) {
-    const single = pickFirstNonPlaceholder(
-      process.env.KOMPLIAN_LOCALHOST_DATABASE_URL,
-      file.KOMPLIAN_LOCALHOST_DATABASE_URL
+  let fromRepos = "";
+  if (dbKey === "APP") {
+    fromRepos = pickFirstNonPlaceholder(
+      readEnvLocalKey(workspaceRoot, "app", ["DATABASE_URL"]),
+      readEnvLocalKey(workspaceRoot, "api", ["APP_DATABASE_URL"])
+    );
+  } else if (dbKey === "ADMIN") {
+    fromRepos = pickFirstNonPlaceholder(
+      readEnvLocalKey(workspaceRoot, "admin", ["DATABASE_URL"]),
+      readEnvLocalKey(workspaceRoot, "api", ["ADMIN_DATABASE_URL"])
+    );
+  } else if (dbKey === "WEB") {
+    fromRepos = pickFirstNonPlaceholder(
+      readEnvLocalKey(workspaceRoot, "web", ["DATABASE_URL"]),
+      readEnvLocalKey(workspaceRoot, "api", ["WEB_DATABASE_URL"])
     );
-    if (dbKey === "APP") {
-      url = pickFirstNonPlaceholder(
-        process.env.KOMPLIAN_LOCALHOST_APP_DATABASE_URL,
-        file.KOMPLIAN_LOCALHOST_APP_DATABASE_URL,
-        single,
-        readEnvLocalKey(workspaceRoot, "app", ["DATABASE_URL"]),
-        readEnvLocalKey(workspaceRoot, "api", ["APP_DATABASE_URL"])
-      );
-    } else if (dbKey === "ADMIN") {
-      url = pickFirstNonPlaceholder(
-        process.env.KOMPLIAN_LOCALHOST_ADMIN_DATABASE_URL,
-        file.KOMPLIAN_LOCALHOST_ADMIN_DATABASE_URL,
-        single,
-        readEnvLocalKey(workspaceRoot, "admin", ["DATABASE_URL"]),
-        readEnvLocalKey(workspaceRoot, "api", ["ADMIN_DATABASE_URL"])
-      );
-    } else if (dbKey === "WEB") {
-      url = pickFirstNonPlaceholder(
-        process.env.KOMPLIAN_LOCALHOST_WEB_DATABASE_URL,
-        file.KOMPLIAN_LOCALHOST_WEB_DATABASE_URL,
-        single,
-        readEnvLocalKey(workspaceRoot, "web", ["DATABASE_URL"]),
-        readEnvLocalKey(workspaceRoot, "api", ["WEB_DATABASE_URL"])
-      );
-    }
   }
-  return url;
+  if (dbKey === "APP") {
+    return pickFirstNonPlaceholder(
+      fromRepos,
+      process.env[primaryKey],
+      home?.app,
+      process.env.KOMPLIAN_LOCALHOST_APP_DATABASE_URL,
+      single
+    );
+  }
+  if (dbKey === "ADMIN") {
+    return pickFirstNonPlaceholder(
+      fromRepos,
+      process.env[primaryKey],
+      home?.admin,
+      process.env.KOMPLIAN_LOCALHOST_ADMIN_DATABASE_URL,
+      single
+    );
+  }
+  if (dbKey === "WEB") {
+    return pickFirstNonPlaceholder(
+      fromRepos,
+      process.env[primaryKey],
+      home?.web,
+      process.env.KOMPLIAN_LOCALHOST_WEB_DATABASE_URL,
+      single
+    );
+  }
+  return "";
 }
 function findPsqlBinary() {
@@ -385,15 +430,15 @@ function usageDb() {
   log(`  Plataformas: ${c.dim}app | admin | web | api-app | api-admin | api-web${c.reset}`);
   log(`  Entornos:    ${c.dim}development | staging | production${c.reset}`);
   log(``);
-  log(`  Variables KOMPLIAN (recomendado):`);
-  log(`  ${c.dim}KOMPLIAN_DATABASE_URL_APP_DEVELOPMENT${c.reset}`);
-  log(`  ${c.dim}KOMPLIAN_DATABASE_URL_APP_STAGING / _PRODUCTION${c.reset} (idem ADMIN, WEB)`);
-  log(`  Archivo opcional: ${c.dim}KOMPLIAN_DATABASE_URLS.env${c.reset} (gitignored)`);
+  log(`  ${c.bold}db:all:dev${c.reset}  Configura las 3 DB de desarrollo (Postman @komplian.com) → ~/.komplian + cada repo /.env.local`);
+  log(`  Development: ${c.dim}.env.local por repo${c.reset}, ${c.dim}~/.komplian/dev-databases.json${c.reset}, variables en sesión.`);
+  log(`  Staging/producción: solo ${c.dim}KOMPLIAN_DATABASE_URL_*_STAGING|_PRODUCTION${c.reset} en el entorno (nunca .env.local).`);
   log(`  Neon: ${c.dim}staging/producción${c.reset} exigen host *.neon.tech; ${c.dim}development${c.reset} permite Postgres local (aviso).`);
   log(``);
   log(`  Producción:`);
-  log(`  ${c.dim}KOMPLIAN_DATABASE_OPERATOR_EMAIL${c.reset} o git user.email`);
-  log(`  ${c.dim}KOMPLIAN_DATABASE_PRODUCTION_ALLOWLIST${c.reset} (coma) o .komplian/KOMPLIAN_DATABASE_PRODUCTION_ALLOWLIST`);
+  log(`  ${c.dim}KOMPLIAN_DATABASE_OPERATOR_EMAIL${c.reset} o git user.email (@komplian.com)`);
+  log(`  Preferido: ${c.bold}Admin → Prod DB CLI${c.reset} (super admin) + ${c.dim}KOMPLIAN_API_URL${c.reset} + ${c.dim}ADMIN_API_KEY${c.reset} en la sesión del operador.`);
+  log(`  Sin API: ${c.dim}KOMPLIAN_DATABASE_PRODUCTION_ALLOWLIST${c.reset} (coma) en el entorno local.`);
   log(``);
   log(`  -c, --command   SQL no interactivo`);
   log(`  -u, --url       URL explícita (sigue reglas Neon / producción)`);
@@ -426,14 +471,12 @@ export async function runDb(argv) {
     ? resolve(opts.workspace.replace(/^~(?=$|[/\\])/, process.env.HOME || ""))
     : findWorkspaceRoot(process.cwd());
-  const allowlist = loadProductionAllowlist(workspaceRoot);
   if (opts.environment === "production") {
     const email = await resolveOperatorEmail();
-    assertProductionAccess(email, allowlist);
+    await assertProductionAccessResolved(email, opts.quiet);
     if (!opts.quiet) {
       log(
-        `${c.yellow}⚠${c.reset} Producción · operador ${c.bold}${email.toLowerCase()}${c.reset} (allowlist Komplian)`
+        `${c.yellow}⚠${c.reset} Producción · operador ${c.bold}${email.toLowerCase()}${c.reset}`
       );
     }
   }
@@ -452,12 +495,17 @@ export async function runDb(argv) {
   if (!url) {
     log(`${c.red}✗${c.reset} Sin URL para ${opts.platform} / ${opts.environment}.`);
-    log(
-      `  Define ${c.bold}KOMPLIAN_DATABASE_URL_${platformToDbKey(opts.platform)}_${opts.environment.toUpperCase()}${c.reset} o ${c.dim}KOMPLIAN_DATABASE_URLS.env${c.reset}.`
-    );
     if (opts.environment === "development") {
+      const pk = platformToDbKey(opts.platform);
+      log(
+        `  Pon la URL de Neon (rama dev) en ${c.bold}${opts.platform === "web" || opts.platform === "api-web" ? "web" : opts.platform === "admin" || opts.platform === "api-admin" ? "admin" : "app"}/.env.local${c.reset} (${c.dim}DATABASE_URL${c.reset}) o en ${c.dim}api/.env.local${c.reset} (${c.dim}${pk === "WEB" ? "WEB_DATABASE_URL" : pk === "ADMIN" ? "ADMIN_DATABASE_URL" : "APP_DATABASE_URL"}${c.reset}).`
+      );
+      log(
+        `  ${c.dim}(Placeholders ignorados; ${c.bold}npx komplian db:all:dev${c.reset} o ${c.bold}KOMPLIAN_DATABASE_URL_${pk}_DEVELOPMENT${c.reset} en el entorno.)${c.reset}`
+      );
+    } else {
       log(
-        `  ${c.dim}(Los valores con ${LOCALHOST_DB_PLACEHOLDER} en .env.local se ignoran; usa una URL real en la raíz del monorepo.)${c.reset}`
+        `  Exporta ${c.bold}KOMPLIAN_DATABASE_URL_${platformToDbKey(opts.platform)}_${opts.environment.toUpperCase()}${c.reset} en el entorno (CI / operador).`
       );
     }
     process.exit(1);

package/komplian-localhost.mjs CHANGED Viewed

@@ -6,8 +6,8 @@
  * Seguridad: los `.env*` no van en el paquete npm `komplian` (solo *.mjs + JSON + README).
  * No imprime secretos. Tras generar, muestra tabla de URLs locales (puertos fijos).
  *
- * Neon: KOMPLIAN_LOCALHOST_APP_DATABASE_URL, …_ADMIN_…, …_WEB_… o KOMPLIAN_LOCALHOST_SECRETS.env
- * (plantilla en la raíz del monorepo: KOMPLIAN_LOCALHOST_SECRETS.env.example).
+ * Bases de datos: primero cada repo `/.env.local`; luego ~/.komplian/dev-databases.json (npx komplian db:all:dev);
+ * opcional en la sesión: KOMPLIAN_LOCALHOST_*_DATABASE_URL (sin archivos secretos en la raíz del monorepo).
  */
 import { randomBytes } from "node:crypto";
@@ -18,6 +18,11 @@ import { fileURLToPath } from "node:url";
 import { createInterface } from "node:readline/promises";
 import { stdin as input, stdout as output } from "node:process";
+import {
+  loadHomeDevDatabases,
+  pickFirstNonPlaceholder,
+} from "./komplian-db.mjs";
 const __dirname = dirname(fileURLToPath(import.meta.url));
 const c = {
@@ -61,41 +66,41 @@ function parseEnvFile(content) {
   return out;
 }
-function loadSecretsFromDisk(workspaceRoot) {
-  const paths = [
-    join(workspaceRoot, "KOMPLIAN_LOCALHOST_SECRETS.env"),
-    join(workspaceRoot, ".komplian", "KOMPLIAN_LOCALHOST_SECRETS.env"),
-    join(workspaceRoot, "komplian-localhost.secrets.env"),
-    join(workspaceRoot, ".komplian", "localhost-secrets.env"),
-  ];
-  for (const p of paths) {
-    if (!existsSync(p)) continue;
-    try {
-      return parseEnvFile(readFileSync(p, "utf8"));
-    } catch {
-      /* ignore */
-    }
+function readEnvLocalDbUrl(workspaceRoot, project, key) {
+  const p = join(workspaceRoot, project, ".env.local");
+  if (!existsSync(p)) return "";
+  try {
+    const m = parseEnvFile(readFileSync(p, "utf8"));
+    return String(m[key] || "").trim();
+  } catch {
+    return "";
   }
-  return {};
 }
 function resolveDatabaseUrls(workspaceRoot) {
-  const file = loadSecretsFromDisk(workspaceRoot);
-  const single =
-    process.env.KOMPLIAN_LOCALHOST_DATABASE_URL?.trim() ||
-    file.KOMPLIAN_LOCALHOST_DATABASE_URL?.trim();
-  const app =
-    process.env.KOMPLIAN_LOCALHOST_APP_DATABASE_URL?.trim() ||
-    file.KOMPLIAN_LOCALHOST_APP_DATABASE_URL?.trim() ||
-    single;
-  const admin =
-    process.env.KOMPLIAN_LOCALHOST_ADMIN_DATABASE_URL?.trim() ||
-    file.KOMPLIAN_LOCALHOST_ADMIN_DATABASE_URL?.trim() ||
-    single;
-  const web =
-    process.env.KOMPLIAN_LOCALHOST_WEB_DATABASE_URL?.trim() ||
-    file.KOMPLIAN_LOCALHOST_WEB_DATABASE_URL?.trim() ||
-    single;
+  const home = loadHomeDevDatabases();
+  const single = (process.env.KOMPLIAN_LOCALHOST_DATABASE_URL || "").trim();
+  const app = pickFirstNonPlaceholder(
+    readEnvLocalDbUrl(workspaceRoot, "app", "DATABASE_URL"),
+    readEnvLocalDbUrl(workspaceRoot, "api", "APP_DATABASE_URL"),
+    home?.app,
+    process.env.KOMPLIAN_LOCALHOST_APP_DATABASE_URL,
+    single
+  );
+  const admin = pickFirstNonPlaceholder(
+    readEnvLocalDbUrl(workspaceRoot, "admin", "DATABASE_URL"),
+    readEnvLocalDbUrl(workspaceRoot, "api", "ADMIN_DATABASE_URL"),
+    home?.admin,
+    process.env.KOMPLIAN_LOCALHOST_ADMIN_DATABASE_URL,
+    single
+  );
+  const web = pickFirstNonPlaceholder(
+    readEnvLocalDbUrl(workspaceRoot, "web", "DATABASE_URL"),
+    readEnvLocalDbUrl(workspaceRoot, "api", "WEB_DATABASE_URL"),
+    home?.web,
+    process.env.KOMPLIAN_LOCALHOST_WEB_DATABASE_URL,
+    single
+  );
   const hasReal =
     !!(app && admin && web) &&
     !String(app).includes("komplian_localhost_placeholder");
@@ -421,7 +426,7 @@ function usageLocalhost() {
   log(`Uso: npx komplian localhost [opciones] [carpeta-monorepo]`);
   log(``);
   log(`  Genera .env.local completos (desde cada .env.example + secretos KOMPLIAN) y arranca todos los dev servers.`);
-  log(`  ${c.dim}Neon: KOMPLIAN_LOCALHOST_APP_DATABASE_URL, …_ADMIN_…, …_WEB_… o archivo KOMPLIAN_LOCALHOST_SECRETS.env${c.reset}`);
+  log(`  ${c.dim}DBs: npx komplian db:all:dev antes (o ~/.komplian/dev-databases.json / variables en sesión).${c.reset}`);
   log(``);
   log(`  -y, --yes       Sin confirmación`);
   log(`  --force         Regenerar .env.local`);
@@ -506,9 +511,8 @@ export async function runLocalhost(argv) {
   if (!db.hasReal && !opts.minimal) {
     log(
-      `${c.yellow}⚠${c.reset} Sin Neon: exporta ${c.bold}KOMPLIAN_LOCALHOST_APP_DATABASE_URL${c.reset} / ${c.bold}ADMIN${c.reset} / ${c.bold}WEB${c.reset} o usa ${c.bold}KOMPLIAN_LOCALHOST_SECRETS.env${c.reset} (plantilla: KOMPLIAN_LOCALHOST_SECRETS.env.example).`
+      `${c.yellow}⚠${c.reset} Sin URLs de desarrollo reales. Ejecuta ${c.bold}npx komplian db:all:dev${c.reset} y luego vuelve a lanzar localhost (o ${c.bold}--minimal${c.reset}).`
     );
-    log(`${c.dim}   O ${c.bold}--minimal${c.reset} (solo app + web + docs).${c.reset}`);
     log("");
   }
@@ -573,3 +577,11 @@ export async function runLocalhost(argv) {
     process.exit(code ?? 0);
   });
 }
+export {
+  applyOverridesToEnvContent,
+  formatEnvValue,
+  parseEnvFile,
+  writeAtomic,
+  findWorkspaceRoot,
+};

package/komplian-onboard.mjs CHANGED Viewed

@@ -394,13 +394,15 @@ function npmInstallEach(workspace) {
 }
 function usage() {
-  log(`Uso: komplian onboard | postman | localhost | mcp-tools | db [opciones]`);
-  log(`  npx komplian onboard --yes`);
-  log(`  npx komplian postman login   ${c.dim}(una vez · guarda API key)${c.reset}`);
-  log(`  npx komplian postman --yes    ${c.dim}(email @komplian.com)${c.reset}`);
-  log(`  npx komplian localhost --yes  ${c.dim}(env local + api app web admin docs)${c.reset}`);
-  log(`  npx komplian mcp-tools --yes  ${c.dim}(.cursor/mcp.json + guía MCP Komplian)${c.reset}`);
-  log(`  npx komplian db:app:development  ${c.dim}(psql Neon · KOMPLIAN_DATABASE_URL_*)${c.reset}`);
+  log(`Uso: komplian onboard | postman | mcp-tools | db:all:dev | localhost | db …`);
+  log(`  ${c.bold}Setup estándar (orden):${c.reset}`);
+  log(`  1. npx komplian onboard --yes`);
+  log(`  2. npx komplian postman login → npx komplian postman --yes  ${c.dim}(@komplian.com)${c.reset}`);
+  log(`  3. npx komplian mcp-tools --yes`);
+  log(`  4. npx komplian db:all:dev  ${c.dim}(Postman + 3 URLs dev → ~/.komplian + .env.local)${c.reset}`);
+  log(`  5. npx komplian localhost --yes`);
+  log(``);
+  log(`  npx komplian db:app:development  ${c.dim}(psql una DB)${c.reset}`);
   log(``);
   log(`  Antes (una vez): gh auth login -h github.com -s repo -s read:org -w`);
   log(`  Requisitos: Node 18+, git, GitHub CLI (gh)`);
@@ -499,6 +501,11 @@ async function main() {
     await runMcpTools(rawArgv.slice(1));
     return;
   }
+  if (rawArgv[0] === "db:all:dev") {
+    const { runDbAllDev } = await import("./komplian-db-all-dev.mjs");
+    await runDbAllDev(rawArgv.slice(1));
+    return;
+  }
   if (rawArgv[0]?.startsWith("db:")) {
     const { runDb } = await import("./komplian-db.mjs");
     const seg = rawArgv[0].split(":").filter(Boolean);

package/komplian-postman.mjs CHANGED Viewed

@@ -2,9 +2,10 @@
 /**
  * Komplian Postman — API key + email @komplian.com (Postman /me), luego colección + entornos.
  *
- * Requisitos: Node 18+. Primera vez: npx komplian postman login
+ * Requisitos: Node 18+. Primera vez: ejecuta `npx komplian postman --yes` (o `postman` sin clave):
+ * en terminal interactiva te pide la API key una vez y la guarda; o `npx komplian postman login`.
  *
- * Clave: POSTMAN_API_KEY o ~/.komplian/postman-api-key (npx komplian postman login)
+ * Clave: POSTMAN_API_KEY, ~/.komplian/postman-api-key, o prompt la primera vez (TTY).
  * Seguridad: no registrar secretos; errores API redactados; login sin eco (TTY); ~/.komplian 700 + key 600.
  * Opcional: POSTMAN_WORKSPACE_ID, KOMPLIAN_EMAIL_DOMAIN, KOMPLIAN_POSTMAN_KEY_FILE, KOMPLIAN_DEBUG
  */
@@ -229,17 +230,72 @@ function resolveApiKey() {
 function printMissingKeyHelp() {
   log(`${c.red}✗${c.reset} No hay API key de Postman.`);
   log(``);
-  log(`  ${c.bold}Una vez por máquina:${c.reset}`);
-  log(`    ${c.cyan}npx komplian postman login${c.reset}`);
-  log(`    (pega la clave de Postman → Settings → API keys → Generate)`);
+  log(`  ${c.bold}Terminal interactiva (primera vez):${c.reset}`);
+  log(
+    `    ${c.cyan}npx komplian postman --yes${c.reset}  (pide la clave y sigue con el sync)`
+  );
+  log(
+    `    ${c.cyan}npx komplian postman login${c.reset}  (solo guardar clave; luego postman --yes)`
+  );
   log(``);
-  log(`  ${c.dim}O en la sesión actual: export POSTMAN_API_KEY=…${c.reset}`);
+  log(`  ${c.bold}Sin TTY (CI, pipes):${c.reset}`);
+  log(`  ${c.dim}export POSTMAN_API_KEY=…${c.reset}`);
   log(
-    `${c.dim}  Archivo manual: ${formatHomePath(defaultKeyPath())}${c.reset}`
+    `${c.dim}  Archivo: ${formatHomePath(defaultKeyPath())} (permiso 600)${c.reset}`
   );
   process.exit(1);
 }
+/**
+ * POSTMAN_API_KEY o ~/.komplian/postman-api-key. Si falta y hay TTY, pide la clave
+ * (misma validación que `postman login`), guarda y devuelve la resolución.
+ */
+async function resolveApiKeyWithOptionalInteractiveSetup(domain) {
+  let r = resolveApiKey();
+  if (r.key) return r;
+  if (!input.isTTY) {
+    printMissingKeyHelp();
+  }
+  log(`${c.cyan}━━ Primera vez: Postman API key ━━${c.reset}`);
+  log(
+    `${c.dim}Cuenta @${domain}. Postman → Settings → API keys → Generate. Se guarda en ${formatHomePath(defaultKeyPath())}.${c.reset}`
+  );
+  log("");
+  const raw = await readPasswordLine(
+    "Postman API key (no se muestra al escribir; Settings → API keys): "
+  );
+  const k = (raw || "").trim();
+  if (!k) {
+    log(`${c.red}✗${c.reset} Clave vacía.`);
+    process.exit(1);
+  }
+  await verifyKomplianEmail(k, domain, { quietSuccess: true });
+  const keyPath = defaultKeyPath();
+  ensureSecureKomplianDir();
+  writeFileSync(keyPath, `${k}\n`, { encoding: "utf8", mode: 0o600 });
+  try {
+    chmodSync(keyPath, 0o600);
+  } catch {
+    /* Windows u otros */
+  }
+  log("");
+  log(
+    `${c.green}✓${c.reset} Guardada en ${c.bold}${formatHomePath(keyPath)}${c.reset} — continuando…`
+  );
+  r = resolveApiKey();
+  if (!r.key) {
+    log(`${c.red}✗${c.reset} No se pudo leer la clave guardada.`);
+    process.exit(1);
+  }
+  return r;
+}
 /** Parseo mínimo .env (sin dependencia dotenv). */
 function parseEnvFile(text) {
   const out = {};
@@ -600,7 +656,8 @@ async function pickWorkspaceId(apiKey, explicit) {
   return w.id;
 }
-async function verifyKomplianEmail(apiKey, domain) {
+async function verifyKomplianEmail(apiKey, domain, opts = {}) {
+  const quietOk = opts.quietSuccess === true;
   const { ok, status, body } = await pmFetch(apiKey, "/me");
   if (!ok) {
     log(
@@ -624,9 +681,11 @@ async function verifyKomplianEmail(apiKey, domain) {
     );
     process.exit(1);
   }
-  log(
-    `${c.green}✓${c.reset} Postman: ${c.bold}${maskEmail(email)}${c.reset} (${c.dim}dominio permitido${c.reset})`
-  );
+  if (!quietOk) {
+    log(
+      `${c.green}✓${c.reset} Postman: ${c.bold}${maskEmail(email)}${c.reset} (${c.dim}dominio permitido${c.reset})`
+    );
+  }
   return email;
 }
@@ -759,7 +818,7 @@ function usage() {
   log(`  Clave: ${c.dim}POSTMAN_API_KEY${c.reset} o archivo ${c.dim}~/.komplian/postman-api-key${c.reset} (véase ${c.cyan}postman login${c.reset})`);
   log(`  Dominio email: solo @komplian.com (GET /me)`);
   log(``);
-  log(`  -y, --yes           Sin prompts extra`);
+  log(`  -y, --yes           Sin prompts extra (si falta API key y hay TTY, pide la clave una vez y guarda)`);
   log(`  --export-only       Solo escribe JSON en disco (no llama a la API de Postman)`);
   log(`  --out <dir>         Carpeta para export (por defecto: ./komplian-postman)`);
   log(`  --dotenv <ruta>     .env extra (además de api/.env, .env, KOMPLIAN_DOTENV)`);
@@ -771,8 +830,8 @@ function usage() {
 function usageLogin() {
   log(`Uso: komplian postman login`);
-  log(`  Guarda la API key de Postman en ${c.dim}~/.komplian/postman-api-key${c.reset} (permiso 600).`);
-  log(`  Tras esto: ${c.cyan}npx komplian postman --yes${c.reset} sin exportar variables.`);
+  log(`  Guarda o sustituye la API key en ${c.dim}~/.komplian/postman-api-key${c.reset} (permiso 600).`);
+  log(`  Opcional: ${c.cyan}npx komplian postman --yes${c.reset} ya pide la clave la primera vez si falta.`);
   log(``);
   log(`  Postman → Settings (avatar) → API keys → Generate`);
 }
@@ -841,15 +900,13 @@ export async function runPostman(argv) {
     return;
   }
-  const { key: apiKey, source } = resolveApiKey();
-  if (!apiKey) {
-    printMissingKeyHelp();
-  }
+  const domain = (process.env.KOMPLIAN_EMAIL_DOMAIN || "komplian.com").trim();
+  const { key: apiKey, source } =
+    await resolveApiKeyWithOptionalInteractiveSetup(domain);
   if (source && source !== "POSTMAN_API_KEY") {
     log(`${c.dim}→ API key Postman desde: ${formatHomePath(source)}${c.reset}`);
   }
-  const domain = (process.env.KOMPLIAN_EMAIL_DOMAIN || "komplian.com").trim();
   await verifyKomplianEmail(apiKey, domain);
   const collection = buildCollection();
@@ -938,3 +995,16 @@ export async function runPostman(argv) {
     );
   }
 }
+/**
+ * GET /me y dominio @komplian.com. Si no hay clave y hay TTY, pide guardarla (como `postman --yes`).
+ */
+export async function assertKomplianEmployeePostman() {
+  const domain = (process.env.KOMPLIAN_EMAIL_DOMAIN || "komplian.com").trim();
+  const { key, source } =
+    await resolveApiKeyWithOptionalInteractiveSetup(domain);
+  if (source && source !== "POSTMAN_API_KEY") {
+    log(`${c.dim}→ Postman API key desde: ${formatHomePath(source)}${c.reset}`);
+  }
+  return verifyKomplianEmail(key, domain);
+}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "komplian",
-  "version": "0.5.3",
+  "version": "0.6.1",
   "description": "Komplian CLI: onboard, Postman, localhost, mcp-tools, db (psql). Node 18+. Published tarball has no .env / secrets.",
   "type": "module",
   "engines": {
@@ -15,7 +15,7 @@
     "komplian-localhost.mjs",
     "komplian-mcp-tools.mjs",
     "komplian-db.mjs",
-    "KOMPLIAN_DATABASE_URLS.env.example",
+    "komplian-db-all-dev.mjs",
     "komplian-team-repos.json",
     "README.md"
   ],
@@ -23,7 +23,7 @@
     "access": "public"
   },
   "scripts": {
-    "prepublishOnly": "node --check komplian-onboard.mjs && node --check komplian-postman.mjs && node --check komplian-localhost.mjs && node --check komplian-mcp-tools.mjs && node --check komplian-db.mjs"
+    "prepublishOnly": "node --check komplian-onboard.mjs && node --check komplian-postman.mjs && node --check komplian-localhost.mjs && node --check komplian-mcp-tools.mjs && node --check komplian-db.mjs && node --check komplian-db-all-dev.mjs"
   },
   "keywords": [
     "komplian",

package/KOMPLIAN_DATABASE_URLS.env.example DELETED Viewed

@@ -1,28 +0,0 @@
-# Copia a KOMPLIAN_DATABASE_URLS.env (raíz del monorepo) y rellena.
-# No commitees URLs con contraseña. Hosts: Neon (*.neon.tech).
-# --- App DB (Prisma en app/, raw SQL en api/) ---
-KOMPLIAN_DATABASE_URL_APP_DEVELOPMENT=
-KOMPLIAN_DATABASE_URL_APP_STAGING=
-KOMPLIAN_DATABASE_URL_APP_PRODUCTION=
-# --- Admin DB ---
-KOMPLIAN_DATABASE_URL_ADMIN_DEVELOPMENT=
-KOMPLIAN_DATABASE_URL_ADMIN_STAGING=
-KOMPLIAN_DATABASE_URL_ADMIN_PRODUCTION=
-# --- Web / pilot DB ---
-KOMPLIAN_DATABASE_URL_WEB_DEVELOPMENT=postgresql://neondb_owner:npg_1crYb3PaCjlf@ep-frosty-bird-agql4oq5-pooler.c-2.eu-central-1.aws.neon.tech/neondb?sslmode=require&channel_binding=require
-KOMPLIAN_DATABASE_URL_WEB_STAGING=
-KOMPLIAN_DATABASE_URL_WEB_PRODUCTION=
-# Producción: solo @komplian.com; lista separada por comas (opcional; por defecto josue.santana@komplian.com).
-# KOMPLIAN_DATABASE_PRODUCTION_ALLOWLIST=josue.santana@komplian.com,otro@komplian.com
-# Operador para comprobar acceso a producción (alternativa: git config user.email).
-# KOMPLIAN_DATABASE_OPERATOR_EMAIL=josue.santana@komplian.com
-# Staging/producción: host debe ser Neon (*.neon.tech), salvo:
-# KOMPLIAN_DATABASE_ALLOW_NON_NEON=1
-# Development: Postgres local está permitido (mensaje informativo). Para exigir Neon también en dev:
-# KOMPLIAN_DATABASE_REQUIRE_NEON_DEVELOPMENT=1